From: Viktor Szakats <commit@vsz.me>
Date: Mon, 27 Jan 2025 22:04:02 +0000 (+0100)
Subject: openssl: define `HAVE_KEYLOG_CALLBACK` before use
X-Git-Tag: curl-8_12_0~27
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8b8ec574bcd6ce711eb3c1010bcba5f1f33b0fd6;p=thirdparty%2Fcurl.git

openssl: define `HAVE_KEYLOG_CALLBACK` before use

Before this patch this macro was used in `vtls/openssl.h` without
setting it first, causing the `keylog_done` member be present in
struct `ossl_ctx` while the code did not use it.

Follow-up to 3210101088dfa3d6a125d213226b092f2f866722 #13172
Closes #16105
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index ae1862d664..f34ddafef3 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -203,18 +203,6 @@
 #define FREE_PKEY_PARAM_BIGNUM(name)
 #endif
 
-/*
- * Whether SSL_CTX_set_keylog_callback is available.
- * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
- * BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
- * LibreSSL: not supported. 3.5.0+ has a stub function that does nothing.
- */
-#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
-     !defined(LIBRESSL_VERSION_NUMBER)) || \
-    defined(OPENSSL_IS_BORINGSSL)
-#define HAVE_KEYLOG_CALLBACK
-#endif
-
 /* Whether SSL_CTX_set_ciphersuites is available.
  * OpenSSL: supported since 1.1.1 (commit a53b5be6a05)
  * BoringSSL: no
diff --git a/lib/vtls/openssl.h b/lib/vtls/openssl.h
index 5f430a2178..b2940f4309 100644
--- a/lib/vtls/openssl.h
+++ b/lib/vtls/openssl.h
@@ -31,11 +31,24 @@
  * This header should only be needed to get included by vtls.c, openssl.c
  * and ngtcp2.c
  */
+#include <openssl/opensslv.h>
 #include <openssl/ossl_typ.h>
 #include <openssl/ssl.h>
 
 #include "urldata.h"
 
+/*
+ * Whether SSL_CTX_set_keylog_callback is available.
+ * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
+ * BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
+ * LibreSSL: not supported. 3.5.0+ has a stub function that does nothing.
+ */
+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
+     !defined(LIBRESSL_VERSION_NUMBER)) || \
+    defined(OPENSSL_IS_BORINGSSL)
+#define HAVE_KEYLOG_CALLBACK
+#endif
+
 struct ssl_peer;
 
 /* Struct to hold a curl OpenSSL instance */