LibreSSL: Fix build with LibreSSL

The changes needed for OpenSSL 1.1.0 had broken this since LibreSSL is
defining OPENSSL_VERSION_NUMBER in a manner that claims it to be newer
than the current OpenSSL version even though it does not support the
current OpenSSL API.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index 11261021641748f2c2ba871ba9951bcb656dcabd..f386e9fee1615bd0e5a998c273e81ffaf8395f66 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -31,7 +31,7 @@
 #include "sha384.h"
 #include "crypto.h"
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 /* Compatibility wrapper for older versions. */
 static int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
 {
@@ -73,7 +73,7 @@ static BIGNUM * get_group5_prime(void)
 static int openssl_digest_vector(const EVP_MD *type, size_t num_elem,
                                 const u8 *addr[], const size_t *len, u8 *mac)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
        EVP_MD_CTX *ctx;
        size_t i;
        unsigned int mac_len;
@@ -733,7 +733,7 @@ void dh5_free(void *ctx)
 
 
 struct crypto_hash {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
        HMAC_CTX *ctx;
 #else
        HMAC_CTX ctx;
@@ -772,7 +772,7 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
        ctx = os_zalloc(sizeof(*ctx));
        if (ctx == NULL)
                return NULL;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
        ctx->ctx = HMAC_CTX_new();
        if (!ctx->ctx) {
                os_free(ctx);
@@ -801,7 +801,7 @@ void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
 {
        if (ctx == NULL)
                return;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
        HMAC_Update(ctx->ctx, data, len);
 #else
        HMAC_Update(&ctx->ctx, data, len);
@@ -818,7 +818,7 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
                return -2;
 
        if (mac == NULL || len == NULL) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
                HMAC_CTX_free(ctx->ctx);
 #endif
                bin_clear_free(ctx, sizeof(*ctx));
@@ -826,7 +826,7 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
        }
 
        mdlen = *len;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
        res = HMAC_Final(ctx->ctx, mac, &mdlen);
        HMAC_CTX_free(ctx->ctx);
 #else
@@ -849,7 +849,7 @@ static int openssl_hmac_vector(const EVP_MD *type, const u8 *key,
                               const u8 *addr[], const size_t *len, u8 *mac,
                               unsigned int mdlen)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
        HMAC_CTX *ctx;
        size_t i;
        int res;

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index dab9a39cf70b54a3e76357aaab72a93c2c6af5c6..b16b51972929cfbf7fd5fe1d67116b190e5e43c8 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -4049,7 +4049,7 @@ int tls_global_set_params(void *tls_ctx,
  * commented out unless explicitly needed for EAP-FAST in order to be able to
  * build this file with unmodified openssl. */
 
-#if defined(OPENSSL_IS_BORINGSSL) || OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if (defined(OPENSSL_IS_BORINGSSL) || OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
 static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
                           STACK_OF(SSL_CIPHER) *peer_ciphers,
                           const SSL_CIPHER **cipher, void *arg)
@@ -4157,7 +4157,7 @@ int tls_connection_set_session_ticket_cb(void *tls_ctx,
 
 int tls_get_library_version(char *buf, size_t buf_len)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
        return os_snprintf(buf, buf_len, "OpenSSL build=%s run=%s",
                           OPENSSL_VERSION_TEXT,
                           OpenSSL_version(OPENSSL_VERSION));