From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Fri, 17 Nov 2017 18:34:17 +0000 (+0200)
Subject: BoringSSL: Comment out SSL_set_default_passwd_cb*() calls
X-Git-Tag: hostap_2_7~839
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7721fe082b5830c9ccc7b1a039c053ca1b64c770;p=thirdparty%2Fhostap.git

BoringSSL: Comment out SSL_set_default_passwd_cb*() calls

It looks like BoringSSL claims to have OPENSSL_VERSION_NUMBER for a
1.1.0 version, but it does not provide SSL_set_default_passwd_cb*(). For
now, comment out this regardless of the version BoringSSL claims to be.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 3f024840c..ada88a9d3 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -3016,12 +3016,16 @@ static int tls_connection_engine_private_key(struct tls_connection *conn)
 
 static void tls_clear_default_passwd_cb(SSL_CTX *ssl_ctx, SSL *ssl)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#ifndef LIBRESSL_VERSION_NUMBER
+#ifndef OPENSSL_IS_BORINGSSL
 	if (ssl) {
 		SSL_set_default_passwd_cb(ssl, NULL);
 		SSL_set_default_passwd_cb_userdata(ssl, NULL);
 	}
-#endif /* >= 1.1.0f && !LibreSSL */
+#endif /* !BoringSSL */
+#endif /* !LibreSSL */
+#endif /* >= 1.1.0f */
 	SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
 	SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, NULL);
 }
@@ -3048,14 +3052,18 @@ static int tls_connection_private_key(struct tls_data *data,
 	} else
 		passwd = NULL;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#ifndef LIBRESSL_VERSION_NUMBER
+#ifndef OPENSSL_IS_BORINGSSL
 	/*
 	 * In OpenSSL >= 1.1.0f SSL_use_PrivateKey_file() uses the callback
 	 * from the SSL object. See OpenSSL commit d61461a75253.
 	 */
 	SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb);
 	SSL_set_default_passwd_cb_userdata(conn->ssl, passwd);
-#endif /* >= 1.1.0f && !LibreSSL */
+#endif /* !BoringSSL */
+#endif /* !LibreSSL */
+#endif /* >= 1.1.0f && */
 	/* Keep these for OpenSSL < 1.1.0f */
 	SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
 	SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);