openssl: BoringSSL / AWS-LC tidy-ups

- schannel: apply BoringSSL workaround to AWS-LC too.
  Affects Schannel + AWS-LC MultiSSL builds. (not tested in CI)
  Ref: 274940d7438af7ef92ce3e11d75620db94675932 #2643 #2634

- curl_ntlm_core: deduplicate macro defines.

- curl_ntlm_core: document version thresholds for an AWS-LC-specific
  workaround.
  It was necessary between v1.2.0 2022-09-01 and v1.30.1 2024-06-21.
  No longer necessary since v1.31.0 2024-07-01:
  https://github.com/aws/aws-lc/commit/ba94617d99c18949711e8e405721ea85a2b38c3f
  Follow-up to 34ef4fab22d93cf7ef1d6c2954a0bad19f323ea9 #10320

- lib758: drop redundant OpenSSL version guards.
  `OPENSSL_VERSION_NUMBER > 3` automatically guards against LibreSSL,
  BoringSSL and AWS-LC.
  Ref: https://github.com/curl/curl/pull/18288/commits/6ddd8f2c0bbfcb0847b1ee7f257fb772fa47310c
  Follow-up to a5f0ab7995bbb6e269feb3a516f804a65c753705 #18288

- dllmain, curl_sha512_256: formatting.

Closes #18387

diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
index b2b94a3a9bf08ec0f83f9656b16f342dce92ab35..fc0a97b55663913d7630b7482daaba30c85c8a06 100644 (file)
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -70,14 +70,10 @@
 #  include <openssl/md5.h>
 #  include <openssl/ssl.h>
 #  include <openssl/rand.h>
-#  ifdef OPENSSL_IS_AWSLC
+#  ifdef OPENSSL_IS_AWSLC  /* for versions 1.2.0 to 1.30.1 */
 #    define DES_set_key_unchecked (void)DES_set_key
-#    define DESKEYARG(x) *x
-#    define DESKEY(x) &x
-#  else
-#    define DESKEYARG(x) *x
-#    define DESKEY(x) &x
 #  endif
+#  define DESKEY(x) &x
 #else
 #  include <wolfssl/openssl/des.h>
 #  include <wolfssl/openssl/md5.h>
@@ -91,12 +87,11 @@
 #    define DES_set_key_unchecked wolfSSL_DES_set_key_unchecked
 #    define DES_ecb_encrypt wolfSSL_DES_ecb_encrypt
 #    define DESKEY(x) ((WOLFSSL_DES_key_schedule *)(x))
-#    define DESKEYARG(x) *x
 #  else
-#    define DESKEYARG(x) *x
 #    define DESKEY(x) &x
 #  endif
 #endif
+#define DESKEYARG(x) *x
 
 #elif defined(USE_GNUTLS)
 

diff --git a/lib/curl_sha512_256.c b/lib/curl_sha512_256.c
index 6c39967d2b9c4a839605ae3986827eb16000cc75..7258e3f4138675ec187a561923466fdbde12467a 100644 (file)
--- a/lib/curl_sha512_256.c
+++ b/lib/curl_sha512_256.c
@@ -41,10 +41,10 @@
 #ifdef USE_OPENSSL
 #  include <openssl/opensslv.h>
 #  if (!defined(LIBRESSL_VERSION_NUMBER) && \
-        defined(OPENSSL_VERSION_NUMBER) && \
-        (OPENSSL_VERSION_NUMBER >= 0x10101000L)) || \
+       defined(OPENSSL_VERSION_NUMBER) && \
+       OPENSSL_VERSION_NUMBER >= 0x10101000L) || \
       (defined(LIBRESSL_VERSION_NUMBER) && \
-        (LIBRESSL_VERSION_NUMBER >= 0x3080000fL))
+       LIBRESSL_VERSION_NUMBER >= 0x3080000fL)
 #    include <openssl/opensslconf.h>
 #    if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
 #      include <openssl/evp.h>

diff --git a/lib/dllmain.c b/lib/dllmain.c
index 33076e057145019ba126e4e972bfdf61a4259319..7ac457ae0552530f9533647227dc2b0569f1a478 100644 (file)
--- a/lib/dllmain.c
+++ b/lib/dllmain.c
@@ -37,10 +37,8 @@
 #if defined(_WIN32) && !defined(CURL_STATICLIB)
 
 #if defined(USE_OPENSSL) && \
-    !defined(OPENSSL_IS_AWSLC) && \
-    !defined(OPENSSL_IS_BORINGSSL) && \
-    !defined(LIBRESSL_VERSION_NUMBER) && \
-    (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+  !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC) && \
+  !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
 #define PREVENT_OPENSSL_MEMLEAK
 #endif
 

diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h
index 4c87524a211a7d5d8b168de48702c60ab755f3ed..9d0bea221a9bfe883d57273d334f258a2acb2453 100644 (file)
--- a/lib/vtls/schannel.h
+++ b/lib/vtls/schannel.h
@@ -68,7 +68,7 @@
  * BoringSSL's <openssl/x509.h>: So just undefine those defines here
  * (and only here).
  */
-#ifdef OPENSSL_IS_BORINGSSL
+#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
 # undef X509_NAME
 # undef X509_CERT_PAIR
 # undef X509_EXTENSIONS

diff --git a/tests/libtest/lib758.c b/tests/libtest/lib758.c
index dfcbaebb313ce594c7b8ad609132b697561e5591..f98309f2470ce5764eeaa4e51cdf284184ab2120 100644 (file)
--- a/tests/libtest/lib758.c
+++ b/tests/libtest/lib758.c
@@ -38,9 +38,7 @@
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 
-#if ((OPENSSL_VERSION_NUMBER >= 0x30000000L) && \
-     !defined(LIBRESSL_VERSION_NUMBER) && \
-     !defined(OPENSSL_IS_BORINGSSL))
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #define T578_ENABLED
 #endif
 #endif