From: Viktor Szakats Date: Sat, 23 Aug 2025 21:12:04 +0000 (+0200) Subject: openssl: BoringSSL / AWS-LC tidy-ups X-Git-Tag: curl-8_16_0~92 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d65436d9a07e7c7c2768feb1663bed4a3c5af09a;p=thirdparty%2Fcurl.git openssl: BoringSSL / AWS-LC tidy-ups - schannel: apply BoringSSL workaround to AWS-LC too. Affects Schannel + AWS-LC MultiSSL builds. (not tested in CI) Ref: 274940d7438af7ef92ce3e11d75620db94675932 #2643 #2634 - curl_ntlm_core: deduplicate macro defines. - curl_ntlm_core: document version thresholds for an AWS-LC-specific workaround. It was necessary between v1.2.0 2022-09-01 and v1.30.1 2024-06-21. No longer necessary since v1.31.0 2024-07-01: https://github.com/aws/aws-lc/commit/ba94617d99c18949711e8e405721ea85a2b38c3f Follow-up to 34ef4fab22d93cf7ef1d6c2954a0bad19f323ea9 #10320 - lib758: drop redundant OpenSSL version guards. `OPENSSL_VERSION_NUMBER > 3` automatically guards against LibreSSL, BoringSSL and AWS-LC. Ref: https://github.com/curl/curl/pull/18288/commits/6ddd8f2c0bbfcb0847b1ee7f257fb772fa47310c Follow-up to a5f0ab7995bbb6e269feb3a516f804a65c753705 #18288 - dllmain, curl_sha512_256: formatting. Closes #18387 --- diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c index b2b94a3a9b..fc0a97b556 100644 --- a/lib/curl_ntlm_core.c +++ b/lib/curl_ntlm_core.c @@ -70,14 +70,10 @@ # include # include # include -# ifdef OPENSSL_IS_AWSLC +# ifdef OPENSSL_IS_AWSLC /* for versions 1.2.0 to 1.30.1 */ # define DES_set_key_unchecked (void)DES_set_key -# define DESKEYARG(x) *x -# define DESKEY(x) &x -# else -# define DESKEYARG(x) *x -# define DESKEY(x) &x # endif +# define DESKEY(x) &x #else # include # include @@ -91,12 +87,11 @@ # define DES_set_key_unchecked wolfSSL_DES_set_key_unchecked # define DES_ecb_encrypt wolfSSL_DES_ecb_encrypt # define DESKEY(x) ((WOLFSSL_DES_key_schedule *)(x)) -# define DESKEYARG(x) *x # else -# define DESKEYARG(x) *x # define DESKEY(x) &x # endif #endif +#define DESKEYARG(x) *x #elif defined(USE_GNUTLS) diff --git a/lib/curl_sha512_256.c b/lib/curl_sha512_256.c index 6c39967d2b..7258e3f413 100644 --- a/lib/curl_sha512_256.c +++ b/lib/curl_sha512_256.c @@ -41,10 +41,10 @@ #ifdef USE_OPENSSL # include # if (!defined(LIBRESSL_VERSION_NUMBER) && \ - defined(OPENSSL_VERSION_NUMBER) && \ - (OPENSSL_VERSION_NUMBER >= 0x10101000L)) || \ + defined(OPENSSL_VERSION_NUMBER) && \ + OPENSSL_VERSION_NUMBER >= 0x10101000L) || \ (defined(LIBRESSL_VERSION_NUMBER) && \ - (LIBRESSL_VERSION_NUMBER >= 0x3080000fL)) + LIBRESSL_VERSION_NUMBER >= 0x3080000fL) # include # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) # include diff --git a/lib/dllmain.c b/lib/dllmain.c index 33076e0571..7ac457ae05 100644 --- a/lib/dllmain.c +++ b/lib/dllmain.c @@ -37,10 +37,8 @@ #if defined(_WIN32) && !defined(CURL_STATICLIB) #if defined(USE_OPENSSL) && \ - !defined(OPENSSL_IS_AWSLC) && \ - !defined(OPENSSL_IS_BORINGSSL) && \ - !defined(LIBRESSL_VERSION_NUMBER) && \ - (OPENSSL_VERSION_NUMBER >= 0x10100000L) + !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC) && \ + !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L #define PREVENT_OPENSSL_MEMLEAK #endif diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h index 4c87524a21..9d0bea221a 100644 --- a/lib/vtls/schannel.h +++ b/lib/vtls/schannel.h @@ -68,7 +68,7 @@ * BoringSSL's : So just undefine those defines here * (and only here). */ -#ifdef OPENSSL_IS_BORINGSSL +#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) # undef X509_NAME # undef X509_CERT_PAIR # undef X509_EXTENSIONS diff --git a/tests/libtest/lib758.c b/tests/libtest/lib758.c index dfcbaebb31..f98309f247 100644 --- a/tests/libtest/lib758.c +++ b/tests/libtest/lib758.c @@ -38,9 +38,7 @@ #include #include -#if ((OPENSSL_VERSION_NUMBER >= 0x30000000L) && \ - !defined(LIBRESSL_VERSION_NUMBER) && \ - !defined(OPENSSL_IS_BORINGSSL)) +#if OPENSSL_VERSION_NUMBER >= 0x30000000L #define T578_ENABLED #endif #endif