diff mbox

OpenSSL: BoringSSL has SSL_get_client_random, etc.

Message ID CAF8qwaDAts-FAPJs1ttZ5ac6qQQC2KX=JWAXi5o1ncfMhTGK7w@mail.gmail.com
State Superseded
Headers show

Commit Message

David Benjamin May 5, 2016, 5:43 p.m. UTC 
Attached since I trust my mail client to completely destroy the whitespace.

Apologies for making your #ifdef soup even messier. The motivation
here is we'd like to opaquify the SSL structs in BoringSSL (which
should, in the long run, make wpa_supplicant less sensitive to changes
on our end). To keep things simple, I'm mirroring OpenSSL 1.1.0's
APIs. But, for the moment, BoringSSL's OPENSSL_VERSION_NUMBER still
claims to be 1.0.2, so this will need some more conditionals.

I'm optimistic that someday we'll mimic enough of 1.1.0 that bumping
OPENSSL_VERSION_NUMBER might make sense and then we won't need this
special-case. For now, it and the ecosystem are enough of a moving
target that I don't think it's feasible just yet.

David
diff mbox

Patch

From b927253379ff165584ad5a63a7c4c4f6208a8662 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Mon, 25 Apr 2016 14:55:43 -0400
Subject: [PATCH] OpenSSL: BoringSSL has SSL_get_client_random, etc.

BoringSSL added 1.1.0's SSL_get_client_random and friends in working towards
opaquifying the SSL struct. But it, for the moment, still looks more like 1.0.2
than 1.1.0 and advertises OPENSSL_VERSION_NUMBER as such. This means that there
is no need to define those in BoringSSL and defining them causes conflicts. (C
does not like having static and non-static functions with the same name.)

Also add a missing opensslv.h include. tls_openssl.c is sensitive to
OPENSSL_VERSION_NUMBER, so it should include the header directly rather than
rely on another header to do so.

Signed-off-by: David Benjamin <davidben@google.com>
---
 src/crypto/tls_openssl.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index ebcc545..f2ad995 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -18,6 +18,7 @@ 
 
 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#include <openssl/opensslv.h>
 #include <openssl/pkcs12.h>
 #include <openssl/x509v3.h>
 #ifndef OPENSSL_NO_ENGINE
@@ -51,10 +52,12 @@  typedef int stack_index_t;
 #endif /* OPENSSL_NO_TLSEXT */
 #endif /* SSL_set_tlsext_status_type */
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || \
+     defined(LIBRESSL_VERSION_NUMBER)) &&    \
+    !defined(OPENSSL_IS_BORINGSSL)
 /*
  * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL
- * 1.1.0. Provide compatibility wrappers for older versions.
+ * 1.1.0 and BoringSSL. Provide compatibility wrappers for older versions.
  */
 
 static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
-- 
2.8.0.rc3.226.g39d4020