From dc7c9214d7c4db3ff019706df2f0b06c0f2baeef Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Wed, 10 Aug 2016 13:28:45 -0400
Subject: [PATCH] OpenSSL: Fix OpenSSL 1.1.0 compatibility functions
To be consistent with OpenSSL 1.1.0, the free functions should
internally check for NULL. EVP_MD_CTX_free also was missing an
EVP_MD_CTX_cleanup, so this leaked a little.
OpenSSL 1.1.0 also has given get_rfc3526_prime_1536 a better namespace
with get_rfc3526_prime_1536 as a compatibility-only name. Use that
instead in 1.1.0.
Signed-off-by: David Benjamin <davidben@google.com>
---
src/crypto/crypto_openssl.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
@@ -49,6 +49,8 @@ static HMAC_CTX * HMAC_CTX_new(void)
static void HMAC_CTX_free(HMAC_CTX *ctx)
{
+ if (!ctx)
+ return;
HMAC_CTX_cleanup(ctx);
bin_clear_free(ctx, sizeof(*ctx));
}
@@ -67,6 +69,9 @@ static EVP_MD_CTX * EVP_MD_CTX_new(void)
static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
{
+ if (!ctx)
+ return;
+ EVP_MD_CTX_cleanup(ctx);
bin_clear_free(ctx, sizeof(*ctx));
}
@@ -74,7 +79,11 @@ static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
static BIGNUM * get_group5_prime(void)
{
-#ifdef OPENSSL_IS_BORINGSSL
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ return BN_get_rfc3526_prime_1536(NULL);
+#elif !defined(OPENSSL_IS_BORINGSSL)
+ return get_rfc3526_prime_1536(NULL);
+#else
static const unsigned char RFC3526_PRIME_1536[] = {
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
@@ -94,9 +103,7 @@ static BIGNUM * get_group5_prime(void)
0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
};
return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), NULL);
-#else /* OPENSSL_IS_BORINGSSL */
- return get_rfc3526_prime_1536(NULL);
-#endif /* OPENSSL_IS_BORINGSSL */
+#endif
}
#ifdef OPENSSL_NO_SHA256
--
2.8.0.rc3.226.g39d4020