From patchwork Wed Feb 21 05:46:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 238 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id qwiOEbOijVqzEgAAIUCqbw for ; Wed, 21 Feb 2018 11:47:47 -0500 Received: from proxy1.mail.ord1d.rsapps.net ([172.30.191.6]) by director8.mail.ord1d.rsapps.net (Dovecot) with LMTP id C5kgEbOijVolCgAAfY0hYg ; Wed, 21 Feb 2018 11:47:47 -0500 Received: from smtp2.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy1.mail.ord1d.rsapps.net (Dovecot) with LMTP id goLoD7OijVrzbwAAasrz9Q ; Wed, 21 Feb 2018 11:47:47 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp2.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Classification-ID: f19086fc-1726-11e8-b9fd-5254004a0287-1-1 Received: from [216.105.38.7] ([216.105.38.7:3424] helo=lists.sourceforge.net) by smtp2.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 0E/2E-08489-2B2AD8A5; Wed, 21 Feb 2018 11:47:47 -0500 Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1eoXXN-0000Sy-52; Wed, 21 Feb 2018 16:46:33 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1eoXXL-0000Sp-TL for openvpn-devel@lists.sourceforge.net; Wed, 21 Feb 2018 16:46:31 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=w1NcW9Bw0fcEO8wnKlbtH7NyQXjTX0eDE3DI2qKZzw8=; b=TU+F/pNkIZsvj7UTfW0NQ5aKho Tx9KwZf1E2JZaGIU15EWgksakhv3LkjzGYgxzkYpwgpwM3Rm/7z9QNzP6BRhUE9/ENQU9ZANKPZRz JUk/vNhMcNp+6NHA/Lnx8dk1tqxC2vhkIM345s1SPJpo7cnNTcP22tb6vlEita7ggI6o=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=w1NcW9Bw0fcEO8wnKlbtH7NyQXjTX0eDE3DI2qKZzw8=; b=gm4U0CnPFp6Nx7g5KMYMPgJD4y YWvT+9iBKdldR5Vvsqi6AJugOOvtYAdeJXoJfIPHwin3AUsrRWn8t+f326HrOSejKMBKntR7ED0wc 0ny3/G2T7nQ9sBqCo3aEzfH2Ft0hOaQX8bmL8PVxjui7yPQBKoCcu6jgfmXKYLGbAWrc=; Received: from [172.30.20.201] (helo=mail-it0-f67.google.com) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) id 1eoXXL-0007Sz-Ol for openvpn-devel@lists.sourceforge.net; Wed, 21 Feb 2018 16:46:31 +0000 Received: by mail-it0-f67.google.com with SMTP id o9so2906289itc.1 for ; Wed, 21 Feb 2018 08:46:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=w1NcW9Bw0fcEO8wnKlbtH7NyQXjTX0eDE3DI2qKZzw8=; b=EWOPM+d+j/uc+PWuwuMkhIPdOmjUZGxrIfUXvQn18vLG80ZJ173rfnKnV7Z1n83oKe 4yDD3MroxNDJNbe6ZBuK8Z6gvGaO1g/AQfTvGEsYpeOeMuEBozfe/atn1WxKPyPCdSOD ni3m56c/GolQdBDJmYP8cYrdOWA9i2cEvB6k1p4T6EiNJ4hv08sE4+hCDQfDbg6s+J+Z /WNwg+vqsiunVXNe1Qa8uc/MWY8avAHwCl1PoszySFPOOMAzCZvwbhYmgUUUIp5CD06/ 4+EwxKb5U5r8DU5f7Dvy3/KFwILCGtSkKkc3P4ESCpPPV1UCeM87oDXqOM40GW9v5Y/2 mpKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=w1NcW9Bw0fcEO8wnKlbtH7NyQXjTX0eDE3DI2qKZzw8=; b=d7n2Mb/9TeK9rdlW61BsvOUhT2hclHGkNYQp0ZMshMNzs1vguqZ7Fv+YQae/m42S06 JSEqlfRGLSm6OJINCHS0a8P3uqwgeLQpG40d+Y4yT+rRCe9AXkU6To55Jv7pkni4Rfbs IeX8ROAHnbuwuyniRovPRs7Ry1iQUVpHSrQ4HP8bDqXWvQDi19eAV6G8JBOqhHxEpIW2 w2duv93+4dEkNuKfcrNXmZ9IPB2u0l2LqIiWva+j395ROwiG83EVpZ1mjz4/8pDJofsZ tlanUBdv+hDgNOVBi7R+1mNZVSo9OPS/jeZICXbG/J8w47VAyYvoxMB4xCXle57mTQwl +v0Q== X-Gm-Message-State: APf1xPDLrVLjRCEyare9vRbuuQrRNdsGDHSPyhM8G+S1VBFoAEUV/y1X A6MTXUt/Pz41iSwmvv5GqiysfQ4l X-Google-Smtp-Source: AH8x225MJnWNQvVJzbWsDdKg3GdVPh8TRIliuPqvq8CItOIWEyEKspUVQ9rG1NABJ2rPLGAqjBEDxA== X-Received: by 10.36.46.23 with SMTP id i23mr4158984ita.55.1519231590772; Wed, 21 Feb 2018 08:46:30 -0800 (PST) Received: from saturn.home.sansel.ca (CPE40167ea0e1c2-CM788df74daaa0.cpe.net.cable.rogers.com. [99.228.215.92]) by smtp.gmail.com with ESMTPSA id r205sm24724701ior.33.2018.02.21.08.46.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 21 Feb 2018 08:46:30 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Wed, 21 Feb 2018 11:46:02 -0500 Message-Id: <1519231562-5641-1-git-send-email-selva.nair@gmail.com> X-Mailer: git-send-email 2.1.4 Subject: [Openvpn-devel] [PATCH] Disable external ec key support when building with libressl X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair - This codepath uses some openssl-1.1 specific API and is enabled only for openssl 1.1 and higher versions. But, due to incompatible version numbering in libressl, it gets wrongly enabled with libressl versions that do not support the reqired API. As an easy workaround disable the feature when LIBRESSL_VERSION_NUMBER is defined. Signed-off-by: Selva Nair Acked-By: Arne Schwabe Acked-by: Gert Doering --- Caution: Only partially compile tested on freebsd 11 + libressl 2.6.4 due to other conflicts with that version of libressl. src/openvpn/ssl_openssl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 56b12b7..d91458b 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -1159,7 +1159,7 @@ err: return 0; } -#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) +#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER) /* called when EC_KEY is destroyed */ static void @@ -1307,7 +1307,7 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, goto err; } } -#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) +#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER) else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { if (!tls_ctx_use_external_ec_key(ctx, pkey))