[Openvpn-devel,2/2,v2] openssl: add missing #include statements

Message ID 20171126154912.13283-1-steffan@karger.me
State Accepted
Headers show
Series None | expand

Commit Message

Steffan Karger Nov. 26, 2017, 4:49 a.m. UTC
Compiling our current master against OpenSSL 1.1 with
-DOPENSSL_API_COMPAT=0x10100000L screams bloody murder.  This patch fixes
the errors caused by missing includes.  Previous openssl versions would
usually include 'the rest of the world', but they're fixing that.  So we
should no longer rely on it.

(And sneaking in alphabetic ordering of the includes while touching them.)

Signed-off-by: Steffan Karger <steffan@karger.me>
v2: rsaerr.h only exists in openssl's master branch, use rsa.h instead.

 src/openvpn/openssl_compat.h     | 1 +
 src/openvpn/ssl_openssl.c        | 6 +++++-
 src/openvpn/ssl_verify_openssl.c | 3 ++-
 3 files changed, 8 insertions(+), 2 deletions(-)


Gert Doering June 29, 2018, 2:41 a.m. UTC | #1
Acked-by: Gert Doering <gert@greenie.muc.de>

"Looks sane", and tested against the same set of OS/OpenSSL combinations
as 1/2 ("--version" and t_client tests).

Compilation with -DOPENSSL_API_COMPAT=0x10100000L still does not work
(quite a few linker errors), but those seem to be unrelated to missing
includes, and more related to "these are macros we shouldn't be using
anymore"...  namely EVP_CIPHER_CTX_init(), EVP_CIPHER_CTX_cleanup(), 
SSL_library_init(), SSL_load_error_strings(), OpenSSL_add_all_algorithms(),
EVP_cleanup(), ERR_free_strings(), X509_get_notBefore(), X509_get_notAfter()
and SSL_CTX_set_ecdh_auto().

Without said define, OpenSSL 1.1.0 is also fine, but this smells like
"a bit more work needed".

Your patch has been applied to the master branch.

commit 1987498271abadf042d8bb3feee1fe0d877a9d55
Author: Steffan Karger
Date:   Sun Nov 26 16:49:12 2017 +0100

     openssl: add missing #include statements

     Signed-off-by: Steffan Karger <steffan@karger.me>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20171126154912.13283-1-steffan@karger.me>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15936.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>

kind regards,

Gert Doering

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index 9eb427da..6c2b9904 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -42,6 +42,7 @@ 
 #include "buffer.h"
+#include <openssl/rsa.h>
 #include <openssl/ssl.h>
 #include <openssl/x509.h>
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 18ceecb4..79121049 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -52,10 +52,14 @@ 
 #include "ssl_verify_openssl.h"
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/dh.h>
+#include <openssl/dsa.h>
 #include <openssl/err.h>
 #include <openssl/pkcs12.h>
+#include <openssl/rsa.h>
 #include <openssl/x509.h>
-#include <openssl/crypto.h>
 #ifndef OPENSSL_NO_EC
 #include <openssl/ec.h>
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 2f3b10b9..4a1d1cf8 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -44,8 +44,9 @@ 
 #include "ssl_verify_backend.h"
 #include "openssl_compat.h"
-#include <openssl/x509v3.h>
+#include <openssl/bn.h>
 #include <openssl/err.h>
+#include <openssl/x509v3.h>
 verify_callback(int preverify_ok, X509_STORE_CTX *ctx)