Message ID | 20220811171120.59361-1-maximilian.fillinger@foxcrypto.com |
---|---|
State | Changes Requested |
Headers | show |
Series | [Openvpn-devel,v2,1/2] Update openssl_compat.h for newer LibreSSL | expand |
Am 11.08.22 um 19:11 schrieb Max Fillinger: > LibreSSL has added some of the functions that are defined here. However, > we still need RSA_F_RSA_OSSL_PRIVATE_ENCRYPT. > > v2: Change ifdef condition for RSA_F_RSA_OSSL_PRIVATE_ENCRYPT. > > Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com> > --- > src/openvpn/openssl_compat.h | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h > index b3ee94f1..c78d2229 100644 > --- a/src/openvpn/openssl_compat.h > +++ b/src/openvpn/openssl_compat.h > @@ -51,8 +51,8 @@ > #define SSL_CTX_set1_groups SSL_CTX_set1_curves > #endif > > -/* Functionality missing in LibreSSL and OpenSSL 1.0.2 */ > -#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) && !defined(ENABLE_CRYPTO_WOLFSSL) > +/* Functionality missing in LibreSSL before 3.5 and OpenSSL 1.0.2 */ > +#if (OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050000fL)) && !defined(ENABLE_CRYPTO_WOLFSSL) > /** > * Destroy a X509 object > * > @@ -68,11 +68,13 @@ X509_OBJECT_free(X509_OBJECT *obj) > } > } > > -#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT > #define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG > #define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG > #endif > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) > +#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT > +#endif > The patch basically removes the !defined(ENABLE_CRYPTO_WOLFSSL) from this part of the ifdef and that breaks wolfSSL. While I don't think we should much effort into wolfSSL, we should also not break it on purpose. Arne
> -----Original Message----- > From: Arne Schwabe [mailto:arne@rfc2549.org] > Sent: donderdag 18 augustus 2022 22:16 > To: Maximilian Fillinger <maximilian.fillinger@foxcrypto.com>; openvpn- > devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH v2 1/2] Update openssl_compat.h for > newer LibreSSL > > Am 11.08.22 um 19:11 schrieb Max Fillinger: > > LibreSSL has added some of the functions that are defined here. > However, > > we still need RSA_F_RSA_OSSL_PRIVATE_ENCRYPT. > > > > v2: Change ifdef condition for RSA_F_RSA_OSSL_PRIVATE_ENCRYPT. > > > > Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com> > > --- > > src/openvpn/openssl_compat.h | 8 +++++--- > > 1 file changed, 5 insertions(+), 3 deletions(-) > > > > diff --git a/src/openvpn/openssl_compat.h > b/src/openvpn/openssl_compat.h > > index b3ee94f1..c78d2229 100644 > > --- a/src/openvpn/openssl_compat.h > > +++ b/src/openvpn/openssl_compat.h > > @@ -51,8 +51,8 @@ > > #define SSL_CTX_set1_groups SSL_CTX_set1_curves > > #endif > > > > -/* Functionality missing in LibreSSL and OpenSSL 1.0.2 */ > > -#if (OPENSSL_VERSION_NUMBER < 0x10100000L || > defined(LIBRESSL_VERSION_NUMBER)) && !defined(ENABLE_CRYPTO_WOLFSSL) > > +/* Functionality missing in LibreSSL before 3.5 and OpenSSL 1.0.2 */ > > +#if (OPENSSL_VERSION_NUMBER < 0x10100000L || > (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < > 0x3050000fL)) && !defined(ENABLE_CRYPTO_WOLFSSL) > > /** > > * Destroy a X509 object > > * > > @@ -68,11 +68,13 @@ X509_OBJECT_free(X509_OBJECT *obj) > > } > > } > > > > -#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT > RSA_F_RSA_EAY_PRIVATE_ENCRYPT > > #define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG > > #define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG > > #endif > > > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || > defined(LIBRESSL_VERSION_NUMBER) > > +#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT > RSA_F_RSA_EAY_PRIVATE_ENCRYPT > > +#endif > > > > The patch basically removes the !defined(ENABLE_CRYPTO_WOLFSSL) from > this part of the ifdef and that breaks wolfSSL. While I don't think we > should much effort into wolfSSL, we should also not break it on purpose. > > Arne You told me to ignore it in IRC. But sure, I can make a v3.
>> The patch basically removes the !defined(ENABLE_CRYPTO_WOLFSSL) from >> this part of the ifdef and that breaks wolfSSL. While I don't think we >> should much effort into wolfSSL, we should also not break it on purpose. >> >> Arne > > You told me to ignore it in IRC. But sure, I can make a v3. Ignore but not break on purpose :) Arne
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index b3ee94f1..c78d2229 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -51,8 +51,8 @@ #define SSL_CTX_set1_groups SSL_CTX_set1_curves #endif -/* Functionality missing in LibreSSL and OpenSSL 1.0.2 */ -#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) && !defined(ENABLE_CRYPTO_WOLFSSL) +/* Functionality missing in LibreSSL before 3.5 and OpenSSL 1.0.2 */ +#if (OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050000fL)) && !defined(ENABLE_CRYPTO_WOLFSSL) /** * Destroy a X509 object * @@ -68,11 +68,13 @@ X509_OBJECT_free(X509_OBJECT *obj) } } -#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT #define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG #define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT +#endif /* Functionality missing in 1.0.2 */ #if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(ENABLE_CRYPTO_WOLFSSL)
LibreSSL has added some of the functions that are defined here. However, we still need RSA_F_RSA_OSSL_PRIVATE_ENCRYPT. v2: Change ifdef condition for RSA_F_RSA_OSSL_PRIVATE_ENCRYPT. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com> --- src/openvpn/openssl_compat.h | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)