Re: [Openvpn-devel] [PATCH v2 1/2] Update openssl_compat.h for newer LibreSSL

Fri, 19 Aug 2022 06:40:51 -0700 

> -----Original Message-----
> From: Arne Schwabe [mailto:a...@rfc2549.org]
> Sent: donderdag 18 augustus 2022 22:16
> To: Maximilian Fillinger <maximilian.fillin...@foxcrypto.com>; openvpn-
> de...@lists.sourceforge.net
> Subject: Re: [Openvpn-devel] [PATCH v2 1/2] Update openssl_compat.h for
> newer LibreSSL
> 
> Am 11.08.22 um 19:11 schrieb Max Fillinger:
> > LibreSSL has added some of the functions that are defined here.
> However,
> > we still need RSA_F_RSA_OSSL_PRIVATE_ENCRYPT.
> >
> > v2: Change ifdef condition for RSA_F_RSA_OSSL_PRIVATE_ENCRYPT.
> >
> > Signed-off-by: Max Fillinger <maximilian.fillin...@foxcrypto.com>
> > ---
> >   src/openvpn/openssl_compat.h | 8 +++++---
> >   1 file changed, 5 insertions(+), 3 deletions(-)
> >
> > diff --git a/src/openvpn/openssl_compat.h
> b/src/openvpn/openssl_compat.h
> > index b3ee94f1..c78d2229 100644
> > --- a/src/openvpn/openssl_compat.h
> > +++ b/src/openvpn/openssl_compat.h
> > @@ -51,8 +51,8 @@
> >   #define SSL_CTX_set1_groups SSL_CTX_set1_curves
> >   #endif
> >
> > -/* Functionality missing in LibreSSL and OpenSSL 1.0.2 */
> > -#if (OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER)) && !defined(ENABLE_CRYPTO_WOLFSSL)
> > +/* Functionality missing in LibreSSL before 3.5 and OpenSSL 1.0.2 */
> > +#if (OPENSSL_VERSION_NUMBER < 0x10100000L ||
> (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <
> 0x3050000fL)) && !defined(ENABLE_CRYPTO_WOLFSSL)
> >   /**
> >    * Destroy a X509 object
> >    *
> > @@ -68,11 +68,13 @@ X509_OBJECT_free(X509_OBJECT *obj)
> >       }
> >   }
> >
> > -#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT
> RSA_F_RSA_EAY_PRIVATE_ENCRYPT
> >   #define EVP_CTRL_AEAD_SET_TAG                EVP_CTRL_GCM_SET_TAG
> >   #define EVP_CTRL_AEAD_GET_TAG                EVP_CTRL_GCM_GET_TAG
> >   #endif
> >
> > +#if OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER)
> > +#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT
> RSA_F_RSA_EAY_PRIVATE_ENCRYPT
> > +#endif
> >
> 
> The patch basically removes the !defined(ENABLE_CRYPTO_WOLFSSL) from
> this part of the ifdef and that breaks wolfSSL. While I don't think we
> should much effort into wolfSSL, we should also not break it on purpose.
> 
> Arne

You told me to ignore it in IRC. But sure, I can make a v3.

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to