> -----Original Message----- > From: Arne Schwabe [mailto:a...@rfc2549.org] > Sent: donderdag 18 augustus 2022 22:16 > To: Maximilian Fillinger <maximilian.fillin...@foxcrypto.com>; openvpn- > de...@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH v2 1/2] Update openssl_compat.h for > newer LibreSSL > > Am 11.08.22 um 19:11 schrieb Max Fillinger: > > LibreSSL has added some of the functions that are defined here. > However, > > we still need RSA_F_RSA_OSSL_PRIVATE_ENCRYPT. > > > > v2: Change ifdef condition for RSA_F_RSA_OSSL_PRIVATE_ENCRYPT. > > > > Signed-off-by: Max Fillinger <maximilian.fillin...@foxcrypto.com> > > --- > > src/openvpn/openssl_compat.h | 8 +++++--- > > 1 file changed, 5 insertions(+), 3 deletions(-) > > > > diff --git a/src/openvpn/openssl_compat.h > b/src/openvpn/openssl_compat.h > > index b3ee94f1..c78d2229 100644 > > --- a/src/openvpn/openssl_compat.h > > +++ b/src/openvpn/openssl_compat.h > > @@ -51,8 +51,8 @@ > > #define SSL_CTX_set1_groups SSL_CTX_set1_curves > > #endif > > > > -/* Functionality missing in LibreSSL and OpenSSL 1.0.2 */ > > -#if (OPENSSL_VERSION_NUMBER < 0x10100000L || > defined(LIBRESSL_VERSION_NUMBER)) && !defined(ENABLE_CRYPTO_WOLFSSL) > > +/* Functionality missing in LibreSSL before 3.5 and OpenSSL 1.0.2 */ > > +#if (OPENSSL_VERSION_NUMBER < 0x10100000L || > (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < > 0x3050000fL)) && !defined(ENABLE_CRYPTO_WOLFSSL) > > /** > > * Destroy a X509 object > > * > > @@ -68,11 +68,13 @@ X509_OBJECT_free(X509_OBJECT *obj) > > } > > } > > > > -#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT > RSA_F_RSA_EAY_PRIVATE_ENCRYPT > > #define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG > > #define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG > > #endif > > > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || > defined(LIBRESSL_VERSION_NUMBER) > > +#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT > RSA_F_RSA_EAY_PRIVATE_ENCRYPT > > +#endif > > > > The patch basically removes the !defined(ENABLE_CRYPTO_WOLFSSL) from > this part of the ifdef and that breaks wolfSSL. While I don't think we > should much effort into wolfSSL, we should also not break it on purpose. > > Arne
You told me to ignore it in IRC. But sure, I can make a v3. _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel