diff options
author | David Benjamin <davidben@google.com> | 2016-04-25 18:55:43 (GMT) |
---|---|---|
committer | Jouni Malinen <j@w1.fi> | 2016-05-10 16:36:46 (GMT) |
commit | e4471338c6556f4e60f4aca1313df2f6c52497c6 (patch) | |
tree | bfa77074a6721000ceca3ccf9d2d652e1e9eefbf | |
parent | 9524e7e5a4a18539f0fb532544d2de63621b5f8b (diff) | |
download | hostap-e4471338c6556f4e60f4aca1313df2f6c52497c6.zip hostap-e4471338c6556f4e60f4aca1313df2f6c52497c6.tar.gz hostap-e4471338c6556f4e60f4aca1313df2f6c52497c6.tar.bz2 |
OpenSSL: BoringSSL has SSL_get_client_random(), etc.
BoringSSL added OpenSSL 1.1.0's SSL_get_client_random() and friends in
working towards opaquifying the SSL struct. But it, for the moment,
still looks more like 1.0.2 than 1.1.0 and advertises
OPENSSL_VERSION_NUMBER as such. This means that there is no need to
define those in BoringSSL and defining them causes conflicts. (C does
not like having static and non-static functions with the same name.)
As requested, this is conditioned on defined(BORINGSSL_API_VERSION) so
wpa_supplicant may continue to support older BoringSSLs for a time.
(BoringSSL revisions without the accessors predate BoringSSL maintaining
a BORINGSSL_API_VERSION.)
Also add a missing opensslv.h include. tls_openssl.c is sensitive to
OPENSSL_VERSION_NUMBER, so it should include the header directly rather
than rely on another header to do so.
Signed-off-by: David Benjamin <davidben@google.com>
-rw-r--r-- | src/crypto/tls_openssl.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index ebcc545..4f2e875 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -18,6 +18,7 @@ #include <openssl/ssl.h> #include <openssl/err.h> +#include <openssl/opensslv.h> #include <openssl/pkcs12.h> #include <openssl/x509v3.h> #ifndef OPENSSL_NO_ENGINE @@ -51,10 +52,13 @@ typedef int stack_index_t; #endif /* OPENSSL_NO_TLSEXT */ #endif /* SSL_set_tlsext_status_type */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if (OPENSSL_VERSION_NUMBER < 0x10100000L || \ + defined(LIBRESSL_VERSION_NUMBER)) && \ + !defined(BORINGSSL_API_VERSION) /* * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL - * 1.1.0. Provide compatibility wrappers for older versions. + * 1.1.0 and newer BoringSSL revisions. Provide compatibility wrappers for + * older versions. */ static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, |