[mod_openssl] boringssl compat

2 years ago · b17c37c5e5
parent 94edf7e844
commit b17c37c5e5
5 changed files with 9 additions and 3 deletions
--- a/configure.ac
+++ b/configure.ac
@ -682,7 +682,7 @@ if test "$WITH_OPENSSL" != no; then
  AC_CHECK_HEADERS([openssl/ssl.h], [], [
    AC_MSG_ERROR([openssl headers not found. install them or build without --with-openssl])
  ])
-  AC_CHECK_LIB([crypto], [BIO_f_base64],
+  AC_CHECK_LIB([crypto], [RAND_bytes],
    [CRYPTO_LIB="-lcrypto"],
    [AC_MSG_ERROR([openssl crypto library not found. install it or build without --with-openssl])]
  )
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -321,7 +321,7 @@ if(WITH_OPENSSL)
 		set(CMAKE_REQUIRED_INCLUDES)
 	endif()
 	if(HAVE_OPENSSL_SSL_H)
-		check_library_exists(crypto BIO_f_base64 "" HAVE_LIBCRYPTO)
+		check_library_exists(crypto RAND_bytes "" HAVE_LIBCRYPTO)
 		if(HAVE_LIBCRYPTO)
 			set(CRYPTO_LIBRARY crypto)
 			check_library_exists(ssl SSL_new "" HAVE_LIBSSL)
--- a/src/meson.build
+++ b/src/meson.build
@ -450,7 +450,7 @@ if get_option('with_openssl')
 	# manual search:
 	# header: openssl/ssl.h
 	# function: SSL_new (-lssl)
-	# function: BIO_f_base64 (-lcrypto)
+	# function: RAND_bytes (-lcrypto)
 	libssl = [ dependency('libssl') ]
 	libsslcrypto = [ dependency('libcrypto') ]
 	libcrypto = [ dependency('libcrypto') ]
--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
@ -239,6 +239,7 @@ mod_openssl_session_ticket_key_generate (unix_time64_t active_ts, unix_time64_t
     */
    /*(RAND_priv_bytes() not in openssl 1.1.0; introduced in openssl 1.1.1)*/
  #if OPENSSL_VERSION_NUMBER < 0x10101000L \
+   || defined(BORINGSSL_API_VERSION) \
   || defined(LIBRESSL_VERSION_NUMBER)
  #define RAND_priv_bytes(x,sz) RAND_bytes((x),(sz))
  #endif
@ -653,6 +654,7 @@ PEM_ASN1_read_bio_secmem(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
    char *ret = NULL;

  #if OPENSSL_VERSION_NUMBER >= 0x10101000L \
+   && !defined(BORINGSSL_API_VERSION) \
   && !defined(LIBRESSL_VERSION_NUMBER)
    if (!PEM_bytes_read_bio_secmem(&data, &len, NULL, name, bp, cb, u))
  #else
@ -666,6 +668,7 @@ PEM_ASN1_read_bio_secmem(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
        PEMerr(PEM_F_PEM_ASN1_READ_BIO, ERR_R_ASN1_LIB);
  #endif
  #if OPENSSL_VERSION_NUMBER >= 0x10101000L \
+   && !defined(BORINGSSL_API_VERSION) \
   && !defined(LIBRESSL_VERSION_NUMBER)
    OPENSSL_secure_clear_free(data, len);
  #else
--- a/src/sys-crypto-md.h
+++ b/src/sys-crypto-md.h
@ -444,6 +444,9 @@ SHA512_Update(SHA512_CTX *ctx, const void *data, size_t length)
 #endif

 #include <openssl/opensslv.h>
+#ifdef BORINGSSL_API_VERSION
+typedef SHA512_CTX SHA512_256_CTX;
+#endif
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #include <openssl/evp.h>