[PATCH] OpenSSL: Fix OpenSSL 1.1.0 compatibility functions

David Benjamin davidben at google.com
Thu Aug 11 07:49:49 PDT 2016

Attached since my mail client will probably mess it up otherwise.

To be consistent with OpenSSL 1.1.0, the free functions should
internally check for NULL. EVP_MD_CTX_free also was missing an
EVP_MD_CTX_cleanup, so this leaked a little.

OpenSSL 1.1.0 also has given get_rfc3526_prime_1536 a better namespace
with get_rfc3526_prime_1536 as a compatibility-only name. Use that
instead in 1.1.0.

Note this patch checks OPENSSL_VERSION_NUMBER for
BN_get_rfc3526_prime_1536 before OPENSSL_IS_BORINGSSL. This is
intentional. BoringSSL currently claims to be 1.0.2, so this won't
break existing BoringSSL's.

Eventually we hope to claim 1.1.0 compatibility. I think we originally
omitted get_rfc3526_prime_1536 because it was unnamespaced, but
BN_get_rfc3526_prime_1536 is a fine name so, when we claim 1.1.0, that
function will exist and you won't need the extra implementation. I'll
leave it to you all to decide when you drop support for older AOSP
releases, but my hope is that you can drop that ifdef, the
SSL_get_client_random one (sorry about that one!), and possibly
others, in time, and just rely on the advertised version number being
accurate. (Right now we're this awkward mix of mostly 1.0.2 with bits
of 1.1.0.)

You'll probably want to confirm I haven't broken 1.1.0. I've only
compile-tested this in Android.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-OpenSSL-Fix-OpenSSL-1.1.0-compatibility-functions.patch
Type: text/x-patch
Size: 2177 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160811/eff396ed/attachment.bin>

More information about the Hostap mailing list