10 years ago · fee31f76cd
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -31,17 +31,9 @@
 
				 #include "sha384.h"
			
 
				 #include "crypto.h"
			
 
				 
			
 
				-#if OPENSSL_VERSION_NUMBER < 0x00907000
			
 
				-#define DES_key_schedule des_key_schedule
			
 
				-#define DES_cblock des_cblock
			
 
				-#define DES_set_key(key, schedule) des_set_key((key), *(schedule))
			
 
				-#define DES_ecb_encrypt(input, output, ks, enc) \
			
 
				-	des_ecb_encrypt((input), (output), *(ks), (enc))
			
 
				-#endif /* openssl < 0.9.7 */
			
 
				-
			
 
				 static BIGNUM * get_group5_prime(void)
			
 
				 {
			
 
				-#if OPENSSL_VERSION_NUMBER < 0x00908000 || defined(OPENSSL_IS_BORINGSSL)
			
 
				+#ifdef OPENSSL_IS_BORINGSSL
			
 
				 	static const unsigned char RFC3526_PRIME_1536[] = {
			
 
				 		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
			
 
				 		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
			
@@ -61,20 +53,11 @@ static BIGNUM * get_group5_prime(void)
 
				 		0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
			
 
				 	};
			
 
				         return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), NULL);
			
 
				-#else /* openssl < 0.9.8 */
			
 
				+#else /* OPENSSL_IS_BORINGSSL */
			
 
				 	return get_rfc3526_prime_1536(NULL);
			
 
				-#endif /* openssl < 0.9.8 */
			
 
				+#endif /* OPENSSL_IS_BORINGSSL */
			
 
				 }
			
 
				 
			
 
				-#if OPENSSL_VERSION_NUMBER < 0x00908000
			
 
				-#ifndef OPENSSL_NO_SHA256
			
 
				-#ifndef OPENSSL_FIPS
			
 
				-#define NO_SHA256_WRAPPER
			
 
				-#endif
			
 
				-#endif
			
 
				-
			
 
				-#endif /* openssl < 0.9.8 */
			
 
				-
			
 
				 #ifdef OPENSSL_NO_SHA256
			
 
				 #define NO_SHA256_WRAPPER
			
 
				 #endif
			
@@ -742,16 +725,9 @@ int hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
 
				 int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
			
 
				 		int iterations, u8 *buf, size_t buflen)
			
 
				 {
			
 
				-#if OPENSSL_VERSION_NUMBER < 0x00908000
			
 
				-	if (PKCS5_PBKDF2_HMAC_SHA1(passphrase, os_strlen(passphrase),
			
 
				-				   (unsigned char *) ssid,
			
 
				-				   ssid_len, iterations, buflen, buf) != 1)
			
 
				-		return -1;
			
 
				-#else /* openssl < 0.9.8 */
			
 
				 	if (PKCS5_PBKDF2_HMAC_SHA1(passphrase, os_strlen(passphrase), ssid,
			
 
				 				   ssid_len, iterations, buflen, buf) != 1)
			
 
				 		return -1;
			
 
				-#endif /* openssl < 0.9.8 */
			
 
				 	return 0;
			
 
				 }
			
 
				 
			
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -28,12 +28,6 @@
 
				 #include "crypto.h"
			
 
				 #include "tls.h"
			
 
				 
			
 
				-#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
			
 
				-#define OPENSSL_d2i_TYPE const unsigned char **
			
 
				-#else
			
 
				-#define OPENSSL_d2i_TYPE unsigned char **
			
 
				-#endif
			
 
				-
			
 
				 #if defined(SSL_CTX_get_app_data) && defined(SSL_CTX_set_app_data)
			
 
				 #define OPENSSL_SUPPORTS_CTX_APP_DATA
			
 
				 #endif
			
@@ -400,7 +394,8 @@ static int tls_cryptoapi_cert(SSL *ssl, const char *name)
 
				 		goto err;
			
 
				 	}
			
 
				 
			
 
				-	cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded,
			
 
				+	cert = d2i_X509(NULL,
			
 
				+			(const unsigned char **) &priv->cert->pbCertEncoded,
			
 
				 			priv->cert->cbCertEncoded);
			
 
				 	if (cert == NULL) {
			
 
				 		wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER "
			
@@ -500,7 +495,8 @@ static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name)
 
				 	}
			
 
				 
			
 
				 	while ((ctx = CertEnumCertificatesInStore(cs, ctx))) {
			
 
				-		cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded,
			
 
				+		cert = d2i_X509(NULL,
			
 
				+				(const unsigned char **) &ctx->pbCertEncoded,
			
 
				 				ctx->cbCertEncoded);
			
 
				 		if (cert == NULL) {
			
 
				 			wpa_printf(MSG_INFO, "CryptoAPI: Could not process "
			
@@ -774,7 +770,7 @@ void * tls_init(const struct tls_config *conf)
 
				 #endif /* CONFIG_FIPS */
			
 
				 		SSL_load_error_strings();
			
 
				 		SSL_library_init();
			
 
				-#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
			
 
				+#ifndef OPENSSL_NO_SHA256
			
 
				 		EVP_add_digest(EVP_sha256());
			
 
				 #endif /* OPENSSL_NO_SHA256 */
			
 
				 		/* TODO: if /dev/urandom is available, PRNG is seeded
			
@@ -1699,7 +1695,8 @@ static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn,
 
				 	}
			
 
				 
			
 
				 	if (ca_cert_blob) {
			
 
				-		X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob,
			
 
				+		X509 *cert = d2i_X509(NULL,
			
 
				+				      (const unsigned char **) &ca_cert_blob,
			
 
				 				      ca_cert_blob_len);
			
 
				 		if (cert == NULL) {
			
 
				 			tls_show_errors(MSG_WARNING, __func__,
			
@@ -2138,7 +2135,7 @@ static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl,
 
				 #ifdef PKCS12_FUNCS
			
 
				 	PKCS12 *p12;
			
 
				 
			
 
				-	p12 = d2i_PKCS12(NULL, (OPENSSL_d2i_TYPE) &blob, len);
			
 
				+	p12 = d2i_PKCS12(NULL, (const unsigned char **) &blob, len);
			
 
				 	if (p12 == NULL) {
			
 
				 		tls_show_errors(MSG_INFO, __func__,
			
 
				 				"Failed to use PKCS#12 blob");