On Thu, May 5, 2016 at 6:41 PM David Benjamin <davidben@xxxxxxxxxx> wrote: > > I can start a BORINGSSL_API_VERSION counter and roll that into AOSP > now. This will be a random meaningless number except we promise it > will only increase and we'll probably increment it at points vaguely > corresponding with additions or changes in the API, wherever it ends > up convenient to do so. :-) Then this patch will be updated to be > defined(BORINGSSL_API_VERSION). In future we'd do > BORINGSSL_API_VERSION > whatever. And then you all can figure out how > far back it should go. (For my part, I want to minimize your burden, > so I would encourage you need to retain support for versions older > than you need, but it sounds like your master branch cares about more > Android releases than I thought.) > > Does that sound reasonable? BORINGSSL_API_VERSION is now in BoringSSL and AOSP master. I've attached a revised version of the patch that uses it instead. David
From 1c2eb6b4f3d9065dc37b79eb85069602ee1a1d8e Mon Sep 17 00:00:00 2001 From: David Benjamin <davidben@xxxxxxxxxx> Date: Mon, 25 Apr 2016 14:55:43 -0400 Subject: [PATCH] OpenSSL: BoringSSL has SSL_get_client_random, etc. BoringSSL added 1.1.0's SSL_get_client_random and friends in working towards opaquifying the SSL struct. But it, for the moment, still looks more like 1.0.2 than 1.1.0 and advertises OPENSSL_VERSION_NUMBER as such. This means that there is no need to define those in BoringSSL and defining them causes conflicts. (C does not like having static and non-static functions with the same name.) As requested, this is conditioned on defined(BORINGSSL_API_VERSION) so wpa_supplicant may continue to support older BoringSSLs for a time. (BoringSSL revisions without the accessors predate BoringSSL maintaining a BORINGSSL_API_VERSION.) Also add a missing opensslv.h include. tls_openssl.c is sensitive to OPENSSL_VERSION_NUMBER, so it should include the header directly rather than rely on another header to do so. Signed-off-by: David Benjamin <davidben@xxxxxxxxxx> --- src/crypto/tls_openssl.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index ebcc545..4f2e875 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -18,6 +18,7 @@ #include <openssl/ssl.h> #include <openssl/err.h> +#include <openssl/opensslv.h> #include <openssl/pkcs12.h> #include <openssl/x509v3.h> #ifndef OPENSSL_NO_ENGINE @@ -51,10 +52,13 @@ typedef int stack_index_t; #endif /* OPENSSL_NO_TLSEXT */ #endif /* SSL_set_tlsext_status_type */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if (OPENSSL_VERSION_NUMBER < 0x10100000L || \ + defined(LIBRESSL_VERSION_NUMBER)) && \ + !defined(BORINGSSL_API_VERSION) /* * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL - * 1.1.0. Provide compatibility wrappers for older versions. + * 1.1.0 and newer BoringSSL revisions. Provide compatibility wrappers for + * older versions. */ static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, -- 2.8.0.rc3.226.g39d4020
_______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
