Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

openssl: remove most BoringSSL #ifdefs. #640

Closed
wants to merge 1 commit into from
Closed

Conversation

@davidben
Copy link
Contributor

@davidben davidben commented Feb 9, 2016

I've tested this against BoringSSL and OpenSSL 1.0.2. make test passes against both on my machine. I'm happy to be more or less aggressive in removing the #ifdefs as you prefer.

Notably, I can see an argument to keep the RAND seeding code out. See https://commondatastorage.googleapis.com/chromium-boringssl-docs/rand.h.html#Deprecated-functions for the various ridiculous tricks we do to no-op everyone's RAND seeding logic. :-) Your call.


As of https://boringssl-review.googlesource.com/#/c/6980/, almost all of BoringSSL #ifdefs in cURL should be unnecessary:

  • BoringSSL provides no-op stubs for compatibility which replaces most #ifdefs.
  • DES_set_odd_parity has been in BoringSSL for nearly a year now. Remove the compatibility codepath.
  • With a small tweak to an extend_key_56_to_64 call, the NTLM code builds fine.
  • Switch OCSP-related #ifdefs to the more generally useful OPENSSL_NO_OCSP.

The only #ifdefs which remain are Curl_ossl_version and the #undefs to work around OpenSSL and wincrypt.h name conflicts. (BoringSSL leaves that to the consumer. The in-header workaround makes things sensitive to include order.)

This change errs on the side of removing conditionals despite many of the restored codepaths being no-ops. (BoringSSL generally adds no-op compatibility stubs when possible. OPENSSL_VERSION_NUMBER #ifdefs are bad enough!)

As of https://boringssl-review.googlesource.com/#/c/6980/, almost all of
BoringSSL #ifdefs in cURL should be unnecessary:

- BoringSSL provides no-op stubs for compatibility which replaces most
  #ifdefs.

- DES_set_odd_parity has been in BoringSSL for nearly a year now. Remove
  the compatibility codepath.

- With a small tweak to an extend_key_56_to_64 call, the NTLM code
  builds fine.

- Switch OCSP-related #ifdefs to the more generally useful
  OPENSSL_NO_OCSP.

The only #ifdefs which remain are Curl_ossl_version and the #undefs to
work around OpenSSL and wincrypt.h name conflicts. (BoringSSL leaves
that to the consumer. The in-header workaround makes things sensitive to
include order.)

This change errs on the side of removing conditionals despite many of
the restored codepaths being no-ops. (BoringSSL generally adds no-op
compatibility stubs when possible. OPENSSL_VERSION_NUMBER #ifdefs are
bad enough!)
#include <openssl/ui.h>
#else
/* ENGINE_load_private_key() takes three arguments */
#undef HAVE_ENGINE_LOAD_FOUR_ARGS
Copy link
Contributor Author

@davidben davidben Feb 9, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(I'm not sure where this came from. We've never had that function.)

Copy link
Member

@bagder bagder Feb 9, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can't recall that specific one, I assume that was just a mistake of mine

@bagder bagder added the TLS label Feb 9, 2016
@bagder bagder self-assigned this Feb 9, 2016
@bagder bagder closed this in 39c803c Feb 9, 2016
@bagder
Copy link
Member

@bagder bagder commented Feb 9, 2016

Thanks!

@lock lock bot locked as resolved and limited conversation to collaborators Jan 19, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants