-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some cleanups #25
Some cleanups #25
Conversation
I marked this as WIP because it has not yet tested enough, but it is OK to review and comment on changes of course! 😃 |
Signed-off-by: Masanori Ogino <masanori.ogino@gmail.com>
Signed-off-by: Masanori Ogino <masanori.ogino@gmail.com>
Signed-off-by: Masanori Ogino <masanori.ogino@gmail.com>
Even OpenSSL >= 1.1.0 may be built without EC APIs due to footprint or patent problems, and LibreSSL >= 2.9.1 provides the EC APIs while it may not contain some of newer RSA APIs. Signed-off-by: Masanori Ogino <masanori.ogino@gmail.com>
Signed-off-by: Masanori Ogino <masanori.ogino@gmail.com>
Signed-off-by: Masanori Ogino <masanori.ogino@gmail.com>
Signed-off-by: Masanori Ogino <masanori.ogino@gmail.com>
It is possible that macros with OPENSSL_ prefix will collide with OpenSSL's usage. The NEVERBLEED_ prefix will not for sure. Also, descriptive names will prevent from reusing them in inappropriate ways, like OPENSSL_1_1_API has been used for two different purpose: 1) to check if RSA_METHOD is opaque and 2) to check if the new unified EC APIs are available. Signed-off-by: Masanori Ogino <masanori.ogino@gmail.com>
OPENSSL_NO_EC is also lacked in pre-EC-era OpenSSL, not only LibreSSL. Signed-off-by: Masanori Ogino <masanori.ogino@gmail.com>
Signed-off-by: Masanori Ogino <masanori.ogino@gmail.com>
Signed-off-by: Masanori Ogino <masanori.ogino@gmail.com>
Now it is (mostly) ready! Just I am too lazy to bring up a CentOS box for testing... |
Built successfully with CentOS 7. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the PR. Looks good to me. Please let me know when you think it is ready for merge.
Thank you for your prompt review, @kazuho! Tested on CentOS 7 using
Since proposed changes affect significantly to OpenSSL without EC support (as it failed to build |
Thank you very much for all your efforts, and the matrix of tests that you have covered. |
Besides trivial "add one blank line here for consistency" and "the ordering seems dirty a bit" ones, this PR does the following:
NEVERBLEED_
prefix for feature detection macros to avoid future collisions.#include
sI believe these changes will improve maintainability and compatibility with LibreSSL. However, the branch is constructed on a step-by-step basis, so please feel free to point out inappropriate ones. I am ready to exclude them.
Compiles with:
RSA_
shim unneeded)RSA_
shim unneeded)RSA_
shim unneeded)RSA_
shim needed)RSA_
shim unneeded)RSA_
shim unneeded)RSA_
shim needed)Fixes #19