commit 2b523604481f35571049a5cc80eaaaade168f2c8 Author: Nick Mathewson nickm@torproject.org Date: Wed Jul 11 10:10:42 2018 -0400
Only use OpenSSL kdf support if it is present.
We have to check for ERR_load_KDF_strings() here, since that's the only one that's actually a function rather than a macro.
Fixes compilation with LibreSSL. Fixes bug 26712; bug not in any released Tor. --- configure.ac | 1 + src/lib/crypt_ops/crypto_hkdf.c | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac index 532476672..2ababb03b 100644 --- a/configure.ac +++ b/configure.ac @@ -902,6 +902,7 @@ AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , , ])
AC_CHECK_FUNCS([ \ + ERR_load_KDF_strings \ SSL_SESSION_get_master_key \ SSL_get_server_random \ SSL_get_client_ciphers \ diff --git a/src/lib/crypt_ops/crypto_hkdf.c b/src/lib/crypt_ops/crypto_hkdf.c index 0200d0fe9..1873632a9 100644 --- a/src/lib/crypt_ops/crypto_hkdf.c +++ b/src/lib/crypt_ops/crypto_hkdf.c @@ -19,9 +19,9 @@
#include <openssl/opensslv.h>
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) -#define HAVE_OPENSSL_HKDF 1 +#if defined(HAVE_ERR_LOAD_KDF_STRINGS) #include <openssl/kdf.h> +#define HAVE_OPENSSL_HKDF 1 #endif
#include <string.h>