From patchwork Sat Nov  5 20:32:47 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Germann <bage@debian.org>
X-Patchwork-Id: 1700147
Return-Path: <swupdate+bncBC4Z7BGUB4INHEM3TMDBUBBUM4E2O@googlegroups.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com
 (client-ip=2a00:1450:4864:20::33f; helo=mail-wm1-x33f.google.com;
 envelope-from=swupdate+bncbc4z7bgub4inhem3tmdbubbum4e2o@googlegroups.com;
 receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=googlegroups.com header.i=@googlegroups.com
 header.a=rsa-sha256 header.s=20210112 header.b=LS6kd7+V;
	dkim-atps=neutral
Received: from mail-wm1-x33f.google.com (mail-wm1-x33f.google.com
 [IPv6:2a00:1450:4864:20::33f])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4N4TkG6zHYz23lW
	for <incoming@patchwork.ozlabs.org>; Sun,  6 Nov 2022 07:34:30 +1100 (AEDT)
Received: by mail-wm1-x33f.google.com with SMTP id
 c10-20020a7bc84a000000b003cf81c2d3efsf2498480wml.7
        for <incoming@patchwork.ozlabs.org>;
 Sat, 05 Nov 2022 13:34:30 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1667680468; cv=pass;
        d=google.com; s=arc-20160816;
        b=O7ao3rmZqPDKWMLncq1fsRFdXwnk33wjMoWXlW5WJ/2fFwEULfkyy1OeWePd4lzID3
         nd7Y3dzW7VtFaI20wE2AJWj5pWGVHN+UbWX8XkDcni5A03w18EihZMhDCPwKRUyadeCD
         mr8rVsOzZVnn8re1YmOZLViADqNJjN9pcD/41ApLXkeEwNef6HIiQ6FPf4He/xoMXmZ1
         5skfKHTAUKhIeDDCv7ni3MjhxXKHEU9InLf5j8NS5hySFgdChgZfN3F9sb9xVW1xb7OV
         L1cYh844V8aBn9jAgNl+fgSgjaUOaj2hyuIKNaRdn2iFI7Syr3rEt9aaL8w8B5BLtZ8+
         MxwQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:mime-version:message-id:date
         :subject:cc:to:from:sender:dkim-signature;
        bh=CGIdyR8rjC8zTgWHL+dmevwEo0xMR0y3frYg96poxkg=;
        b=SVMWbhtGHTrCPuy12ADDilo2XNirGIpbg3oZZJWcOugt/KdUSemurDpE1burInBxWu
         m+NwPeA2s4u0GWW7ZuXpY2aOhlrVROG397W0WCJCTFhxjFUqhRqRXHJTq8OVXpqMZhTm
         Ry9XhQJmhwkV6lUjAF/KHjVsbPwfNbQZTi8iEBRvD+6ia+LkjZA0zMERdqNU2vJRiNRa
         Qtw8XcECTrwMq5hhloYwC5lYm4e4VAg5s7FSNGPLX512SDiRhms+X6NEo7S3WHBxPn48
         v/33xmSLiYxAaE+t8mKn1OgtkJF5zXKcxuUGB30Ws9GooDoQRfVd7SbT24WT8n1q4zeR
         vP6g==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@debian.org header.s=smtpauto.stravinsky
 header.b=TNHkE5h6;
       spf=none (google.com: debian.org does not designate permitted sender
 hosts) smtp.mailfrom=bage@debian.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20210112;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:mime-version:message-id:date:subject:cc:to:from
         :sender:from:to:cc:subject:date:message-id:reply-to;
        bh=CGIdyR8rjC8zTgWHL+dmevwEo0xMR0y3frYg96poxkg=;
        b=LS6kd7+VFBYNvSftxYlxUWh+ECGj5Lwj410SaSkRb8pSgs/bgOuk40v6GKM8ng3YnX
         g6vzuPyBNQYTCJesEC1uBJgxN1FygWZnkIVAkxMqaFRPbHgTh/qXmvc7QHNMoZ6renfJ
         XDZCa9xWa5Tyz1SMsnzHT+v02zpsLu2vcU8h24A+oW5QXwy9GAIYJsANm0pKkyLTHYTw
         JGH+LrgPwyE+WcAYpbkO5s7WTt7TVBz4tPVJNeY+abJ0zWZOKdrmMTpJxyqnb8/pPyZl
         Tat91tb602pdrTSWzCcYmAvOHrlTRj4b99/U1XjuQR3iMEAVd27xE05zmjDXWgTcyqWZ
         9tSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :x-spam-checked-in-group:list-id:mailing-list:precedence
         :x-original-authentication-results:x-original-sender:mime-version
         :message-id:date:subject:cc:to:from:x-gm-message-state:sender:from
         :to:cc:subject:date:message-id:reply-to;
        bh=CGIdyR8rjC8zTgWHL+dmevwEo0xMR0y3frYg96poxkg=;
        b=ZL4V0KIWfz/O/kiL3/v3uL/cTlSgLvYI01WgCfaOqxAbl5DUVcq+cl/X6H40azCX7j
         hmO8dkHaD5jzb/gi5YS3DhfCoDh83k14SBKshQ6/Qa5mkXfzc234v//MKQCu/XArG6gN
         Q5YMiOkH2HGvl+4+bCLTGFUiAu1GkrL0+1xW0DrkjyZQDkgpNd7EMP0Im28XBCi+whbh
         dTeD8NB5xLSw5FLe7Us23pwp0p8cqSgF54GWoMGT+3UORtrelpQS9yaC4AVwYy7dAPeG
         xLf58MhWcj+mlZnZ/SgBiXHem85m1NFR5KkS8y8fXhbLWyxgREQqjCjZGRZ2PFUzeyUr
         1BjA==
Sender: swupdate@googlegroups.com
X-Gm-Message-State: ACrzQf1dxa0YK5HEvdvu5JKBNJPDCvEHcNTBAmroWpGl0GAwnDVW53e3
	TzimYy0n8aWIE5aDx7NJADc=
X-Google-Smtp-Source: 
 AMsMyM6NdSOEGVMZr9LEIjfe4NCEP+rKWZQ3uI+FYVb4GAR/yy8Fo3lms3pN6WkfmBnTO/CHuvIiSw==
X-Received: by 2002:a5d:42c7:0:b0:236:4ddd:3576 with SMTP id
 t7-20020a5d42c7000000b002364ddd3576mr26979690wrr.289.1667680468104;
        Sat, 05 Nov 2022 13:34:28 -0700 (PDT)
X-BeenThere: swupdate@googlegroups.com
Received: by 2002:a05:6000:238:b0:22c:d34e:768c with SMTP id
 l24-20020a056000023800b0022cd34e768cls10034424wrz.0.-pod-prod-gmail; Sat, 05
 Nov 2022 13:34:26 -0700 (PDT)
X-Received: by 2002:a5d:4910:0:b0:235:ab9b:33a2 with SMTP id
 x16-20020a5d4910000000b00235ab9b33a2mr26788721wrq.58.1667680371206;
        Sat, 05 Nov 2022 13:32:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1667680371; cv=none;
        d=google.com; s=arc-20160816;
        b=YxvLHRomuylihG2GbBo7Uj5OlNBA/ojfY71QlHPhkzO2QhcpwIaMFQyurhi1SGxVVY
         0vR7/x8UzR25wBHmeb2oHBxWJwlZUKIRCsLKKT5FRvjRmK7oAbMeaeM6cAKIZvj0guqU
         zKSyHYyNO+LtBCoAj4qC5VVoRd7i3159UbBqBVYmIwPx6MyutgFN5P4zOZI8rRVLNt/T
         TIacpjDgKa/96g5b2yk7vUNjKD8y3DogmXrMwSWyUlEJoEqt6bb4hmn+e4Vgoa+SquCE
         YJaTLK2hxQiF2y4VwfwNLTgejfZqFHw3vMFK37CFgZkMc7J0HRRHQOxokOSt65HCacWX
         iWPw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:dkim-signature;
        bh=UCyDRLgvtH9WXjcCAWIRgBdXaX8wtdxxd8edeTcIM3w=;
        b=H2QmNstabE5orcG9mIv0RfFmQvWiy28/4EK55pyUtbmG1u1q2sGBdLtNUcUGLiD1Hv
         +1VbzK2pdjZ/lPW1JZiQSHwi2xk0EIhh8xmW2SJZLT/Wjk7/rckDR3ZkfeNJWZsBku0N
         tc05IiPOGh92JdPJBGHgjZHnml2+XH3+OG3O7yrNtUTKXP/KZ1eTlL4PLYdj7azcg9pF
         65bpu1doQYSAOYkszbiIuTzlhZjGG7vk5JAcE78e4X5PTKWCwLyk56FeP1jQAUt1l8JJ
         CyscC/7DSf9UHJ5O9t3rQhJeYmSKQilHyARfIBvCpS80GelVMJtuhKu2Wxc8NKAjxjC/
         XPxg==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@debian.org header.s=smtpauto.stravinsky
 header.b=TNHkE5h6;
       spf=none (google.com: debian.org does not designate permitted sender
 hosts) smtp.mailfrom=bage@debian.org
Received: from stravinsky.debian.org (stravinsky.debian.org.
 [2001:41b8:202:deb::311:108])
        by gmr-mx.google.com with ESMTPS id
 n23-20020a7bc5d7000000b003cf1536d24dsi95314wmk.0.2022.11.05.13.32.51
        for <swupdate@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 05 Nov 2022 13:32:51 -0700 (PDT)
Received-SPF: none (google.com: debian.org does not designate permitted sender
 hosts) client-ip=2001:41b8:202:deb::311:108;
Received: from authenticated user
	by stravinsky.debian.org with esmtpsa
 (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
	(Exim 4.94.2)
	(envelope-from <bage@debian.org>)
	id 1orPqV-004NTq-Pi; Sat, 05 Nov 2022 20:32:50 +0000
From: Bastian Germann <bage@debian.org>
To: swupdate@googlegroups.com
Cc: Bastian Germann <bage@debian.org>
Subject: [swupdate] [PATCH] Drop LibreSSL deviation from OpenSSL
Date: Sat,  5 Nov 2022 21:32:47 +0100
Message-Id: <20221105203247.3284-1-bage@debian.org>
X-Mailer: git-send-email 2.38.1
MIME-Version: 1.0
X-Debian-User: bage
X-Original-Sender: bage@debian.org
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@debian.org header.s=smtpauto.stravinsky header.b=TNHkE5h6;
       spf=none (google.com: debian.org does not designate permitted sender
 hosts) smtp.mailfrom=bage@debian.org
Precedence: list
Mailing-list: list swupdate@googlegroups.com;
 contact swupdate+owners@googlegroups.com
List-ID: <swupdate.googlegroups.com>
X-Spam-Checked-In-Group: swupdate@googlegroups.com
X-Google-Group-Id: 605343134186
List-Post: <https://groups.google.com/group/swupdate/post>,
 <mailto:swupdate@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
 <mailto:swupdate+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/swupdate
List-Subscribe: <https://groups.google.com/group/swupdate/subscribe>,
 <mailto:swupdate+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+605343134186+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/swupdate/subscribe>

Current LibreSSL versions do not need any exceptions from OpenSSL.
This was tested with v3.6.1 on Arch Linux.

Signed-off-by: Bastian Germann <bage@debian.org>
---
 corelib/swupdate_decrypt.c |  4 ++--
 include/sslapi.h           | 14 +++++---------
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/corelib/swupdate_decrypt.c b/corelib/swupdate_decrypt.c
index b3a4d0a..9fa8dcb 100644
--- a/corelib/swupdate_decrypt.c
+++ b/corelib/swupdate_decrypt.c
@@ -46,7 +46,7 @@ struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, char keylen, u
 		return NULL;
 	}
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	EVP_CIPHER_CTX_init(&dgst->ctxdec);
 #else
 	dgst->ctxdec = EVP_CIPHER_CTX_new();
@@ -111,7 +111,7 @@ int swupdate_DECRYPT_final(struct swupdate_digest *dgst, unsigned char *buf,
 void swupdate_DECRYPT_cleanup(struct swupdate_digest *dgst)
 {
 	if (dgst) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		EVP_CIPHER_CTX_cleanup(SSL_GET_CTXDEC(dgst));
 #else
 		EVP_CIPHER_CTX_free(SSL_GET_CTXDEC(dgst));
diff --git a/include/sslapi.h b/include/sslapi.h
index 1fa15b0..accf3c4 100644
--- a/include/sslapi.h
+++ b/include/sslapi.h
@@ -55,14 +55,11 @@
 #if defined(CONFIG_SSL_IMPL_OPENSSL) || defined(CONFIG_SSL_IMPL_WOLFSSL)
 
 #ifdef CONFIG_SIGALG_CMS
-#if defined(LIBRESSL_VERSION_NUMBER)
-#error "LibreSSL does not support CMS, please select RSA PKCS"
-#else
 #include <openssl/cms.h>
 
 static inline uint32_t SSL_X509_get_extension_flags(X509 *x)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	return x->ex_flags;
 #else
 	return X509_get_extension_flags(x);
@@ -71,14 +68,13 @@ static inline uint32_t SSL_X509_get_extension_flags(X509 *x)
 
 static inline uint32_t SSL_X509_get_extended_key_usage(X509 *x)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	return x->ex_xkusage;
 #else
 	return X509_get_extended_key_usage(x);
 #endif
 }
 
-#endif
 #endif /* CONFIG_SIGALG_CMS */
 
 #ifdef CONFIG_SSL_IMPL_WOLFSSL
@@ -104,14 +100,14 @@ struct swupdate_digest {
 	Aes ctxdec;
 	Pkcs11Dev pkdev;
 	Pkcs11Token pktoken;
-#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#elif OPENSSL_VERSION_NUMBER < 0x10100000L
 	EVP_CIPHER_CTX ctxdec;
 #else
 	EVP_CIPHER_CTX *ctxdec;
 #endif
 };
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #define SSL_GET_CTXDEC(dgst) &dgst->ctxdec
 #else
 #define SSL_GET_CTXDEC(dgst) dgst->ctxdec
@@ -122,7 +118,7 @@ struct swupdate_digest {
  * library
  * It must be called just once
  */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #define swupdate_crypto_init() { \
 	do { \
 		CRYPTO_malloc_init(); \