Drop LibreSSL deviation from OpenSSL

Current LibreSSL versions do not need any exceptions from OpenSSL. This was tested with v3.6.1 on Arch Linux. Signed-off-by: Bastian Germann <bage@debian.org>

Drop LibreSSL deviation from OpenSSL
Current LibreSSL versions do not need any exceptions from OpenSSL. This was tested with v3.6.1 on Arch Linux. Signed-off-by: Bastian Germann <bage@debian.org>
263edd05 · Bastian Germann · Stefano Babic · 5e56c3bd · 263edd05 · 263edd05
Commit 263edd05 authored Nov 05, 2022 by Bastian Germann Committed by Stefano Babic Nov 06, 2022
--- a/corelib/swupdate_decrypt.c
+++ b/corelib/swupdate_decrypt.c
@@ -46,7 +46,7 @@ struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, char keylen, u
 		return NULL;
 	}

-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	EVP_CIPHER_CTX_init(&dgst->ctxdec);
 #else
 	dgst->ctxdec = EVP_CIPHER_CTX_new();
@@ -111,7 +111,7 @@ int swupdate_DECRYPT_final(struct swupdate_digest *dgst, unsigned char *buf,
 void swupdate_DECRYPT_cleanup(struct swupdate_digest *dgst)
 {
 	if (dgst) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		EVP_CIPHER_CTX_cleanup(SSL_GET_CTXDEC(dgst));
 #else
 		EVP_CIPHER_CTX_free(SSL_GET_CTXDEC(dgst));

--- a/include/sslapi.h
+++ b/include/sslapi.h
@@ -55,14 +55,11 @@
 #if defined(CONFIG_SSL_IMPL_OPENSSL) || defined(CONFIG_SSL_IMPL_WOLFSSL)

 #ifdef CONFIG_SIGALG_CMS
-#if defined(LIBRESSL_VERSION_NUMBER)
-#error "LibreSSL does not support CMS, please select RSA PKCS"
-#else
 #include <openssl/cms.h>

 static inline uint32_t SSL_X509_get_extension_flags(X509 *x)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	return x->ex_flags;
 #else
 	return X509_get_extension_flags(x);
@@ -71,14 +68,13 @@ static inline uint32_t SSL_X509_get_extension_flags(X509 *x)

 static inline uint32_t SSL_X509_get_extended_key_usage(X509 *x)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	return x->ex_xkusage;
 #else
 	return X509_get_extended_key_usage(x);
 #endif
 }

-#endif
 #endif /* CONFIG_SIGALG_CMS */

 #ifdef CONFIG_SSL_IMPL_WOLFSSL
@@ -104,14 +100,14 @@ struct swupdate_digest {
 	Aes ctxdec;
 	Pkcs11Dev pkdev;
 	Pkcs11Token pktoken;
-#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#elif OPENSSL_VERSION_NUMBER < 0x10100000L
 	EVP_CIPHER_CTX ctxdec;
 #else
 	EVP_CIPHER_CTX *ctxdec;
 #endif
 };

-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #define SSL_GET_CTXDEC(dgst) &dgst->ctxdec
 #else
 #define SSL_GET_CTXDEC(dgst) dgst->ctxdec
@@ -122,7 +118,7 @@ struct swupdate_digest {
 * library
 * It must be called just once
 */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #define swupdate_crypto_init() { \
 	do { \
 		CRYPTO_malloc_init(); \