openssl: BoringSSL / AWS-LC tidy-ups

- schannel: apply BoringSSL workaround to AWS-LC too.
  Affects Schannel + AWS-LC MultiSSL builds. (not tested in CI)
  Ref: 274940d743 #2643 #2634

- curl_ntlm_core: deduplicate macro defines.

- curl_ntlm_core: document version thresholds for an AWS-LC-specific
  workaround.
  It was necessary between v1.2.0 2022-09-01 and v1.30.1 2024-06-21.
  No longer necessary since v1.31.0 2024-07-01:
  ba94617d99
  Follow-up to 34ef4fab22 #10320

- lib758: drop redundant OpenSSL version guards.
  `OPENSSL_VERSION_NUMBER > 3` automatically guards against LibreSSL,
  BoringSSL and AWS-LC.
  Ref: 6ddd8f2c0b
  Follow-up to a5f0ab7995 #18288

- dllmain, curl_sha512_256: formatting.

Closes #18387

lib/curl_ntlm_core.c

@@ -70,14 +70,10 @@
 #  include <openssl/md5.h>
 #  include <openssl/ssl.h>
 #  include <openssl/rand.h>
-#  ifdef OPENSSL_IS_AWSLC
+#  ifdef OPENSSL_IS_AWSLC  /* for versions 1.2.0 to 1.30.1 */
 #    define DES_set_key_unchecked (void)DES_set_key
-#    define DESKEYARG(x) *x
-#    define DESKEY(x) &x
-#  else
-#    define DESKEYARG(x) *x
-#    define DESKEY(x) &x
 #  endif
+#  define DESKEY(x) &x
 #else
 #  include <wolfssl/openssl/des.h>
 #  include <wolfssl/openssl/md5.h>
@@ -91,12 +87,11 @@
 #    define DES_set_key_unchecked wolfSSL_DES_set_key_unchecked
 #    define DES_ecb_encrypt wolfSSL_DES_ecb_encrypt
 #    define DESKEY(x) ((WOLFSSL_DES_key_schedule *)(x))
-#    define DESKEYARG(x) *x
 #  else
-#    define DESKEYARG(x) *x
 #    define DESKEY(x) &x
 #  endif
 #endif
+#define DESKEYARG(x) *x
 
 #elif defined(USE_GNUTLS)
 

lib/curl_sha512_256.c

@@ -41,10 +41,10 @@
 #ifdef USE_OPENSSL
 #  include <openssl/opensslv.h>
 #  if (!defined(LIBRESSL_VERSION_NUMBER) && \
-        defined(OPENSSL_VERSION_NUMBER) && \
-        (OPENSSL_VERSION_NUMBER >= 0x10101000L)) || \
+       defined(OPENSSL_VERSION_NUMBER) && \
+       OPENSSL_VERSION_NUMBER >= 0x10101000L) || \
       (defined(LIBRESSL_VERSION_NUMBER) && \
-        (LIBRESSL_VERSION_NUMBER >= 0x3080000fL))
+       LIBRESSL_VERSION_NUMBER >= 0x3080000fL)
 #    include <openssl/opensslconf.h>
 #    if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
 #      include <openssl/evp.h>

lib/dllmain.c

@@ -37,10 +37,8 @@
 #if defined(_WIN32) && !defined(CURL_STATICLIB)
 
 #if defined(USE_OPENSSL) && \
-    !defined(OPENSSL_IS_AWSLC) && \
-    !defined(OPENSSL_IS_BORINGSSL) && \
-    !defined(LIBRESSL_VERSION_NUMBER) && \
-    (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+  !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC) && \
+  !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
 #define PREVENT_OPENSSL_MEMLEAK
 #endif
 

lib/vtls/schannel.h

@@ -68,7 +68,7 @@
  * BoringSSL's <openssl/x509.h>: So just undefine those defines here
  * (and only here).
  */
-#ifdef OPENSSL_IS_BORINGSSL
+#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
 # undef X509_NAME
 # undef X509_CERT_PAIR
 # undef X509_EXTENSIONS

tests/libtest/lib758.c

@@ -38,9 +38,7 @@
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 
-#if ((OPENSSL_VERSION_NUMBER >= 0x30000000L) && \
-     !defined(LIBRESSL_VERSION_NUMBER) && \
-     !defined(OPENSSL_IS_BORINGSSL))
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #define T578_ENABLED
 #endif
 #endif