Added
Link Here
|
0 |
- |
1 |
--- src/client.c.orig 2021-04-05 21:21:38 UTC |
|
|
2 |
+++ src/client.c |
3 |
@@ -742,7 +742,7 @@ NOEXPORT void print_cipher(CLI *c) { /* print negotiat |
4 |
NOEXPORT void transfer(CLI *c) { |
5 |
int timeout; /* s_poll_wait timeout in seconds */ |
6 |
int pending; /* either processed on unprocessed TLS data */ |
7 |
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
8 |
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
9 |
int has_pending=0, prev_has_pending; |
10 |
#endif |
11 |
int watchdog=0; /* a counter to detect an infinite loop */ |
12 |
@@ -789,7 +789,7 @@ NOEXPORT void transfer(CLI *c) { |
13 |
|
14 |
/****************************** wait for an event */ |
15 |
pending=SSL_pending(c->ssl); |
16 |
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
17 |
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
18 |
/* only attempt to process SSL_has_pending() data once */ |
19 |
prev_has_pending=has_pending; |
20 |
has_pending=SSL_has_pending(c->ssl); |
21 |
@@ -1194,7 +1194,7 @@ NOEXPORT void transfer(CLI *c) { |
22 |
s_log(LOG_ERR, |
23 |
"please report the problem to Michal.Trojnara@stunnel.org"); |
24 |
stunnel_info(LOG_ERR); |
25 |
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
26 |
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
27 |
s_log(LOG_ERR, "protocol=%s, SSL_pending=%d, SSL_has_pending=%d", |
28 |
SSL_get_version(c->ssl), |
29 |
SSL_pending(c->ssl), SSL_has_pending(c->ssl)); |
30 |
--- src/ctx.c.orig 2021-08-16 18:58:06 UTC |
31 |
+++ src/ctx.c |
32 |
@@ -91,7 +91,7 @@ NOEXPORT void set_prompt(const char *); |
33 |
NOEXPORT int ui_retry(); |
34 |
|
35 |
/* session tickets */ |
36 |
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L |
37 |
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) |
38 |
NOEXPORT int generate_session_ticket_cb(SSL *, void *); |
39 |
NOEXPORT int decrypt_session_ticket_cb(SSL *, SSL_SESSION *, |
40 |
const unsigned char *, size_t, SSL_TICKET_STATUS, void *); |
41 |
@@ -130,7 +130,7 @@ NOEXPORT void sslerror_log(unsigned long, const char * |
42 |
|
43 |
/**************************************** initialize section->ctx */ |
44 |
|
45 |
-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
46 |
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
47 |
typedef long unsigned SSL_OPTIONS_TYPE; |
48 |
#else |
49 |
typedef long SSL_OPTIONS_TYPE; |
50 |
@@ -138,7 +138,7 @@ typedef long SSL_OPTIONS_TYPE; |
51 |
|
52 |
int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ |
53 |
/* create a new TLS context */ |
54 |
-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
55 |
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
56 |
if(section->option.client) |
57 |
section->ctx=SSL_CTX_new(TLS_client_method()); |
58 |
else /* server mode */ |
59 |
@@ -173,7 +173,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init T |
60 |
} |
61 |
current_section=section; /* setup current section for callbacks */ |
62 |
|
63 |
-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
64 |
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
65 |
/* set the security level */ |
66 |
if(section->security_level>=0) { |
67 |
/* set the user-specified value */ |
68 |
@@ -258,7 +258,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init T |
69 |
#endif |
70 |
|
71 |
/* setup session tickets */ |
72 |
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L |
73 |
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) |
74 |
SSL_CTX_set_session_ticket_cb(section->ctx, generate_session_ticket_cb, |
75 |
decrypt_session_ticket_cb, NULL); |
76 |
#endif /* OpenSSL 1.1.1 or later */ |
77 |
@@ -533,7 +533,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) { |
78 |
/**************************************** initialize OpenSSL CONF */ |
79 |
|
80 |
NOEXPORT int conf_init(SERVICE_OPTIONS *section) { |
81 |
-#if OPENSSL_VERSION_NUMBER>=0x10002000L |
82 |
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) |
83 |
SSL_CONF_CTX *cctx; |
84 |
NAME_LIST *curr; |
85 |
char *cmd, *param; |
86 |
@@ -1039,7 +1039,7 @@ NOEXPORT int ui_retry() { |
87 |
|
88 |
/**************************************** session tickets */ |
89 |
|
90 |
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L |
91 |
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) |
92 |
|
93 |
typedef struct { |
94 |
void *session_authenticated; |
95 |
@@ -1532,7 +1532,7 @@ NOEXPORT void info_callback(const SSL *ssl, int where, |
96 |
|
97 |
c=SSL_get_ex_data((SSL *)ssl, index_ssl_cli); |
98 |
if(c) { |
99 |
-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
100 |
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
101 |
OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl); |
102 |
#else |
103 |
int state=SSL_get_state((SSL *)ssl); |
104 |
--- src/options.c.orig 2021-08-05 07:19:52 UTC |
105 |
+++ src/options.c |
106 |
@@ -81,7 +81,7 @@ NOEXPORT char *sni_init(SERVICE_OPTIONS *); |
107 |
NOEXPORT void sni_free(SERVICE_OPTIONS *); |
108 |
#endif /* !defined(OPENSSL_NO_TLSEXT) */ |
109 |
|
110 |
-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
111 |
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
112 |
NOEXPORT int str_to_proto_version(const char *); |
113 |
#else /* OPENSSL_VERSION_NUMBER<0x10100000L */ |
114 |
NOEXPORT char *tls_methods_set(SERVICE_OPTIONS *, const char *); |
115 |
@@ -96,7 +96,7 @@ NOEXPORT PSK_KEYS *psk_dup(PSK_KEYS *); |
116 |
NOEXPORT void psk_free(PSK_KEYS *); |
117 |
#endif /* !defined(OPENSSL_NO_PSK) */ |
118 |
|
119 |
-#if OPENSSL_VERSION_NUMBER>=0x10000000L |
120 |
+#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) |
121 |
NOEXPORT TICKET_KEY *key_read(char *, char *); |
122 |
NOEXPORT TICKET_KEY *key_dup(TICKET_KEY *); |
123 |
NOEXPORT void key_free(TICKET_KEY *); |
124 |
@@ -3252,7 +3252,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_O |
125 |
break; |
126 |
} |
127 |
|
128 |
-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
129 |
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
130 |
|
131 |
/* sslVersion */ |
132 |
switch(cmd) { |
133 |
@@ -3421,7 +3421,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_O |
134 |
} |
135 |
#endif |
136 |
|
137 |
-#if OPENSSL_VERSION_NUMBER>=0x10000000L |
138 |
+#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) |
139 |
|
140 |
/* ticketKeySecret */ |
141 |
switch(cmd) { |
142 |
@@ -3904,7 +3904,7 @@ NOEXPORT void sni_free(SERVICE_OPTIONS *section) { |
143 |
|
144 |
/**************************************** modern TLS version handling */ |
145 |
|
146 |
-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
147 |
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
148 |
|
149 |
NOEXPORT int str_to_proto_version(const char *name) { |
150 |
if(!strcasecmp(name, "all")) |
151 |
@@ -4229,7 +4229,7 @@ NOEXPORT void psk_free(PSK_KEYS *head) { |
152 |
|
153 |
/**************************************** read ticket key */ |
154 |
|
155 |
-#if OPENSSL_VERSION_NUMBER>=0x10000000L |
156 |
+#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) |
157 |
|
158 |
NOEXPORT TICKET_KEY *key_read(char *arg, char *option) { |
159 |
char *key_str; |
160 |
--- src/prototypes.h.orig 2021-05-30 20:19:44 UTC |
161 |
+++ src/prototypes.h |
162 |
@@ -250,7 +250,7 @@ typedef struct service_options_struct { |
163 |
#if OPENSSL_VERSION_NUMBER>=0x009080dfL |
164 |
long unsigned ssl_options_clear; |
165 |
#endif /* OpenSSL 0.9.8m or later */ |
166 |
-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
167 |
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
168 |
int min_proto_version, max_proto_version; |
169 |
#else /* OPENSSL_VERSION_NUMBER<0x10100000L */ |
170 |
SSL_METHOD *client_method, *server_method; |
171 |
@@ -722,7 +722,7 @@ int getnameinfo(const struct sockaddr *, socklen_t, |
172 |
extern CLI *thread_head; |
173 |
#endif |
174 |
|
175 |
-#if OPENSSL_VERSION_NUMBER<0x10100004L |
176 |
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) |
177 |
|
178 |
#ifdef USE_OS_THREADS |
179 |
|
180 |
@@ -773,7 +773,7 @@ typedef enum { |
181 |
|
182 |
extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS]; |
183 |
|
184 |
-#if OPENSSL_VERSION_NUMBER<0x10100004L |
185 |
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) |
186 |
/* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */ |
187 |
CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); |
188 |
int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *); |
189 |
--- src/ssl.c.orig 2021-04-05 21:19:15 UTC |
190 |
+++ src/ssl.c |
191 |
@@ -39,12 +39,17 @@ |
192 |
#include "prototypes.h" |
193 |
|
194 |
/* global OpenSSL initialization: compression, engine, entropy */ |
195 |
+#ifdef LIBRESSL_VERSION_NUMBER |
196 |
+NOEXPORT int cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, |
197 |
+ int idx, long argl, void *argp); |
198 |
+#else |
199 |
NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, |
200 |
int idx, long argl, void *argp); |
201 |
-#if OPENSSL_VERSION_NUMBER>=0x30000000L |
202 |
+#endif |
203 |
+#if OPENSSL_VERSION_NUMBER>=0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) |
204 |
NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, |
205 |
void **from_d, int idx, long argl, void *argp); |
206 |
-#elif OPENSSL_VERSION_NUMBER>=0x10100000L |
207 |
+#elif OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
208 |
NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, |
209 |
void *from_d, int idx, long argl, void *argp); |
210 |
#else |
211 |
@@ -83,7 +88,7 @@ int fips_available() { /* either FIPS provider or cont |
212 |
} |
213 |
|
214 |
int ssl_init(void) { /* init TLS before parsing configuration file */ |
215 |
-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
216 |
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
217 |
OPENSSL_INIT_SETTINGS *conf=OPENSSL_INIT_new(); |
218 |
#ifdef USE_WIN32 |
219 |
OPENSSL_INIT_set_config_filename(conf, "..\\config\\openssl.cnf"); |
220 |
@@ -143,21 +148,33 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM * |
221 |
#endif |
222 |
#endif |
223 |
|
224 |
+#ifdef LIBRESSL_VERSION_NUMBER |
225 |
+NOEXPORT int cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, |
226 |
+ int idx, long argl, void *argp) { |
227 |
+#else |
228 |
NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, |
229 |
int idx, long argl, void *argp) { |
230 |
+#endif |
231 |
(void)parent; /* squash the unused parameter warning */ |
232 |
(void)ptr; /* squash the unused parameter warning */ |
233 |
(void)argl; /* squash the unused parameter warning */ |
234 |
s_log(LOG_DEBUG, "Initializing application specific data for %s", |
235 |
(char *)argp); |
236 |
- if(!CRYPTO_set_ex_data(ad, idx, (void *)(-1))) |
237 |
+ if(!CRYPTO_set_ex_data(ad, idx, (void *)(-1))) { |
238 |
sslerror("CRYPTO_set_ex_data"); |
239 |
+#ifdef LIBRESSL_VERSION_NUMBER |
240 |
+ return 0; |
241 |
+#endif |
242 |
+ } |
243 |
+#ifdef LIBRESSL_VERSION_NUMBER |
244 |
+ return 1; |
245 |
+#endif |
246 |
} |
247 |
|
248 |
-#if OPENSSL_VERSION_NUMBER>=0x30000000L |
249 |
+#if OPENSSL_VERSION_NUMBER>=0x30000000L && !defined(LIBRESSL_VERSION_NUMBER) |
250 |
NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, |
251 |
void **from_d, int idx, long argl, void *argp) { |
252 |
-#elif OPENSSL_VERSION_NUMBER>=0x10100000L |
253 |
+#elif OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
254 |
NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, |
255 |
void *from_d, int idx, long argl, void *argp) { |
256 |
#else |
257 |
@@ -256,7 +273,7 @@ int ssl_configure(GLOBAL_OPTIONS *global) { /* configu |
258 |
|
259 |
#ifndef OPENSSL_NO_COMP |
260 |
|
261 |
-#if OPENSSL_VERSION_NUMBER<0x10100000L |
262 |
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
263 |
|
264 |
NOEXPORT int COMP_get_type(const COMP_METHOD *meth) { |
265 |
return meth->type; |
266 |
@@ -347,7 +364,7 @@ NOEXPORT int prng_init(GLOBAL_OPTIONS *global) { |
267 |
const RAND_METHOD *meth=RAND_get_rand_method(); |
268 |
|
269 |
/* skip PRNG initialization when no seeding methods are available */ |
270 |
- if(meth->status==NULL || meth->add==NULL) { |
271 |
+ if(meth==NULL || meth->status==NULL || meth->add==NULL) { |
272 |
s_log(LOG_DEBUG, "No PRNG seeding methods"); |
273 |
return 0; /* success */ |
274 |
} |
275 |
--- src/sthreads.c.orig 2021-02-10 11:39:36 UTC |
276 |
+++ src/sthreads.c |
277 |
@@ -102,14 +102,16 @@ unsigned long stunnel_thread_id(void) { |
278 |
|
279 |
#endif /* USE_WIN32 */ |
280 |
|
281 |
-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L |
282 |
+#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L) || \ |
283 |
+ defined(LIBRESSL_VERSION_NUMBER) |
284 |
NOEXPORT void threadid_func(CRYPTO_THREADID *tid) { |
285 |
CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id()); |
286 |
} |
287 |
#endif |
288 |
|
289 |
void thread_id_init(void) { |
290 |
-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L |
291 |
+#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L) || \ |
292 |
+ defined(LIBRESSL_VERSION_NUMBER) |
293 |
CRYPTO_THREADID_set_callback(threadid_func); |
294 |
#endif |
295 |
#if OPENSSL_VERSION_NUMBER<0x10000000L || !defined(OPENSSL_NO_DEPRECATED) |
296 |
@@ -120,7 +122,7 @@ void thread_id_init(void) { |
297 |
/**************************************** locking */ |
298 |
|
299 |
/* we only need to initialize locking with OpenSSL older than 1.1.0 */ |
300 |
-#if OPENSSL_VERSION_NUMBER<0x10100004L |
301 |
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) |
302 |
|
303 |
#ifdef USE_PTHREAD |
304 |
|
305 |
@@ -279,7 +281,7 @@ NOEXPORT int s_atomic_add(int *val, int amount, CRYPTO |
306 |
|
307 |
CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS]; |
308 |
|
309 |
-#if OPENSSL_VERSION_NUMBER<0x10100004L |
310 |
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) |
311 |
|
312 |
#ifdef USE_OS_THREADS |
313 |
|
314 |
@@ -387,7 +389,8 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, |
315 |
|
316 |
void locking_init(void) { |
317 |
size_t i; |
318 |
-#if defined(USE_OS_THREADS) && OPENSSL_VERSION_NUMBER<0x10100004L |
319 |
+#if defined(USE_OS_THREADS) && \ |
320 |
+ (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)) |
321 |
size_t num; |
322 |
|
323 |
/* initialize the OpenSSL static locking */ |
324 |
--- src/tls.c.orig 2021-02-10 11:39:36 UTC |
325 |
+++ src/tls.c |
326 |
@@ -41,7 +41,7 @@ |
327 |
volatile int tls_initialized=0; |
328 |
|
329 |
NOEXPORT void tls_platform_init(); |
330 |
-#if OPENSSL_VERSION_NUMBER<0x10100000L |
331 |
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
332 |
NOEXPORT void free_function(void *); |
333 |
#endif |
334 |
|
335 |
@@ -52,7 +52,7 @@ void tls_init() { |
336 |
tls_platform_init(); |
337 |
tls_initialized=1; |
338 |
ui_tls=tls_alloc(NULL, NULL, "ui"); |
339 |
-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
340 |
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
341 |
CRYPTO_set_mem_functions(str_alloc_detached_debug, |
342 |
str_realloc_detached_debug, str_free_debug); |
343 |
#else |
344 |
@@ -184,7 +184,7 @@ TLS_DATA *tls_get() { |
345 |
|
346 |
/**************************************** OpenSSL allocator hook */ |
347 |
|
348 |
-#if OPENSSL_VERSION_NUMBER<0x10100000L |
349 |
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
350 |
NOEXPORT void free_function(void *ptr) { |
351 |
/* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */ |
352 |
/* unfortunately, OpenSSL provides no file:line information here */ |
353 |
--- src/verify.c.orig 2021-08-05 07:19:52 UTC |
354 |
+++ src/verify.c |
355 |
@@ -351,7 +351,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback |
356 |
cert=X509_STORE_CTX_get_current_cert(callback_ctx); |
357 |
subject=X509_get_subject_name(cert); |
358 |
|
359 |
-#if OPENSSL_VERSION_NUMBER<0x10100006L |
360 |
+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER) |
361 |
#define X509_STORE_CTX_get1_certs X509_STORE_get1_certs |
362 |
#endif |
363 |
/* modern API allows retrieving multiple matching certificates */ |