Attachment 228395 Details for Bug 258885 – 0001-security-stunnel-add-optional-patch-for-LibreSSL

[patch] 0001-security-stunnel-add-optional-patch-for-LibreSSL

0001-security-stunnel-add-optional-patch-for-LibreSSL.patch (text/plain), 16.95 KB, created by Felix Palmen on 2021-10-03 11:14:28 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Felix Palmen

Created: 2021-10-03 11:14:28 UTC

Size: 16.95 KB

patch

obsolete

>From d40915f14c14bdfcbacc36eaa7784a2fe7ac3e62 Mon Sep 17 00:00:00 2001
>From: Felix Palmen <felix@palmen-it.de>
>Date: Sun, 3 Oct 2021 13:00:54 +0200
>Subject: [PATCH] security/stunnel: add optional patch for LibreSSL
>
>---
> security/stunnel/Makefile                     |  15 +-
> .../stunnel/files/extra-patch-libressl-compat | 363 ++++++++++++++++++
> 2 files changed, 377 insertions(+), 1 deletion(-)
> create mode 100644 security/stunnel/files/extra-patch-libressl-compat
>
>diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile
>index 764412548e5c..535c2c09b0c3 100644
>--- a/security/stunnel/Makefile
>+++ b/security/stunnel/Makefile
>@@ -36,7 +36,7 @@ CONFIGURE_ARGS=	--localstatedir=/var/tmp --enable-static --disable-systemd \
> 		--with-ssl="${OPENSSLBASE}"
> SHEBANG_FILES=	src/stunnel3.in
> 
>-OPTIONS_DEFINE=			DOCS EXAMPLES FIPS IPV6 LIBWRAP
>+OPTIONS_DEFINE=			DOCS EXAMPLES FIPS IPV6 LIBRESSL_PATCH LIBWRAP
> OPTIONS_SINGLE=			THREAD
> OPTIONS_SINGLE_THREAD=		FORK PTHREAD UCONTEXT
> OPTIONS_DEFAULT=		PTHREAD
>@@ -47,6 +47,7 @@ LIBWRAP_CONFIGURE_ENABLE=	libwrap
> 
> FIPS_DESC=			Enable OpenSSL FIPS mode
> FORK_DESC=			Use the fork(3) threading model
>+LIBRESSL_PATCH_DESC=		Add unofficial patch to support LibreSSL
> PTHREAD_DESC=			Use the pthread(3) threading model
> UCONTEXT_DESC=			Use the ucontext(3) threading model
> 
>@@ -58,6 +59,10 @@ GROUPS=		${STUNNEL_GROUP}
> 
> .include <bsd.port.options.mk>
> 
>+.if ${PORT_OPTIONS:MLIBRESSL_PATCH}
>+EXTRA_PATCHES+=		${PATCHDIR}/extra-patch-libressl-compat
>+.endif
>+
> .if ${PORT_OPTIONS:MLIBWRAP}
> LDFLAGS+=		-lwrap
> .endif
>@@ -74,6 +79,14 @@ LDFLAGS+=	-lpthread
> 
> .include <bsd.port.pre.mk>
> 
>+.if !${PORT_OPTIONS:MLIBRESSL_PATCH} && ${SSL_DEFAULT:Mlibressl*}
>+IGNORE=		Build with LibreSSL is broken and requires an extra patch, set LIBRESSL_PATCH option to use it
>+.endif
>+
>+.if ${PORT_OPTIONS:MLIBRESSL_PATCH} && !${SSL_DEFAULT:Mlibressl*}
>+IGNORE=		The LIBRESSL_PATCH option can only be used for building with LibreSSL
>+.endif
>+
> .if ${PORT_OPTIONS:MFIPS} && ${SSL_DEFAULT:Mlibressl*}
> IGNORE=		LibreSSL does not support FIPS standard
> .endif
>diff --git a/security/stunnel/files/extra-patch-libressl-compat b/security/stunnel/files/extra-patch-libressl-compat
>new file mode 100644
>index 000000000000..05884d02bbfb
>--- /dev/null
>+++ b/security/stunnel/files/extra-patch-libressl-compat
>@@ -0,0 +1,363 @@
>+--- src/client.c.orig	2021-04-05 21:21:38 UTC
>++++ src/client.c
>+@@ -742,7 +742,7 @@ NOEXPORT void print_cipher(CLI *c) { /* print negotiat
>+ NOEXPORT void transfer(CLI *c) {
>+     int timeout; /* s_poll_wait timeout in seconds */
>+     int pending; /* either processed on unprocessed TLS data */
>+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
>++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
>+     int has_pending=0, prev_has_pending;
>+ #endif
>+     int watchdog=0; /* a counter to detect an infinite loop */
>+@@ -789,7 +789,7 @@ NOEXPORT void transfer(CLI *c) {
>+ 
>+         /****************************** wait for an event */
>+         pending=SSL_pending(c->ssl);
>+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
>++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
>+         /* only attempt to process SSL_has_pending() data once */
>+         prev_has_pending=has_pending;
>+         has_pending=SSL_has_pending(c->ssl);
>+@@ -1194,7 +1194,7 @@ NOEXPORT void transfer(CLI *c) {
>+             s_log(LOG_ERR,
>+                 "please report the problem to Michal.Trojnara@stunnel.org");
>+             stunnel_info(LOG_ERR);
>+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
>++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
>+             s_log(LOG_ERR, "protocol=%s, SSL_pending=%d, SSL_has_pending=%d",
>+                 SSL_get_version(c->ssl),
>+                 SSL_pending(c->ssl), SSL_has_pending(c->ssl));
>+--- src/ctx.c.orig	2021-08-16 18:58:06 UTC
>++++ src/ctx.c
>+@@ -91,7 +91,7 @@ NOEXPORT void set_prompt(const char *);
>+ NOEXPORT int ui_retry();
>+ 
>+ /* session tickets */
>+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
>++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
>+ NOEXPORT int generate_session_ticket_cb(SSL *, void *);
>+ NOEXPORT int decrypt_session_ticket_cb(SSL *, SSL_SESSION *,
>+     const unsigned char *, size_t, SSL_TICKET_STATUS, void *);
>+@@ -130,7 +130,7 @@ NOEXPORT void sslerror_log(unsigned long, const char *
>+ 
>+ /**************************************** initialize section->ctx */
>+ 
>+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
>++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
>+ typedef long unsigned SSL_OPTIONS_TYPE;
>+ #else
>+ typedef long SSL_OPTIONS_TYPE;
>+@@ -138,7 +138,7 @@ typedef long SSL_OPTIONS_TYPE;
>+ 
>+ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
>+     /* create a new TLS context */
>+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
>++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
>+     if(section->option.client)
>+         section->ctx=SSL_CTX_new(TLS_client_method());
>+     else /* server mode */
>+@@ -173,7 +173,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init T
>+     }
>+     current_section=section; /* setup current section for callbacks */
>+ 
>+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
>++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
>+     /* set the security level */
>+     if(section->security_level>=0) {
>+         /* set the user-specified value */
>+@@ -258,7 +258,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init T
>+ #endif
>+ 
>+     /* setup session tickets */
>+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
>++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
>+     SSL_CTX_set_session_ticket_cb(section->ctx, generate_session_ticket_cb,
>+         decrypt_session_ticket_cb, NULL);
>+ #endif /* OpenSSL 1.1.1 or later */
>+@@ -533,7 +533,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
>+ /**************************************** initialize OpenSSL CONF */
>+ 
>+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
>+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
>++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
>+     SSL_CONF_CTX *cctx;
>+     NAME_LIST *curr;
>+     char *cmd, *param;
>+@@ -1039,7 +1039,7 @@ NOEXPORT int ui_retry() {
>+ 
>+ /**************************************** session tickets */
>+ 
>+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
>++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
>+ 
>+ typedef struct {
>+     void *session_authenticated;
>+@@ -1532,7 +1532,7 @@ NOEXPORT void info_callback(const SSL *ssl, int where,
>+ 
>+     c=SSL_get_ex_data((SSL *)ssl, index_ssl_cli);
>+     if(c) {
>+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
>++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
>+         OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl);
>+ #else
>+         int state=SSL_get_state((SSL *)ssl);
>+--- src/options.c.orig	2021-08-05 07:19:52 UTC
>++++ src/options.c
>+@@ -81,7 +81,7 @@ NOEXPORT char *sni_init(SERVICE_OPTIONS *);
>+ NOEXPORT void sni_free(SERVICE_OPTIONS *);
>+ #endif /* !defined(OPENSSL_NO_TLSEXT) */
>+ 
>+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
>++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
>+ NOEXPORT int str_to_proto_version(const char *);
>+ #else /* OPENSSL_VERSION_NUMBER<0x10100000L */
>+ NOEXPORT char *tls_methods_set(SERVICE_OPTIONS *, const char *);
>+@@ -96,7 +96,7 @@ NOEXPORT PSK_KEYS *psk_dup(PSK_KEYS *);
>+ NOEXPORT void psk_free(PSK_KEYS *);
>+ #endif /* !defined(OPENSSL_NO_PSK) */
>+ 
>+-#if OPENSSL_VERSION_NUMBER>=0x10000000L
>++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER)
>+ NOEXPORT TICKET_KEY *key_read(char *, char *);
>+ NOEXPORT TICKET_KEY *key_dup(TICKET_KEY *);
>+ NOEXPORT void key_free(TICKET_KEY *);
>+@@ -3252,7 +3252,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_O
>+         break;
>+     }
>+ 
>+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
>++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
>+ 
>+     /* sslVersion */
>+     switch(cmd) {
>+@@ -3421,7 +3421,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_O
>+     }
>+ #endif
>+ 
>+-#if OPENSSL_VERSION_NUMBER>=0x10000000L
>++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER)
>+ 
>+     /* ticketKeySecret */
>+     switch(cmd) {
>+@@ -3904,7 +3904,7 @@ NOEXPORT void sni_free(SERVICE_OPTIONS *section) {
>+ 
>+ /**************************************** modern TLS version handling */
>+ 
>+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
>++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
>+ 
>+ NOEXPORT int str_to_proto_version(const char *name) {
>+     if(!strcasecmp(name, "all"))
>+@@ -4229,7 +4229,7 @@ NOEXPORT void psk_free(PSK_KEYS *head) {
>+ 
>+ /**************************************** read ticket key */
>+ 
>+-#if OPENSSL_VERSION_NUMBER>=0x10000000L
>++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER)
>+ 
>+ NOEXPORT TICKET_KEY *key_read(char *arg, char *option) {
>+     char *key_str;
>+--- src/prototypes.h.orig	2021-05-30 20:19:44 UTC
>++++ src/prototypes.h
>+@@ -250,7 +250,7 @@ typedef struct service_options_struct {
>+ #if OPENSSL_VERSION_NUMBER>=0x009080dfL
>+     long unsigned ssl_options_clear;
>+ #endif /* OpenSSL 0.9.8m or later */
>+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
>++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
>+     int min_proto_version, max_proto_version;
>+ #else /* OPENSSL_VERSION_NUMBER<0x10100000L */
>+     SSL_METHOD *client_method, *server_method;
>+@@ -722,7 +722,7 @@ int getnameinfo(const struct sockaddr *, socklen_t,
>+ extern CLI *thread_head;
>+ #endif
>+ 
>+-#if OPENSSL_VERSION_NUMBER<0x10100004L
>++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
>+ 
>+ #ifdef USE_OS_THREADS
>+ 
>+@@ -773,7 +773,7 @@ typedef enum {
>+ 
>+ extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
>+ 
>+-#if OPENSSL_VERSION_NUMBER<0x10100004L
>++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
>+ /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */
>+ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
>+ int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *);
>+--- src/ssl.c.orig	2021-04-05 21:19:15 UTC
>++++ src/ssl.c
>+@@ -39,12 +39,17 @@
>+ #include "prototypes.h"
>+ 
>+     /* global OpenSSL initialization: compression, engine, entropy */
>++#ifdef LIBRESSL_VERSION_NUMBER
>++NOEXPORT int cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
>++        int idx, long argl, void *argp);
>++#else
>+ NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
>+         int idx, long argl, void *argp);
>+-#if OPENSSL_VERSION_NUMBER>=0x30000000L
>++#endif
>++#if OPENSSL_VERSION_NUMBER>=0x30000000L && !defined(LIBRESSL_VERSION_NUMBER)
>+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
>+     void **from_d, int idx, long argl, void *argp);
>+-#elif OPENSSL_VERSION_NUMBER>=0x10100000L
>++#elif OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
>+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
>+     void *from_d, int idx, long argl, void *argp);
>+ #else
>+@@ -83,7 +88,7 @@ int fips_available() { /* either FIPS provider or cont
>+ }
>+ 
>+ int ssl_init(void) { /* init TLS before parsing configuration file */
>+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
>++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
>+     OPENSSL_INIT_SETTINGS *conf=OPENSSL_INIT_new();
>+ #ifdef USE_WIN32
>+     OPENSSL_INIT_set_config_filename(conf, "..\\config\\openssl.cnf");
>+@@ -143,21 +148,33 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *
>+ #endif
>+ #endif
>+ 
>++#ifdef LIBRESSL_VERSION_NUMBER
>++NOEXPORT int cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
>++        int idx, long argl, void *argp) {
>++#else
>+ NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
>+         int idx, long argl, void *argp) {
>++#endif
>+     (void)parent; /* squash the unused parameter warning */
>+     (void)ptr; /* squash the unused parameter warning */
>+     (void)argl; /* squash the unused parameter warning */
>+     s_log(LOG_DEBUG, "Initializing application specific data for %s",
>+         (char *)argp);
>+-    if(!CRYPTO_set_ex_data(ad, idx, (void *)(-1)))
>++    if(!CRYPTO_set_ex_data(ad, idx, (void *)(-1))) {
>+         sslerror("CRYPTO_set_ex_data");
>++#ifdef LIBRESSL_VERSION_NUMBER
>++	return 0;
>++#endif
>++    }
>++#ifdef LIBRESSL_VERSION_NUMBER
>++    return 1;
>++#endif
>+ }
>+ 
>+-#if OPENSSL_VERSION_NUMBER>=0x30000000L
>++#if OPENSSL_VERSION_NUMBER>=0x30000000L && !defined(LIBRESSL_VERSION_NUMBER)
>+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
>+         void **from_d, int idx, long argl, void *argp) {
>+-#elif OPENSSL_VERSION_NUMBER>=0x10100000L
>++#elif OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
>+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
>+         void *from_d, int idx, long argl, void *argp) {
>+ #else
>+@@ -256,7 +273,7 @@ int ssl_configure(GLOBAL_OPTIONS *global) { /* configu
>+ 
>+ #ifndef OPENSSL_NO_COMP
>+ 
>+-#if OPENSSL_VERSION_NUMBER<0x10100000L
>++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
>+ 
>+ NOEXPORT int COMP_get_type(const COMP_METHOD *meth) {
>+     return meth->type;
>+@@ -347,7 +364,7 @@ NOEXPORT int prng_init(GLOBAL_OPTIONS *global) {
>+     const RAND_METHOD *meth=RAND_get_rand_method();
>+ 
>+     /* skip PRNG initialization when no seeding methods are available */
>+-    if(meth->status==NULL || meth->add==NULL) {
>++    if(meth==NULL || meth->status==NULL || meth->add==NULL) {
>+         s_log(LOG_DEBUG, "No PRNG seeding methods");
>+         return 0; /* success */
>+     }
>+--- src/sthreads.c.orig	2021-02-10 11:39:36 UTC
>++++ src/sthreads.c
>+@@ -102,14 +102,16 @@ unsigned long stunnel_thread_id(void) {
>+ 
>+ #endif /* USE_WIN32 */
>+ 
>+-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L
>++#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L) || \
>++    defined(LIBRESSL_VERSION_NUMBER)
>+ NOEXPORT void threadid_func(CRYPTO_THREADID *tid) {
>+     CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id());
>+ }
>+ #endif
>+ 
>+ void thread_id_init(void) {
>+-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L
>++#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L) || \
>++    defined(LIBRESSL_VERSION_NUMBER)
>+     CRYPTO_THREADID_set_callback(threadid_func);
>+ #endif
>+ #if OPENSSL_VERSION_NUMBER<0x10000000L || !defined(OPENSSL_NO_DEPRECATED)
>+@@ -120,7 +122,7 @@ void thread_id_init(void) {
>+ /**************************************** locking */
>+ 
>+ /* we only need to initialize locking with OpenSSL older than 1.1.0 */
>+-#if OPENSSL_VERSION_NUMBER<0x10100004L
>++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
>+ 
>+ #ifdef USE_PTHREAD
>+ 
>+@@ -279,7 +281,7 @@ NOEXPORT int s_atomic_add(int *val, int amount, CRYPTO
>+ 
>+ CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
>+ 
>+-#if OPENSSL_VERSION_NUMBER<0x10100004L
>++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
>+ 
>+ #ifdef USE_OS_THREADS
>+ 
>+@@ -387,7 +389,8 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, 
>+ 
>+ void locking_init(void) {
>+     size_t i;
>+-#if defined(USE_OS_THREADS) && OPENSSL_VERSION_NUMBER<0x10100004L
>++#if defined(USE_OS_THREADS) && \
>++    (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER))
>+     size_t num;
>+ 
>+     /* initialize the OpenSSL static locking */
>+--- src/tls.c.orig	2021-02-10 11:39:36 UTC
>++++ src/tls.c
>+@@ -41,7 +41,7 @@
>+ volatile int tls_initialized=0;
>+ 
>+ NOEXPORT void tls_platform_init();
>+-#if OPENSSL_VERSION_NUMBER<0x10100000L
>++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
>+ NOEXPORT void free_function(void *);
>+ #endif
>+ 
>+@@ -52,7 +52,7 @@ void tls_init() {
>+     tls_platform_init();
>+     tls_initialized=1;
>+     ui_tls=tls_alloc(NULL, NULL, "ui");
>+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
>++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
>+     CRYPTO_set_mem_functions(str_alloc_detached_debug,
>+         str_realloc_detached_debug, str_free_debug);
>+ #else
>+@@ -184,7 +184,7 @@ TLS_DATA *tls_get() {
>+ 
>+ /**************************************** OpenSSL allocator hook */
>+ 
>+-#if OPENSSL_VERSION_NUMBER<0x10100000L
>++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
>+ NOEXPORT void free_function(void *ptr) {
>+     /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */
>+     /* unfortunately, OpenSSL provides no file:line information here */
>+--- src/verify.c.orig	2021-08-05 07:19:52 UTC
>++++ src/verify.c
>+@@ -351,7 +351,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback
>+     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
>+     subject=X509_get_subject_name(cert);
>+ 
>+-#if OPENSSL_VERSION_NUMBER<0x10100006L
>++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
>+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
>+ #endif
>+     /* modern API allows retrieving multiple matching certificates */
>-- 
>2.32.0
>

Actions: View | Diff

Attachments on bug 258885: 228392 | 228394 | 228395