View | Details | Raw Unified | Return to bug 224148 | Differences between
and this patch

Collapse All | Expand All

(-)Makefile (-1 / +1 lines)
Lines 3-9 Link Here
3
3
4
PORTNAME=	stunnel
4
PORTNAME=	stunnel
5
PORTVERSION=	5.55
5
PORTVERSION=	5.55
6
PORTEPOCH=	1
6
PORTEPOCH=	2
7
CATEGORIES=	security
7
CATEGORIES=	security
8
MASTER_SITES=	https://www.stunnel.org/downloads/%SUBDIR%/ \
8
MASTER_SITES=	https://www.stunnel.org/downloads/%SUBDIR%/ \
9
		https://www.stunnel.org/downloads/beta/ \
9
		https://www.stunnel.org/downloads/beta/ \
(-)files/patch-libressl (+297 lines)
Line 0 Link Here
1
--- src/client.c
2
+++ src/client.c
3
@@ -657,7 +657,7 @@ NOEXPORT void print_cipher(CLI *c) { /* print negotiated cipher */
4
 NOEXPORT void transfer(CLI *c) {
5
     int timeout; /* s_poll_wait timeout in seconds */
6
     int pending; /* either processed on unprocessed TLS data */
7
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
8
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
9
     int has_pending=0, prev_has_pending;
10
 #endif
11
     int watchdog=0; /* a counter to detect an infinite loop */
12
@@ -705,7 +705,7 @@ NOEXPORT void transfer(CLI *c) {
13
 
14
         /****************************** wait for an event */
15
         pending=SSL_pending(c->ssl);
16
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
17
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
18
         /* only attempt to process SSL_has_pending() data once */
19
         prev_has_pending=has_pending;
20
         has_pending=SSL_has_pending(c->ssl);
21
@@ -1109,7 +1109,7 @@ NOEXPORT void transfer(CLI *c) {
22
             s_log(LOG_ERR,
23
                 "please report the problem to Michal.Trojnara@stunnel.org");
24
             stunnel_info(LOG_ERR);
25
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
26
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
27
             s_log(LOG_ERR, "protocol=%s, SSL_pending=%d, SSL_has_pending=%d",
28
                 SSL_get_version(c->ssl),
29
                 SSL_pending(c->ssl), SSL_has_pending(c->ssl));
30
--- src/ctx.c
31
+++ src/ctx.c
32
@@ -91,7 +91,7 @@ NOEXPORT void set_prompt(const char *);
33
 NOEXPORT int ui_retry();
34
 
35
 /* session tickets */
36
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
37
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
38
 NOEXPORT int generate_session_ticket_cb(SSL *, void *);
39
 NOEXPORT int decrypt_session_ticket_cb(SSL *, SSL_SESSION *,
40
     const unsigned char *, size_t, SSL_TICKET_STATUS, void *);
41
@@ -130,7 +130,7 @@ NOEXPORT void sslerror_log(unsigned long, const char *, int, char *);
42
 
43
 /**************************************** initialize section->ctx */
44
 
45
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
46
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
47
 typedef long unsigned SSL_OPTIONS_TYPE;
48
 #else
49
 typedef long SSL_OPTIONS_TYPE;
50
@@ -138,7 +138,7 @@ typedef long SSL_OPTIONS_TYPE;
51
 
52
 int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
53
     /* create TLS context */
54
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
55
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
56
     if(section->option.client)
57
         section->ctx=SSL_CTX_new(TLS_client_method());
58
     else /* server mode */
59
@@ -234,7 +234,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
60
 #endif
61
 
62
     /* setup session tickets */
63
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
64
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
65
     SSL_CTX_set_session_ticket_cb(section->ctx, generate_session_ticket_cb,
66
         decrypt_session_ticket_cb, NULL);
67
 #endif /* OpenSSL 1.1.1 or later */
68
@@ -493,7 +493,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
69
 /**************************************** initialize OpenSSL CONF */
70
 
71
 NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
72
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
73
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
74
     SSL_CONF_CTX *cctx;
75
     NAME_LIST *curr;
76
     char *cmd, *param;
77
@@ -979,7 +979,7 @@ NOEXPORT int ui_retry() {
78
 
79
 /**************************************** session tickets */
80
 
81
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
82
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
83
 
84
 typedef struct {
85
     void *session_authenticated;
86
@@ -1470,7 +1470,7 @@ NOEXPORT void info_callback(const SSL *ssl, int where, int ret) {
87
 
88
     c=SSL_get_ex_data((SSL *)ssl, index_ssl_cli);
89
     if(c) {
90
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
91
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
92
         OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl);
93
 #else
94
         int state=SSL_get_state((SSL *)ssl);
95
--- src/options.c
96
+++ src/options.c
97
@@ -81,7 +81,7 @@ NOEXPORT char *sni_init(SERVICE_OPTIONS *);
98
 NOEXPORT void sni_free(SERVICE_OPTIONS *);
99
 #endif /* !defined(OPENSSL_NO_TLSEXT) */
100
 
101
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
102
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
103
 NOEXPORT int str_to_proto_version(const char *);
104
 #else /* OPENSSL_VERSION_NUMBER<0x10100000L */
105
 NOEXPORT char *tls_methods_set(SERVICE_OPTIONS *, const char *);
106
@@ -96,7 +96,7 @@ NOEXPORT PSK_KEYS *psk_dup(PSK_KEYS *);
107
 NOEXPORT void psk_free(PSK_KEYS *);
108
 #endif /* !defined(OPENSSL_NO_PSK) */
109
 
110
-#if OPENSSL_VERSION_NUMBER>=0x10000000L
111
+#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER)
112
 NOEXPORT TICKET_KEY *key_read(char *, char *);
113
 NOEXPORT TICKET_KEY *key_dup(TICKET_KEY *);
114
 NOEXPORT void key_free(TICKET_KEY *);
115
@@ -3104,7 +3104,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr,
116
         break;
117
     }
118
 
119
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
120
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
121
 
122
     /* sslVersion */
123
     switch(cmd) {
124
@@ -3273,7 +3273,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr,
125
     }
126
 #endif
127
 
128
-#if OPENSSL_VERSION_NUMBER>=0x10000000L
129
+#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER)
130
 
131
     /* ticketKeySecret */
132
     switch(cmd) {
133
@@ -3755,7 +3755,7 @@ NOEXPORT void sni_free(SERVICE_OPTIONS *section) {
134
 
135
 /**************************************** modern TLS version handling */
136
 
137
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
138
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
139
 
140
 NOEXPORT int str_to_proto_version(const char *name) {
141
     if(!strcasecmp(name, "all"))
142
@@ -4079,7 +4079,7 @@ NOEXPORT void psk_free(PSK_KEYS *head) {
143
 
144
 /**************************************** read ticket key */
145
 
146
-#if OPENSSL_VERSION_NUMBER>=0x10000000L
147
+#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER)
148
 
149
 NOEXPORT TICKET_KEY *key_read(char *arg, char *option) {
150
     char *key_str;
151
--- src/prototypes.h
152
+++ src/prototypes.h
153
@@ -244,7 +244,7 @@ typedef struct service_options_struct {
154
 #if OPENSSL_VERSION_NUMBER>=0x009080dfL
155
     long unsigned ssl_options_clear;
156
 #endif /* OpenSSL 0.9.8m or later */
157
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
158
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
159
     int min_proto_version, max_proto_version;
160
 #else /* OPENSSL_VERSION_NUMBER<0x10100000L */
161
     SSL_METHOD *client_method, *server_method;
162
@@ -706,7 +706,7 @@ int getnameinfo(const struct sockaddr *, socklen_t,
163
 extern CLI *thread_head;
164
 #endif
165
 
166
-#if OPENSSL_VERSION_NUMBER<0x10100004L
167
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
168
 
169
 #ifdef USE_OS_THREADS
170
 
171
@@ -755,7 +755,7 @@ typedef enum {
172
 
173
 extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
174
 
175
-#if OPENSSL_VERSION_NUMBER<0x10100004L
176
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
177
 /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */
178
 CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
179
 int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *);
180
--- src/ssl.c
181
+++ src/ssl.c
182
@@ -39,7 +39,7 @@
183
 #include "prototypes.h"
184
 
185
     /* global OpenSSL initialization: compression, engine, entropy */
186
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
187
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
188
 NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
189
     void *from_d, int idx, long argl, void *argp);
190
 #else
191
@@ -114,7 +114,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
192
 #endif
193
 #endif
194
 
195
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
196
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
197
 NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
198
         void *from_d, int idx, long argl, void *argp) {
199
 #else
200
@@ -177,7 +177,7 @@ int ssl_configure(GLOBAL_OPTIONS *global) { /* configure global TLS settings */
201
 
202
 #ifndef OPENSSL_NO_COMP
203
 
204
-#if OPENSSL_VERSION_NUMBER<0x10100000L
205
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
206
 
207
 NOEXPORT int COMP_get_type(const COMP_METHOD *meth) {
208
     return meth->type;
209
--- src/sthreads.c
210
+++ src/sthreads.c
211
@@ -102,14 +102,16 @@ unsigned long stunnel_thread_id(void) {
212
 
213
 #endif /* USE_WIN32 */
214
 
215
-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L
216
+#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L) || \
217
+    defined(LIBRESSL_VERSION_NUMBER)
218
 NOEXPORT void threadid_func(CRYPTO_THREADID *tid) {
219
     CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id());
220
 }
221
 #endif
222
 
223
 void thread_id_init(void) {
224
-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L
225
+#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L) || \
226
+    defined(LIBRESSL_VERSION_NUMBER)
227
     CRYPTO_THREADID_set_callback(threadid_func);
228
 #endif
229
 #if OPENSSL_VERSION_NUMBER<0x10000000L || !defined(OPENSSL_NO_DEPRECATED)
230
@@ -120,7 +122,7 @@ void thread_id_init(void) {
231
 /**************************************** locking */
232
 
233
 /* we only need to initialize locking with OpenSSL older than 1.1.0 */
234
-#if OPENSSL_VERSION_NUMBER<0x10100004L
235
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
236
 
237
 #ifdef USE_PTHREAD
238
 
239
@@ -229,7 +231,7 @@ NOEXPORT int s_atomic_add(int *val, int amount, CRYPTO_RWLOCK *lock) {
240
 
241
 CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
242
 
243
-#if OPENSSL_VERSION_NUMBER<0x10100004L
244
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
245
 
246
 #ifdef USE_OS_THREADS
247
 
248
@@ -339,7 +341,8 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) {
249
 
250
 void locking_init(void) {
251
     size_t i;
252
-#if defined(USE_OS_THREADS) && OPENSSL_VERSION_NUMBER<0x10100004L
253
+#if defined(USE_OS_THREADS) && \
254
+    (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER))
255
     size_t num;
256
 
257
     /* initialize the OpenSSL static locking */
258
--- src/tls.c
259
+++ src/tls.c
260
@@ -41,7 +41,7 @@
261
 volatile int tls_initialized=0;
262
 
263
 NOEXPORT void tls_platform_init();
264
-#if OPENSSL_VERSION_NUMBER<0x10100000L
265
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
266
 NOEXPORT void free_function(void *);
267
 #endif
268
 
269
@@ -52,7 +52,7 @@ void tls_init() {
270
     tls_platform_init();
271
     tls_initialized=1;
272
     ui_tls=tls_alloc(NULL, NULL, "ui");
273
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
274
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
275
     CRYPTO_set_mem_functions(str_alloc_detached_debug,
276
         str_realloc_detached_debug, str_free_debug);
277
 #else
278
@@ -184,7 +184,7 @@ TLS_DATA *tls_get() {
279
 
280
 /**************************************** OpenSSL allocator hook */
281
 
282
-#if OPENSSL_VERSION_NUMBER<0x10100000L
283
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
284
 NOEXPORT void free_function(void *ptr) {
285
     /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */
286
     /* unfortunately, OpenSSL provides no file:line information here */
287
--- src/verify.c
288
+++ src/verify.c
289
@@ -346,7 +346,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
290
     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
291
     subject=X509_get_subject_name(cert);
292
 
293
-#if OPENSSL_VERSION_NUMBER<0x10100006L
294
+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
295
 #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
296
 #endif
297
     /* moder

Return to bug 224148