Attachment #226692 for bug #257403




--- src/main/cb.c.orig	2021-07-25 08:01:13 UTC
+++ src/main/cb.c
@@ -64,7 +64,7 @@ void cbtls_info(SSL const *s, int where, int ret)
 			/*
 			 *	After a ClientHello, list all the proposed ciphers from the client
 			 */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 			if (SSL_get_state(s) == TLS_ST_SR_CLNT_HELLO) {
 				int i;
 				int num_ciphers;
@@ -174,7 +174,7 @@ void cbtls_msg(int write_p, int msg_version, int conte
 		state->info.alert_level = 0x00;
 		state->info.alert_description = 0x00;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
 	} else if (content_type == SSL3_RT_INNER_CONTENT_TYPE && buf[0] == SSL3_RT_APPLICATION_DATA) {
 		/* let tls_ack_handler set application_data */
 		state->info.content_type = SSL3_RT_HANDSHAKE;




--- src/main/tls.c.orig	2021-07-25 08:06:53 UTC
+++ src/main/tls.c
@@ -1602,7 +1602,7 @@ static int load_dh_params(SSL_CTX *ctx, char *file)
 	 *
 	 * Change suggested by @t8m
 	 */
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
 	if (FIPS_mode() > 0) {
 		WARN(LOG_PREFIX ": Ignoring user-selected DH parameters in FIPS mode. Using defaults.");
 		return 0;
@@ -4020,7 +4020,7 @@ post_ca:
 	 *	disable early data.
 	 *
 	 */
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
 	SSL_CTX_set_max_early_data(ctx, 0);
 #endif
 

Added Link Here

(-)b/net/freeradius3/files/patch-src_modules_rlm__pap_rlm__pap.c (-1 / +11 lines)
0	-	1	--- src/modules/rlm_pap/rlm_pap.c.orig 2021-07-25 21:23:17 UTC
		2	+++ src/modules/rlm_pap/rlm_pap.c
		3	@@ -927,7 +927,7 @@ static inline rlm_rcode_t CC_HINT(nonnull) pap_auth_pb
		4	digest_len = SHA512_DIGEST_LENGTH;
		5	break;
		6
		7	-# if OPENSSL_VERSION_NUMBER >= 0x10101000L
		8	+# if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
		9	case PW_SSHA3_224_PASSWORD:
		10	evp_md = EVP_sha3_224();
		11	digest_len = SHA224_DIGEST_LENGTH;

Return to bug 257403

Added Link Here

(-)b/net/freeradius3/files/patch-src_main_cb.c (+20 lines)
1	--- src/main/cb.c.orig 2021-07-25 08:01:13 UTC
2	+++ src/main/cb.c
3	@@ -64,7 +64,7 @@ void cbtls_info(SSL const *s, int where, int ret)
4	/*
5	* After a ClientHello, list all the proposed ciphers from the client
6	*/
7	-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
8	+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
9	if (SSL_get_state(s) == TLS_ST_SR_CLNT_HELLO) {
10	int i;
11	int num_ciphers;
12	@@ -174,7 +174,7 @@ void cbtls_msg(int write_p, int msg_version, int conte
13	state->info.alert_level = 0x00;
14	state->info.alert_description = 0x00;
15
16	-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
17	+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
18	} else if (content_type == SSL3_RT_INNER_CONTENT_TYPE && buf[0] == SSL3_RT_APPLICATION_DATA) {
19	/* let tls_ack_handler set application_data */
20	state->info.content_type = SSL3_RT_HANDSHAKE;

Added Link Here

(-)b/net/freeradius3/files/patch-src_main_tls.c (+20 lines)
1	--- src/main/tls.c.orig 2021-07-25 08:06:53 UTC
2	+++ src/main/tls.c
3	@@ -1602,7 +1602,7 @@ static int load_dh_params(SSL_CTX ctx, char file)
4	*
5	* Change suggested by @t8m
6	*/
7	-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
8	+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
9	if (FIPS_mode() > 0) {
10	WARN(LOG_PREFIX ": Ignoring user-selected DH parameters in FIPS mode. Using defaults.");
11	return 0;
12	@@ -4020,7 +4020,7 @@ post_ca:
13	* disable early data.
14	*
15	*/
16	-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
17	+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
18	SSL_CTX_set_max_early_data(ctx, 0);
19	#endif
20