main/strongswan/libressl-fix.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

--- strongswan-5.6.3/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ strongswan-5.6.3.libressl/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -320,12 +320,7 @@
 			return FALSE;
 		}
 	}
-	/* i2d_re_X509_CRL_tbs() was added with 1.1.0 when X509_CRL became opaque */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-	tbs = openssl_i2chunk(re_X509_CRL_tbs, this->crl);
-#else
 	tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl);
-#endif
 	X509_CRL_get0_signature(this->crl, &sig, NULL);
 	valid = key->verify(key, this->scheme->scheme, this->scheme->params, tbs,
 						openssl_asn1_str2chunk(sig));
--- strongswan-5.6.3/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ strongswan-5.6.3.libressl/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -39,8 +39,8 @@
 OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
 OPENSSL_KEY_FALLBACK(RSA, factors, p, q)
 OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp)
-#define BN_secure_new() BN_new()
 #endif
+#define BN_secure_new() BN_new()
 
 typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t;
 
--- strongswan-5.6.3/src/libstrongswan/plugins/openssl/openssl_util.c
+++ strongswan-5.6.3.libressl/src/libstrongswan/plugins/openssl/openssl_util.c
@@ -22,11 +22,8 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 
-/* these were added with 1.1.0 when ASN1_OBJECT was made opaque */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #define OBJ_get0_data(o) ((o)->data)
 #define OBJ_length(o) ((o)->length)
-#endif
 
 /**
  * Described in header.
--- strongswan-5.6.3/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ strongswan-5.6.3.libressl/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -420,12 +420,7 @@
 	{
 		return FALSE;
 	}
-	/* i2d_re_X509_tbs() was added with 1.1.0 when X509 was made opaque */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-	tbs = openssl_i2chunk(re_X509_tbs, this->x509);
-#else
 	tbs = openssl_i2chunk(X509_CINF, this->x509->cert_info);
-#endif
 	X509_get0_signature(&sig, NULL, this->x509);
 	valid = key->verify(key, this->scheme->scheme, this->scheme->params, tbs,
 						openssl_asn1_str2chunk(sig));