aboutsummaryrefslogtreecommitdiffstats
path: root/main/strongswan/libressl.patch
blob: 9973b20cee460e724400795da9b24a839404fbb1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_crl.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_crl.c
--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_crl.c	2016-06-30 17:20:10.000000000 +0300
+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_crl.c	2016-11-07 09:43:34.386040269 +0200
@@ -46,7 +46,7 @@
 #include <collections/enumerator.h>
 #include <credentials/certificates/x509.h>
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 static inline void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509_CRL *crl) {
 	if (psig) { *psig = crl->signature; }
 	if (palg) { *palg = crl->sig_alg; }
@@ -281,7 +281,7 @@
 		return FALSE;
 	}
 	/* i2d_re_X509_CRL_tbs() was added with 1.1.0 when X509_CRL became opaque */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	tbs = openssl_i2chunk(re_X509_CRL_tbs, this->crl);
 #else
 	tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl);
@@ -524,7 +524,7 @@
 
 	X509_CRL_get0_signature(NULL, &alg, this->crl);
 	X509_ALGOR_get0(&oid, NULL, NULL, alg);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 	if (!chunk_equals(
 			openssl_asn1_obj2chunk(this->crl->crl->sig_alg->algorithm),
 			openssl_asn1_obj2chunk(this->crl->sig_alg->algorithm)))
diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c	2016-06-30 17:20:10.000000000 +0300
+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c	2016-11-07 09:43:49.292891861 +0200
@@ -27,7 +27,7 @@
 #include <utils/debug.h>
 
 /* these were added with 1.1.0 when DH was made opaque */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 OPENSSL_KEY_FALLBACK(DH, key, pub_key, priv_key)
 OPENSSL_KEY_FALLBACK(DH, pqg, p, q, g)
 #define DH_set_length(dh, len) ({ (dh)->length = len; 1; })
diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c	2016-10-08 15:17:09.000000000 +0300
+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c	2016-11-07 09:43:54.582957491 +0200
@@ -28,7 +28,7 @@
 #include <openssl/ecdsa.h>
 #include <openssl/x509.h>
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s)
 #endif
 
diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c	2016-06-30 17:20:10.000000000 +0300
+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c	2016-11-07 09:43:58.653007980 +0200
@@ -27,7 +27,7 @@
 #include <openssl/ecdsa.h>
 #include <openssl/x509.h>
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s)
 #endif
 
diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_hmac.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_hmac.c
--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_hmac.c	2016-06-30 17:20:10.000000000 +0300
+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_hmac.c	2016-11-07 09:44:46.043595875 +0200
@@ -70,7 +70,7 @@
 	 */
 	HMAC_CTX *hmac;
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 	/**
 	 * Static context for OpenSSL < 1.1.0
 	 */
@@ -140,7 +140,7 @@
 METHOD(mac_t, destroy, void,
 	private_mac_t *this)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	HMAC_CTX_free(this->hmac);
 #else
 	HMAC_CTX_cleanup(&this->hmac_ctx);
@@ -178,7 +178,7 @@
 		return NULL;
 	}
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	this->hmac = HMAC_CTX_new();
 #else
 	HMAC_CTX_init(&this->hmac_ctx);
diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_pkcs7.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_pkcs7.c	2016-07-08 11:57:18.000000000 +0300
+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_pkcs7.c	2016-11-07 09:44:58.337081716 +0200
@@ -29,7 +29,7 @@
 
 #include <openssl/cms.h>
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 #define X509_ATTRIBUTE_get0_object(attr) ({ (attr)->object; })
 #endif
 
diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_plugin.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_plugin.c
--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_plugin.c	2016-10-08 15:17:09.000000000 +0300
+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_plugin.c	2016-11-07 09:45:31.187489232 +0200
@@ -68,7 +68,7 @@
 /**
  * OpenSSL is thread-safe since 1.1.0
  */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
 /**
  * Array of static mutexs, with CRYPTO_num_locks() mutex
@@ -568,7 +568,7 @@
 /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
  * can't call it as we couldn't re-initialize the library (as required by the
  * unit tests and the Android app) */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 #ifndef OPENSSL_IS_BORINGSSL
 	CONF_modules_free();
 	OBJ_cleanup();
@@ -623,7 +623,7 @@
 		},
 	);
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	/* note that we can't call OPENSSL_cleanup() when the plugin is destroyed
 	 * as we couldn't initialize the library again afterwards */
 	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG |
diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c	2016-10-08 15:17:09.000000000 +0300
+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c	2016-11-07 09:45:57.407814497 +0200
@@ -36,7 +36,7 @@
  */
 #define PUBLIC_EXPONENT 0x10001
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
 OPENSSL_KEY_FALLBACK(RSA, factors, p, q)
 OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp)
diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c	2016-09-27 11:40:31.000000000 +0300
+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c	2016-11-07 09:46:02.771214366 +0200
@@ -28,7 +28,7 @@
 #include <openssl/rsa.h>
 #include <openssl/x509.h>
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
 #endif
 
diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_util.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_util.c
--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_util.c	2016-06-30 17:20:10.000000000 +0300
+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_util.c	2016-11-07 09:46:15.918044119 +0200
@@ -23,7 +23,7 @@
 #include <openssl/x509.h>
 
 /* these were added with 1.1.0 when ASN1_OBJECT was made opaque */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 #define OBJ_get0_data(o) ((o)->data)
 #define OBJ_length(o) ((o)->length)
 #endif
diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_x509.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_x509.c
--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_x509.c	2016-06-30 17:20:10.000000000 +0300
+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_x509.c	2016-11-07 09:46:51.818489485 +0200
@@ -61,7 +61,7 @@
 #endif
 
 /* added with 1.0.2 */
-#if OPENSSL_VERSION_NUMBER < 0x10002000L
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
 static inline void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509 *x) {
 	if (psig) { *psig = x->signature; }
 	if (palg) { *palg = x->sig_alg; }
@@ -69,7 +69,7 @@
 #endif
 
 /* added with 1.1.0 when X509 etc. was made opaque */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 #define X509_get0_extensions(x509) ({ (x509)->cert_info->extensions; })
 #define X509_get0_tbs_sigalg(x509) ({ (x509)->cert_info->signature; })
 #define X509_ALGOR_get0(oid, ppt, ppv, alg) ({ *(oid) = (alg)->algorithm; })
@@ -434,7 +434,7 @@
 		return FALSE;
 	}
 	/* i2d_re_X509_tbs() was added with 1.1.0 when X509 was made opaque */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	tbs = openssl_i2chunk(re_X509_tbs, this->x509);
 #else
 	tbs = openssl_i2chunk(X509_CINF, this->x509->cert_info);