OpenConnect 7.07 fails to build with LibreSSL

Wed Aug 31 06:02:57 PDT 2016

On 2016-08-31 14:26, Bernard Spil wrote:
> Hi,
> 
> We've found issues building OpenConnect 7.07 with LibreSSL which were
> introduced by the OpenSSL 1.1.0 changes. This is caused by LibreSSL
> setting OPENSSL_VERSION_NUMBER to 0x20000000L. The LibreSSL project
> includes a define LIBRESSL_VERSION_NUMBER in openssl/opensslv.h that 
> can
> be used to fix build errors like this.
> 
> I've added the patch to the FreeBSD wiki page on LibreSSL
> (https://wiki.freebsd.org/LibreSSL/Ports)
> 
> --- openssl.c.orig      2016-07-09 14:43:41 UTC
> +++ openssl.c
> @@ -36,11 +36,11 @@
>  #include <openssl/ui.h>
>  #include <openssl/rsa.h>
> 
> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined
> (LIBRESSL_VERSION_NUMBER)
>  #define X509_up_ref(x)         CRYPTO_add(&(x)->references, 1,
> CRYPTO_LOCK_X509)
>  #endif
> 
> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined
> (LIBRESSL_VERSION_NUMBER)
>  #define EVP_MD_CTX_new EVP_MD_CTX_create
>  #define EVP_MD_CTX_free EVP_MD_CTX_destroy
>  #define X509_STORE_CTX_get0_chain(ctx) ((ctx)->chain)
> @@ -991,7 +991,7 @@ static int set_peer_cert_hash(struct ope
>         return 0;
>  }
> 
> -#if OPENSSL_VERSION_NUMBER < 0x10002000L
> +#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined
> (LIBRESSL_VERSION_NUMBER)
>  static int match_hostname_elem(const char *hostname, int helem_len,
>                                const char *match, int melem_len)
>  {
> --- openssl-esp.c.orig  2016-07-08 15:35:18 UTC
> +++ openssl-esp.c
> @@ -27,7 +27,7 @@
>  #include <openssl/evp.h>
>  #include <openssl/rand.h>
> 
> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER)
> 
>  #define EVP_CIPHER_CTX_free(c) do {                            \
>                                     EVP_CIPHER_CTX_cleanup(c);  \
> @@ -85,7 +85,7 @@ static int init_esp_ciphers(struct openc
>         }
>         EVP_CIPHER_CTX_set_padding(esp->cipher, 0);
> 
> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined
> (LIBRESSL_VERSION_NUMBER)
>         esp->hmac = malloc(sizeof(*esp->hmac));
>         esp->pkt_hmac = malloc(sizeof(*esp->pkt_hmac));
>         if (!esp->hmac || &esp->pkt_hmac) {
> 
> Signed-off-by: Bernard Spil <brnrd at FreeBSD.org>
> 
> Hope you'll include this in OpenConnect!
> 
> With kind regards,
> 
> Bernard Spil.
> FreeBSD Ports committer

Hi,

I heard you like git diffs. Please find a git diff against master 
attached.

Cheers,

Bernard.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch-openconenct-LibreSSL
Type: text/x-diff
Size: 2008 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160831/44c930e0/attachment.bin>