<html><head><meta name="color-scheme" content="light dark"></head><body><pre style="word-wrap: break-word; white-space: pre-wrap;">--- lib/crypto/openssl/crypto_mod.h.orig	2017-12-05 11:36:22.000000000 -0600
+++ lib/crypto/openssl/crypto_mod.h	2017-12-19 06:06:40.000000000 -0600
@@ -39,7 +39,7 @@
 
 /* 1.1 standardizes constructor and destructor names, renaming
  * EVP_MD_CTX_create and EVP_MD_CTX_destroy. */
-#if OPENSSL_VERSION_NUMBER &lt; 0x10100000L
+#if OPENSSL_VERSION_NUMBER &lt; 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 #define EVP_MD_CTX_new EVP_MD_CTX_create
 #define EVP_MD_CTX_free EVP_MD_CTX_destroy
 #endif
--- lib/crypto/openssl/hmac.c.orig	2017-12-05 11:36:22.000000000 -0600
+++ lib/crypto/openssl/hmac.c	2017-12-19 06:06:40.000000000 -0600
@@ -55,7 +55,7 @@
 #include &lt;openssl/hmac.h&gt;
 #include &lt;openssl/evp.h&gt;
 
-#if OPENSSL_VERSION_NUMBER &lt; 0x10100000L
+#if OPENSSL_VERSION_NUMBER &lt; 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
 /* OpenSSL 1.1 makes HMAC_CTX opaque, while 1.0 does not have pointer
  * constructors or destructors. */
--- include/k5-platform.h.orig	2020-02-13 02:21:58.000000000 +0900
+++ include/k5-platform.h	2020-02-13 02:21:58.000000000 +0900
@@ -1025,6 +1025,7 @@
         memset_s(ptr, len, 0, len);
 }
 #elif defined(HAVE_EXPLICIT_BZERO)
+extern void explicit_bzero(void *ptr, size_t len);
 # define zap(ptr, len) explicit_bzero(ptr, len)
 #elif defined(HAVE_EXPLICIT_MEMSET)
 # define zap(ptr, len) explicit_memset(ptr, 0, len)
--- plugins/preauth/pkinit/asn1t_add.h.orig	1970-01-01 09:00:00.000000000 +0900
+++ plugins/preauth/pkinit/asn1t_add.h	2020-02-16 19:27:17.482763180 +0900
@@ -0,0 +1,23 @@
+#ifndef HEADER_ASN1T_ADD_H
+#define HEADER_ASN1T_ADD_H
+#include &lt;openssl/asn1t.h&gt;
+
+# define static_ASN1_ITEM_start(itname) \
+	static const ASN1_ITEM itname##_it = {
+
+# define ASN1_ITEM_end(itname) \
+		};
+
+# define static_ASN1_SEQUENCE_END_name(stname, tname) \
+	;\
+	static_ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_SEQUENCE,\
+		V_ASN1_SEQUENCE,\
+		tname##_seq_tt,\
+		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+		NULL,\
+		sizeof(stname),\
+		#stname \
+	ASN1_ITEM_end(tname)
+
+#endif /* HEADER_ASN1T_ADD_H */
--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig	2021-02-01 13:49:04.000000000 -0600
+++ plugins/preauth/pkinit/pkinit_crypto_openssl.c	2021-02-08 17:57:47.000000000 -0600
@@ -185,7 +185,7 @@
     (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si)
 #endif
 
-#if OPENSSL_VERSION_NUMBER &lt; 0x10100000L
+#if (OPENSSL_VERSION_NUMBER &lt; 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
 
 /* 1.1 standardizes constructor and destructor names, renaming
  * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */
@@ -2924,7 +2924,7 @@
     return retval;
 }
 
-#if OPENSSL_VERSION_NUMBER &gt;= 0x10100000L
+#if ((OPENSSL_VERSION_NUMBER &gt;= 0x10100000L) &amp;&amp; !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER &gt;= 0x20900000L)
 
 /*
  * We need to decode DomainParameters from RFC 3279 section 2.3.3.  We would
@@ -2947,6 +2947,10 @@
     int_dhvparams *vparams;
 } int_dhx942_dh;
 
+#if defined(LIBRESSL_VERSION_NUMBER) &amp;&amp; !defined(static_ASN1_SEQUENCE_END_name)
+#define static_ASN1_SEQUENCE_END_name ASN1_SEQUENCE_END_name
+#endif
+
 ASN1_SEQUENCE(DHvparams) = {
     ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING),
     ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
--- plugins/preauth/pkinit/pkinit_crypto_openssl.h.orig	2020-02-13 02:21:58.000000000 +0900
+++ plugins/preauth/pkinit/pkinit_crypto_openssl.h	2020-02-16 19:27:17.592763200 +0900
@@ -46,8 +46,11 @@
 #include &lt;openssl/asn1.h&gt;
 #include &lt;openssl/pem.h&gt;
 
-#if OPENSSL_VERSION_NUMBER &gt;= 0x10100000L
+#if ((OPENSSL_VERSION_NUMBER &gt;= 0x10100000L) &amp;&amp; !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER &gt;= 0x20900000L)
 #include &lt;openssl/asn1t.h&gt;
+# ifdef LIBRESSL_VERSION_NUMBER
+#   include "asn1t_add.h"
+# endif
 #else
 #include &lt;openssl/asn1_mac.h&gt;
 #endif
--- tests/softpkcs11/main.c.orig	2020-02-13 02:21:58.000000000 +0900
+++ tests/softpkcs11/main.c	2020-02-17 10:46:59.259976272 +0900
@@ -45,7 +45,7 @@
 
 #include &lt;pkcs11.h&gt;
 
-#if OPENSSL_VERSION_NUMBER &lt; 0x10100000L
+#if OPENSSL_VERSION_NUMBER &lt; 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 #define EVP_PKEY_get0_RSA(key) ((key)-&gt;pkey.rsa)
 #define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay
 #define RSA_get0_key compat_rsa_get0_key
</pre></body></html>