--- lib/crypto/openssl/crypto_mod.h.orig 2017-12-05 11:36:22.000000000 -0600
+++ lib/crypto/openssl/crypto_mod.h 2017-12-19 06:06:40.000000000 -0600
@@ -39,7 +39,7 @@
/* 1.1 standardizes constructor and destructor names, renaming
* EVP_MD_CTX_create and EVP_MD_CTX_destroy. */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define EVP_MD_CTX_new EVP_MD_CTX_create
#define EVP_MD_CTX_free EVP_MD_CTX_destroy
#endif
--- lib/crypto/openssl/hmac.c.orig 2017-12-05 11:36:22.000000000 -0600
+++ lib/crypto/openssl/hmac.c 2017-12-19 06:06:40.000000000 -0600
@@ -55,7 +55,7 @@
#include <openssl/hmac.h>
#include <openssl/evp.h>
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/* OpenSSL 1.1 makes HMAC_CTX opaque, while 1.0 does not have pointer
* constructors or destructors. */
--- include/k5-platform.h.orig 2020-02-13 02:21:58.000000000 +0900
+++ include/k5-platform.h 2020-02-13 02:21:58.000000000 +0900
@@ -1025,6 +1025,7 @@
memset_s(ptr, len, 0, len);
}
#elif defined(HAVE_EXPLICIT_BZERO)
+extern void explicit_bzero(void *ptr, size_t len);
# define zap(ptr, len) explicit_bzero(ptr, len)
#elif defined(HAVE_EXPLICIT_MEMSET)
# define zap(ptr, len) explicit_memset(ptr, 0, len)
--- plugins/preauth/pkinit/asn1t_add.h.orig 1970-01-01 09:00:00.000000000 +0900
+++ plugins/preauth/pkinit/asn1t_add.h 2020-02-16 19:27:17.482763180 +0900
@@ -0,0 +1,23 @@
+#ifndef HEADER_ASN1T_ADD_H
+#define HEADER_ASN1T_ADD_H
+#include <openssl/asn1t.h>
+
+# define static_ASN1_ITEM_start(itname) \
+ static const ASN1_ITEM itname##_it = {
+
+# define ASN1_ITEM_end(itname) \
+ };
+
+# define static_ASN1_SEQUENCE_END_name(stname, tname) \
+ ;\
+ static_ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ NULL,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
+#endif /* HEADER_ASN1T_ADD_H */
--- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2021-02-01 13:49:04.000000000 -0600
+++ plugins/preauth/pkinit/pkinit_crypto_openssl.c 2021-02-08 17:57:47.000000000 -0600
@@ -185,7 +185,7 @@
(*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si)
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
/* 1.1 standardizes constructor and destructor names, renaming
* EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */
@@ -2924,7 +2924,7 @@
return retval;
}
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if ((OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x20900000L)
/*
* We need to decode DomainParameters from RFC 3279 section 2.3.3. We would
@@ -2947,6 +2947,10 @@
int_dhvparams *vparams;
} int_dhx942_dh;
+#if defined(LIBRESSL_VERSION_NUMBER) && !defined(static_ASN1_SEQUENCE_END_name)
+#define static_ASN1_SEQUENCE_END_name ASN1_SEQUENCE_END_name
+#endif
+
ASN1_SEQUENCE(DHvparams) = {
ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING),
ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
--- plugins/preauth/pkinit/pkinit_crypto_openssl.h.orig 2020-02-13 02:21:58.000000000 +0900
+++ plugins/preauth/pkinit/pkinit_crypto_openssl.h 2020-02-16 19:27:17.592763200 +0900
@@ -46,8 +46,11 @@
#include <openssl/asn1.h>
#include <openssl/pem.h>
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if ((OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x20900000L)
#include <openssl/asn1t.h>
+# ifdef LIBRESSL_VERSION_NUMBER
+# include "asn1t_add.h"
+# endif
#else
#include <openssl/asn1_mac.h>
#endif
--- tests/softpkcs11/main.c.orig 2020-02-13 02:21:58.000000000 +0900
+++ tests/softpkcs11/main.c 2020-02-17 10:46:59.259976272 +0900
@@ -45,7 +45,7 @@
#include <pkcs11.h>
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa)
#define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay
#define RSA_get0_key compat_rsa_get0_key