--- lib/crypto/openssl/crypto_mod.h.orig 2017-12-05 11:36:22.000000000 -0600 +++ lib/crypto/openssl/crypto_mod.h 2017-12-19 06:06:40.000000000 -0600 @@ -39,7 +39,7 @@ /* 1.1 standardizes constructor and destructor names, renaming * EVP_MD_CTX_create and EVP_MD_CTX_destroy. */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #define EVP_MD_CTX_new EVP_MD_CTX_create #define EVP_MD_CTX_free EVP_MD_CTX_destroy #endif --- lib/crypto/openssl/hmac.c.orig 2017-12-05 11:36:22.000000000 -0600 +++ lib/crypto/openssl/hmac.c 2017-12-19 06:06:40.000000000 -0600 @@ -55,7 +55,7 @@ #include #include -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1 makes HMAC_CTX opaque, while 1.0 does not have pointer * constructors or destructors. */ --- include/k5-platform.h.orig 2020-02-13 02:21:58.000000000 +0900 +++ include/k5-platform.h 2020-02-13 02:21:58.000000000 +0900 @@ -1025,6 +1025,7 @@ memset_s(ptr, len, 0, len); } #elif defined(HAVE_EXPLICIT_BZERO) +extern void explicit_bzero(void *ptr, size_t len); # define zap(ptr, len) explicit_bzero(ptr, len) #elif defined(HAVE_EXPLICIT_MEMSET) # define zap(ptr, len) explicit_memset(ptr, 0, len) --- plugins/preauth/pkinit/asn1t_add.h.orig 1970-01-01 09:00:00.000000000 +0900 +++ plugins/preauth/pkinit/asn1t_add.h 2020-02-16 19:27:17.482763180 +0900 @@ -0,0 +1,23 @@ +#ifndef HEADER_ASN1T_ADD_H +#define HEADER_ASN1T_ADD_H +#include + +# define static_ASN1_ITEM_start(itname) \ + static const ASN1_ITEM itname##_it = { + +# define ASN1_ITEM_end(itname) \ + }; + +# define static_ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +#endif /* HEADER_ASN1T_ADD_H */ --- plugins/preauth/pkinit/pkinit_crypto_openssl.c.orig 2021-02-01 13:49:04.000000000 -0600 +++ plugins/preauth/pkinit/pkinit_crypto_openssl.c 2021-02-08 17:57:47.000000000 -0600 @@ -185,7 +185,7 @@ (*_x509_pp) = PKCS7_cert_from_signer_info(_p7,_si) #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) /* 1.1 standardizes constructor and destructor names, renaming * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */ @@ -2924,7 +2924,7 @@ return retval; } -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if ((OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x20900000L) /* * We need to decode DomainParameters from RFC 3279 section 2.3.3. We would @@ -2947,6 +2947,10 @@ int_dhvparams *vparams; } int_dhx942_dh; +#if defined(LIBRESSL_VERSION_NUMBER) && !defined(static_ASN1_SEQUENCE_END_name) +#define static_ASN1_SEQUENCE_END_name ASN1_SEQUENCE_END_name +#endif + ASN1_SEQUENCE(DHvparams) = { ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING), ASN1_SIMPLE(int_dhvparams, counter, BIGNUM) --- plugins/preauth/pkinit/pkinit_crypto_openssl.h.orig 2020-02-13 02:21:58.000000000 +0900 +++ plugins/preauth/pkinit/pkinit_crypto_openssl.h 2020-02-16 19:27:17.592763200 +0900 @@ -46,8 +46,11 @@ #include #include -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if ((OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x20900000L) #include +# ifdef LIBRESSL_VERSION_NUMBER +# include "asn1t_add.h" +# endif #else #include #endif --- tests/softpkcs11/main.c.orig 2020-02-13 02:21:58.000000000 +0900 +++ tests/softpkcs11/main.c 2020-02-17 10:46:59.259976272 +0900 @@ -45,7 +45,7 @@ #include -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa) #define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay #define RSA_get0_key compat_rsa_get0_key