Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 591896 Details for
Bug 695630
net-vpn/openconnect-8.05 : openssl-esp.c:39:25: error: static declaration of HMAC_CTX_new follows non-static declaration
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
libressl patch
openconnect-8.05-libressl.patch (text/plain), 5.44 KB, created by
Philipp Ammann
on 2019-10-05 12:48:49 UTC
(
hide
)
Description:
libressl patch
Filename:
MIME Type:
Creator:
Philipp Ammann
Created:
2019-10-05 12:48:49 UTC
Size:
5.44 KB
patch
obsolete
>From 3bb2ce7a75f1a9a2138e39a469686554fcf9a6e2 Mon Sep 17 00:00:00 2001 >From: Philipp Ammann <philipp.ammann@posteo.de> >Date: Sat, 3 Aug 2019 14:53:12 +0000 >Subject: [PATCH 1/3] LibreSSL doesn't have SSL_CIPHER_find > >--- > openssl-dtls.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/openssl-dtls.c b/openssl-dtls.c >index b954e2b3..71027f97 100644 >--- a/openssl-dtls.c >+++ b/openssl-dtls.c >@@ -315,7 +315,7 @@ static unsigned int psk_callback(SSL *ssl, const char *hint, char *identity, > > #endif > >-#if OPENSSL_VERSION_NUMBER < 0x10002000L >+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) > static const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr) > { > return ssl->method->get_cipher_by_char(ptr); >-- >2.21.0 > > >From a51705ae0253df59d8040e390127ee0c0718f2bc Mon Sep 17 00:00:00 2001 >From: Philipp Ammann <philipp.ammann@posteo.de> >Date: Sat, 3 Aug 2019 14:23:48 +0000 >Subject: [PATCH 2/3] Fix (non) static HMAC_CTX_* for LibreSSL 2.7+ > >Signed-off-by: Philipp Ammann <philipp.ammann at posteo.de> >--- > openssl-esp.c | 5 ++++- > tests/bad_dtls_test.c | 10 ++++++++-- > 2 files changed, 12 insertions(+), 3 deletions(-) > >diff --git a/openssl-esp.c b/openssl-esp.c >index 0cb65444..ee3fbb2b 100644 >--- a/openssl-esp.c >+++ b/openssl-esp.c >@@ -36,7 +36,10 @@ > HMAC_CTX_cleanup(c); \ > free(c); } while (0) > >-static inline HMAC_CTX *HMAC_CTX_new(void) >+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL >+static >+#endif >+inline HMAC_CTX *HMAC_CTX_new(void) > { > HMAC_CTX *ret = malloc(sizeof(*ret)); > if (ret) >diff --git a/tests/bad_dtls_test.c b/tests/bad_dtls_test.c >index c123c8f8..a182bd6e 100644 >--- a/tests/bad_dtls_test.c >+++ b/tests/bad_dtls_test.c >@@ -291,12 +291,18 @@ static EVP_MD_CTX *handshake_md5; > static EVP_MD_CTX *handshake_sha1; > > #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >-static inline HMAC_CTX *HMAC_CTX_new(void) { >+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL >+static >+#endif >+inline HMAC_CTX *HMAC_CTX_new(void) { > HMAC_CTX *ret = malloc(sizeof(*ret)); > HMAC_CTX_init(ret); > return ret; > } >-static inline void HMAC_CTX_free(HMAC_CTX *ctx) { >+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL >+static >+#endif >+inline void HMAC_CTX_free(HMAC_CTX *ctx) { > HMAC_CTX_cleanup(ctx); > free(ctx); > } >-- >2.21.0 > > >From 8976b079bd3574875f80fb15fae26a433e13c147 Mon Sep 17 00:00:00 2001 >From: Philipp Ammann <philipp.ammann@posteo.de> >Date: Sat, 5 Oct 2019 11:48:13 +0000 >Subject: [PATCH 3/3] Disable DTLS when built against LibreSSL > >Compilation against LibreSSL fails with > > error: 'DTLS1_2_VERSION' undeclared > >because LibreSSL doesn't define it in openssl/dtls1.h like OpenSSL >does. Manually defining it to the current OpenSSL value (0xFEFD) does >allow OpenConnect to be compiled. This however doesn't magically allow >DTLS to work with LibreSSL. > >This patch simply mitigates the problem and doesn't properly solve it. > >A cleaner version would be to unset $dtls in configure when LibreSSL is >found. Fortunately I've never been to autohell and don't know how to >properly do this. >--- > cstp.c | 2 +- > library.c | 2 +- > main.c | 4 ++-- > openssl-dtls.c | 2 +- > 4 files changed, 5 insertions(+), 5 deletions(-) > >diff --git a/cstp.c b/cstp.c >index 577805e0..70bbdd58 100644 >--- a/cstp.c >+++ b/cstp.c >@@ -264,7 +264,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) > vpninfo->disable_ipv6 ? "IPv4" : "IPv6,IPv4"); > if (!vpninfo->disable_ipv6) > buf_append(reqbuf, "X-CSTP-Full-IPv6-Capability: true\r\n"); >-#ifdef HAVE_DTLS >+#if defined(HAVE_DTLS) && !defined(LIBRESSL_VERSION_NUMBER) > if (vpninfo->dtls_state != DTLS_DISABLED) { > /* The X-DTLS-Master-Secret is only used for the legacy protocol negotation > * which required the client to send explicitly the secret. In the PSK-NEGOTIATE >diff --git a/library.c b/library.c >index e517fdc9..2410fcda 100644 >--- a/library.c >+++ b/library.c >@@ -122,7 +122,7 @@ const struct vpn_proto openconnect_protos[] = { > .add_http_headers = cstp_common_headers, > .obtain_cookie = cstp_obtain_cookie, > .udp_protocol = "DTLS", >-#ifdef HAVE_DTLS >+#if defined(HAVE_DTLS) && !defined(LIBRESSL_VERSION_NUMBER) > .udp_setup = dtls_setup, > .udp_mainloop = dtls_mainloop, > .udp_close = dtls_close, >diff --git a/main.c b/main.c >index 19d64377..a56babb4 100644 >--- a/main.c >+++ b/main.c >@@ -635,7 +635,7 @@ static void print_build_opts(void) > sep = comma; > } > >-#ifdef HAVE_DTLS >+#if defined(HAVE_DTLS) && !defined(LIBRESSL_VERSION_NUMBER) > printf("%sDTLS", sep); > #endif > #ifdef HAVE_ESP >@@ -643,7 +643,7 @@ static void print_build_opts(void) > #endif > printf("\n"); > >-#if !defined(HAVE_DTLS) || !defined(HAVE_ESP) >+#if !defined(HAVE_DTLS) || !defined(HAVE_ESP) || defined(LIBRESSL_VERSION_NUMBER) > printf(_("WARNING: This binary lacks DTLS and/or ESP support. Performance will be impaired.\n")); > #endif > } >diff --git a/openssl-dtls.c b/openssl-dtls.c >index 71027f97..1388b096 100644 >--- a/openssl-dtls.c >+++ b/openssl-dtls.c >@@ -331,7 +331,7 @@ int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd) > int dtlsver = DTLS1_BAD_VER; > const char *cipher = vpninfo->dtls_cipher; > >-#ifdef HAVE_DTLS12 >+#if defined(HAVE_DTLS12) && !defined(LIBRESSL_VERSION_NUMBER) > /* These things should never happen unless they're supported */ > if (vpninfo->cisco_dtls12) { > dtlsver = DTLS1_2_VERSION; >-- >2.21.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 695630
:
591040
|
591042
|
591044
|
591046
|
591048
|
591050
|
591052
| 591896