mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-21 14:37:57 +00:00
tools/libressl: update to version 2.7.2
Libressl version 2.7.0 and later implement more of the OpenSSL 1.1 API and this needs some modifications of the code using it. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit is contained in:
parent
3e93df0707
commit
2c192b6916
@ -20,13 +20,17 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
||||
---
|
||||
--- a/Utilities/cmcurl/CMakeLists.txt
|
||||
+++ b/Utilities/cmcurl/CMakeLists.txt
|
||||
@@ -461,6 +461,10 @@ if(CMAKE_USE_OPENSSL)
|
||||
@@ -461,6 +461,14 @@ if(CMAKE_USE_OPENSSL)
|
||||
set(USE_OPENSSL ON)
|
||||
set(HAVE_LIBCRYPTO ON)
|
||||
set(HAVE_LIBSSL ON)
|
||||
+ check_library_exists("rt" clock_gettime "" HAVE_LIBRT)
|
||||
+ if(HAVE_LIBRT)
|
||||
+ list(APPEND OPENSSL_LIBRARIES rt)
|
||||
+ endif()
|
||||
+ check_library_exists("pthread" pthread_once "" HAVE_PTHREAD)
|
||||
+ if(HAVE_PTHREAD)
|
||||
+ list(APPEND OPENSSL_LIBRARIES pthread)
|
||||
+ endif()
|
||||
list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES})
|
||||
include_directories(${OPENSSL_INCLUDE_DIR})
|
||||
|
68
tools/cmake/patches/140-curl-fix-libressl.patch
Normal file
68
tools/cmake/patches/140-curl-fix-libressl.patch
Normal file
@ -0,0 +1,68 @@
|
||||
From 7c90c93c0b061da81f69fabdd57125b2783c15fb Mon Sep 17 00:00:00 2001
|
||||
From: Bernard Spil <brnrd@FreeBSD.org>
|
||||
Date: Mon, 2 Apr 2018 19:04:06 +0200
|
||||
Subject: [PATCH] openssl: fix build with LibreSSL 2.7
|
||||
|
||||
- LibreSSL 2.7 implements (most of) OpenSSL 1.1 API
|
||||
|
||||
Fixes #2319
|
||||
Closes #2447
|
||||
Closes #2448
|
||||
|
||||
Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
|
||||
---
|
||||
lib/vtls/openssl.c | 15 +++++++++------
|
||||
1 file changed, 9 insertions(+), 6 deletions(-)
|
||||
|
||||
--- a/Utilities/cmcurl/lib/vtls/openssl.c
|
||||
+++ b/Utilities/cmcurl/lib/vtls/openssl.c
|
||||
@@ -104,7 +104,8 @@
|
||||
#endif
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
|
||||
- !defined(LIBRESSL_VERSION_NUMBER)
|
||||
+ !(defined(LIBRESSL_VERSION_NUMBER) && \
|
||||
+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
||||
#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
|
||||
#define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
|
||||
#define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
|
||||
@@ -128,7 +129,8 @@ static unsigned long OpenSSL_version_num
|
||||
#endif
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
|
||||
- !defined(LIBRESSL_VERSION_NUMBER)
|
||||
+ !(defined(LIBRESSL_VERSION_NUMBER) && \
|
||||
+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
||||
#define HAVE_X509_GET0_SIGNATURE 1
|
||||
#endif
|
||||
|
||||
@@ -147,7 +149,7 @@ static unsigned long OpenSSL_version_num
|
||||
* Whether SSL_CTX_set_keylog_callback is available.
|
||||
* OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
|
||||
* BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
|
||||
- * LibreSSL: unsupported in at least 2.5.1 (explicitly check for it since it
|
||||
+ * LibreSSL: unsupported in at least 2.7.2 (explicitly check for it since it
|
||||
* lies and pretends to be OpenSSL 2.0.0).
|
||||
*/
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
|
||||
@@ -259,7 +261,9 @@ static void tap_ssl_key(const SSL *ssl,
|
||||
if(!session || !keylog_file_fp)
|
||||
return;
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
|
||||
+ !(defined(LIBRESSL_VERSION_NUMBER) && \
|
||||
+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
||||
/* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that
|
||||
* we have a valid SSL context if we have a non-NULL session. */
|
||||
SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);
|
||||
@@ -2082,8 +2086,7 @@ static CURLcode ossl_connect_step1(struc
|
||||
case CURL_SSLVERSION_TLSv1_2:
|
||||
case CURL_SSLVERSION_TLSv1_3:
|
||||
/* it will be handled later with the context options */
|
||||
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
|
||||
- !defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
||||
req_method = TLS_client_method();
|
||||
#else
|
||||
req_method = SSLv23_client_method();
|
37
tools/cmake/patches/150-libarchive-fix-libressl.patch
Normal file
37
tools/cmake/patches/150-libarchive-fix-libressl.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From 5da00ad75b09e262774ec3675bbe4d5a4502a852 Mon Sep 17 00:00:00 2001
|
||||
From: Bernard Spil <brnrd@FreeBSD.org>
|
||||
Date: Sun, 1 Apr 2018 23:01:44 +0200
|
||||
Subject: [PATCH] fix build with LibreSSL 2.7
|
||||
|
||||
LibreSSL 2.7 adds OpenSSL 1.1 API leading to conflicts on method names
|
||||
|
||||
See also: https://bugs.freebsd.org/226853
|
||||
Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
|
||||
---
|
||||
libarchive/archive_openssl_hmac_private.h | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/Utilities/cmlibarchive/libarchive/archive_openssl_hmac_private.h
|
||||
+++ b/Utilities/cmlibarchive/libarchive/archive_openssl_hmac_private.h
|
||||
@@ -28,7 +28,8 @@
|
||||
#include <openssl/hmac.h>
|
||||
#include <openssl/opensslv.h>
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
||||
#include <stdlib.h> /* malloc, free */
|
||||
#include <string.h> /* memset */
|
||||
static inline HMAC_CTX *HMAC_CTX_new(void)
|
||||
--- a/Utilities/cmlibarchive/libarchive/archive_openssl_evp_private.h
|
||||
+++ b/Utilities/cmlibarchive/libarchive/archive_openssl_evp_private.h
|
||||
@@ -28,7 +28,8 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/opensslv.h>
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
||||
#include <stdlib.h> /* malloc, free */
|
||||
#include <string.h> /* memset */
|
||||
static inline EVP_MD_CTX *EVP_MD_CTX_new(void)
|
@ -8,8 +8,8 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=libressl
|
||||
PKG_VERSION:=2.6.4
|
||||
PKG_HASH:=638a20c2f9e99ee283a841cd787ab4d846d1880e180c4e96904fc327d419d11f
|
||||
PKG_VERSION:=2.7.2
|
||||
PKG_HASH:=917a8779c342177ff3751a2bf955d0262d1d8916a4b408930c45cef326700995
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
|
Loading…
Reference in New Issue
Block a user