Index: net/freeradius3/files/patch-src_main_cb.c =================================================================== --- /dev/null +++ net/freeradius3/files/patch-src_main_cb.c @@ -0,0 +1,20 @@ +--- src/main/cb.c.orig 2022-10-18 11:15:41 UTC ++++ src/main/cb.c +@@ -64,7 +64,7 @@ void cbtls_info(SSL const *s, int where, int ret) + /* + * After a ClientHello, list all the proposed ciphers from the client + */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + if (SSL_get_state(s) == TLS_ST_SR_CLNT_HELLO) { + int i; + int num_ciphers; +@@ -192,7 +192,7 @@ void cbtls_msg(int write_p, int msg_version, int conte + state->info.alert_level = 0x00; + state->info.alert_description = 0x00; + +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) + } else if (content_type == SSL3_RT_INNER_CONTENT_TYPE && buf[0] == SSL3_RT_APPLICATION_DATA) { + /* let tls_ack_handler set application_data */ + state->info.content_type = SSL3_RT_HANDSHAKE; Index: net/freeradius3/files/patch-src_main_threads.c =================================================================== --- /dev/null +++ net/freeradius3/files/patch-src_main_threads.c @@ -0,0 +1,11 @@ +--- src/main/threads.c.orig 2022-10-18 11:09:43 UTC ++++ src/main/threads.c +@@ -860,7 +860,7 @@ static void *request_handler_thread(void *arg) + */ + #if OPENSSL_VERSION_NUMBER < 0x10000000L + ERR_remove_state(0); +-#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#elif OPENSSL_VERSION_NUMBER < 0x10100000L + ERR_remove_thread_state(NULL); + #endif + #endif Index: net/freeradius3/files/patch-src_main_tls.c =================================================================== --- /dev/null +++ net/freeradius3/files/patch-src_main_tls.c @@ -0,0 +1,98 @@ +--- src/main/tls.c.orig 2022-10-18 11:08:25 UTC ++++ src/main/tls.c +@@ -622,7 +622,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls + /* + * Swap empty store with the old one. + */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + conf->old_x509_store = SSL_CTX_get_cert_store(conf->ctx); + /* Bump refcnt so the store is kept allocated till next store replacement */ + X509_STORE_up_ref(conf->old_x509_store); +@@ -1920,7 +1920,7 @@ done: + return 0; + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + static SSL_SESSION *cbtls_get_session(SSL *ssl, unsigned char *data, int len, int *copy) + #else + static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int len, int *copy) +@@ -2304,7 +2304,7 @@ static int cbtls_cache_refresh(SSL *ssl, SSL_SESSION * + return 0; + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + static SSL_SESSION *cbtls_cache_load(SSL *ssl, unsigned char *data, int len, int *copy) + #else + static SSL_SESSION *cbtls_cache_load(SSL *ssl, const unsigned char *data, int len, int *copy) +@@ -2840,7 +2840,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) + char cn_str[1024]; + char buf[64]; + X509 *client_cert; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + const STACK_OF(X509_EXTENSION) *ext_list; + #else + STACK_OF(X509_EXTENSION) *ext_list; +@@ -3058,7 +3058,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) + } + + if (lookup == 0) { +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + ext_list = X509_get0_extensions(client_cert); + #else + X509_CINF *client_inf; +@@ -3111,7 +3111,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) + value[0] = '0'; + value[1] = 'x'; + const unsigned char *srcp; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + const ASN1_STRING *srcasn1p; + srcasn1p = X509_EXTENSION_get_data(ext); + srcp = ASN1_STRING_get0_data(srcasn1p); +@@ -3570,7 +3570,7 @@ void tls_global_cleanup(void) + { + #if OPENSSL_VERSION_NUMBER < 0x10000000L + ERR_remove_state(0); +-#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#elif OPENSSL_VERSION_NUMBER < 0x10100000L + ERR_remove_thread_state(NULL); + #endif + #ifndef OPENSSL_NO_ENGINE +@@ -4281,7 +4281,6 @@ post_ca: + SSL_CTX_set_verify_depth(ctx, conf->verify_depth); + } + +-#ifndef LIBRESSL_VERSION_NUMBER + /* Load randomness */ + if (conf->random_file) { + if (!(RAND_load_file(conf->random_file, 1024*10))) { +@@ -4289,7 +4288,6 @@ post_ca: + return NULL; + } + } +-#endif + + /* + * Set the cipher list if we were told to +@@ -4336,14 +4334,14 @@ post_ca: + */ + SSL_CTX_sess_set_cache_size(ctx, conf->session_cache_size); + +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L + SSL_CTX_set_num_tickets(ctx, 1); + #endif + + } else { + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); + +-#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L + /* + * This controls the number of stateful or stateless tickets + * generated with TLS 1.3. In OpenSSL 1.1.1 it's also Index: net/freeradius3/files/patch-src_modules_rlm__eap_types_rlm__eap__fast_eap__fast.c =================================================================== --- /dev/null +++ net/freeradius3/files/patch-src_modules_rlm__eap_types_rlm__eap__fast_eap__fast.c @@ -0,0 +1,11 @@ +--- src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c.orig 2022-10-18 11:10:14 UTC ++++ src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c +@@ -44,7 +44,7 @@ static int openssl_get_keyblock_size(REQUEST *request, + { + const EVP_CIPHER *c; + const EVP_MD *h; +-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + int md_size; + + if (ssl->enc_read_ctx == NULL || ssl->enc_read_ctx->cipher == NULL || Index: net/freeradius3/files/patch-src_modules_rlm__eap_types_rlm__eap__fast_rlm__eap__fast.c =================================================================== --- /dev/null +++ net/freeradius3/files/patch-src_modules_rlm__eap_types_rlm__eap__fast_rlm__eap__fast.c @@ -0,0 +1,29 @@ +--- src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c.orig 2022-10-18 11:10:50 UTC ++++ src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c +@@ -200,7 +200,7 @@ static void eap_fast_session_ticket(tls_session_t *tls + } + + // hostap:src/crypto/tls_openssl.c:tls_sess_sec_cb() +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + static int _session_secret(SSL *s, void *secret, int *secret_len, + UNUSED STACK_OF(SSL_CIPHER) *peer_ciphers, + UNUSED SSL_CIPHER **cipher, void *arg) +@@ -224,7 +224,7 @@ static int _session_secret(SSL *s, void *secret, int * + + RDEBUG("processing PAC-Opaque"); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + eap_fast_session_ticket(tls_session, s->s3->client_random, s->s3->server_random, secret, secret_len); + #else + uint8_t client_random[SSL3_RANDOM_SIZE]; +@@ -590,7 +590,7 @@ static int mod_session_init(void *type_arg, eap_handle + } + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L + { + int i; + for (i = 0; ; i++) { Index: net/freeradius3/files/patch-src_modules_rlm__pap_rlm__pap.c =================================================================== --- /dev/null +++ net/freeradius3/files/patch-src_modules_rlm__pap_rlm__pap.c @@ -0,0 +1,11 @@ +--- src/modules/rlm_pap/rlm_pap.c.orig 2022-10-20 09:27:04 UTC ++++ src/modules/rlm_pap/rlm_pap.c +@@ -927,7 +927,7 @@ static inline rlm_rcode_t CC_HINT(nonnull) pap_auth_pb + digest_len = SHA512_DIGEST_LENGTH; + break; + +-# if OPENSSL_VERSION_NUMBER >= 0x10101000L ++# if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) + case PW_SSHA3_224_PASSWORD: + evp_md = EVP_sha3_224(); + digest_len = SHA224_DIGEST_LENGTH;