Index: head/security/wpa_supplicant/files/patch-src_crypto_crypto__openssl.c =================================================================== --- head/security/wpa_supplicant/files/patch-src_crypto_crypto__openssl.c (revision 466152) +++ head/security/wpa_supplicant/files/patch-src_crypto_crypto__openssl.c (revision 466153) @@ -1,20 +1,30 @@ ---- src/crypto/crypto_openssl.c.orig 2016-11-02 18:04:18 UTC +--- src/crypto/crypto_openssl.c.orig 2016-10-02 18:51:11 UTC +++ src/crypto/crypto_openssl.c -@@ -611,7 +611,7 @@ void crypto_cipher_deinit(struct crypto_ +@@ -33,7 +33,8 @@ + #include "aes_wrap.h" + #include "crypto.h" +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) + /* Compatibility wrappers for older versions. */ + + static HMAC_CTX * HMAC_CTX_new(void) +@@ -611,7 +612,7 @@ void crypto_cipher_deinit(struct crypto_ + void * dh5_init(struct wpabuf **priv, struct wpabuf **publ) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) DH *dh; struct wpabuf *pubkey = NULL, *privkey = NULL; size_t publen, privlen; -@@ -712,7 +712,7 @@ err: +@@ -712,7 +713,7 @@ err: void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) DH *dh; dh = DH_new(); Index: head/security/wpa_supplicant/files/patch-src_crypto_tls__openssl.c =================================================================== --- head/security/wpa_supplicant/files/patch-src_crypto_tls__openssl.c (revision 466152) +++ head/security/wpa_supplicant/files/patch-src_crypto_tls__openssl.c (revision 466153) @@ -1,29 +1,38 @@ ---- src/crypto/tls_openssl.c.orig 2016-11-02 18:46:25 UTC +--- src/crypto/tls_openssl.c.orig 2016-10-02 18:51:11 UTC +++ src/crypto/tls_openssl.c +@@ -59,7 +59,7 @@ typedef int stack_index_t; + #endif /* SSL_set_tlsext_status_type */ + + #if (OPENSSL_VERSION_NUMBER < 0x10100000L || \ +- defined(LIBRESSL_VERSION_NUMBER)) && \ ++ (defined(LIBRESSL_VERSION_NUMBER)) && LIBRESSL_VERSION_NUMBER < 0x20700000L) && \ + !defined(BORINGSSL_API_VERSION) + /* + * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL @@ -919,7 +919,7 @@ void * tls_init(const struct tls_config } #endif /* OPENSSL_FIPS */ #endif /* CONFIG_FIPS */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) SSL_load_error_strings(); SSL_library_init(); #ifndef OPENSSL_NO_SHA256 @@ -1043,7 +1043,7 @@ void tls_deinit(void *ssl_ctx) tls_openssl_ref_count--; if (tls_openssl_ref_count == 0) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); #endif /* OPENSSL_NO_ENGINE */ @@ -3976,7 +3976,7 @@ int tls_connection_set_params(void *tls_ engine_id = "pkcs11"; #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) if (params->flags & TLS_CONN_EAP_FAST) { wpa_printf(MSG_DEBUG, "OpenSSL: Use TLSv1_method() for EAP-FAST");