diff options
Diffstat (limited to 'net-vpn/tor/files/tor-0.4.7.13-libressl.patch')
| -rw-r--r-- | net-vpn/tor/files/tor-0.4.7.13-libressl.patch | 202 |
1 files changed, 0 insertions, 202 deletions
diff --git a/net-vpn/tor/files/tor-0.4.7.13-libressl.patch b/net-vpn/tor/files/tor-0.4.7.13-libressl.patch deleted file mode 100644 index bba0c45f3fc3..000000000000 --- a/net-vpn/tor/files/tor-0.4.7.13-libressl.patch +++ /dev/null @@ -1,202 +0,0 @@ -Upstream-MR: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/598 -Upstream-Commit: https://gitlab.torproject.org/tpo/core/tor/-/commit/da52d7206a4a8e4fa8b5e80b5ed73de50fbe8692 -Upstream-MR: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/713 -Upstream-Commit: https://gitlab.torproject.org/tpo/core/tor/-/commit/9850dc59c0db5cbcadc314be8d324a992880fce1 - -From f3dabd705f26c56076934323f24b5b05ecdfd39c Mon Sep 17 00:00:00 2001 -From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca> -Date: Tue, 5 Jul 2022 11:37:30 -0400 -Subject: [PATCH 1/2] LibreSSL 3.5 compatibility - -LibreSSL is now closer to OpenSSL 1.1 than OpenSSL 1.0. According to -https://undeadly.org/cgi?action=article;sid=20220116121253, this is the -intention of OpenBSD developers. - -According to #40630, many special cases are needed to compile Tor against -LibreSSL 3.5 when using Tor's OpenSSL 1.0 compatibility mode, whereas only a -small number of #defines are required when using OpenSSL 1.1 compatibility -mode. One additional workaround is required for LibreSSL 3.4 compatibility. - -Compiles and passes unit tests with LibreSSL 3.4.3 and 3.5.1. ---- - configure.ac | 2 +- - src/lib/crypt_ops/compat_openssl.h | 22 +++++++++++++--------- - src/lib/crypt_ops/crypto_openssl_mgt.h | 3 +-- - src/lib/crypt_ops/crypto_rsa_openssl.c | 8 +++++--- - 4 files changed, 20 insertions(+), 15 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 8baae007cf..6ab7903010 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1022,7 +1022,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ - AC_MSG_CHECKING([for OpenSSL < 1.0.1]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ - #include <openssl/opensslv.h> --#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL -+#if OPENSSL_VERSION_NUMBER < 0x1000100fL - #error "too old" - #endif - ]], [[]])], -diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h -index 0f56f338b5..c5eccdb015 100644 ---- a/src/lib/crypt_ops/compat_openssl.h -+++ b/src/lib/crypt_ops/compat_openssl.h -@@ -20,32 +20,36 @@ - * \brief compatibility definitions for working with different openssl forks - **/ - --#if !defined(LIBRESSL_VERSION_NUMBER) && \ -- OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1) -+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1) - #error "We require OpenSSL >= 1.0.1" - #endif - --#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \ -- ! defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) - /* We define this macro if we're trying to build with the majorly refactored - * API in OpenSSL 1.1 */ - #define OPENSSL_1_1_API - #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */ - --#ifndef OPENSSL_1_1_API --#define OpenSSL_version(v) SSLeay_version(v) --#define tor_OpenSSL_version_num() SSLeay() -+/* LibreSSL claims to be OpenSSL 2.0 but lacks these OpenSSL 1.1 APIs */ -+#if !defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) - #define RAND_OpenSSL() RAND_SSLeay() - #define STATE_IS_SW_SERVER_HELLO(st) \ - (((st) == SSL3_ST_SW_SRVR_HELLO_A) || \ - ((st) == SSL3_ST_SW_SRVR_HELLO_B)) - #define OSSL_HANDSHAKE_STATE int - #define CONST_IF_OPENSSL_1_1_API --#else /* defined(OPENSSL_1_1_API) */ --#define tor_OpenSSL_version_num() OpenSSL_version_num() -+#else - #define STATE_IS_SW_SERVER_HELLO(st) \ - ((st) == TLS_ST_SW_SRVR_HELLO) - #define CONST_IF_OPENSSL_1_1_API const -+#endif -+ -+/* OpenSSL 1.1 and LibreSSL both have these APIs */ -+#ifndef OPENSSL_1_1_API -+#define OpenSSL_version(v) SSLeay_version(v) -+#define tor_OpenSSL_version_num() SSLeay() -+#else /* defined(OPENSSL_1_1_API) */ -+#define tor_OpenSSL_version_num() OpenSSL_version_num() - #endif /* !defined(OPENSSL_1_1_API) */ - - #endif /* defined(ENABLE_OPENSSL) */ -diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h -index c6f63ffa08..96a37721dd 100644 ---- a/src/lib/crypt_ops/crypto_openssl_mgt.h -+++ b/src/lib/crypt_ops/crypto_openssl_mgt.h -@@ -54,8 +54,7 @@ - #define DISABLE_ENGINES - #endif - --#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && \ -- !defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) - /* OpenSSL as of 1.1.0pre4 has an "new" thread API, which doesn't require - * setting up various callbacks. - * -diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c -index a21c4a65cf..544d72e6ca 100644 ---- a/src/lib/crypt_ops/crypto_rsa_openssl.c -+++ b/src/lib/crypt_ops/crypto_rsa_openssl.c -@@ -572,7 +572,9 @@ static bool - rsa_private_key_too_long(RSA *rsa, int max_bits) - { - const BIGNUM *n, *e, *p, *q, *d, *dmp1, *dmq1, *iqmp; --#ifdef OPENSSL_1_1_API -+#if defined(OPENSSL_1_1_API) && \ -+ (!defined(LIBRESSL_VERSION_NUMBER) || \ -+ LIBRESSL_VERSION_NUMBER >= OPENSSL_V_SERIES(3,5,0)) - - #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1) - n = RSA_get0_n(rsa); -@@ -591,7 +593,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits) - - if (RSA_bits(rsa) > max_bits) - return true; --#else /* !defined(OPENSSL_1_1_API) */ -+#else /* !defined(OPENSSL_1_1_API) && ... */ - n = rsa->n; - e = rsa->e; - p = rsa->p; -@@ -600,7 +602,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits) - dmp1 = rsa->dmp1; - dmq1 = rsa->dmq1; - iqmp = rsa->iqmp; --#endif /* defined(OPENSSL_1_1_API) */ -+#endif /* defined(OPENSSL_1_1_API) && ... */ - - if (n && BN_num_bits(n) > max_bits) - return true; --- -GitLab - - -From b1545b6d18fbef6c790e2731a814fa54230d8857 Mon Sep 17 00:00:00 2001 -From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca> -Date: Tue, 19 Jul 2022 16:18:29 -0400 -Subject: [PATCH 2/2] Changes file for #40630 (LibreSSL 3.5 compatibility) - ---- - changes/issue40630 | 3 +++ - 1 file changed, 3 insertions(+) - create mode 100644 changes/issue40630 - -diff --git a/changes/issue40630 b/changes/issue40630 -new file mode 100644 -index 0000000000..faf04941b6 ---- /dev/null -+++ b/changes/issue40630 -@@ -0,0 +1,3 @@ -+ o Minor features (portability, compilation): -+ - Use OpenSSL 1.1 APIs for LibreSSL, fixing LibreSSL 3.5 compatibility. -+ Fixes issue 40630; patch by Alex Xu (Hello71). --- -GitLab - -From 9850dc59c0db5cbcadc314be8d324a992880fce1 Mon Sep 17 00:00:00 2001 -From: orbea <orbea@riseup.net> -Date: Mon, 29 May 2023 12:56:37 -0700 -Subject: [PATCH] tls: Disable a warning with LibreSSL >= 3.8.0 - -Skip a warning using EC_GFp_nist_method() which was removed in LibreSSL -3.8. - -Based on a patch from OpenBSD. - -https://github.com/openbsd/ports/commit/33fe251a08cb11f30ce6094a2e0759c3bb63ed16 - -These functions are deprecated since OpenSSL 3.0. - -https://www.openssl.org/docs/man3.1/man3/EC_GFp_nist_method.html ---- - src/lib/tls/tortls_openssl.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c -index 12260c09d3..c0a89ac272 100644 ---- a/src/lib/tls/tortls_openssl.c -+++ b/src/lib/tls/tortls_openssl.c -@@ -340,8 +340,10 @@ tor_tls_init(void) - SSL_load_error_strings(); - #endif /* defined(OPENSSL_1_1_API) */ - --#if (SIZEOF_VOID_P >= 8 && \ -- OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1)) -+#if (SIZEOF_VOID_P >= 8 && \ -+ OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1) && \ -+ (!defined(LIBRESSL_VERSION_NUMBER) || \ -+ LIBRESSL_VERSION_NUMBER < 0x3080000fL)) - long version = tor_OpenSSL_version_num(); - - /* LCOV_EXCL_START : we can't test these lines on the same machine */ --- -GitLab - |