pkgs/tools/networking/socat/libressl-fixes.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173

Patch from OpenBSD
--- a/sslcls.c	Sat Jan 24 03:15:22 2015
+++ b/sslcls.c	Sat Jul 18 20:01:59 2015
@@ -55,6 +55,7 @@ const SSL_METHOD *sycSSLv2_server_method(void) {
 }
 #endif
 
+#ifdef HAVE_SSLv3_client_method
 const SSL_METHOD *sycSSLv3_client_method(void) {
    const SSL_METHOD *result;
    Debug("SSLv3_client_method()");
@@ -62,7 +63,9 @@ const SSL_METHOD *sycSSLv3_client_method(void) {
    Debug1("SSLv3_client_method() -> %p", result);
    return result;
 }
+#endif
 
+#ifdef HAVE_SSLv3_server_method
 const SSL_METHOD *sycSSLv3_server_method(void) {
    const SSL_METHOD *result;
    Debug("SSLv3_server_method()");
@@ -70,6 +73,7 @@ const SSL_METHOD *sycSSLv3_server_method(void) {
    Debug1("SSLv3_server_method() -> %p", result);
    return result;
 }
+#endif
 
 const SSL_METHOD *sycSSLv23_client_method(void) {
    const SSL_METHOD *result;
@@ -331,14 +335,6 @@ void sycSSL_free(SSL *ssl) {
    return;
 }
 
-int sycRAND_egd(const char *path) {
-   int result;
-   Debug1("RAND_egd(\"%s\")", path);
-   result = RAND_egd(path);
-   Debug1("RAND_egd() -> %d", result);
-   return result;
-}
-
 DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) {
    DH *result;
    Debug4("PEM_read_bio_DHparams(%p, %p, %p, %p)",
@@ -375,7 +371,7 @@ int sycFIPS_mode_set(int onoff) {
 }
 #endif /* WITH_FIPS */
 
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
 const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl) {
    const COMP_METHOD *result;
    Debug1("SSL_get_current_compression(%p)", ssl);
--- a/sslcls.h	Sat Jan 24 11:15:22 2015
+++ b/sslcls.h	Mon Apr 13 15:06:25 2015
@@ -47,7 +47,6 @@ X509 *sycSSL_get_peer_certificate(SSL *ssl);
 int sycSSL_shutdown(SSL *ssl);
 void sycSSL_CTX_free(SSL_CTX *ctx);
 void sycSSL_free(SSL *ssl);
-int sycRAND_egd(const char *path);
 
 DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
 
@@ -55,7 +54,7 @@ BIO *sycBIO_new_file(const char *filename, const char 
 
 int sycFIPS_mode_set(int onoff);
 
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
 const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl);
 const COMP_METHOD *sycSSL_get_current_expansion(SSL *ssl);
 const char *sycSSL_COMP_get_name(const COMP_METHOD *comp);
@@ -98,7 +97,6 @@ const char *sycSSL_COMP_get_name(const COMP_METHOD *co
 #define sycSSL_shutdown(s) SSL_shutdown(s)
 #define sycSSL_CTX_free(c) SSL_CTX_free(c)
 #define sycSSL_free(s) SSL_free(s)
-#define sycRAND_egd(p) RAND_egd(p)
 
 #define sycPEM_read_bio_DHparams(b,x,p,u) PEM_read_bio_DHparams(b,x,p,u)
 
--- a/xio-openssl.c	Sat Jan 24 15:33:42 2015
+++ b/xio-openssl.c	Mon Apr 13 14:59:12 2015
@@ -108,7 +108,6 @@ const struct optdesc opt_openssl_key         = { "open
 const struct optdesc opt_openssl_dhparam     = { "openssl-dhparam",     "dh",    OPT_OPENSSL_DHPARAM,     GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
 const struct optdesc opt_openssl_cafile      = { "openssl-cafile",     "cafile", OPT_OPENSSL_CAFILE,      GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
 const struct optdesc opt_openssl_capath      = { "openssl-capath",     "capath", OPT_OPENSSL_CAPATH,      GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
-const struct optdesc opt_openssl_egd         = { "openssl-egd",        "egd",    OPT_OPENSSL_EGD,         GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
 const struct optdesc opt_openssl_pseudo      = { "openssl-pseudo",     "pseudo", OPT_OPENSSL_PSEUDO,      GROUP_OPENSSL, PH_SPEC, TYPE_BOOL,     OFUNC_SPEC };
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
 const struct optdesc opt_openssl_compress    = { "openssl-compress",   "compress", OPT_OPENSSL_COMPRESS,  GROUP_OPENSSL, PH_SPEC, TYPE_STRING,   OFUNC_SPEC };
@@ -147,7 +146,7 @@ int xio_reset_fips_mode(void) {
 static void openssl_conn_loginfo(SSL *ssl) {
    Notice1("SSL connection using %s", SSL_get_cipher(ssl));
 
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
    {
       const COMP_METHOD *comp, *expansion;
 
@@ -722,7 +721,6 @@ int
    char *opt_dhparam = NULL;	/* file name of DH params */
    char *opt_cafile = NULL;	/* certificate authority file */
    char *opt_capath = NULL;	/* certificate authority directory */
-   char *opt_egd = NULL;	/* entropy gathering daemon socket path */
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
    char *opt_compress = NULL;	/* compression method */
 #endif
@@ -741,7 +739,6 @@ int
    retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath);
    retropt_string(opts, OPT_OPENSSL_KEY, &opt_key);
    retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam);
-   retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd);
    retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo);
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
    retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress);
@@ -877,10 +874,6 @@ int
       }
    }
 
-   if (opt_egd) {
-      sycRAND_egd(opt_egd);
-   }
-
    if (opt_pseudo) {
       long int randdata;
       /* initialize libc random from actual microseconds */
@@ -1098,7 +1091,7 @@ static int openssl_SSL_ERROR_SSL(int level, const char
       if (e == ((ERR_LIB_RAND<<24)|
 		(RAND_F_SSLEAY_RAND_BYTES<<12)|
 		(RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) {
-	 Error("too few entropy; use options \"egd\" or \"pseudo\"");
+	 Error("too few entropy; use option \"pseudo\"");
 	 stat = STAT_NORETRY;
       } else {
 	 Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf));
--- a/xio-openssl.h	Sun Jun 23 07:16:48 2013
+++ b/xio-openssl.h	Sat Apr 19 15:58:21 2014
@@ -21,7 +21,6 @@ extern const struct optdesc opt_openssl_key;
 extern const struct optdesc opt_openssl_dhparam;
 extern const struct optdesc opt_openssl_cafile;
 extern const struct optdesc opt_openssl_capath;
-extern const struct optdesc opt_openssl_egd;
 extern const struct optdesc opt_openssl_pseudo;
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
 extern const struct optdesc opt_openssl_compress;
--- a/xioopts.c	Sat Jan 24 11:15:22 2015
+++ b/xioopts.c	Mon Apr 13 15:06:25 2015
@@ -412,7 +412,6 @@ const struct optname optionnames[] = {
 #ifdef ECHOPRT
 	IF_TERMIOS("echoprt",	&opt_echoprt)
 #endif
-	IF_OPENSSL("egd",	&opt_openssl_egd)
 	IF_ANY    ("end-close",	&opt_end_close)
 	IF_TERMIOS("eof",	&opt_veof)
 	IF_TERMIOS("eol",	&opt_veol)
@@ -1102,7 +1101,6 @@ const struct optname optionnames[] = {
 	IF_OPENSSL("openssl-compress",	&opt_openssl_compress)
 #endif
 	IF_OPENSSL("openssl-dhparam",	&opt_openssl_dhparam)
-	IF_OPENSSL("openssl-egd",	&opt_openssl_egd)
 #if WITH_FIPS
 	IF_OPENSSL("openssl-fips",	&opt_openssl_fips)
 #endif
--- a/xioopts.h	Sat Jan 24 11:15:22 2015
+++ b/xioopts.h	Mon Apr 13 15:06:25 2015
@@ -478,7 +478,6 @@ enum e_optcode {
    OPT_OPENSSL_COMPRESS,
 #endif
    OPT_OPENSSL_DHPARAM,
-   OPT_OPENSSL_EGD,
    OPT_OPENSSL_FIPS,
    OPT_OPENSSL_KEY,
    OPT_OPENSSL_METHOD,