From 35b07abfb8bfbed03da821ed0add9ae42dee05f2 Mon Sep 17 00:00:00 2001
From: Sergey Safarov <s.safarov@gmail.com>
Date: Tue, 19 Sep 2017 06:17:34 -0400
Subject: [PATCH] Fixed tls initialization when used LibreSSL. Backport from
 OpenBSD

---
 src/modules/tls/tls_init.c    | 23 ++++++++++++++++-------
 src/modules/tls/tls_locking.c |  4 ++--
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c
index 936bec1f819..030e3d2d790 100644
--- a/src/modules/tls/tls_init.c
+++ b/src/modules/tls/tls_init.c
@@ -144,6 +144,7 @@ sr_tls_methods_t sr_tls_methods[TLS_METHOD_MAX];
 
 
 
+#ifndef LIBRESSL_VERSION_NUMBER
 inline static char* buf_append(char* buf, char* end, char* str, int str_len)
 {
 	if ( (buf+str_len)<end){
@@ -269,9 +270,12 @@ static void* ser_realloc(void *ptr, size_t size, const char* file, int line)
 #endif
 	return p;
 }
+#endif /* LIBRESSL_VERSION_NUMBER */
 
 #else /*TLS_MALLOC_DBG */
 
+#ifndef LIBRESSL_VERSION_NUMBER
+
 #if OPENSSL_VERSION_NUMBER < 0x010100000L
 static void* ser_malloc(size_t size)
 {
@@ -321,6 +325,7 @@ static void ser_free(void *ptr, const char *fname, int fline)
 }
 #endif
 
+#endif /* LIBRESSL_VERSION_NUMBER */
 
 /*
  * Initialize TLS socket
@@ -366,7 +371,7 @@ static void init_ssl_methods(void)
 	ssl_methods[TLS_USE_SSLv23 - 1] = SSLv23_method();
 
 	/* only specific SSL or TLS version */
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
+#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
 #ifndef OPENSSL_NO_SSL2
 	ssl_methods[TLS_USE_SSLv2_cli - 1] = SSLv2_client_method();
 	ssl_methods[TLS_USE_SSLv2_srv - 1] = SSLv2_server_method();
@@ -384,13 +389,13 @@ static void init_ssl_methods(void)
 	ssl_methods[TLS_USE_TLSv1_srv - 1] = TLSv1_server_method();
 	ssl_methods[TLS_USE_TLSv1 - 1] = TLSv1_method();
 
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
+#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(LIBRESSL_VERSION_NUMBER)
 	ssl_methods[TLS_USE_TLSv1_1_cli - 1] = TLSv1_1_client_method();
 	ssl_methods[TLS_USE_TLSv1_1_srv - 1] = TLSv1_1_server_method();
 	ssl_methods[TLS_USE_TLSv1_1 - 1] = TLSv1_1_method();
 #endif
 
-#if OPENSSL_VERSION_NUMBER >= 0x1000105fL
+#if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(LIBRESSL_VERSION_NUMBER)
 	ssl_methods[TLS_USE_TLSv1_2_cli - 1] = TLSv1_2_client_method();
 	ssl_methods[TLS_USE_TLSv1_2_srv - 1] = TLSv1_2_server_method();
 	ssl_methods[TLS_USE_TLSv1_2 - 1] = TLSv1_2_method();
@@ -399,11 +404,11 @@ static void init_ssl_methods(void)
 	/* ranges of TLS versions (require a minimum TLS version) */
 	ssl_methods[TLS_USE_TLSv1_PLUS - 1] = (void*)TLS_OP_TLSv1_PLUS;
 
-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
+#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(LIBRESSL_VERSION_NUMBER)
 	ssl_methods[TLS_USE_TLSv1_1_PLUS - 1] = (void*)TLS_OP_TLSv1_1_PLUS;
 #endif
 
-#if OPENSSL_VERSION_NUMBER >= 0x1000105fL
+#if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(LIBRESSL_VERSION_NUMBER)
 	ssl_methods[TLS_USE_TLSv1_2_PLUS - 1] = (void*)TLS_OP_TLSv1_2_PLUS;
 #endif
 
@@ -477,6 +482,7 @@ static void init_ssl_methods(void)
  */
 static int init_tls_compression(void)
 {
+#ifndef LIBRESSL_VERSION_NUMBER
 #if OPENSSL_VERSION_NUMBER < 0x010100000L
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
 	int n, r;
@@ -561,6 +567,7 @@ static int init_tls_compression(void)
 end:
 #endif /* OPENSSL_VERSION_NUMBER >= 0.9.8 */
 #endif /* OPENSSL_VERSION_NUMBER < 1.1.0 */
+#endif /* LIBRESSL_VERSION_NUMBER */
 	return 0;
 }
 
@@ -571,6 +578,7 @@ static int init_tls_compression(void)
  */
 int tls_pre_init(void)
 {
+#ifndef LIBRESSL_VERSION_NUMBER
 #if OPENSSL_VERSION_NUMBER < 0x010100000L
 	void *(*mf)(size_t) = NULL;
 	void *(*rf)(void *, size_t) = NULL;
@@ -598,6 +606,7 @@ int tls_pre_init(void)
 				" libssl (can be loaded first to be safe)\n");
 		return -1;
 	}
+#endif /* LIBRESSL_VERSION_NUMBER */
 
 	if (tls_init_locks()<0)
 		return -1;
@@ -631,7 +640,7 @@ int init_tls_h(void)
 {
 	/*struct socket_info* si;*/
 	long ssl_version;
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
+#if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	int lib_kerberos;
 	int lib_zlib;
 	int kerberos_support;
@@ -675,7 +684,7 @@ int init_tls_h(void)
 	}
 
 	/* check kerberos support using compile flags only for version < 1.1.0 */
-#if OPENSSL_VERSION_NUMBER < 0x010100000L
+#if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
 
 #ifdef TLS_KERBEROS_SUPPORT
 	kerberos_support=1;
diff --git a/src/modules/tls/tls_locking.c b/src/modules/tls/tls_locking.c
index 38c028fd2f7..4e5bbcc5e30 100644
--- a/src/modules/tls/tls_locking.c
+++ b/src/modules/tls/tls_locking.c
@@ -33,7 +33,7 @@ static int n_static_locks=0;
 static gen_lock_set_t* static_locks=0;
 
 /* OpenSSL is thread-safe since 1.1.0 */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
 /* "dynamic" locks */
 
@@ -118,7 +118,7 @@ static void locking_f(int mode, int n, const char* file, int line)
 	}
 }
 
-#endif /* openssl < 0x10100000L (1.1.0) */
+#endif /* openssl < 0x10100000L (1.1.0) or LibreSSL */
 
 
 void tls_destroy_locks()