milislinux
/
milis


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174
							Patch from OpenBSD
--- a/sslcls.c	Sat Jan 24 03:15:22 2015
+++ b/sslcls.c	Sat Jul 18 20:01:59 2015
@@ -55,6 +55,7 @@ const SSL_METHOD *sycSSLv2_server_method(void) {
 }
 #endif
 
+#ifdef HAVE_SSLv3_client_method
 const SSL_METHOD *sycSSLv3_client_method(void) {
    const SSL_METHOD *result;
    Debug("SSLv3_client_method()");
@@ -62,7 +63,9 @@ const SSL_METHOD *sycSSLv3_client_method(void) {
    Debug1("SSLv3_client_method() -> %p", result);
    return result;
 }
+#endif
 
+#ifdef HAVE_SSLv3_server_method
 const SSL_METHOD *sycSSLv3_server_method(void) {
    const SSL_METHOD *result;
    Debug("SSLv3_server_method()");
@@ -70,6 +73,7 @@ const SSL_METHOD *sycSSLv3_server_method(void) {
    Debug1("SSLv3_server_method() -> %p", result);
    return result;
 }
+#endif
 
 const SSL_METHOD *sycSSLv23_client_method(void) {
    const SSL_METHOD *result;
@@ -331,14 +335,6 @@ void sycSSL_free(SSL *ssl) {
    return;
 }
 
-int sycRAND_egd(const char *path) {
-   int result;
-   Debug1("RAND_egd(\"%s\")", path);
-   result = RAND_egd(path);
-   Debug1("RAND_egd() -> %d", result);
-   return result;
-}
-
 DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) {
    DH *result;
    Debug4("PEM_read_bio_DHparams(%p, %p, %p, %p)",
@@ -375,7 +371,7 @@ int sycFIPS_mode_set(int onoff) {
 }
 #endif /* WITH_FIPS */
 
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
 const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl) {
    const COMP_METHOD *result;
    Debug1("SSL_get_current_compression(%p)", ssl);
--- a/sslcls.h	Sat Jan 24 11:15:22 2015
+++ b/sslcls.h	Mon Apr 13 15:06:25 2015
@@ -47,7 +47,6 @@ X509 *sycSSL_get_peer_certificate(SSL *ssl);
 int sycSSL_shutdown(SSL *ssl);
 void sycSSL_CTX_free(SSL_CTX *ctx);
 void sycSSL_free(SSL *ssl);
-int sycRAND_egd(const char *path);
 
 DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
 
@@ -55,7 +54,7 @@ BIO *sycBIO_new_file(const char *filename, const char 
 
 int sycFIPS_mode_set(int onoff);
 
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
 const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl);
 const COMP_METHOD *sycSSL_get_current_expansion(SSL *ssl);
 const char *sycSSL_COMP_get_name(const COMP_METHOD *comp);
@@ -98,7 +97,6 @@ const char *sycSSL_COMP_get_name(const COMP_METHOD *co
 #define sycSSL_shutdown(s) SSL_shutdown(s)
 #define sycSSL_CTX_free(c) SSL_CTX_free(c)
 #define sycSSL_free(s) SSL_free(s)
-#define sycRAND_egd(p) RAND_egd(p)
 
 #define sycPEM_read_bio_DHparams(b,x,p,u) PEM_read_bio_DHparams(b,x,p,u)
 
--- a/xio-openssl.c	Sat Jan 24 15:33:42 2015
+++ b/xio-openssl.c	Mon Apr 13 14:59:12 2015
@@ -108,7 +108,6 @@ const struct optdesc opt_openssl_key         = { "open
 const struct optdesc opt_openssl_dhparam     = { "openssl-dhparam",     "dh",    OPT_OPENSSL_DHPARAM,     GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
 const struct optdesc opt_openssl_cafile      = { "openssl-cafile",     "cafile", OPT_OPENSSL_CAFILE,      GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
 const struct optdesc opt_openssl_capath      = { "openssl-capath",     "capath", OPT_OPENSSL_CAPATH,      GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
-const struct optdesc opt_openssl_egd         = { "openssl-egd",        "egd",    OPT_OPENSSL_EGD,         GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
 const struct optdesc opt_openssl_pseudo      = { "openssl-pseudo",     "pseudo", OPT_OPENSSL_PSEUDO,      GROUP_OPENSSL, PH_SPEC, TYPE_BOOL,     OFUNC_SPEC };
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
 const struct optdesc opt_openssl_compress    = { "openssl-compress",   "compress", OPT_OPENSSL_COMPRESS,  GROUP_OPENSSL, PH_SPEC, TYPE_STRING,   OFUNC_SPEC };
@@ -147,7 +146,7 @@ int xio_reset_fips_mode(void) {
 static void openssl_conn_loginfo(SSL *ssl) {
    Notice1("SSL connection using %s", SSL_get_cipher(ssl));
 
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
    {
       const COMP_METHOD *comp, *expansion;
 
@@ -722,7 +721,6 @@ int
    char *opt_dhparam = NULL;	/* file name of DH params */
    char *opt_cafile = NULL;	/* certificate authority file */
    char *opt_capath = NULL;	/* certificate authority directory */
-   char *opt_egd = NULL;	/* entropy gathering daemon socket path */
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
    char *opt_compress = NULL;	/* compression method */
 #endif
@@ -741,7 +739,6 @@ int
    retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath);
    retropt_string(opts, OPT_OPENSSL_KEY, &opt_key);
    retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam);
-   retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd);
    retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo);
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
    retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress);
@@ -877,10 +874,6 @@ int
       }
    }
 
-   if (opt_egd) {
-      sycRAND_egd(opt_egd);
-   }
-
    if (opt_pseudo) {
       long int randdata;
       /* initialize libc random from actual microseconds */
@@ -1098,7 +1091,7 @@ static int openssl_SSL_ERROR_SSL(int level, const char
       if (e == ((ERR_LIB_RAND<<24)|
 		(RAND_F_SSLEAY_RAND_BYTES<<12)|
 		(RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) {
-	 Error("too few entropy; use options \"egd\" or \"pseudo\"");
+	 Error("too few entropy; use option \"pseudo\"");
 	 stat = STAT_NORETRY;
       } else {
 	 Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf));
--- a/xio-openssl.h	Sun Jun 23 07:16:48 2013
+++ b/xio-openssl.h	Sat Apr 19 15:58:21 2014
@@ -21,7 +21,6 @@ extern const struct optdesc opt_openssl_key;
 extern const struct optdesc opt_openssl_dhparam;
 extern const struct optdesc opt_openssl_cafile;
 extern const struct optdesc opt_openssl_capath;
-extern const struct optdesc opt_openssl_egd;
 extern const struct optdesc opt_openssl_pseudo;
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
 extern const struct optdesc opt_openssl_compress;
--- a/xioopts.c	Sat Jan 24 11:15:22 2015
+++ b/xioopts.c	Mon Apr 13 15:06:25 2015
@@ -412,7 +412,6 @@ const struct optname optionnames[] = {
 #ifdef ECHOPRT
 	IF_TERMIOS("echoprt",	&opt_echoprt)
 #endif
-	IF_OPENSSL("egd",	&opt_openssl_egd)
 	IF_ANY    ("end-close",	&opt_end_close)
 	IF_TERMIOS("eof",	&opt_veof)
 	IF_TERMIOS("eol",	&opt_veol)
@@ -1102,7 +1101,6 @@ const struct optname optionnames[] = {
 	IF_OPENSSL("openssl-compress",	&opt_openssl_compress)
 #endif
 	IF_OPENSSL("openssl-dhparam",	&opt_openssl_dhparam)
-	IF_OPENSSL("openssl-egd",	&opt_openssl_egd)
 #if WITH_FIPS
 	IF_OPENSSL("openssl-fips",	&opt_openssl_fips)
 #endif
--- a/xioopts.h	Sat Jan 24 11:15:22 2015
+++ b/xioopts.h	Mon Apr 13 15:06:25 2015
@@ -478,7 +478,6 @@ enum e_optcode {
    OPT_OPENSSL_COMPRESS,
 #endif
    OPT_OPENSSL_DHPARAM,
-   OPT_OPENSSL_EGD,
    OPT_OPENSSL_FIPS,
    OPT_OPENSSL_KEY,
    OPT_OPENSSL_METHOD,