aboutsummaryrefslogtreecommitdiffstats
path: root/security/libp11
diff options
context:
space:
mode:
authorbrnrd <brnrd@FreeBSD.org>2017-03-27 02:55:21 +0800
committerbrnrd <brnrd@FreeBSD.org>2017-03-27 02:55:21 +0800
commitbae0970fa81453700d58d777b16ddc33d1ebea7f (patch)
tree65d87cff037c2e792781a95b99022d9b5434eda2 /security/libp11
parentce60774a8e25608874fb2bbd7ccbe731bfd7edda (diff)
downloadfreebsd-ports-gnome-bae0970fa81453700d58d777b16ddc33d1ebea7f.tar.gz
freebsd-ports-gnome-bae0970fa81453700d58d777b16ddc33d1ebea7f.tar.zst
freebsd-ports-gnome-bae0970fa81453700d58d777b16ddc33d1ebea7f.zip
security/libp11: Fix build with LibreSSL
- Fix-up OPENSSL_VERSION_NUMBER checks PR: 217006 Approved by: maintainer timeout
Diffstat (limited to 'security/libp11')
-rw-r--r--security/libp11/files/patch-examples_auth.c11
-rw-r--r--security/libp11/files/patch-examples_decrypt.c29
-rw-r--r--security/libp11/files/patch-src_eng__back.c56
-rw-r--r--security/libp11/files/patch-src_libp11-int.h20
-rw-r--r--security/libp11/files/patch-src_libp11.h11
-rw-r--r--security/libp11/files/patch-src_p11__ec.c109
-rw-r--r--security/libp11/files/patch-src_p11__key.c47
-rw-r--r--security/libp11/files/patch-src_p11__misc.c11
-rw-r--r--security/libp11/files/patch-src_p11__rsa.c65
9 files changed, 359 insertions, 0 deletions
diff --git a/security/libp11/files/patch-examples_auth.c b/security/libp11/files/patch-examples_auth.c
new file mode 100644
index 000000000000..92903995c5e2
--- /dev/null
+++ b/security/libp11/files/patch-examples_auth.c
@@ -0,0 +1,11 @@
+--- examples/auth.c.orig 2017-01-26 21:19:45 UTC
++++ examples/auth.c
+@@ -212,7 +212,7 @@ int main(int argc, char *argv[])
+
+ /* now verify the result */
+ rc = RSA_verify(NID_sha1, random, RANDOM_SIZE,
+-#if OPENSSL_VERSION_NUMBER >= 0x10100003L
++#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
+ signature, siglen, EVP_PKEY_get0_RSA(pubkey));
+ #else
+ signature, siglen, pubkey->pkey.rsa);
diff --git a/security/libp11/files/patch-examples_decrypt.c b/security/libp11/files/patch-examples_decrypt.c
new file mode 100644
index 000000000000..df9601bd7da1
--- /dev/null
+++ b/security/libp11/files/patch-examples_decrypt.c
@@ -0,0 +1,29 @@
+--- examples/decrypt.c.orig 2017-01-26 21:19:45 UTC
++++ examples/decrypt.c
+@@ -131,7 +131,7 @@ int main(int argc, char *argv[])
+ }
+
+ /* allocate destination buffer */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100003L
++#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
+ encrypted = OPENSSL_malloc(RSA_size(EVP_PKEY_get0_RSA(pubkey)));
+ #else
+ encrypted = OPENSSL_malloc(RSA_size(pubkey->pkey.rsa));
+@@ -143,7 +143,7 @@ int main(int argc, char *argv[])
+
+ /* use public key for encryption */
+ len = RSA_public_encrypt(RANDOM_SIZE, random, encrypted,
+-#if OPENSSL_VERSION_NUMBER >= 0x10100003L
++#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
+ EVP_PKEY_get0_RSA(pubkey),
+ #else
+ pubkey->pkey.rsa,
+@@ -200,7 +200,7 @@ loggedin:
+ }
+
+ /* allocate space for decrypted data */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100003L
++#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
+ decrypted = OPENSSL_malloc(RSA_size(EVP_PKEY_get0_RSA(pubkey)));
+ #else
+ decrypted = OPENSSL_malloc(RSA_size(pubkey->pkey.rsa));
diff --git a/security/libp11/files/patch-src_eng__back.c b/security/libp11/files/patch-src_eng__back.c
new file mode 100644
index 000000000000..e8245dc48698
--- /dev/null
+++ b/security/libp11/files/patch-src_eng__back.c
@@ -0,0 +1,56 @@
+--- src/eng_back.c.orig 2017-01-26 21:19:45 UTC
++++ src/eng_back.c
+@@ -49,7 +49,7 @@ struct st_engine_ctx {
+ char *init_args;
+
+ /* Engine initialization mutex */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100004L
++#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
+ CRYPTO_RWLOCK *rwlock;
+ #else
+ int rwlock;
+@@ -206,7 +206,7 @@ ENGINE_CTX *ctx_new()
+ #endif
+ }
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100004L
++#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
+ ctx->rwlock = CRYPTO_THREAD_lock_new();
+ #else
+ ctx->rwlock = CRYPTO_get_dynlock_create_callback() ?
+@@ -224,7 +224,7 @@ int ctx_destroy(ENGINE_CTX *ctx)
+ ctx_destroy_pin(ctx);
+ OPENSSL_free(ctx->module);
+ OPENSSL_free(ctx->init_args);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100004L
++#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
+ CRYPTO_THREAD_lock_free(ctx->rwlock);
+ #else
+ if (ctx->rwlock)
+@@ -274,7 +274,7 @@ static void ctx_init_libp11_unlocked(ENG
+
+ static int ctx_init_libp11(ENGINE_CTX *ctx)
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x10100004L
++#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
+ CRYPTO_THREAD_write_lock(ctx->rwlock);
+ #else
+ if (ctx->rwlock)
+@@ -282,7 +282,7 @@ static int ctx_init_libp11(ENGINE_CTX *c
+ #endif
+ if (ctx->pkcs11_ctx == NULL || ctx->slot_list == NULL)
+ ctx_init_libp11_unlocked(ctx);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100004L
++#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
+ CRYPTO_THREAD_unlock(ctx->rwlock);
+ #else
+ if (ctx->rwlock)
+@@ -302,7 +302,7 @@ int ctx_init(ENGINE_CTX *ctx)
+ /* Only attempt initialization when dynamic locks are unavailable.
+ * This likely also indicates a single-threaded application,
+ * so temporarily unlocking CRYPTO_LOCK_ENGINE should be safe. */
+-#if OPENSSL_VERSION_NUMBER < 0x10100004L
++#if OPENSSL_VERSION_NUMBER < 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
+ if (CRYPTO_get_dynlock_create_callback() == NULL ||
+ CRYPTO_get_dynlock_lock_callback() == NULL ||
+ CRYPTO_get_dynlock_destroy_callback() == NULL) {
diff --git a/security/libp11/files/patch-src_libp11-int.h b/security/libp11/files/patch-src_libp11-int.h
new file mode 100644
index 000000000000..4117b42bc7bb
--- /dev/null
+++ b/security/libp11/files/patch-src_libp11-int.h
@@ -0,0 +1,20 @@
+--- src/libp11-int.h.orig 2017-01-26 21:19:45 UTC
++++ src/libp11-int.h
+@@ -32,7 +32,7 @@
+ extern void *C_LoadModule(const char *name, CK_FUNCTION_LIST_PTR_PTR);
+ extern CK_RV C_UnloadModule(void *module);
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100004L
++#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ typedef int PKCS11_RWLOCK;
+ #else
+ typedef CRYPTO_RWLOCK *PKCS11_RWLOCK;
+@@ -144,7 +144,7 @@ typedef struct pkcs11_cert_private {
+ #define PKCS11_DUP(s) \
+ pkcs11_strdup((char *) s, sizeof(s))
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100004L
++#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */
+ int CRYPTO_THREAD_lock_new();
+ void CRYPTO_THREAD_lock_free(int);
diff --git a/security/libp11/files/patch-src_libp11.h b/security/libp11/files/patch-src_libp11.h
new file mode 100644
index 000000000000..741ef6b15aac
--- /dev/null
+++ b/security/libp11/files/patch-src_libp11.h
@@ -0,0 +1,11 @@
+--- src/libp11.h.orig 2017-01-26 21:19:45 UTC
++++ src/libp11.h
+@@ -370,7 +370,7 @@ extern int PKCS11_generate_random(PKCS11
+ */
+ RSA_METHOD *PKCS11_get_rsa_method(void);
+ /* Also define unsupported methods to retain backward compatibility */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100002L
++#if OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER)
+ EC_KEY_METHOD *PKCS11_get_ec_key_method(void);
+ void *PKCS11_get_ecdsa_method(void);
+ void *PKCS11_get_ecdh_method(void);
diff --git a/security/libp11/files/patch-src_p11__ec.c b/security/libp11/files/patch-src_p11__ec.c
new file mode 100644
index 000000000000..ac985f600307
--- /dev/null
+++ b/security/libp11/files/patch-src_p11__ec.c
@@ -0,0 +1,109 @@
+--- src/p11_ec.c.orig 2017-01-26 21:19:45 UTC
++++ src/p11_ec.c
+@@ -37,7 +37,7 @@
+ #include <openssl/ecdh.h>
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100004L
++#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
+ typedef int (*compute_key_fn)(unsigned char **, size_t *,
+ const EC_POINT *, const EC_KEY *);
+ #else
+@@ -73,7 +73,7 @@ struct ecdsa_method {
+
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+
+-#if OPENSSL_VERSION_NUMBER < 0x10002000L
++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
+
+ /* Define missing functions */
+
+@@ -104,7 +104,7 @@ void ECDSA_METHOD_set_sign(ECDSA_METHOD
+
+ /********** Missing ECDH_METHOD functions for OpenSSL < 1.1.0 */
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+
+ /* ecdh_method maintains unchanged layout between 0.9.8 and 1.0.2 */
+
+@@ -156,7 +156,7 @@ static void alloc_ec_ex_index()
+ {
+ if (ec_ex_index == 0) {
+ while (ec_ex_index == 0) /* Workaround for OpenSSL RT3710 */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100002L
++#if OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER)
+ ec_ex_index = EC_KEY_get_ex_new_index(0, "libp11 ec_key",
+ NULL, NULL, NULL);
+ #else
+@@ -265,7 +265,7 @@ static EVP_PKEY *pkcs11_get_evp_key_ec(P
+ EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */
+
+ if (key->isPrivate) {
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ EC_KEY_set_method(ec, PKCS11_get_ec_key_method());
+ #else
+ ECDSA_set_method(ec, PKCS11_get_ecdsa_method());
+@@ -275,7 +275,7 @@ static EVP_PKEY *pkcs11_get_evp_key_ec(P
+ /* TODO: Retrieve the ECDSA private key object attributes instead,
+ * unless the key has the "sensitive" attribute set */
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ EC_KEY_set_ex_data(ec, ec_ex_index, key);
+ #else
+ ECDSA_set_ex_data(ec, ec_ex_index, key);
+@@ -345,14 +345,14 @@ static ECDSA_SIG *pkcs11_ecdsa_sign_sig(
+ (void)kinv; /* Precomputed values are not used for PKCS#11 */
+ (void)rp; /* Precomputed values are not used for PKCS#11 */
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ key = (PKCS11_KEY *)EC_KEY_get_ex_data(ec, ec_ex_index);
+ #else
+ key = (PKCS11_KEY *)ECDSA_get_ex_data(ec, ec_ex_index);
+ #endif
+ if (key == NULL) {
+ sign_sig_fn orig_sign_sig;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ const EC_KEY_METHOD *meth = EC_KEY_OpenSSL();
+ EC_KEY_METHOD_get_sign((EC_KEY_METHOD *)meth,
+ NULL, NULL, &orig_sign_sig);
+@@ -385,7 +385,7 @@ static ECDSA_SIG *pkcs11_ecdsa_sign_sig(
+ sig = ECDSA_SIG_new();
+ if (sig == NULL)
+ return NULL;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ ECDSA_SIG_set0(sig, r, s);
+ #else
+ BN_free(sig->r);
+@@ -515,7 +515,7 @@ static int pkcs11_ecdh_derive(unsigned c
+ return 0;
+ }
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100004L
++#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
+
+ /**
+ * ECDH key derivation method (replaces ossl_ecdh_compute_key)
+@@ -578,7 +578,7 @@ static int pkcs11_ec_ckey(void *out, siz
+ size_t buflen;
+ int rv;
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ key = (PKCS11_KEY *)EC_KEY_get_ex_data(ecdh, ec_ex_index);
+ #else
+ key = (PKCS11_KEY *)ECDSA_get_ex_data((EC_KEY *)ecdh, ec_ex_index);
+@@ -623,7 +623,7 @@ static int pkcs11_ec_ckey(void *out, siz
+ /* New way to allocate an ECDSA_METOD object */
+ /* OpenSSL 1.1 has single method EC_KEY_METHOD for ECDSA and ECDH */
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+
+ EC_KEY_METHOD *PKCS11_get_ec_key_method(void)
+ {
diff --git a/security/libp11/files/patch-src_p11__key.c b/security/libp11/files/patch-src_p11__key.c
new file mode 100644
index 000000000000..c9d65cf061b1
--- /dev/null
+++ b/security/libp11/files/patch-src_p11__key.c
@@ -0,0 +1,47 @@
+--- src/p11_key.c.orig 2017-01-26 21:19:45 UTC
++++ src/p11_key.c
+@@ -138,7 +138,7 @@ int pkcs11_generate_key(PKCS11_TOKEN *to
+ EVP_PKEY *pk;
+ RSA *rsa;
+ BIO *err;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ BIGNUM *exp = NULL;
+ BN_GENCB *gencb = NULL;
+ #endif
+@@ -151,7 +151,7 @@ int pkcs11_generate_key(PKCS11_TOKEN *to
+
+ err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ exp = BN_new();
+ rsa = RSA_new();
+ gencb = BN_GENCB_new();
+@@ -247,7 +247,7 @@ static int pkcs11_store_key(PKCS11_TOKEN
+ pkcs11_addattr_bool(attrs + n++, CKA_VERIFY, TRUE);
+ pkcs11_addattr_bool(attrs + n++, CKA_WRAP, TRUE);
+ }
+-#if OPENSSL_VERSION_NUMBER >= 0x10100003L
++#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
+ if (EVP_PKEY_base_id(pk) == EVP_PKEY_RSA) {
+ RSA *rsa = EVP_PKEY_get1_RSA(pk);
+ #else
+@@ -255,7 +255,7 @@ static int pkcs11_store_key(PKCS11_TOKEN
+ RSA *rsa = pk->pkey.rsa;
+ #endif
+ pkcs11_addattr_int(attrs + n++, CKA_KEY_TYPE, CKK_RSA);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)
+ RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
+ RSA_get0_factors(rsa, &rsa_p, &rsa_q);
+ #else
+@@ -325,7 +325,7 @@ EVP_PKEY *pkcs11_get_key(PKCS11_KEY *key
+ fprintf(stderr, "Missing CKA_ALWAYS_AUTHENTICATE attribute\n");
+ }
+ }
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ EVP_PKEY_up_ref(key->evp_key);
+ #else
+ CRYPTO_add(&key->evp_key->references, 1, CRYPTO_LOCK_EVP_PKEY);
diff --git a/security/libp11/files/patch-src_p11__misc.c b/security/libp11/files/patch-src_p11__misc.c
new file mode 100644
index 000000000000..92bd9e32101d
--- /dev/null
+++ b/security/libp11/files/patch-src_p11__misc.c
@@ -0,0 +1,11 @@
+--- src/p11_misc.c.orig 2017-02-11 19:26:33 UTC
++++ src/p11_misc.c
+@@ -43,7 +43,7 @@ char *pkcs11_strdup(char *mem, size_t si
+ * CRYPTO dynlock wrappers: 0 is an invalid dynamic lock ID
+ */
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100004L
++#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+
+ int CRYPTO_THREAD_lock_new()
+ {
diff --git a/security/libp11/files/patch-src_p11__rsa.c b/security/libp11/files/patch-src_p11__rsa.c
new file mode 100644
index 000000000000..d3e4867c4918
--- /dev/null
+++ b/security/libp11/files/patch-src_p11__rsa.c
@@ -0,0 +1,65 @@
+--- src/p11_rsa.c.orig 2017-01-26 21:19:45 UTC
++++ src/p11_rsa.c
+@@ -29,7 +29,7 @@
+
+ static int rsa_ex_index = 0;
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100003L
++#if OPENSSL_VERSION_NUMBER < 0x10100003L || defined(LIBRESSL_VERSION_NUMBER)
+ #define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa)
+ #endif
+
+@@ -226,7 +226,7 @@ failure:
+ return NULL;
+
+ success:
+-#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)
+ RSA_set0_key(rsa, rsa_n, rsa_e, NULL);
+ #else
+ rsa->n=rsa_n;
+@@ -275,7 +275,7 @@ int pkcs11_get_key_modulus(PKCS11_KEY *k
+
+ if (rsa == NULL)
+ return 0;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)
+ RSA_get0_key(rsa, &rsa_n, NULL, NULL);
+ #else
+ rsa_n=rsa->n;
+@@ -292,7 +292,7 @@ int pkcs11_get_key_exponent(PKCS11_KEY *
+
+ if (rsa == NULL)
+ return 0;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)
+ RSA_get0_key(rsa, NULL, &rsa_e, NULL);
+ #else
+ rsa_e=rsa->e;
+@@ -310,7 +310,7 @@ int pkcs11_get_key_size(PKCS11_KEY *key)
+ return RSA_size(rsa);
+ }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100005L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L || defined(LIBRESSL_VERSION_NUMBER)
+
+ int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
+ (int flen, const unsigned char *from,
+@@ -374,7 +374,7 @@ static void alloc_rsa_ex_index()
+ static void free_rsa_ex_index()
+ {
+ /* CRYPTO_free_ex_index requires OpenSSL version >= 1.1.0-pre1 */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100001L
++#if OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)
+ if (rsa_ex_index > 0) {
+ CRYPTO_free_ex_index(CRYPTO_EX_INDEX_RSA, rsa_ex_index);
+ rsa_ex_index = 0;
+@@ -382,7 +382,7 @@ static void free_rsa_ex_index()
+ #endif
+ }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100005L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L || defined(LIBRESSL_VERSION_NUMBER)
+
+ static RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
+ {