5 files changed, 154 insertions, 0 deletions

diff --git a/security/nmap/files/patch-ncat_ncat__ssl.c b/security/nmap/files/patch-ncat_ncat__ssl.c
new file mode 100644
index 000000000000..db7b5f4366e3
--- /dev/null
+++ b/security/nmap/files/patch-ncat_ncat__ssl.c
@@ -0,0 +1,29 @@
+--- ncat/ncat_ssl.c.orig	2016-08-01 09:34:56 UTC
++++ ncat/ncat_ssl.c
+@@ -315,7 +315,7 @@ static int cert_match_dnsname(X509 *cert
+ 
+     /* We must copy this address into a temporary variable because ASN1_item_d2i
+        increments it. We don't want it to corrupt ext->value->data. */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     data = ext->value->data;
+ #else
+     ASN1_OCTET_STRING* asn1_str = X509_EXTENSION_get_data(ext);
+@@ -328,7 +328,7 @@ static int cert_match_dnsname(X509 *cert
+        presence of null bytes. */
+ #if (OPENSSL_VERSION_NUMBER > 0x00907000L)
+     if (method->it != NULL) {
+-    #if OPENSSL_VERSION_NUMBER < 0x10100000L
++    #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+         gen_names = (STACK_OF(GENERAL_NAME) *) ASN1_item_d2i(NULL,
+             (const unsigned char **) &data,
+             ext->value->length, ASN1_ITEM_ptr(method->it));
+@@ -339,7 +339,7 @@ static int cert_match_dnsname(X509 *cert
+             asn1_str_a->length, ASN1_ITEM_ptr(method->it));
+     #endif
+     } else {
+-    #if OPENSSL_VERSION_NUMBER < 0x10100000L
++    #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+         gen_names = (STACK_OF(GENERAL_NAME) *) method->d2i(NULL,
+             (const unsigned char **) &data,
+             ext->value->length);
diff --git a/security/nmap/files/patch-ncat_test_test-wildcard.c b/security/nmap/files/patch-ncat_test_test-wildcard.c
new file mode 100644
index 000000000000..517575df7d7a
--- /dev/null
+++ b/security/nmap/files/patch-ncat_test_test-wildcard.c
@@ -0,0 +1,11 @@
+--- ncat/test/test-wildcard.c.orig	2016-08-01 09:34:56 UTC
++++ ncat/test/test-wildcard.c
+@@ -253,7 +253,7 @@ static int set_dNSNames(X509 *cert, cons
+         if (gen_name == NULL)
+             goto stack_err;
+         gen_name->type = GEN_DNS;
+-    #if OPENSSL_VERSION_NUMBER < 0x10100000L
++    #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+         gen_name->d.dNSName = M_ASN1_IA5STRING_new();
+     #else
+         gen_name->d.dNSName = ASN1_IA5STRING_new();
diff --git a/security/nmap/files/patch-nping_Crypto.cc b/security/nmap/files/patch-nping_Crypto.cc
new file mode 100644
index 000000000000..1094a929eb16
--- /dev/null
+++ b/security/nmap/files/patch-nping_Crypto.cc
@@ -0,0 +1,38 @@
+--- nping/Crypto.cc.orig	2016-08-01 09:34:56 UTC
++++ nping/Crypto.cc
+@@ -178,7 +178,7 @@ int Crypto::aes128_cbc_encrypt(u8 *inbuf
+   #ifdef HAVE_OPENSSL
+     if( o.doCrypto() ){
+         int flen=0, flen2=0;
+-        #if OPENSSL_VERSION_NUMBER < 0x10100000L
++        #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+           EVP_CIPHER_CTX ctx;
+           EVP_CIPHER_CTX_init(&ctx);
+           EVP_CIPHER_CTX_set_padding(&ctx, 0);
+@@ -231,7 +231,7 @@ int Crypto::aes128_cbc_decrypt(u8 *inbuf
+   #ifdef HAVE_OPENSSL
+     if( o.doCrypto() ){
+         int flen1=0, flen2=0;
+-        #if OPENSSL_VERSION_NUMBER < 0x10100000L
++        #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+           EVP_CIPHER_CTX ctx;
+           EVP_CIPHER_CTX_init(&ctx);
+           EVP_CIPHER_CTX_set_padding(&ctx, 0);
+@@ -286,7 +286,7 @@ int Crypto::aes128_cbc_decrypt(u8 *inbuf
+             //ERR_free_strings();
+             //ERR_pop_to_mark();
+         }
+-        #if OPENSSL_VERSION_NUMBER < 0x10100000L
++        #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+           EVP_CIPHER_CTX_cleanup(&ctx);
+         #else
+           EVP_CIPHER_CTX_reset(ctx);
+@@ -327,7 +327,7 @@ u8 *Crypto::deriveKey(const u8 *from, si
+         static u8 hash[MAX(SHA256_HASH_LEN, EVP_MAX_MD_SIZE)];
+         static u8 next[MAX(SHA256_HASH_LEN, EVP_MAX_MD_SIZE)];
+         unsigned int lastlen;
+-      #if OPENSSL_VERSION_NUMBER < 0x10100000L
++      #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+         EVP_MD_CTX ctx;
+         EVP_MD_CTX_init(&ctx);
+ 
diff --git a/security/nmap/files/patch-nse__openssl.cc b/security/nmap/files/patch-nse__openssl.cc
new file mode 100644
index 000000000000..b652b7f38a94
--- /dev/null
+++ b/security/nmap/files/patch-nse__openssl.cc
@@ -0,0 +1,47 @@
+--- nse_openssl.cc.orig	2016-08-01 09:34:56 UTC
++++ nse_openssl.cc
+@@ -281,7 +281,7 @@ static int l_digest(lua_State *L)     /*
+   const unsigned char *msg = (unsigned char *) luaL_checklstring( L, 2, &msg_len );
+   unsigned char digest[EVP_MAX_MD_SIZE];
+   const EVP_MD * evp_md;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_MD_CTX mdctx;
+ #else
+   EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
+@@ -291,7 +291,7 @@ static int l_digest(lua_State *L)     /*
+ 
+   if (!evp_md) return luaL_error( L, "Unknown digest algorithm: %s", algorithm );
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_MD_CTX_init(&mdctx);
+   if (!(
+       EVP_DigestInit_ex( &mdctx, evp_md, NULL ) &&
+@@ -394,7 +394,7 @@ static int l_encrypt(lua_State *L) /** e
+   if (iv[0] == '\0')
+     iv = NULL;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX cipher_ctx;
+   EVP_CIPHER_CTX_init( &cipher_ctx );
+ 
+@@ -496,7 +496,7 @@ static int l_decrypt(lua_State *L) /** d
+   if (iv[0] == '\0')
+     iv = NULL;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   EVP_CIPHER_CTX cipher_ctx;
+   EVP_CIPHER_CTX_init( &cipher_ctx );
+ 
+@@ -684,7 +684,7 @@ static const struct luaL_Reg openssllib[
+ LUALIB_API int luaopen_openssl(lua_State *L) {
+ 
+   OpenSSL_add_all_algorithms();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   ERR_load_crypto_strings();
+ #else
+   /* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation 
diff --git a/security/nmap/files/patch-nse__ssl__cert.cc b/security/nmap/files/patch-nse__ssl__cert.cc
new file mode 100644
index 000000000000..97c43d3ccb23
--- /dev/null
+++ b/security/nmap/files/patch-nse__ssl__cert.cc
@@ -0,0 +1,29 @@
+--- nse_ssl_cert.cc.orig	2016-08-30 16:07:08 UTC
++++ nse_ssl_cert.cc
+@@ -528,7 +528,7 @@ static int parse_ssl_cert(lua_State *L, 
+     lua_setfield(L, -2, "subject");
+   }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   const char *sig_algo = OBJ_nid2ln(OBJ_obj2nid(cert->sig_alg->algorithm));
+ #else
+   const char *sig_algo = OBJ_nid2ln(X509_get_signature_nid(cert));
+@@ -555,7 +555,7 @@ static int parse_ssl_cert(lua_State *L, 
+     return 2;
+   }
+   lua_newtable(L);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   pkey_type = EVP_PKEY_type(pubkey->type);
+ #else
+   pkey_type = EVP_PKEY_base_id(pubkey);
+@@ -572,7 +572,7 @@ static int parse_ssl_cert(lua_State *L, 
+     bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t));
+     luaL_getmetatable( L, "BIGNUM" );
+     lua_setmetatable( L, -2 );
+-  #if OPENSSL_VERSION_NUMBER < 0x10100000L
++  #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     data->bn = rsa->e;
+   #elif OPENSSL_VERSION_NUMBER < 0x10100006L
+     BIGNUM *n, *e, *d;