From 29ff62a1492ce3dc702a887e864d00bf1949aed3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Thu, 3 May 2018 13:59:04 +0200 Subject: [PATCH] Add support for LibreSSL 2.7 --- config.h.in | 12 +++++++ configure | 13 +++++++ configure.in | 2 ++ lib/dns/openssldh_link.c | 69 +++++++++++++++++++++++-------------- lib/dns/openssldsa_link.c | 2 +- lib/dns/opensslecdsa_link.c | 11 +++--- lib/dns/opensslrsa_link.c | 36 ++++++++++++------- 7 files changed, 103 insertions(+), 42 deletions(-) diff --git a/config.h.in b/config.h.in index 7e557f9a25..cdb3fa8a3a 100644 --- a/config.h.in +++ b/config.h.in @@ -206,6 +206,9 @@ int sigwait(const unsigned int *set, int *sig); /* Define to 1 if you have the header file. */ #undef HAVE_DEVPOLL_H +/* Define to 1 if you have the `DH_get0_key' function. */ +#undef HAVE_DH_GET0_KEY + /* Define to 1 if you have the `dlclose' function. */ #undef HAVE_DLCLOSE @@ -221,6 +224,12 @@ int sigwait(const unsigned int *set, int *sig); /* Define to 1 to enable dnstap support */ #undef HAVE_DNSTAP +/* Define to 1 if you have the `DSA_get0_pqg' function. */ +#undef HAVE_DSA_GET0_PQG + +/* Define to 1 if you have the `ECDSA_SIG_get0' function. */ +#undef HAVE_ECDSA_SIG_GET0 + /* Define to 1 if you have the header file. */ #undef HAVE_EDITLINE_READLINE_H @@ -419,6 +428,9 @@ int sigwait(const unsigned int *set, int *sig); /* Define to 1 if you have the header file. */ #undef HAVE_REGEX_H +/* Define to 1 if you have the `RSA_set0_key' function. */ +#undef HAVE_RSA_SET0_KEY + /* Define to 1 if you have the header file. */ #undef HAVE_SCHED_H diff --git a/configure b/configure index ca1af58b3d..ade0cdc073 100755 --- a/configure +++ b/configure @@ -16548,6 +16548,19 @@ if eval test \"x\$"$as_ac_var"\" = x"yes"; then : #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF +fi +done + + + for ac_func in DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + fi done diff --git a/configure.in b/configure.in index 87136d0e6c..7221a0ea86 100644 --- a/configure.in +++ b/configure.in @@ -1712,6 +1712,8 @@ DSO_METHOD_dlfcn(); AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512) + AC_CHECK_FUNCS([DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg]) + AC_MSG_CHECKING(for OpenSSL ECDSA support) have_ecdsa="" AC_TRY_RUN([ diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c index e74bee2e2d..0db673dd31 100644 --- a/lib/dns/openssldh_link.c +++ b/lib/dns/openssldh_link.c @@ -71,62 +71,81 @@ static isc_result_t openssldh_todns(const dst_key_t *key, isc_buffer_t *data); static BIGNUM *bn2, *bn768, *bn1024, *bn1536; -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if !defined(HAVE_DH_GET0_KEY) /* * DH_get0_key, DH_set0_key, DH_get0_pqg and DH_set0_pqg * are from OpenSSL 1.1.0. */ static void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) { - if (pub_key != NULL) + if (pub_key != NULL) { *pub_key = dh->pub_key; - if (priv_key != NULL) + } + if (priv_key != NULL) { *priv_key = dh->priv_key; + } } static int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) { - /* Note that it is valid for priv_key to be NULL */ - if (pub_key == NULL) - return 0; + if (pub_key != NULL) { + BN_free(dh->pub_key); + dh->pub_key = pub_key; + } - BN_free(dh->pub_key); - BN_free(dh->priv_key); - dh->pub_key = pub_key; - dh->priv_key = priv_key; + if (priv_key != NULL) { + BN_free(dh->priv_key); + dh->priv_key = priv_key; + } - return 1; + return (1); } static void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) { - if (p != NULL) + if (p != NULL) { *p = dh->p; - if (q != NULL) + } + if (q != NULL) { *q = dh->q; - if (g != NULL) + } + if (g != NULL) { *g = dh->g; + } } static int -DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { - /* q is optional */ - if (p == NULL || g == NULL) - return(0); - BN_free(dh->p); - BN_free(dh->q); - BN_free(dh->g); - dh->p = p; - dh->q = q; - dh->g = g; +DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + /* If the fields p and g in d are NULL, the corresponding input + * parameters MUST be non-NULL. q may remain NULL. + */ + if ((dh->p == NULL && p == NULL) + || (dh->g == NULL && g == NULL)) + { + return 0; + } + + if (p != NULL) { + BN_free(dh->p); + dh->p = p; + } + if (q != NULL) { + BN_free(dh->q); + dh->q = q; + } + if (g != NULL) { + BN_free(dh->g); + dh->g = g; + } if (q != NULL) { dh->length = BN_num_bits(q); } - return(1); + return (1); } #define DH_clear_flags(d, f) (d)->flags &= ~(f) diff --git a/lib/dns/openssldsa_link.c b/lib/dns/openssldsa_link.c index 1c541ae73a..dfbd484247 100644 --- a/lib/dns/openssldsa_link.c +++ b/lib/dns/openssldsa_link.c @@ -52,7 +52,7 @@ static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data); -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if !defined(HAVE_DSA_GET0_PQG) static void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c index a8941a808a..2e47459249 100644 --- a/lib/dns/opensslecdsa_link.c +++ b/lib/dns/opensslecdsa_link.c @@ -45,20 +45,23 @@ #define DST_RET(a) {ret = a; goto err;} -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if !defined(HAVE_ECDSA_SIG_GET0) /* From OpenSSL 1.1 */ static void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) { - if (pr != NULL) + if (pr != NULL) { *pr = sig->r; - if (ps != NULL) + } + if (ps != NULL) { *ps = sig->s; + } } static int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) { - if (r == NULL || s == NULL) + if (r == NULL || s == NULL) { return 0; + } BN_clear_free(sig->r); BN_clear_free(sig->s); diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c index bdb0a3931d..43f6d317bc 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c @@ -123,7 +123,7 @@ #endif #define DST_RET(a) {ret = a; goto err;} -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if !defined(HAVE_RSA_SET0_KEY) /* From OpenSSL 1.1.0 */ static int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { @@ -133,8 +133,9 @@ RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { * parameters MUST be non-NULL for n and e. d may be * left NULL (in case only the public key is used). */ - if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) + if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) { return 0; + } if (n != NULL) { BN_free(r->n); @@ -159,8 +160,9 @@ RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) { * If the fields p and q in r are NULL, the corresponding input * parameters MUST be non-NULL. */ - if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) + if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) { return 0; + } if (p != NULL) { BN_free(r->p); @@ -183,7 +185,9 @@ RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) { if ((r->dmp1 == NULL && dmp1 == NULL) || (r->dmq1 == NULL && dmq1 == NULL) || (r->iqmp == NULL && iqmp == NULL)) + { return 0; + } if (dmp1 != NULL) { BN_free(r->dmp1); @@ -205,32 +209,40 @@ static void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) { - if (n != NULL) + if (n != NULL) { *n = r->n; - if (e != NULL) + } + if (e != NULL) { *e = r->e; - if (d != NULL) + } + if (d != NULL) { *d = r->d; + } } static void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) { - if (p != NULL) + if (p != NULL) { *p = r->p; - if (q != NULL) - *q = r->q; + } + if (q != NULL) { + *q = r->q; + } } static void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp) { - if (dmp1 != NULL) + if (dmp1 != NULL) { *dmp1 = r->dmp1; - if (dmq1 != NULL) + } + if (dmq1 != NULL) { *dmq1 = r->dmq1; - if (iqmp != NULL) + } + if (iqmp != NULL) { *iqmp = r->iqmp; + } } static int