Use autoconf check for BN_GENCB_new()

BIND unconditionally uses shims for BN_GENCB_new(), BN_GENCB_free(),
and BN_GENCB_get_arg() for all LibreSSL versions and, correctly, for
OpenSSL <1.1.0 versions.

This breaks LibreSSL compilation starting with LibreSSL 3.5.0.

Use autoconf check instead to check whether the family of the functions
are available.

(cherry picked from commit 749973f3259b7638a6af02b7da2f40ae28bdd402)

config.h.in

@@ -51,6 +51,9 @@
 /* Define to 1 if you have the `BIO_write_ex' function. */
 #undef HAVE_BIO_WRITE_EX
 
+/* Define to 1 if you have the `BN_GENCB_new' function. */
+#undef HAVE_BN_GENCB_NEW
+
 /* Define to 1 if the compiler supports __builtin_clz. */
 #undef HAVE_BUILTIN_CLZ
 

config.h.win32

@@ -373,6 +373,9 @@ typedef __int64 off_t;
 /* Define to 1 if you have the `BIO_write_ex' function. */
 #define HAVE_BIO_WRITE_EX 1
 
+/* Define to 1 if you have the `BN_GENCB_new' function. */
+#define HAVE_BN_GENCB_NEW 1
+
 /* Define to 1 if you have the `OPENSSL_init_crypto' function. */
 #define HAVE_OPENSSL_INIT_CRYPTO 1
 

configure

@@ -17045,6 +17045,17 @@ _ACEOF
 fi
 done
 
+for ac_func in BN_GENCB_new
+do :
+  ac_fn_c_check_func "$LINENO" "BN_GENCB_new" "ac_cv_func_BN_GENCB_new"
+if test "x$ac_cv_func_BN_GENCB_new" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_BN_GENCB_NEW 1
+_ACEOF
+
+fi
+done
+
 for ac_func in SSL_CTX_up_ref
 do :
   ac_fn_c_check_func "$LINENO" "SSL_CTX_up_ref" "ac_cv_func_SSL_CTX_up_ref"

configure.ac

@@ -848,6 +848,7 @@ AC_CHECK_FUNCS([EVP_MD_CTX_new EVP_MD_CTX_free EVP_MD_CTX_reset])
 AC_CHECK_FUNCS([HMAC_CTX_new HMAC_CTX_free HMAC_CTX_reset HMAC_CTX_get_md])
 AC_CHECK_FUNCS([SSL_read_ex SSL_peek_ex SSL_write_ex])
 AC_CHECK_FUNCS([BIO_read_ex BIO_write_ex])
+AC_CHECK_FUNCS([BN_GENCB_new])
 AC_CHECK_FUNCS([SSL_CTX_up_ref])
 AC_CHECK_FUNCS([SSL_CTX_set_min_proto_version])
 

lib/dns/dst_openssl.h

@@ -25,20 +25,19 @@
 #include <isc/log.h>
 #include <isc/result.h>
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if !HAVE_BN_GENCB_NEW
 /*
  * These are new in OpenSSL 1.1.0.  BN_GENCB _cb needs to be declared in
  * the function like this before the BN_GENCB_new call:
  *
- * #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ * #if !HAVE_BN_GENCB_NEW
  *     	 _cb;
  * #endif
  */
 #define BN_GENCB_free(x)    ((void)0)
 #define BN_GENCB_new()	    (&_cb)
 #define BN_GENCB_get_arg(x) ((x)->arg)
-#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-	* defined(LIBRESSL_VERSION_NUMBER) */
+#endif /* !HAVE_BN_GENCB_NEW */
 
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
 /*

lib/dns/openssldh_link.c

@@ -263,10 +263,9 @@ static isc_result_t
 openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
 	DH *dh = NULL;
 	BN_GENCB *cb;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if !HAVE_BN_GENCB_NEW
 	BN_GENCB _cb;
-#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-	* defined(LIBRESSL_VERSION_NUMBER) */
+#endif /* !HAVE_BN_GENCB_NEW */
 	union {
 		void *dptr;
 		void (*fptr)(int);

lib/dns/opensslrsa_link.c

@@ -453,10 +453,9 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
 	} u;
 	RSA *rsa = RSA_new();
 	BIGNUM *e = BN_new();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if !HAVE_BN_GENCB_NEW
 	BN_GENCB _cb;
-#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-	* defined(LIBRESSL_VERSION_NUMBER) */
+#endif /* !HAVE_BN_GENCB_NEW */
 	BN_GENCB *cb = BN_GENCB_new();
 	EVP_PKEY *pkey = EVP_PKEY_new();