FreeBSD Bugzilla – Attachment 177577 Details for
Bug 214982
[PATCH] dns/bind910: openssl 1.1 compatibility
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to fix openssl 1.1. compatibilty
fix-dns-bind910-openssl11-compat.patch (text/plain), 47.69 KB, created by
Melvyn Sopacua
on 2016-12-01 14:22:37 UTC
(
hide
)
Description:
Patch to fix openssl 1.1. compatibilty
Filename:
MIME Type:
Creator:
Melvyn Sopacua
Created:
2016-12-01 14:22:37 UTC
Size:
47.69 KB
patch
obsolete
>diff --git a/dns/bind910/Makefile b/dns/bind910/Makefile >index 78c9667..ecc82b6 100644 >--- dns/bind910/Makefile.orig >+++ dns/bind910/Makefile >@@ -31,7 +31,7 @@ LICENSE= ISCL > # ISC releases things like 9.8.0-P1, which our versioning doesn't like > ISCVERSION= 9.10.4-P4 > >-USES= cpe libedit >+USES= cpe libedit autoreconf libtool > > CPE_VENDOR= isc > CPE_VERSION= ${ISCVERSION:C/-.*//} >diff --git a/dns/bind910/files/patch-openssl_1.1.0-compat b/dns/bind910/files/patch-openssl_1.1.0-compat >new file mode 100644 >index 0000000..233ab6f >--- /dev/null >+++ dns/bind910/files/patch-openssl_1.1.0-compat >@@ -0,0 +1,1717 @@ >+From 61399410964d61aec3609a1bc76fd260268b3ade Mon Sep 17 00:00:00 2001 >+From: Kurt Roeckx <kurt@roeckx.be> >+Date: Wed, 31 Aug 2016 23:00:39 +0200 >+Subject: [PATCH] Add OpenSSL 1.1.0 support >+ >+--- >+ configure.in | 6 +- >+ lib/dns/openssl_link.c | 38 ++++--- >+ lib/dns/openssldh_link.c | 255 +++++++++++++++++++++++++++++--------------- >+ lib/dns/openssldsa_link.c | 170 +++++++++++++++++++++-------- >+ lib/dns/opensslecdsa_link.c | 31 ++++-- >+ lib/dns/opensslrsa_link.c | 246 ++++++++++++++++++++++++++++++------------ >+ lib/isc/aes.c | 36 +++---- >+ 8 files changed, 554 insertions(+), 248 deletions(-) >+ >+Index: bind9-9.10.3.dfsg.P4/configure.in >+=================================================================== >+--- configure.in.orig >++++ configure.in >+@@ -1546,15 +1546,13 @@ shared library configuration (e.g., LD_L >+ AC_MSG_CHECKING(whether linking with OpenSSL requires -ldl) >+ AC_TRY_LINK([ >+ #include <openssl/err.h> >+-#include <openssl/dso.h> >+ ], >+-[ DSO_METHOD_dlfcn(); ], >++[ ERR_clear_error(); ], >+ [AC_MSG_RESULT(no)], >+ [LIBS="$LIBS -ldl" >+ AC_TRY_LINK([ >+ #include <openssl/err.h> >+-#include <openssl/dso.h> >+-],[ DSO_METHOD_dlfcn(); ], >++],[ ERR_clear_error(); ], >+ [AC_MSG_RESULT(yes) >+ DST_OPENSSL_LIBS="$DST_OPENSSL_LIBS -ldl" >+ ], >+Index: bind9-9.10.3.dfsg.P4/lib/dns/openssl_link.c >+=================================================================== >+--- lib/dns/openssl_link.c.orig 2016-10-21 07:10:54.000000000 +0200 >++++ lib/dns/openssl_link.c 2016-12-01 13:49:51.176571694 +0100 >+@@ -58,8 +58,10 @@ >+ >+ static RAND_METHOD *rm = NULL; >+ >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >+ static isc_mutex_t *locks = NULL; >+ static int nlocks; >++#endif >+ >+ #ifdef USE_ENGINE >+ static ENGINE *e = NULL; >+@@ -111,6 +113,7 @@ >+ } >+ #endif >+ >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >+ static void >+ lock_callback(int mode, int type, const char *file, int line) { >+ UNUSED(file); >+@@ -120,6 +123,7 @@ >+ else >+ UNLOCK(&locks[type]); >+ } >++#endif >+ >+ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ static unsigned long >+@@ -129,7 +133,11 @@ >+ #endif >+ >+ static void * >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >+ mem_alloc(size_t size) { >++#else >++mem_alloc(size_t size, const char *file, int line) { >++#endif >+ #ifdef OPENSSL_LEAKS >+ void *ptr; >+ >+@@ -143,14 +151,22 @@ >+ } >+ >+ static void >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >+ mem_free(void *ptr) { >++#else >++mem_free(void *ptr, const char *file, int line) { >++#endif >+ INSIST(dst__memory_pool != NULL); >+ if (ptr != NULL) >+ isc_mem_free(dst__memory_pool, ptr); >+ } >+ >+ static void * >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >+ mem_realloc(void *ptr, size_t size) { >++#else >++mem_realloc(void *ptr, size_t size, const char *file, int line) { >++#endif >+ #ifdef OPENSSL_LEAKS >+ void *rptr; >+ >+@@ -179,6 +195,7 @@ >+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); >+ #endif >+ CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free); >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >+ nlocks = CRYPTO_num_locks(); >+ locks = mem_alloc(sizeof(isc_mutex_t) * nlocks); >+ if (locks == NULL) >+@@ -187,13 +204,12 @@ >+ if (result != ISC_R_SUCCESS) >+ goto cleanup_mutexalloc; >+ CRYPTO_set_locking_callback(lock_callback); >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ CRYPTO_set_id_callback(id_callback); >+ #endif >+ >+ ERR_load_crypto_strings(); >+ >+- rm = mem_alloc(sizeof(RAND_METHOD)); >++ rm = malloc(sizeof(RAND_METHOD)); >+ if (rm == NULL) { >+ result = ISC_R_NOMEMORY; >+ goto cleanup_mutexinit; >+@@ -263,11 +279,13 @@ >+ rm = NULL; >+ #endif >+ cleanup_mutexinit: >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >+ CRYPTO_set_locking_callback(NULL); >+ DESTROYMUTEXBLOCK(locks, nlocks); >+ cleanup_mutexalloc: >+ mem_free(locks); >+ locks = NULL; >++#endif >+ return (result); >+ } >+ >+@@ -280,7 +298,7 @@ >+ #if OPENSSL_VERSION_NUMBER >= 0x00907000L >+ RAND_cleanup(); >+ #endif >+- mem_free(rm); >++ free(rm); >+ rm = NULL; >+ } >+ #if (OPENSSL_VERSION_NUMBER >= 0x00907000L) >+@@ -309,21 +327,20 @@ >+ CRYPTO_mem_leaks_fp(stderr); >+ #endif >+ >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >+ if (locks != NULL) { >+ CRYPTO_set_locking_callback(NULL); >+ DESTROYMUTEXBLOCK(locks, nlocks); >+ mem_free(locks); >+ locks = NULL; >+ } >++#endif >+ } >+ >+ static isc_result_t >+ toresult(isc_result_t fallback) { >+ isc_result_t result = fallback; >+ unsigned long err = ERR_get_error(); >+-#ifdef HAVE_OPENSSL_ECDSA >+- int lib = ERR_GET_LIB(err); >+-#endif >+ int reason = ERR_GET_REASON(err); >+ >+ switch (reason) { >+@@ -335,13 +352,6 @@ >+ result = ISC_R_NOMEMORY; >+ break; >+ default: >+-#ifdef HAVE_OPENSSL_ECDSA >+- if (lib == ERR_R_ECDSA_LIB && >+- reason == ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED) { >+- result = ISC_R_NOENTROPY; >+- break; >+- } >+-#endif >+ break; >+ } >+ >+Index: bind9-9.10.3.dfsg.P4/lib/dns/openssldh_link.c >+=================================================================== >+--- lib/dns/openssldh_link.c.orig >++++ lib/dns/openssldh_link.c >+@@ -81,6 +81,7 @@ openssldh_computesecret(const dst_key_t >+ int ret; >+ isc_region_t r; >+ unsigned int len; >++ const BIGNUM *pub_key; >+ >+ REQUIRE(pub->keydata.dh != NULL); >+ REQUIRE(priv->keydata.dh != NULL); >+@@ -92,7 +93,12 @@ openssldh_computesecret(const dst_key_t >+ isc_buffer_availableregion(secret, &r); >+ if (r.length < len) >+ return (ISC_R_NOSPACE); >+- ret = DH_compute_key(r.base, dhpub->pub_key, dhpriv); >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ pub_key = dhpub->pub_key; >++#else >++ DH_get0_key(dhpub, &pub_key, NULL); >++#endif >++ ret = DH_compute_key(r.base, pub_key, dhpriv); >+ if (ret <= 0) >+ return (dst__openssl_toresult2("DH_compute_key", >+ DST_R_COMPUTESECRETFAILURE)); >+@@ -104,6 +110,9 @@ static isc_boolean_t >+ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) { >+ int status; >+ DH *dh1, *dh2; >++ const BIGNUM *p1, *p2, *g1, *g2; >++ const BIGNUM *pub_key1, *pub_key2; >++ const BIGNUM *priv_key1, *priv_key2; >+ >+ dh1 = key1->keydata.dh; >+ dh2 = key2->keydata.dh; >+@@ -113,17 +122,33 @@ openssldh_compare(const dst_key_t *key1, >+ else if (dh1 == NULL || dh2 == NULL) >+ return (ISC_FALSE); >+ >+- status = BN_cmp(dh1->p, dh2->p) || >+- BN_cmp(dh1->g, dh2->g) || >+- BN_cmp(dh1->pub_key, dh2->pub_key); >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ pub_key1 = dh1->pub_key; >++ pub_key2 = dh2->pub_key; >++ priv_key1 = dh1->priv_key; >++ priv_key2 = dh2->priv_key; >++ p1 = dh1->p; >++ g1 = dh1->g; >++ p2 = dh2->p; >++ g2 = dh2->g; >++#else >++ DH_get0_key(dh1, &pub_key1, &priv_key1); >++ DH_get0_key(dh2, &pub_key2, &priv_key2); >++ DH_get0_pqg(dh1, &p1, NULL, &g1); >++ DH_get0_pqg(dh2, &p2, NULL, &g2); >++#endif >++ >++ status = BN_cmp(p1, p2) || >++ BN_cmp(g1, g2) || >++ BN_cmp(pub_key1, pub_key2); >+ >+ if (status != 0) >+ return (ISC_FALSE); >+ >+- if (dh1->priv_key != NULL || dh2->priv_key != NULL) { >+- if (dh1->priv_key == NULL || dh2->priv_key == NULL) >++ if (priv_key1 != NULL || priv_key2 != NULL) { >++ if (priv_key1 == NULL || priv_key2 == NULL) >+ return (ISC_FALSE); >+- if (BN_cmp(dh1->priv_key, dh2->priv_key) != 0) >++ if (BN_cmp(priv_key1, priv_key2) != 0) >+ return (ISC_FALSE); >+ } >+ return (ISC_TRUE); >+@@ -133,6 +158,7 @@ static isc_boolean_t >+ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) { >+ int status; >+ DH *dh1, *dh2; >++ const BIGNUM *p1, *p2, *g1, *g2; >+ >+ dh1 = key1->keydata.dh; >+ dh2 = key2->keydata.dh; >+@@ -142,8 +168,18 @@ openssldh_paramcompare(const dst_key_t * >+ else if (dh1 == NULL || dh2 == NULL) >+ return (ISC_FALSE); >+ >+- status = BN_cmp(dh1->p, dh2->p) || >+- BN_cmp(dh1->g, dh2->g); >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ p1 = dh1->p; >++ g1 = dh1->g; >++ p2 = dh2->p; >++ g2 = dh2->g; >++#else >++ DH_get0_pqg(dh1, &p1, NULL, &g1); >++ DH_get0_pqg(dh2, &p2, NULL, &g2); >++#endif >++ >++ status = BN_cmp(p1, p2) || >++ BN_cmp(g1, g2); >+ >+ if (status != 0) >+ return (ISC_FALSE); >+@@ -190,16 +226,29 @@ openssldh_generate(dst_key_t *key, int g >+ key->key_size == 1024 || >+ key->key_size == 1536) >+ { >++ BIGNUM *p = NULL, *g = NULL; >+ dh = DH_new(); >+ if (dh == NULL) >+ return (dst__openssl_toresult(ISC_R_NOMEMORY)); >+ if (key->key_size == 768) >+- dh->p = bn768; >++ p = BN_dup(bn768); >+ else if (key->key_size == 1024) >+- dh->p = bn1024; >++ p = BN_dup(bn1024); >+ else >+- dh->p = bn1536; >+- dh->g = bn2; >++ p = BN_dup(bn1536); >++ g = BN_dup(bn2); >++ if (p == NULL || g == NULL) { >++ DH_free(dh); >++ BN_free(p); >++ BN_free(g); >++ return (dst__openssl_toresult(ISC_R_NOMEMORY)); >++ } >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ dh->p = p; >++ dh->g = g; >++#else >++ DH_set0_pqg(dh, p, NULL, g); >++#endif >+ } else >+ generator = 2; >+ } >+@@ -247,7 +296,11 @@ openssldh_generate(dst_key_t *key, int g >+ return (dst__openssl_toresult2("DH_generate_key", >+ DST_R_OPENSSLFAILURE)); >+ } >++#if OPENSSL_VERSION_NUMBER >= 0x10100000L >++ DH_clear_flags(dh, DH_FLAG_CACHE_MONT_P); >++#else >+ dh->flags &= ~DH_FLAG_CACHE_MONT_P; >++#endif >+ >+ key->keydata.dh = dh; >+ >+@@ -257,20 +310,23 @@ openssldh_generate(dst_key_t *key, int g >+ static isc_boolean_t >+ openssldh_isprivate(const dst_key_t *key) { >+ DH *dh = key->keydata.dh; >+- return (ISC_TF(dh != NULL && dh->priv_key != NULL)); >++ const BIGNUM *priv_key; >++ >++ if (dh == NULL) { >++ return ISC_FALSE; >++ } >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ priv_key = dh->priv_key; >++#else >++ DH_get0_key(dh, NULL, &priv_key); >++#endif >++ return (ISC_TF(priv_key != NULL)); >+ } >+ >+ static void >+ openssldh_destroy(dst_key_t *key) { >+ DH *dh = key->keydata.dh; >+ >+- if (dh == NULL) >+- return; >+- >+- if (dh->p == bn768 || dh->p == bn1024 || dh->p == bn1536) >+- dh->p = NULL; >+- if (dh->g == bn2) >+- dh->g = NULL; >+ DH_free(dh); >+ key->keydata.dh = NULL; >+ } >+@@ -301,47 +357,58 @@ openssldh_todns(const dst_key_t *key, is >+ DH *dh; >+ isc_region_t r; >+ isc_uint16_t dnslen, plen, glen, publen; >++ const BIGNUM *p, *g; >++ const BIGNUM *pub_key; >+ >+ REQUIRE(key->keydata.dh != NULL); >+ >+ dh = key->keydata.dh; >+ >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ p = dh->p; >++ g = dh->g; >++ pub_key = dh->pub_key; >++#else >++ DH_get0_pqg(dh, &p, NULL, &g); >++ DH_get0_key(dh, &pub_key, NULL); >++#endif >++ >+ isc_buffer_availableregion(data, &r); >+ >+- if (dh->g == bn2 && >+- (dh->p == bn768 || dh->p == bn1024 || dh->p == bn1536)) { >++ if (BN_cmp(g, bn2) == 0 && >++ (BN_cmp(p, bn768) == 0 || BN_cmp(p, bn1024) == 0 || BN_cmp(p, bn1536) == 0)) { >+ plen = 1; >+ glen = 0; >+ } >+ else { >+- plen = BN_num_bytes(dh->p); >+- glen = BN_num_bytes(dh->g); >++ plen = BN_num_bytes(p); >++ glen = BN_num_bytes(g); >+ } >+- publen = BN_num_bytes(dh->pub_key); >++ publen = BN_num_bytes(pub_key); >+ dnslen = plen + glen + publen + 6; >+ if (r.length < (unsigned int) dnslen) >+ return (ISC_R_NOSPACE); >+ >+ uint16_toregion(plen, &r); >+ if (plen == 1) { >+- if (dh->p == bn768) >++ if (BN_cmp(p, bn768) == 0) >+ *r.base = 1; >+- else if (dh->p == bn1024) >++ else if (BN_cmp(p, bn1024) == 0) >+ *r.base = 2; >+ else >+ *r.base = 3; >+ } >+ else >+- BN_bn2bin(dh->p, r.base); >++ BN_bn2bin(p, r.base); >+ isc_region_consume(&r, plen); >+ >+ uint16_toregion(glen, &r); >+ if (glen > 0) >+- BN_bn2bin(dh->g, r.base); >++ BN_bn2bin(g, r.base); >+ isc_region_consume(&r, glen); >+ >+ uint16_toregion(publen, &r); >+- BN_bn2bin(dh->pub_key, r.base); >++ BN_bn2bin(pub_key, r.base); >+ isc_region_consume(&r, publen); >+ >+ isc_buffer_add(data, dnslen); >+@@ -355,6 +422,8 @@ openssldh_fromdns(dst_key_t *key, isc_bu >+ isc_region_t r; >+ isc_uint16_t plen, glen, publen; >+ int special = 0; >++ BIGNUM *p, *g; >++ BIGNUM *pub_key; >+ >+ isc_buffer_remainingregion(data, &r); >+ if (r.length == 0) >+@@ -363,7 +432,11 @@ openssldh_fromdns(dst_key_t *key, isc_bu >+ dh = DH_new(); >+ if (dh == NULL) >+ return (dst__openssl_toresult(ISC_R_NOMEMORY)); >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >+ dh->flags &= ~DH_FLAG_CACHE_MONT_P; >++#else >++ DH_clear_flags(dh, DH_FLAG_CACHE_MONT_P); >++#endif >+ >+ /* >+ * Read the prime length. 1 & 2 are table entries, > 16 means a >+@@ -391,20 +464,20 @@ openssldh_fromdns(dst_key_t *key, isc_bu >+ } >+ switch (special) { >+ case 1: >+- dh->p = bn768; >++ p = BN_dup(bn768); >+ break; >+ case 2: >+- dh->p = bn1024; >++ p = BN_dup(bn1024); >+ break; >+ case 3: >+- dh->p = bn1536; >++ p = BN_dup(bn1536); >+ break; >+ default: >+ DH_free(dh); >+ return (DST_R_INVALIDPUBLICKEY); >+ } >+ } else { >+- dh->p = BN_bin2bn(r.base, plen, NULL); >++ p = BN_bin2bn(r.base, plen, NULL); >+ isc_region_consume(&r, plen); >+ } >+ >+@@ -414,35 +487,42 @@ openssldh_fromdns(dst_key_t *key, isc_bu >+ * special, we have a problem. >+ */ >+ if (r.length < 2) { >++ BN_free(p); >+ DH_free(dh); >+ return (DST_R_INVALIDPUBLICKEY); >+ } >+ glen = uint16_fromregion(&r); >+ if (r.length < glen) { >++ BN_free(p); >+ DH_free(dh); >+ return (DST_R_INVALIDPUBLICKEY); >+ } >+ if (special != 0) { >+ if (glen == 0) >+- dh->g = bn2; >++ g = BN_dup(bn2); >+ else { >+- dh->g = BN_bin2bn(r.base, glen, NULL); >+- if (BN_cmp(dh->g, bn2) == 0) { >+- BN_free(dh->g); >+- dh->g = bn2; >+- } >+- else { >++ g = BN_bin2bn(r.base, glen, NULL); >++ if (BN_cmp(g, bn2) != 0) { >++ BN_free(p); >++ BN_free(g); >+ DH_free(dh); >+ return (DST_R_INVALIDPUBLICKEY); >+ } >+ } >+ } else { >+ if (glen == 0) { >++ BN_free(p); >+ DH_free(dh); >+ return (DST_R_INVALIDPUBLICKEY); >+ } >+- dh->g = BN_bin2bn(r.base, glen, NULL); >++ g = BN_bin2bn(r.base, glen, NULL); >+ } >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ dh->p = p; >++ dh->g = g; >++#else >++ DH_set0_pqg(dh, p, NULL, g); >++#endif >+ isc_region_consume(&r, glen); >+ >+ if (r.length < 2) { >+@@ -454,10 +534,15 @@ openssldh_fromdns(dst_key_t *key, isc_bu >+ DH_free(dh); >+ return (DST_R_INVALIDPUBLICKEY); >+ } >+- dh->pub_key = BN_bin2bn(r.base, publen, NULL); >++ pub_key = BN_bin2bn(r.base, publen, NULL); >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ dh->pub_key = pub_key; >++#else >++ DH_set0_key(dh, pub_key, NULL); >++#endif >+ isc_region_consume(&r, publen); >+ >+- key->key_size = BN_num_bits(dh->p); >++ key->key_size = BN_num_bits(p); >+ >+ isc_buffer_forward(data, plen + glen + publen + 6); >+ >+@@ -473,6 +558,8 @@ openssldh_tofile(const dst_key_t *key, c >+ dst_private_t priv; >+ unsigned char *bufs[4]; >+ isc_result_t result; >++ const BIGNUM *p, *g; >++ const BIGNUM *pub_key, *priv_key; >+ >+ if (key->keydata.dh == NULL) >+ return (DST_R_NULLKEY); >+@@ -481,10 +568,19 @@ openssldh_tofile(const dst_key_t *key, c >+ return (DST_R_EXTERNALKEY); >+ >+ dh = key->keydata.dh; >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ p = dh->p; >++ g = dh->g; >++ pub_key = dh->pub_key; >++ priv_key = dh->priv_key; >++#else >++ DH_get0_pqg(dh, &p, NULL, &g); >++ DH_get0_key(dh, &pub_key, &priv_key); >++#endif >+ >+ memset(bufs, 0, sizeof(bufs)); >+ for (i = 0; i < 4; i++) { >+- bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(dh->p)); >++ bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(p)); >+ if (bufs[i] == NULL) { >+ result = ISC_R_NOMEMORY; >+ goto fail; >+@@ -494,26 +590,26 @@ openssldh_tofile(const dst_key_t *key, c >+ i = 0; >+ >+ priv.elements[i].tag = TAG_DH_PRIME; >+- priv.elements[i].length = BN_num_bytes(dh->p); >+- BN_bn2bin(dh->p, bufs[i]); >++ priv.elements[i].length = BN_num_bytes(p); >++ BN_bn2bin(p, bufs[i]); >+ priv.elements[i].data = bufs[i]; >+ i++; >+ >+ priv.elements[i].tag = TAG_DH_GENERATOR; >+- priv.elements[i].length = BN_num_bytes(dh->g); >+- BN_bn2bin(dh->g, bufs[i]); >++ priv.elements[i].length = BN_num_bytes(g); >++ BN_bn2bin(g, bufs[i]); >+ priv.elements[i].data = bufs[i]; >+ i++; >+ >+ priv.elements[i].tag = TAG_DH_PRIVATE; >+- priv.elements[i].length = BN_num_bytes(dh->priv_key); >+- BN_bn2bin(dh->priv_key, bufs[i]); >++ priv.elements[i].length = BN_num_bytes(priv_key); >++ BN_bn2bin(priv_key, bufs[i]); >+ priv.elements[i].data = bufs[i]; >+ i++; >+ >+ priv.elements[i].tag = TAG_DH_PUBLIC; >+- priv.elements[i].length = BN_num_bytes(dh->pub_key); >+- BN_bn2bin(dh->pub_key, bufs[i]); >++ priv.elements[i].length = BN_num_bytes(pub_key); >++ BN_bn2bin(pub_key, bufs[i]); >+ priv.elements[i].data = bufs[i]; >+ i++; >+ >+@@ -523,7 +619,7 @@ openssldh_tofile(const dst_key_t *key, c >+ for (i = 0; i < 4; i++) { >+ if (bufs[i] == NULL) >+ break; >+- isc_mem_put(key->mctx, bufs[i], BN_num_bytes(dh->p)); >++ isc_mem_put(key->mctx, bufs[i], BN_num_bytes(p)); >+ } >+ return (result); >+ } >+@@ -536,6 +632,7 @@ openssldh_parse(dst_key_t *key, isc_lex_ >+ DH *dh = NULL; >+ isc_mem_t *mctx; >+ #define DST_RET(a) {ret = a; goto err;} >++ BIGNUM *p = NULL, *g = NULL, *priv_key = NULL, *pub_key = NULL; >+ >+ UNUSED(pub); >+ mctx = key->mctx; >+@@ -551,7 +648,11 @@ openssldh_parse(dst_key_t *key, isc_lex_ >+ dh = DH_new(); >+ if (dh == NULL) >+ DST_RET(ISC_R_NOMEMORY); >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >+ dh->flags &= ~DH_FLAG_CACHE_MONT_P; >++#else >++ DH_clear_flags(dh, DH_FLAG_CACHE_MONT_P); >++#endif >+ key->keydata.dh = dh; >+ >+ for (i = 0; i < priv.nelements; i++) { >+@@ -563,47 +664,31 @@ openssldh_parse(dst_key_t *key, isc_lex_ >+ >+ switch (priv.elements[i].tag) { >+ case TAG_DH_PRIME: >+- dh->p = bn; >++ p = bn; >+ break; >+ case TAG_DH_GENERATOR: >+- dh->g = bn; >++ g = bn; >+ break; >+ case TAG_DH_PRIVATE: >+- dh->priv_key = bn; >++ priv_key = bn; >+ break; >+ case TAG_DH_PUBLIC: >+- dh->pub_key = bn; >++ pub_key = bn; >+ break; >+ } >+ } >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ dh->p = p; >++ dh->g = g; >++ dh->priv_key = priv_key; >++ dh->pub_key = pub_key; >++#else >++ DH_set0_pqg(dh, p, NULL, g); >++ DH_set0_key(dh, pub_key, priv_key); >++#endif >+ dst__privstruct_free(&priv, mctx); >+ >+- key->key_size = BN_num_bits(dh->p); >+- >+- if ((key->key_size == 768 || >+- key->key_size == 1024 || >+- key->key_size == 1536) && >+- BN_cmp(dh->g, bn2) == 0) >+- { >+- if (key->key_size == 768 && BN_cmp(dh->p, bn768) == 0) { >+- BN_free(dh->p); >+- BN_free(dh->g); >+- dh->p = bn768; >+- dh->g = bn2; >+- } else if (key->key_size == 1024 && >+- BN_cmp(dh->p, bn1024) == 0) { >+- BN_free(dh->p); >+- BN_free(dh->g); >+- dh->p = bn1024; >+- dh->g = bn2; >+- } else if (key->key_size == 1536 && >+- BN_cmp(dh->p, bn1536) == 0) { >+- BN_free(dh->p); >+- BN_free(dh->g); >+- dh->p = bn1536; >+- dh->g = bn2; >+- } >+- } >++ key->key_size = BN_num_bits(p); >+ >+ return (ISC_R_SUCCESS); >+ >+Index: bind9-9.10.3.dfsg.P4/lib/dns/openssldsa_link.c >+=================================================================== >+--- lib/dns/openssldsa_link.c.orig >++++ lib/dns/openssldsa_link.c >+@@ -53,6 +53,31 @@ >+ >+ static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data); >+ >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++static void >++DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) { >++ if (p != NULL) >++ *p = d->p; >++ if (q != NULL) >++ *q = d->q; >++ if (g != NULL) >++ *g = d->g; >++} >++ >++static void >++DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) { >++ if (pub_key != NULL) >++ *pub_key = d->pub_key; >++ if (priv_key != NULL) >++ *priv_key = d->priv_key; >++} >++ >++static void >++DSA_clear_flags(DSA *d, int flags) { >++ d->flags &= ~flags; >++} >++#endif >++ >+ static isc_result_t >+ openssldsa_createctx(dst_key_t *key, dst_context_t *dctx) { >+ #if USE_EVP >+@@ -64,7 +89,7 @@ openssldsa_createctx(dst_key_t *key, dst >+ if (evp_md_ctx == NULL) >+ return (ISC_R_NOMEMORY); >+ >+- if (!EVP_DigestInit_ex(evp_md_ctx, EVP_dss1(), NULL)) { >++ if (!EVP_DigestInit_ex(evp_md_ctx, EVP_sha1(), NULL)) { >+ EVP_MD_CTX_destroy(evp_md_ctx); >+ return (ISC_R_FAILURE); >+ } >+@@ -121,7 +146,7 @@ openssldsa_adddata(dst_context_t *dctx, >+ } >+ >+ static int >+-BN_bn2bin_fixed(BIGNUM *bn, unsigned char *buf, int size) { >++BN_bn2bin_fixed(const BIGNUM *bn, unsigned char *buf, int size) { >+ int bytes = size - BN_num_bytes(bn); >+ while (bytes-- > 0) >+ *buf++ = 0; >+@@ -136,6 +161,7 @@ openssldsa_sign(dst_context_t *dctx, isc >+ isc_region_t r; >+ DSA_SIG *dsasig; >+ unsigned int klen; >++ const BIGNUM *sig_r, *sig_s; >+ #if USE_EVP >+ EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; >+ EVP_PKEY *pkey; >+@@ -216,9 +242,15 @@ openssldsa_sign(dst_context_t *dctx, isc >+ *r.base = klen; >+ isc_region_consume(&r, 1); >+ >+- BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH); >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ sig_r = dsasig->r; >++ sig_s = dsasig->s; >++#else >++ DSA_SIG_get0(dsasig, &sig_r, &sig_s); >++#endif >++ BN_bn2bin_fixed(sig_r, r.base, ISC_SHA1_DIGESTLENGTH); >+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); >+- BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH); >++ BN_bn2bin_fixed(sig_s, r.base, ISC_SHA1_DIGESTLENGTH); >+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); >+ DSA_SIG_free(dsasig); >+ isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1); >+@@ -233,6 +265,7 @@ openssldsa_verify(dst_context_t *dctx, c >+ int status = 0; >+ unsigned char *cp = sig->base; >+ DSA_SIG *dsasig; >++ BIGNUM *r, *s; >+ #if USE_EVP >+ EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; >+ #if 0 >+@@ -265,9 +298,15 @@ openssldsa_verify(dst_context_t *dctx, c >+ dsasig = DSA_SIG_new(); >+ if (dsasig == NULL) >+ return (ISC_R_NOMEMORY); >+- dsasig->r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL); >++ r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL); >+ cp += ISC_SHA1_DIGESTLENGTH; >+- dsasig->s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL); >++ s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL); >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ dsasig->r = r; >++ dsasig->s = s; >++#else >++ DSA_SIG_set0(dsasig, r, s); >++#endif >+ >+ #if 0 >+ pkey = EVP_PKEY_new(); >+@@ -308,6 +347,8 @@ static isc_boolean_t >+ openssldsa_compare(const dst_key_t *key1, const dst_key_t *key2) { >+ int status; >+ DSA *dsa1, *dsa2; >++ const BIGNUM *p1, *q1, *g1, *pub_key1, *priv_key1; >++ const BIGNUM *p2, *q2, *g2, *pub_key2, *priv_key2; >+ >+ dsa1 = key1->keydata.dsa; >+ dsa2 = key2->keydata.dsa; >+@@ -317,18 +358,23 @@ openssldsa_compare(const dst_key_t *key1 >+ else if (dsa1 == NULL || dsa2 == NULL) >+ return (ISC_FALSE); >+ >+- status = BN_cmp(dsa1->p, dsa2->p) || >+- BN_cmp(dsa1->q, dsa2->q) || >+- BN_cmp(dsa1->g, dsa2->g) || >+- BN_cmp(dsa1->pub_key, dsa2->pub_key); >++ DSA_get0_pqg(dsa1, &p1, &q1, &g1); >++ DSA_get0_pqg(dsa2, &p2, &q2, &g2); >++ DSA_get0_key(dsa1, &pub_key1, &priv_key1); >++ DSA_get0_key(dsa2, &pub_key2, &priv_key2); >++ >++ status = BN_cmp(p1, p2) || >++ BN_cmp(q1, q2) || >++ BN_cmp(g1, g2) || >++ BN_cmp(pub_key1, pub_key2); >+ >+ if (status != 0) >+ return (ISC_FALSE); >+ >+- if (dsa1->priv_key != NULL || dsa2->priv_key != NULL) { >+- if (dsa1->priv_key == NULL || dsa2->priv_key == NULL) >++ if (priv_key1 != NULL || priv_key2 != NULL) { >++ if (priv_key1 == NULL || priv_key2 == NULL) >+ return (ISC_FALSE); >+- if (BN_cmp(dsa1->priv_key, dsa2->priv_key)) >++ if (BN_cmp(priv_key1, priv_key2)) >+ return (ISC_FALSE); >+ } >+ return (ISC_TRUE); >+@@ -420,7 +466,7 @@ openssldsa_generate(dst_key_t *key, int >+ return (dst__openssl_toresult2("DSA_generate_key", >+ DST_R_OPENSSLFAILURE)); >+ } >+- dsa->flags &= ~DSA_FLAG_CACHE_MONT_P; >++ DSA_clear_flags(dsa, DSA_FLAG_CACHE_MONT_P); >+ >+ key->keydata.dsa = dsa; >+ >+@@ -430,7 +476,12 @@ openssldsa_generate(dst_key_t *key, int >+ static isc_boolean_t >+ openssldsa_isprivate(const dst_key_t *key) { >+ DSA *dsa = key->keydata.dsa; >+- return (ISC_TF(dsa != NULL && dsa->priv_key != NULL)); >++ const BIGNUM *priv_key; >++ >++ if (dsa == NULL) >++ return (ISC_FALSE); >++ DSA_get0_key(dsa, NULL, &priv_key); >++ return (ISC_TF(priv_key != NULL)); >+ } >+ >+ static void >+@@ -447,14 +498,18 @@ openssldsa_todns(const dst_key_t *key, i >+ isc_region_t r; >+ int dnslen; >+ unsigned int t, p_bytes; >++ const BIGNUM *p, *q, *g, *pub_key; >+ >+ REQUIRE(key->keydata.dsa != NULL); >+ >+ dsa = key->keydata.dsa; >+ >++ DSA_get0_pqg(dsa, &p, &q, &g); >++ DSA_get0_key(dsa, &pub_key, NULL); >++ >+ isc_buffer_availableregion(data, &r); >+ >+- t = (BN_num_bytes(dsa->p) - 64) / 8; >++ t = (BN_num_bytes(p) - 64) / 8; >+ if (t > 8) >+ return (DST_R_INVALIDPUBLICKEY); >+ p_bytes = 64 + 8 * t; >+@@ -465,13 +520,13 @@ openssldsa_todns(const dst_key_t *key, i >+ >+ *r.base = t; >+ isc_region_consume(&r, 1); >+- BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH); >++ BN_bn2bin_fixed(q, r.base, ISC_SHA1_DIGESTLENGTH); >+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); >+- BN_bn2bin_fixed(dsa->p, r.base, key->key_size/8); >++ BN_bn2bin_fixed(p, r.base, key->key_size/8); >+ isc_region_consume(&r, p_bytes); >+- BN_bn2bin_fixed(dsa->g, r.base, key->key_size/8); >++ BN_bn2bin_fixed(g, r.base, key->key_size/8); >+ isc_region_consume(&r, p_bytes); >+- BN_bn2bin_fixed(dsa->pub_key, r.base, key->key_size/8); >++ BN_bn2bin_fixed(pub_key, r.base, key->key_size/8); >+ isc_region_consume(&r, p_bytes); >+ >+ isc_buffer_add(data, dnslen); >+@@ -485,6 +540,7 @@ openssldsa_fromdns(dst_key_t *key, isc_b >+ isc_region_t r; >+ unsigned int t, p_bytes; >+ isc_mem_t *mctx = key->mctx; >++ BIGNUM *p, *q, *g, *pub_key; >+ >+ UNUSED(mctx); >+ >+@@ -495,7 +551,7 @@ openssldsa_fromdns(dst_key_t *key, isc_b >+ dsa = DSA_new(); >+ if (dsa == NULL) >+ return (ISC_R_NOMEMORY); >+- dsa->flags &= ~DSA_FLAG_CACHE_MONT_P; >++ DSA_clear_flags(dsa, DSA_FLAG_CACHE_MONT_P); >+ >+ t = (unsigned int) *r.base; >+ isc_region_consume(&r, 1); >+@@ -510,18 +566,32 @@ openssldsa_fromdns(dst_key_t *key, isc_b >+ return (DST_R_INVALIDPUBLICKEY); >+ } >+ >+- dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL); >++ q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL); >+ isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); >+ >+- dsa->p = BN_bin2bn(r.base, p_bytes, NULL); >++ p = BN_bin2bn(r.base, p_bytes, NULL); >+ isc_region_consume(&r, p_bytes); >+ >+- dsa->g = BN_bin2bn(r.base, p_bytes, NULL); >++ g = BN_bin2bn(r.base, p_bytes, NULL); >+ isc_region_consume(&r, p_bytes); >+ >+- dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL); >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ dsa->p = p; >++ dsa->q = q; >++ dsa->g = g; >++#else >++ DSA_set0_pqg(dsa, p, q, g); >++#endif >++ >++ pub_key = BN_bin2bn(r.base, p_bytes, NULL); >+ isc_region_consume(&r, p_bytes); >+ >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ dsa->pub_key = pub_key; >++#else >++ DSA_set0_key(dsa, pub_key, NULL); >++#endif >++ >+ key->key_size = p_bytes * 8; >+ >+ isc_buffer_forward(data, 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes); >+@@ -538,6 +608,7 @@ openssldsa_tofile(const dst_key_t *key, >+ DSA *dsa; >+ dst_private_t priv; >+ unsigned char bufs[5][128]; >++ const BIGNUM *p, *q, *g, *pub_key, *priv_key; >+ >+ if (key->keydata.dsa == NULL) >+ return (DST_R_NULLKEY); >+@@ -549,33 +620,36 @@ openssldsa_tofile(const dst_key_t *key, >+ >+ dsa = key->keydata.dsa; >+ >++ DSA_get0_pqg(dsa, &p, &q, &g); >++ DSA_get0_key(dsa, &pub_key, &priv_key); >++ >+ priv.elements[cnt].tag = TAG_DSA_PRIME; >+- priv.elements[cnt].length = BN_num_bytes(dsa->p); >+- BN_bn2bin(dsa->p, bufs[cnt]); >++ priv.elements[cnt].length = BN_num_bytes(p); >++ BN_bn2bin(p, bufs[cnt]); >+ priv.elements[cnt].data = bufs[cnt]; >+ cnt++; >+ >+ priv.elements[cnt].tag = TAG_DSA_SUBPRIME; >+- priv.elements[cnt].length = BN_num_bytes(dsa->q); >+- BN_bn2bin(dsa->q, bufs[cnt]); >++ priv.elements[cnt].length = BN_num_bytes(q); >++ BN_bn2bin(q, bufs[cnt]); >+ priv.elements[cnt].data = bufs[cnt]; >+ cnt++; >+ >+ priv.elements[cnt].tag = TAG_DSA_BASE; >+- priv.elements[cnt].length = BN_num_bytes(dsa->g); >+- BN_bn2bin(dsa->g, bufs[cnt]); >++ priv.elements[cnt].length = BN_num_bytes(g); >++ BN_bn2bin(g, bufs[cnt]); >+ priv.elements[cnt].data = bufs[cnt]; >+ cnt++; >+ >+ priv.elements[cnt].tag = TAG_DSA_PRIVATE; >+- priv.elements[cnt].length = BN_num_bytes(dsa->priv_key); >+- BN_bn2bin(dsa->priv_key, bufs[cnt]); >++ priv.elements[cnt].length = BN_num_bytes(priv_key); >++ BN_bn2bin(priv_key, bufs[cnt]); >+ priv.elements[cnt].data = bufs[cnt]; >+ cnt++; >+ >+ priv.elements[cnt].tag = TAG_DSA_PUBLIC; >+- priv.elements[cnt].length = BN_num_bytes(dsa->pub_key); >+- BN_bn2bin(dsa->pub_key, bufs[cnt]); >++ priv.elements[cnt].length = BN_num_bytes(pub_key); >++ BN_bn2bin(pub_key, bufs[cnt]); >+ priv.elements[cnt].data = bufs[cnt]; >+ cnt++; >+ >+@@ -591,6 +665,7 @@ openssldsa_parse(dst_key_t *key, isc_lex >+ DSA *dsa = NULL; >+ isc_mem_t *mctx = key->mctx; >+ #define DST_RET(a) {ret = a; goto err;} >++ BIGNUM *p = NULL, *g = NULL, *q = NULL, *pub_key = NULL, *priv_key = NULL; >+ >+ /* read private key file */ >+ ret = dst__privstruct_parse(key, DST_ALG_DSA, lexer, mctx, &priv); >+@@ -613,7 +688,7 @@ openssldsa_parse(dst_key_t *key, isc_lex >+ dsa = DSA_new(); >+ if (dsa == NULL) >+ DST_RET(ISC_R_NOMEMORY); >+- dsa->flags &= ~DSA_FLAG_CACHE_MONT_P; >++ DSA_clear_flags(dsa, DSA_FLAG_CACHE_MONT_P); >+ key->keydata.dsa = dsa; >+ >+ for (i = 0; i < priv.nelements; i++) { >+@@ -625,25 +700,36 @@ openssldsa_parse(dst_key_t *key, isc_lex >+ >+ switch (priv.elements[i].tag) { >+ case TAG_DSA_PRIME: >+- dsa->p = bn; >++ p = bn; >+ break; >+ case TAG_DSA_SUBPRIME: >+- dsa->q = bn; >++ q = bn; >+ break; >+ case TAG_DSA_BASE: >+- dsa->g = bn; >++ g = bn; >+ break; >+ case TAG_DSA_PRIVATE: >+- dsa->priv_key = bn; >++ priv_key = bn; >+ break; >+ case TAG_DSA_PUBLIC: >+- dsa->pub_key = bn; >++ pub_key = bn; >+ break; >+ } >+ } >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ dsa->p = p; >++ dsa->q = q; >++ dsa->g = g; >++ dsa->pub_key = pub_key; >++ dsa->priv_key = priv_key; >++#else >++ DSA_set0_pqg(dsa, p, q, g); >++ DSA_set0_key(dsa, pub_key, priv_key); >++#endif >++ >+ dst__privstruct_free(&priv, mctx); >+ memset(&priv, 0, sizeof(priv)); >+- key->key_size = BN_num_bits(dsa->p); >++ key->key_size = BN_num_bits(p); >+ return (ISC_R_SUCCESS); >+ >+ err: >+Index: bind9-9.10.3.dfsg.P4/lib/dns/opensslecdsa_link.c >+=================================================================== >+--- lib/dns/opensslecdsa_link.c.orig >++++ lib/dns/opensslecdsa_link.c >+@@ -110,7 +110,7 @@ opensslecdsa_adddata(dst_context_t *dctx >+ } >+ >+ static int >+-BN_bn2bin_fixed(BIGNUM *bn, unsigned char *buf, int size) { >++BN_bn2bin_fixed(const BIGNUM *bn, unsigned char *buf, int size) { >+ int bytes = size - BN_num_bytes(bn); >+ >+ while (bytes-- > 0) >+@@ -130,6 +130,7 @@ opensslecdsa_sign(dst_context_t *dctx, i >+ EC_KEY *eckey = EVP_PKEY_get1_EC_KEY(pkey); >+ unsigned int dgstlen, siglen; >+ unsigned char digest[EVP_MAX_MD_SIZE]; >++ const BIGNUM *sig_r, *sig_s; >+ >+ REQUIRE(key->key_alg == DST_ALG_ECDSA256 || >+ key->key_alg == DST_ALG_ECDSA384); >+@@ -156,9 +157,17 @@ opensslecdsa_sign(dst_context_t *dctx, i >+ DST_RET(dst__openssl_toresult3(dctx->category, >+ "ECDSA_do_sign", >+ DST_R_SIGNFAILURE)); >+- BN_bn2bin_fixed(ecdsasig->r, r.base, siglen / 2); >++ >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ sig_r = ecdsasig->r; >++ sig_s = ecdsasig->s; >++#else >++ ECDSA_SIG_get0(ecdsasig, &sig_r, &sig_s); >++#endif >++ >++ BN_bn2bin_fixed(sig_r, r.base, siglen / 2); >+ isc_region_consume(&r, siglen / 2); >+- BN_bn2bin_fixed(ecdsasig->s, r.base, siglen / 2); >++ BN_bn2bin_fixed(sig_s, r.base, siglen / 2); >+ isc_region_consume(&r, siglen / 2); >+ ECDSA_SIG_free(ecdsasig); >+ isc_buffer_add(sig, siglen); >+@@ -182,6 +191,7 @@ opensslecdsa_verify(dst_context_t *dctx, >+ EC_KEY *eckey = EVP_PKEY_get1_EC_KEY(pkey); >+ unsigned int dgstlen, siglen; >+ unsigned char digest[EVP_MAX_MD_SIZE]; >++ BIGNUM *r, *s; >+ >+ REQUIRE(key->key_alg == DST_ALG_ECDSA256 || >+ key->key_alg == DST_ALG_ECDSA384); >+@@ -205,15 +215,18 @@ opensslecdsa_verify(dst_context_t *dctx, >+ ecdsasig = ECDSA_SIG_new(); >+ if (ecdsasig == NULL) >+ DST_RET (ISC_R_NOMEMORY); >+- if (ecdsasig->r != NULL) >+- BN_free(ecdsasig->r); >+- ecdsasig->r = BN_bin2bn(cp, siglen / 2, NULL); >++ r = BN_bin2bn(cp, siglen / 2, NULL); >+ cp += siglen / 2; >+- if (ecdsasig->s != NULL) >+- BN_free(ecdsasig->s); >+- ecdsasig->s = BN_bin2bn(cp, siglen / 2, NULL); >++ s = BN_bin2bn(cp, siglen / 2, NULL); >+ /* cp += siglen / 2; */ >+ >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ ecdsasig->r = r; >++ ecdsasig->s = s; >++#else >++ ECDSA_SIG_set0(ecdsasig, r, s); >++#endif >++ >+ status = ECDSA_do_verify(digest, dgstlen, ecdsasig, eckey); >+ switch (status) { >+ case 1: >+Index: bind9-9.10.3.dfsg.P4/lib/dns/opensslrsa_link.c >+=================================================================== >+--- lib/dns/opensslrsa_link.c.orig >++++ lib/dns/opensslrsa_link.c >+@@ -56,6 +56,42 @@ >+ #include <openssl/engine.h> >+ #endif >+ >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++static void >++RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) { >++ if (n != NULL) >++ *n = r->n; >++ if (e != NULL) >++ *e = r->e; >++ if (d != NULL) >++ *d = r->d; >++} >++ >++static void >++RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) { >++ if (p != NULL) >++ *p = r->p; >++ if (q != NULL) >++ *q = r->q; >++} >++ >++static void >++RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp) { >++ if (dmp1 != NULL) >++ *dmp1 = r->dmp1; >++ if (dmq1 != NULL) >++ *dmq1 = r->dmq1; >++ if (iqmp != NULL) >++ *iqmp = r->iqmp; >++} >++ >++static int >++RSA_test_flags(const RSA *r, int flags) { >++ return r->flags & flags; >++} >++ >++#endif >++ >+ /* >+ * Limit the size of public exponents. >+ */ >+@@ -107,6 +143,7 @@ >+ (rsa)->flags &= ~RSA_FLAG_BLINDING; \ >+ } while (0) >+ #elif defined(RSA_FLAG_NO_BLINDING) >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >+ #define SET_FLAGS(rsa) \ >+ do { \ >+ (rsa)->flags &= ~RSA_FLAG_BLINDING; \ >+@@ -115,6 +152,13 @@ >+ #else >+ #define SET_FLAGS(rsa) \ >+ do { \ >++ RSA_clear_flags(rsa, RSA_FLAG_BLINDING); \ >++ RSA_set_flags(rsa, RSA_FLAG_NO_BLINDING); \ >++ } while (0) >++#endif >++#else >++#define SET_FLAGS(rsa) \ >++ do { \ >+ (rsa)->flags &= ~RSA_FLAG_BLINDING; \ >+ } while (0) >+ #endif >+@@ -521,6 +565,7 @@ opensslrsa_verify2(dst_context_t *dctx, >+ EVP_PKEY *pkey = key->keydata.pkey; >+ RSA *rsa; >+ int bits; >++ const BIGNUM *e; >+ #else >+ /* note: ISC_SHA512_DIGESTLENGTH >= ISC_*_DIGESTLENGTH */ >+ unsigned char digest[ISC_SHA512_DIGESTLENGTH]; >+@@ -543,7 +588,9 @@ opensslrsa_verify2(dst_context_t *dctx, >+ rsa = EVP_PKEY_get1_RSA(pkey); >+ if (rsa == NULL) >+ return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); >+- bits = BN_num_bits(rsa->e); >++ >++ RSA_get0_key(rsa, NULL, &e, NULL); >++ bits = BN_num_bits(e); >+ RSA_free(rsa); >+ if (bits > maxbits && maxbits != 0) >+ return (DST_R_VERIFYFAILURE); >+@@ -687,6 +734,7 @@ opensslrsa_compare(const dst_key_t *key1 >+ RSA *rsa1 = NULL, *rsa2 = NULL; >+ #if USE_EVP >+ EVP_PKEY *pkey1, *pkey2; >++ const BIGNUM *n1, *n2, *e1, *e2, *d1, *d2, *p1, *p2, *q1, *q2; >+ #endif >+ >+ #if USE_EVP >+@@ -714,17 +762,22 @@ opensslrsa_compare(const dst_key_t *key1 >+ else if (rsa1 == NULL || rsa2 == NULL) >+ return (ISC_FALSE); >+ >+- status = BN_cmp(rsa1->n, rsa2->n) || >+- BN_cmp(rsa1->e, rsa2->e); >++ RSA_get0_key(rsa1, &n1, &e1, &d1); >++ RSA_get0_key(rsa2, &n2, &e2, &d2); >++ RSA_get0_factors(rsa1, &p1, &q1); >++ RSA_get0_factors(rsa2, &p2, &q2); >++ >++ status = BN_cmp(n1, n2) || >++ BN_cmp(e1, e2); >+ >+ if (status != 0) >+ return (ISC_FALSE); >+ >+ #if USE_EVP >+- if ((rsa1->flags & RSA_FLAG_EXT_PKEY) != 0 || >+- (rsa2->flags & RSA_FLAG_EXT_PKEY) != 0) { >+- if ((rsa1->flags & RSA_FLAG_EXT_PKEY) == 0 || >+- (rsa2->flags & RSA_FLAG_EXT_PKEY) == 0) >++ if (RSA_test_flags(rsa1, RSA_FLAG_EXT_PKEY) != 0 || >++ RSA_test_flags(rsa2, RSA_FLAG_EXT_PKEY) != 0) { >++ if (RSA_test_flags(rsa1, RSA_FLAG_EXT_PKEY) == 0 || >++ RSA_test_flags(rsa2, RSA_FLAG_EXT_PKEY) == 0) >+ return (ISC_FALSE); >+ /* >+ * Can't compare private parameters, BTW does it make sense? >+@@ -733,12 +786,12 @@ opensslrsa_compare(const dst_key_t *key1 >+ } >+ #endif >+ >+- if (rsa1->d != NULL || rsa2->d != NULL) { >+- if (rsa1->d == NULL || rsa2->d == NULL) >++ if (d1 != NULL || d2 != NULL) { >++ if (d1 == NULL || d2 == NULL) >+ return (ISC_FALSE); >+- status = BN_cmp(rsa1->d, rsa2->d) || >+- BN_cmp(rsa1->p, rsa2->p) || >+- BN_cmp(rsa1->q, rsa2->q); >++ status = BN_cmp(d1, d2) || >++ BN_cmp(p1, p2) || >++ BN_cmp(q1, q2); >+ >+ if (status != 0) >+ return (ISC_FALSE); >+@@ -889,9 +942,15 @@ opensslrsa_isprivate(const dst_key_t *ke >+ #else >+ RSA *rsa = key->keydata.rsa; >+ #endif >+- if (rsa != NULL && (rsa->flags & RSA_FLAG_EXT_PKEY) != 0) >++ const BIGNUM *d; >++ >++ if (rsa != NULL && RSA_test_flags(rsa, RSA_FLAG_EXT_PKEY) != 0) >+ return (ISC_TRUE); >+- return (ISC_TF(rsa != NULL && rsa->d != NULL)); >++ if (rsa == NULL) >++ return (ISC_FALSE); >++ >++ RSA_get0_key(rsa, NULL, NULL, &d); >++ return (ISC_TF(d != NULL)); >+ } >+ >+ static void >+@@ -918,6 +977,7 @@ opensslrsa_todns(const dst_key_t *key, i >+ #if USE_EVP >+ EVP_PKEY *pkey; >+ #endif >++ const BIGNUM *n, *e; >+ >+ #if USE_EVP >+ REQUIRE(key->keydata.pkey != NULL); >+@@ -936,8 +996,9 @@ opensslrsa_todns(const dst_key_t *key, i >+ >+ isc_buffer_availableregion(data, &r); >+ >+- e_bytes = BN_num_bytes(rsa->e); >+- mod_bytes = BN_num_bytes(rsa->n); >++ RSA_get0_key(rsa, &n, &e, NULL); >++ e_bytes = BN_num_bytes(e); >++ mod_bytes = BN_num_bytes(n); >+ >+ if (e_bytes < 256) { /*%< key exponent is <= 2040 bits */ >+ if (r.length < 1) >+@@ -955,9 +1016,9 @@ opensslrsa_todns(const dst_key_t *key, i >+ if (r.length < e_bytes + mod_bytes) >+ DST_RET(ISC_R_NOSPACE); >+ >+- BN_bn2bin(rsa->e, r.base); >++ BN_bn2bin(e, r.base); >+ isc_region_consume(&r, e_bytes); >+- BN_bn2bin(rsa->n, r.base); >++ BN_bn2bin(n, r.base); >+ >+ isc_buffer_add(data, e_bytes + mod_bytes); >+ >+@@ -979,6 +1040,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_b >+ #if USE_EVP >+ EVP_PKEY *pkey; >+ #endif >++ BIGNUM *n, *e; >+ >+ isc_buffer_remainingregion(data, &r); >+ if (r.length == 0) >+@@ -1012,12 +1074,19 @@ opensslrsa_fromdns(dst_key_t *key, isc_b >+ RSA_free(rsa); >+ return (DST_R_INVALIDPUBLICKEY); >+ } >+- rsa->e = BN_bin2bn(r.base, e_bytes, NULL); >++ e = BN_bin2bn(r.base, e_bytes, NULL); >+ isc_region_consume(&r, e_bytes); >+ >+- rsa->n = BN_bin2bn(r.base, r.length, NULL); >++ n = BN_bin2bn(r.base, r.length, NULL); >++ >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ rsa->n = n; >++ rsa->e = e; >++#else >++ RSA_set0_key(rsa, n, e, NULL); >++#endif >+ >+- key->key_size = BN_num_bits(rsa->n); >++ key->key_size = BN_num_bits(n); >+ >+ isc_buffer_forward(data, length); >+ >+@@ -1048,6 +1117,8 @@ opensslrsa_tofile(const dst_key_t *key, >+ dst_private_t priv; >+ unsigned char *bufs[8]; >+ isc_result_t result; >++ const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; >++ >+ >+ #if USE_EVP >+ if (key->keydata.pkey == NULL) >+@@ -1068,8 +1139,12 @@ opensslrsa_tofile(const dst_key_t *key, >+ goto fail; >+ } >+ >++ RSA_get0_key(rsa, &n, &e, &d); >++ RSA_get0_factors(rsa, &p, &q); >++ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); >++ >+ for (i = 0; i < 8; i++) { >+- bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(rsa->n)); >++ bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(n)); >+ if (bufs[i] == NULL) { >+ result = ISC_R_NOMEMORY; >+ goto fail; >+@@ -1079,61 +1154,61 @@ opensslrsa_tofile(const dst_key_t *key, >+ i = 0; >+ >+ priv.elements[i].tag = TAG_RSA_MODULUS; >+- priv.elements[i].length = BN_num_bytes(rsa->n); >+- BN_bn2bin(rsa->n, bufs[i]); >++ priv.elements[i].length = BN_num_bytes(n); >++ BN_bn2bin(n, bufs[i]); >+ priv.elements[i].data = bufs[i]; >+ i++; >+ >+ priv.elements[i].tag = TAG_RSA_PUBLICEXPONENT; >+- priv.elements[i].length = BN_num_bytes(rsa->e); >+- BN_bn2bin(rsa->e, bufs[i]); >++ priv.elements[i].length = BN_num_bytes(e); >++ BN_bn2bin(e, bufs[i]); >+ priv.elements[i].data = bufs[i]; >+ i++; >+ >+- if (rsa->d != NULL) { >++ if (d != NULL) { >+ priv.elements[i].tag = TAG_RSA_PRIVATEEXPONENT; >+- priv.elements[i].length = BN_num_bytes(rsa->d); >+- BN_bn2bin(rsa->d, bufs[i]); >++ priv.elements[i].length = BN_num_bytes(d); >++ BN_bn2bin(d, bufs[i]); >+ priv.elements[i].data = bufs[i]; >+ i++; >+ } >+ >+- if (rsa->p != NULL) { >++ if (p != NULL) { >+ priv.elements[i].tag = TAG_RSA_PRIME1; >+- priv.elements[i].length = BN_num_bytes(rsa->p); >+- BN_bn2bin(rsa->p, bufs[i]); >++ priv.elements[i].length = BN_num_bytes(p); >++ BN_bn2bin(p, bufs[i]); >+ priv.elements[i].data = bufs[i]; >+ i++; >+ } >+ >+- if (rsa->q != NULL) { >++ if (q != NULL) { >+ priv.elements[i].tag = TAG_RSA_PRIME2; >+- priv.elements[i].length = BN_num_bytes(rsa->q); >+- BN_bn2bin(rsa->q, bufs[i]); >++ priv.elements[i].length = BN_num_bytes(q); >++ BN_bn2bin(q, bufs[i]); >+ priv.elements[i].data = bufs[i]; >+ i++; >+ } >+ >+- if (rsa->dmp1 != NULL) { >++ if (dmp1 != NULL) { >+ priv.elements[i].tag = TAG_RSA_EXPONENT1; >+- priv.elements[i].length = BN_num_bytes(rsa->dmp1); >+- BN_bn2bin(rsa->dmp1, bufs[i]); >++ priv.elements[i].length = BN_num_bytes(dmp1); >++ BN_bn2bin(dmp1, bufs[i]); >+ priv.elements[i].data = bufs[i]; >+ i++; >+ } >+ >+- if (rsa->dmq1 != NULL) { >++ if (dmq1 != NULL) { >+ priv.elements[i].tag = TAG_RSA_EXPONENT2; >+- priv.elements[i].length = BN_num_bytes(rsa->dmq1); >+- BN_bn2bin(rsa->dmq1, bufs[i]); >++ priv.elements[i].length = BN_num_bytes(dmq1); >++ BN_bn2bin(dmq1, bufs[i]); >+ priv.elements[i].data = bufs[i]; >+ i++; >+ } >+ >+- if (rsa->iqmp != NULL) { >++ if (iqmp != NULL) { >+ priv.elements[i].tag = TAG_RSA_COEFFICIENT; >+- priv.elements[i].length = BN_num_bytes(rsa->iqmp); >+- BN_bn2bin(rsa->iqmp, bufs[i]); >++ priv.elements[i].length = BN_num_bytes(iqmp); >++ BN_bn2bin(iqmp, bufs[i]); >+ priv.elements[i].data = bufs[i]; >+ i++; >+ } >+@@ -1162,7 +1237,7 @@ opensslrsa_tofile(const dst_key_t *key, >+ for (i = 0; i < 8; i++) { >+ if (bufs[i] == NULL) >+ break; >+- isc_mem_put(key->mctx, bufs[i], BN_num_bytes(rsa->n)); >++ isc_mem_put(key->mctx, bufs[i], BN_num_bytes(n)); >+ } >+ return (result); >+ } >+@@ -1170,25 +1245,37 @@ opensslrsa_tofile(const dst_key_t *key, >+ static isc_result_t >+ rsa_check(RSA *rsa, RSA *pub) >+ { >++ const BIGNUM *rsa_n, *rsa_e, *pub_n, *pub_e; >++ >+ /* Public parameters should be the same but if they are not set >+ * copy them from the public key. */ >++ >++ RSA_get0_key(rsa, &rsa_n, &rsa_e, NULL); >++ >+ if (pub != NULL) { >+- if (rsa->n != NULL) { >+- if (BN_cmp(rsa->n, pub->n) != 0) >++ RSA_get0_key(pub, &pub_n, &pub_e, NULL); >++ >++ if (rsa_n != NULL && pub_n != NULL) { >++ if (BN_cmp(rsa_n, pub_n) != 0) >+ return (DST_R_INVALIDPRIVATEKEY); >+- } else { >+- rsa->n = pub->n; >+- pub->n = NULL; >+- } >+- if (rsa->e != NULL) { >+- if (BN_cmp(rsa->e, pub->e) != 0) >++ } else if (rsa_e != NULL && pub_e != NULL) { >++ if (BN_cmp(rsa_e, pub_e) != 0) >+ return (DST_R_INVALIDPRIVATEKEY); >+- } else { >+- rsa->e = pub->e; >+- pub->e = NULL; >++ } else if (rsa_e == NULL || rsa_n == NULL) { >++ BIGNUM *new_n, *new_e; >++ if (pub_e == NULL || pub_n == NULL) >++ return (DST_R_INVALIDPRIVATEKEY); >++ rsa_n = new_n = BN_dup(pub_n); >++ rsa_e = new_e = BN_dup(pub_e); >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ rsa->n = new_n; >++ rsa->e = new_e; >++#else >++ RSA_set0_key(rsa, new_n, new_e, NULL); >++#endif >+ } >+ } >+- if (rsa->n == NULL || rsa->e == NULL) >++ if (rsa_n == NULL || rsa_e == NULL) >+ return (DST_R_INVALIDPRIVATEKEY); >+ return (ISC_R_SUCCESS); >+ } >+@@ -1200,13 +1287,14 @@ opensslrsa_parse(dst_key_t *key, isc_lex >+ int i; >+ RSA *rsa = NULL, *pubrsa = NULL; >+ #ifdef USE_ENGINE >+- ENGINE *e = NULL; >++ ENGINE *eng = NULL; >+ #endif >+ isc_mem_t *mctx = key->mctx; >+ const char *engine = NULL, *label = NULL; >+ #if defined(USE_ENGINE) || USE_EVP >+ EVP_PKEY *pkey = NULL; >+ #endif >++ BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; >+ >+ /* read private key file */ >+ ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv); >+@@ -1257,10 +1345,10 @@ opensslrsa_parse(dst_key_t *key, isc_lex >+ #ifdef USE_ENGINE >+ if (engine == NULL) >+ DST_RET(DST_R_NOENGINE); >+- e = dst__openssl_getengine(engine); >+- if (e == NULL) >++ eng = dst__openssl_getengine(engine); >++ if (eng == NULL) >+ DST_RET(DST_R_NOENGINE); >+- pkey = ENGINE_load_private_key(e, label, NULL, NULL); >++ pkey = ENGINE_load_private_key(eng, label, NULL, NULL); >+ if (pkey == NULL) >+ DST_RET(dst__openssl_toresult2( >+ "ENGINE_load_private_key", >+@@ -1328,39 +1416,55 @@ opensslrsa_parse(dst_key_t *key, isc_lex >+ >+ switch (priv.elements[i].tag) { >+ case TAG_RSA_MODULUS: >+- rsa->n = bn; >++ n = bn; >+ break; >+ case TAG_RSA_PUBLICEXPONENT: >+- rsa->e = bn; >++ e = bn; >+ break; >+ case TAG_RSA_PRIVATEEXPONENT: >+- rsa->d = bn; >++ d = bn; >+ break; >+ case TAG_RSA_PRIME1: >+- rsa->p = bn; >++ p = bn; >+ break; >+ case TAG_RSA_PRIME2: >+- rsa->q = bn; >++ q = bn; >+ break; >+ case TAG_RSA_EXPONENT1: >+- rsa->dmp1 = bn; >++ dmp1 = bn; >+ break; >+ case TAG_RSA_EXPONENT2: >+- rsa->dmq1 = bn; >++ dmq1 = bn; >+ break; >+ case TAG_RSA_COEFFICIENT: >+- rsa->iqmp = bn; >++ iqmp = bn; >+ break; >+ } >+ } >++ >++#if OPENSSL_VERSION_NUMBER < 0x10100000L >++ rsa->n = n; >++ rsa->e = e; >++ rsa->d = d; >++ rsa->p = p; >++ rsa->q = q; >++ rsa->dmp1 = dmp1; >++ rsa->dmq1 = dmq1; >++ rsa->iqmp = iqmp; >++#else >++ RSA_set0_key(rsa, n, e, d); >++ RSA_set0_factors(rsa, p, q); >++ RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp); >++#endif >++ >+ dst__privstruct_free(&priv, mctx); >+ memset(&priv, 0, sizeof(priv)); >+ >+ if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS) >+ DST_RET(DST_R_INVALIDPRIVATEKEY); >+- if (BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) >++ if (BN_num_bits(e) > RSA_MAX_PUBEXP_BITS) >+ DST_RET(ISC_R_RANGE); >+- key->key_size = BN_num_bits(rsa->n); >++ key->key_size = BN_num_bits(n); >+ if (pubrsa != NULL) >+ RSA_free(pubrsa); >+ #if USE_EVP >+Index: bind9-9.10.3.dfsg.P4/lib/isc/aes.c >+=================================================================== >+--- lib/isc/aes.c.orig >++++ lib/isc/aes.c >+@@ -36,48 +36,48 @@ void >+ isc_aes128_crypt(const unsigned char *key, const unsigned char *in, >+ unsigned char *out) >+ { >+- EVP_CIPHER_CTX c; >++ EVP_CIPHER_CTX *c = EVP_CIPHER_CTX_new(); >+ int len; >+ >+- EVP_CIPHER_CTX_init(&c); >+- RUNTIME_CHECK(EVP_EncryptInit(&c, EVP_aes_128_ecb(), key, NULL) == 1); >+- EVP_CIPHER_CTX_set_padding(&c, 0); >+- RUNTIME_CHECK(EVP_EncryptUpdate(&c, out, &len, in, >++ RUNTIME_CHECK(c != NULL); >++ RUNTIME_CHECK(EVP_EncryptInit(c, EVP_aes_128_ecb(), key, NULL) == 1); >++ EVP_CIPHER_CTX_set_padding(c, 0); >++ RUNTIME_CHECK(EVP_EncryptUpdate(c, out, &len, in, >+ ISC_AES_BLOCK_LENGTH) == 1); >+ RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH); >+- RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(&c) == 1); >++ EVP_CIPHER_CTX_free(c); >+ } >+ >+ void >+ isc_aes192_crypt(const unsigned char *key, const unsigned char *in, >+ unsigned char *out) >+ { >+- EVP_CIPHER_CTX c; >++ EVP_CIPHER_CTX *c = EVP_CIPHER_CTX_new(); >+ int len; >+ >+- EVP_CIPHER_CTX_init(&c); >+- RUNTIME_CHECK(EVP_EncryptInit(&c, EVP_aes_192_ecb(), key, NULL) == 1); >+- EVP_CIPHER_CTX_set_padding(&c, 0); >+- RUNTIME_CHECK(EVP_EncryptUpdate(&c, out, &len, in, >++ RUNTIME_CHECK(c != NULL); >++ RUNTIME_CHECK(EVP_EncryptInit(c, EVP_aes_192_ecb(), key, NULL) == 1); >++ EVP_CIPHER_CTX_set_padding(c, 0); >++ RUNTIME_CHECK(EVP_EncryptUpdate(c, out, &len, in, >+ ISC_AES_BLOCK_LENGTH) == 1); >+ RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH); >+- RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(&c) == 1); >++ EVP_CIPHER_CTX_free(c); >+ } >+ >+ void >+ isc_aes256_crypt(const unsigned char *key, const unsigned char *in, >+ unsigned char *out) >+ { >+- EVP_CIPHER_CTX c; >++ EVP_CIPHER_CTX *c = EVP_CIPHER_CTX_new(); >+ int len; >+ >+- EVP_CIPHER_CTX_init(&c); >+- RUNTIME_CHECK(EVP_EncryptInit(&c, EVP_aes_256_ecb(), key, NULL) == 1); >+- EVP_CIPHER_CTX_set_padding(&c, 0); >+- RUNTIME_CHECK(EVP_EncryptUpdate(&c, out, &len, in, >++ RUNTIME_CHECK(c != NULL); >++ RUNTIME_CHECK(EVP_EncryptInit(c, EVP_aes_256_ecb(), key, NULL) == 1); >++ EVP_CIPHER_CTX_set_padding(c, 0); >++ RUNTIME_CHECK(EVP_EncryptUpdate(c, out, &len, in, >+ ISC_AES_BLOCK_LENGTH) == 1); >+ RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH); >+- RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(&c) == 1); >++ EVP_CIPHER_CTX_free(c); >+ } >+ >+ #elif HAVE_OPENSSL_AES >-- >2.10.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 214982
: 177577