Added
Link Here
|
1 |
--- lib/dns/openssldh_link.c.orig 2018-05-16 18:06:47 UTC |
2 |
+++ lib/dns/openssldh_link.c |
3 |
@@ -42,6 +42,8 @@ |
4 |
|
5 |
#include <dst/result.h> |
6 |
|
7 |
+#include <openssl/opensslv.h> |
8 |
+ |
9 |
#include "dst_internal.h" |
10 |
#include "dst_openssl.h" |
11 |
#include "dst_parse.h" |
12 |
@@ -69,62 +71,81 @@ static isc_result_t openssldh_todns(const dst_key_t *k |
13 |
|
14 |
static BIGNUM *bn2, *bn768, *bn1024, *bn1536; |
15 |
|
16 |
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
17 |
+#if !defined(HAVE_DH_GET0_KEY) |
18 |
/* |
19 |
* DH_get0_key, DH_set0_key, DH_get0_pqg and DH_set0_pqg |
20 |
* are from OpenSSL 1.1.0. |
21 |
*/ |
22 |
static void |
23 |
DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) { |
24 |
- if (pub_key != NULL) |
25 |
+ if (pub_key != NULL) { |
26 |
*pub_key = dh->pub_key; |
27 |
- if (priv_key != NULL) |
28 |
+ } |
29 |
+ if (priv_key != NULL) { |
30 |
*priv_key = dh->priv_key; |
31 |
+ } |
32 |
} |
33 |
|
34 |
static int |
35 |
DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) { |
36 |
- /* Note that it is valid for priv_key to be NULL */ |
37 |
- if (pub_key == NULL) |
38 |
- return 0; |
39 |
+ if (pub_key != NULL) { |
40 |
+ BN_free(dh->pub_key); |
41 |
+ dh->pub_key = pub_key; |
42 |
+ } |
43 |
|
44 |
- BN_free(dh->pub_key); |
45 |
- BN_free(dh->priv_key); |
46 |
- dh->pub_key = pub_key; |
47 |
- dh->priv_key = priv_key; |
48 |
+ if (priv_key != NULL) { |
49 |
+ BN_free(dh->priv_key); |
50 |
+ dh->priv_key = priv_key; |
51 |
+ } |
52 |
|
53 |
- return 1; |
54 |
+ return (1); |
55 |
} |
56 |
|
57 |
static void |
58 |
DH_get0_pqg(const DH *dh, |
59 |
const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) |
60 |
{ |
61 |
- if (p != NULL) |
62 |
+ if (p != NULL) { |
63 |
*p = dh->p; |
64 |
- if (q != NULL) |
65 |
+ } |
66 |
+ if (q != NULL) { |
67 |
*q = dh->q; |
68 |
- if (g != NULL) |
69 |
+ } |
70 |
+ if (g != NULL) { |
71 |
*g = dh->g; |
72 |
+ } |
73 |
} |
74 |
|
75 |
static int |
76 |
-DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { |
77 |
- /* q is optional */ |
78 |
- if (p == NULL || g == NULL) |
79 |
- return(0); |
80 |
- BN_free(dh->p); |
81 |
- BN_free(dh->q); |
82 |
- BN_free(dh->g); |
83 |
- dh->p = p; |
84 |
- dh->q = q; |
85 |
- dh->g = g; |
86 |
+DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) |
87 |
+{ |
88 |
+ /* If the fields p and g in d are NULL, the corresponding input |
89 |
+ * parameters MUST be non-NULL. q may remain NULL. |
90 |
+ */ |
91 |
+ if ((dh->p == NULL && p == NULL) |
92 |
+ || (dh->g == NULL && g == NULL)) |
93 |
+ { |
94 |
+ return 0; |
95 |
+ } |
96 |
|
97 |
+ if (p != NULL) { |
98 |
+ BN_free(dh->p); |
99 |
+ dh->p = p; |
100 |
+ } |
101 |
if (q != NULL) { |
102 |
+ BN_free(dh->q); |
103 |
+ dh->q = q; |
104 |
+ } |
105 |
+ if (g != NULL) { |
106 |
+ BN_free(dh->g); |
107 |
+ dh->g = g; |
108 |
+ } |
109 |
+ |
110 |
+ if (q != NULL) { |
111 |
dh->length = BN_num_bits(q); |
112 |
} |
113 |
|
114 |
- return(1); |
115 |
+ return (1); |
116 |
} |
117 |
|
118 |
#define DH_clear_flags(d, f) (d)->flags &= ~(f) |
119 |
@@ -542,7 +563,15 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) |
120 |
DH_free(dh); |
121 |
return (dst__openssl_toresult(ISC_R_NOMEMORY)); |
122 |
} |
123 |
+#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && (LIBRESSL_VERSION_NUMBER <= 0x2070200fL) |
124 |
+ /* |
125 |
+ * LibreSSL << 2.7.3 DH_get0_key requires priv_key to be set when |
126 |
+ * DH structure is empty, hence we cannot use DH_get0_key(). |
127 |
+ */ |
128 |
+ dh->pub_key = pub_key; |
129 |
+#else /* LIBRESSL_VERSION_NUMBER */ |
130 |
DH_set0_key(dh, pub_key, NULL); |
131 |
+#endif /* LIBRESSL_VERSION_NUMBER */ |
132 |
isc_region_consume(&r, publen); |
133 |
|
134 |
key->key_size = BN_num_bits(p); |