Attachment #193625 for bug #226903




--- config.h.in.orig	2018-05-16 18:06:47 UTC
+++ config.h.in
@@ -203,6 +203,9 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define to 1 if you have the <devpoll.h> header file. */
 #undef HAVE_DEVPOLL_H
 
+/* Define to 1 if you have the `DH_get0_key' function. */
+#undef HAVE_DH_GET0_KEY
+
 /* Define to 1 if you have the `dlclose' function. */
 #undef HAVE_DLCLOSE
 
@@ -218,6 +221,12 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define to 1 to enable dnstap support */
 #undef HAVE_DNSTAP
 
+/* Define to 1 if you have the `DSA_get0_pqg' function. */
+#undef HAVE_DSA_GET0_PQG
+
+/* Define to 1 if you have the `ECDSA_SIG_get0' function. */
+#undef HAVE_ECDSA_SIG_GET0
+
 /* Define to 1 if you have the <editline/readline.h> header file. */
 #undef HAVE_EDITLINE_READLINE_H
 
@@ -427,6 +436,9 @@ int sigwait(const unsigned int *set, int *sig);
 
 /* Define to 1 if you have the <regex.h> header file. */
 #undef HAVE_REGEX_H
+
+/* Define to 1 if you have the `RSA_set0_key' function. */
+#undef HAVE_RSA_SET0_KEY
 
 /* Define to 1 if you have the <sched.h> header file. */
 #undef HAVE_SCHED_H




--- configure.orig	2018-05-16 18:06:47 UTC
+++ configure
@@ -14443,27 +14443,9 @@ done
 		# problems start to show up.
 		saved_libs="$LIBS"
 		for TRY_LIBS in \

 		    { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
 $as_echo_n "checking linking as $TRY_LIBS... " >&6; }
 		    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -14506,47 +14488,7 @@ $as_echo "no" >&6; } ;;
 		no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
 		esac
 

 		DNS_GSSAPI_LIBS="$LIBS"
 
 		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
@@ -16288,6 +16230,19 @@ fi
 done
 
 
+	for ac_func in DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
 	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ECDSA support" >&5
 $as_echo_n "checking for OpenSSL ECDSA support... " >&6; }
 	have_ecdsa=""
@@ -23203,7 +23158,7 @@ $as_echo "" >&6; }
 			# Check other locations for includes.
 			# Order is important (sigh).
 

Added Link Here

(-)dns/bind912/files/patch-configure.in (+11 lines)
1	--- configure.in.orig 2018-05-16 18:06:47 UTC
2	+++ configure.in
3	@@ -1815,6 +1815,8 @@ esac
4
5	AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512)
6
7	+ AC_CHECK_FUNCS([DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg])
8	+
9	AC_MSG_CHECKING(for OpenSSL ECDSA support)
10	have_ecdsa=""
11	AC_TRY_RUN([




--- lib/dns/openssldh_link.c.orig	2018-05-16 18:06:47 UTC
+++ lib/dns/openssldh_link.c
@@ -42,6 +42,8 @@
 
 #include <dst/result.h>
 
+#include <openssl/opensslv.h>
+
 #include "dst_internal.h"
 #include "dst_openssl.h"
 #include "dst_parse.h"
@@ -69,62 +71,81 @@ static isc_result_t openssldh_todns(const dst_key_t *k
 
 static BIGNUM *bn2, *bn768, *bn1024, *bn1536;
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(HAVE_DH_GET0_KEY)
 /*
  * DH_get0_key, DH_set0_key, DH_get0_pqg and DH_set0_pqg
  * are from OpenSSL 1.1.0.
  */
 static void
 DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) {
-	if (pub_key != NULL)
+	if (pub_key != NULL) {
 		*pub_key = dh->pub_key;
-	if (priv_key != NULL)
+	}
+	if (priv_key != NULL) {
 		*priv_key = dh->priv_key;
+	}
 }
 
 static int
 DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) {
-	/* Note that it is valid for priv_key to be NULL */
-	if (pub_key == NULL)
-		return 0;
+	if (pub_key != NULL) {
+		BN_free(dh->pub_key);
+		dh->pub_key = pub_key;
+	}
 
-	BN_free(dh->pub_key);
-	BN_free(dh->priv_key);
-	dh->pub_key = pub_key;
-	dh->priv_key = priv_key;
+	if (priv_key != NULL) {
+		BN_free(dh->priv_key);
+		dh->priv_key = priv_key;
+	}
 
-	return 1;
+	return (1);
 }
 
 static void
 DH_get0_pqg(const DH *dh,
 	    const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
 {
-	if (p != NULL)
+	if (p != NULL) {
 		*p = dh->p;
-	if (q != NULL)
+	}
+	if (q != NULL) {
 		*q = dh->q;
-	if (g != NULL)
+	}
+	if (g != NULL) {
 		*g = dh->g;
+	}
 }
 
 static int
-DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
-	/* q is optional */
-	if (p == NULL || g == NULL)
-		return(0);
-	BN_free(dh->p);
-	BN_free(dh->q);
-	BN_free(dh->g);
-	dh->p = p;
-	dh->q = q;
-	dh->g = g;
+DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+	/* If the fields p and g in d are NULL, the corresponding input
+	 * parameters MUST be non-NULL.  q may remain NULL.
+	 */
+	if ((dh->p == NULL && p == NULL)
+	    || (dh->g == NULL && g == NULL))
+	{
+		return 0;
+	}
 
+	if (p != NULL) {
+		BN_free(dh->p);
+		dh->p = p;
+	}
 	if (q != NULL) {
+		BN_free(dh->q);
+		dh->q = q;
+	}
+	if (g != NULL) {
+		BN_free(dh->g);
+		dh->g = g;
+	}
+
+	if (q != NULL) {
 		dh->length = BN_num_bits(q);
 	}
 
-	return(1);
+	return (1);
 }
 
 #define DH_clear_flags(d, f) (d)->flags &= ~(f)
@@ -542,7 +563,15 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) 
 		DH_free(dh);
 		return (dst__openssl_toresult(ISC_R_NOMEMORY));
 	}
+#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && (LIBRESSL_VERSION_NUMBER <= 0x2070200fL)
+	/*
+	 * LibreSSL << 2.7.3 DH_get0_key requires priv_key to be set when
+	 * DH structure is empty, hence we cannot use DH_get0_key().
+	 */
+	dh->pub_key = pub_key;
+#else /* LIBRESSL_VERSION_NUMBER */
 	DH_set0_key(dh, pub_key, NULL);
+#endif /* LIBRESSL_VERSION_NUMBER */
 	isc_region_consume(&r, publen);
 
 	key->key_size = BN_num_bits(p);

Added Link Here

(-)dns/bind912/files/patch-lib_dns_openssldsa__link.c (+11 lines)
1	--- lib/dns/openssldsa_link.c.orig 2018-05-16 18:06:47 UTC
2	+++ lib/dns/openssldsa_link.c
3	@@ -49,7 +49,7 @@
4
5	static isc_result_t openssldsa_todns(const dst_key_t key, isc_buffer_t data);
6
7	-#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
8	+#if !defined(HAVE_DSA_GET0_PQG)
9	static void
10	DSA_get0_pqg(const DSA d, const BIGNUM p, const BIGNUM *q,
11	const BIGNUM **g)




--- lib/dns/opensslecdsa_link.c.orig	2018-05-16 18:06:47 UTC
+++ lib/dns/opensslecdsa_link.c
@@ -42,20 +42,23 @@
 
 #define DST_RET(a) {ret = a; goto err;}
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(HAVE_ECDSA_SIG_GET0)
 /* From OpenSSL 1.1 */
 static void
 ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {
-	if (pr != NULL)
+	if (pr != NULL) {
 		*pr = sig->r;
-	if (ps != NULL)
+	}
+	if (ps != NULL) {
 		*ps = sig->s;
+	}
 }
 
 static int
 ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) {
-	if (r == NULL || s == NULL)
+	if (r == NULL || s == NULL) {
 		return 0;
+	}
 
 	BN_clear_free(sig->r);
 	BN_clear_free(sig->s);




--- lib/dns/opensslrsa_link.c.orig	2018-05-16 18:06:47 UTC
+++ lib/dns/opensslrsa_link.c
@@ -121,7 +121,7 @@
 #endif
 #define DST_RET(a) {ret = a; goto err;}
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(HAVE_RSA_SET0_KEY)
 /* From OpenSSL 1.1.0 */
 static int
 RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
@@ -131,8 +131,9 @@ RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) 
 	 * parameters MUST be non-NULL for n and e.  d may be
 	 * left NULL (in case only the public key is used).
 	 */
-	if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL))
+	if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) {
 		return 0;
+	}
 
 	if (n != NULL) {
 		BN_free(r->n);
@@ -157,8 +158,9 @@ RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) {
 	 * If the fields p and q in r are NULL, the corresponding input
 	 * parameters MUST be non-NULL.
 	 */
-	if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL))
+	if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) {
 		return 0;
+	}
 
 	if (p != NULL) {
 		BN_free(r->p);
@@ -181,7 +183,9 @@ RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1
 	if ((r->dmp1 == NULL && dmp1 == NULL) ||
 	    (r->dmq1 == NULL && dmq1 == NULL) ||
 	    (r->iqmp == NULL && iqmp == NULL))
+	{
 		return 0;
+	}
 
 	if (dmp1 != NULL) {
 		BN_free(r->dmp1);
@@ -203,32 +207,40 @@ static void
 RSA_get0_key(const RSA *r,
 	     const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
 {
-	if (n != NULL)
+	if (n != NULL) {
 		*n = r->n;
-	if (e != NULL)
+	}
+	if (e != NULL) {
 		*e = r->e;
-	if (d != NULL)
+	}
+	if (d != NULL) {
 		*d = r->d;
+	}
 }
 
 static void
 RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) {
-	if (p != NULL)
+	if (p != NULL) {
 		*p = r->p;
-	if (q != NULL)
-	*q = r->q;
+	}
+	if (q != NULL) {
+		*q = r->q;
+	}
 }
 
 static void
 RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
 		    const BIGNUM **iqmp)
 {
-	if (dmp1 != NULL)
+	if (dmp1 != NULL) {
 		*dmp1 = r->dmp1;
-	if (dmq1 != NULL)
+	}
+	if (dmq1 != NULL) {
 		*dmq1 = r->dmq1;
-	if (iqmp != NULL)
+	}
+	if (iqmp != NULL) {
 		*iqmp = r->iqmp;
+	}
 }
 
 static int

Return to bug 226903

Added Link Here

(-)dns/bind912/files/patch-config.h.in (+35 lines)
1	--- config.h.in.orig 2018-05-16 18:06:47 UTC
2	+++ config.h.in
3	@@ -203,6 +203,9 @@ int sigwait(const unsigned int set, int sig);
4	/* Define to 1 if you have the <devpoll.h> header file. */
5	#undef HAVE_DEVPOLL_H
6
7	+/* Define to 1 if you have the `DH_get0_key' function. */
8	+#undef HAVE_DH_GET0_KEY
9	+
10	/* Define to 1 if you have the `dlclose' function. */
11	#undef HAVE_DLCLOSE
12
13	@@ -218,6 +221,12 @@ int sigwait(const unsigned int set, int sig);
14	/* Define to 1 to enable dnstap support */
15	#undef HAVE_DNSTAP
16
17	+/* Define to 1 if you have the `DSA_get0_pqg' function. */
18	+#undef HAVE_DSA_GET0_PQG
19	+
20	+/* Define to 1 if you have the `ECDSA_SIG_get0' function. */
21	+#undef HAVE_ECDSA_SIG_GET0
22	+
23	/* Define to 1 if you have the <editline/readline.h> header file. */
24	#undef HAVE_EDITLINE_READLINE_H
25
26	@@ -427,6 +436,9 @@ int sigwait(const unsigned int set, int sig);
27
28	/* Define to 1 if you have the <regex.h> header file. */
29	#undef HAVE_REGEX_H
30	+
31	+/* Define to 1 if you have the `RSA_set0_key' function. */
32	+#undef HAVE_RSA_SET0_KEY
33
34	/* Define to 1 if you have the <sched.h> header file. */
35	#undef HAVE_SCHED_H

Lines 1-6 Link Here

(-)dns/bind912/files/patch-configure (-4 / +24 lines)
1	--- configure.orig 2018-03-08 20:56:40 UTC	1	--- configure.orig 2018-05-16 18:06:47 UTC
2	+++ configure	2	+++ configure
3	@@ -14455,27 +14455,9 @@ done	3	@@ -14443,27 +14443,9 @@ done
4	# problems start to show up.	4	# problems start to show up.
5	saved_libs="$LIBS"	5	saved_libs="$LIBS"
6	for TRY_LIBS in \	6	for TRY_LIBS in \
Lines 30-36 Link Here
30	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5	30	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
31	$as_echo_n "checking linking as $TRY_LIBS... " >&6; }	31	$as_echo_n "checking linking as $TRY_LIBS... " >&6; }
32	cat confdefs.h - <<_ACEOF >conftest.$ac_ext	32	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
33	@@ -14518,47 +14500,7 @@ $as_echo "no" >&6; } ;;	33	@@ -14506,47 +14488,7 @@ $as_echo "no" >&6; } ;;
34	no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;	34	no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
35	esac	35	esac
36		36
Lines 79-85 Link Here
79	DNS_GSSAPI_LIBS="$LIBS"	79	DNS_GSSAPI_LIBS="$LIBS"
80		80
81	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5	81	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
82	@@ -23197,7 +23139,7 @@ $as_echo "" >&6; }	82	@@ -16288,6 +16230,19 @@ fi
		83	done
		84
		85
		86	+ for ac_func in DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg
		87	+do :
		88	+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" \| $as_tr_sh`
		89	+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
		90	+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
		91	+ cat >>confdefs.h <<_ACEOF
		92	+#define `$as_echo "HAVE_$ac_func" \| $as_tr_cpp` 1
		93	+_ACEOF
		94	+
		95	+fi
		96	+done
		97	+
		98	+
		99	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ECDSA support" >&5
		100	$as_echo_n "checking for OpenSSL ECDSA support... " >&6; }
		101	have_ecdsa=""
		102	@@ -23203,7 +23158,7 @@ $as_echo "" >&6; }
83	# Check other locations for includes.	103	# Check other locations for includes.
84	# Order is important (sigh).	104	# Order is important (sigh).
85		105

Added Link Here

(-)dns/bind912/files/patch-lib_dns_openssldh__link.c (+134 lines)
1	--- lib/dns/openssldh_link.c.orig 2018-05-16 18:06:47 UTC
2	+++ lib/dns/openssldh_link.c
3	@@ -42,6 +42,8 @@
4
5	#include <dst/result.h>
6
7	+#include <openssl/opensslv.h>
8	+
9	#include "dst_internal.h"
10	#include "dst_openssl.h"
11	#include "dst_parse.h"
12	@@ -69,62 +71,81 @@ static isc_result_t openssldh_todns(const dst_key_t *k
13
14	static BIGNUM bn2, bn768, bn1024, bn1536;
15
16	-#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
17	+#if !defined(HAVE_DH_GET0_KEY)
18	/*
19	* DH_get0_key, DH_set0_key, DH_get0_pqg and DH_set0_pqg
20	* are from OpenSSL 1.1.0.
21	*/
22	static void
23	DH_get0_key(const DH dh, const BIGNUM pub_key, const BIGNUM *priv_key) {
24	- if (pub_key != NULL)
25	+ if (pub_key != NULL) {
26	*pub_key = dh->pub_key;
27	- if (priv_key != NULL)
28	+ }
29	+ if (priv_key != NULL) {
30	*priv_key = dh->priv_key;
31	+ }
32	}
33
34	static int
35	DH_set0_key(DH dh, BIGNUM pub_key, BIGNUM *priv_key) {
36	- /* Note that it is valid for priv_key to be NULL */
37	- if (pub_key == NULL)
38	- return 0;
39	+ if (pub_key != NULL) {
40	+ BN_free(dh->pub_key);
41	+ dh->pub_key = pub_key;
42	+ }
43
44	- BN_free(dh->pub_key);
45	- BN_free(dh->priv_key);
46	- dh->pub_key = pub_key;
47	- dh->priv_key = priv_key;
48	+ if (priv_key != NULL) {
49	+ BN_free(dh->priv_key);
50	+ dh->priv_key = priv_key;
51	+ }
52
53	- return 1;
54	+ return (1);
55	}
56
57	static void
58	DH_get0_pqg(const DH *dh,
59	const BIGNUM p, const BIGNUM q, const BIGNUM **g)
60	{
61	- if (p != NULL)
62	+ if (p != NULL) {
63	*p = dh->p;
64	- if (q != NULL)
65	+ }
66	+ if (q != NULL) {
67	*q = dh->q;
68	- if (g != NULL)
69	+ }
70	+ if (g != NULL) {
71	*g = dh->g;
72	+ }
73	}
74
75	static int
76	-DH_set0_pqg(DH dh, BIGNUM p, BIGNUM q, BIGNUM g) {
77	- /* q is optional */
78	- if (p == NULL \|\| g == NULL)
79	- return(0);
80	- BN_free(dh->p);
81	- BN_free(dh->q);
82	- BN_free(dh->g);
83	- dh->p = p;
84	- dh->q = q;
85	- dh->g = g;
86	+DH_set0_pqg(DH dh, BIGNUM p, BIGNUM q, BIGNUM g)
87	+{
88	+ /* If the fields p and g in d are NULL, the corresponding input
89	+ * parameters MUST be non-NULL. q may remain NULL.
90	+ */
91	+ if ((dh->p == NULL && p == NULL)
92	+ \|\| (dh->g == NULL && g == NULL))
93	+ {
94	+ return 0;
95	+ }
96
97	+ if (p != NULL) {
98	+ BN_free(dh->p);
99	+ dh->p = p;
100	+ }
101	if (q != NULL) {
102	+ BN_free(dh->q);
103	+ dh->q = q;
104	+ }
105	+ if (g != NULL) {
106	+ BN_free(dh->g);
107	+ dh->g = g;
108	+ }
109	+
110	+ if (q != NULL) {
111	dh->length = BN_num_bits(q);
112	}
113
114	- return(1);
115	+ return (1);
116	}
117
118	#define DH_clear_flags(d, f) (d)->flags &= ~(f)
119	@@ -542,7 +563,15 @@ openssldh_fromdns(dst_key_t key, isc_buffer_t data)
120	DH_free(dh);
121	return (dst__openssl_toresult(ISC_R_NOMEMORY));
122	}
123	+#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && (LIBRESSL_VERSION_NUMBER <= 0x2070200fL)
124	+ /*
125	+ * LibreSSL << 2.7.3 DH_get0_key requires priv_key to be set when
126	+ * DH structure is empty, hence we cannot use DH_get0_key().
127	+ */
128	+ dh->pub_key = pub_key;
129	+#else /* LIBRESSL_VERSION_NUMBER */
130	DH_set0_key(dh, pub_key, NULL);
131	+#endif /* LIBRESSL_VERSION_NUMBER */
132	isc_region_consume(&r, publen);
133
134	key->key_size = BN_num_bits(p);

Added Link Here

(-)dns/bind912/files/patch-lib_dns_opensslecdsa__link.c (+30 lines)
1	--- lib/dns/opensslecdsa_link.c.orig 2018-05-16 18:06:47 UTC
2	+++ lib/dns/opensslecdsa_link.c
3	@@ -42,20 +42,23 @@
4
5	#define DST_RET(a) {ret = a; goto err;}
6
7	-#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
8	+#if !defined(HAVE_ECDSA_SIG_GET0)
9	/* From OpenSSL 1.1 */
10	static void
11	ECDSA_SIG_get0(const ECDSA_SIG sig, const BIGNUM pr, const BIGNUM *ps) {
12	- if (pr != NULL)
13	+ if (pr != NULL) {
14	*pr = sig->r;
15	- if (ps != NULL)
16	+ }
17	+ if (ps != NULL) {
18	*ps = sig->s;
19	+ }
20	}
21
22	static int
23	ECDSA_SIG_set0(ECDSA_SIG sig, BIGNUM r, BIGNUM *s) {
24	- if (r == NULL \|\| s == NULL)
25	+ if (r == NULL \|\| s == NULL) {
26	return 0;
27	+ }
28
29	BN_clear_free(sig->r);
30	BN_clear_free(sig->s);

Added Link Here

(-)dns/bind912/files/patch-lib_dns_opensslrsa__link.c (+93 lines)
1	--- lib/dns/opensslrsa_link.c.orig 2018-05-16 18:06:47 UTC
2	+++ lib/dns/opensslrsa_link.c
3	@@ -121,7 +121,7 @@
4	#endif
5	#define DST_RET(a) {ret = a; goto err;}
6
7	-#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
8	+#if !defined(HAVE_RSA_SET0_KEY)
9	/* From OpenSSL 1.1.0 */
10	static int
11	RSA_set0_key(RSA r, BIGNUM n, BIGNUM e, BIGNUM d) {
12	@@ -131,8 +131,9 @@ RSA_set0_key(RSA r, BIGNUM n, BIGNUM e, BIGNUM d)
13	* parameters MUST be non-NULL for n and e. d may be
14	* left NULL (in case only the public key is used).
15	*/
16	- if ((r->n == NULL && n == NULL) \|\| (r->e == NULL && e == NULL))
17	+ if ((r->n == NULL && n == NULL) \|\| (r->e == NULL && e == NULL)) {
18	return 0;
19	+ }
20
21	if (n != NULL) {
22	BN_free(r->n);
23	@@ -157,8 +158,9 @@ RSA_set0_factors(RSA r, BIGNUM p, BIGNUM *q) {
24	* If the fields p and q in r are NULL, the corresponding input
25	* parameters MUST be non-NULL.
26	*/
27	- if ((r->p == NULL && p == NULL) \|\| (r->q == NULL && q == NULL))
28	+ if ((r->p == NULL && p == NULL) \|\| (r->q == NULL && q == NULL)) {
29	return 0;
30	+ }
31
32	if (p != NULL) {
33	BN_free(r->p);
34	@@ -181,7 +183,9 @@ RSA_set0_crt_params(RSA r, BIGNUM dmp1, BIGNUM *dmq1
35	if ((r->dmp1 == NULL && dmp1 == NULL) \|\|
36	(r->dmq1 == NULL && dmq1 == NULL) \|\|
37	(r->iqmp == NULL && iqmp == NULL))
38	+ {
39	return 0;
40	+ }
41
42	if (dmp1 != NULL) {
43	BN_free(r->dmp1);
44	@@ -203,32 +207,40 @@ static void
45	RSA_get0_key(const RSA *r,
46	const BIGNUM n, const BIGNUM e, const BIGNUM **d)
47	{
48	- if (n != NULL)
49	+ if (n != NULL) {
50	*n = r->n;
51	- if (e != NULL)
52	+ }
53	+ if (e != NULL) {
54	*e = r->e;
55	- if (d != NULL)
56	+ }
57	+ if (d != NULL) {
58	*d = r->d;
59	+ }
60	}
61
62	static void
63	RSA_get0_factors(const RSA r, const BIGNUM p, const BIGNUM *q) {
64	- if (p != NULL)
65	+ if (p != NULL) {
66	*p = r->p;
67	- if (q != NULL)
68	- *q = r->q;
69	+ }
70	+ if (q != NULL) {
71	+ *q = r->q;
72	+ }
73	}
74
75	static void
76	RSA_get0_crt_params(const RSA r, const BIGNUM dmp1, const BIGNUM *dmq1,
77	const BIGNUM **iqmp)
78	{
79	- if (dmp1 != NULL)
80	+ if (dmp1 != NULL) {
81	*dmp1 = r->dmp1;
82	- if (dmq1 != NULL)
83	+ }
84	+ if (dmq1 != NULL) {
85	*dmq1 = r->dmq1;
86	- if (iqmp != NULL)
87	+ }
88	+ if (iqmp != NULL) {
89	*iqmp = r->iqmp;
90	+ }
91	}
92
93	static int