--- /dev/null +++ dns/bind912/files/patch-config.h.in @@ -0,0 +1,35 @@ +--- config.h.in.orig 2018-05-16 18:06:47 UTC ++++ config.h.in +@@ -203,6 +203,9 @@ int sigwait(const unsigned int *set, int *sig); + /* Define to 1 if you have the header file. */ + #undef HAVE_DEVPOLL_H + ++/* Define to 1 if you have the `DH_get0_key' function. */ ++#undef HAVE_DH_GET0_KEY ++ + /* Define to 1 if you have the `dlclose' function. */ + #undef HAVE_DLCLOSE + +@@ -218,6 +221,12 @@ int sigwait(const unsigned int *set, int *sig); + /* Define to 1 to enable dnstap support */ + #undef HAVE_DNSTAP + ++/* Define to 1 if you have the `DSA_get0_pqg' function. */ ++#undef HAVE_DSA_GET0_PQG ++ ++/* Define to 1 if you have the `ECDSA_SIG_get0' function. */ ++#undef HAVE_ECDSA_SIG_GET0 ++ + /* Define to 1 if you have the header file. */ + #undef HAVE_EDITLINE_READLINE_H + +@@ -427,6 +436,9 @@ int sigwait(const unsigned int *set, int *sig); + + /* Define to 1 if you have the header file. */ + #undef HAVE_REGEX_H ++ ++/* Define to 1 if you have the `RSA_set0_key' function. */ ++#undef HAVE_RSA_SET0_KEY + + /* Define to 1 if you have the header file. */ + #undef HAVE_SCHED_H --- dns/bind912/files/patch-configure +++ dns/bind912/files/patch-configure @@ -1,6 +1,6 @@ ---- configure.orig 2018-03-08 20:56:40 UTC +--- configure.orig 2018-05-16 18:06:47 UTC +++ configure -@@ -14455,27 +14455,9 @@ done +@@ -14443,27 +14443,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ @@ -30,7 +30,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -14518,47 +14500,7 @@ $as_echo "no" >&6; } ;; +@@ -14506,47 +14488,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac @@ -79,7 +79,27 @@ DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -23197,7 +23139,7 @@ $as_echo "" >&6; } +@@ -16288,6 +16230,19 @@ fi + done + + ++ for ac_func in DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg ++do : ++ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ++ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" ++if eval test \"x\$"$as_ac_var"\" = x"yes"; then : ++ cat >>confdefs.h <<_ACEOF ++#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 ++_ACEOF ++ ++fi ++done ++ ++ + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ECDSA support" >&5 + $as_echo_n "checking for OpenSSL ECDSA support... " >&6; } + have_ecdsa="" +@@ -23203,7 +23158,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). --- /dev/null +++ dns/bind912/files/patch-configure.in @@ -0,0 +1,11 @@ +--- configure.in.orig 2018-05-16 18:06:47 UTC ++++ configure.in +@@ -1815,6 +1815,8 @@ esac + + AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512) + ++ AC_CHECK_FUNCS([DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg]) ++ + AC_MSG_CHECKING(for OpenSSL ECDSA support) + have_ecdsa="" + AC_TRY_RUN([ --- /dev/null +++ dns/bind912/files/patch-lib_dns_openssldh__link.c @@ -0,0 +1,134 @@ +--- lib/dns/openssldh_link.c.orig 2018-05-16 18:06:47 UTC ++++ lib/dns/openssldh_link.c +@@ -42,6 +42,8 @@ + + #include + ++#include ++ + #include "dst_internal.h" + #include "dst_openssl.h" + #include "dst_parse.h" +@@ -69,62 +71,81 @@ static isc_result_t openssldh_todns(const dst_key_t *k + + static BIGNUM *bn2, *bn768, *bn1024, *bn1536; + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if !defined(HAVE_DH_GET0_KEY) + /* + * DH_get0_key, DH_set0_key, DH_get0_pqg and DH_set0_pqg + * are from OpenSSL 1.1.0. + */ + static void + DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) { +- if (pub_key != NULL) ++ if (pub_key != NULL) { + *pub_key = dh->pub_key; +- if (priv_key != NULL) ++ } ++ if (priv_key != NULL) { + *priv_key = dh->priv_key; ++ } + } + + static int + DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) { +- /* Note that it is valid for priv_key to be NULL */ +- if (pub_key == NULL) +- return 0; ++ if (pub_key != NULL) { ++ BN_free(dh->pub_key); ++ dh->pub_key = pub_key; ++ } + +- BN_free(dh->pub_key); +- BN_free(dh->priv_key); +- dh->pub_key = pub_key; +- dh->priv_key = priv_key; ++ if (priv_key != NULL) { ++ BN_free(dh->priv_key); ++ dh->priv_key = priv_key; ++ } + +- return 1; ++ return (1); + } + + static void + DH_get0_pqg(const DH *dh, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) + { +- if (p != NULL) ++ if (p != NULL) { + *p = dh->p; +- if (q != NULL) ++ } ++ if (q != NULL) { + *q = dh->q; +- if (g != NULL) ++ } ++ if (g != NULL) { + *g = dh->g; ++ } + } + + static int +-DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { +- /* q is optional */ +- if (p == NULL || g == NULL) +- return(0); +- BN_free(dh->p); +- BN_free(dh->q); +- BN_free(dh->g); +- dh->p = p; +- dh->q = q; +- dh->g = g; ++DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) ++{ ++ /* If the fields p and g in d are NULL, the corresponding input ++ * parameters MUST be non-NULL. q may remain NULL. ++ */ ++ if ((dh->p == NULL && p == NULL) ++ || (dh->g == NULL && g == NULL)) ++ { ++ return 0; ++ } + ++ if (p != NULL) { ++ BN_free(dh->p); ++ dh->p = p; ++ } + if (q != NULL) { ++ BN_free(dh->q); ++ dh->q = q; ++ } ++ if (g != NULL) { ++ BN_free(dh->g); ++ dh->g = g; ++ } ++ ++ if (q != NULL) { + dh->length = BN_num_bits(q); + } + +- return(1); ++ return (1); + } + + #define DH_clear_flags(d, f) (d)->flags &= ~(f) +@@ -542,7 +563,15 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) + DH_free(dh); + return (dst__openssl_toresult(ISC_R_NOMEMORY)); + } ++#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && (LIBRESSL_VERSION_NUMBER <= 0x2070200fL) ++ /* ++ * LibreSSL << 2.7.3 DH_get0_key requires priv_key to be set when ++ * DH structure is empty, hence we cannot use DH_get0_key(). ++ */ ++ dh->pub_key = pub_key; ++#else /* LIBRESSL_VERSION_NUMBER */ + DH_set0_key(dh, pub_key, NULL); ++#endif /* LIBRESSL_VERSION_NUMBER */ + isc_region_consume(&r, publen); + + key->key_size = BN_num_bits(p); --- /dev/null +++ dns/bind912/files/patch-lib_dns_openssldsa__link.c @@ -0,0 +1,11 @@ +--- lib/dns/openssldsa_link.c.orig 2018-05-16 18:06:47 UTC ++++ lib/dns/openssldsa_link.c +@@ -49,7 +49,7 @@ + + static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if !defined(HAVE_DSA_GET0_PQG) + static void + DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, + const BIGNUM **g) --- /dev/null +++ dns/bind912/files/patch-lib_dns_opensslecdsa__link.c @@ -0,0 +1,30 @@ +--- lib/dns/opensslecdsa_link.c.orig 2018-05-16 18:06:47 UTC ++++ lib/dns/opensslecdsa_link.c +@@ -42,20 +42,23 @@ + + #define DST_RET(a) {ret = a; goto err;} + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if !defined(HAVE_ECDSA_SIG_GET0) + /* From OpenSSL 1.1 */ + static void + ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) { +- if (pr != NULL) ++ if (pr != NULL) { + *pr = sig->r; +- if (ps != NULL) ++ } ++ if (ps != NULL) { + *ps = sig->s; ++ } + } + + static int + ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) { +- if (r == NULL || s == NULL) ++ if (r == NULL || s == NULL) { + return 0; ++ } + + BN_clear_free(sig->r); + BN_clear_free(sig->s); --- /dev/null +++ dns/bind912/files/patch-lib_dns_opensslrsa__link.c @@ -0,0 +1,93 @@ +--- lib/dns/opensslrsa_link.c.orig 2018-05-16 18:06:47 UTC ++++ lib/dns/opensslrsa_link.c +@@ -121,7 +121,7 @@ + #endif + #define DST_RET(a) {ret = a; goto err;} + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if !defined(HAVE_RSA_SET0_KEY) + /* From OpenSSL 1.1.0 */ + static int + RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { +@@ -131,8 +131,9 @@ RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) + * parameters MUST be non-NULL for n and e. d may be + * left NULL (in case only the public key is used). + */ +- if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) ++ if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) { + return 0; ++ } + + if (n != NULL) { + BN_free(r->n); +@@ -157,8 +158,9 @@ RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) { + * If the fields p and q in r are NULL, the corresponding input + * parameters MUST be non-NULL. + */ +- if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) ++ if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) { + return 0; ++ } + + if (p != NULL) { + BN_free(r->p); +@@ -181,7 +183,9 @@ RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1 + if ((r->dmp1 == NULL && dmp1 == NULL) || + (r->dmq1 == NULL && dmq1 == NULL) || + (r->iqmp == NULL && iqmp == NULL)) ++ { + return 0; ++ } + + if (dmp1 != NULL) { + BN_free(r->dmp1); +@@ -203,32 +207,40 @@ static void + RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) + { +- if (n != NULL) ++ if (n != NULL) { + *n = r->n; +- if (e != NULL) ++ } ++ if (e != NULL) { + *e = r->e; +- if (d != NULL) ++ } ++ if (d != NULL) { + *d = r->d; ++ } + } + + static void + RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) { +- if (p != NULL) ++ if (p != NULL) { + *p = r->p; +- if (q != NULL) +- *q = r->q; ++ } ++ if (q != NULL) { ++ *q = r->q; ++ } + } + + static void + RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp) + { +- if (dmp1 != NULL) ++ if (dmp1 != NULL) { + *dmp1 = r->dmp1; +- if (dmq1 != NULL) ++ } ++ if (dmq1 != NULL) { + *dmq1 = r->dmq1; +- if (iqmp != NULL) ++ } ++ if (iqmp != NULL) { + *iqmp = r->iqmp; ++ } + } + + static int