svn commit: r471999 - head/dns/bind912/files
Mathieu Arnold
mat at FreeBSD.org
Fri Jun 8 13:28:15 UTC 2018
Author: mat
Date: Fri Jun 8 13:28:14 2018
New Revision: 471999
URL: https://svnweb.freebsd.org/changeset/ports/471999
Log:
Fix build with LibreSSL 2.7.
PR: 226903
Submitted by: Charlie Li
Reported by: Piotr Kubaj
Sponsored by: Absolight
Added:
head/dns/bind912/files/patch-libressl2.7 (contents, props changed)
Added: head/dns/bind912/files/patch-libressl2.7
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/dns/bind912/files/patch-libressl2.7 Fri Jun 8 13:28:14 2018 (r471999)
@@ -0,0 +1,386 @@
+From 1e64b869b5b33e2deda7059e4348d9870f86d315 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej at sury.org>
+Date: Thu, 3 May 2018 13:59:04 +0200
+Subject: [PATCH 1/3] Add support for LibreSSL 2.7
+
+(cherry picked from commit 29ff62a1492ce3dc702a887e864d00bf1949aed3)
+---
+ config.h.in | 12 +++++++
+ configure | 13 +++++++
+ configure.in | 2 ++
+ lib/dns/openssldh_link.c | 69 +++++++++++++++++++++++--------------
+ lib/dns/openssldsa_link.c | 2 +-
+ lib/dns/opensslecdsa_link.c | 11 +++---
+ lib/dns/opensslrsa_link.c | 36 ++++++++++++-------
+ 7 files changed, 103 insertions(+), 42 deletions(-)
+
+diff --git config.h.in config.h.in
+index 0cc04c5dd9..65ee20eeb5 100644
+--- config.h.in
++++ config.h.in
+@@ -206,6 +206,9 @@ int sigwait(const unsigned int *set, int *sig);
+ /* Define to 1 if you have the <devpoll.h> header file. */
+ #undef HAVE_DEVPOLL_H
+
++/* Define to 1 if you have the `DH_get0_key' function. */
++#undef HAVE_DH_GET0_KEY
++
+ /* Define to 1 if you have the `dlclose' function. */
+ #undef HAVE_DLCLOSE
+
+@@ -221,6 +224,12 @@ int sigwait(const unsigned int *set, int *sig);
+ /* Define to 1 to enable dnstap support */
+ #undef HAVE_DNSTAP
+
++/* Define to 1 if you have the `DSA_get0_pqg' function. */
++#undef HAVE_DSA_GET0_PQG
++
++/* Define to 1 if you have the `ECDSA_SIG_get0' function. */
++#undef HAVE_ECDSA_SIG_GET0
++
+ /* Define to 1 if you have the <editline/readline.h> header file. */
+ #undef HAVE_EDITLINE_READLINE_H
+
+@@ -431,6 +440,9 @@ int sigwait(const unsigned int *set, int *sig);
+ /* Define to 1 if you have the <regex.h> header file. */
+ #undef HAVE_REGEX_H
+
++/* Define to 1 if you have the `RSA_set0_key' function. */
++#undef HAVE_RSA_SET0_KEY
++
+ /* Define to 1 if you have the <sched.h> header file. */
+ #undef HAVE_SCHED_H
+
+diff --git configure configure
+index fc9256fa8d..2dde1a681d 100755
+--- configure
++++ configure
+@@ -16724,6 +16724,19 @@ if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+ _ACEOF
+
++fi
++done
++
++
++ for ac_func in DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg
++do :
++ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
++ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
++if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
++ cat >>confdefs.h <<_ACEOF
++#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
++_ACEOF
++
+ fi
+ done
+
+diff --git configure.in configure.in
+index 99139ba5ac..193562c783 100644
+--- configure.in
++++ configure.in
+@@ -1781,6 +1781,8 @@ DSO_METHOD_dlfcn();
+
+ AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512)
+
++ AC_CHECK_FUNCS([DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg])
++
+ AC_MSG_CHECKING(for OpenSSL ECDSA support)
+ have_ecdsa=""
+ AC_TRY_RUN([
+diff --git lib/dns/openssldh_link.c lib/dns/openssldh_link.c
+index e74bee2e2d..0db673dd31 100644
+--- lib/dns/openssldh_link.c
++++ lib/dns/openssldh_link.c
+@@ -71,62 +71,81 @@ static isc_result_t openssldh_todns(const dst_key_t *key, isc_buffer_t *data);
+
+ static BIGNUM *bn2, *bn768, *bn1024, *bn1536;
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if !defined(HAVE_DH_GET0_KEY)
+ /*
+ * DH_get0_key, DH_set0_key, DH_get0_pqg and DH_set0_pqg
+ * are from OpenSSL 1.1.0.
+ */
+ static void
+ DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) {
+- if (pub_key != NULL)
++ if (pub_key != NULL) {
+ *pub_key = dh->pub_key;
+- if (priv_key != NULL)
++ }
++ if (priv_key != NULL) {
+ *priv_key = dh->priv_key;
++ }
+ }
+
+ static int
+ DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) {
+- /* Note that it is valid for priv_key to be NULL */
+- if (pub_key == NULL)
+- return 0;
++ if (pub_key != NULL) {
++ BN_free(dh->pub_key);
++ dh->pub_key = pub_key;
++ }
+
+- BN_free(dh->pub_key);
+- BN_free(dh->priv_key);
+- dh->pub_key = pub_key;
+- dh->priv_key = priv_key;
++ if (priv_key != NULL) {
++ BN_free(dh->priv_key);
++ dh->priv_key = priv_key;
++ }
+
+- return 1;
++ return (1);
+ }
+
+ static void
+ DH_get0_pqg(const DH *dh,
+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+ {
+- if (p != NULL)
++ if (p != NULL) {
+ *p = dh->p;
+- if (q != NULL)
++ }
++ if (q != NULL) {
+ *q = dh->q;
+- if (g != NULL)
++ }
++ if (g != NULL) {
+ *g = dh->g;
++ }
+ }
+
+ static int
+-DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
+- /* q is optional */
+- if (p == NULL || g == NULL)
+- return(0);
+- BN_free(dh->p);
+- BN_free(dh->q);
+- BN_free(dh->g);
+- dh->p = p;
+- dh->q = q;
+- dh->g = g;
++DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
++{
++ /* If the fields p and g in d are NULL, the corresponding input
++ * parameters MUST be non-NULL. q may remain NULL.
++ */
++ if ((dh->p == NULL && p == NULL)
++ || (dh->g == NULL && g == NULL))
++ {
++ return 0;
++ }
++
++ if (p != NULL) {
++ BN_free(dh->p);
++ dh->p = p;
++ }
++ if (q != NULL) {
++ BN_free(dh->q);
++ dh->q = q;
++ }
++ if (g != NULL) {
++ BN_free(dh->g);
++ dh->g = g;
++ }
+
+ if (q != NULL) {
+ dh->length = BN_num_bits(q);
+ }
+
+- return(1);
++ return (1);
+ }
+
+ #define DH_clear_flags(d, f) (d)->flags &= ~(f)
+diff --git lib/dns/openssldsa_link.c lib/dns/openssldsa_link.c
+index 1c541ae73a..dfbd484247 100644
+--- lib/dns/openssldsa_link.c
++++ lib/dns/openssldsa_link.c
+@@ -52,7 +52,7 @@
+
+ static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data);
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if !defined(HAVE_DSA_GET0_PQG)
+ static void
+ DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
+ const BIGNUM **g)
+diff --git lib/dns/opensslecdsa_link.c lib/dns/opensslecdsa_link.c
+index a8941a808a..2e47459249 100644
+--- lib/dns/opensslecdsa_link.c
++++ lib/dns/opensslecdsa_link.c
+@@ -45,20 +45,23 @@
+
+ #define DST_RET(a) {ret = a; goto err;}
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if !defined(HAVE_ECDSA_SIG_GET0)
+ /* From OpenSSL 1.1 */
+ static void
+ ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {
+- if (pr != NULL)
++ if (pr != NULL) {
+ *pr = sig->r;
+- if (ps != NULL)
++ }
++ if (ps != NULL) {
+ *ps = sig->s;
++ }
+ }
+
+ static int
+ ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) {
+- if (r == NULL || s == NULL)
++ if (r == NULL || s == NULL) {
+ return 0;
++ }
+
+ BN_clear_free(sig->r);
+ BN_clear_free(sig->s);
+diff --git lib/dns/opensslrsa_link.c lib/dns/opensslrsa_link.c
+index bdb0a3931d..43f6d317bc 100644
+--- lib/dns/opensslrsa_link.c
++++ lib/dns/opensslrsa_link.c
+@@ -123,7 +123,7 @@
+ #endif
+ #define DST_RET(a) {ret = a; goto err;}
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if !defined(HAVE_RSA_SET0_KEY)
+ /* From OpenSSL 1.1.0 */
+ static int
+ RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
+@@ -133,8 +133,9 @@ RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
+ * parameters MUST be non-NULL for n and e. d may be
+ * left NULL (in case only the public key is used).
+ */
+- if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL))
++ if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) {
+ return 0;
++ }
+
+ if (n != NULL) {
+ BN_free(r->n);
+@@ -159,8 +160,9 @@ RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) {
+ * If the fields p and q in r are NULL, the corresponding input
+ * parameters MUST be non-NULL.
+ */
+- if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL))
++ if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) {
+ return 0;
++ }
+
+ if (p != NULL) {
+ BN_free(r->p);
+@@ -183,7 +185,9 @@ RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) {
+ if ((r->dmp1 == NULL && dmp1 == NULL) ||
+ (r->dmq1 == NULL && dmq1 == NULL) ||
+ (r->iqmp == NULL && iqmp == NULL))
++ {
+ return 0;
++ }
+
+ if (dmp1 != NULL) {
+ BN_free(r->dmp1);
+@@ -205,32 +209,40 @@ static void
+ RSA_get0_key(const RSA *r,
+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+ {
+- if (n != NULL)
++ if (n != NULL) {
+ *n = r->n;
+- if (e != NULL)
++ }
++ if (e != NULL) {
+ *e = r->e;
+- if (d != NULL)
++ }
++ if (d != NULL) {
+ *d = r->d;
++ }
+ }
+
+ static void
+ RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) {
+- if (p != NULL)
++ if (p != NULL) {
+ *p = r->p;
+- if (q != NULL)
+- *q = r->q;
++ }
++ if (q != NULL) {
++ *q = r->q;
++ }
+ }
+
+ static void
+ RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
+ const BIGNUM **iqmp)
+ {
+- if (dmp1 != NULL)
++ if (dmp1 != NULL) {
+ *dmp1 = r->dmp1;
+- if (dmq1 != NULL)
++ }
++ if (dmq1 != NULL) {
+ *dmq1 = r->dmq1;
+- if (iqmp != NULL)
++ }
++ if (iqmp != NULL) {
+ *iqmp = r->iqmp;
++ }
+ }
+
+ static int
+--
+2.17.1
+
+From e3a318e8d3e050677cfe603b25eaa9607c202276 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej at sury.org>
+Date: Wed, 2 May 2018 14:18:06 +0200
+Subject: [PATCH 2/3] Workaround LibreSSL 2.7.0-2.7.2 quirk in DH_set0_key
+
+(cherry picked from commit 6b9e3b7b069509e79c59f89403a91761c300bdee)
+---
+ lib/dns/openssldh_link.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git lib/dns/openssldh_link.c lib/dns/openssldh_link.c
+index 0db673dd31..8dfda0d2fa 100644
+--- lib/dns/openssldh_link.c
++++ lib/dns/openssldh_link.c
+@@ -44,6 +44,8 @@
+
+ #include <dst/result.h>
+
++#include <openssl/opensslv.h>
++
+ #include "dst_internal.h"
+ #include "dst_openssl.h"
+ #include "dst_parse.h"
+@@ -564,7 +566,15 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
+ DH_free(dh);
+ return (dst__openssl_toresult(ISC_R_NOMEMORY));
+ }
++#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && (LIBRESSL_VERSION_NUMBER <= 0x2070200fL)
++ /*
++ * LibreSSL << 2.7.3 DH_get0_key requires priv_key to be set when
++ * DH structure is empty, hence we cannot use DH_get0_key().
++ */
++ dh->pub_key = pub_key;
++#else /* LIBRESSL_VERSION_NUMBER */
+ DH_set0_key(dh, pub_key, NULL);
++#endif /* LIBRESSL_VERSION_NUMBER */
+ isc_region_consume(&r, publen);
+
+ key->key_size = BN_num_bits(p);
+--
+2.17.1
+
More information about the svn-ports-all
mailing list