upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-10 16:59:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch '191-add-LibreSSL-2.7-support' into 'master'

Browse source 
Add LibreSSL 2.7.0 support

Closes #210

See merge request isc-projects/bind9!233
This commit is contained in:
Ondřej Surý 2018-05-03 08:25:40 -04:00
commit 9d1e9ce4bd
8 changed files with 116 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGES
View file

@ -1,3 +1,6 @@
4935. [func] Add support for LibreSSL >= 2.7.0 (some OpenSSL 1.1.0
call were added). [GL #191]
4934. [placeholder]
4933. [bug] Not creating signing keys for an inline signed zone

12
config.h.in
View file

@ -206,6 +206,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 if you have the <devpoll.h> header file. */
#undef HAVE_DEVPOLL_H
/* Define to 1 if you have the `DH_get0_key' function. */
#undef HAVE_DH_GET0_KEY
/* Define to 1 if you have the `dlclose' function. */
#undef HAVE_DLCLOSE
@ -221,6 +224,12 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 to enable dnstap support */
#undef HAVE_DNSTAP
/* Define to 1 if you have the `DSA_get0_pqg' function. */
#undef HAVE_DSA_GET0_PQG
/* Define to 1 if you have the `ECDSA_SIG_get0' function. */
#undef HAVE_ECDSA_SIG_GET0
/* Define to 1 if you have the <editline/readline.h> header file. */
#undef HAVE_EDITLINE_READLINE_H
@ -419,6 +428,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 if you have the <regex.h> header file. */
#undef HAVE_REGEX_H
/* Define to 1 if you have the `RSA_set0_key' function. */
#undef HAVE_RSA_SET0_KEY
/* Define to 1 if you have the <sched.h> header file. */
#undef HAVE_SCHED_H

13
configure vendored
View file

@ -16548,6 +16548,19 @@ if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF
fi
done
for ac_func in DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF
fi
done

2
configure.in
View file

@ -1712,6 +1712,8 @@ DSO_METHOD_dlfcn();
AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512)
AC_CHECK_FUNCS([DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg])
AC_MSG_CHECKING(for OpenSSL ECDSA support)
have_ecdsa=""
AC_TRY_RUN([

79
lib/dns/openssldh_link.c
View file

@ -44,6 +44,8 @@
#include <dst/result.h>
#include <openssl/opensslv.h>
#include "dst_internal.h"
#include "dst_openssl.h"
#include "dst_parse.h"
@ -71,62 +73,81 @@ static isc_result_t openssldh_todns(const dst_key_t *key, isc_buffer_t *data);
static BIGNUM *bn2, *bn768, *bn1024, *bn1536;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#if !defined(HAVE_DH_GET0_KEY)
/*
* DH_get0_key, DH_set0_key, DH_get0_pqg and DH_set0_pqg
* are from OpenSSL 1.1.0.
*/
static void
DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) {
if (pub_key != NULL)
if (pub_key != NULL) {
*pub_key = dh->pub_key;
if (priv_key != NULL)
}
if (priv_key != NULL) {
*priv_key = dh->priv_key;
}
}
static int
DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) {
/* Note that it is valid for priv_key to be NULL */
if (pub_key == NULL)
return 0;
if (pub_key != NULL) {
BN_free(dh->pub_key);
dh->pub_key = pub_key;
}
BN_free(dh->pub_key);
BN_free(dh->priv_key);
dh->pub_key = pub_key;
dh->priv_key = priv_key;
if (priv_key != NULL) {
BN_free(dh->priv_key);
dh->priv_key = priv_key;
}
return 1;
return (1);
}
static void
DH_get0_pqg(const DH *dh,
const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
{
if (p != NULL)
if (p != NULL) {
*p = dh->p;
if (q != NULL)
}
if (q != NULL) {
*q = dh->q;
if (g != NULL)
}
if (g != NULL) {
*g = dh->g;
}
}
static int
DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
/* q is optional */
if (p == NULL || g == NULL)
return(0);
BN_free(dh->p);
BN_free(dh->q);
BN_free(dh->g);
dh->p = p;
dh->q = q;
dh->g = g;
DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
{
/* If the fields p and g in d are NULL, the corresponding input
* parameters MUST be non-NULL. q may remain NULL.
*/
if ((dh->p == NULL && p == NULL)
|| (dh->g == NULL && g == NULL))
{
return 0;
}
if (p != NULL) {
BN_free(dh->p);
dh->p = p;
}
if (q != NULL) {
BN_free(dh->q);
dh->q = q;
}
if (g != NULL) {
BN_free(dh->g);
dh->g = g;
}
if (q != NULL) {
dh->length = BN_num_bits(q);
}
return(1);
return (1);
}
#define DH_clear_flags(d, f) (d)->flags &= ~(f)
@ -545,7 +566,15 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
DH_free(dh);
return (dst__openssl_toresult(ISC_R_NOMEMORY));
}
#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && (LIBRESSL_VERSION_NUMBER <= 0x2070200fL)
/*
* LibreSSL << 2.7.3 DH_get0_key requires priv_key to be set when
* DH structure is empty, hence we cannot use DH_get0_key().
*/
dh->pub_key = pub_key;
#else /* LIBRESSL_VERSION_NUMBER */
DH_set0_key(dh, pub_key, NULL);
#endif /* LIBRESSL_VERSION_NUMBER */
isc_region_consume(&r, publen);
key->key_size = BN_num_bits(p);

2
lib/dns/openssldsa_link.c
View file

@ -52,7 +52,7 @@
static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data);
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#if !defined(HAVE_DSA_GET0_PQG)
static void
DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
const BIGNUM **g)

11
lib/dns/opensslecdsa_link.c
View file

@ -45,20 +45,23 @@
#define DST_RET(a) {ret = a; goto err;}
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#if !defined(HAVE_ECDSA_SIG_GET0)
/* From OpenSSL 1.1 */
static void
ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {
if (pr != NULL)
if (pr != NULL) {
*pr = sig->r;
if (ps != NULL)
}
if (ps != NULL) {
*ps = sig->s;
}
}
static int
ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) {
if (r == NULL || s == NULL)
if (r == NULL || s == NULL) {
return 0;
}
BN_clear_free(sig->r);
BN_clear_free(sig->s);

36
lib/dns/opensslrsa_link.c
View file

@ -123,7 +123,7 @@
#endif
#define DST_RET(a) {ret = a; goto err;}
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#if !defined(HAVE_RSA_SET0_KEY)
/* From OpenSSL 1.1.0 */
static int
RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
@ -133,8 +133,9 @@ RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
* parameters MUST be non-NULL for n and e. d may be
* left NULL (in case only the public key is used).
*/
if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL))
if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) {
return 0;
}
if (n != NULL) {
BN_free(r->n);
@ -159,8 +160,9 @@ RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) {
* If the fields p and q in r are NULL, the corresponding input
* parameters MUST be non-NULL.
*/
if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL))
if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) {
return 0;
}
if (p != NULL) {
BN_free(r->p);
@ -183,7 +185,9 @@ RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) {
if ((r->dmp1 == NULL && dmp1 == NULL) ||
(r->dmq1 == NULL && dmq1 == NULL) ||
(r->iqmp == NULL && iqmp == NULL))
{
return 0;
}
if (dmp1 != NULL) {
BN_free(r->dmp1);
@ -205,32 +209,40 @@ static void
RSA_get0_key(const RSA *r,
const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
{
if (n != NULL)
if (n != NULL) {
*n = r->n;
if (e != NULL)
}
if (e != NULL) {
*e = r->e;
if (d != NULL)
}
if (d != NULL) {
*d = r->d;
}
}
static void
RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) {
if (p != NULL)
if (p != NULL) {
*p = r->p;
if (q != NULL)
*q = r->q;
}
if (q != NULL) {
*q = r->q;
}
}
static void
RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
const BIGNUM **iqmp)
{
if (dmp1 != NULL)
if (dmp1 != NULL) {
*dmp1 = r->dmp1;
if (dmq1 != NULL)
}
if (dmq1 != NULL) {
*dmq1 = r->dmq1;
if (iqmp != NULL)
}
if (iqmp != NULL) {
*iqmp = r->iqmp;
}
}
static int