upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix #777: OpenSSL 1.1.0 compatibility, patch from Sebastian A. Siewior.

Browse source 
git-svn-id: file:///svn/unbound/trunk@3837 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2016-08-29 07:05:19 +00:00
parent 536cf2364d
commit ca5eca9567
4 changed files with 63 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
daemon/remote.c
View file

@ -144,7 +144,7 @@ timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d)
* (some openssl versions reject DH that is 'too small', eg. 512). * (some openssl versions reject DH that is 'too small', eg. 512).
*/ */
#ifndef S_SPLINT_S #ifndef S_SPLINT_S
DH *get_dh2048() static DH *get_dh2048(void)
{ {
static unsigned char dh2048_p[]={ static unsigned char dh2048_p[]={
0xE7,0x36,0x28,0x3B,0xE4,0xC3,0x32,0x1C,0x01,0xC3,0x67,0xD6, 0xE7,0x36,0x28,0x3B,0xE4,0xC3,0x32,0x1C,0x01,0xC3,0x67,0xD6,
@ -173,14 +173,31 @@ DH *get_dh2048()
static unsigned char dh2048_g[]={ static unsigned char dh2048_g[]={
0x02, 0x02,
}; };
DH *dh; DH *dh = NULL;
BIGNUM *p = NULL, *g = NULL;
if ((dh=DH_new()) == NULL) return(NULL); dh = DH_new();
dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
if ((dh->p == NULL) || (dh->g == NULL)) if (!dh || !p || !g)
{ DH_free(dh); return(NULL); } goto err;
return(dh);
#if OPENSSL_VERSION_NUMBER < 0x10100000
dh->p = p;
dh->g = g;
#else
if (!DH_set0_pqg(dh, p, NULL, g))
goto err;
#endif
return dh;
err:
if (p)
BN_free(p);
if (g)
BN_free(g);
if (dh)
DH_free(dh);
return NULL;
} }
#endif /* SPLINT */ #endif /* SPLINT */

4
doc/Changelog
View file

@ -1,3 +1,7 @@
29 August 2016: Ralph
- Fix #777: OpenSSL 1.1.0 compatibility, patch from Sebastian A.
Siewior.
25 August 2016: Ralph 25 August 2016: Ralph
- Clarify local-zone-override entry in unbound.conf.5 - Clarify local-zone-override entry in unbound.conf.5

30
sldns/keyraw.c
View file

@ -215,6 +215,7 @@ sldns_key_buf2dsa_raw(unsigned char* key, size_t len)
BN_free(Y); BN_free(Y);
return NULL; return NULL;
} }
#if OPENSSL_VERSION_NUMBER < 0x10100000
#ifndef S_SPLINT_S #ifndef S_SPLINT_S
dsa->p = P; dsa->p = P;
dsa->q = Q; dsa->q = Q;
@ -222,6 +223,25 @@ sldns_key_buf2dsa_raw(unsigned char* key, size_t len)
dsa->pub_key = Y; dsa->pub_key = Y;
#endif /* splint */ #endif /* splint */
#else /* OPENSSL_VERSION_NUMBER */
if (!DSA_set0_pqg(dsa, P, Q, G)) {
/* QPG not yet attached, need to free */
BN_free(Q);
BN_free(P);
BN_free(G);
DSA_free(dsa);
BN_free(Y);
return NULL;
}
if (!DSA_set0_key(dsa, Y, NULL)) {
/* QPG attached, cleaned up by DSA_fre() */
DSA_free(dsa);
BN_free(Y);
return NULL;
}
#endif
return dsa; return dsa;
} }
@ -273,11 +293,21 @@ sldns_key_buf2rsa_raw(unsigned char* key, size_t len)
BN_free(modulus); BN_free(modulus);
return NULL; return NULL;
} }
#if OPENSSL_VERSION_NUMBER < 0x10100000
#ifndef S_SPLINT_S #ifndef S_SPLINT_S
rsa->n = modulus; rsa->n = modulus;
rsa->e = exponent; rsa->e = exponent;
#endif /* splint */ #endif /* splint */
#else /* OPENSSL_VERSION_NUMBER */
if (!RSA_set0_key(rsa, modulus, exponent, NULL)) {
BN_free(exponent);
BN_free(modulus);
RSA_free(rsa);
return NULL;
}
#endif
return rsa; return rsa;
} }

8
validator/val_secalgo.c
View file

@ -592,7 +592,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
log_err("EVP_MD_CTX_new: malloc failure"); log_err("EVP_MD_CTX_new: malloc failure");
EVP_PKEY_free(evp_key); EVP_PKEY_free(evp_key);
if(dofree) free(sigblock); if(dofree) free(sigblock);
else if(docrypto_free) CRYPTO_free(sigblock); else if(docrypto_free) OPENSSL_free(sigblock);
return sec_status_unchecked; return sec_status_unchecked;
} }
if(EVP_VerifyInit(ctx, digest_type) == 0) { if(EVP_VerifyInit(ctx, digest_type) == 0) {
@ -600,7 +600,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
EVP_MD_CTX_destroy(ctx); EVP_MD_CTX_destroy(ctx);
EVP_PKEY_free(evp_key); EVP_PKEY_free(evp_key);
if(dofree) free(sigblock); if(dofree) free(sigblock);
else if(docrypto_free) CRYPTO_free(sigblock); else if(docrypto_free) OPENSSL_free(sigblock);
return sec_status_unchecked; return sec_status_unchecked;
} }
if(EVP_VerifyUpdate(ctx, (unsigned char*)sldns_buffer_begin(buf), if(EVP_VerifyUpdate(ctx, (unsigned char*)sldns_buffer_begin(buf),
@ -609,7 +609,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
EVP_MD_CTX_destroy(ctx); EVP_MD_CTX_destroy(ctx);
EVP_PKEY_free(evp_key); EVP_PKEY_free(evp_key);
if(dofree) free(sigblock); if(dofree) free(sigblock);
else if(docrypto_free) CRYPTO_free(sigblock); else if(docrypto_free) OPENSSL_free(sigblock);
return sec_status_unchecked; return sec_status_unchecked;
} }
@ -623,7 +623,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
EVP_PKEY_free(evp_key); EVP_PKEY_free(evp_key);
if(dofree) free(sigblock); if(dofree) free(sigblock);
else if(docrypto_free) CRYPTO_free(sigblock); else if(docrypto_free) OPENSSL_free(sigblock);
if(res == 1) { if(res == 1) {
return sec_status_secure; return sec_status_secure;