Date: Fri, 8 Jun 2018 13:28:14 +0000 (UTC) From: Mathieu Arnold <mat@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r471999 - head/dns/bind912/files Message-ID: <201806081328.w58DSECq064733@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mat Date: Fri Jun 8 13:28:14 2018 New Revision: 471999 URL: https://svnweb.freebsd.org/changeset/ports/471999 Log: Fix build with LibreSSL 2.7. PR: 226903 Submitted by: Charlie Li Reported by: Piotr Kubaj Sponsored by: Absolight Added: head/dns/bind912/files/patch-libressl2.7 (contents, props changed) Added: head/dns/bind912/files/patch-libressl2.7 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/bind912/files/patch-libressl2.7 Fri Jun 8 13:28:14 2018 (r471999) @@ -0,0 +1,386 @@ +From 1e64b869b5b33e2deda7059e4348d9870f86d315 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org> +Date: Thu, 3 May 2018 13:59:04 +0200 +Subject: [PATCH 1/3] Add support for LibreSSL 2.7 + +(cherry picked from commit 29ff62a1492ce3dc702a887e864d00bf1949aed3) +--- + config.h.in | 12 +++++++ + configure | 13 +++++++ + configure.in | 2 ++ + lib/dns/openssldh_link.c | 69 +++++++++++++++++++++++-------------- + lib/dns/openssldsa_link.c | 2 +- + lib/dns/opensslecdsa_link.c | 11 +++--- + lib/dns/opensslrsa_link.c | 36 ++++++++++++------- + 7 files changed, 103 insertions(+), 42 deletions(-) + +diff --git config.h.in config.h.in +index 0cc04c5dd9..65ee20eeb5 100644 +--- config.h.in ++++ config.h.in +@@ -206,6 +206,9 @@ int sigwait(const unsigned int *set, int *sig); + /* Define to 1 if you have the <devpoll.h> header file. */ + #undef HAVE_DEVPOLL_H + ++/* Define to 1 if you have the `DH_get0_key' function. */ ++#undef HAVE_DH_GET0_KEY ++ + /* Define to 1 if you have the `dlclose' function. */ + #undef HAVE_DLCLOSE + +@@ -221,6 +224,12 @@ int sigwait(const unsigned int *set, int *sig); + /* Define to 1 to enable dnstap support */ + #undef HAVE_DNSTAP + ++/* Define to 1 if you have the `DSA_get0_pqg' function. */ ++#undef HAVE_DSA_GET0_PQG ++ ++/* Define to 1 if you have the `ECDSA_SIG_get0' function. */ ++#undef HAVE_ECDSA_SIG_GET0 ++ + /* Define to 1 if you have the <editline/readline.h> header file. */ + #undef HAVE_EDITLINE_READLINE_H + +@@ -431,6 +440,9 @@ int sigwait(const unsigned int *set, int *sig); + /* Define to 1 if you have the <regex.h> header file. */ + #undef HAVE_REGEX_H + ++/* Define to 1 if you have the `RSA_set0_key' function. */ ++#undef HAVE_RSA_SET0_KEY ++ + /* Define to 1 if you have the <sched.h> header file. */ + #undef HAVE_SCHED_H + +diff --git configure configure +index fc9256fa8d..2dde1a681d 100755 +--- configure ++++ configure +@@ -16724,6 +16724,19 @@ if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 + _ACEOF + ++fi ++done ++ ++ ++ for ac_func in DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg ++do : ++ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ++ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" ++if eval test \"x\$"$as_ac_var"\" = x"yes"; then : ++ cat >>confdefs.h <<_ACEOF ++#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 ++_ACEOF ++ + fi + done + +diff --git configure.in configure.in +index 99139ba5ac..193562c783 100644 +--- configure.in ++++ configure.in +@@ -1781,6 +1781,8 @@ DSO_METHOD_dlfcn(); + + AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512) + ++ AC_CHECK_FUNCS([DH_get0_key ECDSA_SIG_get0 RSA_set0_key DSA_get0_pqg]) ++ + AC_MSG_CHECKING(for OpenSSL ECDSA support) + have_ecdsa="" + AC_TRY_RUN([ +diff --git lib/dns/openssldh_link.c lib/dns/openssldh_link.c +index e74bee2e2d..0db673dd31 100644 +--- lib/dns/openssldh_link.c ++++ lib/dns/openssldh_link.c +@@ -71,62 +71,81 @@ static isc_result_t openssldh_todns(const dst_key_t *key, isc_buffer_t *data); + + static BIGNUM *bn2, *bn768, *bn1024, *bn1536; + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if !defined(HAVE_DH_GET0_KEY) + /* + * DH_get0_key, DH_set0_key, DH_get0_pqg and DH_set0_pqg + * are from OpenSSL 1.1.0. + */ + static void + DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) { +- if (pub_key != NULL) ++ if (pub_key != NULL) { + *pub_key = dh->pub_key; +- if (priv_key != NULL) ++ } ++ if (priv_key != NULL) { + *priv_key = dh->priv_key; ++ } + } + + static int + DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) { +- /* Note that it is valid for priv_key to be NULL */ +- if (pub_key == NULL) +- return 0; ++ if (pub_key != NULL) { ++ BN_free(dh->pub_key); ++ dh->pub_key = pub_key; ++ } + +- BN_free(dh->pub_key); +- BN_free(dh->priv_key); +- dh->pub_key = pub_key; +- dh->priv_key = priv_key; ++ if (priv_key != NULL) { ++ BN_free(dh->priv_key); ++ dh->priv_key = priv_key; ++ } + +- return 1; ++ return (1); + } + + static void + DH_get0_pqg(const DH *dh, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) + { +- if (p != NULL) ++ if (p != NULL) { + *p = dh->p; +- if (q != NULL) ++ } ++ if (q != NULL) { + *q = dh->q; +- if (g != NULL) ++ } ++ if (g != NULL) { + *g = dh->g; ++ } + } + + static int +-DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { +- /* q is optional */ +- if (p == NULL || g == NULL) +- return(0); +- BN_free(dh->p); +- BN_free(dh->q); +- BN_free(dh->g); +- dh->p = p; +- dh->q = q; +- dh->g = g; ++DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) ++{ ++ /* If the fields p and g in d are NULL, the corresponding input ++ * parameters MUST be non-NULL. q may remain NULL. ++ */ ++ if ((dh->p == NULL && p == NULL) ++ || (dh->g == NULL && g == NULL)) ++ { ++ return 0; ++ } ++ ++ if (p != NULL) { ++ BN_free(dh->p); ++ dh->p = p; ++ } ++ if (q != NULL) { ++ BN_free(dh->q); ++ dh->q = q; ++ } ++ if (g != NULL) { ++ BN_free(dh->g); ++ dh->g = g; ++ } + + if (q != NULL) { + dh->length = BN_num_bits(q); + } + +- return(1); ++ return (1); + } + + #define DH_clear_flags(d, f) (d)->flags &= ~(f) +diff --git lib/dns/openssldsa_link.c lib/dns/openssldsa_link.c +index 1c541ae73a..dfbd484247 100644 +--- lib/dns/openssldsa_link.c ++++ lib/dns/openssldsa_link.c +@@ -52,7 +52,7 @@ + + static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if !defined(HAVE_DSA_GET0_PQG) + static void + DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, + const BIGNUM **g) +diff --git lib/dns/opensslecdsa_link.c lib/dns/opensslecdsa_link.c +index a8941a808a..2e47459249 100644 +--- lib/dns/opensslecdsa_link.c ++++ lib/dns/opensslecdsa_link.c +@@ -45,20 +45,23 @@ + + #define DST_RET(a) {ret = a; goto err;} + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if !defined(HAVE_ECDSA_SIG_GET0) + /* From OpenSSL 1.1 */ + static void + ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) { +- if (pr != NULL) ++ if (pr != NULL) { + *pr = sig->r; +- if (ps != NULL) ++ } ++ if (ps != NULL) { + *ps = sig->s; ++ } + } + + static int + ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) { +- if (r == NULL || s == NULL) ++ if (r == NULL || s == NULL) { + return 0; ++ } + + BN_clear_free(sig->r); + BN_clear_free(sig->s); +diff --git lib/dns/opensslrsa_link.c lib/dns/opensslrsa_link.c +index bdb0a3931d..43f6d317bc 100644 +--- lib/dns/opensslrsa_link.c ++++ lib/dns/opensslrsa_link.c +@@ -123,7 +123,7 @@ + #endif + #define DST_RET(a) {ret = a; goto err;} + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if !defined(HAVE_RSA_SET0_KEY) + /* From OpenSSL 1.1.0 */ + static int + RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { +@@ -133,8 +133,9 @@ RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { + * parameters MUST be non-NULL for n and e. d may be + * left NULL (in case only the public key is used). + */ +- if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) ++ if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) { + return 0; ++ } + + if (n != NULL) { + BN_free(r->n); +@@ -159,8 +160,9 @@ RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) { + * If the fields p and q in r are NULL, the corresponding input + * parameters MUST be non-NULL. + */ +- if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) ++ if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) { + return 0; ++ } + + if (p != NULL) { + BN_free(r->p); +@@ -183,7 +185,9 @@ RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) { + if ((r->dmp1 == NULL && dmp1 == NULL) || + (r->dmq1 == NULL && dmq1 == NULL) || + (r->iqmp == NULL && iqmp == NULL)) ++ { + return 0; ++ } + + if (dmp1 != NULL) { + BN_free(r->dmp1); +@@ -205,32 +209,40 @@ static void + RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) + { +- if (n != NULL) ++ if (n != NULL) { + *n = r->n; +- if (e != NULL) ++ } ++ if (e != NULL) { + *e = r->e; +- if (d != NULL) ++ } ++ if (d != NULL) { + *d = r->d; ++ } + } + + static void + RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) { +- if (p != NULL) ++ if (p != NULL) { + *p = r->p; +- if (q != NULL) +- *q = r->q; ++ } ++ if (q != NULL) { ++ *q = r->q; ++ } + } + + static void + RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp) + { +- if (dmp1 != NULL) ++ if (dmp1 != NULL) { + *dmp1 = r->dmp1; +- if (dmq1 != NULL) ++ } ++ if (dmq1 != NULL) { + *dmq1 = r->dmq1; +- if (iqmp != NULL) ++ } ++ if (iqmp != NULL) { + *iqmp = r->iqmp; ++ } + } + + static int +-- +2.17.1 + +From e3a318e8d3e050677cfe603b25eaa9607c202276 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org> +Date: Wed, 2 May 2018 14:18:06 +0200 +Subject: [PATCH 2/3] Workaround LibreSSL 2.7.0-2.7.2 quirk in DH_set0_key + +(cherry picked from commit 6b9e3b7b069509e79c59f89403a91761c300bdee) +--- + lib/dns/openssldh_link.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git lib/dns/openssldh_link.c lib/dns/openssldh_link.c +index 0db673dd31..8dfda0d2fa 100644 +--- lib/dns/openssldh_link.c ++++ lib/dns/openssldh_link.c +@@ -44,6 +44,8 @@ + + #include <dst/result.h> + ++#include <openssl/opensslv.h> ++ + #include "dst_internal.h" + #include "dst_openssl.h" + #include "dst_parse.h" +@@ -564,7 +566,15 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) { + DH_free(dh); + return (dst__openssl_toresult(ISC_R_NOMEMORY)); + } ++#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && (LIBRESSL_VERSION_NUMBER <= 0x2070200fL) ++ /* ++ * LibreSSL << 2.7.3 DH_get0_key requires priv_key to be set when ++ * DH structure is empty, hence we cannot use DH_get0_key(). ++ */ ++ dh->pub_key = pub_key; ++#else /* LIBRESSL_VERSION_NUMBER */ + DH_set0_key(dh, pub_key, NULL); ++#endif /* LIBRESSL_VERSION_NUMBER */ + isc_region_consume(&r, publen); + + key->key_size = BN_num_bits(p); +-- +2.17.1 +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201806081328.w58DSECq064733>