mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-02 07:35:26 +00:00
Code Issues Releases Wiki Activity

Merge branch '3172-libressl-3.5.0-compat' into 'main'

Browse Source 
Resolve "BIND is not compatible with LibreSSL 3.5.0"

Closes #3172

See merge request isc-projects/bind9!5906
This commit is contained in:
Arаm Sаrgsyаn
2022-03-02 11:07:53 +00:00
parent 600b6abc05 347ce4f590
commit 60f5f78b8d
6 changed files with 12 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@@ -1,3 +1,7 @@
5816. [bug] Make BIND compile with LibreSSL 3.5.0, as it was using
not very accurate pre-processor checks for using shims.
[GL #3172]
5815. [bug] If an oversized key name of a specific length was used 5815. [bug] If an oversized key name of a specific length was used
in the text form of an HTTP or SVBC record, an INSIST in the text form of an HTTP or SVBC record, an INSIST
could be triggered when parsing it. [GL #3175] could be triggered when parsing it. [GL #3175]

1
configure.ac
View File

@@ -635,6 +635,7 @@ AC_COMPILE_IFELSE(
# #
AC_CHECK_FUNCS([BIO_read_ex BIO_write_ex]) AC_CHECK_FUNCS([BIO_read_ex BIO_write_ex])
AC_CHECK_FUNCS([BN_GENCB_new])
AC_CHECK_FUNCS([CRYPTO_zalloc]) AC_CHECK_FUNCS([CRYPTO_zalloc])
AC_CHECK_FUNCS([ERR_get_error_all]) AC_CHECK_FUNCS([ERR_get_error_all])
AC_CHECK_FUNCS([EVP_CIPHER_CTX_new EVP_CIPHER_CTX_free]) AC_CHECK_FUNCS([EVP_CIPHER_CTX_new EVP_CIPHER_CTX_free])

7
lib/dns/dst_openssl.h
View File

@@ -24,20 +24,19 @@
#include <isc/log.h> #include <isc/log.h>
#include <isc/result.h> #include <isc/result.h>
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #if !HAVE_BN_GENCB_NEW
/* /*
* These are new in OpenSSL 1.1.0. BN_GENCB _cb needs to be declared in * These are new in OpenSSL 1.1.0. BN_GENCB _cb needs to be declared in
* the function like this before the BN_GENCB_new call: * the function like this before the BN_GENCB_new call:
* *
* #if OPENSSL_VERSION_NUMBER < 0x10100000L * #if !HAVE_BN_GENCB_NEW
* _cb; * _cb;
* #endif * #endif
*/ */
#define BN_GENCB_free(x) ((void)0) #define BN_GENCB_free(x) ((void)0)
#define BN_GENCB_new() (&_cb) #define BN_GENCB_new() (&_cb)
#define BN_GENCB_get_arg(x) ((x)->arg) #define BN_GENCB_get_arg(x) ((x)->arg)
#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || \ #endif /* !HAVE_BN_GENCB_NEW */
* defined(LIBRESSL_VERSION_NUMBER) */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L #if OPENSSL_VERSION_NUMBER >= 0x10100000L
/* /*

5
lib/dns/openssldh_link.c
View File

@@ -360,10 +360,9 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if OPENSSL_VERSION_NUMBER < 0x30000000L
DH *dh = NULL; DH *dh = NULL;
BN_GENCB *cb = NULL; BN_GENCB *cb = NULL;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #if !HAVE_BN_GENCB_NEW
BN_GENCB _cb; BN_GENCB _cb;
#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || \ #endif /* !HAVE_BN_GENCB_NEW */
* defined(LIBRESSL_VERSION_NUMBER) */
#else #else
OSSL_PARAM_BLD *bld = NULL; OSSL_PARAM_BLD *bld = NULL;
OSSL_PARAM *params = NULL; OSSL_PARAM *params = NULL;

5
lib/dns/opensslrsa_link.c
View File

@@ -383,10 +383,9 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if OPENSSL_VERSION_NUMBER < 0x30000000L
RSA *rsa = RSA_new(); RSA *rsa = RSA_new();
EVP_PKEY *pkey = EVP_PKEY_new(); EVP_PKEY *pkey = EVP_PKEY_new();
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #if !HAVE_BN_GENCB_NEW
BN_GENCB _cb; BN_GENCB _cb;
#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || \ #endif /* !HAVE_BN_GENCB_NEW */
* defined(LIBRESSL_VERSION_NUMBER) */
BN_GENCB *cb = BN_GENCB_new(); BN_GENCB *cb = BN_GENCB_new();
#else #else
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);

18
lib/isc/aes.c
View File

@@ -22,19 +22,9 @@
#include <isc/types.h> #include <isc/types.h>
#include <isc/util.h> #include <isc/util.h>
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define EVP_CIPHER_CTX_new() &(_context), EVP_CIPHER_CTX_init(&_context)
#define EVP_CIPHER_CTX_free(c) RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(c) == 1)
#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || \
* defined(LIBRESSL_VERSION_NUMBER) */
void void
isc_aes128_crypt(const unsigned char *key, const unsigned char *in, isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out) { unsigned char *out) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
EVP_CIPHER_CTX _context;
#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || \
* defined(LIBRESSL_VERSION_NUMBER) */
EVP_CIPHER_CTX *c; EVP_CIPHER_CTX *c;
int len; int len;
@@ -51,10 +41,6 @@ isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
void void
isc_aes192_crypt(const unsigned char *key, const unsigned char *in, isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out) { unsigned char *out) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
EVP_CIPHER_CTX _context;
#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || \
* defined(LIBRESSL_VERSION_NUMBER) */
EVP_CIPHER_CTX *c; EVP_CIPHER_CTX *c;
int len; int len;
@@ -71,10 +57,6 @@ isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
void void
isc_aes256_crypt(const unsigned char *key, const unsigned char *in, isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out) { unsigned char *out) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
EVP_CIPHER_CTX _context;
#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || \
* defined(LIBRESSL_VERSION_NUMBER) */
EVP_CIPHER_CTX *c; EVP_CIPHER_CTX *c;
int len; int len;