This switches to using the OpenSSL 1.1 codepath that does DSA_set0_pqg().
Hopefully it's not too much hassle for updates. DSA_set0_pqg() has been
in LibreSSL for a while, so we can probably upstream this easily.
libunbound in ports will need the same patch.
Index: sbin/unwind/libunbound/sldns/keyraw.c
===================================================================
RCS file: /cvs/src/sbin/unwind/libunbound/sldns/keyraw.c,v
retrieving revision 1.2
diff -u -p -r1.2 keyraw.c
--- sbin/unwind/libunbound/sldns/keyraw.c 14 Aug 2021 07:32:46 -0000
1.2
+++ sbin/unwind/libunbound/sldns/keyraw.c 9 Jan 2022 12:24:28 -0000
@@ -250,7 +250,7 @@ sldns_key_buf2dsa_raw(unsigned char* key
if(!(dsa = DSA_new())) {
return NULL;
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
+#if OPENSSL_VERSION_NUMBER < 0x10100000
#ifndef S_SPLINT_S
dsa->p = P;
dsa->q = Q;
@@ -428,7 +428,7 @@ sldns_key_buf2rsa_raw(unsigned char* key
BN_free(modulus);
return NULL;
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
+#if OPENSSL_VERSION_NUMBER < 0x10100000
#ifndef S_SPLINT_S
rsa->n = modulus;
rsa->e = exponent;
Index: usr.sbin/unbound/sldns/keyraw.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/sldns/keyraw.c,v
retrieving revision 1.6
diff -u -p -r1.6 keyraw.c
--- usr.sbin/unbound/sldns/keyraw.c 13 Aug 2021 19:58:46 -0000 1.6
+++ usr.sbin/unbound/sldns/keyraw.c 9 Jan 2022 12:24:54 -0000
@@ -250,7 +250,7 @@ sldns_key_buf2dsa_raw(unsigned char* key
if(!(dsa = DSA_new())) {
return NULL;
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
+#if OPENSSL_VERSION_NUMBER < 0x10100000
#ifndef S_SPLINT_S
dsa->p = P;
dsa->q = Q;
@@ -428,7 +428,7 @@ sldns_key_buf2rsa_raw(unsigned char* key
BN_free(modulus);
return NULL;
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
+#if OPENSSL_VERSION_NUMBER < 0x10100000
#ifndef S_SPLINT_S
rsa->n = modulus;
rsa->e = exponent;
