Re: unwind/unbound: fix build with opaque DSA

Sun, 09 Jan 2022 07:06:07 -0800 

On 2022/01/09 14:18, Theo Buehler wrote:
> This switches to using the OpenSSL 1.1 codepath that does DSA_set0_pqg().
> Hopefully it's not too much hassle for updates. DSA_set0_pqg() has been
> in LibreSSL for a while, so we can probably upstream this easily.
> 
> libunbound in ports will need the same patch.

OK.

> Index: sbin/unwind/libunbound/sldns/keyraw.c
> ===================================================================
> RCS file: /cvs/src/sbin/unwind/libunbound/sldns/keyraw.c,v
> retrieving revision 1.2
> diff -u -p -r1.2 keyraw.c
> --- sbin/unwind/libunbound/sldns/keyraw.c     14 Aug 2021 07:32:46 -0000      
> 1.2
> +++ sbin/unwind/libunbound/sldns/keyraw.c     9 Jan 2022 12:24:28 -0000
> @@ -250,7 +250,7 @@ sldns_key_buf2dsa_raw(unsigned char* key
>       if(!(dsa = DSA_new())) {
>               return NULL;
>       }
> -#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
> +#if OPENSSL_VERSION_NUMBER < 0x10100000
>  #ifndef S_SPLINT_S
>       dsa->p = P;
>       dsa->q = Q;
> @@ -428,7 +428,7 @@ sldns_key_buf2rsa_raw(unsigned char* key
>               BN_free(modulus);
>               return NULL;
>       }
> -#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
> +#if OPENSSL_VERSION_NUMBER < 0x10100000
>  #ifndef S_SPLINT_S
>       rsa->n = modulus;
>       rsa->e = exponent;
> Index: usr.sbin/unbound/sldns/keyraw.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/unbound/sldns/keyraw.c,v
> retrieving revision 1.6
> diff -u -p -r1.6 keyraw.c
> --- usr.sbin/unbound/sldns/keyraw.c   13 Aug 2021 19:58:46 -0000      1.6
> +++ usr.sbin/unbound/sldns/keyraw.c   9 Jan 2022 12:24:54 -0000
> @@ -250,7 +250,7 @@ sldns_key_buf2dsa_raw(unsigned char* key
>       if(!(dsa = DSA_new())) {
>               return NULL;
>       }
> -#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
> +#if OPENSSL_VERSION_NUMBER < 0x10100000
>  #ifndef S_SPLINT_S
>       dsa->p = P;
>       dsa->q = Q;
> @@ -428,7 +428,7 @@ sldns_key_buf2rsa_raw(unsigned char* key
>               BN_free(modulus);
>               return NULL;
>       }
> -#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
> +#if OPENSSL_VERSION_NUMBER < 0x10100000
>  #ifndef S_SPLINT_S
>       rsa->n = modulus;
>       rsa->e = exponent;
>

Reply via email to