From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Fri, 14 Jan 2022 10:54:42 +0000 Subject: [PATCH] Fix build against LibreSSL 3.5 Fix build with opaque structs in LibreSSL 3.5. Origin: OpenBSD Upstream-Status: Unknown [ismael@sourcemage.org: normalized the patch] Signed-off-by: Ismael Luceno --- src/lib/crypt_ops/crypto_dh_openssl.c | 12 ++++++------ src/lib/crypt_ops/crypto_rsa_openssl.c | 10 +++++----- src/lib/tls/x509_openssl.c | 2 +- src/test/test_crypto.c | 2 +- src/test/test_crypto_openssl.c | 2 +- 5 files changed, 14 insertions(+), 14 deletions(-) --- a/src/lib/crypt_ops/crypto_dh_openssl.c +++ b/src/lib/crypt_ops/crypto_dh_openssl.c @@ -60,7 +60,7 @@ crypto_validate_dh_params(const BIGNUM *p, const BIGNU /* Copy into a temporary DH object, just so that DH_check() can be called. */ if (!(dh = DH_new())) goto out; -#ifdef OPENSSL_1_1_API +#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) BIGNUM *dh_p, *dh_g; if (!(dh_p = BN_dup(p))) goto out; @@ -223,7 +223,7 @@ new_openssl_dh_from_params(BIGNUM *p, BIGNUM *g) goto err; } -#ifdef OPENSSL_1_1_API +#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) if (!DH_set0_pqg(res_dh, dh_p, NULL, dh_g)) { goto err; @@ -276,7 +276,7 @@ crypto_dh_get_bytes(crypto_dh_t *dh) int crypto_dh_generate_public(crypto_dh_t *dh) { -#ifndef OPENSSL_1_1_API +#if !defined(OPENSSL_1_1_API) && !defined(LIBRESSL_VERSION_NUMBER) again: #endif if (!DH_generate_key(dh->dh)) { @@ -286,7 +286,7 @@ crypto_dh_generate_public(crypto_dh_t *dh) return -1; /* LCOV_EXCL_STOP */ } -#ifdef OPENSSL_1_1_API +#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.x doesn't appear to let you regenerate a DH key, without * recreating the DH object. I have no idea what sort of aliasing madness * can occur here, so do the check, and just bail on failure. @@ -327,7 +327,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, si const BIGNUM *dh_pub; -#ifdef OPENSSL_1_1_API +#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) const BIGNUM *dh_priv; DH_get0_key(dh->dh, &dh_pub, &dh_priv); #else @@ -338,7 +338,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, si if (crypto_dh_generate_public(dh)<0) return -1; else { -#ifdef OPENSSL_1_1_API +#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) DH_get0_key(dh->dh, &dh_pub, &dh_priv); #else dh_pub = dh->dh->pub_key; --- a/src/lib/crypt_ops/crypto_rsa_openssl.c +++ b/src/lib/crypt_ops/crypto_rsa_openssl.c @@ -47,7 +47,7 @@ struct crypto_pk_t int crypto_pk_key_is_private(const crypto_pk_t *k) { -#ifdef OPENSSL_1_1_API +#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) if (!k || !k->key) return 0; @@ -212,7 +212,7 @@ crypto_pk_public_exponent_ok(const crypto_pk_t *env) const BIGNUM *e; -#ifdef OPENSSL_1_1_API +#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) const BIGNUM *n, *d; RSA_get0_key(env->key, &n, &e, &d); #else @@ -242,7 +242,7 @@ crypto_pk_cmp_keys(const crypto_pk_t *a, const crypto_ const BIGNUM *a_n, *a_e; const BIGNUM *b_n, *b_e; -#ifdef OPENSSL_1_1_API +#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) const BIGNUM *a_d, *b_d; RSA_get0_key(a->key, &a_n, &a_e, &a_d); RSA_get0_key(b->key, &b_n, &b_e, &b_d); @@ -279,7 +279,7 @@ crypto_pk_num_bits(crypto_pk_t *env) tor_assert(env); tor_assert(env->key); -#ifdef OPENSSL_1_1_API +#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) /* It's so stupid that there's no other way to check that n is valid * before calling RSA_bits(). */ @@ -572,7 +572,7 @@ static bool rsa_private_key_too_long(RSA *rsa, int max_bits) { const BIGNUM *n, *e, *p, *q, *d, *dmp1, *dmq1, *iqmp; -#ifdef OPENSSL_1_1_API +#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1) n = RSA_get0_n(rsa); --- a/src/lib/tls/x509_openssl.c +++ b/src/lib/tls/x509_openssl.c @@ -329,7 +329,7 @@ tor_tls_cert_is_valid(int severity, cert_key = X509_get_pubkey(cert->cert); if (check_rsa_1024 && cert_key) { RSA *rsa = EVP_PKEY_get1_RSA(cert_key); -#ifdef OPENSSL_1_1_API +#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) if (rsa && RSA_bits(rsa) == 1024) { #else if (rsa && BN_num_bits(rsa->n) == 1024) { --- a/src/test/test_crypto.c +++ b/src/test/test_crypto.c @@ -185,7 +185,7 @@ test_crypto_dh(void *arg) dh4 = crypto_dh_new_openssl_tls(); tt_assert(DH_generate_key(dh4)); const BIGNUM *pk=NULL; -#ifdef OPENSSL_1_1_API +#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) const BIGNUM *sk=NULL; DH_get0_key(dh4, &pk, &sk); #else --- a/src/test/test_crypto_openssl.c +++ b/src/test/test_crypto_openssl.c @@ -49,7 +49,7 @@ test_crypto_rng_engine(void *arg) ; } -#ifndef OPENSSL_1_1_API +#if !defined(OPENSSL_1_1_API) && !defined(LIBRESSL_VERSION_NUMBER) #define EVP_ENCODE_CTX_new() tor_malloc_zero(sizeof(EVP_ENCODE_CTX)) #define EVP_ENCODE_CTX_free(ctx) tor_free(ctx) #endif