Bernd Kuhls 2022-06-20 21:09:04 +02:00 committed by Peter Korsgaard
parent 8aa0ef41cb
commit 23e1e04d54
3 changed files with 147 additions and 0 deletions

View File

@ -0,0 +1,67 @@
Fix build with opaque structs in LibreSSL 3.5
Downloaded from OpenBSD ports:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/tor/patches/patch-src_lib_crypt_ops_crypto_dh_openssl_c?rev=1.2&content-type=text/x-cvsweb-markup
Patch series was sent upstream:
https://forum.torproject.net/t/tor-relays-openbsd-stable-net-tor-and-0-4-7-7/3244
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Index: src/lib/crypt_ops/crypto_dh_openssl.c
--- a/src/lib/crypt_ops/crypto_dh_openssl.c.orig
+++ b/src/lib/crypt_ops/crypto_dh_openssl.c
@@ -60,7 +60,7 @@ crypto_validate_dh_params(const BIGNUM *p, const BIGNU
/* Copy into a temporary DH object, just so that DH_check() can be called. */
if (!(dh = DH_new()))
goto out;
-#ifdef OPENSSL_1_1_API
+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
BIGNUM *dh_p, *dh_g;
if (!(dh_p = BN_dup(p)))
goto out;
@@ -223,7 +223,7 @@ new_openssl_dh_from_params(BIGNUM *p, BIGNUM *g)
goto err;
}
-#ifdef OPENSSL_1_1_API
+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
if (!DH_set0_pqg(res_dh, dh_p, NULL, dh_g)) {
goto err;
@@ -276,7 +276,7 @@ crypto_dh_get_bytes(crypto_dh_t *dh)
int
crypto_dh_generate_public(crypto_dh_t *dh)
{
-#ifndef OPENSSL_1_1_API
+#if !defined(OPENSSL_1_1_API) && !defined(LIBRESSL_VERSION_NUMBER)
again:
#endif
if (!DH_generate_key(dh->dh)) {
@@ -286,7 +286,7 @@ crypto_dh_generate_public(crypto_dh_t *dh)
return -1;
/* LCOV_EXCL_STOP */
}
-#ifdef OPENSSL_1_1_API
+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
/* OpenSSL 1.1.x doesn't appear to let you regenerate a DH key, without
* recreating the DH object. I have no idea what sort of aliasing madness
* can occur here, so do the check, and just bail on failure.
@@ -327,7 +327,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, si
const BIGNUM *dh_pub;
-#ifdef OPENSSL_1_1_API
+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
const BIGNUM *dh_priv;
DH_get0_key(dh->dh, &dh_pub, &dh_priv);
#else
@@ -338,7 +338,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, si
if (crypto_dh_generate_public(dh)<0)
return -1;
else {
-#ifdef OPENSSL_1_1_API
+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
DH_get0_key(dh->dh, &dh_pub, &dh_priv);
#else
dh_pub = dh->dh->pub_key;

View File

@ -0,0 +1,58 @@
Fix build with opaque structs in LibreSSL 3.5
Downloaded from OpenBSD ports:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/tor/patches/patch-src_lib_crypt_ops_crypto_rsa_openssl_c?rev=1.2&content-type=text/x-cvsweb-markup
Patch series was sent upstream:
https://forum.torproject.net/t/tor-relays-openbsd-stable-net-tor-and-0-4-7-7/3244
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Index: src/lib/crypt_ops/crypto_rsa_openssl.c
--- a/src/lib/crypt_ops/crypto_rsa_openssl.c.orig
+++ b/src/lib/crypt_ops/crypto_rsa_openssl.c
@@ -47,7 +47,7 @@ struct crypto_pk_t
int
crypto_pk_key_is_private(const crypto_pk_t *k)
{
-#ifdef OPENSSL_1_1_API
+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
if (!k || !k->key)
return 0;
@@ -212,7 +212,7 @@ crypto_pk_public_exponent_ok(const crypto_pk_t *env)
const BIGNUM *e;
-#ifdef OPENSSL_1_1_API
+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
const BIGNUM *n, *d;
RSA_get0_key(env->key, &n, &e, &d);
#else
@@ -242,7 +242,7 @@ crypto_pk_cmp_keys(const crypto_pk_t *a, const crypto_
const BIGNUM *a_n, *a_e;
const BIGNUM *b_n, *b_e;
-#ifdef OPENSSL_1_1_API
+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
const BIGNUM *a_d, *b_d;
RSA_get0_key(a->key, &a_n, &a_e, &a_d);
RSA_get0_key(b->key, &b_n, &b_e, &b_d);
@@ -279,7 +279,7 @@ crypto_pk_num_bits(crypto_pk_t *env)
tor_assert(env);
tor_assert(env->key);
-#ifdef OPENSSL_1_1_API
+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
/* It's so stupid that there's no other way to check that n is valid
* before calling RSA_bits().
*/
@@ -572,7 +572,7 @@ static bool
rsa_private_key_too_long(RSA *rsa, int max_bits)
{
const BIGNUM *n, *e, *p, *q, *d, *dmp1, *dmq1, *iqmp;
-#ifdef OPENSSL_1_1_API
+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1)
n = RSA_get0_n(rsa);

View File

@ -0,0 +1,22 @@
Fix build with opaque structs in LibreSSL 3.5
Downloaded from OpenBSD ports:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/tor/patches/patch-src_lib_tls_x509_openssl_c?rev=1.2&content-type=text/x-cvsweb-markup
Patch series was sent upstream:
https://forum.torproject.net/t/tor-relays-openbsd-stable-net-tor-and-0-4-7-7/3244
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Index: src/lib/tls/x509_openssl.c
--- a/src/lib/tls/x509_openssl.c.orig
+++ b/src/lib/tls/x509_openssl.c
@@ -329,7 +329,7 @@ tor_tls_cert_is_valid(int severity,
cert_key = X509_get_pubkey(cert->cert);
if (check_rsa_1024 && cert_key) {
RSA *rsa = EVP_PKEY_get1_RSA(cert_key);
-#ifdef OPENSSL_1_1_API
+#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
if (rsa && RSA_bits(rsa) == 1024) {
#else
if (rsa && BN_num_bits(rsa->n) == 1024) {