From: Aram Sargsyan Date: Fri, 25 Feb 2022 09:00:52 +0000 (+0000) Subject: Use autoconf check for BN_GENCB_new() X-Git-Tag: v9.16.27~4^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=73e660a8061533ebfd08c365874a5dc0c5b47eaa;p=thirdparty%2Fbind9.git Use autoconf check for BN_GENCB_new() BIND unconditionally uses shims for BN_GENCB_new(), BN_GENCB_free(), and BN_GENCB_get_arg() for all LibreSSL versions and, correctly, for OpenSSL <1.1.0 versions. This breaks LibreSSL compilation starting with LibreSSL 3.5.0. Use autoconf check instead to check whether the family of the functions are available. (cherry picked from commit 749973f3259b7638a6af02b7da2f40ae28bdd402) --- diff --git a/config.h.in b/config.h.in index a612225addb..350cad43332 100644 --- a/config.h.in +++ b/config.h.in @@ -51,6 +51,9 @@ /* Define to 1 if you have the `BIO_write_ex' function. */ #undef HAVE_BIO_WRITE_EX +/* Define to 1 if you have the `BN_GENCB_new' function. */ +#undef HAVE_BN_GENCB_NEW + /* Define to 1 if the compiler supports __builtin_clz. */ #undef HAVE_BUILTIN_CLZ diff --git a/config.h.win32 b/config.h.win32 index e07ff8f09ba..a29762789d1 100644 --- a/config.h.win32 +++ b/config.h.win32 @@ -373,6 +373,9 @@ typedef __int64 off_t; /* Define to 1 if you have the `BIO_write_ex' function. */ #define HAVE_BIO_WRITE_EX 1 +/* Define to 1 if you have the `BN_GENCB_new' function. */ +#define HAVE_BN_GENCB_NEW 1 + /* Define to 1 if you have the `OPENSSL_init_crypto' function. */ #define HAVE_OPENSSL_INIT_CRYPTO 1 diff --git a/configure b/configure index dd02d596582..bdbf2fc6da0 100755 --- a/configure +++ b/configure @@ -17045,6 +17045,17 @@ _ACEOF fi done +for ac_func in BN_GENCB_new +do : + ac_fn_c_check_func "$LINENO" "BN_GENCB_new" "ac_cv_func_BN_GENCB_new" +if test "x$ac_cv_func_BN_GENCB_new" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_BN_GENCB_NEW 1 +_ACEOF + +fi +done + for ac_func in SSL_CTX_up_ref do : ac_fn_c_check_func "$LINENO" "SSL_CTX_up_ref" "ac_cv_func_SSL_CTX_up_ref" diff --git a/configure.ac b/configure.ac index 19506a7eeb6..b4165f00c75 100644 --- a/configure.ac +++ b/configure.ac @@ -848,6 +848,7 @@ AC_CHECK_FUNCS([EVP_MD_CTX_new EVP_MD_CTX_free EVP_MD_CTX_reset]) AC_CHECK_FUNCS([HMAC_CTX_new HMAC_CTX_free HMAC_CTX_reset HMAC_CTX_get_md]) AC_CHECK_FUNCS([SSL_read_ex SSL_peek_ex SSL_write_ex]) AC_CHECK_FUNCS([BIO_read_ex BIO_write_ex]) +AC_CHECK_FUNCS([BN_GENCB_new]) AC_CHECK_FUNCS([SSL_CTX_up_ref]) AC_CHECK_FUNCS([SSL_CTX_set_min_proto_version]) diff --git a/lib/dns/dst_openssl.h b/lib/dns/dst_openssl.h index dd67e1dd80e..57278486c10 100644 --- a/lib/dns/dst_openssl.h +++ b/lib/dns/dst_openssl.h @@ -25,20 +25,19 @@ #include #include -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if !HAVE_BN_GENCB_NEW /* * These are new in OpenSSL 1.1.0. BN_GENCB _cb needs to be declared in * the function like this before the BN_GENCB_new call: * - * #if OPENSSL_VERSION_NUMBER < 0x10100000L + * #if !HAVE_BN_GENCB_NEW * _cb; * #endif */ #define BN_GENCB_free(x) ((void)0) #define BN_GENCB_new() (&_cb) #define BN_GENCB_get_arg(x) ((x)->arg) -#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || \ - * defined(LIBRESSL_VERSION_NUMBER) */ +#endif /* !HAVE_BN_GENCB_NEW */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L /* diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c index 876c078d84c..707b3556828 100644 --- a/lib/dns/openssldh_link.c +++ b/lib/dns/openssldh_link.c @@ -263,10 +263,9 @@ static isc_result_t openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) { DH *dh = NULL; BN_GENCB *cb; -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if !HAVE_BN_GENCB_NEW BN_GENCB _cb; -#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || \ - * defined(LIBRESSL_VERSION_NUMBER) */ +#endif /* !HAVE_BN_GENCB_NEW */ union { void *dptr; void (*fptr)(int); diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c index 73fe4452eaa..1d29d944328 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c @@ -453,10 +453,9 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) { } u; RSA *rsa = RSA_new(); BIGNUM *e = BN_new(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if !HAVE_BN_GENCB_NEW BN_GENCB _cb; -#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L || \ - * defined(LIBRESSL_VERSION_NUMBER) */ +#endif /* !HAVE_BN_GENCB_NEW */ BN_GENCB *cb = BN_GENCB_new(); EVP_PKEY *pkey = EVP_PKEY_new();