From: Stefan Eissing <icing@apache.org>
Date: Tue, 18 May 2021 13:41:27 +0000 (+0000)
Subject: mod_md: removing the previous libressl workaround and adding the real
X-Git-Tag: 2.5.0-alpha2-ci-test-only~939
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=75f963e8e2e0765d83b7f9d8fa6e6b2e3481b2b4;p=thirdparty%2Fapache%2Fhttpd.git

mod_md: removing the previous libressl workaround and adding the real
        fix that disables ec key types not supported by libressl.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1890001 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c
index 6f3ee7b077f..3992c6b12e3 100644
--- a/modules/md/md_crypt.c
+++ b/modules/md/md_crypt.c
@@ -71,11 +71,6 @@
 #include <openssl/ct.h>
 #endif
 
-#if defined(LIBRESSL_VERSION_NUMBER)
-#define EVP_PKEY_X25519 NID_X25519
-#define EVP_PKEY_X448 NID_X448
-#endif
-
 static int initialized;
 
 struct md_pkey_t {
@@ -802,7 +797,7 @@ static apr_status_t gen_ec(md_pkey_t **ppkey, apr_pool_t *p, const char *curve)
         curve_nid = NID_X9_62_prime192v1;
     }
 #endif
-#ifdef NID_X25519
+#if defined(NID_X25519) && !defined(LIBRESSL_VERSION_NUMBER)
     if (NID_undef == curve_nid && !apr_strnatcasecmp("X25519", curve)) {
         curve_nid = NID_X25519;
     }
@@ -819,7 +814,7 @@ static apr_status_t gen_ec(md_pkey_t **ppkey, apr_pool_t *p, const char *curve)
     *ppkey = make_pkey(p);
     switch (curve_nid) {
 
-#ifdef NID_X25519
+#if defined(NID_X25519) && !defined(LIBRESSL_VERSION_NUMBER)
     case NID_X25519:
         /* no parameters */
         if (NULL == (ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL))
@@ -833,7 +828,7 @@ static apr_status_t gen_ec(md_pkey_t **ppkey, apr_pool_t *p, const char *curve)
         break;
 #endif
 
-#ifdef NID_X448
+#if defined(NID_X448) && !defined(LIBRESSL_VERSION_NUMBER)
     case NID_X448:
         /* no parameters */
         if (NULL == (ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL))