From: Willem Toorop Date: Wed, 30 Nov 2016 13:24:32 +0000 (+0100) Subject: LibreSSL has OPENSSL_VERSION_NUMBER >= 0x2000000 X-Git-Tag: release-1.7.0-rc1~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cd6cb8d5b8d706839d8b2309761d8454632b671d;p=thirdparty%2Fldns.git LibreSSL has OPENSSL_VERSION_NUMBER >= 0x2000000 --- diff --git a/configure.ac b/configure.ac index 4f9bc2e0..976f161b 100644 --- a/configure.ac +++ b/configure.ac @@ -324,7 +324,15 @@ tmp_LDFLAGS=$LDFLAGS tmp_LIBS=$LIBS ACX_WITH_SSL_OPTIONAL - +if test "x$HAVE_SSL" != "xyes"; then + AC_MSG_CHECKING([for LibreSSL]) + if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then + AC_MSG_RESULT([yes]) + AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL]) + else + AC_MSG_RESULT([no]) + fi +fi AC_CHECK_FUNCS([EVP_sha256 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id]) # for macosx, see if glibtool exists and use that diff --git a/dnssec.c b/dnssec.c index a3302ed4..6faaa9c4 100644 --- a/dnssec.c +++ b/dnssec.c @@ -375,7 +375,7 @@ ldns_key_buf2dsa_raw(const unsigned char* key, size_t len) BN_free(Y); return NULL; } -#if OPENSSL_VERSION_NUMBER < 0x10100000 +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) #ifndef S_SPLINT_S dsa->p = P; dsa->q = Q; @@ -461,7 +461,7 @@ ldns_key_buf2rsa_raw(const unsigned char* key, size_t len) BN_free(modulus); return NULL; } -#if OPENSSL_VERSION_NUMBER < 0x10100000 +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) #ifndef S_SPLINT_S rsa->n = modulus; rsa->e = exponent; diff --git a/error.c b/error.c index e8e682d7..35ee5bdd 100644 --- a/error.c +++ b/error.c @@ -147,7 +147,7 @@ ldns_lookup_table ldns_error_str[] = { "Syntax error, superfluous text present" }, { LDNS_STATUS_NSEC3_DOMAINNAME_OVERFLOW, "The NSEC3 domainname length overflow" }, -#if OPENSSL_VERSION_NUMBER < 0x10100000 +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) { LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA, "ldns needs to be linked with OpenSSL >= 1.1.0 to be able " "to verify the DANE-TA usage type." }, diff --git a/examples/ldns-dane.c b/examples/ldns-dane.c index 56ca3683..4372c4a9 100644 --- a/examples/ldns-dane.c +++ b/examples/ldns-dane.c @@ -1097,7 +1097,7 @@ dane_create(ldns_rr_list* tlsas, ldns_rdf* tlsa_owner, } } -#if defined(USE_DANE_VERIFY) && OPENSSL_VERSION_NUMBER < 0x10100000 +#if defined(USE_DANE_VERIFY) && ( OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL ) static bool dane_verify(ldns_rr_list* tlsas, ldns_rdf* address, X509* cert, STACK_OF(X509)* extra_certs, @@ -1165,7 +1165,7 @@ main(int argc, char* const* argv) ldns_status s; size_t i; -#if OPENSSL_VERSION_NUMBER >= 0x10100000 +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && ! defined(HAVE_LIBRESSL) size_t j, usable_tlsas = 0; X509_STORE_CTX *store_ctx = NULL; #endif /* OPENSSL_VERSION_NUMBER >= 0x10100000 */ @@ -1688,7 +1688,7 @@ main(int argc, char* const* argv) } } -#if OPENSSL_VERSION_NUMBER < 0x10100000 +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) ctx = SSL_CTX_new(SSLv23_client_method()); #else ctx = SSL_CTX_new(TLS_client_method()); @@ -1730,7 +1730,7 @@ main(int argc, char* const* argv) verify_server_name, name); break; #ifdef USE_DANE_VERIFY -#if OPENSSL_VERSION_NUMBER < 0x10100000 +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) case VERIFY: if (! dane_verify(tlsas, NULL, cert, extra_certs, store, verify_server_name, name, @@ -1844,7 +1844,7 @@ main(int argc, char* const* argv) address = ldns_rr_a_address( ldns_rr_list_rr(addresses, i)); assert(address != NULL); -#if OPENSSL_VERSION_NUMBER >= 0x10100000 +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && ! defined(HAVE_LIBRESSL) if (mode == VERIFY) { usable_tlsas = 0; if (SSL_dane_enable(ssl, name_str) <= 0) { @@ -1904,7 +1904,7 @@ main(int argc, char* const* argv) continue; } LDNS_ERR(s, "could not get cert chain from ssl"); -#if OPENSSL_VERSION_NUMBER >= 0x10100000 +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && ! defined(HAVE_LIBRESSL) if (mode == VERIFY) { char *address_str = ldns_rdf2str(address); @@ -1934,7 +1934,7 @@ main(int argc, char* const* argv) #ifdef USE_DANE_VERIFY case VERIFY: -#if OPENSSL_VERSION_NUMBER < 0x10100000 +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) if (! dane_verify(tlsas, address, cert, extra_certs, store, verify_server_name, name, diff --git a/host2str.c b/host2str.c index a6f84746..280961b8 100644 --- a/host2str.c +++ b/host2str.c @@ -2040,7 +2040,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k) const BIGNUM *n=NULL, *e=NULL, *d=NULL, *p=NULL, *q=NULL, *dmp1=NULL, *dmq1=NULL, *iqmp=NULL; -#if OPENSSL_VERSION_NUMBER < 0x10100000 +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) n = rsa->n; e = rsa->e; d = rsa->d; @@ -2092,7 +2092,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k) if(1) { const BIGNUM *p=NULL, *q=NULL, *g=NULL, *priv_key=NULL, *pub_key=NULL; -#if OPENSSL_VERSION_NUMBER < 0x10100000 +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) #ifndef S_SPLINT_S p = dsa->p; q = dsa->q; diff --git a/keys.c b/keys.c index 70aaa90f..11e18f53 100644 --- a/keys.c +++ b/keys.c @@ -898,7 +898,7 @@ ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr) } #endif /* splint */ -#if OPENSSL_VERSION_NUMBER < 0x10100000 +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) # ifndef S_SPLINT_S rsa->n = n; rsa->e = e; @@ -1018,7 +1018,7 @@ ldns_key_new_frm_fp_dsa_l(FILE *f, ATTR_UNUSED(int *line_nr)) } #endif /* splint */ -#if OPENSSL_VERSION_NUMBER < 0x10100000 +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) # ifndef S_SPLINT_S dsa->p = p; dsa->q = q; @@ -1700,7 +1700,7 @@ ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size) if (!k) { return false; } -#if OPENSSL_VERSION_NUMBER < 0x10100000 +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) n = k->n; e = k->e; #else