Workaround LibreSSL 2.7.0-2.7.2 quirk in DH_set0_key

author Ondřej Surý <ondrej@sury.org>

Wed, 2 May 2018 12:18:06 +0000 (14:18 +0200)

committer Ondřej Surý <ondrej@sury.org>

Thu, 3 May 2018 12:13:32 +0000 (14:13 +0200)
author Ondřej Surý <ondrej@sury.org>
Wed, 2 May 2018 12:18:06 +0000 (14:18 +0200)
committer Ondřej Surý <ondrej@sury.org>
Thu, 3 May 2018 12:13:32 +0000 (14:13 +0200)
diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c

index 0db673dd319ff5a4e38a3dba43d81730622ef8bb..8dfda0d2fa58d7f2386b2dc4650ff480b0bda859 100644 (file)
--- a/lib/dns/openssldh_link.c
+++ b/lib/dns/openssldh_link.c
@@ -44,6 +44,8 @@
  
  #include <dst/result.h>
  
+#include <openssl/opensslv.h>
+
  #include "dst_internal.h"
  #include "dst_openssl.h"
  #include "dst_parse.h"
@@ -564,7 +566,15 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
                 DH_free(dh);
                 return (dst__openssl_toresult(ISC_R_NOMEMORY));
         }
+#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && (LIBRESSL_VERSION_NUMBER <= 0x2070200fL)
+       /*
+        * LibreSSL << 2.7.3 DH_get0_key requires priv_key to be set when
+        * DH structure is empty, hence we cannot use DH_get0_key().
+        */
+       dh->pub_key = pub_key;
+#else /* LIBRESSL_VERSION_NUMBER */
         DH_set0_key(dh, pub_key, NULL);
+#endif /* LIBRESSL_VERSION_NUMBER */
         isc_region_consume(&r, publen);
  
         key->key_size = BN_num_bits(p);
author	Ondřej Surý <ondrej@sury.org>
	Wed, 2 May 2018 12:18:06 +0000 (14:18 +0200)
committer	Ondřej Surý <ondrej@sury.org>
	Thu, 3 May 2018 12:13:32 +0000 (14:13 +0200)