Adjust patches
This commit is contained in:
parent
f2a78175be
commit
d31af5c89a
|
@ -1,4 +1,4 @@
|
|||
From 074f65dcd9acb766d45462515847988fd239e7db Mon Sep 17 00:00:00 2001
|
||||
From 512fd1734e4204288edfe9fb28eda74aa70b8aa9 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 8 Sep 2022 17:19:20 +0200
|
||||
Subject: [PATCH] Do not use OSSL_PARAM when engine API is compiled
|
||||
|
@ -10,13 +10,13 @@ Allow switching to OpenSSL 1.1 like calls even on OpenSSL 3.0 when
|
|||
OPENSSL_API_COMPAT=10100 is defined. It would still compile and allow
|
||||
working keys loading from the engine passed on command line.
|
||||
---
|
||||
lib/dns/openssldh_link.c | 136 +++++++++++++++++++-----------------
|
||||
lib/dns/opensslecdsa_link.c | 119 +++++++++++++++----------------
|
||||
lib/dns/openssldh_link.c | 134 ++++++++++++++++++------------------
|
||||
lib/dns/opensslecdsa_link.c | 119 ++++++++++++++++----------------
|
||||
lib/dns/opensslrsa_link.c | 118 +++++++++++++++----------------
|
||||
3 files changed, 189 insertions(+), 184 deletions(-)
|
||||
3 files changed, 187 insertions(+), 184 deletions(-)
|
||||
|
||||
diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c
|
||||
index e76cfbe..cc7c1cc 100644
|
||||
index f063160..f775c48 100644
|
||||
--- a/lib/dns/openssldh_link.c
|
||||
+++ b/lib/dns/openssldh_link.c
|
||||
@@ -91,7 +91,7 @@ static BIGNUM *bn2 = NULL, *bn768 = NULL, *bn1024 = NULL, *bn1536 = NULL;
|
||||
|
@ -68,16 +68,16 @@ index e76cfbe..cc7c1cc 100644
|
|||
|
||||
isc_buffer_add(secret, (unsigned int)secret_len);
|
||||
|
||||
@@ -165,7 +165,7 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
|
||||
|
||||
@@ -166,7 +166,7 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
|
||||
static bool
|
||||
openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
bool ret = true;
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
DH *dh1, *dh2;
|
||||
const BIGNUM *pub_key1 = NULL, *pub_key2 = NULL;
|
||||
const BIGNUM *priv_key1 = NULL, *priv_key2 = NULL;
|
||||
@@ -175,9 +175,9 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
@@ -176,9 +176,9 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
BIGNUM *pub_key1 = NULL, *pub_key2 = NULL;
|
||||
BIGNUM *priv_key1 = NULL, *priv_key2 = NULL;
|
||||
BIGNUM *p1 = NULL, *g1 = NULL, *p2 = NULL, *g2 = NULL;
|
||||
|
@ -89,7 +89,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
dh1 = key1->keydata.dh;
|
||||
dh2 = key2->keydata.dh;
|
||||
|
||||
@@ -209,7 +209,7 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
@@ -210,7 +210,7 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_PUB_KEY, &pub_key2);
|
||||
EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PRIV_KEY, &priv_key1);
|
||||
EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_PRIV_KEY, &priv_key2);
|
||||
|
@ -99,27 +99,27 @@ index e76cfbe..cc7c1cc 100644
|
|||
if (BN_cmp(p1, p2) != 0 || BN_cmp(g1, g2) != 0 ||
|
||||
BN_cmp(pub_key1, pub_key2) != 0)
|
||||
@@ -226,7 +226,7 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
}
|
||||
}
|
||||
|
||||
err:
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
if (p1 != NULL) {
|
||||
BN_free(p1);
|
||||
}
|
||||
@@ -251,22 +251,23 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
@@ -251,7 +251,7 @@ err:
|
||||
if (priv_key2 != NULL) {
|
||||
BN_clear_free(priv_key2);
|
||||
}
|
||||
-#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
|
||||
+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 \
|
||||
+ */
|
||||
+#endif // OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
|
||||
return (true);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
@@ -259,15 +259,15 @@ err:
|
||||
static bool
|
||||
openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
bool ret = true;
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
DH *dh1, *dh2;
|
||||
|
@ -128,38 +128,38 @@ index e76cfbe..cc7c1cc 100644
|
|||
EVP_PKEY *pkey1, *pkey2;
|
||||
BIGNUM *p1 = NULL, *g1 = NULL, *p2 = NULL, *g2 = NULL;
|
||||
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
|
||||
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
|
||||
+#endif // OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
dh1 = key1->keydata.dh;
|
||||
dh2 = key2->keydata.dh;
|
||||
|
||||
@@ -292,13 +293,13 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
@@ -293,14 +293,14 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_FFC_P, &p2);
|
||||
EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_FFC_G, &g1);
|
||||
EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_FFC_G, &g2);
|
||||
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
|
||||
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
|
||||
+#endif // OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
|
||||
if (BN_cmp(p1, p2) != 0 || BN_cmp(g1, g2) != 0) {
|
||||
return (false);
|
||||
DST_RET(false);
|
||||
}
|
||||
|
||||
err:
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
if (p1 != NULL) {
|
||||
BN_free(p1);
|
||||
}
|
||||
@@ -311,12 +312,13 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
@@ -313,12 +313,12 @@ err:
|
||||
if (g2 != NULL) {
|
||||
BN_free(g2);
|
||||
}
|
||||
-#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
|
||||
+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 \
|
||||
+ */
|
||||
+#endif // OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
|
||||
return (true);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
|
@ -167,7 +167,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
static int
|
||||
progress_cb(int p, int n, BN_GENCB *cb) {
|
||||
union {
|
||||
@@ -347,7 +349,7 @@ progress_cb(EVP_PKEY_CTX *ctx) {
|
||||
@@ -349,7 +349,7 @@ progress_cb(EVP_PKEY_CTX *ctx) {
|
||||
}
|
||||
return (1);
|
||||
}
|
||||
|
@ -176,7 +176,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
|
||||
static isc_result_t
|
||||
openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -357,7 +359,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -359,7 +359,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
void (*fptr)(int);
|
||||
} u;
|
||||
BIGNUM *p = NULL, *g = NULL;
|
||||
|
@ -185,7 +185,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
DH *dh = NULL;
|
||||
BN_GENCB *cb = NULL;
|
||||
#if !HAVE_BN_GENCB_NEW
|
||||
@@ -370,9 +372,9 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -372,9 +372,9 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
EVP_PKEY_CTX *ctx = NULL;
|
||||
EVP_PKEY *param_pkey = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
|
@ -197,7 +197,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
dh = DH_new();
|
||||
if (dh == NULL) {
|
||||
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
|
||||
@@ -386,7 +388,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -388,7 +388,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
if (param_ctx == NULL) {
|
||||
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
|
@ -206,7 +206,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
|
||||
if (generator == 0) {
|
||||
/*
|
||||
@@ -406,7 +408,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -408,7 +408,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
if (p == NULL || g == NULL) {
|
||||
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
|
||||
}
|
||||
|
@ -215,7 +215,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
if (DH_set0_pqg(dh, p, NULL, g) != 1) {
|
||||
DST_RET(dst__openssl_toresult2(
|
||||
"DH_set0_pqg", DST_R_OPENSSLFAILURE));
|
||||
@@ -430,7 +432,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -432,7 +432,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
params = OSSL_PARAM_BLD_to_param(bld);
|
||||
|
@ -224,7 +224,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
|
||||
} else {
|
||||
/*
|
||||
@@ -443,7 +445,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -445,7 +445,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
}
|
||||
|
||||
if (generator != 0) {
|
||||
|
@ -233,7 +233,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
if (callback != NULL) {
|
||||
cb = BN_GENCB_new();
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
@@ -484,10 +486,10 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -486,10 +486,10 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
params = OSSL_PARAM_BLD_to_param(bld);
|
||||
|
@ -246,7 +246,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
if (DH_generate_key(dh) == 0) {
|
||||
DST_RET(dst__openssl_toresult2("DH_generate_key",
|
||||
DST_R_OPENSSLFAILURE));
|
||||
@@ -554,12 +556,12 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -556,12 +556,12 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
|
||||
key->keydata.pkey = pkey;
|
||||
pkey = NULL;
|
||||
|
@ -261,7 +261,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
if (dh != NULL) {
|
||||
DH_free(dh);
|
||||
}
|
||||
@@ -591,14 +593,14 @@ err:
|
||||
@@ -593,14 +593,14 @@ err:
|
||||
if (g != NULL) {
|
||||
BN_free(g);
|
||||
}
|
||||
|
@ -278,7 +278,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
DH *dh = key->keydata.dh;
|
||||
const BIGNUM *priv_key = NULL;
|
||||
|
||||
@@ -623,12 +625,12 @@ openssldh_isprivate(const dst_key_t *key) {
|
||||
@@ -625,12 +625,12 @@ openssldh_isprivate(const dst_key_t *key) {
|
||||
}
|
||||
|
||||
return (ret);
|
||||
|
@ -293,7 +293,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
DH *dh = key->keydata.dh;
|
||||
|
||||
if (dh == NULL) {
|
||||
@@ -646,7 +648,7 @@ openssldh_destroy(dst_key_t *key) {
|
||||
@@ -648,7 +648,7 @@ openssldh_destroy(dst_key_t *key) {
|
||||
|
||||
EVP_PKEY_free(pkey);
|
||||
key->keydata.pkey = NULL;
|
||||
|
@ -302,10 +302,10 @@ index e76cfbe..cc7c1cc 100644
|
|||
}
|
||||
|
||||
static void
|
||||
@@ -672,17 +674,17 @@ uint16_fromregion(isc_region_t *region) {
|
||||
|
||||
@@ -675,17 +675,17 @@ uint16_fromregion(isc_region_t *region) {
|
||||
static isc_result_t
|
||||
openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
||||
isc_result_t ret = ISC_R_SUCCESS;
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
DH *dh;
|
||||
|
@ -314,7 +314,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
EVP_PKEY *pkey;
|
||||
BIGNUM *pub_key = NULL, *p = NULL, *g = NULL;
|
||||
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
|
||||
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
|
||||
+#endif // OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
isc_region_t r;
|
||||
uint16_t dnslen, plen, glen, publen;
|
||||
|
||||
|
@ -323,7 +323,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
REQUIRE(key->keydata.dh != NULL);
|
||||
|
||||
dh = key->keydata.dh;
|
||||
@@ -695,7 +697,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -698,7 +698,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
||||
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_P, &p);
|
||||
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_G, &g);
|
||||
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key);
|
||||
|
@ -332,16 +332,16 @@ index e76cfbe..cc7c1cc 100644
|
|||
|
||||
isc_buffer_availableregion(data, &r);
|
||||
|
||||
@@ -742,7 +744,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
||||
|
||||
@@ -746,7 +746,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
||||
isc_buffer_add(data, dnslen);
|
||||
|
||||
err:
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
if (p != NULL) {
|
||||
BN_free(p);
|
||||
}
|
||||
@@ -752,7 +754,8 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -756,7 +756,8 @@ err:
|
||||
if (pub_key != NULL) {
|
||||
BN_free(pub_key);
|
||||
}
|
||||
|
@ -349,9 +349,9 @@ index e76cfbe..cc7c1cc 100644
|
|||
+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 \
|
||||
+ */
|
||||
|
||||
return (ISC_R_SUCCESS);
|
||||
return (ret);
|
||||
}
|
||||
@@ -760,14 +763,14 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -764,14 +765,14 @@ err:
|
||||
static isc_result_t
|
||||
openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
isc_result_t ret;
|
||||
|
@ -368,7 +368,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
BIGNUM *pub_key = NULL, *p = NULL, *g = NULL;
|
||||
int key_size;
|
||||
isc_region_t r;
|
||||
@@ -779,7 +782,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -783,7 +784,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
return (ISC_R_SUCCESS);
|
||||
}
|
||||
|
||||
|
@ -377,7 +377,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
dh = DH_new();
|
||||
if (dh == NULL) {
|
||||
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
|
||||
@@ -793,7 +796,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -797,7 +798,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
if (ctx == NULL) {
|
||||
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
|
@ -386,7 +386,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
|
||||
/*
|
||||
* Read the prime length. 1 & 2 are table entries, > 16 means a
|
||||
@@ -869,7 +872,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -873,7 +874,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
|
||||
key_size = BN_num_bits(p);
|
||||
|
||||
|
@ -395,7 +395,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
if (DH_set0_pqg(dh, p, NULL, g) != 1) {
|
||||
DST_RET(dst__openssl_toresult2("DH_set0_pqg",
|
||||
DST_R_OPENSSLFAILURE));
|
||||
@@ -885,7 +888,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -889,7 +890,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
|
||||
DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
|
@ -404,7 +404,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
|
||||
if (r.length < 2) {
|
||||
DST_RET(DST_R_INVALIDPUBLICKEY);
|
||||
@@ -903,7 +906,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -907,7 +908,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
|
||||
isc_buffer_forward(data, plen + glen + publen + 6);
|
||||
|
||||
|
@ -413,7 +413,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && \
|
||||
(LIBRESSL_VERSION_NUMBER <= 0x2070200fL)
|
||||
/*
|
||||
@@ -947,14 +950,14 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -951,14 +952,14 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
|
||||
key->keydata.pkey = pkey;
|
||||
pkey = NULL;
|
||||
|
@ -430,7 +430,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
if (dh != NULL) {
|
||||
DH_free(dh);
|
||||
}
|
||||
@@ -971,7 +974,7 @@ err:
|
||||
@@ -975,7 +976,7 @@ err:
|
||||
if (bld != NULL) {
|
||||
OSSL_PARAM_BLD_free(bld);
|
||||
}
|
||||
|
@ -439,7 +439,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
if (p != NULL) {
|
||||
BN_free(p);
|
||||
}
|
||||
@@ -987,13 +990,13 @@ err:
|
||||
@@ -991,13 +992,13 @@ err:
|
||||
|
||||
static isc_result_t
|
||||
openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
|
@ -455,7 +455,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
dst_private_t priv;
|
||||
unsigned char *bufs[4] = { NULL };
|
||||
unsigned short i = 0;
|
||||
@@ -1003,7 +1006,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
@@ -1007,7 +1008,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
return (DST_R_EXTERNALKEY);
|
||||
}
|
||||
|
||||
|
@ -464,7 +464,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
if (key->keydata.dh == NULL) {
|
||||
return (DST_R_NULLKEY);
|
||||
}
|
||||
@@ -1021,7 +1024,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
@@ -1025,7 +1026,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_G, &g);
|
||||
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key);
|
||||
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv_key);
|
||||
|
@ -473,7 +473,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
|
||||
priv.elements[i].tag = TAG_DH_PRIME;
|
||||
priv.elements[i].length = BN_num_bytes(p);
|
||||
@@ -1061,7 +1064,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
@@ -1065,7 +1066,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -482,7 +482,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
if (p != NULL) {
|
||||
BN_free(p);
|
||||
}
|
||||
@@ -1074,7 +1077,8 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
@@ -1078,7 +1079,8 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
if (priv_key != NULL) {
|
||||
BN_clear_free(priv_key);
|
||||
}
|
||||
|
@ -492,7 +492,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
|
||||
return (result);
|
||||
}
|
||||
@@ -1084,14 +1088,14 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
@@ -1088,14 +1090,14 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
dst_private_t priv;
|
||||
isc_result_t ret;
|
||||
int i;
|
||||
|
@ -509,7 +509,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
BIGNUM *pub_key = NULL, *priv_key = NULL, *p = NULL, *g = NULL;
|
||||
int key_size = 0;
|
||||
isc_mem_t *mctx;
|
||||
@@ -1109,7 +1113,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
@@ -1113,7 +1115,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
DST_RET(DST_R_EXTERNALKEY);
|
||||
}
|
||||
|
||||
|
@ -518,7 +518,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
dh = DH_new();
|
||||
if (dh == NULL) {
|
||||
DST_RET(ISC_R_NOMEMORY);
|
||||
@@ -1123,7 +1127,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
@@ -1127,7 +1129,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
if (ctx == NULL) {
|
||||
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
|
@ -527,7 +527,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
|
||||
for (i = 0; i < priv.nelements; i++) {
|
||||
BIGNUM *bn;
|
||||
@@ -1150,7 +1154,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
@@ -1154,7 +1156,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -536,7 +536,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
if (DH_set0_key(dh, pub_key, priv_key) != 1) {
|
||||
DST_RET(dst__openssl_toresult2("DH_set0_key",
|
||||
DST_R_OPENSSLFAILURE));
|
||||
@@ -1197,13 +1201,13 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
@@ -1201,13 +1203,13 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
|
||||
key->keydata.pkey = pkey;
|
||||
pkey = NULL;
|
||||
|
@ -552,7 +552,7 @@ index e76cfbe..cc7c1cc 100644
|
|||
if (dh != NULL) {
|
||||
DH_free(dh);
|
||||
}
|
||||
@@ -1220,7 +1224,7 @@ err:
|
||||
@@ -1224,7 +1226,7 @@ err:
|
||||
if (bld != NULL) {
|
||||
OSSL_PARAM_BLD_free(bld);
|
||||
}
|
||||
|
@ -1550,5 +1550,5 @@ index 2e03a2f..50d0d63 100644
|
|||
RSA_free(rsa);
|
||||
}
|
||||
--
|
||||
2.37.2
|
||||
2.37.3
|
||||
|
||||
|
|
|
@ -111,7 +111,9 @@ Patch23: bind-9.18-pkcs11-engine-init.patch
|
|||
Patch24: bind-9.18-pkcs11-engine-compat-api.patch
|
||||
Patch25: bind-9.18-pkcs11-engine-remove-deadcode.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2122010
|
||||
Patch26: bind-9.18-unittest-netmgr-unstable.patch
|
||||
# Since 9.19.5 it does not apply and has not simple backport
|
||||
# option
|
||||
#Patch26: bind-9.18-unittest-netmgr-unstable.patch
|
||||
|
||||
%{?systemd_ordering}
|
||||
Requires: coreutils
|
||||
|
|
Loading…
Reference in New Issue