84 lines
2.6 KiB
Text
84 lines
2.6 KiB
Text
Fix build with opaque RSA{,_METHOD} in LibreSSL 3.5. The relevant OpenSSL API
|
|
has been available since LibreSSL 2.9. ECDSA support is thus also available.
|
|
Instead of using ENGINE, use RSA_METHOD and ECDSA_METHOD.
|
|
|
|
Index: deps/neverbleed/neverbleed.c
|
|
--- deps/neverbleed/neverbleed.c.orig
|
|
+++ deps/neverbleed/neverbleed.c
|
|
@@ -45,7 +45,7 @@
|
|
#endif
|
|
#include "neverbleed.h"
|
|
|
|
-#if (!defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1010000fL)
|
|
+#if ((!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x2090000fL) && OPENSSL_VERSION_NUMBER >= 0x1010000fL)
|
|
#define OPENSSL_1_1_API 1
|
|
#else
|
|
#define OPENSSL_1_1_API 0
|
|
@@ -683,7 +683,16 @@ static EVP_PKEY *create_pkey(neverbleed_t *nb, size_t
|
|
exdata->nb = nb;
|
|
exdata->key_index = key_index;
|
|
|
|
+#ifdef OPENSSL_NO_ENGINE
|
|
+ rsa = RSA_new();
|
|
+ if (!rsa) {
|
|
+ fprintf(stderr, "no memory\n");
|
|
+ abort();
|
|
+ }
|
|
+ RSA_set_method(rsa, nb->rsa_method);
|
|
+#else
|
|
rsa = RSA_new_method(nb->engine);
|
|
+#endif
|
|
RSA_set_ex_data(rsa, 0, exdata);
|
|
if (BN_hex2bn(&e, ebuf) == 0) {
|
|
fprintf(stderr, "failed to parse e:%s\n", ebuf);
|
|
@@ -838,7 +847,16 @@ static EVP_PKEY *ecdsa_create_pkey(neverbleed_t *nb, s
|
|
exdata->nb = nb;
|
|
exdata->key_index = key_index;
|
|
|
|
+#ifdef OPENSSL_NO_ENGINE
|
|
+ ec_key = EC_KEY_new();
|
|
+ if (!ec_key) {
|
|
+ fprintf(stderr, "no memory\n");
|
|
+ abort();
|
|
+ }
|
|
+ EC_KEY_set_method(ec_key, nb->ecdsa_method);
|
|
+#else
|
|
ec_key = EC_KEY_new_method(nb->engine);
|
|
+#endif
|
|
EC_KEY_set_ex_data(ec_key, 0, exdata);
|
|
|
|
ec_group = EC_GROUP_new_by_curve_name(curve_name);
|
|
@@ -1486,6 +1504,13 @@ int neverbleed_init(neverbleed_t *nb, char *errbuf)
|
|
pipe_fds[0] = -1;
|
|
|
|
/* setup engine */
|
|
+#ifdef OPENSSL_NO_ENGINE
|
|
+ nb->rsa_method = rsa_method;
|
|
+ nb->ecdsa_method = NULL;
|
|
+#if OPENSSL_1_1_API
|
|
+ nb->ecdsa_method = ecdsa_method;
|
|
+#endif
|
|
+#else
|
|
if ((nb->engine = ENGINE_new()) == NULL || !ENGINE_set_id(nb->engine, "neverbleed") ||
|
|
!ENGINE_set_name(nb->engine, "privilege separation software engine") || !ENGINE_set_RSA(nb->engine, rsa_method)
|
|
#if OPENSSL_1_1_API
|
|
@@ -1496,6 +1521,7 @@ int neverbleed_init(neverbleed_t *nb, char *errbuf)
|
|
goto Fail;
|
|
}
|
|
ENGINE_add(nb->engine);
|
|
+#endif
|
|
|
|
/* setup thread key */
|
|
pthread_key_create(&nb->thread_key, dispose_thread_data);
|
|
@@ -1513,9 +1539,11 @@ Fail:
|
|
}
|
|
if (listen_fd != -1)
|
|
close(listen_fd);
|
|
+#ifndef OPENSSL_NO_ENGINE
|
|
if (nb->engine != NULL) {
|
|
ENGINE_free(nb->engine);
|
|
nb->engine = NULL;
|
|
}
|
|
+#endif
|
|
return -1;
|
|
}
|