diff options
author | Ismael Luceno | 2022-12-14 08:21:43 +0100 |
---|---|---|
committer | Ismael Luceno | 2022-12-14 08:21:43 +0100 |
commit | 3756ae54112867e69f8990569b1b7fc028aaf1ca (patch) | |
tree | d31f10e66e00f93362766be5932c3daae4a885ad /net | |
parent | 4282634cfaf3428a4d151870fe77c8517cd04456 (diff) |
tor: Fix build against LibreSSL 3.5+
Diffstat (limited to 'net')
-rw-r--r-- | net/tor/HISTORY | 2 | ||||
-rw-r--r-- | net/tor/patches/0001-Fix-build-against-LibreSSL-3.5.patch | 155 |
2 files changed, 157 insertions, 0 deletions
diff --git a/net/tor/HISTORY b/net/tor/HISTORY index 27c6cd5871..7064d6ec11 100644 --- a/net/tor/HISTORY +++ b/net/tor/HISTORY @@ -1,5 +1,7 @@ 2022-12-14 Ismael Luceno <ismael@sourcemage.org> * DETAILS: updated spell to 0.4.7.12 + * patches/0001-Fix-build-against-LibreSSL-3.5.patch: + fixed build against LibreSSL 3.5+ 2022-11-30 Ismael Luceno <ismael@sourcemage.org> * DETAILS: updated spell to 0.4.7.11 diff --git a/net/tor/patches/0001-Fix-build-against-LibreSSL-3.5.patch b/net/tor/patches/0001-Fix-build-against-LibreSSL-3.5.patch new file mode 100644 index 0000000000..4ae57674ca --- /dev/null +++ b/net/tor/patches/0001-Fix-build-against-LibreSSL-3.5.patch @@ -0,0 +1,155 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Theo Buehler <tb@openbsd.org> +Date: Fri, 14 Jan 2022 10:54:42 +0000 +Subject: [PATCH] Fix build against LibreSSL 3.5 + +Fix build with opaque structs in LibreSSL 3.5. + +Origin: OpenBSD +Upstream-Status: Unknown +[ismael@sourcemage.org: normalized the patch] +Signed-off-by: Ismael Luceno <ismael@sourcemage.org> +--- + src/lib/crypt_ops/crypto_dh_openssl.c | 12 ++++++------ + src/lib/crypt_ops/crypto_rsa_openssl.c | 10 +++++----- + src/lib/tls/x509_openssl.c | 2 +- + src/test/test_crypto.c | 2 +- + src/test/test_crypto_openssl.c | 2 +- + 5 files changed, 14 insertions(+), 14 deletions(-) + +--- a/src/lib/crypt_ops/crypto_dh_openssl.c ++++ b/src/lib/crypt_ops/crypto_dh_openssl.c +@@ -60,7 +60,7 @@ crypto_validate_dh_params(const BIGNUM *p, const BIGNU + /* Copy into a temporary DH object, just so that DH_check() can be called. */ + if (!(dh = DH_new())) + goto out; +-#ifdef OPENSSL_1_1_API ++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) + BIGNUM *dh_p, *dh_g; + if (!(dh_p = BN_dup(p))) + goto out; +@@ -223,7 +223,7 @@ new_openssl_dh_from_params(BIGNUM *p, BIGNUM *g) + goto err; + } + +-#ifdef OPENSSL_1_1_API ++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) + + if (!DH_set0_pqg(res_dh, dh_p, NULL, dh_g)) { + goto err; +@@ -276,7 +276,7 @@ crypto_dh_get_bytes(crypto_dh_t *dh) + int + crypto_dh_generate_public(crypto_dh_t *dh) + { +-#ifndef OPENSSL_1_1_API ++#if !defined(OPENSSL_1_1_API) && !defined(LIBRESSL_VERSION_NUMBER) + again: + #endif + if (!DH_generate_key(dh->dh)) { +@@ -286,7 +286,7 @@ crypto_dh_generate_public(crypto_dh_t *dh) + return -1; + /* LCOV_EXCL_STOP */ + } +-#ifdef OPENSSL_1_1_API ++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) + /* OpenSSL 1.1.x doesn't appear to let you regenerate a DH key, without + * recreating the DH object. I have no idea what sort of aliasing madness + * can occur here, so do the check, and just bail on failure. +@@ -327,7 +327,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, si + + const BIGNUM *dh_pub; + +-#ifdef OPENSSL_1_1_API ++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) + const BIGNUM *dh_priv; + DH_get0_key(dh->dh, &dh_pub, &dh_priv); + #else +@@ -338,7 +338,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, si + if (crypto_dh_generate_public(dh)<0) + return -1; + else { +-#ifdef OPENSSL_1_1_API ++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) + DH_get0_key(dh->dh, &dh_pub, &dh_priv); + #else + dh_pub = dh->dh->pub_key; +--- a/src/lib/crypt_ops/crypto_rsa_openssl.c ++++ b/src/lib/crypt_ops/crypto_rsa_openssl.c +@@ -47,7 +47,7 @@ struct crypto_pk_t + int + crypto_pk_key_is_private(const crypto_pk_t *k) + { +-#ifdef OPENSSL_1_1_API ++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) + if (!k || !k->key) + return 0; + +@@ -212,7 +212,7 @@ crypto_pk_public_exponent_ok(const crypto_pk_t *env) + + const BIGNUM *e; + +-#ifdef OPENSSL_1_1_API ++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) + const BIGNUM *n, *d; + RSA_get0_key(env->key, &n, &e, &d); + #else +@@ -242,7 +242,7 @@ crypto_pk_cmp_keys(const crypto_pk_t *a, const crypto_ + const BIGNUM *a_n, *a_e; + const BIGNUM *b_n, *b_e; + +-#ifdef OPENSSL_1_1_API ++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) + const BIGNUM *a_d, *b_d; + RSA_get0_key(a->key, &a_n, &a_e, &a_d); + RSA_get0_key(b->key, &b_n, &b_e, &b_d); +@@ -279,7 +279,7 @@ crypto_pk_num_bits(crypto_pk_t *env) + tor_assert(env); + tor_assert(env->key); + +-#ifdef OPENSSL_1_1_API ++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) + /* It's so stupid that there's no other way to check that n is valid + * before calling RSA_bits(). + */ +@@ -572,7 +572,7 @@ static bool + rsa_private_key_too_long(RSA *rsa, int max_bits) + { + const BIGNUM *n, *e, *p, *q, *d, *dmp1, *dmq1, *iqmp; +-#ifdef OPENSSL_1_1_API ++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) + + #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1) + n = RSA_get0_n(rsa); +--- a/src/lib/tls/x509_openssl.c ++++ b/src/lib/tls/x509_openssl.c +@@ -329,7 +329,7 @@ tor_tls_cert_is_valid(int severity, + cert_key = X509_get_pubkey(cert->cert); + if (check_rsa_1024 && cert_key) { + RSA *rsa = EVP_PKEY_get1_RSA(cert_key); +-#ifdef OPENSSL_1_1_API ++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) + if (rsa && RSA_bits(rsa) == 1024) { + #else + if (rsa && BN_num_bits(rsa->n) == 1024) { +--- a/src/test/test_crypto.c ++++ b/src/test/test_crypto.c +@@ -185,7 +185,7 @@ test_crypto_dh(void *arg) + dh4 = crypto_dh_new_openssl_tls(); + tt_assert(DH_generate_key(dh4)); + const BIGNUM *pk=NULL; +-#ifdef OPENSSL_1_1_API ++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) + const BIGNUM *sk=NULL; + DH_get0_key(dh4, &pk, &sk); + #else +--- a/src/test/test_crypto_openssl.c ++++ b/src/test/test_crypto_openssl.c +@@ -49,7 +49,7 @@ test_crypto_rng_engine(void *arg) + ; + } + +-#ifndef OPENSSL_1_1_API ++#if !defined(OPENSSL_1_1_API) && !defined(LIBRESSL_VERSION_NUMBER) + #define EVP_ENCODE_CTX_new() tor_malloc_zero(sizeof(EVP_ENCODE_CTX)) + #define EVP_ENCODE_CTX_free(ctx) tor_free(ctx) + #endif |