summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorIsmael Luceno2022-12-14 08:21:43 +0100
committerIsmael Luceno2022-12-14 08:21:43 +0100
commit3756ae54112867e69f8990569b1b7fc028aaf1ca (patch)
treed31f10e66e00f93362766be5932c3daae4a885ad /net
parent4282634cfaf3428a4d151870fe77c8517cd04456 (diff)
tor: Fix build against LibreSSL 3.5+
Diffstat (limited to 'net')
-rw-r--r--net/tor/HISTORY2
-rw-r--r--net/tor/patches/0001-Fix-build-against-LibreSSL-3.5.patch155
2 files changed, 157 insertions, 0 deletions
diff --git a/net/tor/HISTORY b/net/tor/HISTORY
index 27c6cd5871..7064d6ec11 100644
--- a/net/tor/HISTORY
+++ b/net/tor/HISTORY
@@ -1,5 +1,7 @@
2022-12-14 Ismael Luceno <ismael@sourcemage.org>
* DETAILS: updated spell to 0.4.7.12
+ * patches/0001-Fix-build-against-LibreSSL-3.5.patch:
+ fixed build against LibreSSL 3.5+
2022-11-30 Ismael Luceno <ismael@sourcemage.org>
* DETAILS: updated spell to 0.4.7.11
diff --git a/net/tor/patches/0001-Fix-build-against-LibreSSL-3.5.patch b/net/tor/patches/0001-Fix-build-against-LibreSSL-3.5.patch
new file mode 100644
index 0000000000..4ae57674ca
--- /dev/null
+++ b/net/tor/patches/0001-Fix-build-against-LibreSSL-3.5.patch
@@ -0,0 +1,155 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Theo Buehler <tb@openbsd.org>
+Date: Fri, 14 Jan 2022 10:54:42 +0000
+Subject: [PATCH] Fix build against LibreSSL 3.5
+
+Fix build with opaque structs in LibreSSL 3.5.
+
+Origin: OpenBSD
+Upstream-Status: Unknown
+[ismael@sourcemage.org: normalized the patch]
+Signed-off-by: Ismael Luceno <ismael@sourcemage.org>
+---
+ src/lib/crypt_ops/crypto_dh_openssl.c | 12 ++++++------
+ src/lib/crypt_ops/crypto_rsa_openssl.c | 10 +++++-----
+ src/lib/tls/x509_openssl.c | 2 +-
+ src/test/test_crypto.c | 2 +-
+ src/test/test_crypto_openssl.c | 2 +-
+ 5 files changed, 14 insertions(+), 14 deletions(-)
+
+--- a/src/lib/crypt_ops/crypto_dh_openssl.c
++++ b/src/lib/crypt_ops/crypto_dh_openssl.c
+@@ -60,7 +60,7 @@ crypto_validate_dh_params(const BIGNUM *p, const BIGNU
+ /* Copy into a temporary DH object, just so that DH_check() can be called. */
+ if (!(dh = DH_new()))
+ goto out;
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+ BIGNUM *dh_p, *dh_g;
+ if (!(dh_p = BN_dup(p)))
+ goto out;
+@@ -223,7 +223,7 @@ new_openssl_dh_from_params(BIGNUM *p, BIGNUM *g)
+ goto err;
+ }
+
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+
+ if (!DH_set0_pqg(res_dh, dh_p, NULL, dh_g)) {
+ goto err;
+@@ -276,7 +276,7 @@ crypto_dh_get_bytes(crypto_dh_t *dh)
+ int
+ crypto_dh_generate_public(crypto_dh_t *dh)
+ {
+-#ifndef OPENSSL_1_1_API
++#if !defined(OPENSSL_1_1_API) && !defined(LIBRESSL_VERSION_NUMBER)
+ again:
+ #endif
+ if (!DH_generate_key(dh->dh)) {
+@@ -286,7 +286,7 @@ crypto_dh_generate_public(crypto_dh_t *dh)
+ return -1;
+ /* LCOV_EXCL_STOP */
+ }
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+ /* OpenSSL 1.1.x doesn't appear to let you regenerate a DH key, without
+ * recreating the DH object. I have no idea what sort of aliasing madness
+ * can occur here, so do the check, and just bail on failure.
+@@ -327,7 +327,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, si
+
+ const BIGNUM *dh_pub;
+
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+ const BIGNUM *dh_priv;
+ DH_get0_key(dh->dh, &dh_pub, &dh_priv);
+ #else
+@@ -338,7 +338,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, si
+ if (crypto_dh_generate_public(dh)<0)
+ return -1;
+ else {
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+ DH_get0_key(dh->dh, &dh_pub, &dh_priv);
+ #else
+ dh_pub = dh->dh->pub_key;
+--- a/src/lib/crypt_ops/crypto_rsa_openssl.c
++++ b/src/lib/crypt_ops/crypto_rsa_openssl.c
+@@ -47,7 +47,7 @@ struct crypto_pk_t
+ int
+ crypto_pk_key_is_private(const crypto_pk_t *k)
+ {
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+ if (!k || !k->key)
+ return 0;
+
+@@ -212,7 +212,7 @@ crypto_pk_public_exponent_ok(const crypto_pk_t *env)
+
+ const BIGNUM *e;
+
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+ const BIGNUM *n, *d;
+ RSA_get0_key(env->key, &n, &e, &d);
+ #else
+@@ -242,7 +242,7 @@ crypto_pk_cmp_keys(const crypto_pk_t *a, const crypto_
+ const BIGNUM *a_n, *a_e;
+ const BIGNUM *b_n, *b_e;
+
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+ const BIGNUM *a_d, *b_d;
+ RSA_get0_key(a->key, &a_n, &a_e, &a_d);
+ RSA_get0_key(b->key, &b_n, &b_e, &b_d);
+@@ -279,7 +279,7 @@ crypto_pk_num_bits(crypto_pk_t *env)
+ tor_assert(env);
+ tor_assert(env->key);
+
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+ /* It's so stupid that there's no other way to check that n is valid
+ * before calling RSA_bits().
+ */
+@@ -572,7 +572,7 @@ static bool
+ rsa_private_key_too_long(RSA *rsa, int max_bits)
+ {
+ const BIGNUM *n, *e, *p, *q, *d, *dmp1, *dmq1, *iqmp;
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+
+ #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1)
+ n = RSA_get0_n(rsa);
+--- a/src/lib/tls/x509_openssl.c
++++ b/src/lib/tls/x509_openssl.c
+@@ -329,7 +329,7 @@ tor_tls_cert_is_valid(int severity,
+ cert_key = X509_get_pubkey(cert->cert);
+ if (check_rsa_1024 && cert_key) {
+ RSA *rsa = EVP_PKEY_get1_RSA(cert_key);
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+ if (rsa && RSA_bits(rsa) == 1024) {
+ #else
+ if (rsa && BN_num_bits(rsa->n) == 1024) {
+--- a/src/test/test_crypto.c
++++ b/src/test/test_crypto.c
+@@ -185,7 +185,7 @@ test_crypto_dh(void *arg)
+ dh4 = crypto_dh_new_openssl_tls();
+ tt_assert(DH_generate_key(dh4));
+ const BIGNUM *pk=NULL;
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+ const BIGNUM *sk=NULL;
+ DH_get0_key(dh4, &pk, &sk);
+ #else
+--- a/src/test/test_crypto_openssl.c
++++ b/src/test/test_crypto_openssl.c
+@@ -49,7 +49,7 @@ test_crypto_rng_engine(void *arg)
+ ;
+ }
+
+-#ifndef OPENSSL_1_1_API
++#if !defined(OPENSSL_1_1_API) && !defined(LIBRESSL_VERSION_NUMBER)
+ #define EVP_ENCODE_CTX_new() tor_malloc_zero(sizeof(EVP_ENCODE_CTX))
+ #define EVP_ENCODE_CTX_free(ctx) tor_free(ctx)
+ #endif