diff options
| author |   tb <tb@openbsd.org> | 2020-01-21 11:06:47 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2020-01-21 11:06:47 +0000 |
| commit | d643cd80818734b98529560b077199107712eef1 (patch) | |
| tree | 47a216a251e9b11235526267d2c0e511926c5ef6 | |
| parent | don't #ifdef out the KRL code when compiling without libcrypto (diff) | |
| download | wireguard-openbsd-d643cd80818734b98529560b077199107712eef1.tar.xz wireguard-openbsd-d643cd80818734b98529560b077199107712eef1.zip | |
Set --enable-openssl-hash to use digests from libcrypto instead
of the isc-provided ones. Get rid of most LIBRESSL_VERSION_NUMBER
checks in the C code to avoid hacky workarounds that were implemented
for old LibreSSL versions.
ok florian
| -rw-r--r-- | usr.sbin/bind/Makefile.bsd-wrapper | 3 | ||||
| -rw-r--r-- | usr.sbin/bind/lib/dns/dst_openssl.h | 4 | ||||
| -rw-r--r-- | usr.sbin/bind/lib/dns/opensslgost_link.c | 2 | ||||
| -rw-r--r-- | usr.sbin/bind/lib/dns/opensslrsa_link.c | 2 | ||||
| -rw-r--r-- | usr.sbin/bind/lib/isc/aes.c | 10 | ||||
| -rw-r--r-- | usr.sbin/bind/lib/isc/hmacsha.c | 4 | ||||
| -rw-r--r-- | usr.sbin/bind/lib/isc/include/isc/hmacsha.h | 4 | ||||
| -rw-r--r-- | usr.sbin/bind/lib/isc/include/isc/sha1.h | 4 | ||||
| -rw-r--r-- | usr.sbin/bind/lib/isc/include/isc/sha2.h | 6 | ||||
| -rw-r--r-- | usr.sbin/bind/lib/isc/sha1.c | 6 | ||||
| -rw-r--r-- | usr.sbin/bind/lib/isc/sha2.c | 12 |
11 files changed, 29 insertions, 28 deletions
diff --git a/usr.sbin/bind/Makefile.bsd-wrapper b/usr.sbin/bind/Makefile.bsd-wrapper index 58db7fd1e05..9ccffcf3838 100644 --- a/usr.sbin/bind/Makefile.bsd-wrapper +++ b/usr.sbin/bind/Makefile.bsd-wrapper @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.bsd-wrapper,v 1.23 2020/01/07 19:11:17 florian Exp $ +# $OpenBSD: Makefile.bsd-wrapper,v 1.24 2020/01/21 11:06:47 tb Exp $ .include <bsd.own.mk> @@ -14,6 +14,7 @@ CONFIGURE_OPTS= --prefix=/usr \ --with-docbook-xsl=no \ --with-libjson=no \ --disable-shared \ + --enable-openssl-hash \ --enable-sit PROG= bin/dig/dig \ diff --git a/usr.sbin/bind/lib/dns/dst_openssl.h b/usr.sbin/bind/lib/dns/dst_openssl.h index 7c66cf65ecd..2ec950bfa43 100644 --- a/usr.sbin/bind/lib/dns/dst_openssl.h +++ b/usr.sbin/bind/lib/dns/dst_openssl.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dst_openssl.h,v 1.4 2020/01/09 14:21:27 florian Exp $ */ +/* $Id: dst_openssl.h,v 1.5 2020/01/21 11:06:47 tb Exp $ */ #ifndef DST_OPENSSL_H #define DST_OPENSSL_H 1 @@ -37,7 +37,7 @@ #define USE_ENGINE 1 #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L /* * These are new in OpenSSL 1.1.0. BN_GENCB _cb needs to be declared in * the function like this before the BN_GENCB_new call: diff --git a/usr.sbin/bind/lib/dns/opensslgost_link.c b/usr.sbin/bind/lib/dns/opensslgost_link.c index ea3b48d4109..e3b52524f83 100644 --- a/usr.sbin/bind/lib/dns/opensslgost_link.c +++ b/usr.sbin/bind/lib/dns/opensslgost_link.c @@ -36,7 +36,7 @@ #include <openssl/rsa.h> #include <openssl/engine.h> -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L #define EVP_MD_CTX_new() &(ctx->_ctx), EVP_MD_CTX_init(&(ctx->_ctx)) #define EVP_MD_CTX_free(ptr) EVP_MD_CTX_cleanup(ptr) #endif diff --git a/usr.sbin/bind/lib/dns/opensslrsa_link.c b/usr.sbin/bind/lib/dns/opensslrsa_link.c index e1e1c06e347..31158e4f5e8 100644 --- a/usr.sbin/bind/lib/dns/opensslrsa_link.c +++ b/usr.sbin/bind/lib/dns/opensslrsa_link.c @@ -857,7 +857,7 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) { } u; RSA *rsa = RSA_new(); BIGNUM *e = BN_new(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L BN_GENCB _cb; #endif BN_GENCB *cb = BN_GENCB_new(); diff --git a/usr.sbin/bind/lib/isc/aes.c b/usr.sbin/bind/lib/isc/aes.c index 97cc0eb76e2..6f72032248c 100644 --- a/usr.sbin/bind/lib/isc/aes.c +++ b/usr.sbin/bind/lib/isc/aes.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: aes.c,v 1.5 2020/01/20 18:49:45 florian Exp $ */ +/* $Id: aes.c,v 1.6 2020/01/21 11:06:47 tb Exp $ */ /*! \file isc/aes.c */ @@ -32,7 +32,7 @@ #include <openssl/opensslv.h> #include <openssl/evp.h> -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L #define EVP_CIPHER_CTX_new() &(_context), EVP_CIPHER_CTX_init(&_context) #define EVP_CIPHER_CTX_free(c) RUNTIME_CHECK(EVP_CIPHER_CTX_cleanup(c) == 1) #endif @@ -41,7 +41,7 @@ void isc_aes128_crypt(const unsigned char *key, const unsigned char *in, unsigned char *out) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L EVP_CIPHER_CTX _context; #endif EVP_CIPHER_CTX *c; @@ -61,7 +61,7 @@ void isc_aes192_crypt(const unsigned char *key, const unsigned char *in, unsigned char *out) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L EVP_CIPHER_CTX _context; #endif EVP_CIPHER_CTX *c; @@ -81,7 +81,7 @@ void isc_aes256_crypt(const unsigned char *key, const unsigned char *in, unsigned char *out) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L EVP_CIPHER_CTX _context; #endif EVP_CIPHER_CTX *c; diff --git a/usr.sbin/bind/lib/isc/hmacsha.c b/usr.sbin/bind/lib/isc/hmacsha.c index 8991965beff..2c7f52c6d2c 100644 --- a/usr.sbin/bind/lib/isc/hmacsha.c +++ b/usr.sbin/bind/lib/isc/hmacsha.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hmacsha.c,v 1.6 2020/01/20 18:49:46 florian Exp $ */ +/* $Id: hmacsha.c,v 1.7 2020/01/21 11:06:47 tb Exp $ */ /* * This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 @@ -35,7 +35,7 @@ #include <isc/util.h> #ifdef ISC_PLATFORM_OPENSSLHASH -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L #define HMAC_CTX_new() &(ctx->_ctx), HMAC_CTX_init(&(ctx->_ctx)) #define HMAC_CTX_free(ptr) HMAC_CTX_cleanup(ptr) #endif diff --git a/usr.sbin/bind/lib/isc/include/isc/hmacsha.h b/usr.sbin/bind/lib/isc/include/isc/hmacsha.h index e689a1e1aac..7dbcd1f23be 100644 --- a/usr.sbin/bind/lib/isc/include/isc/hmacsha.h +++ b/usr.sbin/bind/lib/isc/include/isc/hmacsha.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hmacsha.h,v 1.4 2020/01/09 13:52:23 florian Exp $ */ +/* $Id: hmacsha.h,v 1.5 2020/01/21 11:06:47 tb Exp $ */ /*! \file isc/hmacsha.h * This is the header file for the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, @@ -42,7 +42,7 @@ typedef struct { HMAC_CTX *ctx; -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX _ctx; #endif } isc_hmacsha_t; diff --git a/usr.sbin/bind/lib/isc/include/isc/sha1.h b/usr.sbin/bind/lib/isc/include/isc/sha1.h index 32f8defb446..64a2d085c6c 100644 --- a/usr.sbin/bind/lib/isc/include/isc/sha1.h +++ b/usr.sbin/bind/lib/isc/include/isc/sha1.h @@ -17,7 +17,7 @@ #ifndef ISC_SHA1_H #define ISC_SHA1_H 1 -/* $Id: sha1.h,v 1.5 2020/01/09 18:17:19 florian Exp $ */ +/* $Id: sha1.h,v 1.6 2020/01/21 11:06:47 tb Exp $ */ /* $NetBSD: sha1.h,v 1.2 1998/05/29 22:55:44 thorpej Exp $ */ @@ -40,7 +40,7 @@ typedef struct { EVP_MD_CTX *ctx; -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L EVP_MD_CTX _ctx; #endif } isc_sha1_t; diff --git a/usr.sbin/bind/lib/isc/include/isc/sha2.h b/usr.sbin/bind/lib/isc/include/isc/sha2.h index 30fc2ff9200..dd1909b09e1 100644 --- a/usr.sbin/bind/lib/isc/include/isc/sha2.h +++ b/usr.sbin/bind/lib/isc/include/isc/sha2.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sha2.h,v 1.5 2020/01/09 18:17:19 florian Exp $ */ +/* $Id: sha2.h,v 1.6 2020/01/21 11:06:47 tb Exp $ */ /* $FreeBSD: src/sys/crypto/sha2/sha2.h,v 1.1.2.1 2001/07/03 11:01:36 ume Exp $ */ /* $KAME: sha2.h,v 1.3 2001/03/12 08:27:48 itojun Exp $ */ @@ -83,12 +83,12 @@ #include <openssl/evp.h> #endif -#if defined(ISC_PLATFORM_OPENSSLHASH) && !defined(LIBRESSL_VERSION_NUMBER) +#if defined(ISC_PLATFORM_OPENSSLHASH) typedef struct { EVP_MD_CTX *ctx; -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L EVP_MD_CTX _ctx; #endif } isc_sha2_t; diff --git a/usr.sbin/bind/lib/isc/sha1.c b/usr.sbin/bind/lib/isc/sha1.c index 02c7d6d59ee..50174a21025 100644 --- a/usr.sbin/bind/lib/isc/sha1.c +++ b/usr.sbin/bind/lib/isc/sha1.c @@ -14,10 +14,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sha1.c,v 1.9 2020/01/20 18:49:46 florian Exp $ */ +/* $Id: sha1.c,v 1.10 2020/01/21 11:06:47 tb Exp $ */ /* $NetBSD: sha1.c,v 1.5 2000/01/22 22:19:14 mycroft Exp $ */ -/* $OpenBSD: sha1.c,v 1.9 2020/01/20 18:49:46 florian Exp $ */ +/* $OpenBSD: sha1.c,v 1.10 2020/01/21 11:06:47 tb Exp $ */ /*! \file * SHA-1 in C @@ -45,7 +45,7 @@ #include <isc/util.h> #ifdef ISC_PLATFORM_OPENSSLHASH -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L #define EVP_MD_CTX_new() &(context->_ctx) #define EVP_MD_CTX_free(ptr) EVP_MD_CTX_cleanup(ptr) #endif diff --git a/usr.sbin/bind/lib/isc/sha2.c b/usr.sbin/bind/lib/isc/sha2.c index 2444f663848..6febf6711dc 100644 --- a/usr.sbin/bind/lib/isc/sha2.c +++ b/usr.sbin/bind/lib/isc/sha2.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sha2.c,v 1.8 2020/01/20 18:49:46 florian Exp $ */ +/* $Id: sha2.c,v 1.9 2020/01/21 11:06:47 tb Exp $ */ /* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */ /* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */ @@ -64,7 +64,7 @@ #include <string.h> #include <isc/util.h> -#if defined(ISC_PLATFORM_OPENSSLHASH) && !defined(LIBRESSL_VERSION_NUMBER) +#if defined(ISC_PLATFORM_OPENSSLHASH) #if OPENSSL_VERSION_NUMBER < 0x10100000L #define EVP_MD_CTX_new() &(context->_ctx) #define EVP_MD_CTX_free(ptr) EVP_MD_CTX_cleanup(ptr) @@ -1271,7 +1271,7 @@ isc_sha224_end(isc_sha224_t *context, char buffer[]) { } *buffer = (char)0; } else { -#if defined(ISC_PLATFORM_OPENSSLHASH) && !defined(LIBRESSL_VERSION_NUMBER) +#if defined(ISC_PLATFORM_OPENSSLHASH) EVP_MD_CTX_reset(context->ctx); #else isc_safe_memwipe(context, sizeof(*context)); @@ -1310,7 +1310,7 @@ isc_sha256_end(isc_sha256_t *context, char buffer[]) { } *buffer = (char)0; } else { -#if defined(ISC_PLATFORM_OPENSSLHASH) && !defined(LIBRESSL_VERSION_NUMBER) +#if defined(ISC_PLATFORM_OPENSSLHASH) EVP_MD_CTX_reset(context->ctx); #else isc_safe_memwipe(context, sizeof(*context)); @@ -1349,7 +1349,7 @@ isc_sha512_end(isc_sha512_t *context, char buffer[]) { } *buffer = (char)0; } else { -#if defined(ISC_PLATFORM_OPENSSLHASH) && !defined(LIBRESSL_VERSION_NUMBER) +#if defined(ISC_PLATFORM_OPENSSLHASH) EVP_MD_CTX_reset(context->ctx); #else isc_safe_memwipe(context, sizeof(*context)); @@ -1388,7 +1388,7 @@ isc_sha384_end(isc_sha384_t *context, char buffer[]) { } *buffer = (char)0; } else { -#if defined(ISC_PLATFORM_OPENSSLHASH) && !defined(LIBRESSL_VERSION_NUMBER) +#if defined(ISC_PLATFORM_OPENSSLHASH) EVP_MD_CTX_reset(context->ctx); #else isc_safe_memwipe(context, sizeof(*context)); |