Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix for LibreSSL 3.5 #663

Merged
merged 1 commit into from
Jan 15, 2022
Merged

fix for LibreSSL 3.5 #663

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
fix: apply build fix for LibreSSL 3.5. 
LibreSSL has made HMAC_CTX and DH opaque so tweak the crypto to cope
with it. Lifted from OpenBSD port patches.
  • Loading branch information
@zmyrgel
zmyrgel committed Jan 15, 2022
commit eab06f0df534f5fc2d5a24d6d15289509c547e1d
19 changes: 15 additions & 4 deletions src/std/crypto/libcrypto-rfc5114.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,11 +107,22 @@ static BIGNUM* get_bn(BIGNUM **bn, const char *hex) {
#define make_dh(param) \
DH *DH_get_##param(void) { \
DH *dh = DH_new (); \
BIGNUM *p, *q, *g; \
if (!dh) return NULL; \
dh->p = get_bn(&bn_dh##param##_p, dh##param##_p); \
dh->g = get_bn(&bn_dh##param##_g, dh##param##_g); \
dh->q = get_bn(&bn_dh##param##_q, dh##param##_q); \
if (!dh->p || !dh->q || !dh->g) { \
p = get_bn(&bn_dh##param##_p, dh##param##_p); \
g = get_bn(&bn_dh##param##_g, dh##param##_g); \
q = get_bn(&bn_dh##param##_q, dh##param##_q); \
if (!p || !q || !g) { \
BN_free(p); \
BN_free(q); \
BN_free(g); \
DH_free(dh); \
return NULL; \
} \
if (!DH_set0_pqg(dh, p, q, g)) { \
BN_free(p); \
BN_free(q); \
BN_free(g); \
DH_free(dh); \
return NULL; \
} \
Expand Down
6 changes: 3 additions & 3 deletions src/std/crypto/libcrypto.ss
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -372,7 +372,7 @@ END-C
(c-declare #<<END-C
static HMAC_CTX *ffi_create_HMAC_CTX ()
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
#if OPENSSL_VERSION_NUMBER < 0x10100000L
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we keep this guard around for older versions of LibreSSL?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not an expert on using libressl but it seems to be incorrect check in any case:
"if using old OpenSSL or any LibreSSL version -> use old API"

Which versions should use the old API?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well it used to not compile with early libressl versions that didnt have the new api.
I am fine removing these guards, just concerned about older openbsd installations.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, lets merge and if it causes problems for people we can add a more specific (versioned) guard.

HMAC_CTX *ctx = (HMAC_CTX*)malloc (sizeof (HMAC_CTX));
if (ctx) {
HMAC_CTX_init (ctx);
Expand All @@ -385,7 +385,7 @@ static HMAC_CTX *ffi_create_HMAC_CTX ()

static ___SCMOBJ ffi_release_HMAC_CTX (void *ptr)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
#if OPENSSL_VERSION_NUMBER < 0x10100000L
HMAC_CTX_cleanup ((HMAC_CTX*) ptr);
free (ptr);
#else
Expand Down Expand Up @@ -465,7 +465,7 @@ static ___SCMOBJ ffi_DH_free (void *dh)

static BIGNUM *ffi_DH_pub_key (DH *dh)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
#if OPENSSL_VERSION_NUMBER < 0x10100000L
return dh->pub_key;
#else
BIGNUM const *pub;
Expand Down