Commit c74decdf authored by Ondřej Surý's avatar Ondřej Surý

Workaround LibreSSL 2.7.0-2.7.2 quirk in DH_set0_key

(cherry picked from commit 6b9e3b7b)
parent f3414c74
......@@ -44,6 +44,8 @@
#include <dst/result.h>
#include <openssl/opensslv.h>
#include "dst_internal.h"
#include "dst_openssl.h"
#include "dst_parse.h"
......@@ -564,7 +566,15 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
DH_free(dh);
return (dst__openssl_toresult(ISC_R_NOMEMORY));
}
#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && (LIBRESSL_VERSION_NUMBER <= 0x2070200fL)
/*
* LibreSSL << 2.7.3 DH_get0_key requires priv_key to be set when
* DH structure is empty, hence we cannot use DH_get0_key().
*/
dh->pub_key = pub_key;
#else /* LIBRESSL_VERSION_NUMBER */
DH_set0_key(dh, pub_key, NULL);
#endif /* LIBRESSL_VERSION_NUMBER */
isc_region_consume(&r, publen);
key->key_size = BN_num_bits(p);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment