Merge branch 'maint-0.2.8'

3 files changed, 18 insertions, 14 deletions

diff --git a/changes/bug19499 b/changes/bug19499
new file mode 100644
index 0000000000..5db49bb749
--- /dev/null
+++ b/changes/bug19499
@@ -0,0 +1,4 @@
+  o Minor features (build):
+    - Tor now again builds with the recent OpenSSL 1.1 development branch
+      (tested against 1.1.0-pre6-dev).
+
diff --git a/src/common/crypto.c b/src/common/crypto.c
index d5043c3246..1c5b5993c9 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -135,7 +135,7 @@ struct crypto_dh_t {
 };
 
 static int setup_openssl_threading(void);
-static int tor_check_dh_key(int severity, BIGNUM *bn);
+static int tor_check_dh_key(int severity, const BIGNUM *bn);
 
 /** Return the number of bytes added by padding method <b>padding</b>.
  */
@@ -452,7 +452,7 @@ crypto_pk_private_ok(const crypto_pk_t *k)
   if (!k || !k->key)
     return 0;
 
-  BIGNUM *p, *q;
+  const BIGNUM *p, *q;
   RSA_get0_factors(k->key, &p, &q);
   return p != NULL; /* XXX/yawning: Should we check q? */
 #else
@@ -876,10 +876,10 @@ crypto_pk_public_exponent_ok(crypto_pk_t *env)
   tor_assert(env);
   tor_assert(env->key);
 
-  BIGNUM *e;
+  const BIGNUM *e;
 
 #ifdef OPENSSL_1_1_API
-  BIGNUM *n, *d;
+  const BIGNUM *n, *d;
   RSA_get0_key(env->key, &n, &e, &d);
 #else
   e = env->key->e;
@@ -905,11 +905,11 @@ crypto_pk_cmp_keys(const crypto_pk_t *a, const crypto_pk_t *b)
   if (an_argument_is_null)
     return result;
 
-  BIGNUM *a_n, *a_e;
-  BIGNUM *b_n, *b_e;
+  const BIGNUM *a_n, *a_e;
+  const BIGNUM *b_n, *b_e;
 
 #ifdef OPENSSL_1_1_API
-  BIGNUM *a_d, *b_d;
+  const BIGNUM *a_d, *b_d;
   RSA_get0_key(a->key, &a_n, &a_e, &a_d);
   RSA_get0_key(b->key, &b_n, &b_e, &b_d);
 #else
@@ -961,7 +961,7 @@ crypto_pk_num_bits(crypto_pk_t *env)
   /* It's so stupid that there's no other way to check that n is valid
    * before calling RSA_bits().
    */
-  BIGNUM *n, *e, *d;
+  const BIGNUM *n, *e, *d;
   RSA_get0_key(env->key, &n, &e, &d);
   tor_assert(n != NULL);
 
@@ -2422,7 +2422,7 @@ crypto_dh_generate_public(crypto_dh_t *dh)
    * recreating the DH object.  I have no idea what sort of aliasing madness
    * can occur here, so do the check, and just bail on failure.
    */
-  BIGNUM *pub_key, *priv_key;
+  const BIGNUM *pub_key, *priv_key;
   DH_get0_key(dh->dh, &pub_key, &priv_key);
   if (tor_check_dh_key(LOG_WARN, pub_key)<0) {
     log_warn(LD_CRYPTO, "Weird! Our own DH key was invalid.  I guess once-in-"
@@ -2456,10 +2456,10 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
   int bytes;
   tor_assert(dh);
 
-  BIGNUM *dh_pub;
+  const BIGNUM *dh_pub;
 
 #ifdef OPENSSL_1_1_API
-  BIGNUM *dh_priv;
+  const BIGNUM *dh_priv;
   DH_get0_key(dh->dh, &dh_pub, &dh_priv);
 #else
   dh_pub = dh->dh->pub_key;
@@ -2498,7 +2498,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
  * See http://www.cl.cam.ac.uk/ftp/users/rja14/psandqs.ps.gz for some tips.
  */
 static int
-tor_check_dh_key(int severity, BIGNUM *bn)
+tor_check_dh_key(int severity, const BIGNUM *bn)
 {
   BIGNUM *x;
   char *s;
diff --git a/src/tools/tor-checkkey.c b/src/tools/tor-checkkey.c
index 8e957c2540..3e16fd0336 100644
--- a/src/tools/tor-checkkey.c
+++ b/src/tools/tor-checkkey.c
@@ -72,9 +72,9 @@ main(int c, char **v)
   } else {
     rsa = crypto_pk_get_rsa_(env);
 
-    BIGNUM *rsa_n;
+    const BIGNUM *rsa_n;
 #ifdef OPENSSL_1_1_API
-    BIGNUM *rsa_e, *rsa_d;
+    const BIGNUM *rsa_e, *rsa_d;
     RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
 #else
     rsa_n = rsa->n;