From c74decdf53ff2d3160d64c201d1ec94b93ab8bd7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
Date: Wed, 2 May 2018 14:18:06 +0200
Subject: [PATCH] Workaround LibreSSL 2.7.0-2.7.2 quirk in DH_set0_key

(cherry picked from commit 6b9e3b7b069509e79c59f89403a91761c300bdee)
---
 lib/dns/openssldh_link.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c
index 0db673dd31..8dfda0d2fa 100644
--- a/lib/dns/openssldh_link.c
+++ b/lib/dns/openssldh_link.c
@@ -44,6 +44,8 @@
 
 #include <dst/result.h>
 
+#include <openssl/opensslv.h>
+
 #include "dst_internal.h"
 #include "dst_openssl.h"
 #include "dst_parse.h"
@@ -564,7 +566,15 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
 		DH_free(dh);
 		return (dst__openssl_toresult(ISC_R_NOMEMORY));
 	}
+#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && (LIBRESSL_VERSION_NUMBER <= 0x2070200fL)
+	/*
+	 * LibreSSL << 2.7.3 DH_get0_key requires priv_key to be set when
+	 * DH structure is empty, hence we cannot use DH_get0_key().
+	 */
+	dh->pub_key = pub_key;
+#else /* LIBRESSL_VERSION_NUMBER */
 	DH_set0_key(dh, pub_key, NULL);
+#endif /* LIBRESSL_VERSION_NUMBER */
 	isc_region_consume(&r, publen);
 
 	key->key_size = BN_num_bits(p);