[Pkg-dns-devel] Bug#828584: unbound: FTBFS with openssl 1.1.0
Kurt Roeckx
kurt at roeckx.be
Sun Aug 28 20:42:39 UTC 2016
> diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c
> index 11c8cd16e8f9..a475385e4b2b 100644
> --- a/validator/val_secalgo.c
> +++ b/validator/val_secalgo.c
> @@ -72,6 +72,17 @@
> #include <openssl/engine.h>
> #endif
>
> +static inline void ossl_CRYPTO_free(unsigned char *ptr,
> + const char *ATTR_UNUSED(file),
> + int ATTR_UNUSED(line))
> +{
> +#if OPENSSL_VERSION_NUMBER < 0x10100000
> + CRYPTO_free(ptr);
> +#else
> + CRYPTO_free(ptr, file, line);
> +#endif
> +}
> +
> /* return size of digest if supported, or 0 otherwise */
> size_t
> nsec3_hash_algo_size_supported(int id)
> @@ -601,7 +612,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
> log_err("EVP_MD_CTX_new: malloc failure");
> EVP_PKEY_free(evp_key);
> if(dofree) free(sigblock);
> - else if(docrypto_free) CRYPTO_free(sigblock);
> + else if(docrypto_free) ossl_CRYPTO_free(sigblock, __FILE__, __LINE__);
> return sec_status_unchecked;
> }
> if(EVP_VerifyInit(ctx, digest_type) == 0) {
> @@ -609,7 +620,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
> EVP_MD_CTX_destroy(ctx);
> EVP_PKEY_free(evp_key);
> if(dofree) free(sigblock);
> - else if(docrypto_free) CRYPTO_free(sigblock);
> + else if(docrypto_free) ossl_CRYPTO_free(sigblock, __FILE__, __LINE__);
> return sec_status_unchecked;
> }
> if(EVP_VerifyUpdate(ctx, (unsigned char*)sldns_buffer_begin(buf),
> @@ -618,7 +629,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
> EVP_MD_CTX_destroy(ctx);
> EVP_PKEY_free(evp_key);
> if(dofree) free(sigblock);
> - else if(docrypto_free) CRYPTO_free(sigblock);
> + else if(docrypto_free) ossl_CRYPTO_free(sigblock, __FILE__, __LINE__);
> return sec_status_unchecked;
> }
>
> @@ -632,7 +643,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
> EVP_PKEY_free(evp_key);
>
> if(dofree) free(sigblock);
> - else if(docrypto_free) CRYPTO_free(sigblock);
> + else if(docrypto_free) ossl_CRYPTO_free(sigblock, __FILE__, __LINE__);
>
> if(res == 1) {
> return sec_status_secure;
Maybe you should just call OPENSSL_free() instead of
CRYPTO_free()?
Kurt
More information about the pkg-dns-devel
mailing list