[Pkg-dns-devel] Bug#828584: unbound: FTBFS with openssl 1.1.0

Kurt Roeckx kurt at roeckx.be
Sun Aug 28 20:42:39 UTC 2016 

> diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c
> index 11c8cd16e8f9..a475385e4b2b 100644
> --- a/validator/val_secalgo.c
> +++ b/validator/val_secalgo.c
> @@ -72,6 +72,17 @@
>  #include <openssl/engine.h>
>  #endif
>  
> +static inline void ossl_CRYPTO_free(unsigned char *ptr,
> +				    const char *ATTR_UNUSED(file),
> +				    int ATTR_UNUSED(line))
> +{
> +#if OPENSSL_VERSION_NUMBER < 0x10100000
> +	CRYPTO_free(ptr);
> +#else
> +	CRYPTO_free(ptr, file, line);
> +#endif
> +}
> +
>  /* return size of digest if supported, or 0 otherwise */
>  size_t
>  nsec3_hash_algo_size_supported(int id)
> @@ -601,7 +612,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
>  		log_err("EVP_MD_CTX_new: malloc failure");
>  		EVP_PKEY_free(evp_key);
>  		if(dofree) free(sigblock);
> -		else if(docrypto_free) CRYPTO_free(sigblock);
> +		else if(docrypto_free) ossl_CRYPTO_free(sigblock, __FILE__, __LINE__);
>  		return sec_status_unchecked;
>  	}
>  	if(EVP_VerifyInit(ctx, digest_type) == 0) {
> @@ -609,7 +620,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
>  		EVP_MD_CTX_destroy(ctx);
>  		EVP_PKEY_free(evp_key);
>  		if(dofree) free(sigblock);
> -		else if(docrypto_free) CRYPTO_free(sigblock);
> +		else if(docrypto_free) ossl_CRYPTO_free(sigblock, __FILE__, __LINE__);
>  		return sec_status_unchecked;
>  	}
>  	if(EVP_VerifyUpdate(ctx, (unsigned char*)sldns_buffer_begin(buf), 
> @@ -618,7 +629,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
>  		EVP_MD_CTX_destroy(ctx);
>  		EVP_PKEY_free(evp_key);
>  		if(dofree) free(sigblock);
> -		else if(docrypto_free) CRYPTO_free(sigblock);
> +		else if(docrypto_free) ossl_CRYPTO_free(sigblock, __FILE__, __LINE__);
>  		return sec_status_unchecked;
>  	}
>  
> @@ -632,7 +643,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
>  	EVP_PKEY_free(evp_key);
>  
>  	if(dofree) free(sigblock);
> -	else if(docrypto_free) CRYPTO_free(sigblock);
> +	else if(docrypto_free) ossl_CRYPTO_free(sigblock, __FILE__, __LINE__);
>  
>  	if(res == 1) {
>  		return sec_status_secure;

Maybe you should just call OPENSSL_free() instead of
CRYPTO_free()?


Kurt

More information about the pkg-dns-devel mailing list