Bug#828584: unbound: FTBFS with openssl 1.1.0

Sun, 28 Aug 2016 13:45:21 -0700 

> diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c
> index 11c8cd16e8f9..a475385e4b2b 100644
> --- a/validator/val_secalgo.c
> +++ b/validator/val_secalgo.c
> @@ -72,6 +72,17 @@
>  #include <openssl/engine.h>
>  #endif
>  
> +static inline void ossl_CRYPTO_free(unsigned char *ptr,
> +                                 const char *ATTR_UNUSED(file),
> +                                 int ATTR_UNUSED(line))
> +{
> +#if OPENSSL_VERSION_NUMBER < 0x10100000
> +     CRYPTO_free(ptr);
> +#else
> +     CRYPTO_free(ptr, file, line);
> +#endif
> +}
> +
>  /* return size of digest if supported, or 0 otherwise */
>  size_t
>  nsec3_hash_algo_size_supported(int id)
> @@ -601,7 +612,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned 
> char* sigblock,
>               log_err("EVP_MD_CTX_new: malloc failure");
>               EVP_PKEY_free(evp_key);
>               if(dofree) free(sigblock);
> -             else if(docrypto_free) CRYPTO_free(sigblock);
> +             else if(docrypto_free) ossl_CRYPTO_free(sigblock, __FILE__, 
> __LINE__);
>               return sec_status_unchecked;
>       }
>       if(EVP_VerifyInit(ctx, digest_type) == 0) {
> @@ -609,7 +620,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned 
> char* sigblock,
>               EVP_MD_CTX_destroy(ctx);
>               EVP_PKEY_free(evp_key);
>               if(dofree) free(sigblock);
> -             else if(docrypto_free) CRYPTO_free(sigblock);
> +             else if(docrypto_free) ossl_CRYPTO_free(sigblock, __FILE__, 
> __LINE__);
>               return sec_status_unchecked;
>       }
>       if(EVP_VerifyUpdate(ctx, (unsigned char*)sldns_buffer_begin(buf), 
> @@ -618,7 +629,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned 
> char* sigblock,
>               EVP_MD_CTX_destroy(ctx);
>               EVP_PKEY_free(evp_key);
>               if(dofree) free(sigblock);
> -             else if(docrypto_free) CRYPTO_free(sigblock);
> +             else if(docrypto_free) ossl_CRYPTO_free(sigblock, __FILE__, 
> __LINE__);
>               return sec_status_unchecked;
>       }
>  
> @@ -632,7 +643,7 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned 
> char* sigblock,
>       EVP_PKEY_free(evp_key);
>  
>       if(dofree) free(sigblock);
> -     else if(docrypto_free) CRYPTO_free(sigblock);
> +     else if(docrypto_free) ossl_CRYPTO_free(sigblock, __FILE__, __LINE__);
>  
>       if(res == 1) {
>               return sec_status_secure;

Maybe you should just call OPENSSL_free() instead of
CRYPTO_free()?


Kurt

Reply via email to