On 2018-11-03 18:12:07 [+0100], Christoph Biedl wrote: > Subject: Build against openssl 1.1. > Author: Chris West <solo-debianb...@goeswhere.com> > Bug: https://github.com/tobez/validns/pull/64 > Bug-Debian: https://bugs.debian.org/859784 > Last-Update: 2018-11-03 > > --- a/dnskey.c > +++ b/dnskey.c > @@ -154,6 +154,7 @@ > unsigned int e_bytes; > unsigned char *pk; > int l; > + BIGNUM *n, *e; > > rsa = RSA_new(); > if (!rsa) > @@ -174,11 +175,14 @@ > if (l < e_bytes) /* public key is too short */ > goto done; > > - rsa->e = BN_bin2bn(pk, e_bytes, NULL); > + e = BN_bin2bn(pk, e_bytes, NULL); > + if (e == NULL) goto done;
putting the goto into a new line would look better and match the coding style. > pk += e_bytes; > l -= e_bytes; > > - rsa->n = BN_bin2bn(pk, l, NULL); > + n = BN_bin2bn(pk, l, NULL); > + if (n == NULL) goto done; > + RSA_set0_key(rsa, n, e, NULL); > > pkey = EVP_PKEY_new(); > if (!pkey) … > --- a/rrsig.c > +++ b/rrsig.c > @@ -374,7 +374,7 @@ > static pthread_mutex_t *lock_cs; > static long *lock_count; > > -static unsigned long pthreads_thread_id(void) > +unsigned long pthreads_thread_id(void) > { > unsigned long ret; > > @@ -382,7 +382,7 @@ > return(ret); > } > > -static void pthreads_locking_callback(int mode, int type, char *file, int > line) > +void pthreads_locking_callback(int mode, int type, char *file, int line) This is noise. Plus lock_cs, lock_count, CRYPTO_set_id_callback(), CRYPTO_set_locking_callback() is not required since OpenSSL 1.1.0: |git grep CRYPTO_set_locking_callback include/ |include/openssl/crypto.h:# define CRYPTO_set_locking_callback(func) I would suggest to put it behind a version ifdef so it is left out. I _assume_ the static has been removed to avoid "defined but not used warning". > { > if (mode & CRYPTO_LOCK) { > pthread_mutex_lock(&(lock_cs[type])); > @@ -446,6 +446,7 @@ > if (k->to_verify[i].openssl_error != 0) > e = k->to_verify[i].openssl_error; > } > + EVP_MD_CTX_free(k->to_verify[i].ctx); > } > if (!ok) { > struct named_rr *named_rr; Otherwise it looks okay, thank you. Sebastian