Bug#859784: NMU for validns

Mon, 05 Nov 2018 15:24:33 -0800 

On 2018-11-03 18:12:07 [+0100], Christoph Biedl wrote:
> Subject: Build against openssl 1.1.
> Author: Chris West <solo-debianb...@goeswhere.com>
> Bug: https://github.com/tobez/validns/pull/64
> Bug-Debian: https://bugs.debian.org/859784
> Last-Update: 2018-11-03
> 
> --- a/dnskey.c
> +++ b/dnskey.c
> @@ -154,6 +154,7 @@
>               unsigned int e_bytes;
>               unsigned char *pk;
>               int l;
> +             BIGNUM *n, *e;
>  
>               rsa = RSA_new();
>               if (!rsa)
> @@ -174,11 +175,14 @@
>               if (l < e_bytes) /* public key is too short */
>                       goto done;
>  
> -             rsa->e = BN_bin2bn(pk, e_bytes, NULL);
> +             e = BN_bin2bn(pk, e_bytes, NULL);
> +             if (e == NULL) goto done;

putting the goto into a new line would look better and match the coding
style.

>               pk += e_bytes;
>               l -= e_bytes;
>  
> -             rsa->n = BN_bin2bn(pk, l, NULL);
> +             n = BN_bin2bn(pk, l, NULL);
> +             if (n == NULL) goto done;
> +             RSA_set0_key(rsa, n, e, NULL);
>  
>               pkey = EVP_PKEY_new();
>               if (!pkey)
…
> --- a/rrsig.c
> +++ b/rrsig.c
> @@ -374,7 +374,7 @@
>  static pthread_mutex_t *lock_cs;
>  static long *lock_count;
>  
> -static unsigned long pthreads_thread_id(void)
> +unsigned long pthreads_thread_id(void)
>  {
>       unsigned long ret;
>  
> @@ -382,7 +382,7 @@
>       return(ret);
>  }
>  
> -static void pthreads_locking_callback(int mode, int type, char *file, int 
> line)
> +void pthreads_locking_callback(int mode, int type, char *file, int line)

This is noise. Plus lock_cs, lock_count, CRYPTO_set_id_callback(),
CRYPTO_set_locking_callback() is not required since OpenSSL 1.1.0:
|git grep CRYPTO_set_locking_callback include/
|include/openssl/crypto.h:#  define CRYPTO_set_locking_callback(func)

I would suggest to put it behind a version ifdef so it is left out. I
_assume_ the static has been removed to avoid "defined but not used
warning".

>  {
>       if (mode & CRYPTO_LOCK) {
>               pthread_mutex_lock(&(lock_cs[type]));
> @@ -446,6 +446,7 @@
>                               if (k->to_verify[i].openssl_error != 0)
>                                       e = k->to_verify[i].openssl_error;
>                       }
> +                     EVP_MD_CTX_free(k->to_verify[i].ctx);
>               }
>               if (!ok) {
>                       struct named_rr *named_rr;

Otherwise it looks okay, thank you.

Sebastian

Reply via email to