Bug 777 - OpenSSL 1.1.0 compatibility
OpenSSL 1.1.0 compatibility
Status: RESOLVED FIXED
Product: unbound
Classification: Unclassified
Component: server
1.5.9
All Linux
: P5 normal
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-06-11 17:32 CEST by Robert Edmonds
Modified: 2016-08-29 09:05 CEST (History)
3 users (show)

See Also:


Attachments
patch for openssl 1.1.0 (5.18 KB, patch)
2016-08-28 22:04 CEST, Sebastian A. Siewior
Details | Diff
patch for openssl 1.1.0, v2 (4.65 KB, patch)
2016-08-28 23:18 CEST, Sebastian A. Siewior
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Edmonds 2016-06-11 17:32:30 CEST
Hi,

Unbound 1.5.9 fails to build with OpenSSL 1.1.0 (version 1.1.0~pre5-3 from Debian experimental). It looks like the big change was to make OpenSSL data structures opaque (https://wiki.openssl.org/index.php/1.1_API_Changes).

Here are the compile errors:

------------------------
daemon/remote.c: In function 'get_dh2048':
daemon/remote.c:179:4: error: dereferencing pointer to incomplete type 'DH {aka struct dh_st}'
  dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
    ^
------------------------
validator/val_secalgo.c: In function 'verify_canonrrset':
validator/val_secalgo.c:604:26: error: too few arguments to function 'CRYPTO_free'
   else if(docrypto_free) CRYPTO_free(sigblock);
                          ^
In file included from /usr/include/openssl/comp.h:16:0,
                 from /usr/include/openssl/ssl.h:47,
                 from ./sldns/keyraw.h:27,
                 from validator/val_secalgo.c:50:
/usr/include/openssl/crypto.h:267:6: note: declared here
 void CRYPTO_free(void *ptr, const char *file, int line);
      ^
validator/val_secalgo.c:612:26: error: too few arguments to function 'CRYPTO_free'
   else if(docrypto_free) CRYPTO_free(sigblock);
                          ^
In file included from /usr/include/openssl/comp.h:16:0,
                 from /usr/include/openssl/ssl.h:47,
                 from ./sldns/keyraw.h:27,
                 from validator/val_secalgo.c:50:
/usr/include/openssl/crypto.h:267:6: note: declared here
 void CRYPTO_free(void *ptr, const char *file, int line);
      ^
validator/val_secalgo.c:621:26: error: too few arguments to function 'CRYPTO_free'
   else if(docrypto_free) CRYPTO_free(sigblock);
                          ^
In file included from /usr/include/openssl/comp.h:16:0,
                 from /usr/include/openssl/ssl.h:47,
                 from ./sldns/keyraw.h:27,
                 from validator/val_secalgo.c:50:
/usr/include/openssl/crypto.h:267:6: note: declared here
 void CRYPTO_free(void *ptr, const char *file, int line);
      ^
validator/val_secalgo.c:635:25: error: too few arguments to function 'CRYPTO_free'
  else if(docrypto_free) CRYPTO_free(sigblock);
                         ^
In file included from /usr/include/openssl/comp.h:16:0,
                 from /usr/include/openssl/ssl.h:47,
                 from ./sldns/keyraw.h:27,
                 from validator/val_secalgo.c:50:
/usr/include/openssl/crypto.h:267:6: note: declared here
 void CRYPTO_free(void *ptr, const char *file, int line);
      ^
------------------------
sldns/keyraw.c: In function 'sldns_key_buf2dsa_raw':
sldns/keyraw.c:219:5: error: dereferencing pointer to incomplete type 'DSA {aka struct dsa_st}'
  dsa->p = P;
     ^
sldns/keyraw.c: In function 'sldns_key_buf2rsa_raw':
sldns/keyraw.c:277:5: error: dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}'
  rsa->n = modulus;
     ^
------------------------
Comment 1 Wouter Wijngaards 2016-06-13 09:12:26 CEST
Hi Robert,

Some of these changes were made for another pre 1.1.0 openssl compatibility.  Perhaps I should wait until the API stabilizes?

Best regards, Wouter
Comment 2 Sebastian A. Siewior 2016-08-28 22:04:35 CEST
Created attachment 349 [details]
patch for openssl 1.1.0
Comment 3 Sebastian A. Siewior 2016-08-28 22:05:44 CEST
1.5.9 fails to build against openssl 1.1.0, see

https://breakpoint.cc/openssl-1.1-rebuild-2016-08-26/failed/unbound_1.5.9-3_amd64-2016-08-26T19%3A56%3A03Z

The patch attached has been compile tested.
Comment 4 Sebastian A. Siewior 2016-08-28 23:18:38 CEST
Created attachment 350 [details]
patch for openssl 1.1.0, v2

CRYPTO_free() => OPENSSL_free() and a ifdef less
Comment 5 Wouter Wijngaards 2016-08-29 09:05:52 CEST
Hi Sebastian,

Thank you for the patch.  I have applied it to the code repository.

Best regards, Wouter