Issue 8774 - [PATCH] EVP_MD_CTX_create and EVP_MD_CTX_destroy have been replaced by EVP_MD_CTX_new and EVP_MD_CTX_free in openssl v1.1 and above.
Summary: [PATCH] EVP_MD_CTX_create and EVP_MD_CTX_destroy have been replaced by EVP_M...
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: unspecified
Hardware: All All
: --- normal
Target Milestone: 2.5.0
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-16 16:47 UTC by minfrin@sharp.fm
Modified: 2020-10-14 21:15 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description minfrin@sharp.fm 2017-11-16 16:47:28 UTC 
Full_Name: Graham Leggett
Version: git master
OS: CentOS7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2001:470:18b1:1:c920:9f6:b546:7826)


The addition of 8e34ed8c on the 7th of November broke the build for openssl <
1.1, as the patch used the newer versions of these functions.

The following patch adds the associated autoconf stuff to fix this:

From e111db878300d60acdc295eec08e008a831f9895 Mon Sep 17 00:00:00 2001
From: Graham Leggett <minfrin@sharp.fm>
Date: Sat, 23 Sep 2017 02:10:36 +0000
Subject: [PATCH] EVP_MD_CTX_create and EVP_MD_CTX_destroy have been replaced
 by EVP_MD_CTX_new and EVP_MD_CTX_free in openssl v1.1 and above.

---
 configure.in              | 5 +++++
 libraries/libldap/tls_o.c | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/configure.in b/configure.in
index 46e5e8c..b3da5f1 100644
--- a/configure.in
+++ b/configure.in
@@ -1223,6 +1223,11 @@ if test $ol_with_tls = openssl || test $ol_with_tls =
auto ; then
 				TLS_LIBS="-lssl -lcrypto"
 			fi
 
+			save_LIBS="$LIBS"
+			LIBS="$LIBS $TLS_LIBS"
+			AC_CHECK_FUNCS(EVP_MD_CTX_create EVP_MD_CTX_destroy)
+			LIBS="$save_LIBS"
+
 			OL_SSL_COMPAT
 			if test $ol_cv_ssl_crl_compat = yes ; then
 				AC_DEFINE(HAVE_OPENSSL_CRL, 1, 
diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
index d3b6ceb..14dffbd 100644
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -867,7 +867,11 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char
*hashalg, struct berval
 			goto done;
 		}
 
+#ifdef HAVE_EVP_MD_CTX_CREATE
+		mdctx = EVP_MD_CTX_create();
+#else
 		mdctx = EVP_MD_CTX_new();
+#endif
 		if ( !mdctx ) {
 			rc = -1;
 			goto done;
@@ -877,7 +881,11 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char
*hashalg, struct berval
 		EVP_DigestUpdate( mdctx, key.bv_val, key.bv_len );
 		EVP_DigestFinal_ex( mdctx, (unsigned char *)keyhash.bv_val, &len );
 		keyhash.bv_len = len;
+#ifdef HAVE_EVP_MD_CTX_DESTROY
+		EVP_MD_CTX_destroy( mdctx );
+#else
 		EVP_MD_CTX_free( mdctx );
+#endif
 	} else {
 		keyhash = key;
 	}
-- 
1.8.3.1
Comment 1 Quanah Gibson-Mount 2017-11-17 22:31:47 UTC 
--On Thursday, November 16, 2017 4:47 PM +0000 minfrin@sharp.fm wrote:

> Full_Name: Graham Leggett
> Version: git master
> OS: CentOS7
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2001:470:18b1:1:c920:9f6:b546:7826)
>
>
> The addition of 8e34ed8c on the 7th of November broke the build for
> openssl < 1.1, as the patch used the newer versions of these functions.

Thanks for the report!  This issue has now been fixed in openldap head 
without the necessity of a configure check.

Regards,
Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
Comment 2 Quanah Gibson-Mount 2017-11-17 22:38:34 UTC 
changed notes
changed state Open to Closed
moved from Incoming to Software Bugs
Comment 3 Quanah Gibson-Mount 2018-01-15 04:19:07 UTC 
changed state Closed to Test
Comment 4 OpenLDAP project 2018-02-09 19:09:55 UTC 
Fixed in master (master only)
Comment 5 Quanah Gibson-Mount 2018-02-09 19:09:55 UTC 
changed notes