OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Bugs/8774
Full headers

From: minfrin@sharp.fm
Subject: [PATCH] EVP_MD_CTX_create and EVP_MD_CTX_destroy have been replaced by EVP_MD_CTX_new and EVP_MD_CTX_free in openssl v1.1 and above.
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Thu, 16 Nov 2017 16:47:28 +0000
From: minfrin@sharp.fm
To: openldap-its@OpenLDAP.org
Subject: [PATCH] EVP_MD_CTX_create and EVP_MD_CTX_destroy have been replaced  by EVP_MD_CTX_new and EVP_MD_CTX_free in openssl v1.1 and above.
Full_Name: Graham Leggett
Version: git master
OS: CentOS7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2001:470:18b1:1:c920:9f6:b546:7826)


The addition of 8e34ed8c on the 7th of November broke the build for openssl <
1.1, as the patch used the newer versions of these functions.

The following patch adds the associated autoconf stuff to fix this:

From e111db878300d60acdc295eec08e008a831f9895 Mon Sep 17 00:00:00 2001
From: Graham Leggett <minfrin@sharp.fm>
Date: Sat, 23 Sep 2017 02:10:36 +0000
Subject: [PATCH] EVP_MD_CTX_create and EVP_MD_CTX_destroy have been replaced
 by EVP_MD_CTX_new and EVP_MD_CTX_free in openssl v1.1 and above.

---
 configure.in              | 5 +++++
 libraries/libldap/tls_o.c | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/configure.in b/configure.in
index 46e5e8c..b3da5f1 100644
--- a/configure.in
+++ b/configure.in
@@ -1223,6 +1223,11 @@ if test $ol_with_tls = openssl || test $ol_with_tls =
auto ; then
 				TLS_LIBS="-lssl -lcrypto"
 			fi
 
+			save_LIBS="$LIBS"
+			LIBS="$LIBS $TLS_LIBS"
+			AC_CHECK_FUNCS(EVP_MD_CTX_create EVP_MD_CTX_destroy)
+			LIBS="$save_LIBS"
+
 			OL_SSL_COMPAT
 			if test $ol_cv_ssl_crl_compat = yes ; then
 				AC_DEFINE(HAVE_OPENSSL_CRL, 1, 
diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
index d3b6ceb..14dffbd 100644
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -867,7 +867,11 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char
*hashalg, struct berval
 			goto done;
 		}
 
+#ifdef HAVE_EVP_MD_CTX_CREATE
+		mdctx = EVP_MD_CTX_create();
+#else
 		mdctx = EVP_MD_CTX_new();
+#endif
 		if ( !mdctx ) {
 			rc = -1;
 			goto done;
@@ -877,7 +881,11 @@ tlso_session_pinning( LDAP *ld, tls_session *sess, char
*hashalg, struct berval
 		EVP_DigestUpdate( mdctx, key.bv_val, key.bv_len );
 		EVP_DigestFinal_ex( mdctx, (unsigned char *)keyhash.bv_val, &len );
 		keyhash.bv_len = len;
+#ifdef HAVE_EVP_MD_CTX_DESTROY
+		EVP_MD_CTX_destroy( mdctx );
+#else
 		EVP_MD_CTX_free( mdctx );
+#endif
 	} else {
 		keyhash = key;
 	}
-- 
1.8.3.1


Followup 1

Download message
Date: Fri, 17 Nov 2017 14:31:47 -0800
From: Quanah Gibson-Mount <quanah@symas.com>
To: minfrin@sharp.fm, openldap-its@OpenLDAP.org
Subject: Re: (ITS#8774) [PATCH] EVP_MD_CTX_create and EVP_MD_CTX_destroy
 have been replaced by EVP_MD_CTX_new and EVP_MD_CTX_free in openssl v1.1 and
 above.
--On Thursday, November 16, 2017 4:47 PM +0000 minfrin@sharp.fm wrote:

> Full_Name: Graham Leggett
> Version: git master
> OS: CentOS7
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2001:470:18b1:1:c920:9f6:b546:7826)
>
>
> The addition of 8e34ed8c on the 7th of November broke the build for
> openssl < 1.1, as the patch used the newer versions of these functions.

Thanks for the report!  This issue has now been fixed in openldap head 
without the necessity of a configure check.

Regards,
Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>



Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org