]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
resolve: fix segfault when built with OPENSSL_NO_DEPRECATED_3_0
authorYu Watanabe <watanabe.yu+github@gmail.com>
Tue, 30 Jun 2026 07:06:28 +0000 (16:06 +0900)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Thu, 2 Jul 2026 18:02:56 +0000 (03:02 +0900)
In that case, deprecated funcdions are not loaded from libcrypto.so,
and calling them causes segfault.

src/resolve/resolved-dns-dnssec.c

index 36eb3595d5becfe432d5df3e394f52aced7a33e2..6e5b4a0e0283e8f37b4afac1e7c46b8549c13ff6 100644 (file)
@@ -79,9 +79,11 @@ static int dnssec_rsa_verify_raw(
                 const void *data, size_t data_size,
                 const void *exponent, size_t exponent_size,
                 const void *modulus, size_t modulus_size) {
-        int r;
 
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
         DISABLE_WARNING_DEPRECATED_DECLARATIONS;
+        int r;
+
         _cleanup_(RSA_freep) RSA *rpubkey = NULL;
         _cleanup_(EVP_PKEY_freep) EVP_PKEY *epubkey = NULL;
         _cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = NULL;
@@ -134,6 +136,9 @@ static int dnssec_rsa_verify_raw(
 
         REENABLE_WARNING;
         return r;
+#else
+        return -EOPNOTSUPP;
+#endif
 }
 
 static int dnssec_rsa_verify(
@@ -204,9 +209,11 @@ static int dnssec_ecdsa_verify_raw(
                 const void *signature_s, size_t signature_s_size,
                 const void *data, size_t data_size,
                 const void *key, size_t key_size) {
-        int k;
 
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
         DISABLE_WARNING_DEPRECATED_DECLARATIONS;
+        int k;
+
         _cleanup_(EC_GROUP_freep) EC_GROUP *ec_group = NULL;
         _cleanup_(EC_POINT_freep) EC_POINT *p = NULL;
         _cleanup_(EC_KEY_freep) EC_KEY *eckey = NULL;
@@ -268,6 +275,9 @@ static int dnssec_ecdsa_verify_raw(
 
         REENABLE_WARNING;
         return k;
+#else
+        return -EOPNOTSUPP;
+#endif
 }
 
 static int dnssec_ecdsa_verify(