Differential D20259

Fix compilation with LibreSSL
Needs RevisionPublic
Actions

Authored by steils on Apr 5 2019, 6:37 AM.

Details

Reviewers
volkov
fvogt
sitter
iromanov
Summary

Without this patch compilation with LibreSSL-2.8.3 (it is the latest stable version) fails with:

[ 49%] Building CXX object plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o
/home/stefan/projects/qca/plugins/qca-ossl/qca-ossl.cpp:66: warning: "M_ASN1_IA5STRING_new" redefined
 #define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new()
 
In file included from /usr/include/openssl/objects.h:960,
                 from /usr/include/openssl/evp.h:86,
                 from /home/stefan/projects/qca/plugins/qca-ossl/qca-ossl.cpp:30:
/usr/include/openssl/asn1.h:636: note: this is the location of the previous definition
 #define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\
 
/home/stefan/projects/qca/plugins/qca-ossl/qca-ossl.cpp:67: warning: "RSA_F_RSA_EAY_PRIVATE_DECRYPT" redefined
 #define RSA_F_RSA_EAY_PRIVATE_DECRYPT RSA_F_RSA_OSSL_PRIVATE_DECRYPT
 
In file included from /usr/include/openssl/x509.h:96,
                 from /usr/include/openssl/pem.h:71,
                 from /home/stefan/projects/qca/plugins/qca-ossl/qca-ossl.cpp:38:
/usr/include/openssl/rsa.h:466: note: this is the location of the previous definition
 #define RSA_F_RSA_EAY_PRIVATE_DECRYPT    101
 
/home/stefan/projects/qca/plugins/qca-ossl/qca-ossl.cpp:71:10: fatal error: openssl/kdf.h: No such file or directory
 #include <openssl/kdf.h>
          ^~~~~~~~~~~~~~~
compilation terminated.
make[2]: *** [plugins/qca-ossl/CMakeFiles/qca-ossl.dir/build.make:67: plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o] Error 1

Provide RSA_meth_set_{sign,verify} for LibreSSL.
Do not redefine M_ASN1_IA5STRING_new and RSA_F_RSA_EAY_PRIVATE_DECRYPT.
Disable HKDF.

Diff Detail

Repository
R486 QCA Library
Lint
Lint Skipped
Unit
Unit Tests Skipped
steils requested review of this revision.Apr 5 2019, 6:37 AM
steils created this revision.
steils updated this revision to Diff 55453.Apr 5 2019, 6:42 AM
fvogt added a comment.Apr 5 2019, 6:56 AM

Can you reupload this diff with context?

steils updated this revision to Diff 55454.Apr 5 2019, 7:15 AM
steils edited the summary of this revision. (Show Details)
fvogt requested changes to this revision.Apr 5 2019, 7:55 AM

So libressl's API is mostly openssl < 1.1 with some 1.1 functions sprinkled in? That's annoying.
It might be easier to adjust the check for OSSL_110 to not set it with libressl.

Can you double-check every occurance of OSSL_110 in the entire file? That it builds is not enough.
Also make sure the testsuite passes.

This revision now requires changes to proceed.Apr 5 2019, 7:55 AM
steils added a comment.Apr 5 2019, 8:44 AM
In D20259#443670, @fvogt wrote:

So libressl's API is mostly openssl < 1.1 with some 1.1 functions sprinkled in? That's annoying.

I would say quite the opposite way: it is mostly compatible with OpenSSL 1.1 with some functions unavailable.

It might be easier to adjust the check for OSSL_110 to not set it with libressl.

If you do this it is still needed to provide RSA_meth_set_{sign,verify}.
And after that build still fails with:

[ 49%] Building CXX object plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o
/home/stefan/projects/qca/plugins/qca-ossl/qca-ossl.cpp: In member function ‘void opensslQCAPlugin::MyCertContext::make_props()’:
/home/stefan/projects/qca/plugins/qca-ossl/qca-ossl.cpp:3834:23: error: invalid conversion from ‘ASN1_BIT_STRING**’ {aka ‘asn1_string_st**’} to ‘const ASN1_BIT_STRING**’ {aka ‘const asn1_string_st**’} [-fpermissive]
   X509_get0_signature(&signature, NULL, x);
                       ^~~~~~~~~~
In file included from /usr/include/openssl/pem.h:71,
                 from /home/stefan/projects/qca/plugins/qca-ossl/qca-ossl.cpp:38:
/usr/include/openssl/x509.h:905:50: note:   initializing argument 1 of ‘void X509_get0_signature(const ASN1_BIT_STRING**, const X509_ALGOR**, const X509*)’
 void X509_get0_signature(const ASN1_BIT_STRING **psig,
                          ~~~~~~~~~~~~~~~~~~~~~~~~^~~~

Can you double-check every occurance of OSSL_110 in the entire file? That it builds is not enough.
Also make sure the testsuite passes.

I have double-checked every occurance of OSSL_110. Every method inside these ifdefs is provided by LibreSSL-2.8.3.

Yet you are right. The test does not pass.
19/24 Test #19: PublicKeyInfrastructure ..........***Failed 0.03 sec

1: Test command: /home/stefan/projects/qca/bin/pkits
1: Test timeout computed to be: 10000000
1: ********* Start testing of Pkits *********
1: Config: Using QtTest library 5.12.2, Qt 5.12.2 (x86_64-little_endian-lp64 shared (dynamic) release build; by GCC 8.3.0)
1: PASS   : Pkits::initTestCase()
1: PASS   : Pkits::pkits4_1_1()
1: PASS   : Pkits::pkits4_1_2()
1: PASS   : Pkits::pkits4_1_3()
1: PASS   : Pkits::pkits4_1_4()
1: FAIL!  : Pkits::pkits4_1_5() Compared values are not the same
1:    Loc: [/home/stefan/projects/qca/unittest/pkits/pkits.cpp(295)]
1: PASS   : Pkits::pkits4_1_6()
1: PASS   : Pkits::pkits4_2_1()
1: PASS   : Pkits::pkits4_2_2()
1: PASS   : Pkits::pkits4_2_3()
1: FAIL!  : Pkits::pkits4_2_4() Compared values are not the same
1:    Loc: [/home/stefan/projects/qca/unittest/pkits/pkits.cpp(470)]

I shall debug it.

Revision Contents
Changeset List

Diff 55454

View Options

plugins/qca-ossl/ossl110-compat.h

Loading...
View Options

plugins/qca-ossl/qca-ossl.cpp

Loading...