Bug #117481 for Crypt-OpenSSL-RSA: Compiliation fails with OpenSSL 1.1

Sun Sep 04 01:56:48 2016 KENTNL [...] cpan.org - Ticket created

Subject:

Compiliation fails with OpenSSL 1.1

OpenSSL 1.1 is breaking all the things without warning and its a $adjectives{big}[int(rand*1000)] map { $expletives[int(rand*1000)] } 1, 2

Attached is the build log from gentoo building it showing the compile failure ( cf: https://bugs.gentoo.org/show_bug.cgi?id=592534 )

Subject:

build.log

* Package: dev-perl/Crypt-OpenSSL-RSA-0.280.0-r2 * Repository: gentoo * Maintainer: perl@gentoo.org * USE: abi_x86_64 amd64 elibc_glibc kernel_linux userland_GNU * FEATURES: preserve-libs sandbox userpriv usersandbox >>> Unpacking source... >>> Unpacking Crypt-OpenSSL-RSA-0.28.tar.gz to /var/tmp/portage/dev-perl/Crypt-OpenSSL-RSA-0.280.0-r2/work >>> Source unpacked in /var/tmp/portage/dev-perl/Crypt-OpenSSL-RSA-0.280.0-r2/work >>> Preparing source in /var/tmp/portage/dev-perl/Crypt-OpenSSL-RSA-0.280.0-r2/work/Crypt-OpenSSL-RSA-0.28 ... >>> Source prepared. >>> Configuring source in /var/tmp/portage/dev-perl/Crypt-OpenSSL-RSA-0.280.0-r2/work/Crypt-OpenSSL-RSA-0.28 ... * Using ExtUtils::MakeMaker * perl Makefile.PL PREFIX=/usr INSTALLDIRS=vendor INSTALLMAN3DIR=none DESTDIR=/var/tmp/portage/dev-perl/Crypt-OpenSSL-RSA-0.280.0-r2/image/ Checking if your kit is complete... Looks good Generating a Unix-style Makefile Writing Makefile for Crypt::OpenSSL::RSA Writing MYMETA.yml and MYMETA.json >>> Source configured. >>> Compiling source in /var/tmp/portage/dev-perl/Crypt-OpenSSL-RSA-0.280.0-r2/work/Crypt-OpenSSL-RSA-0.28 ... * emake OTHERLDFLAGS=-Wl,-O1 -Wl,--hash-style=gnu -Wl,--sort-common -Wl,--as-needed make -j1 'OTHERLDFLAGS=-Wl,-O1 -Wl,--hash-style=gnu -Wl,--sort-common -Wl,--as-needed' cp RSA.pm blib/lib/Crypt/OpenSSL/RSA.pm AutoSplitting blib/lib/Crypt/OpenSSL/RSA.pm (blib/lib/auto/Crypt/OpenSSL/RSA) Running Mkbootstrap for Crypt::OpenSSL::RSA () chmod 644 "RSA.bs" "/usr/bin/perl" "/usr/lib64/perl5/5.24.0/ExtUtils/xsubpp" -typemap "/usr/lib64/perl5/5.24.0/ExtUtils/typemap" -typemap "typemap" RSA.xs > RSA.xsc && mv RSA.xsc RSA.c x86_64-pc-linux-gnu-gcc -c -fwrapv -fno-strict-aliasing -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -march=native -mtune=native -O2 -pipe -DVERSION=\"0.28\" -DXS_VERSION=\"0.28\" -fPIC "-I/usr/lib64/perl5/5.24.0/x86_64-linux/CORE" -DPERL5 -DOPENSSL_NO_KRB5 RSA.c RSA.xs: In function â_is_privateâ: RSA.xs:52:22: error: dereferencing pointer to incomplete type âRSA {aka struct rsa_st}â return(p_rsa->rsa->d != NULL); ^ RSA.xs: In function âXS_Crypt__OpenSSL__RSA_generate_keyâ: RSA.xs:301:26: warning: implicit declaration of function âRSA_generate_keyâ [-Wimplicit-function-declaration] CHECK_OPEN_SSL(rsa = RSA_generate_key(SvIV(bitsSV), exponent, NULL, NULL)); ^ RSA.xs:41:40: note: in definition of macro âCHECK_OPEN_SSLâ #define CHECK_OPEN_SSL(p_result) if (!(p_result)) croakSsl(__FILE__, __LINE__); ^ RSA.xs:301:24: warning: assignment makes pointer from integer without a cast [-Wint-conversion] CHECK_OPEN_SSL(rsa = RSA_generate_key(SvIV(bitsSV), exponent, NULL, NULL)); ^ RSA.xs:41:40: note: in definition of macro âCHECK_OPEN_SSLâ #define CHECK_OPEN_SSL(p_result) if (!(p_result)) croakSsl(__FILE__, __LINE__); ^ RSA.xs: In function âboot_Crypt__OpenSSL__RSAâ: RSA.xs:214:5: warning: implicit declaration of function âERR_load_crypto_stringsâ [-Wimplicit-function-declaration] ERR_load_crypto_strings(); ^ make: *** [Makefile:349: RSA.o] Error 1 * ERROR: dev-perl/Crypt-OpenSSL-RSA-0.280.0-r2::gentoo failed (compile phase): * emake failed * * If you need support, post the output of `emerge --info '=dev-perl/Crypt-OpenSSL-RSA-0.280.0-r2::gentoo'`, * the complete build log and the output of `emerge -pqv '=dev-perl/Crypt-OpenSSL-RSA-0.280.0-r2::gentoo'`. * The complete build log is located at '/var/tmp/portage/dev-perl/Crypt-OpenSSL-RSA-0.280.0-r2/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/dev-perl/Crypt-OpenSSL-RSA-0.280.0-r2/temp/environment'. * Working directory: '/var/tmp/portage/dev-perl/Crypt-OpenSSL-RSA-0.280.0-r2/work/Crypt-OpenSSL-RSA-0.28' * S: '/var/tmp/portage/dev-perl/Crypt-OpenSSL-RSA-0.280.0-r2/work/Crypt-OpenSSL-RSA-0.28'

Sun Sep 04 01:57:00 2016 KENTNL [...] cpan.org - Reference to https://bugs.gentoo.org/show_bug.cgi?id=592534 added

Thu Oct 13 12:43:02 2016 ppisar [...] redhat.com - Correspondence added

From:

ppisar [...] redhat.com

Dne Ne 04.zář.2016 01:56:48, KENTNL napsal(a): Show quoted text

> OpenSSL 1.1 is breaking all the things

Attached patch fixes it for me. I did not addressed the warning about deprecated RSA_generate_key().

Subject:

0001-Adapt-to-OpenSSL-1.1.0.patch

From b3747e625780be90dcff11c2d9e91048016bb4d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> Date: Thu, 13 Oct 2016 18:14:17 +0200 Subject: [PATCH] Adapt to OpenSSL 1.1.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenSSL 1.1.0 hid structure internals and provided methods for getting and settting the internal values. This patch modifes the code so that it can be built with OpenSSL 1.1.0 as well as with the older one. CPAN RT#117481 Signed-off-by: Petr PÃsaÅ <ppisar@redhat.com> --- RSA.xs | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 73 insertions(+), 16 deletions(-) diff --git a/RSA.xs b/RSA.xs index de512e7..9bf6f01 100644 --- a/RSA.xs +++ b/RSA.xs @@ -49,7 +49,13 @@ void croakSsl(char* p_file, int p_line) char _is_private(rsaData* p_rsa) { - return(p_rsa->rsa->d != NULL); + const BIGNUM *d; +#if OPENSSL_VERSION_NUMBER < 0x10100000L + d = p_rsa->rsa->d; +#else + RSA_get0_key(p_rsa->rsa, NULL, NULL, &d); +#endif + return(d != NULL); } SV* make_rsa_obj(SV* p_proto, RSA* p_rsa) @@ -136,7 +142,7 @@ unsigned char* get_message_digest(SV* text_SV, int hash_method) } } -SV* bn2sv(BIGNUM* p_bn) +SV* bn2sv(const BIGNUM* p_bn) { return p_bn != NULL ? sv_2mortal(newSViv((IV) BN_dup(p_bn))) @@ -317,6 +323,9 @@ _new_key_from_parameters(proto, n, e, d, p, q) BN_CTX* ctx; BIGNUM* p_minus_1 = NULL; BIGNUM* q_minus_1 = NULL; + BIGNUM* dmp1 = NULL; + BIGNUM* dmq1 = NULL; + BIGNUM* iqmp = NULL; int error; CODE: { @@ -325,8 +334,10 @@ _new_key_from_parameters(proto, n, e, d, p, q) croak("At least a modulous and public key must be provided"); } CHECK_OPEN_SSL(rsa = RSA_new()); +#if OPENSSL_VERSION_NUMBER < 0x10100000L rsa->n = n; rsa->e = e; +#endif if (p || q) { error = 0; @@ -341,8 +352,12 @@ _new_key_from_parameters(proto, n, e, d, p, q) q = BN_new(); THROW(BN_div(q, NULL, n, p, ctx)); } +#if OPENSSL_VERSION_NUMBER < 0x10100000L rsa->p = p; rsa->q = q; +#else + THROW(RSA_set0_factors(rsa, p, q)); +#endif THROW(p_minus_1 = BN_new()); THROW(BN_sub(p_minus_1, p, BN_value_one())); THROW(q_minus_1 = BN_new()); @@ -353,17 +368,32 @@ _new_key_from_parameters(proto, n, e, d, p, q) THROW(BN_mul(d, p_minus_1, q_minus_1, ctx)); THROW(BN_mod_inverse(d, e, d, ctx)); } +#if OPENSSL_VERSION_NUMBER < 0x10100000L rsa->d = d; - THROW(rsa->dmp1 = BN_new()); - THROW(BN_mod(rsa->dmp1, d, p_minus_1, ctx)); - THROW(rsa->dmq1 = BN_new()); - THROW(BN_mod(rsa->dmq1, d, q_minus_1, ctx)); - THROW(rsa->iqmp = BN_new()); - THROW(BN_mod_inverse(rsa->iqmp, q, p, ctx)); +#else + THROW(RSA_set0_key(rsa, n, e, d)); +#endif + THROW(dmp1 = BN_new()); + THROW(BN_mod(dmp1, d, p_minus_1, ctx)); + THROW(dmq1 = BN_new()); + THROW(BN_mod(dmq1, d, q_minus_1, ctx)); + THROW(iqmp = BN_new()); + THROW(BN_mod_inverse(iqmp, q, p, ctx)); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + rsa->dmp1 = dmp1; + rsa->dmq1 = dmq1; + rsa->iqmp = iqmp; +#else + THROW(RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)); +#endif + dmp1 = dmq1 = iqmp = NULL; THROW(RSA_check_key(rsa) == 1); err: if (p_minus_1) BN_clear_free(p_minus_1); if (q_minus_1) BN_clear_free(q_minus_1); + if (dmp1) BN_clear_free(dmp1); + if (dmq1) BN_clear_free(dmq1); + if (iqmp) BN_clear_free(iqmp); if (ctx) BN_CTX_free(ctx); if (error) { @@ -373,7 +403,11 @@ _new_key_from_parameters(proto, n, e, d, p, q) } else { +#if OPENSSL_VERSION_NUMBER < 0x10100000L rsa->d = d; +#else + CHECK_OPEN_SSL(RSA_set0_key(rsa, n, e, d)); +#endif } RETVAL = make_rsa_obj(proto, rsa); } @@ -383,18 +417,41 @@ _new_key_from_parameters(proto, n, e, d, p, q) void _get_key_parameters(p_rsa) rsaData* p_rsa; +PREINIT: + const BIGNUM* n; + const BIGNUM* e; + const BIGNUM* d; + const BIGNUM* p; + const BIGNUM* q; + const BIGNUM* dmp1; + const BIGNUM* dmq1; + const BIGNUM* iqmp; PPCODE: { RSA* rsa; rsa = p_rsa->rsa; - XPUSHs(bn2sv(rsa->n)); - XPUSHs(bn2sv(rsa->e)); - XPUSHs(bn2sv(rsa->d)); - XPUSHs(bn2sv(rsa->p)); - XPUSHs(bn2sv(rsa->q)); - XPUSHs(bn2sv(rsa->dmp1)); - XPUSHs(bn2sv(rsa->dmq1)); - XPUSHs(bn2sv(rsa->iqmp)); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + n = rsa->n; + e = rsa->e; + d = rsa->d; + p = rsa->p; + q = rsa->q; + dmp1 = rsa->dmp1; + dmq1 = rsa->dmq1; + iqmp = rsa->iqmp; +#else + RSA_get0_key(rsa, &n, &e, &d); + RSA_get0_factors(rsa, &p, &q); + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); +#endif + XPUSHs(bn2sv(n)); + XPUSHs(bn2sv(e)); + XPUSHs(bn2sv(d)); + XPUSHs(bn2sv(p)); + XPUSHs(bn2sv(q)); + XPUSHs(bn2sv(dmp1)); + XPUSHs(bn2sv(dmq1)); + XPUSHs(bn2sv(iqmp)); } SV* -- 2.7.4

Thu Oct 13 12:43:03 2016 The RT System itself - Status changed from 'new' to 'open'

Fri Oct 28 18:16:59 2016 gregoa [...] cpan.org - Cc GREGOA added

Fri Oct 28 18:17:00 2016 gregoa [...] cpan.org - Correspondence added

The Debian bug tracker also has patches: https://bugs.debian.org/828387 Cheers, gregor, Debian Perl Group

Sat Nov 26 10:16:50 2016 gregoa [...] cpan.org - Correspondence added

Any news here? Is either Petr's patch from here or Sebastian's patch from the Debian bug tracker or something else going to be applied to the upstream code? Or can we at least come to a common patch applied downstream in various Linux distributions? Cheers, gregor

Thu Mar 23 03:24:03 2017 SREZIC [...] cpan.org - Correspondence added

On 2016-09-04 01:56:48, KENTNL wrote: Show quoted text

> OpenSSL 1.1 is breaking all the things without warning and its a > $adjectives{big}[int(rand*1000)] map { $expletives[int(rand*1000)] } > 1, 2

CPAN.pm users may install the following distroprefs file for automatically applying PPISAR's patch: https://github.com/eserte/srezic-cpan-distroprefs/blob/master/Crypt-OpenSSL-RSA.yml

Sun Dec 17 05:35:48 2017 ANDK [...] cpan.org - Correspondence added

RT-Send-CC:

mbradshaw [...] cpan.org

Meanwhile CPAN user MBRADSHAW stepped forward with disputable idea to upload MBRADSHAW/Crypt-OpenSSL-RSA-0.28.tar.gz. Now we have two implamentations with same version number on CPAN, one authorized, the other not, one broken, one probably not. The CPAN does not forbid such an upload, but nonetheless it can cause confusion and should at least be backed by appropriate communication. Maybe that communication took place? My plea: could one of the people with upload permissions (IROBERTS,PERLER,TODDR) make a new authorized release with a bumped version number, or develop another idea how to resolve the issue to the effect that end users can use CPAN with a less frustrating experience? Thanks,

Sun Dec 17 06:02:00 2017 mbradshaw [...] cpan.org - Correspondence added

Apoligies for the confusion. MBRADSHAW/Crypt-OpenSSL-RSA-0.28.tar.gz should not have been indexed, and was already deleted some time ago, curious to know how and where you found it?

Wed Jan 17 09:49:26 2018 RANDIR [...] cpan.org - Correspondence added

I've sent email with the current status, patch links and request for an update to all module's CPAN maintainers.

Mon Feb 12 18:02:12 2018 NERDVANA [...] cpan.org - Correspondence added

Arch Linux now requires the patch as well. I was trying to reinstall Crypt::LE and is module is a dependency.

Wed Apr 04 07:45:55 2018 onken [...] netcubed.de - Correspondence added

version 0.29 was just released to CPAN

Wed Apr 04 07:45:57 2018 onken [...] netcubed.de - Status changed from 'open' to 'resolved'