Skip Menu |

This queue is for tickets about the Crypt-OpenSSL-PKCS10 CPAN distribution.

Report information
The Basics
Id: 118345
Status: open
Priority: 0/
Queue: Crypt-OpenSSL-PKCS10
People
Owner: Nobody in particular
Requestors: ppisar [...] redhat.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 0.15
Fixed in: (no value)

History Show all quoted text
  Wed Oct 12 05:27:04 2016 ppisar [...] redhat.com - Ticket created
Subject: Fails to build with OpenSSL 1.1.0
After upgrading OpenSSL to 1.1.0 build fails like this: gcc -c -D_REENTRANT -D_GNU_SOURCE -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables -fwrapv -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -g -DVERSION=\"0.15\" -DXS_VERSION=\"0.15\" -fPIC "-I/usr/lib/perl5/CORE" -DPERL5 -Wall PKCS10.c [...] PKCS10.xs:439:10: error: dereferencing pointer to incomplete type 'EVP_PKEY {aka struct evp_pkey_st}' if (pkey->type == EVP_PKEY_RSA) { ^~
  Fri Oct 14 08:54:34 2016 ppisar [...] redhat.com - Correspondence added
From: ppisar [...] redhat.com
Dne St 12.říj.2016 05:27:04, ppisar napsal(a): Show quoted text
> After upgrading OpenSSL to 1.1.0 build fails like this: >
Attached patch fixes it.
Subject: 0001-Adapt-to-OpenSSL-1.1.0.patch
From ec363dab8b45ae05d5e06bb5a7cbb6caad6a96e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> Date: Fri, 14 Oct 2016 14:48:48 +0200 Subject: [PATCH] Adapt to OpenSSL 1.1.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenSSL 1.1.0 hid structure internals and provides methods for accessing them. This patch adapts the code so that it can be built against new and old OpenSSL. This patch does not address warnings about deprecated symbols in OpenSSL 1.1.0. CPAN RT#118345 Signed-off-by: Petr Písař <ppisar@redhat.com> --- PKCS10.xs | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/PKCS10.xs b/PKCS10.xs index d00b6ca..af6e2a6 100755 --- a/PKCS10.xs +++ b/PKCS10.xs @@ -5,12 +5,21 @@ #include <stdio.h> #include <stdlib.h> +#include <openssl/asn1.h> #include <openssl/pem.h> #include <openssl/x509v3.h> #include <openssl/err.h> #include "ppport.h" +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define EVP_PKEY_get0_RSA(pkey) ((pkey)->pkey.rsa) +#define EVP_PKEY_get0_DSA(pkey) ((pkey)->pkey.dsa) +#ifndef OPENSSL_NO_EC +#define EVP_PKEY_get0_EC_KEY(pkey) ((pkey)->pkey.ec) +#endif +#endif + typedef struct { X509_REQ* req; @@ -190,7 +199,7 @@ int add_ext_raw(STACK_OF(X509_REQUEST) *sk, int nid, unsigned char *value, int l X509_EXTENSION *ex; ASN1_STRING *asn; - asn = M_ASN1_OCTET_STRING_new(); + asn = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); ASN1_OCTET_STRING_set(asn, value, length); ex = X509_EXTENSION_create_by_NID(NULL, nid, 0, asn); @@ -423,6 +432,7 @@ get_pem_pubkey(pkcs10) PREINIT: EVP_PKEY *pkey; BIO *bio; + int type; CODE: @@ -436,17 +446,18 @@ get_pem_pubkey(pkcs10) croak("Public Key is unavailable\n"); } - if (pkey->type == EVP_PKEY_RSA) { + type = EVP_PKEY_base_id(pkey); + if (type == EVP_PKEY_RSA) { -# PEM_write_bio_RSAPublicKey(bio, pkey->pkey.rsa); - PEM_write_bio_RSA_PUBKEY(bio, pkey->pkey.rsa); +# PEM_write_bio_RSAPublicKey(bio, EVP_PKEY_get0_RSA(pkey)); + PEM_write_bio_RSA_PUBKEY(bio, EVP_PKEY_get0_RSA(pkey)); - } else if (pkey->type == EVP_PKEY_DSA) { + } else if (type == EVP_PKEY_DSA) { - PEM_write_bio_DSA_PUBKEY(bio, pkey->pkey.dsa); + PEM_write_bio_DSA_PUBKEY(bio, EVP_PKEY_get0_DSA(pkey)); #ifndef OPENSSL_NO_EC - } else if ( pkey->type == EVP_PKEY_EC ) { - PEM_write_bio_EC_PUBKEY(bio, pkey->pkey.ec); + } else if ( type == EVP_PKEY_EC ) { + PEM_write_bio_EC_PUBKEY(bio, EVP_PKEY_get0_EC_KEY(pkey)); #endif } else { @@ -467,6 +478,7 @@ pubkey_type(pkcs10) PREINIT: EVP_PKEY *pkey; + int type; CODE: RETVAL=NULL; @@ -475,13 +487,14 @@ pubkey_type(pkcs10) if(!pkey) XSRETURN_UNDEF; - if (pkey->type == EVP_PKEY_DSA) { + type = EVP_PKEY_base_id(pkey); + if (type == EVP_PKEY_DSA) { RETVAL="dsa"; - } else if (pkey->type == EVP_PKEY_RSA) { + } else if (type == EVP_PKEY_RSA) { RETVAL="rsa"; #ifndef OPENSSL_NO_EC - } else if ( pkey->type == EVP_PKEY_EC ) { + } else if ( type == EVP_PKEY_EC ) { RETVAL="ec"; #endif } -- 2.7.4
  Fri Oct 14 12:21:00 2016 jonozzz [...] yahoo.com - Correspondence added
Thanks for the patch! I'll merge it today, hopefully. Is this backwards compatible with older Openssl versions? On Fri Oct 14 08:54:34 2016, ppisar wrote: Show quoted text
> Dne St 12.říj.2016 05:27:04, ppisar napsal(a):
> > After upgrading OpenSSL to 1.1.0 build fails like this: > >
> Attached patch fixes it.
  Fri Oct 14 12:21:01 2016 The RT System itself - Status changed from 'new' to 'open'
  Mon Oct 17 03:49:36 2016 ppisar [...] redhat.com - Correspondence added
Subject: Re: [rt.cpan.org #118345] Fails to build with OpenSSL 1.1.0
Date: Mon, 17 Oct 2016 09:49:20 +0200
To: Ionut Turturica via RT <bug-Crypt-OpenSSL-PKCS10 [...] rt.cpan.org>
From: Petr Pisar <ppisar [...] redhat.com>
On Fri, Oct 14, 2016 at 12:21:01PM -0400, Ionut Turturica via RT wrote: Show quoted text
> Is this backwards compatible with older Openssl versions? >
I tested it with OpenSSL 1.0.2j and 1.1.0b. -- Petr