Re: git: b077aed33b7b - main - Merge OpenSSL 3.0.9

Fri, 07 Jul 2023 09:35:58 -0700 

On Wed, Jul 05, 2023 at 11:56:42PM +0200, Kristof Provost wrote:
> On 24 Jun 2023, at 1:19, Ed Maste wrote:
> > The branch main has been updated by emaste:
> > 
> > URL: 
> > https://cgit.FreeBSD.org/src/commit/?id=b077aed33b7b6aefca7b17ddb250cf521f938613
> > 
> > commit b077aed33b7b6aefca7b17ddb250cf521f938613
> > Merge: b08ee10c0646 b84c4564effd
> > Author:     Pierre Pronchery <pie...@freebsdfoundation.org>
> > AuthorDate: 2023-06-23 22:53:35 +0000
> > Commit:     Ed Maste <ema...@freebsd.org>
> > CommitDate: 2023-06-23 22:53:36 +0000
> > 
> >     Merge OpenSSL 3.0.9
> > 
> 
> It looks like we missed adding a file.
> Security/opensc doesn’t build any more:
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270076
> 
> It fails to find d2i_KeyParams when linking. The opensc code does this:
> 
>       #if OPENSSL_VERSION_NUMBER < 0x30000000L
>                                       if (!d2i_ECParameters(&ec, &a, 
> (long)len))
>                                               util_fatal("cannot parse
> EC_PARAMS");
>                                       EVP_PKEY_assign_EC_KEY(pkey, ec);
>       #else
>                                       if (!d2i_KeyParams(EVP_PKEY_EC, &pkey, 
> &a,
> len))
>                                               util_fatal("cannot parse
> EC_PARAMS");
>       #endif
> 
> d2i_KeyParams() appears to be new on openssl 3. It’s defined in d2i_param.c,
> which we don’t build. I’ve tested with this patch, and that appears to fix
> things:

Hi Kristof,

Would you mind posting the patch on phabricator?  I can take a closer
look in the next day, and Pierre might be available to look as well.

>       diff --git a/secure/lib/libcrypto/Makefile 
> b/secure/lib/libcrypto/Makefile
>       index 28258e796984..ef5652e8c27c 100644
>       --- a/secure/lib/libcrypto/Makefile
>       +++ b/secure/lib/libcrypto/Makefile
>       @@ -74,7 +74,7 @@ SRCS+=        n_pkey.c nsseq.c p5_pbe.c p5_pbev2.c
> p5_scrypt.c p8_pkey.c
>        SRCS+= t_bitst.c t_pkey.c t_spki.c tasn_dec.c tasn_enc.c tasn_fre.c
>        SRCS+= tasn_new.c tasn_prn.c tasn_scn.c tasn_typ.c tasn_utl.c x_algor.c
>        SRCS+= x_bignum.c x_info.c x_int64.c x_long.c x_pkey.c x_sig.c x_spki.c
>       -SRCS+= x_val.c
>       +SRCS+= x_val.c d2i_param.c
> 
>        # async
>        SRCS+= async.c async_err.c async_posix.c async_wait.c
>       diff --git a/secure/lib/libcrypto/Version.map
> b/secure/lib/libcrypto/Version.map
>       index 421819324961..74d0b8b3cef1 100644
>       --- a/secure/lib/libcrypto/Version.map
>       +++ b/secure/lib/libcrypto/Version.map
>       @@ -3564,6 +3564,8 @@ OPENSSL_1_1_0 {
>                d2i_IPAddressOrRange;
>                d2i_IPAddressRange;
>                d2i_ISSUING_DIST_POINT;
>       +        d2i_KeyParams;
>       +        d2i_KeyParams_bio;

Based on your analysis I think this should go into the OPENSSL_3_0_9
namespace?

>                d2i_NETSCAPE_CERT_SEQUENCE;
>                d2i_NETSCAPE_SPKAC;
>                d2i_NETSCAPE_SPKI;
> 
> Best regards,
> Kristof

Reply via email to