On Mon, Mar 01, 2010, Kern Sibbald via RT wrote: > Hello, > > This is something between a request for information and a bug report. > > Background: > We have been using OpenSSL for many years in Bacula, which has created a > number of license problems because we are GPL. > > Problem: > Our users are reporting that Bacula no longer compiles under Fedora 12 > because > of our use of OpenSSL. > > Compiling guid_to_name.c > crypto.c: In function 'ASN1_OCTET_STRING* openssl_cert_keyid(X509*)': > crypto.c:333: error: invalid conversion from 'const > X509V3_EXT_METHOD*' to 'X509V3_EXT_METHOD*' > crypto.c: In function 'CRYPTO_SESSION* > crypto_session_new(crypto_cipher_t, alist*)': > crypto.c:1102: error: cannot convert 'unsigned char*' to > 'EVP_PKEY_CTX*' for argument '1' to 'int > EVP_PKEY_encrypt(EVP_PKEY_CTX*, unsigned char*, size_t*, const > unsigned char*, size_t)' > crypto.c: In function 'crypto_error_t crypto_session_decode(const > u_int8_t*, u_int32_t, alist*, CRYPTO_SESSION**)': > crypto.c:1226: error: cannot convert 'unsigned char*' to > 'EVP_PKEY_CTX*' for argument '1' to 'int > EVP_PKEY_decrypt(EVP_PKEY_CTX*, unsigned char*, size_t*, const > unsigned char*, size_t)' > make[1]: *** [crypto.lo] Error 1 > > In looking at your change log, it looks like you have renamed > some "undocumented" functions, which causes the above errors. > I am not sure why these functions were used since it was Landon Fuller who > wrote the original code. > > However, I am wondering why it was really necessary to make this change. > Wouldn't it have been simpler for your users to simply change the name of the > new function? > > Now I am faced with the prospect of having to add special code to detect the > OpenSSL version, or possible switch to another encryption library :-( >
A new API was added to OpenSSL 1.0.0 which (among other things) handled encryption with arbitrary public key types. The new functions have the form EVP_PKEY_*() the most obvious name for a function to encrypt was EVP_PKEY_encrypt(). The existing one was undocumented and only used in one place in the library anyway: there are documented ways of achieving exactly the same operation. I'd suggest you use the documented RSA_public_encrypt() function instead. That works in any version of OpenSSL without the need for any version dependent code. It also looks like some non-portable code is being used in openssl_cert_keyid(). If that is doing what I think it is then one documented portable function can achieve the same effect as several undocumented non-portable ones. Can you give me a pointer to where to see this code and I can give some more information about how to address this. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
