Date: Fri, 7 Jul 2023 12:35:41 -0400 From: Mark Johnston <markj@freebsd.org> To: Kristof Provost <kp@freebsd.org> Cc: Ed Maste <emaste@freebsd.org>, src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org, Pierre Pronchery <pierre@freebsdfoundation.org> Subject: Re: git: b077aed33b7b - main - Merge OpenSSL 3.0.9 Message-ID: <ZKg-3RqIaz9VOPD_@nuc> In-Reply-To: <4FF6DBAE-F9FC-4D20-81C9-B0E0130DF06E@FreeBSD.org> References: <202306232319.35NNJsPv044302@gitrepo.freebsd.org> <4FF6DBAE-F9FC-4D20-81C9-B0E0130DF06E@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 05, 2023 at 11:56:42PM +0200, Kristof Provost wrote: > On 24 Jun 2023, at 1:19, Ed Maste wrote: > > The branch main has been updated by emaste: > > > > URL: https://cgit.FreeBSD.org/src/commit/?id=b077aed33b7b6aefca7b17ddb250cf521f938613 > > > > commit b077aed33b7b6aefca7b17ddb250cf521f938613 > > Merge: b08ee10c0646 b84c4564effd > > Author: Pierre Pronchery <pierre@freebsdfoundation.org> > > AuthorDate: 2023-06-23 22:53:35 +0000 > > Commit: Ed Maste <emaste@FreeBSD.org> > > CommitDate: 2023-06-23 22:53:36 +0000 > > > > Merge OpenSSL 3.0.9 > > > > It looks like we missed adding a file. > Security/opensc doesn’t build any more: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270076 > > It fails to find d2i_KeyParams when linking. The opensc code does this: > > #if OPENSSL_VERSION_NUMBER < 0x30000000L > if (!d2i_ECParameters(&ec, &a, (long)len)) > util_fatal("cannot parse > EC_PARAMS"); > EVP_PKEY_assign_EC_KEY(pkey, ec); > #else > if (!d2i_KeyParams(EVP_PKEY_EC, &pkey, &a, > len)) > util_fatal("cannot parse > EC_PARAMS"); > #endif > > d2i_KeyParams() appears to be new on openssl 3. It’s defined in d2i_param.c, > which we don’t build. I’ve tested with this patch, and that appears to fix > things: Hi Kristof, Would you mind posting the patch on phabricator? I can take a closer look in the next day, and Pierre might be available to look as well. > diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile > index 28258e796984..ef5652e8c27c 100644 > --- a/secure/lib/libcrypto/Makefile > +++ b/secure/lib/libcrypto/Makefile > @@ -74,7 +74,7 @@ SRCS+= n_pkey.c nsseq.c p5_pbe.c p5_pbev2.c > p5_scrypt.c p8_pkey.c > SRCS+= t_bitst.c t_pkey.c t_spki.c tasn_dec.c tasn_enc.c tasn_fre.c > SRCS+= tasn_new.c tasn_prn.c tasn_scn.c tasn_typ.c tasn_utl.c x_algor.c > SRCS+= x_bignum.c x_info.c x_int64.c x_long.c x_pkey.c x_sig.c x_spki.c > -SRCS+= x_val.c > +SRCS+= x_val.c d2i_param.c > > # async > SRCS+= async.c async_err.c async_posix.c async_wait.c > diff --git a/secure/lib/libcrypto/Version.map > b/secure/lib/libcrypto/Version.map > index 421819324961..74d0b8b3cef1 100644 > --- a/secure/lib/libcrypto/Version.map > +++ b/secure/lib/libcrypto/Version.map > @@ -3564,6 +3564,8 @@ OPENSSL_1_1_0 { > d2i_IPAddressOrRange; > d2i_IPAddressRange; > d2i_ISSUING_DIST_POINT; > + d2i_KeyParams; > + d2i_KeyParams_bio; Based on your analysis I think this should go into the OPENSSL_3_0_9 namespace? > d2i_NETSCAPE_CERT_SEQUENCE; > d2i_NETSCAPE_SPKAC; > d2i_NETSCAPE_SPKI; > > Best regards, > Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZKg-3RqIaz9VOPD_>