From nobody Fri Jul 7 16:35:41 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QyJtB5QmMz4lypX; Fri, 7 Jul 2023 16:35:46 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-qv1-xf34.google.com (mail-qv1-xf34.google.com [IPv6:2607:f8b0:4864:20::f34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QyJtB0cxdz4HP4; Fri, 7 Jul 2023 16:35:46 +0000 (UTC) (envelope-from markjdb@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20221208 header.b=PYR8cg9Q; spf=pass (mx1.freebsd.org: domain of markjdb@gmail.com designates 2607:f8b0:4864:20::f34 as permitted sender) smtp.mailfrom=markjdb@gmail.com; dmarc=none Received: by mail-qv1-xf34.google.com with SMTP id 6a1803df08f44-635de022557so13634516d6.0; Fri, 07 Jul 2023 09:35:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688747745; x=1691339745; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:sender :from:to:cc:subject:date:message-id:reply-to; bh=oN7hVXbUGWpJwdJTsJug4V9p97AeaFUU9ggHJT7GIS4=; b=PYR8cg9Q6AUZIynNZpzMUpM6L95W8FpTYoy8oeRCa5xCVMgS4GMzEYOJ/AFMn/uZjq XmpK81+raz7h++bGTAW591MKWNChtKRpJQmpTrzNuIFyeYIGMDGClC3p+k2Pl1qkUAHP IWmEmeZqIWQ2XavVfKPyB93kDz1k8c8QNw2hbj5crw+ySTQH8WgLKkpFEwp3Hv8uWDwI G9dAtr5nrNlJZkbKWUogsITx0+Evl0eVaNf2LTWF38EvfNu9tKBq4ICqaXC6YPcLL0bt c7huBonzogIpwU9CGvgXRmFmbw70Yzk94zZvx3+QBbSO7eIoNsNHh/LVDok/TFm9HCnQ u0TQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688747745; x=1691339745; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:sender :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=oN7hVXbUGWpJwdJTsJug4V9p97AeaFUU9ggHJT7GIS4=; b=KFPvA2MYgvxGrKmNCb9mkl9h/2NwvsF6nyoOS7wg57MuMtto5BE3cqC3066wKKXyon 5kwX20ReYnfcG7WrjFkatsMBnvUqC+WLh4CP+Ha5g2iVwR8Zwy7K8uvQpRyMRcOMb4DK CBbOb9glyDKE4nAFEftj4JlvX6rqEDgXJVuEA6uXZ47z4K+sCPS8seeZL2UcDLpkD9sP 0x+IsJC1v3kxMXQqGHZfLG5YFaTqXCMlCNoohmL3ss+Ql8ORB3aif0BGsywPeMpTtrET ZCNq5NtRAtMNa2kRsYi6mIyFI5aULp4EJTtzMaSmozpTUWpltyKBz/jCy/HfY39sVh5c maHw== X-Gm-Message-State: ABy/qLZ397n6NdSNGGdk/VYjBnrdvtqgX78SE5bhDfza6pomzwP9pzHW dJ1pKeHXskbKYH7J3gCTi0aeIWnflWo= X-Google-Smtp-Source: APBJJlFXaivRn61sLKT7R7nVjvBS4kqW+GSnDeMH3EbmP45i2DuOzi3lrH/a4NzdXPbefO+B+5sxBA== X-Received: by 2002:a0c:b34b:0:b0:635:ec47:bfa0 with SMTP id a11-20020a0cb34b000000b00635ec47bfa0mr5231257qvf.49.1688747744710; Fri, 07 Jul 2023 09:35:44 -0700 (PDT) Received: from nuc (192-0-220-237.cpe.teksavvy.com. [192.0.220.237]) by smtp.gmail.com with ESMTPSA id f23-20020a0caa97000000b006300722883fsm2258705qvb.33.2023.07.07.09.35.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Jul 2023 09:35:43 -0700 (PDT) Date: Fri, 7 Jul 2023 12:35:41 -0400 From: Mark Johnston To: Kristof Provost Cc: Ed Maste , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org, Pierre Pronchery Subject: Re: git: b077aed33b7b - main - Merge OpenSSL 3.0.9 Message-ID: References: <202306232319.35NNJsPv044302@gitrepo.freebsd.org> <4FF6DBAE-F9FC-4D20-81C9-B0E0130DF06E@FreeBSD.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <4FF6DBAE-F9FC-4D20-81C9-B0E0130DF06E@FreeBSD.org> X-Spamd-Result: default: False [-1.30 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.995]; MID_RHS_NOT_FQDN(0.50)[]; NEURAL_SPAM_MEDIUM(0.40)[0.397]; FORGED_SENDER(0.30)[markj@freebsd.org,markjdb@gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20221208]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; FROM_NEQ_ENVFROM(0.00)[markj@freebsd.org,markjdb@gmail.com]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::f34:from]; MLMMJ_DEST(0.00)[dev-commits-src-all@freebsd.org,dev-commits-src-main@freebsd.org]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; ARC_NA(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; TO_DN_SOME(0.00)[]; DMARC_NA(0.00)[freebsd.org]; RCVD_TLS_LAST(0.00)[]; RCPT_COUNT_FIVE(0.00)[6]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] X-Rspamd-Queue-Id: 4QyJtB0cxdz4HP4 X-Spamd-Bar: - X-ThisMailContainsUnwantedMimeParts: N On Wed, Jul 05, 2023 at 11:56:42PM +0200, Kristof Provost wrote: > On 24 Jun 2023, at 1:19, Ed Maste wrote: > > The branch main has been updated by emaste: > > > > URL: https://cgit.FreeBSD.org/src/commit/?id=b077aed33b7b6aefca7b17ddb250cf521f938613 > > > > commit b077aed33b7b6aefca7b17ddb250cf521f938613 > > Merge: b08ee10c0646 b84c4564effd > > Author: Pierre Pronchery > > AuthorDate: 2023-06-23 22:53:35 +0000 > > Commit: Ed Maste > > CommitDate: 2023-06-23 22:53:36 +0000 > > > > Merge OpenSSL 3.0.9 > > > > It looks like we missed adding a file. > Security/opensc doesn’t build any more: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270076 > > It fails to find d2i_KeyParams when linking. The opensc code does this: > > #if OPENSSL_VERSION_NUMBER < 0x30000000L > if (!d2i_ECParameters(&ec, &a, (long)len)) > util_fatal("cannot parse > EC_PARAMS"); > EVP_PKEY_assign_EC_KEY(pkey, ec); > #else > if (!d2i_KeyParams(EVP_PKEY_EC, &pkey, &a, > len)) > util_fatal("cannot parse > EC_PARAMS"); > #endif > > d2i_KeyParams() appears to be new on openssl 3. It’s defined in d2i_param.c, > which we don’t build. I’ve tested with this patch, and that appears to fix > things: Hi Kristof, Would you mind posting the patch on phabricator? I can take a closer look in the next day, and Pierre might be available to look as well. > diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile > index 28258e796984..ef5652e8c27c 100644 > --- a/secure/lib/libcrypto/Makefile > +++ b/secure/lib/libcrypto/Makefile > @@ -74,7 +74,7 @@ SRCS+= n_pkey.c nsseq.c p5_pbe.c p5_pbev2.c > p5_scrypt.c p8_pkey.c > SRCS+= t_bitst.c t_pkey.c t_spki.c tasn_dec.c tasn_enc.c tasn_fre.c > SRCS+= tasn_new.c tasn_prn.c tasn_scn.c tasn_typ.c tasn_utl.c x_algor.c > SRCS+= x_bignum.c x_info.c x_int64.c x_long.c x_pkey.c x_sig.c x_spki.c > -SRCS+= x_val.c > +SRCS+= x_val.c d2i_param.c > > # async > SRCS+= async.c async_err.c async_posix.c async_wait.c > diff --git a/secure/lib/libcrypto/Version.map > b/secure/lib/libcrypto/Version.map > index 421819324961..74d0b8b3cef1 100644 > --- a/secure/lib/libcrypto/Version.map > +++ b/secure/lib/libcrypto/Version.map > @@ -3564,6 +3564,8 @@ OPENSSL_1_1_0 { > d2i_IPAddressOrRange; > d2i_IPAddressRange; > d2i_ISSUING_DIST_POINT; > + d2i_KeyParams; > + d2i_KeyParams_bio; Based on your analysis I think this should go into the OPENSSL_3_0_9 namespace? > d2i_NETSCAPE_CERT_SEQUENCE; > d2i_NETSCAPE_SPKAC; > d2i_NETSCAPE_SPKI; > > Best regards, > Kristof