search

OpenSC / pkcs11-helper

Library that simplifies the interaction with PKCS#11 providers for end-user applications using a simple API and optional OpenSSL engine
Other
65 stars 43 forks source link

pkcs11.h: fix build with latest libnss #38

Closed ffontaine closed 3 years ago

ffontaine commented 3 years ago

Build is broken with libnss in version 3.66 and https://github.com/nss-dev/nss/commit/595deb8fbce65e931935fb7e22aea785cb6016ad because CK_NSS_GetFIPSStatus is undefined as _pkcs11h-crypto-nss.c is defining _PKCS11T_H_:

In file included from /home/buildroot/autobuild/instance-1/output-1/host/bin/../arc-buildroot-linux-gnu/sysroot/usr/include/nss/keythi.h:10,
                 from /home/buildroot/autobuild/instance-1/output-1/host/bin/../arc-buildroot-linux-gnu/sysroot/usr/include/nss/cert.h:21,
                 from _pkcs11h-crypto-nss.c:58:
/home/buildroot/autobuild/instance-1/output-1/host/bin/../arc-buildroot-linux-gnu/sysroot/usr/include/nss/secmodt.h:79:5: error: unknown type name 'CK_NSS_GetFIPSStatus'
   79 |     CK_NSS_GetFIPSStatus fipsIndicator;
      |     ^~~~~~~~~~~~~~~~~~~~

Fixes:

Signed-off-by: Fabrice Fontaine fontaine.fabrice@gmail.com

alonbl commented 3 years ago

Thanks. However, this is not expected behavior of NSS to force its own extensions. Maybe we try the opposite... rearrange the include order in lib/_pkcs11h-crypto-nss.c so that nss will be first?

ffontaine commented 3 years ago

Including nss.h before _pkcs11h-crypto.h will raise numerous build failures, for example:

In file included from ../include/pkcs11-helper-1.0/pkcs11h-def.h:79,
                 from ../include/pkcs11-helper-1.0/pkcs11h-engines.h:73,
                 from _pkcs11h-crypto.h:56,
                 from _pkcs11h-crypto-nss.c:59:
../include/pkcs11-helper-1.0/pkcs11.h:1219:27: error: conflicting types for 'CK_VERSION'
 1219 | typedef struct ck_version CK_VERSION;
      |                           ^~~~~~~~~~
libtool: compile:  /home/fabrice/buildroot/output/host/bin/arm-buildroot-linux-musleabihf-gcc -DHAVE_CONFIG_H -I. -I.. -I../include -I../include -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -I/home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-musleabihf/sysroot/usr/include/p11-kit-1 -I/home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-musleabihf/sysroot/usr/include/nss -I/home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-musleabihf/sysroot/usr/include/nspr -c pkcs11h-openssl.c  -fPIC -DPIC -o .libs/pkcs11h-openssl.o
In file included from /home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-musleabihf/sysroot/usr/include/nss/keythi.h:9,
                 from /home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-musleabihf/sysroot/usr/include/nss/cert.h:21,
                 from _pkcs11h-crypto-nss.c:56:
/home/fabrice/buildroot/output/host/bin/../arm-buildroot-linux-musleabihf/sysroot/usr/include/nss/pkcs11t.h:86:3: note: previous declaration of 'CK_VERSION' was here
   86 | } CK_VERSION;
      |   ^~~~~~~~~~
alonbl commented 3 years ago

Please try #39.

ffontaine commented 3 years ago

It works fine, thanks a lot for fixing this issue.