Make crypto.c compile/link with OpenSSL 3

corecode / dma

The DragonFly Mail Agent, a small Mail Transport Agent (MTA), designed for home and office use.

Other

226 stars 50 forks source link

Make crypto.c compile/link with OpenSSL 3 #126

Open ngie-eign opened 1 year ago

ngie-eign commented 1 year ago

Initialize libssl using non-deprecated APIs

OpenSSL 3 deprecated SSL_library_init and SSL_load_error_strings in favor of OPENSSL_init_ssl. Use OPENSSL_init_ssl when dealing with OpenSSL 1.1 and newer to unbreak the build with OpenSSL 3.

Move MD5 APIs to EVP_MD APIs

OpenSSL 3 deprecated all of the MD5_ APIs. Move to the equivalent EVP_MD APIs so the code doesn't need to be pinned down to 1.1 compatible APIs and uplifted at a later date.

Co-authored-by: Pierre Pronchery pierre@freebsdfoundation.org Co-authored-by: Ed Maste emaste@FreeBSD.org Signed-off-by: Enji Cooper yaneurabeya@gmail.com Sponsored by: The FreeBSD Foundation

ngie-eign commented 1 year ago

@emaste , @khorben: FYI

ngie-eign commented 1 year ago

More work's required in order to get the program to compile cleanly with OpenSSL 3. I'll move this PR back to draft mode and fix those issues.

emaste commented 1 year ago

Is -DOPENSSL_API_COMPAT=0x10100000L sufficient to build with OpenSSL 3.0 at least initially?

ngie-eign commented 1 year ago

Is -DOPENSSL_API_COMPAT=0x10100000L sufficient to build with OpenSSL 3.0 at least initially?

Yes, but I want to clean this up so the folks in this project don't have to do it later.

emaste commented 1 year ago

Yes, but I want to clean this up so the folks in this project don't have to do it later.

Sounds good!

emaste commented 1 year ago

\o/

ngie-eign commented 1 year ago

I've confirmed that the newest revision is functionally correct and produces the same values as it did previously -- I also compared the logic in the python hmac module to confirm that it was sane:

$ make check
./hmac-md5-test1 --short
key: this is a passcode
text: abcdefghijklmnop
digest: 369b855bac0edb31107b180d2b76ed31
./hmac-md5-test1 --long
key: this is a SUPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPER LONG passcode
text: abcdefghijklmnop
digest: 54ecf5f3274c
./hmac-md5-test3 --short
key: this is a passcode
text: abcdefghijklmnop
digest: 369b855bac0edb31107b180d2b76ed31
./hmac-md5-test3 --long
key: this is a SUPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPER LONG passcode
text: abcdefghijklmnop
digest: 54ecf5f3274c
./hmac-md5-test.py --short
key: this is a passcode
text: abcdefghijklmnop
digest: 369b855bac0e
./hmac-md5-test.py --long
key: this is a SUPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPER LONG passcode
text: abcdefghijklmnop
digest: 54ecf5f3274c

corecode commented 1 year ago

@emaste can you check and merge this PR?

emaste commented 1 year ago

@corecode it might be a little while, but I will put it on the list.

I presume we'd like @ngie-eign to squash the fixups into one commit?

ngie-eign commented 1 year ago

@corecode it might be a little while, but I will put it on the list.

I presume we'd like @ngie-eign to squash the fixups into one commit?

Yes, I was planning on doing that. I left them as fixup commits to aid with reviewing.