libpki 0.9.2 fails to build with OpenSSL 3.0.1

openca / libpki

Easy-to-use high-level library for PKI-enabled applications

Other

50 stars 34 forks source link

libpki 0.9.2 fails to build with OpenSSL 3.0.1 #62

Closed kto2038 closed 1 year ago

kto2038 commented 1 year ago

libpki 0.9.2 fails to build with OpenSSL 3.0.1 on RHEL 9. make says:

openssl_hsm_pkey.c: In function ‘_pki_rsakey_new’:
openssl_hsm_pkey.c:78:5: error: ‘RSA_new’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
   78 |     if ((rsa = RSA_new()) == NULL) {
      |     ^~
compilation terminated due to -Wfatal-errors.

see https://www.openssl.org/docs/man3.0/man7/migration_guide.html#Deprecated-low-level-object-creation

ruomad commented 1 year ago

Hello, Would you consider trying the patch I submitted as a PR ? It works when I test compiling against 14-CURRENT/OpenSSL 3.0.9 Bruno

kto2038 commented 1 year ago

The build still fails with a similar message.

openssl_hsm_pkey.c: In function ‘_pki_rsakey_new’:
openssl_hsm_pkey.c:170:5: error: ‘RSA_new’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  170 |     if ((rsa = RSA_new()) == NULL) {
      |     ^~
compilation terminated due to -Wfatal-errors.

ruomad commented 1 year ago

You have to allow DEPRECATED warnings, there are still a lot of them... (You compiled with -Werror=deprecated-declarations)

kto2038 commented 1 year ago

Thank you, @ruomad . The message disappeared, but another message appeared as below.

$ CFLAGS=-Wno-deprecated-declarations ./configure
$ make

...

openssl_hsm_pkey.c: In function ‘OPENSSL_HSM_write_bio_PrivateKey’:
openssl_hsm_pkey.c:917:65: error: ‘kstr’ undeclared (first use in this function)
  917 |                 EVP_PKEY_get1_EC_KEY(x), enc, (unsigned char *) kstr, klen, cb, u);
      |                                                                 ^~~~
compilation terminated due to -Wfatal-errors.

ruomad commented 1 year ago

Hum. Are you trying to compile the current version (my port only builds version 0.9.2 with the openssl3 patch, not the current). On which platform (I'm running FreeBSD) ? Which configure options ?

ruomad commented 1 year ago

Obviously a typo, could you try this

diff -Nru libpki/src/drivers/openssl/openssl_hsm_pkey.c libpki-0.9.9-g020cc96/src/drivers/openssl/openssl_hsm_pkey.c
--- libpki/src/drivers/openssl/openssl_hsm_pkey.c       2023-08-16 12:50:17.983212000 +0200
+++ libpki-0.9.9-g020cc96/src/drivers/openssl/openssl_hsm_pkey.c        2023-08-16 12:54:33.420170000 +0200
@@ -914,7 +914,7 @@
         case EVP_PKEY_EC: {
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
             ret = PEM_write_bio_ECPrivateKey(bp,
-                EVP_PKEY_get1_EC_KEY(x), enc, (unsigned char *) kstr, klen, cb, u);
+                EVP_PKEY_get1_EC_KEY(x), enc, (unsigned char *) out_buffer, klen, cb, u);
 # elif OPENSSL_VERSION_NUMBER < 0x1010000fL
             ret = PEM_write_bio_ECPrivateKey(bp,
                 x->pkey.ec, enc, (unsigned char *) out_buffer, klen, cb, u);

kto2038 commented 1 year ago

It seems that support for OpenSSL 3 is still in progress, so I would like to wait for a while.