Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

p11_ec does not compile for OpenSSL 1.0.2 - fix proposed #77

Closed
DDvO opened this issue Apr 18, 2016 · 7 comments
Closed

p11_ec does not compile for OpenSSL 1.0.2 - fix proposed #77

DDvO opened this issue Apr 18, 2016 · 7 comments

Comments

@DDvO
Copy link

DDvO commented Apr 18, 2016
edited
Loading

Nice to see that EC support has been added meanwhile. Trying it out, I found and fixed three issues with p11_ec.c.

Here's the first one: it does not compile with OpenSSL 1.0.2 (to be more precise: 1.0.2d) because the declaration for struct ecdsa_method is not visible. This can be corrected easily as given in the attached diff/patch file.

p11_ec_OpenSSL-1.0.2d_ecdsa_method.patch.txt
@mtrojnar
Copy link
Member

Please use pull requests to submit changes.

@mouse07410
Copy link
Contributor

I'm a little surprised because I use libp11 mainly with OpenSSL-1.0.2, and only testing with 1.1.0. ECC seemed to compile and work OK here on Mac OS X.

@mtrojnar
Copy link
Member

Which exact OpenSSL 1.0.2 release did you use for testing it?

@DDvO DDvO mentioned this issue Apr 18, 2016
Closed
@DDvO
Copy link
Author

DDvO commented Apr 18, 2016

I'm using OpenSSL 1.0.2d; maybe include/ec.h has been corrected since then to includestruct ecdsa_method. In this case, the version numbers given in my fix need to be refined.

@dengert
Copy link
Member

dengert commented Apr 18, 2016

It compiles with openssl-1.0.2f The EC code has undergone a lot of changes and parts needed for ECDSA was only added in 1.0.2
See:
https://mta.openssl.org/pipermail/openssl-dev/2014-December/000192.html

@mtrojnar
Copy link
Member

I could not reproduce this issue. The functions to allocate and set fields of ECDSA_METHOD were added in openssl/openssl@7c23127 and released with OpenSSL 1.0.2. struct ecdsa_method is never used in libp11 when compiled with OpenSSL 1.0.2 and later.

@DDvO
Copy link
Author

DDvO commented Apr 19, 2016

Oh, you are right. Thanks for your comments. We can close this issue as invalid.

struct ecdsa_method is not directly used by libp11 for OpenSSL versions below 1.1, though functions like int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) and ECDSA_METHOD *PKCS11_get_ecdsa_method(void) are called in p11_ec.c and deal with pointers to type ECDSA_METHOD, which is declared as typedef struct ecdsa_method ECDSA_METHOD.
I was mislead by a colleague who thought she needs to directly access that structure in order to set the do_sign pointer, but it's much better to use the public ECDSA_METHOD_set_sign() function, like libp11 does.

@DDvO DDvO closed this as completed Apr 19, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dengert @DDvO @mouse07410 @mtrojnar