Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build against openssl-3 fails: #21

Closed
Polynomial-C opened this issue Mar 4, 2022 · 3 comments · Fixed by #22
Closed

Build against openssl-3 fails: #21

Polynomial-C opened this issue Mar 4, 2022 · 3 comments · Fixed by #22

Comments

@Polynomial-C
Copy link

Polynomial-C commented Mar 4, 2022
edited

This was reported downstream at https://bugs.gentoo.org/805929

libtool: compile:  i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I.. -DLOCALEDIR=\"/usr/share/locale\" -march=native -O2 -pipe -Wall -Wextra -Wno-unused-parameter -Werror -c match_openssh.c  -fPIC -DPIC -o .libs/match_openssh.o   [181/1495]
match_openssh.c: In function ‘ssh1_line_to_key’:
match_openssh.c:71:9: error: ‘RSA_new’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
   71 |         rsa = RSA_new();
      |         ^~~
In file included from /usr/include/openssl/x509.h:36,
                 from match_openssh.c:11:
/usr/include/openssl/rsa.h:201:28: note: declared here
  201 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
      |                            ^~~~~~~
match_openssh.c:142:9: error: ‘RSA_set0_key’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  142 |         if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL))
      |         ^~
In file included from /usr/include/openssl/x509.h:36,
                 from match_openssh.c:11:
/usr/include/openssl/rsa.h:207:27: note: declared here
  207 | OSSL_DEPRECATEDIN_3_0 int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
      |                           ^~~~~~~~~~~~
match_openssh.c:145:9: error: ‘EVP_PKEY_assign’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  145 |         EVP_PKEY_assign_RSA(key, rsa);
      |         ^~~~~~~~~~~~~~~~~~~
In file included from match_openssh.c:9:
/usr/include/openssl/evp.h:1328:5: note: declared here
 1328 | int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
      |     ^~~~~~~~~~~~~~~
match_openssh.c: In function ‘ssh2_line_to_key’:
match_openssh.c:232:9: error: ‘RSA_new’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  232 |         rsa = RSA_new();
      |         ^~~
In file included from /usr/include/openssl/x509.h:36,
                 from match_openssh.c:11:
/usr/include/openssl/rsa.h:201:28: note: declared here
  201 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
      |                            ^~~~~~~
match_openssh.c:235:9: error: ‘RSA_set0_key’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  235 |         if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
      |         ^~
In file included from /usr/include/openssl/x509.h:36,
                 from match_openssh.c:11:
/usr/include/openssl/rsa.h:207:27: note: declared here
  207 | OSSL_DEPRECATEDIN_3_0 int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
      |                           ^~~~~~~~~~~~
match_openssh.c:237:17: error: ‘RSA_free’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  237 |                 RSA_free(rsa);
      |                 ^~~~~~~~
In file included from /usr/include/openssl/x509.h:36,
                 from match_openssh.c:11:
/usr/include/openssl/rsa.h:293:28: note: declared here
  293 | OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);
      |                            ^~~~~~~~
match_openssh.c:241:9: error: ‘EVP_PKEY_assign’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  241 |         EVP_PKEY_assign_RSA(key, rsa);
      |         ^~~~~~~~~~~~~~~~~~~
In file included from match_openssh.c:9:
/usr/include/openssl/evp.h:1328:5: note: declared here
 1328 | int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
      |     ^~~~~~~~~~~~~~~
match_openssh.c: In function ‘ssh_nistp_line_to_key’:
match_openssh.c:338:9: error: ‘EC_KEY_new_by_curve_name’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  338 |         ec_key = EC_KEY_new_by_curve_name(nid);
      |         ^~~~~~
In file included from /usr/include/openssl/x509.h:33,
                 from match_openssh.c:11:
/usr/include/openssl/ec.h:996:31: note: declared here
  996 | OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid);
      |                               ^~~~~~~~~~~~~~~~~~~~~~~~
match_openssh.c:346:9: error: ‘EC_KEY_set_public_key_affine_coordinates’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  346 |         if (!EC_KEY_set_public_key_affine_coordinates(ec_key, x, y)) {
      |         ^~
In file included from /usr/include/openssl/x509.h:33,
                 from match_openssh.c:11:
/usr/include/openssl/ec.h:1120:27: note: declared here                                                                                                                                                                             [110/1495]
 1120 | OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key,
      |                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
match_openssh.c:347:17: error: ‘EC_KEY_free’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  347 |                 EC_KEY_free(ec_key);
      |                 ^~~~~~~~~~~
In file included from /usr/include/openssl/x509.h:33,
                 from match_openssh.c:11:
/usr/include/openssl/ec.h:1001:28: note: declared here
 1001 | OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key);
      |                            ^~~~~~~~~~~
match_openssh.c:354:9: error: ‘EVP_PKEY_assign’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  354 |         EVP_PKEY_assign_EC_KEY(key, ec_key);
      |         ^~~~~~~~~~~~~~~~~~~~~~
In file included from match_openssh.c:9:
/usr/include/openssl/evp.h:1328:5: note: declared here
 1328 | int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
      |     ^~~~~~~~~~~~~~~
match_openssh.c: In function ‘match_user_openssh’:
match_openssh.c:403:17: error: ‘EVP_PKEY_cmp’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  403 |                 if (1 == EVP_PKEY_cmp(authkey, key)) {
      |                 ^~
In file included from match_openssh.c:9:
/usr/include/openssl/evp.h:1418:5: note: declared here
 1418 | int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
      |     ^~~~~~~~~~~~
cc1: all warnings being treated as errors
make[2]: *** [Makefile:523: match_openssh.lo] Error 1
make[2]: Leaving directory '/var/tmp/portage/sys-auth/pam_p11-0.3.1/work/pam_p11-0.3.1/src'
make[1]: *** [Makefile:496: all-recursive] Error 1
make[1]: Leaving directory '/var/tmp/portage/sys-auth/pam_p11-0.3.1/work/pam_p11-0.3.1'
make: *** [Makefile:407: all] Error 2
@frankmorgner
Copy link
Member

I can only see the deprecated warnings...

Note that libp11 (dependency of pam_p11) also still uses deprecated functions, too. So this kind of issue is not resolved by only patching pam_p11.

@frankmorgner frankmorgner mentioned this issue Mar 8, 2022
Merged
@Polynomial-C
Copy link
Author

That's because of -Werror=deprecated-declarations (even though I haven't yet found where that comes from). But unlike pam_p11, libp11 compiles fine on my openssl-3 test boxes.
I've seen Ubuntu adding -Wno-error=deprecated-declarations to some of their build scripts but I don't think that's the right approach to do here.

@frankmorgner
Copy link
Member

Yeah, indeed, suppressing the warning is not the way to go. See #22 for a real fix. However, I cannot test this at the moment...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added compatibility with OpenSSL 3+ OpenSC/pam_p11
2 participants
@frankmorgner @Polynomial-C