build error with libressl 2.4.5

[rofl0r]

gpg_common_plug.o: In function `gpg_common_check':                              
gpg_common_plug.c:1587: undefined reference to `DSA_set0_pqg'
gpg_common_plug.c:1588: undefined reference to `DSA_set0_key'
gpg_common_plug.c:1081: undefined reference to `DSA_get0_pqg' 
gpg_common_plug.c:1082: undefined reference to `DSA_get0_key'

[rofl0r]

preliminary patch:

--- JohnTheRipper-0d089b16ea1d77ec4dcebcbf2cca7e3ece9feaaa.org/src/gpg_common_plug.c
+++ JohnTheRipper-0d089b16ea1d77ec4dcebcbf2cca7e3ece9feaaa/src/gpg_common_plug.c
@@ -1077,7 +1077,7 @@
                error();
        }
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if 0 && OPENSSL_VERSION_NUMBER >= 0x10100000
        DSA_get0_pqg(dsa, &p, &q, &g);
        DSA_get0_key(dsa, &pub_key, &priv_key);
        error = BN_mod_exp(res, g, priv_key, p, ctx);
@@ -1571,7 +1571,7 @@
                        OPENSSL_free(str);
 
                        if (gpg_common_cur_salt->pk_algorithm == PKA_DSA) { /* DSA check */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if 0 && OPENSSL_VERSION_NUMBER >= 0x10100000
                                DSA *dsa = DSA_new();
                                BIGNUM *p, *q, *g, *pub_key, *priv_key;
 

[magnumripper]

So LibreSSL did not drop those functions yet? Is there a macro we can check for that indicates we're actually dealing with LibreSSL?

[magnumripper]

So LibreSSL did not drop those functions yet?

I read it the wrong way: OpenSSL has to be new enough. LibreSSL apparently don't mimic OPENSSL_VERSION_NUMBER?

[rofl0r]

I see this in my patch for wpa_supplicant 2.5:

-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) 

[rofl0r]

I suspect the proper way might be to make a configure check "whether openssl library has DSA_get0_pqg" and then in the code: #if OPENSSL_HAS_DSA_GET0 ...

[claudioandre-br]

RFC

solar, I have not idea if magnum has a good internet connection; anyway, this kind of bug is a good reason to install docker on one Openwall's test machine:

• allow a set of developers (to whom you have granted access) to test JtR using unusual configuration.

[magnumripper]

Solar is @solardiz here!

FWIW I think we should get rid of OpenSSL (et al) dependencies ASAP. We have code for damn near everything in our tree already, yet we're using OpenSSL (which isn't even faster).

[kholia]

We don't have own code for doing RSA/DSA asymmetric crypto stuff (yet).

[rofl0r]

Could be copied from libtomcrypt, which is under the WTFPL.

[rofl0r]

@kholia could you please refrain from "correcting" my caps? thanks. after all, this is not a grammar contest here.

[kholia]

@rofl0r Hi! Sorry about that. I find that correctly formed sentences are easier and more pleasant to read, and follow.

The "no caps" style is perhaps suitable for IRC communication but using well formed sentences seems more suitable on GitHub.