Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make crypto.c compile/link with OpenSSL 3 #126

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Make crypto.c compile/link with OpenSSL 3 #126

wants to merge 1 commit into from

Conversation

ngie-eign
Copy link

@ngie-eign ngie-eign commented May 11, 2023
edited
Loading

  • Initialize libssl using non-deprecated APIs

OpenSSL 3 deprecated SSL_library_init and SSL_load_error_strings in
favor of OPENSSL_init_ssl. Use OPENSSL_init_ssl when dealing with
OpenSSL 1.1 and newer to unbreak the build with OpenSSL 3.

  • Move MD5 APIs to EVP_MD APIs

OpenSSL 3 deprecated all of the MD5_* APIs. Move to the equivalent
EVP_MD* APIs so the code doesn't need to be pinned down to 1.1
compatible APIs and uplifted at a later date.

Co-authored-by: Pierre Pronchery pierre@freebsdfoundation.org
Co-authored-by: Ed Maste emaste@FreeBSD.org
Signed-off-by: Enji Cooper yaneurabeya@gmail.com
Sponsored by: The FreeBSD Foundation

@ngie-eign
Copy link
Author

@emaste , @khorben: FYI

@ngie-eign
Copy link
Author

More work's required in order to get the program to compile cleanly with OpenSSL 3. I'll move this PR back to draft mode and fix those issues.

@ngie-eign ngie-eign marked this pull request as draft May 11, 2023 16:35
@emaste
Copy link
Collaborator

emaste commented May 11, 2023

Is -DOPENSSL_API_COMPAT=0x10100000L sufficient to build with OpenSSL 3.0 at least initially?

@ngie-eign
Copy link
Author

Is -DOPENSSL_API_COMPAT=0x10100000L sufficient to build with OpenSSL 3.0 at least initially?

Yes, but I want to clean this up so the folks in this project don't have to do it later.

@emaste
Copy link
Collaborator

emaste commented May 11, 2023

Yes, but I want to clean this up so the folks in this project don't have to do it later.

Sounds good!

@ngie-eign ngie-eign force-pushed the openssl3 branch 2 times, most recently from 41d0a50 to 7c4876e Compare May 11, 2023 17:58
@ngie-eign ngie-eign changed the title Initialize libssl using non-deprecated APIs Make crypto.c compile/link with OpenSSL 3 May 11, 2023
emaste
emaste reviewed May 11, 2023
View reviewed changes
@emaste
Copy link
Collaborator

emaste commented May 11, 2023

\o/

@ngie-eign ngie-eign marked this pull request as ready for review May 11, 2023 19:02
@ngie-eign
Copy link
Author

I've confirmed that the newest revision is functionally correct and produces the same values as it did previously -- I also compared the logic in the python hmac module to confirm that it was sane:

$ make check
./hmac-md5-test1 --short
key: this is a passcode
text: abcdefghijklmnop
digest: 369b855bac0edb31107b180d2b76ed31
./hmac-md5-test1 --long
key: this is a SUPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPER LONG passcode
text: abcdefghijklmnop
digest: 54ecf5f3274c
./hmac-md5-test3 --short
key: this is a passcode
text: abcdefghijklmnop
digest: 369b855bac0edb31107b180d2b76ed31
./hmac-md5-test3 --long
key: this is a SUPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPER LONG passcode
text: abcdefghijklmnop
digest: 54ecf5f3274c
./hmac-md5-test.py --short
key: this is a passcode
text: abcdefghijklmnop
digest: 369b855bac0e
./hmac-md5-test.py --long
key: this is a SUPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPER LONG passcode
text: abcdefghijklmnop
digest: 54ecf5f3274c

ngie-eign added a commit to ngie-eign/scratch that referenced this pull request May 11, 2023
@ngie-eign
Add OpenSSL demo used to prove corecode/dma#126
b650807
ngie-eign added a commit to ngie-eign/scratch that referenced this pull request May 11, 2023
@ngie-eign
Add OpenSSL demo used to prove corecode/dma#126
41068fe
@ngie-eign ngie-eign mentioned this pull request May 11, 2023
Closed
emaste
emaste reviewed May 11, 2023
View reviewed changes
@corecode
Copy link
Owner

@emaste can you check and merge this PR?

emaste
emaste reviewed May 12, 2023
View reviewed changes
@emaste
Copy link
Collaborator

emaste commented May 12, 2023

@corecode it might be a little while, but I will put it on the list.

I presume we'd like @ngie-eign to squash the fixups into one commit?

@ngie-eign
Copy link
Author

@corecode it might be a little while, but I will put it on the list.

I presume we'd like @ngie-eign to squash the fixups into one commit?

Yes, I was planning on doing that. I left them as fixup commits to aid with reviewing.

@ngie-eign
Make crypto.c compile/link with OpenSSL 3
9c3c470 
- Initialize libssl using non-deprecated APIs

OpenSSL 3 deprecated `SSL_library_init` and `SSL_load_error_strings` in
favor of `OPENSSL_init_ssl`. Use `OPENSSL_init_ssl` when dealing with
OpenSSL 1.1 and newer to unbreak the build with OpenSSL 3.

- Move MD5 APIs to EVP_MD APIs

OpenSSL 3 deprecated all of the `MD5_`* APIs. Move to the equivalent
`EVP_MD`* APIs so the code doesn't need to be pinned down to 1.1
compatible APIs and uplifted at a later date.

Co-authored-by: Pierre Pronchery <pierre@freebsdfoundation.org>
Co-authored-by: Ed Maste <emaste@FreeBSD.org>
Signed-off-by: Enji Cooper <yaneurabeya@gmail.com>
Sponsored by:	The FreeBSD Foundation
ngie-eign added a commit to ngie-eign/scratch that referenced this pull request Jun 30, 2023
@ngie-eign
Add OpenSSL demo used to prove corecode/dma#126
ca80a8e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emaste emaste emaste left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ngie-eign @emaste @corecode