Ubuntu
opencryptoki package

v3.6 FTBFS with openssl 1.1

Bug #1645349 reported by Dimitri John Ledkov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
Undecided
bugproxy
opencryptoki (Ubuntu)
Fix Released
Undecided
Dimitri John Ledkov
Ubuntu ubuntu-17.01

Bug Description

Opencryptoki v3.6 fails to build from source against openssl 1.1.

Please note the old DES api has been removed in openssl 1.1

../common/sw_crypt.c: In function ‘sw_des3_cbc’:
../common/sw_crypt.c:312:2: error: unknown type name ‘des_key_schedule’
  des_key_schedule des_key1;
  ^~~~~~~~~~~~~~~~
../common/sw_crypt.c:313:2: error: unknown type name ‘des_key_schedule’
  des_key_schedule des_key2;
  ^~~~~~~~~~~~~~~~
../common/sw_crypt.c:314:2: error: unknown type name ‘des_key_schedule’
  des_key_schedule des_key3;
  ^~~~~~~~~~~~~~~~
../common/sw_crypt.c:316:2: error: unknown type name ‘const_des_cblock’
  const_des_cblock key_SSL1, key_SSL2, key_SSL3;
  ^~~~~~~~~~~~~~~~
../common/sw_crypt.c:317:2: error: unknown type name ‘des_cblock’
  des_cblock ivec;
  ^~~~~~~~~~
../common/sw_crypt.c:331:2: warning: implicit declaration of function ‘des_set_key_unchecked’ [-Wimplicit-function-declaration]
  des_set_key_unchecked(&key_SSL1, des_key1);
  ^~~~~~~~~~~~~~~~~~~~~
../common/sw_crypt.c:335:9: warning: passing argument 1 of ‘memcpy’ makes pointer from integer without a cast [-Wint-conversion]
  memcpy(ivec, init_v, sizeof(ivec));
         ^~~~
In file included from /usr/include/features.h:364:0,
                 from /usr/include/stdio.h:27,
                 from ../common/sw_crypt.c:287:
/usr/include/x86_64-linux-gnu/bits/string3.h:50:1: note: expected ‘void * restrict’ but argument is of type ‘int’
 __NTH (memcpy (void *__restrict __dest, const void *__restrict __src,
 ^
../common/sw_crypt.c:339:3: warning: implicit declaration of function ‘des_ede3_cbc_encrypt’ [-Wimplicit-function-declaration]
   des_ede3_cbc_encrypt(in_data,
   ^~~~~~~~~~~~~~~~~~~~
Makefile:669: recipe for target 'opencryptoki_stdll_libpkcs11_sw_la-sw_crypt.lo' failed
make[5]: *** [opencryptoki_stdll_libpkcs11_sw_la-sw_crypt.lo] Error 1
make[5]: Leaving directory '/<<BUILDDIR>>/opencryptoki-3.6+dfsg/usr/lib/pkcs11/soft_stdll'
Makefile:385: recipe for target 'all-recursive' failed
make[4]: *** [all-recursive] Error 1
make[4]: Leaving directory '/<<BUILDDIR>>/opencryptoki-3.6+dfsg/usr/lib/pkcs11'
Makefile:377: recipe for target 'all-recursive' failed
make[3]: *** [all-recursive] Error 1

bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-149133 severity-high targetmilestone-inin---
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
assignee: nobody → bugproxy (bugproxy)
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

This affects building opencryptoki v3.6 in Debian.
Ubuntu did not take openssl v1.1 yet, but will in the future.

Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2016-12-08 07:24 EDT-------
Hi Dimitri,

The necessary changes to build OpenCryptoki with openssl-1.1 were made and they can be found in the HEAD of the master branch.

Release 3.6.1 of OpenCryptoki will be made available by the end of this month or latest by mid-January. So for now, for testing purposes please clone the master branch.

Thanks

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Hello,

Thank you for these. It looks better. Compiling git master in debian experimental now fails with just this:

tpm_openssl.c: In function 'openssl_gen_key':
tpm_openssl.c:74:2: warning: 'RSA_generate_key' is deprecated [-Wdeprecated-declarations]
  rsa = RSA_generate_key(2048, 65537, NULL, NULL);
  ^~~
In file included from /usr/include/openssl/rsa.h:13:0,
                 from /usr/include/openssl/x509.h:31,
                 from /usr/include/openssl/pem.h:17,
                 from tpm_openssl.c:30:
/usr/include/openssl/rsa.h:193:1: note: declared here
 DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
 ^
tpm_openssl.c: In function 'openssl_get_modulus_and_prime':
tpm_openssl.c:195:30: error: dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}'
  if ((*size_n = BN_bn2bin(rsa->n, n)) <= 0) {
                              ^~
Makefile:882: recipe for target 'opencryptoki_stdll_libpkcs11_tpm_la-tpm_openssl.lo' failed

Could you please check this? Building against openssl 1.1.0c-2.

Regards,

Dimitri.

Dimitri John Ledkov (xnox)
Changed in opencryptoki (Ubuntu):
assignee: nobody → Dimitri John Ledkov (xnox)
milestone: none → ubuntu-17.01
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2016-12-12 13:05 EDT-------
Hi Dimitri,

Thank you for reporting it!

Just fixed it, it is in the master branch.

Now all the tokens should be covered (apparently my TPM was not fully functioning). If you find any other problem, just let me know.

Thanks,
Eduardo

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Looks good! Thanks a lot.

https://buildd.debian.org/status/package.php?p=opencryptoki&suite=experimental

Changed in opencryptoki (Ubuntu):
status: New → Fix Released
Changed in ubuntu-z-systems:
status: New → Fix Released
bugproxy (bugproxy)
tags: added: targetmilestone-inin1704
removed: targetmilestone-inin---
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2016-12-30 13:12 EDT-------
Hi Dimitri,

openCryptoki 3.6.1 containing the fix to build it with openssl-1.1 is now available:

https://sourceforge.net/projects/opencryptoki/

Best regards,

Eduardo

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.