Source: krb5
Version: 1.18.3-7
Severity: important
Tags: patch
Dear maintainer,
krb5 fails to build with openssl3 from experimental:
|make[4]: Entering directory '/<<PKGBUILDDIR>>/build/tests/softpkcs11'
|gcc -fPIC -DSHARED -DHAVE_CONFIG_H -I../../include -I../../../src/include
-I../../../src/plugins/preauth/pkinit -DKRB5_DEPRECATED=1 -DKRB5_PRIVATE
-Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=.
-fstack-protector-strong -Wformat -Werror=format-security -Wall -Wcast-align
-Wshadow -Wmissing-prototypes -Wno-format-zero-length -Woverflow
-Wstrict-overflow -Wmissing-format-attribute -Wmissing-prototypes -Wreturn-type
-Wmissing-braces -Wparentheses -Wswitch -Wunused-function -Wunused-label
-Wunused-variable -Wunused-value -Wunknown-pragmas -Wsign-compare
-Werror=uninitialized -Wno-maybe-uninitialized -Werror=pointer-arith
-Werror=int-conversion -Werror=incompatible-pointer-types
-Werror=discarded-qualifiers -Werror=implicit-int
-Werror=declaration-after-statement -Werror-implicit-function-declaration
-pthread -c ../../../src/tests/softpkcs11/main.c -o main.so.o && mv -f
main.so.o main.so
|o > binutils.versions "HIDDEN { local: __*; _rest*; _save*; *; };"
|echo >> binutils.versions "softpkcs11_0_MIT {"
|sed >> binutils.versions < ../../../src/tests/softpkcs11/softpkcs11.exports
"s/$/;/"
|echo >> binutils.versions "};"
|../../../src/tests/softpkcs11/main.c: In function ‘application_error’:
|../../../src/tests/softpkcs11/main.c:161:5: warning: function
‘application_error’ might be a candidate for ‘gnu_printf’ format attribute
[-Wsuggest-attribute=format]
| 161 | vprintf(fmt, ap);
| | ^~~~~~~
|../../../src/tests/softpkcs11/main.c: In function ‘st_logf’:
|../../../src/tests/softpkcs11/main.c:174:5: warning: function ‘st_logf’ might
be a candidate for ‘gnu_printf’ format attribute [-Wsuggest-attribute=format]
| 174 | vfprintf(soft_token.logfile, fmt, ap);
| | ^~~~~~~~
|../../../src/tests/softpkcs11/main.c: In function ‘snprintf_fill’:
|../../../src/tests/softpkcs11/main.c:185:5: warning: function ‘snprintf_fill’
might be a candidate for ‘gnu_printf’ format attribute
[-Wsuggest-attribute=format]
| 185 | len = vsnprintf(str, size, fmt, ap);
| | ^~~
|../../../src/tests/softpkcs11/main.c: In function ‘add_pubkey_info’:
|../../../src/tests/softpkcs11/main.c:430:9: warning: ‘EVP_PKEY_get0_RSA’ is
deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
| 430 | rsa = EVP_PKEY_get0_RSA(key);
| | ^~~
|In file included from ../../../src/tests/softpkcs11/main.c:38:
|/usr/include/openssl/evp.h:1346:22: note: declared here
| 1346 | const struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
| | ^~~~~~~~~~~~~~~~~
|../../../src/tests/softpkcs11/main.c:430:13: error: assignment discards
‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
| 430 | rsa = EVP_PKEY_get0_RSA(key);
| | ^
|[...]
|cc1: some warnings being treated as errors
|make[4]: *** [Makefile:804: main.so] Error 1
|make[4]: Leaving directory '/<<PKGBUILDDIR>>/build/tests/softpkcs11'
|make[3]: *** [Makefile:1223: all-recurse] Error 1
|make[3]: Leaving directory '/<<PKGBUILDDIR>>/build/tests'
|make[2]: *** [Makefile:1546: all-recurse] Error 1
There is a patch in the OpenMandriva repository that fixes this and
which I have attached:
https://raw.githubusercontent.com/OpenMandrivaAssociation/krb5/master/krb5-openssl3.patch
(I am getting a "LaTeX Error: File `tgtermes.sty' not found." error then
which I have not further diagnosed).
Michael
diff -up krb5-1.19.1/src/tests/softpkcs11/main.c.omv~
krb5-1.19.1/src/tests/softpkcs11/main.c
--- krb5-1.19.1/src/tests/softpkcs11/main.c.omv~ 2021-03-29
17:46:17.495294577 +0200
+++ krb5-1.19.1/src/tests/softpkcs11/main.c 2021-03-29 17:50:06.618117704
+0200
@@ -427,7 +427,7 @@ add_pubkey_info(struct st_object *o, CK_
RSA *rsa;
const BIGNUM *n, *e;
- rsa = EVP_PKEY_get0_RSA(key);
+ rsa = EVP_PKEY_get1_RSA(key);
RSA_get0_key(rsa, &n, &e, NULL);
modulus_bits = BN_num_bits(n);
@@ -680,7 +680,7 @@ add_certificate(char *label,
/* XXX verify keytype */
if (key_type == CKK_RSA)
- RSA_set_method(EVP_PKEY_get0_RSA(o->u.private_key.key),
+ RSA_set_method(EVP_PKEY_get1_RSA(o->u.private_key.key),
RSA_PKCS1_OpenSSL());
if (X509_check_private_key(cert, o->u.private_key.key) != 1) {
@@ -1224,7 +1224,7 @@ C_Login(CK_SESSION_HANDLE hSession,
}
/* XXX check keytype */
- RSA_set_method(EVP_PKEY_get0_RSA(o->u.private_key.key),
+ RSA_set_method(EVP_PKEY_get1_RSA(o->u.private_key.key),
RSA_PKCS1_OpenSSL());
if (X509_check_private_key(o->u.private_key.cert,
o->u.private_key.key) != 1) {
@@ -1512,7 +1512,7 @@ C_Encrypt(CK_SESSION_HANDLE hSession,
return CKR_ARGUMENTS_BAD;
}
- rsa = EVP_PKEY_get0_RSA(o->u.public_key);
+ rsa = EVP_PKEY_get1_RSA(o->u.public_key);
if (rsa == NULL)
return CKR_ARGUMENTS_BAD;
@@ -1663,7 +1663,7 @@ C_Decrypt(CK_SESSION_HANDLE hSession,
return CKR_ARGUMENTS_BAD;
}
- rsa = EVP_PKEY_get0_RSA(o->u.private_key.key);
+ rsa = EVP_PKEY_get1_RSA(o->u.private_key.key);
if (rsa == NULL)
return CKR_ARGUMENTS_BAD;
@@ -1822,7 +1822,7 @@ C_Sign(CK_SESSION_HANDLE hSession,
return CKR_ARGUMENTS_BAD;
}
- rsa = EVP_PKEY_get0_RSA(o->u.private_key.key);
+ rsa = EVP_PKEY_get1_RSA(o->u.private_key.key);
if (rsa == NULL)
return CKR_ARGUMENTS_BAD;
@@ -1969,7 +1969,7 @@ C_Verify(CK_SESSION_HANDLE hSession,
return CKR_ARGUMENTS_BAD;
}
- rsa = EVP_PKEY_get0_RSA(o->u.public_key);
+ rsa = EVP_PKEY_get1_RSA(o->u.public_key);
if (rsa == NULL)
return CKR_ARGUMENTS_BAD;
