dma icon indicating copy to clipboard operation
dma copied to clipboard

Published 20 hours ago verified publisher icon corecode

Make crypto.c compile/link with OpenSSL 3

Open ngie-eign opened this issue 2 years ago • 10 comments

  • Initialize libssl using non-deprecated APIs

OpenSSL 3 deprecated SSL_library_init and SSL_load_error_strings in favor of OPENSSL_init_ssl. Use OPENSSL_init_ssl when dealing with OpenSSL 1.1 and newer to unbreak the build with OpenSSL 3.

  • Move MD5 APIs to EVP_MD APIs

OpenSSL 3 deprecated all of the MD5_* APIs. Move to the equivalent EVP_MD* APIs so the code doesn't need to be pinned down to 1.1 compatible APIs and uplifted at a later date.

Co-authored-by: Pierre Pronchery [email protected] Co-authored-by: Ed Maste [email protected] Signed-off-by: Enji Cooper [email protected] Sponsored by: The FreeBSD Foundation

ngie-eign avatar May 11 '23 16:05 ngie-eign

@emaste , @khorben: FYI

ngie-eign avatar May 11 '23 16:05 ngie-eign

More work's required in order to get the program to compile cleanly with OpenSSL 3. I'll move this PR back to draft mode and fix those issues.

ngie-eign avatar May 11 '23 16:05 ngie-eign

Is -DOPENSSL_API_COMPAT=0x10100000L sufficient to build with OpenSSL 3.0 at least initially?

emaste avatar May 11 '23 16:05 emaste

Is -DOPENSSL_API_COMPAT=0x10100000L sufficient to build with OpenSSL 3.0 at least initially?

Yes, but I want to clean this up so the folks in this project don't have to do it later.

ngie-eign avatar May 11 '23 16:05 ngie-eign

Yes, but I want to clean this up so the folks in this project don't have to do it later.

Sounds good!

emaste avatar May 11 '23 16:05 emaste

\o/

emaste avatar May 11 '23 18:05 emaste

I've confirmed that the newest revision is functionally correct and produces the same values as it did previously -- I also compared the logic in the python hmac module to confirm that it was sane:

$ make check
./hmac-md5-test1 --short
key: this is a passcode
text: abcdefghijklmnop
digest: 369b855bac0edb31107b180d2b76ed31
./hmac-md5-test1 --long
key: this is a SUPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPER LONG passcode
text: abcdefghijklmnop
digest: 54ecf5f3274c
./hmac-md5-test3 --short
key: this is a passcode
text: abcdefghijklmnop
digest: 369b855bac0edb31107b180d2b76ed31
./hmac-md5-test3 --long
key: this is a SUPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPER LONG passcode
text: abcdefghijklmnop
digest: 54ecf5f3274c
./hmac-md5-test.py --short
key: this is a passcode
text: abcdefghijklmnop
digest: 369b855bac0e
./hmac-md5-test.py --long
key: this is a SUPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPER LONG passcode
text: abcdefghijklmnop
digest: 54ecf5f3274c

ngie-eign avatar May 11 '23 20:05 ngie-eign

@emaste can you check and merge this PR?

corecode avatar May 12 '23 12:05 corecode

@corecode it might be a little while, but I will put it on the list.

I presume we'd like @ngie-eign to squash the fixups into one commit?

emaste avatar May 12 '23 13:05 emaste

@corecode it might be a little while, but I will put it on the list.

I presume we'd like @ngie-eign to squash the fixups into one commit?

Yes, I was planning on doing that. I left them as fixup commits to aid with reviewing.

ngie-eign avatar May 12 '23 19:05 ngie-eign