Bug 272190

Summary:

security/pkcs11-helper: make OpenSSL 3.0 compatible

Product:

Ports & Packages

Reporter:

Matthias Andree <mandree>

Component:

Individual Port(s)

Assignee:

Alex Dupre <ale>

Status:

Closed FIXED

Severity:

Affects Only Me

CC:

dim, emaste, gert

Priority:

---

Keywords:

needs-qa, patch

Version:

Latest

Flags:

ale: maintainer-feedback+

Hardware:

Any

OS:

Any

Bug Depends on:

Bug Blocks:

271047, 271656

Attachments:

Description	Flags
git format-patch like patch to let pkcs11-helper compile with LLVM16 and OpenSSL3.0 - run-time untested!	none
security/pkcs11-helper: fix build with clang 16 and openssl 3.0	none

Description Matthias Andree freebsd_committer

2023-06-24 18:39:20 UTC

Created attachment 242975 [details]
git format-patch like patch to let pkcs11-helper compile with LLVM16 and OpenSSL3.0 - run-time untested!

OpenSSL 3.0 changed the prototype for the dup_func
of the customer data callback functions, the third
argument (from_d) switched from void * to void **.

See
https://www.openssl.org/docs/man3.0/man3/CRYPTO_get_ex_new_index.html

This breaks compile on FreeBSD-CURRENT, which uses OpenSSL 3.0.9 in base, and also uses the stricter LLVM/clang 16.0.6.

Add an OPENSSL_VERSION_SWITCH to support the newer
OpenSSL >= 3.0 prototype.

This could go with an
Approved by: portmgr@ (blanket just-fix-it)

... but I cannot test the run-time myself, so I am looking for ale@'s or somebody else's support to test.

Comment 1 Dimitry Andric freebsd_committer

2023-06-26 09:56:39 UTC

Created attachment 243008 [details]
security/pkcs11-helper: fix build with clang 16 and openssl 3.0

I came to approximately the same approach, though I didn't like upstream's way of doing the #if statements outside the function prototype, so I changed that.

Comment 2 Alex Dupre freebsd_committer

2023-06-28 08:47:14 UTC

The upstream patch for this issue is worse: https://github.com/OpenSC/pkcs11-helper/commit/6b7674a59dee3f1ba1de6caefed11299beaa4675

But if that's ok for them, surely this one is fine, too. You have my approval to commit it @mandree

Comment 3 commit-hook freebsd_committer

2023-06-28 20:55:23 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b419a572ee2ea98a2dbf4b1e219e057ffef56cb3

commit b419a572ee2ea98a2dbf4b1e219e057ffef56cb3
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2023-06-24 18:32:19 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2023-06-28 20:49:54 +0000

    security/pkcs11-helper: make OpenSSL 3.0 compatible

    OpenSSL 3.0 changed the prototype for the dup_func
    of the customer data callback functions, the third
    argument (from_d) switched from void * to void **.

    See
    https://www.openssl.org/docs/man3.0/man3/CRYPTO_get_ex_new_index.html

    This breaks compile on FreeBSD-CURRENT, which also
    uses the stricter LLVM/clang 16.

    Add an OPENSSL_VERSION_NUMBER #elif case
    to support the newer OpenSSL >= 3.0 prototype.

    Approved by:    ale@ (Alex Dupre, maintainer)
    PR:             272190

 .../files/patch-lib_pkcs11h-openssl.c              | 28 ++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

Comment 4 Matthias Andree freebsd_committer

2023-06-28 21:04:05 UTC

Alex, thanks for the review, link, and approval.

Dimitry, I think it's more a matter of style and how readable someone finds it from their vantage point - it seems we both found logically/functionally the same solution, just a different wording. 

As Alex writes, the upstream change makes me scratch my head, but I don't know what compiler Alon Bar-Lev uses, and for a reasonably coarse approximation of a C compiler void ** and void * are implicitly promotable so the compiler won't care.

I do not personally care enough to tell upstream "you might have just broken OpenSSL 1.1.1 compilation on picky compilers" because that's fixing for the past, not for the future.