Created attachment 197982 [details] Fix OpenSSL 1.1.x build mail/libdomainkeys: Fix OpenSSL build PR: 231931 Submitted by: Nathan <ndowens@yahoo.com> Approved by: portmgr (unmaintained port)
+- EVP_MD_CTX mdctx; /* the hash */ ++ EVP_MD_CTX *mdctx; /* the hash */ This is not ok. You cannot just make things a pointer to fix "field has incomplete type" style errors. I have not tested on a branch with OpenSSL 1.1.1 but it breaks releases with older OpenSSL versions and produces warnings like the following: domainkeys.c:1749:22: warning: incompatible pointer types passing 'EVP_MD_CTX **' (aka 'struct env_md_ctx_st **') to parameter of type 'EVP_MD_CTX *' (aka 'struct env_md_ctx_st *'); remove & [-Wincompatible-pointer-types] EVP_DigestUpdate(&dk->mdctx, dk->hash_buff, dk->hash_buff_len); ^~~~~~~~~~ /usr/include/openssl/evp.h:595:34: note: passing argument to parameter 'ctx' here int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); ^ domainkeys.c:1952:27: warning: incompatible pointer types passing 'EVP_MD_CTX **' (aka 'struct env_md_ctx_st **') to parameter of type 'EVP_MD_CTX *' (aka 'struct env_md_ctx_st *'); remove & [-Wincompatible-pointer-types] i = EVP_VerifyFinal(&dk->mdctx, md_value, md_len, publickey); ^~~~~~~~~~ /usr/include/openssl/evp.h:654:33: note: passing argument to parameter 'ctx' here int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, ^ domainkeys.c:2061:21: warning: incompatible pointer types passing 'EVP_MD_CTX **' (aka 'struct env_md_ctx_st **') to parameter of type 'EVP_MD_CTX *' (aka 'struct env_md_ctx_st *'); remove & [-Wincompatible-pointer-types] EVP_SignFinal(&dk->mdctx, sig, &siglen, pkey); ^~~~~~~~~~ While the build succeeds these warnings should not be ignored and break the runtime (tested via libdomainkeys test suite).
Created attachment 198020 [details] Fix OpenSSL 1.1.x build Tobik how's this patch. I got rid of all the EVP errors. What's left is errors that was there before patch
Comment on attachment 198020 [details] Fix OpenSSL 1.1.x build It's a step in the right direction. The test suite still does not run correctly. I think the problem is that mdctx is still uninitialized and never allocated any memory. You're freeing it in dk_free(), but it's never allocated in dk_init() (AFAICT this should happen with EVP_MD_CTX_create or EVP_MD_CTX_new). Btw, here's how you can run the test suite: 1. Go to ${WRKSRC} 2. Compile dktest: cc -o dktest dktest.c -I. libdomainkeys.a -lcrypto 3. Run the test suite: ./test
(In reply to Tobias Kortkamp from comment #3) Thanks for the reply. When I go on lunch I’ll fix it
(In reply to Tobias Kortkamp from comment #3) Good news. I found a patch that works. Only error I get is no pub key available. I just got to adjust it where it works on base and devel version of OpenSSL
Created attachment 198062 [details] OpenSSL patch OK this one should be fine. I tested in openssl base and openssl 1.1 and both give the same error at the end Also have to modify the test compile a bit: cc -o dktest dktest.c -I. libdomainkeys.a -lssl -lcrypto
Created attachment 198064 [details] OpenSSL patch Forgot to svn add patch
Comment on attachment 198064 [details] OpenSSL patch Where did you find the patch? It has many bogus changes like: + static DK_STAT dkstore_char(DK *dk, char ch) + { +- if (dk->headerlen >= dk->headermax) ++ if (dk->headerlen < dk->headermax) + { This seems like an unrelated change? +@@ -924,18 +967,26 @@ static void dkhash(DK *dk, const unsigned char *ptr) + } + else + { +- while (dk->state >= 2) ++ while (dk->state < 2) Hmm? +- if (snprintf(header_list,sizeof(header_list),":%s:",dk->headers) >= sizeof(header_list)) ++ if (snprintf(header_list,sizeof(header_list),":%s:",dk->headers) < sizeof(header_list)) + { + //header list is too large for buffer Woah... What's up with these extra changes? +- if (st >= (sizeof errors) / (sizeof errors[0])) ++ if (st < (sizeof errors) / (sizeof errors[0])) + { Definitely wrong...
(In reply to Tobias Kortkamp from comment #8) http://git.pld-linux.org/?p=packages/libdomainkeys.git;a=blob;f=openssl.patch;h=a79c3f6b9431bb339b21937a54ce42c944f67090;hb=0b35df2ead77bfee132c88109c001ba079da27cd
(In reply to Nathan from comment #9) Ok, but the patch from PLD Linux has none of the < to > flips etc. Can you amend your patch and remove them? I think it's ok otherwise.
(In reply to Tobias Kortkamp from comment #10) Are you referring to the OpenSSL version part of the code? If so I put them there to not break OpenSSL base
(In reply to Nathan from comment #11) No, I refer to the changes like the ones mentioned in comment #8.
Created attachment 198073 [details] OpenSSL patch
Created attachment 198085 [details] libdomainkeys.diff v6 Thank you. The patch was missing a few bits from the PLD Linux patch. I've added them back in. I also removed the HAVE_ERR_REMOVE_STATE changes. They do not appear to be needed and neither OpenSSL 1.1.1 nor 1.0.2p nor the build itself define it. The test suite now passes with OpenSSL 1.1.1 and 1.0.2p (on 12.0-ALPHA9 and 12.0-ALPHA6 respectively).
Let's land this.
A commit references this bug: Author: tobik Date: Mon Nov 5 21:09:42 UTC 2018 New revision: 484222 URL: https://svnweb.freebsd.org/changeset/ports/484222 Log: mail/libdomainkeys: Unbreak with OpenSSL 1.1.1 [1] - Hook up the test suite - Stop installing the test script which is useless beyond port testing, and calls a dktest binary that is never installed or built normally - Cleanup/remove post-patch PR: 232133 Submitted by: Nathan <ndowens@yahoo.com> [1] (based on) Obtained from: PLD Linux [1] (based on) Changes: head/mail/libdomainkeys/Makefile head/mail/libdomainkeys/files/Makefile head/mail/libdomainkeys/files/patch-domainkeys.c head/mail/libdomainkeys/pkg-plist
Thanks!