Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support OpenSSL >= 3.0 #35

Open
rarbab opened this issue May 25, 2022 · 1 comment
Open

Support OpenSSL >= 3.0 #35

rarbab opened this issue May 25, 2022 · 1 comment

Comments

@rarbab
Copy link
Member

rarbab commented May 25, 2022
edited
Loading

OpenSSL 3.0 is starting to make its way into distros. On newer ones like Fedora 36 or Ubuntu 22.04, building sb-signing-utils will result in these warnings:

create-container.c:87:17: warning: ‘EVP_PKEY_get1_EC_KEY’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
create-container.c:91:17: warning: ‘EC_KEY_get0_group’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
create-container.c:95:17: warning: ‘EC_KEY_get0_public_key’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
create-container.c:99:17: warning: ‘EC_POINT_point2bn’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
create-container.c:104:17: warning: ‘EC_KEY_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
print-container.c:417:9: warning: ‘EC_KEY_new’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
print-container.c:425:9: warning: ‘EC_KEY_set_group’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
print-container.c:437:9: warning: ‘EC_POINT_bn2point’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
print-container.c:441:9: warning: ‘EC_KEY_set_public_key’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
print-container.c:446:9: warning: ‘ECDSA_do_verify’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
print-container.c:459:9: warning: ‘EC_KEY_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
hashkeys.c:81:17: warning: ‘EVP_PKEY_get1_EC_KEY’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
hashkeys.c:85:17: warning: ‘EC_KEY_get0_group’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
hashkeys.c:89:17: warning: ‘EC_KEY_get0_public_key’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
hashkeys.c:93:17: warning: ‘EC_POINT_point2bn’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
hashkeys.c:98:17: warning: ‘EC_KEY_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]

These are warnings, so they don't break the build. But, it's become an issue in skiboot, a downstream user of create-container.c and print-container.c, where they are built with -Werror.
@rarbab
Copy link
Member Author

rarbab commented May 25, 2022

I've submitted a patch to work around this in skiboot, but in the long term, support for newer OpenSSL is going to be needed.

rarbab added a commit to open-power/skiboot that referenced this issue Jun 13, 2022
@rarbab
libstb: Work around deprecated API warnings on OpenSSL 3.0 systems
69c8b0e 
Several OpenSSL APIs that libstb uses have been deprecated in OpenSSL
3.0. Commit 9a1f95f ("libstb/create-container: avoid using
deprecated APIs when compiling with OpenSSL 3.0") enabled `make` to
succeed on an OpenSSL 3.0 system, but `make check` still fails:

  libstb/print-container.c:405:9: error: 'EC_KEY_new' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  libstb/print-container.c:413:9: error: 'EC_KEY_set_group' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  libstb/print-container.c:425:9: error: 'EC_POINT_bn2point' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  libstb/print-container.c:429:9: error: 'EC_KEY_set_public_key' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  libstb/print-container.c:434:9: error: 'ECDSA_do_verify' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  libstb/print-container.c:449:9: error: 'EC_KEY_free' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]

This print-container.c is derived from the one in the sb-signing-utils
project. Ideally, OpenSSL 3.0 support should be added there first and
then synced back into skiboot. Until that is complete[1], build with
-Wno-error=deprecated-declarations so these errors stop blocking our CI.

[1] open-power/sb-signing-utils#35

Signed-off-by: Reza Arbab <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rarbab