Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

version 8.7.0 and 8.7.1 don't compile against OpenSSL 1.1.0h on Linux #13449

Closed
audioMirror opened this issue Apr 23, 2024 · 3 comments
Closed

version 8.7.0 and 8.7.1 don't compile against OpenSSL 1.1.0h on Linux #13449

audioMirror opened this issue Apr 23, 2024 · 3 comments
Labels
build cryptography outdated

Comments

@audioMirror
Copy link

audioMirror commented Apr 23, 2024
edited

I did this

OpenSSL build was for:

Configuring for linux-x86_64
Configuring OpenSSL version 1.1.0h (0x1010008fL)

Compiled libcurl 8.7.1 against this OpenSSL 1.1.0h using:

CURRENT_ROOT=`pwd`
BUILD_ROOT=${CURRENT_ROOT}/target/resources/openssl/openssl-1.1.0h
BUILD_OUT=${CURRENT_ROOT}/target/build
./config --prefix=${BUILD_OUT} --openssldir=${BUILD_OUT}
make clean install

Result is

Making install in lib
make[1]: Entering directory `/home/hudson/hudson-slave/workspace/libcurl-linux/linuxbuild/curlLinux/target/resources/curl/curl-8.7.1/lib'
  CC       libcurl_la-altsvc.lo
  CC       libcurl_la-amigaos.lo
  CC       libcurl_la-asyn-ares.lo
  CC       libcurl_la-asyn-thread.lo
  CC       libcurl_la-base64.lo
  CC       libcurl_la-bufq.lo
  CC       libcurl_la-bufref.lo
  CC       libcurl_la-c-hyper.lo
  CC       libcurl_la-cf-h1-proxy.lo
  CC       libcurl_la-cf-h2-proxy.lo
  CC       libcurl_la-cf-haproxy.lo
  CC       libcurl_la-cf-https-connect.lo
  CC       libcurl_la-cf-socket.lo
  CC       libcurl_la-cfilters.lo
  CC       libcurl_la-conncache.lo
  CC       libcurl_la-connect.lo
  CC       libcurl_la-content_encoding.lo
  CC       libcurl_la-cookie.lo
  CC       libcurl_la-curl_addrinfo.lo
  CC       libcurl_la-curl_des.lo
  CC       libcurl_la-curl_endian.lo
  CC       libcurl_la-curl_fnmatch.lo
  CC       libcurl_la-curl_get_line.lo
  CC       libcurl_la-curl_gethostname.lo
  CC       libcurl_la-curl_gssapi.lo
  CC       libcurl_la-curl_memrchr.lo
  CC       libcurl_la-curl_multibyte.lo
  CC       libcurl_la-curl_ntlm_core.lo
  CC       libcurl_la-curl_ntlm_wb.lo
  CC       libcurl_la-curl_path.lo
  CC       libcurl_la-curl_range.lo
  CC       libcurl_la-curl_rtmp.lo
  CC       libcurl_la-curl_sasl.lo
  CC       libcurl_la-curl_sha512_256.lo
curl_sha512_256.c: In function 'Curl_sha512_256_init':
curl_sha512_256.c:104:3: error: implicit declaration of function 'EVP_sha512_256' [-Werror=implicit-function-declaration]
curl_sha512_256.c:104:3: warning: passing argument 2 of 'EVP_DigestInit_ex' makes pointer from integer without a cast [enabled by default]
/home/hudson/hudson-slave/workspace/libcurl-linux/linuxbuild/opensslLinux/target/build/include/openssl/evp.h:507:12: note: expected 'const struct EVP_MD *' but argument is of type 'int'
cc1: some warnings being treated as errors
make[1]: *** [libcurl_la-curl_sha512_256.lo] Error 1
make[1]: Leaving directory `/home/hudson/hudson-slave/workspace/libcurl-linux/linuxbuild/curlLinux/target/resources/curl/curl-8.7.1/lib'
make: *** [install-recursive] Error 1

I expected the following

A correct build

Analysis:

curl_sha512_256.c:104:3 accesses the method EVP_sha512_256 from

openssl/include/evp.h

At the top of curl_sha512_256.c, it does a version check:

#if defined(USE_OPENSSL)
#  include <openssl/opensslv.h>
#  if (!defined(LIBRESSL_VERSION_NUMBER) && \
        defined(OPENSSL_VERSION_NUMBER) && \
        (OPENSSL_VERSION_NUMBER >= 0x10100010L)) || \
      (defined(LIBRESSL_VERSION_NUMBER) && \
        (LIBRESSL_VERSION_NUMBER >= 0x3080000fL))
#    include <openssl/opensslconf.h>
#    if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
#      include <openssl/evp.h>
#      define USE_OPENSSL_SHA512_256          1
#      define HAS_SHA512_256_IMPLEMENTATION   1
#    endif
#  endif
#endif /* USE_OPENSSL */

The function EVP_sha512_256 was added to openssl/evp.h in OpenSSL Pull request 5903 on Jan 16, 2018 with commit title SHA512/224 and SHA512/256.

According to Git, this got into OpenSSL version 1.1.1 and later, but NOT in OpenSSL version 1.1.0h that I was using.

It appears that the version check is wrong. My OpenSSL 1.1.0h had OPENSSL_VERSION_NUMBER equal to 0x1010008fL

From what I can find, OpenSSL 1.1.1 and higher have version numbers equal-to or greater-than 0x10101000L .

So, it appears that the version check in this code is wrong, causing the build to fail.

This offending code in libcurl seems to be added in curl 8.7.0 .

curl/libcurl version

curl 8.7.1

operating system

Ubuntu 12.04.5 LTS (GNU/Linux 3.2.0-90-generic x86_64)
@vszakats
Copy link
Member

vszakats commented Apr 23, 2024
edited

Does this earlier patch fix it for you?:
c77bdf1 #13208

@audioMirror
Copy link
Author

I will try it. This patch is exactly what I was suggesting.

@bagder bagder added the build label Apr 24, 2024
@bagder
Copy link
Member

bagder commented Apr 26, 2024

Already fixed in master.

@bagder bagder closed this as completed Apr 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
build cryptography outdated
Milestone
No milestone
Development

No branches or pull requests
3 participants
@audioMirror @bagder @vszakats