Bug 379810

Summary: qca compilation fails with openssl 1.1
Product: [Frameworks and Libraries] qca Reporter: hanno
Component: generalAssignee: Ivan Romanov <drizt72>
Status: RESOLVED FIXED    
Severity: normal CC: bero, bradh, eric.parker, fabian, justin, michael, ongun.kanat, rdieter, sh
Priority: NOR    
Version: Git   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: build failure
Patch for OpenSSL 1.1.0 support
Patch for OpenSSL 1.1.0 support (v2)
Patch for OpenSSL 1.1.0 support (v3)
Patch for 2.1.3
Patch for OpenSSL 1.1.0 support (v4)

Description hanno 2017-05-14 13:01:28 UTC
Created attachment 105525 [details]
build failure

Latest qca (both 2.1.3 and git head) fails to build with openssl 1.1. I'll attach the build failure output.
Comment 1 Rex Dieter 2017-05-14 17:44:38 UTC
That's ok, Qt5 itself doesn't support openssl 1.1 yet either, which is an important prerequisite.
Comment 2 Bernhard Rosenkränzer 2017-07-09 07:58:01 UTC
There's widely available (and used) patches for Qt OpenSSL 1.1 support these days -- using QCA linked against OpenSSL 1.0.x and Qt linked against OpenSSL 1.1 in the same application is asking for trouble.

Would be nice if the QCA/OpenSSL 1.1 combo could be fixed soon.
Comment 3 Michael Marley 2017-10-09 13:45:17 UTC
Qt 5.10 beta is out now, which includes support for compiling against OpenSSL 1.1.
Comment 4 Rex Dieter 2017-10-09 14:00:05 UTC
marking confirmed
Comment 5 Fabian Vogt 2017-12-16 23:07:26 UTC
Created attachment 109420 [details]
Patch for OpenSSL 1.1.0 support

If OpenSSL is built with namespacing enabled, it's not an issue to use Qt4/Qt5 with OpenSSL 1.1.0 in a program together.
However, as OpenSSL < 1.1.0 will be EOL soon, I made a patch that adds support for both. Except for the rsa_sign method which I do not understand the purpose of, it should be complete.
All unit tests pass with OpenSSL 1.1.0g and 1.0.2j.

What's the right place to upload this patch for review?
Comment 6 Antonio Rojas 2017-12-17 10:55:46 UTC
Doesn't build for me:

/build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:1716:23: error: invalid use of incomplete type ‘DSA {aka struct dsa_st}’
  params->p = bn2bi(dsa->p);
                       ^~
In file included from /usr/include/openssl/evp.h:14:0,
                 from /build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:29:
/usr/include/openssl/ossl_typ.h:107:16: note: forward declaration of ‘DSA {aka struct dsa_st}’
 typedef struct dsa_st DSA;
                ^~~~~~
/build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:1716:25: error: invalid use of incomplete type ‘DSA {aka struct dsa_st}’
  params->p = bn2bi(dsa->p);
                         ^
In file included from /usr/include/openssl/evp.h:14:0,
                 from /build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:29:
/usr/include/openssl/ossl_typ.h:107:16: note: forward declaration of ‘DSA {aka struct dsa_st}’
 typedef struct dsa_st DSA;
                ^~~~~~
/build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:1717:23: error: invalid use of incomplete type ‘DSA {aka struct dsa_st}’
  params->q = bn2bi(dsa->q);
                       ^~
Comment 7 Fabian Vogt 2017-12-17 11:04:23 UTC
Created attachment 109427 [details]
Patch for OpenSSL 1.1.0 support (v2)

(In reply to Antonio Rojas from comment #6)
> Doesn't build for me:
> 
> /build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:1716:23: error:
> invalid use of incomplete type ‘DSA {aka struct dsa_st}’
>   params->p = bn2bi(dsa->p);
>                        ^~

I see, openSUSE's OpenSSL is built with FIPS enabled so it did not try to compile all functions.

Patch updated, builds without OPENSSL_FIPS define as well.
Comment 8 Antonio Rojas 2017-12-17 11:14:13 UTC
Different error now:

In file included from /build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:38:0:
/build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp: In static member function ‘static int opensslQCAPlugin::QCA_RSA_METHOD::rsa_priv_dec(int, const unsigned char*, unsigned char*, RSA*, int)’:
/build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:2860:11: error: ‘RSA_F_RSA_PRIVATE_DECRYPT’ was not declared in this scope
    RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
           ^
/build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:2860:11: note: suggested alternative: ‘RSA_F_RSA_OSSL_PRIVATE_DECRYPT’
/
Comment 9 Fabian Vogt 2017-12-17 12:07:12 UTC
Created attachment 109428 [details]
Patch for OpenSSL 1.1.0 support (v3)

The error values are apparently generated automatically during OpenSSL build, the V3 patch should fix that as well.

I tested kdeconnect and okteta's hash functions with this, works.
Comment 10 Antonio Rojas 2017-12-17 12:43:05 UTC
Created attachment 109430 [details]
Patch for 2.1.3

Thanks for the patch. Here is a version that applies on top of 2.1.3 for distros to test.
Comment 11 Fabian Vogt 2017-12-19 22:05:00 UTC
Created attachment 109456 [details]
Patch for OpenSSL 1.1.0 support (v4)

To easily fit QCA's license, I exchanged the libcrypto-compat files with a compatibility header written by Gabriel Souza Franco and adjusted the code to use that instead.
No changes otherwise.

I also uploaded it to phab: https://phabricator.kde.org/D9416
Comment 12 Rex Dieter 2018-01-05 16:25:52 UTC
openssl-1.1 landed recently in master/ branch, 
https://cgit.kde.org/qca.git/commit/?id=d58e20ee652038dc4ec4fe4765dc3639ed735526

closing
Comment 13 Ongun Kanat 2018-03-04 21:29:46 UTC
Building qca with kdesrc-build still fails on Arch Qt 5.10.1. Should I re-open?
Comment 14 Fabian Vogt 2018-03-04 21:35:26 UTC
(In reply to Ongun Kanat from comment #13)
> Building qca with kdesrc-build still fails on Arch Qt 5.10.1. Should I
> re-open?

Please open a new report for that.