Created attachment 105525 [details] build failure Latest qca (both 2.1.3 and git head) fails to build with openssl 1.1. I'll attach the build failure output.
That's ok, Qt5 itself doesn't support openssl 1.1 yet either, which is an important prerequisite.
There's widely available (and used) patches for Qt OpenSSL 1.1 support these days -- using QCA linked against OpenSSL 1.0.x and Qt linked against OpenSSL 1.1 in the same application is asking for trouble. Would be nice if the QCA/OpenSSL 1.1 combo could be fixed soon.
Qt 5.10 beta is out now, which includes support for compiling against OpenSSL 1.1.
marking confirmed
Created attachment 109420 [details] Patch for OpenSSL 1.1.0 support If OpenSSL is built with namespacing enabled, it's not an issue to use Qt4/Qt5 with OpenSSL 1.1.0 in a program together. However, as OpenSSL < 1.1.0 will be EOL soon, I made a patch that adds support for both. Except for the rsa_sign method which I do not understand the purpose of, it should be complete. All unit tests pass with OpenSSL 1.1.0g and 1.0.2j. What's the right place to upload this patch for review?
Doesn't build for me: /build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:1716:23: error: invalid use of incomplete type ‘DSA {aka struct dsa_st}’ params->p = bn2bi(dsa->p); ^~ In file included from /usr/include/openssl/evp.h:14:0, from /build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:29: /usr/include/openssl/ossl_typ.h:107:16: note: forward declaration of ‘DSA {aka struct dsa_st}’ typedef struct dsa_st DSA; ^~~~~~ /build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:1716:25: error: invalid use of incomplete type ‘DSA {aka struct dsa_st}’ params->p = bn2bi(dsa->p); ^ In file included from /usr/include/openssl/evp.h:14:0, from /build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:29: /usr/include/openssl/ossl_typ.h:107:16: note: forward declaration of ‘DSA {aka struct dsa_st}’ typedef struct dsa_st DSA; ^~~~~~ /build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:1717:23: error: invalid use of incomplete type ‘DSA {aka struct dsa_st}’ params->q = bn2bi(dsa->q); ^~
Created attachment 109427 [details] Patch for OpenSSL 1.1.0 support (v2) (In reply to Antonio Rojas from comment #6) > Doesn't build for me: > > /build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:1716:23: error: > invalid use of incomplete type ‘DSA {aka struct dsa_st}’ > params->p = bn2bi(dsa->p); > ^~ I see, openSUSE's OpenSSL is built with FIPS enabled so it did not try to compile all functions. Patch updated, builds without OPENSSL_FIPS define as well.
Different error now: In file included from /build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:38:0: /build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp: In static member function ‘static int opensslQCAPlugin::QCA_RSA_METHOD::rsa_priv_dec(int, const unsigned char*, unsigned char*, RSA*, int)’: /build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:2860:11: error: ‘RSA_F_RSA_PRIVATE_DECRYPT’ was not declared in this scope RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); ^ /build/qca-qt5-git/src/qca/plugins/qca-ossl/qca-ossl.cpp:2860:11: note: suggested alternative: ‘RSA_F_RSA_OSSL_PRIVATE_DECRYPT’ /
Created attachment 109428 [details] Patch for OpenSSL 1.1.0 support (v3) The error values are apparently generated automatically during OpenSSL build, the V3 patch should fix that as well. I tested kdeconnect and okteta's hash functions with this, works.
Created attachment 109430 [details] Patch for 2.1.3 Thanks for the patch. Here is a version that applies on top of 2.1.3 for distros to test.
Created attachment 109456 [details] Patch for OpenSSL 1.1.0 support (v4) To easily fit QCA's license, I exchanged the libcrypto-compat files with a compatibility header written by Gabriel Souza Franco and adjusted the code to use that instead. No changes otherwise. I also uploaded it to phab: https://phabricator.kde.org/D9416
openssl-1.1 landed recently in master/ branch, https://cgit.kde.org/qca.git/commit/?id=d58e20ee652038dc4ec4fe4765dc3639ed735526 closing
Building qca with kdesrc-build still fails on Arch Qt 5.10.1. Should I re-open?
(In reply to Ongun Kanat from comment #13) > Building qca with kdesrc-build still fails on Arch Qt 5.10.1. Should I > re-open? Please open a new report for that.