> On 07/06/2022 20:27 Sloane Bernstein <sloane.bernst...@webpros.com> wrote: > > > Hello, > > I am getting our Dovecot packages preliminarily ready to support Linux > distributions which rely on OpenSSL 3. I notice that even the main dev branch > will build, but the test suite fails (among other places) at > test_password_change in src/lib-dcrypt/test-crypto.c: > > -- > > [root@al9 lib-dcrypt]# ./test-crypto > test_cipher_test_vectors ............................................. : ok > test_cipher_aead_test_vectors ........................................ : ok > test_hmac_test_vectors ............................................... : ok > test_load_v1_keys .................................................... : ok > test_load_v1_key ..................................................... : ok > test_load_v1_public_key .............................................. : ok > test_load_v2_key ..................................................... : ok > test_load_v2_public_key .............................................. : ok > test_get_info_v2_key ................................................. : ok > test_gen_and_get_info_rsa_pem ........................................ : ok > test_get_info_rsa_private_key ........................................ : ok > test_get_info_invalid_keys ........................................... : ok > test_get_info_key_encrypted .......................................... : ok > test_get_info_pw_encrypted ........................................... : ok > test-crypto.c:827: Assert failed: ret == TRUE > Panic: file dcrypt-openssl.c: line 2636 > (dcrypt_openssl_private_to_public_key): assertion failed: (priv_key != NULL > && pub_key_r != NULL) > Error: Raw backtrace: ./test-crypto(backtrace_append+0x42) [0x445332] -> > ./test-crypto(backtrace_get+0x1e) [0x44544e] -> ./test-crypto() [0x42414b] -> > ./test-crypto() [0x424181] -> ./test-crypto() [0x412b69] -> > .libs/libdcrypt_openssl.so(+0x5f25) [0x7fb61954df25] -> ./test-crypto() > [0x41cd9a] -> ./test-crypto() [0x4200af] -> ./test-crypto(test_run+0x4c) > [0x420c5c] -> ./test-crypto(main+0x4b) [0x41717b] -> > /lib64/libc.so.6(+0x44e50) [0x7fb6195a3e50] -> > /lib64/libc.so.6(__libc_start_main+0x7c) [0x7fb6195a3efc] -> > ./test-crypto(_start+0x25) [0x417295] > Aborted (core dumped) > > -- > > Looking at how various distros handle this test failure when building > packages, they all seem to apply the same patch developed by Red Hat to get > this test to pass, attached to > https://bugzilla.redhat.com/show_bug.cgi?id=1962035: > > -- > > diff -up dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 > dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c > --- dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 2021-06-03 > 18:56:52.573174433 +0200 > +++ dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c 2021-06-03 > 18:56:52.585174274 +0200 > @@ -73,10 +73,30 @@ > 2<tab>key algo oid<tab>1<tab>symmetric algo name<tab>salt<tab>hash > algo<tab>rounds<tab>E(RSA = i2d_PrivateKey, EC=Private Point)<tab>key id > **/ > > +#if OPENSSL_VERSION_MAJOR == 3 > +static EC_KEY *EVP_PKEY_get0_EC_KEYv3(EVP_PKEY *key) > +{ > + EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key); > + EVP_PKEY_set1_EC_KEY(key, eck); > + EC_KEY_free(eck); > + return eck; > +} > + > +static EC_KEY *EVP_PKEY_get1_EC_KEYv3(EVP_PKEY *key) > +{ > + EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key); > + EVP_PKEY_set1_EC_KEY(key, eck); > + return eck; > +} > + > +#define EVP_PKEY_get0_EC_KEY EVP_PKEY_get0_EC_KEYv3 > +#define EVP_PKEY_get1_EC_KEY EVP_PKEY_get1_EC_KEYv3 > +#else > #ifndef HAVE_EVP_PKEY_get0 > #define EVP_PKEY_get0_EC_KEY(x) x->pkey.ec > #define EVP_PKEY_get0_RSA(x) x->pkey.rsa > #endif > +#endif > > #ifndef HAVE_OBJ_LENGTH > #define OBJ_length(o) ((o)->length) > > -- > > I presume that either this patch or an equivalent is planned for eventual > inclusion into upstream? > > -- > Sloane Bernstein > Developer I > cPanel, L.L.C.
Hi! We'll look into this. Thanks. Aki