> On 07/06/2022 20:27 Sloane Bernstein wrote:
>
>
> Hello,
>
> I am getting our Dovecot packages preliminarily ready to support Linux
> distributions which rely on OpenSSL 3. I notice that even the main dev branch
> will build, but the test suite fails (among other places) at
> test_password_change in src/lib-dcrypt/test-crypto.c:
>
> --
>
> [root@al9 lib-dcrypt]# ./test-crypto
> test_cipher_test_vectors . : ok
> test_cipher_aead_test_vectors : ok
> test_hmac_test_vectors ... : ok
> test_load_v1_keys : ok
> test_load_v1_key . : ok
> test_load_v1_public_key .. : ok
> test_load_v2_key . : ok
> test_load_v2_public_key .. : ok
> test_get_info_v2_key . : ok
> test_gen_and_get_info_rsa_pem : ok
> test_get_info_rsa_private_key : ok
> test_get_info_invalid_keys ... : ok
> test_get_info_key_encrypted .. : ok
> test_get_info_pw_encrypted ... : ok
> test-crypto.c:827: Assert failed: ret == TRUE
> Panic: file dcrypt-openssl.c: line 2636
> (dcrypt_openssl_private_to_public_key): assertion failed: (priv_key != NULL
> && pub_key_r != NULL)
> Error: Raw backtrace: ./test-crypto(backtrace_append+0x42) [0x445332] ->
> ./test-crypto(backtrace_get+0x1e) [0x44544e] -> ./test-crypto() [0x42414b] ->
> ./test-crypto() [0x424181] -> ./test-crypto() [0x412b69] ->
> .libs/libdcrypt_openssl.so(+0x5f25) [0x7fb61954df25] -> ./test-crypto()
> [0x41cd9a] -> ./test-crypto() [0x4200af] -> ./test-crypto(test_run+0x4c)
> [0x420c5c] -> ./test-crypto(main+0x4b) [0x41717b] ->
> /lib64/libc.so.6(+0x44e50) [0x7fb6195a3e50] ->
> /lib64/libc.so.6(__libc_start_main+0x7c) [0x7fb6195a3efc] ->
> ./test-crypto(_start+0x25) [0x417295]
> Aborted (core dumped)
>
> --
>
> Looking at how various distros handle this test failure when building
> packages, they all seem to apply the same patch developed by Red Hat to get
> this test to pass, attached to
> https://bugzilla.redhat.com/show_bug.cgi?id=1962035:
>
> --
>
> diff -up dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3
> dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c
> --- dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 2021-06-03
> 18:56:52.573174433 +0200
> +++ dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c 2021-06-03
> 18:56:52.585174274 +0200
> @@ -73,10 +73,30 @@
> 2key algo oid1symmetric algo namesalthash
> algoroundsE(RSA = i2d_PrivateKey, EC=Private Point)key id
> **/
>
> +#if OPENSSL_VERSION_MAJOR == 3
> +static EC_KEY *EVP_PKEY_get0_EC_KEYv3(EVP_PKEY *key)
> +{
> + EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);
> + EVP_PKEY_set1_EC_KEY(key, eck);
> + EC_KEY_free(eck);
> + return eck;
> +}
> +
> +static EC_KEY *EVP_PKEY_get1_EC_KEYv3(EVP_PKEY *key)
> +{
> + EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);
> + EVP_PKEY_set1_EC_KEY(key, eck);
> + return eck;
> +}
> +
> +#define EVP_PKEY_get0_EC_KEY EVP_PKEY_get0_EC_KEYv3
> +#define EVP_PKEY_get1_EC_KEY EVP_PKEY_get1_EC_KEYv3
> +#else
> #ifndef HAVE_EVP_PKEY_get0
> #define EVP_PKEY_get0_EC_KEY(x) x->pkey.ec
> #define EVP_PKEY_get0_RSA(x) x->pkey.rsa
> #endif
> +#endif
>
> #ifndef HAVE_OBJ_LENGTH
> #define OBJ_length(o) ((o)->length)
>
> --
>
> I presume that either this patch or an equivalent is planned for eventual
> inclusion into upstream?
>
> --
> Sloane Bernstein
> Developer I
> cPanel, L.L.C.
Hi!
We'll look into this. Thanks.
Aki
