[17035] in Kerberos-V5-bugs
Re: [krbdev.mit.edu #9180] pkinit preauth plugin create_signature
daemon@ATHENA.MIT.EDU (David Morash via RT)
Sun Jul 27 08:39:40 2025
From: "David Morash via RT" <rt@krbdev.mit.edu>
In-Reply-To: <64ce4ff8-b508-4fc7-b5f9-23be24895c34@runbox.com>
Message-ID: <rt-4.4.3-2-468737-1753619972-1289.9180-5-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9180":;
Date: Sun, 27 Jul 2025 08:39:32 -0400
MIME-Version: 1.0
Reply-To: rt@krbdev.mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: krb5-bugs-bounces@mit.edu
Content-Transfer-Encoding: 8bit
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9180 >
This build failure was totally our fault; we were patching our openssl
to override the renaming defines and provide implementations of the old
methods. The patch didn't properly apply on openssl 3.2.5 hence the
build problems.
So the krb5 code was fine, we just shot ourselves in the foot.
On 2025-07-17 6:08 p.m., David Morash wrote:
> Hmmm... must be something in how we are building. I'll dig into it
> and see if I can spot why. We also had to rename a couple of
> EVP_PKEY_size() calls in our own code.
>
> On 2025-07-17 3:23 p.m., Greg Hudson via RT wrote:
>> There is indeed a missed rename there, and another one in encode_spki()
>> for EVP_PKEY_base_id() -> EVP_PKEY_get_base_id(). However, as far as
>> I can
>> tell OpenSSL 3.x never removed its compatibility macros for
>> EVP_PKEY_size()
>> and EVP_PKEY_base_id(). In 3.2.5's <openssl/evp.h> I see:
>>
>> # define EVP_PKEY_size EVP_PKEY_get_size
>>
>> at line 1323. So I don't understand why there was a build failure.
>>
>
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
