On 7 Jul 2023, at 19:52, Kristof Provost wrote: >> On 7 Jul 2023, at 18:35, Mark Johnston <ma...@freebsd.org> wrote: >> >> On Wed, Jul 05, 2023 at 11:56:42PM +0200, Kristof Provost wrote: >>>> On 24 Jun 2023, at 1:19, Ed Maste wrote: >>>> The branch main has been updated by emaste: >>>> >>>> URL: >>>> https://cgit.FreeBSD.org/src/commit/?id=b077aed33b7b6aefca7b17ddb250cf521f938613 >>>> >>>> commit b077aed33b7b6aefca7b17ddb250cf521f938613 >>>> Merge: b08ee10c0646 b84c4564effd >>>> Author: Pierre Pronchery <pie...@freebsdfoundation.org> >>>> AuthorDate: 2023-06-23 22:53:35 +0000 >>>> Commit: Ed Maste <ema...@freebsd.org> >>>> CommitDate: 2023-06-23 22:53:36 +0000 >>>> >>>> Merge OpenSSL 3.0.9 >>>> >>> >>> It looks like we missed adding a file. >>> Security/opensc doesn’t build any more: >>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270076 >>> >>> It fails to find d2i_KeyParams when linking. The opensc code does this: >>> >>> #if OPENSSL_VERSION_NUMBER < 0x30000000L >>> if (!d2i_ECParameters(&ec, &a, >>> (long)len)) >>> util_fatal("cannot parse >>> EC_PARAMS"); >>> EVP_PKEY_assign_EC_KEY(pkey, ec); >>> #else >>> if (!d2i_KeyParams(EVP_PKEY_EC, &pkey, >>> &a, >>> len)) >>> util_fatal("cannot parse >>> EC_PARAMS"); >>> #endif >>> >>> d2i_KeyParams() appears to be new on openssl 3. It’s defined in d2i_param.c, >>> which we don’t build. I’ve tested with this patch, and that appears to fix >>> things: >> >> Hi Kristof, >> >> Would you mind posting the patch on phabricator? I can take a closer >> look in the next day, and Pierre might be available to look as well. > > Sure, but I might not be able to do that until Sunday afternoon. > https://reviews.freebsd.org/D40914
>>> Based on your analysis I think this should go into the OPENSSL_3_0_9 >> namespace? >> > I have no idea. I’ll try to dig a bit, but we’re pretty far outside my > comfort zone here. > Ah, I see what you meant. That should be fixed in the version in the review. Best regards, Kristof
