Crypt-OpenSSL-RSA will not compile with OpenSSL 3.0.0 due to deprecated code
Closed this issue · 9 comments
In OpenSSL 3.0.0's CHANGES.md file, there is this entry:
Removed RSA padding mode for SSLv23 (which was only used for SSLv2). This includes the functionsRSA_padding_check_SSLv23() and RSA_padding_add_SSLv23() and the
-ssl
option in the deprecatedrsautl
command.
RSA.xs fails to compile due to the removal of the definition of RSA_SSLV23_PADDING as a part of this change.
There is a little more to do here:
RSA.xs: In function ‘_is_private’:
RSA.xs:56:5: warning: ‘RSA_get0_key’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
56 | RSA_get0_key(p_rsa->rsa, NULL, NULL, &d);
| ^~~~~~~~~~~~
In file included from /usr/include/openssl/x509.h:36,
from /usr/include/openssl/pem.h:23,
from RSA.xs:10:
/usr/include/openssl/rsa.h:217:28: note: declared here
217 | OSSL_DEPRECATEDIN_3_0 void RSA_get0_key(const RSA *r,
| ^~~~~~~~~~~~
RSA.xs: In function ‘get_message_digest’:
RSA.xs:122:13: warning: ‘MD5’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
122 | return MD5(text, text_length, NULL);
| ^~~~~~
In file included from RSA.xs:8:
/usr/include/openssl/md5.h:52:38: note: declared here
52 | OSSL_DEPRECATEDIN_3_0 unsigned char *MD5(const unsigned char *d, size_t n,
| ^~~
RSA.xs:142:13: warning: ‘RIPEMD160’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
142 | return RIPEMD160(text, text_length, NULL);
| ^~~~~~
In file included from RSA.xs:12:
/usr/include/openssl/ripemd.h:49:38: note: declared here
49 | OSSL_DEPRECATEDIN_3_0 unsigned char *RIPEMD160(const unsigned char *d, size_t n,
| ^~~~~~~~~
RSA.xs: In function ‘rsa_crypt’:
RSA.xs:209:5: warning: ‘RSA_size’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
209 | size = RSA_size(p_rsa->rsa);
| ^~~~
In file included from /usr/include/openssl/x509.h:36,
from /usr/include/openssl/pem.h:23,
from RSA.xs:10:
/usr/include/openssl/rsa.h:204:27: note: declared here
204 | OSSL_DEPRECATEDIN_3_0 int RSA_size(const RSA *rsa);
| ^~~~~~~~
RSA.xs: In function ‘XS_Crypt__OpenSSL__RSA_new_private_key’:
RSA.xs:238:9: warning: ‘PEM_read_bio_RSAPrivateKey’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
238 | proto, _load_rsa_key(key_string_SV, PEM_read_bio_RSAPrivateKey));
| ^~~~~
In file included from RSA.xs:10:
/usr/include/openssl/pem.h:447:1: note: declared here
447 | DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, RSAPrivateKey, RSA)
| ^~~~~~~~~~~~~~~~~~~~~~
RSA.xs: In function ‘XS_Crypt__OpenSSL__RSA__new_public_key_pkcs1’:
RSA.xs:248:9: warning: ‘PEM_read_bio_RSAPublicKey’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
248 | proto, _load_rsa_key(key_string_SV, PEM_read_bio_RSAPublicKey));
| ^~~~~
In file included from RSA.xs:10:
/usr/include/openssl/pem.h:448:1: note: declared here
448 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSAPublicKey, RSA)
| ^~~~~~~~~~~~~~~~~~~
RSA.xs: In function ‘XS_Crypt__OpenSSL__RSA__new_public_key_x509’:
RSA.xs:258:9: warning: ‘PEM_read_bio_RSA_PUBKEY’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
258 | proto, _load_rsa_key(key_string_SV, PEM_read_bio_RSA_PUBKEY));
| ^~~~~
In file included from RSA.xs:10:
/usr/include/openssl/pem.h:449:1: note: declared here
449 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSA_PUBKEY, RSA)
| ^~~~~~~~~~~~~~~~~~~
RSA.xs: In function ‘XS_Crypt__OpenSSL__RSA_DESTROY’:
RSA.xs:266:5: warning: ‘RSA_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
266 | RSA_free(p_rsa->rsa);
| ^~~~~~~~
Will take a look at the problem this week.
IMO this is close to a complete rewrite
view OpenSSL Migration Guide: https://www.openssl.org/docs/manmaster/man7/migration_guide.html
We would have to change the internal struct we use in the RSA.xs
then adjust every helper to support the new API to use the EVP_PKEY_* helpers
Gak. Is there a way to get cpanm to not use -Wdeprecated instead so it will build automatically again? I ended up working around it by downloading and building the module by hand.
I wonder if setting OPENSSL_API_COMPAT
to a lower version could temporary provide a workaround for it
before we are able to provide a complete support for 3.0
view https://www.openssl.org/docs/manmaster/man7/openssl_user_macros.html
=> just confirmed that this would not work and fix nothing, full support for 3.0 is the only way to go fwd there
0.33 has been released to CPAN. Despite its noisiness, it's now compiling on Alma Linux 9 which is OpenSSL 3.
and Ubuntu 22.
0.33 has been released to CPAN
0.32 is still latest offered @ CPAN, https://metacpan.org/dist/Crypt-OpenSSL-RSA
is a 0.33 release tag required, @ https://github.com/toddr/Crypt-OpenSSL-RSA/tags ?
or, could be just time is needed to propagate ...
DOH! failed to press the button. should be on metacpan in 5.