Crypt-OpenSSL-RSA will not compile with OpenSSL 3.0.0 due to deprecated code

Question

Crypt-OpenSSL-RSA will not compile with OpenSSL 3.0.0 due to deprecated code

Closed this issue 2 years ago · 9 comments

In OpenSSL 3.0.0's CHANGES.md file, there is this entry:

Removed RSA padding mode for SSLv23 (which was only used for SSLv2). This includes the functionsRSA_padding_check_SSLv23() and RSA_padding_add_SSLv23() and the -ssl option in the deprecated rsautl command.

RSA.xs fails to compile due to the removal of the definition of RSA_SSLV23_PADDING as a part of this change.

Answer 1 · 2022-05-13T00:05:56.000Z

There is a little more to do here:

RSA.xs: In function ‘_is_private’:
RSA.xs:56:5: warning: ‘RSA_get0_key’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   56 |     RSA_get0_key(p_rsa->rsa, NULL, NULL, &d);
      |     ^~~~~~~~~~~~
In file included from /usr/include/openssl/x509.h:36,
                 from /usr/include/openssl/pem.h:23,
                 from RSA.xs:10:
/usr/include/openssl/rsa.h:217:28: note: declared here
  217 | OSSL_DEPRECATEDIN_3_0 void RSA_get0_key(const RSA *r,
      |                            ^~~~~~~~~~~~
RSA.xs: In function ‘get_message_digest’:
RSA.xs:122:13: warning: ‘MD5’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  122 |             return MD5(text, text_length, NULL);
      |             ^~~~~~
In file included from RSA.xs:8:
/usr/include/openssl/md5.h:52:38: note: declared here
   52 | OSSL_DEPRECATEDIN_3_0 unsigned char *MD5(const unsigned char *d, size_t n,
      |                                      ^~~
RSA.xs:142:13: warning: ‘RIPEMD160’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  142 |             return RIPEMD160(text, text_length, NULL);
      |             ^~~~~~
In file included from RSA.xs:12:
/usr/include/openssl/ripemd.h:49:38: note: declared here
   49 | OSSL_DEPRECATEDIN_3_0 unsigned char *RIPEMD160(const unsigned char *d, size_t n,
      |                                      ^~~~~~~~~
RSA.xs: In function ‘rsa_crypt’:
RSA.xs:209:5: warning: ‘RSA_size’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  209 |     size = RSA_size(p_rsa->rsa);
      |     ^~~~
In file included from /usr/include/openssl/x509.h:36,
                 from /usr/include/openssl/pem.h:23,
                 from RSA.xs:10:
/usr/include/openssl/rsa.h:204:27: note: declared here
  204 | OSSL_DEPRECATEDIN_3_0 int RSA_size(const RSA *rsa);
      |                           ^~~~~~~~
RSA.xs: In function ‘XS_Crypt__OpenSSL__RSA_new_private_key’:
RSA.xs:238:9: warning: ‘PEM_read_bio_RSAPrivateKey’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  238 |         proto, _load_rsa_key(key_string_SV, PEM_read_bio_RSAPrivateKey));
      |         ^~~~~
In file included from RSA.xs:10:
/usr/include/openssl/pem.h:447:1: note: declared here
  447 | DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, RSAPrivateKey, RSA)
      | ^~~~~~~~~~~~~~~~~~~~~~
RSA.xs: In function ‘XS_Crypt__OpenSSL__RSA__new_public_key_pkcs1’:
RSA.xs:248:9: warning: ‘PEM_read_bio_RSAPublicKey’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  248 |         proto, _load_rsa_key(key_string_SV, PEM_read_bio_RSAPublicKey));
      |         ^~~~~
In file included from RSA.xs:10:
/usr/include/openssl/pem.h:448:1: note: declared here
  448 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSAPublicKey, RSA)
      | ^~~~~~~~~~~~~~~~~~~
RSA.xs: In function ‘XS_Crypt__OpenSSL__RSA__new_public_key_x509’:
RSA.xs:258:9: warning: ‘PEM_read_bio_RSA_PUBKEY’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  258 |         proto, _load_rsa_key(key_string_SV, PEM_read_bio_RSA_PUBKEY));
      |         ^~~~~
In file included from RSA.xs:10:
/usr/include/openssl/pem.h:449:1: note: declared here
  449 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSA_PUBKEY, RSA)
      | ^~~~~~~~~~~~~~~~~~~
RSA.xs: In function ‘XS_Crypt__OpenSSL__RSA_DESTROY’:
RSA.xs:266:5: warning: ‘RSA_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  266 |     RSA_free(p_rsa->rsa);
      |     ^~~~~~~~

Answer 2 · 2022-05-20T15:06:56.000Z

Will take a look at the problem this week.

Answer 3 · 2022-05-23T17:31:21.000Z

IMO this is close to a complete rewrite
view OpenSSL Migration Guide: https://www.openssl.org/docs/manmaster/man7/migration_guide.html

We would have to change the internal struct we use in the RSA.xs
then adjust every helper to support the new API to use the EVP_PKEY_* helpers

Answer 4 · 2022-05-23T17:44:09.000Z

Gak. Is there a way to get cpanm to not use -Wdeprecated instead so it will build automatically again? I ended up working around it by downloading and building the module by hand.

Answer 5 · 2022-05-23T17:47:40.000Z

I wonder if setting OPENSSL_API_COMPAT to a lower version could temporary provide a workaround for it
before we are able to provide a complete support for 3.0
view https://www.openssl.org/docs/manmaster/man7/openssl_user_macros.html

=> just confirmed that this would not work and fix nothing, full support for 3.0 is the only way to go fwd there

Answer 6 · 2022-07-08T00:58:03.000Z

0.33 has been released to CPAN. Despite its noisiness, it's now compiling on Alma Linux 9 which is OpenSSL 3.

Answer 7 · 2022-07-08T00:58:26.000Z

and Ubuntu 22.

Answer 8 · 2022-07-08T10:52:40.000Z

@toddr

0.33 has been released to CPAN

0.32 is still latest offered @ CPAN, https://metacpan.org/dist/Crypt-OpenSSL-RSA

is a 0.33 release tag required, @ https://github.com/toddr/Crypt-OpenSSL-RSA/tags ?
or, could be just time is needed to propagate ...

Answer 9 · 2022-07-08T11:26:13.000Z

DOH! failed to press the button. should be on metacpan in 5.