You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apr.apache.org by Rainer Jung <ra...@kippdata.de> on 2019/08/06 22:55:42 UTC
Re: svn commit: r1836445 [1/3] - in /apr/apr-util/branches/1.7.x: ./
crypto/ include/ include/private/ test/
Solaris(10) provides NSS support but it is somewhat outdated. Especially
it does not know about SEC_OID_SHA224, so compilation (linking) fails.
So currently APR trunk and APR-UTIL 1.7.x no longer compile on Solaris
(1.7.x has more problems outside of crypto).
We might need to detect SEC_OID_SHA224 during configure and find a way
to cope with its nonexistence in the code.
I tried compilation with the dirty workaroung:
--- crypto/apr_crypto_nss.c 2019-08-04 12:00:19.841885000 +0000
+++ crypto/apr_crypto_nss.c 2019-08-07 00:28:16.516409000 +0000
@@ -736,7 +736,8 @@
key->hashAlg = SEC_OID_SHA1;
break;
case APR_CRYPTO_DIGEST_SHA224:
- key->hashAlg = SEC_OID_SHA224;
+ return APR_ENODIGEST;
+ //key->hashAlg = SEC_OID_SHA224;
break;
case APR_CRYPTO_DIGEST_SHA256:
key->hashAlg = SEC_OID_SHA256;
and that compiles on Solaris 10 Sparc. And "make check" is fine, except
of course in testcrypto the specific tests for DIGEST SHA224 nss.
Regards,
Rainer
Re: svn commit: r1836445 [1/3] - in /apr/apr-util/branches/1.7.x: ./
crypto/ include/ include/private/ test/
Posted by Rainer Jung <ra...@kippdata.de>.
Coming back to this 6 months later: the situation is still the same.
Futhermore the same commit broke compat with OpenSSL 0.9.8 without
documenting the increased version requirements.
It would be good to fix this.
Regards,
Rainer
Am 07.08.2019 um 00:55 schrieb Rainer Jung:
> Solaris(10) provides NSS support but it is somewhat outdated. Especially
> it does not know about SEC_OID_SHA224, so compilation (linking) fails.
>
> So currently APR trunk and APR-UTIL 1.7.x no longer compile on Solaris
> (1.7.x has more problems outside of crypto).
>
> We might need to detect SEC_OID_SHA224 during configure and find a way
> to cope with its nonexistence in the code.
>
> I tried compilation with the dirty workaroung:
>
> --- crypto/apr_crypto_nss.c 2019-08-04 12:00:19.841885000 +0000
> +++ crypto/apr_crypto_nss.c 2019-08-07 00:28:16.516409000 +0000
> @@ -736,7 +736,8 @@
> key->hashAlg = SEC_OID_SHA1;
> break;
> case APR_CRYPTO_DIGEST_SHA224:
> - key->hashAlg = SEC_OID_SHA224;
> + return APR_ENODIGEST;
> + //key->hashAlg = SEC_OID_SHA224;
> break;
> case APR_CRYPTO_DIGEST_SHA256:
> key->hashAlg = SEC_OID_SHA256;
>
> and that compiles on Solaris 10 Sparc. And "make check" is fine, except
> of course in testcrypto the specific tests for DIGEST SHA224 nss.
>
> Regards,
>
> Rainer
Re: svn commit: r1836445 [1/3] - in /apr/apr-util/branches/1.7.x: ./
crypto/ include/ include/private/ test/
Posted by Graham Leggett <mi...@sharp.fm>.
On 07 Aug 2019, at 00:55, Rainer Jung <ra...@kippdata.de> wrote:
> Solaris(10) provides NSS support but it is somewhat outdated. Especially it does not know about SEC_OID_SHA224, so compilation (linking) fails.
>
> So currently APR trunk and APR-UTIL 1.7.x no longer compile on Solaris (1.7.x has more problems outside of crypto).
>
> We might need to detect SEC_OID_SHA224 during configure and find a way to cope with its nonexistence in the code.
Something like this?
Index: build/crypto.m4
===================================================================
--- build/crypto.m4 (revision 1872051)
+++ build/crypto.m4 (working copy)
@@ -185,6 +185,7 @@
AC_CHECK_HEADERS(prerror.h, [nss_have_prerrorh=1])
AC_CHECK_HEADERS(nss/nss.h nss.h, [nss_have_nssh=1])
AC_CHECK_HEADERS(nss/pk11pub.h pk11pub.h, [nss_have_pk11pubh=1])
+ AC_CHECK_HEADERS(nss/secoidt.h secoidt.h)
nss_have_headers=${nss_have_prerrorh}${nss_have_nssh}${nss_have_pk11pubh}
AC_CHECK_LIB(nspr4, PR_Initialize, AC_CHECK_LIB(nss3, PK11_CreatePBEV2AlgorithmID, [nss_have_libs=1],,-lnspr4))
if test "$nss_have_headers" = "111" && test "$nss_have_libs" != "0"; then
@@ -207,6 +208,7 @@
AC_CHECK_HEADERS(prerror.h, [nss_have_prerrorh=1])
AC_CHECK_HEADERS(nss/nss.h nss.h, [nss_have_nssh=1])
AC_CHECK_HEADERS(nss/pk11pub.h pk11pub.h, [nss_have_pk11pubh=1])
+ AC_CHECK_HEADERS(nss/secoidt.h secoidt.h)
nss_have_headers=${nss_have_prerrorh}${nss_have_nssh}${nss_have_pk11pubh}
AC_CHECK_LIB(nspr4, PR_Initialize, AC_CHECK_LIB(nss3, PK11_CreatePBEV2AlgorithmID, [nss_have_libs=1],,-lnspr4))
if test "$nss_have_headers" = "111" && test "$nss_have_libs" != "0"; then
@@ -232,9 +234,52 @@
AC_SUBST(LDADD_crypto_nss)
AC_SUBST(apu_have_crypto)
+ AC_TRY_COMPILE([#include <secoidt.h>],[ int p; p = SEC_OID_MD5;] ,
+ AC_DEFINE(HAVE_SEC_OID_MD5,1,
+ [Define 1 if SEC_OID_MD5 is defined.]))
+ AC_TRY_COMPILE([#include <nss/secoidt.h>],[ int p; p = SEC_OID_MD5;] ,
+ AC_DEFINE(HAVE_SEC_OID_MD5,1,
+ [Define 1 if SEC_OID_MD5 is defined.]))
+
+ AC_TRY_COMPILE([#include <secoidt.h>],[ int p; p = SEC_OID_SHA1;] ,
+ AC_DEFINE(HAVE_SEC_OID_SHA1,1,
+ [Define 1 if SEC_OID_SHA1 is defined.]))
+ AC_TRY_COMPILE([#include <nss/secoidt.h>],[ int p; p = SEC_OID_SHA1;] ,
+ AC_DEFINE(HAVE_SEC_OID_SHA1,1,
+ [Define 1 if SEC_OID_SHA1 is defined.]))
+
+ AC_TRY_COMPILE([#include <secoidt.h>],[ int p; p = SEC_OID_SHA224;] ,
+ AC_DEFINE(HAVE_SEC_OID_SHA224,1,
+ [Define 1 if SEC_OID_SHA224 is defined.]))
+ AC_TRY_COMPILE([#include <nss/secoidt.h>],[ int p; p = SEC_OID_SHA224;] ,
+ AC_DEFINE(HAVE_SEC_OID_SHA224,1,
+ [Define 1 if SEC_OID_SHA224 is defined.]))
+
+ AC_TRY_COMPILE([#include <secoidt.h>],[ int p; p = SEC_OID_SHA256;] ,
+ AC_DEFINE(HAVE_SEC_OID_SHA256,1,
+ [Define 1 if SEC_OID_SHA256 is defined.]))
+ AC_TRY_COMPILE([#include <nss/secoidt.h>],[ int p; p = SEC_OID_SHA256;] ,
+ AC_DEFINE(HAVE_SEC_OID_SHA256,1,
+ [Define 1 if SEC_OID_SHA256 is defined.]))
+
+ AC_TRY_COMPILE([#include <secoidt.h>],[ int p; p = SEC_OID_SHA384;] ,
+ AC_DEFINE(HAVE_SEC_OID_SHA384,1,
+ [Define 1 if SEC_OID_SHA384 is defined.]))
+ AC_TRY_COMPILE([#include <nss/secoidt.h>],[ int p; p = SEC_OID_SHA384;] ,
+ AC_DEFINE(HAVE_SEC_OID_SHA384,1,
+ [Define 1 if SEC_OID_SHA384 is defined.]))
+
+ AC_TRY_COMPILE([#include <secoidt.h>],[ int p; p = SEC_OID_SHA512;] ,
+ AC_DEFINE(HAVE_SEC_OID_SHA512,1,
+ [Define 1 if SEC_OID_SHA512 is defined.]))
+ AC_TRY_COMPILE([#include <nss/secoidt.h>],[ int p; p = SEC_OID_SHA512;] ,
+ AC_DEFINE(HAVE_SEC_OID_SHA512,1,
+ [Define 1 if SEC_OID_SHA512 is defined.]))
+
LIBS="$old_libs"
CPPFLAGS="$old_cppflags"
LDFLAGS="$old_ldflags"
+
])
AC_DEFUN([APU_CHECK_CRYPTO_COMMONCRYPTO], [
Index: crypto/apr_crypto_nss.c
===================================================================
--- crypto/apr_crypto_nss.c (revision 1872051)
+++ crypto/apr_crypto_nss.c (working copy)
@@ -382,12 +382,25 @@
if (!f->digests) {
return APR_ENOMEM;
}
- apr_hash_set(f->digests, "md5", APR_HASH_KEY_STRING, &(key_digests[i = 0]));
+ i = 0;
+#if HAVE_SEC_OID_MD5
+ apr_hash_set(f->digests, "md5", APR_HASH_KEY_STRING, &(key_digests[i++]));
+#endif
+#if HAVE_SEC_OID_SHA1
apr_hash_set(f->digests, "sha1", APR_HASH_KEY_STRING, &(key_digests[++i]));
+#endif
+#if HAVE_SEC_OID_SHA224
apr_hash_set(f->digests, "sha224", APR_HASH_KEY_STRING, &(key_digests[++i]));
+#endif
+#if HAVE_SEC_OID_SHA256
apr_hash_set(f->digests, "sha256", APR_HASH_KEY_STRING, &(key_digests[++i]));
+#endif
+#if HAVE_SEC_OID_SHA384
apr_hash_set(f->digests, "sha384", APR_HASH_KEY_STRING, &(key_digests[++i]));
+#endif
+#if HAVE_SEC_OID_SHA512
apr_hash_set(f->digests, "sha512", APR_HASH_KEY_STRING, &(key_digests[++i]));
+#endif
f->types = apr_hash_make(pool);
if (!f->types) {
@@ -730,22 +743,46 @@
switch (rec->k.hash.digest) {
case APR_CRYPTO_DIGEST_MD5:
+#if HAVE_SEC_OID_MD5
key->hashAlg = SEC_OID_MD5;
+#else
+ return APR_ENODIGEST;
+#endif
break;
case APR_CRYPTO_DIGEST_SHA1:
+#if HAVE_SEC_OID_SHA1
key->hashAlg = SEC_OID_SHA1;
+#else
+ return APR_ENODIGEST;
+#endif
break;
case APR_CRYPTO_DIGEST_SHA224:
+#if HAVE_SEC_OID_SHA224
key->hashAlg = SEC_OID_SHA224;
+#else
+ return APR_ENODIGEST;
+#endif
break;
case APR_CRYPTO_DIGEST_SHA256:
+#if HAVE_SEC_OID_SHA256
key->hashAlg = SEC_OID_SHA256;
+#else
+ return APR_ENODIGEST;
+#endif
break;
case APR_CRYPTO_DIGEST_SHA384:
+#if HAVE_SEC_OID_SHA384
key->hashAlg = SEC_OID_SHA384;
+#else
+ return APR_ENODIGEST;
+#endif
break;
case APR_CRYPTO_DIGEST_SHA512:
+#if HAVE_SEC_OID_SHA512
key->hashAlg = SEC_OID_SHA512;
+#else
+ return APR_ENODIGEST;
+#endif
break;
default:
return APR_ENODIGEST;
@@ -757,22 +794,46 @@
switch (rec->k.hmac.digest) {
case APR_CRYPTO_DIGEST_MD5:
+#ifdef CKM_MD5_HMAC
key->hashMech = CKM_MD5_HMAC;
+#else
+ return APR_ENODIGEST;
+#endif
break;
case APR_CRYPTO_DIGEST_SHA1:
+#ifdef CKM_SHA_1_HMAC
key->hashMech = CKM_SHA_1_HMAC;
+#else
+ return APR_ENODIGEST;
+#endif
break;
case APR_CRYPTO_DIGEST_SHA224:
+#ifdef CKM_SHA224_HMAC
key->hashMech = CKM_SHA224_HMAC;
+#else
+ return APR_ENODIGEST;
+#endif
break;
case APR_CRYPTO_DIGEST_SHA256:
+#ifdef CKM_SHA256_HMAC
key->hashMech = CKM_SHA256_HMAC;
+#else
+ return APR_ENODIGEST;
+#endif
break;
case APR_CRYPTO_DIGEST_SHA384:
+#ifdef CKM_SHA384_HMAC
key->hashMech = CKM_SHA384_HMAC;
+#else
+ return APR_ENODIGEST;
+#endif
break;
case APR_CRYPTO_DIGEST_SHA512:
+#ifdef CKM_SHA512_HMAC
key->hashMech = CKM_SHA512_HMAC;
+#else
+ return APR_ENODIGEST;
+#endif
break;
default:
return APR_ENODIGEST;
Regards,
Graham
—
Re: svn commit: r1836445 [1/3] - in /apr/apr-util/branches/1.7.x: ./
crypto/ include/ include/private/ test/
Posted by Graham Leggett <mi...@sharp.fm>.
On 07 Aug 2019, at 00:55, Rainer Jung <ra...@kippdata.de> wrote:
> Solaris(10) provides NSS support but it is somewhat outdated. Especially it does not know about SEC_OID_SHA224, so compilation (linking) fails.
>
> So currently APR trunk and APR-UTIL 1.7.x no longer compile on Solaris (1.7.x has more problems outside of crypto).
>
> We might need to detect SEC_OID_SHA224 during configure and find a way to cope with its nonexistence in the code.
Do you have any example autoconf to detect an enum - I’ve been struggling to get this to work, not sure if I am missing something.
Regards,
Graham
—