On Fri, 2022-03-11 at 16:52 +0800, wen zhang wrote:
James Prestwood <prestwoj(a)gmail.com> 于2022年3月10日周四 02:04写道：
On Wed, 2022-03-09 at 18:36 +0800, wen zhang wrote:
I tried to build ELL library on my system built following LFS 11.1
;, but the make
command failed. Adding V=1 to the make command show one openssl command
failed to finish.
openssl pkcs8 -in unit/cert-client-key-pkcs8.pem -out
unit/cert-client-key-pkcs8-v2-des.pem -topk8 -v2 des-cbc -v2prf
hmacWithSHA1 -passout pass:abc
Maybe something need to migrate from OpenSSL 1 to OpenSSL 3?
So it appears DES was removed from OpenSSL3 as a built in module . I'm
guessing there is some way to compile this in, but the documentation also
mentions some runtime legacy provider. So I think you'll need to rebuild
openssl with DES built in or figure out a way to enable this provider. I'm
thinking we do want to support the default OpenSSL3 build at some point in
the future, but I'm not sure if our build system can enable this feature
automatically or not.
One thing to note is that OpenSSL is only used to verify ELL's crypto APIs
in unit testing. So this failure should not block you from using the ELL
API or IWD. And for IWD specifically all the unit tests build with OpenSSL3
since none use DES.
Also, there is a mailing list specific to ELL ell(a)lists.01.org.
iwd mailing list -- iwd(a)lists.01.org
To unsubscribe send an email to iwd-leave(a)lists.01.org
I added provider default and provider legacy into the openssl lines, and
make command finished with no error.
Here's my patch, maybe can be reviewed once there's another build
environment with OpenSSL V3.
This seems to break OpenSSL 1.1:
pkcs8: Option unknown option -provider
pkcs8: Use -help for summary.
make: *** [Makefile:3163: unit/cert-client-key-pkcs8-md5-des.pem] Error
I'm not a build system expert but I'm thinking we need to detect the
OpenSSL version and generate the PEMs using two different recipes depending
on version. Or maybe someone else has ideas?
Also you're patch was just a diff. It applied fine but in order to merge
anything we will need an actual git commit (e.g. git format-patch).
ell mailing list -- ell(a)lists.01.org
To unsubscribe send an email to ell-leave(a)lists.01.org
Thanks, I just realized that openssl is only used when maintainer mode is
Autotools is a little complex for me, I'll try to submit a patch but may
take some days.