#19 Compile failure

[Nigel Hathaway]

Compiling with openssl 1.1.0e. gcc 6.3.0 (Alpine Linux 3.6.1)

cryptoutils.c - lines1124-1127

if (rc == 0) {
ecdsaSig->r = r;
ecdsaSig->s = s;
}

This doesn't compile. You have to use the accessor: ECDSA_SIG_set0(ecdsaSig, r, s).

There are also quite a few "may be used uninitialized in this function [-Wmaybe-uninitialized]" warnings produced by this version of the compiler. This version of gcc seems to be tracking variables across function calls, which is why they don't show up in older compilers (I think). Some definitely aren't highlighting real bugs, but I haven't gone through them all.

[Ken Goldman]

Thanks. Absolutely correct. I have to port these new sample functions to the new openssl 1.1 API. On my list, and I'll upload a new version ASAP.

In the meantime, the workaround is to use openssl 1.0. It's still being maintained on long term support.

[Nigel Hathaway]

I'm actually building against 1.01f (in Ubuntu 14.04) and (what recently was) the latest stable from the openssl web site. Unfortunately, ECDSA_SIG_set0 is not available in the old version but you have to use it in the new. Somewhere in between it is deprecated then removed (which to me is rather a short timescale to do that in). However, OpenSSL don't officially support the older version (their oldest is 1.02) whereas the Linux distros do. So you may want to put conditional compilation around it.

[Ken Goldman]

Where do you see that it's deprecated and removed? I see that it is absent in 1.0 and persent in 1.1.

This is a general openssl pattern. In 1.1, they made many structures opaque and added getters and setters.

[Ken Goldman]

The fix, which will be in the next release is:

#if OPENSSL_VERSION_NUMBER < 0x10100000
    ecdsaSig->r = r;
    ecdsaSig->s = s;
#else
    int irc = ECDSA_SIG_set0(ecdsaSig, r, s);   
    if (irc != 1) {
            printf("verifyEcSignatureFromEvpPubKey: Error in  ECDSA_SIG_set0()\n");
            rc = TSS_RC_EC_KEY_CONVERT;
    }
#endif