[krbdev.mit.edu #9180] pkinit preauth plugin create_signature calls EVP_PKEY_size() instead of EVP_PKEY_get_size()
David Morash via RT
rt at krbdev.mit.edu
Sun Jul 27 08:39:32 EDT 2025
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9180 >
This build failure was totally our fault; we were patching our openssl
to override the renaming defines and provide implementations of the old
methods. The patch didn't properly apply on openssl 3.2.5 hence the
build problems.
So the krb5 code was fine, we just shot ourselves in the foot.
On 2025-07-17 6:08 p.m., David Morash wrote:
> Hmmm... must be something in how we are building. I'll dig into it
> and see if I can spot why. We also had to rename a couple of
> EVP_PKEY_size() calls in our own code.
>
> On 2025-07-17 3:23 p.m., Greg Hudson via RT wrote:
>> There is indeed a missed rename there, and another one in encode_spki()
>> for EVP_PKEY_base_id() -> EVP_PKEY_get_base_id(). However, as far as
>> I can
>> tell OpenSSL 3.x never removed its compatibility macros for
>> EVP_PKEY_size()
>> and EVP_PKEY_base_id(). In 3.2.5's <openssl/evp.h> I see:
>>
>> # define EVP_PKEY_size EVP_PKEY_get_size
>>
>> at line 1323. So I don't understand why there was a build failure.
>>
>
More information about the krb5-bugs
mailing list