Error compiling FreeFileSync 11.14 on Ubuntu (20.04/21.04)

[xtradeb]

Hi!

I'm unable to compile FreeFileSync 11.14 on Ubuntu (20.04/21.04). Previous versions compiled fine.

../../zen/open_ssl.cpp: In function ‘std::string {anonymous}::evpKeyToStream(const EVP_PKEY*, {anonymous}::RsaToBioFunc, const char*)’:
../../zen/open_ssl.cpp:217:42: error: invalid conversion from ‘const EVP_PKEY*’ {aka ‘const evp_pkey_st*’} to ‘EVP_PKEY*’ {aka ‘evp_pkey_st*’} [-fpermissive]
217 | const RSA* rsa = ::EVP_PKEY_get0_RSA(evp); //unowned reference!

You can find the full build log attached.

Can anyone help?

Thank you!
Jhonny Oliveira
https://xtradeb.net

[bgstack15]

Version 11.14 has switched to use OpenSSL 3.0 which changed a few low-level apis, including making a few of these parameters to be const.
Here's my ffs_openssl.patch which really just removes some of the "const" definitions to use it with Devuan Ceres's current openssl 1.1.1l. I don't really know what I'm doing, so please be careful and make sure this still operates as needed.

Summary: Revert 11.14 openssl 3.0.0 usage
Author: bgstack15
Date: 2021-09-22
Version: 11.14
Message: Zenju updated FreeFileSync 11.14 to use openssl 3.0.0 but my distros are not ready for that. By reverting to the 11.13 logic, the application can compile against openssl 1.1.1l as before.
diff -aur 11.13/zen/open_ssl.cpp 11.14/zen/open_ssl.cpp
--- 11.13/zen/open_ssl.cpp
+++ 11.14/zen/open_ssl.cpp
@@ -179,9 +179,9 @@ std::shared_ptr<EVP_PKEY> streamToKey(const std::string& keyStream, RsaStreamTyp
 
 //================================================================================
 
-using EvpToBioFunc = int (*)(BIO* bio, const EVP_PKEY* evp);
+using EvpToBioFunc = int (*)(BIO* bio, EVP_PKEY* evp);
 
-std::string evpKeyToStream(const EVP_PKEY* evp, EvpToBioFunc evpToBio, const char* functionName) //throw SysError
+std::string evpKeyToStream(EVP_PKEY* evp, EvpToBioFunc evpToBio, const char* functionName) //throw SysError
 {
     BIO* bio = ::BIO_new(BIO_s_mem());
     if (!bio)
@@ -205,16 +205,16 @@ std::string evpKeyToStream(const EVP_PKEY* evp, EvpToBioFunc evpToBio, const cha
 }
 
 
-using RsaToBioFunc = int (*)(BIO* bp, const RSA* x);
+using RsaToBioFunc = int (*)(BIO* bp, RSA* x);
 
-std::string evpKeyToStream(const EVP_PKEY* evp, RsaToBioFunc rsaToBio, const char* functionName) //throw SysError
+std::string evpKeyToStream(EVP_PKEY* evp, RsaToBioFunc rsaToBio, const char* functionName) //throw SysError
 {
     BIO* bio = ::BIO_new(BIO_s_mem());
     if (!bio)
         throw SysError(formatLastOpenSSLError("BIO_new"));
     ZEN_ON_SCOPE_EXIT(::BIO_free_all(bio));
 
-    const RSA* rsa = ::EVP_PKEY_get0_RSA(evp); //unowned reference!
+    RSA* rsa = ::EVP_PKEY_get0_RSA(evp); //unowned reference!
     if (!rsa)
         throw SysError(formatLastOpenSSLError("EVP_PKEY_get0_RSA"));
 
@@ -236,33 +236,33 @@ std::string evpKeyToStream(const EVP_PKEY* evp, RsaToBioFunc rsaToBio, const cha
 
 
 //fix OpenSSL API inconsistencies:
-int PEM_write_bio_PrivateKey2(BIO* bio, const EVP_PKEY* key)
+int PEM_write_bio_PrivateKey2(BIO* bio, EVP_PKEY* key)
 {
     return ::PEM_write_bio_PrivateKey(bio,      //BIO* bp
-                                      key,      //const EVP_PKEY* x
+                                      key,      //EVP_PKEY* x
                                       nullptr,  //const EVP_CIPHER* enc
-                                      nullptr,  //const unsigned char* kstr
+                                      nullptr,  //unsigned char* kstr
                                       0,        //int klen
                                       nullptr,  //pem_password_cb* cb
                                       nullptr); //void* u
 }
 
-int PEM_write_bio_RSAPrivateKey2(BIO* bio, const RSA* rsa)
+int PEM_write_bio_RSAPrivateKey2(BIO* bio, RSA* rsa)
 {
     return ::PEM_write_bio_RSAPrivateKey(bio,      //BIO* bp
-                                         rsa,      //const RSA* x
+                                         rsa,      //RSA* x
                                          nullptr,  //const EVP_CIPHER* enc
-                                         nullptr,  //const unsigned char* kstr
+                                         nullptr,  //unsigned char* kstr
                                          0,        //int klen
                                          nullptr,  //pem_password_cb* cb
                                          nullptr); //void* u
 }
 
-int PEM_write_bio_RSAPublicKey2(BIO* bio, const RSA* rsa) { return ::PEM_write_bio_RSAPublicKey(bio, rsa); }
+int PEM_write_bio_RSAPublicKey2(BIO* bio, RSA* rsa) { return ::PEM_write_bio_RSAPublicKey(bio, rsa); }
 
 //--------------------------------------------------------------------------------
 
-std::string keyToStream(const EVP_PKEY* evp, RsaStreamType streamType, bool publicKey) //throw SysError
+std::string keyToStream(EVP_PKEY* evp, RsaStreamType streamType, bool publicKey) //throw SysError
 {
     switch (streamType)
     {
@@ -571,15 +571,15 @@ public:
             if (sslError == SSL_ERROR_ZERO_RETURN)
                 return 0; //EOF + close_notify alert
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L /*OpenSSL 3.0.0*/ || \
-    OPENSSL_VERSION_NUMBER == 0x1010105fL /*OpenSSL 1.1.1e*/
+#if OPENSSL_VERSION_NUMBER == 0x1010105fL //OpenSSL 1.1.1e
             const auto ec = ::ERR_peek_last_error();
             if (sslError == SSL_ERROR_SSL && ERR_GET_REASON(ec) == SSL_R_UNEXPECTED_EOF_WHILE_READING) //EOF: only expected for HTTP/1.0
-#else //obsolete handling: https://github.com/openssl/openssl/issues/10880#issuecomment-575746226
+                return 0;
+#else //obsolete handling, at least in OpenSSL 1.1.1e (but valid again with OpenSSL 1.1.1f!)
+            //https://github.com/openssl/openssl/issues/10880#issuecomment-575746226
             if ((sslError == SSL_ERROR_SYSCALL && ::ERR_peek_last_error() == 0)) //EOF: only expected for HTTP/1.0
-#endif
                 return 0;
-
+#endif
             throw SysError(formatLastOpenSSLError("SSL_read_ex") + L' ' + getSslErrorLiteral(sslError));
         }
         assert(bytesReceived > 0); //SSL_read_ex() considers EOF an error!


[pmkees2]

I saw that openssl3 was officially released and noticed the increased const declarations needed if using FFSv11.13 with openssl3 (so the inverse of the changes needed for FFSv11.14 w/openssl1.1.1).

@bgstack15 You've motivated me to refresh the Raspbian build instructions 👍

[xtradeb]

The patch looks good and the application seems to run without issues.
Thank you @bgstack15!

[bgstack15]

So, what versions of libglib2 are you guys using? I have found that on Devuan Ceres (Debian Sid/unstable), libglib2 >= 2.68.0 causes my FreeFileSync compilation to fail.

[xtradeb]

Hi!

I'm using this (default): libglib2.0-0/focal-updates,now 2.64.6-1~ubuntu20.04.4

Cheers!

[xtradeb]

Dear @bgstack15,

I'm facing the same issue again with version 11.16 and the patch you provided earlier is no longer working, neither I can make anything out of it.

Can you help me out?

Thank you!
Jhonny Oliveira
https://xtradeb.net

[bgstack15]

My above link for the ffs_openssl.patch is still valid. It points to the master branch of my git repository, and I did just merge in my freefilesync-bump branch, which I just updated for version 11.16. Go check it out!

Another caveat: I don't actually use the ssl parts of FreeFileSync, so while it compiles, I cannot guarantee that it actually works. Please validate it before relying on it.

[xtradeb]

Thank you very much for the patch! It works.

I'm not sure to what extent I should test this, but I was able to install the software and connect to a remote sftp server. Is there any other particular test you would like me to perform?

Cheers!

[bgstack15]

There is zero data loss when transferring a sample data set, say of 15 files totalling larger than 5MB?

[xtradeb]

The test run just fine!
Thank you!