Fix ./build.sh --portableBuild false

[omajid]

Non-portable builds are used by source-build and also useful for testing/debugging things, like trying out OpenSSL 3.0:
#46526 (comment)

Fixes: #43219

Should I add a CI run that verifies ./build.sh --portableBuild false works?

[dotnet-issue-labeler]

I couldn't figure out the best area label to add to this PR. If you have write-permissions please help me learn by adding exactly one area label.

[ghost]

Tagging subscribers to this area: @dotnet/runtime-infrastructure
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Non-portable builds are used by source-build and also use for testing/debugging things, like trying out OpenSSL 3.0:
#46526 (comment)

Fixes: #43219

Should I add a CI run that verifies ./build.sh --portableBuild false works?

Author:	omajid
Assignees:	-
Labels:	area-Infrastructure
Milestone:	-

[danmoseley]

Should I add a CI run that verifies ./build.sh --portableBuild false works?

cc @ViktorHofer for that question.

[omajid]

FWIW, having a CI leg for this would have caught #42415 sooner

[omajid]

I can't tell if the linux-musl-arm error is related to my changes or not. I would have understood a failure building/running ilasm/ildasm, but this is something else?

[omajid]

Can someone please review this? The test failures look unrelated to my changes.

[ViktorHofer]

Should I add a CI run that verifies ./build.sh --portableBuild false works?

I think we should have a non portable build in CI to protect that scenario. Unsure if per PR or as a rolling build.

[omajid]

#50811 (comment):

once #50097 gets in, we can add the --portableBuild false flag to this leg.

[ViktorHofer]

So we probably wanna do this as part of this PR now as the other change is already merged?

[ViktorHofer]

Thanks a lot @omajid

[omajid]

Hey, @bartonjs, this new CI run is failing on CentOS 7 (with OpenSSL 1.0 non-portable):

$ podman run -it mcr.microsoft.com/dotnet-buildtools/prereqs:centos-7-source-build-20210408124356-5d87b80 bash -c 'rpm -qa | grep openssl'
openssl-devel-1.0.2k-21.el7_9.x86_64
openssl-libs-1.0.2k-21.el7_9.x86_64

The errors look like this:

/__w/1/s/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c:88:26: error: implicit declaration of function 'EVP_PKEY_get0_RSA' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
          const RSA* rsa = EVP_PKEY_get0_RSA(pkey);
                           ^
  /__w/1/s/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c:88:26: note: did you mean 'EVP_PKEY_get1_RSA'?
  /usr/include/openssl/evp.h:968:16: note: 'EVP_PKEY_get1_RSA' declared here
  struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
                 ^
  /__w/1/s/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c:88:26: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
          const RSA* rsa = EVP_PKEY_get0_RSA(pkey);
                           ^
  /__w/1/s/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c:88:20: error: incompatible integer to pointer conversion initializing 'const RSA *' (aka 'const struct rsa_st *') with an expression of type 'int' [-Werror,-Wint-conversion]
          const RSA* rsa = EVP_PKEY_get0_RSA(pkey);
                     ^     ~~~~~~~~~~~~~~~~~~~~~~~
  /__w/1/s/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c:147:51: error: use of undeclared identifier 'RSA_PSS_SALTLEN_DIGEST'
              EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, RSA_PSS_SALTLEN_DIGEST) <= 0)
                                                    ^
  /__w/1/s/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c:163:26: error: implicit declaration of function 'EVP_PKEY_get0_RSA' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
          const RSA* rsa = EVP_PKEY_get0_RSA(pkey);
                           ^
  /__w/1/s/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c:163:20: error: incompatible integer to pointer conversion initializing 'const RSA *' (aka 'const struct rsa_st *') with an expression of type 'int' [-Werror,-Wint-conversion]
          const RSA* rsa = EVP_PKEY_get0_RSA(pkey);
                     ^     ~~~~~~~~~~~~~~~~~~~~~~~

Are these known issues?

[bartonjs]

Are these known issues?

I was originally going to say "sort of, I saw and fixed this in #51155". But that appears to be untrue.

#define EVP_PKEY_get0_RSA local_EVP_PKEY_get0_RSA

belongs right above

runtime/src/libraries/Native/Unix/System.Security.Cryptography.Native/opensslshim.h

Line 1120 in ee07190

#define EVP_PKEY_up_ref local_EVP_PKEY_up_ref

[bartonjs]

Actually, since there's also a PSS_SALTLEN problem it requires slightly more surgery. (The "define if missing" needs to move up to before the "#if portable")

https://github.com/dotnet/runtime/pull/51155/files#diff-c041469cc460b750021244a4a434fedb53956c4aad395137c83ab37583b4e840R73-R76

https://github.com/dotnet/runtime/pull/51155/files#diff-c041469cc460b750021244a4a434fedb53956c4aad395137c83ab37583b4e840L221-L227

[bartonjs]

@omajid Looks like you didn't quite move it high enough. If you pull the newer main you should be able to get rid of the PSS_SALTLEN move (since I already did it and it's now a conflict), but adding the missing #define EVP_PKEY_get0_RSA local_EVP_PKEY_get0_RSA is still necessary.