Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at

Bug 1383651

Summary: perl-Crypt-OpenSSL-DSA-0.15-5.fc26 FTBFS: dereferencing pointer to incomplete type 'DSA {aka struct dsa_st}'
Product: [Fedora] Fedora Reporter: Petr Pisar <ppisar>
Component: perl-Crypt-OpenSSL-DSAAssignee: Petr Pisar <ppisar>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: perl-devel, wjhns174
Target Milestone: ---Keywords: Patch, Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: perl-Crypt-OpenSSL-DSA-0.15-7.fc26 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-01 08:49:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1383740    

Description Petr Pisar 2016-10-11 11:21:17 UTC
perl-Crypt-OpenSSL-DSA-0.15-5.fc26 fails to build in F25:

gcc -c   -D_REENTRANT -D_GNU_SOURCE -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fwrapv -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -g   -DVERSION=\"0.15\" -DXS_VERSION=\"0.15\" -fPIC "-I/usr/lib64/perl5/CORE"  -DPERL5 DSA.c
DSA.xs: In function 'XS_Crypt__OpenSSL__DSA_get_p':
DSA.xs:264:28: error: dereferencing pointer to incomplete type 'DSA {aka struct dsa_st}'
         len = BN_bn2bin(dsa->p, to);

This is caused by upgrading openssl from 1:1.0.2j-1.fc26 to 1:1.1.0b-1.fc26.

Comment 1 Petr Pisar 2016-10-14 11:14:40 UTC
I posted a fix to the upstream bug report.

Comment 2 Petr Pisar 2016-10-27 08:25:21 UTC
No reply from upstream in two weeks. I will apply it into Fedora.

Comment 3 Petr Pisar 2016-11-01 07:27:15 UTC
After applying the fix, perl-Net-DNS-SEC tests fail in:

    my $dsa = Crypt::OpenSSL::DSA->new();           # private key

    $dsa->set_p( decode_base64 $private->prime );
    $dsa->set_q( decode_base64 $private->subprime );
    $dsa->set_g( decode_base64 $private->base );

→   $dsa->set_priv_key( decode_base64 $private->private_value );

With message:

Could not set a key at lib/Net/DNS/SEC/ line 75.
signature generation failed at t/10-keyset.t line 112.

Comment 4 Petr Pisar 2016-11-01 08:49:32 UTC
The issue is new OpenSSL does support setting a private key before a public key. I added a code that allows it on the XS level.