You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2018/05/02 10:34:32 UTC

[Bug 62346] New: LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol "OPENSSL_malloc_init"

https://bz.apache.org/bugzilla/show_bug.cgi?id=62346

            Bug ID: 62346
           Summary: LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined
                    symbol "OPENSSL_malloc_init"
           Product: Apache httpd-2
           Version: 2.4.33
          Hardware: PC
                OS: FreeBSD
            Status: NEW
          Severity: blocker
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: gessel@blackrosetech.com
  Target Milestone: ---

LibreSSL 2.7.2's inclusion into the ports tree has created a bit of a rash of
issues.  Most are documented at https://wiki.freebsd.org/LibreSSL/2.7. 
Apache24 is listed as patched and does, in fact, build without glaring errors.  

And, after patching a few ports that don't have their patches integrated yet, I
can rebuild all ports without fails
https://forums.freebsd.org/threads/python27-problem-at-packaging-stage.51189/page-2#post-386195

However, in my environment (at least) it will not start - this is on every jail
I have - Apache24 will not start:
httpd: Syntax error on line 130 of /usr/local/etc/apache24/httpd.conf: Cannot
load libexec/apache24/mod_ssl.so into server:
/usr/local/libexec/apache24/mod_ssl.so: Undefined symbol "OPENSSL_malloc_init"

The following innocuous seeming error seems relevant

--- mod_ssl.slo ---
mod_ssl.c:404:5: warning: implicit declaration of function
'OPENSSL_malloc_init' is invalid in C99 [-Wimplicit-function-declaration]
    OPENSSL_malloc_init();

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 62346] LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol "OPENSSL_malloc_init"

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62346

--- Comment #3 from gessel <ge...@blackrosetech.com> ---
It appears these changes are not fully integrated in the FreeBSD port Apache
v2.4.33

As on my machine
httpd/httpd/trunk/modules/ssl/ssl_engine_init.c:546-551
    char *cp;
    int protocol = mctx->protocol;
    SSLSrvConfigRec *sc = mySrvConfig(s);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
    int prot;
#endif

Revision 1830522 shows
@@ -582,7 +582,8 @@
     char *cp;
     int protocol = mctx->protocol;
     SSLSrvConfigRec *sc = mySrvConfig(s);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L  && \
+       (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >=
0x20800000L)
     int prot;
 #endif


and in httpd/httpd/trunk/modules/ssl/mod_ssl.c:398-404

    /* We must register the library in full, to ensure our configuration
     * code can successfully test the SSL environment.
     */
#if MODSSL_USE_OPENSSL_PRE_1_1_API
    (void)CRYPTO_malloc_init();
#else
    OPENSSL_malloc_init();

Revision 1828222 shows

@@ -407,7 +407,7 @@
     /* We must register the library in full, to ensure our configuration
      * code can successfully test the SSL environment.
      */
-#if MODSSL_USE_OPENSSL_PRE_1_1_API
+#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER)
     (void)CRYPTO_malloc_init();
 #else
     OPENSSL_malloc_init();

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 62346] LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol "OPENSSL_malloc_init"

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62346

--- Comment #6 from gessel <ge...@blackrosetech.com> ---
Thanks Yann,

Yeah, crude and bumbling, but thanks for the new patch.  modules/md/md_crypt.c
already has the patch.  The ones for modules/ssl/...  succeeded.

However, building with the patches yields:

(I reverted the system and successfully test built - of course while the
shipping version builds, it won't start due to the OPENSSL_malloc_init).

--- ssl_engine_init.slo ---
ssl_engine_init.c:54:12: error: static declaration of 'DH_set0_pqg' follows
non-static declaration
static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
           ^
/usr/local/include/openssl/dh.h:195:5: note: previous declaration is here
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
    ^
1 error generated.
*** [ssl_engine_init.slo] Error code 1


According to some helpful people on the libressl list, it may be sufficient to
simply comment out the OPENSSL_malloc_init(); line.  I'm going to revert and
try that next.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 62346] LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol "OPENSSL_malloc_init"

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62346

--- Comment #4 from gessel <ge...@blackrosetech.com> ---
Failed attempt below:

make clean && make distclean && make
cd /var/ports/usr/ports/www/apache24/work/httpd-2.4.33/modules/ssl/
mv ssl_engine_init.c ssl_engine_init.c.orig
mv mod_ssl.c mod_ssl.c.orig
mv ssl_private.h ssl_private.h.orig
wget -O ssl_engine_init.c
'https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?revision=1830522&view=co&pathrev=1830522'
wget -O mod_ssl.c
'https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?revision=1828222&view=co&pathrev=1828222'
wget -O ssl_private.h
'https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?revision=1828222&view=co&pathrev=1828222'
cd ../md/
mv md_crypt.c.orig md_crypt.c.pre-182822
mv md_crypt.c md_crypt.c.orig 
wget -O md_crypt.c
'https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_crypt.c?revision=1828222&view=co&pathrev=1828222'
cd /usr/ports/www/apache24
make makepatch
make clean && make distclean
portmaster

yields 
--- ssl_engine_init.slo ---
ssl_engine_init.c:54:12: error: static declaration of 'DH_set0_pqg' follows
non-static declaration
static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
           ^
/usr/local/include/openssl/dh.h:195:5: note: previous declaration is here
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
    ^
1 error generated.
*** [ssl_engine_init.slo] Error code 1


:(

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 62346] LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol "OPENSSL_malloc_init"

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62346

--- Comment #5 from Yann Ylavic <yl...@gmail.com> ---
Created attachment 35905
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=35905&action=edit
Backport r1828222 + r1830522

How about this patch instead?

Your method was quite rough to patch 2.4.33 :)

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 62346] LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol "OPENSSL_malloc_init"

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62346

--- Comment #1 from gessel <ge...@blackrosetech.com> ---
   /* We must register the library in full, to ensure our configuration
     * code can successfully test the SSL environment.
     */
#if MODSSL_USE_OPENSSL_PRE_1_1_API
    (void)CRYPTO_malloc_init();
#else
    OPENSSL_malloc_init();
#endif
    ERR_load_crypto_strings();
    SSL_load_error_strings();
    SSL_library_init();
#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
    ENGINE_load_builtin_engines();
#endif
    OpenSSL_add_all_algorithms();
    OPENSSL_load_builtin_modules();

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 62346] LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol "OPENSSL_malloc_init"

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62346

--- Comment #2 from Yann Ylavic <yl...@gmail.com> ---
(In reply to gessel from comment #1)
>    /* We must register the library in full, to ensure our configuration
>      * code can successfully test the SSL environment.
>      */
> #if MODSSL_USE_OPENSSL_PRE_1_1_API
>     (void)CRYPTO_malloc_init();

Here, trunk uses:
#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER)

This change was part of TLSv1.3 integration (bug 62236), so the full bits may
be r1828222 + r1830522.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 62346] LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol "OPENSSL_malloc_init"

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62346

--- Comment #7 from gessel <ge...@blackrosetech.com> ---
FIXED. 
https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?r1=1828222&r2=1828221&pathrev=1828222

is sufficient and builds correctly.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 62346] LibreSSL 2.7.2+ blocks load of mod_ssl, Undefined symbol "OPENSSL_malloc_init"

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62346

--- Comment #8 from Bernard Spil <br...@freebsd.org> ---
Meanwhile, I've committed fixes to the FreeBSD port.

The LibreSSL 2.7 patch I created has been imported in trunk, how do you deal
with backporting to 2.4?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org