You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2020/10/30 11:03:30 UTC
[Bug 64862] New: Improve LibreSSL support
https://bz.apache.org/bugzilla/show_bug.cgi?id=64862
Bug ID: 64862
Summary: Improve LibreSSL support
Product: Tomcat Native
Version: 1.2.23
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Library
Assignee: dev@tomcat.apache.org
Reporter: michaelo@apache.org
Target Milestone: ---
Some time ago I started analyzing ifdefs and looking up the OpenBSD repo what
version of LibreSSL supports that particular feature.
A non-exhaustive list of my findings:
> sslinfo.c:
> #if defined(LIBRESSL_VERSION_NUMBER)
> value = tcn_new_string(e, "UNKNOWN");
> #else
> nid = X509_get_signature_nid(xs);
> if (nid == NID_undef)
> value = tcn_new_string(e, "UNKNOWN");
> else
> value = tcn_new_string(e, OBJ_nid2ln(nid));
> #endif
> $ git tag --contains e1dc6f25d8
> OPENBSD_6_3_BASE
> libressl-v2.7.0
>
> #if defined(LIBRESSL_VERSION_NUMBER)
> value = tcn_new_string(e, "UNKNOWN");
> #else
> nid = X509_get_signature_nid(xs);
> if (nid == NID_undef)
> value = tcn_new_string(e, "UNKNOWN");
> else
> value = tcn_new_string(e, OBJ_nid2ln(nid));
> #endif
>
> $ git tag --contains 2191533b47
> OPENBSD_6_3_BASE
> libressl-v2.7.0
>
> ssl.c:
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> /* OpenSSL Pre-1.1.0 compatibility */
> /* Taken from OpenSSL 1.1.0 snapshot 20160410 */
> int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
> {
> /* q is optional */
> if (p == NULL || g == NULL)
> return 0;
> BN_free(dh->p);
> BN_free(dh->q);
> BN_free(dh->g);
> dh->p = p;
> dh->q = q;
> dh->g = g;
>
> if (q != NULL) {
> dh->length = BN_num_bits(q);
> }
>
> return 1;
> }
> #endif
>
> $ git tag --contains 830713debd
> OPENBSD_6_3_BASE
> libressl-v2.7.0
>
>
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> static BIO_METHOD jbs_methods = {
> BIO_TYPE_FILE,
> "Java Callback",
> jbs_write,
> jbs_read,
> jbs_puts,
> jbs_gets,
> jbs_ctrl,
> jbs_new,
> jbs_free,
> NULL
> };
> #else
> static BIO_METHOD *jbs_methods = NULL;
>
> static void init_bio_methods(void)
> {
> jbs_methods = BIO_meth_new(BIO_TYPE_FILE, "Java Callback");
> BIO_meth_set_write(jbs_methods, &jbs_write);
> BIO_meth_set_read(jbs_methods, &jbs_read);
> BIO_meth_set_puts(jbs_methods, &jbs_puts);
> BIO_meth_set_gets(jbs_methods, &jbs_gets);
> BIO_meth_set_ctrl(jbs_methods, &jbs_ctrl);
> BIO_meth_set_create(jbs_methods, &jbs_new);
> BIO_meth_set_destroy(jbs_methods, &jbs_free);
> }
>
> static void free_bio_methods(void)
> {
> BIO_meth_free(jbs_methods);
> }
> #endif
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> return(&jbs_methods);
> #else
> return jbs_methods;
> #endif
>
>
> 6e0e12de58
> b08b825ace
>
>
> OPENBSD_6_3_BASE
> libressl-v2.7.0
This is intended to be an umbrella ticket to collect/coordinate all ifdefs to
bring it on par with OpenSSL. Maybe others want to pick up the work I have done
so far.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 64862] Improve LibreSSL support
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64862
--- Comment #1 from Michael Osipov <mi...@apache.org> ---
As of
libressl-portable: b52dc3d9b292f4f644d7506a2d62df11f2a6e269
tomcat-native: 1.2.32
tomcat-native does not compile anymore:
> $ make
> /bin/sh /usr/local/share/apr/build-1/libtool --silent --mode=compile cc -O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -fno-strict-aliasing -DHAVE_CONFIG_H -DLIBICONV_PLUG -g -O2 -DHAVE_OPENSSL -DHAVE_POLLSET_WAKEUP -I./include -I/usr/local/openjdk8/include -I/usr/local/openjdk8/include/freebsd -I/tmp/libressl/include -I/usr/local/include/apr-1 -o src/ssl.lo -c src/ssl.c && touch src/ssl.lo
> In file included from src/ssl.c:24:
> ./include/ssl_private.h:221:9: warning: 'OPENSSL_VERSION' macro redefined [-Wmacro-redefined]
> #define OPENSSL_VERSION SSLEAY_VERSION
> ^
> /tmp/libressl/include/openssl/crypto.h:320:9: note: previous definition is here
> #define OPENSSL_VERSION 0
> ^
> src/ssl.c:221:15: error: incomplete definition of type 'struct dh_st'
> BN_free(dh->p);
> ~~^
> /tmp/libressl/include/openssl/ossl_typ.h:132:16: note: forward declaration of 'struct dh_st'
> typedef struct dh_st DH;
> ^
> src/ssl.c:222:15: error: incomplete definition of type 'struct dh_st'
> BN_free(dh->q);
> ~~^
> /tmp/libressl/include/openssl/ossl_typ.h:132:16: note: forward declaration of 'struct dh_st'
> typedef struct dh_st DH;
> ^
> src/ssl.c:223:15: error: incomplete definition of type 'struct dh_st'
> BN_free(dh->g);
> ~~^
> /tmp/libressl/include/openssl/ossl_typ.h:132:16: note: forward declaration of 'struct dh_st'
> typedef struct dh_st DH;
> ^
> src/ssl.c:224:7: error: incomplete definition of type 'struct dh_st'
> dh->p = p;
> ~~^
> /tmp/libressl/include/openssl/ossl_typ.h:132:16: note: forward declaration of 'struct dh_st'
> typedef struct dh_st DH;
> ^
> src/ssl.c:225:7: error: incomplete definition of type 'struct dh_st'
> dh->q = q;
> ~~^
> /tmp/libressl/include/openssl/ossl_typ.h:132:16: note: forward declaration of 'struct dh_st'
> typedef struct dh_st DH;
> ^
> src/ssl.c:226:7: error: incomplete definition of type 'struct dh_st'
> dh->g = g;
> ~~^
> /tmp/libressl/include/openssl/ossl_typ.h:132:16: note: forward declaration of 'struct dh_st'
> typedef struct dh_st DH;
> ^
> src/ssl.c:229:11: error: incomplete definition of type 'struct dh_st'
> dh->length = BN_num_bits(q);
> ~~^
> /tmp/libressl/include/openssl/ossl_typ.h:132:16: note: forward declaration of 'struct dh_st'
> typedef struct dh_st DH;
> ^
> src/ssl.c:989:21: error: incomplete definition of type 'struct bio_st'
> j = (BIO_JAVA *)BIO_get_data(bi);
> ^ ~~
> ./include/ssl_private.h:233:44: note: expanded from macro 'BIO_get_data'
> #define BIO_get_data(x) (x->ptr)
> ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
> ^
> src/ssl.c:1008:21: error: incomplete definition of type 'struct bio_st'
> j = (BIO_JAVA *)BIO_get_data(bi);
> ^ ~~
> ./include/ssl_private.h:233:44: note: expanded from macro 'BIO_get_data'
> #define BIO_get_data(x) (x->ptr)
> ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
> ^
> src/ssl.c:1023:5: error: incomplete definition of type 'struct bio_st'
> BIO_set_shutdown(bi, 1);
> ^ ~~
> ./include/ssl_private.h:235:44: note: expanded from macro 'BIO_set_shutdown'
> #define BIO_set_shutdown(x,v) (x->shutdown=v)
> ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
> ^
> src/ssl.c:1024:5: error: incomplete definition of type 'struct bio_st'
> BIO_set_init(bi, 0);
> ^ ~~
> ./include/ssl_private.h:232:44: note: expanded from macro 'BIO_set_init'
> #define BIO_set_init(x,v) (x->init=v)
> ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
> ^
> src/ssl.c:1032:5: error: incomplete definition of type 'struct bio_st'
> BIO_set_data(bi, (void *)j);
> ^ ~~
> ./include/ssl_private.h:234:44: note: expanded from macro 'BIO_set_data'
> #define BIO_set_data(x,v) (x->ptr=v)
> ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
> ^
> src/ssl.c:1042:21: error: incomplete definition of type 'struct bio_st'
> j = (BIO_JAVA *)BIO_get_data(bi);
> ^ ~~
> ./include/ssl_private.h:233:44: note: expanded from macro 'BIO_get_data'
> #define BIO_get_data(x) (x->ptr)
> ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
> ^
> src/ssl.c:1044:13: error: incomplete definition of type 'struct bio_st'
> if (BIO_get_init(bi)) {
> ^ ~~
> ./include/ssl_private.h:231:44: note: expanded from macro 'BIO_get_init'
> #define BIO_get_init(x) (x->init)
> ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
> ^
> src/ssl.c:1046:13: error: incomplete definition of type 'struct bio_st'
> BIO_set_init(bi, 0);
> ^ ~~
> ./include/ssl_private.h:232:44: note: expanded from macro 'BIO_set_init'
> #define BIO_set_init(x,v) (x->init=v)
> ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
> ^
> src/ssl.c:1052:5: error: incomplete definition of type 'struct bio_st'
> BIO_set_data(bi, NULL);
> ^ ~~
> ./include/ssl_private.h:234:44: note: expanded from macro 'BIO_set_data'
> #define BIO_set_data(x,v) (x->ptr=v)
> ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
> ^
> src/ssl.c:1059:9: error: incomplete definition of type 'struct bio_st'
> if (BIO_get_init(b) && in != NULL) {
> ^ ~
> ./include/ssl_private.h:231:44: note: expanded from macro 'BIO_get_init'
> #define BIO_get_init(x) (x->init)
> ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
> ^
> src/ssl.c:1060:35: error: incomplete definition of type 'struct bio_st'
> BIO_JAVA *j = (BIO_JAVA *)BIO_get_data(b);
> ^ ~
> ./include/ssl_private.h:233:44: note: expanded from macro 'BIO_get_data'
> #define BIO_get_data(x) (x->ptr)
> ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
> ^
> src/ssl.c:1085:9: error: incomplete definition of type 'struct bio_st'
> if (BIO_get_init(b) && out != NULL) {
> ^ ~
> ./include/ssl_private.h:231:44: note: expanded from macro 'BIO_get_init'
> #define BIO_get_init(x) (x->init)
> ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
> ^
> fatal error: too many errors emitted, stopping now [-ferror-limit=]
> 1 warning and 20 errors generated.
> *** Error code 1
>
> Stop.
> make[1]: stopped in /var/osipovmi/Projekte/tomcat-native/native
> *** Error code 1
>
> Stop.
> make: stopped in /var/osipovmi/Projekte/tomcat-native/native
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org