Bug 64862 - Improve LibreSSL support
Summary: Improve LibreSSL support
Status: NEW
Alias: None
Product: Tomcat Native
Classification: Unclassified
Component: Library (show other bugs)
Version: 1.2.23
Hardware: All All
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-30 11:03 UTC by Michael Osipov
Modified: 2020-10-30 11:03 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Osipov 2020-10-30 11:03:30 UTC
Some time ago I started analyzing ifdefs and looking up the OpenBSD repo what version of LibreSSL supports that particular feature.
A non-exhaustive list of my findings:
> sslinfo.c:
> #if defined(LIBRESSL_VERSION_NUMBER)
>                     value = tcn_new_string(e, "UNKNOWN");
> #else
>                     nid = X509_get_signature_nid(xs);
>                     if (nid == NID_undef)
>                         value = tcn_new_string(e, "UNKNOWN");
>                     else
>                         value = tcn_new_string(e, OBJ_nid2ln(nid));
> #endif
> $ git tag --contains e1dc6f25d8
> OPENBSD_6_3_BASE
> libressl-v2.7.0
> 
> #if defined(LIBRESSL_VERSION_NUMBER)
>                     value = tcn_new_string(e, "UNKNOWN");
> #else
>                     nid = X509_get_signature_nid(xs);
>                     if (nid == NID_undef)
>                         value = tcn_new_string(e, "UNKNOWN");
>                     else
>                         value = tcn_new_string(e, OBJ_nid2ln(nid));
> #endif
> 
> $ git tag --contains 2191533b47
> OPENBSD_6_3_BASE
> libressl-v2.7.0
> 
> ssl.c:
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> /* OpenSSL Pre-1.1.0 compatibility */
> /* Taken from OpenSSL 1.1.0 snapshot 20160410 */
> int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
> {
>     /* q is optional */
>     if (p == NULL || g == NULL)
>         return 0;
>     BN_free(dh->p);
>     BN_free(dh->q);
>     BN_free(dh->g);
>     dh->p = p;
>     dh->q = q;
>     dh->g = g;
> 
>     if (q != NULL) {
>         dh->length = BN_num_bits(q);
>     }
> 
>     return 1;
> }
> #endif
> 
> $ git tag --contains 830713debd
> OPENBSD_6_3_BASE
> libressl-v2.7.0
> 
> 
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> static BIO_METHOD jbs_methods = {
>     BIO_TYPE_FILE,
>     "Java Callback",
>     jbs_write,
>     jbs_read,
>     jbs_puts,
>     jbs_gets,
>     jbs_ctrl,
>     jbs_new,
>     jbs_free,
>     NULL
> };
> #else
> static BIO_METHOD *jbs_methods = NULL;
> 
> static void init_bio_methods(void)
> {
>     jbs_methods = BIO_meth_new(BIO_TYPE_FILE, "Java Callback");
>     BIO_meth_set_write(jbs_methods, &jbs_write);
>     BIO_meth_set_read(jbs_methods, &jbs_read);
>     BIO_meth_set_puts(jbs_methods, &jbs_puts);
>     BIO_meth_set_gets(jbs_methods, &jbs_gets);
>     BIO_meth_set_ctrl(jbs_methods, &jbs_ctrl);
>     BIO_meth_set_create(jbs_methods, &jbs_new);
>     BIO_meth_set_destroy(jbs_methods, &jbs_free);
> }
> 
> static void free_bio_methods(void)
> {
>     BIO_meth_free(jbs_methods);
> }
> #endif
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
>     return(&jbs_methods);
> #else
>     return jbs_methods;
> #endif
> 
> 
> 6e0e12de58
> b08b825ace
>  
> 
> OPENBSD_6_3_BASE
> libressl-v2.7.0

This is intended to be an umbrella ticket to collect/coordinate all ifdefs to bring it on par with OpenSSL. Maybe others want to pick up the work I have done so far.