Bug 64862 - Improve LibreSSL support
Summary: Improve LibreSSL support
Status: NEW
Alias: None
Product: Tomcat Native
Classification: Unclassified
Component: Library (show other bugs)
Version: 1.2.23
Hardware: All All
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-30 11:03 UTC by Michael Osipov
Modified: 2022-04-13 09:09 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Osipov 2020-10-30 11:03:30 UTC
Some time ago I started analyzing ifdefs and looking up the OpenBSD repo what version of LibreSSL supports that particular feature.
A non-exhaustive list of my findings:
> sslinfo.c:
> #if defined(LIBRESSL_VERSION_NUMBER)
>                     value = tcn_new_string(e, "UNKNOWN");
> #else
>                     nid = X509_get_signature_nid(xs);
>                     if (nid == NID_undef)
>                         value = tcn_new_string(e, "UNKNOWN");
>                     else
>                         value = tcn_new_string(e, OBJ_nid2ln(nid));
> #endif
> $ git tag --contains e1dc6f25d8
> OPENBSD_6_3_BASE
> libressl-v2.7.0
> 
> #if defined(LIBRESSL_VERSION_NUMBER)
>                     value = tcn_new_string(e, "UNKNOWN");
> #else
>                     nid = X509_get_signature_nid(xs);
>                     if (nid == NID_undef)
>                         value = tcn_new_string(e, "UNKNOWN");
>                     else
>                         value = tcn_new_string(e, OBJ_nid2ln(nid));
> #endif
> 
> $ git tag --contains 2191533b47
> OPENBSD_6_3_BASE
> libressl-v2.7.0
> 
> ssl.c:
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> /* OpenSSL Pre-1.1.0 compatibility */
> /* Taken from OpenSSL 1.1.0 snapshot 20160410 */
> int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
> {
>     /* q is optional */
>     if (p == NULL || g == NULL)
>         return 0;
>     BN_free(dh->p);
>     BN_free(dh->q);
>     BN_free(dh->g);
>     dh->p = p;
>     dh->q = q;
>     dh->g = g;
> 
>     if (q != NULL) {
>         dh->length = BN_num_bits(q);
>     }
> 
>     return 1;
> }
> #endif
> 
> $ git tag --contains 830713debd
> OPENBSD_6_3_BASE
> libressl-v2.7.0
> 
> 
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> static BIO_METHOD jbs_methods = {
>     BIO_TYPE_FILE,
>     "Java Callback",
>     jbs_write,
>     jbs_read,
>     jbs_puts,
>     jbs_gets,
>     jbs_ctrl,
>     jbs_new,
>     jbs_free,
>     NULL
> };
> #else
> static BIO_METHOD *jbs_methods = NULL;
> 
> static void init_bio_methods(void)
> {
>     jbs_methods = BIO_meth_new(BIO_TYPE_FILE, "Java Callback");
>     BIO_meth_set_write(jbs_methods, &jbs_write);
>     BIO_meth_set_read(jbs_methods, &jbs_read);
>     BIO_meth_set_puts(jbs_methods, &jbs_puts);
>     BIO_meth_set_gets(jbs_methods, &jbs_gets);
>     BIO_meth_set_ctrl(jbs_methods, &jbs_ctrl);
>     BIO_meth_set_create(jbs_methods, &jbs_new);
>     BIO_meth_set_destroy(jbs_methods, &jbs_free);
> }
> 
> static void free_bio_methods(void)
> {
>     BIO_meth_free(jbs_methods);
> }
> #endif
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
>     return(&jbs_methods);
> #else
>     return jbs_methods;
> #endif
> 
> 
> 6e0e12de58
> b08b825ace
>  
> 
> OPENBSD_6_3_BASE
> libressl-v2.7.0

This is intended to be an umbrella ticket to collect/coordinate all ifdefs to bring it on par with OpenSSL. Maybe others want to pick up the work I have done so far.
Comment 1 Michael Osipov 2022-04-13 09:09:34 UTC
As of
libressl-portable: b52dc3d9b292f4f644d7506a2d62df11f2a6e269
tomcat-native: 1.2.32

tomcat-native does not compile anymore:
> $ make
> /bin/sh /usr/local/share/apr/build-1/libtool --silent --mode=compile cc   -O2 -pipe  -DLIBICONV_PLUG -fstack-protector-strong -fno-strict-aliasing -DHAVE_CONFIG_H    -DLIBICONV_PLUG -g -O2 -DHAVE_OPENSSL -DHAVE_POLLSET_WAKEUP   -I./include -I/usr/local/openjdk8/include -I/usr/local/openjdk8/include/freebsd -I/tmp/libressl/include  -I/usr/local/include/apr-1  -o src/ssl.lo -c src/ssl.c && touch src/ssl.lo
> In file included from src/ssl.c:24:
> ./include/ssl_private.h:221:9: warning: 'OPENSSL_VERSION' macro redefined [-Wmacro-redefined]
> #define OPENSSL_VERSION                  SSLEAY_VERSION
>         ^
> /tmp/libressl/include/openssl/crypto.h:320:9: note: previous definition is here
> #define OPENSSL_VERSION         0
>         ^
> src/ssl.c:221:15: error: incomplete definition of type 'struct dh_st'
>     BN_free(dh->p);
>             ~~^
> /tmp/libressl/include/openssl/ossl_typ.h:132:16: note: forward declaration of 'struct dh_st'
> typedef struct dh_st DH;
>                ^
> src/ssl.c:222:15: error: incomplete definition of type 'struct dh_st'
>     BN_free(dh->q);
>             ~~^
> /tmp/libressl/include/openssl/ossl_typ.h:132:16: note: forward declaration of 'struct dh_st'
> typedef struct dh_st DH;
>                ^
> src/ssl.c:223:15: error: incomplete definition of type 'struct dh_st'
>     BN_free(dh->g);
>             ~~^
> /tmp/libressl/include/openssl/ossl_typ.h:132:16: note: forward declaration of 'struct dh_st'
> typedef struct dh_st DH;
>                ^
> src/ssl.c:224:7: error: incomplete definition of type 'struct dh_st'
>     dh->p = p;
>     ~~^
> /tmp/libressl/include/openssl/ossl_typ.h:132:16: note: forward declaration of 'struct dh_st'
> typedef struct dh_st DH;
>                ^
> src/ssl.c:225:7: error: incomplete definition of type 'struct dh_st'
>     dh->q = q;
>     ~~^
> /tmp/libressl/include/openssl/ossl_typ.h:132:16: note: forward declaration of 'struct dh_st'
> typedef struct dh_st DH;
>                ^
> src/ssl.c:226:7: error: incomplete definition of type 'struct dh_st'
>     dh->g = g;
>     ~~^
> /tmp/libressl/include/openssl/ossl_typ.h:132:16: note: forward declaration of 'struct dh_st'
> typedef struct dh_st DH;
>                ^
> src/ssl.c:229:11: error: incomplete definition of type 'struct dh_st'
>         dh->length = BN_num_bits(q);
>         ~~^
> /tmp/libressl/include/openssl/ossl_typ.h:132:16: note: forward declaration of 'struct dh_st'
> typedef struct dh_st DH;
>                ^
> src/ssl.c:989:21: error: incomplete definition of type 'struct bio_st'
>     j = (BIO_JAVA *)BIO_get_data(bi);
>                     ^            ~~
> ./include/ssl_private.h:233:44: note: expanded from macro 'BIO_get_data'
> #define BIO_get_data(x)                  (x->ptr)
>                                           ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
>                ^
> src/ssl.c:1008:21: error: incomplete definition of type 'struct bio_st'
>     j = (BIO_JAVA *)BIO_get_data(bi);
>                     ^            ~~
> ./include/ssl_private.h:233:44: note: expanded from macro 'BIO_get_data'
> #define BIO_get_data(x)                  (x->ptr)
>                                           ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
>                ^
> src/ssl.c:1023:5: error: incomplete definition of type 'struct bio_st'
>     BIO_set_shutdown(bi, 1);
>     ^                ~~
> ./include/ssl_private.h:235:44: note: expanded from macro 'BIO_set_shutdown'
> #define BIO_set_shutdown(x,v)            (x->shutdown=v)
>                                           ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
>                ^
> src/ssl.c:1024:5: error: incomplete definition of type 'struct bio_st'
>     BIO_set_init(bi, 0);
>     ^            ~~
> ./include/ssl_private.h:232:44: note: expanded from macro 'BIO_set_init'
> #define BIO_set_init(x,v)                (x->init=v)
>                                           ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
>                ^
> src/ssl.c:1032:5: error: incomplete definition of type 'struct bio_st'
>     BIO_set_data(bi, (void *)j);
>     ^            ~~
> ./include/ssl_private.h:234:44: note: expanded from macro 'BIO_set_data'
> #define BIO_set_data(x,v)                (x->ptr=v)
>                                           ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
>                ^
> src/ssl.c:1042:21: error: incomplete definition of type 'struct bio_st'
>     j = (BIO_JAVA *)BIO_get_data(bi);
>                     ^            ~~
> ./include/ssl_private.h:233:44: note: expanded from macro 'BIO_get_data'
> #define BIO_get_data(x)                  (x->ptr)
>                                           ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
>                ^
> src/ssl.c:1044:13: error: incomplete definition of type 'struct bio_st'
>         if (BIO_get_init(bi)) {
>             ^            ~~
> ./include/ssl_private.h:231:44: note: expanded from macro 'BIO_get_init'
> #define BIO_get_init(x)                  (x->init)
>                                           ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
>                ^
> src/ssl.c:1046:13: error: incomplete definition of type 'struct bio_st'
>             BIO_set_init(bi, 0);
>             ^            ~~
> ./include/ssl_private.h:232:44: note: expanded from macro 'BIO_set_init'
> #define BIO_set_init(x,v)                (x->init=v)
>                                           ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
>                ^
> src/ssl.c:1052:5: error: incomplete definition of type 'struct bio_st'
>     BIO_set_data(bi, NULL);
>     ^            ~~
> ./include/ssl_private.h:234:44: note: expanded from macro 'BIO_set_data'
> #define BIO_set_data(x,v)                (x->ptr=v)
>                                           ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
>                ^
> src/ssl.c:1059:9: error: incomplete definition of type 'struct bio_st'
>     if (BIO_get_init(b) && in != NULL) {
>         ^            ~
> ./include/ssl_private.h:231:44: note: expanded from macro 'BIO_get_init'
> #define BIO_get_init(x)                  (x->init)
>                                           ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
>                ^
> src/ssl.c:1060:35: error: incomplete definition of type 'struct bio_st'
>         BIO_JAVA *j = (BIO_JAVA *)BIO_get_data(b);
>                                   ^            ~
> ./include/ssl_private.h:233:44: note: expanded from macro 'BIO_get_data'
> #define BIO_get_data(x)                  (x->ptr)
>                                           ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
>                ^
> src/ssl.c:1085:9: error: incomplete definition of type 'struct bio_st'
>     if (BIO_get_init(b) && out != NULL) {
>         ^            ~
> ./include/ssl_private.h:231:44: note: expanded from macro 'BIO_get_init'
> #define BIO_get_init(x)                  (x->init)
>                                           ~^
> /tmp/libressl/include/openssl/ossl_typ.h:111:16: note: forward declaration of 'struct bio_st'
> typedef struct bio_st BIO;
>                ^
> fatal error: too many errors emitted, stopping now [-ferror-limit=]
> 1 warning and 20 errors generated.
> *** Error code 1
> 
> Stop.
> make[1]: stopped in /var/osipovmi/Projekte/tomcat-native/native
> *** Error code 1
> 
> Stop.
> make: stopped in /var/osipovmi/Projekte/tomcat-native/native