Issue 8666 - Fix build with LibreSSL
Summary: Fix build with LibreSSL
Status: VERIFIED DUPLICATE of issue 7978
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: 2.4.45
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-05 14:49 UTC by pawel@freebsd.org
Modified: 2020-03-15 06:25 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description pawel@freebsd.org 2017-06-05 14:49:52 UTC 
Full_Name: Paweł Pękala
Version: 2.4.45
OS: FreeBSD 12-CURRENT
URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219781
Submission from: (NULL) (62.141.192.76)


Latest version fails to build with LibreSSL. Following patch fixes issue for
me:

--- libraries/libldap/tls_o.c.orig	2017-06-04 16:31:28 UTC
+++ libraries/libldap/tls_o.c
@@ -47,7 +47,7 @@
 #include <ssl.h>
 #endif
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
 #define ASN1_STRING_data(x)	ASN1_STRING_get0_data(x)
 #endif
 
@@ -157,7 +157,7 @@ tlso_init( void )
 	(void) tlso_seed_PRNG( lo->ldo_tls_randfile );
 #endif
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
 	SSL_load_error_strings();
 	SSL_library_init();
 	OpenSSL_add_all_digests();
@@ -205,7 +205,7 @@ static void
 tlso_ctx_ref( tls_ctx *ctx )
 {
 	tlso_ctx *c = (tlso_ctx *)ctx;
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
 #define	SSL_CTX_up_ref(ctx)	CRYPTO_add( &(ctx->references), 1,
CRYPTO_LOCK_SSL_CTX )
 #endif
 	SSL_CTX_up_ref( c );
@@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval *
 	if (!x) return LDAP_INVALID_CREDENTIALS;
 	
 	xn = X509_get_subject_name(x);
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
 	der_dn->bv_len = i2d_X509_NAME( xn, NULL );
 	der_dn->bv_val = xn->bytes->data;
 #else
@@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval
 		return LDAP_INVALID_CREDENTIALS;
 
 	xn = X509_get_subject_name(x);
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
 	der_dn->bv_len = i2d_X509_NAME( xn, NULL );
 	der_dn->bv_val = xn->bytes->data;
 #else
@@ -721,7 +721,7 @@ struct tls_data {
 	Sockbuf_IO_Desc		*sbiod;
 };
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
 #define BIO_set_init(b, x)	b->init = x
 #define BIO_set_data(b, x)	b->ptr = x
 #define BIO_clear_flags(b, x)	b->flags &= ~(x)
@@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str )
 	return tlso_bio_write( b, str, strlen( str ) );
 }
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
 struct bio_method_st {
     int type;
     const char *name;
Comment 1 Howard Chu 2017-06-05 16:03:10 UTC 
pawel@FreeBSD.org wrote:
> Full_Name: Pawe&amp;#322; P&amp;#281;kala
> Version: 2.4.45
> OS: FreeBSD 12-CURRENT
> URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219781
> Submission from: (NULL) (62.141.192.76)
>

No. LibreSSL should not be hijacking OPENSSL_VERSION_NUMBER macros, especially 
if it doesn't actually implement the features of those versions.

> Latest version fails to build with LibreSSL. Following patch fixes issue for
> me:
>
> --- libraries/libldap/tls_o.c.orig	2017-06-04 16:31:28 UTC
> +++ libraries/libldap/tls_o.c
> @@ -47,7 +47,7 @@
>  #include <ssl.h>
>  #endif
>
> -#if OPENSSL_VERSION_NUMBER >= 0x10100000
> +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
>  #define ASN1_STRING_data(x)	ASN1_STRING_get0_data(x)
>  #endif
>
> @@ -157,7 +157,7 @@ tlso_init( void )
>  	(void) tlso_seed_PRNG( lo->ldo_tls_randfile );
>  #endif
>
> -#if OPENSSL_VERSION_NUMBER < 0x10100000
> +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
>  	SSL_load_error_strings();
>  	SSL_library_init();
>  	OpenSSL_add_all_digests();
> @@ -205,7 +205,7 @@ static void
>  tlso_ctx_ref( tls_ctx *ctx )
>  {
>  	tlso_ctx *c = (tlso_ctx *)ctx;
> -#if OPENSSL_VERSION_NUMBER < 0x10100000
> +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
>  #define	SSL_CTX_up_ref(ctx)	CRYPTO_add( &(ctx->references), 1,
> CRYPTO_LOCK_SSL_CTX )
>  #endif
>  	SSL_CTX_up_ref( c );
> @@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval *
>  	if (!x) return LDAP_INVALID_CREDENTIALS;
>  	
>  	xn = X509_get_subject_name(x);
> -#if OPENSSL_VERSION_NUMBER < 0x10100000
> +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
>  	der_dn->bv_len = i2d_X509_NAME( xn, NULL );
>  	der_dn->bv_val = xn->bytes->data;
>  #else
> @@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval
>  		return LDAP_INVALID_CREDENTIALS;
>
>  	xn = X509_get_subject_name(x);
> -#if OPENSSL_VERSION_NUMBER < 0x10100000
> +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
>  	der_dn->bv_len = i2d_X509_NAME( xn, NULL );
>  	der_dn->bv_val = xn->bytes->data;
>  #else
> @@ -721,7 +721,7 @@ struct tls_data {
>  	Sockbuf_IO_Desc		*sbiod;
>  };
>
> -#if OPENSSL_VERSION_NUMBER < 0x10100000
> +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
>  #define BIO_set_init(b, x)	b->init = x
>  #define BIO_set_data(b, x)	b->ptr = x
>  #define BIO_clear_flags(b, x)	b->flags &= ~(x)
> @@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str )
>  	return tlso_bio_write( b, str, strlen( str ) );
>  }
>
> -#if OPENSSL_VERSION_NUMBER >= 0x10100000
> +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
>  struct bio_method_st {
>      int type;
>      const char *name;
>
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/
Comment 2 pawel@freebsd.org 2017-06-05 16:48:14 UTC 
Hi Howard,

On 2017-06-05 17:03 +0100, Howard Chu <hyc@symas.com> wrote:
>pawel@FreeBSD.org wrote:
>> Full_Name: Pawe&amp;#322; P&amp;#281;kala
>> Version: 2.4.45
>> OS: FreeBSD 12-CURRENT
>> URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219781
>> Submission from: (NULL) (62.141.192.76)
>>  
>
>No. LibreSSL should not be hijacking OPENSSL_VERSION_NUMBER macros,
>especially if it doesn't actually implement the features of those
>versions.
>

First off let me clarify first that I'm not representing LibreSSL
project, this is my opinion as a outsider. From my point of view they
are keeping OPENSSL_VERSION_NUMBER for backwards compatibility not
forwards, from their openssl/opensslv.h:

* These will change with each release of LibreSSL-portable */
#define LIBRESSL_VERSION_NUMBER 0x2050400fL
#define LIBRESSL_VERSION_TEXT   "LibreSSL 2.5.4"

/* These will never change */
#define OPENSSL_VERSION_NUMBER  0x20000000L

>> Latest version fails to build with LibreSSL. Following patch fixes
>> issue for me:
>>
>> --- libraries/libldap/tls_o.c.orig	2017-06-04 16:31:28 UTC
>> +++ libraries/libldap/tls_o.c
>> @@ -47,7 +47,7 @@
>>  #include <ssl.h>
>>  #endif
>>
>> -#if OPENSSL_VERSION_NUMBER >= 0x10100000
>> +#if OPENSSL_VERSION_NUMBER >= 0x10100000
>> && !defined(LIBRESSL_VERSION_NUMBER) #define
>> ASN1_STRING_data(x)	ASN1_STRING_get0_data(x) #endif
>>
>> @@ -157,7 +157,7 @@ tlso_init( void )
>>  	(void) tlso_seed_PRNG( lo->ldo_tls_randfile );
>>  #endif
>>
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
>> defined(LIBRESSL_VERSION_NUMBER) SSL_load_error_strings();
>>  	SSL_library_init();
>>  	OpenSSL_add_all_digests();
>> @@ -205,7 +205,7 @@ static void
>>  tlso_ctx_ref( tls_ctx *ctx )
>>  {
>>  	tlso_ctx *c = (tlso_ctx *)ctx;
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
>> defined(LIBRESSL_VERSION_NUMBER) #define
>> SSL_CTX_up_ref(ctx)	CRYPTO_add( &(ctx->references), 1,
>> CRYPTO_LOCK_SSL_CTX ) #endif
>>  	SSL_CTX_up_ref( c );
>> @@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct
>> berval * if (!x) return LDAP_INVALID_CREDENTIALS;
>>  	
>>  	xn = X509_get_subject_name(x);
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
>> defined(LIBRESSL_VERSION_NUMBER) der_dn->bv_len = i2d_X509_NAME( xn,
>> NULL ); der_dn->bv_val = xn->bytes->data;
>>  #else
>> @@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct
>> berval return LDAP_INVALID_CREDENTIALS;
>>
>>  	xn = X509_get_subject_name(x);
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
>> defined(LIBRESSL_VERSION_NUMBER) der_dn->bv_len = i2d_X509_NAME( xn,
>> NULL ); der_dn->bv_val = xn->bytes->data;
>>  #else
>> @@ -721,7 +721,7 @@ struct tls_data {
>>  	Sockbuf_IO_Desc		*sbiod;
>>  };
>>
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
>> defined(LIBRESSL_VERSION_NUMBER) #define BIO_set_init(b, x)
>> b->init = x #define BIO_set_data(b, x)	b->ptr = x
>>  #define BIO_clear_flags(b, x)	b->flags &= ~(x)
>> @@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str )
>>  	return tlso_bio_write( b, str, strlen( str ) );
>>  }
>>
>> -#if OPENSSL_VERSION_NUMBER >= 0x10100000
>> +#if OPENSSL_VERSION_NUMBER >= 0x10100000
>> && !defined(LIBRESSL_VERSION_NUMBER) struct bio_method_st {
>>      int type;
>>      const char *name;
>>
>>
>>  
>
>

-- 
pozdrawiam / with regards
Paweł Pękala
Comment 3 OpenLDAP project 2017-08-30 23:16:17 UTC 
See also ITS#7978, ITS#8445
Comment 4 Quanah Gibson-Mount 2017-08-30 23:16:17 UTC 
changed notes
moved from Incoming to Software Enhancements
Comment 5 Quanah Gibson-Mount 2020-03-15 06:25:34 UTC 

*** This issue has been marked as a duplicate of issue 7978 ***