[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: (ITS#8791) OpenSSL 1.1.1 compat issue

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8791) OpenSSL 1.1.1 compat issue
From: bbaetz@google.com
Date: Fri, 15 Dec 2017 01:08:26 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)
--94eb2c05eb72af425f056056a2cc
Content-Type: text/plain; charset="UTF-8"

Done in ftp://ftp.openldap.org/incoming/bradley-baetz-20171215.patch


On Fri, 15 Dec 2017 at 04:36 Howard Chu <hyc@symas.com> wrote:

> bbaetz@google.com wrote:
> > Full_Name: Bradley Baetz
> > Version: 2.4.45
> > OS: linux
> > URL: ftp://ftp.openldap.org/incoming/bradley-baetz-20171214.patch
> > Submission from: (NULL) (2401:fa00:9:11:7ac0:58b5:299c:bebb)
>
> Thanks for the patch. The initialization of the static tlso_bio_method is
> racy. One-time initializations should be done in tlso_init, and the
> allocated
> memory should be freed in tlso_destroy.
>
> >
> > ITS#8533 added support for the OpenSSL's hiding of the bio_method_st
> struct.
> >
> > However, it did this by re-defining the now-private structure, using the
> OpenSSL
> > 1.0 version. That will fail when OpenSSL changes their structure, which
> they
> > have already done for v1.1.1 - see
> >
> https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=include/internal/bio.h;hb=e1dd8fa00a1e06d27c8b024dac7657a8d8a9b451#l16
> >
> > It also fails with BoringSSL, which has v1.0's OPENSSL_VERSION_NUMBER
> define,
> > but has not yet hidden the struct definition.
> >
> > The attached file is derived from OpenLDAP Software. All of the
> modifications to
> > OpenLDAP Software represented in the following patch(es) were developed
> by
> > Google, LLC. Google, LLC has not assigned rights and/or interest in this
> work to
> > any party. I, Bradley Baetz am authorized by Google, LLC, my employer, to
> > release this work under the following terms.
> >
> > The attached modifications to OpenLDAP Software are subject to the
> following
> > notice:
> > Copyright 2017 Google, LLC.
> > Redistribution and use in source and binary forms, with or without
> modification,
> > are permitted only as authorized by the OpenLDAP Public License.
> >
> >
>
>
> --
>    -- Howard Chu
>    CTO, Symas Corp.           http://www.symas.com
>    Director, Highland Sun     http://highlandsun.com/hyc/
>    Chief Architect, OpenLDAP  http://www.openldap.org/project/
>

--94eb2c05eb72af425f056056a2cc
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><span style=3D"font-size:small">Done in=C2=A0</span><a hre=
f=3D"ftp://ftp.openldap.org/incoming/bradley-baetz-20171215.patch"; style=3D=
"font-size:small">ftp://ftp.openldap.org/incoming/bradley-baetz-20171215.pa=
tch</a><br><br class=3D"inbox-inbox-Apple-interchange-newline"></div><br><d=
iv class=3D"gmail_quote"><div dir=3D"ltr">On Fri, 15 Dec 2017 at 04:36 Howa=
rd Chu &lt;<a href=3D"mailto:hyc@symas.com";>hyc@symas.com</a>&gt; wrote:<br=
></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-=
left:1px #ccc solid;padding-left:1ex"><a href=3D"mailto:bbaetz@google.com"; =
target=3D"_blank">bbaetz@google.com</a> wrote:<br>
&gt; Full_Name: Bradley Baetz<br>
&gt; Version: 2.4.45<br>
&gt; OS: linux<br>
&gt; URL: <a href=3D"ftp://ftp.openldap.org/incoming/bradley-baetz-20171214=
.patch" rel=3D"noreferrer" target=3D"_blank">ftp://ftp.openldap.org/incomin=
g/bradley-baetz-20171214.patch</a><br>
&gt; Submission from: (NULL) (2401:fa00:9:11:7ac0:58b5:299c:bebb)<br>
<br>
Thanks for the patch. The initialization of the static tlso_bio_method is<b=
r>
racy. One-time initializations should be done in tlso_init, and the allocat=
ed<br>
memory should be freed in tlso_destroy.<br>
<br>
&gt;<br>
&gt; ITS#8533 added support for the OpenSSL&#39;s hiding of the bio_method_=
st struct.<br>
&gt;<br>
&gt; However, it did this by re-defining the now-private structure, using t=
he OpenSSL<br>
&gt; 1.0 version. That will fail when OpenSSL changes their structure, whic=
h they<br>
&gt; have already done for v1.1.1 - see<br>
&gt; <a href=3D"https://git.openssl.org/gitweb/?p=3Dopenssl.git;a=3Dblob;f=
=3Dinclude/internal/bio.h;hb=3De1dd8fa00a1e06d27c8b024dac7657a8d8a9b451#l16=
" rel=3D"noreferrer" target=3D"_blank">https://git.openssl.org/gitweb/?p=3D=
openssl.git;a=3Dblob;f=3Dinclude/internal/bio.h;hb=3De1dd8fa00a1e06d27c8b02=
4dac7657a8d8a9b451#l16</a><br>
&gt;<br>
&gt; It also fails with BoringSSL, which has v1.0&#39;s OPENSSL_VERSION_NUM=
BER define,<br>
&gt; but has not yet hidden the struct definition.<br>
&gt;<br>
&gt; The attached file is derived from OpenLDAP Software. All of the modifi=
cations to<br>
&gt; OpenLDAP Software represented in the following patch(es) were develope=
d by<br>
&gt; Google, LLC. Google, LLC has not assigned rights and/or interest in th=
is work to<br>
&gt; any party. I, Bradley Baetz am authorized by Google, LLC, my employer,=
 to<br>
&gt; release this work under the following terms.<br>
&gt;<br>
&gt; The attached modifications to OpenLDAP Software are subject to the fol=
lowing<br>
&gt; notice:<br>
&gt; Copyright 2017 Google, LLC.<br>
&gt; Redistribution and use in source and binary forms, with or without mod=
ification,<br>
&gt; are permitted only as authorized by the OpenLDAP Public License.<br>
&gt;<br>
&gt;<br>
<br>
<br>
--<br>
=C2=A0 =C2=A0-- Howard Chu<br>
=C2=A0 =C2=A0CTO, Symas Corp.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a hr=
ef=3D"http://www.symas.com"; rel=3D"noreferrer" target=3D"_blank">http://www=
.symas.com</a><br>
=C2=A0 =C2=A0Director, Highland Sun=C2=A0 =C2=A0 =C2=A0<a href=3D"http://hi=
ghlandsun.com/hyc/" rel=3D"noreferrer" target=3D"_blank">http://highlandsun=
.com/hyc/</a><br>
=C2=A0 =C2=A0Chief Architect, OpenLDAP=C2=A0 <a href=3D"http://www.openldap=
.org/project/" rel=3D"noreferrer" target=3D"_blank">http://www.openldap.org=
/project/</a><br>
</blockquote></div>

--94eb2c05eb72af425f056056a2cc--
Prev by Date: Re: (ITS#8791) OpenSSL 1.1.1 compat issue
Next by Date: Re: (ITS#8759) mixed overlay nops & memberof cause segfault
Index(es):
- Chronological
- Thread