Project

General

Profile

Actions

Bug #3757

closed

ndn-cxx fails to build against OpenSSL 1.1.0

Added by Davide Pesavento over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:

Description

OpenSSL 1.1.0 had several API changes that break ndn-cxx. A (possibly incomplete) list of issues follows.

  • HMAC_CTX was made opaque, and the constructor and destructor were renamed to HMAC_CTX_new() and HMAC_CTX_free() respectively.
../src/security/transform/hmac-filter.cpp:43:12: error: field ‘m_context’ has incomplete type ‘HMAC_CTX {aka hmac_ctx_st}’
   HMAC_CTX m_context;
            ^
../src/security/transform/hmac-filter.cpp: In constructor ‘ndn::security::transform::HmacFilter::Impl::Impl()’:
../src/security/transform/hmac-filter.cpp:34:29: error: ‘HMAC_CTX_init’ was not declared in this scope
     HMAC_CTX_init(&m_context);
                             ^
../src/security/transform/hmac-filter.cpp: In destructor ‘ndn::security::transform::HmacFilter::Impl::~Impl()’:
../src/security/transform/hmac-filter.cpp:39:32: error: ‘HMAC_CTX_cleanup’ was not declared in this scope
     HMAC_CTX_cleanup(&m_context);
                                ^
  • The BIO sub-library has been rewritten, and BIO and BIO_METHOD were made opaque. (in the error below, it seems we're simply missing a const)
../src/security/transform/private-key.cpp: In member function ‘void ndn::security::transform::PrivateKey::loadPkcs1(const uint8_t*, size_t)’:
../src/security/transform/private-key.cpp:71:30: error: no matching function for call to ‘ndn::security::detail::Bio::Bio(const BIO_METHOD*)’
   detail::Bio mem(BIO_s_mem());
                              ^
../src/security/transform/private-key.cpp:71:30: note: candidates are:
In file included from ../src/security/transform/private-key.cpp:29:0:
../src/security/transform/../detail/openssl-helper.hpp:83:3: note: ndn::security::detail::Bio::Bio(BIO_METHOD*) <near match>
   Bio(BIO_METHOD* method);
   ^
../src/security/transform/../detail/openssl-helper.hpp:83:3: note:   no known conversion for argument 1 from ‘const BIO_METHOD* {aka const bio_method_st*}’ to ‘BIO_METHOD* {aka bio_method_st*}’
../src/security/transform/../detail/openssl-helper.hpp:79:7: note: constexpr ndn::security::detail::Bio::Bio(const ndn::security::detail::Bio&)
 class Bio
       ^
../src/security/transform/../detail/openssl-helper.hpp:79:7: note:   no known conversion for argument 1 from ‘const BIO_METHOD* {aka const bio_method_st*}’ to ‘const ndn::security::detail::Bio&’
  • "The functions RAND_add(), RAND_seed(), BIO_set_cipher() and some obscure PEM functions were changed so they can now return an error. The RAND changes required a change to the RAND_METHOD structure."
../tests/unit-tests/util/random.t.cpp: In constructor ‘ndn::tests::Util::TestRandom::FailRandMethodFixture::FailRandMethodFixture()’:
../tests/unit-tests/util/random.t.cpp:149:55: error: invalid conversion from ‘void (*)(const void*, int)’ to ‘int (*)(const void*, int)’ [-fpermissive]
                         &FailRandMethodFixture::status}
                                                       ^
../tests/unit-tests/util/random.t.cpp:149:55: error: invalid conversion from ‘void (*)(const void*, int, double)’ to ‘int (*)(const void*, int, double)’ [-fpermissive]
  • Other errors probably caused by missing includes
../src/security/transform/private-key.cpp: In member function ‘ndn::ConstBufferPtr ndn::security::transform::PrivateKey::decrypt(const uint8_t*, size_t) const’:
../src/security/transform/private-key.cpp:244:36: error: invalid use of incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
   switch (EVP_PKEY_type(m_impl->key->type)) {
                                    ^
In file included from /tmp/portage/dev-libs/openssl-1.1.0/image/usr/include/openssl/rand.h:14:0,
                 from ../src/security/transform/../detail/openssl.hpp:35,
                 from ../src/security/transform/../detail/openssl-helper.hpp:26,
                 from ../src/security/transform/private-key.cpp:29:
/tmp/portage/dev-libs/openssl-1.1.0/image/usr/include/openssl/ossl_typ.h:93:16: error: forward declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
 typedef struct evp_pkey_st EVP_PKEY;
                ^
../src/security/transform/private-key.cpp: In member function ‘ndn::ConstBufferPtr ndn::security::transform::PrivateKey::toPkcs1() const’:
../src/security/transform/private-key.cpp:263:30: error: ‘OpenSSL_add_all_algorithms’ was not declared in this scope
   OpenSSL_add_all_algorithms();
                              ^
Actions #1

Updated by Davide Pesavento over 7 years ago

  • Description updated (diff)
Actions #2

Updated by Alex Afanasyev over 7 years ago

Did you install openssl 1.1 from source or it is packaged already somewhere?

Actions #3

Updated by Davide Pesavento over 7 years ago

Gentoo has it packaged, but it's "masked" (sort of Debian's experimental): https://packages.gentoo.org/packages/dev-libs/openssl

Actions #4

Updated by Davide Pesavento over 7 years ago

Homebrew "recently" added a new, separate formula for OpenSSL 1.1: https://github.com/Homebrew/homebrew-core/commit/663e4792e1f355ef2571a06a9101606027cfedf9

Actions #5

Updated by Alex Afanasyev over 7 years ago

  • Status changed from New to In Progress
  • Assignee set to Alex Afanasyev
  • Target version set to v0.5
  • % Done changed from 0 to 80
Actions #6

Updated by Alex Afanasyev over 7 years ago

  • Status changed from In Progress to Code review
  • % Done changed from 80 to 100

https://gerrit.named-data.net/3204

I checked locally with homebrew versions of openssl 1.0.2 and 1.1.0.

Actions #7

Updated by Davide Pesavento over 7 years ago

  • Status changed from Code review to Closed
Actions

Also available in: Atom PDF