Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support OpenSSL 1.1.1 #6738

Merged
merged 4 commits into from
Sep 17, 2018
Merged

Support OpenSSL 1.1.1 #6738

merged 4 commits into from
Sep 17, 2018

Conversation

ysbaddaden
Copy link
Contributor

@ysbaddaden ysbaddaden commented Sep 17, 2018
edited
Loading

OpenSSL 1.1.0 introduced a public API to create and populate the BIO and BIO_METHOD structs. We now use it when available. We still keep the manual creation for OpenSSL 1.0.2 (and below) which is still supported.

This fixes an internal ABI breaking change introduced in OpenSSL 1.1.1 that causes a compiled program to segfault. See #6737.

This also implements the new BIO read/write methods that take size_t lengths instead of int. This skips the compatibility methods provided by OpenSSL.

NOTE: the patch also starts to use uppercased external symbols, such as BIO_set_init, to avoid bio_set_init = BIO_set_init aliases. This is limited to the BIO_ and BIO_meth_* used in this patch.

@ysbaddaden
OpenSSL: use public API to create BIO_METHOD when available
559b37b 
OpenSSL 1.1.0 introduced a public API to create and populate
BIO_METHOD. We now use it when available.

This fixes an internal ABI breaking change introduced in
OpenSSL 1.1.1 that causes a compiled program to segfault.
@ysbaddaden
OpenSSL: use public API to init BIO when available
861e411 
OpenSSL 1.1.0 introduced a public API to get/set BIO struct values.
We now use it them when available.

Fixes compatibility issues with OpenSSL 1.1.1
@ysbaddaden
Fix: broken OpenSSL::SSL::Context specs with OpenSSL 1.1.1
e240af3
ysbaddaden
ysbaddaden commented Sep 17, 2018
View reviewed changes
src/openssl/bio.cr
{% if LibCrypto::OPENSSL_110 %}
LibCrypto.BIO_set_shutdown(bio, 1)
LibCrypto.BIO_set_init(bio, 1)
# bio.value.num = -1
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have no idea what BIO#num means and what we should do here. Anybody knows?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems to come originally from 4995fb0#diff-65c7a3575f24669104f83007f62e90c6R109 if the documentation of 1.1.x says nothing about it it's fine as it is I guess.

@ysbaddaden ysbaddaden changed the title OpenSSL: use public API to create BIO_METHOD when available Support OpenSSL 1.1.1 Sep 17, 2018
@ysbaddaden ysbaddaden mentioned this pull request Sep 17, 2018
Closed
@bcardiff
Copy link
Member

This kind of issues makes me want to enforce more infrastructure to test compatibility with different libraries. Otherwise we in lack of sight.

@bcardiff bcardiff added this to the 0.27.0 milestone Sep 17, 2018
@RX14
Copy link
Contributor

RX14 commented Sep 17, 2018

@bcardiff we'd have had to keep track of the openssl release and add it to the test infastructure. It's honestly better to be reactionary about these things to avoid wasting effort. Maybe once there's far more manpower in the project.

@RX14
Copy link
Contributor

RX14 commented Sep 17, 2018

tested locally

@RX14 RX14 merged commit e752415 into crystal-lang:master Sep 17, 2018
@ysbaddaden
Copy link
Contributor Author

What's really needed is a manual review of the OpenSSL integration which dates back to the old OpenSSL 0.9.8. See what public API they provide now, but was kinda internal/private.

For example the changes here were already present in OpenSSL 1.1.0, and would have avoided the reported segfault.

But that requires having an active maintainer...

ezrast pushed a commit to ezrast/crystal that referenced this pull request Oct 2, 2018
@ysbaddaden
Support OpenSSL 1.1.1 (crystal-lang#6738)
f3cc98b 
* OpenSSL: use public API to create BIO_METHOD when available

OpenSSL 1.1.0 introduced a public API to create and populate
BIO_METHOD. We now use it when available.

This fixes an internal ABI breaking change introduced in
OpenSSL 1.1.1 that causes a compiled program to segfault.

* OpenSSL: use public API to init BIO when available

OpenSSL 1.1.0 introduced a public API to get/set BIO struct values.
We now use it them when available.

Fixes compatibility issues with OpenSSL 1.1.1

* Fix: broken OpenSSL::SSL::Context specs with OpenSSL 1.1.1

* Implement BIO read/write methods for OpenSSL 1.1.1
@j8r j8r mentioned this pull request Oct 19, 2018
Closed
@mohd-akram mohd-akram mentioned this pull request Mar 15, 2019
Merged
25 tasks
@ysbaddaden ysbaddaden deleted the std/fix-openssl-111 branch September 13, 2024 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bcardiff bcardiff bcardiff left review comments

@RX14 RX14 RX14 approved these changes

@jhass jhass jhass approved these changes

Assignees
No one assigned
Labels
kind:feature topic:stdlib
Projects
None yet
Milestone
0.27.0
Development

Successfully merging this pull request may close these issues.
4 participants
@ysbaddaden @bcardiff @RX14 @jhass