[CDRIVER-1066] Allow compiling against OpenSSL 1.1.X Created: 20/Jan/16  Updated: 11/Oct/16  Resolved: 13/Jul/16

Status: Closed
Project: C Driver
Component/s: tls
Affects Version/s: 1.1.8
Fix Version/s: 1.4.0

Type: Bug Priority: Minor - P4
Reporter: Mitchell Blank Assignee: Hannes Magnusson
Resolution: Done Votes: 0
Labels: intern2016
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by CDRIVER-1690 Build failure with OpenSSL 1.1.0b Closed
Epic Link: TLS Improvements
Backwards Compatibility: Fully Compatible

 Description   

Recently, OpenSSL posted a couple 1.1.0-alpha releases and asked users to see if there were any interoperability problems.

One of the biggest changes coming in 1.1 is that many objects (such as EVP_MD_CTX) now are only visible as opaque pointers. i.e. their exact size and layout are considered private to OpenSSL. Of course, this means that they can't be put on the stack.

With this small patch, I was able to compile 1.1.8 of the C driver against OpenSSL 1.1.0-pre2. I haven't tested it, but it seems sane enough:

--- mongo-c-driver-1.1.8/src/mongoc/mongoc-scram.c.ORIG	2016-01-20 10:42:42.378692732 -0800
+++ mongo-c-driver-1.1.8/src/mongoc/mongoc-scram.c	2016-01-20 10:46:15.365245075 -0800
@@ -308,8 +308,9 @@
                     const size_t         input_len,
                     unsigned char       *output)
 {
-   EVP_MD_CTX digest_ctx;
    bool rval = false;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+   EVP_MD_CTX digest_ctx;
 
    EVP_MD_CTX_init (&digest_ctx);
 
@@ -325,6 +326,22 @@
 
 cleanup:
    EVP_MD_CTX_cleanup (&digest_ctx);
+#else /* OpenSSL >= 1.1.0 */
+   EVP_MD_CTX *digest_ctxp = EVP_MD_CTX_new();
+
+   if (1 != EVP_DigestInit_ex (digest_ctxp, EVP_sha1 (), NULL)) {
+      goto cleanup;
+   }
+
+   if (1 != EVP_DigestUpdate (digest_ctxp, input, input_len)) {
+      goto cleanup;
+   }
+
+   rval = (1 == EVP_DigestFinal_ex (digest_ctxp, output, NULL));
+
+cleanup:
+   EVP_MD_CTX_free(digest_ctxp);
+#endif
 
    return rval;
 }

There are also a couple deprecated warnings that pop up, which you may be interested in:

src/mongoc/mongoc-rand.c:33:5: warning: ‘RAND_pseudo_bytes’ is deprecated
src/mongoc/mongoc-ssl.c:540:7: warning: ‘CRYPTO_set_id_callback’ is deprecated
src/mongoc/mongoc-ssl.c:551:7: warning: ‘CRYPTO_set_id_callback’ is deprecated



 Comments   
Comment by Githook User [ 04/Aug/16 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: CDRIVER-1066 bump OpenSSL 1.1 pre5 to pre6
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/ff3d5eaf2db4270f881157a518d16eee09c4f21f

Comment by Githook User [ 13/Jul/16 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-1066: value computed is not used [-Wunused-value]
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/88a84e529a9e53335d82611832547302214ffc15

Comment by Githook User [ 13/Jul/16 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-1066: Add OpenSSL 1.1 build variant
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/c9752448a91779de7457fd610dfa930fbac02641

Comment by Githook User [ 13/Jul/16 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-1066: Allow compiling against OpenSSL 1.1
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/61ab746adaf7e008ea055b2429fc5c96ce1d49c4

Comment by Githook User [ 13/Jul/16 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-1066: RAND_pseudo_bytes is deprecated in OpenSSL 1.1.0

– And turns out, we never use it anyway
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/ba4b50a32e55282afb849da0d0d2129573e81bb1

Comment by A. Jesse Jiryu Davis [ 26/Jun/16 ]

More urgent now because Debian has begun testing packages with OpenSSL 1.1.0 and libmongoc didn't build:

https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1431772.html

Comment by A. Jesse Jiryu Davis [ 08/Feb/16 ]

Sorry for the delay here, Mitchell. We're in the midst of an overhaul to our SSL code that will support libraries besides OpenSSL on Mac and Windows, scheduled for the 1.4 release: CDRIVER-749. I'd like to keep this ticket open, then merge your patch behind those changes.

Comment by A. Jesse Jiryu Davis [ 20/Jan/16 ]

Thanks so much for the report and patch, we'll take a look.

On Wed, Jan 20, 2016 at 2:04 PM, Mitchell Blank (JIRA) <jira@mongodb.org>

Comment by A. Jesse Jiryu Davis [ 20/Jan/16 ]

Thanks so much for the report and patch, we'll take a look.

On Wed, Jan 20, 2016 at 2:04 PM, Mitchell Blank (JIRA) <jira@mongodb.org>

Generated at Wed Feb 07 21:11:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.