From bbaetz@google.com Fri Dec 15 01:08:28 2017
From: bbaetz@google.com
To: openldap-bugs@openldap.org
Subject: Re: (ITS#8791) OpenSSL 1.1.1 compat issue
Date: Fri, 15 Dec 2017 01:08:26 +0000
Message-ID: <E1ePeUE-00018C-33@gauss.openldap.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8757127703603779630=="

--===============8757127703603779630==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

--94eb2c05eb72af425f056056a2cc
Content-Type: text/plain; charset=3D"UTF-8"

Done in ftp://ftp.openldap.org/incoming/bradley-baetz-20171215.patch


On Fri, 15 Dec 2017 at 04:36 Howard Chu <hyc(a)symas.com> wrote:

> bbaetz(a)google.com wrote:
> > Full_Name: Bradley Baetz
> > Version: 2.4.45
> > OS: linux
> > URL: ftp://ftp.openldap.org/incoming/bradley-baetz-20171214.patch
> > Submission from: (NULL) (2401:fa00:9:11:7ac0:58b5:299c:bebb)
>
> Thanks for the patch. The initialization of the static tlso_bio_method is
> racy. One-time initializations should be done in tlso_init, and the
> allocated
> memory should be freed in tlso_destroy.
>
> >
> > ITS#8533 added support for the OpenSSL's hiding of the bio_method_st
> struct.
> >
> > However, it did this by re-defining the now-private structure, using the
> OpenSSL
> > 1.0 version. That will fail when OpenSSL changes their structure, which
> they
> > have already done for v1.1.1 - see
> >
> https://git.openssl.org/gitweb/?p=3Dopenssl.git;a=3Dblob;f=3Dinclude/intern=
al/bio.h;hb=3De1dd8fa00a1e06d27c8b024dac7657a8d8a9b451#l16
> >
> > It also fails with BoringSSL, which has v1.0's OPENSSL_VERSION_NUMBER
> define,
> > but has not yet hidden the struct definition.
> >
> > The attached file is derived from OpenLDAP Software. All of the
> modifications to
> > OpenLDAP Software represented in the following patch(es) were developed
> by
> > Google, LLC. Google, LLC has not assigned rights and/or interest in this
> work to
> > any party. I, Bradley Baetz am authorized by Google, LLC, my employer, to
> > release this work under the following terms.
> >
> > The attached modifications to OpenLDAP Software are subject to the
> following
> > notice:
> > Copyright 2017 Google, LLC.
> > Redistribution and use in source and binary forms, with or without
> modification,
> > are permitted only as authorized by the OpenLDAP Public License.
> >
> >
>
>
> --
>    -- Howard Chu
>    CTO, Symas Corp.           http://www.symas.com
>    Director, Highland Sun     http://highlandsun.com/hyc/
>    Chief Architect, OpenLDAP  http://www.openldap.org/project/
>

--94eb2c05eb72af425f056056a2cc
Content-Type: text/html; charset=3D"UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D3D"ltr"><span style=3D3D"font-size:small">Done in=3DC2=3DA0</span>=
<a hre=3D
f=3D3D"ftp://ftp.openldap.org/incoming/bradley-baetz-20171215.patch" style=3D=
3D=3D
"font-size:small">ftp://ftp.openldap.org/incoming/bradley-baetz-20171215.pa=3D
tch</a><br><br class=3D3D"inbox-inbox-Apple-interchange-newline"></div><br><d=
=3D
iv class=3D3D"gmail_quote"><div dir=3D3D"ltr">On Fri, 15 Dec 2017 at 04:36 Ho=
wa=3D
rd Chu &lt;<a href=3D3D"mailto:hyc(a)symas.com">hyc(a)symas.com</a>&gt; wrote=
:<br=3D
></div><blockquote class=3D3D"gmail_quote" style=3D3D"margin:0 0 0 .8ex;borde=
r-=3D
left:1px #ccc solid;padding-left:1ex"><a href=3D3D"mailto:bbaetz(a)google.com=
" =3D
target=3D3D"_blank">bbaetz(a)google.com</a> wrote:<br>
&gt; Full_Name: Bradley Baetz<br>
&gt; Version: 2.4.45<br>
&gt; OS: linux<br>
&gt; URL: <a href=3D3D"ftp://ftp.openldap.org/incoming/bradley-baetz-20171214=
=3D
.patch" rel=3D3D"noreferrer" target=3D3D"_blank">ftp://ftp.openldap.org/incom=
in=3D
g/bradley-baetz-20171214.patch</a><br>
&gt; Submission from: (NULL) (2401:fa00:9:11:7ac0:58b5:299c:bebb)<br>
<br>
Thanks for the patch. The initialization of the static tlso_bio_method is<b=3D
r>
racy. One-time initializations should be done in tlso_init, and the allocat=3D
ed<br>
memory should be freed in tlso_destroy.<br>
<br>
&gt;<br>
&gt; ITS#8533 added support for the OpenSSL&#39;s hiding of the bio_method_=3D
st struct.<br>
&gt;<br>
&gt; However, it did this by re-defining the now-private structure, using t=3D
he OpenSSL<br>
&gt; 1.0 version. That will fail when OpenSSL changes their structure, whic=3D
h they<br>
&gt; have already done for v1.1.1 - see<br>
&gt; <a href=3D3D"https://git.openssl.org/gitweb/?p=3D3Dopenssl.git;a=3D3Dblo=
b;f=3D
=3D3Dinclude/internal/bio.h;hb=3D3De1dd8fa00a1e06d27c8b024dac7657a8d8a9b451#l=
16=3D
" rel=3D3D"noreferrer" target=3D3D"_blank">https://git.openssl.org/gitweb/?p=
=3D3D=3D
openssl.git;a=3D3Dblob;f=3D3Dinclude/internal/bio.h;hb=3D3De1dd8fa00a1e06d27c=
8b02=3D
4dac7657a8d8a9b451#l16</a><br>
&gt;<br>
&gt; It also fails with BoringSSL, which has v1.0&#39;s OPENSSL_VERSION_NUM=3D
BER define,<br>
&gt; but has not yet hidden the struct definition.<br>
&gt;<br>
&gt; The attached file is derived from OpenLDAP Software. All of the modifi=3D
cations to<br>
&gt; OpenLDAP Software represented in the following patch(es) were develope=3D
d by<br>
&gt; Google, LLC. Google, LLC has not assigned rights and/or interest in th=3D
is work to<br>
&gt; any party. I, Bradley Baetz am authorized by Google, LLC, my employer,=3D
 to<br>
&gt; release this work under the following terms.<br>
&gt;<br>
&gt; The attached modifications to OpenLDAP Software are subject to the fol=3D
lowing<br>
&gt; notice:<br>
&gt; Copyright 2017 Google, LLC.<br>
&gt; Redistribution and use in source and binary forms, with or without mod=3D
ification,<br>
&gt; are permitted only as authorized by the OpenLDAP Public License.<br>
&gt;<br>
&gt;<br>
<br>
<br>
--<br>
=3DC2=3DA0 =3DC2=3DA0-- Howard Chu<br>
=3DC2=3DA0 =3DC2=3DA0CTO, Symas Corp.=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 =3DC2=
=3DA0 =3DC2=3DA0 =3DC2=3DA0<a hr=3D
ef=3D3D"http://www.symas.com" rel=3D3D"noreferrer" target=3D3D"_blank">http:/=
/www=3D
.symas.com</a><br>
=3DC2=3DA0 =3DC2=3DA0Director, Highland Sun=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0<a=
 href=3D3D"http://hi=3D
ghlandsun.com/hyc/" rel=3D3D"noreferrer" target=3D3D"_blank">http://highlands=
un=3D
.com/hyc/</a><br>
=3DC2=3DA0 =3DC2=3DA0Chief Architect, OpenLDAP=3DC2=3DA0 <a href=3D3D"http://=
www.openldap=3D
.org/project/" rel=3D3D"noreferrer" target=3D3D"_blank">http://www.openldap.o=
rg=3D
/project/</a><br>
</blockquote></div>

--94eb2c05eb72af425f056056a2cc--




--===============8757127703603779630==--