Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Small source fix makes using BoringSSL easier #52

Closed
byllyfish opened this issue Mar 5, 2015 · 3 comments
Closed

Small source fix makes using BoringSSL easier #52

byllyfish opened this issue Mar 5, 2015 · 3 comments

Comments

@byllyfish
Copy link

@byllyfish byllyfish commented Mar 5, 2015

I'm using BoringSSL with ASIO 1.11. BoringSSL is Google's downstream fork of OpenSSL that removes some of the cruft from OpenSSL while remaining source compatible. I've found three issues with ASIO, but I only really need one source fix (which is openssl-fork-agnostic):

diff --git a/asio/include/asio/ssl/detail/impl/openssl_init.ipp b/asio/include/asio/ssl/detail/impl/openssl_init.ipp
index 2c40d40..0229374 100644
--- a/asio/include/asio/ssl/detail/impl/openssl_init.ipp
+++ b/asio/include/asio/ssl/detail/impl/openssl_init.ipp
@@ -63,7 +63,11 @@ public:
     ::CRYPTO_set_id_callback(0);
     ::CRYPTO_set_locking_callback(0);
     ::ERR_free_strings();
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+    ::ERR_remove_thread_state(NULL);
+#else
     ::ERR_remove_state(0);
+#endif // OPENSSL_VERSION_NUMBER >= 0x10000000L
     ::EVP_cleanup();
     ::CRYPTO_cleanup_all_ex_data();
     ::CONF_modules_unload(1);

ERR_remove_state was deprecated in favor of ERR_remove_thread_state in OpenSSL 1.0.0 (although it remained for binary compatibility).

https://www.openssl.org/docs/crypto/ERR_remove_state.html

The other two issues are:

  1. CONF_modules_unload isn't declared or defined in BoringSSL. Config modules aren't supported.
  2. SSL_R_SHORT_READ isn't defined in BoringSSL. Unused error codes have been removed.

These last two issues can be handled in my own code with a header prefix:

#if defined(OPENSSL_IS_BORINGSSL)
extern "C" {
#if !defined(SSL_R_SHORT_READ)
# define SSL_R_SHORT_READ    SSL_R_UNEXPECTED_RECORD
#endif // !defined(SSL_R_SHORT_READ)
inline void CONF_modules_unload(int p) {}
}
#endif // defined(OPENSSL_IS_BORINGSSL)
@thughes
Copy link

@thughes thughes commented Jun 23, 2015

+1

FWIW, it looks like SSL_R_SHORT_READ has been removed in openssl as well: openssl/openssl@45f55f6

thughes added a commit to airtimemedia/boringssl that referenced this issue Jun 23, 2015
@chriskohlhoff
Copy link
Owner

@chriskohlhoff chriskohlhoff commented Dec 3, 2015

Fixed in commits 628e3ca, 5fa8053 and 92bfc62.

Note that a new ssl::error::stream_truncated error code has been added, rather than reusing SSL_R_SHORT_READ.

@RajatKumar007
Copy link

@RajatKumar007 RajatKumar007 commented Dec 28, 2018

I am trying to integrate boringssl with boost asio version 1.10.7. But getting several compilation error as :

boost/asio/ssl/impl/context.ipp:208:16: error: member access into incomplete type 'SSL_CTX' (aka 'ssl_ctx_st')
if (handle_->default_passwd_callback_userdata)
^
boringssl/include\openssl/base.h:333:16: note: forward declaration of 'ssl_ctx_st'
typedef struct ssl_ctx_st SSL_CTX;

boost/asio/ssl/detail/impl/engine.ipp:207:34: error: too many arguments provided to function-like macro invocation
ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ),
^
boringssl/include\openssl/err.h:446:9: note: macro 'ERR_PACK' defined here
#define ERR_PACK(lib, reason)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.