Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Small source fix makes using BoringSSL easier #52

Closed
byllyfish opened this issue Mar 5, 2015 · 3 comments
Closed

Small source fix makes using BoringSSL easier #52

byllyfish opened this issue Mar 5, 2015 · 3 comments

Comments

@byllyfish
Copy link

I'm using BoringSSL with ASIO 1.11. BoringSSL is Google's downstream fork of OpenSSL that removes some of the cruft from OpenSSL while remaining source compatible. I've found three issues with ASIO, but I only really need one source fix (which is openssl-fork-agnostic):

diff --git a/asio/include/asio/ssl/detail/impl/openssl_init.ipp b/asio/include/asio/ssl/detail/impl/openssl_init.ipp
index 2c40d40..0229374 100644
--- a/asio/include/asio/ssl/detail/impl/openssl_init.ipp
+++ b/asio/include/asio/ssl/detail/impl/openssl_init.ipp
@@ -63,7 +63,11 @@ public:
     ::CRYPTO_set_id_callback(0);
     ::CRYPTO_set_locking_callback(0);
     ::ERR_free_strings();
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+    ::ERR_remove_thread_state(NULL);
+#else
     ::ERR_remove_state(0);
+#endif // OPENSSL_VERSION_NUMBER >= 0x10000000L
     ::EVP_cleanup();
     ::CRYPTO_cleanup_all_ex_data();
     ::CONF_modules_unload(1);

ERR_remove_state was deprecated in favor of ERR_remove_thread_state in OpenSSL 1.0.0 (although it remained for binary compatibility).

https://www.openssl.org/docs/crypto/ERR_remove_state.html

The other two issues are:

  1. CONF_modules_unload isn't declared or defined in BoringSSL. Config modules aren't supported.
  2. SSL_R_SHORT_READ isn't defined in BoringSSL. Unused error codes have been removed.

These last two issues can be handled in my own code with a header prefix:

#if defined(OPENSSL_IS_BORINGSSL)
extern "C" {
#if !defined(SSL_R_SHORT_READ)
# define SSL_R_SHORT_READ    SSL_R_UNEXPECTED_RECORD
#endif // !defined(SSL_R_SHORT_READ)
inline void CONF_modules_unload(int p) {}
}
#endif // defined(OPENSSL_IS_BORINGSSL)
@thughes
Copy link

thughes commented Jun 23, 2015

+1

FWIW, it looks like SSL_R_SHORT_READ has been removed in openssl as well: openssl/openssl@45f55f6

thughes added a commit to airtimemedia/boringssl that referenced this issue Jun 23, 2015
@thughes
Define for SSL_R_SHORT_READ for boost asio.
1262444 
See chriskohlhoff/asio#52
@BenPope BenPope mentioned this issue Sep 29, 2015
Closed
@chriskohlhoff
Copy link
Owner

Fixed in commits 628e3ca, 5fa8053 and 92bfc62.

Note that a new ssl::error::stream_truncated error code has been added, rather than reusing SSL_R_SHORT_READ.

@rchatsiri rchatsiri mentioned this issue Nov 26, 2016
Closed
@RajatKumar007
Copy link

I am trying to integrate boringssl with boost asio version 1.10.7. But getting several compilation error as :

boost/asio/ssl/impl/context.ipp:208:16: error: member access into incomplete type 'SSL_CTX' (aka 'ssl_ctx_st')
if (handle_->default_passwd_callback_userdata)
^
boringssl/include\openssl/base.h:333:16: note: forward declaration of 'ssl_ctx_st'
typedef struct ssl_ctx_st SSL_CTX;

boost/asio/ssl/detail/impl/engine.ipp:207:34: error: too many arguments provided to function-like macro invocation
ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ),
^
boringssl/include\openssl/err.h:446:9: note: macro 'ERR_PACK' defined here
#define ERR_PACK(lib, reason)

@mabrarov mabrarov mentioned this issue Mar 13, 2019
Closed
@vinniefalco vinniefalco mentioned this issue Sep 16, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@byllyfish @thughes @chriskohlhoff @RajatKumar007