OpenSSL 1.1 compatibility

Basics

Technical

Logistics

Basics

Technical

Logistics

Description

Starting to get questions about getting things to build on OpenSSL 1.1. There are going to be changes needed to xmltooling and Santuario, but I'm more concerned that if the structures become opaque, we may be dead in the water in certain areas.

Once we know the scope of the changes we can assess whether the functionality we lose is used by the SP or not. I'm not optimistic.

Support for 1.0.2 is through 2019, though obviously specific disttributions may jump the gun and create problems.

Environment

None

Attachments

03 Jan 2017, 03:46 PM
03 Jan 2017, 03:45 PM

Linked work items

duplicates

CPPXT-141

Fails to build with g++ 8.2

Activity

Scott Cantor March 26, 2018 at 3:43 PM

I think we're done on this, just a matter of getting all of it shipped with 3.0

Rod Widdowson September 5, 2017 at 3:32 PM

I think that this is done, but I'll leave it open in case there is non windows install stuff I know not the what of.

Scott Cantor January 3, 2017 at 4:41 PM

Pushed over as r1777158

Rod Widdowson January 3, 2017 at 3:46 PM

In doing some end to end testing with Shib I discovered an issue with code which looks like this

// We have everything, so we can fully init.
            EVP_CipherInit(mp_ctx, EVP_aes_256_gcm(), NULL, NULL, 0);
            EVP_CIPHER_CTX_ctrl(mp_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
            EVP_CIPHER_CTX_ctrl(mp_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
            EVP_CipherInit(mp_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);

because in OpenSSL EVP_CipherInit does a EVP_CIPHER_CTX_reset(ctx); and then calls EVP_CipherInit_ex So we end up with a destroyed mp_ctx.

Thanks guys.

I have pushed (to the DEC10 stream of the usual place) a fix (to call the _ex variant directly). Also attached is a patch and the changed file.

Rod Widdowson December 17, 2016 at 11:17 AM

> this would be a 1.8 library bump for xmlsec?

Yup. If it wasn't for the fact that its because of a libs minor version bump one could make a case for it being a 1.7.whatever.

> No pure virtual methods added to existing classes, and no classes or methods removed?
none.

One new class and two private methods for existing classes.

Resize issue view side panel

Fixed

Assignee

Scott Cantor

Reporter

Scott Cantor

Components

Security

SOAP

Fix versions

3.0.0

Created June 28, 2016 at 5:25 PM

Updated November 8, 2018 at 5:10 PM

Resolved March 26, 2018 at 3:43 PM