Reporting an Issue with OpenSSL in MacOS SDK 10.8

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Reporting an Issue with OpenSSL in MacOS SDK 10.8

Dr. Pala
Hi all,

working on porting my libpki implementation (based on OpenSSL) to MacOS
I found out an issue that is not really related to the code itself but
the distributed version in the SDK.

In particular, I found out that several functions' signatures have been
altered in their return codes. This is particularly scary as they
removed the ability to verify the return code by changing the return
type to void. An example of this is: HMAC_Init_ex(), HMAC_Update(),
HMAC_Final().

I don't know if there are others.

I am not sure if this is an issue or if any of the people subscribed
here from Apple could explain why they changed an API that is not theirs
and that causes portability issues of applications that are based on
OpenSSL. But I think this is a big mistake from Apple and if we could
manage to have them to actually include a non-modified version of the
API (or at least change the names of include/lib so that applications
will not have compiling issues and/or binary incompatibilities), that
would be a good outcome.

This, of course, unless I am missing an important reason - so far, my
contacts at Apple were not able to give any real reasons for that odd
changes other than (quote) "it must be that Apple looked at the code and
those functions can not fail.. besides what would you do if that fails
?" (arguably, a very wrong answer also considering it is not an Apple's
internal API).

Best,
Dr. Pala

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Reporting an Issue with OpenSSL in MacOS SDK 10.8

Viktor Dukhovni
On Tue, Jul 22, 2014 at 09:37:13AM -0400, Massimiliano Pala wrote:

> working on porting my libpki implementation (based on OpenSSL) to MacOS I
> found out an issue that is not really related to the code itself but the
> distributed version in the SDK.

Apple ships OpenSSL 0.9.8.

> In particular, I found out that several functions' signatures have been
> altered in their return codes. This is particularly scary as they removed
> the ability to verify the return code by changing the return type to void.
> An example of this is: HMAC_Init_ex(), HMAC_Update(), HMAC_Final().

The OpenSSL 0.9.8 interface did not return errors from these functions:

    commit 87d52468aa600e02326e13f01331e1f3b8602ed0
    Author: Dr. Stephen Henson <[hidden email]>
    Date:   Sun Nov 2 16:00:39 2008 +0000

        Update HMAC functions to return an error where relevant.

$ git branch --contains 87d52468aa600e02326e13f01331e1f3b8602ed0
  OpenSSL_1_0_0-stable
  OpenSSL_1_0_1-stable
  OpenSSL_1_0_2-stable
* master

> I am not sure if this is an issue or if any of the people subscribed here
> from Apple could explain why they changed an API that is not theirs and that
> causes portability issues of applications that are based on OpenSSL.

Apple did not change this interface, they provide an older version.
OpenSSL 0.9.8 and 1.0.0 are neither source nor binary compatible.
Some porting is required between these releases.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Reporting an Issue with OpenSSL in MacOS SDK 10.8

Dr. Pala
That's right - I missed that (my bad!). Thanks.

Cheers,
Max


On 7/22/14, 7:02 PM, Viktor Dukhovni wrote:

> On Tue, Jul 22, 2014 at 09:37:13AM -0400, Massimiliano Pala wrote:
>
>> working on porting my libpki implementation (based on OpenSSL) to MacOS I
>> found out an issue that is not really related to the code itself but the
>> distributed version in the SDK.
> Apple ships OpenSSL 0.9.8.
>
>> In particular, I found out that several functions' signatures have been
>> altered in their return codes. This is particularly scary as they removed
>> the ability to verify the return code by changing the return type to void.
>> An example of this is: HMAC_Init_ex(), HMAC_Update(), HMAC_Final().
> The OpenSSL 0.9.8 interface did not return errors from these functions:
>
>      commit 87d52468aa600e02326e13f01331e1f3b8602ed0
>      Author: Dr. Stephen Henson <[hidden email]>
>      Date:   Sun Nov 2 16:00:39 2008 +0000
>
> Update HMAC functions to return an error where relevant.
>
> $ git branch --contains 87d52468aa600e02326e13f01331e1f3b8602ed0
>    OpenSSL_1_0_0-stable
>    OpenSSL_1_0_1-stable
>    OpenSSL_1_0_2-stable
> * master
>
>> I am not sure if this is an issue or if any of the people subscribed here
>> from Apple could explain why they changed an API that is not theirs and that
>> causes portability issues of applications that are based on OpenSSL.
> Apple did not change this interface, they provide an older version.
> OpenSSL 0.9.8 and 1.0.0 are neither source nor binary compatible.
> Some porting is required between these releases.
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]