FreeBSD Port: strongswan-5.9.2_1
Franco Fichtner
franco at lastsummer.de
Sun Apr 25 18:57:17 UTC 2021
Hi,
Strongswan authors have no interest in supporting LibreSSL and patching it in the code #ifdef maze is really difficult since it checks OpenSSL version numbers which for LibreSSL looks like the most modern OpenSSL Release.
Cheers,
Franco
> On 25. Apr 2021, at 20:41, Gena Gulchin <gena.gulchin at gmail.com> wrote:
>
> Good morning!
>
> I’m having problems building strongSwan 5.9.2 IPSec on FreeBSD 13 and LibreSSL 3.2.5
>
> Contents of my /etc/make.conf:
> OPENSSL_PORT= security/libressl
> DEFAULT_VERSIONS+=ssl=libressl
>
>
> I have searched the internet for solution and tried applying various patches but to no avail.
>
> Much appreciate your help on this matter!
>
> Below is the build log
>
>
> (apologies for the long paste):
>
> ————————————————————————————————8<------------------------------------------------------------------------
> --- openssl_rng.lo ---
> openssl_rng.c:61:20: warning: passing 'char *' to parameter of type 'unsigned char *' converts between pointers to integer types with different sign [-Wpointer-sign]
> return RAND_bytes((char*)buffer, bytes) == 1;
> ^~~~~~~~~~~~~
> /usr/local/include/openssl/rand.h:93:32: note: passing argument to parameter 'buf' here
> int RAND_bytes(unsigned char *buf, int num);
> ^
> 1 warning generated.
> --- openssl_ed_private_key.lo ---
> openssl_ed_private_key.c:89:6: warning: implicit declaration of function 'EVP_DigestSign' is invalid in C99 [-Wimplicit-function-declaration]
> if (EVP_DigestSign(ctx, NULL, &signature->len, data.ptr, data.len) <= 0)
> ^
> openssl_ed_private_key.c:135:7: warning: implicit declaration of function 'EVP_PKEY_get_raw_public_key' is invalid in C99 [-Wimplicit-function-declaration]
> if (!EVP_PKEY_get_raw_public_key(this->key, NULL, &key.len))
> ^
> --- openssl_xof.lo ---
> openssl_xof.c:82:7: warning: implicit declaration of function 'EVP_DigestFinalXOF' is invalid in C99 [-Wimplicit-function-declaration]
> if (EVP_DigestFinalXOF(this->ctx, data.ptr, data.len) == 1)
> ^
> --- openssl_rsa_private_key.lo ---
> openssl_rsa_private_key.c:318:52: warning: passing 'char *' to parameter of type 'unsigned char *' converts between pointers to integer types with different sign [-Wpointer-sign]
> len = RSA_private_decrypt(crypto.len, crypto.ptr, decrypted,
> ^~~~~~~~~
> /usr/local/include/openssl/rsa.h:339:20: note: passing argument to parameter 'to' here
> unsigned char *to, RSA *rsa, int padding);
> ^
> openssl_rsa_private_key.c:326:24: warning: passing 'char *' to parameter of type 'u_char *' (aka 'unsigned char *') converts between pointers to integer types with different sign [-Wpointer-sign]
> *plain = chunk_create(decrypted, len);
> ^~~~~~~~~
> ../../../../src/libstrongswan/utils/chunk.h:57:44: note: passing argument to parameter 'ptr' here
> static inline chunk_t chunk_create(u_char *ptr, size_t len)
> ^
> --- openssl_xof.lo ---
> openssl_xof.c:140:9: warning: implicit declaration of function 'EVP_shake128' is invalid in C99 [-Wimplicit-function-declaration]
> md = EVP_shake128();
> ^
> openssl_xof.c:140:7: warning: incompatible integer to pointer conversion assigning to 'const EVP_MD *' (aka 'const struct env_md_st *') from 'int' [-Wint-conversion]
> md = EVP_shake128();
> ^ ~~~~~~~~~~~~~~
> openssl_xof.c:143:9: warning: implicit declaration of function 'EVP_shake256' is invalid in C99 [-Wimplicit-function-declaration]
> md = EVP_shake256();
> ^
> openssl_xof.c:143:7: warning: incompatible integer to pointer conversion assigning to 'const EVP_MD *' (aka 'const struct env_md_st *') from 'int' [-Wint-conversion]
> --- openssl_ec_diffie_hellman.lo ---
> openssl_ec_diffie_hellman.c:216:3: warning: implicit declaration of function 'EVP_PKEY_set1_tls_encodedpoint' is invalid in C99 [-Wimplicit-function-declaration]
> --- openssl_xof.lo ---
> md = EVP_shake256();
> ^ ~~~~~~~~~~~~~~
> --- openssl_ec_diffie_hellman.lo ---
> EVP_PKEY_set1_tls_encodedpoint(pub, value.ptr, value.len) <= 0)
> ^
> openssl_ec_diffie_hellman.c:245:12: warning: implicit declaration of function 'EVP_PKEY_get1_tls_encodedpoint' is invalid in C99 [-Wimplicit-function-declaration]
> pub.len = EVP_PKEY_get1_tls_encodedpoint(this->key, &pub.ptr);
> ^
> --- openssl_aead.lo ---
> openssl_aead.c:289:21: warning: implicit declaration of function 'EVP_chacha20_poly1305' is invalid in C99 [-Wimplicit-function-declaration]
> this->cipher = EVP_chacha20_poly1305();
> ^
> openssl_aead.c:289:19: warning: incompatible integer to pointer conversion assigning to 'const EVP_CIPHER *' (aka 'const struct evp_cipher_st *') from 'int' [-Wint-conversion]
> this->cipher = EVP_chacha20_poly1305();
> ^ ~~~~~~~~~~~~~~~~~~~~~~~
> --- openssl_rsa_private_key.lo ---
> openssl_rsa_private_key.c:625:7: warning: implicit declaration of function 'BN_secure_new' is invalid in C99 [-Wimplicit-function-declaration]
> *p = BN_secure_new();
> ^
> openssl_rsa_private_key.c:625:5: warning: incompatible integer to pointer conversion assigning to 'BIGNUM *' (aka 'struct bignum_st *') from 'int' [-Wint-conversion]
> *p = BN_secure_new();
> ^ ~~~~~~~~~~~~~~~
> openssl_rsa_private_key.c:632:5: warning: incompatible integer to pointer conversion assigning to 'BIGNUM *' (aka 'struct bignum_st *') from 'int' [-Wint-conversion]
> *q = BN_secure_new();
> ^ ~~~~~~~~~~~~~~~
> openssl_rsa_private_key.c:669:8: warning: implicit declaration of function 'BN_secure_new' is invalid in C99 [-Wimplicit-function-declaration]
> res = BN_secure_new();
> ^
> openssl_rsa_private_key.c:669:6: warning: incompatible integer to pointer conversion assigning to 'BIGNUM *' (aka 'struct bignum_st *') from 'int' [-Wint-conversion]
> res = BN_secure_new();
> ^ ~~~~~~~~~~~~~~~
> --- openssl_ed_private_key.lo ---
> openssl_ed_private_key.c:251:8: error: use of undeclared identifier 'EVP_PKEY_X25519'
> case EVP_PKEY_X25519:
> ^
> --- openssl_rsa_private_key.lo ---
> openssl_rsa_private_key.c:698:8: warning: implicit declaration of function 'BN_secure_new' is invalid in C99 [-Wimplicit-function-declaration]
> res = BN_secure_new();
> ^
> openssl_rsa_private_key.c:698:6: warning: incompatible integer to pointer conversion assigning to 'BIGNUM *' (aka 'struct bignum_st *') from 'int' [-Wint-conversion]
> res = BN_secure_new();
> ^ ~~~~~~~~~~~~~~~
> --- openssl_x_diffie_hellman.lo ---
> openssl_x_diffie_hellman.c:67:11: error: use of undeclared identifier 'EVP_PKEY_X25519'
> return EVP_PKEY_X25519;
> ^
> --- openssl_ed_private_key.lo ---
> openssl_ed_private_key.c:254:8: error: use of undeclared identifier 'EVP_PKEY_X448'
> case EVP_PKEY_X448:
> ^
> openssl_ed_private_key.c:339:10: warning: implicit declaration of function 'EVP_PKEY_new_raw_private_key' is invalid in C99 [-Wimplicit-function-declaration]
> key = EVP_PKEY_new_raw_private_key(openssl_ed_key_type(type), NULL,
> ^
> openssl_ed_private_key.c:339:8: warning: incompatible integer to pointer conversion assigning to 'EVP_PKEY *' (aka 'struct evp_pkey_st *') from 'int' [-Wint-conversion]
> key = EVP_PKEY_new_raw_private_key(openssl_ed_key_type(type), NULL,
> ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 4 warnings and 2 errors generated.
> --- openssl_x_diffie_hellman.lo ---
> openssl_x_diffie_hellman.c:69:11: error: use of undeclared identifier 'EVP_PKEY_X448'
> return EVP_PKEY_X448;
> ^
> openssl_x_diffie_hellman.c:85:9: warning: implicit declaration of function 'EVP_PKEY_new_raw_public_key' is invalid in C99 [-Wimplicit-function-declaration]
> pub = EVP_PKEY_new_raw_public_key(map_key_type(this->group), NULL,
> ^
> openssl_x_diffie_hellman.c:85:6: warning: incompatible integer to pointer conversion assigning to 'EVP_PKEY *' (aka 'struct evp_pkey_st *') from 'int' [-Wint-conversion]
> pub = EVP_PKEY_new_raw_public_key(map_key_type(this->group), NULL,
> ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> openssl_x_diffie_hellman.c:113:7: warning: implicit declaration of function 'EVP_PKEY_get_raw_public_key' is invalid in C99 [-Wimplicit-function-declaration]
> if (!EVP_PKEY_get_raw_public_key(this->key, NULL, &len))
> ^
> openssl_x_diffie_hellman.c:132:14: warning: implicit declaration of function 'EVP_PKEY_new_raw_private_key' is invalid in C99 [-Wimplicit-function-declaration]
> this->key = EVP_PKEY_new_raw_private_key(map_key_type(this->group), NULL,
> ^
> --- openssl_ed_private_key.lo ---
> *** [openssl_ed_private_key.lo] Error code 1
>
> make[7]: stopped in /usr/ports/security/strongswan/work/strongswan-5.9.2/src/libstrongswan/plugins/openssl
> --- openssl_x_diffie_hellman.lo ---
> openssl_x_diffie_hellman.c:132:12: warning: incompatible integer to pointer conversion assigning to 'EVP_PKEY *' (aka 'struct evp_pkey_st *') from 'int' [-Wint-conversion]
> this->key = EVP_PKEY_new_raw_private_key(map_key_type(this->group), NULL,
> ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 5 warnings and 2 errors generated.
> *** [openssl_x_diffie_hellman.lo] Error code 1
>
> make[7]: stopped in /usr/ports/security/strongswan/work/strongswan-5.9.2/src/libstrongswan/plugins/openssl
> --- openssl_rsa_public_key.lo ---
> openssl_rsa_public_key.c:139:57: warning: passing 'char *' to parameter of type 'unsigned char *' converts between pointers to integer types with different sign [-Wpointer-sign]
> len = RSA_public_decrypt(signature.len, signature.ptr, buf, this->rsa,
> ^~~
> /usr/local/include/openssl/rsa.h:337:20: note: passing argument to parameter 'to' here
> unsigned char *to, RSA *rsa, int padding);
> ^
> openssl_rsa_public_key.c:143:49: warning: passing 'char *' to parameter of type 'u_char *' (aka 'unsigned char *') converts between pointers to integer types with different sign [-Wpointer-sign]
> valid = chunk_equals_const(data, chunk_create(buf, len));
> ^~~
> ../../../../src/libstrongswan/utils/chunk.h:57:44: note: passing argument to parameter 'ptr' here
> static inline chunk_t chunk_create(u_char *ptr, size_t len)
> ^
> openssl_rsa_public_key.c:319:49: warning: passing 'char *' to parameter of type 'unsigned char *' converts between pointers to integer types with different sign [-Wpointer-sign]
> len = RSA_public_encrypt(plain.len, plain.ptr, encrypted,
> ^~~~~~~~~
> /usr/local/include/openssl/rsa.h:333:20: note: passing argument to parameter 'to' here
> unsigned char *to, RSA *rsa, int padding);
> ^
> openssl_rsa_public_key.c:327:25: warning: passing 'char *' to parameter of type 'u_char *' (aka 'unsigned char *') converts between pointers to integer types with different sign [-Wpointer-sign]
> *crypto = chunk_create(encrypted, len);
> ^~~~~~~~~
> ../../../../src/libstrongswan/utils/chunk.h:57:44: note: passing argument to parameter 'ptr' here
> static inline chunk_t chunk_create(u_char *ptr, size_t len)
> ^
> --- openssl_xof.lo ---
> 5 warnings generated.
> --- openssl_crl.lo ---
> openssl_crl.c:332:8: warning: implicit declaration of function 'i2d_re_X509_CRL_tbs' is invalid in C99 [-Wimplicit-function-declaration]
> tbs = openssl_i2chunk(re_X509_CRL_tbs, this->crl);
> ^
> ./openssl_util.h:105:16: note: expanded from macro 'openssl_i2chunk'
> int len = i2d_##type(obj, NULL); \
> ^
> <scratch space>:68:1: note: expanded from here
> i2d_re_X509_CRL_tbs
> ^
> --- openssl_util.lo ---
> openssl_util.c:203:32: warning: implicit declaration of function 'OBJ_get0_data' is invalid in C99 [-Wimplicit-function-declaration]
> return chunk_create((u_char*)OBJ_get0_data(asn1), OBJ_length(asn1));
> ^
> openssl_util.c:203:23: warning: cast to 'u_char *' (aka 'unsigned char *') from smaller integer type 'int' [-Wint-to-pointer-cast]
> return chunk_create((u_char*)OBJ_get0_data(asn1), OBJ_length(asn1));
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
> openssl_util.c:203:53: warning: implicit declaration of function 'OBJ_length' is invalid in C99 [-Wimplicit-function-declaration]
> return chunk_create((u_char*)OBJ_get0_data(asn1), OBJ_length(asn1));
> ^
> --- openssl_ec_private_key.lo ---
> openssl_ec_private_key.c:138:53: warning: passing 'int *' to parameter of type 'unsigned int *' converts between pointers to integer types with different sign [-Wpointer-sign]
> built = ECDSA_sign(0, hash.ptr, hash.len, sig.ptr, &siglen, this->ec) == 1;
> ^~~~~~~
> /usr/local/include/openssl/ecdsa.h:231:39: note: passing argument to parameter 'siglen' here
> unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
> ^
> --- openssl_aead.lo ---
> 2 warnings generated.
> --- openssl_ec_diffie_hellman.lo ---
> 2 warnings generated.
> --- openssl_ed_public_key.lo ---
> openssl_ed_public_key.c:62:11: error: use of undeclared identifier 'EVP_PKEY_ED25519'; did you mean 'KEY_ED25519'?
> return EVP_PKEY_ED25519;
> ^~~~~~~~~~~~~~~~
> KEY_ED25519
> ../../../../src/libstrongswan/credentials/keys/public_key.h:47:2: note: 'KEY_ED25519' declared here
> KEY_ED25519 = 4,
> ^
> openssl_ed_public_key.c:64:11: error: use of undeclared identifier 'EVP_PKEY_ED448'
> return EVP_PKEY_ED448;
> ^
> openssl_ed_public_key.c:109:3: warning: implicit declaration of function 'EVP_DigestVerify' is invalid in C99 [-Wimplicit-function-declaration]
> EVP_DigestVerify(ctx, signature.ptr, signature.len,
> ^
> openssl_ed_public_key.c:151:9: warning: implicit declaration of function 'EVP_PKEY_get_raw_public_key' is invalid in C99 [-Wimplicit-function-declaration]
> if (!EVP_PKEY_get_raw_public_key(key, NULL, &blob.len))
> ^
> openssl_ed_public_key.c:283:9: warning: implicit declaration of function 'EVP_PKEY_new_raw_public_key' is invalid in C99 [-Wimplicit-function-declaration]
> key = EVP_PKEY_new_raw_public_key(openssl_ed_key_type(type), NULL,
> ^
> openssl_ed_public_key.c:283:7: warning: incompatible integer to pointer conversion assigning to 'EVP_PKEY *' (aka 'struct evp_pkey_st *') from 'int' [-Wint-conversion]
> key = EVP_PKEY_new_raw_public_key(openssl_ed_key_type(type), NULL,
> ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> --- openssl_plugin.lo ---
> openssl_plugin.c:319:10: error: use of undeclared identifier 'EVP_PKEY_ED25519'; did you mean 'KEY_ED25519'?
> case EVP_PKEY_ED25519:
> ^~~~~~~~~~~~~~~~
> KEY_ED25519
> ../../../../src/libstrongswan/credentials/keys/public_key.h:47:2: note: 'KEY_ED25519' declared here
> KEY_ED25519 = 4,
> ^
> --- openssl_ed_public_key.lo ---
> 4 warnings and 2 errors generated.
> --- openssl_plugin.lo ---
> openssl_plugin.c:320:10: error: use of undeclared identifier 'EVP_PKEY_ED448'
> case EVP_PKEY_ED448:
> ^
> --- openssl_ed_public_key.lo ---
> *** [openssl_ed_public_key.lo] Error code 1
>
> make[7]: stopped in /usr/ports/security/strongswan/work/strongswan-5.9.2/src/libstrongswan/plugins/openssl
> --- openssl_x509.lo ---
> openssl_x509.c:431:8: warning: implicit declaration of function 'i2d_re_X509_tbs' is invalid in C99 [-Wimplicit-function-declaration]
> tbs = openssl_i2chunk(re_X509_tbs, this->x509);
> ^
> ./openssl_util.h:105:16: note: expanded from macro 'openssl_i2chunk'
> int len = i2d_##type(obj, NULL); \
> ^
> <scratch space>:71:1: note: expanded from here
> i2d_re_X509_tbs
> ^
> --- openssl_util.lo ---
> 3 warnings generated.
> --- openssl_plugin.lo ---
> openssl_plugin.c:471:8: error: use of undeclared identifier 'EVP_PKEY_ED25519'; did you mean 'KEY_ED25519'?
> case EVP_PKEY_ED25519:
> ^~~~~~~~~~~~~~~~
> KEY_ED25519
> ../../../../src/libstrongswan/credentials/keys/public_key.h:47:2: note: 'KEY_ED25519' declared here
> KEY_ED25519 = 4,
> ^
> openssl_plugin.c:472:8: error: use of undeclared identifier 'EVP_PKEY_ED448'
> case EVP_PKEY_ED448:
> ^
> 4 errors generated.
> *** [openssl_plugin.lo] Error code 1
>
> make[7]: stopped in /usr/ports/security/strongswan/work/strongswan-5.9.2/src/libstrongswan/plugins/openssl
> --- openssl_crl.lo ---
> 1 warning generated.
> --- openssl_ec_private_key.lo ---
> 1 warning generated.
> --- openssl_rsa_public_key.lo ---
> 4 warnings generated.
> --- openssl_rsa_private_key.lo ---
> 9 warnings generated.
> --- openssl_x509.lo ---
> 1 warning generated.
> 4 errors
>
> make[7]: stopped in /usr/ports/security/strongswan/work/strongswan-5.9.2/src/libstrongswan/plugins/openssl
>
> make[6]: stopped in /usr/ports/security/strongswan/work/strongswan-5.9.2/src/libstrongswan
>
> make[5]: stopped in /usr/ports/security/strongswan/work/strongswan-5.9.2/src/libstrongswan
>
> make[4]: stopped in /usr/ports/security/strongswan/work/strongswan-5.9.2/src
>
> make[3]: stopped in /usr/ports/security/strongswan/work/strongswan-5.9.2
>
> make[2]: stopped in /usr/ports/security/strongswan/work/strongswan-5.9.2
> ===> Compilation failed unexpectedly.
> Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to
> the maintainer.
> *** Error code 1
>
> Stop.
> make[1]: stopped in /usr/ports/security/strongswan
> *** Error code 1
>
> Stop.
> make: stopped in /usr/ports/security/strongswan
>
>
> ————————————————————————————————8<------------------------------------------------------------------------
>
>
> Thank you again for your help!
>
> —Gena
>
>
> _______________________________________________
> freebsd-ports at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
More information about the freebsd-ports
mailing list