Hi I had strongSwan working with a previous version of libressl at a point. The biggest issue is that libressl started off as a drop in replacement which made it easy to get it working. As more features were added to openssl after libressl forked, it is becomming increasingly difficult to treat as a drop in replacement. I think most of the compile errors is related to ED25519 and ED448 eliptic curves, but I don't see a easy way right now of detecting libressl and to not compile those parts.
Regards Francois ________________________________________ From: Franco Fichtner [fra...@lastsummer.de] Sent: Sunday, April 25, 2021 8:57 PM To: Gena Gulchin Cc: strongswan; po...@freebsd.org Subject: Re: FreeBSD Port: strongswan-5.9.2_1 Hi, Strongswan authors have no interest in supporting LibreSSL and patching it in the code #ifdef maze is really difficult since it checks OpenSSL version numbers which for LibreSSL looks like the most modern OpenSSL Release. Cheers, Franco > On 25. Apr 2021, at 20:41, Gena Gulchin <gena.gulc...@gmail.com> wrote: > > Good morning! > > I’m having problems building strongSwan 5.9.2 IPSec on FreeBSD 13 and > LibreSSL 3.2.5 > > Contents of my /etc/make.conf: > OPENSSL_PORT= security/libressl > DEFAULT_VERSIONS+=ssl=libressl > > > I have searched the internet for solution and tried applying various patches > but to no avail. > > Much appreciate your help on this matter! > > Below is the build log > > > (apologies for the long paste): > > ————————————————————————————————8<------------------------------------------------------------------------ > --- openssl_rng.lo --- > openssl_rng.c:61:20: warning: passing 'char *' to parameter of type 'unsigned > char *' converts between pointers to integer types with different sign > [-Wpointer-sign] > return RAND_bytes((char*)buffer, bytes) == 1; > ^~~~~~~~~~~~~ > /usr/local/include/openssl/rand.h:93:32: note: passing argument to parameter > 'buf' here > int RAND_bytes(unsigned char *buf, int num); > ^ > 1 warning generated. > --- openssl_ed_private_key.lo --- > openssl_ed_private_key.c:89:6: warning: implicit declaration of function > 'EVP_DigestSign' is invalid in C99 [-Wimplicit-function-declaration] > if (EVP_DigestSign(ctx, NULL, &signature->len, data.ptr, data.len) <= > 0) > ^ > openssl_ed_private_key.c:135:7: warning: implicit declaration of function > 'EVP_PKEY_get_raw_public_key' is invalid in C99 > [-Wimplicit-function-declaration] > if (!EVP_PKEY_get_raw_public_key(this->key, NULL, &key.len)) > ^ > --- openssl_xof.lo --- > openssl_xof.c:82:7: warning: implicit declaration of function > 'EVP_DigestFinalXOF' is invalid in C99 [-Wimplicit-function-declaration] > if (EVP_DigestFinalXOF(this->ctx, data.ptr, data.len) == 1) > ^ > --- openssl_rsa_private_key.lo --- > openssl_rsa_private_key.c:318:52: warning: passing 'char *' to parameter of > type 'unsigned char *' converts between pointers to integer types with > different sign [-Wpointer-sign] > len = RSA_private_decrypt(crypto.len, crypto.ptr, decrypted, > ^~~~~~~~~ > /usr/local/include/openssl/rsa.h:339:20: note: passing argument to parameter > 'to' here > unsigned char *to, RSA *rsa, int padding); > ^ > openssl_rsa_private_key.c:326:24: warning: passing 'char *' to parameter of > type 'u_char *' (aka 'unsigned char *') converts between pointers to integer > types with different sign [-Wpointer-sign] > *plain = chunk_create(decrypted, len); > ^~~~~~~~~ > ../../../../src/libstrongswan/utils/chunk.h:57:44: note: passing argument to > parameter 'ptr' here > static inline chunk_t chunk_create(u_char *ptr, size_t len) > ^ > --- openssl_xof.lo --- > openssl_xof.c:140:9: warning: implicit declaration of function 'EVP_shake128' > is invalid in C99 [-Wimplicit-function-declaration] > md = EVP_shake128(); > ^ > openssl_xof.c:140:7: warning: incompatible integer to pointer conversion > assigning to 'const EVP_MD *' (aka 'const struct env_md_st *') from 'int' > [-Wint-conversion] > md = EVP_shake128(); > ^ ~~~~~~~~~~~~~~ > openssl_xof.c:143:9: warning: implicit declaration of function 'EVP_shake256' > is invalid in C99 [-Wimplicit-function-declaration] > md = EVP_shake256(); > ^ > openssl_xof.c:143:7: warning: incompatible integer to pointer conversion > assigning to 'const EVP_MD *' (aka 'const struct env_md_st *') from 'int' > [-Wint-conversion] > --- openssl_ec_diffie_hellman.lo --- > openssl_ec_diffie_hellman.c:216:3: warning: implicit declaration of function > 'EVP_PKEY_set1_tls_encodedpoint' is invalid in C99 > [-Wimplicit-function-declaration] > --- openssl_xof.lo --- > md = EVP_shake256(); > ^ ~~~~~~~~~~~~~~ > --- openssl_ec_diffie_hellman.lo --- > EVP_PKEY_set1_tls_encodedpoint(pub, value.ptr, value.len) <= 0) > ^ > openssl_ec_diffie_hellman.c:245:12: warning: implicit declaration of function > 'EVP_PKEY_get1_tls_encodedpoint' is invalid in C99 > [-Wimplicit-function-declaration] > pub.len = EVP_PKEY_get1_tls_encodedpoint(this->key, &pub.ptr); > ^ > --- openssl_aead.lo --- > openssl_aead.c:289:21: warning: implicit declaration of function > 'EVP_chacha20_poly1305' is invalid in C99 [-Wimplicit-function-declaration] > this->cipher = EVP_chacha20_poly1305(); > ^ > openssl_aead.c:289:19: warning: incompatible integer to pointer conversion > assigning to 'const EVP_CIPHER *' (aka 'const struct evp_cipher_st *') from > 'int' [-Wint-conversion] > this->cipher = EVP_chacha20_poly1305(); > ^ ~~~~~~~~~~~~~~~~~~~~~~~ > --- openssl_rsa_private_key.lo --- > openssl_rsa_private_key.c:625:7: warning: implicit declaration of function > 'BN_secure_new' is invalid in C99 [-Wimplicit-function-declaration] > *p = BN_secure_new(); > ^ > openssl_rsa_private_key.c:625:5: warning: incompatible integer to pointer > conversion assigning to 'BIGNUM *' (aka 'struct bignum_st *') from 'int' > [-Wint-conversion] > *p = BN_secure_new(); > ^ ~~~~~~~~~~~~~~~ > openssl_rsa_private_key.c:632:5: warning: incompatible integer to pointer > conversion assigning to 'BIGNUM *' (aka 'struct bignum_st *') from 'int' > [-Wint-conversion] > *q = BN_secure_new(); > ^ ~~~~~~~~~~~~~~~ > openssl_rsa_private_key.c:669:8: warning: implicit declaration of function > 'BN_secure_new' is invalid in C99 [-Wimplicit-function-declaration] > res = BN_secure_new(); > ^ > openssl_rsa_private_key.c:669:6: warning: incompatible integer to pointer > conversion assigning to 'BIGNUM *' (aka 'struct bignum_st *') from 'int' > [-Wint-conversion] > res = BN_secure_new(); > ^ ~~~~~~~~~~~~~~~ > --- openssl_ed_private_key.lo --- > openssl_ed_private_key.c:251:8: error: use of undeclared identifier > 'EVP_PKEY_X25519' > case EVP_PKEY_X25519: > ^ > --- openssl_rsa_private_key.lo --- > openssl_rsa_private_key.c:698:8: warning: implicit declaration of function > 'BN_secure_new' is invalid in C99 [-Wimplicit-function-declaration] > res = BN_secure_new(); > ^ > openssl_rsa_private_key.c:698:6: warning: incompatible integer to pointer > conversion assigning to 'BIGNUM *' (aka 'struct bignum_st *') from 'int' > [-Wint-conversion] > res = BN_secure_new(); > ^ ~~~~~~~~~~~~~~~ > --- openssl_x_diffie_hellman.lo --- > openssl_x_diffie_hellman.c:67:11: error: use of undeclared identifier > 'EVP_PKEY_X25519' > return EVP_PKEY_X25519; > ^ > --- openssl_ed_private_key.lo --- > openssl_ed_private_key.c:254:8: error: use of undeclared identifier > 'EVP_PKEY_X448' > case EVP_PKEY_X448: > ^ > openssl_ed_private_key.c:339:10: warning: implicit declaration of function > 'EVP_PKEY_new_raw_private_key' is invalid in C99 > [-Wimplicit-function-declaration] > key = > EVP_PKEY_new_raw_private_key(openssl_ed_key_type(type), NULL, > ^ > openssl_ed_private_key.c:339:8: warning: incompatible integer to pointer > conversion assigning to 'EVP_PKEY *' (aka 'struct evp_pkey_st *') from 'int' > [-Wint-conversion] > key = > EVP_PKEY_new_raw_private_key(openssl_ed_key_type(type), NULL, > ^ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > 4 warnings and 2 errors generated. > --- openssl_x_diffie_hellman.lo --- > openssl_x_diffie_hellman.c:69:11: error: use of undeclared identifier > 'EVP_PKEY_X448' > return EVP_PKEY_X448; > ^ > openssl_x_diffie_hellman.c:85:9: warning: implicit declaration of function > 'EVP_PKEY_new_raw_public_key' is invalid in C99 > [-Wimplicit-function-declaration] > pub = EVP_PKEY_new_raw_public_key(map_key_type(this->group), NULL, > ^ > openssl_x_diffie_hellman.c:85:6: warning: incompatible integer to pointer > conversion assigning to 'EVP_PKEY *' (aka 'struct evp_pkey_st *') from 'int' > [-Wint-conversion] > pub = EVP_PKEY_new_raw_public_key(map_key_type(this->group), NULL, > ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > openssl_x_diffie_hellman.c:113:7: warning: implicit declaration of function > 'EVP_PKEY_get_raw_public_key' is invalid in C99 > [-Wimplicit-function-declaration] > if (!EVP_PKEY_get_raw_public_key(this->key, NULL, &len)) > ^ > openssl_x_diffie_hellman.c:132:14: warning: implicit declaration of function > 'EVP_PKEY_new_raw_private_key' is invalid in C99 > [-Wimplicit-function-declaration] > this->key = EVP_PKEY_new_raw_private_key(map_key_type(this->group), > NULL, > ^ > --- openssl_ed_private_key.lo --- > *** [openssl_ed_private_key.lo] Error code 1 > > make[7]: stopped in > /usr/ports/security/strongswan/work/strongswan-5.9.2/src/libstrongswan/plugins/openssl > --- openssl_x_diffie_hellman.lo --- > openssl_x_diffie_hellman.c:132:12: warning: incompatible integer to pointer > conversion assigning to 'EVP_PKEY *' (aka 'struct evp_pkey_st *') from 'int' > [-Wint-conversion] > this->key = EVP_PKEY_new_raw_private_key(map_key_type(this->group), > NULL, > ^ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > 5 warnings and 2 errors generated. > *** [openssl_x_diffie_hellman.lo] Error code 1 > > make[7]: stopped in > /usr/ports/security/strongswan/work/strongswan-5.9.2/src/libstrongswan/plugins/openssl > --- openssl_rsa_public_key.lo --- > openssl_rsa_public_key.c:139:57: warning: passing 'char *' to parameter of > type 'unsigned char *' converts between pointers to integer types with > different sign [-Wpointer-sign] > len = RSA_public_decrypt(signature.len, signature.ptr, buf, this->rsa, > ^~~ > /usr/local/include/openssl/rsa.h:337:20: note: passing argument to parameter > 'to' here > unsigned char *to, RSA *rsa, int padding); > ^ > openssl_rsa_public_key.c:143:49: warning: passing 'char *' to parameter of > type 'u_char *' (aka 'unsigned char *') converts between pointers to integer > types with different sign [-Wpointer-sign] > valid = chunk_equals_const(data, chunk_create(buf, len)); > ^~~ > ../../../../src/libstrongswan/utils/chunk.h:57:44: note: passing argument to > parameter 'ptr' here > static inline chunk_t chunk_create(u_char *ptr, size_t len) > ^ > openssl_rsa_public_key.c:319:49: warning: passing 'char *' to parameter of > type 'unsigned char *' converts between pointers to integer types with > different sign [-Wpointer-sign] > len = RSA_public_encrypt(plain.len, plain.ptr, encrypted, > ^~~~~~~~~ > /usr/local/include/openssl/rsa.h:333:20: note: passing argument to parameter > 'to' here > unsigned char *to, RSA *rsa, int padding); > ^ > openssl_rsa_public_key.c:327:25: warning: passing 'char *' to parameter of > type 'u_char *' (aka 'unsigned char *') converts between pointers to integer > types with different sign [-Wpointer-sign] > *crypto = chunk_create(encrypted, len); > ^~~~~~~~~ > ../../../../src/libstrongswan/utils/chunk.h:57:44: note: passing argument to > parameter 'ptr' here > static inline chunk_t chunk_create(u_char *ptr, size_t len) > ^ > --- openssl_xof.lo --- > 5 warnings generated. > --- openssl_crl.lo --- > openssl_crl.c:332:8: warning: implicit declaration of function > 'i2d_re_X509_CRL_tbs' is invalid in C99 [-Wimplicit-function-declaration] > tbs = openssl_i2chunk(re_X509_CRL_tbs, this->crl); > ^ > ./openssl_util.h:105:16: note: expanded from macro 'openssl_i2chunk' > int len = i2d_##type(obj, NULL); \ > ^ > <scratch space>:68:1: note: expanded from here > i2d_re_X509_CRL_tbs > ^ > --- openssl_util.lo --- > openssl_util.c:203:32: warning: implicit declaration of function > 'OBJ_get0_data' is invalid in C99 [-Wimplicit-function-declaration] > return chunk_create((u_char*)OBJ_get0_data(asn1), > OBJ_length(asn1)); > ^ > openssl_util.c:203:23: warning: cast to 'u_char *' (aka 'unsigned char *') > from smaller integer type 'int' [-Wint-to-pointer-cast] > return chunk_create((u_char*)OBJ_get0_data(asn1), > OBJ_length(asn1)); > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ > openssl_util.c:203:53: warning: implicit declaration of function 'OBJ_length' > is invalid in C99 [-Wimplicit-function-declaration] > return chunk_create((u_char*)OBJ_get0_data(asn1), > OBJ_length(asn1)); > ^ > --- openssl_ec_private_key.lo --- > openssl_ec_private_key.c:138:53: warning: passing 'int *' to parameter of > type 'unsigned int *' converts between pointers to integer types with > different sign [-Wpointer-sign] > built = ECDSA_sign(0, hash.ptr, hash.len, sig.ptr, &siglen, this->ec) > == 1; > ^~~~~~~ > /usr/local/include/openssl/ecdsa.h:231:39: note: passing argument to > parameter 'siglen' here > unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); > ^ > --- openssl_aead.lo --- > 2 warnings generated. > --- openssl_ec_diffie_hellman.lo --- > 2 warnings generated. > --- openssl_ed_public_key.lo --- > openssl_ed_public_key.c:62:11: error: use of undeclared identifier > 'EVP_PKEY_ED25519'; did you mean 'KEY_ED25519'? > return EVP_PKEY_ED25519; > ^~~~~~~~~~~~~~~~ > KEY_ED25519 > ../../../../src/libstrongswan/credentials/keys/public_key.h:47:2: note: > 'KEY_ED25519' declared here > KEY_ED25519 = 4, > ^ > openssl_ed_public_key.c:64:11: error: use of undeclared identifier > 'EVP_PKEY_ED448' > return EVP_PKEY_ED448; > ^ > openssl_ed_public_key.c:109:3: warning: implicit declaration of function > 'EVP_DigestVerify' is invalid in C99 [-Wimplicit-function-declaration] > EVP_DigestVerify(ctx, signature.ptr, signature.len, > ^ > openssl_ed_public_key.c:151:9: warning: implicit declaration of function > 'EVP_PKEY_get_raw_public_key' is invalid in C99 > [-Wimplicit-function-declaration] > if (!EVP_PKEY_get_raw_public_key(key, NULL, &blob.len)) > ^ > openssl_ed_public_key.c:283:9: warning: implicit declaration of function > 'EVP_PKEY_new_raw_public_key' is invalid in C99 > [-Wimplicit-function-declaration] > key = EVP_PKEY_new_raw_public_key(openssl_ed_key_type(type), > NULL, > ^ > openssl_ed_public_key.c:283:7: warning: incompatible integer to pointer > conversion assigning to 'EVP_PKEY *' (aka 'struct evp_pkey_st *') from 'int' > [-Wint-conversion] > key = EVP_PKEY_new_raw_public_key(openssl_ed_key_type(type), > NULL, > ^ > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > --- openssl_plugin.lo --- > openssl_plugin.c:319:10: error: use of undeclared identifier > 'EVP_PKEY_ED25519'; did you mean 'KEY_ED25519'? > case EVP_PKEY_ED25519: > ^~~~~~~~~~~~~~~~ > KEY_ED25519 > ../../../../src/libstrongswan/credentials/keys/public_key.h:47:2: note: > 'KEY_ED25519' declared here > KEY_ED25519 = 4, > ^ > --- openssl_ed_public_key.lo --- > 4 warnings and 2 errors generated. > --- openssl_plugin.lo --- > openssl_plugin.c:320:10: error: use of undeclared identifier 'EVP_PKEY_ED448' > case EVP_PKEY_ED448: > ^ > --- openssl_ed_public_key.lo --- > *** [openssl_ed_public_key.lo] Error code 1 > > make[7]: stopped in > /usr/ports/security/strongswan/work/strongswan-5.9.2/src/libstrongswan/plugins/openssl > --- openssl_x509.lo --- > openssl_x509.c:431:8: warning: implicit declaration of function > 'i2d_re_X509_tbs' is invalid in C99 [-Wimplicit-function-declaration] > tbs = openssl_i2chunk(re_X509_tbs, this->x509); > ^ > ./openssl_util.h:105:16: note: expanded from macro 'openssl_i2chunk' > int len = i2d_##type(obj, NULL); \ > ^ > <scratch space>:71:1: note: expanded from here > i2d_re_X509_tbs > ^ > --- openssl_util.lo --- > 3 warnings generated. > --- openssl_plugin.lo --- > openssl_plugin.c:471:8: error: use of undeclared identifier > 'EVP_PKEY_ED25519'; did you mean 'KEY_ED25519'? > case EVP_PKEY_ED25519: > ^~~~~~~~~~~~~~~~ > KEY_ED25519 > ../../../../src/libstrongswan/credentials/keys/public_key.h:47:2: note: > 'KEY_ED25519' declared here > KEY_ED25519 = 4, > ^ > openssl_plugin.c:472:8: error: use of undeclared identifier 'EVP_PKEY_ED448' > case EVP_PKEY_ED448: > ^ > 4 errors generated. > *** [openssl_plugin.lo] Error code 1 > > make[7]: stopped in > /usr/ports/security/strongswan/work/strongswan-5.9.2/src/libstrongswan/plugins/openssl > --- openssl_crl.lo --- > 1 warning generated. > --- openssl_ec_private_key.lo --- > 1 warning generated. > --- openssl_rsa_public_key.lo --- > 4 warnings generated. > --- openssl_rsa_private_key.lo --- > 9 warnings generated. > --- openssl_x509.lo --- > 1 warning generated. > 4 errors > > make[7]: stopped in > /usr/ports/security/strongswan/work/strongswan-5.9.2/src/libstrongswan/plugins/openssl > > make[6]: stopped in > /usr/ports/security/strongswan/work/strongswan-5.9.2/src/libstrongswan > > make[5]: stopped in > /usr/ports/security/strongswan/work/strongswan-5.9.2/src/libstrongswan > > make[4]: stopped in /usr/ports/security/strongswan/work/strongswan-5.9.2/src > > make[3]: stopped in /usr/ports/security/strongswan/work/strongswan-5.9.2 > > make[2]: stopped in /usr/ports/security/strongswan/work/strongswan-5.9.2 > ===> Compilation failed unexpectedly. > Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to > the maintainer. > *** Error code 1 > > Stop. > make[1]: stopped in /usr/ports/security/strongswan > *** Error code 1 > > Stop. > make: stopped in /usr/ports/security/strongswan > > > ————————————————————————————————8<------------------------------------------------------------------------ > > > Thank you again for your help! > > —Gena > > > _______________________________________________ > freebsd-ports@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org" Important Notice: This e-mail and its contents are subject to the Nanoteq (Pty) Ltd e-mail legal notice available at: http://www.nanoteq.com/AboutUs/EmailDisclaimer.aspx _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"