Upgrade to build against the latest Envoy

[rojkov]

Added updates to address the CVEs fixed in v1.12.2

[rojkov]

I see these as warnings, not errors, because .bazelrc contains this line

build --cxxopt=-Wno-error=old-style-cast

It's weird the line is ignored in your setup. Anyway I've fixed these two warning, but there are others that cannot be fixed easily. For example I see also these two:

In file included from /usr/include/openssl/ssl.h:946,
                 from bazel-out/k8-dbg/bin/external/envoy/include/envoy/ssl/private_key/_virtual_includes/private_key_interface/envoy/ssl/private_key/private_key.h:11,
                 from bazel-out/k8-dbg/bin/external/envoy/include/envoy/ssl/_virtual_includes/tls_certificate_config_interface/envoy/ssl/tls_certificate_config.h:7,
                 from bazel-out/k8-dbg/bin/external/envoy/include/envoy/ssl/_virtual_includes/context_config_interface/envoy/ssl/context_config.h:10,
                 from bazel-out/k8-dbg/bin/source/extensions/transport_sockets/tls/_virtual_includes/context_lib/extensions/transport_sockets/tls/context_impl.h:10,
                 from source/extensions/transport_sockets/tls/context_impl.cc:1:
source/extensions/transport_sockets/tls/context_impl.cc: In member function 'virtual bssl::UniquePtr<ssl_st> Envoy::Extensions::TransportSockets::Tls::ClientContextImpl::newSsl(const Envoy::Network::TransportSocketOptions*)':
source/extensions/transport_sockets/tls/context_impl.cc:791:83: warning: use of old-style cast to 'void*' [-Wold-style-cast]
  791 |     int rc = SSL_set_tlsext_host_name(ssl_con.get(), server_name_indication.c_str());
      |                                                                                   ^
source/extensions/transport_sockets/tls/context_impl.cc: In constructor 'Envoy::Extensions::TransportSockets::Tls::ServerContextImpl::ServerContextImpl(Envoy::Stats::Scope&, const Envoy::Ssl::ServerContextConfig&, const std::vector<std::__cxx11::basic_string<char> >&, Envoy::TimeSource&)':
source/extensions/transport_sockets/tls/context_impl.cc:923:11: warning: use of old-style cast to 'void (*)()' [-Wold-style-cast]
  923 |           });
      |           ^

The problem is these two problematic functions are defined in OpenSSL as macros using old-style casts here and here.

[venilnoronha]

That fixed it for the source. I'm still having issues while running tests.

ERROR: /git/envoy-openssl/test/extensions/transport_sockets/tls/BUILD:12:1: C++ compilation of rule '//test/extensions/transport_sockets/tls:ssl_socket_test_lib_internal_only' failed (Exit 1) clang-7 failed: error executing command /usr/bin/clang-7 -U_FORTIFY_SOURCE -fstack-protector -Wall -Wthread-safety -Wself-assign -fcolor-diagnostics -fno-omit-frame-pointer '-std=c++0x' -MD -MF ... (remaining 527 argument(s) skipped)

Use --sandbox_debug to see verbose messages from the sandbox
test/extensions/transport_sockets/tls/ssl_socket_test.cc:4199:67: error: use of old-style cast [-Werror,-Wold-style-cast]
  if (ASYNC_WAIT_CTX_get_fd(waitctx, fake_engine_id, &pipefds[0], (void**)&writefd)) {
                                                                  ^       ~~~~~~~~
test/extensions/transport_sockets/tls/ssl_socket_test.cc:236:8: error: private field 'expect_private_key_method_' is not used [-Werror,-Wunused-private-field]
  bool expect_private_key_method_;
       ^
2 errors generated.

Do you mind fixing those as well?

[rojkov]

Sure, fixed.