(xmlsec-openssl) Errors while compiling with latest BoringSSL

[lsh123]

Discussed in https://github.com/lsh123/xmlsec/discussions/763

^{Originally posted by **marcocacre** February 20, 2024} Hi all, i tried to integrate and compile xmlsec into the Android AOSP BSP (version 13) without success. Do you have any plan to add support to boringssl ? or could you give me an advice to found an alternative in Android. Thanks a lot for your kindly reply BR Marco

[lsh123]

external/olivetti/xmlsec/src/openssl/x509vfy.c:1955:34: error: incompatible function pointer types passing 'int (const X509_NAME_ENTRY *const *, const X509_NAME_ENTRY *const *)' (aka 
'int (const struct X509_name_entry_st *const *, const struct X509_name_entry_st *const *)') to parameter of type 'stack_X509_NAME_ENTRY_cmp_func' (aka 'int (*)(const struct X509_name_
entry_st **, const struct X509_name_entry_st **)') [-Werror,-Wincompatible-function-pointer-types]
    res = sk_X509_NAME_ENTRY_new(xmlSecOpenSSLX509_NAME_ENTRY_cmp);
                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
external/boringssl/src/include/openssl/x509.h:124:1: note: passing argument to parameter 'comp' here
DEFINE_STACK_OF(X509_NAME_ENTRY)
^
external/boringssl/src/include/openssl/stack.h:409:31: note: expanded from macro 'DEFINE_STACK_OF'
#define DEFINE_STACK_OF(type) DEFINE_NAMED_STACK_OF(type, type)
                              ^
external/boringssl/src/include/openssl/stack.h:404:3: note: expanded from macro 'DEFINE_NAMED_STACK_OF'
  BORINGSSL_DEFINE_STACK_OF_IMPL(name, type *, const type *) \
  ^
external/boringssl/src/include/openssl/stack.h:304:47: note: expanded from macro 'BORINGSSL_DEFINE_STACK_OF_IMPL'
      sk_##name##_new(stack_##name##_cmp_func comp) {                          \
                                              ^

[marcocacre]

OK, I changed ./src/openssl/x509vfy.c as follow:

at line 113

ifdef OPENSSL_IS_BORINGSSL

  static int      xmlSecOpenSSLX509_NAME_ENTRY_cmp     (const X509_NAME_ENTRY **a, const 509_NAME_ENTRY **b);

else

   static int      xmlSecOpenSSLX509_NAME_ENTRY_cmp     (const X509_NAME_ENTRY * const *a, const X509_NAME_ENTRY * const *b);

endif

and at line 2050:

ifdef OPENSSL_IS_BORINGSSL

static int xmlSecOpenSSLX509_NAME_ENTRY_cmp(const X509_NAME_ENTRY a, const X509_NAME_ENTRY b) {

else

static int xmlSecOpenSSLX509_NAME_ENTRY_cmp(const X509_NAME_ENTRY consta, const X509_NAME_ENTRY constb) {

endif

at least on my android AOSP version 13 now it's ok (with the attached Android.bp)

thanks a lot

Android.bp.txt

[marcocacre]

copy &paste did a bad output

changes at line 2050 are:

ifdef OPENSSL_IS_BORINGSSL

static int xmlSecOpenSSLX509_NAME_ENTRY_cmp(const X509_NAME_ENTRY a, const X509_NAME_ENTRY b) {

else

static int xmlSecOpenSSLX509_NAME_ENTRY_cmp(const X509_NAME_ENTRY consta, const X509_NAME_ENTRY constb) {

endif

[marcocacre]

ok the output is changed by the commit of the message. above consta is ( const a) - constb is ( const b)

[marcocacre]

no way then take a look on the file at relative line (sorry)

[lsh123]

Thanks! Yes I was planning to do something similar :) I will still fix it in the code soon so it works for others as well.

[marcocacre]

Thanks to you, another important changes was the disable of RIPEMD160 functions that are not implemented in boringssl added -DXMLSEC_NO_RIPEMD160 in my Android.bp

[lsh123]

Interestingly, the latest master for boring ssl on github compiles w/o any problems and the cmp function definition aligns with the one in xmlsec:

https://github.com/google/boringssl/blame/master/include/openssl/stack.h#L407

Looks like it was fixed about 8 months ago.

BTW, you can easily disable RipeMD160 using "--without-ripemd160" in the xmlsec ./configure script

[marcocacre]

ok perfect, I saw that boring ssl on my Android 13 BSP is older then the changes done to the cmp function definition thank you very much!

[lsh123]

I will close this issue, please re-open if you have any further problems.