"Dereferencing Pointer To Incomplete Type" on ARM

Tue Aug 25 13:52:47 UTC 2015

Hello!

On Mon, Aug 24, 2015 at 10:40:05PM -0400, vindicator wrote:

> Thanks, but no. I'm still getting that error:
> *****
> cc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g 
> -I src/core -I src/event -I src/event/modules -I src/os/unix -I objs \
>         -o objs/src/event/ngx_event_openssl.o \
>         src/event/ngx_event_openssl.c
> src/event/ngx_event_openssl.c: In function ‘ngx_ssl_handshake’:
> src/event/ngx_event_openssl.c:1165:31: error: dereferencing pointer to
> incomplete type
>          if (c->ssl->connection->s3) {
>                                ^
> src/event/ngx_event_openssl.c:1166:31: error: dereferencing pointer to
> incomplete type
>              c->ssl->connection->s3->flags |=
> SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
>                                ^
> src/event/ngx_event_openssl.c: In function
> ‘ngx_ssl_session_ticket_key_callback’:
> src/event/ngx_event_openssl.c:2866:9: error: implicit declaration of
> function ‘RAND_pseudo_bytes’ [-Werror=implicit-function-declaration]
>          RAND_pseudo_bytes(iv, 16);
>          ^
> cc1: all warnings being treated as errors
> *****

[...]

Oh, it looks like you are trying to build nginx against OpenSSL 
master branch.  As OpenSSL guys are changing things rapidly 
nowadays, it's not really going to work.  Try any released version 
instead.

Quick and dirty fix below, but I wouldn't bet it will be enough to 
build with OpenSSL master even in a week from now.

--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1159,6 +1159,7 @@ ngx_ssl_handshake(ngx_connection_t *c)
         c->send_chain = ngx_ssl_send_chain;
 
 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
+#if 0
 
         /* initial handshake done, disable renegotiation (CVE-2009-3555) */
         if (c->ssl->connection->s3) {
@@ -1166,6 +1167,7 @@ ngx_ssl_handshake(ngx_connection_t *c)
         }
 
 #endif
+#endif
 
         return NGX_OK;
     }
@@ -2861,7 +2863,7 @@ ngx_ssl_session_ticket_key_callback(ngx_
                        ngx_hex_dump(buf, key[0].name, 16) - buf, buf,
                        SSL_session_reused(ssl_conn) ? "reused" : "new");
 
-        RAND_pseudo_bytes(iv, 16);
+        RAND_bytes(iv, 16);
         EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key[0].aes_key, iv);
         HMAC_Init_ex(hctx, key[0].hmac_key, 16,
                      ngx_ssl_session_ticket_md(), NULL);


-- 
Maxim Dounin
http://nginx.org/

