[PATCH] openssl: Provide deprecated functions.

Gedare Bloom gedare at rtems.org
Fri Mar 16 14:11:21 UTC 2018


On Tue, Mar 13, 2018 at 10:02 AM, Christian Mauderer
<christian.mauderer at embedded-brains.de> wrote:
> Some applications (like the civetweb web server) still use functions
> that are deprecated by openssl. If OPENSSL_NO_DEPRECATED is defined,
> openssl will not provide these functions. This patch removes the define
> so that the functions are available.
> ---

What are the negative consequences to this? I'm quite leery about
enabling deprecated features in a security library.

What is the cost to fix civetweb instead?

-Gedare

>  libbsd.py     | 3 +--
>  libbsd_waf.py | 2 +-
>  2 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/libbsd.py b/libbsd.py
> index f70b4ead..233c06cd 100644
> --- a/libbsd.py
> +++ b/libbsd.py
> @@ -3614,8 +3614,7 @@ def crypto_openssl(mm):
>              'crypto/openssl/crypto/cversion.c',
>              'crypto/openssl/crypto/o_str.c',
>          ],
> -        mm.generator['source'](['-DOPENSSL_NO_DEPRECATED=1',
> -                                '-DOPENSSL_NO_EC_NISTP_64_GCC_128=1',
> +        mm.generator['source'](['-DOPENSSL_NO_EC_NISTP_64_GCC_128=1',
>                                  '-DOPENSSL_NO_GMP=1',
>                                  '-DOPENSSL_NO_JPAKE=1',
>                                  '-DOPENSSL_NO_LIBUNBOUND=1',
> diff --git a/libbsd_waf.py b/libbsd_waf.py
> index 7782bccb..745512bf 100644
> --- a/libbsd_waf.py
> +++ b/libbsd_waf.py
> @@ -1317,7 +1317,7 @@ def build(bld):
>                  features = "c",
>                  cflags = cflags,
>                  includes = ['freebsd/crypto', 'freebsd/crypto/openssl', 'freebsd/crypto/openssl/crypto', 'freebsd/crypto/openssl/crypto/asn1', 'freebsd/crypto/openssl/crypto/evp', 'freebsd/crypto/openssl/crypto/modes'] + includes,
> -                defines = defines + ['NO_WINDOWS_BRAINDEATH=1', 'OPENSSL_DISABLE_OLD_DES_SUPPORT=1', 'OPENSSL_NO_DEPRECATED=1', 'OPENSSL_NO_EC_NISTP_64_GCC_128=1', 'OPENSSL_NO_GMP=1', 'OPENSSL_NO_JPAKE=1', 'OPENSSL_NO_LIBUNBOUND=1', 'OPENSSL_NO_MD2=1', 'OPENSSL_NO_RC5=1', 'OPENSSL_NO_RFC3779=1', 'OPENSSL_NO_SCTP=1', 'OPENSSL_NO_SSL2=1', 'OPENSSL_NO_SSL_TRACE=1', 'OPENSSL_NO_STORE=1', 'OPENSSL_NO_UNIT_TEST=1', 'OPENSSL_NO_WEAK_SSL_CIPHERS=1'],
> +                defines = defines + ['NO_WINDOWS_BRAINDEATH=1', 'OPENSSL_DISABLE_OLD_DES_SUPPORT=1', 'OPENSSL_NO_EC_NISTP_64_GCC_128=1', 'OPENSSL_NO_GMP=1', 'OPENSSL_NO_JPAKE=1', 'OPENSSL_NO_LIBUNBOUND=1', 'OPENSSL_NO_MD2=1', 'OPENSSL_NO_RC5=1', 'OPENSSL_NO_RFC3779=1', 'OPENSSL_NO_SCTP=1', 'OPENSSL_NO_SSL2=1', 'OPENSSL_NO_SSL_TRACE=1', 'OPENSSL_NO_STORE=1', 'OPENSSL_NO_UNIT_TEST=1', 'OPENSSL_NO_WEAK_SSL_CIPHERS=1'],
>                  source = objs04_source)
>      libbsd_use += ["objs04"]
>
> --
> 2.13.6
>
> _______________________________________________
> devel mailing list
> devel at rtems.org
> http://lists.rtems.org/mailman/listinfo/devel



More information about the devel mailing list