[PATCH] openssl: Provide deprecated functions.
Christian Mauderer
christian.mauderer at embedded-brains.de
Mon Mar 19 08:26:27 UTC 2018
Am 16.03.2018 um 15:11 schrieb Gedare Bloom:
> On Tue, Mar 13, 2018 at 10:02 AM, Christian Mauderer
> <christian.mauderer at embedded-brains.de> wrote:
>> Some applications (like the civetweb web server) still use functions
>> that are deprecated by openssl. If OPENSSL_NO_DEPRECATED is defined,
>> openssl will not provide these functions. This patch removes the define
>> so that the functions are available.
>> ---
>
> What are the negative consequences to this? I'm quite leery about
> enabling deprecated features in a security library.
>
> What is the cost to fix civetweb instead?
>
> -Gedare
Hello Gedare,
there are still a lot of application that use the deprecated API. A
quick search on github for one of the deprecated functions
(ERR_remove_state) provided nearly 50000 results:
https://github.com/search?l=C&q=+ERR_remove_state&type=Code&utf8=%E2%9C%93
Beneath that I just checked on my OpenSUSE machine and on a FreeBSD VM:
They still provide this function. So I wouldn't see a problem with that.
Best regards
Christian
>
>> libbsd.py | 3 +--
>> libbsd_waf.py | 2 +-
>> 2 files changed, 2 insertions(+), 3 deletions(-)
>>
>> diff --git a/libbsd.py b/libbsd.py
>> index f70b4ead..233c06cd 100644
>> --- a/libbsd.py
>> +++ b/libbsd.py
>> @@ -3614,8 +3614,7 @@ def crypto_openssl(mm):
>> 'crypto/openssl/crypto/cversion.c',
>> 'crypto/openssl/crypto/o_str.c',
>> ],
>> - mm.generator['source'](['-DOPENSSL_NO_DEPRECATED=1',
>> - '-DOPENSSL_NO_EC_NISTP_64_GCC_128=1',
>> + mm.generator['source'](['-DOPENSSL_NO_EC_NISTP_64_GCC_128=1',
>> '-DOPENSSL_NO_GMP=1',
>> '-DOPENSSL_NO_JPAKE=1',
>> '-DOPENSSL_NO_LIBUNBOUND=1',
>> diff --git a/libbsd_waf.py b/libbsd_waf.py
>> index 7782bccb..745512bf 100644
>> --- a/libbsd_waf.py
>> +++ b/libbsd_waf.py
>> @@ -1317,7 +1317,7 @@ def build(bld):
>> features = "c",
>> cflags = cflags,
>> includes = ['freebsd/crypto', 'freebsd/crypto/openssl', 'freebsd/crypto/openssl/crypto', 'freebsd/crypto/openssl/crypto/asn1', 'freebsd/crypto/openssl/crypto/evp', 'freebsd/crypto/openssl/crypto/modes'] + includes,
>> - defines = defines + ['NO_WINDOWS_BRAINDEATH=1', 'OPENSSL_DISABLE_OLD_DES_SUPPORT=1', 'OPENSSL_NO_DEPRECATED=1', 'OPENSSL_NO_EC_NISTP_64_GCC_128=1', 'OPENSSL_NO_GMP=1', 'OPENSSL_NO_JPAKE=1', 'OPENSSL_NO_LIBUNBOUND=1', 'OPENSSL_NO_MD2=1', 'OPENSSL_NO_RC5=1', 'OPENSSL_NO_RFC3779=1', 'OPENSSL_NO_SCTP=1', 'OPENSSL_NO_SSL2=1', 'OPENSSL_NO_SSL_TRACE=1', 'OPENSSL_NO_STORE=1', 'OPENSSL_NO_UNIT_TEST=1', 'OPENSSL_NO_WEAK_SSL_CIPHERS=1'],
>> + defines = defines + ['NO_WINDOWS_BRAINDEATH=1', 'OPENSSL_DISABLE_OLD_DES_SUPPORT=1', 'OPENSSL_NO_EC_NISTP_64_GCC_128=1', 'OPENSSL_NO_GMP=1', 'OPENSSL_NO_JPAKE=1', 'OPENSSL_NO_LIBUNBOUND=1', 'OPENSSL_NO_MD2=1', 'OPENSSL_NO_RC5=1', 'OPENSSL_NO_RFC3779=1', 'OPENSSL_NO_SCTP=1', 'OPENSSL_NO_SSL2=1', 'OPENSSL_NO_SSL_TRACE=1', 'OPENSSL_NO_STORE=1', 'OPENSSL_NO_UNIT_TEST=1', 'OPENSSL_NO_WEAK_SSL_CIPHERS=1'],
>> source = objs04_source)
>> libbsd_use += ["objs04"]
>>
>> --
>> 2.13.6
>>
>> _______________________________________________
>> devel mailing list
>> devel at rtems.org
>> http://lists.rtems.org/mailman/listinfo/devel
--
--------------------------------------------
embedded brains GmbH
Herr Christian Mauderer
Dornierstr. 4
D-82178 Puchheim
Germany
email: christian.mauderer at embedded-brains.de
Phone: +49-89-18 94 741 - 18
Fax: +49-89-18 94 741 - 08
PGP: Public key available on request.
Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG.
More information about the devel
mailing list