[PATCH] openssl: Provide deprecated functions.

Christian Mauderer christian.mauderer at embedded-brains.de
Mon Mar 19 08:26:27 UTC 2018


Am 16.03.2018 um 15:11 schrieb Gedare Bloom:
> On Tue, Mar 13, 2018 at 10:02 AM, Christian Mauderer
> <christian.mauderer at embedded-brains.de> wrote:
>> Some applications (like the civetweb web server) still use functions
>> that are deprecated by openssl. If OPENSSL_NO_DEPRECATED is defined,
>> openssl will not provide these functions. This patch removes the define
>> so that the functions are available.
>> ---
> 
> What are the negative consequences to this? I'm quite leery about
> enabling deprecated features in a security library.
> 
> What is the cost to fix civetweb instead?
> 
> -Gedare

Hello Gedare,

there are still a lot of application that use the deprecated API. A
quick search on github for one of the deprecated functions
(ERR_remove_state) provided nearly 50000 results:
https://github.com/search?l=C&q=+ERR_remove_state&type=Code&utf8=%E2%9C%93

Beneath that I just checked on my OpenSUSE machine and on a FreeBSD VM:
They still provide this function. So I wouldn't see a problem with that.

Best regards

Christian

> 
>>  libbsd.py     | 3 +--
>>  libbsd_waf.py | 2 +-
>>  2 files changed, 2 insertions(+), 3 deletions(-)
>>
>> diff --git a/libbsd.py b/libbsd.py
>> index f70b4ead..233c06cd 100644
>> --- a/libbsd.py
>> +++ b/libbsd.py
>> @@ -3614,8 +3614,7 @@ def crypto_openssl(mm):
>>              'crypto/openssl/crypto/cversion.c',
>>              'crypto/openssl/crypto/o_str.c',
>>          ],
>> -        mm.generator['source'](['-DOPENSSL_NO_DEPRECATED=1',
>> -                                '-DOPENSSL_NO_EC_NISTP_64_GCC_128=1',
>> +        mm.generator['source'](['-DOPENSSL_NO_EC_NISTP_64_GCC_128=1',
>>                                  '-DOPENSSL_NO_GMP=1',
>>                                  '-DOPENSSL_NO_JPAKE=1',
>>                                  '-DOPENSSL_NO_LIBUNBOUND=1',
>> diff --git a/libbsd_waf.py b/libbsd_waf.py
>> index 7782bccb..745512bf 100644
>> --- a/libbsd_waf.py
>> +++ b/libbsd_waf.py
>> @@ -1317,7 +1317,7 @@ def build(bld):
>>                  features = "c",
>>                  cflags = cflags,
>>                  includes = ['freebsd/crypto', 'freebsd/crypto/openssl', 'freebsd/crypto/openssl/crypto', 'freebsd/crypto/openssl/crypto/asn1', 'freebsd/crypto/openssl/crypto/evp', 'freebsd/crypto/openssl/crypto/modes'] + includes,
>> -                defines = defines + ['NO_WINDOWS_BRAINDEATH=1', 'OPENSSL_DISABLE_OLD_DES_SUPPORT=1', 'OPENSSL_NO_DEPRECATED=1', 'OPENSSL_NO_EC_NISTP_64_GCC_128=1', 'OPENSSL_NO_GMP=1', 'OPENSSL_NO_JPAKE=1', 'OPENSSL_NO_LIBUNBOUND=1', 'OPENSSL_NO_MD2=1', 'OPENSSL_NO_RC5=1', 'OPENSSL_NO_RFC3779=1', 'OPENSSL_NO_SCTP=1', 'OPENSSL_NO_SSL2=1', 'OPENSSL_NO_SSL_TRACE=1', 'OPENSSL_NO_STORE=1', 'OPENSSL_NO_UNIT_TEST=1', 'OPENSSL_NO_WEAK_SSL_CIPHERS=1'],
>> +                defines = defines + ['NO_WINDOWS_BRAINDEATH=1', 'OPENSSL_DISABLE_OLD_DES_SUPPORT=1', 'OPENSSL_NO_EC_NISTP_64_GCC_128=1', 'OPENSSL_NO_GMP=1', 'OPENSSL_NO_JPAKE=1', 'OPENSSL_NO_LIBUNBOUND=1', 'OPENSSL_NO_MD2=1', 'OPENSSL_NO_RC5=1', 'OPENSSL_NO_RFC3779=1', 'OPENSSL_NO_SCTP=1', 'OPENSSL_NO_SSL2=1', 'OPENSSL_NO_SSL_TRACE=1', 'OPENSSL_NO_STORE=1', 'OPENSSL_NO_UNIT_TEST=1', 'OPENSSL_NO_WEAK_SSL_CIPHERS=1'],
>>                  source = objs04_source)
>>      libbsd_use += ["objs04"]
>>
>> --
>> 2.13.6
>>
>> _______________________________________________
>> devel mailing list
>> devel at rtems.org
>> http://lists.rtems.org/mailman/listinfo/devel

-- 
--------------------------------------------
embedded brains GmbH
Herr Christian Mauderer
Dornierstr. 4
D-82178 Puchheim
Germany
email: christian.mauderer at embedded-brains.de
Phone: +49-89-18 94 741 - 18
Fax:   +49-89-18 94 741 - 08
PGP: Public key available on request.

Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG.



More information about the devel mailing list