[PATCH] openssl: Provide deprecated functions.
Christian Mauderer
christian.mauderer at embedded-brains.de
Tue Mar 20 10:03:15 UTC 2018
Am 19.03.2018 um 09:26 schrieb Christian Mauderer:
> Am 16.03.2018 um 15:11 schrieb Gedare Bloom:
>> On Tue, Mar 13, 2018 at 10:02 AM, Christian Mauderer
>> <christian.mauderer at embedded-brains.de> wrote:
>>> Some applications (like the civetweb web server) still use functions
>>> that are deprecated by openssl. If OPENSSL_NO_DEPRECATED is defined,
>>> openssl will not provide these functions. This patch removes the define
>>> so that the functions are available.
>>> ---
>>
>> What are the negative consequences to this? I'm quite leery about
>> enabling deprecated features in a security library.
>>
>> What is the cost to fix civetweb instead?
>>
>> -Gedare
>
> Hello Gedare,
>
> there are still a lot of application that use the deprecated API. A
> quick search on github for one of the deprecated functions
> (ERR_remove_state) provided nearly 50000 results:
> https://github.com/search?l=C&q=+ERR_remove_state&type=Code&utf8=%E2%9C%93
>
> Beneath that I just checked on my OpenSUSE machine and on a FreeBSD VM:
> They still provide this function. So I wouldn't see a problem with that.
>
> Best regards
>
> Christian
Would you agree with the patch with the additional information from my
last mail that the deprecated API is still widely used?
>
>>
>>> libbsd.py | 3 +--
>>> libbsd_waf.py | 2 +-
>>> 2 files changed, 2 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/libbsd.py b/libbsd.py
>>> index f70b4ead..233c06cd 100644
>>> --- a/libbsd.py
>>> +++ b/libbsd.py
>>> @@ -3614,8 +3614,7 @@ def crypto_openssl(mm):
>>> 'crypto/openssl/crypto/cversion.c',
>>> 'crypto/openssl/crypto/o_str.c',
>>> ],
>>> - mm.generator['source'](['-DOPENSSL_NO_DEPRECATED=1',
>>> - '-DOPENSSL_NO_EC_NISTP_64_GCC_128=1',
>>> + mm.generator['source'](['-DOPENSSL_NO_EC_NISTP_64_GCC_128=1',
>>> '-DOPENSSL_NO_GMP=1',
>>> '-DOPENSSL_NO_JPAKE=1',
>>> '-DOPENSSL_NO_LIBUNBOUND=1',
>>> diff --git a/libbsd_waf.py b/libbsd_waf.py
>>> index 7782bccb..745512bf 100644
>>> --- a/libbsd_waf.py
>>> +++ b/libbsd_waf.py
>>> @@ -1317,7 +1317,7 @@ def build(bld):
>>> features = "c",
>>> cflags = cflags,
>>> includes = ['freebsd/crypto', 'freebsd/crypto/openssl', 'freebsd/crypto/openssl/crypto', 'freebsd/crypto/openssl/crypto/asn1', 'freebsd/crypto/openssl/crypto/evp', 'freebsd/crypto/openssl/crypto/modes'] + includes,
>>> - defines = defines + ['NO_WINDOWS_BRAINDEATH=1', 'OPENSSL_DISABLE_OLD_DES_SUPPORT=1', 'OPENSSL_NO_DEPRECATED=1', 'OPENSSL_NO_EC_NISTP_64_GCC_128=1', 'OPENSSL_NO_GMP=1', 'OPENSSL_NO_JPAKE=1', 'OPENSSL_NO_LIBUNBOUND=1', 'OPENSSL_NO_MD2=1', 'OPENSSL_NO_RC5=1', 'OPENSSL_NO_RFC3779=1', 'OPENSSL_NO_SCTP=1', 'OPENSSL_NO_SSL2=1', 'OPENSSL_NO_SSL_TRACE=1', 'OPENSSL_NO_STORE=1', 'OPENSSL_NO_UNIT_TEST=1', 'OPENSSL_NO_WEAK_SSL_CIPHERS=1'],
>>> + defines = defines + ['NO_WINDOWS_BRAINDEATH=1', 'OPENSSL_DISABLE_OLD_DES_SUPPORT=1', 'OPENSSL_NO_EC_NISTP_64_GCC_128=1', 'OPENSSL_NO_GMP=1', 'OPENSSL_NO_JPAKE=1', 'OPENSSL_NO_LIBUNBOUND=1', 'OPENSSL_NO_MD2=1', 'OPENSSL_NO_RC5=1', 'OPENSSL_NO_RFC3779=1', 'OPENSSL_NO_SCTP=1', 'OPENSSL_NO_SSL2=1', 'OPENSSL_NO_SSL_TRACE=1', 'OPENSSL_NO_STORE=1', 'OPENSSL_NO_UNIT_TEST=1', 'OPENSSL_NO_WEAK_SSL_CIPHERS=1'],
>>> source = objs04_source)
>>> libbsd_use += ["objs04"]
>>>
>>> --
>>> 2.13.6
>>>
>>> _______________________________________________
>>> devel mailing list
>>> devel at rtems.org
>>> http://lists.rtems.org/mailman/listinfo/devel
>
--
--------------------------------------------
embedded brains GmbH
Herr Christian Mauderer
Dornierstr. 4
D-82178 Puchheim
Germany
email: christian.mauderer at embedded-brains.de
Phone: +49-89-18 94 741 - 18
Fax: +49-89-18 94 741 - 08
PGP: Public key available on request.
Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG.
More information about the devel
mailing list