[PATCH] openssl: Provide deprecated functions.

Gedare Bloom gedare at rtems.org
Tue Mar 20 15:37:15 UTC 2018


On Tue, Mar 20, 2018 at 6:03 AM, Christian Mauderer
<christian.mauderer at embedded-brains.de> wrote:
>
> Am 19.03.2018 um 09:26 schrieb Christian Mauderer:
>> Am 16.03.2018 um 15:11 schrieb Gedare Bloom:
>>> On Tue, Mar 13, 2018 at 10:02 AM, Christian Mauderer
>>> <christian.mauderer at embedded-brains.de> wrote:
>>>> Some applications (like the civetweb web server) still use functions
>>>> that are deprecated by openssl. If OPENSSL_NO_DEPRECATED is defined,
>>>> openssl will not provide these functions. This patch removes the define
>>>> so that the functions are available.
>>>> ---
>>>
>>> What are the negative consequences to this? I'm quite leery about
>>> enabling deprecated features in a security library.
>>>
>>> What is the cost to fix civetweb instead?
>>>
>>> -Gedare
>>
>> Hello Gedare,
>>
>> there are still a lot of application that use the deprecated API. A
>> quick search on github for one of the deprecated functions
>> (ERR_remove_state) provided nearly 50000 results:
>> https://github.com/search?l=C&q=+ERR_remove_state&type=Code&utf8=%E2%9C%93
>>
>> Beneath that I just checked on my OpenSUSE machine and on a FreeBSD VM:
>> They still provide this function. So I wouldn't see a problem with that.
>>
>> Best regards
>>
>> Christian
>
> Would you agree with the patch with the additional information from my
> last mail that the deprecated API is still widely used?
>

OK.

>>
>>>
>>>>  libbsd.py     | 3 +--
>>>>  libbsd_waf.py | 2 +-
>>>>  2 files changed, 2 insertions(+), 3 deletions(-)
>>>>
>>>> diff --git a/libbsd.py b/libbsd.py
>>>> index f70b4ead..233c06cd 100644
>>>> --- a/libbsd.py
>>>> +++ b/libbsd.py
>>>> @@ -3614,8 +3614,7 @@ def crypto_openssl(mm):
>>>>              'crypto/openssl/crypto/cversion.c',
>>>>              'crypto/openssl/crypto/o_str.c',
>>>>          ],
>>>> -        mm.generator['source'](['-DOPENSSL_NO_DEPRECATED=1',
>>>> -                                '-DOPENSSL_NO_EC_NISTP_64_GCC_128=1',
>>>> +        mm.generator['source'](['-DOPENSSL_NO_EC_NISTP_64_GCC_128=1',
>>>>                                  '-DOPENSSL_NO_GMP=1',
>>>>                                  '-DOPENSSL_NO_JPAKE=1',
>>>>                                  '-DOPENSSL_NO_LIBUNBOUND=1',
>>>> diff --git a/libbsd_waf.py b/libbsd_waf.py
>>>> index 7782bccb..745512bf 100644
>>>> --- a/libbsd_waf.py
>>>> +++ b/libbsd_waf.py
>>>> @@ -1317,7 +1317,7 @@ def build(bld):
>>>>                  features = "c",
>>>>                  cflags = cflags,
>>>>                  includes = ['freebsd/crypto', 'freebsd/crypto/openssl', 'freebsd/crypto/openssl/crypto', 'freebsd/crypto/openssl/crypto/asn1', 'freebsd/crypto/openssl/crypto/evp', 'freebsd/crypto/openssl/crypto/modes'] + includes,
>>>> -                defines = defines + ['NO_WINDOWS_BRAINDEATH=1', 'OPENSSL_DISABLE_OLD_DES_SUPPORT=1', 'OPENSSL_NO_DEPRECATED=1', 'OPENSSL_NO_EC_NISTP_64_GCC_128=1', 'OPENSSL_NO_GMP=1', 'OPENSSL_NO_JPAKE=1', 'OPENSSL_NO_LIBUNBOUND=1', 'OPENSSL_NO_MD2=1', 'OPENSSL_NO_RC5=1', 'OPENSSL_NO_RFC3779=1', 'OPENSSL_NO_SCTP=1', 'OPENSSL_NO_SSL2=1', 'OPENSSL_NO_SSL_TRACE=1', 'OPENSSL_NO_STORE=1', 'OPENSSL_NO_UNIT_TEST=1', 'OPENSSL_NO_WEAK_SSL_CIPHERS=1'],
>>>> +                defines = defines + ['NO_WINDOWS_BRAINDEATH=1', 'OPENSSL_DISABLE_OLD_DES_SUPPORT=1', 'OPENSSL_NO_EC_NISTP_64_GCC_128=1', 'OPENSSL_NO_GMP=1', 'OPENSSL_NO_JPAKE=1', 'OPENSSL_NO_LIBUNBOUND=1', 'OPENSSL_NO_MD2=1', 'OPENSSL_NO_RC5=1', 'OPENSSL_NO_RFC3779=1', 'OPENSSL_NO_SCTP=1', 'OPENSSL_NO_SSL2=1', 'OPENSSL_NO_SSL_TRACE=1', 'OPENSSL_NO_STORE=1', 'OPENSSL_NO_UNIT_TEST=1', 'OPENSSL_NO_WEAK_SSL_CIPHERS=1'],
>>>>                  source = objs04_source)
>>>>      libbsd_use += ["objs04"]
>>>>
>>>> --
>>>> 2.13.6
>>>>
>>>> _______________________________________________
>>>> devel mailing list
>>>> devel at rtems.org
>>>> http://lists.rtems.org/mailman/listinfo/devel
>>
>
> --
> --------------------------------------------
> embedded brains GmbH
> Herr Christian Mauderer
> Dornierstr. 4
> D-82178 Puchheim
> Germany
> email: christian.mauderer at embedded-brains.de
> Phone: +49-89-18 94 741 - 18
> Fax:   +49-89-18 94 741 - 08
> PGP: Public key available on request.
>
> Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG.



More information about the devel mailing list