OpenSSL 1.1.0-dev change: builds without deprecated functions by default
Due to the following OpenSSL change:
*) config has been changed so that by default OPENSSL_NO_DEPRECATED is used.
Access to deprecated functions can be re-enabled by running config with
"enable-deprecated". In addition applications wishing to use deprecated
functions must define OPENSSL_USE_DEPRECATED. Note that this new behaviour
will, by default, disable some transitive includes that previously existed
in the header files (e.g. ec.h will no longer, by default, include bn.h)
[Matt Caswell]
Building tor git with the latest OpenSSL 1.1.0-dev git causes the following errors on OS X with clang (edited for brevity):
CC src/common/tortls.o
src/common/crypto.c:408:3: error: implicit declaration of function
'ERR_remove_state' is invalid in C99
ERR_remove_state(0);
src/common/crypto.c:1783:19: error: implicit declaration of function
'DH_generate_parameters' is invalid in C99
dh_parameters = DH_generate_parameters(DH_BYTES*8, DH_GENERATOR, NULL, NULL);
src/common/crypto.c:1783:19: note: did you mean 'DH_generate_parameters_ex'?
/test/tor/openssl-install-x86_64/include/openssl/dh.h:213:5: note:
'DH_generate_parameters_ex' declared here
int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, B...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CC src/trunnel/pwbox.o
src/common/crypto.c:3131:3: error: implicit declaration of function
'CRYPTO_set_id_callback' is invalid in C99
CRYPTO_set_id_callback(tor_get_thread_id);
4 errors generated.
make[1]: *** [src/common/crypto.o] Error 1
src/common/tortls.c:675:27: error: implicit declaration of function 'BN_bin2bn'
is invalid in C99
if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp), NULL)))
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/common/tortls.c:713:5: error: implicit declaration of function
'BN_clear_free' is invalid in C99
BN_clear_free(serial_number);
src/common/tortls.c:1069:16: error: implicit declaration of function
'BN_num_bits' is invalid in C99
if (rsa && BN_num_bits(rsa->n) == 1024)
src/common/tortls.c:1069:31: error: incomplete definition of type
'struct rsa_st'
if (rsa && BN_num_bits(rsa->n) == 1024)
/test/tor/openssl-install-x86_64/include/openssl/ossl_typ.h:147:16: note:
forward declaration of 'struct rsa_st'
typedef struct rsa_st RSA;
src/common/tortls.c:1072:7: error: implicit declaration of function 'RSA_free'
is invalid in C99
RSA_free(rsa);
src/common/tortls.c:1072:7: note: did you mean 'SSL_free'?
/test/tor/openssl-install-x86_64/include/openssl/ssl.h:2201:6: note: 'SSL_free'
declared here
void SSL_free(SSL *ssl);
Building OpenSSL with ./Configure enable-deprecated
and including -DOPENSSL_USE_DEPRECATED
in the CPPFLAGS seems to require a few tries to actually work. (I don't think it likes parallel builds.)
Building tor with this new version then works fine.
~~ causes a linker error: ~~ (This is actually due to OpenSSL not working with parallel builds.)
Undefined symbols for architecture x86_64:
"_EVP_aes_128_ctr", referenced from:
_aes_new_cipher in libor-crypto.a(aes.o)
We should probably fix this by 0.2.6-final, otherwise it won't be able to be built with OpenSSL 1.1.0 dev out of the box.
But how are we going to cope with platforms that build OpenSSL without deprecated functions?
Conditionalise on #if OPENSSL_USE_DEPRECATED
s in the code?
Advise them not to?
It seems like this change could cause a huge mess.