OpenSSL 1.1.0-dev change: builds without deprecated functions by default
Due to the following OpenSSL change:
*) config has been changed so that by default OPENSSL_NO_DEPRECATED is used. Access to deprecated functions can be re-enabled by running config with "enable-deprecated". In addition applications wishing to use deprecated functions must define OPENSSL_USE_DEPRECATED. Note that this new behaviour will, by default, disable some transitive includes that previously existed in the header files (e.g. ec.h will no longer, by default, include bn.h) [Matt Caswell]
Building tor git with the latest OpenSSL 1.1.0-dev git causes the following errors on OS X with clang (edited for brevity):
CC src/common/tortls.o src/common/crypto.c:408:3: error: implicit declaration of function 'ERR_remove_state' is invalid in C99 ERR_remove_state(0); src/common/crypto.c:1783:19: error: implicit declaration of function 'DH_generate_parameters' is invalid in C99 dh_parameters = DH_generate_parameters(DH_BYTES*8, DH_GENERATOR, NULL, NULL); src/common/crypto.c:1783:19: note: did you mean 'DH_generate_parameters_ex'? /test/tor/openssl-install-x86_64/include/openssl/dh.h:213:5: note: 'DH_generate_parameters_ex' declared here int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, B... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC src/trunnel/pwbox.o src/common/crypto.c:3131:3: error: implicit declaration of function 'CRYPTO_set_id_callback' is invalid in C99 CRYPTO_set_id_callback(tor_get_thread_id); 4 errors generated. make: *** [src/common/crypto.o] Error 1 src/common/tortls.c:675:27: error: implicit declaration of function 'BN_bin2bn' is invalid in C99 if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp), NULL))) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/common/tortls.c:713:5: error: implicit declaration of function 'BN_clear_free' is invalid in C99 BN_clear_free(serial_number); src/common/tortls.c:1069:16: error: implicit declaration of function 'BN_num_bits' is invalid in C99 if (rsa && BN_num_bits(rsa->n) == 1024) src/common/tortls.c:1069:31: error: incomplete definition of type 'struct rsa_st' if (rsa && BN_num_bits(rsa->n) == 1024) /test/tor/openssl-install-x86_64/include/openssl/ossl_typ.h:147:16: note: forward declaration of 'struct rsa_st' typedef struct rsa_st RSA; src/common/tortls.c:1072:7: error: implicit declaration of function 'RSA_free' is invalid in C99 RSA_free(rsa); src/common/tortls.c:1072:7: note: did you mean 'SSL_free'? /test/tor/openssl-install-x86_64/include/openssl/ssl.h:2201:6: note: 'SSL_free' declared here void SSL_free(SSL *ssl);
Building OpenSSL with
./Configure enable-deprecated and including
-DOPENSSL_USE_DEPRECATED in the CPPFLAGS seems to require a few tries to actually work. (I don't think it likes parallel builds.)
Building tor with this new version then works fine.
~~ causes a linker error: ~~ (This is actually due to OpenSSL not working with parallel builds.)
Undefined symbols for architecture x86_64: "_EVP_aes_128_ctr", referenced from: _aes_new_cipher in libor-crypto.a(aes.o)
We should probably fix this by 0.2.6-final, otherwise it won't be able to be built with OpenSSL 1.1.0 dev out of the box.
But how are we going to cope with platforms that build OpenSSL without deprecated functions?
#if OPENSSL_USE_DEPRECATEDs in the code?
Advise them not to?
It seems like this change could cause a huge mess.