openvpn-openssl does not build without deprecated OpenSSL API
Username: Nathaniel Wesley Filardo
Origin: https://bugs.openwrt.org/index.php?do=details&task_id=990
With LEDE HEAD (4b3ffecf) and no CONFIG_OPENSSL_WITH_DEPRECATED, I get
ccache_cc -DHAVE_CONFIG_H -I. -I../.. -I../../include -I../../include -I../../src/compat -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/usr/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-
mips_24kc_gcc-5.4.0_musl/include/fortify -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/include -DPLUGIN_LIBDIR="/usr/lib/openvpn/plugins" -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc -fno-caller
-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -msoft-float -mips16 -minterlink-mips16 -iremap/tank/openwrt/scratch/builder-usbnetgw/build_dir/target-mips_24kc_musl/openvpn-openssl/openvpn-2.4.3:openvpn-2.4.3 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -ffunction-sections -fdata-sections -std=c99 -MT crypto_openssl.o -MD -MP
-MF .deps/crypto_openssl.Tpo -c -o crypto_openssl.o crypto_openssl.c
In file included from syshead.h:182:0,
from crypto_openssl.c:35:
/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/include/sys/poll.h:1:2: warning: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Wcpp]
#warning redirecting incorrect #include <sys/poll.h> to <poll.h>
^
In file included from crypto_openssl.c:44:0:
openssl_compat.h: In function 'RSA_set_flags':
openssl_compat.h:326:12: error: dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}'
rsa->flags = flags;
^
openssl_compat.h: In function 'RSA_get0_key':
openssl_compat.h:346:23: error: dereferencing pointer to incomplete type 'RSA {aka const struct rsa_st}'
*n = rsa ? rsa->n : NULL;
^
openssl_compat.h: In function 'RSA_set0_key':
openssl_compat.h:380:9: warning: implicit declaration of function 'BN_free' [-Wimplicit-function-declaration]
BN_free(rsa->n);
^
openssl_compat.h: In function 'RSA_bits':
openssl_compat.h:410:16: warning: implicit declaration of function 'BN_num_bits' [-Wimplicit-function-declaration]
return n ? BN_num_bits(n) : 0;
^
openssl_compat.h: In function 'DSA_get0_pqg':
openssl_compat.h:429:23: error: dereferencing pointer to incomplete type 'DSA {aka const struct dsa_st}'
*p = dsa ? dsa->p : NULL;
^
In file included from crypto_openssl.c:40:0:
openssl_compat.h: In function 'RSA_meth_new':
openssl_compat.h:470:31: error: invalid application of 'sizeof' to incomplete type 'RSA_METHOD {aka struct rsa_meth_st}'
ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD);
^
buffer.h:1014:61: note: in definition of macro 'ALLOC_OBJ'
check_malloc_return((dptr) = (type *) malloc(sizeof(type)));
^
openssl_compat.h:470:5: note: in expansion of macro 'ALLOC_OBJ_CLEAR'
ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD);
^
openssl_compat.h:470:31: error: invalid application of 'sizeof' to incomplete type 'RSA_METHOD {aka struct rsa_meth_st}'
ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD);
^
buffer.h:1020:34: note: in definition of macro 'ALLOC_OBJ_CLEAR'
memset((dptr), 0, sizeof(type));
^
In file included from crypto_openssl.c:44:0:
openssl_compat.h:471:13: error: dereferencing pointer to incomplete type 'RSA_METHOD {aka struct rsa_meth_st}'
rsa_meth->name = string_alloc(name, NULL);
^
Makefile:672: recipe for target 'crypto_openssl.o' failed
make[7]: *** [crypto_openssl.o] Error 1
This looks to be due to incomplete backports of openssl1.1 changes into 1.0.2l (or earlier 1.0 releases, I’m not sure). In particular, many of these pieces of code are guarded by #ifdef HAVE_... tests which are currently evaluating to false. For example,
HAVE_DSA_GET0_PQG is unset because
configure:16116: checking for DSA_get0_pqg
configure:16116: ccache_cc -o conftest -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -msoft-float -mips16 -minterlink-mips16 -iremap/tank/openwrt/scratch/builder-usbnetgw/build_dir/target-mips_24kc_musl/openvpn-openssl/openvpn-2.4.3:openvpn-2.4.3 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -ffunction-sections -fdata-sections -std=c99 -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/usr/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/include/fortify -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/include -L/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/lib -L/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/lib -L/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/usr/lib -L/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/lib -znow -zrelro -Wl,–gc-sections conftest.c -L/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/lib -lcrypto -lssl >&5
/tmp/cczFWI5b.o: In function `main’:
conftest.c:(.text.startup.main+0×2): undefined reference to `DSA_get0_pqg’