[FS#990] openvpn-openssl does not build without deprecated OpenSSL API

LEDE Bugs lede-bugs at lists.infradead.org
Mon Aug 28 09:34:25 PDT 2017 

A new Flyspray task has been opened.  Details are below. 

User who did this - Nathaniel Wesley Filardo (nwf) 

Attached to Project - LEDE Project
Summary - openvpn-openssl does not build without deprecated OpenSSL API
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - Trunk
Due in Version - Undecided
Due Date - Undecided
Details - With LEDE HEAD (4b3ffecf2bbbfb8df618314e5bec52659b648fac) and no CONFIG_OPENSSL_WITH_DEPRECATED, I get


ccache_cc -DHAVE_CONFIG_H -I. -I../.. -I../../include  -I../../include -I../../src/compat -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/usr/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-
mips_24kc_gcc-5.4.0_musl/include/fortify -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/include   -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/include   -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/include -DPLUGIN_LIBDIR=\"/usr/lib/openvpn/plugins\"  -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc -fno-caller
-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -msoft-float -mips16 -minterlink-mips16 -iremap/tank/openwrt/scratch/builder-usbnetgw/build_dir/target-mips_24kc_musl/openvpn-openssl/openvpn-2.4.3:openvpn-2.4.3 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -ffunction-sections -fdata-sections  -std=c99 -MT crypto_openssl.o -MD -MP
-MF .deps/crypto_openssl.Tpo -c -o crypto_openssl.o crypto_openssl.c
In file included from syshead.h:182:0,
                 from crypto_openssl.c:35:
/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/include/sys/poll.h:1:2: warning: #warning redirecting incorrect #include  to  [-Wcpp]
 #warning redirecting incorrect #include  to 
  ^
In file included from crypto_openssl.c:44:0:
openssl_compat.h: In function 'RSA_set_flags':
openssl_compat.h:326:12: error: dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}'
         rsa->flags = flags;
            ^
openssl_compat.h: In function 'RSA_get0_key':
openssl_compat.h:346:23: error: dereferencing pointer to incomplete type 'RSA {aka const struct rsa_st}'
         *n = rsa ? rsa->n : NULL;
                       ^
openssl_compat.h: In function 'RSA_set0_key':
openssl_compat.h:380:9: warning: implicit declaration of function 'BN_free' [-Wimplicit-function-declaration]
         BN_free(rsa->n);
         ^
openssl_compat.h: In function 'RSA_bits':
openssl_compat.h:410:16: warning: implicit declaration of function 'BN_num_bits' [-Wimplicit-function-declaration]
     return n ? BN_num_bits(n) : 0;
                ^
openssl_compat.h: In function 'DSA_get0_pqg':
openssl_compat.h:429:23: error: dereferencing pointer to incomplete type 'DSA {aka const struct dsa_st}'
         *p = dsa ? dsa->p : NULL;
                       ^
In file included from crypto_openssl.c:40:0:
openssl_compat.h: In function 'RSA_meth_new':
openssl_compat.h:470:31: error: invalid application of 'sizeof' to incomplete type 'RSA_METHOD {aka struct rsa_meth_st}'
     ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD);
                               ^
buffer.h:1014:61: note: in definition of macro 'ALLOC_OBJ'
         check_malloc_return((dptr) = (type *) malloc(sizeof(type))); \
                                                             ^
openssl_compat.h:470:5: note: in expansion of macro 'ALLOC_OBJ_CLEAR'
     ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD);
     ^
openssl_compat.h:470:31: error: invalid application of 'sizeof' to incomplete type 'RSA_METHOD {aka struct rsa_meth_st}'
     ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD);
                               ^
buffer.h:1020:34: note: in definition of macro 'ALLOC_OBJ_CLEAR'
         memset((dptr), 0, sizeof(type)); \
                                  ^
In file included from crypto_openssl.c:44:0:
openssl_compat.h:471:13: error: dereferencing pointer to incomplete type 'RSA_METHOD {aka struct rsa_meth_st}'
     rsa_meth->name = string_alloc(name, NULL);
             ^
Makefile:672: recipe for target 'crypto_openssl.o' failed
make[7]: *** [crypto_openssl.o] Error 1


This looks to be due to incomplete backports of openssl1.1 changes into 1.0.2l (or earlier 1.0 releases, I'm not sure).  In particular, many of these pieces of code are guarded by #ifdef HAVE_... tests which are currently evaluating to false.  For example,
HAVE_DSA_GET0_PQG is unset because


configure:16116: checking for DSA_get0_pqg
configure:16116: ccache_cc -o conftest -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -msoft-float -mips16 -minterlink-mips16 -iremap/tank/openwrt/scratch/builder-usbnetgw/build_dir/target-mips_24kc_musl/openvpn-openssl/openvpn-2.4.3:openvpn-2.4.3 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -ffunction-sections -fdata-sections  -std=c99 -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/usr/include -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/include/fortify -I/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/include  -L/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/lib -L/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/lib -L/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/usr/lib -L/tank/openwrt/scratch/builder-usbnetgw/staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl/lib -znow -zrelro -Wl,--gc-sections  conftest.c  -L/tank/openwrt/scratch/builder-usbnetgw/staging_dir/target-mips_24kc_musl/usr/lib -lcrypto -lssl >&5
/tmp/cczFWI5b.o: In function `main':
conftest.c:(.text.startup.main+0x2): undefined reference to `DSA_get0_pqg'


More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=990

More information about the lede-bugs mailing list