Details
-
Improvement
-
Resolution: Fixed
-
Minor
-
None
-
9223372036854775807
Description
While building gss/sk_utils.c with OpenSSL 3.0.x and gcc 11 on Ubuntu 22.04, it failed with the following errors:
gss/sk_utils.c: In function 'sk_is_dh_valid':
gss/sk_utils.c:714:17: error: 'DH_check' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
714 | rc = DH_check(dh, &codes);
| ^~
In file included from gss/sk_utils.c:36:
/usr/include/openssl/dh.h:220:27: note: declared here
220 | OSSL_DEPRECATEDIN_3_0 int DH_check(const DH *dh, int *codes);
| ^~~~~~~~
gss/sk_utils.c:723:9: error: 'DH_get0_pqg' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
723 | DH_get0_pqg(dh, &p, NULL, &g);
| ^~~~~~~~~~~
In file included from gss/sk_utils.c:36:
/usr/include/openssl/dh.h:253:28: note: declared here
253 | OSSL_DEPRECATEDIN_3_0 void DH_get0_pqg(const DH *dh, const BIGNUM **p,
| ^~~~~~~~~~~
gss/sk_utils.c:747:9: error: 'BN_is_prime_ex' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
747 | rc = BN_is_prime_ex(p, num_rounds, ctx, NULL);
| ^~
In file included from /usr/include/openssl/asn1.h:33,
from /usr/include/openssl/dh.h:85,
from gss/sk_utils.c:36:
/usr/include/openssl/bn.h:373:5: note: declared here
373 | int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
| ^~~~~~~~~~~~~~
gss/sk_utils.c:759:9: error: 'BN_is_prime_ex' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
759 | rc = BN_is_prime_ex(r, num_rounds, ctx, NULL);
| ^~
In file included from /usr/include/openssl/asn1.h:33,
from /usr/include/openssl/dh.h:85,
from gss/sk_utils.c:36:
/usr/include/openssl/bn.h:373:5: note: declared here
373 | int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
| ^~~~~~~~~~~~~~
gss/sk_utils.c: In function 'sk_speedtest_dh_valid':
gss/sk_utils.c:809:9: error: 'DH_new' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
809 | dh = DH_new();
| ^~
In file included from gss/sk_utils.c:36:
/usr/include/openssl/dh.h:199:27: note: declared here
199 | OSSL_DEPRECATEDIN_3_0 DH *DH_new(void);
| ^~~~~~
gss/sk_utils.c:825:9: error: 'DH_set0_pqg' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
825 | if (!DH_set0_pqg(dh, p, NULL, g)) {
| ^~
In file included from gss/sk_utils.c:36:
/usr/include/openssl/dh.h:255:27: note: declared here
255 | OSSL_DEPRECATEDIN_3_0 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
| ^~~~~~~~~~~
gss/sk_utils.c:873:9: error: 'DH_free' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
873 | DH_free(dh);
| ^~~~~~~
<~snip~>
# gcc --version gcc (Ubuntu 11.2.0-19ubuntu1) 11.2.0 # openssl version OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
Attachments
Issue Links
- is related to
-
-
- Resolved
-
Activity
"Jian Yu <yujian@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/47739
Subject: LU-15896 gss: ignore OpenSSLv3 deprecated API
Project: fs/lustre-release
Branch: b2_15
Current Patch Set: 1
Commit: 254f1102c86347b7e9337c469df192f0d436b639
"Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/47717
Subject: LU-15896 gss: support OpenSSLv3
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 37c901e794f7cdd814436244ac68e93b8b3aea0b
"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/47485/
Subject: LU-15896 gss: ignore OpenSSLv3 deprecated API
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: ee60c14360839ab9955ff968d082dfdc269c05bf
"Sebastien Buisson <sbuisson@ddn.com>" uploaded a new patch: https://review.whamcloud.com/47485
Subject: LU-15896 gss: ignore OpenSSLv3 deprecated API
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 05d5b73ebb253c0e3ed5a7954b751ebbdb2d61bf
https://www.openssl.org/docs/man3.0/man7/migration_guide.html
OpenSSL has historically provided two sets of APIs for invoking cryptographic algorithms: the "high level" APIs (such as the EVP APIs) and the "low level" APIs. The high level APIs are typically designed to work across all algorithm types. The "low level" APIs are targeted at a specific algorithm implementation. For example, the EVP APIs provide the functions EVP_EncryptInit_ex(3), EVP_EncryptUpdate(3) and EVP_EncryptFinal(3) to perform symmetric encryption. Those functions can be used with the algorithms AES, CHACHA, 3DES etc. On the other hand, to do AES encryption using the low level APIs you would have to call AES specific functions such as AES_set_encrypt_key(3), AES_encrypt(3), and so on. The functions for 3DES are different. Use of the low level APIs has been informally discouraged by the OpenSSL development team for a long time. However in OpenSSL 3.0 this is made more formal. All such low level APIs have been deprecated. You may still use them in your applications, but you may start to see deprecation warnings during compilation (dependent on compiler support for this). Deprecated APIs may be removed from future versions of OpenSSL so you are strongly encouraged to update your code to use the high level APIs instead.
"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/47739/
Subject:
LU-15896gss: ignore OpenSSLv3 deprecated APIProject: fs/lustre-release
Branch: b2_15
Current Patch Set:
Commit: c5e282e51df4c8e99d35e7e17d5107f5aa0aafaa