I was compiling some ‘C’ code that uses openssl under Fedora 27 (version 1.1.0g-1). I made some needed changes (from the 1.0.2 version of my code) and things now compile o.k. again.
I then tried to compile with the option “OPENSSL_API_COMPAT=0x10100000L” which I understand causes the compiler to not include APIs deprecated in openssl version 1.1.
Now, my code won’t compile and seems to not find the definitions of things like BN_bin2bn() and BN_free().
Looking at the headers, /usr/include/openssl/dh.h doesn’t even include bn.h at all with this option set.
So, are the BN_xxxx functions now all deprecated in 1.1?
Looking at the openssl 1.1 documents in places like https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes doesn’t mention this being the case.
The description of BN_bin2bn() at https://www.openssl.org/docs/man1.1.0/crypto/BN_bin2bn.html doesn’t indicate this as deprecated as far as I can see.
Am I missing something? If these functions are deprecated, I would like to know what I’m supposed to use instead (for dh.h things, etc.).
Thanks;
…..c:927:8: error: implicit declaration of function ‘BN_bin2bn’; did you mean ‘OBJ_nid2sn’? [-Werror=implicit-function-declaration]
p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL); ^~~~~~~~~
Advertisement
Answer
The BN functions are still present and non-deprecated. Check out the lack of relevant #ifs preceding line 180 in https://github.com/openssl/openssl/blob/OpenSSL_1_1_0-stable/include/openssl/bn.h
Looks like they must’ve just done some header-refactoring to eliminate header coupling. In fact, in the dh header for 1.1 we now see
# if OPENSSL_API_COMPAT < 0x10100000L # include <openssl/bn.h> # endif
at line 20 in https://github.com/openssl/openssl/blob/OpenSSL_1_1_0-stable/include/openssl/dh.h. So moving forward they don’t include the bignum header automatically. This sounds exactly like improving the header coupling.
Try explicitly adding #include <openssl/bn.h> after your include of dh.h.