#1589 util.hashes uses HMAC method deprecated in OpenSSL 3.0.0
Reporter
Zash
Owner
Nobody
Created
Updated
Stars
★ (1)
Tags
Status-Fixed
Type-Enhancement
OpenSSL
Priority-Medium
Patch
Zash
on
Build with libssl-dev 3.0.0~~alpha4-1 from Debian experimental
hashes.c: In function ‘Lhmac_sha1’:
hashes.c:97:1: warning: ‘HMAC’ is deprecated [-Wdeprecated-declarations]
MAKE_HMAC_FUNCTION(Lhmac_sha1, EVP_sha1, SHA_DIGEST_LENGTH, SHA_CTX)
^~~~~~~~~~~~~~~~~~
In file included from /usr/include/openssl/opensslv.h:109,
from /usr/include/openssl/macros.h:11,
from /usr/include/x86_64-linux-gnu/openssl/opensslconf.h:14,
from /usr/include/openssl/macros.h:10,
from /usr/include/openssl/sha.h:14,
from hashes.c:26:
/usr/include/openssl/hmac.h:45:1: note: declared here
DEPRECATEDIN_3_0(unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
^~~~~~~~~~~~~~~~
hashes.c: In function ‘Lhmac_sha256’:
hashes.c:98:1: warning: ‘HMAC’ is deprecated [-Wdeprecated-declarations]
MAKE_HMAC_FUNCTION(Lhmac_sha256, EVP_sha256, SHA256_DIGEST_LENGTH, SHA256_CTX)
^~~~~~~~~~~~~~~~~~
In file included from /usr/include/openssl/opensslv.h:109,
from /usr/include/openssl/macros.h:11,
from /usr/include/x86_64-linux-gnu/openssl/opensslconf.h:14,
from /usr/include/openssl/macros.h:10,
from /usr/include/openssl/sha.h:14,
from hashes.c:26:
/usr/include/openssl/hmac.h:45:1: note: declared here
DEPRECATEDIN_3_0(unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
^~~~~~~~~~~~~~~~
hashes.c: In function ‘Lhmac_sha512’:
hashes.c:99:1: warning: ‘HMAC’ is deprecated [-Wdeprecated-declarations]
MAKE_HMAC_FUNCTION(Lhmac_sha512, EVP_sha512, SHA512_DIGEST_LENGTH, SHA512_CTX)
^~~~~~~~~~~~~~~~~~
In file included from /usr/include/openssl/opensslv.h:109,
from /usr/include/openssl/macros.h:11,
from /usr/include/x86_64-linux-gnu/openssl/opensslconf.h:14,
from /usr/include/openssl/macros.h:10,
from /usr/include/openssl/sha.h:14,
from hashes.c:26:
/usr/include/openssl/hmac.h:45:1: note: declared here
DEPRECATEDIN_3_0(unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
^~~~~~~~~~~~~~~~
hashes.c: In function ‘Lhmac_md5’:
hashes.c:100:1: warning: ‘HMAC’ is deprecated [-Wdeprecated-declarations]
MAKE_HMAC_FUNCTION(Lhmac_md5, EVP_md5, MD5_DIGEST_LENGTH, MD5_CTX)
^~~~~~~~~~~~~~~~~~
In file included from /usr/include/openssl/opensslv.h:109,
from /usr/include/openssl/macros.h:11,
from /usr/include/x86_64-linux-gnu/openssl/opensslconf.h:14,
from /usr/include/openssl/macros.h:10,
from /usr/include/openssl/sha.h:14,
from hashes.c:26:
/usr/include/openssl/hmac.h:45:1: note: declared here
DEPRECATEDIN_3_0(unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
^~~~~~~~~~~~~~~~
Zash
on
Wrote a patch for using what I believe are the recommended modern methods, but it failed to build on CentOS 7 and some other distributions due to using functions that are only in some newer OpenSSL (1.1.0 or somesuch).
Since these are only deprecation warnings and the functions are not to be removed yet, there is no rush so going to hold off on this a while.
Patch in timber for now.
Build with libssl-dev 3.0.0~~alpha4-1 from Debian experimental hashes.c: In function ‘Lhmac_sha1’: hashes.c:97:1: warning: ‘HMAC’ is deprecated [-Wdeprecated-declarations] MAKE_HMAC_FUNCTION(Lhmac_sha1, EVP_sha1, SHA_DIGEST_LENGTH, SHA_CTX) ^~~~~~~~~~~~~~~~~~ In file included from /usr/include/openssl/opensslv.h:109, from /usr/include/openssl/macros.h:11, from /usr/include/x86_64-linux-gnu/openssl/opensslconf.h:14, from /usr/include/openssl/macros.h:10, from /usr/include/openssl/sha.h:14, from hashes.c:26: /usr/include/openssl/hmac.h:45:1: note: declared here DEPRECATEDIN_3_0(unsigned char *HMAC(const EVP_MD *evp_md, const void *key, ^~~~~~~~~~~~~~~~ hashes.c: In function ‘Lhmac_sha256’: hashes.c:98:1: warning: ‘HMAC’ is deprecated [-Wdeprecated-declarations] MAKE_HMAC_FUNCTION(Lhmac_sha256, EVP_sha256, SHA256_DIGEST_LENGTH, SHA256_CTX) ^~~~~~~~~~~~~~~~~~ In file included from /usr/include/openssl/opensslv.h:109, from /usr/include/openssl/macros.h:11, from /usr/include/x86_64-linux-gnu/openssl/opensslconf.h:14, from /usr/include/openssl/macros.h:10, from /usr/include/openssl/sha.h:14, from hashes.c:26: /usr/include/openssl/hmac.h:45:1: note: declared here DEPRECATEDIN_3_0(unsigned char *HMAC(const EVP_MD *evp_md, const void *key, ^~~~~~~~~~~~~~~~ hashes.c: In function ‘Lhmac_sha512’: hashes.c:99:1: warning: ‘HMAC’ is deprecated [-Wdeprecated-declarations] MAKE_HMAC_FUNCTION(Lhmac_sha512, EVP_sha512, SHA512_DIGEST_LENGTH, SHA512_CTX) ^~~~~~~~~~~~~~~~~~ In file included from /usr/include/openssl/opensslv.h:109, from /usr/include/openssl/macros.h:11, from /usr/include/x86_64-linux-gnu/openssl/opensslconf.h:14, from /usr/include/openssl/macros.h:10, from /usr/include/openssl/sha.h:14, from hashes.c:26: /usr/include/openssl/hmac.h:45:1: note: declared here DEPRECATEDIN_3_0(unsigned char *HMAC(const EVP_MD *evp_md, const void *key, ^~~~~~~~~~~~~~~~ hashes.c: In function ‘Lhmac_md5’: hashes.c:100:1: warning: ‘HMAC’ is deprecated [-Wdeprecated-declarations] MAKE_HMAC_FUNCTION(Lhmac_md5, EVP_md5, MD5_DIGEST_LENGTH, MD5_CTX) ^~~~~~~~~~~~~~~~~~ In file included from /usr/include/openssl/opensslv.h:109, from /usr/include/openssl/macros.h:11, from /usr/include/x86_64-linux-gnu/openssl/opensslconf.h:14, from /usr/include/openssl/macros.h:10, from /usr/include/openssl/sha.h:14, from hashes.c:26: /usr/include/openssl/hmac.h:45:1: note: declared here DEPRECATEDIN_3_0(unsigned char *HMAC(const EVP_MD *evp_md, const void *key, ^~~~~~~~~~~~~~~~
Wrote a patch for using what I believe are the recommended modern methods, but it failed to build on CentOS 7 and some other distributions due to using functions that are only in some newer OpenSSL (1.1.0 or somesuch). Since these are only deprecation warnings and the functions are not to be removed yet, there is no rush so going to hold off on this a while. Patch in timber for now.
ChangesMethod changed in https://hg.prosody.im/trunk/rev/1e41dd0f8353 but can't find a source for HMAC being deprecated. This change also seems to have made it slower.
Changes