BUILD: ssl: eliminate warning with OpenSSL 1.1.0 regarding RAND_pseudo_bytes()

This function was deprecated in 1.1.0 causing this warning : src/ssl_sock.c:551:3: warning: 'RAND_pseudo_bytes' is deprecated (declared at /opt/openssl-1.1.0/include/openssl/rand.h:47) [-Wdeprecated-declarations] The man suggests to use RAND_bytes() instead. While the return codes differ, it turns out that the function was already misused and was relying on RAND_bytes() return code instead. The patch was tested on 0.9.8, 1.0.0, 1.0.1, 1.0.2 and 1.1.0. This fix must be backported to 1.7 and the return code check should be backported to earlier versions if relevant.
2017-01-19 17:10:54 +01:00 · 2017-01-19 17:10:54 +01:00 · 77d88da7e1
commit 77d88da7e1
parent a4fb8ed1f2
1 changed files with 11 additions and 0 deletions
--- a/include/proto/openssl-compat.h
+++ b/include/proto/openssl-compat.h
@ -171,4 +171,15 @@ static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
 #define ERR_remove_state(x)
 #endif

+
+/* RAND_pseudo_bytes() is deprecated in 1.1.0 in favor of RAND_bytes(). Note
+ * that the return codes differ, but it happens that the only use case (ticket
+ * key update) was already wrong, considering a non-cryptographic random as a
+ * failure.
+ */
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#undef  RAND_pseudo_bytes
+#define RAND_pseudo_bytes(x,y) RAND_bytes(x,y)
+#endif
+
 #endif /* _PROTO_OPENSSL_COMPAT_H */