Description
Hello!
TLTR, my main question is :
Is the SDK compatible with OpenSSL 3.x.x, if not, is it going to be compatible ? I'm asking because OpenSSL 1.1.x End Of Life is in September 2023, and I could not make the sdk work with OpenSSL 3.x.x.
Details & additional issues :
I started yesterday to implement the SDK following the Windows instructions, but I run into several issues, mainly related to OpenSSL. I'm sharing here the errors I had, the solutions I may have found and the questions I have.
OpenSSL 3
The documentation said "OpenSSL 1.0.2 or newer, or 1.1.0 or newer".
I now suppose this line means that OpenSSL 3.x.x is not compatible, but I tried anyway with the 3.x.x version and I got errors like this :
C:\DATA\aws-encryption-sdk-c\source\cipher_openssl.c(102,13): warning C4996: 'EVP_PKEY_get0_EC_KEY': Since OpenSSL 3.0 [C:\DATA\aws-encryption-sdk-c-build\Release\aws-encryption-sdk.vcxproj]
1) Is OpenSSL 3.x.x supposed to be compatible? If yes, I cannot build the solution because the warning is considered as an error.
2) If it's not suppose to be compatible, using the vcpkg current version won't work because "vcpkg install curl:x64-windows openssl:x64-windows" installs the 3.x.x version of OpenSSL.
3) OpenSSL 1.1.1 End of life is in September 2023. Is it in the roadmap to be compatible with OpenSSL 3.x.x ? I'm using the SDK for production code, and this may prevent me to use the SDK.
OpenSSL 1.1
So I tried using OpenSSL 1.1.1u instead, using
-DBUILD_AWS_ENC_SDK_CPP=ON -DOPENSSL_ROOT_DIR="C:/DATA/openssl-1.1.1u-build/openssl-1.1/x64" -DOPENSSL_INCLUDE_DIR="C:/DATA/openssl-1.1.1u-build/openssl-1.1/x64/include" -DOPENSSL_LIBRARIES="C:/DATA/openssl-1.1.1u-build/openssl-1.1/x64/lib"
instead of
-DCMAKE_TOOLCHAIN_FILE="C:\DATA\vcpkg\scripts\buildsystems\vcpkg.cmake"
Then I had this error :
C:\DATA\aws-encryption-sdk-c\source\cipher_openssl.c(646,18): error C2220: the following warning is treated as an error [C:\DATA\aws-encryption-sdk-c-build\Release\aws-encryption-sdk.vcxproj]
C:\DATA\aws-encryption-sdk-c\source\cipher_openssl.c(646,18): warning C4013: 'BN_clear_free' undefined; assuming extern returning int [C:\DATA\aws-encryption-sdk-c-build\Release\aws-encryption-sdk.vcxproj]
To fix it I added #include <openssl/bn.h> to cipher_openssl.c. But that does not feel right that I needed to do that.
4) Is my fix alright ? is it a problem with my OpenSSL version ?
Other issues
This is just for information. I don't know if those errors are related to a bad set up on my side or not.
When building, I had this error :
AWS SDK for C++ headers found, but we were unable to locate the binaries.
So in CMakeCache.txt , I replaced AWSSDK_CORE_LIB_FILE:FILEPATH value with this :
AWSSDK_CORE_LIB_FILE:FILEPATH=C:/DATA/aws-sdk-cpp-build/Release/src/aws-cpp-sdk-core/Release/aws-cpp-sdk-core.lib
Finally I had this error, but I just ignored it, because the sdk worked.
C:\DATA\aws-encryption-sdk-c\tests\integration\t_local_cache_threading.c(92,27): error C2065: 'CRYPTO_LOCK': undeclared identifier [C:\DATA\aws-encryption-sdk-c-build\Rel
ease\tests\test_local_cache_threading.vcxproj]
C:\DATA\aws-encryption-sdk-c\tests\integration\t_local_cache_threading.c(105,28): warning C4013: 'ERR_load_crypto_strings' undefined; assuming extern returning int [C:\DA
TA\aws-encryption-sdk-c-build\Release\tests\test_local_cache_threading.vcxproj]
Thanks a lot for any help/advice/insight !