building openssl-1.1.1d with "enable-deprecated"

Matt Caswell matt at
Mon Sep 16 15:38:03 UTC 2019

On 16/09/2019 16:26, Peter Sui wrote:
> Hi Matt, 
>        I said " It does not work" means, after I build the open-ssl1.1.1d with
> or without the "enable-deprecated" configuration, then use the library, header
> files in my application as before with the older version(1.0.2t), then my build
> failed, the errors are like:
> Error C3861 'HMAC_CTX_init': identifier not found
> Error C3861 'HMAC_CTX_cleanup': identifier not found
> and more related to some struct def difference.
> But as I imagine, it should not happen, right ?

Ah - right. I understand your problem.

1.1.x is not source compatible with 1.0.x regardless of enabling/disabling
deprecated functions. Some stuff just changed. Importantly most structures
became opaque, so it is no longer possible to access the internal fields.

An implication of this is that you can longer stack allocate objects based on
these structures any more (because the compiler knows nothing about the size of
the structure).

So instead of this:

	HMAC_CTX ctx;

You instead have to declare it as a pointer:

	HMAC_CTX *ctx;

Then you allocate a ctx like this:

	ctx = HMAC_CTX_new();

And later free it:


The same thing applies to lots of other structures.

Since it is no longer possible to stack allocate an HMAC_CTX this makes
functions like HMAC_CTX_init() and HMAC_CTX_cleanup() redundant because they
only make sense when working with stack allocated structures - therefore they
were removed completely.


> Peter
> On Mon, Sep 16, 2019 at 11:17 AM Michael Wojcik <Michael.Wojcik at
> <mailto:Michael.Wojcik at>> wrote:
>     Matt has answered the main question, but as an aside:
>     -D"_CRT_SECURE_NO_DEPRECATE" suppresses warning messages from Microsoft's
>     Visual C compiler for using various standard C library functions, rather
>     than using the optional "secure" ones (a misnomer, as they are at best
>     somewhat easier to use safely) added with C99 (in Appendix K of the C
>     standard, I think; I'm traveling and don't have my copy handy). It has
>     nothing to do with OpenSSL APIs, deprecated or otherwise; it just reduces
>     noise from the Microsoft compiler.

More information about the openssl-users mailing list