compiler warnings with LibreSSL 3.7.3 (gcc 9, macOS, mingw-w64)

[vszakats]

gcc 9:
../../crypto/x509/x509_addr.c:732:9: warning: 'afi' may be used uninitialized in this function [-Wmaybe-uninitialized]

mingw-w64 llvm 16 when built against curl (8.2.1):
../../libressl/x64-ucrt/usr/include/openssl/ossl_typ.h:90:2: warning: #warning is a C2x extension [-Wpedantic]
../../libressl/x64-ucrt/usr/include/openssl/ossl_typ.h:90:2: warning: overriding WinCrypt defines [-W#warnings]
../../libressl/x64-ucrt/usr/include/openssl/x509.h:120:2: warning: #warning is a C2x extension [-Wpedantic]
../../libressl/x64-ucrt/usr/include/openssl/x509.h:120:2: warning: overriding WinCrypt defines [-W#warnings]
../../libressl/x64-ucrt/usr/include/openssl/pkcs7.h:77:2: warning: #warning is a C2x extension [-Wpedantic]
../../libressl/x64-ucrt/usr/include/openssl/pkcs7.h:77:2: warning: overriding WinCrypt defines [-W#warnings]

Apple clang 14 autotools with -mmacosx-version-min=10.13:
../../../apps/nc/netcat.c:470:8: warning: 'mktemp' is deprecated: This function is provided for compatibility reasons only.  Due to security concerns inherent in the design of mktemp(3), it is highly recommended that you use mkstemp(3) instead. [-Wdeprecated-declarations]

[note: strtonum is detected by ./configure, despite passing -mmacosx-version-min=10.13]
../../crypto/x509/x509_addr.c:1629:17: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]

../../../apps/ocspcheck/ocspcheck.c:169:8: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/asn1pars.c:96:13: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/asn1pars.c:110:15: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/asn1pars.c:344:8: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/apps.c:466:8: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/apps.c:1802:12: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/apps.c:2168:10: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/apps.c:2178:10: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/apps.c:2188:10: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/dsaparam.c:189:13: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/gendh.c:160:13: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/ocsp.c:230:14: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/ocsp.c:244:13: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/ocsp.c:263:21: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/ocsp.c:304:15: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/ocsp.c:326:20: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/ocsp.c:362:13: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/req.c:201:13: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/req.c:1600:12: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/req.c:1628:14: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/s_client.c:254:24: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/s_client.c:268:19: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/s_client.c:388:17: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/s_server.c:309:24: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/s_server.c:323:19: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/s_server.c:420:26: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/s_server.c:456:17: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/s_server.c:471:17: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/s_socket.c:315:6: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/speed.c:564:12: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/speed.c:2099:11: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/speed.c:2109:9: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/speed.c:2129:9: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/speed.c:2150:9: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/speed.c:2171:9: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/speed.c:2193:9: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/x509.c:217:20: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/x509.c:239:13: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/openssl/certhash.c:281:8: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/nc/netcat.c:224:12: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/nc/netcat.c:238:10: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/nc/netcat.c:243:13: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/nc/netcat.c:287:16: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/nc/netcat.c:292:14: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/nc/netcat.c:315:12: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/nc/netcat.c:321:12: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/nc/netcat.c:345:18: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
../../../apps/nc/netcat.c:1462:9: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]

[vszakats]

Tried fixing the strtonum issue with this workaround:

export ac_cv_func_strtonum='no'
./configure [...]

This fixes it running ¹ on older macOS versions by forcing the local implementation.
On the other hand it made warnings more verbose, also hinting a solution:

../../crypto/x509/x509_addr.c:1629:17: warning: 'strtonum' is only available on macOS 11.0 or newer [-Wunguarded-availability-new]
                        prefix_len = strtonum(s + i2, 0, 8 * length, &errstr);
                                     ^~~~~~~~
../../include/compat/stdlib.h:43:11: note: 'strtonum' has been marked as being introduced in macOS 11.0 here, but the deployment target is macOS 10.13.0
long long strtonum(const char *nptr, long long minval,
          ^
../../crypto/x509/x509_addr.c:1629:17: note: enclose 'strtonum' in a __builtin_available check to silence this warning
                        prefix_len = strtonum(s + i2, 0, 8 * length, &errstr);
                                     ^~~~~~~~

Footnotes

1. I actually cannot test this on old macOS versions, but confirmed that
   libcrypto.a includes the strtonum implementation in strtonum.o. ↩

[botovq]

Thanks for the report. Some notes.

../../crypto/x509/x509_addr.c:732:9: warning: 'afi' may be used uninitialized in this function [-Wmaybe-uninitialized]

This is an actual bug, fixed.

mingw-w64 llvm 16 when built against curl (8.2.1):

../../libressl/x64-ucrt/usr/include/openssl/ossl_typ.h:90:2: warning: #warning is a C2x extension [-Wpedantic]

These come from

portable/patches/windows_headers.patch

Line 27 in 34f45b6

+#warning overriding WinCrypt defines

etc, so need to be fixed in this repo. If there is a better way to do this, @busterb will surely be willing to take a patch.

../../../apps/nc/netcat.c:470:8: warning: 'mktemp' is deprecated: This function is provided for compatibility reasons only.  Due to security concerns inherent in the design of mktemp(3), it is highly recommended that you use mkstemp(3) instead. [-Wdeprecated-declarations]

This is an annoying warning since mkstemp(3) is not a drop-in replacement. In particular, silencing this warning will need a bit of work. Since there is no actual issue, this is very low on the list of priorities.

I'll defer to @busterb to figure out a fix for the strtonum issue.

[vszakats]

Thanks @botovq.

Regarding WinCrypt, this is a long-going, whac-a-mole issue with WinCrypt headers + openssl.h with various backends. I'm not sure what OpenSSL did here, but they somehow mitigated it (or the libcurl code has the lucky header order for it!). With BoringSSL we can silence it with -DNOCRYPT. In few weeks I'll return to this and make more tests.

The mktemp issue is not very pressing. It'd be useful to have a way to disable building command-line apps like LIBRESSL_APPS=OFF, but for autotools.

[vszakats]

Sorry to extend this report here (and let me know if this should be a separate issue),

I found this in my notes, this one is Windows-specific, and I'm building with
-Wno-inconsistent-dllimport as a workaround, but fixing it at the source would be
probably the right thing:

In file included from ../../crypto/malloc-wrapper.c:19:
../../include/compat/string.h:31:5: warning: '_strnicmp' redeclared without 'dllimport' attribute: previous 'dllimport' ignored [-Winconsistent-dllimport]
int strncasecmp(const char *s1, const char *s2, size_t len);
    ^
/usr/x86_64-w64-mingw32/include/string.h:119:21: note: expanded from macro 'strncasecmp'

Ref: https://ci.appveyor.com/project/curlorg/curl-for-win/builds/47723913?fullLog=true#L4802

Also had this macro confusion while testing ASM (and no-ASM) with CMake:

In file included from ./crypto/bn/bn_mul.c:65:
./crypto/bn/arch/amd64/bn_arch.h:24:9: warning: 'OPENSSL_NO_ASM' macro redefined [-Wmacro-redefined]
#define OPENSSL_NO_ASM
        ^
<command line>:10:9: note: previous definition is here
#define OPENSSL_NO_ASM 1
        ^

[vszakats]

Regarding WinCrypt redefines: I believe the solution is to delete the explicit warnings from LibreSSL headers. This also fixes the C2x extension warnings. #undef X509_CERT_PAIR may also be deleted as it is unused by LibreSSL (and all other forks too.)

OpenSSL silently #undefs the colliding symbols and defines WINCRYPT_USE_SYMBOL_PREFIX (possibly as a signal for the user that this happened), this can be mimiced, but chances are high that almost no dependent code is using that.
Relevant OpenSSL commit implementing this: openssl/openssl@3c58d44 (from 2022-05-30)

BoringSSL doesn't #undef anything.

Here's the summary of the macros undefined by LibreSSL:

#undef X509_NAME               // undefined by OpenSSL, not undefined by BoringSSL, undefined by wolfSSL
#undef X509_CERT_PAIR          // unused in LibreSSL, to delete? unused by OpenSSL + BoringSSL + wolfSSL
#undef X509_EXTENSIONS         // undefined by OpenSSL, not undefined by BoringSSL, unused by wolfSSL
#undef OCSP_REQUEST            // undefined by OpenSSL, unused by BoringSSL, undefined by wolfSSL
#undef OCSP_RESPONSE           // undefined by OpenSSL, unused by BoringSSL, undefined by wolfSSL
#undef PKCS7_ISSUER_AND_SERIAL // not undefined by OpenSSL + BoringSSL, unused by wolfSSL
#undef PKCS7_SIGNER_INFO       // undefined by OpenSSL, not undefined by BoringSSL, unused by wolfSSL

wolfSSL also #undefs ASN1_INTEGER.

[vszakats]

Further info for the -Winconsistent-dllimport warnings: It happens when building without an -O3 optimization flag. This warning is llvm/clang-specific.

no warnings, with -O3, 3.8.0:
https://github.com/vszakats/curl-for-win/actions/runs/6467873506/job/17558801605#step:3:4399

warnings, without -O3, 3.8.0:
https://github.com/vszakats/curl-for-win/actions/runs/6468386416/job/17560327927#step:3:4400

warnings, without -O3, 3.8.1:
https://github.com/vszakats/curl-for-win/actions/runs/6468756893/job/17561415247#step:3:4398

(not tested with other -O levels. Seen with llvm/clang-16, and this goes back many major releases.)

No clue about the reasons.

[vszakats]

Another class of warnings that requires -Wno-attributes to get silenced. It's been for a long while. This is gcc specific, seen with gcc 9.2:

../../crypto/chacha/chacha-merged.c:26:5: warning: 'bounded' attribute directive ignored [-Wattributes]
   26 |     __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN)));
      |     ^~~~~~~~~~~~~
../../crypto/chacha/chacha-merged.c:30:5: warning: 'bounded' attribute directive ignored [-Wattributes]
   30 |     __attribute__((__bounded__(__minbytes__, 3, CHACHA_CTRLEN)));
      |     ^~~~~~~~~~~~~
../../crypto/chacha/chacha-merged.c:30:5: warning: 'bounded' attribute directive ignored [-Wattributes]
../../crypto/chacha/chacha-merged.c:34:5: warning: 'bounded' attribute directive ignored [-Wattributes]
   34 |     __attribute__((__bounded__(__buffer__, 3, 4)));
      |     ^~~~~~~~~~~~~

Ref: https://github.com/vszakats/curl-for-win/actions/runs/6467586200/job/17557923441#step:3:2310

[vszakats]

Thank you for the LIBRESSL_DISABLE_OVERRIDE_WINCRYPT_DEFINES_WARNING macro in 3.8.2. I confirm it fixes wincrypt warnings when set.