Re: svn commit: r1908433 - in /apr/apr/trunk: crypto/apr_crypto_openssl.c test/testcrypto.c

Fri, 17 Mar 2023 08:40:44 -0700 

On Fri, Mar 17, 2023 at 9:23 AM Ruediger Pluem <rpl...@apache.org> wrote:
>
> On 3/16/23 1:43 PM, yla...@apache.org wrote:
> > Author: ylavic
> > Date: Thu Mar 16 12:43:17 2023
> > New Revision: 1908433
> >
> > URL: http://svn.apache.org/viewvc?rev=1908433&view=rev
> > Log:
> > apr_crypto_openssl: Compatibility with OpenSSL 3+
> >
> > Modified:
> >     apr/apr/trunk/crypto/apr_crypto_openssl.c
> >     apr/apr/trunk/test/testcrypto.c
> >
> > Modified: apr/apr/trunk/crypto/apr_crypto_openssl.c
> > URL: 
> > http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_crypto_openssl.c?rev=1908433&r1=1908432&r2=1908433&view=diff
> > ==============================================================================
> > --- apr/apr/trunk/crypto/apr_crypto_openssl.c (original)
> > +++ apr/apr/trunk/crypto/apr_crypto_openssl.c Thu Mar 16 12:43:17 2023
> > @@ -32,6 +32,10 @@
> >
> >  #if APU_HAVE_CRYPTO
> >
> > +#ifndef OPENSSL_API_COMPAT
> > +#define OPENSSL_API_COMPAT 0x10100000L /* for ENGINE API */
> > +#endif
>
> On RedHat 8 with openssl 1.1.1k this causes openssl/err.h which is included 
> openssl/engine.h to
> no longer define the noop macro ERR_free_strings and thus causing the 
> compilation to fail.
> Removing the above makes this go away. Why do we need to set it?

Hm, ERR_free_strings() shouldn't be used with openssl-1.1.1
(HAVE_DECL_OPENSSL_INIT_CRYPTO)?

OPENSSL_API_COMPAT is needed to avoid the warnings for the ENGINE api
with openssl >= 3, and moving to the new API (providers) is quite some
work FWICT. I thought it was a good compromise for now (and plan to do
the same thing for httpd FWIW), using the new API for what can be done
easily enough and setting OPENSSL_API_COMPAT for the rest (that is
mainly ENGINE..).

>
> > +#if !APR_USE_OPENSSL_PRE_3_0_API
> > +    EVP_MAC *mac;
> > +#endif
>
> It looks like the usage of this field is not appropriately #If ed later on as 
> I get compilation failures like
>
> crypto/apr_crypto_openssl.c: In function ‘crypto_key_cleanup’:
> crypto/apr_crypto_openssl.c:301:12: error: ‘apr_crypto_key_t’ {aka ‘struct 
> apr_crypto_key_t’} has no member named ‘mac’
>      if (key->mac) {
[]
>
> crypto/apr_crypto_openssl.c: In function ‘crypto_digest_cleanup’:
> crypto/apr_crypto_openssl.c:355:14: error: ‘apr_crypto_digest_t’ {aka ‘struct 
> apr_crypto_digest_t’} has no member named ‘macCtx’;
> did you mean ‘mdCtx’?
>      if (ctx->macCtx) {

Should be good with now r1908448.


Regards;
Yann.

Reply via email to