Date: Sat, 27 May 2023 14:16:21 -0700 From: Enji Cooper <yaneurabeya@gmail.com> To: John Baldwin <jhb@freebsd.org> Cc: Enji Cooper <ngie@FreeBSD.org>, "src-committers@freebsd.org" <src-committers@FreeBSD.org>, "dev-commits-src-all@freebsd.org" <dev-commits-src-all@FreeBSD.org>, "dev-commits-src-main@freebsd.org" <dev-commits-src-main@FreeBSD.org> Subject: Re: git: 537cd766435c - main - factor: support OpenSSL 3 Message-ID: <7F042D0C-F994-40A6-B5AB-4710052815DA@gmail.com> In-Reply-To: <626f675b-f304-b772-61a4-0a92283ac348@FreeBSD.org> References: <202305271811.34RIBtHY093538@gitrepo.freebsd.org> <626f675b-f304-b772-61a4-0a92283ac348@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_736430BD-4CA6-48CB-8F24-727A6A6C6C83
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
> On May 27, 2023, at 12:21 PM, John Baldwin <jhb@freebsd.org> wrote:
=E2=80=A6
> I would suggest restructing this by having a compat shim for the 3.0 =
API at
> the top of the file (something like this):
>=20
> #if OPENSSL_VERSION_NUMBER < 0x30000000L
> #define PRIME_CHECKS 5
>=20
> static int
> BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb)
> {
> return (BN_is_prime_ex(p, PRIME_CHECKS, ctx, cb));
> }
> #endif
>=20
> And then just using BN_check_prime in the rest of the file without =
#ifdef's.
>=20
> This is the approach we used for OpenSSL 1.1.x and will result in =
fewer #ifdef's
> and cleaner code overall. One thing we didn't do for OpenSSL 1.1.x =
but could
> choose to do in this case is to define a header with these shims that =
could be
> shared to reduce the work needed to update programs to move away from =
APIs
> deprecated in 3.0.
That=E2=80=99s a really fair point. I opened up =
https://reviews.freebsd.org/D40305 to track the suggested updates to use =
a compat function for pre-3.0.
Cheers,
-Enji
--Apple-Mail=_736430BD-4CA6-48CB-8F24-727A6A6C6C83
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEtvtxN6kOllEF3nmX5JFNMZeDGN4FAmRycyUACgkQ5JFNMZeD
GN5OkxAAhzG3uUStzaUFSYfkyf3vlYKWKigxAuI1gStU4hTMvbsQImLzgquKiJEG
eO3xYPJ7RJc6TppSofFEqdGHR7I1bM0P/aBZ6eMt2Eq30sJEELuhqGc3eJztcD+b
GDdCSC+5El59HL2uaHX5O6cM3I5OAJCNdoUehVTBmhE656FqyV1MTp+TtnA5MwN6
XgDfv/d0iFSoXfCGwWLGHbJFyHKg/g5CmaAaqmkDvABH3HPHvSeV7mNfiLHb6E2T
jmILX7Wmxfe1fJHkQdraN+IfqAHUs/AHpAeul+d941xMmqv0DVOMoCX6k6lvhS3J
wieSfz4ZT6a9jx2rT0h1rB1TjJ8TWoQfVAq10Cn4Z/52N0X1xfTQstIi+cp+pbMV
VyK73CiqAqsqTfTcH8EdK7ZbctVh7XBD00Tu7EwuvpqSpptoEFisO+iM/TCsB5cN
7bvyiaV/BmEnanE71hff2kT8XxomDaSE5XM//eY1wOPaR7gkwmE0DY8K+ZjBqYvN
8V1yCZo1ST2UUzaRi300FUXEa0CrOluZPHe4qlQulL0KiauyQxEIZiN8SYqxCHOq
KlTwnSpTppVRCN3F8uAwGPVTXIRU+/rCU2R6TxGFxVV1z1p8uhiBpasBonNOdKn9
wBcDvkgYk6eSi7/d909QE5jpc9koe8BhP/cb0hlGGG128N4xDgQ=
=Dxup
-----END PGP SIGNATURE-----
--Apple-Mail=_736430BD-4CA6-48CB-8F24-727A6A6C6C83--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7F042D0C-F994-40A6-B5AB-4710052815DA>