Re: svn commit: r1908433 - in /apr/apr/trunk: crypto/apr_crypto_openssl.c test/testcrypto.c

Fri, 17 Mar 2023 01:23:33 -0700 


On 3/16/23 1:43 PM, yla...@apache.org wrote:
> Author: ylavic
> Date: Thu Mar 16 12:43:17 2023
> New Revision: 1908433
> 
> URL: http://svn.apache.org/viewvc?rev=1908433&view=rev
> Log:
> apr_crypto_openssl: Compatibility with OpenSSL 3+
> 
> Modified:
>     apr/apr/trunk/crypto/apr_crypto_openssl.c
>     apr/apr/trunk/test/testcrypto.c
> 
> Modified: apr/apr/trunk/crypto/apr_crypto_openssl.c
> URL: 
> http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_crypto_openssl.c?rev=1908433&r1=1908432&r2=1908433&view=diff
> ==============================================================================
> --- apr/apr/trunk/crypto/apr_crypto_openssl.c (original)
> +++ apr/apr/trunk/crypto/apr_crypto_openssl.c Thu Mar 16 12:43:17 2023
> @@ -32,6 +32,10 @@
>  
>  #if APU_HAVE_CRYPTO
>  
> +#ifndef OPENSSL_API_COMPAT
> +#define OPENSSL_API_COMPAT 0x10100000L /* for ENGINE API */
> +#endif

On RedHat 8 with openssl 1.1.1k this causes openssl/err.h which is included 
openssl/engine.h to
no longer define the noop macro ERR_free_strings and thus causing the 
compilation to fail.
Removing the above makes this go away. Why do we need to set it?

> +
>  #include <openssl/evp.h>
>  #include <openssl/rand.h>
>  #include <openssl/engine.h>
{
> @@ -79,8 +124,11 @@ struct apr_crypto_key_t {
>      const apr_crypto_t *f;
>      const apr_crypto_key_rec_t *rec;
>      const EVP_CIPHER *cipher;
> -    const EVP_MD *hmac;
> +    const EVP_MD *md;
>      EVP_PKEY *pkey;
> +#if !APR_USE_OPENSSL_PRE_3_0_API
> +    EVP_MAC *mac;
> +#endif

It looks like the usage of this field is not appropriately #If ed later on as I 
get compilation failures like

crypto/apr_crypto_openssl.c: In function ‘crypto_key_cleanup’:
crypto/apr_crypto_openssl.c:301:12: error: ‘apr_crypto_key_t’ {aka ‘struct 
apr_crypto_key_t’} has no member named ‘mac’
     if (key->mac) {
            ^~


>      unsigned char *key;
>      int keyLen;
>      int doPad;

> @@ -106,7 +153,9 @@ struct apr_crypto_digest_t {
>      const apr_crypto_key_t *key;
>      apr_crypto_digest_rec_t *rec;
>      EVP_MD_CTX *mdCtx;
> -    int initialised;
> +#if !APR_USE_OPENSSL_PRE_3_0_API
> +    EVP_MAC_CTX *macCtx;
> +#endif

Same as above with the mac field:

crypto/apr_crypto_openssl.c: In function ‘crypto_digest_cleanup’:
crypto/apr_crypto_openssl.c:355:14: error: ‘apr_crypto_digest_t’ {aka ‘struct 
apr_crypto_digest_t’} has no member named ‘macCtx’;
did you mean ‘mdCtx’?
     if (ctx->macCtx) {
              ^~~~~~


>      int digestSize;
>  };
>  

Regards

Rüdiger






















					Reply via email to