On 3/16/23 1:43 PM, yla...@apache.org wrote:
> Author: ylavic
> Date: Thu Mar 16 12:43:17 2023
> New Revision: 1908433
>
> URL: http://svn.apache.org/viewvc?rev=1908433&view=rev
> Log:
> apr_crypto_openssl: Compatibility with OpenSSL 3+
>
> Modified:
> apr/apr/trunk/crypto/apr_crypto_openssl.c
> apr/apr/trunk/test/testcrypto.c
>
> Modified: apr/apr/trunk/crypto/apr_crypto_openssl.c
> URL:
> http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_crypto_openssl.c?rev=1908433&r1=1908432&r2=1908433&view=diff
> ==============================================================================
> --- apr/apr/trunk/crypto/apr_crypto_openssl.c (original)
> +++ apr/apr/trunk/crypto/apr_crypto_openssl.c Thu Mar 16 12:43:17 2023
> @@ -32,6 +32,10 @@
>
> #if APU_HAVE_CRYPTO
>
> +#ifndef OPENSSL_API_COMPAT
> +#define OPENSSL_API_COMPAT 0x10100000L /* for ENGINE API */
> +#endif
On RedHat 8 with openssl 1.1.1k this causes openssl/err.h which is included
openssl/engine.h to
no longer define the noop macro ERR_free_strings and thus causing the
compilation to fail.
Removing the above makes this go away. Why do we need to set it?
> +
> #include <openssl/evp.h>
> #include <openssl/rand.h>
> #include <openssl/engine.h>
{
> @@ -79,8 +124,11 @@ struct apr_crypto_key_t {
> const apr_crypto_t *f;
> const apr_crypto_key_rec_t *rec;
> const EVP_CIPHER *cipher;
> - const EVP_MD *hmac;
> + const EVP_MD *md;
> EVP_PKEY *pkey;
> +#if !APR_USE_OPENSSL_PRE_3_0_API
> + EVP_MAC *mac;
> +#endif
It looks like the usage of this field is not appropriately #If ed later on as I
get compilation failures like
crypto/apr_crypto_openssl.c: In function ‘crypto_key_cleanup’:
crypto/apr_crypto_openssl.c:301:12: error: ‘apr_crypto_key_t’ {aka ‘struct
apr_crypto_key_t’} has no member named ‘mac’
if (key->mac) {
^~
> unsigned char *key;
> int keyLen;
> int doPad;
> @@ -106,7 +153,9 @@ struct apr_crypto_digest_t {
> const apr_crypto_key_t *key;
> apr_crypto_digest_rec_t *rec;
> EVP_MD_CTX *mdCtx;
> - int initialised;
> +#if !APR_USE_OPENSSL_PRE_3_0_API
> + EVP_MAC_CTX *macCtx;
> +#endif
Same as above with the mac field:
crypto/apr_crypto_openssl.c: In function ‘crypto_digest_cleanup’:
crypto/apr_crypto_openssl.c:355:14: error: ‘apr_crypto_digest_t’ {aka ‘struct
apr_crypto_digest_t’} has no member named ‘macCtx’;
did you mean ‘mdCtx’?
if (ctx->macCtx) {
^~~~~~
> int digestSize;
> };
>
Regards
Rüdiger