> On May 27, 2023, at 12:21 PM, John Baldwin <j...@freebsd.org> wrote:
…
> I would suggest restructing this by having a compat shim for the 3.0 API at
> the top of the file (something like this):
>
> #if OPENSSL_VERSION_NUMBER < 0x30000000L
> #define PRIME_CHECKS 5
>
> static int
> BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb)
> {
> return (BN_is_prime_ex(p, PRIME_CHECKS, ctx, cb));
> }
> #endif
>
> And then just using BN_check_prime in the rest of the file without #ifdef's.
>
> This is the approach we used for OpenSSL 1.1.x and will result in fewer
> #ifdef's
> and cleaner code overall. One thing we didn't do for OpenSSL 1.1.x but could
> choose to do in this case is to define a header with these shims that could be
> shared to reduce the work needed to update programs to move away from APIs
> deprecated in 3.0.
That’s a really fair point. I opened up https://reviews.freebsd.org/D40305 to
track the suggested updates to use a compat function for pre-3.0.
Cheers,
-Enji
signature.asc
Description: Message signed with OpenPGP
