On 2017/05/24 10:43, Nils Frohberg wrote: > On Wed, May 24, 2017 at 09:11:24AM +0100, Stuart Henderson wrote: > > On 2017/05/24 10:03, Nils Frohberg wrote: > > > The patch disables the symbols > > > ECDSA_METHOD_new > > > ECDSA_METHOD_free > > > ECDSA_METHOD_set_flags > > > ECDSA_METHOD_set_name > > > that get pulled in due to the test > > > #if OPENSSL_VERSION_NUMBER >= 0x10002000L > > > > Is there any more-targetted check you can make rather than 'if 0', > > are there any related macros that were introduced at the same time as > > the symbols you could use instead? > > LibreSSL sets OPENSSL_VERSION_NUMBER to 0x20000000L. So we could > 1) change the outter #if from ">= 0x10002000L" to "== 0x10002000L", > but then we don't include symbols that are actually there > 2) change the "#if 0" to "#if OPENSSL_VERSION_NUMBER == 0x10002000L" > 3) test for "LIBRESSL_VERSION_NUMBER" on the four functions to > see if we're using LibreSSL > > I would suggest 2) or 3), but I don't know which fits better. 3) > could be changed to a "<=" test later, in case the functions get > implemented.
I'm wondering if there's something related to the function, rather than a pure version number check. Sometimes it's not possible but that would be the first choice if so. In the absence of that, your updated version is OK, at least when there's a LIBRESSL_VERSION_NUMBER check it's clear what the patch is doing and we'll find it when we grep the ports tree if the functions are added in the future. > (Disclaimer: I currently just need Crypt::OpenSSL::ECDSA::ECDSA_do_sign(), > so I don't use anthing else from here.) > > Attached is a .tar.gz using 3). > > --- patch-ECDSA_xs Wed May 24 08:57:15 2017 > +++ patch-ECDSA_xs.new Wed May 24 10:22:32 2017 > @@ -5,9 +5,9 @@ > int > ECDSA_size(const EC_KEY *eckey) > > -+# not implemented > ++# not implemented in LibreSSL > + > -+#if 0 > ++#ifndef LIBRESSL_VERSION_NUMBER > + > ECDSA_METHOD * > ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_method=0)
