Re: git: 537cd766435c - main - factor: support OpenSSL 3
- In reply to: John Baldwin : "Re: git: 537cd766435c - main - factor: support OpenSSL 3"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 27 May 2023 21:16:21 UTC
> On May 27, 2023, at 12:21 PM, John Baldwin <jhb@freebsd.org> wrote:
…
> I would suggest restructing this by having a compat shim for the 3.0 API at
> the top of the file (something like this):
>
> #if OPENSSL_VERSION_NUMBER < 0x30000000L
> #define PRIME_CHECKS 5
>
> static int
> BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb)
> {
> return (BN_is_prime_ex(p, PRIME_CHECKS, ctx, cb));
> }
> #endif
>
> And then just using BN_check_prime in the rest of the file without #ifdef's.
>
> This is the approach we used for OpenSSL 1.1.x and will result in fewer #ifdef's
> and cleaner code overall. One thing we didn't do for OpenSSL 1.1.x but could
> choose to do in this case is to define a header with these shims that could be
> shared to reduce the work needed to update programs to move away from APIs
> deprecated in 3.0.
That’s a really fair point. I opened up https://reviews.freebsd.org/D40305 to track the suggested updates to use a compat function for pre-3.0.
Cheers,
-Enji