Created attachment 242975 [details] git format-patch like patch to let pkcs11-helper compile with LLVM16 and OpenSSL3.0 - run-time untested! OpenSSL 3.0 changed the prototype for the dup_func of the customer data callback functions, the third argument (from_d) switched from void * to void **. See https://www.openssl.org/docs/man3.0/man3/CRYPTO_get_ex_new_index.html This breaks compile on FreeBSD-CURRENT, which uses OpenSSL 3.0.9 in base, and also uses the stricter LLVM/clang 16.0.6. Add an OPENSSL_VERSION_SWITCH to support the newer OpenSSL >= 3.0 prototype. This could go with an Approved by: portmgr@ (blanket just-fix-it) ... but I cannot test the run-time myself, so I am looking for ale@'s or somebody else's support to test.
Created attachment 243008 [details] security/pkcs11-helper: fix build with clang 16 and openssl 3.0 I came to approximately the same approach, though I didn't like upstream's way of doing the #if statements outside the function prototype, so I changed that.
The upstream patch for this issue is worse: https://github.com/OpenSC/pkcs11-helper/commit/6b7674a59dee3f1ba1de6caefed11299beaa4675 But if that's ok for them, surely this one is fine, too. You have my approval to commit it @mandree
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=b419a572ee2ea98a2dbf4b1e219e057ffef56cb3 commit b419a572ee2ea98a2dbf4b1e219e057ffef56cb3 Author: Matthias Andree <mandree@FreeBSD.org> AuthorDate: 2023-06-24 18:32:19 +0000 Commit: Matthias Andree <mandree@FreeBSD.org> CommitDate: 2023-06-28 20:49:54 +0000 security/pkcs11-helper: make OpenSSL 3.0 compatible OpenSSL 3.0 changed the prototype for the dup_func of the customer data callback functions, the third argument (from_d) switched from void * to void **. See https://www.openssl.org/docs/man3.0/man3/CRYPTO_get_ex_new_index.html This breaks compile on FreeBSD-CURRENT, which also uses the stricter LLVM/clang 16. Add an OPENSSL_VERSION_NUMBER #elif case to support the newer OpenSSL >= 3.0 prototype. Approved by: ale@ (Alex Dupre, maintainer) PR: 272190 .../files/patch-lib_pkcs11h-openssl.c | 28 ++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-)
Alex, thanks for the review, link, and approval. Dimitry, I think it's more a matter of style and how readable someone finds it from their vantage point - it seems we both found logically/functionally the same solution, just a different wording. As Alex writes, the upstream change makes me scratch my head, but I don't know what compiler Alon Bar-Lev uses, and for a reasonably coarse approximation of a C compiler void ** and void * are implicitly promotable so the compiler won't care. I do not personally care enough to tell upstream "you might have just broken OpenSSL 1.1.1 compilation on picky compilers" because that's fixing for the past, not for the future.