ciphers.c:238:17: error: incomplete definition of type 'struct evp_cipher_ctx_st' if(!EVP_CIPHER_CTX_encrypting(ctx->cipherCtx)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ./openssl_compat.h:59:48: note: expanded from macro 'EVP_CIPHER_CTX_encrypting' #define EVP_CIPHER_CTX_encrypting(x) ((x)->encrypt) ~~~^ /usr/local/include/openssl/ossl_typ.h:118:16: note: forward declaration of 'struct evp_cipher_ctx_ st' typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; ^ ciphers.c:255:16: error: incomplete definition of type 'struct evp_cipher_ctx_st' if(EVP_CIPHER_CTX_encrypting(ctx->cipherCtx)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ./openssl_compat.h:59:48: note: expanded from macro 'EVP_CIPHER_CTX_encrypting' #define EVP_CIPHER_CTX_encrypting(x) ((x)->encrypt) ~~~^ /usr/local/include/openssl/ossl_typ.h:118:16: note: forward declaration of 'struct evp_cipher_ctx_st' typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; ^ ciphers.c:407:8: error: incomplete definition of type 'struct evp_cipher_ctx_st' if(EVP_CIPHER_CTX_encrypting(ctx->cipherCtx)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ./openssl_compat.h:59:48: note: expanded from macro 'EVP_CIPHER_CTX_encrypting' #define EVP_CIPHER_CTX_encrypting(x) ((x)->encrypt) ~~~^ /usr/local/include/openssl/ossl_typ.h:118:16: note: forward declaration of 'struct evp_cipher_ctx_st' typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; ^ ciphers.c:519:8: error: incomplete definition of type 'struct evp_cipher_ctx_st' if(EVP_CIPHER_CTX_encrypting(ctx->cipherCtx)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ./openssl_compat.h:59:48: note: expanded from macro 'EVP_CIPHER_CTX_encrypting' #define EVP_CIPHER_CTX_encrypting(x) ((x)->encrypt) ~~~^ /usr/local/include/openssl/ossl_typ.h:118:16: note: forward declaration of 'struct evp_cipher_ctx_st' typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; ^ 4 errors generated
a few changes need to be made to openssl_compat.h change: #if defined(XMLSEC_OPENSSL_API_110) && defined(LIBRESSL_VERSION_NUMBER) to: #if defined(XMLSEC_OPENSSL_API_110) && LIBRESSL_VERSION_NUMBER < 0x03050000f and change: #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x30500000L && defined(XMLSEC_OPENSSL_API_110) to: #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x03050000L && defined(XMLSEC_OPENSSL_API_110) LIBRESSL_VERSION_NUMBER based on https://man.archlinux.org/man/community/libressl/libressl-OPENSSL_VERSION_NUMBER.3.en builds successfully on FreeBSD 13.1 stable
(In reply to tjlegg from comment #1) Could you provide a patch to put under files?
Created attachment 237262 [details] modified patch file to go into files directory $ cat files/patch-src_openssl_openssl__compat.h --- src/openssl/openssl_compat.h.orig 2022-10-13 13:28:11 UTC +++ src/openssl/openssl_compat.h @@ -16,7 +16,7 @@ * OpenSSL 1.1.0 compatibility * *****************************************************************************/ -#if !defined(XMLSEC_OPENSSL_API_110) +#if !defined(XMLSEC_OPENSSL_API_110) && LIBRESSL_VERSION_NUMBER < 0x03050000f /* EVP_PKEY stuff */ #define EVP_PKEY_up_ref(pKey) CRYPTO_add(&((pKey)->references), 1, CRYPTO_LOCK_EVP_PKEY) $ diff files/patch-src_openssl_openssl__compat.h /usr/ports/security/xmlsec1/files/patch-src_openssl_openssl__compat.h 1c1 < --- src/openssl/openssl_compat.h.orig 2022-10-13 13:28:11 UTC --- > --- src/openssl/openssl_compat.h.orig 2022-05-03 14:36:17 UTC 3,4c3,5 < @@ -16,7 +16,7 @@ < * OpenSSL 1.1.0 compatibility --- > @@ -51,6 +51,21 @@ > > /****************************************************************************** 5a7,23 > + * LibreSSL 2.7+ compatibility (implements most of OpenSSL 1.1 API) > + * > + *****************************************************************************/ > +#if defined(XMLSEC_OPENSSL_API_110) && defined(LIBRESSL_VERSION_NUMBER) > +/* EVP_CIPHER_CTX stuff */ > +#define EVP_CIPHER_CTX_encrypting(x) ((x)->encrypt) > + > +/* X509 stuff */ > +#define X509_STORE_CTX_get_by_subject X509_STORE_get_by_subject > +#define X509_OBJECT_new() (calloc(1, sizeof(X509_OBJECT))) > +#define X509_OBJECT_free(x) { X509_OBJECT_free_contents(x); free(x); } > +#endif > + > +/****************************************************************************** > + * > * boringssl compatibility > * 7,11d24 < -#if !defined(XMLSEC_OPENSSL_API_110) < +#if !defined(XMLSEC_OPENSSL_API_110) && LIBRESSL_VERSION_NUMBER < 0x03050000f < < /* EVP_PKEY stuff */ < #define EVP_PKEY_up_ref(pKey) CRYPTO_add(&((pKey)->references), 1, CRYPTO_LOCK_EVP_PKEY)
(In reply to tjlegg from comment #3) Thank you, port builds with the patch provided. Do we need EVP_CIPHER_CTX and X509 defines to remain compatible with OpenSSL 1.1 API?