Bug 266606 - security/xmlsec1: Fails to build with libressl 3.5.3
Summary: security/xmlsec1: Fails to build with libressl 3.5.3
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Hiroki Sato
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-09-25 16:19 UTC by jakub_lach
Modified: 2022-10-14 09:47 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (hrs)

Attachments
modified patch file to go into files directory (474 bytes, patch)
2022-10-13 13:44 UTC, tjlegg 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description jakub_lach 2022-09-25 16:19:12 UTC 
ciphers.c:238:17: error: incomplete definition of type 'struct evp_cipher_ctx_st'                                                                   
            if(!EVP_CIPHER_CTX_encrypting(ctx->cipherCtx)) {                                                                                        
                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                                                                  
./openssl_compat.h:59:48: note: expanded from macro 'EVP_CIPHER_CTX_encrypting'                                                                       
#define EVP_CIPHER_CTX_encrypting(x)       ((x)->encrypt)                                                                                                 
                                            ~~~^                                                                                      
/usr/local/include/openssl/ossl_typ.h:118:16: note: forward declaration of 'struct evp_cipher_ctx_                                                                          st'                                                                                                             
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;                                                                                                                          
               ^
ciphers.c:255:16: error: incomplete definition of type 'struct evp_cipher_ctx_st'
            if(EVP_CIPHER_CTX_encrypting(ctx->cipherCtx)) {
               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./openssl_compat.h:59:48: note: expanded from macro 'EVP_CIPHER_CTX_encrypting'
#define EVP_CIPHER_CTX_encrypting(x)       ((x)->encrypt)
                                            ~~~^
/usr/local/include/openssl/ossl_typ.h:118:16: note: forward declaration of 'struct evp_cipher_ctx_st'
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
               ^
ciphers.c:407:8: error: incomplete definition of type 'struct evp_cipher_ctx_st'
    if(EVP_CIPHER_CTX_encrypting(ctx->cipherCtx)) {
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./openssl_compat.h:59:48: note: expanded from macro 'EVP_CIPHER_CTX_encrypting'
#define EVP_CIPHER_CTX_encrypting(x)       ((x)->encrypt)
                                            ~~~^
/usr/local/include/openssl/ossl_typ.h:118:16: note: forward declaration of 'struct evp_cipher_ctx_st'
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
               ^
ciphers.c:519:8: error: incomplete definition of type 'struct evp_cipher_ctx_st'
    if(EVP_CIPHER_CTX_encrypting(ctx->cipherCtx)) {
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./openssl_compat.h:59:48: note: expanded from macro 'EVP_CIPHER_CTX_encrypting'
#define EVP_CIPHER_CTX_encrypting(x)       ((x)->encrypt)
                                            ~~~^
/usr/local/include/openssl/ossl_typ.h:118:16: note: forward declaration of 'struct evp_cipher_ctx_st'
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
               ^
4 errors generated
Comment 1 tjlegg 2022-10-04 15:18:42 UTC 
a few changes need to be made to openssl_compat.h 

change: #if defined(XMLSEC_OPENSSL_API_110) && defined(LIBRESSL_VERSION_NUMBER)
to: #if defined(XMLSEC_OPENSSL_API_110) && LIBRESSL_VERSION_NUMBER < 0x03050000f

and change: #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x30500000L && defined(XMLSEC_OPENSSL_API_110)

to: #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x03050000L && defined(XMLSEC_OPENSSL_API_110)

LIBRESSL_VERSION_NUMBER based on https://man.archlinux.org/man/community/libressl/libressl-OPENSSL_VERSION_NUMBER.3.en

builds successfully on FreeBSD 13.1 stable
Comment 2 jakub_lach 2022-10-12 22:01:55 UTC 
(In reply to tjlegg from comment #1)

Could you provide a patch to put under files?
Comment 3 tjlegg 2022-10-13 13:44:26 UTC 
Created attachment 237262 [details]
modified patch file to go into files directory

$ cat files/patch-src_openssl_openssl__compat.h 
--- src/openssl/openssl_compat.h.orig   2022-10-13 13:28:11 UTC
+++ src/openssl/openssl_compat.h
@@ -16,7 +16,7 @@
  * OpenSSL 1.1.0 compatibility
  *
  *****************************************************************************/
-#if !defined(XMLSEC_OPENSSL_API_110)
+#if !defined(XMLSEC_OPENSSL_API_110) && LIBRESSL_VERSION_NUMBER < 0x03050000f
 
 /* EVP_PKEY stuff */
 #define EVP_PKEY_up_ref(pKey)              CRYPTO_add(&((pKey)->references), 1, CRYPTO_LOCK_EVP_PKEY)

$ diff files/patch-src_openssl_openssl__compat.h /usr/ports/security/xmlsec1/files/patch-src_openssl_openssl__compat.h 
1c1
< --- src/openssl/openssl_compat.h.orig 2022-10-13 13:28:11 UTC
---
> --- src/openssl/openssl_compat.h.orig 2022-05-03 14:36:17 UTC
3,4c3,5
< @@ -16,7 +16,7 @@
<   * OpenSSL 1.1.0 compatibility
---
> @@ -51,6 +51,21 @@
>  
>  /******************************************************************************
5a7,23
> + * LibreSSL 2.7+ compatibility (implements most of OpenSSL 1.1 API)
> + *
> + *****************************************************************************/
> +#if defined(XMLSEC_OPENSSL_API_110) && defined(LIBRESSL_VERSION_NUMBER) 
> +/* EVP_CIPHER_CTX stuff */
> +#define EVP_CIPHER_CTX_encrypting(x)       ((x)->encrypt)
> +
> +/* X509 stuff */
> +#define X509_STORE_CTX_get_by_subject      X509_STORE_get_by_subject
> +#define X509_OBJECT_new()                  (calloc(1, sizeof(X509_OBJECT)))
> +#define X509_OBJECT_free(x) { X509_OBJECT_free_contents(x); free(x); }
> +#endif
> +
> +/******************************************************************************
> + *
>   * boringssl compatibility
>   *
7,11d24
< -#if !defined(XMLSEC_OPENSSL_API_110)
< +#if !defined(XMLSEC_OPENSSL_API_110) && LIBRESSL_VERSION_NUMBER < 0x03050000f
<  
<  /* EVP_PKEY stuff */
<  #define EVP_PKEY_up_ref(pKey)              CRYPTO_add(&((pKey)->references), 1, CRYPTO_LOCK_EVP_PKEY)
Comment 4 jakub_lach 2022-10-14 09:47:05 UTC 
(In reply to tjlegg from comment #3)
 
Thank you, port builds with the patch provided. Do we need EVP_CIPHER_CTX and  X509 defines to remain compatible with OpenSSL 1.1 API?