Hi, On Thu, Oct 19, 2017 at 09:43:41AM +1100, Damien Miller wrote:> You've got this exactly backwards. We don't want a shim that allows > OpenSSL-1.1 to present a OpenSSL-1.0 API. We want a shim that allows > us to use the OpenSSL-1.1 API when using OpenSSL-1.0, so we don't have > to maintain a forest of #ifdefs.For obvious reasons this shim cannot exist. If the structure member is not visible anymore (and might not actually look the way you think it does), you cannot provide structure definitons that magically give you access to the members again. Also, you do not need to maintain a forest of #ifdef - as soon as you switch the code to only use accessor functions, the only #ifdef you have is "one for the whole shim" or possibly "one per compat accessor function" - nicely encapsulated away from the code using the accessor. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert at greenie.muc.de fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
On Thu, 19 Oct 2017, Gert Doering wrote:> Hi, > > On Thu, Oct 19, 2017 at 09:43:41AM +1100, Damien Miller wrote: > > You've got this exactly backwards. We don't want a shim that allows > > OpenSSL-1.1 to present a OpenSSL-1.0 API. We want a shim that allows > > us to use the OpenSSL-1.1 API when using OpenSSL-1.0, so we don't have > > to maintain a forest of #ifdefs. > > For obvious reasons this shim cannot exist. If the structure member is > not visible anymore (and might not actually look the way you think it > does), you cannot provide structure definitons that magically give you > access to the members again.You might want to read what I wrote again, because you've got it backwards too: "We want a shim that allows us to use the ***OpenSSL-1.1 API*** when using OpenSSL-1.0" The OpenSSL 1.1 API is the one with the opaque structures, so there's no intrinsic problem implementing it for the 1.0 library, which doesn't.
Hi, On Thu, Oct 19, 2017 at 06:03:29PM +1100, Damien Miller wrote:> > > You've got this exactly backwards. We don't want a shim that allows > > > OpenSSL-1.1 to present a OpenSSL-1.0 API. We want a shim that allows > > > us to use the OpenSSL-1.1 API when using OpenSSL-1.0, so we don't have > > > to maintain a forest of #ifdefs. > > > > For obvious reasons this shim cannot exist. If the structure member is > > not visible anymore (and might not actually look the way you think it > > does), you cannot provide structure definitons that magically give you > > access to the members again. > > You might want to read what I wrote again, because you've got it > backwards too: > > "We want a shim that allows us to use the ***OpenSSL-1.1 API*** when > using OpenSSL-1.0"Indeed, sorry. I overlooked the "don't" in the first sentence, and did not have enough coffee yet.> The OpenSSL 1.1 API is the one with the opaque structures, so there's > no intrinsic problem implementing it for the 1.0 library, which doesn't.Right. So your main gripe is that you want this to be part of the next OpenSSL 1.0 release, and do not maintain the shim yourself as part of the OpenSSH code base? (The latter is what we did for OpenVPN, and the shim is really very simple - while it has 650 lines of code, half of that is comment, and the rest is straightforward and mostly trivial. Emanuel Deloget wrote it, who has already offered to help with OpenSSH if the path is acceptable and the help is welcome) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert at greenie.muc.de fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de