Fix if that should have been an ifdef

[vcsjones]

Fixes #129329

[dotnet-policy-service]

Tagging subscribers to this area: @bartonjs, @vcsjones, @dotnet/area-system-security
See info in area-owners.md if you want to be subscribed.

[Copilot]

Pull request overview

This PR adjusts preprocessor guarding in the native crypto OpenSSL interop layer to avoid referencing an undefined FEATURE_DISTRO_AGNOSTIC_SSL macro during compilation (and also removes a stray whitespace-only line).

Changes:

• Replace #if FEATURE_DISTRO_AGNOSTIC_SSL with #ifdef FEATURE_DISTRO_AGNOSTIC_SSL in one OpenSSL 1.1 fallback gate.
• Remove trailing whitespace in CryptoNative_EvpPKeyEcHasExplicitEncoding.

Show a summary per file

File	Description
src/native/libs/System.Security.Cryptography.Native/pal_ecc_import_export.c	Updates preprocessor usage around distro-agnostic OpenSSL feature gating to avoid undefined-macro build failures.

Copilot's findings

• Files reviewed: 1/1 changed files
• Comments generated: 1

[vcsjones]

@vcsjones-bot test 4043bd8 with OpenSSL_1_1_1w
@vcsjones-bot test 4043bd8 with OpenSSL_1_1_1w, nonportable

[jkotas]

Thanks

[am11]

This is not the right fix because this won't be using system libssl on non-portable builds. We need to either move this line:

runtime/src/native/libs/build-native.sh

Line 58 in a0311b3

__CMakeArgs="-DFEATURE_DISTRO_AGNOSTIC_SSL=$__PortableBuild $__CMakeArgs"

(also present in eng/native/build-commons.sh and src/native/corehost/build.sh)

out of the the shell script's if block without touching the C sources, or change the condition to #if defined(FEATURE_DISTRO_AGNOSTIC_SSL) && FEATURE_DISTRO_AGNOSTIC_SSL==1 without changing the shell scripts.

[vcsjones]

out of the the shell script's if block without touching the C sources, or change the condition to #if defined(FEATURE_DISTRO_AGNOSTIC_SSL) && FEATURE_DISTRO_AGNOSTIC_SSL==1 without changing the shell scripts.

I am a bit confused by your assessment. We have a lot of other checks that use #ifdef FEATURE_DISTRO_AGNOSTIC_SSL without guarding what is the actual value of FEATURE_DISTRO_AGNOSTIC_SSL.

Every check is broken?

[am11]

See the diff https://godbolt.org/z/qh3hqsrP9.

Every check is broken?

@tmds, @omajid, have you guys verified on distros?

[jkotas]

__CMakeArgs="-DFEATURE_DISTRO_AGNOSTIC_SSL

This definition applies to cmake.

The definition that applies to C that is relevant for this fix is here:

runtime/src/native/libs/System.Security.Cryptography.Native/CMakeLists.txt

Lines 100 to 104 in a0311b3

	if (FEATURE_DISTRO_AGNOSTIC_SSL)
	list(APPEND NATIVECRYPTO_SOURCES
	opensslshim.c
	)
	add_definitions(-DFEATURE_DISTRO_AGNOSTIC_SSL)

[am11]

Ah, that makes sense. Maybe we should prefix it with CLR_CMAKE_FEATURE instead, would be less confusing. 😅