Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OPENSSL_API_COMPAT is not defined by OpenSSL 3.0 #977

Open
ydroneaud opened this issue Mar 2, 2022 · 1 comment · May be fixed by #980
Open

OPENSSL_API_COMPAT is not defined by OpenSSL 3.0 #977

ydroneaud opened this issue Mar 2, 2022 · 1 comment · May be fixed by #980
Labels
compiling

Comments

@ydroneaud
Copy link

With OpenSSL 3.0, it's really up to the application to define OPENSSL_API_COMPAT, and when compiling tcpdump, OPENSSL_API_COMPAT is not defined, thus the check in esp_init() is incorrect:

#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L
        OpenSSL_add_all_algorithms();
#endif

tcpdump/print-esp.c

Line 683 in 9ff9f78

OpenSSL_add_all_algorithms();

When compiled against OpenSSL 3.0.1 built with --api=1.1.1 and no-deprecated configuration options, OpenSSL_add_all_algorithms() is not defined, and build fail:

./print-esp.c: In function 'esp_init':
./print-esp.c:682:2: warning: implicit declaration of function 'OpenSSL_add_all_algorithms' [-Wimplicit-function-declaration]
  OpenSSL_add_all_algorithms();
  ^
libnetdissect.a(print-esp.o): In function `esp_init':
.../print-esp.c:682: undefined reference to `OpenSSL_add_all_algorithms'
collect2: error: ld returned 1 exit status
ydroneaud added a commit to opteya/tcpdump that referenced this issue Mar 3, 2022
@ydroneaud
OpenSSL_add_all_algorithms() is deprecated since OpenSSL 1.1.0, use i…
9c897f6 
…t accordingly

OPENSSL_API_COMPAT is to be set by the module
including OpenSSL header to request a certain
API level compatibility, and starting with
OpenSSL 3, it's no more defined by OpenSSL
header to the default API level.

OPENSSL_VERSION_NUMBER must be used instead.

Fixes the-tcpdump-group#977

Signed-off-by: Yann Droneaud <[email protected]>
@ydroneaud ydroneaud linked a pull request Mar 3, 2022 that will close this issue
Open
@DimitriPapadopoulos
Copy link

DimitriPapadopoulos commented Aug 13, 2023
edited
Loading

The whole code looks like this:

tcpdump/print-esp.c

Lines 674 to 687 in 9ff9f78

DIAG_OFF_DEPRECATION
static void esp_init(netdissect_options *ndo _U_)
{
/*
* 0.9.6 doesn't appear to define OPENSSL_API_COMPAT, so
* we check whether it's undefined or it's less than the
* value for 1.1.0.
*/
#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L
OpenSSL_add_all_algorithms();
#endif
EVP_add_cipher_alias(SN_des_ede3_cbc, "3des");
}
DIAG_ON_DEPRECATION

Given that OpenSSL 1.0.2 is no longer supported except with paid support contracts (Release Strategy), is it worth still maintaining this #if?

Also, the OpenSSL_add_all_algorithms man page, versions 1.1 and newer, reads:

HISTORY

The OpenSSL_add_all_algorithms(), OpenSSL_add_all_ciphers(), OpenSSL_add_all_digests(), and EVP_cleanup(), functions were deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto() and should not be used.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
compiling
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

OpenSSL_add_all_algorithms() is deprecated since OpenSSL 1.1.0, use it accordingly opteya/tcpdump
3 participants
@ydroneaud @infrastation @DimitriPapadopoulos