Re: openssl 1.1 changes required for tcpdump: what minimum openssl?

[Guy Harris <guy () alum mit edu>]

On Jun 22, 2016, at 3:24 PM, Michael Richardson <mcr () sandelman ca> wrote:

> It looks like openssl has obsoleted the EVP_CIPHER_CTX type in 1.1.x.
> While 1.1 isn't shipping widely yet, I'd rather be ready.
> I have looked through openssl to see if we can replace it easily,
> and if the replacement will work in 1.0.x and the 0.9.x versions still
> seem to be out there.  The question is therefore:
>
>  Can we set a minimum version of openssl in order to get decoding
>  of ESP?
>  Does anyone have any suitable openssl version macros for configure.in?

b1f305da3ddf635522bdcd6c88918beaea330968 should fix this.

We check for EVP_CIPHER_CTX_new() and, if we don't have it, we define our own versions of it and EVP_CIPHER_CTX_free(), 
and we use those to allocate and free an EVP_CIPHER_CTX.

This should (modulo malloc() failing) work as well with pre-1.1.x versions as the previous version did, as the 
initialization and teardown of the EVP_CIPHER_CTX that was done inline is now done in EVP_CIPHER_CTX_new() and 
EVP_CIPHER_CTX_free(), respectively.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers