On 2017-12-14 01:58:25 [+0100], Hilko Bengen wrote: > Control: tag -1 patch > > I have prepared patches for ssldump to > > (1) recognize OpenSSL 1.1 at configure time
>Index: ssldump/configure.in >=================================================================== >--- ssldump.orig/configure.in >+++ ssldump/configure.in >@@ -187,8 +187,13 @@ if test "$ac_use_openssl" != "false"; th > save_LDFLAGS=$LDFLAGS > LIBS="-lssl -lcrypto $LIBS" > LDFLAGS="-L$dir $LDFLAGS" >- AC_TRY_LINK_FUNC(SSL_load_error_strings,ac_linked_libssl="true", >- ac_linked_libssl="false"); >+ AC_TRY_LINK([ >+ #define OPENSSL_API_COMPAT 0x10000000L you should not define this. >+ #include <openssl/ssl.h> >+ ], >+ [SSL_load_error_strings()], >+ ac_linked_libssl="true", >+ ac_linked_libssl="false"); > AC_TRY_LINK_FUNC(RC4_set_key,ac_linked_libcrypto="true", > ac_linked_libcrypto="false"); > if test "$ac_linked_libssl" != "false" -a \ > (2) deal with API changes >Index: ssldump/ssl/ssl_rec.c >=================================================================== >--- ssldump.orig/ssl/ssl_rec.c >+++ ssldump/ssl/ssl_rec.c >@@ -116,7 +116,7 @@ int ssl_create_rec_decoder(dp,cs,mk,sk,i > dec->cs=cs; > if(r=r_data_create(&dec->mac_key,mk,cs->dig_len)) > ABORT(r); >- if(!(dec->evp=(EVP_CIPHER_CTX *)malloc(sizeof(EVP_CIPHER_CTX)))) >+ if(!(dec->evp=EVP_CIPHER_CTX_new())) the counter part uses probably free() but should use EVP_CIPHER_CTX_free() instead. > ABORT(R_NO_MEMORY); > EVP_CIPHER_CTX_init(dec->evp); > EVP_CipherInit(dec->evp,ciph,sk,iv,0); >@@ -228,35 +228,35 @@ static int tls_check_mac(d,ct,ver,data,d > UINT4 datalen; > UCHAR *mac; > { >- HMAC_CTX hm; >+ HMAC_CTX *hm = HMAC_CTX_new(); `hm' can now be null. I assume that upstream would love if it would still compile against 1.0.2 (which lacks HMAC_CTX_new()). from the remaining part, nothing stands out. > Cheers, > -Hilko > Sebastian