libressl
Regarding `CRYPTO_free_ex_index`
Some software that provide LibreSSL compatibility support rely on this symbol CRYPTO_free_ex_index, was it dropped in later LibreSSL releases as I couldn't find any mention of it when using version 3.8.1?
An example of this is wget2 that provides LibreSSL compatibility but no longer builds successfully against LibreSSL due to Undefined reference to CRYPTO_free_ex_index:
https://gitlab.com/gnuwget/wget2/-/issues/644
Was it dropped on purpose?
Hi, the CRYPTO_free_ex_index function appears to have been added in OpenSSL 1.1.x (specifically in https://github.com/openssl/openssl/commit/e6390acac925f952cfd06ccdbba0b273b8f71551).
This function has never existed in LibreSSL, however LibreSSL may consider providing the API in a future release.
Thanks for the report.
This is OpenSSL 1.1 API that was never part of our tree (we forked from 1.0.1g). As far as I can see, only two projects use it, wget2, and libp11.
It is too late for the stable 3.8 release to do anything about it since we are about to lock the trees for the release.
So: for the moment, the bandaid applied by the wget2 developers is the only option. There are some plans to overhaul the ex_data API and we can then decide if and how to add this function. But that will be for 3.9.x at the earliest.
On Sun, Oct 01, 2023 at 08:27:30AM -0700, Joshua Sing wrote:
Hi, the
CRYPTO_free_ex_indexfunction appears to have been added in OpenSSL 3.0.0 (specifically in https://github.com/openssl/openssl/commit/e6390acac925f952cfd06ccdbba0b273b8f71551).
This commit is from late 2015. At that point 3.0 was not even planned :)
It's a bit tricky to determine when an API was added, especially since the OpenSSL documentation leaves one or the other thing to be desired.
In the commit you linked you can see that it was part of the OpenSSL_1_1_0-pre1 tag, which means that it will have been part of OpenSSL 1.1.0. And indeed:
https://github.com/openssl/openssl/blob/OpenSSL_1_1_0-stable/crypto/ex_data.c#L321