oops.
btw, not enabling chacha20_poly1305 leads to LibreSSL api usage
incostistance
QUIC regression on LibreSSL-3.7.2 (HAProxy) · Issue #860 ·
libressl/portable (github.com)
<https://github.com/libressl/portable/issues/860>
it is claimed that OpenSSL does not check for null deref as well, so
LibreSSL just mimics it :)
joke.
вт, 23 мая 2023 г. в 16:57, Willy Tarreau <w...@1wt.eu>:
> Hi Ilya,
>
> On Sun, May 21, 2023 at 12:57:21PM +0200, ???? ??????? wrote:
> > Hello,
> >
> > that exclude was only needed for pre-3.6.0 LibreSSL, while support was
> > added in
> > 3.6.0, so every released LibreSSL supports that, no need to keep "ifdef"
>
> While I'm probably not the one who will be the best to review this, you
> forgot to attach the patch :-) (for once it's not me).
>
> Willy
>
From 4c2a848a9e9eb244244082c29cdcd5eebddbf9c5 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin <chipits...@gmail.com>
Date: Sun, 21 May 2023 12:51:46 +0200
Subject: [PATCH 1/3] BUILD: chacha20_poly1305 for libressl
this reverts d2be9d4c48b71b2132938dbfac36142cc7b8f7c4
LibreSSL implements EVP_chacha20_poly1305() with EVP_CIPHER for every
released version starting with 3.6.0
---
include/haproxy/quic_tls.h | 2 --
1 file changed, 2 deletions(-)
diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h
index a2eb2230a..35efbb91d 100644
--- a/include/haproxy/quic_tls.h
+++ b/include/haproxy/quic_tls.h
@@ -118,10 +118,8 @@ static inline const EVP_CIPHER *tls_aead(const SSL_CIPHER
*cipher)
return EVP_aes_128_gcm();
case TLS1_3_CK_AES_256_GCM_SHA384:
return EVP_aes_256_gcm();
-#if !defined(LIBRESSL_VERSION_NUMBER)
case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
return EVP_chacha20_poly1305();
-#endif
#ifndef USE_OPENSSL_WOLFSSL
case TLS1_3_CK_AES_128_CCM_SHA256:
return EVP_aes_128_ccm();
--
2.39.2.windows.1
