oops. btw, not enabling chacha20_poly1305 leads to LibreSSL api usage incostistance QUIC regression on LibreSSL-3.7.2 (HAProxy) · Issue #860 · libressl/portable (github.com) <https://github.com/libressl/portable/issues/860>
it is claimed that OpenSSL does not check for null deref as well, so LibreSSL just mimics it :) joke. вт, 23 мая 2023 г. в 16:57, Willy Tarreau <w...@1wt.eu>: > Hi Ilya, > > On Sun, May 21, 2023 at 12:57:21PM +0200, ???? ??????? wrote: > > Hello, > > > > that exclude was only needed for pre-3.6.0 LibreSSL, while support was > > added in > > 3.6.0, so every released LibreSSL supports that, no need to keep "ifdef" > > While I'm probably not the one who will be the best to review this, you > forgot to attach the patch :-) (for once it's not me). > > Willy >
From 4c2a848a9e9eb244244082c29cdcd5eebddbf9c5 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin <chipits...@gmail.com> Date: Sun, 21 May 2023 12:51:46 +0200 Subject: [PATCH 1/3] BUILD: chacha20_poly1305 for libressl this reverts d2be9d4c48b71b2132938dbfac36142cc7b8f7c4 LibreSSL implements EVP_chacha20_poly1305() with EVP_CIPHER for every released version starting with 3.6.0 --- include/haproxy/quic_tls.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h index a2eb2230a..35efbb91d 100644 --- a/include/haproxy/quic_tls.h +++ b/include/haproxy/quic_tls.h @@ -118,10 +118,8 @@ static inline const EVP_CIPHER *tls_aead(const SSL_CIPHER *cipher) return EVP_aes_128_gcm(); case TLS1_3_CK_AES_256_GCM_SHA384: return EVP_aes_256_gcm(); -#if !defined(LIBRESSL_VERSION_NUMBER) case TLS1_3_CK_CHACHA20_POLY1305_SHA256: return EVP_chacha20_poly1305(); -#endif #ifndef USE_OPENSSL_WOLFSSL case TLS1_3_CK_AES_128_CCM_SHA256: return EVP_aes_128_ccm(); -- 2.39.2.windows.1