search for: libressl_version_number

On 2016-11-02, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > If the standard way works, I am happy to include the original patch I > sent, amended so that it checks for presence of LIBRESSL_VERSION_NUMBER. > If they keep this promise, then we should have no worries about things > breaking up. Diff below is what I've added to OpenBSD ports. The libressl API is not cast in stone, there's a possibility some functions from newer OpenSSL might be added - in fact we already have some lik...

If the standard way works, I am happy to include the original patch I sent, amended so that it checks for presence of LIBRESSL_VERSION_NUMBER. If they keep this promise, then we should have no worries about things breaking up. Aki On 02.11.2016 14:24, Michael A. Peters wrote: > Indeed, which is why I use it. > > But it also is in the minority which is why I find it acceptable for > FLOSS projects like dovecot to elect to...

Hi Xiph.org Team. We are using opusfile library <https://github.com/xiph/opusfile> for streaming *.opus* audio in our projects. But now we have a problem with building opusfile library for android with *ndk-build*. In particular, with arm64-v8a platform: Google removed <sys/timeb.h> from android. And now building opusfile with nkd-build crashes with error "fatal error:

>openssl version Libressl 2.4.4 Patch for dovecot: perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER < 0x10100000L\s*)$/$1 || defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-dcrypt/dcrypt-openssl.c; perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER < 0x10100000L\s*)$/$1 || defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-ssl-iostream/dovecot-openssl-common.c; perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER >= 0x10100000L\s*)$/$1 && !defi...

Standard way to fix it (on the LibreSSL page) is to check for LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think catches them all where needed. Note the word think. It certainly appears to be working anyway with it. On 11/02/2016 04:07 AM, Aki Tuomi wrote: > After doing some testing by myself, I noticed that libressl, for some > unknown reason, defines > &gt...

...gt; with libressl as they evolve their API. I would personally like to avoid >> more ifdef hell if possible... >> >> Aki >> >> >> On 02.11.2016 13:22, Michael A. Peters wrote: >>> Standard way to fix it (on the LibreSSL page) is to check for >>> LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think >>> catches them all where needed. Note the word think. >>> >>> It certainly appears to be working anyway with it. >>> >>> On 11/02/2016 04:07 AM, Aki Tuomi wrote: >>>> After doing some testing by mysel...

...that it will keep on breaking > with libressl as they evolve their API. I would personally like to avoid > more ifdef hell if possible... > > Aki > > > On 02.11.2016 13:22, Michael A. Peters wrote: >> Standard way to fix it (on the LibreSSL page) is to check for >> LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think >> catches them all where needed. Note the word think. >> >> It certainly appears to be working anyway with it. >> >> On 11/02/2016 04:07 AM, Aki Tuomi wrote: >>> After doing some testing by myself, I noticed that libres...

...cipher-chachapoly.c +++ b/cipher-chachapoly.c @@ -109,7 +109,14 @@ chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest, const u_char *src, u_int len, u_int aadlen, u_int authlen, int do_encrypt) { #if defined(WITH_OPENSSL) && defined(HAVE_EVP_CHACHA20) +#if defined(LIBRESSL_VERSION_NUMBER) +#define CHACHA_IV_OFFSET 4 + u_char seqbuf[12]; +#else +#define CHACHA_IV_OFFSET 8 + /* OpenSSL IV contains also the counter in the first 4 bytes */ u_char seqbuf[16]; +#endif int r = SSH_ERR_LIBCRYPTO_ERROR; #else u_char seqbuf[8]; @@ -125,7 +132,7 @@ chachapoly_crypt(struct chachapoly_ct...

...;shout_private.h" #ifndef XXX_HAVE_X509_check_host @@ -61,16 +62,20 @@ shout_tls_t *shout_tls_new(shout_t *self, sock_t socket) static inline int tls_setup(shout_tls_t *tls) { - SSL_METHOD *meth; + const SSL_METHOD *meth; +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) SSL_library_init(); SSL_load_error_strings(); SSLeay_add_all_algorithms(); SSLeay_add_ssl_algorithms(); - meth = TLSv1_client_method(); + meth = SSLv23_client_method(); if (!meth) goto error; +#else + meth = TLS_client_method(); +#endif tls->s...

...oes work today, I am just bit worried that it will keep on breaking with libressl as they evolve their API. I would personally like to avoid more ifdef hell if possible... Aki On 02.11.2016 13:22, Michael A. Peters wrote: > Standard way to fix it (on the LibreSSL page) is to check for > LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think > catches them all where needed. Note the word think. > > It certainly appears to be working anyway with it. > > On 11/02/2016 04:07 AM, Aki Tuomi wrote: >> After doing some testing by myself, I noticed that libressl, for some >> u...

...gt; with libressl as they evolve their API. I would personally like to avoid >> more ifdef hell if possible... >> >> Aki >> >> >> On 02.11.2016 13:22, Michael A. Peters wrote: >>> Standard way to fix it (on the LibreSSL page) is to check for >>> LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think >>> catches them all where needed. Note the word think. >>> >>> It certainly appears to be working anyway with it. >>> >>> On 11/02/2016 04:07 AM, Aki Tuomi wrote: >>>> After doing some testing by mysel...

...their API. I would personally like to avoid >>> more ifdef hell if possible... >>> >>> Aki >>> >>> >>> On 02.11.2016 13:22, Michael A. Peters wrote: >>>> Standard way to fix it (on the LibreSSL page) is to check for >>>> LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think >>>> catches them all where needed. Note the word think. >>>> >>>> It certainly appears to be working anyway with it. >>>> >>>> On 11/02/2016 04:07 AM, Aki Tuomi wrote: >>>>> After doi...

Hi! Those are used if #if OPENSSL_VERSION_NUMBER >= 0x10100000L So (your) libressl is providing this define. We compile our code using GCC and CLANG regularly, with OpenSSL v1.0.x which is the currently officially supported one. Aki On 02.11.2016 12:34, Ruga wrote: > dovecot 2.2.26.0 uses the following functions, which are not available on libressl 2.4.3: > > HMAC_CTX_new >

...hat to create an RSA_METHOD object for each key. Because of APIs (in addition to ECDSA support) needed by the patch this currently works with: - LibreSSL >= 2.2.2: until LibreSSL 2.1.2 (which is the what I am testing for), the ECDSA_METHOD structure was defined in a private header. But the LIBRESSL_VERSION_NUMBER constant was not updated until 2.2.2. - OpenSSL >= 1.0.2: creating your own ECDSA_METHOD is not possible before because the ECDSA_METHOD structure if opacified. In OpenSSL 1.0.2, they added the option to create new ECDSA_METHOD object if this is detectable with the ECDSA_F_ECDSA_METHOD_...

On some cpu's optimized chacha implementation in openssl (1.1.0+) is notably faster (and on others it is just faster) than generic C implementation in openssh. Sadly, openssl's chacha20-poly1305 (EVP_chacha20_poly1305) uses different scheme (with padding/etc - see rfc8439) and it looks it is not possible to use in openssh. OpenSSL 1.1.1+ also exports "raw" poly1305 primitive,

Hi, more or less a year ago Kurt Roeckx provided an initial port towards the OpenSSL 1.1 API [0]. The patch has been left untouched [1] and it has been complained about a missing compat layer of the new vs the old API within the OpenSSL library [2]. This is how I reconstructed the situation as of today and I am not aware of any progress in regard to the newer library within the OpenSSH project.

...hat to create an RSA_METHOD object for each key. Because of APIs (in addition to ECDSA support) needed by the patch this currently works with: - LibreSSL >= 2.2.2: until LibreSSL 2.1.2 (which is the what I am testing for), the ECDSA_METHOD structure was defined in a private header. But the LIBRESSL_VERSION_NUMBER constant was not updated until 2.2.2. - OpenSSL >= 1.0.2: creating your own ECDSA_METHOD is not possible before because the ECDSA_METHOD structure if opacified. In OpenSSL 1.0.2, they added the option to create new ECDSA_METHOD object if this is detectable with the ECDSA_F_ECDSA_METHOD_...