[gnutls-devel] GnuTLS | Fix cipher-openssl-compat failing with LibreSSL (!846)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Dec 26 13:36:02 CET 2018


Okay based on their answer, `EVP_get_cipherbyname(ocipher)` will fail for aes-{128,192,256}-ccm because the NID is not registered in `crypto/evp/c_all.c` because of an oversight that will be fixed shortly and will fail for `chacha20-poly1305` because they do not yet have an EVP implementation for it, only an EVP_AEAD implementation.

So the

    @@ -189,7 +189,7 @@
            /* ciphers */
            cipher_test("aes-128-gcm", GNUTLS_CIPHER_AES_128_GCM, 16);
            cipher_test("aes-256-gcm", GNUTLS_CIPHER_AES_256_GCM, 16);
    -#if OPENSSL_VERSION_NUMBER >= 0x10100000L
    +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined (LIBRESSL_VERSION_NUMBER)
            if (!gnutls_fips140_mode_enabled()) {
                    cipher_test("chacha20-poly1305", GNUTLS_CIPHER_CHACHA20_POLY1305, 16);
            }

from the patch I made in !845 is still needed, but the first part of the patch I made is fixed by this PR.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/846#note_127306480
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181226/7145b44a/attachment.html>


More information about the Gnutls-devel mailing list