LibreSSL 2.7.x supports some OpenSSL 1.1 APIs?

Toralf points me towards this Python patch:

https://github.com/gentoo/gentoo/blob/master/dev-lang/python/files/python-3.5.5-libressl-compatibility.patch

It implies that for Python's purposes at least, LibreSSL 2.7.x supports the newer openssl APIs. We should test that out, and if so, support it.

changed milestone to %Tor: unspecified

added 035-removed-20180711 component::core tor/tor milestone::Tor: unspecified priority::medium severity::normal status::new type::defect labels

So I tried merging the obvious patch:

--- a/src/common/compat_openssl.h
+++ b/src/common/compat_openssl.h
@@ -28,6 +28,11 @@
 #define OPENSSL_1_1_API
 #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */
 
+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
+/* LibreSSL 2.7.x and later also have this API */
+#define OPENSSL_1_1_API
+#endif
+
 #ifndef OPENSSL_VERSION
 #define OPENSSL_VERSION SSLEAY_VERSION
 #endif

And while it appears that libressl supports some of the new OpenSSL APIs, the port is nontrivial: there are other things that we're conditioning on the 1.1 API that libressl does not have.

So let's revisit this in a later series.

Trac:
Milestone: Tor: 0.3.4.x-final to Tor: 0.3.5.x-final
Summary: LibreSSL 2.7.x may support OpenSSL 1.1 APIs? to LibreSSL 2.7.x supports some OpenSSL 1.1 APIs?

These tickets are being triaged out of 0.3.5. The ones marked "035-roadmap-proposed" may return.

Trac:
Milestone: Tor: 0.3.5.x-final to Tor: unspecified
Keywords: N/A deleted, 035-removed-20180711 added

with LibreSSL 2.6.5 at a hardened Gentroo I do get with current git tree:

orproject@mr-fox ~/tor $ git describe
tor-0.3.5.0-alpha-dev-621-g5aaea38d8
torproject@mr-fox ~/tor $ 
torproject@mr-fox ~/tor $ make
make  all-am
make[1]: Entering directory '/home/torproject/tor'
  CC       src/lib/crypt_ops/crypto_hkdf.o
afl-cc 2.52b by <lcamtuf@google.com>
src/lib/crypt_ops/crypto_hkdf.c:24:10: fatal error: openssl/kdf.h: No such file or directory
 #include <openssl/kdf.h>
          ^~~~~~~~~~~~~~~
compilation terminated.
make[1]: *** [Makefile:8150: src/lib/crypt_ops/crypto_hkdf.o] Error 1
make[1]: Leaving directory '/home/torproject/tor'
make: *** [Makefile:4554: all] Error 2

toralf -- that sounds like a separate issue, if it's happening on an unmodified version of git master?

(In fact, that issue might be #26712 (moved)?)

Replying to nickm:

toralf -- that sounds like a separate issue, if it's happening on an unmodified version of git master? yes - that's why I pasted "git describe" too here

right - and this separate HKDF issue is fixed by commit 2b523604 - tested here with LibreSSL 2.6.5

These tickets are not things I'm currently working on. They may be important, but they don't need to be done by me specifically. Un-assigning.

Trac:
Owner: nickm to N/A

Change tickets that are assigned to nobody to "new".

Trac:
Status: assigned to new

moved to tpo/core/tor#26034 (closed)