loqs
loqs
What if instead you tested for ```OPENSSL_VERSION_NUMBER < 0x10100000L```? I believe for libressl >= 3.5.0 that would be 0x20000000L and guaranteed not to change so would accommodate that case as...
What if instead you use a feature test? ``` diff --git a/crypto-openssl-10.cpp b/crypto-openssl-10.cpp index f0f2c53..1623690 100644 --- a/crypto-openssl-10.cpp +++ b/crypto-openssl-10.cpp @@ -28,16 +28,15 @@ * as that of the covered...
openssl 3.0.0 and 3.0.1 have now been released. Since alpha ERR_GET_FUNC has been removed [1] which is used in pxyconn.c https://github.com/droe/sslsplit/blob/dcce1abea1eea3d74d3c8cae3f426c9373f6189e/pxyconn.c#L2205 meaning sslsplit will no longer compile. ERR_func_error_string now returns...
Applying e17de8454a65d2b9ba432856971405dfcf1e7522 fixed the issue. Thank you for the fast response.
> Sorry for the late response; as you can see s2n-tls doesn't yet support OpenSSL 3.0.0, any help enumerating where the issues are is appreciated. Issue 1 https://github.com/aws/s2n-tls/blob/664fef571e7051a4cce290e5dac5ac6919c375ee/crypto/s2n_composite_cipher_aes_sha.c#L165 https://github.com/aws/s2n-tls/blob/664fef571e7051a4cce290e5dac5ac6919c375ee/crypto/s2n_composite_cipher_aes_sha.c#L175 https://www.openssl.org/docs/man3.0/man3/EVP_Cipher.html...
Swapping from gcc to clang and the tests than pass. I verified the same four tests fails on my system using gcc 11.2.0.
Adding any of ```-mno-sse``` ```-mno-sse2``` ```-mno-sse3``` to CXXFLAGS and the tests pass. Replacing ```-DARROW_SIMD_LEVEL=AVX2``` with ```-DARROW_SIMD_LEVEL=NONE -DARROW_RUNTIME_SIMD_LEVEL=AVX512``` and the tests also pass. This is all on an AMD system that...
The following allows coturn to build with openssl3. ```diff diff --git a/src/client/ns_turn_msg.c b/src/client/ns_turn_msg.c index 549f379..c7c5fbd 100644 --- a/src/client/ns_turn_msg.c +++ b/src/client/ns_turn_msg.c @@ -256,7 +256,7 @@ int stun_produce_integrity_key_str(const uint8_t *uname, const uint8_t...
I have only tested my proposed fix against OpenSSL 3.0 built with and without FIPS support. I do not believe it will break support for LibreSSL or OpenSSL < 3.0...
@mymedia2 my mistake the define should be OPENSSL_FIPS not FIPS_MODE which I found in https://github.com/openssl/openssl/commit/f844f9eb44186df2f8b0cfd3264b4eb003d8c61a I missed that just as FIPS_MODULE replaced FIPS_MODE, FIPS_MODE was a replacement for OPENSSL_FIPS. Edit:...