> -----Original Message----- > From: Arne Schwabe [mailto:a...@rfc2549.org] > Sent: donderdag 11 augustus 2022 14:21 > To: Maximilian Fillinger <maximilian.fillin...@foxcrypto.com>; openvpn- > de...@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH 2/2] Handle EVP_MD_CTX as an opaque > struct > > Am 11.08.22 um 14:07 schrieb Max Fillinger: > > Building OpenVPN on the latest OpenBSD snapshot failed because > EVP_MD_CTX > > is an opaque struct in LibreSSL now. Therefore, call md_ctx_new() > instead > > of declaring them on the stack. When they're not on the stack anymore, > we > > don't have to call EVP_MD_CTX_init() anymore, but we need to call > > EVP_MD_CTX_free() instead of cleanup. > > Urgh. The whole reason I left this code with the EVP_MD_CTX is that it > is OpenSSL 1.0.2 only and I expected to be able to remove it sooner or > later. So LibreSSL doeds not support the alternative API for that? > > EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); > > is what we use for OpenSSL 1.1.0+ > > I am not happy to soon have LibreSSL specific code in our code but it > seems like if want to continue that library, we have to. > > The change looks good itself. > > Acked-By: Arne Schwabe <a...@rfc2549.org>
LibreSSL now has EVP_PKEY_CTX_new_id(), but it does not define EVP_PKEY_TLS1_PRF. _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
