From: William Lallemand <wlallemand@haproxy.org>
Date: Fri, 2 Sep 2022 13:35:09 +0000 (+0200)
Subject: BUILD: quic: temporarly ignore chacha20_poly1305 for libressl
X-Git-Tag: v2.7-dev6~99
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d2be9d4c48b71b2132938dbfac36142cc7b8f7c4;p=thirdparty%2Fhaproxy.git

BUILD: quic: temporarly ignore chacha20_poly1305 for libressl

LibreSSL does not implement EVP_chacha20_poly1305() with EVP_CIPHER but
uses the EVP_AEAD API instead:

https://man.openbsd.org/EVP_AEAD_CTX_init

This patch disables this cipher for libreSSL for now.
---

diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h
index c326ce9e81..02e155d00b 100644
--- a/include/haproxy/quic_tls.h
+++ b/include/haproxy/quic_tls.h
@@ -135,8 +135,10 @@ static inline const EVP_CIPHER *tls_aead(const SSL_CIPHER *cipher)
 		return EVP_aes_128_gcm();
 	case TLS1_3_CK_AES_256_GCM_SHA384:
 		return EVP_aes_256_gcm();
+#if !defined(LIBRESSL_VERSION_NUMBER)
 	case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
 		return EVP_chacha20_poly1305();
+#endif
 	case TLS1_3_CK_AES_128_CCM_SHA256:
 		return EVP_aes_128_ccm();
 	default: