Closed mgrabovsky closed 4 years ago
The integration of both LibreSSL and OpenSSL/BoringSSL could be done in a similar way of how BoringSSL support was added while keeping OpenSSL. I would suggest adding the libressl-portable as a git submodule into ext/
like how BoringSSL is. Then the makefile target for LibreSSL in standalone/libs/jni
will do the same stuff as the BoringSSL target (copy over and rename the .so
from the built LibreSSL in the submodule and link to it, instead of just -lcrypto
). The LibreSSLLib would also specify this library name instead of just crypto
.
This should work to be able to use all of the three libs at the same time. It might also require some messing with RPATH
or something like that, but maybe not, so it is worth a try.
Thanks for the tip! I'll look into it soon.
I have just updated the code in a manner similar to BoringSSL. It should all go fine now.
Is there still something left to be done here?
Not really. Thanks for the PR and the work done! :+1: Merging :tada:
I've reused the BoringSSL provider to add support for LibreSSL. Some small changes had to be done, since LibreSSL doesn't provide two functions in its API (
EC_GROUP_get0_order
andBN_bn2bin_padded
). Created and tested on Fedora 30, using LibreSSL 2.9.2 from the LibreLAMP project.Currently, the implementation doesn't play well with OpenSSL, because LibreSSL uses the same library names (
libcrypto.so
, etc.). In practice, it is therefore conventionally not even possible to have them both installed at the same time (short of static linking,LD_LIBRARY_PATH
, using chroot, Docker or something else).I have therefore disabled loading in the OpenSSL provider in
ECTesterStandalone
for now.I've taken the provider for a test drive by generating a couple of keys, performing ECDH operations and generating ECDSA signatures (each of them 100,000 times). All seems to have gone quite well. Here's a sneak peek at one of the diagnostic plots: