LibreSSL compatibility

- code distinguishes between OpenSSL 1.1.x and LibreSSL and works with
  both

src/protocol.py

@@ -502,7 +502,7 @@ else:
     sslProtocolVersion = ssl.PROTOCOL_TLSv1
 
 # ciphers
-if ssl.OPENSSL_VERSION_NUMBER >= 0x10100000:
+if ssl.OPENSSL_VERSION_NUMBER >= 0x10100000 and not ssl.OPENSSL_VERSION.startswith("LibreSSL"):
     sslProtocolCiphers = "AECDH-AES256-SHA@SECLEVEL=0"
 else:
     sslProtocolCiphers = "AECDH-AES256-SHA"

src/pyelliptic/cipher.py

@@ -77,7 +77,7 @@ class Cipher:
         return buff + self.final()
 
     def __del__(self):
-        if OpenSSL._hexversion > 0x10100000:
+        if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
             OpenSSL.EVP_CIPHER_CTX_reset(self.ctx)
         else:
             OpenSSL.EVP_CIPHER_CTX_cleanup(self.ctx)

src/pyelliptic/ecc.py

@@ -223,7 +223,7 @@ class ECC:
             if (OpenSSL.EC_KEY_set_private_key(own_key, own_priv_key)) == 0:
                 raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...")
 
-            if OpenSSL._hexversion > 0x10100000:
+            if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
                 OpenSSL.EC_KEY_set_method(own_key, OpenSSL.EC_KEY_OpenSSL())
             else:
                 OpenSSL.ECDH_set_method(own_key, OpenSSL.ECDH_OpenSSL())
@@ -310,7 +310,7 @@ class ECC:
             size = len(inputb)
             buff = OpenSSL.malloc(inputb, size)
             digest = OpenSSL.malloc(0, 64)
-            if OpenSSL._hexversion > 0x10100000:
+            if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
                 md_ctx = OpenSSL.EVP_MD_CTX_new()
             else:
                 md_ctx = OpenSSL.EVP_MD_CTX_create()
@@ -343,7 +343,7 @@ class ECC:
             if (OpenSSL.EC_KEY_check_key(key)) == 0:
                 raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
 
-            if OpenSSL._hexversion > 0x10100000:
+            if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
                 OpenSSL.EVP_MD_CTX_new(md_ctx)
             else:
                 OpenSSL.EVP_MD_CTX_init(md_ctx)
@@ -365,7 +365,7 @@ class ECC:
             OpenSSL.BN_free(pub_key_y)
             OpenSSL.BN_free(priv_key)
             OpenSSL.EC_POINT_free(pub_key)
-            if OpenSSL._hexversion > 0x10100000:
+            if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
                 OpenSSL.EVP_MD_CTX_free(md_ctx)
             else:
                 OpenSSL.EVP_MD_CTX_destroy(md_ctx)
@@ -381,7 +381,7 @@ class ECC:
             binputb = OpenSSL.malloc(inputb, len(inputb))
             digest = OpenSSL.malloc(0, 64)
             dgst_len = OpenSSL.pointer(OpenSSL.c_int(0))
-            if OpenSSL._hexversion > 0x10100000:
+            if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
                 md_ctx = OpenSSL.EVP_MD_CTX_new()
             else:
                 md_ctx = OpenSSL.EVP_MD_CTX_create()
@@ -405,7 +405,7 @@ class ECC:
                 raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
             if (OpenSSL.EC_KEY_check_key(key)) == 0:
                 raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
-            if OpenSSL._hexversion > 0x10100000:
+            if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
                 OpenSSL.EVP_MD_CTX_new(md_ctx)
             else:
                 OpenSSL.EVP_MD_CTX_init(md_ctx)
@@ -431,7 +431,7 @@ class ECC:
             OpenSSL.BN_free(pub_key_x)
             OpenSSL.BN_free(pub_key_y)
             OpenSSL.EC_POINT_free(pub_key)
-            if OpenSSL._hexversion > 0x10100000:
+            if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
                 OpenSSL.EVP_MD_CTX_free(md_ctx)
             else:
                 OpenSSL.EVP_MD_CTX_destroy(md_ctx)

src/pyelliptic/openssl.py

@@ -72,6 +72,7 @@ class _OpenSSL:
         """
         self._lib = ctypes.CDLL(library)
         self._version, self._hexversion, self._cflags = get_version(self._lib)
+        self._libreSSL = self._version.startswith("LibreSSL")
 
         self.pointer = ctypes.pointer
         self.c_int = ctypes.c_int
@@ -170,7 +171,7 @@ class _OpenSSL:
         self.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p,
                                                 ctypes.c_void_p]
 
-        if self._hexversion >= 0x10100000:
+        if self._hexversion >= 0x10100000 and not self._libreSSL:
             self.EC_KEY_OpenSSL = self._lib.EC_KEY_OpenSSL
             self._lib.EC_KEY_OpenSSL.restype = ctypes.c_void_p
             self._lib.EC_KEY_OpenSSL.argtypes = []
@@ -250,7 +251,7 @@ class _OpenSSL:
         self.EVP_rc4.restype = ctypes.c_void_p
         self.EVP_rc4.argtypes = []
  
-        if self._hexversion >= 0x10100000:
+        if self._hexversion >= 0x10100000 and not self._libreSSL:
             self.EVP_CIPHER_CTX_reset = self._lib.EVP_CIPHER_CTX_reset
             self.EVP_CIPHER_CTX_reset.restype = ctypes.c_int
             self.EVP_CIPHER_CTX_reset.argtypes = [ctypes.c_void_p]
@@ -306,7 +307,7 @@ class _OpenSSL:
         self.ECDSA_verify.argtypes = [ctypes.c_int, ctypes.c_void_p,
                                       ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p]
 
-        if self._hexversion >= 0x10100000:
+        if self._hexversion >= 0x10100000 and not self._libreSSL:
             self.EVP_MD_CTX_new = self._lib.EVP_MD_CTX_new
             self.EVP_MD_CTX_new.restype = ctypes.c_void_p
             self.EVP_MD_CTX_new.argtypes = []