[U-Boot] tools/mxsimage: Support building with LibreSSL

Jonathan Gray jsg at jsg.id.au
Sun Mar 18 00:33:15 UTC 2018


On Sat, Mar 17, 2018 at 05:24:47PM +0100, Marek Vasut wrote:
> On 03/17/2018 04:09 PM, Hauke Mehrtens wrote:
> > On 03/17/2018 03:47 PM, Marek Vasut wrote:
> >> On 03/17/2018 01:23 PM, Hauke Mehrtens wrote:
> >>> The mxsimage utility fails to compile against LibreSSL because LibreSSL
> >>> says it is OpenSSL 2.0, but it does not support the complete OpenSSL 1.1
> >>> interface.
> >>
> >> The mxsimage does support OpenSSL 1.1 , the commit message is confusing.
> >> Can you elaborate on that and reword the last part ?
> > 
> > libressl defines the following in version 2.7.4:
> > #define OPENSSL_VERSION_NUMBER	0x20000000L
> > #define LIBRESSL_VERSION_NUMBER	0x2060400fL
> > see here:
> > https://github.com/libressl-portable/openbsd/blob/OPENBSD_6_2/src/lib/libcrypto/opensslv.h
> > 
> > But OPENSSL_zalloc() is not provided by libressl, that is only available
> > in OpeSSL 1.1.0 and later.
> 
> So it's libressl that's API-incompatible and thus broken ? OK
> 
> I guess the commit message should mention that and then yes, if
> LIBRESSL_VERSION_NUMBER is defined, we should treat it as old version of
> OpenSSL.

LibreSSL implements parts of the OpenSSL 1.1 API without breaking
backwards compat like OpenSSL did.

The proposed patch to mxsimage.c is wrong as some of these functions
are now implemented by LibreSSL.

https://marc.info/?l=openbsd-cvs&m=151887933725237&w=2
EVP_MD_CTX_new()
EVP_MD_CTX_free()
EVP_CIPHER_CTX_reset()

OPENSSL_zalloc() is not implemented but it is only used in this ifdef block.

A patch along the lines of the below would be better.

diff --git a/tools/mxsimage.c b/tools/mxsimage.c
index 32a7978cae..c8f1f204e3 100644
--- a/tools/mxsimage.c
+++ b/tools/mxsimage.c
@@ -26,7 +26,8 @@
  * OpenSSL 1.1.0 and newer compatibility functions:
  * https://wiki.openssl.org/index.php/1.1_API_Changes
  */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
+    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
 static void *OPENSSL_zalloc(size_t num)
 {
 	void *ret = OPENSSL_malloc(num);


More information about the U-Boot mailing list