[U-Boot] tools/mxsimage: Support building with LibreSSL

Sun Mar 18 06:02:37 UTC 2018

On Sun, Mar 18, 2018 at 01:55:29AM +0100, Hauke Mehrtens wrote:
> On 03/18/2018 01:33 AM, Jonathan Gray wrote:
> > On Sat, Mar 17, 2018 at 05:24:47PM +0100, Marek Vasut wrote:
> >> On 03/17/2018 04:09 PM, Hauke Mehrtens wrote:
> >>> On 03/17/2018 03:47 PM, Marek Vasut wrote:
> >>>> On 03/17/2018 01:23 PM, Hauke Mehrtens wrote:
> >>>>> The mxsimage utility fails to compile against LibreSSL because LibreSSL
> >>>>> says it is OpenSSL 2.0, but it does not support the complete OpenSSL 1.1
> >>>>> interface.
> >>>>
> >>>> The mxsimage does support OpenSSL 1.1 , the commit message is confusing.
> >>>> Can you elaborate on that and reword the last part ?
> >>>
> >>> libressl defines the following in version 2.7.4:
> >>> #define OPENSSL_VERSION_NUMBER	0x20000000L
> >>> #define LIBRESSL_VERSION_NUMBER	0x2060400fL
> >>> see here:
> >>> https://github.com/libressl-portable/openbsd/blob/OPENBSD_6_2/src/lib/libcrypto/opensslv.h
> >>>
> >>> But OPENSSL_zalloc() is not provided by libressl, that is only available
> >>> in OpeSSL 1.1.0 and later.
> >>
> >> So it's libressl that's API-incompatible and thus broken ? OK
> >>
> >> I guess the commit message should mention that and then yes, if
> >> LIBRESSL_VERSION_NUMBER is defined, we should treat it as old version of
> >> OpenSSL.
> > 
> > LibreSSL implements parts of the OpenSSL 1.1 API without breaking
> > backwards compat like OpenSSL did.
> > 
> > The proposed patch to mxsimage.c is wrong as some of these functions
> > are now implemented by LibreSSL.
> > 
> > https://marc.info/?l=openbsd-cvs&m=151887933725237&w=2
> > EVP_MD_CTX_new()
> > EVP_MD_CTX_free()
> > EVP_CIPHER_CTX_reset()
> > 
> > OPENSSL_zalloc() is not implemented but it is only used in this ifdef block.
> > 
> > A patch along the lines of the below would be better.
> > 
> > diff --git a/tools/mxsimage.c b/tools/mxsimage.c
> > index 32a7978cae..c8f1f204e3 100644
> > --- a/tools/mxsimage.c
> > +++ b/tools/mxsimage.c
> > @@ -26,7 +26,8 @@
> >   * OpenSSL 1.1.0 and newer compatibility functions:
> >   * https://wiki.openssl.org/index.php/1.1_API_Changes
> >   */
> > -#if OPENSSL_VERSION_NUMBER < 0x10100000L
> > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
> > +    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
> >  static void *OPENSSL_zalloc(size_t num)
> >  {
> >  	void *ret = OPENSSL_malloc(num);
> > 
> Yes you are right your patch is better. Now I also found these functions
> in the libressl repository and they will be available with the version
> 2.7.0.
> https://github.com/libressl-portable/openbsd/commit/2443cc9a48b200ef126dba99cbbb2f25937382e0
> https://github.com/libressl-portable/openbsd/commit/651a8b53a2a41bbfc31d665b3f7030109d09606e
> 
> Is this sufficient or should I send a new patch?

I think you'll need to send a v2 for it to get picked up.