[U-Boot] tools/mxsimage: Support building with LibreSSL
Hauke Mehrtens
hauke at hauke-m.de
Sun Mar 18 00:55:29 UTC 2018
On 03/18/2018 01:33 AM, Jonathan Gray wrote:
> On Sat, Mar 17, 2018 at 05:24:47PM +0100, Marek Vasut wrote:
>> On 03/17/2018 04:09 PM, Hauke Mehrtens wrote:
>>> On 03/17/2018 03:47 PM, Marek Vasut wrote:
>>>> On 03/17/2018 01:23 PM, Hauke Mehrtens wrote:
>>>>> The mxsimage utility fails to compile against LibreSSL because LibreSSL
>>>>> says it is OpenSSL 2.0, but it does not support the complete OpenSSL 1.1
>>>>> interface.
>>>>
>>>> The mxsimage does support OpenSSL 1.1 , the commit message is confusing.
>>>> Can you elaborate on that and reword the last part ?
>>>
>>> libressl defines the following in version 2.7.4:
>>> #define OPENSSL_VERSION_NUMBER 0x20000000L
>>> #define LIBRESSL_VERSION_NUMBER 0x2060400fL
>>> see here:
>>> https://github.com/libressl-portable/openbsd/blob/OPENBSD_6_2/src/lib/libcrypto/opensslv.h
>>>
>>> But OPENSSL_zalloc() is not provided by libressl, that is only available
>>> in OpeSSL 1.1.0 and later.
>>
>> So it's libressl that's API-incompatible and thus broken ? OK
>>
>> I guess the commit message should mention that and then yes, if
>> LIBRESSL_VERSION_NUMBER is defined, we should treat it as old version of
>> OpenSSL.
>
> LibreSSL implements parts of the OpenSSL 1.1 API without breaking
> backwards compat like OpenSSL did.
>
> The proposed patch to mxsimage.c is wrong as some of these functions
> are now implemented by LibreSSL.
>
> https://marc.info/?l=openbsd-cvs&m=151887933725237&w=2
> EVP_MD_CTX_new()
> EVP_MD_CTX_free()
> EVP_CIPHER_CTX_reset()
>
> OPENSSL_zalloc() is not implemented but it is only used in this ifdef block.
>
> A patch along the lines of the below would be better.
>
> diff --git a/tools/mxsimage.c b/tools/mxsimage.c
> index 32a7978cae..c8f1f204e3 100644
> --- a/tools/mxsimage.c
> +++ b/tools/mxsimage.c
> @@ -26,7 +26,8 @@
> * OpenSSL 1.1.0 and newer compatibility functions:
> * https://wiki.openssl.org/index.php/1.1_API_Changes
> */
> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
> + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
> static void *OPENSSL_zalloc(size_t num)
> {
> void *ret = OPENSSL_malloc(num);
>
Yes you are right your patch is better. Now I also found these functions
in the libressl repository and they will be available with the version
2.7.0.
https://github.com/libressl-portable/openbsd/commit/2443cc9a48b200ef126dba99cbbb2f25937382e0
https://github.com/libressl-portable/openbsd/commit/651a8b53a2a41bbfc31d665b3f7030109d09606e
Is this sufficient or should I send a new patch?
Hauke
More information about the U-Boot
mailing list