[U-Boot] tools/mxsimage: Support building with LibreSSL

Hauke Mehrtens hauke at hauke-m.de
Sun Mar 18 00:55:29 UTC 2018


On 03/18/2018 01:33 AM, Jonathan Gray wrote:
> On Sat, Mar 17, 2018 at 05:24:47PM +0100, Marek Vasut wrote:
>> On 03/17/2018 04:09 PM, Hauke Mehrtens wrote:
>>> On 03/17/2018 03:47 PM, Marek Vasut wrote:
>>>> On 03/17/2018 01:23 PM, Hauke Mehrtens wrote:
>>>>> The mxsimage utility fails to compile against LibreSSL because LibreSSL
>>>>> says it is OpenSSL 2.0, but it does not support the complete OpenSSL 1.1
>>>>> interface.
>>>>
>>>> The mxsimage does support OpenSSL 1.1 , the commit message is confusing.
>>>> Can you elaborate on that and reword the last part ?
>>>
>>> libressl defines the following in version 2.7.4:
>>> #define OPENSSL_VERSION_NUMBER	0x20000000L
>>> #define LIBRESSL_VERSION_NUMBER	0x2060400fL
>>> see here:
>>> https://github.com/libressl-portable/openbsd/blob/OPENBSD_6_2/src/lib/libcrypto/opensslv.h
>>>
>>> But OPENSSL_zalloc() is not provided by libressl, that is only available
>>> in OpeSSL 1.1.0 and later.
>>
>> So it's libressl that's API-incompatible and thus broken ? OK
>>
>> I guess the commit message should mention that and then yes, if
>> LIBRESSL_VERSION_NUMBER is defined, we should treat it as old version of
>> OpenSSL.
> 
> LibreSSL implements parts of the OpenSSL 1.1 API without breaking
> backwards compat like OpenSSL did.
> 
> The proposed patch to mxsimage.c is wrong as some of these functions
> are now implemented by LibreSSL.
> 
> https://marc.info/?l=openbsd-cvs&m=151887933725237&w=2
> EVP_MD_CTX_new()
> EVP_MD_CTX_free()
> EVP_CIPHER_CTX_reset()
> 
> OPENSSL_zalloc() is not implemented but it is only used in this ifdef block.
> 
> A patch along the lines of the below would be better.
> 
> diff --git a/tools/mxsimage.c b/tools/mxsimage.c
> index 32a7978cae..c8f1f204e3 100644
> --- a/tools/mxsimage.c
> +++ b/tools/mxsimage.c
> @@ -26,7 +26,8 @@
>   * OpenSSL 1.1.0 and newer compatibility functions:
>   * https://wiki.openssl.org/index.php/1.1_API_Changes
>   */
> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
> +    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
>  static void *OPENSSL_zalloc(size_t num)
>  {
>  	void *ret = OPENSSL_malloc(num);
> 
Yes you are right your patch is better. Now I also found these functions
in the libressl repository and they will be available with the version
2.7.0.
https://github.com/libressl-portable/openbsd/commit/2443cc9a48b200ef126dba99cbbb2f25937382e0
https://github.com/libressl-portable/openbsd/commit/651a8b53a2a41bbfc31d665b3f7030109d09606e

Is this sufficient or should I send a new patch?

Hauke


More information about the U-Boot mailing list