[PATCH 1/1] lib/ecdsa: Fix LibreSSL before v2.7.0
Alex G.
mr.nuke.me at gmail.com
Thu Jul 29 17:48:30 CEST 2021
Hi Artem
On 7/29/21 9:52 AM, Artem Panfilov wrote:
> On 29.07.2021 15:59, Tom Rini wrote:
>> Well yes, this is part of the question now, is there enough interest in
>> the old version to bother with? The other part of the question is
>> what's being built now that wasn't being built before, and is that a bug
>> or a feature (a less CONFIG-dependent set of tools is good for generic
>> distributions).
>
> OK, if someone else will report the same issue after u-boot release,
> then it should be fixed. Currently, I am okay with my local fix
> by disabling the CONFIG_TOOLS_LIBCRYPTO option.
ECDSA signing was not verified against a libcrypto that old. Given that
signatures are non-deterministic, I doubt we could have a CI test that
says old-libcrypto, known block must equal known signature.
When we added ECDSA, there was not a need to consider old libcrypto
versions, but I also did not pay attention to the #ifdefs in the much
older RSA path. I'm sorry that you had to go through the frustrations of
getting a patch rejected which does something the codebase already does.
I am going to take a look at cleaning up the RSA path. There's no point
in maintaining backwards compatibility if we're not doing it across the
board.
Alex
More information about the U-Boot
mailing list