On 03/18/2018 01:33 AM, Jonathan Gray wrote: > On Sat, Mar 17, 2018 at 05:24:47PM +0100, Marek Vasut wrote: >> On 03/17/2018 04:09 PM, Hauke Mehrtens wrote: >>> On 03/17/2018 03:47 PM, Marek Vasut wrote: >>>> On 03/17/2018 01:23 PM, Hauke Mehrtens wrote: >>>>> The mxsimage utility fails to compile against LibreSSL because LibreSSL >>>>> says it is OpenSSL 2.0, but it does not support the complete OpenSSL 1.1 >>>>> interface. >>>> >>>> The mxsimage does support OpenSSL 1.1 , the commit message is confusing. >>>> Can you elaborate on that and reword the last part ? >>> >>> libressl defines the following in version 2.7.4: >>> #define OPENSSL_VERSION_NUMBER 0x20000000L >>> #define LIBRESSL_VERSION_NUMBER 0x2060400fL >>> see here: >>> https://github.com/libressl-portable/openbsd/blob/OPENBSD_6_2/src/lib/libcrypto/opensslv.h >>> >>> But OPENSSL_zalloc() is not provided by libressl, that is only available >>> in OpeSSL 1.1.0 and later. >> >> So it's libressl that's API-incompatible and thus broken ? OK >> >> I guess the commit message should mention that and then yes, if >> LIBRESSL_VERSION_NUMBER is defined, we should treat it as old version of >> OpenSSL. > > LibreSSL implements parts of the OpenSSL 1.1 API without breaking > backwards compat like OpenSSL did. > > The proposed patch to mxsimage.c is wrong as some of these functions > are now implemented by LibreSSL. > > https://marc.info/?l=openbsd-cvs&m=151887933725237&w=2 > EVP_MD_CTX_new() > EVP_MD_CTX_free() > EVP_CIPHER_CTX_reset() > > OPENSSL_zalloc() is not implemented but it is only used in this ifdef block. > > A patch along the lines of the below would be better. > > diff --git a/tools/mxsimage.c b/tools/mxsimage.c > index 32a7978cae..c8f1f204e3 100644 > --- a/tools/mxsimage.c > +++ b/tools/mxsimage.c > @@ -26,7 +26,8 @@ > * OpenSSL 1.1.0 and newer compatibility functions: > * https://wiki.openssl.org/index.php/1.1_API_Changes > */ > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ > + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < > 0x2070000fL) > static void *OPENSSL_zalloc(size_t num) > { > void *ret = OPENSSL_malloc(num); > Yes you are right your patch is better. Now I also found these functions in the libressl repository and they will be available with the version 2.7.0. https://github.com/libressl-portable/openbsd/commit/2443cc9a48b200ef126dba99cbbb2f25937382e0 https://github.com/libressl-portable/openbsd/commit/651a8b53a2a41bbfc31d665b3f7030109d09606e
Is this sufficient or should I send a new patch? Hauke _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
