Re: [U-Boot] [PATCH] rsa-sign: Fix build against libressl

2018-04-19 Thread Jonathan Gray 
On Wed, Apr 18, 2018 at 10:37:43PM +0200, Hauke Mehrtens wrote:
> Libressl implements the OpenSSL 1.1 API partially and improved the
> support with version 2.7. For some code we have to take use the OpenSSL
> 1.0 API and for some parts the OpenSSL 1.1 API can be used.
> This was compile tested against libressl 2.6.4 and 2.7.2.

The parts that don't test LIBRESSL_VERSION_NUMBER look suspect.

> 
> Signed-off-by: Hauke Mehrtens 
> ---
>  lib/rsa/rsa-sign.c | 15 +--
>  1 file changed, 9 insertions(+), 6 deletions(-)
> 
> diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
> index 1da4ef7fff..b2a4446d83 100644
> --- a/lib/rsa/rsa-sign.c
> +++ b/lib/rsa/rsa-sign.c
> @@ -21,7 +21,8 @@
>  #define HAVE_ERR_REMOVE_THREAD_STATE
>  #endif
>  
> -#if OPENSSL_VERSION_NUMBER < 0x1010L
> +#if OPENSSL_VERSION_NUMBER < 0x1010L || \
> +(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 
> 0x207fL)
>  static void RSA_get0_key(const RSA *r,
>   const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
>  {
> @@ -300,7 +301,8 @@ static int rsa_init(void)
>  {
>   int ret;
>  
> -#if OPENSSL_VERSION_NUMBER < 0x1010L
> +#if OPENSSL_VERSION_NUMBER < 0x1010L || \
> +(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 
> 0x207fL)
>   ret = SSL_library_init();
>  #else
>   ret = OPENSSL_init_ssl(0, NULL);
> @@ -309,7 +311,7 @@ static int rsa_init(void)
>   fprintf(stderr, "Failure to init SSL library\n");
>   return -1;
>   }
> -#if OPENSSL_VERSION_NUMBER < 0x1010L
> +#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)
>   SSL_load_error_strings();
>  
>   OpenSSL_add_all_algorithms();

Shouldn't this block also be gated by VERSION < 0x207fL as 
SSL_library_init()
covers it?

> @@ -355,7 +357,7 @@ err_set_rsa:
>  err_engine_init:
>   ENGINE_free(e);
>  err_engine_by_id:
> -#if OPENSSL_VERSION_NUMBER < 0x1010L
> +#if OPENSSL_VERSION_NUMBER < 0x1010L ||  defined(LIBRESSL_VERSION_NUMBER)
>   ENGINE_cleanup();
>  #endif
>   return ret;
> @@ -363,7 +365,7 @@ err_engine_by_id:
>  
>  static void rsa_remove(void)
>  {
> -#if OPENSSL_VERSION_NUMBER < 0x1010L
> +#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)
>   CRYPTO_cleanup_all_ex_data();
>   ERR_free_strings();
>  #ifdef HAVE_ERR_REMOVE_THREAD_STATE
> @@ -433,7 +435,8 @@ static int rsa_sign_with_key(RSA *rsa, struct 
> checksum_algo *checksum_algo,
>   ret = rsa_err("Could not obtain signature");
>   goto err_sign;
>   }
> - #if OPENSSL_VERSION_NUMBER < 0x1010L
> + #if OPENSSL_VERSION_NUMBER < 0x1010L || \
> + defined(LIBRESSL_VERSION_NUMBER)
>   EVP_MD_CTX_cleanup(context);
>   #else
>   EVP_MD_CTX_reset(context);

EVP_MD_CTX_reset is present in recent LibreSSL as well and
should be used here.
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH] rsa-sign: Fix build against libressl

2018-04-18 Thread Hauke Mehrtens 
Libressl implements the OpenSSL 1.1 API partially and improved the
support with version 2.7. For some code we have to take use the OpenSSL
1.0 API and for some parts the OpenSSL 1.1 API can be used.
This was compile tested against libressl 2.6.4 and 2.7.2.

Signed-off-by: Hauke Mehrtens 
---
 lib/rsa/rsa-sign.c | 15 +--
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 1da4ef7fff..b2a4446d83 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -21,7 +21,8 @@
 #define HAVE_ERR_REMOVE_THREAD_STATE
 #endif
 
-#if OPENSSL_VERSION_NUMBER < 0x1010L
+#if OPENSSL_VERSION_NUMBER < 0x1010L || \
+(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x207fL)
 static void RSA_get0_key(const RSA *r,
  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
 {
@@ -300,7 +301,8 @@ static int rsa_init(void)
 {
int ret;
 
-#if OPENSSL_VERSION_NUMBER < 0x1010L
+#if OPENSSL_VERSION_NUMBER < 0x1010L || \
+(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x207fL)
ret = SSL_library_init();
 #else
ret = OPENSSL_init_ssl(0, NULL);
@@ -309,7 +311,7 @@ static int rsa_init(void)
fprintf(stderr, "Failure to init SSL library\n");
return -1;
}
-#if OPENSSL_VERSION_NUMBER < 0x1010L
+#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)
SSL_load_error_strings();
 
OpenSSL_add_all_algorithms();
@@ -355,7 +357,7 @@ err_set_rsa:
 err_engine_init:
ENGINE_free(e);
 err_engine_by_id:
-#if OPENSSL_VERSION_NUMBER < 0x1010L
+#if OPENSSL_VERSION_NUMBER < 0x1010L ||  defined(LIBRESSL_VERSION_NUMBER)
ENGINE_cleanup();
 #endif
return ret;
@@ -363,7 +365,7 @@ err_engine_by_id:
 
 static void rsa_remove(void)
 {
-#if OPENSSL_VERSION_NUMBER < 0x1010L
+#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
 #ifdef HAVE_ERR_REMOVE_THREAD_STATE
@@ -433,7 +435,8 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo 
*checksum_algo,
ret = rsa_err("Could not obtain signature");
goto err_sign;
}
-   #if OPENSSL_VERSION_NUMBER < 0x1010L
+   #if OPENSSL_VERSION_NUMBER < 0x1010L || \
+   defined(LIBRESSL_VERSION_NUMBER)
EVP_MD_CTX_cleanup(context);
#else
EVP_MD_CTX_reset(context);
-- 
2.11.0

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot