* [Buildroot] [PATCH 1/1] package/opensc: fix build with libressl
@ 2022-08-20 13:06 Fabrice Fontaine
2022-08-24 20:00 ` Arnout Vandecappelle
0 siblings, 1 reply; 2+ messages in thread
From: Fabrice Fontaine @ 2022-08-20 13:06 UTC (permalink / raw)
To: buildroot; +Cc: José Pekkarinen, Fabrice Fontaine
Fix the following build failure with libressl raised since the addition
of the package in commit 8aaa7ecbce1d10cbcd880c3da5e429988f96176a:
In file included from internal.h:45,
from card-authentic.c:32:
/nvmedata/autobuild/instance-29/output-1/host/powerpc64-buildroot-linux-gnu/sysroot/usr/include/openssl/x509v3.h:802:10: error: expected ')' before '*' token
802 | uint32_t X509_get_extension_flags(X509 *x);
| ^~~~~~~~~~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/7b50ab363c174636fb27d554223287d7496676ed
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...02-added-compatibility-with-LibreSSL.patch | 172 ++++++++++++++++++
.../0003-Fix-build-with-libressl-3.5.0.patch | 46 +++++
2 files changed, 218 insertions(+)
create mode 100644 package/opensc/0002-added-compatibility-with-LibreSSL.patch
create mode 100644 package/opensc/0003-Fix-build-with-libressl-3.5.0.patch
diff --git a/package/opensc/0002-added-compatibility-with-LibreSSL.patch b/package/opensc/0002-added-compatibility-with-LibreSSL.patch
new file mode 100644
index 0000000000..1e13a070c8
--- /dev/null
+++ b/package/opensc/0002-added-compatibility-with-LibreSSL.patch
@@ -0,0 +1,172 @@
+From 302ad70471efa279b033d4d5511d979ec5d965fe Mon Sep 17 00:00:00 2001
+From: Frank Morgner <frankmorgner@gmail.com>
+Date: Thu, 20 Jan 2022 17:01:46 +0100
+Subject: [PATCH] added compatibility with LibreSSL
+
+[Retrieved (and backported) from:
+https://github.com/OpenSC/OpenSC/commit/302ad70471efa279b033d4d5511d979ec5d965fe]
+---
+ src/libopensc/sc-ossl-compat.h | 7 +++++++
+ src/tests/p11test/p11test_case_common.c | 14 ++++++++++++++
+ src/tests/p11test/p11test_case_ec_derive.c | 4 ++++
+ src/tests/p11test/p11test_case_readonly.c | 9 +++++++--
+ 4 files changed, 32 insertions(+), 2 deletions(-)
+
+diff --git a/src/libopensc/sc-ossl-compat.h b/src/libopensc/sc-ossl-compat.h
+index f885f85bb9..ec694ad48d 100644
+--- a/src/libopensc/sc-ossl-compat.h
++++ b/src/libopensc/sc-ossl-compat.h
+@@ -105,6 +105,13 @@ extern "C" {
+ /* workaround unused value warning for a macro that does nothing */
+ #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
+ #define OPENSSL_malloc_init()
++#define FIPS_mode() (0)
++#define EVP_sha3_224() (NULL)
++#define EVP_sha3_256() (NULL)
++#define EVP_sha3_384() (NULL)
++#define EVP_sha3_512() (NULL)
++#define EVP_PKEY_new_raw_public_key(t, e, p, l) (NULL)
++#define EVP_PKEY_get_raw_public_key(p, pu, l) (0)
+ #endif
+
+ #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+diff --git a/src/tests/p11test/p11test_case_common.c b/src/tests/p11test/p11test_case_common.c
+index e432f8f4ed..f091dbcc10 100644
+--- a/src/tests/p11test/p11test_case_common.c
++++ b/src/tests/p11test/p11test_case_common.c
+@@ -164,6 +164,7 @@ add_supported_mechs(test_cert_t *o)
+ o->mechs[0].result_flags = 0;
+ o->mechs[0].usage_flags = CKF_SIGN | CKF_VERIFY;
+ }
++#ifdef EVP_PKEY_ED25519
+ } else if (o->type == EVP_PKEY_ED25519) {
+ if (token.num_ed_mechs > 0 ) {
+ o->num_mechs = token.num_ed_mechs;
+@@ -184,6 +185,8 @@ add_supported_mechs(test_cert_t *o)
+ o->mechs[0].result_flags = 0;
+ o->mechs[0].usage_flags = CKF_SIGN | CKF_VERIFY;
+ }
++#endif
++#ifdef EVP_PKEY_X25519
+ } else if (o->type == EVP_PKEY_X25519) {
+ if (token.num_montgomery_mechs > 0 ) {
+ o->num_mechs = token.num_montgomery_mechs;
+@@ -204,6 +207,7 @@ add_supported_mechs(test_cert_t *o)
+ o->mechs[0].result_flags = 0;
+ o->mechs[0].usage_flags = CKF_DERIVE;
+ }
++#endif
+ }
+ }
+
+@@ -601,6 +605,7 @@ int callback_public_keys(test_certs_t *objects,
+ a = template[6].pValue;
+ if (d2i_ASN1_PRINTABLESTRING(&curve, &a, (long)template[6].ulValueLen) != NULL) {
+ switch (o->key_type) {
++#ifdef EVP_PKEY_ED25519
+ case CKK_EC_EDWARDS:
+ if (strcmp((char *)curve->data, "edwards25519")) {
+ debug_print(" [WARN %s ] Unknown curve name. "
+@@ -608,6 +613,8 @@ int callback_public_keys(test_certs_t *objects,
+ }
+ evp_type = EVP_PKEY_ED25519;
+ break;
++#endif
++#ifdef EVP_PKEY_X25519
+ case CKK_EC_MONTGOMERY:
+ if (strcmp((char *)curve->data, "curve25519")) {
+ debug_print(" [WARN %s ] Unknown curve name. "
+@@ -615,16 +622,20 @@ int callback_public_keys(test_certs_t *objects,
+ }
+ evp_type = EVP_PKEY_X25519;
+ break;
++#endif
+ default:
+ debug_print(" [WARN %s ] Unknown key type %lu", o->id_str, o->key_type);
+ return -1;
+ }
+ ASN1_PRINTABLESTRING_free(curve);
+ } else if (d2i_ASN1_OBJECT(&obj, &a, (long)template[6].ulValueLen) != NULL) {
++#if defined(EVP_PKEY_ED25519) || defined (EVP_PKEY_X25519)
+ int nid = OBJ_obj2nid(obj);
++#endif
+ ASN1_OBJECT_free(obj);
+
+ switch (o->key_type) {
++#ifdef EVP_PKEY_ED25519
+ case CKK_EC_EDWARDS:
+ if (nid != NID_ED25519) {
+ debug_print(" [WARN %s ] Unknown OID. "
+@@ -632,6 +643,8 @@ int callback_public_keys(test_certs_t *objects,
+ }
+ evp_type = EVP_PKEY_ED25519;
+ break;
++#endif
++#ifdef EVP_PKEY_X25519
+ case CKK_EC_MONTGOMERY:
+ if (nid != NID_X25519) {
+ debug_print(" [WARN %s ] Unknown OID. "
+@@ -639,6 +652,7 @@ int callback_public_keys(test_certs_t *objects,
+ }
+ evp_type = EVP_PKEY_X25519;
+ break;
++#endif
+ default:
+ debug_print(" [WARN %s ] Unknown key type %lu", o->id_str, o->key_type);
+ return -1;
+diff --git a/src/tests/p11test/p11test_case_ec_derive.c b/src/tests/p11test/p11test_case_ec_derive.c
+index 9f13b3e9d6..f7a5f92f9e 100644
+--- a/src/tests/p11test/p11test_case_ec_derive.c
++++ b/src/tests/p11test/p11test_case_ec_derive.c
+@@ -89,6 +89,7 @@ pkcs11_derive(test_cert_t *o, token_info_t * info,
+
+ int test_derive_x25519(test_cert_t *o, token_info_t *info, test_mech_t *mech)
+ {
++#ifdef EVP_PKEY_X25519
+ unsigned char *secret = NULL, *pkcs11_secret = NULL;
+ EVP_PKEY_CTX *pctx = NULL;
+ EVP_PKEY *pkey = NULL; /* This is peer key */
+@@ -210,6 +211,9 @@ int test_derive_x25519(test_cert_t *o, token_info_t *info, test_mech_t *mech)
+ free(secret);
+ free(pkcs11_secret);
+ return 1;
++#else
++ return 0;
++#endif
+ }
+
+ int test_derive(test_cert_t *o, token_info_t *info, test_mech_t *mech)
+diff --git a/src/tests/p11test/p11test_case_readonly.c b/src/tests/p11test/p11test_case_readonly.c
+index 624bd6a54d..2aefdc7a70 100644
+--- a/src/tests/p11test/p11test_case_readonly.c
++++ b/src/tests/p11test/p11test_case_readonly.c
+@@ -522,6 +522,7 @@ int verify_message_openssl(test_cert_t *o, token_info_t *info, CK_BYTE *message,
+ rv, ERR_error_string(ERR_peek_last_error(), NULL));
+ return -1;
+ }
++#ifdef EVP_PKEY_ED25519
+ } else if (o->type == EVP_PKEY_ED25519) {
+ /* need to be created even though we do not do any MD */
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
+@@ -547,7 +548,7 @@ int verify_message_openssl(test_cert_t *o, token_info_t *info, CK_BYTE *message,
+ EVP_MD_CTX_free(ctx);
+ return -1;
+ }
+-
++#endif
+ } else {
+ fprintf(stderr, " [ KEY %s ] Unknown type. Not verifying\n", o->id_str);
+ }
+@@ -641,7 +642,11 @@ int sign_verify_test(test_cert_t *o, token_info_t *info, test_mech_t *mech,
+ return 0;
+ }
+
+- if (o->type != EVP_PK_EC && o->type != EVP_PK_RSA && o->type != EVP_PKEY_ED25519) {
++ if (o->type != EVP_PK_EC && o->type != EVP_PK_RSA
++#ifdef EVP_PKEY_ED25519
++ && o->type != EVP_PKEY_ED25519
++#endif
++ ) {
+ debug_print(" [SKIP %s ] Skip non-RSA and non-EC key", o->id_str);
+ return 0;
+ }
diff --git a/package/opensc/0003-Fix-build-with-libressl-3.5.0.patch b/package/opensc/0003-Fix-build-with-libressl-3.5.0.patch
new file mode 100644
index 0000000000..2a94a46acd
--- /dev/null
+++ b/package/opensc/0003-Fix-build-with-libressl-3.5.0.patch
@@ -0,0 +1,46 @@
+From d13059d1ec2bbb8fe7068db0d66d521daa4b71ce Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sat, 13 Aug 2022 14:27:22 +0200
+Subject: [PATCH] Fix build with libressl >= 3.5.0
+
+libressl added back FIPS_mode since version 3.5.0 and
+https://github.com/libressl-portable/openbsd/commit/a97eabc90d7647e374c1c6da686aeec63c49ff14
+
+libressl provides X509_get_extension_flags since version 3.5.0 and
+https://github.com/libressl-portable/openbsd/commit/3180723224c1b2c7856a110b8213e4966995d7e0
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status: https://github.com/OpenSC/OpenSC/pull/2593]
+---
+ src/libopensc/sc-ossl-compat.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/libopensc/sc-ossl-compat.h b/src/libopensc/sc-ossl-compat.h
+index f0d55279..2c42794c 100644
+--- a/src/libopensc/sc-ossl-compat.h
++++ b/src/libopensc/sc-ossl-compat.h
+@@ -86,9 +86,11 @@ extern "C" {
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay
+
++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x30500000L
+ #define X509_get_extension_flags(x) (x->ex_flags)
+ #define X509_get_key_usage(x) (x->ex_kusage)
+ #define X509_get_extended_key_usage(x) (x->ex_xkusage)
++#endif
+ #if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2050300fL
+ #define X509_up_ref(cert) CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509)
+ #endif
+@@ -104,7 +106,9 @@ extern "C" {
+ /* workaround unused value warning for a macro that does nothing */
+ #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
+ #define OPENSSL_malloc_init()
++#if LIBRESSL_VERSION_NUMBER < 0x30500000L
+ #define FIPS_mode() (0)
++#endif
+ #define EVP_sha3_224() (NULL)
+ #define EVP_sha3_256() (NULL)
+ #define EVP_sha3_384() (NULL)
+--
+2.35.1
+
--
2.35.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/opensc: fix build with libressl
2022-08-20 13:06 [Buildroot] [PATCH 1/1] package/opensc: fix build with libressl Fabrice Fontaine
@ 2022-08-24 20:00 ` Arnout Vandecappelle
0 siblings, 0 replies; 2+ messages in thread
From: Arnout Vandecappelle @ 2022-08-24 20:00 UTC (permalink / raw)
To: Fabrice Fontaine, buildroot; +Cc: José Pekkarinen
On 20/08/2022 15:06, Fabrice Fontaine wrote:
> Fix the following build failure with libressl raised since the addition
> of the package in commit 8aaa7ecbce1d10cbcd880c3da5e429988f96176a:
>
> In file included from internal.h:45,
> from card-authentic.c:32:
> /nvmedata/autobuild/instance-29/output-1/host/powerpc64-buildroot-linux-gnu/sysroot/usr/include/openssl/x509v3.h:802:10: error: expected ')' before '*' token
> 802 | uint32_t X509_get_extension_flags(X509 *x);
> | ^~~~~~~~~~~~~~~~~~~~~~~~
>
> Fixes:
> - http://autobuild.buildroot.org/results/7b50ab363c174636fb27d554223287d7496676ed
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Applied to master, thanks.
> ---
> ...02-added-compatibility-with-LibreSSL.patch | 172 ++++++++++++++++++
> .../0003-Fix-build-with-libressl-3.5.0.patch | 46 +++++
> 2 files changed, 218 insertions(+)
> create mode 100644 package/opensc/0002-added-compatibility-with-LibreSSL.patch
> create mode 100644 package/opensc/0003-Fix-build-with-libressl-3.5.0.patch
>
> diff --git a/package/opensc/0002-added-compatibility-with-LibreSSL.patch b/package/opensc/0002-added-compatibility-with-LibreSSL.patch
> new file mode 100644
> index 0000000000..1e13a070c8
> --- /dev/null
> +++ b/package/opensc/0002-added-compatibility-with-LibreSSL.patch
> @@ -0,0 +1,172 @@
> +From 302ad70471efa279b033d4d5511d979ec5d965fe Mon Sep 17 00:00:00 2001
> +From: Frank Morgner <frankmorgner@gmail.com>
> +Date: Thu, 20 Jan 2022 17:01:46 +0100
> +Subject: [PATCH] added compatibility with LibreSSL
> +
> +[Retrieved (and backported) from:
> +https://github.com/OpenSC/OpenSC/commit/302ad70471efa279b033d4d5511d979ec5d965fe]
You forgot your SoB here so I added it.
Regards,
Arnout
[snip]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-08-24 20:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-20 13:06 [Buildroot] [PATCH 1/1] package/opensc: fix build with libressl Fabrice Fontaine
2022-08-24 20:00 ` Arnout Vandecappelle
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.