From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=krHP=MV=lists.denx.de=u-boot-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 37D8DC4338F
	for <u-boot@archiver.kernel.org>; Thu, 29 Jul 2021 05:14:06 +0000 (UTC)
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 9828261019
	for <u-boot@archiver.kernel.org>; Thu, 29 Jul 2021 05:14:04 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 9828261019
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=jsg.id.au
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 2CC2382DDA;
	Thu, 29 Jul 2021 07:14:01 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=jsg.id.au
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: by phobos.denx.de (Postfix, from userid 109)
 id 1EEAE82DE8; Thu, 29 Jul 2021 07:14:00 +0200 (CEST)
Received: from lechuck.jsg.id.au (jsg.id.au [193.114.144.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 4828682DD5
 for <u-boot@lists.denx.de>; Thu, 29 Jul 2021 07:13:55 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=none (p=none dis=none) header.from=jsg.id.au
Authentication-Results: phobos.denx.de; spf=none smtp.mailfrom=jsg@jsg.id.au
Received: from largo.jsg.id.au (largo.jsg.id.au [192.168.1.43])
 by lechuck.jsg.id.au (OpenSMTPD) with ESMTP id a6dbef44;
 Thu, 29 Jul 2021 15:13:48 +1000 (AEST)
Received: from localhost (largo.jsg.id.au [local])
 by largo.jsg.id.au (OpenSMTPD) with ESMTPA id 0861b2dc;
 Thu, 29 Jul 2021 15:13:48 +1000 (AEST)
Date: Thu, 29 Jul 2021 15:13:48 +1000
From: Jonathan Gray <jsg@jsg.id.au>
To: Artem Panfilov <panfilov.artyom@gmail.com>
Cc: u-boot@lists.denx.de, Simon Glass <sjg@chromium.org>,
 Alexandru Gagniuc <mr.nuke.me@gmail.com>
Subject: Re: [PATCH 1/1] lib/ecdsa: Fix LibreSSL before v2.7.0
Message-ID: <YQI5DBxkhDt6EpyV@largo.jsg.id.au>
References: <20210728180434.24645-1-panfilov.artyom@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210728180434.24645-1-panfilov.artyom@gmail.com>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

On Wed, Jul 28, 2021 at 09:04:33PM +0300, Artem Panfilov wrote:
> Fix LibreSSL compilation for versions before v2.7.0.

Why 2.7.0?  I had to disable CONFIG_FIT_SIGNATURE to get the qemu
targets to build on OpenBSD-current (3.4.0) as there is no
BN_bn2binpad().  2.7.0 is also over three years old at this point.

> 
> Fix following compilation issue when CONFIG_TOOLS_LIBCRYPTO is enabled:
> tools/lib/ecdsa/ecdsa-libcrypto.o: In function `prepare_ctx':
> ecdsa-libcrypto.c:(.text+0x94): undefined reference to
> `OPENSSL_init_ssl'
> ecdsa-libcrypto.c:(.text+0x148): undefined reference to
> `EC_GROUP_order_bits'
> tools/lib/ecdsa/ecdsa-libcrypto.o: In function
> `ecdsa_check_signature.isra.0':
> ecdsa-libcrypto.c:(.text+0x32c): undefined reference to `ECDSA_SIG_set0'
> tools/lib/ecdsa/ecdsa-libcrypto.o: In function `ecdsa_sign':
> ecdsa-libcrypto.c:(.text+0x42c): undefined reference to `ECDSA_SIG_get0'
> ecdsa-libcrypto.c:(.text+0x443): undefined reference to `BN_bn2binpad'
> ecdsa-libcrypto.c:(.text+0x455): undefined reference to `BN_bn2binpad'
> tools/lib/ecdsa/ecdsa-libcrypto.o: In function `ecdsa_add_verify_data':
> ecdsa-libcrypto.c:(.text+0x5fa): undefined reference to
> `EC_GROUP_order_bits'
> ecdsa-libcrypto.c:(.text+0x642): undefined reference to
> `EC_POINT_get_affine_coordinates'
> 
> Signed-off-by: Artem Panfilov <panfilov.artyom@gmail.com>
> ---
>  lib/ecdsa/ecdsa-libcrypto.c | 80 ++++++++++++++++++++++++++++++++++++-
>  1 file changed, 79 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
> index 1757a14562..50aa093acd 100644
> --- a/lib/ecdsa/ecdsa-libcrypto.c
> +++ b/lib/ecdsa/ecdsa-libcrypto.c
> @@ -24,6 +24,70 @@
>  #include <openssl/ec.h>
>  #include <openssl/bn.h>
>  
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
> +	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
> +#include <openssl/err.h>
> +
> +static int EC_GROUP_order_bits(const EC_GROUP *group)
> +{
> +	int ret = 0;
> +	BIGNUM *order;
> +
> +	if (!group)
> +		return ret;
> +
> +	order = BN_new();
> +
> +	if (!order) {
> +		ERR_clear_error();
> +		return ret;
> +	}
> +
> +	if (!EC_GROUP_get_order(group, order, NULL)) {
> +		ERR_clear_error();
> +		BN_free(order);
> +		return ret;
> +	}
> +
> +	ret = BN_num_bits(order);
> +	BN_free(order);
> +	return ret;
> +}
> +
> +static void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
> +{
> +	if (pr != NULL)
> +		*pr = sig->r;
> +	if (ps != NULL)
> +		*ps = sig->s;
> +}
> +
> +static int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
> +{
> +	if (r == NULL || s == NULL)
> +		return 0;
> +	BN_clear_free(sig->r);
> +	BN_clear_free(sig->s);
> +	sig->r = r;
> +	sig->s = s;
> +	return 1;
> +}
> +
> +int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
> +{
> +	int n = BN_num_bytes(a);
> +
> +	if (n < 0 || n > tolen)
> +		return -1;
> +
> +	memset(to, 0, tolen - n);
> +	if (BN_bn2bin(a, to + tolen - n) < 0)
> +		return -1;
> +
> +	return tolen;
> +}
> +#endif
> +
>  /* Image signing context for openssl-libcrypto */
>  struct signer {
>  	EVP_PKEY *evp_key;	/* Pointer to EVP_PKEY object */
> @@ -34,9 +98,18 @@ struct signer {
>  
>  static int alloc_ctx(struct signer *ctx, const struct image_sign_info *info)
>  {
> +	int ret = 0;
> +
>  	memset(ctx, 0, sizeof(*ctx));
>  
> -	if (!OPENSSL_init_ssl(0, NULL)) {
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
> +(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
> +	ret = SSL_library_init();
> +#else
> +	ret = OPENSSL_init_ssl(0, NULL);
> +#endif
> +
> +	if (!ret) {
>  		fprintf(stderr, "Failure to init SSL library\n");
>  		return -1;
>  	}
> @@ -285,7 +358,12 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name)
>  	x = BN_new();
>  	y = BN_new();
>  	point = EC_KEY_get0_public_key(ctx->ecdsa_key);
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
> +(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
> +	EC_POINT_get_affine_coordinates_GFp(group, point, x, y, NULL);
> +#else
>  	EC_POINT_get_affine_coordinates(group, point, x, y, NULL);
> +#endif
>  
>  	ret = fdt_setprop_string(fdt, key_node, "ecdsa,curve", curve_name);
>  	if (ret < 0)
> -- 
> 2.25.1
> 
>