[U-Boot] tools/mxsimage: Support building with LibreSSL

[U-Boot] tools/mxsimage: Support building with LibreSSL

[Hauke Mehrtens]

The mxsimage utility fails to compile against LibreSSL because LibreSSL
says it is OpenSSL 2.0, but it does not support the complete OpenSSL 1.1
interface.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---
 tools/mxsimage.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/mxsimage.c b/tools/mxsimage.c
index 32a7978cae..0cbf007dff 100644
--- a/tools/mxsimage.c
+++ b/tools/mxsimage.c
@@ -26,7 +26,7 @@
  * OpenSSL 1.1.0 and newer compatibility functions:
  * https://wiki.openssl.org/index.php/1.1_API_Changes
  */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 static void *OPENSSL_zalloc(size_t num)
 {
 	void *ret = OPENSSL_malloc(num);
-- 
2.11.0

[U-Boot] tools/mxsimage: Support building with LibreSSL

[Marek Vasut]

On 03/17/2018 01:23 PM, Hauke Mehrtens wrote:
> The mxsimage utility fails to compile against LibreSSL because LibreSSL
> says it is OpenSSL 2.0, but it does not support the complete OpenSSL 1.1
> interface.

The mxsimage does support OpenSSL 1.1 , the commit message is confusing.
Can you elaborate on that and reword the last part ?

> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
> ---
>  tools/mxsimage.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tools/mxsimage.c b/tools/mxsimage.c
> index 32a7978cae..0cbf007dff 100644
> --- a/tools/mxsimage.c
> +++ b/tools/mxsimage.c
> @@ -26,7 +26,7 @@
>   * OpenSSL 1.1.0 and newer compatibility functions:
>   * https://wiki.openssl.org/index.php/1.1_API_Changes
>   */
> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

This should check for the libressl version number value too I think?

>  static void *OPENSSL_zalloc(size_t num)
>  {
>  	void *ret = OPENSSL_malloc(num);
> 


-- 
Best regards,
Marek Vasut

[U-Boot] tools/mxsimage: Support building with LibreSSL

[Hauke Mehrtens]

On 03/17/2018 03:47 PM, Marek Vasut wrote:
> On 03/17/2018 01:23 PM, Hauke Mehrtens wrote:
>> The mxsimage utility fails to compile against LibreSSL because LibreSSL
>> says it is OpenSSL 2.0, but it does not support the complete OpenSSL 1.1
>> interface.
> 
> The mxsimage does support OpenSSL 1.1 , the commit message is confusing.
> Can you elaborate on that and reword the last part ?

libressl defines the following in version 2.7.4:
#define OPENSSL_VERSION_NUMBER	0x20000000L
#define LIBRESSL_VERSION_NUMBER	0x2060400fL
see here:
https://github.com/libressl-portable/openbsd/blob/OPENBSD_6_2/src/lib/libcrypto/opensslv.h

But OPENSSL_zalloc() is not provided by libressl, that is only available
in OpeSSL 1.1.0 and later.
I do not know if libressl plans to add  functions like OPENSSL_zalloc()
in the future, but currently it is not included and we always have to
use the backward compatible code when compiling against libressl.

>> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
>> ---
>>  tools/mxsimage.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/tools/mxsimage.c b/tools/mxsimage.c
>> index 32a7978cae..0cbf007dff 100644
>> --- a/tools/mxsimage.c
>> +++ b/tools/mxsimage.c
>> @@ -26,7 +26,7 @@
>>   * OpenSSL 1.1.0 and newer compatibility functions:
>>   * https://wiki.openssl.org/index.php/1.1_API_Changes
>>   */
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> 
> This should check for the libressl version number value too I think?
> 
>>  static void *OPENSSL_zalloc(size_t num)
>>  {
>>  	void *ret = OPENSSL_malloc(num);
>>
> 
> 

[U-Boot] tools/mxsimage: Support building with LibreSSL

[Marek Vasut]

On 03/17/2018 04:09 PM, Hauke Mehrtens wrote:
> On 03/17/2018 03:47 PM, Marek Vasut wrote:
>> On 03/17/2018 01:23 PM, Hauke Mehrtens wrote:
>>> The mxsimage utility fails to compile against LibreSSL because LibreSSL
>>> says it is OpenSSL 2.0, but it does not support the complete OpenSSL 1.1
>>> interface.
>>
>> The mxsimage does support OpenSSL 1.1 , the commit message is confusing.
>> Can you elaborate on that and reword the last part ?
> 
> libressl defines the following in version 2.7.4:
> #define OPENSSL_VERSION_NUMBER	0x20000000L
> #define LIBRESSL_VERSION_NUMBER	0x2060400fL
> see here:
> https://github.com/libressl-portable/openbsd/blob/OPENBSD_6_2/src/lib/libcrypto/opensslv.h
> 
> But OPENSSL_zalloc() is not provided by libressl, that is only available
> in OpeSSL 1.1.0 and later.

So it's libressl that's API-incompatible and thus broken ? OK

I guess the commit message should mention that and then yes, if
LIBRESSL_VERSION_NUMBER is defined, we should treat it as old version of
OpenSSL.

Thanks for the explanation

> I do not know if libressl plans to add  functions like OPENSSL_zalloc()
> in the future, but currently it is not included and we always have to
> use the backward compatible code when compiling against libressl.
> 
>>> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
>>> ---
>>>  tools/mxsimage.c | 2 +-
>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/tools/mxsimage.c b/tools/mxsimage.c
>>> index 32a7978cae..0cbf007dff 100644
>>> --- a/tools/mxsimage.c
>>> +++ b/tools/mxsimage.c
>>> @@ -26,7 +26,7 @@
>>>   * OpenSSL 1.1.0 and newer compatibility functions:
>>>   * https://wiki.openssl.org/index.php/1.1_API_Changes
>>>   */
>>> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
>>> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
>>
>> This should check for the libressl version number value too I think?
>>
>>>  static void *OPENSSL_zalloc(size_t num)
>>>  {
>>>  	void *ret = OPENSSL_malloc(num);
>>>
>>
>>
> 


-- 
Best regards,
Marek Vasut

[U-Boot] tools/mxsimage: Support building with LibreSSL

[Jonathan Gray]

On Sat, Mar 17, 2018 at 05:24:47PM +0100, Marek Vasut wrote:
> On 03/17/2018 04:09 PM, Hauke Mehrtens wrote:
> > On 03/17/2018 03:47 PM, Marek Vasut wrote:
> >> On 03/17/2018 01:23 PM, Hauke Mehrtens wrote:
> >>> The mxsimage utility fails to compile against LibreSSL because LibreSSL
> >>> says it is OpenSSL 2.0, but it does not support the complete OpenSSL 1.1
> >>> interface.
> >>
> >> The mxsimage does support OpenSSL 1.1 , the commit message is confusing.
> >> Can you elaborate on that and reword the last part ?
> > 
> > libressl defines the following in version 2.7.4:
> > #define OPENSSL_VERSION_NUMBER	0x20000000L
> > #define LIBRESSL_VERSION_NUMBER	0x2060400fL
> > see here:
> > https://github.com/libressl-portable/openbsd/blob/OPENBSD_6_2/src/lib/libcrypto/opensslv.h
> > 
> > But OPENSSL_zalloc() is not provided by libressl, that is only available
> > in OpeSSL 1.1.0 and later.
> 
> So it's libressl that's API-incompatible and thus broken ? OK
> 
> I guess the commit message should mention that and then yes, if
> LIBRESSL_VERSION_NUMBER is defined, we should treat it as old version of
> OpenSSL.

LibreSSL implements parts of the OpenSSL 1.1 API without breaking
backwards compat like OpenSSL did.

The proposed patch to mxsimage.c is wrong as some of these functions
are now implemented by LibreSSL.

https://marc.info/?l=openbsd-cvs&m=151887933725237&w=2
EVP_MD_CTX_new()
EVP_MD_CTX_free()
EVP_CIPHER_CTX_reset()

OPENSSL_zalloc() is not implemented but it is only used in this ifdef block.

A patch along the lines of the below would be better.

diff --git a/tools/mxsimage.c b/tools/mxsimage.c
index 32a7978cae..c8f1f204e3 100644
--- a/tools/mxsimage.c
+++ b/tools/mxsimage.c
@@ -26,7 +26,8 @@
  * OpenSSL 1.1.0 and newer compatibility functions:
  * https://wiki.openssl.org/index.php/1.1_API_Changes
  */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
+    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
 static void *OPENSSL_zalloc(size_t num)
 {
 	void *ret = OPENSSL_malloc(num);

[U-Boot] tools/mxsimage: Support building with LibreSSL

[Hauke Mehrtens]

On 03/18/2018 01:33 AM, Jonathan Gray wrote:
> On Sat, Mar 17, 2018 at 05:24:47PM +0100, Marek Vasut wrote:
>> On 03/17/2018 04:09 PM, Hauke Mehrtens wrote:
>>> On 03/17/2018 03:47 PM, Marek Vasut wrote:
>>>> On 03/17/2018 01:23 PM, Hauke Mehrtens wrote:
>>>>> The mxsimage utility fails to compile against LibreSSL because LibreSSL
>>>>> says it is OpenSSL 2.0, but it does not support the complete OpenSSL 1.1
>>>>> interface.
>>>>
>>>> The mxsimage does support OpenSSL 1.1 , the commit message is confusing.
>>>> Can you elaborate on that and reword the last part ?
>>>
>>> libressl defines the following in version 2.7.4:
>>> #define OPENSSL_VERSION_NUMBER	0x20000000L
>>> #define LIBRESSL_VERSION_NUMBER	0x2060400fL
>>> see here:
>>> https://github.com/libressl-portable/openbsd/blob/OPENBSD_6_2/src/lib/libcrypto/opensslv.h
>>>
>>> But OPENSSL_zalloc() is not provided by libressl, that is only available
>>> in OpeSSL 1.1.0 and later.
>>
>> So it's libressl that's API-incompatible and thus broken ? OK
>>
>> I guess the commit message should mention that and then yes, if
>> LIBRESSL_VERSION_NUMBER is defined, we should treat it as old version of
>> OpenSSL.
> 
> LibreSSL implements parts of the OpenSSL 1.1 API without breaking
> backwards compat like OpenSSL did.
> 
> The proposed patch to mxsimage.c is wrong as some of these functions
> are now implemented by LibreSSL.
> 
> https://marc.info/?l=openbsd-cvs&m=151887933725237&w=2
> EVP_MD_CTX_new()
> EVP_MD_CTX_free()
> EVP_CIPHER_CTX_reset()
> 
> OPENSSL_zalloc() is not implemented but it is only used in this ifdef block.
> 
> A patch along the lines of the below would be better.
> 
> diff --git a/tools/mxsimage.c b/tools/mxsimage.c
> index 32a7978cae..c8f1f204e3 100644
> --- a/tools/mxsimage.c
> +++ b/tools/mxsimage.c
> @@ -26,7 +26,8 @@
>   * OpenSSL 1.1.0 and newer compatibility functions:
>   * https://wiki.openssl.org/index.php/1.1_API_Changes
>   */
> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
> +    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
>  static void *OPENSSL_zalloc(size_t num)
>  {
>  	void *ret = OPENSSL_malloc(num);
> 
Yes you are right your patch is better. Now I also found these functions
in the libressl repository and they will be available with the version
2.7.0.
https://github.com/libressl-portable/openbsd/commit/2443cc9a48b200ef126dba99cbbb2f25937382e0
https://github.com/libressl-portable/openbsd/commit/651a8b53a2a41bbfc31d665b3f7030109d09606e

Is this sufficient or should I send a new patch?

Hauke

[U-Boot] tools/mxsimage: Support building with LibreSSL

[Jonathan Gray]

On Sun, Mar 18, 2018 at 01:55:29AM +0100, Hauke Mehrtens wrote:
> On 03/18/2018 01:33 AM, Jonathan Gray wrote:
> > On Sat, Mar 17, 2018 at 05:24:47PM +0100, Marek Vasut wrote:
> >> On 03/17/2018 04:09 PM, Hauke Mehrtens wrote:
> >>> On 03/17/2018 03:47 PM, Marek Vasut wrote:
> >>>> On 03/17/2018 01:23 PM, Hauke Mehrtens wrote:
> >>>>> The mxsimage utility fails to compile against LibreSSL because LibreSSL
> >>>>> says it is OpenSSL 2.0, but it does not support the complete OpenSSL 1.1
> >>>>> interface.
> >>>>
> >>>> The mxsimage does support OpenSSL 1.1 , the commit message is confusing.
> >>>> Can you elaborate on that and reword the last part ?
> >>>
> >>> libressl defines the following in version 2.7.4:
> >>> #define OPENSSL_VERSION_NUMBER	0x20000000L
> >>> #define LIBRESSL_VERSION_NUMBER	0x2060400fL
> >>> see here:
> >>> https://github.com/libressl-portable/openbsd/blob/OPENBSD_6_2/src/lib/libcrypto/opensslv.h
> >>>
> >>> But OPENSSL_zalloc() is not provided by libressl, that is only available
> >>> in OpeSSL 1.1.0 and later.
> >>
> >> So it's libressl that's API-incompatible and thus broken ? OK
> >>
> >> I guess the commit message should mention that and then yes, if
> >> LIBRESSL_VERSION_NUMBER is defined, we should treat it as old version of
> >> OpenSSL.
> > 
> > LibreSSL implements parts of the OpenSSL 1.1 API without breaking
> > backwards compat like OpenSSL did.
> > 
> > The proposed patch to mxsimage.c is wrong as some of these functions
> > are now implemented by LibreSSL.
> > 
> > https://marc.info/?l=openbsd-cvs&m=151887933725237&w=2
> > EVP_MD_CTX_new()
> > EVP_MD_CTX_free()
> > EVP_CIPHER_CTX_reset()
> > 
> > OPENSSL_zalloc() is not implemented but it is only used in this ifdef block.
> > 
> > A patch along the lines of the below would be better.
> > 
> > diff --git a/tools/mxsimage.c b/tools/mxsimage.c
> > index 32a7978cae..c8f1f204e3 100644
> > --- a/tools/mxsimage.c
> > +++ b/tools/mxsimage.c
> > @@ -26,7 +26,8 @@
> >   * OpenSSL 1.1.0 and newer compatibility functions:
> >   * https://wiki.openssl.org/index.php/1.1_API_Changes
> >   */
> > -#if OPENSSL_VERSION_NUMBER < 0x10100000L
> > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
> > +    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
> >  static void *OPENSSL_zalloc(size_t num)
> >  {
> >  	void *ret = OPENSSL_malloc(num);
> > 
> Yes you are right your patch is better. Now I also found these functions
> in the libressl repository and they will be available with the version
> 2.7.0.
> https://github.com/libressl-portable/openbsd/commit/2443cc9a48b200ef126dba99cbbb2f25937382e0
> https://github.com/libressl-portable/openbsd/commit/651a8b53a2a41bbfc31d665b3f7030109d09606e
> 
> Is this sufficient or should I send a new patch?

I think you'll need to send a v2 for it to get picked up.