On Wed, Apr 18, 2018 at 10:37:43PM +0200, Hauke Mehrtens wrote: > Libressl implements the OpenSSL 1.1 API partially and improved the > support with version 2.7. For some code we have to take use the OpenSSL > 1.0 API and for some parts the OpenSSL 1.1 API can be used. > This was compile tested against libressl 2.6.4 and 2.7.2.
The parts that don't test LIBRESSL_VERSION_NUMBER look suspect. > > Signed-off-by: Hauke Mehrtens <ha...@hauke-m.de> > --- > lib/rsa/rsa-sign.c | 15 +++++++++------ > 1 file changed, 9 insertions(+), 6 deletions(-) > > diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c > index 1da4ef7fff..b2a4446d83 100644 > --- a/lib/rsa/rsa-sign.c > +++ b/lib/rsa/rsa-sign.c > @@ -21,7 +21,8 @@ > #define HAVE_ERR_REMOVE_THREAD_STATE > #endif > > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ > + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < > 0x2070000fL) > static void RSA_get0_key(const RSA *r, > const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) > { > @@ -300,7 +301,8 @@ static int rsa_init(void) > { > int ret; > > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ > + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < > 0x2070000fL) > ret = SSL_library_init(); > #else > ret = OPENSSL_init_ssl(0, NULL); > @@ -309,7 +311,7 @@ static int rsa_init(void) > fprintf(stderr, "Failure to init SSL library\n"); > return -1; > } > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) > SSL_load_error_strings(); > > OpenSSL_add_all_algorithms(); Shouldn't this block also be gated by VERSION < 0x2070000fL as SSL_library_init() covers it? > @@ -355,7 +357,7 @@ err_set_rsa: > err_engine_init: > ENGINE_free(e); > err_engine_by_id: > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) > ENGINE_cleanup(); > #endif > return ret; > @@ -363,7 +365,7 @@ err_engine_by_id: > > static void rsa_remove(void) > { > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) > CRYPTO_cleanup_all_ex_data(); > ERR_free_strings(); > #ifdef HAVE_ERR_REMOVE_THREAD_STATE > @@ -433,7 +435,8 @@ static int rsa_sign_with_key(RSA *rsa, struct > checksum_algo *checksum_algo, > ret = rsa_err("Could not obtain signature"); > goto err_sign; > } > - #if OPENSSL_VERSION_NUMBER < 0x10100000L > + #if OPENSSL_VERSION_NUMBER < 0x10100000L || \ > + defined(LIBRESSL_VERSION_NUMBER) > EVP_MD_CTX_cleanup(context); > #else > EVP_MD_CTX_reset(context); EVP_MD_CTX_reset is present in recent LibreSSL as well and should be used here. _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot