On 03/17/2018 03:47 PM, Marek Vasut wrote:

On 03/17/2018 01:23 PM, Hauke Mehrtens wrote:

...

The mxsimage utility fails to compile against LibreSSL because LibreSSL says it is OpenSSL 2.0, but it does not support the complete OpenSSL 1.1 interface.

The mxsimage does support OpenSSL 1.1 , the commit message is confusing. Can you elaborate on that and reword the last part ?

libressl defines the following in version 2.7.4: #define OPENSSL_VERSION_NUMBER 0x20000000L #define LIBRESSL_VERSION_NUMBER 0x2060400fL see here: https://github.com/libressl-portable/openbsd/blob/OPENBSD_6_2/src/lib/libcry...

But OPENSSL_zalloc() is not provided by libressl, that is only available in OpeSSL 1.1.0 and later. I do not know if libressl plans to add functions like OPENSSL_zalloc() in the future, but currently it is not included and we always have to use the backward compatible code when compiling against libressl.

...

Signed-off-by: Hauke Mehrtens hauke@hauke-m.de

tools/mxsimage.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/mxsimage.c b/tools/mxsimage.c index 32a7978cae..0cbf007dff 100644 --- a/tools/mxsimage.c +++ b/tools/mxsimage.c @@ -26,7 +26,7 @@

• OpenSSL 1.1.0 and newer compatibility functions:
• https://wiki.openssl.org/index.php/1.1_API_Changes

*/ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

This should check for the libressl version number value too I think?

...

static void *OPENSSL_zalloc(size_t num) { void *ret = OPENSSL_malloc(num);

On Sat, Mar 17, 2018 at 05:24:47PM +0100, Marek Vasut wrote:

On 03/17/2018 04:09 PM, Hauke Mehrtens wrote:

...

On 03/17/2018 03:47 PM, Marek Vasut wrote:

...

On 03/17/2018 01:23 PM, Hauke Mehrtens wrote:

...

The mxsimage utility fails to compile against LibreSSL because LibreSSL says it is OpenSSL 2.0, but it does not support the complete OpenSSL 1.1 interface.

The mxsimage does support OpenSSL 1.1 , the commit message is confusing. Can you elaborate on that and reword the last part ?

libressl defines the following in version 2.7.4: #define OPENSSL_VERSION_NUMBER 0x20000000L #define LIBRESSL_VERSION_NUMBER 0x2060400fL see here: https://github.com/libressl-portable/openbsd/blob/OPENBSD_6_2/src/lib/libcry...

But OPENSSL_zalloc() is not provided by libressl, that is only available in OpeSSL 1.1.0 and later.

So it's libressl that's API-incompatible and thus broken ? OK

I guess the commit message should mention that and then yes, if LIBRESSL_VERSION_NUMBER is defined, we should treat it as old version of OpenSSL.

LibreSSL implements parts of the OpenSSL 1.1 API without breaking backwards compat like OpenSSL did.

The proposed patch to mxsimage.c is wrong as some of these functions are now implemented by LibreSSL.

https://marc.info/?l=openbsd-cvs&m=151887933725237&w=2 EVP_MD_CTX_new() EVP_MD_CTX_free() EVP_CIPHER_CTX_reset()

OPENSSL_zalloc() is not implemented but it is only used in this ifdef block.

A patch along the lines of the below would be better.

diff --git a/tools/mxsimage.c b/tools/mxsimage.c index 32a7978cae..c8f1f204e3 100644 --- a/tools/mxsimage.c +++ b/tools/mxsimage.c @@ -26,7 +26,8 @@ * OpenSSL 1.1.0 and newer compatibility functions: * https://wiki.openssl.org/index.php/1.1_API_Changes */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ + (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) static void *OPENSSL_zalloc(size_t num) { void *ret = OPENSSL_malloc(num);

On Sun, Mar 18, 2018 at 01:55:29AM +0100, Hauke Mehrtens wrote:

On 03/18/2018 01:33 AM, Jonathan Gray wrote:

...

On Sat, Mar 17, 2018 at 05:24:47PM +0100, Marek Vasut wrote:

...

On 03/17/2018 04:09 PM, Hauke Mehrtens wrote:

...

On 03/17/2018 03:47 PM, Marek Vasut wrote:

...

On 03/17/2018 01:23 PM, Hauke Mehrtens wrote:

...

The mxsimage utility fails to compile against LibreSSL because LibreSSL says it is OpenSSL 2.0, but it does not support the complete OpenSSL 1.1 interface.

The mxsimage does support OpenSSL 1.1 , the commit message is confusing. Can you elaborate on that and reword the last part ?

libressl defines the following in version 2.7.4: #define OPENSSL_VERSION_NUMBER 0x20000000L #define LIBRESSL_VERSION_NUMBER 0x2060400fL see here: https://github.com/libressl-portable/openbsd/blob/OPENBSD_6_2/src/lib/libcry...

But OPENSSL_zalloc() is not provided by libressl, that is only available in OpeSSL 1.1.0 and later.

So it's libressl that's API-incompatible and thus broken ? OK

I guess the commit message should mention that and then yes, if LIBRESSL_VERSION_NUMBER is defined, we should treat it as old version of OpenSSL.

LibreSSL implements parts of the OpenSSL 1.1 API without breaking backwards compat like OpenSSL did.

The proposed patch to mxsimage.c is wrong as some of these functions are now implemented by LibreSSL.

https://marc.info/?l=openbsd-cvs&m=151887933725237&w=2 EVP_MD_CTX_new() EVP_MD_CTX_free() EVP_CIPHER_CTX_reset()

OPENSSL_zalloc() is not implemented but it is only used in this ifdef block.

A patch along the lines of the below would be better.

diff --git a/tools/mxsimage.c b/tools/mxsimage.c index 32a7978cae..c8f1f204e3 100644 --- a/tools/mxsimage.c +++ b/tools/mxsimage.c @@ -26,7 +26,8 @@

• OpenSSL 1.1.0 and newer compatibility functions:
• https://wiki.openssl.org/index.php/1.1_API_Changes

*/ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L || \

• (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)

static void *OPENSSL_zalloc(size_t num) { void *ret = OPENSSL_malloc(num);

Yes you are right your patch is better. Now I also found these functions in the libressl repository and they will be available with the version 2.7.0. https://github.com/libressl-portable/openbsd/commit/2443cc9a48b200ef126dba99... https://github.com/libressl-portable/openbsd/commit/651a8b53a2a41bbfc31d665b...

Is this sufficient or should I send a new patch?

I think you'll need to send a v2 for it to get picked up.