[Buildroot] [PATCH next] tpm2-tss: force libopenssl as openssl provider

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH next] tpm2-tss: force libopenssl as openssl provider
Date: Sat, 24 Nov 2018 15:10:40 +0100	[thread overview]
Message-ID: <20181124151040.76327f87@windsurf> (raw)
In-Reply-To: <20181121024437.21553-1-casantos@datacom.com.br>

Hello,

On Wed, 21 Nov 2018 00:44:37 -0200, Carlos Santos wrote:
> Select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL and drop the patch to
> compile with libressl.
> 
> The discussion with the tpm2-tss developers led to the conclusion that
> libressl lacks some required functionalities. Quoting Andreas Fuchs[1]:
> "LibreSSL does not support OAEP-mode with labels at all, even though the
> internal OAEP-padding-function includes the parameters already. [...]
> Further, the internal OAEP-padding-function does not support variable
> hash algs, but staticly uses SHA1."
> 
> Notice that there will NOT be an option to use libgcrypt. OpenSSL will
> soon become the default ESAPI crypto backend to prevent the problem of
> forcing applications to link against both libgcrypt and libssl[2].
> 
> 1. https://github.com/tpm2-software/tpm2-tss/pull/1207#issuecomment-440217659
> 2. https://github.com/tpm2-software/tpm2-tss/issues/1169
> 
> Signed-off-by: Carlos Santos <casantos@datacom.com.br>
> ---
>  .../0001-ESYS-Fix-build-with-LibreSSL.patch   | 48 -------------------
>  package/tpm2-tss/Config.in                    |  1 +
>  2 files changed, 1 insertion(+), 48 deletions(-)
>  delete mode 100644 package/tpm2-tss/0001-ESYS-Fix-build-with-LibreSSL.patch

Applied to next, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

     prev parent reply	other threads:[~2018-11-24 14:10 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-21  2:44 [Buildroot] [PATCH next] tpm2-tss: force libopenssl as openssl provider Carlos Santos
2018-11-24 14:10 ` Thomas Petazzoni [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181124151040.76327f87@windsurf \
    --to=thomas.petazzoni@bootlin.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.