From: Artem Panfilov <panfilov.artyom@gmail.com>
To: u-boot@lists.denx.de
Cc: Artem Panfilov <panfilov.artyom@gmail.com>,
Simon Glass <sjg@chromium.org>,
Alexandru Gagniuc <mr.nuke.me@gmail.com>
Subject: [PATCH 1/1] lib/ecdsa: Fix LibreSSL before v2.7.0
Date: Wed, 28 Jul 2021 21:04:33 +0300 [thread overview]
Message-ID: <20210728180434.24645-1-panfilov.artyom@gmail.com> (raw)
Fix LibreSSL compilation for versions before v2.7.0.
Fix following compilation issue when CONFIG_TOOLS_LIBCRYPTO is enabled:
tools/lib/ecdsa/ecdsa-libcrypto.o: In function `prepare_ctx':
ecdsa-libcrypto.c:(.text+0x94): undefined reference to
`OPENSSL_init_ssl'
ecdsa-libcrypto.c:(.text+0x148): undefined reference to
`EC_GROUP_order_bits'
tools/lib/ecdsa/ecdsa-libcrypto.o: In function
`ecdsa_check_signature.isra.0':
ecdsa-libcrypto.c:(.text+0x32c): undefined reference to `ECDSA_SIG_set0'
tools/lib/ecdsa/ecdsa-libcrypto.o: In function `ecdsa_sign':
ecdsa-libcrypto.c:(.text+0x42c): undefined reference to `ECDSA_SIG_get0'
ecdsa-libcrypto.c:(.text+0x443): undefined reference to `BN_bn2binpad'
ecdsa-libcrypto.c:(.text+0x455): undefined reference to `BN_bn2binpad'
tools/lib/ecdsa/ecdsa-libcrypto.o: In function `ecdsa_add_verify_data':
ecdsa-libcrypto.c:(.text+0x5fa): undefined reference to
`EC_GROUP_order_bits'
ecdsa-libcrypto.c:(.text+0x642): undefined reference to
`EC_POINT_get_affine_coordinates'
Signed-off-by: Artem Panfilov <panfilov.artyom@gmail.com>
---
lib/ecdsa/ecdsa-libcrypto.c | 80 ++++++++++++++++++++++++++++++++++++-
1 file changed, 79 insertions(+), 1 deletion(-)
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index 1757a14562..50aa093acd 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -24,6 +24,70 @@
#include <openssl/ec.h>
#include <openssl/bn.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
+#include <openssl/err.h>
+
+static int EC_GROUP_order_bits(const EC_GROUP *group)
+{
+ int ret = 0;
+ BIGNUM *order;
+
+ if (!group)
+ return ret;
+
+ order = BN_new();
+
+ if (!order) {
+ ERR_clear_error();
+ return ret;
+ }
+
+ if (!EC_GROUP_get_order(group, order, NULL)) {
+ ERR_clear_error();
+ BN_free(order);
+ return ret;
+ }
+
+ ret = BN_num_bits(order);
+ BN_free(order);
+ return ret;
+}
+
+static void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+ if (pr != NULL)
+ *pr = sig->r;
+ if (ps != NULL)
+ *ps = sig->s;
+}
+
+static int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+ if (r == NULL || s == NULL)
+ return 0;
+ BN_clear_free(sig->r);
+ BN_clear_free(sig->s);
+ sig->r = r;
+ sig->s = s;
+ return 1;
+}
+
+int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
+{
+ int n = BN_num_bytes(a);
+
+ if (n < 0 || n > tolen)
+ return -1;
+
+ memset(to, 0, tolen - n);
+ if (BN_bn2bin(a, to + tolen - n) < 0)
+ return -1;
+
+ return tolen;
+}
+#endif
+
/* Image signing context for openssl-libcrypto */
struct signer {
EVP_PKEY *evp_key; /* Pointer to EVP_PKEY object */
@@ -34,9 +98,18 @@ struct signer {
static int alloc_ctx(struct signer *ctx, const struct image_sign_info *info)
{
+ int ret = 0;
+
memset(ctx, 0, sizeof(*ctx));
- if (!OPENSSL_init_ssl(0, NULL)) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
+(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
+ ret = SSL_library_init();
+#else
+ ret = OPENSSL_init_ssl(0, NULL);
+#endif
+
+ if (!ret) {
fprintf(stderr, "Failure to init SSL library\n");
return -1;
}
@@ -285,7 +358,12 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name)
x = BN_new();
y = BN_new();
point = EC_KEY_get0_public_key(ctx->ecdsa_key);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
+(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
+ EC_POINT_get_affine_coordinates_GFp(group, point, x, y, NULL);
+#else
EC_POINT_get_affine_coordinates(group, point, x, y, NULL);
+#endif
ret = fdt_setprop_string(fdt, key_node, "ecdsa,curve", curve_name);
if (ret < 0)
--
2.25.1
next reply other threads:[~2021-07-28 23:07 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-28 18:04 Artem Panfilov [this message]
2021-07-29 5:13 ` [PATCH 1/1] lib/ecdsa: Fix LibreSSL before v2.7.0 Jonathan Gray
2021-07-31 16:59 ` Simon Glass
-- strict thread matches above, loose matches on Subject: below --
2021-07-28 18:10 Artem Panfilov
2021-07-28 19:16 ` Alex G.
[not found] ` <CAFzqoFjxO8Ox5vCyU_oXc4=a=iKR7NHEY=rgNMppQ5760DL6Kw@mail.gmail.com>
2021-07-28 20:00 ` Alex G.
2021-07-28 20:07 ` Tom Rini
2021-07-28 22:29 ` Artem Panfilov
2021-07-28 22:56 ` Tom Rini
2021-07-28 23:37 ` Artem Panfilov
2021-07-28 23:43 ` Tom Rini
2021-07-29 10:40 ` Artem Panfilov
2021-07-29 12:59 ` Tom Rini
2021-07-29 14:52 ` Artem Panfilov
2021-07-29 15:48 ` Alex G.
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210728180434.24645-1-panfilov.artyom@gmail.com \
--to=panfilov.artyom@gmail.com \
--cc=mr.nuke.me@gmail.com \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox