From e09c95461a98fd866d79997135e75a25ca4ab384 Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Sat, 13 May 2017 15:18:47 +0000 Subject: [PATCH] alarm/uboot-tools to 2017.03-3 --- ...001-rsa-Fix-build-with-OpenSSL-1.1.x.patch | 86 +++++++++++++------ ...eprecated-warnings-for-OpenSSL-1.1.x.patch | 34 -------- ...bimage-fix-build-with-OpenSSL-1.1.x.patch} | 33 ++++--- alarm/uboot-tools/PKGBUILD | 13 ++- 4 files changed, 86 insertions(+), 80 deletions(-) delete mode 100644 alarm/uboot-tools/0002-rsa-Fix-deprecated-warnings-for-OpenSSL-1.1.x.patch rename alarm/uboot-tools/{0003-tools-kwbimage-fix-build-with-OpenSSL-1.1.x.patch => 0002-tools-kwbimage-fix-build-with-OpenSSL-1.1.x.patch} (74%) diff --git a/alarm/uboot-tools/0001-rsa-Fix-build-with-OpenSSL-1.1.x.patch b/alarm/uboot-tools/0001-rsa-Fix-build-with-OpenSSL-1.1.x.patch index d4df62c49..afed31f86 100644 --- a/alarm/uboot-tools/0001-rsa-Fix-build-with-OpenSSL-1.1.x.patch +++ b/alarm/uboot-tools/0001-rsa-Fix-build-with-OpenSSL-1.1.x.patch @@ -1,34 +1,34 @@ -From d3afa5f4808b051411b286029aeeb449d460ecc7 Mon Sep 17 00:00:00 2001 +From 877e492587c558eb771e2d17491c779f94631238 Mon Sep 17 00:00:00 2001 From: Jelle van der Waa -Date: Tue, 4 Apr 2017 23:59:48 +0200 -Subject: [PATCH 1/3] rsa: Fix build with OpenSSL 1.1.x +Date: Mon, 8 May 2017 21:31:19 +0200 +Subject: [PATCH 1/2] rsa: Fix build with OpenSSL 1.1.x The rsa_st struct has been made opaque in 1.1.x, add forward compatible code to access the n, e, d members of rsa_struct. EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be called to reinitialise an already created structure. - -Tested-by: Peter Robinson --- - lib/rsa/rsa-sign.c | 36 +++++++++++++++++++++++++++++------- - 1 file changed, 29 insertions(+), 7 deletions(-) + lib/rsa/rsa-sign.c | 44 ++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 38 insertions(+), 6 deletions(-) diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c -index 8c6637e328..5b7022d428 100644 +index 8c6637e328..1da4ef7fff 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c -@@ -15,11 +15,25 @@ - #include - #include - #include +@@ -9,6 +9,7 @@ + #include + #include + #include +#include - - #if OPENSSL_VERSION_NUMBER >= 0x10000000L + #include + #include + #include +@@ -20,6 +21,19 @@ #define HAVE_ERR_REMOVE_THREAD_STATE #endif -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L +static void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) +{ @@ -44,21 +44,59 @@ index 8c6637e328..5b7022d428 100644 static int rsa_err(const char *msg) { unsigned long sslErr = ERR_get_error(); -@@ -286,7 +300,7 @@ static int rsa_init(void) +@@ -286,16 +300,22 @@ static int rsa_init(void) { int ret; -- ret = SSL_library_init(); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + ret = SSL_library_init(); ++#else + ret = OPENSSL_init_ssl(0, NULL); ++#endif if (!ret) { fprintf(stderr, "Failure to init SSL library\n"); return -1; -@@ -409,7 +423,11 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo, + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + SSL_load_error_strings(); + + OpenSSL_add_all_algorithms(); + OpenSSL_add_all_digests(); + OpenSSL_add_all_ciphers(); ++#endif + + return 0; + } +@@ -335,12 +355,15 @@ err_set_rsa: + err_engine_init: + ENGINE_free(e); + err_engine_by_id: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + ENGINE_cleanup(); ++#endif + return ret; + } + + static void rsa_remove(void) + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + CRYPTO_cleanup_all_ex_data(); + ERR_free_strings(); + #ifdef HAVE_ERR_REMOVE_THREAD_STATE +@@ -349,6 +372,7 @@ static void rsa_remove(void) + ERR_remove_state(0); + #endif + EVP_cleanup(); ++#endif + } + + static void rsa_engine_remove(ENGINE *e) +@@ -409,7 +433,11 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo, ret = rsa_err("Could not obtain signature"); goto err_sign; } - EVP_MD_CTX_cleanup(context); -+ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++ #if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_MD_CTX_cleanup(context); + #else + EVP_MD_CTX_reset(context); @@ -66,7 +104,7 @@ index 8c6637e328..5b7022d428 100644 EVP_MD_CTX_destroy(context); EVP_PKEY_free(key); -@@ -479,6 +497,7 @@ static int rsa_get_exponent(RSA *key, uint64_t *e) +@@ -479,6 +507,7 @@ static int rsa_get_exponent(RSA *key, uint64_t *e) { int ret; BIGNUM *bn_te; @@ -74,7 +112,7 @@ index 8c6637e328..5b7022d428 100644 uint64_t te; ret = -EINVAL; -@@ -487,17 +506,18 @@ static int rsa_get_exponent(RSA *key, uint64_t *e) +@@ -487,17 +516,18 @@ static int rsa_get_exponent(RSA *key, uint64_t *e) if (!e) goto cleanup; @@ -97,7 +135,7 @@ index 8c6637e328..5b7022d428 100644 if (!bn_te) goto cleanup; -@@ -527,6 +547,7 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp, +@@ -527,6 +557,7 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp, { BIGNUM *big1, *big2, *big32, *big2_32; BIGNUM *n, *r, *r_squared, *tmp; @@ -105,7 +143,7 @@ index 8c6637e328..5b7022d428 100644 BN_CTX *bn_ctx = BN_CTX_new(); int ret = 0; -@@ -548,7 +569,8 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp, +@@ -548,7 +579,8 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp, if (0 != rsa_get_exponent(key, exponent)) ret = -1; @@ -116,5 +154,5 @@ index 8c6637e328..5b7022d428 100644 ret = -1; -- -2.12.2 +2.13.0 diff --git a/alarm/uboot-tools/0002-rsa-Fix-deprecated-warnings-for-OpenSSL-1.1.x.patch b/alarm/uboot-tools/0002-rsa-Fix-deprecated-warnings-for-OpenSSL-1.1.x.patch deleted file mode 100644 index ccb45843b..000000000 --- a/alarm/uboot-tools/0002-rsa-Fix-deprecated-warnings-for-OpenSSL-1.1.x.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 606c1e88afb03aecc90b0d37ec093d687ed797e5 Mon Sep 17 00:00:00 2001 -From: Jelle van der Waa -Date: Tue, 4 Apr 2017 23:59:49 +0200 -Subject: [PATCH 2/3] rsa: Fix deprecated warnings for OpenSSL 1.1.x - -ERR_remove_thread_state is deprecated in OpenSSL 1.1.x and does not do -anything anymore. Thread initialisation and deinitialisation is now -handled by the OpenSSL library. - -Signed-off-by: Jelle van der Waa -Reviewed-by: Simon Glass ---- - lib/rsa/rsa-sign.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c -index 5b7022d428..711501741a 100644 ---- a/lib/rsa/rsa-sign.c -+++ b/lib/rsa/rsa-sign.c -@@ -357,9 +357,9 @@ static void rsa_remove(void) - { - CRYPTO_cleanup_all_ex_data(); - ERR_free_strings(); --#ifdef HAVE_ERR_REMOVE_THREAD_STATE -+#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - ERR_remove_thread_state(NULL); --#else -+#elif OPENSSL_VERSION_NUMBER < 0x10000000L - ERR_remove_state(0); - #endif - EVP_cleanup(); --- -2.12.2 - diff --git a/alarm/uboot-tools/0003-tools-kwbimage-fix-build-with-OpenSSL-1.1.x.patch b/alarm/uboot-tools/0002-tools-kwbimage-fix-build-with-OpenSSL-1.1.x.patch similarity index 74% rename from alarm/uboot-tools/0003-tools-kwbimage-fix-build-with-OpenSSL-1.1.x.patch rename to alarm/uboot-tools/0002-tools-kwbimage-fix-build-with-OpenSSL-1.1.x.patch index 0fe86c2a0..982e20a54 100644 --- a/alarm/uboot-tools/0003-tools-kwbimage-fix-build-with-OpenSSL-1.1.x.patch +++ b/alarm/uboot-tools/0002-tools-kwbimage-fix-build-with-OpenSSL-1.1.x.patch @@ -1,7 +1,7 @@ -From 8ebb38414e39c43ea6e6ef940c5e316a96ef8043 Mon Sep 17 00:00:00 2001 +From 6be3d70dd8462fd5867777a5a56ba93c2c21ab70 Mon Sep 17 00:00:00 2001 From: Jelle van der Waa -Date: Tue, 4 Apr 2017 23:59:50 +0200 -Subject: [PATCH 3/3] tools: kwbimage fix build with OpenSSL 1.1.x +Date: Mon, 8 May 2017 21:31:20 +0200 +Subject: [PATCH 2/2] tools: kwbimage fix build with OpenSSL 1.1.x The rsa_st struct has been made opaque in 1.1.x, add forward compatible code to access the n, e, d members of rsa_struct. @@ -11,20 +11,24 @@ called to reinitialise an already created structure. Signed-off-by: Jelle van der Waa --- - tools/kwbimage.c | 35 +++++++++++++++++++++++++++++------ - 1 file changed, 29 insertions(+), 6 deletions(-) + tools/kwbimage.c | 36 ++++++++++++++++++++++++++++++------ + 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/tools/kwbimage.c b/tools/kwbimage.c -index 2c637c7446..97f96cce54 100644 +index 2c637c7446..8c0e730e7b 100644 --- a/tools/kwbimage.c +++ b/tools/kwbimage.c -@@ -22,6 +22,26 @@ +@@ -18,10 +18,30 @@ + #include "kwbimage.h" + + #ifdef CONFIG_KWB_SECURE ++#include + #include #include #include #include -+#include + -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L +static void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) +{ @@ -45,7 +49,7 @@ index 2c637c7446..97f96cce54 100644 #endif static struct image_cfg_element *image_cfg; -@@ -470,12 +490,15 @@ static int kwb_export_pubkey(RSA *key, struct pubkey_der_v1 *dst, FILE *hashf, +@@ -470,12 +490,16 @@ static int kwb_export_pubkey(RSA *key, struct pubkey_der_v1 *dst, FILE *hashf, char *keyname) { int size_exp, size_mod, size_seq; @@ -54,7 +58,8 @@ index 2c637c7446..97f96cce54 100644 char *errmsg = "Failed to encode %s\n"; - if (!key || !key->e || !key->n || !dst) { -+ RSA_get0_key(key, &key_n, &key_e, NULL); ++ RSA_get0_key(key, NULL, &key_e, NULL); ++ RSA_get0_key(key, &key_n, NULL, NULL); + + if (!key || !key_e || !key_n || !dst) { fprintf(stderr, "export pk failed: (%p, %p, %p, %p)", @@ -63,7 +68,7 @@ index 2c637c7446..97f96cce54 100644 fprintf(stderr, errmsg, keyname); return -EINVAL; } -@@ -490,8 +513,8 @@ static int kwb_export_pubkey(RSA *key, struct pubkey_der_v1 *dst, FILE *hashf, +@@ -490,8 +514,8 @@ static int kwb_export_pubkey(RSA *key, struct pubkey_der_v1 *dst, FILE *hashf, * do the encoding manually. */ @@ -74,7 +79,7 @@ index 2c637c7446..97f96cce54 100644 size_seq = 4 + size_mod + 4 + size_exp; if (size_mod > 256) { -@@ -520,14 +543,14 @@ static int kwb_export_pubkey(RSA *key, struct pubkey_der_v1 *dst, FILE *hashf, +@@ -520,14 +544,14 @@ static int kwb_export_pubkey(RSA *key, struct pubkey_der_v1 *dst, FILE *hashf, *cur++ = 0x82; *cur++ = (size_mod >> 8) & 0xFF; *cur++ = size_mod & 0xFF; @@ -92,5 +97,5 @@ index 2c637c7446..97f96cce54 100644 if (hashf) { struct hash_v1 pk_hash; -- -2.12.2 +2.13.0 diff --git a/alarm/uboot-tools/PKGBUILD b/alarm/uboot-tools/PKGBUILD index 765737c35..79b0fb2e0 100644 --- a/alarm/uboot-tools/PKGBUILD +++ b/alarm/uboot-tools/PKGBUILD @@ -4,7 +4,7 @@ pkgname=uboot-tools pkgver=2017.03 -pkgrel=2 +pkgrel=3 pkgdesc="U-Boot Tools" arch=('arm' 'armv6h' 'armv7h' 'aarch64') license=('GPL' 'LGPL') @@ -13,21 +13,18 @@ replaces=('uboot-env' 'uboot-mkimage') backup=(etc/fw_env.config) source=(ftp://ftp.denx.de/pub/u-boot/u-boot-$pkgver.tar.bz2 0001-rsa-Fix-build-with-OpenSSL-1.1.x.patch - 0002-rsa-Fix-deprecated-warnings-for-OpenSSL-1.1.x.patch - 0003-tools-kwbimage-fix-build-with-OpenSSL-1.1.x.patch + 0002-tools-kwbimage-fix-build-with-OpenSSL-1.1.x.patch fw_env.config) md5sums=('52fed6ce16e0c4a50e2cd4defdf9097a' - '0b9dbef637a2d063f4282cc23f1f8fbc' - 'b21e23f823fcbdabbb84da568e9ac10c' - 'ba73fb9d3da714745729d6114f91538c' + '36d4528e607f5e8e393d36b3f96ff337' + '97d98c96abaa01159b017e367eb851ea' '5a9dcbae5957f8621080d4bbc0e1520f') prepare() { cd u-boot-${pkgver} patch -p1 -i ../0001-rsa-Fix-build-with-OpenSSL-1.1.x.patch - patch -p1 -i ../0002-rsa-Fix-deprecated-warnings-for-OpenSSL-1.1.x.patch - patch -p1 -i ../0003-tools-kwbimage-fix-build-with-OpenSSL-1.1.x.patch + patch -p1 -i ../0002-tools-kwbimage-fix-build-with-OpenSSL-1.1.x.patch } build() {