tools/mkimage: update to version 2018.03

This activates support for fit images and some other new mkimage
features. Some of the patches were applied upstream and could be
removed.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
master
Hauke Mehrtens 7 years ago
parent 68150d3125
commit b13e981d72
  1. 21
      tools/mkimage/Makefile
  2. 6
      tools/mkimage/patches/010-freebsd-ulong-fix.patch
  3. 78
      tools/mkimage/patches/030-allow-to-use-different-magic.patch
  4. 11
      tools/mkimage/patches/040-include_order.patch
  5. 2
      tools/mkimage/patches/050-image_h_portability.patch
  6. 2
      tools/mkimage/patches/060-remove_kernel_includes.patch
  7. 52
      tools/mkimage/patches/070-socfpgaimage_portability.patch
  8. 14
      tools/mkimage/patches/080-remove_compiler_check.patch
  9. 82
      tools/mkimage/patches/090-reproducible-SOURCE_DATE_EPOCH.patch
  10. 2
      tools/mkimage/patches/100-freebsd-compat.patch
  11. 67
      tools/mkimage/patches/110-fix_musl_build.patch
  12. 702
      tools/mkimage/patches/200-compiler-support.patch
  13. 68
      tools/mkimage/patches/200-rsa-sign-add-support-for-libressl.patch
  14. 14
      tools/mkimage/patches/210-link-libcrypto-static.patch
  15. 97
      tools/mkimage/patches/210-openssl-1.1.x-compat.patch

@ -7,14 +7,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=mkimage
PKG_VERSION:=2014.10
PKG_VERSION:=2018.03
PKG_SOURCE:=u-boot-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=\
http://mirror2.openwrt.org/sources \
ftp://ftp.denx.de/pub/u-boot
PKG_HASH:=d3b132a7a9b3f3182b7aad71c2dfbd4fc15bea83e12c76134eb3ffefc07d1c71
PKG_CAT:=bzcat
PKG_HASH:=7e7477534409d5368eb1371ffde6820f0f79780a1a1f676161c48442cb303dfd
HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/u-boot-$(PKG_VERSION)
@ -22,17 +21,17 @@ include $(INCLUDE_DIR)/host-build.mk
define Host/Prepare
$(Host/Prepare/Default)
rm -f \
$(HOST_BUILD_DIR)/include/errno.h \
$(HOST_BUILD_DIR)/include/malloc.h \
$(HOST_BUILD_DIR)/tools/.depend
touch $(HOST_BUILD_DIR)/include/config.mk
touch $(HOST_BUILD_DIR)/include/config.h
mkdir -p $(HOST_BUILD_DIR)/include/config
touch $(HOST_BUILD_DIR)/include/config/auto.conf
endef
define Host/Compile
$(MAKE) -C $(HOST_BUILD_DIR) defconfig HOSTCFLAGS="$(HOST_CPPFLAGS) $(HOST_CFLAGS)" HOSTLDFLAGS="$(HOST_LDFLAGS)" HOST_LOADLIBES="$$$$(pkg-config --static --libs libcrypto)"
$(MAKE) -C $(HOST_BUILD_DIR) tools-only HOSTCFLAGS="$(HOST_CPPFLAGS) $(HOST_CFLAGS)" HOSTLDFLAGS="$(HOST_LDFLAGS)" HOST_LOADLIBES="$$$$(pkg-config --static --libs libcrypto)"
$(MAKE) -C $(HOST_BUILD_DIR) \
HOSTCFLAGS="$(HOST_CFLAGS)" \
HOSTLDFLAGS="$(HOST_LDFLAGS)" \
no-dot-config-targets=tools-only \
CONFIG_FIT_SIGNATURE=y \
tools-only
endef
define Host/Install

@ -1,6 +1,6 @@
--- a/include/image.h
+++ b/include/image.h
@@ -44,6 +44,10 @@ struct lmb;
@@ -51,6 +51,10 @@ struct lmb;
#endif /* USE_HOSTCC */
@ -8,6 +8,6 @@
+#define ulong unsigned long
+#endif
+
#if defined(CONFIG_FIT)
#if IMAGE_ENABLE_FIT
#include <hash.h>
#include <libfdt.h>
#include <linux/libfdt.h>

@ -1,6 +1,6 @@
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -24,6 +24,7 @@ struct image_tool_params params = {
@@ -21,6 +21,7 @@ static struct image_tool_params params =
.arch = IH_ARCH_PPC,
.type = IH_TYPE_KERNEL,
.comp = IH_COMP_GZIP,
@ -8,52 +8,58 @@
.dtc = MKIMAGE_DEFAULT_DTC_OPTIONS,
.imagename = "",
.imagename2 = "",
@@ -168,6 +169,16 @@ main (int argc, char **argv)
genimg_get_comp_id (*++argv)) < 0)
usage ();
goto NXTARG;
+ case 'M':
+ if (--argc <=0)
+ usage ();
+ params.magic = strtoul (*++argv, &ptr, 16);
+ if (*ptr) {
+ fprintf (stderr,
+ "%s: invalid magic %s\n",
+ params.cmdname, *argv);
+ }
+ goto NXTARG;
case 'D':
if (--argc <= 0)
usage ();
@@ -623,12 +634,13 @@ static void usage(void)
fprintf (stderr, "Usage: %s -l image\n"
@@ -77,11 +78,12 @@ static void usage(const char *msg)
" -l ==> list image header information\n",
params.cmdname);
- fprintf (stderr, " %s [-x] -A arch -O os -T type -C comp "
+ fprintf (stderr, " %s [-x] -A arch -O os -T type -C comp -M magic "
"-a addr -e ep -n name -d data_file[:data_file...] image\n"
" -A ==> set architecture to 'arch'\n"
" -O ==> set operating system to 'os'\n"
" -T ==> set image type to 'type'\n"
" -C ==> set compression type 'comp'\n"
+ " -M ==> set image magic to 'magic'\n"
" -a ==> set load address to 'addr' (hex)\n"
" -e ==> set entry point to 'ep' (hex)\n"
" -n ==> set image name to 'name'\n"
fprintf(stderr,
- " %s [-x] -A arch -O os -T type -C comp -a addr -e ep -n name -d data_file[:data_file...] image\n"
+ " %s [-x] -A arch -O os -T type -C comp -M magic -a addr -e ep -n name -d data_file[:data_file...] image\n"
" -A ==> set architecture to 'arch'\n"
" -O ==> set operating system to 'os'\n"
" -T ==> set image type to 'type'\n"
" -C ==> set compression type 'comp'\n"
+ " -M ==> set image magic to 'magic'\n"
" -a ==> set load address to 'addr' (hex)\n"
" -e ==> set entry point to 'ep' (hex)\n"
" -n ==> set image name to 'name'\n"
@@ -144,7 +146,7 @@ static void process_args(int argc, char
int opt;
while ((opt = getopt(argc, argv,
- "a:A:b:c:C:d:D:e:Ef:Fk:i:K:ln:N:p:O:rR:qsT:vVx")) != -1) {
+ "a:A:b:c:C:d:D:e:Ef:Fk:i:K:lM:n:N:p:O:rR:qsT:vVx")) != -1) {
switch (opt) {
case 'a':
params.addr = strtoull(optarg, &ptr, 16);
@@ -222,6 +224,14 @@ static void process_args(int argc, char
case 'l':
params.lflag = 1;
break;
+ case 'M':
+ params.magic = strtoull(optarg, &ptr, 16);
+ if (*ptr) {
+ fprintf(stderr, "%s: invalid magic %s\n",
+ params.cmdname, optarg);
+ exit(EXIT_FAILURE);
+ }
+ break;
case 'n':
params.imagename = optarg;
break;
--- a/tools/default_image.c
+++ b/tools/default_image.c
@@ -98,7 +98,7 @@ static void image_set_header(void *ptr,
sbuf->st_size - sizeof(image_header_t));
@@ -106,7 +106,7 @@ static void image_set_header(void *ptr,
imagesize = sbuf->st_size - sizeof(image_header_t);
/* Build new header */
- image_set_magic(hdr, IH_MAGIC);
+ image_set_magic(hdr, params->magic);
image_set_time(hdr, sbuf->st_mtime);
image_set_size(hdr, sbuf->st_size - sizeof(image_header_t));
image_set_time(hdr, time);
image_set_size(hdr, imagesize);
image_set_load(hdr, params->addr);
--- a/tools/imagetool.h
+++ b/tools/imagetool.h
@@ -44,6 +44,7 @@ struct image_tool_params {
@@ -54,6 +54,7 @@ struct image_tool_params {
int arch;
int type;
int comp;

@ -1,11 +0,0 @@
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -194,7 +194,7 @@ endif # !LOGO_BMP
# Define _GNU_SOURCE to obtain the getline prototype from stdio.h
#
HOST_EXTRACFLAGS += -include $(srctree)/include/libfdt_env.h \
- $(patsubst -I%,-idirafter%, $(filter -I%, $(UBOOTINCLUDE))) \
+ -I$(srctree)/include \
-I$(srctree)/lib/libfdt \
-I$(srctree)/tools \
-DCONFIG_SYS_TEXT_BASE=$(CONFIG_SYS_TEXT_BASE) \

@ -8,7 +8,7 @@
/* Define this to avoid #ifdefs later on */
struct lmb;
@@ -258,13 +257,13 @@ struct lmb;
@@ -308,13 +307,13 @@ enum {
* all data in network byte order (aka natural aka bigendian).
*/
typedef struct image_header {

@ -1,6 +1,6 @@
--- a/include/compiler.h
+++ b/include/compiler.h
@@ -58,6 +58,11 @@ typedef uint8_t __u8;
@@ -66,6 +66,11 @@ typedef uint8_t __u8;
typedef uint16_t __u16;
typedef uint32_t __u32;
typedef unsigned int uint;

@ -1,52 +0,0 @@
--- a/tools/socfpgaimage.c
+++ b/tools/socfpgaimage.c
@@ -74,12 +74,12 @@ static uint16_t hdr_checksum(struct socf
static void build_header(uint8_t *buf, uint8_t version, uint8_t flags,
uint16_t length_bytes)
{
- header.validation = htole32(VALIDATION_WORD);
+ header.validation = cpu_to_le32(VALIDATION_WORD);
header.version = version;
header.flags = flags;
- header.length_u32 = htole16(length_bytes/4);
+ header.length_u32 = cpu_to_le16(length_bytes/4);
header.zero = 0;
- header.checksum = htole16(hdr_checksum(&header));
+ header.checksum = cpu_to_le16(hdr_checksum(&header));
memcpy(buf, &header, sizeof(header));
}
@@ -92,12 +92,12 @@ static int verify_header(const uint8_t *
{
memcpy(&header, buf, sizeof(header));
- if (le32toh(header.validation) != VALIDATION_WORD)
+ if (le32_to_cpu(header.validation) != VALIDATION_WORD)
return -1;
- if (le16toh(header.checksum) != hdr_checksum(&header))
+ if (le16_to_cpu(header.checksum) != hdr_checksum(&header))
return -1;
- return le16toh(header.length_u32) * 4;
+ return le16_to_cpu(header.length_u32) * 4;
}
/* Sign the buffer and return the signed buffer size */
@@ -116,7 +116,7 @@ static int sign_buffer(uint8_t *buf,
/* Calculate and apply the CRC */
calc_crc = ~pbl_crc32(0, (char *)buf, len);
- *((uint32_t *)(buf + len)) = htole32(calc_crc);
+ *((uint32_t *)(buf + len)) = cpu_to_le32(calc_crc);
if (!pad_64k)
return len + 4;
@@ -150,7 +150,7 @@ static int verify_buffer(const uint8_t *
calc_crc = ~pbl_crc32(0, (const char *)buf, len);
- buf_crc = le32toh(*((uint32_t *)(buf + len)));
+ buf_crc = le32_to_cpu(*((uint32_t *)(buf + len)));
if (buf_crc != calc_crc) {
fprintf(stderr, "CRC32 does not match (%08x != %08x)\n",

@ -1,8 +1,8 @@
--- a/include/linux/compiler-gcc4.h
+++ b/include/linux/compiler-gcc4.h
@@ -2,13 +2,6 @@
#error "Please don't include <linux/compiler-gcc4.h> directly, include <linux/compiler.h> instead."
#endif
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -146,13 +146,6 @@
#if GCC_VERSION >= 40000
-/* GCC 4.1.[01] miscompiles __weak */
-#ifdef __KERNEL__
@ -12,5 +12,5 @@
-#endif
-
#define __used __attribute__((__used__))
#define __must_check __attribute__((warn_unused_result))
#define __compiler_offsetof(a,b) __builtin_offsetof(a,b)
#define __compiler_offsetof(a, b) \
__builtin_offsetof(a, b)

@ -1,82 +0,0 @@
From f3f431a712729a1af94d01bd1bfde17a252ff02c Mon Sep 17 00:00:00 2001
From: Paul Kocialkowski <contact@paulk.fr>
Date: Sun, 26 Jul 2015 18:48:15 +0200
Subject: [PATCH] Reproducible U-Boot build support, using SOURCE_DATE_EPOCH
In order to achieve reproducible builds in U-Boot, timestamps that are defined
at build-time have to be somewhat eliminated. The SOURCE_DATE_EPOCH environment
variable allows setting a fixed value for those timestamps.
Simply by setting SOURCE_DATE_EPOCH to a fixed value, a number of targets can be
built reproducibly. This is the case for e.g. sunxi devices.
However, some other devices might need some more tweaks, especially regarding
the image generation tools.
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
---
Makefile | 7 ++++---
README | 12 ++++++++++++
tools/default_image.c | 21 ++++++++++++++++++++-
3 files changed, 36 insertions(+), 4 deletions(-)
--- a/README
+++ b/README
@@ -4928,6 +4928,18 @@ within that device.
normal addressable memory via the LBC. CONFIG_SYS_LS_MC_FW_ADDR is the
virtual address in NOR flash.
+Reproducible builds
+-------------------
+
+In order to achieve reproducible builds, timestamps used in the U-Boot build
+process have to be set to a fixed value.
+
+This is done using the SOURCE_DATE_EPOCH environment variable.
+SOURCE_DATE_EPOCH is to be set on the build host's shell, not as a configuration
+option for U-Boot or an environment variable in U-Boot.
+
+SOURCE_DATE_EPOCH should be set to a number of seconds since the epoch, in UTC.
+
Building the Software:
======================
--- a/tools/default_image.c
+++ b/tools/default_image.c
@@ -89,6 +89,9 @@ static void image_set_header(void *ptr,
struct image_tool_params *params)
{
uint32_t checksum;
+ char *source_date_epoch;
+ struct tm *time_universal;
+ time_t time;
image_header_t * hdr = (image_header_t *)ptr;
@@ -97,9 +100,25 @@ static void image_set_header(void *ptr,
sizeof(image_header_t)),
sbuf->st_size - sizeof(image_header_t));
+ source_date_epoch = getenv("SOURCE_DATE_EPOCH");
+ if (source_date_epoch != NULL) {
+ time = (time_t) strtol(source_date_epoch, NULL, 10);
+
+ time_universal = gmtime(&time);
+ if (time_universal == NULL) {
+ fprintf(stderr, "%s: SOURCE_DATE_EPOCH is not valid\n",
+ __func__);
+ time = 0;
+ } else {
+ time = mktime(time_universal);
+ }
+ } else {
+ time = sbuf->st_mtime;
+ }
+
/* Build new header */
image_set_magic(hdr, params->magic);
- image_set_time(hdr, sbuf->st_mtime);
+ image_set_time(hdr, time);
image_set_size(hdr, sbuf->st_size - sizeof(image_header_t));
image_set_load(hdr, params->addr);
image_set_ep(hdr, params->ep);

@ -1,6 +1,6 @@
--- a/Makefile
+++ b/Makefile
@@ -584,7 +584,10 @@ UBOOTINCLUDE := \
@@ -634,7 +634,10 @@ UBOOTINCLUDE := \
-I$(srctree)/arch/$(ARCH)/include \
-include $(srctree)/include/linux/kconfig.h

@ -1,67 +0,0 @@
From: Jörg Krause <joerg.krause@embedded.rocks>
Date: Wed, 22 Apr 2015 19:36:22 +0000 (+0200)
Subject: Fix musl build
X-Git-Tag: v2015.07-rc2~281
X-Git-Url: http://git.denx.de/?p=u-boot.git;a=commitdiff_plain;h=26e355d131a6b56ea78a156c1cee4f6ba0500b37;hp=1cdd9412002000aafcfb6f10cd02069adc66ba49
Fix musl build
This patch fixes cross-compiling U-Boot tools with the musl C library:
* including <sys/types.h> is needed for ulong
* defining _GNU_SOURCE is needed for loff_t
Tested for target at91sam9261ek_dataflash_cs3.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Tom Rini <trini@konsulko.com>
---
diff --git a/include/image.h b/include/image.h
index 3844be6..60b924a 100644
--- a/include/image.h
+++ b/include/image.h
@@ -23,6 +23,7 @@
struct lmb;
#ifdef USE_HOSTCC
+#include <sys/types.h>
/* new uImage format support enabled on host */
#define CONFIG_FIT 1
diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c
index 1173eea..daa02a7 100644
--- a/tools/env/fw_env.c
+++ b/tools/env/fw_env.c
@@ -8,6 +8,8 @@
* SPDX-License-Identifier: GPL-2.0+
*/
+#define _GNU_SOURCE
+
#include <errno.h>
#include <env_flags.h>
#include <fcntl.h>
diff --git a/tools/imagetool.h b/tools/imagetool.h
index 3e15b4e..b7874f4 100644
--- a/tools/imagetool.h
+++ b/tools/imagetool.h
@@ -16,6 +16,7 @@
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
+#include <sys/types.h>
#include <time.h>
#include <unistd.h>
#include <u-boot/sha1.h>
diff --git a/tools/proftool.c b/tools/proftool.c
index 3482951..9ce7a77 100644
--- a/tools/proftool.c
+++ b/tools/proftool.c
@@ -16,6 +16,7 @@
#include <string.h>
#include <unistd.h>
#include <sys/param.h>
+#include <sys/types.h>
#include <compiler.h>
#include <trace.h>

@ -1,702 +0,0 @@
diff --git b/include/linux/compiler-gcc.h a/include/linux/compiler-gcc.h
index e057bd2..22ab246 100644
--- b/include/linux/compiler-gcc.h
+++ a/include/linux/compiler-gcc.h
@@ -5,14 +5,28 @@
/*
* Common definitions for all gcc versions go here.
*/
-#define GCC_VERSION (__GNUC__ * 10000 \
- + __GNUC_MINOR__ * 100 \
- + __GNUC_PATCHLEVEL__)
-
+#define GCC_VERSION (__GNUC__ * 10000 \
+ + __GNUC_MINOR__ * 100 \
+ + __GNUC_PATCHLEVEL__)
/* Optimization barrier */
+
/* The "volatile" is due to gcc bugs */
#define barrier() __asm__ __volatile__("": : :"memory")
+/*
+ * This version is i.e. to prevent dead stores elimination on @ptr
+ * where gcc and llvm may behave differently when otherwise using
+ * normal barrier(): while gcc behavior gets along with a normal
+ * barrier(), llvm needs an explicit input variable to be assumed
+ * clobbered. The issue is as follows: while the inline asm might
+ * access any memory it wants, the compiler could have fit all of
+ * @ptr into memory registers instead, and since @ptr never escaped
+ * from that, it proofed that the inline asm wasn't touching any of
+ * it. This version works well with both compilers, i.e. we're telling
+ * the compiler that the inline asm absolutely may see the contents
+ * of @ptr. See also: https://llvm.org/bugs/show_bug.cgi?id=15495
+ */
+#define barrier_data(ptr) __asm__ __volatile__("": :"r"(ptr) :"memory")
/*
* This macro obfuscates arithmetic on a variable address so that gcc
@@ -32,58 +46,63 @@
* the inline assembly constraint from =g to =r, in this particular
* case either is valid.
*/
-#define RELOC_HIDE(ptr, off) \
- ({ unsigned long __ptr; \
- __asm__ ("" : "=r"(__ptr) : "0"(ptr)); \
- (typeof(ptr)) (__ptr + (off)); })
+#define RELOC_HIDE(ptr, off) \
+({ \
+ unsigned long __ptr; \
+ __asm__ ("" : "=r"(__ptr) : "0"(ptr)); \
+ (typeof(ptr)) (__ptr + (off)); \
+})
/* Make the optimizer believe the variable can be manipulated arbitrarily. */
-#define OPTIMIZER_HIDE_VAR(var) __asm__ ("" : "=r" (var) : "0" (var))
+#define OPTIMIZER_HIDE_VAR(var) \
+ __asm__ ("" : "=r" (var) : "0" (var))
#ifdef __CHECKER__
-#define __must_be_array(arr) 0
+#define __must_be_array(a) 0
#else
/* &a[0] degrades to a pointer: a different type from an array */
-#define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
+#define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
#endif
/*
* Force always-inline if the user requests it so via the .config,
* or if gcc is too old:
*/
-#if !defined(CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING) || \
+#if !defined(CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING) || \
!defined(CONFIG_OPTIMIZE_INLINING) || (__GNUC__ < 4)
-# define inline inline __attribute__((always_inline)) notrace
-# define __inline__ __inline__ __attribute__((always_inline)) notrace
-# define __inline __inline __attribute__((always_inline)) notrace
+#define inline inline __attribute__((always_inline)) notrace
+#define __inline__ __inline__ __attribute__((always_inline)) notrace
+#define __inline __inline __attribute__((always_inline)) notrace
#else
/* A lot of inline functions can cause havoc with function tracing */
-# define inline inline notrace
-# define __inline__ __inline__ notrace
-# define __inline __inline notrace
+#define inline inline notrace
+#define __inline__ __inline__ notrace
+#define __inline __inline notrace
#endif
-#define __deprecated __attribute__((deprecated))
-#ifndef __packed
-#define __packed __attribute__((packed))
-#endif
-#ifndef __weak
-#define __weak __attribute__((weak))
-#endif
+#define __always_inline inline __attribute__((always_inline))
+#define noinline __attribute__((noinline))
+
+#define __deprecated __attribute__((deprecated))
+#define __packed __attribute__((packed))
+#define __weak __attribute__((weak))
+#define __alias(symbol) __attribute__((alias(#symbol)))
/*
- * it doesn't make sense on ARM (currently the only user of __naked) to trace
- * naked functions because then mcount is called without stack and frame pointer
- * being set up and there is no chance to restore the lr register to the value
- * before mcount was called.
+ * it doesn't make sense on ARM (currently the only user of __naked)
+ * to trace naked functions because then mcount is called without
+ * stack and frame pointer being set up and there is no chance to
+ * restore the lr register to the value before mcount was called.
+ *
+ * The asm() bodies of naked functions often depend on standard calling
+ * conventions, therefore they must be noinline and noclone.
*
- * The asm() bodies of naked functions often depend on standard calling conventions,
- * therefore they must be noinline and noclone. GCC 4.[56] currently fail to enforce
- * this, so we must do so ourselves. See GCC PR44290.
+ * GCC 4.[56] currently fail to enforce this, so we must do so ourselves.
+ * See GCC PR44290.
*/
-#define __naked __attribute__((naked)) noinline __noclone notrace
+#define __naked __attribute__((naked)) noinline __noclone notrace
-#define __noreturn __attribute__((noreturn))
+#define __noreturn __attribute__((noreturn))
/*
* From the GCC manual:
@@ -95,34 +114,170 @@
* would be.
* [...]
*/
-#ifndef __pure
-#define __pure __attribute__((pure))
+#define __pure __attribute__((pure))
+#define __aligned(x) __attribute__((aligned(x)))
+#define __printf(a, b) __attribute__((format(printf, a, b)))
+#define __scanf(a, b) __attribute__((format(scanf, a, b)))
+#define __attribute_const__ __attribute__((__const__))
+#define __maybe_unused __attribute__((unused))
+#define __always_unused __attribute__((unused))
+
+/* gcc version specific checks */
+
+#if GCC_VERSION < 30200
+# error Sorry, your compiler is too old - please upgrade it.
+#endif
+
+#if GCC_VERSION < 30300
+# define __used __attribute__((__unused__))
+#else
+# define __used __attribute__((__used__))
+#endif
+
+#ifdef CONFIG_GCOV_KERNEL
+# if GCC_VERSION < 30400
+# error "GCOV profiling support for gcc versions below 3.4 not included"
+# endif /* __GNUC_MINOR__ */
+#endif /* CONFIG_GCOV_KERNEL */
+
+#if GCC_VERSION >= 30400
+#define __must_check __attribute__((warn_unused_result))
+#endif
+
+#if GCC_VERSION >= 40000
+
+/* GCC 4.1.[01] miscompiles __weak */
+#ifdef __KERNEL__
+# if GCC_VERSION >= 40100 && GCC_VERSION <= 40101
+# error Your version of gcc miscompiles the __weak directive
+# endif
+#endif
+
+#define __used __attribute__((__used__))
+#define __compiler_offsetof(a, b) \
+ __builtin_offsetof(a, b)
+
+#if GCC_VERSION >= 40100 && GCC_VERSION < 40600
+# define __compiletime_object_size(obj) __builtin_object_size(obj, 0)
+#endif
+
+#if GCC_VERSION >= 40300
+/* Mark functions as cold. gcc will assume any path leading to a call
+ * to them will be unlikely. This means a lot of manual unlikely()s
+ * are unnecessary now for any paths leading to the usual suspects
+ * like BUG(), printk(), panic() etc. [but let's keep them for now for
+ * older compilers]
+ *
+ * Early snapshots of gcc 4.3 don't support this and we can't detect this
+ * in the preprocessor, but we can live with this because they're unreleased.
+ * Maketime probing would be overkill here.
+ *
+ * gcc also has a __attribute__((__hot__)) to move hot functions into
+ * a special section, but I don't see any sense in this right now in
+ * the kernel context
+ */
+#define __cold __attribute__((__cold__))
+
+#define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
+
+#ifndef __CHECKER__
+# define __compiletime_warning(message) __attribute__((warning(message)))
+# define __compiletime_error(message) __attribute__((error(message)))
+#endif /* __CHECKER__ */
+#endif /* GCC_VERSION >= 40300 */
+
+#if GCC_VERSION >= 40500
+/*
+ * Mark a position in code as unreachable. This can be used to
+ * suppress control flow warnings after asm blocks that transfer
+ * control elsewhere.
+ *
+ * Early snapshots of gcc 4.5 don't support this and we can't detect
+ * this in the preprocessor, but we can live with this because they're
+ * unreleased. Really, we need to have autoconf for the kernel.
+ */
+#define unreachable() __builtin_unreachable()
+
+/* Mark a function definition as prohibited from being cloned. */
+#define __noclone __attribute__((__noclone__))
+
+#endif /* GCC_VERSION >= 40500 */
+
+#if GCC_VERSION >= 40600
+/*
+ * When used with Link Time Optimization, gcc can optimize away C functions or
+ * variables which are referenced only from assembly code. __visible tells the
+ * optimizer that something else uses this function or variable, thus preventing
+ * this.
+ */
+#define __visible __attribute__((externally_visible))
#endif
-#ifndef __aligned
-#define __aligned(x) __attribute__((aligned(x)))
+
+
+#if GCC_VERSION >= 40900 && !defined(__CHECKER__)
+/*
+ * __assume_aligned(n, k): Tell the optimizer that the returned
+ * pointer can be assumed to be k modulo n. The second argument is
+ * optional (default 0), so we use a variadic macro to make the
+ * shorthand.
+ *
+ * Beware: Do not apply this to functions which may return
+ * ERR_PTRs. Also, it is probably unwise to apply it to functions
+ * returning extra information in the low bits (but in that case the
+ * compiler should see some alignment anyway, when the return value is
+ * massaged by 'flags = ptr & 3; ptr &= ~3;').
+ */
+#define __assume_aligned(a, ...) __attribute__((__assume_aligned__(a, ## __VA_ARGS__)))
#endif
-#define __printf(a, b) __attribute__((format(printf, a, b)))
-#define __scanf(a, b) __attribute__((format(scanf, a, b)))
-#define noinline __attribute__((noinline))
-#define __attribute_const__ __attribute__((__const__))
-#define __maybe_unused __attribute__((unused))
-#define __always_unused __attribute__((unused))
-#define __gcc_header(x) #x
-#define _gcc_header(x) __gcc_header(linux/compiler-gcc##x.h)
-#define gcc_header(x) _gcc_header(x)
-#include gcc_header(__GNUC__)
+/*
+ * GCC 'asm goto' miscompiles certain code sequences:
+ *
+ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
+ *
+ * Work it around via a compiler barrier quirk suggested by Jakub Jelinek.
+ *
+ * (asm goto is automatically volatile - the naming reflects this.)
+ */
+#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
+
+#ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
+#if GCC_VERSION >= 40400
+#define __HAVE_BUILTIN_BSWAP32__
+#define __HAVE_BUILTIN_BSWAP64__
+#endif
+#if GCC_VERSION >= 40800 || (defined(__powerpc__) && GCC_VERSION >= 40600)
+#define __HAVE_BUILTIN_BSWAP16__
+#endif
+#endif /* CONFIG_ARCH_USE_BUILTIN_BSWAP */
+
+#if GCC_VERSION >= 50000
+#define KASAN_ABI_VERSION 4
+#elif GCC_VERSION >= 40902
+#define KASAN_ABI_VERSION 3
+#endif
+
+#if GCC_VERSION >= 40902
+/*
+ * Tell the compiler that address safety instrumentation (KASAN)
+ * should not be applied to that function.
+ * Conflicts with inlining: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
+ */
+#define __no_sanitize_address __attribute__((no_sanitize_address))
+#endif
+
+#endif /* gcc version >= 40000 specific checks */
#if !defined(__noclone)
#define __noclone /* not needed */
#endif
+#if !defined(__no_sanitize_address)
+#define __no_sanitize_address
+#endif
+
/*
* A trick to suppress uninitialized variable warning without generating any
* code
*/
#define uninitialized_var(x) x = x
-
-#ifndef __always_inline
-#define __always_inline inline __attribute__((always_inline))
-#endif
diff --git b/include/linux/compiler-gcc3.h a/include/linux/compiler-gcc3.h
deleted file mode 100644
index 7d89feb..0000000
--- b/include/linux/compiler-gcc3.h
+++ /dev/null
@@ -1,23 +0,0 @@
-#ifndef __LINUX_COMPILER_H
-#error "Please don't include <linux/compiler-gcc3.h> directly, include <linux/compiler.h> instead."
-#endif
-
-#if GCC_VERSION < 30200
-# error Sorry, your compiler is too old - please upgrade it.
-#endif
-
-#if GCC_VERSION >= 30300
-# define __used __attribute__((__used__))
-#else
-# define __used __attribute__((__unused__))
-#endif
-
-#if GCC_VERSION >= 30400
-#define __must_check __attribute__((warn_unused_result))
-#endif
-
-#ifdef CONFIG_GCOV_KERNEL
-# if GCC_VERSION < 30400
-# error "GCOV profiling support for gcc versions below 3.4 not included"
-# endif /* __GNUC_MINOR__ */
-#endif /* CONFIG_GCOV_KERNEL */
diff --git b/include/linux/compiler-gcc4.h a/include/linux/compiler-gcc4.h
deleted file mode 100644
index c982a09..0000000
--- b/include/linux/compiler-gcc4.h
+++ /dev/null
@@ -1,81 +0,0 @@
-#ifndef __LINUX_COMPILER_H
-#error "Please don't include <linux/compiler-gcc4.h> directly, include <linux/compiler.h> instead."
-#endif
-
-#define __used __attribute__((__used__))
-#define __must_check __attribute__((warn_unused_result))
-#define __compiler_offsetof(a,b) __builtin_offsetof(a,b)
-
-#if GCC_VERSION >= 40100 && GCC_VERSION < 40600
-# define __compiletime_object_size(obj) __builtin_object_size(obj, 0)
-#endif
-
-#if GCC_VERSION >= 40300
-/* Mark functions as cold. gcc will assume any path leading to a call
- to them will be unlikely. This means a lot of manual unlikely()s
- are unnecessary now for any paths leading to the usual suspects
- like BUG(), printk(), panic() etc. [but let's keep them for now for
- older compilers]
-
- Early snapshots of gcc 4.3 don't support this and we can't detect this
- in the preprocessor, but we can live with this because they're unreleased.
- Maketime probing would be overkill here.
-
- gcc also has a __attribute__((__hot__)) to move hot functions into
- a special section, but I don't see any sense in this right now in
- the kernel context */
-#define __cold __attribute__((__cold__))
-
-#define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
-
-#ifndef __CHECKER__
-# define __compiletime_warning(message) __attribute__((warning(message)))
-# define __compiletime_error(message) __attribute__((error(message)))
-#endif /* __CHECKER__ */
-#endif /* GCC_VERSION >= 40300 */
-
-#if GCC_VERSION >= 40500
-/*
- * Mark a position in code as unreachable. This can be used to
- * suppress control flow warnings after asm blocks that transfer
- * control elsewhere.
- *
- * Early snapshots of gcc 4.5 don't support this and we can't detect
- * this in the preprocessor, but we can live with this because they're
- * unreleased. Really, we need to have autoconf for the kernel.
- */
-#define unreachable() __builtin_unreachable()
-
-/* Mark a function definition as prohibited from being cloned. */
-#define __noclone __attribute__((__noclone__))
-
-#endif /* GCC_VERSION >= 40500 */
-
-#if GCC_VERSION >= 40600
-/*
- * Tell the optimizer that something else uses this function or variable.
- */
-#define __visible __attribute__((externally_visible))
-#endif
-
-/*
- * GCC 'asm goto' miscompiles certain code sequences:
- *
- * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
- *
- * Work it around via a compiler barrier quirk suggested by Jakub Jelinek.
- * Fixed in GCC 4.8.2 and later versions.
- *
- * (asm goto is automatically volatile - the naming reflects this.)
- */
-#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
-
-#ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
-#if GCC_VERSION >= 40400
-#define __HAVE_BUILTIN_BSWAP32__
-#define __HAVE_BUILTIN_BSWAP64__
-#endif
-#if GCC_VERSION >= 40800 || (defined(__powerpc__) && GCC_VERSION >= 40600)
-#define __HAVE_BUILTIN_BSWAP16__
-#endif
-#endif /* CONFIG_ARCH_USE_BUILTIN_BSWAP */
diff --git b/include/linux/compiler-intel.h a/include/linux/compiler-intel.h
index ba147a1..d4c7113 100644
--- b/include/linux/compiler-intel.h
+++ a/include/linux/compiler-intel.h
@@ -13,9 +13,14 @@
/* Intel ECC compiler doesn't support gcc specific asm stmts.
* It uses intrinsics to do the equivalent things.
*/
+#undef barrier
+#undef barrier_data
#undef RELOC_HIDE
#undef OPTIMIZER_HIDE_VAR
+#define barrier() __memory_barrier()
+#define barrier_data(ptr) barrier()
+
#define RELOC_HIDE(ptr, off) \
({ unsigned long __ptr; \
__ptr = (unsigned long) (ptr); \
diff --git b/include/linux/compiler.h a/include/linux/compiler.h
index d5ad7b1..020ad16 100644
--- b/include/linux/compiler.h
+++ a/include/linux/compiler.h
@@ -17,6 +17,7 @@
# define __release(x) __context__(x,-1)
# define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0)
# define __percpu __attribute__((noderef, address_space(3)))
+# define __pmem __attribute__((noderef, address_space(5)))
#ifdef CONFIG_SPARSE_RCU_POINTER
# define __rcu __attribute__((noderef, address_space(4)))
#else
@@ -42,6 +43,7 @@ extern void __chk_io_ptr(const volatile void __iomem *);
# define __cond_lock(x,c) (c)
# define __percpu
# define __rcu
+# define __pmem
#endif
/* Indirect macros required for expanded argument pasting, eg. __LINE__. */
@@ -54,7 +56,11 @@ extern void __chk_io_ptr(const volatile void __iomem *);
#include <linux/compiler-gcc.h>
#endif
+#if defined(CC_USING_HOTPATCH) && !defined(__CHECKER__)
+#define notrace __attribute__((hotpatch(0,0)))
+#else
#define notrace __attribute__((no_instrument_function))
+#endif
/* Intel compiler defines __GNUC__. So we will overwrite implementations
* coming from above header files here
@@ -138,7 +144,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
*/
#define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) )
#define __trace_if(cond) \
- if (__builtin_constant_p((cond)) ? !!(cond) : \
+ if (__builtin_constant_p(!!(cond)) ? !!(cond) : \
({ \
int ______r; \
static struct ftrace_branch_data \
@@ -165,6 +171,10 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
# define barrier() __memory_barrier()
#endif
+#ifndef barrier_data
+# define barrier_data(ptr) barrier()
+#endif
+
/* Unreachable code */
#ifndef unreachable
# define unreachable() do { } while (1)
@@ -186,6 +196,126 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
# define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __LINE__)
#endif
+#include <linux/types.h>
+
+#define __READ_ONCE_SIZE \
+({ \
+ switch (size) { \
+ case 1: *(__u8 *)res = *(volatile __u8 *)p; break; \
+ case 2: *(__u16 *)res = *(volatile __u16 *)p; break; \
+ case 4: *(__u32 *)res = *(volatile __u32 *)p; break; \
+ case 8: *(__u64 *)res = *(volatile __u64 *)p; break; \
+ default: \
+ barrier(); \
+ __builtin_memcpy((void *)res, (const void *)p, size); \
+ barrier(); \
+ } \
+})
+
+static __always_inline
+void __read_once_size(const volatile void *p, void *res, int size)
+{
+ __READ_ONCE_SIZE;
+}
+
+#ifdef CONFIG_KASAN
+/*
+ * This function is not 'inline' because __no_sanitize_address confilcts
+ * with inlining. Attempt to inline it may cause a build failure.
+ * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
+ * '__maybe_unused' allows us to avoid defined-but-not-used warnings.
+ */
+static __no_sanitize_address __maybe_unused
+void __read_once_size_nocheck(const volatile void *p, void *res, int size)
+{
+ __READ_ONCE_SIZE;
+}
+#else
+static __always_inline
+void __read_once_size_nocheck(const volatile void *p, void *res, int size)
+{
+ __READ_ONCE_SIZE;
+}
+#endif
+
+static __always_inline void __write_once_size(volatile void *p, void *res, int size)
+{
+ switch (size) {
+ case 1: *(volatile __u8 *)p = *(__u8 *)res; break;
+ case 2: *(volatile __u16 *)p = *(__u16 *)res; break;
+ case 4: *(volatile __u32 *)p = *(__u32 *)res; break;
+ case 8: *(volatile __u64 *)p = *(__u64 *)res; break;
+ default:
+ barrier();
+ __builtin_memcpy((void *)p, (const void *)res, size);
+ barrier();
+ }
+}
+
+/*
+ * Prevent the compiler from merging or refetching reads or writes. The
+ * compiler is also forbidden from reordering successive instances of
+ * READ_ONCE, WRITE_ONCE and ACCESS_ONCE (see below), but only when the
+ * compiler is aware of some particular ordering. One way to make the
+ * compiler aware of ordering is to put the two invocations of READ_ONCE,
+ * WRITE_ONCE or ACCESS_ONCE() in different C statements.
+ *
+ * In contrast to ACCESS_ONCE these two macros will also work on aggregate
+ * data types like structs or unions. If the size of the accessed data
+ * type exceeds the word size of the machine (e.g., 32 bits or 64 bits)
+ * READ_ONCE() and WRITE_ONCE() will fall back to memcpy and print a
+ * compile-time warning.
+ *
+ * Their two major use cases are: (1) Mediating communication between
+ * process-level code and irq/NMI handlers, all running on the same CPU,
+ * and (2) Ensuring that the compiler does not fold, spindle, or otherwise
+ * mutilate accesses that either do not require ordering or that interact
+ * with an explicit memory barrier or atomic instruction that provides the
+ * required ordering.
+ */
+
+#define __READ_ONCE(x, check) \
+({ \
+ union { typeof(x) __val; char __c[1]; } __u; \
+ if (check) \
+ __read_once_size(&(x), __u.__c, sizeof(x)); \
+ else \
+ __read_once_size_nocheck(&(x), __u.__c, sizeof(x)); \
+ __u.__val; \
+})
+#define READ_ONCE(x) __READ_ONCE(x, 1)
+
+/*
+ * Use READ_ONCE_NOCHECK() instead of READ_ONCE() if you need
+ * to hide memory access from KASAN.
+ */
+#define READ_ONCE_NOCHECK(x) __READ_ONCE(x, 0)
+
+#define WRITE_ONCE(x, val) \
+({ \
+ union { typeof(x) __val; char __c[1]; } __u = \
+ { .__val = (__force typeof(x)) (val) }; \
+ __write_once_size(&(x), __u.__c, sizeof(x)); \
+ __u.__val; \
+})
+
+/**
+ * smp_cond_acquire() - Spin wait for cond with ACQUIRE ordering
+ * @cond: boolean expression to wait for
+ *
+ * Equivalent to using smp_load_acquire() on the condition variable but employs
+ * the control dependency of the wait to reduce the barrier on many platforms.
+ *
+ * The control dependency provides a LOAD->STORE order, the additional RMB
+ * provides LOAD->LOAD order, together they provide LOAD->{LOAD,STORE} order,
+ * aka. ACQUIRE.
+ */
+#define smp_cond_acquire(cond) do { \
+ while (!(cond)) \
+ cpu_relax(); \
+ smp_rmb(); /* ctrl + rmb := acquire */ \
+} while (0)
+
#endif /* __KERNEL__ */
#endif /* __ASSEMBLY__ */
@@ -304,6 +434,14 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
#define __visible
#endif
+/*
+ * Assume alignment of return value.
+ */
+#ifndef __assume_aligned
+#define __assume_aligned(a, ...)
+#endif
+
+
/* Are two types/vars the same type (ignoring qualifiers)? */
#ifndef __same_type
# define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b))
@@ -311,7 +449,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
/* Is this type a native word size -- useful for atomic operations */
#ifndef __native_word
-# define __native_word(t) (sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long))
+# define __native_word(t) (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long))
#endif
/* Compile time object size, -1 for unknown */
@@ -373,12 +511,38 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
* to make the compiler aware of ordering is to put the two invocations of
* ACCESS_ONCE() in different C statements.
*
- * This macro does absolutely -nothing- to prevent the CPU from reordering,
- * merging, or refetching absolutely anything at any time. Its main intended
- * use is to mediate communication between process-level code and irq/NMI
- * handlers, all running on the same CPU.
+ * ACCESS_ONCE will only work on scalar types. For union types, ACCESS_ONCE
+ * on a union member will work as long as the size of the member matches the
+ * size of the union and the size is smaller than word size.
+ *
+ * The major use cases of ACCESS_ONCE used to be (1) Mediating communication
+ * between process-level code and irq/NMI handlers, all running on the same CPU,
+ * and (2) Ensuring that the compiler does not fold, spindle, or otherwise
+ * mutilate accesses that either do not require ordering or that interact
+ * with an explicit memory barrier or atomic instruction that provides the
+ * required ordering.
+ *
+ * If possible use READ_ONCE()/WRITE_ONCE() instead.
+ */
+#define __ACCESS_ONCE(x) ({ \
+ __maybe_unused typeof(x) __var = (__force typeof(x)) 0; \
+ (volatile typeof(x) *)&(x); })
+#define ACCESS_ONCE(x) (*__ACCESS_ONCE(x))
+
+/**
+ * lockless_dereference() - safely load a pointer for later dereference
+ * @p: The pointer to load
+ *
+ * Similar to rcu_dereference(), but for situations where the pointed-to
+ * object's lifetime is managed by something other than RCU. That
+ * "something other" might be reference counting or simple immortality.
*/
-#define ACCESS_ONCE(x) (*(volatile typeof(x) *)&(x))
+#define lockless_dereference(p) \
+({ \
+ typeof(p) _________p1 = READ_ONCE(p); \
+ smp_read_barrier_depends(); /* Dependency order vs. p above. */ \
+ (_________p1); \
+})
/* Ignore/forbid kprobes attach on very low level functions marked by this attribute: */
#ifdef CONFIG_KPROBES

@ -0,0 +1,68 @@
From 69176c8602e29f4bd30457240374800d88dc39ed Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sat, 14 Apr 2018 22:39:34 +0200
Subject: [PATCH] rsa-sign: add support for libressl
---
lib/rsa/rsa-sign.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -21,7 +21,8 @@
#define HAVE_ERR_REMOVE_THREAD_STATE
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
static void RSA_get0_key(const RSA *r,
const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
{
@@ -300,7 +301,8 @@ static int rsa_init(void)
{
int ret;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
ret = SSL_library_init();
#else
ret = OPENSSL_init_ssl(0, NULL);
@@ -309,7 +311,7 @@ static int rsa_init(void)
fprintf(stderr, "Failure to init SSL library\n");
return -1;
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
@@ -355,7 +357,7 @@ err_set_rsa:
err_engine_init:
ENGINE_free(e);
err_engine_by_id:
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
ENGINE_cleanup();
#endif
return ret;
@@ -363,7 +365,7 @@ err_engine_by_id:
static void rsa_remove(void)
{
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
#ifdef HAVE_ERR_REMOVE_THREAD_STATE
@@ -433,7 +435,8 @@ static int rsa_sign_with_key(RSA *rsa, s
ret = rsa_err("Could not obtain signature");
goto err_sign;
}
- #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L || \
+ defined(LIBRESSL_VERSION_NUMBER)
EVP_MD_CTX_cleanup(context);
#else
EVP_MD_CTX_reset(context);

@ -0,0 +1,14 @@
OpenWrt links the libressl statically against mkimage, make sure all the
needed dependencies are added too.
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -145,7 +145,7 @@ endif
# MXSImage needs LibSSL
ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_ARMADA_39X)$(CONFIG_FIT_SIGNATURE),)
HOSTLOADLIBES_mkimage += \
- $(shell pkg-config --libs libssl libcrypto 2> /dev/null || echo "-lssl -lcrypto")
+ $(shell pkg-config --libs --static libssl libcrypto 2> /dev/null || echo "-lssl -lcrypto")
# OS X deprecate openssl in favour of CommonCrypto, supress deprecation
# warnings on those systems

@ -1,97 +0,0 @@
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -15,10 +15,25 @@
#include <openssl/ssl.h>
#include <openssl/evp.h>
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#if OPENSSL_VERSION_NUMBER < 0x10000000L
+#define HAVE_ERR_REMOVE_STATE
+#elif OPENSSL_VERSION_NUMBER < 0x10100000L
#define HAVE_ERR_REMOVE_THREAD_STATE
#endif
+#if (OPENSSL_VERSION_NUMBER < 0x10100005L) || defined(LIBRESSL_VERSION_NUMBER)
+static void RSA_get0_key(const RSA *r,
+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+ if (n != NULL)
+ *n = r->n;
+ if (e != NULL)
+ *e = r->e;
+ if (d != NULL)
+ *d = r->d;
+}
+#endif
+
static int rsa_err(const char *msg)
{
unsigned long sslErr = ERR_get_error();
@@ -154,7 +169,8 @@ static void rsa_remove(void)
ERR_free_strings();
#ifdef HAVE_ERR_REMOVE_THREAD_STATE
ERR_remove_thread_state(NULL);
-#else
+#endif
+#ifdef HAVE_ERR_REMOVE_STATE
ERR_remove_state(0);
#endif
EVP_cleanup();
@@ -210,7 +226,6 @@ static int rsa_sign_with_key(RSA *rsa, s
ret = rsa_err("Could not obtain signature");
goto err_sign;
}
- EVP_MD_CTX_cleanup(context);
EVP_MD_CTX_destroy(context);
EVP_PKEY_free(key);
@@ -270,23 +285,26 @@ static int rsa_get_exponent(RSA *key, ui
BIGNUM *bn_te;
uint64_t te;
+ const BIGNUM *bn_e;
+ RSA_get0_key(key, NULL, &bn_e, NULL);
+
ret = -EINVAL;
bn_te = NULL;
if (!e)
goto cleanup;
- if (BN_num_bits(key->e) > 64)
+ if (BN_num_bits(bn_e) > 64)
goto cleanup;
- *e = BN_get_word(key->e);
+ *e = BN_get_word(bn_e);
- if (BN_num_bits(key->e) < 33) {
+ if (BN_num_bits(bn_e) < 33) {
ret = 0;
goto cleanup;
}
- bn_te = BN_dup(key->e);
+ bn_te = BN_dup(bn_e);
if (!bn_te)
goto cleanup;
@@ -319,6 +337,9 @@ int rsa_get_params(RSA *key, uint64_t *e
BN_CTX *bn_ctx = BN_CTX_new();
int ret = 0;
+ const BIGNUM *bn_n;
+ RSA_get0_key(key, &bn_n, NULL, NULL);
+
/* Initialize BIGNUMs */
big1 = BN_new();
big2 = BN_new();
@@ -337,7 +358,7 @@ int rsa_get_params(RSA *key, uint64_t *e
if (0 != rsa_get_exponent(key, exponent))
ret = -1;
- if (!BN_copy(n, key->n) || !BN_set_word(big1, 1L) ||
+ if (!BN_copy(n, bn_n) || !BN_set_word(big1, 1L) ||
!BN_set_word(big2, 2L) || !BN_set_word(big32, 32L))
ret = -1;
Loading…
Cancel
Save