From patchwork Sat Nov 5 20:32:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bastian Germann X-Patchwork-Id: 1700147 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::33f; helo=mail-wm1-x33f.google.com; envelope-from=swupdate+bncbc4z7bgub4inhem3tmdbubbum4e2o@googlegroups.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20210112 header.b=LS6kd7+V; dkim-atps=neutral Received: from mail-wm1-x33f.google.com (mail-wm1-x33f.google.com [IPv6:2a00:1450:4864:20::33f]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4N4TkG6zHYz23lW for ; Sun, 6 Nov 2022 07:34:30 +1100 (AEDT) Received: by mail-wm1-x33f.google.com with SMTP id c10-20020a7bc84a000000b003cf81c2d3efsf2498480wml.7 for ; Sat, 05 Nov 2022 13:34:30 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1667680468; cv=pass; d=google.com; s=arc-20160816; b=O7ao3rmZqPDKWMLncq1fsRFdXwnk33wjMoWXlW5WJ/2fFwEULfkyy1OeWePd4lzID3 nd7Y3dzW7VtFaI20wE2AJWj5pWGVHN+UbWX8XkDcni5A03w18EihZMhDCPwKRUyadeCD mr8rVsOzZVnn8re1YmOZLViADqNJjN9pcD/41ApLXkeEwNef6HIiQ6FPf4He/xoMXmZ1 5skfKHTAUKhIeDDCv7ni3MjhxXKHEU9InLf5j8NS5hySFgdChgZfN3F9sb9xVW1xb7OV L1cYh844V8aBn9jAgNl+fgSgjaUOaj2hyuIKNaRdn2iFI7Syr3rEt9aaL8w8B5BLtZ8+ MxwQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:message-id:date :subject:cc:to:from:sender:dkim-signature; bh=CGIdyR8rjC8zTgWHL+dmevwEo0xMR0y3frYg96poxkg=; b=SVMWbhtGHTrCPuy12ADDilo2XNirGIpbg3oZZJWcOugt/KdUSemurDpE1burInBxWu m+NwPeA2s4u0GWW7ZuXpY2aOhlrVROG397W0WCJCTFhxjFUqhRqRXHJTq8OVXpqMZhTm Ry9XhQJmhwkV6lUjAF/KHjVsbPwfNbQZTi8iEBRvD+6ia+LkjZA0zMERdqNU2vJRiNRa Qtw8XcECTrwMq5hhloYwC5lYm4e4VAg5s7FSNGPLX512SDiRhms+X6NEo7S3WHBxPn48 v/33xmSLiYxAaE+t8mKn1OgtkJF5zXKcxuUGB30Ws9GooDoQRfVd7SbT24WT8n1q4zeR vP6g== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@debian.org header.s=smtpauto.stravinsky header.b=TNHkE5h6; spf=none (google.com: debian.org does not designate permitted sender hosts) smtp.mailfrom=bage@debian.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20210112; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:message-id:date:subject:cc:to:from :sender:from:to:cc:subject:date:message-id:reply-to; bh=CGIdyR8rjC8zTgWHL+dmevwEo0xMR0y3frYg96poxkg=; b=LS6kd7+VFBYNvSftxYlxUWh+ECGj5Lwj410SaSkRb8pSgs/bgOuk40v6GKM8ng3YnX g6vzuPyBNQYTCJesEC1uBJgxN1FygWZnkIVAkxMqaFRPbHgTh/qXmvc7QHNMoZ6renfJ XDZCa9xWa5Tyz1SMsnzHT+v02zpsLu2vcU8h24A+oW5QXwy9GAIYJsANm0pKkyLTHYTw JGH+LrgPwyE+WcAYpbkO5s7WTt7TVBz4tPVJNeY+abJ0zWZOKdrmMTpJxyqnb8/pPyZl Tat91tb602pdrTSWzCcYmAvOHrlTRj4b99/U1XjuQR3iMEAVd27xE05zmjDXWgTcyqWZ 9tSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:x-gm-message-state:sender:from :to:cc:subject:date:message-id:reply-to; bh=CGIdyR8rjC8zTgWHL+dmevwEo0xMR0y3frYg96poxkg=; b=ZL4V0KIWfz/O/kiL3/v3uL/cTlSgLvYI01WgCfaOqxAbl5DUVcq+cl/X6H40azCX7j hmO8dkHaD5jzb/gi5YS3DhfCoDh83k14SBKshQ6/Qa5mkXfzc234v//MKQCu/XArG6gN Q5YMiOkH2HGvl+4+bCLTGFUiAu1GkrL0+1xW0DrkjyZQDkgpNd7EMP0Im28XBCi+whbh dTeD8NB5xLSw5FLe7Us23pwp0p8cqSgF54GWoMGT+3UORtrelpQS9yaC4AVwYy7dAPeG xLf58MhWcj+mlZnZ/SgBiXHem85m1NFR5KkS8y8fXhbLWyxgREQqjCjZGRZ2PFUzeyUr 1BjA== Sender: swupdate@googlegroups.com X-Gm-Message-State: ACrzQf1dxa0YK5HEvdvu5JKBNJPDCvEHcNTBAmroWpGl0GAwnDVW53e3 TzimYy0n8aWIE5aDx7NJADc= X-Google-Smtp-Source: AMsMyM6NdSOEGVMZr9LEIjfe4NCEP+rKWZQ3uI+FYVb4GAR/yy8Fo3lms3pN6WkfmBnTO/CHuvIiSw== X-Received: by 2002:a5d:42c7:0:b0:236:4ddd:3576 with SMTP id t7-20020a5d42c7000000b002364ddd3576mr26979690wrr.289.1667680468104; Sat, 05 Nov 2022 13:34:28 -0700 (PDT) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:6000:238:b0:22c:d34e:768c with SMTP id l24-20020a056000023800b0022cd34e768cls10034424wrz.0.-pod-prod-gmail; Sat, 05 Nov 2022 13:34:26 -0700 (PDT) X-Received: by 2002:a5d:4910:0:b0:235:ab9b:33a2 with SMTP id x16-20020a5d4910000000b00235ab9b33a2mr26788721wrq.58.1667680371206; Sat, 05 Nov 2022 13:32:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667680371; cv=none; d=google.com; s=arc-20160816; b=YxvLHRomuylihG2GbBo7Uj5OlNBA/ojfY71QlHPhkzO2QhcpwIaMFQyurhi1SGxVVY 0vR7/x8UzR25wBHmeb2oHBxWJwlZUKIRCsLKKT5FRvjRmK7oAbMeaeM6cAKIZvj0guqU zKSyHYyNO+LtBCoAj4qC5VVoRd7i3159UbBqBVYmIwPx6MyutgFN5P4zOZI8rRVLNt/T TIacpjDgKa/96g5b2yk7vUNjKD8y3DogmXrMwSWyUlEJoEqt6bb4hmn+e4Vgoa+SquCE YJaTLK2hxQiF2y4VwfwNLTgejfZqFHw3vMFK37CFgZkMc7J0HRRHQOxokOSt65HCacWX iWPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature; bh=UCyDRLgvtH9WXjcCAWIRgBdXaX8wtdxxd8edeTcIM3w=; b=H2QmNstabE5orcG9mIv0RfFmQvWiy28/4EK55pyUtbmG1u1q2sGBdLtNUcUGLiD1Hv +1VbzK2pdjZ/lPW1JZiQSHwi2xk0EIhh8xmW2SJZLT/Wjk7/rckDR3ZkfeNJWZsBku0N tc05IiPOGh92JdPJBGHgjZHnml2+XH3+OG3O7yrNtUTKXP/KZ1eTlL4PLYdj7azcg9pF 65bpu1doQYSAOYkszbiIuTzlhZjGG7vk5JAcE78e4X5PTKWCwLyk56FeP1jQAUt1l8JJ CyscC/7DSf9UHJ5O9t3rQhJeYmSKQilHyARfIBvCpS80GelVMJtuhKu2Wxc8NKAjxjC/ XPxg== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@debian.org header.s=smtpauto.stravinsky header.b=TNHkE5h6; spf=none (google.com: debian.org does not designate permitted sender hosts) smtp.mailfrom=bage@debian.org Received: from stravinsky.debian.org (stravinsky.debian.org. [2001:41b8:202:deb::311:108]) by gmr-mx.google.com with ESMTPS id n23-20020a7bc5d7000000b003cf1536d24dsi95314wmk.0.2022.11.05.13.32.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 05 Nov 2022 13:32:51 -0700 (PDT) Received-SPF: none (google.com: debian.org does not designate permitted sender hosts) client-ip=2001:41b8:202:deb::311:108; Received: from authenticated user by stravinsky.debian.org with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.94.2) (envelope-from ) id 1orPqV-004NTq-Pi; Sat, 05 Nov 2022 20:32:50 +0000 From: Bastian Germann To: swupdate@googlegroups.com Cc: Bastian Germann Subject: [swupdate] [PATCH] Drop LibreSSL deviation from OpenSSL Date: Sat, 5 Nov 2022 21:32:47 +0100 Message-Id: <20221105203247.3284-1-bage@debian.org> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 X-Debian-User: bage X-Original-Sender: bage@debian.org X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@debian.org header.s=smtpauto.stravinsky header.b=TNHkE5h6; spf=none (google.com: debian.org does not designate permitted sender hosts) smtp.mailfrom=bage@debian.org Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Current LibreSSL versions do not need any exceptions from OpenSSL. This was tested with v3.6.1 on Arch Linux. Signed-off-by: Bastian Germann --- corelib/swupdate_decrypt.c | 4 ++-- include/sslapi.h | 14 +++++--------- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/corelib/swupdate_decrypt.c b/corelib/swupdate_decrypt.c index b3a4d0a..9fa8dcb 100644 --- a/corelib/swupdate_decrypt.c +++ b/corelib/swupdate_decrypt.c @@ -46,7 +46,7 @@ struct swupdate_digest *swupdate_DECRYPT_init(unsigned char *key, char keylen, u return NULL; } -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L EVP_CIPHER_CTX_init(&dgst->ctxdec); #else dgst->ctxdec = EVP_CIPHER_CTX_new(); @@ -111,7 +111,7 @@ int swupdate_DECRYPT_final(struct swupdate_digest *dgst, unsigned char *buf, void swupdate_DECRYPT_cleanup(struct swupdate_digest *dgst) { if (dgst) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L EVP_CIPHER_CTX_cleanup(SSL_GET_CTXDEC(dgst)); #else EVP_CIPHER_CTX_free(SSL_GET_CTXDEC(dgst)); diff --git a/include/sslapi.h b/include/sslapi.h index 1fa15b0..accf3c4 100644 --- a/include/sslapi.h +++ b/include/sslapi.h @@ -55,14 +55,11 @@ #if defined(CONFIG_SSL_IMPL_OPENSSL) || defined(CONFIG_SSL_IMPL_WOLFSSL) #ifdef CONFIG_SIGALG_CMS -#if defined(LIBRESSL_VERSION_NUMBER) -#error "LibreSSL does not support CMS, please select RSA PKCS" -#else #include static inline uint32_t SSL_X509_get_extension_flags(X509 *x) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L return x->ex_flags; #else return X509_get_extension_flags(x); @@ -71,14 +68,13 @@ static inline uint32_t SSL_X509_get_extension_flags(X509 *x) static inline uint32_t SSL_X509_get_extended_key_usage(X509 *x) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L return x->ex_xkusage; #else return X509_get_extended_key_usage(x); #endif } -#endif #endif /* CONFIG_SIGALG_CMS */ #ifdef CONFIG_SSL_IMPL_WOLFSSL @@ -104,14 +100,14 @@ struct swupdate_digest { Aes ctxdec; Pkcs11Dev pkdev; Pkcs11Token pktoken; -#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#elif OPENSSL_VERSION_NUMBER < 0x10100000L EVP_CIPHER_CTX ctxdec; #else EVP_CIPHER_CTX *ctxdec; #endif }; -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L #define SSL_GET_CTXDEC(dgst) &dgst->ctxdec #else #define SSL_GET_CTXDEC(dgst) dgst->ctxdec @@ -122,7 +118,7 @@ struct swupdate_digest { * library * It must be called just once */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L #define swupdate_crypto_init() { \ do { \ CRYPTO_malloc_init(); \