[Buildroot] [PATCH next] tpm2-tss: force libopenssl as openssl provider
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Sat Nov 24 14:10:40 UTC 2018
Hello,
On Wed, 21 Nov 2018 00:44:37 -0200, Carlos Santos wrote:
> Select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL and drop the patch to
> compile with libressl.
>
> The discussion with the tpm2-tss developers led to the conclusion that
> libressl lacks some required functionalities. Quoting Andreas Fuchs[1]:
> "LibreSSL does not support OAEP-mode with labels at all, even though the
> internal OAEP-padding-function includes the parameters already. [...]
> Further, the internal OAEP-padding-function does not support variable
> hash algs, but staticly uses SHA1."
>
> Notice that there will NOT be an option to use libgcrypt. OpenSSL will
> soon become the default ESAPI crypto backend to prevent the problem of
> forcing applications to link against both libgcrypt and libssl[2].
>
> 1. https://github.com/tpm2-software/tpm2-tss/pull/1207#issuecomment-440217659
> 2. https://github.com/tpm2-software/tpm2-tss/issues/1169
>
> Signed-off-by: Carlos Santos <casantos at datacom.com.br>
> ---
> .../0001-ESYS-Fix-build-with-LibreSSL.patch | 48 -------------------
> package/tpm2-tss/Config.in | 1 +
> 2 files changed, 1 insertion(+), 48 deletions(-)
> delete mode 100644 package/tpm2-tss/0001-ESYS-Fix-build-with-LibreSSL.patch
Applied to next, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list