[openwrt/openwrt] Revert "tools/libressl: update to 4.0.0"

LEDE Commits lede-commits at lists.infradead.org
Sat Mar 29 11:24:26 PDT 2025 

robimarko pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/6ac09b940fcdef052fff3a2819a8ee7d44f92776

commit 6ac09b940fcdef052fff3a2819a8ee7d44f92776
Author: Robert Marko <robimarko at gmail.com>
AuthorDate: Sat Mar 29 19:23:15 2025 +0100

    Revert "tools/libressl: update to 4.0.0"
    
    This reverts commit 21cece29e9eebc397eadee259e60c7fc44828cce.
    
    Unfortunately, LibreSSL 4.0 causes the host APK tools to segfault under
    fakeroot when .apk is being generated and it is completely breaking
    building under Debian and Ubuntu hosts.
    
    So, until this is fixed lets revert the update.
    
    Signed-off-by: Robert Marko <robimarko at gmail.com>
---
 tools/libressl/Makefile                 |  4 +-
 tools/libressl/patches/010-static.patch | 99 ---------------------------------
 2 files changed, 2 insertions(+), 101 deletions(-)

diff --git a/tools/libressl/Makefile b/tools/libressl/Makefile
index 10d4036e66..4072194763 100644
--- a/tools/libressl/Makefile
+++ b/tools/libressl/Makefile
@@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libressl
-PKG_VERSION:=4.0.0
-PKG_HASH:=4d841955f0acc3dfc71d0e3dd35f283af461222350e26843fea9731c0246a1e4
+PKG_VERSION:=3.7.3
+PKG_HASH:=7948c856a90c825bd7268b6f85674a8dcd254bae42e221781b24e3f8dc335db3
 
 PKG_CPE_ID:=cpe:/a:openbsd:libressl
 
diff --git a/tools/libressl/patches/010-static.patch b/tools/libressl/patches/010-static.patch
deleted file mode 100644
index f5a8711fe3..0000000000
--- a/tools/libressl/patches/010-static.patch
+++ /dev/null
@@ -1,99 +0,0 @@
---- a/crypto/ec/ec_kmeth.c
-+++ b/crypto/ec/ec_kmeth.c
-@@ -74,12 +74,12 @@ static const EC_KEY_METHOD openssl_ec_ke
- 	.keygen = ec_key_gen,
- 	.compute_key = ecdh_compute_key,
- 
--	.sign = ecdsa_sign,
--	.sign_setup = ecdsa_sign_setup,
--	.sign_sig = ecdsa_sign_sig,
-+	.sign = libressl_ecdsa_sign,
-+	.sign_setup = libressl_ecdsa_sign_setup,
-+	.sign_sig = libressl_ecdsa_sign_sig,
- 
--	.verify = ecdsa_verify,
--	.verify_sig = ecdsa_verify_sig,
-+	.verify = libressl_ecdsa_verify,
-+	.verify_sig = libressl_ecdsa_verify_sig,
- };
- 
- const EC_KEY_METHOD *default_ec_key_meth = &openssl_ec_key_method;
---- a/crypto/ec/ec_local.h
-+++ b/crypto/ec/ec_local.h
-@@ -342,9 +342,9 @@ struct ec_key_method_st {
- int ec_key_gen(EC_KEY *eckey);
- int ecdh_compute_key(unsigned char **out, size_t *out_len,
-     const EC_POINT *pub_key, const EC_KEY *ecdh);
--int ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
-+int libressl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
-     const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
--int ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
-+int libressl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
-     const ECDSA_SIG *sig, EC_KEY *eckey);
- 
- /*
---- a/crypto/ecdsa/ecdsa.c
-+++ b/crypto/ecdsa/ecdsa.c
-@@ -217,7 +217,7 @@ ecdsa_prepare_digest(const unsigned char
- }
- 
- int
--ecdsa_sign(int type, const unsigned char *digest, int digest_len,
-+libressl_ecdsa_sign(int type, const unsigned char *digest, int digest_len,
-     unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv,
-     const BIGNUM *r, EC_KEY *key)
- {
-@@ -266,7 +266,7 @@ LCRYPTO_ALIAS(ECDSA_sign);
-  */
- 
- int
--ecdsa_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, BIGNUM **out_r)
-+libressl_ecdsa_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, BIGNUM **out_r)
- {
- 	const EC_GROUP *group;
- 	EC_POINT *point = NULL;
-@@ -517,7 +517,7 @@ ecdsa_compute_s(BIGNUM **out_s, const BI
-  */
- 
- ECDSA_SIG *
--ecdsa_sign_sig(const unsigned char *digest, int digest_len,
-+libressl_ecdsa_sign_sig(const unsigned char *digest, int digest_len,
-     const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *key)
- {
- 	BN_CTX *ctx = NULL;
-@@ -600,7 +600,7 @@ ECDSA_do_sign(const unsigned char *diges
- LCRYPTO_ALIAS(ECDSA_do_sign);
- 
- int
--ecdsa_verify(int type, const unsigned char *digest, int digest_len,
-+libressl_ecdsa_verify(int type, const unsigned char *digest, int digest_len,
-     const unsigned char *sigbuf, int sig_len, EC_KEY *key)
- {
- 	ECDSA_SIG *s;
-@@ -649,7 +649,7 @@ LCRYPTO_ALIAS(ECDSA_verify);
-  */
- 
- int
--ecdsa_verify_sig(const unsigned char *digest, int digest_len,
-+libressl_ecdsa_verify_sig(const unsigned char *digest, int digest_len,
-     const ECDSA_SIG *sig, EC_KEY *key)
- {
- 	const EC_GROUP *group;
---- a/crypto/ecdsa/ecdsa_local.h
-+++ b/crypto/ecdsa/ecdsa_local.h
-@@ -68,12 +68,12 @@ struct ECDSA_SIG_st {
- 	BIGNUM *s;
- };
- 
--int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv,
-+int libressl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *in_ctx, BIGNUM **out_kinv,
-     BIGNUM **out_r);
--int ecdsa_sign(int type, const unsigned char *digest, int digest_len,
-+int libressl_ecdsa_sign(int type, const unsigned char *digest, int digest_len,
-     unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv,
-     const BIGNUM *r, EC_KEY *eckey);
--ECDSA_SIG *ecdsa_sign_sig(const unsigned char *digest, int digest_len,
-+ECDSA_SIG *libressl_ecdsa_sign_sig(const unsigned char *digest, int digest_len,
-     const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey);
- 
- __END_HIDDEN_DECLS

More information about the lede-commits mailing list