-
Notifications
You must be signed in to change notification settings - Fork 197
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl binary usage #685
Comments
As they're host binaries, presumably just expecting libcrypto on the host is acceptable? |
The word "host" is incorrectly used here, we're talking about the client application ( I agree that the OpenSSL binaries need to be removed. The CMake build doesn't use them already. For example the QEMU build documented at https://optee.readthedocs.io/en/latest/building/devices/qemu.html#qemu-v8 uses Buildroot and the CMake files and will build OpenSSL from source. |
I was able to remove the openssl binaries and openssl include files, modify the host/xtest/Makefile to use -lcyrpto and not reference the openssl include files, and everything appears to be mostly happy. I had to add " -Wno-error=deprecated-declarations" because it is using old versions of some functions. If you want, I can upload the changes as a PR. |
@jonmason yes please! |
Feel free to take this jenswi-linaro@7238495 |
@jenswi-linaro this looks good to me. Please close this issue when it is merged |
The above commit could probably be merged without waiting for OP-TEE 4.x, provided that this is added too: #689 [1]. @jenswi-linaro @jonmason what do you think? [1] Tested with the Linaro TRS build which has OpenSSL 3.0 which is why the PR is needed |
Sound good to me. How about adding jenswi-linaro/optee_test@7238495 to #689? |
Done! |
I came across this issue while building and testing optee with Yocto Project and the meta-arm layer
WARNING: optee-test-3.20.0-r0 do_package_qa: QA Issue: /usr/bin/xtest uses 32-bit api 'localtime_r'
/usr/bin/xtest uses 32-bit api 'time'
/usr/bin/xtest uses 32-bit api 'gmtime_r'
A quick grep finds the only instance of localtime_r to be
Binary file host/openssl/lib/aarch64/libcrypto.a matches
Binary file host/openssl/lib/arm/libcrypto.a matches
A git log on that file shows a single commit of
commit 27054ff
Author: Jerome Forissier jerome.forissier@linaro.org
Date: Tue Jun 5 11:09:01 2018 +0200
Obviously, having such an old version of openssl is a security issue, along with the 2038 time issue that discovered it.
I humbly request that this file is removed completely, and either pull it in via a prebuild stage or build it from scratch.
The text was updated successfully, but these errors were encountered: