openssl-qoriq: upgrade to 1.0.2h plus fsl patches

Based on oe-core openssl-1.0.2h, revision:
e49d337 meta: update patch metadata

extended with patches from fsl to enable more features.

Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>

1 files changed, 88 insertions, 41 deletions

diff --git a/recipes-connectivity/openssl/openssl-qoriq.inc b/recipes-connectivity/openssl/openssl-qoriq.inc
index faccb080..8c8c0365 100644
--- a/recipes-connectivity/openssl/openssl-qoriq.inc
+++ b/recipes-connectivity/openssl/openssl-qoriq.inc
@@ -8,6 +8,9 @@ SECTION = "libs/network"
 LICENSE = "openssl"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
 
+DEPENDS = "hostperl-runtime-native"
+DEPENDS_append_class-target = " openssl-native"
+
 PROVIDES = "openssl"
 
 python() {
@@ -19,8 +22,6 @@ python() {
             d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
 }
 
-DEPENDS = "perl-native-runtime"
-
 SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
           "
 S = "${WORKDIR}/openssl-${PV}"
@@ -28,37 +29,39 @@ S = "${WORKDIR}/openssl-${PV}"
 PACKAGECONFIG[perl] = ",,,"
 
 AR_append = " r"
+TERMIO_libc-musl = "-DTERMIOS"
+TERMIO ?= "-DTERMIO"
 # Avoid binaries being marked as requiring an executable stack since it 
 # doesn't(which causes and this causes issues with SELinux
 CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
-        -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack"
-
-# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom
-CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}"
-CFLAG_mtx-2 := "${@'${CFLAG}'.replace('-O2', '')}"
+         ${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack"
 
 export DIRS = "crypto ssl apps"
 export EX_LIBS = "-lgcc -ldl"
 export AS = "${CC} -c"
 EXTRA_OEMAKE = "-e MAKEFLAGS="
 
-inherit pkgconfig siteinfo multilib_header
+inherit pkgconfig siteinfo multilib_header ptest
 
-PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
-FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}"
-FILES_libssl = "${libdir}/libssl.so.*"
+PACKAGES =+ "libcrypto libssl ${PN}-misc ${PN}-conf"
+FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl${SOLIBS}"
 FILES_${PN} =+ " ${libdir}/ssl/*"
-FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
+FILES_${PN}-misc = "${libdir}/ssl/misc"
 RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
-FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}"
 
 # Add the openssl.cnf file to the openssl-conf package.  Make the libcrypto
 # package RRECOMMENDS on this package.  This will enable the configuration
 # file to be installed for both the base openssl package and the libcrypto
 # package since the base openssl package depends on the libcrypto package.
-FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
-CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
-RRECOMMENDS_libcrypto += "openssl-conf"
+FILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf"
+CONFFILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf"
+RRECOMMENDS_libcrypto += "${PN}-conf"
+RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
+
+# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
+# vulnerability
+EXTRA_OECONF = " -no-ssl3"
 
 do_configure_prepend_darwin () {
         sed -i -e '/version-script=openssl\.ld/d' Configure
@@ -71,17 +74,18 @@ do_configure () {
         ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
 
         os=${HOST_OS}
-        if [ "x$os" = "xlinux-uclibc" ]; then
-                os=linux
-        elif [ "x$os" = "xlinux-uclibceabi" ]; then
-                os=linux
-        elif [ "x$os" = "xlinux-uclibcspe" ]; then
-                os=linux
-        elif [ "x$os" = "xlinux-gnuspe" ]; then
+        case $os in
+        linux-uclibc |\
+        linux-uclibceabi |\
+        linux-gnueabi |\
+        linux-uclibcspe |\
+        linux-gnuspe |\
+        linux-musl*)
                 os=linux
-        elif [ "x$os" = "xlinux-gnueabi" ]; then
-                os=linux
-        fi
+                ;;
+                *)
+                ;;
+        esac
         target="$os-${HOST_ARCH}"
         case $target in
         linux-arm)
@@ -91,7 +95,7 @@ do_configure () {
                 target=linux-elf-armeb
                 ;;
         linux-aarch64*)
-                target=linux-generic64
+                target=linux-aarch64
                 ;;
         linux-sh3)
                 target=debian-sh3
@@ -120,9 +124,12 @@ do_configure () {
         linux-mipsel)
                 target=debian-mipsel
                 ;;
-        linux-*-mips64)
+        linux-*-mips64 | linux-mips64)
                target=linux-mips
                 ;;
+        linux-microblaze*|linux-nios2*)
+                target=linux-generic32
+                ;;
         linux-powerpc)
                 target=linux-ppc
                 ;;
@@ -145,40 +152,80 @@ do_configure () {
         if [ "x$useprefix" = "x" ]; then
                 useprefix=/
         fi        
-        perl ./Configure shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
+        perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
+}
+
+do_compile_prepend_class-target () {
+    sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
 }
 
 do_compile () {
         oe_runmake
 }
 
+do_compile_ptest () {
+        oe_runmake buildtest
+}
+
 do_install () {
+        # Create ${D}/${prefix} to fix parallel issues
+        mkdir -p ${D}/${prefix}/
+
         oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
 
         oe_libinstall -so libcrypto ${D}${libdir}
         oe_libinstall -so libssl ${D}${libdir}
 
-        # Moving libcrypto to /lib
-        if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
-                mkdir -p ${D}/${base_libdir}/
-                mv ${D}${libdir}/libcrypto* ${D}${base_libdir}/
-                sed -i s#libdir=\$\{exec_prefix\}\/lib#libdir=${base_libdir}# ${D}/${libdir}/pkgconfig/libcrypto.pc
-        fi
-
         install -d ${D}${includedir}
         cp --dereference -R include/openssl ${D}${includedir}
 
+        install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
+        sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
+
         oe_multilib_header openssl/opensslconf.h
         if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
-                install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
-                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
                 sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
                 sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
-                # The c_rehash utility isn't installed by the normal installation process.
         else
-                rm -f ${D}${bindir}/c_rehash
                 rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
         fi
+
+        # Create SSL structure
+        install -d ${D}${sysconfdir}/ssl/
+        mv ${D}${libdir}/ssl/openssl.cnf \
+           ${D}${libdir}/ssl/certs \
+           ${D}${libdir}/ssl/private \
+           \
+           ${D}${sysconfdir}/ssl/
+        ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
+        ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
+        ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
+}
+
+do_install_ptest () {
+        cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
+        cp Configure config e_os.h ${D}${PTEST_PATH}
+        cp -r -L include ${D}${PTEST_PATH}
+        ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
+        ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
+        mkdir -p ${D}${PTEST_PATH}/crypto
+        cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
+        cp -r certs ${D}${PTEST_PATH}
+        mkdir -p ${D}${PTEST_PATH}/apps
+        ln -sf ${libdir}/ssl/misc/CA.sh  ${D}${PTEST_PATH}/apps
+        ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+        ln -sf ${bindir}/openssl         ${D}${PTEST_PATH}/apps
+        cp apps/server2.pem             ${D}${PTEST_PATH}/apps
+        mkdir -p ${D}${PTEST_PATH}/util
+        install util/opensslwrap.sh    ${D}${PTEST_PATH}/util
+        install util/shlib_wrap.sh     ${D}${PTEST_PATH}/util
+}
+
+do_install_append_class-native() {
+        create_wrapper ${D}${bindir}/openssl \
+            OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
+            SSL_CERT_DIR=${libdir}/ssl/certs \
+            SSL_CERT_FILE=${libdir}/ssl/cert.pem \
+            OPENSSL_ENGINES=${libdir}/ssl/engines
 }
 
-BBCLASSEXTEND = "native nativesdk"