From 90402a607676cc56d718f1c84294f05ee571f416 Mon Sep 17 00:00:00 2001 From: Ricardo Salveti Date: Thu, 17 Jan 2019 12:02:25 -0200 Subject: softhsm: bump to 2.5.0 Changes in 2.5.0: - Support for cross-compilation - Use RDRAND in OpenSSL if that engine is available - Support for EDDSA with vendor defined mechanisms - Replace PKCS11 headers with a version from p11-kit Recipe updated to build support for EdDSA since that is already available in latest OpenSSL (1.1.1a). HOMEPAGE and LICENSE also changed to match upstream. Signed-off-by: Ricardo Salveti --- .../files/0001-Cross-compilation-tweaks.patch | 86 ---------------------- recipes-support/softhsm/softhsm_git.bb | 31 ++++---- 2 files changed, 15 insertions(+), 102 deletions(-) delete mode 100644 recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch diff --git a/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch b/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch deleted file mode 100644 index b3a7622..0000000 --- a/recipes-support/softhsm/files/0001-Cross-compilation-tweaks.patch +++ /dev/null @@ -1,86 +0,0 @@ -From b6add28acb884b6006216e8422cc18504483c72e Mon Sep 17 00:00:00 2001 -From: Anton Gerasimov -Date: Fri, 8 Sep 2017 15:08:40 +0200 -Subject: [PATCH] Cross-compilation tweaks - ---- - m4/acx_openssl.m4 | 2 ++ - m4/acx_openssl_ecc.m4 | 3 +++ - m4/acx_openssl_fips.m4 | 2 ++ - m4/acx_openssl_gost.m4 | 2 ++ - 4 files changed, 9 insertions(+) - -diff --git a/m4/acx_openssl.m4 b/m4/acx_openssl.m4 -index e90c78f..9de6055 100644 ---- a/m4/acx_openssl.m4 -+++ b/m4/acx_openssl.m4 -@@ -25,6 +25,7 @@ AC_DEFUN([ACX_OPENSSL],[ - AC_CHECK_HEADERS([openssl/ssl.h],,[AC_MSG_ERROR([Can't find OpenSSL headers])]) - AC_CHECK_LIB(crypto, BN_new,,[AC_MSG_ERROR([Can't find OpenSSL library])]) - -+ if test "$cross_compiling" != yes; then - AC_MSG_CHECKING([for OpenSSL version]) - CHECK_OPENSSL_VERSION=m4_format(0x%02x%02x%02x000L, $1, $2, $3) - AC_LANG_PUSH([C]) -@@ -51,6 +52,7 @@ AC_DEFUN([ACX_OPENSSL],[ - AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)]) - ],[]) - AC_LANG_POP([C]) -+ fi - - CPPFLAGS=$tmp_CPPFLAGS - LIBS=$tmp_LIBS -diff --git a/m4/acx_openssl_ecc.m4 b/m4/acx_openssl_ecc.m4 -index 612c505..ba2389d 100644 ---- a/m4/acx_openssl_ecc.m4 -+++ b/m4/acx_openssl_ecc.m4 -@@ -1,4 +1,5 @@ - AC_DEFUN([ACX_OPENSSL_ECC],[ -+ if test "$cross_compiling" != yes; then - AC_MSG_CHECKING(for OpenSSL ECC support) - - tmp_CPPFLAGS=$CPPFLAGS -@@ -32,6 +33,8 @@ AC_DEFUN([ACX_OPENSSL_ECC],[ - ],[]) - AC_LANG_POP([C]) - -+ fi -+ - CPPFLAGS=$tmp_CPPFLAGS - LIBS=$tmp_LIBS - ]) -diff --git a/m4/acx_openssl_fips.m4 b/m4/acx_openssl_fips.m4 -index 0491397..896cdbf 100644 ---- a/m4/acx_openssl_fips.m4 -+++ b/m4/acx_openssl_fips.m4 -@@ -1,4 +1,5 @@ - AC_DEFUN([ACX_OPENSSL_FIPS],[ -+ if test "$cross_compiling" != yes; then - AC_MSG_CHECKING(for OpenSSL FIPS capable library) - - tmp_CPPFLAGS=$CPPFLAGS -@@ -47,4 +48,5 @@ AC_DEFUN([ACX_OPENSSL_FIPS],[ - - CPPFLAGS=$tmp_CPPFLAGS - LIBS=$tmp_LIBS -+ fi - ]) -diff --git a/m4/acx_openssl_gost.m4 b/m4/acx_openssl_gost.m4 -index dca489b..34c39d8 100644 ---- a/m4/acx_openssl_gost.m4 -+++ b/m4/acx_openssl_gost.m4 -@@ -1,4 +1,5 @@ - AC_DEFUN([ACX_OPENSSL_GOST],[ -+ if test "$cross_compiling" != yes; then - AC_MSG_CHECKING(for OpenSSL GOST support) - - tmp_CPPFLAGS=$CPPFLAGS -@@ -62,4 +63,5 @@ AC_DEFUN([ACX_OPENSSL_GOST],[ - - CPPFLAGS=$tmp_CPPFLAGS - LIBS=$tmp_LIBS -+ fi - ]) --- -2.7.4 - diff --git a/recipes-support/softhsm/softhsm_git.bb b/recipes-support/softhsm/softhsm_git.bb index c26903d..4dcfe7d 100644 --- a/recipes-support/softhsm/softhsm_git.bb +++ b/recipes-support/softhsm/softhsm_git.bb @@ -1,27 +1,26 @@ SUMMARY = "HSM emulator" -LICENSE = "BSD" +HOMEPAGE = "https://www.opendnssec.org/softhsm/" +LICENSE = "BSD-2-Clause & ISC" LIC_FILES_CHKSUM = "file://LICENSE;md5=ef3f77a3507c3d91e75b9f2bdaee4210" -inherit autotools-brokensep +DEPENDS = "openssl" +SRC_URI = "git://github.com/opendnssec/SoftHSMv2.git;branch=master" +SRCREV = "369df0383d101bc8952692c2a368ac8bc887d1b4" -SRC_URI = "git://github.com/opendnssec/SoftHSMv2.git;branch=master \ - file://0001-Cross-compilation-tweaks.patch" -SRCREV="1f7498c0c65b1b1ad5e1bdbd87e9d4b100705745" +PV = "2.5.0" S = "${WORKDIR}/git" -DEPENDS += " openssl" +inherit autotools pkgconfig -EXTRA_OECONF = "--disable-gost --with-openssl=${STAGING_LIBDIR}/.." +# EdDSA requires OpenSSL >= 1.1.1 +EXTRA_OECONF = "--enable-eddsa --disable-gost" -do_configure() { - unset docdir - sh ./autogen.sh - oe_runconf +do_configure_prepend() { + ( + cd ${S} + unset docdir + sh ./autogen.sh + ) } - -FILES_${PN} = "${bindir} \ - ${libdir}/softhsm \ - ${sysconfdir} \ - ${localstatedir}/lib/softhsm " -- cgit v1.2.3-54-g00ecf From 5ac462299def05b7a49be25a0076c611482cb9c9 Mon Sep 17 00:00:00 2001 From: Ricardo Salveti Date: Thu, 17 Jan 2019 11:58:12 -0200 Subject: libp11: bump to git 57ca68f for EC signing support libp11 0.4.9 gives an error when EC keys are used for signing (pkcs11_try_pkey_ec_sign() not implemented), so bump to git 57ca68f (post 0.4.9) for EC signing support. Also drop workaround patch for OpenSSL 1.0.2.m since OE OpenSSL version is now at 1.1.1a. Signed-off-by: Ricardo Salveti --- ...und-for-a-buggy-version-of-openssl-1.0.2m.patch | 42 ---------------------- recipes-support/libp11/libp11_0.4.9.bb | 39 -------------------- recipes-support/libp11/libp11_git.bb | 40 +++++++++++++++++++++ 3 files changed, 40 insertions(+), 81 deletions(-) delete mode 100644 recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch delete mode 100644 recipes-support/libp11/libp11_0.4.9.bb create mode 100644 recipes-support/libp11/libp11_git.bb diff --git a/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch b/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch deleted file mode 100644 index 55f2ed3..0000000 --- a/recipes-support/libp11/files/0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch +++ /dev/null @@ -1,42 +0,0 @@ -From ccab5ce63dd5d3dbb4bd02998d21d34407e550f2 Mon Sep 17 00:00:00 2001 -From: Anton Gerasimov -Date: Fri, 19 Jan 2018 12:44:27 +0100 -Subject: [PATCH] Workaround for a buggy version of openssl (1.0.2m) - ---- - src/p11_pkey.c | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/src/p11_pkey.c b/src/p11_pkey.c -index 45d5ad3..75625e6 100644 ---- a/src/p11_pkey.c -+++ b/src/p11_pkey.c -@@ -139,8 +139,14 @@ static void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src) - - #endif - --#if OPENSSL_VERSION_NUMBER < 0x100020d0L || defined(LIBRESSL_VERSION_NUMBER) --static void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, -+#if OPENSSL_VERSION_NUMBER < 0x10002110L || defined(LIBRESSL_VERSION_NUMBER) -+ -+# if (OPENSSL_VERSION_NUMBER & 0xFFFFFFF0) == 0x100020d0L -+# undef EVP_PKEY_meth_get_sign -+# undef EVP_PKEY_meth_get_decrypt -+# endif -+ -+void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, - int (**psign_init) (EVP_PKEY_CTX *ctx), - int (**psign) (EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, -@@ -152,7 +158,7 @@ static void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, - *psign = pmeth->sign; - } - --static void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, -+void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, - int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), - int (**pdecrypt) (EVP_PKEY_CTX *ctx, - unsigned char *out, --- -2.15.1 - diff --git a/recipes-support/libp11/libp11_0.4.9.bb b/recipes-support/libp11/libp11_0.4.9.bb deleted file mode 100644 index 6d0165f..0000000 --- a/recipes-support/libp11/libp11_0.4.9.bb +++ /dev/null @@ -1,39 +0,0 @@ -SUMMARY = "Library for using PKCS" -DESCRIPTION = "\ -Libp11 is a library implementing a small layer on top of PKCS \ -make using PKCS" -HOMEPAGE = "http://www.opensc-project.org/libp11" -SECTION = "Development/Libraries" -LICENSE = "LGPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=fad9b3332be894bab9bc501572864b29" -DEPENDS = "libtool openssl" -RDEPENDS_${PN} += " opensc" - -SRC_URI = "git://github.com/OpenSC/libp11.git \ - file://0001-Workaround-for-a-buggy-version-of-openssl-1.0.2m.patch" -SRCREV = "e1210903291b1de9eabcad26e740a4b2fbcca692" - -S = "${WORKDIR}/git" - -inherit autotools pkgconfig - -# Currently, Makefile dependencies are incorrectly defined which causes build errors -# if the number of jobs is high -# See https://github.com/OpenSC/libp11/issues/94 -PARALLEL_MAKE = "" -EXTRA_OECONF = "--disable-static" - -do_install_append () { - rm -rf ${D}${libdir}/*.la - rm -rf ${D}${docdir}/${BPN} -} - -FILES_${PN} = "${libdir}/engines*/pkcs11.so \ - ${libdir}/engines*/libpkcs11${SOLIBS} \ - ${libdir}/libp11${SOLIBS}" - -FILES_${PN}-dev = " \ - ${libdir}/engines*/libpkcs11${SOLIBSDEV} \ - ${libdir}/libp11${SOLIBSDEV} \ - ${libdir}/pkgconfig/libp11.pc \ - /usr/include" diff --git a/recipes-support/libp11/libp11_git.bb b/recipes-support/libp11/libp11_git.bb new file mode 100644 index 0000000..bedcdc8 --- /dev/null +++ b/recipes-support/libp11/libp11_git.bb @@ -0,0 +1,40 @@ +SUMMARY = "Library for using PKCS" +DESCRIPTION = "\ +Libp11 is a library implementing a small layer on top of PKCS \ +make using PKCS" +HOMEPAGE = "http://www.opensc-project.org/libp11" +SECTION = "Development/Libraries" +LICENSE = "LGPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=fad9b3332be894bab9bc501572864b29" +DEPENDS = "libtool openssl" +RDEPENDS_${PN} += " opensc" + +SRC_URI = "git://github.com/OpenSC/libp11.git" +SRCREV = "57ca68ff67efa08e3be1f26dec6d23bf5bb977f2" + +PV = "0.4.9+git${SRCPV}" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig + +# Currently, Makefile dependencies are incorrectly defined which causes build errors +# if the number of jobs is high +# See https://github.com/OpenSC/libp11/issues/94 +PARALLEL_MAKE = "" +EXTRA_OECONF = "--disable-static" + +do_install_append () { + rm -rf ${D}${libdir}/*.la + rm -rf ${D}${docdir}/${BPN} +} + +FILES_${PN} = "${libdir}/engines*/pkcs11.so \ + ${libdir}/engines*/libpkcs11${SOLIBS} \ + ${libdir}/libp11${SOLIBS}" + +FILES_${PN}-dev = " \ + ${libdir}/engines*/libpkcs11${SOLIBSDEV} \ + ${libdir}/libp11${SOLIBSDEV} \ + ${libdir}/pkgconfig/libp11.pc \ + /usr/include" -- cgit v1.2.3-54-g00ecf