summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCristiana Voicu <cristiana.voicu@intel.com>2014-04-08 14:49:48 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-04-08 17:45:09 +0100
commit5dd1d7566964c90d33c0c44f569d9336fb0724ce (patch)
tree6c9516db6873f1254723cbeeca204a43d5d410ba
parentc0ac09ab49d7a2b9cc7601ceef2852d690cdf3d1 (diff)
downloadpoky-5dd1d7566964c90d33c0c44f569d9336fb0724ce.tar.gz
openssl: Upgrade to v1.0.1g
The trigger for the upgrade was the serious "heartbleed" vulnerability (CVE-2014-0160). More information: http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx Dropped obsolete patches, because the new version contains them: 0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch 0001-Fix-DTLS-retransmission-from-previous-session.patch 0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch Modified 2 patches (small changes), in order to apply properly: initial-aarch64-bits.patch openssl-fix-doc.patch Addresses CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 (From OE-Core rev: ff52836e1838590eeec7d7658e15b21d83cf8455) Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch81
-rw-r--r--meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch31
-rw-r--r--meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch33
-rw-r--r--meta/recipes-connectivity/openssl/openssl-1.0.1e/initial-aarch64-bits.patch111
-rw-r--r--meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-doc.patch435
-rw-r--r--meta/recipes-connectivity/openssl/openssl.inc3
-rw-r--r--meta/recipes-connectivity/openssl/openssl/configure-targets.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/configure-targets.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/c_rehash-compat.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/debian/ca.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/ca.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/debian-targets.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/make-targets.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/man-dir.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/debian/man-section.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/man-section.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/no-rpath.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/no-symbolic.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/debian/pic.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/pic.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/debian/version-script.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/version-script.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/engines-install-in-libdir-ssl.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/find.pl (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/find.pl)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/fix-cipher-des-ede3-cfb1.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch119
-rw-r--r--meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/oe-ldflags.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-des.pod-error.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch401
-rw-r--r--meta/recipes-connectivity/openssl/openssl/openssl-fix-link.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-link.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl_fix_for_x32.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl/shared-libs.patch (renamed from meta/recipes-connectivity/openssl/openssl-1.0.1e/shared-libs.patch)0
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.0.1g.bb (renamed from meta/recipes-connectivity/openssl/openssl_1.0.1e.bb)9
30 files changed, 522 insertions, 701 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch
deleted file mode 100644
index 39592e2d67..0000000000
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch
+++ /dev/null
@@ -1,81 +0,0 @@
1From 34628967f1e65dc8f34e000f0f5518e21afbfc7b Mon Sep 17 00:00:00 2001
2From: "Dr. Stephen Henson" <steve@openssl.org>
3Date: Fri, 20 Dec 2013 15:26:50 +0000
4Subject: [PATCH] Fix DTLS retransmission from previous session.
5
6Upstream-Status: Backport
7commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b upstream
8
9For DTLS we might need to retransmit messages from the previous session
10so keep a copy of write context in DTLS retransmission buffers instead
11of replacing it after sending CCS. CVE-2013-6450.
12---
13 ssl/d1_both.c | 6 ++++++
14 ssl/ssl_locl.h | 2 ++
15 ssl/t1_enc.c | 17 +++++++++++------
16 4 files changed, 24 insertions(+), 6 deletions(-)
17
18diff --git a/ssl/d1_both.c b/ssl/d1_both.c
19index 65ec001..7a5596a 100644
20--- a/ssl/d1_both.c
21+++ b/ssl/d1_both.c
22@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
23 static void
24 dtls1_hm_fragment_free(hm_fragment *frag)
25 {
26+
27+ if (frag->msg_header.is_ccs)
28+ {
29+ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
30+ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
31+ }
32 if (frag->fragment) OPENSSL_free(frag->fragment);
33 if (frag->reassembly) OPENSSL_free(frag->reassembly);
34 OPENSSL_free(frag);
35diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
36index 96ce9a7..e485907 100644
37--- a/ssl/ssl_locl.h
38+++ b/ssl/ssl_locl.h
39@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
40 extern SSL3_ENC_METHOD SSLv3_enc_data;
41 extern SSL3_ENC_METHOD DTLSv1_enc_data;
42
43+#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
44+
45 #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
46 s_get_meth) \
47 const SSL_METHOD *func_name(void) \
48diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
49index 72015f5..56db834 100644
50--- a/ssl/t1_enc.c
51+++ b/ssl/t1_enc.c
52@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
53 s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
54 else
55 s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
56- if (s->enc_write_ctx != NULL)
57+ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
58 reuse_dd = 1;
59- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
60+ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
61 goto err;
62- else
63- /* make sure it's intialized in case we exit later with an error */
64- EVP_CIPHER_CTX_init(s->enc_write_ctx);
65 dd= s->enc_write_ctx;
66- mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
67+ if (SSL_IS_DTLS(s))
68+ {
69+ mac_ctx = EVP_MD_CTX_create();
70+ if (!mac_ctx)
71+ goto err;
72+ s->write_hash = mac_ctx;
73+ }
74+ else
75+ mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
76 #ifndef OPENSSL_NO_COMP
77 if (s->compress != NULL)
78 {
79--
801.7.5.4
81
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
deleted file mode 100644
index d03dc06daf..0000000000
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
+++ /dev/null
@@ -1,31 +0,0 @@
1From 197e0ea817ad64820789d86711d55ff50d71f631 Mon Sep 17 00:00:00 2001
2From: "Dr. Stephen Henson" <steve@openssl.org>
3Date: Mon, 6 Jan 2014 14:35:04 +0000
4Subject: [PATCH] Fix for TLS record tampering bug CVE-2013-4353
5
6Upstream-Status: Backport
7commit 197e0ea817ad64820789d86711d55ff50d71f631 upstream
8
9 ssl/s3_both.c | 6 +++++-
10 3 files changed, 11 insertions(+), 1 deletions(-)
11
12diff --git a/ssl/s3_both.c b/ssl/s3_both.c
13index 1e5dcab..53b9390 100644
14--- a/ssl/s3_both.c
15+++ b/ssl/s3_both.c
16@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
17 {
18 const char *sender;
19 int slen;
20-
21+ /* If no new cipher setup return immediately: other functions will
22+ * set the appropriate error.
23+ */
24+ if (s->s3->tmp.new_cipher == NULL)
25+ return;
26 if (s->state & SSL_ST_CONNECT)
27 {
28 sender=s->method->ssl3_enc->server_finished_label;
29--
301.7.5.4
31
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
deleted file mode 100644
index e5a8ade936..0000000000
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
+++ /dev/null
@@ -1,33 +0,0 @@
1From ca989269a2876bae79393bd54c3e72d49975fc75 Mon Sep 17 00:00:00 2001
2From: "Dr. Stephen Henson" <steve@openssl.org>
3Date: Thu, 19 Dec 2013 14:37:39 +0000
4Subject: [PATCH] Use version in SSL_METHOD not SSL structure.
5
6Upstream-Status: Backport
7commit ca989269a2876bae79393bd54c3e72d49975fc75 upstream
8
9When deciding whether to use TLS 1.2 PRF and record hash algorithms
10use the version number in the corresponding SSL_METHOD structure
11instead of the SSL structure. The SSL structure version is sometimes
12inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
13(CVE-2013-6449)
14---
15 ssl/s3_lib.c | 2 +-
16 1 files changed, 1 insertions(+), 1 deletions(-)
17
18diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
19index bf832bb..c4ef273 100644
20--- a/ssl/s3_lib.c
21+++ b/ssl/s3_lib.c
22@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
23 long ssl_get_algorithm2(SSL *s)
24 {
25 long alg2 = s->s3->tmp.new_cipher->algorithm2;
26- if (TLS1_get_version(s) >= TLS1_2_VERSION &&
27+ if (s->method->version == TLS1_2_VERSION &&
28 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
29 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
30 return alg2;
31--
321.7.5.4
33
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/initial-aarch64-bits.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/initial-aarch64-bits.patch
deleted file mode 100644
index 703b8c125b..0000000000
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/initial-aarch64-bits.patch
+++ /dev/null
@@ -1,111 +0,0 @@
1From: Andy Polyakov <appro@openssl.org>
2Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200)
3Subject: Initial aarch64 bits.
4X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956
5
6Initial aarch64 bits.
7---
8 crypto/bn/bn_lcl.h | 9 +++++++++
9 crypto/md32_common.h | 18 ++++++++++++++++++
10 crypto/modes/modes_lcl.h | 8 ++++++++
11 crypto/sha/sha512.c | 13 +++++++++++++
12 4 files changed, 48 insertions(+)
13
14--- a/crypto/bn/bn_lcl.h
15+++ b/crypto/bn/bn_lcl.h
16@@ -300,6 +300,15 @@ extern "C" {
17 : "r"(a), "r"(b));
18 # endif
19 # endif
20+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
21+# if defined(__GNUC__) && __GNUC__>=2
22+# define BN_UMULT_HIGH(a,b) ({ \
23+ register BN_ULONG ret; \
24+ asm ("umulh %0,%1,%2" \
25+ : "=r"(ret) \
26+ : "r"(a), "r"(b)); \
27+ ret; })
28+# endif
29 # endif /* cpu */
30 #endif /* OPENSSL_NO_ASM */
31
32--- a/crypto/md32_common.h
33+++ b/crypto/md32_common.h
34@@ -213,6 +213,24 @@
35 asm ("bswapl %0":"=r"(r):"0"(r)); \
36 *((unsigned int *)(c))=r; (c)+=4; r; })
37 # endif
38+# elif defined(__aarch64__)
39+# if defined(__BYTE_ORDER__)
40+# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
41+# define HOST_c2l(c,l) ({ unsigned int r; \
42+ asm ("rev %w0,%w1" \
43+ :"=r"(r) \
44+ :"r"(*((const unsigned int *)(c))));\
45+ (c)+=4; (l)=r; })
46+# define HOST_l2c(l,c) ({ unsigned int r; \
47+ asm ("rev %w0,%w1" \
48+ :"=r"(r) \
49+ :"r"((unsigned int)(l)));\
50+ *((unsigned int *)(c))=r; (c)+=4; r; })
51+# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
52+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
53+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
54+# endif
55+# endif
56 # endif
57 # endif
58 #endif
59--- a/crypto/modes/modes_lcl.h
60+++ b/crypto/modes/modes_lcl.h
61@@ -29,6 +29,7 @@ typedef unsigned char u8;
62 #if defined(__i386) || defined(__i386__) || \
63 defined(__x86_64) || defined(__x86_64__) || \
64 defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
65+ defined(__aarch64__) || \
66 defined(__s390__) || defined(__s390x__) || \
67 ( (defined(__arm__) || defined(__arm)) && \
68 (defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \
69@@ -53,6 +54,13 @@ typedef unsigned char u8;
70 # define BSWAP4(x) ({ u32 ret=(x); \
71 asm ("bswapl %0" \
72 : "+r"(ret)); ret; })
73+# elif defined(__aarch64__)
74+# define BSWAP8(x) ({ u64 ret; \
75+ asm ("rev %0,%1" \
76+ : "=r"(ret) : "r"(x)); ret; })
77+# define BSWAP4(x) ({ u32 ret; \
78+ asm ("rev %w0,%w1" \
79+ : "=r"(ret) : "r"(x)); ret; })
80 # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
81 # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
82 asm ("rev %0,%0; rev %1,%1" \
83--- a/crypto/sha/sha512.c
84+++ b/crypto/sha/sha512.c
85@@ -55,6 +55,7 @@ const char SHA512_version[]="SHA-512" OP
86 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
87 defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
88 defined(__s390__) || defined(__s390x__) || \
89+ defined(__aarch64__) || \
90 defined(SHA512_ASM)
91 #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
92 #endif
93@@ -340,6 +341,18 @@ static const SHA_LONG64 K512[80] = {
94 asm ("rotrdi %0,%1,%2" \
95 : "=r"(ret) \
96 : "r"(a),"K"(n)); ret; })
97+# elif defined(__aarch64__)
98+# define ROTR(a,n) ({ SHA_LONG64 ret; \
99+ asm ("ror %0,%1,%2" \
100+ : "=r"(ret) \
101+ : "r"(a),"I"(n)); ret; })
102+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
103+ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
104+# define PULL64(x) ({ SHA_LONG64 ret; \
105+ asm ("rev %0,%1" \
106+ : "=r"(ret) \
107+ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; })
108+# endif
109 # endif
110 # elif defined(_MSC_VER)
111 # if defined(_WIN64) /* applies to both IA-64 and AMD64 */
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-doc.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-doc.patch
deleted file mode 100644
index e87ed80736..0000000000
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-doc.patch
+++ /dev/null
@@ -1,435 +0,0 @@
1Fix documentation build errors with Perl 5.18 pod2man
2
3This fixes errors building man pages with newer versions of pod2man
4included with Perl 5.18.
5
6Upstream-Status: Submitted
7Signed-off-by: Jonathan Liu
8
9diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
10index a09588a..881d387 100644
11--- a/doc/apps/cms.pod
12+++ b/doc/apps/cms.pod
13@@ -450,28 +450,28 @@ remains DER.
14
15 =over 4
16
17-=item 0
18+=item Z<>0
19
20 the operation was completely successfully.
21
22-=item 1
23+=item Z<>1
24
25 an error occurred parsing the command options.
26
27-=item 2
28+=item Z<>2
29
30 one of the input files could not be read.
31
32-=item 3
33+=item Z<>3
34
35 an error occurred creating the CMS file or when reading the MIME
36 message.
37
38-=item 4
39+=item Z<>4
40
41 an error occurred decrypting or verifying the message.
42
43-=item 5
44+=item Z<>5
45
46 the message was verified correctly but an error occurred writing out
47 the signers certificates.
48diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
49index e4e89af..ef8e8cd 100644
50--- a/doc/apps/smime.pod
51+++ b/doc/apps/smime.pod
52@@ -308,28 +308,28 @@ remains DER.
53
54 =over 4
55
56-=item 0
57+=item Z<>0
58
59 the operation was completely successfully.
60
61-=item 1
62+=item Z<>1
63
64 an error occurred parsing the command options.
65
66-=item 2
67+=item Z<>2
68
69 one of the input files could not be read.
70
71-=item 3
72+=item Z<>3
73
74 an error occurred creating the PKCS#7 file or when reading the MIME
75 message.
76
77-=item 4
78+=item Z<>4
79
80 an error occurred decrypting or verifying the message.
81
82-=item 5
83+=item Z<>5
84
85 the message was verified correctly but an error occurred writing out
86 the signers certificates.
87diff --git a/doc/crypto/X509_STORE_CTX_get_error.pod b/doc/crypto/X509_STORE_CTX_get_error.pod
88index a883f6c..60e8332 100644
89--- a/doc/crypto/X509_STORE_CTX_get_error.pod
90+++ b/doc/crypto/X509_STORE_CTX_get_error.pod
91@@ -278,6 +278,8 @@ happen if extended CRL checking is enabled.
92 an application specific error. This will never be returned unless explicitly
93 set by an application.
94
95+=back
96+
97 =head1 NOTES
98
99 The above functions should be used instead of directly referencing the fields
100diff --git a/doc/ssl/SSL_COMP_add_compression_method.pod b/doc/ssl/SSL_COMP_add_compression_method.pod
101index 42fa66b..f4d191c 100644
102--- a/doc/ssl/SSL_COMP_add_compression_method.pod
103+++ b/doc/ssl/SSL_COMP_add_compression_method.pod
104@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values:
105
106 =over 4
107
108-=item 0
109+=item Z<>0
110
111 The operation succeeded.
112
113-=item 1
114+=item Z<>1
115
116 The operation failed. Check the error queue to find out the reason.
117
118diff --git a/doc/ssl/SSL_CTX_add_session.pod b/doc/ssl/SSL_CTX_add_session.pod
119index 82676b2..8e0abd3 100644
120--- a/doc/ssl/SSL_CTX_add_session.pod
121+++ b/doc/ssl/SSL_CTX_add_session.pod
122@@ -52,13 +52,13 @@ The following values are returned by all functions:
123
124 =over 4
125
126-=item 0
127+=item Z<>0
128
129 The operation failed. In case of the add operation, it was tried to add
130 the same (identical) session twice. In case of the remove operation, the
131 session was not found in the cache.
132
133-=item 1
134+=item Z<>1
135
136 The operation succeeded.
137
138diff --git a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod
139index 84a799f..d1d8977 100644
140--- a/doc/ssl/SSL_CTX_load_verify_locations.pod
141+++ b/doc/ssl/SSL_CTX_load_verify_locations.pod
142@@ -100,13 +100,13 @@ The following return values can occur:
143
144 =over 4
145
146-=item 0
147+=item Z<>0
148
149 The operation failed because B<CAfile> and B<CApath> are NULL or the
150 processing at one of the locations specified failed. Check the error
151 stack to find out the reason.
152
153-=item 1
154+=item Z<>1
155
156 The operation succeeded.
157
158diff --git a/doc/ssl/SSL_CTX_set_client_CA_list.pod b/doc/ssl/SSL_CTX_set_client_CA_list.pod
159index 632b556..6122a02 100644
160--- a/doc/ssl/SSL_CTX_set_client_CA_list.pod
161+++ b/doc/ssl/SSL_CTX_set_client_CA_list.pod
162@@ -66,11 +66,11 @@ values:
163
164 =over 4
165
166-=item 1
167+=item Z<>1
168
169 The operation succeeded.
170
171-=item 0
172+=item Z<>0
173
174 A failure while manipulating the STACK_OF(X509_NAME) object occurred or
175 the X509_NAME could not be extracted from B<cacert>. Check the error stack
176diff --git a/doc/ssl/SSL_CTX_set_session_id_context.pod b/doc/ssl/SSL_CTX_set_session_id_context.pod
177index 58fc685..7c9e515 100644
178--- a/doc/ssl/SSL_CTX_set_session_id_context.pod
179+++ b/doc/ssl/SSL_CTX_set_session_id_context.pod
180@@ -64,13 +64,13 @@ return the following values:
181
182 =over 4
183
184-=item 0
185+=item Z<>0
186
187 The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
188 the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
189 is logged to the error stack.
190
191-=item 1
192+=item Z<>1
193
194 The operation succeeded.
195
196diff --git a/doc/ssl/SSL_CTX_set_ssl_version.pod b/doc/ssl/SSL_CTX_set_ssl_version.pod
197index 254f2b4..e254f96 100644
198--- a/doc/ssl/SSL_CTX_set_ssl_version.pod
199+++ b/doc/ssl/SSL_CTX_set_ssl_version.pod
200@@ -42,11 +42,11 @@ and SSL_set_ssl_method():
201
202 =over 4
203
204-=item 0
205+=item Z<>0
206
207 The new choice failed, check the error stack to find out the reason.
208
209-=item 1
210+=item Z<>1
211
212 The operation succeeded.
213
214diff --git a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
215index b80e25b..31e6626 100644
216--- a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
217+++ b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
218@@ -81,6 +81,8 @@ SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return
219
220 Return values from the server callback are interpreted as follows:
221
222+=over 4
223+
224 =item > 0
225
226 PSK identity was found and the server callback has provided the PSK
227@@ -94,9 +96,11 @@ data to B<psk> and return the length of the random data, so the
228 connection will fail with decryption_error before it will be finished
229 completely.
230
231-=item 0
232+=item Z<>0
233
234 PSK identity was not found. An "unknown_psk_identity" alert message
235 will be sent and the connection setup fails.
236
237+=back
238+
239 =cut
240diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod
241index cc724c0..4915e5a 100644
242--- a/doc/ssl/SSL_accept.pod
243+++ b/doc/ssl/SSL_accept.pod
244@@ -44,12 +44,12 @@ The following return values can occur:
245
246 =over 4
247
248-=item 1
249+=item Z<>1
250
251 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
252 established.
253
254-=item 0
255+=item Z<>0
256
257 The TLS/SSL handshake was not successful but was shut down controlled and
258 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
259diff --git a/doc/ssl/SSL_clear.pod b/doc/ssl/SSL_clear.pod
260index d4df1bf..ba192bd 100644
261--- a/doc/ssl/SSL_clear.pod
262+++ b/doc/ssl/SSL_clear.pod
263@@ -56,12 +56,12 @@ The following return values can occur:
264
265 =over 4
266
267-=item 0
268+=item Z<>0
269
270 The SSL_clear() operation could not be performed. Check the error stack to
271 find out the reason.
272
273-=item 1
274+=item Z<>1
275
276 The SSL_clear() operation was successful.
277
278diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod
279index cc56ebb..61cabb7 100644
280--- a/doc/ssl/SSL_connect.pod
281+++ b/doc/ssl/SSL_connect.pod
282@@ -41,12 +41,12 @@ The following return values can occur:
283
284 =over 4
285
286-=item 1
287+=item Z<>1
288
289 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
290 established.
291
292-=item 0
293+=item Z<>0
294
295 The TLS/SSL handshake was not successful but was shut down controlled and
296 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
297diff --git a/doc/ssl/SSL_do_handshake.pod b/doc/ssl/SSL_do_handshake.pod
298index 2435764..beb0dd1 100644
299--- a/doc/ssl/SSL_do_handshake.pod
300+++ b/doc/ssl/SSL_do_handshake.pod
301@@ -45,12 +45,12 @@ The following return values can occur:
302
303 =over 4
304
305-=item 1
306+=item Z<>1
307
308 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
309 established.
310
311-=item 0
312+=item Z<>0
313
314 The TLS/SSL handshake was not successful but was shut down controlled and
315 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
316diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod
317index 7038cd2..8ca0ce5 100644
318--- a/doc/ssl/SSL_read.pod
319+++ b/doc/ssl/SSL_read.pod
320@@ -86,7 +86,7 @@ The following return values can occur:
321 The read operation was successful; the return value is the number of
322 bytes actually read from the TLS/SSL connection.
323
324-=item 0
325+=item Z<>0
326
327 The read operation was not successful. The reason may either be a clean
328 shutdown due to a "close notify" alert sent by the peer (in which case
329diff --git a/doc/ssl/SSL_session_reused.pod b/doc/ssl/SSL_session_reused.pod
330index da7d062..b09d8a7 100644
331--- a/doc/ssl/SSL_session_reused.pod
332+++ b/doc/ssl/SSL_session_reused.pod
333@@ -27,11 +27,11 @@ The following return values can occur:
334
335 =over 4
336
337-=item 0
338+=item Z<>0
339
340 A new session was negotiated.
341
342-=item 1
343+=item Z<>1
344
345 A session was reused.
346
347diff --git a/doc/ssl/SSL_set_fd.pod b/doc/ssl/SSL_set_fd.pod
348index 7029112..1480871 100644
349--- a/doc/ssl/SSL_set_fd.pod
350+++ b/doc/ssl/SSL_set_fd.pod
351@@ -35,11 +35,11 @@ The following return values can occur:
352
353 =over 4
354
355-=item 0
356+=item Z<>0
357
358 The operation failed. Check the error stack to find out why.
359
360-=item 1
361+=item Z<>1
362
363 The operation succeeded.
364
365diff --git a/doc/ssl/SSL_set_session.pod b/doc/ssl/SSL_set_session.pod
366index 5f54714..197b521 100644
367--- a/doc/ssl/SSL_set_session.pod
368+++ b/doc/ssl/SSL_set_session.pod
369@@ -37,11 +37,11 @@ The following return values can occur:
370
371 =over 4
372
373-=item 0
374+=item Z<>0
375
376 The operation failed; check the error stack to find out the reason.
377
378-=item 1
379+=item Z<>1
380
381 The operation succeeded.
382
383diff --git a/doc/ssl/SSL_set_shutdown.pod b/doc/ssl/SSL_set_shutdown.pod
384index 011a022..fe01308 100644
385--- a/doc/ssl/SSL_set_shutdown.pod
386+++ b/doc/ssl/SSL_set_shutdown.pod
387@@ -24,7 +24,7 @@ The shutdown state of an ssl connection is a bitmask of:
388
389 =over 4
390
391-=item 0
392+=item Z<>0
393
394 No shutdown setting, yet.
395
396diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod
397index 89911ac..132ebc5 100644
398--- a/doc/ssl/SSL_shutdown.pod
399+++ b/doc/ssl/SSL_shutdown.pod
400@@ -92,19 +92,19 @@ The following return values can occur:
401
402 =over 4
403
404-=item 1
405+=item Z<>1
406
407 The shutdown was successfully completed. The "close notify" alert was sent
408 and the peer's "close notify" alert was received.
409
410-=item 0
411+=item Z<>0
412
413 The shutdown is not yet finished. Call SSL_shutdown() for a second time,
414 if a bidirectional shutdown shall be performed.
415 The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
416 erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
417
418-=item -1
419+=item Z<>-1
420
421 The shutdown was not successful because a fatal error occurred either
422 at the protocol level or a connection failure occurred. It can also occur if
423diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod
424index e013c12..a57617f 100644
425--- a/doc/ssl/SSL_write.pod
426+++ b/doc/ssl/SSL_write.pod
427@@ -79,7 +79,7 @@ The following return values can occur:
428 The write operation was successful, the return value is the number of
429 bytes actually written to the TLS/SSL connection.
430
431-=item 0
432+=item Z<>0
433
434 The write operation was not successful. Probably the underlying connection
435 was closed. Call SSL_get_error() with the return value B<ret> to find out,
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index e9249145fb..ee02fb796e 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -4,9 +4,6 @@ HOMEPAGE = "http://www.openssl.org/"
4BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html" 4BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
5SECTION = "libs/network" 5SECTION = "libs/network"
6 6
7# Big Jump for OpenSSL 1.0 support with meta-oe
8INC_PR = "r15"
9
10# "openssl | SSLeay" dual license 7# "openssl | SSLeay" dual license
11LICENSE = "openssl" 8LICENSE = "openssl"
12LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" 9LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/configure-targets.patch b/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
index c1f3d0878e..c1f3d0878e 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/configure-targets.patch
+++ b/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
index ac1b19b943..ac1b19b943 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/c_rehash-compat.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
index aba4d42983..aba4d42983 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/ca.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
index 8101edf0b0..8101edf0b0 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/debian-targets.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/make-targets.patch b/meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch
index ee0a62c3c7..ee0a62c3c7 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/make-targets.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/man-dir.patch b/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch
index 4085e3b1d7..4085e3b1d7 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/man-dir.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/man-section.patch b/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch
index 21c1d1a4eb..21c1d1a4eb 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/man-section.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/no-rpath.patch b/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch
index 1ccb3b86ee..1ccb3b86ee 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/no-rpath.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/no-symbolic.patch b/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch
index cc4408ab7d..cc4408ab7d 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/no-symbolic.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/pic.patch b/meta/recipes-connectivity/openssl/openssl/debian/pic.patch
index bfda3888bf..bfda3888bf 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/pic.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/pic.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
index ece8b9b46c..ece8b9b46c 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/debian/version-script.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
index d8a6f1a23c..d8a6f1a23c 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/engines-install-in-libdir-ssl.patch
+++ b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/find.pl b/meta/recipes-connectivity/openssl/openssl/find.pl
index 8e1b42c88a..8e1b42c88a 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/find.pl
+++ b/meta/recipes-connectivity/openssl/openssl/find.pl
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/fix-cipher-des-ede3-cfb1.patch b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
index f0e177840f..f0e177840f 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/fix-cipher-des-ede3-cfb1.patch
+++ b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch b/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
new file mode 100644
index 0000000000..2185ff8a46
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
@@ -0,0 +1,119 @@
1From: Andy Polyakov <appro@openssl.org>
2Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200)
3Subject: Initial aarch64 bits.
4X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956
5
6Initial aarch64 bits.
7---
8 crypto/bn/bn_lcl.h | 9 +++++++++
9 crypto/md32_common.h | 18 ++++++++++++++++++
10 crypto/modes/modes_lcl.h | 8 ++++++++
11 crypto/sha/sha512.c | 13 +++++++++++++
12 4 files changed, 48 insertions(+)
13
14Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
15===================================================================
16--- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h 2014-01-06 15:47:42.000000000 +0200
17+++ openssl-1.0.1f/crypto/bn/bn_lcl.h 2014-02-28 10:37:55.495979037 +0200
18@@ -300,6 +300,15 @@
19 : "r"(a), "r"(b));
20 # endif
21 # endif
22+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
23+# if defined(__GNUC__) && __GNUC__>=2
24+# define BN_UMULT_HIGH(a,b) ({ \
25+ register BN_ULONG ret; \
26+ asm ("umulh %0,%1,%2" \
27+ : "=r"(ret) \
28+ : "r"(a), "r"(b)); \
29+ ret; })
30+# endif
31 # endif /* cpu */
32 #endif /* OPENSSL_NO_ASM */
33
34Index: openssl-1.0.1f/crypto/md32_common.h
35===================================================================
36--- openssl-1.0.1f.orig/crypto/md32_common.h 2014-01-06 15:47:42.000000000 +0200
37+++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200
38@@ -213,6 +213,24 @@
39 asm ("bswapl %0":"=r"(r):"0"(r)); \
40 *((unsigned int *)(c))=r; (c)+=4; r; })
41 # endif
42+# elif defined(__aarch64__)
43+# if defined(__BYTE_ORDER__)
44+# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
45+# define HOST_c2l(c,l) ({ unsigned int r; \
46+ asm ("rev %w0,%w1" \
47+ :"=r"(r) \
48+ :"r"(*((const unsigned int *)(c))));\
49+ (c)+=4; (l)=r; })
50+# define HOST_l2c(l,c) ({ unsigned int r; \
51+ asm ("rev %w0,%w1" \
52+ :"=r"(r) \
53+ :"r"((unsigned int)(l)));\
54+ *((unsigned int *)(c))=r; (c)+=4; r; })
55+# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
56+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
57+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
58+# endif
59+# endif
60 # endif
61 # endif
62 #endif
63Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
64===================================================================
65--- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h 2014-02-28 10:47:48.731979011 +0200
66+++ openssl-1.0.1f/crypto/modes/modes_lcl.h 2014-02-28 10:48:49.707978919 +0200
67@@ -29,6 +29,7 @@
68 #if defined(__i386) || defined(__i386__) || \
69 defined(__x86_64) || defined(__x86_64__) || \
70 defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
71+ defined(__aarch64__) || \
72 defined(__s390__) || defined(__s390x__)
73 # undef STRICT_ALIGNMENT
74 #endif
75@@ -50,6 +51,13 @@
76 # define BSWAP4(x) ({ u32 ret=(x); \
77 asm ("bswapl %0" \
78 : "+r"(ret)); ret; })
79+# elif defined(__aarch64__)
80+# define BSWAP8(x) ({ u64 ret; \
81+ asm ("rev %0,%1" \
82+ : "=r"(ret) : "r"(x)); ret; })
83+# define BSWAP4(x) ({ u32 ret; \
84+ asm ("rev %w0,%w1" \
85+ : "=r"(ret) : "r"(x)); ret; })
86 # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
87 # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
88 asm ("rev %0,%0; rev %1,%1" \
89Index: openssl-1.0.1f/crypto/sha/sha512.c
90===================================================================
91--- openssl-1.0.1f.orig/crypto/sha/sha512.c 2014-01-06 15:47:42.000000000 +0200
92+++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200
93@@ -55,6 +55,7 @@
94 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
95 defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
96 defined(__s390__) || defined(__s390x__) || \
97+ defined(__aarch64__) || \
98 defined(SHA512_ASM)
99 #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
100 #endif
101@@ -347,6 +348,18 @@
102 asm ("rotrdi %0,%1,%2" \
103 : "=r"(ret) \
104 : "r"(a),"K"(n)); ret; })
105+# elif defined(__aarch64__)
106+# define ROTR(a,n) ({ SHA_LONG64 ret; \
107+ asm ("ror %0,%1,%2" \
108+ : "=r"(ret) \
109+ : "r"(a),"I"(n)); ret; })
110+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
111+ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
112+# define PULL64(x) ({ SHA_LONG64 ret; \
113+ asm ("rev %0,%1" \
114+ : "=r"(ret) \
115+ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; })
116+# endif
117 # endif
118 # elif defined(_MSC_VER)
119 # if defined(_WIN64) /* applies to both IA-64 and AMD64 */
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/oe-ldflags.patch b/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch
index 292e13dc5f..292e13dc5f 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/oe-ldflags.patch
+++ b/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
index c161e62f62..c161e62f62 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
index 3e93fe4e22..3e93fe4e22 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-des.pod-error.patch b/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch
index de49729e5e..de49729e5e 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-des.pod-error.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch b/meta/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch
new file mode 100644
index 0000000000..451256eaa5
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch
@@ -0,0 +1,401 @@
1Fix documentation build errors with Perl 5.18 pod2man
2
3This fixes errors building man pages with newer versions of pod2man
4included with Perl 5.18.
5
6Upstream-Status: Submitted
7Signed-off-by: Jonathan Liu
8
9Index: openssl-1.0.1f/doc/apps/cms.pod
10===================================================================
11--- openssl-1.0.1f.orig/doc/apps/cms.pod 2014-01-06 15:47:42.000000000 +0200
12+++ openssl-1.0.1f/doc/apps/cms.pod 2014-02-28 10:13:51.899979213 +0200
13@@ -450,28 +450,28 @@
14
15 =over 4
16
17-=item 0
18+=item Z<>0
19
20 the operation was completely successfully.
21
22-=item 1
23+=item Z<>1
24
25 an error occurred parsing the command options.
26
27-=item 2
28+=item Z<>2
29
30 one of the input files could not be read.
31
32-=item 3
33+=item Z<>3
34
35 an error occurred creating the CMS file or when reading the MIME
36 message.
37
38-=item 4
39+=item Z<>4
40
41 an error occurred decrypting or verifying the message.
42
43-=item 5
44+=item Z<>5
45
46 the message was verified correctly but an error occurred writing out
47 the signers certificates.
48Index: openssl-1.0.1f/doc/apps/smime.pod
49===================================================================
50--- openssl-1.0.1f.orig/doc/apps/smime.pod 2014-01-06 15:47:42.000000000 +0200
51+++ openssl-1.0.1f/doc/apps/smime.pod 2014-02-28 10:16:57.795979233 +0200
52@@ -308,28 +308,28 @@
53
54 =over 4
55
56-=item 0
57+=item Z<>0
58
59 the operation was completely successfully.
60
61-=item 1
62+=item Z<>1
63
64 an error occurred parsing the command options.
65
66-=item 2
67+=item Z<>2
68
69 one of the input files could not be read.
70
71-=item 3
72+=item Z<>3
73
74 an error occurred creating the PKCS#7 file or when reading the MIME
75 message.
76
77-=item 4
78+=item Z<>4
79
80 an error occurred decrypting or verifying the message.
81
82-=item 5
83+=item Z<>5
84
85 the message was verified correctly but an error occurred writing out
86 the signers certificates.
87Index: openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
88===================================================================
89--- openssl-1.0.1f.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2014-01-06 15:47:42.000000000 +0200
90+++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod 2014-02-28 10:18:09.679979225 +0200
91@@ -53,11 +53,11 @@
92
93 =over 4
94
95-=item 0
96+=item Z<>0
97
98 The operation succeeded.
99
100-=item 1
101+=item Z<>1
102
103 The operation failed. Check the error queue to find out the reason.
104
105Index: openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
106===================================================================
107--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_add_session.pod 2014-01-06 15:47:42.000000000 +0200
108+++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod 2014-02-28 10:18:42.687979221 +0200
109@@ -52,13 +52,13 @@
110
111 =over 4
112
113-=item 0
114+=item Z<>0
115
116 The operation failed. In case of the add operation, it was tried to add
117 the same (identical) session twice. In case of the remove operation, the
118 session was not found in the cache.
119
120-=item 1
121+=item Z<>1
122
123 The operation succeeded.
124
125Index: openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
126===================================================================
127--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-01-06 15:47:42.000000000 +0200
128+++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-02-28 10:19:09.079979218 +0200
129@@ -100,13 +100,13 @@
130
131 =over 4
132
133-=item 0
134+=item Z<>0
135
136 The operation failed because B<CAfile> and B<CApath> are NULL or the
137 processing at one of the locations specified failed. Check the error
138 stack to find out the reason.
139
140-=item 1
141+=item Z<>1
142
143 The operation succeeded.
144
145Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
146===================================================================
147--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-01-06 15:47:42.000000000 +0200
148+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-02-28 10:19:42.999979220 +0200
149@@ -66,13 +66,13 @@
150
151 =over 4
152
153-=item 0
154+=item Z<>0
155
156 A failure while manipulating the STACK_OF(X509_NAME) object occurred or
157 the X509_NAME could not be extracted from B<cacert>. Check the error stack
158 to find out the reason.
159
160-=item 1
161+=item Z<>1
162
163 The operation succeeded.
164
165Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
166===================================================================
167--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-01-06 15:47:42.000000000 +0200
168+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-02-28 10:20:06.495979211 +0200
169@@ -64,13 +64,13 @@
170
171 =over 4
172
173-=item 0
174+=item Z<>0
175
176 The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
177 the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
178 is logged to the error stack.
179
180-=item 1
181+=item Z<>1
182
183 The operation succeeded.
184
185Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
186===================================================================
187--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-01-06 15:47:42.000000000 +0200
188+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-02-28 10:20:32.111979208 +0200
189@@ -42,11 +42,11 @@
190
191 =over 4
192
193-=item 0
194+=item Z<>0
195
196 The new choice failed, check the error stack to find out the reason.
197
198-=item 1
199+=item Z<>1
200
201 The operation succeeded.
202
203Index: openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
204===================================================================
205--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-01-06 15:47:42.000000000 +0200
206+++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-02-28 10:21:12.351979203 +0200
207@@ -96,7 +96,7 @@
208 connection will fail with decryption_error before it will be finished
209 completely.
210
211-=item 0
212+=item Z<>0
213
214 PSK identity was not found. An "unknown_psk_identity" alert message
215 will be sent and the connection setup fails.
216Index: openssl-1.0.1f/doc/ssl/SSL_accept.pod
217===================================================================
218--- openssl-1.0.1f.orig/doc/ssl/SSL_accept.pod 2014-01-06 15:47:42.000000000 +0200
219+++ openssl-1.0.1f/doc/ssl/SSL_accept.pod 2014-02-28 10:21:51.535979215 +0200
220@@ -44,13 +44,13 @@
221
222 =over 4
223
224-=item 0
225+=item Z<>0
226
227 The TLS/SSL handshake was not successful but was shut down controlled and
228 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
229 return value B<ret> to find out the reason.
230
231-=item 1
232+=item Z<>1
233
234 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
235 established.
236Index: openssl-1.0.1f/doc/ssl/SSL_clear.pod
237===================================================================
238--- openssl-1.0.1f.orig/doc/ssl/SSL_clear.pod 2014-01-06 15:47:42.000000000 +0200
239+++ openssl-1.0.1f/doc/ssl/SSL_clear.pod 2014-02-28 10:22:13.087979196 +0200
240@@ -56,12 +56,12 @@
241
242 =over 4
243
244-=item 0
245+=item Z<>0
246
247 The SSL_clear() operation could not be performed. Check the error stack to
248 find out the reason.
249
250-=item 1
251+=item Z<>1
252
253 The SSL_clear() operation was successful.
254
255Index: openssl-1.0.1f/doc/ssl/SSL_connect.pod
256===================================================================
257--- openssl-1.0.1f.orig/doc/ssl/SSL_connect.pod 2014-01-06 15:47:42.000000000 +0200
258+++ openssl-1.0.1f/doc/ssl/SSL_connect.pod 2014-02-28 10:22:33.991979193 +0200
259@@ -41,13 +41,13 @@
260
261 =over 4
262
263-=item 0
264+=item Z<>0
265
266 The TLS/SSL handshake was not successful but was shut down controlled and
267 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
268 return value B<ret> to find out the reason.
269
270-=item 1
271+=item Z<>1
272
273 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
274 established.
275Index: openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
276===================================================================
277--- openssl-1.0.1f.orig/doc/ssl/SSL_do_handshake.pod 2014-01-06 15:47:42.000000000 +0200
278+++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod 2014-02-28 10:22:56.887979159 +0200
279@@ -45,13 +45,13 @@
280
281 =over 4
282
283-=item 0
284+=item Z<>0
285
286 The TLS/SSL handshake was not successful but was shut down controlled and
287 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
288 return value B<ret> to find out the reason.
289
290-=item 1
291+=item Z<>1
292
293 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
294 established.
295Index: openssl-1.0.1f/doc/ssl/SSL_read.pod
296===================================================================
297--- openssl-1.0.1f.orig/doc/ssl/SSL_read.pod 2014-01-06 15:47:42.000000000 +0200
298+++ openssl-1.0.1f/doc/ssl/SSL_read.pod 2014-02-28 10:23:15.303979188 +0200
299@@ -86,7 +86,7 @@
300 The read operation was successful; the return value is the number of
301 bytes actually read from the TLS/SSL connection.
302
303-=item 0
304+=item Z<>0
305
306 The read operation was not successful. The reason may either be a clean
307 shutdown due to a "close notify" alert sent by the peer (in which case
308Index: openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
309===================================================================
310--- openssl-1.0.1f.orig/doc/ssl/SSL_session_reused.pod 2014-01-06 15:47:42.000000000 +0200
311+++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod 2014-02-28 10:23:36.615979186 +0200
312@@ -27,11 +27,11 @@
313
314 =over 4
315
316-=item 0
317+=item Z<>0
318
319 A new session was negotiated.
320
321-=item 1
322+=item Z<>1
323
324 A session was reused.
325
326Index: openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
327===================================================================
328--- openssl-1.0.1f.orig/doc/ssl/SSL_set_fd.pod 2014-01-06 15:47:42.000000000 +0200
329+++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod 2014-02-28 10:23:57.599979183 +0200
330@@ -35,11 +35,11 @@
331
332 =over 4
333
334-=item 0
335+=item Z<>0
336
337 The operation failed. Check the error stack to find out why.
338
339-=item 1
340+=item Z<>1
341
342 The operation succeeded.
343
344Index: openssl-1.0.1f/doc/ssl/SSL_set_session.pod
345===================================================================
346--- openssl-1.0.1f.orig/doc/ssl/SSL_set_session.pod 2014-01-06 15:47:42.000000000 +0200
347+++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod 2014-02-28 10:24:16.943979181 +0200
348@@ -37,11 +37,11 @@
349
350 =over 4
351
352-=item 0
353+=item Z<>0
354
355 The operation failed; check the error stack to find out the reason.
356
357-=item 1
358+=item Z<>1
359
360 The operation succeeded.
361
362Index: openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
363===================================================================
364--- openssl-1.0.1f.orig/doc/ssl/SSL_shutdown.pod 2014-01-06 15:47:42.000000000 +0200
365+++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod 2014-02-28 10:25:03.623979175 +0200
366@@ -92,19 +92,19 @@
367
368 =over 4
369
370-=item 0
371+=item Z<>0
372
373 The shutdown is not yet finished. Call SSL_shutdown() for a second time,
374 if a bidirectional shutdown shall be performed.
375 The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
376 erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
377
378-=item 1
379+=item Z<>1
380
381 The shutdown was successfully completed. The "close notify" alert was sent
382 and the peer's "close notify" alert was received.
383
384-=item -1
385+=item Z<>-1
386
387 The shutdown was not successful because a fatal error occurred either
388 at the protocol level or a connection failure occurred. It can also occur if
389Index: openssl-1.0.1f/doc/ssl/SSL_write.pod
390===================================================================
391--- openssl-1.0.1f.orig/doc/ssl/SSL_write.pod 2014-01-06 15:47:42.000000000 +0200
392+++ openssl-1.0.1f/doc/ssl/SSL_write.pod 2014-02-28 10:25:36.031979168 +0200
393@@ -79,7 +79,7 @@
394 The write operation was successful, the return value is the number of
395 bytes actually written to the TLS/SSL connection.
396
397-=item 0
398+=item Z<>0
399
400 The write operation was not successful. Probably the underlying connection
401 was closed. Call SSL_get_error() with the return value B<ret> to find out,
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-link.patch b/meta/recipes-connectivity/openssl/openssl/openssl-fix-link.patch
index 154106cbcd..154106cbcd 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-link.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-fix-link.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
index 93ce0343cc..93ce0343cc 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl_fix_for_x32.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/shared-libs.patch b/meta/recipes-connectivity/openssl/openssl/shared-libs.patch
index a7ca0a3078..a7ca0a3078 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/shared-libs.patch
+++ b/meta/recipes-connectivity/openssl/openssl/shared-libs.patch
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
index 618ba681a6..f3c20e8c97 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
@@ -6,8 +6,6 @@ DEPENDS += "cryptodev-linux"
6 6
7CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" 7CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
8 8
9PR = "${INC_PR}.0"
10
11LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" 9LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
12 10
13export DIRS = "crypto ssl apps engines" 11export DIRS = "crypto ssl apps engines"
@@ -36,13 +34,10 @@ SRC_URI += "file://configure-targets.patch \
36 file://initial-aarch64-bits.patch \ 34 file://initial-aarch64-bits.patch \
37 file://find.pl \ 35 file://find.pl \
38 file://openssl-fix-des.pod-error.patch \ 36 file://openssl-fix-des.pod-error.patch \
39 file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \
40 file://0001-Fix-DTLS-retransmission-from-previous-session.patch \
41 file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \
42 " 37 "
43 38
44SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c" 39SRC_URI[md5sum] = "de62b43dfcd858e66a74bee1c834e959"
45SRC_URI[sha256sum] = "f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3" 40SRC_URI[sha256sum] = "53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028"
46 41
47PACKAGES =+ " \ 42PACKAGES =+ " \
48 ${PN}-engines \ 43 ${PN}-engines \