summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBrendan Le Foll <brendan.le.foll@intel.com>2015-03-24 18:14:58 (GMT)
committerTudor Florea <tudor.florea@enea.com>2015-07-06 18:19:39 (GMT)
commitd5bf0a0a55a7f7b2c0b05a53f12efc30ab3e212b (patch)
tree0f12816bf8f15cbc2a1b3bd45c7fa50df9524ecc
parentaafccf82fe53b9c7a7de4f9df2a6de221c513e22 (diff)
downloadpoky-d5bf0a0a55a7f7b2c0b05a53f12efc30ab3e212b.tar.gz
openssl: Upgrade to 1.0.1m
Security update, some patches modified to apply correctly mostly due to upstream changing indentation/styling * configure-targets.patch updated * fix-cipher-des-ede3-cfb1.patch updated * openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch updated * openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch removed as no merged with 3942e7d9ebc262fa5c5c42aba0167e06d981f004 in upstream (From OE-Core rev: 248dec5e550cfcaaaa479a5bff9b79ba5cd0765d) Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
-rw-r--r--meta/recipes-connectivity/openssl/openssl/configure-targets.patch28
-rw-r--r--meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch17
-rw-r--r--meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch87
-rw-r--r--meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch19
-rw-r--r--meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch39
-rw-r--r--meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch83
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.0.1m.bb (renamed from meta/recipes-connectivity/openssl/openssl_1.0.1j.bb)5
7 files changed, 121 insertions, 157 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/configure-targets.patch b/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
index c1f3d08..dbc10f9 100644
--- a/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
+++ b/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
@@ -10,25 +10,25 @@ The number of colons are important :)
10--- a/Configure 10--- a/Configure
11+++ b/Configure 11+++ b/Configure
12@@ -403,6 +403,22 @@ my %table=( 12@@ -403,6 +403,22 @@ my %table=(
13 "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", 13 "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
14 "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", 14 "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
15 15
16+ # Linux on ARM 16+ # Linux on ARM
17+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 17+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
18+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 18+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
19+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 19+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
20+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 20+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
21+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 21+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
22+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 22+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
23+ 23+
24+"linux-avr32","$ENV{'CC'}:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).", 24+"linux-avr32","$ENV{'CC'}: -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
25+ 25+
26+#### Linux on MIPS/MIPS64 26+#### Linux on MIPS/MIPS64
27+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 27+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
28+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 28+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
29+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 29+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
30+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 30+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
31+ 31+
32 # Android: linux-* but without -DTERMIO and pointers to headers and libs. 32 # Android: linux-* but without pointers to headers and libs.
33 "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 33 "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
34 "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 34 "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
index f0e1778..2412a3b 100644
--- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
+++ b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
@@ -6,17 +6,20 @@ http://rt.openssl.org/Ticket/Display.html?id=2867
6 6
7Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com> 7Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com>
8 8
9ported the patch to the 1.0.0m version
10Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24
11
9diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c 12diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
10index 3232cfe..df84922 100644 13index 3232cfe..df84922 100644
11=================================================================== 14===================================================================
12--- a/crypto/evp/e_des3.c 15--- a/crypto/evp/e_des3.c
13+++ b/crypto/evp/e_des3.c 16+++ b/crypto/evp/e_des3.c
14@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 17@@ -181,7 +181,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
15 size_t n; 18 size_t n;
16 unsigned char c[1],d[1]; 19 unsigned char c[1], d[1];
17 20
18- for(n=0 ; n < inl ; ++n) 21- for (n = 0; n < inl; ++n) {
19+ for(n=0 ; n < inl*8 ; ++n) 22+ for (n = 0; n < inl * 8; ++n) {
20 { 23 c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
21 c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; 24 DES_ede3_cfb_encrypt(c, d, 1, 1,
22 DES_ede3_cfb_encrypt(c,d,1,1, 25 &data(ctx)->ks1, &data(ctx)->ks2,
diff --git a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch b/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
index 770097d..972b367 100644
--- a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
+++ b/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
@@ -5,6 +5,9 @@ X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039
5 5
6Initial aarch64 bits. 6Initial aarch64 bits.
7Upstream-Status: backport (will be included in 1.0.2) 7Upstream-Status: backport (will be included in 1.0.2)
8
9ported the patch to the 1.0.0m version
10Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24
8--- 11---
9 crypto/bn/bn_lcl.h | 9 +++++++++ 12 crypto/bn/bn_lcl.h | 9 +++++++++
10 crypto/md32_common.h | 18 ++++++++++++++++++ 13 crypto/md32_common.h | 18 ++++++++++++++++++
@@ -16,10 +19,10 @@ Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
16=================================================================== 19===================================================================
17--- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h 2014-01-06 15:47:42.000000000 +0200 20--- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h 2014-01-06 15:47:42.000000000 +0200
18+++ openssl-1.0.1f/crypto/bn/bn_lcl.h 2014-02-28 10:37:55.495979037 +0200 21+++ openssl-1.0.1f/crypto/bn/bn_lcl.h 2014-02-28 10:37:55.495979037 +0200
19@@ -300,6 +300,15 @@ 22@@ -295,6 +295,15 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
20 : "r"(a), "r"(b)); 23 : "r"(a), "r"(b));
21 # endif 24 # endif
22 # endif 25 # endif
23+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG) 26+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
24+# if defined(__GNUC__) && __GNUC__>=2 27+# if defined(__GNUC__) && __GNUC__>=2
25+# define BN_UMULT_HIGH(a,b) ({ \ 28+# define BN_UMULT_HIGH(a,b) ({ \
@@ -29,17 +32,17 @@ Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
29+ : "r"(a), "r"(b)); \ 32+ : "r"(a), "r"(b)); \
30+ ret; }) 33+ ret; })
31+# endif 34+# endif
32 # endif /* cpu */ 35 # endif /* cpu */
33 #endif /* OPENSSL_NO_ASM */ 36 # endif /* OPENSSL_NO_ASM */
34 37
35Index: openssl-1.0.1f/crypto/md32_common.h 38Index: openssl-1.0.1f/crypto/md32_common.h
36=================================================================== 39===================================================================
37--- openssl-1.0.1f.orig/crypto/md32_common.h 2014-01-06 15:47:42.000000000 +0200 40--- openssl-1.0.1f.orig/crypto/md32_common.h 2014-01-06 15:47:42.000000000 +0200
38+++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200 41+++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200
39@@ -213,6 +213,24 @@ 42@@ -213,6 +213,42 @@
40 asm ("bswapl %0":"=r"(r):"0"(r)); \ 43 asm ("bswapl %0":"=r"(r):"0"(r)); \
41 *((unsigned int *)(c))=r; (c)+=4; r; }) 44 *((unsigned int *)(c))=r; (c)+=4; r; })
42 # endif 45 # endif
43+# elif defined(__aarch64__) 46+# elif defined(__aarch64__)
44+# if defined(__BYTE_ORDER__) 47+# if defined(__BYTE_ORDER__)
45+# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ 48+# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
@@ -58,25 +61,43 @@ Index: openssl-1.0.1f/crypto/md32_common.h
58+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) 61+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
59+# endif 62+# endif
60+# endif 63+# endif
64+# endif
65+# elif defined(__aarch64__)
66+# if defined(__BYTE_ORDER__)
67+# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
68+# define HOST_c2l(c,l) ({ unsigned int r; \
69+ asm ("rev %w0,%w1" \
70+ :"=r"(r) \
71+ :"r"(*((const unsigned int *)(c))));\
72+ (c)+=4; (l)=r; })
73+# define HOST_l2c(l,c) ({ unsigned int r; \
74+ asm ("rev %w0,%w1" \
75+ :"=r"(r) \
76+ :"r"((unsigned int)(l)));\
77+ *((unsigned int *)(c))=r; (c)+=4; r; })
78+# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
79+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
80+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
81+# endif
82 # endif
61 # endif 83 # endif
62 # endif 84 # endif
63 #endif
64Index: openssl-1.0.1f/crypto/modes/modes_lcl.h 85Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
65=================================================================== 86===================================================================
66--- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h 2014-02-28 10:47:48.731979011 +0200 87--- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h 2014-02-28 10:47:48.731979011 +0200
67+++ openssl-1.0.1f/crypto/modes/modes_lcl.h 2014-02-28 10:48:49.707978919 +0200 88+++ openssl-1.0.1f/crypto/modes/modes_lcl.h 2014-02-28 10:48:49.707978919 +0200
68@@ -29,6 +29,7 @@ 89@@ -28,6 +28,7 @@ typedef unsigned char u8;
69 #if defined(__i386) || defined(__i386__) || \ 90 #if defined(__i386) || defined(__i386__) || \
70 defined(__x86_64) || defined(__x86_64__) || \ 91 defined(__x86_64) || defined(__x86_64__) || \
71 defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ 92 defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
72+ defined(__aarch64__) || \ 93+ defined(__aarch64__) || \
73 defined(__s390__) || defined(__s390x__) 94 defined(__s390__) || defined(__s390x__)
74 # undef STRICT_ALIGNMENT 95 # undef STRICT_ALIGNMENT
75 #endif 96 #endif
76@@ -50,6 +51,13 @@ 97@@ -49,6 +50,13 @@ typedef unsigned char u8;
77 # define BSWAP4(x) ({ u32 ret=(x); \ 98 # define BSWAP4(x) ({ u32 ret=(x); \
78 asm ("bswapl %0" \ 99 asm ("bswapl %0" \
79 : "+r"(ret)); ret; }) 100 : "+r"(ret)); ret; })
80+# elif defined(__aarch64__) 101+# elif defined(__aarch64__)
81+# define BSWAP8(x) ({ u64 ret; \ 102+# define BSWAP8(x) ({ u64 ret; \
82+ asm ("rev %0,%1" \ 103+ asm ("rev %0,%1" \
@@ -84,25 +105,25 @@ Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
84+# define BSWAP4(x) ({ u32 ret; \ 105+# define BSWAP4(x) ({ u32 ret; \
85+ asm ("rev %w0,%w1" \ 106+ asm ("rev %w0,%w1" \
86+ : "=r"(ret) : "r"(x)); ret; }) 107+ : "=r"(ret) : "r"(x)); ret; })
87 # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) 108 # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
88 # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \ 109 # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
89 asm ("rev %0,%0; rev %1,%1" \ 110 asm ("rev %0,%0; rev %1,%1" \
90Index: openssl-1.0.1f/crypto/sha/sha512.c 111Index: openssl-1.0.1f/crypto/sha/sha512.c
91=================================================================== 112===================================================================
92--- openssl-1.0.1f.orig/crypto/sha/sha512.c 2014-01-06 15:47:42.000000000 +0200 113--- openssl-1.0.1f.orig/crypto/sha/sha512.c 2014-01-06 15:47:42.000000000 +0200
93+++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200 114+++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200
94@@ -55,6 +55,7 @@ 115@@ -55,6 +55,7 @@ const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT;
95 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ 116 # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
96 defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ 117 defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
97 defined(__s390__) || defined(__s390x__) || \ 118 defined(__s390__) || defined(__s390x__) || \
98+ defined(__aarch64__) || \ 119+ defined(__aarch64__) || \
99 defined(SHA512_ASM) 120 defined(SHA512_ASM)
100 #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA 121 # define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
101 #endif 122 # endif
102@@ -347,6 +348,18 @@ 123@@ -353,6 +354,18 @@ static const SHA_LONG64 K512[80] = {
103 asm ("rotrdi %0,%1,%2" \ 124 asm ("rotrdi %0,%1,%2" \
104 : "=r"(ret) \ 125 : "=r"(ret) \
105 : "r"(a),"K"(n)); ret; }) 126 : "r"(a),"K"(n)); ret; })
106+# elif defined(__aarch64__) 127+# elif defined(__aarch64__)
107+# define ROTR(a,n) ({ SHA_LONG64 ret; \ 128+# define ROTR(a,n) ({ SHA_LONG64 ret; \
108+ asm ("ror %0,%1,%2" \ 129+ asm ("ror %0,%1,%2" \
@@ -115,6 +136,6 @@ Index: openssl-1.0.1f/crypto/sha/sha512.c
115+ : "=r"(ret) \ 136+ : "=r"(ret) \
116+ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; }) 137+ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; })
117+# endif 138+# endif
118 # endif 139 # endif
119 # elif defined(_MSC_VER) 140 # elif defined(_MSC_VER)
120 # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ 141 # if defined(_WIN64) /* applies to both IA-64 and AMD64 */
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
index c161e62..36aa442 100644
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -7,15 +7,18 @@ Upstream-Status: Submitted
7http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html 7http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
8 8
9Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> 9Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
10
11ported the patch to the 1.0.0m version
12Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24
10--- 13---
11--- a/crypto/evp/digest.c 14--- a/crypto/evp/digest.c
12+++ b/crypto/evp/digest.c 15+++ b/crypto/evp/digest.c
13@@ -199,7 +199,7 @@ 16@@ -199,7 +199,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
14 return 0; 17 type = ctx->digest;
15 } 18 }
16 #endif 19 #endif
17- if (ctx->digest != type) 20- if (ctx->digest != type) {
18+ if (type && (ctx->digest != type)) 21+ if (type && (ctx->digest != type)) {
19 { 22 if (ctx->digest && ctx->digest->ctx_size)
20 if (ctx->digest && ctx->digest->ctx_size) 23 OPENSSL_free(ctx->md_data);
21 OPENSSL_free(ctx->md_data); 24 ctx->digest = type;
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
deleted file mode 100644
index 3e93fe4..0000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
+++ /dev/null
@@ -1,39 +0,0 @@
1openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
2
3We should avoid accessing the pointer if ASN1_STRING_new()
4allocates memory failed.
5
6Upstream-Status: Submitted
7http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
8
9Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
10---
11--- a/crypto/dh/dh_ameth.c
12+++ b/crypto/dh/dh_ameth.c
13@@ -139,6 +139,12 @@
14 dh=pkey->pkey.dh;
15
16 str = ASN1_STRING_new();
17+ if (!str)
18+ {
19+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
20+ goto err;
21+ }
22+
23 str->length = i2d_DHparams(dh, &str->data);
24 if (str->length <= 0)
25 {
26--- a/crypto/dsa/dsa_ameth.c
27+++ b/crypto/dsa/dsa_ameth.c
28@@ -148,6 +148,11 @@
29 {
30 ASN1_STRING *str;
31 str = ASN1_STRING_new();
32+ if (!str)
33+ {
34+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
35+ goto err;
36+ }
37 str->length = i2d_DSAparams(dsa, &str->data);
38 if (str->length <= 0)
39 {
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
index 93ce034..0d3902f 100644
--- a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
@@ -6,16 +6,19 @@ Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
6 6
7ported the patch to the 1.0.0e version 7ported the patch to the 1.0.0e version
8Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01 8Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
9
10ported the patch to the 1.0.0m version
11Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24
9Index: openssl-1.0.1e/Configure 12Index: openssl-1.0.1e/Configure
10=================================================================== 13===================================================================
11--- openssl-1.0.1e.orig/Configure 14--- openssl-1.0.1e.orig/Configure
12+++ openssl-1.0.1e/Configure 15+++ openssl-1.0.1e/Configure
13@@ -402,6 +402,7 @@ my %table=( 16@@ -402,6 +402,7 @@ my %table=(
14 "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 17 "linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
15 "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 18 "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
16 "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", 19 "linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
17+"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", 20+"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
18 "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", 21 "linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
19 #### So called "highgprs" target for z/Architecture CPUs 22 #### So called "highgprs" target for z/Architecture CPUs
20 # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see 23 # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
21Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c 24Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
@@ -26,65 +29,39 @@ Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
26 * machine. 29 * machine.
27 */ 30 */
28 31
29-#ifdef _WIN64 32-# ifdef _WIN64
30+#if defined _WIN64 || !defined __LP64__ 33+# if defined _WIN64 || !defined __LP64__
31 #define BN_ULONG unsigned long long 34 # define BN_ULONG unsigned long long
32 #else 35 # else
33 #define BN_ULONG unsigned long 36 # define BN_ULONG unsigned long
34@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
35 asm (
36 " subq %2,%2 \n"
37 ".p2align 4 \n"
38- "1: movq (%4,%2,8),%0 \n"
39- " adcq (%5,%2,8),%0 \n"
40- " movq %0,(%3,%2,8) \n"
41+ "1: movq (%q4,%2,8),%0 \n"
42+ " adcq (%q5,%2,8),%0 \n"
43+ " movq %0,(%q3,%2,8) \n"
44 " leaq 1(%2),%2 \n"
45 " loop 1b \n"
46 " sbbq %0,%0 \n"
47@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
48 asm (
49 " subq %2,%2 \n"
50 ".p2align 4 \n"
51- "1: movq (%4,%2,8),%0 \n"
52- " sbbq (%5,%2,8),%0 \n"
53- " movq %0,(%3,%2,8) \n"
54+ "1: movq (%q4,%2,8),%0 \n"
55+ " sbbq (%q5,%2,8),%0 \n"
56+ " movq %0,(%q3,%2,8) \n"
57 " leaq 1(%2),%2 \n"
58 " loop 1b \n"
59 " sbbq %0,%0 \n"
60Index: openssl-1.0.1e/crypto/bn/bn.h 37Index: openssl-1.0.1e/crypto/bn/bn.h
61=================================================================== 38===================================================================
62--- openssl-1.0.1e.orig/crypto/bn/bn.h 39--- openssl-1.0.1e.orig/crypto/bn/bn.h
63+++ openssl-1.0.1e/crypto/bn/bn.h 40+++ openssl-1.0.1e/crypto/bn/bn.h
64@@ -172,6 +172,13 @@ extern "C" { 41@@ -173,6 +173,13 @@ extern "C" {
42 # endif
65 # endif 43 # endif
66 #endif
67 44
68+/* Address type. */ 45+/* Address type. */
69+#ifdef _WIN64 46+# ifdef _WIN64
70+#define BN_ADDR unsigned long long 47+# define BN_ADDR unsigned long long
71+#else 48+# else
72+#define BN_ADDR unsigned long 49+# define BN_ADDR unsigned long
73+#endif 50+# endif
74+ 51+
75 /* assuming long is 64bit - this is the DEC Alpha 52 /*
76 * unsigned long long is only 64 bits :-(, don't define 53 * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
77 * BN_LLONG for the DEC Alpha */ 54 * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
78Index: openssl-1.0.1e/crypto/bn/bn_exp.c 55Index: openssl-1.0.1e/crypto/bn/bn_exp.c
79=================================================================== 56===================================================================
80--- openssl-1.0.1e.orig/crypto/bn/bn_exp.c 57--- openssl-1.0.1e.orig/crypto/bn/bn_exp.c
81+++ openssl-1.0.1e/crypto/bn/bn_exp.c 58+++ openssl-1.0.1e/crypto/bn/bn_exp.c
82@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU 59@@ -572,7 +572,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
83 60 * multiple.
84 /* Given a pointer value, compute the next address that is a cache line multiple. */ 61 */
85 #define MOD_EXP_CTIME_ALIGN(x_) \ 62 #define MOD_EXP_CTIME_ALIGN(x_) \
86- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) 63- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
87+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) 64+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
88 65
89 /* This variant of BN_mod_exp_mont() uses fixed windows and the special 66 /*
90 * precomputation memory layout to limit data-dependency to a minimum 67 * This variant of BN_mod_exp_mont() uses fixed windows and the special
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1j.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1m.bb
index 2da18ae..cab6b3f 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1j.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1m.bb
@@ -29,7 +29,6 @@ SRC_URI += "file://configure-targets.patch \
29 file://openssl_fix_for_x32.patch \ 29 file://openssl_fix_for_x32.patch \
30 file://fix-cipher-des-ede3-cfb1.patch \ 30 file://fix-cipher-des-ede3-cfb1.patch \
31 file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ 31 file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
32 file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
33 file://initial-aarch64-bits.patch \ 32 file://initial-aarch64-bits.patch \
34 file://find.pl \ 33 file://find.pl \
35 file://openssl-fix-des.pod-error.patch \ 34 file://openssl-fix-des.pod-error.patch \
@@ -38,8 +37,8 @@ SRC_URI += "file://configure-targets.patch \
38 file://run-ptest \ 37 file://run-ptest \
39 " 38 "
40 39
41SRC_URI[md5sum] = "f7175c9cd3c39bb1907ac8bba9df8ed3" 40SRC_URI[md5sum] = "d143d1555d842a069cb7cc34ba745a06"
42SRC_URI[sha256sum] = "1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3" 41SRC_URI[sha256sum] = "095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74"
43 42
44PACKAGES =+ " \ 43PACKAGES =+ " \
45 ${PN}-engines \ 44 ${PN}-engines \