openssl: fix crash on aarch64 if BTI is enabled but no Crypto instructions

On aarch64, if the processor doesn't have the Crypto instructions then OpenSSL will fall back onto the "bit-sliced" assembler routines. When branch protection (BTI) was enabled in OpenSSL these routines were missed, so if BTI is available libssl will immediately abort when it enters this assembler. Backport a patch submitted upstream to add the required call target annotations so that BTI doesn't believe the code is being exploited. (From OE-Core rev: 438a390e8e1811bc2d3820c1cd2b8e099e70064a) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@arm.com> 2024-03-27 11:15:07 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-03-30 22:22:19 +0000
commit: 4a8b005afc580e682bef6653e44eecc4483a8990 (patch)
tree: 0e8f7efd94570bb0a1ffd7fa8681921ae7c86ec5 /meta/recipes-connectivity/openssl/openssl_3.2.1.bb
parent: b84ae2ad79e31c33c42ed36d58c47b2c1d11509b (diff)
download: poky-4a8b005afc580e682bef6653e44eecc4483a8990.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.1.bb b/meta/recipes-connectivity/openssl/openssl_3.2.1.bb
index 1682b6f8cc..c7134c54db 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.2.1.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.2.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
           file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
           file://0001-Configure-do-not-tweak-mips-cflags.patch \
           file://0001-Added-handshake-history-reporting-when-test-fails.patch \
+           file://bti.patch \
           "
 SRC_URI:append:class-nativesdk = " \
author	Ross Burton <ross.burton@arm.com>	2024-03-27 11:15:07 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-03-30 22:22:19 +0000
commit	4a8b005afc580e682bef6653e44eecc4483a8990 (patch)
tree	0e8f7efd94570bb0a1ffd7fa8681921ae7c86ec5 /meta/recipes-connectivity/openssl/openssl_3.2.1.bb
parent	b84ae2ad79e31c33c42ed36d58c47b2c1d11509b (diff)
download	poky-4a8b005afc580e682bef6653e44eecc4483a8990.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.1.bb b/meta/recipes-connectivity/openssl/openssl_3.2.1.bb index 1682b6f8cc..c7134c54db 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.2.1.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.2.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
12	file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \	12	file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
13	file://0001-Configure-do-not-tweak-mips-cflags.patch \	13	file://0001-Configure-do-not-tweak-mips-cflags.patch \
14	file://0001-Added-handshake-history-reporting-when-test-fails.patch \	14	file://0001-Added-handshake-history-reporting-when-test-fails.patch \
		15	file://bti.patch \
15	"	16	"
16		17
17	SRC_URI:append:class-nativesdk = " \	18	SRC_URI:append:class-nativesdk = " \