openssl: mark assembler sections as call targets for PAC/BTI support on aarch64

The assembler sections in OpenSSL were not marked as valid call targets, so branch protection could not be enabled for libcrypto.so. (From OE-Core rev: 4bf06bc5487da05e6b4a4895e5ca2da65cdc25d8) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@arm.com> 2023-12-13 16:14:21 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-12-21 10:38:30 +0000
commit: 92fd81b7dee511c89163165e93c78015b6d6a6e2 (patch)
tree: 8caec361765f3be95e3cd0884b9b543a5e03c872 /meta/recipes-connectivity/openssl
parent: 198d891baa5dbeaca0e02e1904208d0edd30d495 (diff)
download: poky-92fd81b7dee511c89163165e93c78015b6d6a6e2.tar.gz
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch b/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch
new file mode 100644
index 0000000000..2a16debb76
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch
@@ -0,0 +1,35 @@
+From ad347c9ff0fd93bdd2fa2085611c65b88e94829f Mon Sep 17 00:00:00 2001
+From: "fangming.fang" <fangming.fang@arm.com>
+Date: Thu, 7 Dec 2023 06:17:51 +0000
+Subject: [PATCH] Enable BTI feature for md5 on aarch64
+Fixes: #22959
+Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/22971)
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ crypto/md5/asm/md5-aarch64.pl | 3 +++
+ 1 file changed, 3 insertions(+)
+diff --git a/crypto/md5/asm/md5-aarch64.pl b/crypto/md5/asm/md5-aarch64.pl
+index 3200a0fa9bff0..5a8608069691d 100755
+--- a/crypto/md5/asm/md5-aarch64.pl
+++ b/crypto/md5/asm/md5-aarch64.pl
+@@ -28,10 +28,13 @@
+ *STDOUT=*OUT;
+ 
+ $code .= <<EOF;
+#include "arm_arch.h"
+
+ .text
+ .globl  ossl_md5_block_asm_data_order
+ .type   ossl_md5_block_asm_data_order,\@function
+ ossl_md5_block_asm_data_order:
+        AARCH64_VALID_CALL_TARGET
+         // Save all callee-saved registers
+         stp     x19,x20,[sp,#-80]!
+         stp     x21,x22,[sp,#16]
diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.0.bb b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
index ab0562bd73..d041d2d214 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
           file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
           file://0001-Configure-do-not-tweak-mips-cflags.patch \
           file://0001-Added-handshake-history-reporting-when-test-fails.patch \
+           file://aarch64-bti.patch \
           "
 SRC_URI:append:class-nativesdk = " \
author	Ross Burton <ross.burton@arm.com>	2023-12-13 16:14:21 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-12-21 10:38:30 +0000
commit	92fd81b7dee511c89163165e93c78015b6d6a6e2 (patch)
tree	8caec361765f3be95e3cd0884b9b543a5e03c872 /meta/recipes-connectivity/openssl
parent	198d891baa5dbeaca0e02e1904208d0edd30d495 (diff)
download	poky-92fd81b7dee511c89163165e93c78015b6d6a6e2.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch b/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch new file mode 100644 index 0000000000..2a16debb76 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch
@@ -0,0 +1,35 @@
		1	From ad347c9ff0fd93bdd2fa2085611c65b88e94829f Mon Sep 17 00:00:00 2001
		2	From: "fangming.fang" <fangming.fang@arm.com>
		3	Date: Thu, 7 Dec 2023 06:17:51 +0000
		4	Subject: [PATCH] Enable BTI feature for md5 on aarch64
		5
		6	Fixes: #22959
		7
		8	Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
		9	Reviewed-by: Tomas Mraz <tomas@openssl.org>
		10	(Merged from https://github.com/openssl/openssl/pull/22971)
		11
		12	Upstream-Status: Backport
		13	Signed-off-by: Ross Burton <ross.burton@arm.com>
		14	---
		15	crypto/md5/asm/md5-aarch64.pl \| 3 +++
		16	1 file changed, 3 insertions(+)
		17
		18	diff --git a/crypto/md5/asm/md5-aarch64.pl b/crypto/md5/asm/md5-aarch64.pl
		19	index 3200a0fa9bff0..5a8608069691d 100755
		20	--- a/crypto/md5/asm/md5-aarch64.pl
		21	+++ b/crypto/md5/asm/md5-aarch64.pl
		22	@@ -28,10 +28,13 @@
		23	STDOUT=OUT;
		24
		25	$code .= <<EOF;
		26	+#include "arm_arch.h"
		27	+
		28	.text
		29	.globl ossl_md5_block_asm_data_order
		30	.type ossl_md5_block_asm_data_order,\@function
		31	ossl_md5_block_asm_data_order:
		32	+ AARCH64_VALID_CALL_TARGET
		33	// Save all callee-saved registers
		34	stp x19,x20,[sp,#-80]!
		35	stp x21,x22,[sp,#16]


diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.0.bb b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb index ab0562bd73..d041d2d214 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.2.0.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
12	file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \	12	file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
13	file://0001-Configure-do-not-tweak-mips-cflags.patch \	13	file://0001-Configure-do-not-tweak-mips-cflags.patch \
14	file://0001-Added-handshake-history-reporting-when-test-fails.patch \	14	file://0001-Added-handshake-history-reporting-when-test-fails.patch \
		15	file://aarch64-bti.patch \
15	"	16	"
16		17
17	SRC_URI:append:class-nativesdk = " \	18	SRC_URI:append:class-nativesdk = " \