diff options
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl')
8 files changed, 494 insertions, 130 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch new file mode 100644 index 0000000000..aa2e5bb800 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch | |||
@@ -0,0 +1,374 @@ | |||
1 | From 5ba65051fea0513db0d997f0ab7cafb9826ed74a Mon Sep 17 00:00:00 2001 | ||
2 | From: William Lyu <William.Lyu@windriver.com> | ||
3 | Date: Fri, 20 Oct 2023 16:22:37 -0400 | ||
4 | Subject: [PATCH] Added handshake history reporting when test fails | ||
5 | |||
6 | Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481] | ||
7 | |||
8 | Signed-off-by: William Lyu <William.Lyu@windriver.com> | ||
9 | --- | ||
10 | test/helpers/handshake.c | 139 +++++++++++++++++++++++++++++---------- | ||
11 | test/helpers/handshake.h | 70 +++++++++++++++++++- | ||
12 | test/ssl_test.c | 44 +++++++++++++ | ||
13 | 3 files changed, 218 insertions(+), 35 deletions(-) | ||
14 | |||
15 | diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c | ||
16 | index e0422469e4..ae2ad59dd4 100644 | ||
17 | --- a/test/helpers/handshake.c | ||
18 | +++ b/test/helpers/handshake.c | ||
19 | @@ -1,5 +1,5 @@ | ||
20 | /* | ||
21 | - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | ||
22 | + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. | ||
23 | * | ||
24 | * Licensed under the Apache License 2.0 (the "License"). You may not use | ||
25 | * this file except in compliance with the License. You can obtain a copy | ||
26 | @@ -24,6 +24,102 @@ | ||
27 | #include <netinet/sctp.h> | ||
28 | #endif | ||
29 | |||
30 | +/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ | ||
31 | +/* Maps string names to various enumeration type */ | ||
32 | +typedef struct { | ||
33 | + const char *name; | ||
34 | + int value; | ||
35 | +} enum_name_map; | ||
36 | + | ||
37 | +static const enum_name_map connect_phase_names[] = { | ||
38 | + {"Handshake", HANDSHAKE}, | ||
39 | + {"RenegAppData", RENEG_APPLICATION_DATA}, | ||
40 | + {"RenegSetup", RENEG_SETUP}, | ||
41 | + {"RenegHandshake", RENEG_HANDSHAKE}, | ||
42 | + {"AppData", APPLICATION_DATA}, | ||
43 | + {"Shutdown", SHUTDOWN}, | ||
44 | + {"ConnectionDone", CONNECTION_DONE} | ||
45 | +}; | ||
46 | + | ||
47 | +static const enum_name_map peer_status_names[] = { | ||
48 | + {"PeerSuccess", PEER_SUCCESS}, | ||
49 | + {"PeerRetry", PEER_RETRY}, | ||
50 | + {"PeerError", PEER_ERROR}, | ||
51 | + {"PeerWaiting", PEER_WAITING}, | ||
52 | + {"PeerTestFail", PEER_TEST_FAILURE} | ||
53 | +}; | ||
54 | + | ||
55 | +static const enum_name_map handshake_status_names[] = { | ||
56 | + {"HandshakeSuccess", HANDSHAKE_SUCCESS}, | ||
57 | + {"ClientError", CLIENT_ERROR}, | ||
58 | + {"ServerError", SERVER_ERROR}, | ||
59 | + {"InternalError", INTERNAL_ERROR}, | ||
60 | + {"HandshakeRetry", HANDSHAKE_RETRY} | ||
61 | +}; | ||
62 | + | ||
63 | +/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ | ||
64 | +static const char *enum_name(const enum_name_map *enums, size_t num_enums, | ||
65 | + int value) | ||
66 | +{ | ||
67 | + size_t i; | ||
68 | + for (i = 0; i < num_enums; i++) { | ||
69 | + if (enums[i].value == value) { | ||
70 | + return enums[i].name; | ||
71 | + } | ||
72 | + } | ||
73 | + return "InvalidValue"; | ||
74 | +} | ||
75 | + | ||
76 | +const char *handshake_connect_phase_name(connect_phase_t phase) | ||
77 | +{ | ||
78 | + return enum_name(connect_phase_names, OSSL_NELEM(connect_phase_names), | ||
79 | + (int)phase); | ||
80 | +} | ||
81 | + | ||
82 | +const char *handshake_status_name(handshake_status_t handshake_status) | ||
83 | +{ | ||
84 | + return enum_name(handshake_status_names, OSSL_NELEM(handshake_status_names), | ||
85 | + (int)handshake_status); | ||
86 | +} | ||
87 | + | ||
88 | +const char *handshake_peer_status_name(peer_status_t peer_status) | ||
89 | +{ | ||
90 | + return enum_name(peer_status_names, OSSL_NELEM(peer_status_names), | ||
91 | + (int)peer_status); | ||
92 | +} | ||
93 | + | ||
94 | +static void save_loop_history(HANDSHAKE_HISTORY *history, | ||
95 | + connect_phase_t phase, | ||
96 | + handshake_status_t handshake_status, | ||
97 | + peer_status_t server_status, | ||
98 | + peer_status_t client_status, | ||
99 | + int client_turn_count, | ||
100 | + int is_client_turn) | ||
101 | +{ | ||
102 | + HANDSHAKE_HISTORY_ENTRY *new_entry = NULL; | ||
103 | + | ||
104 | + /* | ||
105 | + * Create a new history entry for a handshake loop with statuses given in | ||
106 | + * the arguments. Potentially evicting the oldest entry when the | ||
107 | + * ring buffer is full. | ||
108 | + */ | ||
109 | + ++(history->last_idx); | ||
110 | + history->last_idx &= MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; | ||
111 | + | ||
112 | + new_entry = &((history->entries)[history->last_idx]); | ||
113 | + new_entry->phase = phase; | ||
114 | + new_entry->handshake_status = handshake_status; | ||
115 | + new_entry->server_status = server_status; | ||
116 | + new_entry->client_status = client_status; | ||
117 | + new_entry->client_turn_count = client_turn_count; | ||
118 | + new_entry->is_client_turn = is_client_turn; | ||
119 | + | ||
120 | + /* Evict the oldest handshake loop entry when the ring buffer is full. */ | ||
121 | + if (history->entry_count < MAX_HANDSHAKE_HISTORY_ENTRY) { | ||
122 | + ++(history->entry_count); | ||
123 | + } | ||
124 | +} | ||
125 | + | ||
126 | HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void) | ||
127 | { | ||
128 | HANDSHAKE_RESULT *ret; | ||
129 | @@ -719,15 +815,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client, | ||
130 | SSL_set_post_handshake_auth(client, 1); | ||
131 | } | ||
132 | |||
133 | -/* The status for each connection phase. */ | ||
134 | -typedef enum { | ||
135 | - PEER_SUCCESS, | ||
136 | - PEER_RETRY, | ||
137 | - PEER_ERROR, | ||
138 | - PEER_WAITING, | ||
139 | - PEER_TEST_FAILURE | ||
140 | -} peer_status_t; | ||
141 | - | ||
142 | /* An SSL object and associated read-write buffers. */ | ||
143 | typedef struct peer_st { | ||
144 | SSL *ssl; | ||
145 | @@ -1074,17 +1161,6 @@ static void do_shutdown_step(PEER *peer) | ||
146 | } | ||
147 | } | ||
148 | |||
149 | -typedef enum { | ||
150 | - HANDSHAKE, | ||
151 | - RENEG_APPLICATION_DATA, | ||
152 | - RENEG_SETUP, | ||
153 | - RENEG_HANDSHAKE, | ||
154 | - APPLICATION_DATA, | ||
155 | - SHUTDOWN, | ||
156 | - CONNECTION_DONE | ||
157 | -} connect_phase_t; | ||
158 | - | ||
159 | - | ||
160 | static int renegotiate_op(const SSL_TEST_CTX *test_ctx) | ||
161 | { | ||
162 | switch (test_ctx->handshake_mode) { | ||
163 | @@ -1162,19 +1238,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, | ||
164 | } | ||
165 | } | ||
166 | |||
167 | -typedef enum { | ||
168 | - /* Both parties succeeded. */ | ||
169 | - HANDSHAKE_SUCCESS, | ||
170 | - /* Client errored. */ | ||
171 | - CLIENT_ERROR, | ||
172 | - /* Server errored. */ | ||
173 | - SERVER_ERROR, | ||
174 | - /* Peers are in inconsistent state. */ | ||
175 | - INTERNAL_ERROR, | ||
176 | - /* One or both peers not done. */ | ||
177 | - HANDSHAKE_RETRY | ||
178 | -} handshake_status_t; | ||
179 | - | ||
180 | /* | ||
181 | * Determine the handshake outcome. | ||
182 | * last_status: the status of the peer to have acted last. | ||
183 | @@ -1539,6 +1602,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( | ||
184 | |||
185 | start = time(NULL); | ||
186 | |||
187 | + save_loop_history(&(ret->history), | ||
188 | + phase, status, server.status, client.status, | ||
189 | + client_turn_count, client_turn); | ||
190 | + | ||
191 | /* | ||
192 | * Half-duplex handshake loop. | ||
193 | * Client and server speak to each other synchronously in the same process. | ||
194 | @@ -1560,6 +1627,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( | ||
195 | 0 /* server went last */); | ||
196 | } | ||
197 | |||
198 | + save_loop_history(&(ret->history), | ||
199 | + phase, status, server.status, client.status, | ||
200 | + client_turn_count, client_turn); | ||
201 | + | ||
202 | switch (status) { | ||
203 | case HANDSHAKE_SUCCESS: | ||
204 | client_turn_count = 0; | ||
205 | diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h | ||
206 | index 78b03f9f4b..b9967c2623 100644 | ||
207 | --- a/test/helpers/handshake.h | ||
208 | +++ b/test/helpers/handshake.h | ||
209 | @@ -1,5 +1,5 @@ | ||
210 | /* | ||
211 | - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | ||
212 | + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. | ||
213 | * | ||
214 | * Licensed under the Apache License 2.0 (the "License"). You may not use | ||
215 | * this file except in compliance with the License. You can obtain a copy | ||
216 | @@ -12,6 +12,11 @@ | ||
217 | |||
218 | #include "ssl_test_ctx.h" | ||
219 | |||
220 | +#define MAX_HANDSHAKE_HISTORY_ENTRY_BIT 4 | ||
221 | +#define MAX_HANDSHAKE_HISTORY_ENTRY (1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) | ||
222 | +#define MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK \ | ||
223 | + ((1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) - 1) | ||
224 | + | ||
225 | typedef struct ctx_data_st { | ||
226 | unsigned char *npn_protocols; | ||
227 | size_t npn_protocols_len; | ||
228 | @@ -22,6 +27,63 @@ typedef struct ctx_data_st { | ||
229 | char *session_ticket_app_data; | ||
230 | } CTX_DATA; | ||
231 | |||
232 | +typedef enum { | ||
233 | + HANDSHAKE, | ||
234 | + RENEG_APPLICATION_DATA, | ||
235 | + RENEG_SETUP, | ||
236 | + RENEG_HANDSHAKE, | ||
237 | + APPLICATION_DATA, | ||
238 | + SHUTDOWN, | ||
239 | + CONNECTION_DONE | ||
240 | +} connect_phase_t; | ||
241 | + | ||
242 | +/* The status for each connection phase. */ | ||
243 | +typedef enum { | ||
244 | + PEER_SUCCESS, | ||
245 | + PEER_RETRY, | ||
246 | + PEER_ERROR, | ||
247 | + PEER_WAITING, | ||
248 | + PEER_TEST_FAILURE | ||
249 | +} peer_status_t; | ||
250 | + | ||
251 | +typedef enum { | ||
252 | + /* Both parties succeeded. */ | ||
253 | + HANDSHAKE_SUCCESS, | ||
254 | + /* Client errored. */ | ||
255 | + CLIENT_ERROR, | ||
256 | + /* Server errored. */ | ||
257 | + SERVER_ERROR, | ||
258 | + /* Peers are in inconsistent state. */ | ||
259 | + INTERNAL_ERROR, | ||
260 | + /* One or both peers not done. */ | ||
261 | + HANDSHAKE_RETRY | ||
262 | +} handshake_status_t; | ||
263 | + | ||
264 | +/* Stores the various status information in a handshake loop. */ | ||
265 | +typedef struct handshake_history_entry_st { | ||
266 | + connect_phase_t phase; | ||
267 | + handshake_status_t handshake_status; | ||
268 | + peer_status_t server_status; | ||
269 | + peer_status_t client_status; | ||
270 | + int client_turn_count; | ||
271 | + int is_client_turn; | ||
272 | +} HANDSHAKE_HISTORY_ENTRY; | ||
273 | + | ||
274 | +typedef struct handshake_history_st { | ||
275 | + /* Implemented using ring buffer. */ | ||
276 | + /* | ||
277 | + * The valid entries are |entries[last_idx]|, |entries[last_idx-1]|, | ||
278 | + * ..., etc., going up to |entry_count| number of entries. Note that when | ||
279 | + * the index into the array |entries| becomes < 0, we wrap around to | ||
280 | + * the end of |entries|. | ||
281 | + */ | ||
282 | + HANDSHAKE_HISTORY_ENTRY entries[MAX_HANDSHAKE_HISTORY_ENTRY]; | ||
283 | + /* The number of valid entries in |entries| array. */ | ||
284 | + size_t entry_count; | ||
285 | + /* The index of the last valid entry in the |entries| array. */ | ||
286 | + size_t last_idx; | ||
287 | +} HANDSHAKE_HISTORY; | ||
288 | + | ||
289 | typedef struct handshake_result { | ||
290 | ssl_test_result_t result; | ||
291 | /* These alerts are in the 2-byte format returned by the info_callback. */ | ||
292 | @@ -77,6 +139,8 @@ typedef struct handshake_result { | ||
293 | char *cipher; | ||
294 | /* session ticket application data */ | ||
295 | char *result_session_ticket_app_data; | ||
296 | + /* handshake loop history */ | ||
297 | + HANDSHAKE_HISTORY history; | ||
298 | } HANDSHAKE_RESULT; | ||
299 | |||
300 | HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); | ||
301 | @@ -95,4 +159,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, | ||
302 | CTX_DATA *server2_ctx_data, | ||
303 | CTX_DATA *client_ctx_data); | ||
304 | |||
305 | +const char *handshake_connect_phase_name(connect_phase_t phase); | ||
306 | +const char *handshake_status_name(handshake_status_t handshake_status); | ||
307 | +const char *handshake_peer_status_name(peer_status_t peer_status); | ||
308 | + | ||
309 | #endif /* OSSL_TEST_HANDSHAKE_HELPER_H */ | ||
310 | diff --git a/test/ssl_test.c b/test/ssl_test.c | ||
311 | index ea608518f9..9d6b093c81 100644 | ||
312 | --- a/test/ssl_test.c | ||
313 | +++ b/test/ssl_test.c | ||
314 | @@ -26,6 +26,44 @@ static OSSL_LIB_CTX *libctx = NULL; | ||
315 | /* Currently the section names are of the form test-<number>, e.g. test-15. */ | ||
316 | #define MAX_TESTCASE_NAME_LENGTH 100 | ||
317 | |||
318 | +static void print_handshake_history(const HANDSHAKE_HISTORY *history) | ||
319 | +{ | ||
320 | + size_t first_idx; | ||
321 | + size_t i; | ||
322 | + size_t cur_idx; | ||
323 | + const HANDSHAKE_HISTORY_ENTRY *cur_entry; | ||
324 | + const char header_template[] = "|%14s|%16s|%16s|%16s|%17s|%14s|"; | ||
325 | + const char body_template[] = "|%14s|%16s|%16s|%16s|%17d|%14s|"; | ||
326 | + | ||
327 | + TEST_info("The following is the server/client state " | ||
328 | + "in the most recent %d handshake loops.", | ||
329 | + MAX_HANDSHAKE_HISTORY_ENTRY); | ||
330 | + | ||
331 | + TEST_note("==================================================" | ||
332 | + "=================================================="); | ||
333 | + TEST_note(header_template, | ||
334 | + "phase", "handshake status", "server status", | ||
335 | + "client status", "client turn count", "is client turn"); | ||
336 | + TEST_note("+--------------+----------------+----------------" | ||
337 | + "+----------------+-----------------+--------------+"); | ||
338 | + | ||
339 | + first_idx = (history->last_idx - history->entry_count + 1) & | ||
340 | + MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; | ||
341 | + for (i = 0; i < history->entry_count; ++i) { | ||
342 | + cur_idx = (first_idx + i) & MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; | ||
343 | + cur_entry = &(history->entries)[cur_idx]; | ||
344 | + TEST_note(body_template, | ||
345 | + handshake_connect_phase_name(cur_entry->phase), | ||
346 | + handshake_status_name(cur_entry->handshake_status), | ||
347 | + handshake_peer_status_name(cur_entry->server_status), | ||
348 | + handshake_peer_status_name(cur_entry->client_status), | ||
349 | + cur_entry->client_turn_count, | ||
350 | + cur_entry->is_client_turn ? "true" : "false"); | ||
351 | + } | ||
352 | + TEST_note("==================================================" | ||
353 | + "=================================================="); | ||
354 | +} | ||
355 | + | ||
356 | static const char *print_alert(int alert) | ||
357 | { | ||
358 | return alert ? SSL_alert_desc_string_long(alert) : "no alert"; | ||
359 | @@ -388,6 +426,12 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) | ||
360 | ret &= check_client_sign_type(result, test_ctx); | ||
361 | ret &= check_client_ca_names(result, test_ctx); | ||
362 | } | ||
363 | + | ||
364 | + /* Print handshake loop history if any check fails. */ | ||
365 | + if (!ret) { | ||
366 | + print_handshake_history(&(result->history)); | ||
367 | + } | ||
368 | + | ||
369 | return ret; | ||
370 | } | ||
371 | |||
372 | -- | ||
373 | 2.25.1 | ||
374 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch new file mode 100644 index 0000000000..502a7aaf32 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch | |||
@@ -0,0 +1,39 @@ | |||
1 | From 0377f0d5b5c1079e3b9a80881f4dcc891cbe9f9a Mon Sep 17 00:00:00 2001 | ||
2 | From: Alexander Kanavin <alex@linutronix.de> | ||
3 | Date: Tue, 30 May 2023 09:11:27 -0700 | ||
4 | Subject: [PATCH] Configure: do not tweak mips cflags | ||
5 | |||
6 | This conflicts with mips machine definitons from yocto, | ||
7 | e.g. | ||
8 | | Error: -mips3 conflicts with the other architecture options, which imply -mips64r2 | ||
9 | |||
10 | Upstream-Status: Inappropriate [oe-core specific] | ||
11 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> | ||
12 | |||
13 | Refreshed for openssl-3.1.1 | ||
14 | Signed-off-by: Tim Orling <tim.orling@konsulko.com> | ||
15 | --- | ||
16 | Configure | 10 ---------- | ||
17 | 1 file changed, 10 deletions(-) | ||
18 | |||
19 | diff --git a/Configure b/Configure | ||
20 | index 4569952..adf019b 100755 | ||
21 | --- a/Configure | ||
22 | +++ b/Configure | ||
23 | @@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) | ||
24 | push @{$config{shared_ldflag}}, "-mno-cygwin"; | ||
25 | } | ||
26 | |||
27 | -if ($target =~ /linux.*-mips/ && !$disabled{asm} | ||
28 | - && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { | ||
29 | - # minimally required architecture flags for assembly modules | ||
30 | - my $value; | ||
31 | - $value = '-mips2' if ($target =~ /mips32/); | ||
32 | - $value = '-mips3' if ($target =~ /mips64/); | ||
33 | - unshift @{$config{cflags}}, $value; | ||
34 | - unshift @{$config{cxxflags}}, $value if $config{CXX}; | ||
35 | -} | ||
36 | - | ||
37 | # If threads aren't disabled, check how possible they are | ||
38 | unless ($disabled{threads}) { | ||
39 | if ($auto_threads) { | ||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch index 949c788344..bafdbaa46f 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 3e1d00481093e10775eaf69d619c45b32a4aa7dc Mon Sep 17 00:00:00 2001 | 1 | From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001 |
2 | From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com> | 2 | From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com> |
3 | Date: Tue, 6 Nov 2018 14:50:47 +0100 | 3 | Date: Tue, 6 Nov 2018 14:50:47 +0100 |
4 | Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler | 4 | Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler |
@@ -21,20 +21,24 @@ https://patchwork.openembedded.org/patch/147229/ | |||
21 | Upstream-Status: Inappropriate [OE specific] | 21 | Upstream-Status: Inappropriate [OE specific] |
22 | Signed-off-by: Martin Hundebøll <martin@geanix.com> | 22 | Signed-off-by: Martin Hundebøll <martin@geanix.com> |
23 | 23 | ||
24 | |||
25 | Update to fix buildpaths qa issue for '-fmacro-prefix-map'. | 24 | Update to fix buildpaths qa issue for '-fmacro-prefix-map'. |
26 | 25 | ||
27 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | 26 | Signed-off-by: Kai Kang <kai.kang@windriver.com> |
27 | |||
28 | Update to fix buildpaths qa issue for '-ffile-prefix-map'. | ||
29 | |||
30 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
31 | |||
28 | --- | 32 | --- |
29 | Configurations/unix-Makefile.tmpl | 10 +++++++++- | 33 | Configurations/unix-Makefile.tmpl | 12 +++++++++++- |
30 | crypto/build.info | 2 +- | 34 | crypto/build.info | 2 +- |
31 | 2 files changed, 10 insertions(+), 2 deletions(-) | 35 | 2 files changed, 12 insertions(+), 2 deletions(-) |
32 | 36 | ||
33 | diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl | 37 | Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl |
34 | index 16af4d2087..54c162784c 100644 | 38 | =================================================================== |
35 | --- a/Configurations/unix-Makefile.tmpl | 39 | --- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl |
36 | +++ b/Configurations/unix-Makefile.tmpl | 40 | +++ openssl-3.0.4/Configurations/unix-Makefile.tmpl |
37 | @@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), | 41 | @@ -472,13 +472,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lfl |
38 | '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} | 42 | '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} |
39 | BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) | 43 | BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) |
40 | 44 | ||
@@ -49,6 +53,7 @@ index 16af4d2087..54c162784c 100644 | |||
49 | +CFLAGS_Q={- for (@{$config{CFLAGS}}) { | 53 | +CFLAGS_Q={- for (@{$config{CFLAGS}}) { |
50 | + s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; | 54 | + s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; |
51 | + s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; | 55 | + s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; |
56 | + s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g; | ||
52 | + } | 57 | + } |
53 | + join(' ', @{$config{CFLAGS}}) -} | 58 | + join(' ', @{$config{CFLAGS}}) -} |
54 | + | 59 | + |
@@ -58,19 +63,16 @@ index 16af4d2087..54c162784c 100644 | |||
58 | PERLASM_SCHEME= {- $target{perlasm_scheme} -} | 63 | PERLASM_SCHEME= {- $target{perlasm_scheme} -} |
59 | 64 | ||
60 | # For x86 assembler: Set PROCESSOR to 386 if you want to support | 65 | # For x86 assembler: Set PROCESSOR to 386 if you want to support |
61 | diff --git a/crypto/build.info b/crypto/build.info | 66 | Index: openssl-3.0.4/crypto/build.info |
62 | index b515b7318e..8c9cee2a09 100644 | 67 | =================================================================== |
63 | --- a/crypto/build.info | 68 | --- openssl-3.0.4.orig/crypto/build.info |
64 | +++ b/crypto/build.info | 69 | +++ openssl-3.0.4/crypto/build.info |
65 | @@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ | 70 | @@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF |
66 | ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl | ||
67 | 71 | ||
72 | DEPEND[info.o]=buildinf.h | ||
68 | DEPEND[cversion.o]=buildinf.h | 73 | DEPEND[cversion.o]=buildinf.h |
69 | -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" | 74 | -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" |
70 | +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" | 75 | +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" |
71 | DEPEND[buildinf.h]=../configdata.pm | ||
72 | 76 | ||
73 | GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME) | 77 | GENERATE[uplink-x86.S]=../ms/uplink-x86.pl |
74 | -- | 78 | GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl |
75 | 2.19.1 | ||
76 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch b/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch deleted file mode 100644 index d8d9651b64..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch +++ /dev/null | |||
@@ -1,46 +0,0 @@ | |||
1 | From a9401b2289656c5a36dd1b0ecebf0d23e291ce70 Mon Sep 17 00:00:00 2001 | ||
2 | From: Hongxu Jia <hongxu.jia@windriver.com> | ||
3 | Date: Tue, 2 Oct 2018 23:58:24 +0800 | ||
4 | Subject: [PATCH] skip test_symbol_presence | ||
5 | |||
6 | We cannot skip `01-test_symbol_presence.t' by configuring option `no-shared' | ||
7 | as INSTALL told us the shared libraries will not be built. | ||
8 | |||
9 | [INSTALL snip] | ||
10 | Notes on shared libraries | ||
11 | ------------------------- | ||
12 | |||
13 | For most systems the OpenSSL Configure script knows what is needed to | ||
14 | build shared libraries for libcrypto and libssl. On these systems | ||
15 | the shared libraries will be created by default. This can be suppressed and | ||
16 | only static libraries created by using the "no-shared" option. On systems | ||
17 | where OpenSSL does not know how to build shared libraries the "no-shared" | ||
18 | option will be forced and only static libraries will be created. | ||
19 | [INSTALL snip] | ||
20 | |||
21 | Hence directly modification the case to skip it. | ||
22 | |||
23 | Upstream-Status: Inappropriate [OE Specific] | ||
24 | |||
25 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
26 | --- | ||
27 | test/recipes/01-test_symbol_presence.t | 3 +-- | ||
28 | 1 file changed, 1 insertion(+), 2 deletions(-) | ||
29 | |||
30 | diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t | ||
31 | index 7f2a2d7..0b93745 100644 | ||
32 | --- a/test/recipes/01-test_symbol_presence.t | ||
33 | +++ b/test/recipes/01-test_symbol_presence.t | ||
34 | @@ -14,8 +14,7 @@ use OpenSSL::Test::Utils; | ||
35 | |||
36 | setup("test_symbol_presence"); | ||
37 | |||
38 | -plan skip_all => "Only useful when building shared libraries" | ||
39 | - if disabled("shared"); | ||
40 | +plan skip_all => "The case needs debug symbols then we just disable it"; | ||
41 | |||
42 | my @libnames = ("crypto", "ssl"); | ||
43 | my $testcount = scalar @libnames; | ||
44 | -- | ||
45 | 2.7.4 | ||
46 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch deleted file mode 100644 index b7c0e9697f..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/afalg.patch +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | Don't refuse to build afalgeng if cross-compiling or the host kernel is too old. | ||
2 | |||
3 | Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688] | ||
4 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
5 | |||
6 | diff --git a/Configure b/Configure | ||
7 | index 3baa8ce..9ef52ed 100755 | ||
8 | --- a/Configure | ||
9 | +++ b/Configure | ||
10 | @@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"}) | ||
11 | unless ($disabled{afalgeng}) { | ||
12 | $config{afalgeng}=""; | ||
13 | if (grep { $_ eq 'afalgeng' } @{$target{enable}}) { | ||
14 | - my $minver = 4*10000 + 1*100 + 0; | ||
15 | - if ($config{CROSS_COMPILE} eq "") { | ||
16 | - my $verstr = `uname -r`; | ||
17 | - my ($ma, $mi1, $mi2) = split("\\.", $verstr); | ||
18 | - ($mi2) = $mi2 =~ /(\d+)/; | ||
19 | - my $ver = $ma*10000 + $mi1*100 + $mi2; | ||
20 | - if ($ver < $minver) { | ||
21 | - disable('too-old-kernel', 'afalgeng'); | ||
22 | - } else { | ||
23 | - push @{$config{engdirs}}, "afalg"; | ||
24 | - } | ||
25 | - } else { | ||
26 | - disable('cross-compiling', 'afalgeng'); | ||
27 | - } | ||
28 | + push @{$config{engdirs}}, "afalg"; | ||
29 | } else { | ||
30 | disable('not-linux', 'afalgeng'); | ||
31 | } | ||
diff --git a/meta/recipes-connectivity/openssl/openssl/bti.patch b/meta/recipes-connectivity/openssl/openssl/bti.patch new file mode 100644 index 0000000000..748576c30c --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/bti.patch | |||
@@ -0,0 +1,58 @@ | |||
1 | From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001 | ||
2 | From: Tom Cosgrove <tom.cosgrove@arm.com> | ||
3 | Date: Tue, 26 Mar 2024 13:18:00 +0000 | ||
4 | Subject: [PATCH] aarch64: fix BTI in bsaes assembly code | ||
5 | |||
6 | In Arm systems where BTI is enabled but the Crypto extensions are not (more | ||
7 | likely in FVPs than in real hardware), the bit-sliced assembler code will | ||
8 | be used. However, this wasn't annotated with BTI instructions when BTI was | ||
9 | enabled, so the moment libssl jumps into this code it (correctly) aborts. | ||
10 | |||
11 | Solve this by adding the missing BTI landing pads. | ||
12 | |||
13 | Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982] | ||
14 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
15 | --- | ||
16 | crypto/aes/asm/bsaes-armv8.pl | 5 ++++- | ||
17 | 1 file changed, 4 insertions(+), 1 deletion(-) | ||
18 | |||
19 | diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl | ||
20 | index b3c97e439f..c3c5ff3e05 100644 | ||
21 | --- a/crypto/aes/asm/bsaes-armv8.pl | ||
22 | +++ b/crypto/aes/asm/bsaes-armv8.pl | ||
23 | @@ -1018,6 +1018,7 @@ _bsaes_key_convert: | ||
24 | // Initialisation vector overwritten with last quadword of ciphertext | ||
25 | // No output registers, usual AAPCS64 register preservation | ||
26 | ossl_bsaes_cbc_encrypt: | ||
27 | + AARCH64_VALID_CALL_TARGET | ||
28 | cmp x2, #128 | ||
29 | bhs .Lcbc_do_bsaes | ||
30 | b AES_cbc_encrypt | ||
31 | @@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt: | ||
32 | // Output text filled in | ||
33 | // No output registers, usual AAPCS64 register preservation | ||
34 | ossl_bsaes_ctr32_encrypt_blocks: | ||
35 | - | ||
36 | + AARCH64_VALID_CALL_TARGET | ||
37 | cmp x2, #8 // use plain AES for | ||
38 | blo .Lctr_enc_short // small sizes | ||
39 | |||
40 | @@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks: | ||
41 | // Output ciphertext filled in | ||
42 | // No output registers, usual AAPCS64 register preservation | ||
43 | ossl_bsaes_xts_encrypt: | ||
44 | + AARCH64_VALID_CALL_TARGET | ||
45 | // Stack layout: | ||
46 | // sp -> | ||
47 | // nrounds*128-96 bytes: key schedule | ||
48 | @@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt: | ||
49 | // Output plaintext filled in | ||
50 | // No output registers, usual AAPCS64 register preservation | ||
51 | ossl_bsaes_xts_decrypt: | ||
52 | + AARCH64_VALID_CALL_TARGET | ||
53 | // Stack layout: | ||
54 | // sp -> | ||
55 | // nrounds*128-96 bytes: key schedule | ||
56 | -- | ||
57 | 2.34.1 | ||
58 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/meta/recipes-connectivity/openssl/openssl/reproducible.patch deleted file mode 100644 index a24260c95d..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/reproducible.patch +++ /dev/null | |||
@@ -1,32 +0,0 @@ | |||
1 | The value for perl_archname can vary depending on the host, e.g. | ||
2 | x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which | ||
3 | makes the ptest package non-reproducible. Its unused other than | ||
4 | these references so drop it. | ||
5 | |||
6 | RP 2020/2/6 | ||
7 | |||
8 | Upstream-Status: Pending | ||
9 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||
10 | |||
11 | Index: openssl-1.1.1d/Configure | ||
12 | =================================================================== | ||
13 | --- openssl-1.1.1d.orig/Configure | ||
14 | +++ openssl-1.1.1d/Configure | ||
15 | @@ -286,7 +286,7 @@ if (defined env($local_config_envname)) | ||
16 | # Save away perl command information | ||
17 | $config{perl_cmd} = $^X; | ||
18 | $config{perl_version} = $Config{version}; | ||
19 | -$config{perl_archname} = $Config{archname}; | ||
20 | +#$config{perl_archname} = $Config{archname}; | ||
21 | |||
22 | $config{prefix}=""; | ||
23 | $config{openssldir}=""; | ||
24 | @@ -2517,7 +2517,7 @@ _____ | ||
25 | @{$config{perlargv}}), "\n"; | ||
26 | print "\nPerl information:\n\n"; | ||
27 | print ' ',$config{perl_cmd},"\n"; | ||
28 | - print ' ',$config{perl_version},' for ',$config{perl_archname},"\n"; | ||
29 | + print ' ',$config{perl_version},"\n"; | ||
30 | } | ||
31 | if ($dump || $options) { | ||
32 | my $longest = 0; | ||
diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest index 3fb22471f8..c89ec5afa1 100644 --- a/meta/recipes-connectivity/openssl/openssl/run-ptest +++ b/meta/recipes-connectivity/openssl/openssl/run-ptest | |||
@@ -9,4 +9,4 @@ export TOP=. | |||
9 | # OPENSSL_ENGINES is relative from the test binaries | 9 | # OPENSSL_ENGINES is relative from the test binaries |
10 | export OPENSSL_ENGINES=../engines | 10 | export OPENSSL_ENGINES=../engines |
11 | 11 | ||
12 | perl ./test/run_tests.pl $* | perl -0pe 's#(.*) \.*.ok#PASS: \1#g; s#(.*) \.*.skipped: (.*)#SKIP: \1 (\2)#g; s#(.*) \.*.\nDubious#FAIL: \1#;' | 12 | { HARNESS_JOBS=4 perl ./test/run_tests.pl $* || echo "FAIL: openssl" ; } | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g' |