diff options
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl')
8 files changed, 494 insertions, 130 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch new file mode 100644 index 0000000000..aa2e5bb800 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch | |||
| @@ -0,0 +1,374 @@ | |||
| 1 | From 5ba65051fea0513db0d997f0ab7cafb9826ed74a Mon Sep 17 00:00:00 2001 | ||
| 2 | From: William Lyu <William.Lyu@windriver.com> | ||
| 3 | Date: Fri, 20 Oct 2023 16:22:37 -0400 | ||
| 4 | Subject: [PATCH] Added handshake history reporting when test fails | ||
| 5 | |||
| 6 | Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481] | ||
| 7 | |||
| 8 | Signed-off-by: William Lyu <William.Lyu@windriver.com> | ||
| 9 | --- | ||
| 10 | test/helpers/handshake.c | 139 +++++++++++++++++++++++++++++---------- | ||
| 11 | test/helpers/handshake.h | 70 +++++++++++++++++++- | ||
| 12 | test/ssl_test.c | 44 +++++++++++++ | ||
| 13 | 3 files changed, 218 insertions(+), 35 deletions(-) | ||
| 14 | |||
| 15 | diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c | ||
| 16 | index e0422469e4..ae2ad59dd4 100644 | ||
| 17 | --- a/test/helpers/handshake.c | ||
| 18 | +++ b/test/helpers/handshake.c | ||
| 19 | @@ -1,5 +1,5 @@ | ||
| 20 | /* | ||
| 21 | - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | ||
| 22 | + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. | ||
| 23 | * | ||
| 24 | * Licensed under the Apache License 2.0 (the "License"). You may not use | ||
| 25 | * this file except in compliance with the License. You can obtain a copy | ||
| 26 | @@ -24,6 +24,102 @@ | ||
| 27 | #include <netinet/sctp.h> | ||
| 28 | #endif | ||
| 29 | |||
| 30 | +/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ | ||
| 31 | +/* Maps string names to various enumeration type */ | ||
| 32 | +typedef struct { | ||
| 33 | + const char *name; | ||
| 34 | + int value; | ||
| 35 | +} enum_name_map; | ||
| 36 | + | ||
| 37 | +static const enum_name_map connect_phase_names[] = { | ||
| 38 | + {"Handshake", HANDSHAKE}, | ||
| 39 | + {"RenegAppData", RENEG_APPLICATION_DATA}, | ||
| 40 | + {"RenegSetup", RENEG_SETUP}, | ||
| 41 | + {"RenegHandshake", RENEG_HANDSHAKE}, | ||
| 42 | + {"AppData", APPLICATION_DATA}, | ||
| 43 | + {"Shutdown", SHUTDOWN}, | ||
| 44 | + {"ConnectionDone", CONNECTION_DONE} | ||
| 45 | +}; | ||
| 46 | + | ||
| 47 | +static const enum_name_map peer_status_names[] = { | ||
| 48 | + {"PeerSuccess", PEER_SUCCESS}, | ||
| 49 | + {"PeerRetry", PEER_RETRY}, | ||
| 50 | + {"PeerError", PEER_ERROR}, | ||
| 51 | + {"PeerWaiting", PEER_WAITING}, | ||
| 52 | + {"PeerTestFail", PEER_TEST_FAILURE} | ||
| 53 | +}; | ||
| 54 | + | ||
| 55 | +static const enum_name_map handshake_status_names[] = { | ||
| 56 | + {"HandshakeSuccess", HANDSHAKE_SUCCESS}, | ||
| 57 | + {"ClientError", CLIENT_ERROR}, | ||
| 58 | + {"ServerError", SERVER_ERROR}, | ||
| 59 | + {"InternalError", INTERNAL_ERROR}, | ||
| 60 | + {"HandshakeRetry", HANDSHAKE_RETRY} | ||
| 61 | +}; | ||
| 62 | + | ||
| 63 | +/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ | ||
| 64 | +static const char *enum_name(const enum_name_map *enums, size_t num_enums, | ||
| 65 | + int value) | ||
| 66 | +{ | ||
| 67 | + size_t i; | ||
| 68 | + for (i = 0; i < num_enums; i++) { | ||
| 69 | + if (enums[i].value == value) { | ||
| 70 | + return enums[i].name; | ||
| 71 | + } | ||
| 72 | + } | ||
| 73 | + return "InvalidValue"; | ||
| 74 | +} | ||
| 75 | + | ||
| 76 | +const char *handshake_connect_phase_name(connect_phase_t phase) | ||
| 77 | +{ | ||
| 78 | + return enum_name(connect_phase_names, OSSL_NELEM(connect_phase_names), | ||
| 79 | + (int)phase); | ||
| 80 | +} | ||
| 81 | + | ||
| 82 | +const char *handshake_status_name(handshake_status_t handshake_status) | ||
| 83 | +{ | ||
| 84 | + return enum_name(handshake_status_names, OSSL_NELEM(handshake_status_names), | ||
| 85 | + (int)handshake_status); | ||
| 86 | +} | ||
| 87 | + | ||
| 88 | +const char *handshake_peer_status_name(peer_status_t peer_status) | ||
| 89 | +{ | ||
| 90 | + return enum_name(peer_status_names, OSSL_NELEM(peer_status_names), | ||
| 91 | + (int)peer_status); | ||
| 92 | +} | ||
| 93 | + | ||
| 94 | +static void save_loop_history(HANDSHAKE_HISTORY *history, | ||
| 95 | + connect_phase_t phase, | ||
| 96 | + handshake_status_t handshake_status, | ||
| 97 | + peer_status_t server_status, | ||
| 98 | + peer_status_t client_status, | ||
| 99 | + int client_turn_count, | ||
| 100 | + int is_client_turn) | ||
| 101 | +{ | ||
| 102 | + HANDSHAKE_HISTORY_ENTRY *new_entry = NULL; | ||
| 103 | + | ||
| 104 | + /* | ||
| 105 | + * Create a new history entry for a handshake loop with statuses given in | ||
| 106 | + * the arguments. Potentially evicting the oldest entry when the | ||
| 107 | + * ring buffer is full. | ||
| 108 | + */ | ||
| 109 | + ++(history->last_idx); | ||
| 110 | + history->last_idx &= MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; | ||
| 111 | + | ||
| 112 | + new_entry = &((history->entries)[history->last_idx]); | ||
| 113 | + new_entry->phase = phase; | ||
| 114 | + new_entry->handshake_status = handshake_status; | ||
| 115 | + new_entry->server_status = server_status; | ||
| 116 | + new_entry->client_status = client_status; | ||
| 117 | + new_entry->client_turn_count = client_turn_count; | ||
| 118 | + new_entry->is_client_turn = is_client_turn; | ||
| 119 | + | ||
| 120 | + /* Evict the oldest handshake loop entry when the ring buffer is full. */ | ||
| 121 | + if (history->entry_count < MAX_HANDSHAKE_HISTORY_ENTRY) { | ||
| 122 | + ++(history->entry_count); | ||
| 123 | + } | ||
| 124 | +} | ||
| 125 | + | ||
| 126 | HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void) | ||
| 127 | { | ||
| 128 | HANDSHAKE_RESULT *ret; | ||
| 129 | @@ -719,15 +815,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client, | ||
| 130 | SSL_set_post_handshake_auth(client, 1); | ||
| 131 | } | ||
| 132 | |||
| 133 | -/* The status for each connection phase. */ | ||
| 134 | -typedef enum { | ||
| 135 | - PEER_SUCCESS, | ||
| 136 | - PEER_RETRY, | ||
| 137 | - PEER_ERROR, | ||
| 138 | - PEER_WAITING, | ||
| 139 | - PEER_TEST_FAILURE | ||
| 140 | -} peer_status_t; | ||
| 141 | - | ||
| 142 | /* An SSL object and associated read-write buffers. */ | ||
| 143 | typedef struct peer_st { | ||
| 144 | SSL *ssl; | ||
| 145 | @@ -1074,17 +1161,6 @@ static void do_shutdown_step(PEER *peer) | ||
| 146 | } | ||
| 147 | } | ||
| 148 | |||
| 149 | -typedef enum { | ||
| 150 | - HANDSHAKE, | ||
| 151 | - RENEG_APPLICATION_DATA, | ||
| 152 | - RENEG_SETUP, | ||
| 153 | - RENEG_HANDSHAKE, | ||
| 154 | - APPLICATION_DATA, | ||
| 155 | - SHUTDOWN, | ||
| 156 | - CONNECTION_DONE | ||
| 157 | -} connect_phase_t; | ||
| 158 | - | ||
| 159 | - | ||
| 160 | static int renegotiate_op(const SSL_TEST_CTX *test_ctx) | ||
| 161 | { | ||
| 162 | switch (test_ctx->handshake_mode) { | ||
| 163 | @@ -1162,19 +1238,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, | ||
| 164 | } | ||
| 165 | } | ||
| 166 | |||
| 167 | -typedef enum { | ||
| 168 | - /* Both parties succeeded. */ | ||
| 169 | - HANDSHAKE_SUCCESS, | ||
| 170 | - /* Client errored. */ | ||
| 171 | - CLIENT_ERROR, | ||
| 172 | - /* Server errored. */ | ||
| 173 | - SERVER_ERROR, | ||
| 174 | - /* Peers are in inconsistent state. */ | ||
| 175 | - INTERNAL_ERROR, | ||
| 176 | - /* One or both peers not done. */ | ||
| 177 | - HANDSHAKE_RETRY | ||
| 178 | -} handshake_status_t; | ||
| 179 | - | ||
| 180 | /* | ||
| 181 | * Determine the handshake outcome. | ||
| 182 | * last_status: the status of the peer to have acted last. | ||
| 183 | @@ -1539,6 +1602,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( | ||
| 184 | |||
| 185 | start = time(NULL); | ||
| 186 | |||
| 187 | + save_loop_history(&(ret->history), | ||
| 188 | + phase, status, server.status, client.status, | ||
| 189 | + client_turn_count, client_turn); | ||
| 190 | + | ||
| 191 | /* | ||
| 192 | * Half-duplex handshake loop. | ||
| 193 | * Client and server speak to each other synchronously in the same process. | ||
| 194 | @@ -1560,6 +1627,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( | ||
| 195 | 0 /* server went last */); | ||
| 196 | } | ||
| 197 | |||
| 198 | + save_loop_history(&(ret->history), | ||
| 199 | + phase, status, server.status, client.status, | ||
| 200 | + client_turn_count, client_turn); | ||
| 201 | + | ||
| 202 | switch (status) { | ||
| 203 | case HANDSHAKE_SUCCESS: | ||
| 204 | client_turn_count = 0; | ||
| 205 | diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h | ||
| 206 | index 78b03f9f4b..b9967c2623 100644 | ||
| 207 | --- a/test/helpers/handshake.h | ||
| 208 | +++ b/test/helpers/handshake.h | ||
| 209 | @@ -1,5 +1,5 @@ | ||
| 210 | /* | ||
| 211 | - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | ||
| 212 | + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. | ||
| 213 | * | ||
| 214 | * Licensed under the Apache License 2.0 (the "License"). You may not use | ||
| 215 | * this file except in compliance with the License. You can obtain a copy | ||
| 216 | @@ -12,6 +12,11 @@ | ||
| 217 | |||
| 218 | #include "ssl_test_ctx.h" | ||
| 219 | |||
| 220 | +#define MAX_HANDSHAKE_HISTORY_ENTRY_BIT 4 | ||
| 221 | +#define MAX_HANDSHAKE_HISTORY_ENTRY (1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) | ||
| 222 | +#define MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK \ | ||
| 223 | + ((1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) - 1) | ||
| 224 | + | ||
| 225 | typedef struct ctx_data_st { | ||
| 226 | unsigned char *npn_protocols; | ||
| 227 | size_t npn_protocols_len; | ||
| 228 | @@ -22,6 +27,63 @@ typedef struct ctx_data_st { | ||
| 229 | char *session_ticket_app_data; | ||
| 230 | } CTX_DATA; | ||
| 231 | |||
| 232 | +typedef enum { | ||
| 233 | + HANDSHAKE, | ||
| 234 | + RENEG_APPLICATION_DATA, | ||
| 235 | + RENEG_SETUP, | ||
| 236 | + RENEG_HANDSHAKE, | ||
| 237 | + APPLICATION_DATA, | ||
| 238 | + SHUTDOWN, | ||
| 239 | + CONNECTION_DONE | ||
| 240 | +} connect_phase_t; | ||
| 241 | + | ||
| 242 | +/* The status for each connection phase. */ | ||
| 243 | +typedef enum { | ||
| 244 | + PEER_SUCCESS, | ||
| 245 | + PEER_RETRY, | ||
| 246 | + PEER_ERROR, | ||
| 247 | + PEER_WAITING, | ||
| 248 | + PEER_TEST_FAILURE | ||
| 249 | +} peer_status_t; | ||
| 250 | + | ||
| 251 | +typedef enum { | ||
| 252 | + /* Both parties succeeded. */ | ||
| 253 | + HANDSHAKE_SUCCESS, | ||
| 254 | + /* Client errored. */ | ||
| 255 | + CLIENT_ERROR, | ||
| 256 | + /* Server errored. */ | ||
| 257 | + SERVER_ERROR, | ||
| 258 | + /* Peers are in inconsistent state. */ | ||
| 259 | + INTERNAL_ERROR, | ||
| 260 | + /* One or both peers not done. */ | ||
| 261 | + HANDSHAKE_RETRY | ||
| 262 | +} handshake_status_t; | ||
| 263 | + | ||
| 264 | +/* Stores the various status information in a handshake loop. */ | ||
| 265 | +typedef struct handshake_history_entry_st { | ||
| 266 | + connect_phase_t phase; | ||
| 267 | + handshake_status_t handshake_status; | ||
| 268 | + peer_status_t server_status; | ||
| 269 | + peer_status_t client_status; | ||
| 270 | + int client_turn_count; | ||
| 271 | + int is_client_turn; | ||
| 272 | +} HANDSHAKE_HISTORY_ENTRY; | ||
| 273 | + | ||
| 274 | +typedef struct handshake_history_st { | ||
| 275 | + /* Implemented using ring buffer. */ | ||
| 276 | + /* | ||
| 277 | + * The valid entries are |entries[last_idx]|, |entries[last_idx-1]|, | ||
| 278 | + * ..., etc., going up to |entry_count| number of entries. Note that when | ||
| 279 | + * the index into the array |entries| becomes < 0, we wrap around to | ||
| 280 | + * the end of |entries|. | ||
| 281 | + */ | ||
| 282 | + HANDSHAKE_HISTORY_ENTRY entries[MAX_HANDSHAKE_HISTORY_ENTRY]; | ||
| 283 | + /* The number of valid entries in |entries| array. */ | ||
| 284 | + size_t entry_count; | ||
| 285 | + /* The index of the last valid entry in the |entries| array. */ | ||
| 286 | + size_t last_idx; | ||
| 287 | +} HANDSHAKE_HISTORY; | ||
| 288 | + | ||
| 289 | typedef struct handshake_result { | ||
| 290 | ssl_test_result_t result; | ||
| 291 | /* These alerts are in the 2-byte format returned by the info_callback. */ | ||
| 292 | @@ -77,6 +139,8 @@ typedef struct handshake_result { | ||
| 293 | char *cipher; | ||
| 294 | /* session ticket application data */ | ||
| 295 | char *result_session_ticket_app_data; | ||
| 296 | + /* handshake loop history */ | ||
| 297 | + HANDSHAKE_HISTORY history; | ||
| 298 | } HANDSHAKE_RESULT; | ||
| 299 | |||
| 300 | HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); | ||
| 301 | @@ -95,4 +159,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, | ||
| 302 | CTX_DATA *server2_ctx_data, | ||
| 303 | CTX_DATA *client_ctx_data); | ||
| 304 | |||
| 305 | +const char *handshake_connect_phase_name(connect_phase_t phase); | ||
| 306 | +const char *handshake_status_name(handshake_status_t handshake_status); | ||
| 307 | +const char *handshake_peer_status_name(peer_status_t peer_status); | ||
| 308 | + | ||
| 309 | #endif /* OSSL_TEST_HANDSHAKE_HELPER_H */ | ||
| 310 | diff --git a/test/ssl_test.c b/test/ssl_test.c | ||
| 311 | index ea608518f9..9d6b093c81 100644 | ||
| 312 | --- a/test/ssl_test.c | ||
| 313 | +++ b/test/ssl_test.c | ||
| 314 | @@ -26,6 +26,44 @@ static OSSL_LIB_CTX *libctx = NULL; | ||
| 315 | /* Currently the section names are of the form test-<number>, e.g. test-15. */ | ||
| 316 | #define MAX_TESTCASE_NAME_LENGTH 100 | ||
| 317 | |||
| 318 | +static void print_handshake_history(const HANDSHAKE_HISTORY *history) | ||
| 319 | +{ | ||
| 320 | + size_t first_idx; | ||
| 321 | + size_t i; | ||
| 322 | + size_t cur_idx; | ||
| 323 | + const HANDSHAKE_HISTORY_ENTRY *cur_entry; | ||
| 324 | + const char header_template[] = "|%14s|%16s|%16s|%16s|%17s|%14s|"; | ||
| 325 | + const char body_template[] = "|%14s|%16s|%16s|%16s|%17d|%14s|"; | ||
| 326 | + | ||
| 327 | + TEST_info("The following is the server/client state " | ||
| 328 | + "in the most recent %d handshake loops.", | ||
| 329 | + MAX_HANDSHAKE_HISTORY_ENTRY); | ||
| 330 | + | ||
| 331 | + TEST_note("==================================================" | ||
| 332 | + "=================================================="); | ||
| 333 | + TEST_note(header_template, | ||
| 334 | + "phase", "handshake status", "server status", | ||
| 335 | + "client status", "client turn count", "is client turn"); | ||
| 336 | + TEST_note("+--------------+----------------+----------------" | ||
| 337 | + "+----------------+-----------------+--------------+"); | ||
| 338 | + | ||
| 339 | + first_idx = (history->last_idx - history->entry_count + 1) & | ||
| 340 | + MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; | ||
| 341 | + for (i = 0; i < history->entry_count; ++i) { | ||
| 342 | + cur_idx = (first_idx + i) & MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; | ||
| 343 | + cur_entry = &(history->entries)[cur_idx]; | ||
| 344 | + TEST_note(body_template, | ||
| 345 | + handshake_connect_phase_name(cur_entry->phase), | ||
| 346 | + handshake_status_name(cur_entry->handshake_status), | ||
| 347 | + handshake_peer_status_name(cur_entry->server_status), | ||
| 348 | + handshake_peer_status_name(cur_entry->client_status), | ||
| 349 | + cur_entry->client_turn_count, | ||
| 350 | + cur_entry->is_client_turn ? "true" : "false"); | ||
| 351 | + } | ||
| 352 | + TEST_note("==================================================" | ||
| 353 | + "=================================================="); | ||
| 354 | +} | ||
| 355 | + | ||
| 356 | static const char *print_alert(int alert) | ||
| 357 | { | ||
| 358 | return alert ? SSL_alert_desc_string_long(alert) : "no alert"; | ||
| 359 | @@ -388,6 +426,12 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) | ||
| 360 | ret &= check_client_sign_type(result, test_ctx); | ||
| 361 | ret &= check_client_ca_names(result, test_ctx); | ||
| 362 | } | ||
| 363 | + | ||
| 364 | + /* Print handshake loop history if any check fails. */ | ||
| 365 | + if (!ret) { | ||
| 366 | + print_handshake_history(&(result->history)); | ||
| 367 | + } | ||
| 368 | + | ||
| 369 | return ret; | ||
| 370 | } | ||
| 371 | |||
| 372 | -- | ||
| 373 | 2.25.1 | ||
| 374 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch new file mode 100644 index 0000000000..502a7aaf32 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch | |||
| @@ -0,0 +1,39 @@ | |||
| 1 | From 0377f0d5b5c1079e3b9a80881f4dcc891cbe9f9a Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Alexander Kanavin <alex@linutronix.de> | ||
| 3 | Date: Tue, 30 May 2023 09:11:27 -0700 | ||
| 4 | Subject: [PATCH] Configure: do not tweak mips cflags | ||
| 5 | |||
| 6 | This conflicts with mips machine definitons from yocto, | ||
| 7 | e.g. | ||
| 8 | | Error: -mips3 conflicts with the other architecture options, which imply -mips64r2 | ||
| 9 | |||
| 10 | Upstream-Status: Inappropriate [oe-core specific] | ||
| 11 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> | ||
| 12 | |||
| 13 | Refreshed for openssl-3.1.1 | ||
| 14 | Signed-off-by: Tim Orling <tim.orling@konsulko.com> | ||
| 15 | --- | ||
| 16 | Configure | 10 ---------- | ||
| 17 | 1 file changed, 10 deletions(-) | ||
| 18 | |||
| 19 | diff --git a/Configure b/Configure | ||
| 20 | index 4569952..adf019b 100755 | ||
| 21 | --- a/Configure | ||
| 22 | +++ b/Configure | ||
| 23 | @@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) | ||
| 24 | push @{$config{shared_ldflag}}, "-mno-cygwin"; | ||
| 25 | } | ||
| 26 | |||
| 27 | -if ($target =~ /linux.*-mips/ && !$disabled{asm} | ||
| 28 | - && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { | ||
| 29 | - # minimally required architecture flags for assembly modules | ||
| 30 | - my $value; | ||
| 31 | - $value = '-mips2' if ($target =~ /mips32/); | ||
| 32 | - $value = '-mips3' if ($target =~ /mips64/); | ||
| 33 | - unshift @{$config{cflags}}, $value; | ||
| 34 | - unshift @{$config{cxxflags}}, $value if $config{CXX}; | ||
| 35 | -} | ||
| 36 | - | ||
| 37 | # If threads aren't disabled, check how possible they are | ||
| 38 | unless ($disabled{threads}) { | ||
| 39 | if ($auto_threads) { | ||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch index 949c788344..bafdbaa46f 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 3e1d00481093e10775eaf69d619c45b32a4aa7dc Mon Sep 17 00:00:00 2001 | 1 | From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001 |
| 2 | From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com> | 2 | From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com> |
| 3 | Date: Tue, 6 Nov 2018 14:50:47 +0100 | 3 | Date: Tue, 6 Nov 2018 14:50:47 +0100 |
| 4 | Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler | 4 | Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler |
| @@ -21,20 +21,24 @@ https://patchwork.openembedded.org/patch/147229/ | |||
| 21 | Upstream-Status: Inappropriate [OE specific] | 21 | Upstream-Status: Inappropriate [OE specific] |
| 22 | Signed-off-by: Martin Hundebøll <martin@geanix.com> | 22 | Signed-off-by: Martin Hundebøll <martin@geanix.com> |
| 23 | 23 | ||
| 24 | |||
| 25 | Update to fix buildpaths qa issue for '-fmacro-prefix-map'. | 24 | Update to fix buildpaths qa issue for '-fmacro-prefix-map'. |
| 26 | 25 | ||
| 27 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | 26 | Signed-off-by: Kai Kang <kai.kang@windriver.com> |
| 27 | |||
| 28 | Update to fix buildpaths qa issue for '-ffile-prefix-map'. | ||
| 29 | |||
| 30 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 31 | |||
| 28 | --- | 32 | --- |
| 29 | Configurations/unix-Makefile.tmpl | 10 +++++++++- | 33 | Configurations/unix-Makefile.tmpl | 12 +++++++++++- |
| 30 | crypto/build.info | 2 +- | 34 | crypto/build.info | 2 +- |
| 31 | 2 files changed, 10 insertions(+), 2 deletions(-) | 35 | 2 files changed, 12 insertions(+), 2 deletions(-) |
| 32 | 36 | ||
| 33 | diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl | 37 | Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl |
| 34 | index 16af4d2087..54c162784c 100644 | 38 | =================================================================== |
| 35 | --- a/Configurations/unix-Makefile.tmpl | 39 | --- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl |
| 36 | +++ b/Configurations/unix-Makefile.tmpl | 40 | +++ openssl-3.0.4/Configurations/unix-Makefile.tmpl |
| 37 | @@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), | 41 | @@ -472,13 +472,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lfl |
| 38 | '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} | 42 | '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} |
| 39 | BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) | 43 | BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) |
| 40 | 44 | ||
| @@ -49,6 +53,7 @@ index 16af4d2087..54c162784c 100644 | |||
| 49 | +CFLAGS_Q={- for (@{$config{CFLAGS}}) { | 53 | +CFLAGS_Q={- for (@{$config{CFLAGS}}) { |
| 50 | + s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; | 54 | + s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; |
| 51 | + s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; | 55 | + s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; |
| 56 | + s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g; | ||
| 52 | + } | 57 | + } |
| 53 | + join(' ', @{$config{CFLAGS}}) -} | 58 | + join(' ', @{$config{CFLAGS}}) -} |
| 54 | + | 59 | + |
| @@ -58,19 +63,16 @@ index 16af4d2087..54c162784c 100644 | |||
| 58 | PERLASM_SCHEME= {- $target{perlasm_scheme} -} | 63 | PERLASM_SCHEME= {- $target{perlasm_scheme} -} |
| 59 | 64 | ||
| 60 | # For x86 assembler: Set PROCESSOR to 386 if you want to support | 65 | # For x86 assembler: Set PROCESSOR to 386 if you want to support |
| 61 | diff --git a/crypto/build.info b/crypto/build.info | 66 | Index: openssl-3.0.4/crypto/build.info |
| 62 | index b515b7318e..8c9cee2a09 100644 | 67 | =================================================================== |
| 63 | --- a/crypto/build.info | 68 | --- openssl-3.0.4.orig/crypto/build.info |
| 64 | +++ b/crypto/build.info | 69 | +++ openssl-3.0.4/crypto/build.info |
| 65 | @@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ | 70 | @@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF |
| 66 | ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl | ||
| 67 | 71 | ||
| 72 | DEPEND[info.o]=buildinf.h | ||
| 68 | DEPEND[cversion.o]=buildinf.h | 73 | DEPEND[cversion.o]=buildinf.h |
| 69 | -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" | 74 | -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" |
| 70 | +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" | 75 | +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" |
| 71 | DEPEND[buildinf.h]=../configdata.pm | ||
| 72 | 76 | ||
| 73 | GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME) | 77 | GENERATE[uplink-x86.S]=../ms/uplink-x86.pl |
| 74 | -- | 78 | GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl |
| 75 | 2.19.1 | ||
| 76 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch b/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch deleted file mode 100644 index d8d9651b64..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch +++ /dev/null | |||
| @@ -1,46 +0,0 @@ | |||
| 1 | From a9401b2289656c5a36dd1b0ecebf0d23e291ce70 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Hongxu Jia <hongxu.jia@windriver.com> | ||
| 3 | Date: Tue, 2 Oct 2018 23:58:24 +0800 | ||
| 4 | Subject: [PATCH] skip test_symbol_presence | ||
| 5 | |||
| 6 | We cannot skip `01-test_symbol_presence.t' by configuring option `no-shared' | ||
| 7 | as INSTALL told us the shared libraries will not be built. | ||
| 8 | |||
| 9 | [INSTALL snip] | ||
| 10 | Notes on shared libraries | ||
| 11 | ------------------------- | ||
| 12 | |||
| 13 | For most systems the OpenSSL Configure script knows what is needed to | ||
| 14 | build shared libraries for libcrypto and libssl. On these systems | ||
| 15 | the shared libraries will be created by default. This can be suppressed and | ||
| 16 | only static libraries created by using the "no-shared" option. On systems | ||
| 17 | where OpenSSL does not know how to build shared libraries the "no-shared" | ||
| 18 | option will be forced and only static libraries will be created. | ||
| 19 | [INSTALL snip] | ||
| 20 | |||
| 21 | Hence directly modification the case to skip it. | ||
| 22 | |||
| 23 | Upstream-Status: Inappropriate [OE Specific] | ||
| 24 | |||
| 25 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
| 26 | --- | ||
| 27 | test/recipes/01-test_symbol_presence.t | 3 +-- | ||
| 28 | 1 file changed, 1 insertion(+), 2 deletions(-) | ||
| 29 | |||
| 30 | diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t | ||
| 31 | index 7f2a2d7..0b93745 100644 | ||
| 32 | --- a/test/recipes/01-test_symbol_presence.t | ||
| 33 | +++ b/test/recipes/01-test_symbol_presence.t | ||
| 34 | @@ -14,8 +14,7 @@ use OpenSSL::Test::Utils; | ||
| 35 | |||
| 36 | setup("test_symbol_presence"); | ||
| 37 | |||
| 38 | -plan skip_all => "Only useful when building shared libraries" | ||
| 39 | - if disabled("shared"); | ||
| 40 | +plan skip_all => "The case needs debug symbols then we just disable it"; | ||
| 41 | |||
| 42 | my @libnames = ("crypto", "ssl"); | ||
| 43 | my $testcount = scalar @libnames; | ||
| 44 | -- | ||
| 45 | 2.7.4 | ||
| 46 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch deleted file mode 100644 index b7c0e9697f..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/afalg.patch +++ /dev/null | |||
| @@ -1,31 +0,0 @@ | |||
| 1 | Don't refuse to build afalgeng if cross-compiling or the host kernel is too old. | ||
| 2 | |||
| 3 | Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688] | ||
| 4 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
| 5 | |||
| 6 | diff --git a/Configure b/Configure | ||
| 7 | index 3baa8ce..9ef52ed 100755 | ||
| 8 | --- a/Configure | ||
| 9 | +++ b/Configure | ||
| 10 | @@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"}) | ||
| 11 | unless ($disabled{afalgeng}) { | ||
| 12 | $config{afalgeng}=""; | ||
| 13 | if (grep { $_ eq 'afalgeng' } @{$target{enable}}) { | ||
| 14 | - my $minver = 4*10000 + 1*100 + 0; | ||
| 15 | - if ($config{CROSS_COMPILE} eq "") { | ||
| 16 | - my $verstr = `uname -r`; | ||
| 17 | - my ($ma, $mi1, $mi2) = split("\\.", $verstr); | ||
| 18 | - ($mi2) = $mi2 =~ /(\d+)/; | ||
| 19 | - my $ver = $ma*10000 + $mi1*100 + $mi2; | ||
| 20 | - if ($ver < $minver) { | ||
| 21 | - disable('too-old-kernel', 'afalgeng'); | ||
| 22 | - } else { | ||
| 23 | - push @{$config{engdirs}}, "afalg"; | ||
| 24 | - } | ||
| 25 | - } else { | ||
| 26 | - disable('cross-compiling', 'afalgeng'); | ||
| 27 | - } | ||
| 28 | + push @{$config{engdirs}}, "afalg"; | ||
| 29 | } else { | ||
| 30 | disable('not-linux', 'afalgeng'); | ||
| 31 | } | ||
diff --git a/meta/recipes-connectivity/openssl/openssl/bti.patch b/meta/recipes-connectivity/openssl/openssl/bti.patch new file mode 100644 index 0000000000..748576c30c --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/bti.patch | |||
| @@ -0,0 +1,58 @@ | |||
| 1 | From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Tom Cosgrove <tom.cosgrove@arm.com> | ||
| 3 | Date: Tue, 26 Mar 2024 13:18:00 +0000 | ||
| 4 | Subject: [PATCH] aarch64: fix BTI in bsaes assembly code | ||
| 5 | |||
| 6 | In Arm systems where BTI is enabled but the Crypto extensions are not (more | ||
| 7 | likely in FVPs than in real hardware), the bit-sliced assembler code will | ||
| 8 | be used. However, this wasn't annotated with BTI instructions when BTI was | ||
| 9 | enabled, so the moment libssl jumps into this code it (correctly) aborts. | ||
| 10 | |||
| 11 | Solve this by adding the missing BTI landing pads. | ||
| 12 | |||
| 13 | Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982] | ||
| 14 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
| 15 | --- | ||
| 16 | crypto/aes/asm/bsaes-armv8.pl | 5 ++++- | ||
| 17 | 1 file changed, 4 insertions(+), 1 deletion(-) | ||
| 18 | |||
| 19 | diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl | ||
| 20 | index b3c97e439f..c3c5ff3e05 100644 | ||
| 21 | --- a/crypto/aes/asm/bsaes-armv8.pl | ||
| 22 | +++ b/crypto/aes/asm/bsaes-armv8.pl | ||
| 23 | @@ -1018,6 +1018,7 @@ _bsaes_key_convert: | ||
| 24 | // Initialisation vector overwritten with last quadword of ciphertext | ||
| 25 | // No output registers, usual AAPCS64 register preservation | ||
| 26 | ossl_bsaes_cbc_encrypt: | ||
| 27 | + AARCH64_VALID_CALL_TARGET | ||
| 28 | cmp x2, #128 | ||
| 29 | bhs .Lcbc_do_bsaes | ||
| 30 | b AES_cbc_encrypt | ||
| 31 | @@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt: | ||
| 32 | // Output text filled in | ||
| 33 | // No output registers, usual AAPCS64 register preservation | ||
| 34 | ossl_bsaes_ctr32_encrypt_blocks: | ||
| 35 | - | ||
| 36 | + AARCH64_VALID_CALL_TARGET | ||
| 37 | cmp x2, #8 // use plain AES for | ||
| 38 | blo .Lctr_enc_short // small sizes | ||
| 39 | |||
| 40 | @@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks: | ||
| 41 | // Output ciphertext filled in | ||
| 42 | // No output registers, usual AAPCS64 register preservation | ||
| 43 | ossl_bsaes_xts_encrypt: | ||
| 44 | + AARCH64_VALID_CALL_TARGET | ||
| 45 | // Stack layout: | ||
| 46 | // sp -> | ||
| 47 | // nrounds*128-96 bytes: key schedule | ||
| 48 | @@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt: | ||
| 49 | // Output plaintext filled in | ||
| 50 | // No output registers, usual AAPCS64 register preservation | ||
| 51 | ossl_bsaes_xts_decrypt: | ||
| 52 | + AARCH64_VALID_CALL_TARGET | ||
| 53 | // Stack layout: | ||
| 54 | // sp -> | ||
| 55 | // nrounds*128-96 bytes: key schedule | ||
| 56 | -- | ||
| 57 | 2.34.1 | ||
| 58 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/meta/recipes-connectivity/openssl/openssl/reproducible.patch deleted file mode 100644 index a24260c95d..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/reproducible.patch +++ /dev/null | |||
| @@ -1,32 +0,0 @@ | |||
| 1 | The value for perl_archname can vary depending on the host, e.g. | ||
| 2 | x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which | ||
| 3 | makes the ptest package non-reproducible. Its unused other than | ||
| 4 | these references so drop it. | ||
| 5 | |||
| 6 | RP 2020/2/6 | ||
| 7 | |||
| 8 | Upstream-Status: Pending | ||
| 9 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||
| 10 | |||
| 11 | Index: openssl-1.1.1d/Configure | ||
| 12 | =================================================================== | ||
| 13 | --- openssl-1.1.1d.orig/Configure | ||
| 14 | +++ openssl-1.1.1d/Configure | ||
| 15 | @@ -286,7 +286,7 @@ if (defined env($local_config_envname)) | ||
| 16 | # Save away perl command information | ||
| 17 | $config{perl_cmd} = $^X; | ||
| 18 | $config{perl_version} = $Config{version}; | ||
| 19 | -$config{perl_archname} = $Config{archname}; | ||
| 20 | +#$config{perl_archname} = $Config{archname}; | ||
| 21 | |||
| 22 | $config{prefix}=""; | ||
| 23 | $config{openssldir}=""; | ||
| 24 | @@ -2517,7 +2517,7 @@ _____ | ||
| 25 | @{$config{perlargv}}), "\n"; | ||
| 26 | print "\nPerl information:\n\n"; | ||
| 27 | print ' ',$config{perl_cmd},"\n"; | ||
| 28 | - print ' ',$config{perl_version},' for ',$config{perl_archname},"\n"; | ||
| 29 | + print ' ',$config{perl_version},"\n"; | ||
| 30 | } | ||
| 31 | if ($dump || $options) { | ||
| 32 | my $longest = 0; | ||
diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest index 3fb22471f8..c89ec5afa1 100644 --- a/meta/recipes-connectivity/openssl/openssl/run-ptest +++ b/meta/recipes-connectivity/openssl/openssl/run-ptest | |||
| @@ -9,4 +9,4 @@ export TOP=. | |||
| 9 | # OPENSSL_ENGINES is relative from the test binaries | 9 | # OPENSSL_ENGINES is relative from the test binaries |
| 10 | export OPENSSL_ENGINES=../engines | 10 | export OPENSSL_ENGINES=../engines |
| 11 | 11 | ||
| 12 | perl ./test/run_tests.pl $* | perl -0pe 's#(.*) \.*.ok#PASS: \1#g; s#(.*) \.*.skipped: (.*)#SKIP: \1 (\2)#g; s#(.*) \.*.\nDubious#FAIL: \1#;' | 12 | { HARNESS_JOBS=4 perl ./test/run_tests.pl $* || echo "FAIL: openssl" ; } | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g' |