summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/openssl')
-rw-r--r--meta/recipes-connectivity/openssl/files/environment.d-openssl.sh5
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch374
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch39
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-Implement-riscv_vlen_asm-for-riscv32.patch43
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch42
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch46
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0003-Add-support-for-io_pgetevents_time64-syscall.patch62
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0004-Fixup-support-for-io_pgetevents_time64-syscall.patch99
-rw-r--r--meta/recipes-connectivity/openssl/openssl/afalg.patch31
-rw-r--r--meta/recipes-connectivity/openssl/openssl/reproducible.patch32
-rw-r--r--meta/recipes-connectivity/openssl/openssl/run-ptest2
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.1.1k.bb248
-rw-r--r--meta/recipes-connectivity/openssl/openssl_3.3.1.bb259
13 files changed, 743 insertions, 539 deletions
diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
index b9cc24a7ac..f90088aab7 100644
--- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
+++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
@@ -1 +1,6 @@
1export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf" 1export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf"
2export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs"
3export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt"
4export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/"
5export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3"
6export BB_ENV_PASSTHROUGH_ADDITIONS="$BB_ENV_PASSTHROUGH_ADDITIONS SSL_CERT_DIR SSL_CERT_FILE OPENSSL_CONF OPENSSL_MODULES OPENSSL_ENGINES"
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch
new file mode 100644
index 0000000000..aa2e5bb800
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch
@@ -0,0 +1,374 @@
1From 5ba65051fea0513db0d997f0ab7cafb9826ed74a Mon Sep 17 00:00:00 2001
2From: William Lyu <William.Lyu@windriver.com>
3Date: Fri, 20 Oct 2023 16:22:37 -0400
4Subject: [PATCH] Added handshake history reporting when test fails
5
6Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481]
7
8Signed-off-by: William Lyu <William.Lyu@windriver.com>
9---
10 test/helpers/handshake.c | 139 +++++++++++++++++++++++++++++----------
11 test/helpers/handshake.h | 70 +++++++++++++++++++-
12 test/ssl_test.c | 44 +++++++++++++
13 3 files changed, 218 insertions(+), 35 deletions(-)
14
15diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c
16index e0422469e4..ae2ad59dd4 100644
17--- a/test/helpers/handshake.c
18+++ b/test/helpers/handshake.c
19@@ -1,5 +1,5 @@
20 /*
21- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
22+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
23 *
24 * Licensed under the Apache License 2.0 (the "License"). You may not use
25 * this file except in compliance with the License. You can obtain a copy
26@@ -24,6 +24,102 @@
27 #include <netinet/sctp.h>
28 #endif
29
30+/* Shamelessly copied from test/helpers/ssl_test_ctx.c */
31+/* Maps string names to various enumeration type */
32+typedef struct {
33+ const char *name;
34+ int value;
35+} enum_name_map;
36+
37+static const enum_name_map connect_phase_names[] = {
38+ {"Handshake", HANDSHAKE},
39+ {"RenegAppData", RENEG_APPLICATION_DATA},
40+ {"RenegSetup", RENEG_SETUP},
41+ {"RenegHandshake", RENEG_HANDSHAKE},
42+ {"AppData", APPLICATION_DATA},
43+ {"Shutdown", SHUTDOWN},
44+ {"ConnectionDone", CONNECTION_DONE}
45+};
46+
47+static const enum_name_map peer_status_names[] = {
48+ {"PeerSuccess", PEER_SUCCESS},
49+ {"PeerRetry", PEER_RETRY},
50+ {"PeerError", PEER_ERROR},
51+ {"PeerWaiting", PEER_WAITING},
52+ {"PeerTestFail", PEER_TEST_FAILURE}
53+};
54+
55+static const enum_name_map handshake_status_names[] = {
56+ {"HandshakeSuccess", HANDSHAKE_SUCCESS},
57+ {"ClientError", CLIENT_ERROR},
58+ {"ServerError", SERVER_ERROR},
59+ {"InternalError", INTERNAL_ERROR},
60+ {"HandshakeRetry", HANDSHAKE_RETRY}
61+};
62+
63+/* Shamelessly copied from test/helpers/ssl_test_ctx.c */
64+static const char *enum_name(const enum_name_map *enums, size_t num_enums,
65+ int value)
66+{
67+ size_t i;
68+ for (i = 0; i < num_enums; i++) {
69+ if (enums[i].value == value) {
70+ return enums[i].name;
71+ }
72+ }
73+ return "InvalidValue";
74+}
75+
76+const char *handshake_connect_phase_name(connect_phase_t phase)
77+{
78+ return enum_name(connect_phase_names, OSSL_NELEM(connect_phase_names),
79+ (int)phase);
80+}
81+
82+const char *handshake_status_name(handshake_status_t handshake_status)
83+{
84+ return enum_name(handshake_status_names, OSSL_NELEM(handshake_status_names),
85+ (int)handshake_status);
86+}
87+
88+const char *handshake_peer_status_name(peer_status_t peer_status)
89+{
90+ return enum_name(peer_status_names, OSSL_NELEM(peer_status_names),
91+ (int)peer_status);
92+}
93+
94+static void save_loop_history(HANDSHAKE_HISTORY *history,
95+ connect_phase_t phase,
96+ handshake_status_t handshake_status,
97+ peer_status_t server_status,
98+ peer_status_t client_status,
99+ int client_turn_count,
100+ int is_client_turn)
101+{
102+ HANDSHAKE_HISTORY_ENTRY *new_entry = NULL;
103+
104+ /*
105+ * Create a new history entry for a handshake loop with statuses given in
106+ * the arguments. Potentially evicting the oldest entry when the
107+ * ring buffer is full.
108+ */
109+ ++(history->last_idx);
110+ history->last_idx &= MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK;
111+
112+ new_entry = &((history->entries)[history->last_idx]);
113+ new_entry->phase = phase;
114+ new_entry->handshake_status = handshake_status;
115+ new_entry->server_status = server_status;
116+ new_entry->client_status = client_status;
117+ new_entry->client_turn_count = client_turn_count;
118+ new_entry->is_client_turn = is_client_turn;
119+
120+ /* Evict the oldest handshake loop entry when the ring buffer is full. */
121+ if (history->entry_count < MAX_HANDSHAKE_HISTORY_ENTRY) {
122+ ++(history->entry_count);
123+ }
124+}
125+
126 HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void)
127 {
128 HANDSHAKE_RESULT *ret;
129@@ -719,15 +815,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client,
130 SSL_set_post_handshake_auth(client, 1);
131 }
132
133-/* The status for each connection phase. */
134-typedef enum {
135- PEER_SUCCESS,
136- PEER_RETRY,
137- PEER_ERROR,
138- PEER_WAITING,
139- PEER_TEST_FAILURE
140-} peer_status_t;
141-
142 /* An SSL object and associated read-write buffers. */
143 typedef struct peer_st {
144 SSL *ssl;
145@@ -1074,17 +1161,6 @@ static void do_shutdown_step(PEER *peer)
146 }
147 }
148
149-typedef enum {
150- HANDSHAKE,
151- RENEG_APPLICATION_DATA,
152- RENEG_SETUP,
153- RENEG_HANDSHAKE,
154- APPLICATION_DATA,
155- SHUTDOWN,
156- CONNECTION_DONE
157-} connect_phase_t;
158-
159-
160 static int renegotiate_op(const SSL_TEST_CTX *test_ctx)
161 {
162 switch (test_ctx->handshake_mode) {
163@@ -1162,19 +1238,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer,
164 }
165 }
166
167-typedef enum {
168- /* Both parties succeeded. */
169- HANDSHAKE_SUCCESS,
170- /* Client errored. */
171- CLIENT_ERROR,
172- /* Server errored. */
173- SERVER_ERROR,
174- /* Peers are in inconsistent state. */
175- INTERNAL_ERROR,
176- /* One or both peers not done. */
177- HANDSHAKE_RETRY
178-} handshake_status_t;
179-
180 /*
181 * Determine the handshake outcome.
182 * last_status: the status of the peer to have acted last.
183@@ -1539,6 +1602,10 @@ static HANDSHAKE_RESULT *do_handshake_internal(
184
185 start = time(NULL);
186
187+ save_loop_history(&(ret->history),
188+ phase, status, server.status, client.status,
189+ client_turn_count, client_turn);
190+
191 /*
192 * Half-duplex handshake loop.
193 * Client and server speak to each other synchronously in the same process.
194@@ -1560,6 +1627,10 @@ static HANDSHAKE_RESULT *do_handshake_internal(
195 0 /* server went last */);
196 }
197
198+ save_loop_history(&(ret->history),
199+ phase, status, server.status, client.status,
200+ client_turn_count, client_turn);
201+
202 switch (status) {
203 case HANDSHAKE_SUCCESS:
204 client_turn_count = 0;
205diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h
206index 78b03f9f4b..b9967c2623 100644
207--- a/test/helpers/handshake.h
208+++ b/test/helpers/handshake.h
209@@ -1,5 +1,5 @@
210 /*
211- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
212+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
213 *
214 * Licensed under the Apache License 2.0 (the "License"). You may not use
215 * this file except in compliance with the License. You can obtain a copy
216@@ -12,6 +12,11 @@
217
218 #include "ssl_test_ctx.h"
219
220+#define MAX_HANDSHAKE_HISTORY_ENTRY_BIT 4
221+#define MAX_HANDSHAKE_HISTORY_ENTRY (1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT)
222+#define MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK \
223+ ((1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) - 1)
224+
225 typedef struct ctx_data_st {
226 unsigned char *npn_protocols;
227 size_t npn_protocols_len;
228@@ -22,6 +27,63 @@ typedef struct ctx_data_st {
229 char *session_ticket_app_data;
230 } CTX_DATA;
231
232+typedef enum {
233+ HANDSHAKE,
234+ RENEG_APPLICATION_DATA,
235+ RENEG_SETUP,
236+ RENEG_HANDSHAKE,
237+ APPLICATION_DATA,
238+ SHUTDOWN,
239+ CONNECTION_DONE
240+} connect_phase_t;
241+
242+/* The status for each connection phase. */
243+typedef enum {
244+ PEER_SUCCESS,
245+ PEER_RETRY,
246+ PEER_ERROR,
247+ PEER_WAITING,
248+ PEER_TEST_FAILURE
249+} peer_status_t;
250+
251+typedef enum {
252+ /* Both parties succeeded. */
253+ HANDSHAKE_SUCCESS,
254+ /* Client errored. */
255+ CLIENT_ERROR,
256+ /* Server errored. */
257+ SERVER_ERROR,
258+ /* Peers are in inconsistent state. */
259+ INTERNAL_ERROR,
260+ /* One or both peers not done. */
261+ HANDSHAKE_RETRY
262+} handshake_status_t;
263+
264+/* Stores the various status information in a handshake loop. */
265+typedef struct handshake_history_entry_st {
266+ connect_phase_t phase;
267+ handshake_status_t handshake_status;
268+ peer_status_t server_status;
269+ peer_status_t client_status;
270+ int client_turn_count;
271+ int is_client_turn;
272+} HANDSHAKE_HISTORY_ENTRY;
273+
274+typedef struct handshake_history_st {
275+ /* Implemented using ring buffer. */
276+ /*
277+ * The valid entries are |entries[last_idx]|, |entries[last_idx-1]|,
278+ * ..., etc., going up to |entry_count| number of entries. Note that when
279+ * the index into the array |entries| becomes < 0, we wrap around to
280+ * the end of |entries|.
281+ */
282+ HANDSHAKE_HISTORY_ENTRY entries[MAX_HANDSHAKE_HISTORY_ENTRY];
283+ /* The number of valid entries in |entries| array. */
284+ size_t entry_count;
285+ /* The index of the last valid entry in the |entries| array. */
286+ size_t last_idx;
287+} HANDSHAKE_HISTORY;
288+
289 typedef struct handshake_result {
290 ssl_test_result_t result;
291 /* These alerts are in the 2-byte format returned by the info_callback. */
292@@ -77,6 +139,8 @@ typedef struct handshake_result {
293 char *cipher;
294 /* session ticket application data */
295 char *result_session_ticket_app_data;
296+ /* handshake loop history */
297+ HANDSHAKE_HISTORY history;
298 } HANDSHAKE_RESULT;
299
300 HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void);
301@@ -95,4 +159,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
302 CTX_DATA *server2_ctx_data,
303 CTX_DATA *client_ctx_data);
304
305+const char *handshake_connect_phase_name(connect_phase_t phase);
306+const char *handshake_status_name(handshake_status_t handshake_status);
307+const char *handshake_peer_status_name(peer_status_t peer_status);
308+
309 #endif /* OSSL_TEST_HANDSHAKE_HELPER_H */
310diff --git a/test/ssl_test.c b/test/ssl_test.c
311index ea608518f9..9d6b093c81 100644
312--- a/test/ssl_test.c
313+++ b/test/ssl_test.c
314@@ -26,6 +26,44 @@ static OSSL_LIB_CTX *libctx = NULL;
315 /* Currently the section names are of the form test-<number>, e.g. test-15. */
316 #define MAX_TESTCASE_NAME_LENGTH 100
317
318+static void print_handshake_history(const HANDSHAKE_HISTORY *history)
319+{
320+ size_t first_idx;
321+ size_t i;
322+ size_t cur_idx;
323+ const HANDSHAKE_HISTORY_ENTRY *cur_entry;
324+ const char header_template[] = "|%14s|%16s|%16s|%16s|%17s|%14s|";
325+ const char body_template[] = "|%14s|%16s|%16s|%16s|%17d|%14s|";
326+
327+ TEST_info("The following is the server/client state "
328+ "in the most recent %d handshake loops.",
329+ MAX_HANDSHAKE_HISTORY_ENTRY);
330+
331+ TEST_note("=================================================="
332+ "==================================================");
333+ TEST_note(header_template,
334+ "phase", "handshake status", "server status",
335+ "client status", "client turn count", "is client turn");
336+ TEST_note("+--------------+----------------+----------------"
337+ "+----------------+-----------------+--------------+");
338+
339+ first_idx = (history->last_idx - history->entry_count + 1) &
340+ MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK;
341+ for (i = 0; i < history->entry_count; ++i) {
342+ cur_idx = (first_idx + i) & MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK;
343+ cur_entry = &(history->entries)[cur_idx];
344+ TEST_note(body_template,
345+ handshake_connect_phase_name(cur_entry->phase),
346+ handshake_status_name(cur_entry->handshake_status),
347+ handshake_peer_status_name(cur_entry->server_status),
348+ handshake_peer_status_name(cur_entry->client_status),
349+ cur_entry->client_turn_count,
350+ cur_entry->is_client_turn ? "true" : "false");
351+ }
352+ TEST_note("=================================================="
353+ "==================================================");
354+}
355+
356 static const char *print_alert(int alert)
357 {
358 return alert ? SSL_alert_desc_string_long(alert) : "no alert";
359@@ -388,6 +426,12 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
360 ret &= check_client_sign_type(result, test_ctx);
361 ret &= check_client_ca_names(result, test_ctx);
362 }
363+
364+ /* Print handshake loop history if any check fails. */
365+ if (!ret) {
366+ print_handshake_history(&(result->history));
367+ }
368+
369 return ret;
370 }
371
372--
3732.25.1
374
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
new file mode 100644
index 0000000000..502a7aaf32
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
@@ -0,0 +1,39 @@
1From 0377f0d5b5c1079e3b9a80881f4dcc891cbe9f9a Mon Sep 17 00:00:00 2001
2From: Alexander Kanavin <alex@linutronix.de>
3Date: Tue, 30 May 2023 09:11:27 -0700
4Subject: [PATCH] Configure: do not tweak mips cflags
5
6This conflicts with mips machine definitons from yocto,
7e.g.
8| Error: -mips3 conflicts with the other architecture options, which imply -mips64r2
9
10Upstream-Status: Inappropriate [oe-core specific]
11Signed-off-by: Alexander Kanavin <alex@linutronix.de>
12
13Refreshed for openssl-3.1.1
14Signed-off-by: Tim Orling <tim.orling@konsulko.com>
15---
16 Configure | 10 ----------
17 1 file changed, 10 deletions(-)
18
19diff --git a/Configure b/Configure
20index 4569952..adf019b 100755
21--- a/Configure
22+++ b/Configure
23@@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
24 push @{$config{shared_ldflag}}, "-mno-cygwin";
25 }
26
27-if ($target =~ /linux.*-mips/ && !$disabled{asm}
28- && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
29- # minimally required architecture flags for assembly modules
30- my $value;
31- $value = '-mips2' if ($target =~ /mips32/);
32- $value = '-mips3' if ($target =~ /mips64/);
33- unshift @{$config{cflags}}, $value;
34- unshift @{$config{cxxflags}}, $value if $config{CXX};
35-}
36-
37 # If threads aren't disabled, check how possible they are
38 unless ($disabled{threads}) {
39 if ($auto_threads) {
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Implement-riscv_vlen_asm-for-riscv32.patch b/meta/recipes-connectivity/openssl/openssl/0001-Implement-riscv_vlen_asm-for-riscv32.patch
new file mode 100644
index 0000000000..e398d1074a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Implement-riscv_vlen_asm-for-riscv32.patch
@@ -0,0 +1,43 @@
1From 725b1530456545e8511adc9cbdd265309dffad53 Mon Sep 17 00:00:00 2001
2From: Hongren Zheng <i@zenithal.me>
3Date: Fri, 26 Apr 2024 06:03:43 +0000
4Subject: [PATCH] Implement riscv_vlen_asm for riscv32
5
6riscvcap.c: undefined reference to 'riscv_vlen_asm'
7
8Upstream-Status: Backport [https://github.com/openssl/openssl/pull/24270]
9Signed-off-by: Khem Raj <raj.khem@gmail.com>
10---
11 crypto/riscv32cpuid.pl | 17 +++++++++++++++++
12 1 file changed, 17 insertions(+)
13
14diff --git a/crypto/riscv32cpuid.pl b/crypto/riscv32cpuid.pl
15index 20694e7..ac1c043 100644
16--- a/crypto/riscv32cpuid.pl
17+++ b/crypto/riscv32cpuid.pl
18@@ -84,5 +84,22 @@ OPENSSL_cleanse:
19 ___
20 }
21
22+{
23+my ($ret) = ('a0');
24+$code .= <<___;
25+################################################################################
26+# size_t riscv_vlen_asm(void)
27+# Return VLEN (i.e. the length of a vector register in bits).
28+.p2align 3
29+.globl riscv_vlen_asm
30+.type riscv_vlen_asm,\@function
31+riscv_vlen_asm:
32+ csrr $ret, vlenb
33+ slli $ret, $ret, 3
34+ ret
35+.size riscv_vlen_asm,.-riscv_vlen_asm
36+___
37+}
38+
39 print $code;
40 close STDOUT or die "error closing STDOUT: $!";
41--
422.45.0
43
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
index 949c788344..bafdbaa46f 100644
--- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
+++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
@@ -1,4 +1,4 @@
1From 3e1d00481093e10775eaf69d619c45b32a4aa7dc Mon Sep 17 00:00:00 2001 1From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com> 2From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com>
3Date: Tue, 6 Nov 2018 14:50:47 +0100 3Date: Tue, 6 Nov 2018 14:50:47 +0100
4Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler 4Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler
@@ -21,20 +21,24 @@ https://patchwork.openembedded.org/patch/147229/
21Upstream-Status: Inappropriate [OE specific] 21Upstream-Status: Inappropriate [OE specific]
22Signed-off-by: Martin Hundebøll <martin@geanix.com> 22Signed-off-by: Martin Hundebøll <martin@geanix.com>
23 23
24
25Update to fix buildpaths qa issue for '-fmacro-prefix-map'. 24Update to fix buildpaths qa issue for '-fmacro-prefix-map'.
26 25
27Signed-off-by: Kai Kang <kai.kang@windriver.com> 26Signed-off-by: Kai Kang <kai.kang@windriver.com>
27
28Update to fix buildpaths qa issue for '-ffile-prefix-map'.
29
30Signed-off-by: Khem Raj <raj.khem@gmail.com>
31
28--- 32---
29 Configurations/unix-Makefile.tmpl | 10 +++++++++- 33 Configurations/unix-Makefile.tmpl | 12 +++++++++++-
30 crypto/build.info | 2 +- 34 crypto/build.info | 2 +-
31 2 files changed, 10 insertions(+), 2 deletions(-) 35 2 files changed, 12 insertions(+), 2 deletions(-)
32 36
33diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl 37Index: openssl-3.0.4/Configurations/unix-Makefile.tmpl
34index 16af4d2087..54c162784c 100644 38===================================================================
35--- a/Configurations/unix-Makefile.tmpl 39--- openssl-3.0.4.orig/Configurations/unix-Makefile.tmpl
36+++ b/Configurations/unix-Makefile.tmpl 40+++ openssl-3.0.4/Configurations/unix-Makefile.tmpl
37@@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), 41@@ -472,13 +472,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lfl
38 '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} 42 '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
39 BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) 43 BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
40 44
@@ -49,6 +53,7 @@ index 16af4d2087..54c162784c 100644
49+CFLAGS_Q={- for (@{$config{CFLAGS}}) { 53+CFLAGS_Q={- for (@{$config{CFLAGS}}) {
50+ s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; 54+ s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g;
51+ s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; 55+ s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g;
56+ s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g;
52+ } 57+ }
53+ join(' ', @{$config{CFLAGS}}) -} 58+ join(' ', @{$config{CFLAGS}}) -}
54+ 59+
@@ -58,19 +63,16 @@ index 16af4d2087..54c162784c 100644
58 PERLASM_SCHEME= {- $target{perlasm_scheme} -} 63 PERLASM_SCHEME= {- $target{perlasm_scheme} -}
59 64
60 # For x86 assembler: Set PROCESSOR to 386 if you want to support 65 # For x86 assembler: Set PROCESSOR to 386 if you want to support
61diff --git a/crypto/build.info b/crypto/build.info 66Index: openssl-3.0.4/crypto/build.info
62index b515b7318e..8c9cee2a09 100644 67===================================================================
63--- a/crypto/build.info 68--- openssl-3.0.4.orig/crypto/build.info
64+++ b/crypto/build.info 69+++ openssl-3.0.4/crypto/build.info
65@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ 70@@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF
66 ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
67 71
72 DEPEND[info.o]=buildinf.h
68 DEPEND[cversion.o]=buildinf.h 73 DEPEND[cversion.o]=buildinf.h
69-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" 74-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
70+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" 75+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)"
71 DEPEND[buildinf.h]=../configdata.pm
72 76
73 GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME) 77 GENERATE[uplink-x86.S]=../ms/uplink-x86.pl
74-- 78 GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl
752.19.1
76
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch b/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch
deleted file mode 100644
index d8d9651b64..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch
+++ /dev/null
@@ -1,46 +0,0 @@
1From a9401b2289656c5a36dd1b0ecebf0d23e291ce70 Mon Sep 17 00:00:00 2001
2From: Hongxu Jia <hongxu.jia@windriver.com>
3Date: Tue, 2 Oct 2018 23:58:24 +0800
4Subject: [PATCH] skip test_symbol_presence
5
6We cannot skip `01-test_symbol_presence.t' by configuring option `no-shared'
7as INSTALL told us the shared libraries will not be built.
8
9[INSTALL snip]
10 Notes on shared libraries
11 -------------------------
12
13 For most systems the OpenSSL Configure script knows what is needed to
14 build shared libraries for libcrypto and libssl. On these systems
15 the shared libraries will be created by default. This can be suppressed and
16 only static libraries created by using the "no-shared" option. On systems
17 where OpenSSL does not know how to build shared libraries the "no-shared"
18 option will be forced and only static libraries will be created.
19[INSTALL snip]
20
21Hence directly modification the case to skip it.
22
23Upstream-Status: Inappropriate [OE Specific]
24
25Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
26---
27 test/recipes/01-test_symbol_presence.t | 3 +--
28 1 file changed, 1 insertion(+), 2 deletions(-)
29
30diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
31index 7f2a2d7..0b93745 100644
32--- a/test/recipes/01-test_symbol_presence.t
33+++ b/test/recipes/01-test_symbol_presence.t
34@@ -14,8 +14,7 @@ use OpenSSL::Test::Utils;
35
36 setup("test_symbol_presence");
37
38-plan skip_all => "Only useful when building shared libraries"
39- if disabled("shared");
40+plan skip_all => "The case needs debug symbols then we just disable it";
41
42 my @libnames = ("crypto", "ssl");
43 my $testcount = scalar @libnames;
44--
452.7.4
46
diff --git a/meta/recipes-connectivity/openssl/openssl/0003-Add-support-for-io_pgetevents_time64-syscall.patch b/meta/recipes-connectivity/openssl/openssl/0003-Add-support-for-io_pgetevents_time64-syscall.patch
deleted file mode 100644
index d62b9344c1..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/0003-Add-support-for-io_pgetevents_time64-syscall.patch
+++ /dev/null
@@ -1,62 +0,0 @@
1From 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc Mon Sep 17 00:00:00 2001
2From: Alistair Francis <alistair.francis@wdc.com>
3Date: Thu, 29 Aug 2019 13:56:21 -0700
4Subject: [PATCH] Add support for io_pgetevents_time64 syscall
5
632-bit architectures that are y2038 safe don't include syscalls that use
732-bit time_t. Instead these architectures have suffixed syscalls that
8always use a 64-bit time_t. In the case of the io_getevents syscall the
9syscall has been replaced with the io_pgetevents_time64 syscall instead.
10
11This patch changes the io_getevents() function to use the correct
12syscall based on the avaliable syscalls and the time_t size. We will
13only use the new 64-bit time_t syscall if the architecture is using a
1464-bit time_t. This is to avoid having to deal with 32/64-bit
15conversions and relying on a 64-bit timespec struct on 32-bit time_t
16platforms. As of Linux 5.3 there are no 32-bit time_t architectures
17without __NR_io_getevents. In the future if a 32-bit time_t architecture
18wants to use the 64-bit syscalls we can handle the conversion.
19
20This fixes build failures on 32-bit RISC-V.
21
22Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
23
24Reviewed-by: Richard Levitte <levitte@openssl.org>
25Reviewed-by: Paul Dale <paul.dale@oracle.com>
26(Merged from https://github.com/openssl/openssl/pull/9819)
27Upstream-Status: Accepted
28---
29 engines/e_afalg.c | 16 ++++++++++++++++
30 1 file changed, 16 insertions(+)
31
32diff --git a/engines/e_afalg.c b/engines/e_afalg.c
33index dacbe358cb..99516cb1bb 100644
34--- a/engines/e_afalg.c
35+++ b/engines/e_afalg.c
36@@ -125,7 +125,23 @@ static ossl_inline int io_getevents(aio_context_t ctx, long min, long max,
37 struct io_event *events,
38 struct timespec *timeout)
39 {
40+#if defined(__NR_io_getevents)
41 return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
42+#elif defined(__NR_io_pgetevents_time64)
43+ /* Let's only support the 64 suffix syscalls for 64-bit time_t.
44+ * This simplifies the code for us as we don't need to use a 64-bit
45+ * version of timespec with a 32-bit time_t and handle converting
46+ * between 64-bit and 32-bit times and check for overflows.
47+ */
48+ if (sizeof(timeout->tv_sec) == 8)
49+ return syscall(__NR_io_pgetevents_time64, ctx, min, max, events, timeout, NULL);
50+ else {
51+ errno = ENOSYS;
52+ return -1;
53+ }
54+#else
55+# error "We require either the io_getevents syscall or __NR_io_pgetevents_time64."
56+#endif
57 }
58
59 static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
60--
612.30.1
62
diff --git a/meta/recipes-connectivity/openssl/openssl/0004-Fixup-support-for-io_pgetevents_time64-syscall.patch b/meta/recipes-connectivity/openssl/openssl/0004-Fixup-support-for-io_pgetevents_time64-syscall.patch
deleted file mode 100644
index c8bc6f5c68..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/0004-Fixup-support-for-io_pgetevents_time64-syscall.patch
+++ /dev/null
@@ -1,99 +0,0 @@
1From e5499a3cac1e823c3e0697e8667e952317b70cc8 Mon Sep 17 00:00:00 2001
2From: Alistair Francis <alistair.francis@wdc.com>
3Date: Thu, 4 Mar 2021 12:10:11 -0500
4Subject: [PATCH] Fixup support for io_pgetevents_time64 syscall
5
6This is a fixup for the original commit 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc
7"Add support for io_pgetevents_time64 syscall" that didn't correctly
8work for 32-bit architecutres with a 64-bit time_t that aren't RISC-V.
9
10For a full discussion of the issue see:
11https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc
12
13Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
14
15Reviewed-by: Tomas Mraz <tomas@openssl.org>
16Reviewed-by: Paul Dale <pauli@openssl.org>
17(Merged from https://github.com/openssl/openssl/pull/14432)
18Upstream-Status: Accepted
19---
20 engines/e_afalg.c | 55 ++++++++++++++++++++++++++++++++++++-----------
21 1 file changed, 42 insertions(+), 13 deletions(-)
22
23diff --git a/engines/e_afalg.c b/engines/e_afalg.c
24index 9480d7c24b..4e9d67db2d 100644
25--- a/engines/e_afalg.c
26+++ b/engines/e_afalg.c
27@@ -124,27 +124,56 @@ static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb)
28 return syscall(__NR_io_submit, ctx, n, iocb);
29 }
30
31+/* A version of 'struct timespec' with 32-bit time_t and nanoseconds. */
32+struct __timespec32
33+{
34+ __kernel_long_t tv_sec;
35+ __kernel_long_t tv_nsec;
36+};
37+
38 static ossl_inline int io_getevents(aio_context_t ctx, long min, long max,
39 struct io_event *events,
40 struct timespec *timeout)
41 {
42+#if defined(__NR_io_pgetevents_time64)
43+ /* Check if we are a 32-bit architecture with a 64-bit time_t */
44+ if (sizeof(*timeout) != sizeof(struct __timespec32)) {
45+ int ret = syscall(__NR_io_pgetevents_time64, ctx, min, max, events,
46+ timeout, NULL);
47+ if (ret == 0 || errno != ENOSYS)
48+ return ret;
49+ }
50+#endif
51+
52 #if defined(__NR_io_getevents)
53- return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
54-#elif defined(__NR_io_pgetevents_time64)
55- /* Let's only support the 64 suffix syscalls for 64-bit time_t.
56- * This simplifies the code for us as we don't need to use a 64-bit
57- * version of timespec with a 32-bit time_t and handle converting
58- * between 64-bit and 32-bit times and check for overflows.
59- */
60- if (sizeof(timeout->tv_sec) == 8)
61- return syscall(__NR_io_pgetevents_time64, ctx, min, max, events, timeout, NULL);
62+ if (sizeof(*timeout) == sizeof(struct __timespec32))
63+ /*
64+ * time_t matches our architecture length, we can just use
65+ * __NR_io_getevents
66+ */
67+ return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
68 else {
69- errno = ENOSYS;
70- return -1;
71+ /*
72+ * We don't have __NR_io_pgetevents_time64, but we are using a
73+ * 64-bit time_t on a 32-bit architecture. If we can fit the
74+ * timeout value in a 32-bit time_t, then let's do that
75+ * and then use the __NR_io_getevents syscall.
76+ */
77+ if (timeout && timeout->tv_sec == (long)timeout->tv_sec) {
78+ struct __timespec32 ts32;
79+
80+ ts32.tv_sec = (__kernel_long_t) timeout->tv_sec;
81+ ts32.tv_nsec = (__kernel_long_t) timeout->tv_nsec;
82+
83+ return syscall(__NR_io_getevents, ctx, min, max, events, ts32);
84+ } else {
85+ return syscall(__NR_io_getevents, ctx, min, max, events, NULL);
86+ }
87 }
88-#else
89-# error "We require either the io_getevents syscall or __NR_io_pgetevents_time64."
90 #endif
91+
92+ errno = ENOSYS;
93+ return -1;
94 }
95
96 static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
97--
982.30.1
99
diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch
deleted file mode 100644
index b7c0e9697f..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/afalg.patch
+++ /dev/null
@@ -1,31 +0,0 @@
1Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
2
3Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
4Signed-off-by: Ross Burton <ross.burton@intel.com>
5
6diff --git a/Configure b/Configure
7index 3baa8ce..9ef52ed 100755
8--- a/Configure
9+++ b/Configure
10@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"})
11 unless ($disabled{afalgeng}) {
12 $config{afalgeng}="";
13 if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
14- my $minver = 4*10000 + 1*100 + 0;
15- if ($config{CROSS_COMPILE} eq "") {
16- my $verstr = `uname -r`;
17- my ($ma, $mi1, $mi2) = split("\\.", $verstr);
18- ($mi2) = $mi2 =~ /(\d+)/;
19- my $ver = $ma*10000 + $mi1*100 + $mi2;
20- if ($ver < $minver) {
21- disable('too-old-kernel', 'afalgeng');
22- } else {
23- push @{$config{engdirs}}, "afalg";
24- }
25- } else {
26- disable('cross-compiling', 'afalgeng');
27- }
28+ push @{$config{engdirs}}, "afalg";
29 } else {
30 disable('not-linux', 'afalgeng');
31 }
diff --git a/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/meta/recipes-connectivity/openssl/openssl/reproducible.patch
deleted file mode 100644
index a24260c95d..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/reproducible.patch
+++ /dev/null
@@ -1,32 +0,0 @@
1The value for perl_archname can vary depending on the host, e.g.
2x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which
3makes the ptest package non-reproducible. Its unused other than
4these references so drop it.
5
6RP 2020/2/6
7
8Upstream-Status: Pending
9Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
10
11Index: openssl-1.1.1d/Configure
12===================================================================
13--- openssl-1.1.1d.orig/Configure
14+++ openssl-1.1.1d/Configure
15@@ -286,7 +286,7 @@ if (defined env($local_config_envname))
16 # Save away perl command information
17 $config{perl_cmd} = $^X;
18 $config{perl_version} = $Config{version};
19-$config{perl_archname} = $Config{archname};
20+#$config{perl_archname} = $Config{archname};
21
22 $config{prefix}="";
23 $config{openssldir}="";
24@@ -2517,7 +2517,7 @@ _____
25 @{$config{perlargv}}), "\n";
26 print "\nPerl information:\n\n";
27 print ' ',$config{perl_cmd},"\n";
28- print ' ',$config{perl_version},' for ',$config{perl_archname},"\n";
29+ print ' ',$config{perl_version},"\n";
30 }
31 if ($dump || $options) {
32 my $longest = 0;
diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest
index 3fb22471f8..c89ec5afa1 100644
--- a/meta/recipes-connectivity/openssl/openssl/run-ptest
+++ b/meta/recipes-connectivity/openssl/openssl/run-ptest
@@ -9,4 +9,4 @@ export TOP=.
9# OPENSSL_ENGINES is relative from the test binaries 9# OPENSSL_ENGINES is relative from the test binaries
10export OPENSSL_ENGINES=../engines 10export OPENSSL_ENGINES=../engines
11 11
12perl ./test/run_tests.pl $* | perl -0pe 's#(.*) \.*.ok#PASS: \1#g; s#(.*) \.*.skipped: (.*)#SKIP: \1 (\2)#g; s#(.*) \.*.\nDubious#FAIL: \1#;' 12{ HARNESS_JOBS=4 perl ./test/run_tests.pl $* || echo "FAIL: openssl" ; } | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g'
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1k.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1k.bb
deleted file mode 100644
index e518cb6a02..0000000000
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1k.bb
+++ /dev/null
@@ -1,248 +0,0 @@
1SUMMARY = "Secure Socket Layer"
2DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
3HOMEPAGE = "http://www.openssl.org/"
4BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
5SECTION = "libs/network"
6
7# "openssl" here actually means both OpenSSL and SSLeay licenses apply
8# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped)
9LICENSE = "openssl"
10LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
11
12DEPENDS = "hostperl-runtime-native"
13
14SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
15 file://run-ptest \
16 file://0001-skip-test_symbol_presence.patch \
17 file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
18 file://afalg.patch \
19 file://reproducible.patch \
20 "
21
22SRC_URI_append_class-nativesdk = " \
23 file://environment.d-openssl.sh \
24 "
25
26SRC_URI_append_riscv32 = " \
27 file://0003-Add-support-for-io_pgetevents_time64-syscall.patch \
28 file://0004-Fixup-support-for-io_pgetevents_time64-syscall.patch \
29 "
30
31SRC_URI[sha256sum] = "892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5"
32
33inherit lib_package multilib_header multilib_script ptest
34MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
35
36PACKAGECONFIG ?= ""
37PACKAGECONFIG_class-native = ""
38PACKAGECONFIG_class-nativesdk = ""
39
40PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
41PACKAGECONFIG[no-tls1] = "no-tls1"
42PACKAGECONFIG[no-tls1_1] = "no-tls1_1"
43
44B = "${WORKDIR}/build"
45do_configure[cleandirs] = "${B}"
46
47#| ./libcrypto.so: undefined reference to `getcontext'
48#| ./libcrypto.so: undefined reference to `setcontext'
49#| ./libcrypto.so: undefined reference to `makecontext'
50EXTRA_OECONF_append_libc-musl = " no-async"
51EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
52
53# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
54# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
55EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
56EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
57
58# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
59CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
60CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
61
62# Disable deprecated crypto algorithms
63# Retained for compatibilty
64# des (curl)
65# dh (python-ssl)
66# dsa (rpm)
67# md4 (cyrus-sasl freeradius hostapd)
68# bf (wvstreams postgresql x11vnc crda znc cfengine)
69# rc4 (freerdp librtorrent ettercap xrdp transmission pam-ssh-agent-auth php)
70# rc2 (mailx)
71# psk (qt5)
72# srp (libest)
73# whirlpool (qca)
74DEPRECATED_CRYPTO_FLAGS = "no-ssl no-idea no-rc5 no-md2 no-camellia no-mdc2 no-scrypt no-seed no-siphash no-sm2 no-sm3 no-sm4"
75
76do_configure () {
77 os=${HOST_OS}
78 case $os in
79 linux-gnueabi |\
80 linux-gnuspe |\
81 linux-musleabi |\
82 linux-muslspe |\
83 linux-musl )
84 os=linux
85 ;;
86 *)
87 ;;
88 esac
89 target="$os-${HOST_ARCH}"
90 case $target in
91 linux-arm*)
92 target=linux-armv4
93 ;;
94 linux-aarch64*)
95 target=linux-aarch64
96 ;;
97 linux-i?86 | linux-viac3)
98 target=linux-x86
99 ;;
100 linux-gnux32-x86_64 | linux-muslx32-x86_64 )
101 target=linux-x32
102 ;;
103 linux-gnu64-x86_64)
104 target=linux-x86_64
105 ;;
106 linux-mips | linux-mipsel)
107 # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
108 target="linux-mips32 ${TARGET_CC_ARCH}"
109 ;;
110 linux-gnun32-mips*)
111 target=linux-mips64
112 ;;
113 linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
114 target=linux64-mips64
115 ;;
116 linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
117 target=linux-generic32
118 ;;
119 linux-powerpc)
120 target=linux-ppc
121 ;;
122 linux-powerpc64)
123 target=linux-ppc64
124 ;;
125 linux-powerpc64le)
126 target=linux-ppc64le
127 ;;
128 linux-riscv32)
129 target=linux-generic32
130 ;;
131 linux-riscv64)
132 target=linux-generic64
133 ;;
134 linux-sparc | linux-supersparc)
135 target=linux-sparcv9
136 ;;
137 mingw32-x86_64)
138 target=mingw64
139 ;;
140 esac
141
142 useprefix=${prefix}
143 if [ "x$useprefix" = "x" ]; then
144 useprefix=/
145 fi
146 # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
147 # environment variables set by bitbake. Adjust the environment variables instead.
148 HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
149 perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
150 perl ${B}/configdata.pm --dump
151}
152
153do_install () {
154 oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
155
156 oe_multilib_header openssl/opensslconf.h
157
158 # Create SSL structure for packages such as ca-certificates which
159 # contain hard-coded paths to /etc/ssl. Debian does the same.
160 install -d ${D}${sysconfdir}/ssl
161 mv ${D}${libdir}/ssl-1.1/certs \
162 ${D}${libdir}/ssl-1.1/private \
163 ${D}${libdir}/ssl-1.1/openssl.cnf \
164 ${D}${sysconfdir}/ssl/
165
166 # Although absolute symlinks would be OK for the target, they become
167 # invalid if native or nativesdk are relocated from sstate.
168 ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs
169 ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private
170 ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf
171}
172
173do_install_append_class-native () {
174 create_wrapper ${D}${bindir}/openssl \
175 OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
176 SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
177 SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
178 OPENSSL_ENGINES=${libdir}/engines-1.1
179}
180
181do_install_append_class-nativesdk () {
182 mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
183 install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
184 sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
185}
186
187PTEST_BUILD_HOST_FILES += "configdata.pm"
188PTEST_BUILD_HOST_PATTERN = "perl_version ="
189do_install_ptest () {
190 # Prune the build tree
191 rm -f ${B}/fuzz/*.* ${B}/test/*.*
192
193 cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
194 cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
195
196 # For test_shlibload
197 ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
198 ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
199
200 install -d ${D}${PTEST_PATH}/apps
201 ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
202 install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
203 install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
204
205 install -d ${D}${PTEST_PATH}/engines
206 install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
207
208 # seems to be needed with perl 5.32.1
209 install -d ${D}${PTEST_PATH}/util/perl/recipes
210 cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/
211}
212
213# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
214# package RRECOMMENDS on this package. This will enable the configuration
215# file to be installed for both the openssl-bin package and the libcrypto
216# package since the openssl-bin package depends on the libcrypto package.
217
218PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"
219
220FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
221FILES_libssl = "${libdir}/libssl${SOLIBS}"
222FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
223 ${libdir}/ssl-1.1/openssl.cnf* \
224 "
225FILES_${PN}-engines = "${libdir}/engines-1.1"
226# ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP)
227FILES_${PN}-engines_append_mingw32_class-nativesdk = " ${prefix}${libdir}/engines-1_1"
228FILES_${PN}-misc = "${libdir}/ssl-1.1/misc ${bindir}/c_rehash"
229FILES_${PN} =+ "${libdir}/ssl-1.1/*"
230FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
231
232CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
233
234RRECOMMENDS_libcrypto += "openssl-conf"
235RDEPENDS_${PN}-misc = "perl"
236RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
237
238RDEPENDS_${PN}-bin += "openssl-conf"
239
240BBCLASSEXTEND = "native nativesdk"
241
242CVE_PRODUCT = "openssl:openssl"
243
244CVE_VERSION_SUFFIX = "alphabetical"
245
246# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
247# Apache in meta-webserver is already recent enough
248CVE_CHECK_WHITELIST += "CVE-2019-0190"
diff --git a/meta/recipes-connectivity/openssl/openssl_3.3.1.bb b/meta/recipes-connectivity/openssl/openssl_3.3.1.bb
new file mode 100644
index 0000000000..a8746842b2
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl_3.3.1.bb
@@ -0,0 +1,259 @@
1SUMMARY = "Secure Socket Layer"
2DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
3HOMEPAGE = "http://www.openssl.org/"
4BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
5SECTION = "libs/network"
6
7LICENSE = "Apache-2.0"
8LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04"
9
10SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
11 file://run-ptest \
12 file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
13 file://0001-Configure-do-not-tweak-mips-cflags.patch \
14 file://0001-Added-handshake-history-reporting-when-test-fails.patch \
15 file://0001-Implement-riscv_vlen_asm-for-riscv32.patch \
16 "
17
18SRC_URI:append:class-nativesdk = " \
19 file://environment.d-openssl.sh \
20 "
21
22SRC_URI[sha256sum] = "777cd596284c883375a2a7a11bf5d2786fc5413255efab20c50d6ffe6d020b7e"
23
24inherit lib_package multilib_header multilib_script ptest perlnative manpages
25MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
26
27PACKAGECONFIG ?= ""
28PACKAGECONFIG:class-native = ""
29PACKAGECONFIG:class-nativesdk = ""
30
31PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
32PACKAGECONFIG[no-tls1] = "no-tls1"
33PACKAGECONFIG[no-tls1_1] = "no-tls1_1"
34PACKAGECONFIG[manpages] = ""
35
36B = "${WORKDIR}/build"
37do_configure[cleandirs] = "${B}"
38
39#| ./libcrypto.so: undefined reference to `getcontext'
40#| ./libcrypto.so: undefined reference to `setcontext'
41#| ./libcrypto.so: undefined reference to `makecontext'
42EXTRA_OECONF:append:libc-musl = " no-async"
43EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm"
44
45# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
46# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
47EXTRA_OECONF:class-native = "--with-rand-seed=os,devrandom"
48EXTRA_OECONF:class-nativesdk = "--with-rand-seed=os,devrandom"
49
50# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
51CFLAGS:append:class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
52CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
53
54# This allows disabling deprecated or undesirable crypto algorithms.
55# The default is to trust upstream choices.
56DEPRECATED_CRYPTO_FLAGS ?= ""
57
58do_configure () {
59 # When we upgrade glibc but not uninative we see obtuse failures in openssl. Make
60 # the issue really clear that perl isn't functional due to symbol mismatch issues.
61 cat <<- EOF > ${WORKDIR}/perltest
62 #!/usr/bin/env perl
63 use POSIX;
64 EOF
65 chmod a+x ${WORKDIR}/perltest
66 ${WORKDIR}/perltest
67
68 os=${HOST_OS}
69 case $os in
70 linux-gnueabi |\
71 linux-gnuspe |\
72 linux-musleabi |\
73 linux-muslspe |\
74 linux-musl )
75 os=linux
76 ;;
77 *)
78 ;;
79 esac
80 target="$os-${HOST_ARCH}"
81 case $target in
82 linux-arc | linux-microblaze*)
83 target=linux-latomic
84 ;;
85 linux-arm*)
86 target=linux-armv4
87 ;;
88 linux-aarch64*)
89 target=linux-aarch64
90 ;;
91 linux-i?86 | linux-viac3)
92 target=linux-x86
93 ;;
94 linux-gnux32-x86_64 | linux-muslx32-x86_64 )
95 target=linux-x32
96 ;;
97 linux-gnu64-x86_64)
98 target=linux-x86_64
99 ;;
100 linux-loongarch64)
101 target=linux64-loongarch64
102 ;;
103 linux-mips | linux-mipsel)
104 # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
105 target="linux-mips32 ${TARGET_CC_ARCH}"
106 ;;
107 linux-gnun32-mips*)
108 target=linux-mips64
109 ;;
110 linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
111 target=linux64-mips64
112 ;;
113 linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
114 target=linux-generic32
115 ;;
116 linux-powerpc)
117 target=linux-ppc
118 ;;
119 linux-powerpc64)
120 target=linux-ppc64
121 ;;
122 linux-powerpc64le)
123 target=linux-ppc64le
124 ;;
125 linux-riscv32)
126 target=linux32-riscv32
127 ;;
128 linux-riscv64)
129 target=linux64-riscv64
130 ;;
131 linux-sparc | linux-supersparc)
132 target=linux-sparcv9
133 ;;
134 mingw32-x86_64)
135 target=mingw64
136 ;;
137 esac
138
139 # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
140 # environment variables set by bitbake. Adjust the environment variables instead.
141 PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)"
142 test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!"
143 HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \
144 perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=${prefix} --openssldir=${libdir}/ssl-3 --libdir=${baselib} $target
145 perl ${B}/configdata.pm --dump
146}
147
148do_install () {
149 oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install_sw install_ssldirs ${@bb.utils.contains('PACKAGECONFIG', 'manpages', 'install_docs', '', d)}
150
151 oe_multilib_header openssl/opensslconf.h
152 oe_multilib_header openssl/configuration.h
153
154 # Create SSL structure for packages such as ca-certificates which
155 # contain hard-coded paths to /etc/ssl. Debian does the same.
156 install -d ${D}${sysconfdir}/ssl
157 mv ${D}${libdir}/ssl-3/certs \
158 ${D}${libdir}/ssl-3/private \
159 ${D}${libdir}/ssl-3/openssl.cnf \
160 ${D}${sysconfdir}/ssl/
161
162 # Although absolute symlinks would be OK for the target, they become
163 # invalid if native or nativesdk are relocated from sstate.
164 ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs
165 ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private
166 ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf
167}
168
169do_install:append:class-native () {
170 create_wrapper ${D}${bindir}/openssl \
171 OPENSSL_CONF=${libdir}/ssl-3/openssl.cnf \
172 SSL_CERT_DIR=${libdir}/ssl-3/certs \
173 SSL_CERT_FILE=${libdir}/ssl-3/cert.pem \
174 OPENSSL_ENGINES=${libdir}/engines-3 \
175 OPENSSL_MODULES=${libdir}/ossl-modules
176}
177
178do_install:append:class-nativesdk () {
179 mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
180 install -m 644 ${UNPACKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
181 sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
182}
183
184PTEST_BUILD_HOST_FILES += "configdata.pm"
185PTEST_BUILD_HOST_PATTERN = "perl_version ="
186do_install_ptest () {
187 install -d ${D}${PTEST_PATH}/test
188 install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test
189 install -m755 ${B}/test/p_minimal.so ${D}${PTEST_PATH}/test
190 install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test
191
192 # Prune the build tree
193 rm -f ${B}/fuzz/*.* ${B}/test/*.*
194
195 cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
196 sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm
197 cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
198
199 # For test_shlibload
200 ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
201 ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
202
203 install -d ${D}${PTEST_PATH}/apps
204 ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
205 install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
206 install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
207
208 install -d ${D}${PTEST_PATH}/engines
209 install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines
210 install -m755 ${B}/engines/loader_attic.so ${D}${PTEST_PATH}/engines
211 install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
212
213 install -d ${D}${PTEST_PATH}/providers
214 install -m755 ${B}/providers/legacy.so ${D}${PTEST_PATH}/providers
215
216 install -d ${D}${PTEST_PATH}/Configurations
217 cp -rf ${S}/Configurations/* ${D}${PTEST_PATH}/Configurations/
218
219 # seems to be needed with perl 5.32.1
220 install -d ${D}${PTEST_PATH}/util/perl/recipes
221 cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/
222
223 sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/util/wrap.pl
224}
225
226# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
227# package RRECOMMENDS on this package. This will enable the configuration
228# file to be installed for both the openssl-bin package and the libcrypto
229# package since the openssl-bin package depends on the libcrypto package.
230
231PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc ${PN}-ossl-module-legacy"
232
233FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}"
234FILES:libssl = "${libdir}/libssl${SOLIBS}"
235FILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
236 ${libdir}/ssl-3/openssl.cnf* \
237 "
238FILES:${PN}-engines = "${libdir}/engines-3"
239# ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP)
240FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3"
241FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash"
242FILES:${PN}-ossl-module-legacy = "${libdir}/ossl-modules/legacy.so"
243FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/"
244FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
245
246CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
247
248RRECOMMENDS:libcrypto += "openssl-conf ${PN}-ossl-module-legacy"
249RDEPENDS:${PN}-misc = "perl"
250RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed"
251
252RDEPENDS:${PN}-bin += "openssl-conf"
253
254BBCLASSEXTEND = "native nativesdk"
255
256CVE_PRODUCT = "openssl:openssl"
257
258CVE_VERSION_SUFFIX = "alphabetical"
259
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-07 05:36:08 +0000