diff options
Diffstat (limited to 'meta/recipes-connectivity/openssl')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/bti.patch | 58 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl_3.3.0.bb (renamed from meta/recipes-connectivity/openssl/openssl_3.2.1.bb) | 11 |
2 files changed, 62 insertions, 7 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/bti.patch b/meta/recipes-connectivity/openssl/openssl/bti.patch new file mode 100644 index 0000000000..748576c30c --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/bti.patch | |||
@@ -0,0 +1,58 @@ | |||
1 | From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001 | ||
2 | From: Tom Cosgrove <tom.cosgrove@arm.com> | ||
3 | Date: Tue, 26 Mar 2024 13:18:00 +0000 | ||
4 | Subject: [PATCH] aarch64: fix BTI in bsaes assembly code | ||
5 | |||
6 | In Arm systems where BTI is enabled but the Crypto extensions are not (more | ||
7 | likely in FVPs than in real hardware), the bit-sliced assembler code will | ||
8 | be used. However, this wasn't annotated with BTI instructions when BTI was | ||
9 | enabled, so the moment libssl jumps into this code it (correctly) aborts. | ||
10 | |||
11 | Solve this by adding the missing BTI landing pads. | ||
12 | |||
13 | Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982] | ||
14 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
15 | --- | ||
16 | crypto/aes/asm/bsaes-armv8.pl | 5 ++++- | ||
17 | 1 file changed, 4 insertions(+), 1 deletion(-) | ||
18 | |||
19 | diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl | ||
20 | index b3c97e439f..c3c5ff3e05 100644 | ||
21 | --- a/crypto/aes/asm/bsaes-armv8.pl | ||
22 | +++ b/crypto/aes/asm/bsaes-armv8.pl | ||
23 | @@ -1018,6 +1018,7 @@ _bsaes_key_convert: | ||
24 | // Initialisation vector overwritten with last quadword of ciphertext | ||
25 | // No output registers, usual AAPCS64 register preservation | ||
26 | ossl_bsaes_cbc_encrypt: | ||
27 | + AARCH64_VALID_CALL_TARGET | ||
28 | cmp x2, #128 | ||
29 | bhs .Lcbc_do_bsaes | ||
30 | b AES_cbc_encrypt | ||
31 | @@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt: | ||
32 | // Output text filled in | ||
33 | // No output registers, usual AAPCS64 register preservation | ||
34 | ossl_bsaes_ctr32_encrypt_blocks: | ||
35 | - | ||
36 | + AARCH64_VALID_CALL_TARGET | ||
37 | cmp x2, #8 // use plain AES for | ||
38 | blo .Lctr_enc_short // small sizes | ||
39 | |||
40 | @@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks: | ||
41 | // Output ciphertext filled in | ||
42 | // No output registers, usual AAPCS64 register preservation | ||
43 | ossl_bsaes_xts_encrypt: | ||
44 | + AARCH64_VALID_CALL_TARGET | ||
45 | // Stack layout: | ||
46 | // sp -> | ||
47 | // nrounds*128-96 bytes: key schedule | ||
48 | @@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt: | ||
49 | // Output plaintext filled in | ||
50 | // No output registers, usual AAPCS64 register preservation | ||
51 | ossl_bsaes_xts_decrypt: | ||
52 | + AARCH64_VALID_CALL_TARGET | ||
53 | // Stack layout: | ||
54 | // sp -> | ||
55 | // nrounds*128-96 bytes: key schedule | ||
56 | -- | ||
57 | 2.34.1 | ||
58 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.1.bb b/meta/recipes-connectivity/openssl/openssl_3.3.0.bb index 1682b6f8cc..113ed4bf95 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.2.1.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.3.0.bb | |||
@@ -12,13 +12,14 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ | |||
12 | file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ | 12 | file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ |
13 | file://0001-Configure-do-not-tweak-mips-cflags.patch \ | 13 | file://0001-Configure-do-not-tweak-mips-cflags.patch \ |
14 | file://0001-Added-handshake-history-reporting-when-test-fails.patch \ | 14 | file://0001-Added-handshake-history-reporting-when-test-fails.patch \ |
15 | file://bti.patch \ | ||
15 | " | 16 | " |
16 | 17 | ||
17 | SRC_URI:append:class-nativesdk = " \ | 18 | SRC_URI:append:class-nativesdk = " \ |
18 | file://environment.d-openssl.sh \ | 19 | file://environment.d-openssl.sh \ |
19 | " | 20 | " |
20 | 21 | ||
21 | SRC_URI[sha256sum] = "83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39" | 22 | SRC_URI[sha256sum] = "53e66b043322a606abf0087e7699a0e033a37fa13feb9742df35c3a33b18fb02" |
22 | 23 | ||
23 | inherit lib_package multilib_header multilib_script ptest perlnative manpages | 24 | inherit lib_package multilib_header multilib_script ptest perlnative manpages |
24 | MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" | 25 | MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" |
@@ -135,16 +136,12 @@ do_configure () { | |||
135 | ;; | 136 | ;; |
136 | esac | 137 | esac |
137 | 138 | ||
138 | useprefix=${prefix} | ||
139 | if [ "x$useprefix" = "x" ]; then | ||
140 | useprefix=/ | ||
141 | fi | ||
142 | # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the | 139 | # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the |
143 | # environment variables set by bitbake. Adjust the environment variables instead. | 140 | # environment variables set by bitbake. Adjust the environment variables instead. |
144 | PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)" | 141 | PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)" |
145 | test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!" | 142 | test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!" |
146 | HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \ | 143 | HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \ |
147 | perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target | 144 | perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=${prefix} --openssldir=${libdir}/ssl-3 --libdir=${baselib} $target |
148 | perl ${B}/configdata.pm --dump | 145 | perl ${B}/configdata.pm --dump |
149 | } | 146 | } |
150 | 147 | ||
@@ -180,7 +177,7 @@ do_install:append:class-native () { | |||
180 | 177 | ||
181 | do_install:append:class-nativesdk () { | 178 | do_install:append:class-nativesdk () { |
182 | mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d | 179 | mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d |
183 | install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh | 180 | install -m 644 ${UNPACKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh |
184 | sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh | 181 | sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh |
185 | } | 182 | } |
186 | 183 | ||