4 files changed, 8 insertions, 49 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index 3980ec2f44..ce295e8f37 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -236,6 +236,11 @@ do_install_ptest () {
        # modified again later when stripping them, but that's okay.
        touch ${D}${PTEST_PATH}
        find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
+        # exclude binary files or the package won't install
+        for d in ssltest_old v3ext x509aux; do
+                rm -rf ${D}${libdir}/${BPN}/ptest/test/$d
+        done
 }
 do_install_append_class-native() {
diff --git a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
deleted file mode 100644
index 2a318a4584..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Upstream-Status: Submitted
-This patch adds the fix for one of the ciphers used in openssl, namely
-the cipher des-ede3-cfb1. Complete bug log and patch is present here:
-http://rt.openssl.org/Ticket/Display.html?id=2867
-Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
-Index: openssl-1.0.2/crypto/evp/e_des3.c
-===================================================================
--- openssl-1.0.2.orig/crypto/evp/e_des3.c
-+++ openssl-1.0.2/crypto/evp/e_des3.c
-@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
-     size_t n;
-     unsigned char c[1], d[1];
- 
-    for (n = 0; n < inl; ++n) {
-+    for (n = 0; n * 8 < inl; ++n) {
-         c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
-         DES_ede3_cfb_encrypt(c, d, 1, 1,
-                              &data(ctx)->ks1, &data(ctx)->ks2,
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
deleted file mode 100644
index f736e5c098..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
-We should avoid accessing the type pointer if it's NULL,
-this could happen if ctx->digest is not NULL.
-Upstream-Status: Submitted
-http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
-Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
---
-Index: openssl-1.0.2h/crypto/evp/digest.c
-===================================================================
--- openssl-1.0.2h.orig/crypto/evp/digest.c
-+++ openssl-1.0.2h/crypto/evp/digest.c
-@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
-         type = ctx->digest;
-     }
- #endif
-    if (ctx->digest != type) {
-+    if (type && (ctx->digest != type)) {
-         if (ctx->digest && ctx->digest->ctx_size) {
-             OPENSSL_free(ctx->md_data);
-             ctx->md_data = NULL;
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb
index 83d1a500c2..a2ef2ac8fb 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb
@@ -7,7 +7,7 @@ DEPENDS += "cryptodev-linux"
 CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
 CFLAG_append_class-native = " -fPIC"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=057d9218c6180e1d9ee407572b2dd225"
 export DIRS = "crypto ssl apps engines"
 export OE_LDFLAGS="${LDFLAGS}"
@@ -32,8 +32,6 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
            file://debian1.0.2/version-script.patch \
            file://debian1.0.2/soname.patch \
            file://openssl_fix_for_x32.patch \
-            file://fix-cipher-des-ede3-cfb1.patch \
-            file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
            file://openssl-fix-des.pod-error.patch \
            file://Makefiles-ptest.patch \
            file://ptest-deps.patch \
@@ -45,8 +43,8 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
            file://Use-SHA256-not-MD5-as-default-digest.patch \
            file://0001-Fix-build-with-clang-using-external-assembler.patch \
            "
-SRC_URI[md5sum] = "f965fc0bf01bf882b31314b61391ae65"
+SRC_URI[md5sum] = "f85123cd390e864dfbe517e7616e6566"
-SRC_URI[sha256sum] = "6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0"
+SRC_URI[sha256sum] = "ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c"
 PACKAGES =+ "${PN}-engines"
 FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"

diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc index 3980ec2f44..ce295e8f37 100644 --- a/meta/recipes-connectivity/openssl/openssl.inc +++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -236,6 +236,11 @@ do_install_ptest () {
236	# modified again later when stripping them, but that's okay.	236	# modified again later when stripping them, but that's okay.
237	touch ${D}${PTEST_PATH}	237	touch ${D}${PTEST_PATH}
238	find ${D}${PTEST_PATH} -type f -print0 \| xargs --verbose -0 touch -r ${D}${PTEST_PATH}	238	find ${D}${PTEST_PATH} -type f -print0 \| xargs --verbose -0 touch -r ${D}${PTEST_PATH}
		239
		240	# exclude binary files or the package won't install
		241	for d in ssltest_old v3ext x509aux; do
		242	rm -rf ${D}${libdir}/${BPN}/ptest/test/$d
		243	done
239	}	244	}
240		245
241	do_install_append_class-native() {	246	do_install_append_class-native() {


diff --git a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch deleted file mode 100644 index 2a318a4584..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch +++ /dev/null
@@ -1,21 +0,0 @@
1	Upstream-Status: Submitted
2
3	This patch adds the fix for one of the ciphers used in openssl, namely
4	the cipher des-ede3-cfb1. Complete bug log and patch is present here:
5	http://rt.openssl.org/Ticket/Display.html?id=2867
6
7	Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
8
9	Index: openssl-1.0.2/crypto/evp/e_des3.c
10	===================================================================
11	--- openssl-1.0.2.orig/crypto/evp/e_des3.c
12	+++ openssl-1.0.2/crypto/evp/e_des3.c
13	@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
14	size_t n;
15	unsigned char c[1], d[1];
16
17	- for (n = 0; n < inl; ++n) {
18	+ for (n = 0; n * 8 < inl; ++n) {
19	c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
20	DES_ede3_cfb_encrypt(c, d, 1, 1,
21	&data(ctx)->ks1, &data(ctx)->ks2,


diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch deleted file mode 100644 index f736e5c098..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch +++ /dev/null
@@ -1,23 +0,0 @@
1	openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
2
3	We should avoid accessing the type pointer if it's NULL,
4	this could happen if ctx->digest is not NULL.
5
6	Upstream-Status: Submitted
7	http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
8
9	Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
10	---
11	Index: openssl-1.0.2h/crypto/evp/digest.c
12	===================================================================
13	--- openssl-1.0.2h.orig/crypto/evp/digest.c
14	+++ openssl-1.0.2h/crypto/evp/digest.c
15	@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
16	type = ctx->digest;
17	}
18	#endif
19	- if (ctx->digest != type) {
20	+ if (type && (ctx->digest != type)) {
21	if (ctx->digest && ctx->digest->ctx_size) {
22	OPENSSL_free(ctx->md_data);
23	ctx->md_data = NULL;


diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb index 83d1a500c2..a2ef2ac8fb 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2k.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb
@@ -7,7 +7,7 @@ DEPENDS += "cryptodev-linux"
7	CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"	7	CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
8	CFLAG_append_class-native = " -fPIC"	8	CFLAG_append_class-native = " -fPIC"
9		9
10	LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"	10	LIC_FILES_CHKSUM = "file://LICENSE;md5=057d9218c6180e1d9ee407572b2dd225"
11		11
12	export DIRS = "crypto ssl apps engines"	12	export DIRS = "crypto ssl apps engines"
13	export OE_LDFLAGS="${LDFLAGS}"	13	export OE_LDFLAGS="${LDFLAGS}"
@@ -32,8 +32,6 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
32	file://debian1.0.2/version-script.patch \	32	file://debian1.0.2/version-script.patch \
33	file://debian1.0.2/soname.patch \	33	file://debian1.0.2/soname.patch \
34	file://openssl_fix_for_x32.patch \	34	file://openssl_fix_for_x32.patch \
35	file://fix-cipher-des-ede3-cfb1.patch \
36	file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
37	file://openssl-fix-des.pod-error.patch \	35	file://openssl-fix-des.pod-error.patch \
38	file://Makefiles-ptest.patch \	36	file://Makefiles-ptest.patch \
39	file://ptest-deps.patch \	37	file://ptest-deps.patch \
@@ -45,8 +43,8 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
45	file://Use-SHA256-not-MD5-as-default-digest.patch \	43	file://Use-SHA256-not-MD5-as-default-digest.patch \
46	file://0001-Fix-build-with-clang-using-external-assembler.patch \	44	file://0001-Fix-build-with-clang-using-external-assembler.patch \
47	"	45	"
48	SRC_URI[md5sum] = "f965fc0bf01bf882b31314b61391ae65"	46	SRC_URI[md5sum] = "f85123cd390e864dfbe517e7616e6566"
49	SRC_URI[sha256sum] = "6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0"	47	SRC_URI[sha256sum] = "ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c"
50		48
51	PACKAGES =+ "${PN}-engines"	49	PACKAGES =+ "${PN}-engines"
52	FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"	50	FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"