2 files changed, 109 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch
new file mode 100644
index 0000000000..b85a3ad7d2
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch
@@ -0,0 +1,108 @@
+Fix EVP_PKEY_CTX_get_rsa_pss_saltlen, and also disable the tests in non-default
+context (required when backporting, not needed with 3.0.1).
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+From 6b5c02f6173e5fd46a3685e676fcb5eee9ac43ea Mon Sep 17 00:00:00 2001
+From: Tom Cosgrove <tom.cosgrove@arm.com>
+Date: Thu, 25 Nov 2021 15:49:26 +0000
+Subject: [PATCH] Fix EVP_PKEY_CTX_get_rsa_pss_saltlen() not returning a value
+When an integer value was specified, it was not being passed back via
+the orig_p2 weirdness.
+Regression test included.
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17136)
+---
+ crypto/evp/ctrl_params_translate.c | 12 +++++++-----
+ test/evp_extra_test.c              | 30 ++++++++++++++++++++++++++++++
+ 2 files changed, 37 insertions(+), 5 deletions(-)
+diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
+index 88945e13e6..6638209a8d 100644
+--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
+@@ -1379,21 +1379,23 @@ static int fix_rsa_pss_saltlen(enum state state,
+     if ((ctx->action_type == SET && state == PRE_PARAMS_TO_CTRL)
+         || (ctx->action_type == GET && state == POST_CTRL_TO_PARAMS)) {
+         size_t i;
+        int val;
+ 
+         for (i = 0; i < OSSL_NELEM(str_value_map); i++) {
+             if (strcmp(ctx->p2, str_value_map[i].ptr) == 0)
+                 break;
+         }
+-        if (i == OSSL_NELEM(str_value_map)) {
+-            ctx->p1 = atoi(ctx->p2);
+-        } else if (state == POST_CTRL_TO_PARAMS) {
+
+        val = i == OSSL_NELEM(str_value_map) ? atoi(ctx->p2)
+                                             : (int)str_value_map[i].id;
+        if (state == POST_CTRL_TO_PARAMS) {
+             /*
+              * EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN weirdness explained further
+              * up
+              */
+-            *(int *)ctx->orig_p2 = str_value_map[i].id;
+            *(int *)ctx->orig_p2 = val;
+         } else {
+-            ctx->p1 = (int)str_value_map[i].id;
+            ctx->p1 = val;
+         }
+         ctx->p2 = NULL;
+     }
+diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
+index 83f8902d24..9ad37a2bce 100644
+--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
+@@ -3049,6 +3049,35 @@ static int test_EVP_rsa_pss_with_keygen_bits(void)
+     return ret;
+ }
+ 
+static int test_EVP_rsa_pss_set_saltlen(void)
+{
+    int ret = 0;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *pkey_ctx = NULL;
+    EVP_MD *sha256 = NULL;
+    EVP_MD_CTX *sha256_ctx = NULL;
+    int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
+    const int test_value = 32;
+
+    if (nullprov != NULL)
+        return TEST_skip("Test does not support a non-default library context");
+
+    ret = TEST_ptr(pkey = load_example_rsa_key())
+        && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
+        && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
+        && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
+        && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
+        && TEST_true(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value))
+        && TEST_true(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen))
+        && TEST_int_eq(saltlen, test_value);
+
+    EVP_MD_CTX_free(sha256_ctx);
+    EVP_PKEY_free(pkey);
+    EVP_MD_free(sha256);
+
+    return ret;
+}
+
+ static int success = 1;
+ static void md_names(const char *name, void *vctx)
+ {
+@@ -3966,6 +3995,7 @@ int setup_tests(void)
+     ADD_ALL_TESTS(test_evp_iv_des, 6);
+ #endif
+     ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
+    ADD_TEST(test_EVP_rsa_pss_set_saltlen);
+ #ifndef OPENSSL_NO_EC
+     ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
+ #endif
+-- 
+2.25.1
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.0.bb b/meta/recipes-connectivity/openssl/openssl_3.0.0.bb
index 8852a51ca8..4b1ae71a85 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.0.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.0.bb
@@ -13,6 +13,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
           file://afalg.patch \
           file://0001-Configure-do-not-tweak-mips-cflags.patch \
           file://armv8-32bit.patch \
+           file://0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch \
           "
 SRC_URI:append:class-nativesdk = " \

diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch new file mode 100644 index 0000000000..b85a3ad7d2 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch
@@ -0,0 +1,108 @@
		1	Fix EVP_PKEY_CTX_get_rsa_pss_saltlen, and also disable the tests in non-default
		2	context (required when backporting, not needed with 3.0.1).
		3
		4	Upstream-Status: Backport
		5	Signed-off-by: Ross Burton <ross.burton@arm.com>
		6
		7	From 6b5c02f6173e5fd46a3685e676fcb5eee9ac43ea Mon Sep 17 00:00:00 2001
		8	From: Tom Cosgrove <tom.cosgrove@arm.com>
		9	Date: Thu, 25 Nov 2021 15:49:26 +0000
		10	Subject: [PATCH] Fix EVP_PKEY_CTX_get_rsa_pss_saltlen() not returning a value
		11
		12	When an integer value was specified, it was not being passed back via
		13	the orig_p2 weirdness.
		14
		15	Regression test included.
		16
		17	Reviewed-by: Tomas Mraz <tomas@openssl.org>
		18	Reviewed-by: Paul Dale <pauli@openssl.org>
		19	(Merged from https://github.com/openssl/openssl/pull/17136)
		20	---
		21	crypto/evp/ctrl_params_translate.c \| 12 +++++++-----
		22	test/evp_extra_test.c \| 30 ++++++++++++++++++++++++++++++
		23	2 files changed, 37 insertions(+), 5 deletions(-)
		24
		25	diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
		26	index 88945e13e6..6638209a8d 100644
		27	--- a/crypto/evp/ctrl_params_translate.c
		28	+++ b/crypto/evp/ctrl_params_translate.c
		29	@@ -1379,21 +1379,23 @@ static int fix_rsa_pss_saltlen(enum state state,
		30	if ((ctx->action_type == SET && state == PRE_PARAMS_TO_CTRL)
		31	\|\| (ctx->action_type == GET && state == POST_CTRL_TO_PARAMS)) {
		32	size_t i;
		33	+ int val;
		34
		35	for (i = 0; i < OSSL_NELEM(str_value_map); i++) {
		36	if (strcmp(ctx->p2, str_value_map[i].ptr) == 0)
		37	break;
		38	}
		39	- if (i == OSSL_NELEM(str_value_map)) {
		40	- ctx->p1 = atoi(ctx->p2);
		41	- } else if (state == POST_CTRL_TO_PARAMS) {
		42	+
		43	+ val = i == OSSL_NELEM(str_value_map) ? atoi(ctx->p2)
		44	+ : (int)str_value_map[i].id;
		45	+ if (state == POST_CTRL_TO_PARAMS) {
		46	/*
		47	* EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN weirdness explained further
		48	* up
		49	*/
		50	- (int )ctx->orig_p2 = str_value_map[i].id;
		51	+ (int )ctx->orig_p2 = val;
		52	} else {
		53	- ctx->p1 = (int)str_value_map[i].id;
		54	+ ctx->p1 = val;
		55	}
		56	ctx->p2 = NULL;
		57	}
		58	diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
		59	index 83f8902d24..9ad37a2bce 100644
		60	--- a/test/evp_extra_test.c
		61	+++ b/test/evp_extra_test.c
		62	@@ -3049,6 +3049,35 @@ static int test_EVP_rsa_pss_with_keygen_bits(void)
		63	return ret;
		64	}
		65
		66	+static int test_EVP_rsa_pss_set_saltlen(void)
		67	+{
		68	+ int ret = 0;
		69	+ EVP_PKEY *pkey = NULL;
		70	+ EVP_PKEY_CTX *pkey_ctx = NULL;
		71	+ EVP_MD *sha256 = NULL;
		72	+ EVP_MD_CTX *sha256_ctx = NULL;
		73	+ int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
		74	+ const int test_value = 32;
		75	+
		76	+ if (nullprov != NULL)
		77	+ return TEST_skip("Test does not support a non-default library context");
		78	+
		79	+ ret = TEST_ptr(pkey = load_example_rsa_key())
		80	+ && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
		81	+ && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
		82	+ && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
		83	+ && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
		84	+ && TEST_true(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value))
		85	+ && TEST_true(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen))
		86	+ && TEST_int_eq(saltlen, test_value);
		87	+
		88	+ EVP_MD_CTX_free(sha256_ctx);
		89	+ EVP_PKEY_free(pkey);
		90	+ EVP_MD_free(sha256);
		91	+
		92	+ return ret;
		93	+}
		94	+
		95	static int success = 1;
		96	static void md_names(const char name, void vctx)
		97	{
		98	@@ -3966,6 +3995,7 @@ int setup_tests(void)
		99	ADD_ALL_TESTS(test_evp_iv_des, 6);
		100	#endif
		101	ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
		102	+ ADD_TEST(test_EVP_rsa_pss_set_saltlen);
		103	#ifndef OPENSSL_NO_EC
		104	ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
		105	#endif
		106	--
		107	2.25.1
		108


diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.0.bb b/meta/recipes-connectivity/openssl/openssl_3.0.0.bb index 8852a51ca8..4b1ae71a85 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.0.0.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.0.0.bb
@@ -13,6 +13,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
13	file://afalg.patch \	13	file://afalg.patch \
14	file://0001-Configure-do-not-tweak-mips-cflags.patch \	14	file://0001-Configure-do-not-tweak-mips-cflags.patch \
15	file://armv8-32bit.patch \	15	file://armv8-32bit.patch \
		16	file://0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch \
16	"	17	"
17		18
18	SRC_URI:append:class-nativesdk = " \	19	SRC_URI:append:class-nativesdk = " \