summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssl/openssl.inc
Commit message (Collapse)AuthorAgeFilesLines
* openssl: add a 1.1 versionAlexander Kanavin2017-08-131-256/+0
| | | | | | | | | | | | | | | | Existing openssl 1.0 recipe is renamed to openssl10; it will continue to be provided for as long as upstream supports it (and there are still several recipes which do not work with openssl 1.1 due to API differences). A few files (such as openssl binary) are no longer installed by openssl 1.0, because they clash with openssl 1.1. (From OE-Core rev: da1183f9fa5e06fbe66b5b31eb3313d5d35d11e3) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Support musl-x32 buildsweeaun2017-08-131-2/+4
| | | | | | | | | | Support musl-x32 build which to build openssl with 32 bits. (From OE-Core rev: a072d4620db462c5d3459441d5684cfd99938400) Signed-off-by: sweeaun <swee.aun.khor@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade 1.0.2k -> 1.0.2lChanghyeok Bae2017-07-061-0/+5
| | | | | | | | | | | | | | | 1. Dropped obsolete patches, because the new version contains them: - fix-cipher-des-ede3-cfb1.patch - openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch 2. LICENSE checksum change due to copyright years and wording tweak. 3. Test binaries (x86-64) are included in source code. So remove those only for ptest. (From OE-Core rev: 64ec18d7e13d310e5e44080a04b3f2181ea96ae3) Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Remove further uclibc remnants (inc. patches and site files)Richard Purdie2017-06-221-3/+0
| | | | | | | | | | | | Some of these are clearly dead, e.g. one binutils patch reverts the effects of the earlier one. This also removes the uclibc site files. We now have mechanisms to allow these to be extended from another layer should someone ever wish to do that. (From OE-Core rev: e01e7c543a559c8926d72159b5cd55db0c661434) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "openssl: Fix symlink creation"Jussi Kukkonen2017-04-191-12/+1
| | | | | | | | | | | | | | | | | | | | This reverts commit 991620f3962a9917fa99abb5582f4b72ebd42a3d. The commit breaks openssl-native (you can no longer generate keys because it can't find the configuration file). Also the idea that we would install configuration files normally but then add the symlinks pointing to them in a postinstall feels wrong. Fixes [YOCTO #11296]. The bug contains an alternative fix but I'm sending a revert as I cannot fully understand the motive of the original patch. See also discussion in http://lists.openembedded.org/pipermail/openembedded-core/2017-April/135176.html (From OE-Core rev: b192daef5d1e7f3501c533b92dc75e2d996afc13) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix the reference to native perl in ptestsAlexander Kanavin2017-04-111-0/+4
| | | | | | | | | | | This was causing a couple of ptest failures. [YOCTO #10840] (From OE-Core rev: 2e8e72790d3cc3236b6a785f3e04702e71e1ac3f) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: add a "openssl10" PROVIDESAlexander Kanavin2017-04-011-0/+2
| | | | | | | | | | | | | | | | | | | | | | In 2.4 development cycle openssl 1.1 will replace openssl 1.0 as the default openssl version. Openssl 1.0 will stay but will be renamed to openssl10, and eventually it will be removed (hopefully much sooner than the official end of support date of Dec 2019, as we do not want an unsupported openssl version in supported Yocto releases). There are several recipes that are not API compatible with 1.1; some of them will eventually be fixed, but others will never be (such as Qt4). To avoid breaking such recipes when openssl 1.1 is added to oe-core, let's provide "openssl10" already now and change the recipes to depend on that where necessary; Qt4 is a particularly pressing issue as it is causing failures on the autobuilder with my work in progress openssl 1.1 branch, and so I'm not able to see what else would fail later in the build process. (From OE-Core rev: cffc3a88608bd295eb1220fadae56eb4676414df) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Disable make's -e flag without breaking ${AR}Olof Johansson2017-03-171-2/+0
| | | | | | | | | | | | | | | The OpenSSL recipe tried to workaround the -e make flag (overriding variables from the environment). And when the -e flag was dropped as the global default, it was specifically added for OpenSSL. This is unnecessary, as only the value of ${AR} seems to be affected, and that can be handled correctly by OpenSSL's build system if we just let it. (From OE-Core rev: 537a404cfbb811fcb526cdb5f2e059257de6ef13) Signed-off-by: Olof Johansson <olof.johansson@axis.com> Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix symlink creationDavid Vincent2017-03-101-1/+12
| | | | | | | | | | | | | Symlinking the openssl configuration file at install time results in errors when overriding it using an external package which also provides openssl-conf. This should be done as a postinstall task for such packages. (From OE-Core rev: 991620f3962a9917fa99abb5582f4b72ebd42a3d) Signed-off-by: David Vincent <freesilicon@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Make use of the new bb.utils.filter() functionPeter Kjellerstedt2017-03-011-2/+2
| | | | | | | (From OE-Core rev: 0a1427bf9aeeda6bee2cc0af8da4ea5fd90aef6f) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl/fontconfig/bzip2: Use relative symlinks instead of absolute ones ↵Richard Purdie2017-02-091-1/+1
| | | | | | | | | | | | | | | | | | | | | (using a new class) Absolute path symlinks are a bit of a pain for sstate and the native versions of these recipes currently contain broken symlinks as a result. There are only a small number of problematic recipes, at least in OE-Core, namely the three here. Rather than trying to make sstate handle this magically, which turns out to be a harder problem than you'd first realise, simply make the symlinks relative early in the process and avoid all the problems. The alternative is adding new complexity to sstate which we could really do without as without the complexity, you can't always tell where the absolute symlink is relative to (due to prefixes used for native sstate). (From OE-Core rev: e478550c8cd889f12e336e268e9e3b30827bf840) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Use linux-aarch64 target for aarch64Fabio Berton2017-01-191-1/+1
| | | | | | | | | | | aarch64 target was being configured for linux-generic64 but openssl has linux-aarch64 target. Change to use linux-aarch64 as default. (From OE-Core rev: 13e9a692510151383bc3243c3917154896b0e049) Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add support for many MIPS configurationsZubair Lutfullah Kakakhel2016-12-221-9/+15
| | | | | | | | | | Add more case statements to catch MIPS tune configurations (From OE-Core rev: cd1f6fbf9a2113cf510c25de2eb3895468e79149) Signed-off-by: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl.inc: avoid random ptest failuresPatrick Ohly2016-09-241-0/+13
| | | | | | | | | | | | | | | | | | "make alltests" is sensitive to the timestamps of the installed files. Depending on the order in which cp copies files, .o and/or executables may end up with time stamps older than the source files. Running tests then triggers recompilation attempts, which typically will fail because dev tools and files are not installed. "cp -a" is not enough because the files also have to be newer than the installed header files. Setting the file time stamps to the current time explicitly after copying solves the problem because do_install_ptest_base is guaranteed to run after do_install. (From OE-Core rev: 101e2a5e0b7822ca3de3d3a73369405c05ab3c5b) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update to 1.0.2i (CVE-2016-6304 and more)Patrick Ohly2016-09-241-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This update fixes several CVEs: * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * SWEET32 Mitigation (CVE-2016-2183) * OOB write in MDC2_Update() (CVE-2016-6303) * Malformed SHA512 ticket DoS (CVE-2016-6302) * OOB write in BN_bn2dec() (CVE-2016-2182) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) * DTLS buffered message DoS (CVE-2016-2179) * DTLS replay protection DoS (CVE-2016-2181) * Certificate message OOB reads (CVE-2016-6306) Of these, only CVE-2016-6304 is considered of high severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were already fixed via local patches, which can be removed now. See https://www.openssl.org/news/secadv/20160922.txt for details. Some patches had to be refreshed and one compile error fix from upstream's OpenSSL_1_0_2-stable was required. The server.pem file is needed for test_dtls. (From OE-Core rev: d6b69279b5d1370d9c4982d5b1842a471cfd2b0e) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix MIPS64be and add MIPS64leZubair Lutfullah Kakakhel2016-09-161-1/+4
| | | | | | | | | | | | | MIPS64 target was being configured for linux-mips which defaults to MIPS32. Doesn't cause any issue as far as I can see but it would be wiser to use the correct target configuration. Also add MIPS64le configuration which is missing. (From OE-Core rev: 0afec72913bc31d315cba079da317e8b28755ded) Signed-off-by: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix add missing dependencies building for test directoryAndrej Valek2016-08-201-0/+3
| | | | | | | | | | | | | Regarding the last commit about missing dependencies, another issue was found. The problem was found, while ptest has been built with some set extra settings. It means, when ptest is going to be built, it is necessary to rebuild dependencies for test directory too. (From OE-Core rev: 030142d0410bec85aeacfff6be27d5fed41ce808) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix add missing `make depend` command before `make` libraryAndrej Valek2016-08-101-1/+2
| | | | | | | | | | | | | | | Settings from EXTRA_OECONF like en/disable no-ssl3, are transferred only into DEPFLAGS. It means that settings have no effect on output files. DEPFLAGS will be transferred into output files with make depend command. https://wiki.openssl.org/index.php/Compilation_and_Installation#Dependencies (From OE-Core rev: e3c251427a305780d3257a011260bd978de273d5) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix the dangling libcrypto.a symlinkMaxin B. John2016-06-011-1/+1
| | | | | | | | | | | Update libcrypto.a symlink to the proper location. [YOCTO #9523] (From OE-Core rev: 3d6884a99a170a2d1925ed347431518fff3cf367) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Ensure SSL certificates are stored on sysconfdirOtavio Salvador2016-05-251-3/+14
| | | | | | | | | | | | | | | Debian and other generic distributions has moved the certificates for sysconfdir (/etc/ssl) and made the libdir content to link for it. This provides several advantages specially for read-only rootfs. Another benefit is that it ensures foreign implementations (e.g: BoringSSL, from Chromium, when running with OpenSSL backend for the certificates) to find the content correctly. (From OE-Core rev: 50d63fa346bbb05dafffc0cb55e21e1092272d95) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add Shell-Script based c_rehash utilityOtavio Salvador2016-05-251-5/+4
| | | | | | | | | | | | | | | | | | | | The PLD Linux distribution has ported the c_rehash[1] utility from Perl to Shell-Script, allowing it to be shipped by default. 1. https://git.pld-linux.org/?p=packages/openssl.git;a=blob;f=openssl-c_rehash.sh;h=0ea22637ee6dbce845a9e2caf62540aaaf5d0761 The OpenSSL upstream intends[2] to convert the utility for C however did not yet finished the conversion. 2. https://rt.openssl.org/Ticket/Display.html?id=2324 This patch adds this script and thus removed the Perl requirement for it. (From OE-Core rev: cb6150f1a779e356f120d5e45c91fda75789970a) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl.inc: minor packaging cleanupAndre McCurdy2016-04-091-2/+1
| | | | | | | | | | | | | | | | | | | | | libcrypto.so was explicitly added to FILES_${PN}-dev as part of moving libcrypto from libdir -> base_libdir to support dhclient [1]. However, the line has been unnecessary since ${base_libdir}/lib*.so files started to be included in FILES_${PN}-dev by default [2] (and it's still unnecessary now, after moving libcrypto from back to libdir to support ntp [3]). [1] http://git.openembedded.org/openembedded-core/commit/?id=01ea85f7f6c53c66c76d6f832518b28bf06ec072 [2] http://git.openembedded.org/openembedded-core/commit/?id=66c36bcb7d9368718453265e58bd5e3c854c786a [3] http://git.openembedded.org/openembedded-core/commit/?id=0be2ab32f690a2fcba0e821abe11460958bbc6dc Also define FILES_libssl using SOLIBS instead of a hardcoded pattern. (From OE-Core rev: 3f81b516e2f23683ce6129bb79bcc08263cb7fe1) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: don't move libcrypto to base_libdirChen Qi2016-03-201-9/+2
| | | | | | | | | | | | | | For now, if 'openssl' is enabled for ntp, ntp would still be built without openssl & libcrypto. This is because that ntp thinks openssl and libcrypto locates under the same directory. This patch removes the codes of moving libcrypto to base_libdir. (From OE-Core rev: 0be2ab32f690a2fcba0e821abe11460958bbc6dc) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl.inc: drop obsolete mtx-1 and mtx-2 over-ridesAndre McCurdy2016-02-061-4/+0
| | | | | | | | | | Machine specific over-rides for mtx-1 (aka MeshCube) and mtx-2 (aka SurfBox 2nd generation) don't belong in oe-core. (From OE-Core rev: cf0b94629d135b2fa211fae89f48e00469974279) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Explicitly set EXTRA_OEMAKE as requiredMike Crowe2016-02-041-0/+1
| | | | | | | | | | | The openssl recipe currently relies on EXTRA_OEMAKE having been set to "-e MAKEFLAGS=" in bitbake.conf to operate. It is necessary to make this explicit so that the default in bitbake.conf can be changed. (From OE-Core rev: a384ab5cb4701fd1c1475bca4449def66b42c799) Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: rename perl-native-runtimeEd Bartosh2016-01-111-1/+1
| | | | | | | | | | | | | | | | The code in native.bbclass adds -native suffix to the package names that don't have it. perl-native-runtime becomes perl-native-runtime-native because of this. Renamed perl-native-runtime -> hostperl-runtime-native to avoid mangling it and to conform with the naming convetion for native packages. (From OE-Core rev: f4dade8e765a8c7bfd131728b9e0a34631e24950) Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add musl configuration supportKhem Raj2015-12-121-1/+3
| | | | | | | | | | use termios instead of termio (From OE-Core rev: 753b6233e5da66d9e64952b8089589a1beebf8a9) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix ptest issuesWenzong Fan2015-11-251-4/+10
| | | | | | | | | | | | | | | | * follow symbolic links while copying sources from test/* * install required target files to remove Make errors: make[2]: *** No rule to make target 'xxx', needed by 'yyy'. * fix hardcode pathes: /usr/lib -> ${libdir}, /usr/bin -> ${bindir} (From OE-Core rev: 928adfc807d3c812fcd748e2cf65f392eebd852c) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix mips64 configure supportWenzong Fan2015-11-161-1/+1
| | | | | | | | | | | Match target name linux-mips64 as well, all mips64 targets will have mips(32) userspace. (From OE-Core rev: 245113ca1075bc3f0c47952e80b437229f855080) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add mapping for nios2Marek Vasut2015-09-281-1/+1
| | | | | | | | | | Map nios2 architecture to linux-generic32 target. (From OE-Core rev: f601a0df106fb1da188a4b1f1155d85fad4627bb) Signed-off-by: Marek Vasut <marex@denx.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl/orc: virtclass-native -> class-nativeRobert Yang2015-05-141-1/+1
| | | | | | | | | The virtclass-native is out of date. (From OE-Core rev: ed51b382928ee5f14d524e08a00a0c8931c491c5) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: disable SSLv3 by defaultBrendan Le Foll2015-02-191-0/+4
| | | | | | | | | | Because of the SSLv3 POODLE vulnerability, it's preferred to simply disable SSLv3 even if patched with the TLS_FALLBACK_SCSV (From OE-Core rev: 4e691d06ffdb4d1fd940996f419308fe53454df7) Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix and enable parallel buildRobert Yang2015-02-151-0/+3
| | | | | | | | | | | | | Fixed: Cannot create directory image/usr: File exists make: *** [install_sw] Error 17 Create /usr to avoid race issues. (From OE-Core rev: a831cbe6cce67396148b41d56cbc12f99a972bd1) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add mapping for microblaze architectureNathan Rossi2015-02-151-0/+3
| | | | | | | | | | Map the microblaze architecture to the linux-generic32 target. (From OE-Core rev: 7ea1979f687777bcafec393b6ab126ec11017074) Signed-off-by: Nathan Rossi <nathan.rossi@xilinx.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix hard paths in native opensslAndré Draszik2015-01-071-1/+8
| | | | | | | | | | | | | | | | This causes the package to not be relocateable from sstate The OpenSSL binaries respect a few environment variables for determining locations of files, so we now use these to point the binaries to the relocated locations. [YOCTO #6827] (From OE-Core rev: 771d3123331fbfab1eb9ce47e3013eabcb2248f5) Signed-off-by: André Draszik <adraszik@digisoft.tv> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Re-add linux-uclibc tupleKhem Raj2014-08-271-0/+1
| | | | | | | | | | | With last restructuring for musl, some of uclibc targets got ignored fsl/ppc and ARM worked ok since they use special target triplets which were already considered but other like mips, x86 and so on failed (From OE-Core rev: 63ab0ce2103bcf3a42ce5812a22409779126e114) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: add DEPENDS on openssl-native for rehashJackie Huang2014-08-231-0/+5
| | | | | | | | | | | | | | | | | 'make rehash' used the compiled openssl to get hash value for files, it always failed when cross compiling: /path/to/openssl/1.0.1i-r0/openssl-1.0.1i/util/shlib_wrap.sh: line 96: /path/to/openssl/1.0.1i-r0/openssl-1.0.1i/util/../apps/openssl: cannot execute binary file so add DEPENDS on openssl-native for target package and use it instead of the one compiled from target package. (From OE-Core rev: 9705586b6eca157e8f8fd6071f489a49bf1db181) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Repace if-else with case and add musl tripletKhem Raj2014-08-161-10/+10
| | | | | | | | | Simplifies the code and adds knowlwdge about musl targets (From OE-Core rev: 106305227003761c3fc562c21bb859a5256f2b36) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix ptestsPaul Eggleton2014-06-101-1/+2
| | | | | | | | | | | | | | Add some missing dependencies and fix the Makefile in order to get most of the ptest tests working (specifically test_bn, test_verify, test_cms, test_srp and test_heartbeat). test_verify still fails for unknown reasons (perhaps some of the now expired certificates weren't meant to have expired as far as the test is concerned?) but at least it has the certificates to run now. (From OE-Core rev: c679ec81c19dd2b5e366b713801785ce0ba5b49a) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: enable ptest supportMaxin B. John2014-04-291-1/+18
| | | | | | | | | | Install openssl test suite and run it as ptest. (From OE-Core rev: c48981d2d24a20978a17866fa478dde21bd96b91) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Globally replace 'base_contains' calls with 'bb.utils.contains'Otavio Salvador2014-04-251-2/+2
| | | | | | | | | | | The base_contains is kept as a compatibility method and we ought to not use it in OE-Core so we can remove it from base metadata in future. (From OE-Core rev: d83b16dbf0862be387f84228710cb165c6d2b03b) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade to v1.0.1gCristiana Voicu2014-04-081-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | The trigger for the upgrade was the serious "heartbleed" vulnerability (CVE-2014-0160). More information: http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx Dropped obsolete patches, because the new version contains them: 0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch 0001-Fix-DTLS-retransmission-from-previous-session.patch 0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch Modified 2 patches (small changes), in order to apply properly: initial-aarch64-bits.patch openssl-fix-doc.patch Addresses CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 (From OE-Core rev: ff52836e1838590eeec7d7658e15b21d83cf8455) Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix build on uclibcKhem Raj2014-02-171-3/+4
| | | | | | | | | | | we need to map OS string correctly to include linux-uclibcspe which is what we use with ppc+spe on uclibc, additionally move gnuspe triplet mapping to same code as well (From OE-Core rev: d9ee01e4043b8b321d7c374797492ef3c4c2e0de) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: use PACKAGECONFIG to disable perl bitsSaul Wold2013-12-211-6/+13
| | | | | | | | | | | | Adding perl to the RDEPENDS caused a performance hit to the overall build time since this was the only package that depended on perl. The openssl-misc package is not installed by default so use a PACKAGECONFIG which can be overridden to allow the perl scripts along with perl to be installed. (From OE-Core rev: 421e927bd453259f4b3cdbd1676f6e12f97bf34f) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl.inc: Install c_rehash utility with opensslmykhani2013-12-181-1/+6
| | | | | | | | | | | c_rehash utility is not being installed with openssl.It conveniently generates hash and symbolic links based on it for CA certificates stored locally for SSL based server authentication (From OE-Core rev: 3c2f9cf615c964e8303fd3e225ea7dd7b5485155) Signed-off-by: Yasir-Khan <yasir_khan@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: create package for openssl configuration fileQiang Chen2013-10-301-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Add the openssl-conf package to the list of packages to be created. This package contains the openssl.cnf file which is used by both the openssl executable in the openssl package and the libcrypto library. * This is to avoid messages like: WARNING: can't open config file: /usr/lib/ssl/openssl.cnf * When running "openssl req" to request and generate a certificate the command will fail without the openssl.cnf file being installed on the target system. * Made this package an RRECOMMENDS for libcrypto since: * libcrypto is a RDEPENDS for the openssl package * Users can specify a configuration file at another location so it is not stricly required and many commands will work without it (with warnings) (From OE-Core rev: 5c3ec044838e23539f9fe4cc74da4db2e5b59166) Signed-off-by: Chase Maupin <Chase.Maupin@ti.com> Signed-off-by: Qiang Chen <qiang.chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: switch ARM builds from linux-elf-arm to linux-armv4 configKoen Kooi2013-10-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This enables aes and sha1 assembly at buildtime. Openssl does a runtime check to see which portion gets enabled. './Configure TABLE' gives the following: *** linux-elf-arm $cc = $cflags = -DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall -Wa,--noexecstack -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl $bn_ops = BN_LLONG DES_RISC1 $cpuid_obj = $bn_obj = $des_obj = $aes_obj = $bf_obj = $md5_obj = $sha1_obj = $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = $wp_obj = $cmll_obj = $modes_obj = $engines_obj = $perlasm_scheme = void $dso_scheme = dlfcn $shared_target= linux-shared $shared_cflag = -fPIC $shared_ldflag = $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = $multilib = *** linux-armv4 $cc = gcc $cflags = -DTERMIO -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = armcap.o armv4cpuid.o $bn_obj = bn_asm.o armv4-mont.o armv4-gf2m.o $des_obj = $aes_obj = aes_cbc.o aes-armv4.o bsaes-armv7.o $bf_obj = $md5_obj = $sha1_obj = sha1-armv4-large.o sha256-armv4.o sha512-armv4.o $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = $wp_obj = $cmll_obj = $modes_obj = ghash-armv4.o $engines_obj = $perlasm_scheme = void $dso_scheme = dlfcn $shared_target= linux-shared $shared_cflag = -fPIC $shared_ldflag = $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = $multilib = Build tested on armv7a/angstrom and armv8/distroless, runtime tested on armv7a/angstrom. 'openssl speed' results: Algo blocksize ops/s after ops/s before difference ------------------------------------------- MD5 16 308,766 264,664 -14.28% 64 277,090 263,340 -4.96% 256 212,652 197,043 -7.34% 1024 103,604 100,157 -3.33% 8192 17,936 17,796 -0.78% sha1 16 290,011 385,098 32.79% 64 234,939 302,788 28.88% 256 144,831 177,028 22.23% 1024 57,043 67,374 18.11% 8192 8,586 9,932 15.68% sha256 16 290,443 605,747 108.56% 64 178,010 370,598 108.19% 256 82,107 168,770 105.55% 1024 26,064 53,068 103.61% 8192 3,550 7,211 103.10% sha512 16 59,618 259,354 335.03% 64 59,616 258,265 333.22% 256 21,727 98,057 351.31% 1024 7,449 34,304 360.49% 8192 1,047 4,842 362.63% des cbc 16 964,682 1,124,459 16.56% 64 260,188 298,910 14.88% 256 65,945 76,273 15.66% 1024 16,570 19,110 15.33% 8192 2,082 2,398 15.17% des ede3 16 370,442 429,906 16.05% 64 95,429 110,147 15.42% 256 23,928 27,808 16.21% 1024 5,993 6,960 16.13% 8192 752 868 15.36% aes128 16 1,712,050 2,301,100 34.41% 64 466,491 651,155 39.59% 256 120,181 168,953 40.58% 1024 30,177 42,792 41.80% 8192 3,791 5,361 41.41% aes192 16 1,472,560 1,964,900 33.43% 64 400,087 544,971 36.21% 256 103,245 141,062 36.63% 1024 25,902 35,389 36.63% 8192 3,256 4,451 36.67% eas256 16 1,330,524 1,772,143 33.19% 64 355,025 486,221 36.95% 256 90,663 125,281 38.18% 1024 22,725 31,484 38.54% 8192 2,837 3,952 39.31% rsa 2048bit 15 25 69.94% public 547 832 52.00% dsa 2048bit 55 86 54.26% verify 47 73 53.33% (From OE-Core rev: 8f29346a755d0a7690be9374cce6c88076541a3f) Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: use linux-generic64 target for Aarch64 (LE and BE)Fathi Boudra2013-10-261-0/+3
| | | | | | | | | | | | | | | | Update configure-targets.patch: - drop linux-aarch64 configuration Update do_configure(): - add linux-aarch64* case to cover linux-aarch64 and linux-aarch64_be - use linux-generic64 target in above case Backport initial-aarch64-bits.patch: - first order optimizations for Aarch64 (From OE-Core rev: 3252110ee5c8272a1f09563f2a794cac545e29d5) Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix multilib header conflict - opensslconf.hMing Liu2013-07-311-1/+2
| | | | | | | | | | opensslconf.h conflicts between 32-bit and 64-bit versions. (From OE-Core rev: 9b1ba604793015aad15c442f590464d0c224794c) Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: build always with -Wa,--noexecstackEnrico Scholz2013-03-181-5/+3
| | | | | | | | | | | | | There is no reason to disable exec-stack only for -native builds; binaries on the target will suffer from the same SELinux ACLs. OpenSSL does not use executable stack so this option can be disabled unconditionally. (From OE-Core rev: 9c32b62d6494139daf4bab3279779c392fead116) Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>