summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssl
Commit message (Collapse)AuthorAgeFilesLines
* openssl: upgrade to 1.0.2dJan Wetter2015-07-102-38/+2
| | | | | | | | | | This upgrade fixes CVE-2015-1793 Removed openssl-fix-link.patch. The linking issue has been fixed in openssl. (From OE-Core rev: 631632addbc81b06b7accfca8f8a9871d6b09111) Signed-off-by: Jan Wetter <jan.wetter@mikrom.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 1.0.2cRoy Li2015-07-013-46/+11
| | | | | | | | | | | upgrade to fix the CVE: CVE-2015-1788..CVE-2015-1792 and CVE-2014-8176 remove a backport patch update the c_rehash-compat.patch (From OE-Core rev: 5a70e45b8c6cb0fa7ea4fe1b326ad604508d00cb) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix building on x32 systemsCristian Iorga2015-06-232-0/+47
| | | | | | | | | | | | | Fix build on Fedora 21 i686. When building on x32 systems where the default type is 32bit, make sure that 64bit integers can be represented transparently. (From OE-Core rev: cd3eddcf2842b9a360f72caf4337ab2968462bb2) Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Backport upstreamed version of patch to fix build on mips64Khem Raj2015-05-303-54/+31
| | | | | | | | | | Previous patch had a concern as well and this is a direct backport of the patch fixing the problem. (From OE-Core rev: 3d48bb6d2d65d0837dcacc262633a55053652e5f) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix build with gcc5 on mips64Khem Raj2015-05-242-0/+54
| | | | | | | | | Patch is submitted upstream as well (From OE-Core rev: 40016c7c19abdbdae4fcd86fab9672631f26712b) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: drop the padlock_conf.patchRoy Li2015-05-242-32/+0
| | | | | | | | | | | | padlock_conf.patch will enable the padlock engine by default, but this engine does not work on some 32bit machine, and lead to openssl unable to work (From OE-Core rev: f7d186abca6ed9b48ae7393b8f244e1bfb46cb41) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl/orc: virtclass-native -> class-nativeRobert Yang2015-05-141-1/+1
| | | | | | | | | The virtclass-native is out of date. (From OE-Core rev: ed51b382928ee5f14d524e08a00a0c8931c491c5) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: remove 3 patchesRobert Yang2015-04-303-107/+0
| | | | | | | | | | | | | | | Removed: - openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch - upgate-vegsion-script-for-1.0.2.patch Since they are already in the source. - make-targets.patch It removed test dir from DIRS, which is not needed any more since we need build it. (From OE-Core rev: 5fa533c69f92f2dd46c795509b0830b36413b814) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* crypto: use bigint in x86-64 perlArmin Kuster2015-04-152-0/+36
| | | | | | | | | | | | | | on some hosts openssl fails to build with this error: ghash-x86_64.s: Assembler messages: ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression backported fix from community. (From OE-Core rev: 8230f873921d5c16106e3ebf57053a646bc6ad78) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: 1.0.2 -> 1.0.2aRichard Purdie2015-03-252-21/+23
| | | | | | | | | | | Patch updated to drop TERMIO flags since these are the default on Linux anyway (see https://git.openssl.org/?p=openssl.git;a=commit;h=64e6bf64b36136d487e2fbf907f09612e69ae911) Also drop patch merged upstream. (From OE-Core rev: 6cc1315b77bbdcc8f3a0d1e3132ad79ebbeeb2de) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade to 1.0.2Saul Wold2015-03-1016-467/+522
| | | | | | | | | | | | | Rebased numerous patches removed aarch64 initial work since it's part of upstream now Imported a few additional patches from Debian to support the version-script and blacklist additional bad certificates. (From OE-Core rev: 10b689033551c37d6cafa284d82bdccd43f6113e) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "openssl: fix and enable parallel build"Richard Purdie2015-02-231-0/+3
| | | | | | | | | | This reverts commit 7502fa5febdd7a2281d626f7040782fb1f9af59e. We keep seeing parallel make failures in openssl :( (From OE-Core rev: 9afc85a7be203c5a0eac1977e777a24504cb3088) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: disable SSLv3 by defaultBrendan Le Foll2015-02-191-0/+4
| | | | | | | | | | Because of the SSLv3 POODLE vulnerability, it's preferred to simply disable SSLv3 even if patched with the TLS_FALLBACK_SCSV (From OE-Core rev: 4e691d06ffdb4d1fd940996f419308fe53454df7) Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 1.0.1kMaxin B. John2015-02-151-2/+2
| | | | | | | | | | Upgrade includes 8 CVE bug fixes (From OE-Core rev: 5dc197f0b2a088d8a88480da0afc886c745f551b) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix and enable parallel buildRobert Yang2015-02-152-3/+3
| | | | | | | | | | | | | Fixed: Cannot create directory image/usr: File exists make: *** [install_sw] Error 17 Create /usr to avoid race issues. (From OE-Core rev: a831cbe6cce67396148b41d56cbc12f99a972bd1) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add mapping for microblaze architectureNathan Rossi2015-02-151-0/+3
| | | | | | | | | | Map the microblaze architecture to the linux-generic32 target. (From OE-Core rev: 7ea1979f687777bcafec393b6ab126ec11017074) Signed-off-by: Nathan Rossi <nathan.rossi@xilinx.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix hard paths in native opensslAndré Draszik2015-01-071-1/+8
| | | | | | | | | | | | | | | | This causes the package to not be relocateable from sstate The OpenSSL binaries respect a few environment variables for determining locations of files, so we now use these to point the binaries to the relocated locations. [YOCTO #6827] (From OE-Core rev: 771d3123331fbfab1eb9ce47e3013eabcb2248f5) Signed-off-by: André Draszik <adraszik@digisoft.tv> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 1.0.1jRoss Burton2014-10-181-2/+2
| | | | | | | (From OE-Core rev: 390916b8400a46088c71183aef6e17b947cf4b74) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Re-add linux-uclibc tupleKhem Raj2014-08-271-0/+1
| | | | | | | | | | | With last restructuring for musl, some of uclibc targets got ignored fsl/ppc and ARM worked ok since they use special target triplets which were already considered but other like mips, x86 and so on failed (From OE-Core rev: 63ab0ce2103bcf3a42ce5812a22409779126e114) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: add DEPENDS on openssl-native for rehashJackie Huang2014-08-231-0/+5
| | | | | | | | | | | | | | | | | 'make rehash' used the compiled openssl to get hash value for files, it always failed when cross compiling: /path/to/openssl/1.0.1i-r0/openssl-1.0.1i/util/shlib_wrap.sh: line 96: /path/to/openssl/1.0.1i-r0/openssl-1.0.1i/util/../apps/openssl: cannot execute binary file so add DEPENDS on openssl-native for target package and use it instead of the one compiled from target package. (From OE-Core rev: 9705586b6eca157e8f8fd6071f489a49bf1db181) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Repace if-else with case and add musl tripletKhem Raj2014-08-161-10/+10
| | | | | | | | | Simplifies the code and adds knowlwdge about musl targets (From OE-Core rev: 106305227003761c3fc562c21bb859a5256f2b36) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 1.0.1iPaul Eggleton2014-08-112-48/+2
| | | | | | | | | Removed one patch merged upstream. (From OE-Core rev: fc1d2b4ec7e7f5c5e2b3434bc8208967ead6f336) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix ptestsPaul Eggleton2014-06-103-1/+33
| | | | | | | | | | | | | | Add some missing dependencies and fix the Makefile in order to get most of the ptest tests working (specifically test_bn, test_verify, test_cms, test_srp and test_heartbeat). test_verify still fails for unknown reasons (perhaps some of the now expired certificates weren't meant to have expired as far as the test is concerned?) but at least it has the certificates to run now. (From OE-Core rev: c679ec81c19dd2b5e366b713801785ce0ba5b49a) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 1.0.1hPaul Eggleton2014-06-105-453/+48
| | | | | | | | | | | | | | | | | | | | | | Fixes the following security issues: * CVE-2014-0224 * CVE-2014-0221 * CVE-2014-0195 * CVE-2014-3470 The patch for CVE-2010-5298, CVE-2014-0198 and a fix for building the documentation are integrated upstream in this release and so were dropped. Additionally, a patch from upstream was added in order to fix a failure during do_compile_ptest_base. A similar upgrade was also submitted by Yao Xinpan <yaoxp@cn.fujitsu.com> and Lei Maohui <leimaohui@cn.fujitsu.com>. (From OE-Core rev: a3e80de6d423c272a287bf3538196b48ac5ddec1) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: add openssl-CVE-2010-5298.patch SRC_URIRoy Li2014-05-292-0/+1
| | | | | | | | | | make openssl-CVE-2010-5298.patch truely work (From OE-Core rev: eab33442480cc27a5cd00b3f46984fea74b7c0f9) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix for CVE-2010-5298Yue Tao2014-05-211-0/+24
| | | | | | | | | | | | | | | | | Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298 (From OE-Core rev: 751f81ed8dc488c500837aeb3eb41ebf3237e10b) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update upstream status for a patchCristiana Voicu2014-05-081-0/+1
| | | | | | | | | | | The patch is not included in 1.0.1g, but it is included on 1.0.2 branch. (From OE-Core rev: f99ca886da274fafa212e354f9e4871eb7e59e87) Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix CVE-2014-0198Maxin B. John2014-05-082-0/+24
| | | | | | | | | | | | | | A null pointer dereference bug was discovered in do_ssl3_write(). An attacker could possibly use this to cause OpenSSL to crash, resulting in a denial of service. https://access.redhat.com/security/cve/CVE-2014-0198 (From OE-Core rev: 580033721abbbb4302bc803ebc70c90e331e4587) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: enable ptest supportMaxin B. John2014-04-294-1/+97
| | | | | | | | | | Install openssl test suite and run it as ptest. (From OE-Core rev: c48981d2d24a20978a17866fa478dde21bd96b91) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Globally replace 'base_contains' calls with 'bb.utils.contains'Otavio Salvador2014-04-251-2/+2
| | | | | | | | | | | The base_contains is kept as a compatibility method and we ought to not use it in OE-Core so we can remove it from base metadata in future. (From OE-Core rev: d83b16dbf0862be387f84228710cb165c6d2b03b) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cryptodev-linux: move to recipes-kernel to be shared with module and testsDenys Dmytriyenko2014-04-241-22/+0
| | | | | | | (From OE-Core rev: e7aace7658fabe41839a3ec1b596bf28c6a4c02e) Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade to v1.0.1gCristiana Voicu2014-04-0830-701/+522
| | | | | | | | | | | | | | | | | | | | | | | | The trigger for the upgrade was the serious "heartbleed" vulnerability (CVE-2014-0160). More information: http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx Dropped obsolete patches, because the new version contains them: 0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch 0001-Fix-DTLS-retransmission-from-previous-session.patch 0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch Modified 2 patches (small changes), in order to apply properly: initial-aarch64-bits.patch openssl-fix-doc.patch Addresses CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 (From OE-Core rev: ff52836e1838590eeec7d7658e15b21d83cf8455) Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix pod2man des.pod error on Ubuntu 12.04Baogen Shang2014-04-012-0/+20
| | | | | | | | | | | | This is a formatting fix, '=back' is required before '=head1' on Ubuntu 12.04. (From OE-Core rev: 362d20e04e64a7437d7f61761057c721066e805f) Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Jeff Polk <jeff.polk@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ocf-linux: remove recipeKai Kang2014-03-272-30/+0
| | | | | | | | | | | | ocf-linux only provides header file and no kernel module is built. We can't use ocf-linux without its implementation. And linux-yocto uses an alternative project cryptodev-linux, so we remove ocf-linux and use cryptodev-linux instead. (From OE-Core rev: 45f1659f49edbceed0b75c0319880151161fdc8e) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: replace dependency ocf-linux with cryptodev-linuxKai Kang2014-03-271-1/+1
| | | | | | | | | | | | ocf-linux only provides header files but no implementation in kernel. And Yocto kernel linux-yocto use cryptodev-linux to implement /dev/crypto interface. So replace dependency ocf-linux with cryptodev-linux for openssl. (From OE-Core rev: b36b15cddbe52e6770b96e06af2959cea0e2436f) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cryptodev-linux: add recipeKai Kang2014-03-271-0/+22
| | | | | | | | | | | Yocto kernel linux-yocto uses cryptodev-linux to use device /dev/crypto. So add cryptodev-linux which is one alternative of ocf-linux and then remove ocf-linux later. (From OE-Core rev: 6b6c24eccdb0030ecccadefe94c1c5b4387e46d1) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Security Advisory - openssl - CVE-2013-6449Yue Tao2014-03-272-0/+34
| | | | | | | | | | | | | The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. (From OE-Core rev: 3e0ac7357a962e3ef6595d21ec4843b078a764dd) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Security Advisory - openssl - CVE-2013-6450Yue Tao2014-03-272-0/+82
| | | | | | | | | | | | | | The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. (From OE-Core rev: 94352e694cd828aa84abd846149712535f48ab0f) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Security Advisory - openssl - CVE-2013-4353Yue Tao2014-03-272-0/+32
| | | | | | | | | | | | | The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (From OE-Core rev: 35ccce7002188c8270d2fead35f9763b22776877) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix build on uclibcKhem Raj2014-02-171-3/+4
| | | | | | | | | | | we need to map OS string correctly to include linux-uclibcspe which is what we use with ppc+spe on uclibc, additionally move gnuspe triplet mapping to same code as well (From OE-Core rev: d9ee01e4043b8b321d7c374797492ef3c4c2e0de) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Replace one-line DESCRIPTION with SUMMARYPaul Eggleton2014-01-021-1/+1
| | | | | | | | | | | | | | A lot of our recipes had short one-line DESCRIPTION values and no SUMMARY value set. In this case it's much better to just set SUMMARY since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY is at least useful. I also took the opportunity to fix up a lot of the new SUMMARY values, making them concisely explain the function of the recipe / package where possible. (From OE-Core rev: b8feee3cf21f70ba4ec3b822d2f596d4fc02a292) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: use PACKAGECONFIG to disable perl bitsSaul Wold2013-12-211-6/+13
| | | | | | | | | | | | Adding perl to the RDEPENDS caused a performance hit to the overall build time since this was the only package that depended on perl. The openssl-misc package is not installed by default so use a PACKAGECONFIG which can be overridden to allow the perl scripts along with perl to be installed. (From OE-Core rev: 421e927bd453259f4b3cdbd1676f6e12f97bf34f) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl.inc: Install c_rehash utility with opensslmykhani2013-12-181-1/+6
| | | | | | | | | | | c_rehash utility is not being installed with openssl.It conveniently generates hash and symbolic links based on it for CA certificates stored locally for SSL based server authentication (From OE-Core rev: 3c2f9cf615c964e8303fd3e225ea7dd7b5485155) Signed-off-by: Yasir-Khan <yasir_khan@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: create package for openssl configuration fileQiang Chen2013-10-301-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Add the openssl-conf package to the list of packages to be created. This package contains the openssl.cnf file which is used by both the openssl executable in the openssl package and the libcrypto library. * This is to avoid messages like: WARNING: can't open config file: /usr/lib/ssl/openssl.cnf * When running "openssl req" to request and generate a certificate the command will fail without the openssl.cnf file being installed on the target system. * Made this package an RRECOMMENDS for libcrypto since: * libcrypto is a RDEPENDS for the openssl package * Users can specify a configuration file at another location so it is not stricly required and many commands will work without it (with warnings) (From OE-Core rev: 5c3ec044838e23539f9fe4cc74da4db2e5b59166) Signed-off-by: Chase Maupin <Chase.Maupin@ti.com> Signed-off-by: Qiang Chen <qiang.chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: switch ARM builds from linux-elf-arm to linux-armv4 configKoen Kooi2013-10-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This enables aes and sha1 assembly at buildtime. Openssl does a runtime check to see which portion gets enabled. './Configure TABLE' gives the following: *** linux-elf-arm $cc = $cflags = -DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall -Wa,--noexecstack -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl $bn_ops = BN_LLONG DES_RISC1 $cpuid_obj = $bn_obj = $des_obj = $aes_obj = $bf_obj = $md5_obj = $sha1_obj = $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = $wp_obj = $cmll_obj = $modes_obj = $engines_obj = $perlasm_scheme = void $dso_scheme = dlfcn $shared_target= linux-shared $shared_cflag = -fPIC $shared_ldflag = $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = $multilib = *** linux-armv4 $cc = gcc $cflags = -DTERMIO -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = armcap.o armv4cpuid.o $bn_obj = bn_asm.o armv4-mont.o armv4-gf2m.o $des_obj = $aes_obj = aes_cbc.o aes-armv4.o bsaes-armv7.o $bf_obj = $md5_obj = $sha1_obj = sha1-armv4-large.o sha256-armv4.o sha512-armv4.o $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = $wp_obj = $cmll_obj = $modes_obj = ghash-armv4.o $engines_obj = $perlasm_scheme = void $dso_scheme = dlfcn $shared_target= linux-shared $shared_cflag = -fPIC $shared_ldflag = $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = $multilib = Build tested on armv7a/angstrom and armv8/distroless, runtime tested on armv7a/angstrom. 'openssl speed' results: Algo blocksize ops/s after ops/s before difference ------------------------------------------- MD5 16 308,766 264,664 -14.28% 64 277,090 263,340 -4.96% 256 212,652 197,043 -7.34% 1024 103,604 100,157 -3.33% 8192 17,936 17,796 -0.78% sha1 16 290,011 385,098 32.79% 64 234,939 302,788 28.88% 256 144,831 177,028 22.23% 1024 57,043 67,374 18.11% 8192 8,586 9,932 15.68% sha256 16 290,443 605,747 108.56% 64 178,010 370,598 108.19% 256 82,107 168,770 105.55% 1024 26,064 53,068 103.61% 8192 3,550 7,211 103.10% sha512 16 59,618 259,354 335.03% 64 59,616 258,265 333.22% 256 21,727 98,057 351.31% 1024 7,449 34,304 360.49% 8192 1,047 4,842 362.63% des cbc 16 964,682 1,124,459 16.56% 64 260,188 298,910 14.88% 256 65,945 76,273 15.66% 1024 16,570 19,110 15.33% 8192 2,082 2,398 15.17% des ede3 16 370,442 429,906 16.05% 64 95,429 110,147 15.42% 256 23,928 27,808 16.21% 1024 5,993 6,960 16.13% 8192 752 868 15.36% aes128 16 1,712,050 2,301,100 34.41% 64 466,491 651,155 39.59% 256 120,181 168,953 40.58% 1024 30,177 42,792 41.80% 8192 3,791 5,361 41.41% aes192 16 1,472,560 1,964,900 33.43% 64 400,087 544,971 36.21% 256 103,245 141,062 36.63% 1024 25,902 35,389 36.63% 8192 3,256 4,451 36.67% eas256 16 1,330,524 1,772,143 33.19% 64 355,025 486,221 36.95% 256 90,663 125,281 38.18% 1024 22,725 31,484 38.54% 8192 2,837 3,952 39.31% rsa 2048bit 15 25 69.94% public 547 832 52.00% dsa 2048bit 55 86 54.26% verify 47 73 53.33% (From OE-Core rev: 8f29346a755d0a7690be9374cce6c88076541a3f) Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: use linux-generic64 target for Aarch64 (LE and BE)Fathi Boudra2013-10-264-8/+120
| | | | | | | | | | | | | | | | Update configure-targets.patch: - drop linux-aarch64 configuration Update do_configure(): - add linux-aarch64* case to cover linux-aarch64 and linux-aarch64_be - use linux-generic64 target in above case Backport initial-aarch64-bits.patch: - first order optimizations for Aarch64 (From OE-Core rev: 3252110ee5c8272a1f09563f2a794cac545e29d5) Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: avoid NULL pointer dereference in three placesXufeng Zhang2013-08-263-0/+62
| | | | | | | | | | | | | | | | There are three potential NULL pointer dereference in EVP_DigestInit_ex(), dh_pub_encode() and dsa_pub_encode() functions. Fix them by adding proper null pointer check. [YOCTO #4600] [ CQID: WIND00373257 ] (From OE-Core rev: 4779d3c89cf0129763a4f5b7306c1247a0d6d021) Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix multilib header conflict - opensslconf.hMing Liu2013-07-311-1/+2
| | | | | | | | | | opensslconf.h conflicts between 32-bit and 64-bit versions. (From OE-Core rev: 9b1ba604793015aad15c442f590464d0c224794c) Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Add fix for cipher des-ede3-cfb1Muhammad Shakeel2013-06-172-0/+23
| | | | | | | | | | | | Add patch file for one of the ciphers used in openssl, namely the cipher des-ede3-cfb1. Details of the bug, without this patch, can be found here. http://rt.openssl.org/Ticket/Display.html?id=2867 (From OE-Core rev: ed61c28b9af2f11f46488332b80752b734a3cdeb) Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix documentation build errors with Perl 5.18 pod2manJonathan Liu2013-05-302-0/+436
| | | | | | | (From OE-Core rev: 8792b7fb4ef8d66336d52de7e81efbb818e16b08) Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>