diff options
Diffstat (limited to 'meta/recipes-connectivity/openssl')
-rw-r--r-- | meta/recipes-connectivity/openssl/files/environment.d-openssl.sh | 25 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch | 367 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch | 13 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch | 18 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/afalg.patch | 31 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/run-ptest | 19 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl_3.5.0.bb (renamed from meta/recipes-connectivity/openssl/openssl_3.0.0.bb) | 165 |
7 files changed, 525 insertions, 113 deletions
diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh index b9cc24a7ac..71d378734c 100644 --- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh +++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh | |||
@@ -1 +1,24 @@ | |||
1 | export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf" | 1 | export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/openssl.cnf" |
2 | export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/" | ||
3 | export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3" | ||
4 | export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} OPENSSL_CONF OPENSSL_MODULES OPENSSL_ENGINES" | ||
5 | |||
6 | # Respect host env SSL_CERT_FILE/SSL_CERT_DIR first, then auto-detected host cert, then cert in buildtools | ||
7 | # CAFILE/CAPATH is auto-deteced when source buildtools | ||
8 | if [ -z "$SSL_CERT_FILE" ]; then | ||
9 | if [ -n "$CAFILE" ];then | ||
10 | export SSL_CERT_FILE="$CAFILE" | ||
11 | elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then | ||
12 | export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs/ca-certificates.crt" | ||
13 | fi | ||
14 | fi | ||
15 | |||
16 | if [ -z "$SSL_CERT_DIR" ]; then | ||
17 | if [ -n "$CAPATH" ];then | ||
18 | export SSL_CERT_DIR="$CAPATH" | ||
19 | elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then | ||
20 | export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl-3/certs" | ||
21 | fi | ||
22 | fi | ||
23 | |||
24 | export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE" | ||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch new file mode 100644 index 0000000000..5b7365a353 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Added-handshake-history-reporting-when-test-fails.patch | |||
@@ -0,0 +1,367 @@ | |||
1 | From 5ba65051fea0513db0d997f0ab7cafb9826ed74a Mon Sep 17 00:00:00 2001 | ||
2 | From: William Lyu <William.Lyu@windriver.com> | ||
3 | Date: Fri, 20 Oct 2023 16:22:37 -0400 | ||
4 | Subject: [PATCH] Added handshake history reporting when test fails | ||
5 | |||
6 | Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/22481] | ||
7 | |||
8 | Signed-off-by: William Lyu <William.Lyu@windriver.com> | ||
9 | --- | ||
10 | test/helpers/handshake.c | 137 +++++++++++++++++++++++++++++---------- | ||
11 | test/helpers/handshake.h | 70 +++++++++++++++++++- | ||
12 | test/ssl_test.c | 44 +++++++++++++ | ||
13 | 3 files changed, 217 insertions(+), 34 deletions(-) | ||
14 | |||
15 | diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c | ||
16 | index f611b3a..5703b48 100644 | ||
17 | --- a/test/helpers/handshake.c | ||
18 | +++ b/test/helpers/handshake.c | ||
19 | @@ -25,6 +25,102 @@ | ||
20 | #include <netinet/sctp.h> | ||
21 | #endif | ||
22 | |||
23 | +/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ | ||
24 | +/* Maps string names to various enumeration type */ | ||
25 | +typedef struct { | ||
26 | + const char *name; | ||
27 | + int value; | ||
28 | +} enum_name_map; | ||
29 | + | ||
30 | +static const enum_name_map connect_phase_names[] = { | ||
31 | + {"Handshake", HANDSHAKE}, | ||
32 | + {"RenegAppData", RENEG_APPLICATION_DATA}, | ||
33 | + {"RenegSetup", RENEG_SETUP}, | ||
34 | + {"RenegHandshake", RENEG_HANDSHAKE}, | ||
35 | + {"AppData", APPLICATION_DATA}, | ||
36 | + {"Shutdown", SHUTDOWN}, | ||
37 | + {"ConnectionDone", CONNECTION_DONE} | ||
38 | +}; | ||
39 | + | ||
40 | +static const enum_name_map peer_status_names[] = { | ||
41 | + {"PeerSuccess", PEER_SUCCESS}, | ||
42 | + {"PeerRetry", PEER_RETRY}, | ||
43 | + {"PeerError", PEER_ERROR}, | ||
44 | + {"PeerWaiting", PEER_WAITING}, | ||
45 | + {"PeerTestFail", PEER_TEST_FAILURE} | ||
46 | +}; | ||
47 | + | ||
48 | +static const enum_name_map handshake_status_names[] = { | ||
49 | + {"HandshakeSuccess", HANDSHAKE_SUCCESS}, | ||
50 | + {"ClientError", CLIENT_ERROR}, | ||
51 | + {"ServerError", SERVER_ERROR}, | ||
52 | + {"InternalError", INTERNAL_ERROR}, | ||
53 | + {"HandshakeRetry", HANDSHAKE_RETRY} | ||
54 | +}; | ||
55 | + | ||
56 | +/* Shamelessly copied from test/helpers/ssl_test_ctx.c */ | ||
57 | +static const char *enum_name(const enum_name_map *enums, size_t num_enums, | ||
58 | + int value) | ||
59 | +{ | ||
60 | + size_t i; | ||
61 | + for (i = 0; i < num_enums; i++) { | ||
62 | + if (enums[i].value == value) { | ||
63 | + return enums[i].name; | ||
64 | + } | ||
65 | + } | ||
66 | + return "InvalidValue"; | ||
67 | +} | ||
68 | + | ||
69 | +const char *handshake_connect_phase_name(connect_phase_t phase) | ||
70 | +{ | ||
71 | + return enum_name(connect_phase_names, OSSL_NELEM(connect_phase_names), | ||
72 | + (int)phase); | ||
73 | +} | ||
74 | + | ||
75 | +const char *handshake_status_name(handshake_status_t handshake_status) | ||
76 | +{ | ||
77 | + return enum_name(handshake_status_names, OSSL_NELEM(handshake_status_names), | ||
78 | + (int)handshake_status); | ||
79 | +} | ||
80 | + | ||
81 | +const char *handshake_peer_status_name(peer_status_t peer_status) | ||
82 | +{ | ||
83 | + return enum_name(peer_status_names, OSSL_NELEM(peer_status_names), | ||
84 | + (int)peer_status); | ||
85 | +} | ||
86 | + | ||
87 | +static void save_loop_history(HANDSHAKE_HISTORY *history, | ||
88 | + connect_phase_t phase, | ||
89 | + handshake_status_t handshake_status, | ||
90 | + peer_status_t server_status, | ||
91 | + peer_status_t client_status, | ||
92 | + int client_turn_count, | ||
93 | + int is_client_turn) | ||
94 | +{ | ||
95 | + HANDSHAKE_HISTORY_ENTRY *new_entry = NULL; | ||
96 | + | ||
97 | + /* | ||
98 | + * Create a new history entry for a handshake loop with statuses given in | ||
99 | + * the arguments. Potentially evicting the oldest entry when the | ||
100 | + * ring buffer is full. | ||
101 | + */ | ||
102 | + ++(history->last_idx); | ||
103 | + history->last_idx &= MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; | ||
104 | + | ||
105 | + new_entry = &((history->entries)[history->last_idx]); | ||
106 | + new_entry->phase = phase; | ||
107 | + new_entry->handshake_status = handshake_status; | ||
108 | + new_entry->server_status = server_status; | ||
109 | + new_entry->client_status = client_status; | ||
110 | + new_entry->client_turn_count = client_turn_count; | ||
111 | + new_entry->is_client_turn = is_client_turn; | ||
112 | + | ||
113 | + /* Evict the oldest handshake loop entry when the ring buffer is full. */ | ||
114 | + if (history->entry_count < MAX_HANDSHAKE_HISTORY_ENTRY) { | ||
115 | + ++(history->entry_count); | ||
116 | + } | ||
117 | +} | ||
118 | + | ||
119 | HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void) | ||
120 | { | ||
121 | HANDSHAKE_RESULT *ret; | ||
122 | @@ -726,15 +822,6 @@ static void configure_handshake_ssl(SSL *server, SSL *client, | ||
123 | SSL_set_post_handshake_auth(client, 1); | ||
124 | } | ||
125 | |||
126 | -/* The status for each connection phase. */ | ||
127 | -typedef enum { | ||
128 | - PEER_SUCCESS, | ||
129 | - PEER_RETRY, | ||
130 | - PEER_ERROR, | ||
131 | - PEER_WAITING, | ||
132 | - PEER_TEST_FAILURE | ||
133 | -} peer_status_t; | ||
134 | - | ||
135 | /* An SSL object and associated read-write buffers. */ | ||
136 | typedef struct peer_st { | ||
137 | SSL *ssl; | ||
138 | @@ -1081,17 +1168,6 @@ static void do_shutdown_step(PEER *peer) | ||
139 | } | ||
140 | } | ||
141 | |||
142 | -typedef enum { | ||
143 | - HANDSHAKE, | ||
144 | - RENEG_APPLICATION_DATA, | ||
145 | - RENEG_SETUP, | ||
146 | - RENEG_HANDSHAKE, | ||
147 | - APPLICATION_DATA, | ||
148 | - SHUTDOWN, | ||
149 | - CONNECTION_DONE | ||
150 | -} connect_phase_t; | ||
151 | - | ||
152 | - | ||
153 | static int renegotiate_op(const SSL_TEST_CTX *test_ctx) | ||
154 | { | ||
155 | switch (test_ctx->handshake_mode) { | ||
156 | @@ -1169,19 +1245,6 @@ static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer, | ||
157 | } | ||
158 | } | ||
159 | |||
160 | -typedef enum { | ||
161 | - /* Both parties succeeded. */ | ||
162 | - HANDSHAKE_SUCCESS, | ||
163 | - /* Client errored. */ | ||
164 | - CLIENT_ERROR, | ||
165 | - /* Server errored. */ | ||
166 | - SERVER_ERROR, | ||
167 | - /* Peers are in inconsistent state. */ | ||
168 | - INTERNAL_ERROR, | ||
169 | - /* One or both peers not done. */ | ||
170 | - HANDSHAKE_RETRY | ||
171 | -} handshake_status_t; | ||
172 | - | ||
173 | /* | ||
174 | * Determine the handshake outcome. | ||
175 | * last_status: the status of the peer to have acted last. | ||
176 | @@ -1546,6 +1609,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( | ||
177 | |||
178 | start = time(NULL); | ||
179 | |||
180 | + save_loop_history(&(ret->history), | ||
181 | + phase, status, server.status, client.status, | ||
182 | + client_turn_count, client_turn); | ||
183 | + | ||
184 | /* | ||
185 | * Half-duplex handshake loop. | ||
186 | * Client and server speak to each other synchronously in the same process. | ||
187 | @@ -1567,6 +1634,10 @@ static HANDSHAKE_RESULT *do_handshake_internal( | ||
188 | 0 /* server went last */); | ||
189 | } | ||
190 | |||
191 | + save_loop_history(&(ret->history), | ||
192 | + phase, status, server.status, client.status, | ||
193 | + client_turn_count, client_turn); | ||
194 | + | ||
195 | switch (status) { | ||
196 | case HANDSHAKE_SUCCESS: | ||
197 | client_turn_count = 0; | ||
198 | diff --git a/test/helpers/handshake.h b/test/helpers/handshake.h | ||
199 | index 78b03f9..b9967c2 100644 | ||
200 | --- a/test/helpers/handshake.h | ||
201 | +++ b/test/helpers/handshake.h | ||
202 | @@ -1,5 +1,5 @@ | ||
203 | /* | ||
204 | - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | ||
205 | + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. | ||
206 | * | ||
207 | * Licensed under the Apache License 2.0 (the "License"). You may not use | ||
208 | * this file except in compliance with the License. You can obtain a copy | ||
209 | @@ -12,6 +12,11 @@ | ||
210 | |||
211 | #include "ssl_test_ctx.h" | ||
212 | |||
213 | +#define MAX_HANDSHAKE_HISTORY_ENTRY_BIT 4 | ||
214 | +#define MAX_HANDSHAKE_HISTORY_ENTRY (1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) | ||
215 | +#define MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK \ | ||
216 | + ((1 << MAX_HANDSHAKE_HISTORY_ENTRY_BIT) - 1) | ||
217 | + | ||
218 | typedef struct ctx_data_st { | ||
219 | unsigned char *npn_protocols; | ||
220 | size_t npn_protocols_len; | ||
221 | @@ -22,6 +27,63 @@ typedef struct ctx_data_st { | ||
222 | char *session_ticket_app_data; | ||
223 | } CTX_DATA; | ||
224 | |||
225 | +typedef enum { | ||
226 | + HANDSHAKE, | ||
227 | + RENEG_APPLICATION_DATA, | ||
228 | + RENEG_SETUP, | ||
229 | + RENEG_HANDSHAKE, | ||
230 | + APPLICATION_DATA, | ||
231 | + SHUTDOWN, | ||
232 | + CONNECTION_DONE | ||
233 | +} connect_phase_t; | ||
234 | + | ||
235 | +/* The status for each connection phase. */ | ||
236 | +typedef enum { | ||
237 | + PEER_SUCCESS, | ||
238 | + PEER_RETRY, | ||
239 | + PEER_ERROR, | ||
240 | + PEER_WAITING, | ||
241 | + PEER_TEST_FAILURE | ||
242 | +} peer_status_t; | ||
243 | + | ||
244 | +typedef enum { | ||
245 | + /* Both parties succeeded. */ | ||
246 | + HANDSHAKE_SUCCESS, | ||
247 | + /* Client errored. */ | ||
248 | + CLIENT_ERROR, | ||
249 | + /* Server errored. */ | ||
250 | + SERVER_ERROR, | ||
251 | + /* Peers are in inconsistent state. */ | ||
252 | + INTERNAL_ERROR, | ||
253 | + /* One or both peers not done. */ | ||
254 | + HANDSHAKE_RETRY | ||
255 | +} handshake_status_t; | ||
256 | + | ||
257 | +/* Stores the various status information in a handshake loop. */ | ||
258 | +typedef struct handshake_history_entry_st { | ||
259 | + connect_phase_t phase; | ||
260 | + handshake_status_t handshake_status; | ||
261 | + peer_status_t server_status; | ||
262 | + peer_status_t client_status; | ||
263 | + int client_turn_count; | ||
264 | + int is_client_turn; | ||
265 | +} HANDSHAKE_HISTORY_ENTRY; | ||
266 | + | ||
267 | +typedef struct handshake_history_st { | ||
268 | + /* Implemented using ring buffer. */ | ||
269 | + /* | ||
270 | + * The valid entries are |entries[last_idx]|, |entries[last_idx-1]|, | ||
271 | + * ..., etc., going up to |entry_count| number of entries. Note that when | ||
272 | + * the index into the array |entries| becomes < 0, we wrap around to | ||
273 | + * the end of |entries|. | ||
274 | + */ | ||
275 | + HANDSHAKE_HISTORY_ENTRY entries[MAX_HANDSHAKE_HISTORY_ENTRY]; | ||
276 | + /* The number of valid entries in |entries| array. */ | ||
277 | + size_t entry_count; | ||
278 | + /* The index of the last valid entry in the |entries| array. */ | ||
279 | + size_t last_idx; | ||
280 | +} HANDSHAKE_HISTORY; | ||
281 | + | ||
282 | typedef struct handshake_result { | ||
283 | ssl_test_result_t result; | ||
284 | /* These alerts are in the 2-byte format returned by the info_callback. */ | ||
285 | @@ -77,6 +139,8 @@ typedef struct handshake_result { | ||
286 | char *cipher; | ||
287 | /* session ticket application data */ | ||
288 | char *result_session_ticket_app_data; | ||
289 | + /* handshake loop history */ | ||
290 | + HANDSHAKE_HISTORY history; | ||
291 | } HANDSHAKE_RESULT; | ||
292 | |||
293 | HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); | ||
294 | @@ -95,4 +159,8 @@ int configure_handshake_ctx_for_srp(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, | ||
295 | CTX_DATA *server2_ctx_data, | ||
296 | CTX_DATA *client_ctx_data); | ||
297 | |||
298 | +const char *handshake_connect_phase_name(connect_phase_t phase); | ||
299 | +const char *handshake_status_name(handshake_status_t handshake_status); | ||
300 | +const char *handshake_peer_status_name(peer_status_t peer_status); | ||
301 | + | ||
302 | #endif /* OSSL_TEST_HANDSHAKE_HELPER_H */ | ||
303 | diff --git a/test/ssl_test.c b/test/ssl_test.c | ||
304 | index ea60851..9d6b093 100644 | ||
305 | --- a/test/ssl_test.c | ||
306 | +++ b/test/ssl_test.c | ||
307 | @@ -26,6 +26,44 @@ static OSSL_LIB_CTX *libctx = NULL; | ||
308 | /* Currently the section names are of the form test-<number>, e.g. test-15. */ | ||
309 | #define MAX_TESTCASE_NAME_LENGTH 100 | ||
310 | |||
311 | +static void print_handshake_history(const HANDSHAKE_HISTORY *history) | ||
312 | +{ | ||
313 | + size_t first_idx; | ||
314 | + size_t i; | ||
315 | + size_t cur_idx; | ||
316 | + const HANDSHAKE_HISTORY_ENTRY *cur_entry; | ||
317 | + const char header_template[] = "|%14s|%16s|%16s|%16s|%17s|%14s|"; | ||
318 | + const char body_template[] = "|%14s|%16s|%16s|%16s|%17d|%14s|"; | ||
319 | + | ||
320 | + TEST_info("The following is the server/client state " | ||
321 | + "in the most recent %d handshake loops.", | ||
322 | + MAX_HANDSHAKE_HISTORY_ENTRY); | ||
323 | + | ||
324 | + TEST_note("==================================================" | ||
325 | + "=================================================="); | ||
326 | + TEST_note(header_template, | ||
327 | + "phase", "handshake status", "server status", | ||
328 | + "client status", "client turn count", "is client turn"); | ||
329 | + TEST_note("+--------------+----------------+----------------" | ||
330 | + "+----------------+-----------------+--------------+"); | ||
331 | + | ||
332 | + first_idx = (history->last_idx - history->entry_count + 1) & | ||
333 | + MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; | ||
334 | + for (i = 0; i < history->entry_count; ++i) { | ||
335 | + cur_idx = (first_idx + i) & MAX_HANDSHAKE_HISTORY_ENTRY_IDX_MASK; | ||
336 | + cur_entry = &(history->entries)[cur_idx]; | ||
337 | + TEST_note(body_template, | ||
338 | + handshake_connect_phase_name(cur_entry->phase), | ||
339 | + handshake_status_name(cur_entry->handshake_status), | ||
340 | + handshake_peer_status_name(cur_entry->server_status), | ||
341 | + handshake_peer_status_name(cur_entry->client_status), | ||
342 | + cur_entry->client_turn_count, | ||
343 | + cur_entry->is_client_turn ? "true" : "false"); | ||
344 | + } | ||
345 | + TEST_note("==================================================" | ||
346 | + "=================================================="); | ||
347 | +} | ||
348 | + | ||
349 | static const char *print_alert(int alert) | ||
350 | { | ||
351 | return alert ? SSL_alert_desc_string_long(alert) : "no alert"; | ||
352 | @@ -388,6 +426,12 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) | ||
353 | ret &= check_client_sign_type(result, test_ctx); | ||
354 | ret &= check_client_ca_names(result, test_ctx); | ||
355 | } | ||
356 | + | ||
357 | + /* Print handshake loop history if any check fails. */ | ||
358 | + if (!ret) { | ||
359 | + print_handshake_history(&(result->history)); | ||
360 | + } | ||
361 | + | ||
362 | return ret; | ||
363 | } | ||
364 | |||
365 | -- | ||
366 | 2.25.1 | ||
367 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch index 5effa6c6f6..7043188973 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch | |||
@@ -1,6 +1,6 @@ | |||
1 | From 326909baf81a638d51fa8be1d8227518784f5cc4 Mon Sep 17 00:00:00 2001 | 1 | From 0377f0d5b5c1079e3b9a80881f4dcc891cbe9f9a Mon Sep 17 00:00:00 2001 |
2 | From: Alexander Kanavin <alex@linutronix.de> | 2 | From: Alexander Kanavin <alex@linutronix.de> |
3 | Date: Tue, 14 Sep 2021 12:18:25 +0200 | 3 | Date: Tue, 30 May 2023 09:11:27 -0700 |
4 | Subject: [PATCH] Configure: do not tweak mips cflags | 4 | Subject: [PATCH] Configure: do not tweak mips cflags |
5 | 5 | ||
6 | This conflicts with mips machine definitons from yocto, | 6 | This conflicts with mips machine definitons from yocto, |
@@ -9,20 +9,23 @@ e.g. | |||
9 | 9 | ||
10 | Upstream-Status: Inappropriate [oe-core specific] | 10 | Upstream-Status: Inappropriate [oe-core specific] |
11 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> | 11 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> |
12 | |||
13 | Refreshed for openssl-3.1.1 | ||
14 | Signed-off-by: Tim Orling <tim.orling@konsulko.com> | ||
12 | --- | 15 | --- |
13 | Configure | 10 ---------- | 16 | Configure | 10 ---------- |
14 | 1 file changed, 10 deletions(-) | 17 | 1 file changed, 10 deletions(-) |
15 | 18 | ||
16 | diff --git a/Configure b/Configure | 19 | diff --git a/Configure b/Configure |
17 | index 821e680..0387a74 100755 | 20 | index fff97bd..5ee54c1 100755 |
18 | --- a/Configure | 21 | --- a/Configure |
19 | +++ b/Configure | 22 | +++ b/Configure |
20 | @@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) | 23 | @@ -1551,16 +1551,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) |
21 | push @{$config{shared_ldflag}}, "-mno-cygwin"; | 24 | push @{$config{shared_ldflag}}, "-mno-cygwin"; |
22 | } | 25 | } |
23 | 26 | ||
24 | -if ($target =~ /linux.*-mips/ && !$disabled{asm} | 27 | -if ($target =~ /linux.*-mips/ && !$disabled{asm} |
25 | - && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { | 28 | - && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { |
26 | - # minimally required architecture flags for assembly modules | 29 | - # minimally required architecture flags for assembly modules |
27 | - my $value; | 30 | - my $value; |
28 | - $value = '-mips2' if ($target =~ /mips32/); | 31 | - $value = '-mips2' if ($target =~ /mips32/); |
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch index 60890c666d..687d682976 100644 --- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch +++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch | |||
@@ -30,23 +30,26 @@ Update to fix buildpaths qa issue for '-ffile-prefix-map'. | |||
30 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | 30 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
31 | 31 | ||
32 | --- | 32 | --- |
33 | Configurations/unix-Makefile.tmpl | 12 +++++++++++- | 33 | Configurations/unix-Makefile.tmpl | 16 +++++++++++++++- |
34 | crypto/build.info | 2 +- | 34 | crypto/build.info | 2 +- |
35 | 2 files changed, 12 insertions(+), 2 deletions(-) | 35 | 2 files changed, 16 insertions(+), 2 deletions(-) |
36 | 36 | ||
37 | diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl | 37 | diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl |
38 | index f88a70f..528cdef 100644 | 38 | index 09303c4..011bda1 100644 |
39 | --- a/Configurations/unix-Makefile.tmpl | 39 | --- a/Configurations/unix-Makefile.tmpl |
40 | +++ b/Configurations/unix-Makefile.tmpl | 40 | +++ b/Configurations/unix-Makefile.tmpl |
41 | @@ -471,13 +471,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), | 41 | @@ -502,13 +502,27 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), |
42 | '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} | 42 | '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} |
43 | BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) | 43 | BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) |
44 | 44 | ||
45 | -# CPPFLAGS_Q is used for one thing only: to build up buildinf.h | 45 | -# CPPFLAGS_Q is used for one thing only: to build up buildinf.h |
46 | +# *_Q variables are used for one thing only: to build up buildinf.h | 46 | +# *_Q variables are used for one thing only: to build up buildinf.h |
47 | CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g; | 47 | CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g; |
48 | + $cppflags1 =~ s|-isystem/[^ ]+/usr/include||g; | ||
48 | $cppflags2 =~ s|([\\"])|\\$1|g; | 49 | $cppflags2 =~ s|([\\"])|\\$1|g; |
50 | + $cppflags2 =~ s|-isystem/[^ ]+/usr/include||g; | ||
49 | $lib_cppflags =~ s|([\\"])|\\$1|g; | 51 | $lib_cppflags =~ s|([\\"])|\\$1|g; |
52 | + $lib_cppflags =~ s|-isystem/[^ ]+/usr/include||g; | ||
50 | join(' ', $lib_cppflags || (), $cppflags2 || (), | 53 | join(' ', $lib_cppflags || (), $cppflags2 || (), |
51 | $cppflags1 || ()) -} | 54 | $cppflags1 || ()) -} |
52 | 55 | ||
@@ -54,6 +57,7 @@ index f88a70f..528cdef 100644 | |||
54 | + s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; | 57 | + s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g; |
55 | + s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; | 58 | + s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g; |
56 | + s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g; | 59 | + s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g; |
60 | + s|-isystem/[^ ]+/usr/include ||g; | ||
57 | + } | 61 | + } |
58 | + join(' ', @{$config{CFLAGS}}) -} | 62 | + join(' ', @{$config{CFLAGS}}) -} |
59 | + | 63 | + |
@@ -64,15 +68,15 @@ index f88a70f..528cdef 100644 | |||
64 | 68 | ||
65 | # For x86 assembler: Set PROCESSOR to 386 if you want to support | 69 | # For x86 assembler: Set PROCESSOR to 386 if you want to support |
66 | diff --git a/crypto/build.info b/crypto/build.info | 70 | diff --git a/crypto/build.info b/crypto/build.info |
67 | index efca6cc..eda433e 100644 | 71 | index aee5c46..95c9577 100644 |
68 | --- a/crypto/build.info | 72 | --- a/crypto/build.info |
69 | +++ b/crypto/build.info | 73 | +++ b/crypto/build.info |
70 | @@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF | 74 | @@ -115,7 +115,7 @@ DEFINE[../libcrypto]=$UPLINKDEF |
71 | 75 | ||
72 | DEPEND[info.o]=buildinf.h | 76 | DEPEND[info.o]=buildinf.h |
73 | DEPEND[cversion.o]=buildinf.h | 77 | DEPEND[cversion.o]=buildinf.h |
74 | -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" | 78 | -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" |
75 | +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" | 79 | +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)" |
76 | 80 | ||
77 | GENERATE[uplink-x86.s]=../ms/uplink-x86.pl | 81 | GENERATE[uplink-x86.S]=../ms/uplink-x86.pl |
78 | GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl | 82 | GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl |
diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch deleted file mode 100644 index b7c0e9697f..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/afalg.patch +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | Don't refuse to build afalgeng if cross-compiling or the host kernel is too old. | ||
2 | |||
3 | Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688] | ||
4 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
5 | |||
6 | diff --git a/Configure b/Configure | ||
7 | index 3baa8ce..9ef52ed 100755 | ||
8 | --- a/Configure | ||
9 | +++ b/Configure | ||
10 | @@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"}) | ||
11 | unless ($disabled{afalgeng}) { | ||
12 | $config{afalgeng}=""; | ||
13 | if (grep { $_ eq 'afalgeng' } @{$target{enable}}) { | ||
14 | - my $minver = 4*10000 + 1*100 + 0; | ||
15 | - if ($config{CROSS_COMPILE} eq "") { | ||
16 | - my $verstr = `uname -r`; | ||
17 | - my ($ma, $mi1, $mi2) = split("\\.", $verstr); | ||
18 | - ($mi2) = $mi2 =~ /(\d+)/; | ||
19 | - my $ver = $ma*10000 + $mi1*100 + $mi2; | ||
20 | - if ($ver < $minver) { | ||
21 | - disable('too-old-kernel', 'afalgeng'); | ||
22 | - } else { | ||
23 | - push @{$config{engdirs}}, "afalg"; | ||
24 | - } | ||
25 | - } else { | ||
26 | - disable('cross-compiling', 'afalgeng'); | ||
27 | - } | ||
28 | + push @{$config{engdirs}}, "afalg"; | ||
29 | } else { | ||
30 | disable('not-linux', 'afalgeng'); | ||
31 | } | ||
diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest index 8dff79101f..cd29bb1446 100644 --- a/meta/recipes-connectivity/openssl/openssl/run-ptest +++ b/meta/recipes-connectivity/openssl/openssl/run-ptest | |||
@@ -1,12 +1,19 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | 2 | ||
3 | set -e | 3 | set -eu |
4 | 4 | ||
5 | # Optional arguments are 'list' to lists all tests, or the test name (base name | 5 | # Optional arguments are 'list' to lists the tests, or the test name (base name |
6 | # ie test_evp, not 03_test_evp.t). | 6 | # ie test_evp, not 03_test_evp.t). Without any arguments we run all tests. |
7 | |||
8 | if test $# -gt 0; then | ||
9 | TESTS=$* | ||
10 | else | ||
11 | # Skip test_symbol_presence as this is for developers | ||
12 | TESTS="alltests -test_symbol_presence" | ||
13 | fi | ||
7 | 14 | ||
8 | export TOP=. | 15 | export TOP=. |
9 | # OPENSSL_ENGINES is relative from the test binaries | 16 | # Run four jobs in parallel |
10 | export OPENSSL_ENGINES=../engines | 17 | export HARNESS_JOBS=4 |
11 | 18 | ||
12 | perl ./test/run_tests.pl $* | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g' | 19 | { perl ./test/run_tests.pl $TESTS || echo "FAIL: openssl" ; } | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g' |
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.0.bb b/meta/recipes-connectivity/openssl/openssl_3.5.0.bb index 67343bedcc..0f5c28dafa 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.0.0.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.5.0.bb | |||
@@ -10,17 +10,17 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04" | |||
10 | SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ | 10 | SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ |
11 | file://run-ptest \ | 11 | file://run-ptest \ |
12 | file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ | 12 | file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ |
13 | file://afalg.patch \ | ||
14 | file://0001-Configure-do-not-tweak-mips-cflags.patch \ | 13 | file://0001-Configure-do-not-tweak-mips-cflags.patch \ |
14 | file://0001-Added-handshake-history-reporting-when-test-fails.patch \ | ||
15 | " | 15 | " |
16 | 16 | ||
17 | SRC_URI:append:class-nativesdk = " \ | 17 | SRC_URI:append:class-nativesdk = " \ |
18 | file://environment.d-openssl.sh \ | 18 | file://environment.d-openssl.sh \ |
19 | " | 19 | " |
20 | 20 | ||
21 | SRC_URI[sha256sum] = "59eedfcb46c25214c9bd37ed6078297b4df01d012267fe9e9eee31f61bc70536" | 21 | SRC_URI[sha256sum] = "344d0a79f1a9b08029b0744e2cc401a43f9c90acd1044d09a530b4885a8e9fc0" |
22 | 22 | ||
23 | inherit lib_package multilib_header multilib_script ptest perlnative | 23 | inherit lib_package multilib_header multilib_script ptest perlnative manpages |
24 | MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" | 24 | MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" |
25 | 25 | ||
26 | PACKAGECONFIG ?= "" | 26 | PACKAGECONFIG ?= "" |
@@ -30,10 +30,14 @@ PACKAGECONFIG:class-nativesdk = "" | |||
30 | PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" | 30 | PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" |
31 | PACKAGECONFIG[no-tls1] = "no-tls1" | 31 | PACKAGECONFIG[no-tls1] = "no-tls1" |
32 | PACKAGECONFIG[no-tls1_1] = "no-tls1_1" | 32 | PACKAGECONFIG[no-tls1_1] = "no-tls1_1" |
33 | PACKAGECONFIG[manpages] = "" | ||
34 | PACKAGECONFIG[fips] = "enable-fips" | ||
33 | 35 | ||
34 | B = "${WORKDIR}/build" | 36 | B = "${WORKDIR}/build" |
35 | do_configure[cleandirs] = "${B}" | 37 | do_configure[cleandirs] = "${B}" |
36 | 38 | ||
39 | EXTRA_OECONF = "${@bb.utils.contains('PTEST_ENABLED', '1', '', 'no-tests', d)}" | ||
40 | |||
37 | #| ./libcrypto.so: undefined reference to `getcontext' | 41 | #| ./libcrypto.so: undefined reference to `getcontext' |
38 | #| ./libcrypto.so: undefined reference to `setcontext' | 42 | #| ./libcrypto.so: undefined reference to `setcontext' |
39 | #| ./libcrypto.so: undefined reference to `makecontext' | 43 | #| ./libcrypto.so: undefined reference to `makecontext' |
@@ -42,18 +46,30 @@ EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm" | |||
42 | 46 | ||
43 | # adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions | 47 | # adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions |
44 | # (native versions can be built with newer glibc, but then relocated onto a system with older glibc) | 48 | # (native versions can be built with newer glibc, but then relocated onto a system with older glibc) |
45 | EXTRA_OECONF:class-native = "--with-rand-seed=os,devrandom" | 49 | EXTRA_OECONF:append:class-native = " --with-rand-seed=os,devrandom" |
46 | EXTRA_OECONF:class-nativesdk = "--with-rand-seed=os,devrandom" | 50 | EXTRA_OECONF:append:class-nativesdk = " --with-rand-seed=os,devrandom" |
47 | 51 | ||
48 | # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. | 52 | # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. |
49 | CFLAGS:append:class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" | 53 | EXTRA_OEMAKE:append:task-compile:class-native = ' OPENSSLDIR="/not/builtin" ENGINESDIR="/not/builtin" MODULESDIR="/not/builtin"' |
50 | CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" | 54 | EXTRA_OEMAKE:append:task-compile:class-nativesdk = ' OPENSSLDIR="/not/builtin" ENGINESDIR="/not/builtin" MODULESDIR="/not/builtin"' |
55 | |||
56 | #| threads_pthread.c:(.text+0x372): undefined reference to `__atomic_is_lock_free' | ||
57 | EXTRA_OECONF:append:toolchain-clang:x86 = " -latomic" | ||
51 | 58 | ||
52 | # This allows disabling deprecated or undesirable crypto algorithms. | 59 | # This allows disabling deprecated or undesirable crypto algorithms. |
53 | # The default is to trust upstream choices. | 60 | # The default is to trust upstream choices. |
54 | DEPRECATED_CRYPTO_FLAGS ?= "" | 61 | DEPRECATED_CRYPTO_FLAGS ?= "" |
55 | 62 | ||
56 | do_configure () { | 63 | do_configure () { |
64 | # When we upgrade glibc but not uninative we see obtuse failures in openssl. Make | ||
65 | # the issue really clear that perl isn't functional due to symbol mismatch issues. | ||
66 | cat <<- EOF > ${WORKDIR}/perltest | ||
67 | #!/usr/bin/env perl | ||
68 | use POSIX; | ||
69 | EOF | ||
70 | chmod a+x ${WORKDIR}/perltest | ||
71 | ${WORKDIR}/perltest | ||
72 | |||
57 | os=${HOST_OS} | 73 | os=${HOST_OS} |
58 | case $os in | 74 | case $os in |
59 | linux-gnueabi |\ | 75 | linux-gnueabi |\ |
@@ -68,6 +84,9 @@ do_configure () { | |||
68 | esac | 84 | esac |
69 | target="$os-${HOST_ARCH}" | 85 | target="$os-${HOST_ARCH}" |
70 | case $target in | 86 | case $target in |
87 | linux-arc | linux-microblaze*) | ||
88 | target=linux-latomic | ||
89 | ;; | ||
71 | linux-arm*) | 90 | linux-arm*) |
72 | target=linux-armv4 | 91 | target=linux-armv4 |
73 | ;; | 92 | ;; |
@@ -83,6 +102,9 @@ do_configure () { | |||
83 | linux-gnu64-x86_64) | 102 | linux-gnu64-x86_64) |
84 | target=linux-x86_64 | 103 | target=linux-x86_64 |
85 | ;; | 104 | ;; |
105 | linux-loongarch64) | ||
106 | target=linux64-loongarch64 | ||
107 | ;; | ||
86 | linux-mips | linux-mipsel) | 108 | linux-mips | linux-mipsel) |
87 | # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags | 109 | # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags |
88 | target="linux-mips32 ${TARGET_CC_ARCH}" | 110 | target="linux-mips32 ${TARGET_CC_ARCH}" |
@@ -93,7 +115,7 @@ do_configure () { | |||
93 | linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) | 115 | linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el) |
94 | target=linux64-mips64 | 116 | target=linux64-mips64 |
95 | ;; | 117 | ;; |
96 | linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) | 118 | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*) |
97 | target=linux-generic32 | 119 | target=linux-generic32 |
98 | ;; | 120 | ;; |
99 | linux-powerpc) | 121 | linux-powerpc) |
@@ -106,10 +128,10 @@ do_configure () { | |||
106 | target=linux-ppc64le | 128 | target=linux-ppc64le |
107 | ;; | 129 | ;; |
108 | linux-riscv32) | 130 | linux-riscv32) |
109 | target=linux-generic32 | 131 | target=linux32-riscv32 |
110 | ;; | 132 | ;; |
111 | linux-riscv64) | 133 | linux-riscv64) |
112 | target=linux-generic64 | 134 | target=linux64-riscv64 |
113 | ;; | 135 | ;; |
114 | linux-sparc | linux-supersparc) | 136 | linux-sparc | linux-supersparc) |
115 | target=linux-sparcv9 | 137 | target=linux-sparcv9 |
@@ -119,19 +141,26 @@ do_configure () { | |||
119 | ;; | 141 | ;; |
120 | esac | 142 | esac |
121 | 143 | ||
122 | useprefix=${prefix} | ||
123 | if [ "x$useprefix" = "x" ]; then | ||
124 | useprefix=/ | ||
125 | fi | ||
126 | # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the | 144 | # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the |
127 | # environment variables set by bitbake. Adjust the environment variables instead. | 145 | # environment variables set by bitbake. Adjust the environment variables instead. |
128 | HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ | 146 | PERLEXTERNAL="$(realpath ${S}/external/perl/Text-Template-*/lib)" |
129 | perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target | 147 | test -d "$PERLEXTERNAL" || bberror "PERLEXTERNAL '$PERLEXTERNAL' not found!" |
148 | HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="$PERLEXTERNAL" \ | ||
149 | perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=${prefix} --openssldir=${libdir}/ssl-3 --libdir=${baselib} $target | ||
130 | perl ${B}/configdata.pm --dump | 150 | perl ${B}/configdata.pm --dump |
131 | } | 151 | } |
132 | 152 | ||
153 | do_compile:append () { | ||
154 | # The test suite binaries are large and we don't need the debugging in them | ||
155 | if test -d ${B}/test; then | ||
156 | find ${B}/test -type f -executable -exec ${STRIP} {} \; | ||
157 | fi | ||
158 | } | ||
159 | |||
133 | do_install () { | 160 | do_install () { |
134 | oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install | 161 | oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install_sw install_ssldirs \ |
162 | ${@bb.utils.contains('PACKAGECONFIG', 'manpages', 'install_docs', '', d)} \ | ||
163 | ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'install_fips', '', d)} | ||
135 | 164 | ||
136 | oe_multilib_header openssl/opensslconf.h | 165 | oe_multilib_header openssl/opensslconf.h |
137 | oe_multilib_header openssl/configuration.h | 166 | oe_multilib_header openssl/configuration.h |
@@ -149,61 +178,72 @@ do_install () { | |||
149 | ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs | 178 | ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs |
150 | ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private | 179 | ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private |
151 | ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf | 180 | ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf |
181 | |||
182 | # Generate fipsmodule.cnf in pkg_postinst_ontarget | ||
183 | if ${@bb.utils.contains('PACKAGECONFIG', 'fips', 'true', 'false', d)}; then | ||
184 | rm -f ${D}${libdir}/ssl-3/fipsmodule.cnf | ||
185 | fi | ||
152 | } | 186 | } |
153 | 187 | ||
154 | do_install:append:class-native () { | 188 | do_install:append:class-native () { |
155 | create_wrapper ${D}${bindir}/openssl \ | 189 | create_wrapper ${D}${bindir}/openssl \ |
156 | OPENSSL_CONF=${libdir}/ssl-3/openssl.cnf \ | 190 | OPENSSL_CONF=\${OPENSSL_CONF:-${libdir}/ssl-3/openssl.cnf} \ |
157 | SSL_CERT_DIR=${libdir}/ssl-3/certs \ | 191 | SSL_CERT_DIR=\${SSL_CERT_DIR:-${libdir}/ssl-3/certs} \ |
158 | SSL_CERT_FILE=${libdir}/ssl-3/cert.pem \ | 192 | SSL_CERT_FILE=\${SSL_CERT_FILE:-${libdir}/ssl-3/cert.pem} \ |
159 | OPENSSL_ENGINES=${libdir}/engines-3 | 193 | OPENSSL_ENGINES=\${OPENSSL_ENGINES:-${libdir}/engines-3} \ |
194 | OPENSSL_MODULES=\${OPENSSL_MODULES:-${libdir}/ossl-modules} | ||
160 | } | 195 | } |
161 | 196 | ||
162 | do_install:append:class-nativesdk () { | 197 | do_install:append:class-nativesdk () { |
163 | mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d | 198 | mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d |
164 | install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh | 199 | install -m 644 ${UNPACKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh |
165 | sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh | ||
166 | } | 200 | } |
167 | 201 | ||
168 | PTEST_BUILD_HOST_FILES += "configdata.pm" | 202 | PTEST_BUILD_HOST_FILES += "configdata.pm" |
169 | PTEST_BUILD_HOST_PATTERN = "perl_version =" | 203 | PTEST_BUILD_HOST_PATTERN = "perl_version =" |
170 | do_install_ptest () { | 204 | do_install_ptest() { |
171 | install -d ${D}${PTEST_PATH}/test | 205 | install -m644 ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} |
172 | install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test | 206 | cp -rf ${S}/Configurations ${S}/external ${D}${PTEST_PATH}/ |
173 | install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test | ||
174 | |||
175 | # Prune the build tree | ||
176 | rm -f ${B}/fuzz/*.* ${B}/test/*.* | ||
177 | |||
178 | cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH} | ||
179 | sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm | ||
180 | cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH} | ||
181 | |||
182 | # For test_shlibload | ||
183 | ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/ | ||
184 | ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/ | ||
185 | 207 | ||
186 | install -d ${D}${PTEST_PATH}/apps | 208 | install -d ${D}${PTEST_PATH}/apps |
187 | ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps | 209 | ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps |
188 | install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps | ||
189 | install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps | ||
190 | |||
191 | install -d ${D}${PTEST_PATH}/engines | ||
192 | install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines | ||
193 | install -m755 ${B}/engines/loader_attic.so ${D}${PTEST_PATH}/engines | ||
194 | |||
195 | install -d ${D}${PTEST_PATH}/providers | ||
196 | install -m755 ${B}/providers/legacy.so ${D}${PTEST_PATH}/providers | ||
197 | |||
198 | install -d ${D}${PTEST_PATH}/Configurations | ||
199 | cp -rf ${S}/Configurations/* ${D}${PTEST_PATH}/Configurations/ | ||
200 | 210 | ||
201 | # seems to be needed with perl 5.32.1 | 211 | cd ${S} |
202 | install -d ${D}${PTEST_PATH}/util/perl/recipes | 212 | find test/certs test/ct test/d2i-tests test/recipes test/ocsp-tests test/ssl-tests test/smime-certs -type f -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; |
203 | cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/ | 213 | find apps test -name \*.cnf -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; |
214 | find apps test -name \*.der -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; | ||
215 | find apps test -name \*.pem -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; | ||
216 | find util -name \*.p[lm] -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; | ||
217 | |||
218 | cd ${B} | ||
219 | # Everything but .? (.o and .d) | ||
220 | find test -type f -name \*[^.]? -exec install -m755 -D {} ${D}${PTEST_PATH}/{} \; | ||
221 | find apps test -name \*.cnf -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; | ||
222 | find apps test -name \*.pem -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; | ||
223 | find apps test -name \*.srl -exec install -m644 -D {} ${D}${PTEST_PATH}/{} \; | ||
224 | install -m755 ${B}/util/*wrap.* ${D}${PTEST_PATH}/util/ | ||
225 | |||
226 | install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps/ | ||
227 | install -m755 ${S}/test/*.pl ${D}${PTEST_PATH}/test/ | ||
228 | install -m755 ${S}/test/shibboleth.pfx ${D}${PTEST_PATH}/test/ | ||
229 | install -m755 ${S}/test/*.bin ${D}${PTEST_PATH}/test/ | ||
230 | install -m755 ${S}/test/dane*.in ${D}${PTEST_PATH}/test/ | ||
231 | install -m755 ${S}/test/smcont*.txt ${D}${PTEST_PATH}/test/ | ||
232 | install -m755 ${S}/test/ssl_test.tmpl ${D}${PTEST_PATH}/test/ | ||
233 | |||
234 | sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm ${D}${PTEST_PATH}/util/wrap.pl | ||
204 | 235 | ||
205 | sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/util/wrap.pl | 236 | install -d ${D}${PTEST_PATH}/engines |
237 | install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines/ | ||
238 | install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines/ | ||
239 | ln -s ${libdir}/engines-3/loader_attic.so ${D}${PTEST_PATH}/engines/ | ||
240 | ln -s ${libdir}/ossl-modules/ ${D}${PTEST_PATH}/providers | ||
241 | } | ||
206 | 242 | ||
243 | pkg_postinst_ontarget:${PN}-ossl-module-fips () { | ||
244 | if test -f ${libdir}/ossl-modules/fips.so; then | ||
245 | ${bindir}/openssl fipsinstall -out ${libdir}/ssl-3/fipsmodule.cnf -module ${libdir}/ossl-modules/fips.so | ||
246 | fi | ||
207 | } | 247 | } |
208 | 248 | ||
209 | # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto | 249 | # Add the openssl.cnf file to the openssl-conf package. Make the libcrypto |
@@ -211,7 +251,7 @@ do_install_ptest () { | |||
211 | # file to be installed for both the openssl-bin package and the libcrypto | 251 | # file to be installed for both the openssl-bin package and the libcrypto |
212 | # package since the openssl-bin package depends on the libcrypto package. | 252 | # package since the openssl-bin package depends on the libcrypto package. |
213 | 253 | ||
214 | PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc" | 254 | PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc ${PN}-ossl-module-legacy ${PN}-ossl-module-fips" |
215 | 255 | ||
216 | FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}" | 256 | FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}" |
217 | FILES:libssl = "${libdir}/libssl${SOLIBS}" | 257 | FILES:libssl = "${libdir}/libssl${SOLIBS}" |
@@ -222,23 +262,22 @@ FILES:${PN}-engines = "${libdir}/engines-3" | |||
222 | # ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP) | 262 | # ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP) |
223 | FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3" | 263 | FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3" |
224 | FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash" | 264 | FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash" |
265 | FILES:${PN}-ossl-module-legacy = "${libdir}/ossl-modules/legacy.so" | ||
266 | FILES:${PN}-ossl-module-fips = "${libdir}/ossl-modules/fips.so" | ||
225 | FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/" | 267 | FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/" |
226 | FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" | 268 | FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" |
227 | 269 | ||
228 | CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf" | 270 | CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf" |
229 | 271 | ||
230 | RRECOMMENDS:libcrypto += "openssl-conf" | 272 | RRECOMMENDS:libcrypto += "openssl-conf ${PN}-ossl-module-legacy" |
231 | RDEPENDS:${PN}-misc = "perl" | 273 | RDEPENDS:${PN}-misc = "perl" |
232 | RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash" | 274 | RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed openssl-engines openssl-ossl-module-legacy" |
233 | 275 | ||
234 | RDEPENDS:${PN}-bin += "openssl-conf" | 276 | RDEPENDS:${PN}-bin += "openssl-conf" |
235 | 277 | ||
278 | # The test suite is installed stripped | ||
279 | INSANE_SKIP:${PN} = "already-stripped" | ||
280 | |||
236 | BBCLASSEXTEND = "native nativesdk" | 281 | BBCLASSEXTEND = "native nativesdk" |
237 | 282 | ||
238 | CVE_PRODUCT = "openssl:openssl" | 283 | CVE_PRODUCT = "openssl:openssl" |
239 | |||
240 | CVE_VERSION_SUFFIX = "alphabetical" | ||
241 | |||
242 | # Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37 | ||
243 | # Apache in meta-webserver is already recent enough | ||
244 | CVE_CHECK_WHITELIST += "CVE-2019-0190" | ||