summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/openssl')
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch108
-rw-r--r--meta/recipes-connectivity/openssl/openssl/armv8-32bit.patch29
-rw-r--r--meta/recipes-connectivity/openssl/openssl_3.0.0.bb2
3 files changed, 139 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch
new file mode 100644
index 0000000..b85a3ad
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch
@@ -0,0 +1,108 @@
1Fix EVP_PKEY_CTX_get_rsa_pss_saltlen, and also disable the tests in non-default
2context (required when backporting, not needed with 3.0.1).
3
4Upstream-Status: Backport
5Signed-off-by: Ross Burton <ross.burton@arm.com>
6
7From 6b5c02f6173e5fd46a3685e676fcb5eee9ac43ea Mon Sep 17 00:00:00 2001
8From: Tom Cosgrove <tom.cosgrove@arm.com>
9Date: Thu, 25 Nov 2021 15:49:26 +0000
10Subject: [PATCH] Fix EVP_PKEY_CTX_get_rsa_pss_saltlen() not returning a value
11
12When an integer value was specified, it was not being passed back via
13the orig_p2 weirdness.
14
15Regression test included.
16
17Reviewed-by: Tomas Mraz <tomas@openssl.org>
18Reviewed-by: Paul Dale <pauli@openssl.org>
19(Merged from https://github.com/openssl/openssl/pull/17136)
20---
21 crypto/evp/ctrl_params_translate.c | 12 +++++++-----
22 test/evp_extra_test.c | 30 ++++++++++++++++++++++++++++++
23 2 files changed, 37 insertions(+), 5 deletions(-)
24
25diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
26index 88945e13e6..6638209a8d 100644
27--- a/crypto/evp/ctrl_params_translate.c
28+++ b/crypto/evp/ctrl_params_translate.c
29@@ -1379,21 +1379,23 @@ static int fix_rsa_pss_saltlen(enum state state,
30 if ((ctx->action_type == SET && state == PRE_PARAMS_TO_CTRL)
31 || (ctx->action_type == GET && state == POST_CTRL_TO_PARAMS)) {
32 size_t i;
33+ int val;
34
35 for (i = 0; i < OSSL_NELEM(str_value_map); i++) {
36 if (strcmp(ctx->p2, str_value_map[i].ptr) == 0)
37 break;
38 }
39- if (i == OSSL_NELEM(str_value_map)) {
40- ctx->p1 = atoi(ctx->p2);
41- } else if (state == POST_CTRL_TO_PARAMS) {
42+
43+ val = i == OSSL_NELEM(str_value_map) ? atoi(ctx->p2)
44+ : (int)str_value_map[i].id;
45+ if (state == POST_CTRL_TO_PARAMS) {
46 /*
47 * EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN weirdness explained further
48 * up
49 */
50- *(int *)ctx->orig_p2 = str_value_map[i].id;
51+ *(int *)ctx->orig_p2 = val;
52 } else {
53- ctx->p1 = (int)str_value_map[i].id;
54+ ctx->p1 = val;
55 }
56 ctx->p2 = NULL;
57 }
58diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
59index 83f8902d24..9ad37a2bce 100644
60--- a/test/evp_extra_test.c
61+++ b/test/evp_extra_test.c
62@@ -3049,6 +3049,35 @@ static int test_EVP_rsa_pss_with_keygen_bits(void)
63 return ret;
64 }
65
66+static int test_EVP_rsa_pss_set_saltlen(void)
67+{
68+ int ret = 0;
69+ EVP_PKEY *pkey = NULL;
70+ EVP_PKEY_CTX *pkey_ctx = NULL;
71+ EVP_MD *sha256 = NULL;
72+ EVP_MD_CTX *sha256_ctx = NULL;
73+ int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
74+ const int test_value = 32;
75+
76+ if (nullprov != NULL)
77+ return TEST_skip("Test does not support a non-default library context");
78+
79+ ret = TEST_ptr(pkey = load_example_rsa_key())
80+ && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
81+ && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
82+ && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
83+ && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
84+ && TEST_true(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value))
85+ && TEST_true(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen))
86+ && TEST_int_eq(saltlen, test_value);
87+
88+ EVP_MD_CTX_free(sha256_ctx);
89+ EVP_PKEY_free(pkey);
90+ EVP_MD_free(sha256);
91+
92+ return ret;
93+}
94+
95 static int success = 1;
96 static void md_names(const char *name, void *vctx)
97 {
98@@ -3966,6 +3995,7 @@ int setup_tests(void)
99 ADD_ALL_TESTS(test_evp_iv_des, 6);
100 #endif
101 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
102+ ADD_TEST(test_EVP_rsa_pss_set_saltlen);
103 #ifndef OPENSSL_NO_EC
104 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
105 #endif
106--
1072.25.1
108
diff --git a/meta/recipes-connectivity/openssl/openssl/armv8-32bit.patch b/meta/recipes-connectivity/openssl/openssl/armv8-32bit.patch
new file mode 100644
index 0000000..1935651
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/armv8-32bit.patch
@@ -0,0 +1,29 @@
1Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/16951]
2Signed-off-by: Ross Burton <ross.burton@arm.com>
3
4From 5118e96a3dbedde2523e7726fa34af30923a9add Mon Sep 17 00:00:00 2001
5From: Tom Cosgrove <tom.cosgrove@arm.com>
6Date: Tue, 2 Nov 2021 15:26:21 +0000
7Subject: [PATCH] Fix builds on Armv8 systems without AArch64
8
9This fixes "undefined reference to `aes_gcm_dec_128_kernel' in function
10`armv8_aes_gcm_decrypt'" and similar
11
12Fixes #16949
13---
14 include/crypto/aes_platform.h | 2 +-
15 1 file changed, 1 insertion(+), 1 deletion(-)
16
17diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h
18index 015c3bd4ab91..e95ad5aa5de6 100644
19--- a/include/crypto/aes_platform.h
20+++ b/include/crypto/aes_platform.h
21@@ -100,7 +100,7 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
22 # define AES_PMULL_CAPABLE ((OPENSSL_armcap_P & ARMV8_PMULL) && (OPENSSL_armcap_P & ARMV8_AES))
23 # define AES_GCM_ENC_BYTES 512
24 # define AES_GCM_DEC_BYTES 512
25-# if __ARM_MAX_ARCH__>=8
26+# if __ARM_MAX_ARCH__>=8 && defined(__aarch64__)
27 # define AES_gcm_encrypt armv8_aes_gcm_encrypt
28 # define AES_gcm_decrypt armv8_aes_gcm_decrypt
29 # define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_v8_ctr32_encrypt_blocks && \
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.0.bb b/meta/recipes-connectivity/openssl/openssl_3.0.0.bb
index 67343be..4b1ae71 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.0.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.0.bb
@@ -12,6 +12,8 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
12 file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ 12 file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
13 file://afalg.patch \ 13 file://afalg.patch \
14 file://0001-Configure-do-not-tweak-mips-cflags.patch \ 14 file://0001-Configure-do-not-tweak-mips-cflags.patch \
15 file://armv8-32bit.patch \
16 file://0001-Fix-EVP_PKEY_CTX_get_rsa_pss_saltlen-no.patch \
15 " 17 "
16 18
17SRC_URI:append:class-nativesdk = " \ 19SRC_URI:append:class-nativesdk = " \