2 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/bti.patch b/meta/recipes-connectivity/openssl/openssl/bti.patch
new file mode 100644
index 0000000000..748576c30c
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/bti.patch
@@ -0,0 +1,58 @@
+From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001
+From: Tom Cosgrove <tom.cosgrove@arm.com>
+Date: Tue, 26 Mar 2024 13:18:00 +0000
+Subject: [PATCH] aarch64: fix BTI in bsaes assembly code
+In Arm systems where BTI is enabled but the Crypto extensions are not (more
+likely in FVPs than in real hardware), the bit-sliced assembler code will
+be used. However, this wasn't annotated with BTI instructions when BTI was
+enabled, so the moment libssl jumps into this code it (correctly) aborts.
+Solve this by adding the missing BTI landing pads.
+Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ crypto/aes/asm/bsaes-armv8.pl | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl
+index b3c97e439f..c3c5ff3e05 100644
+--- a/crypto/aes/asm/bsaes-armv8.pl
+++ b/crypto/aes/asm/bsaes-armv8.pl
+@@ -1018,6 +1018,7 @@ _bsaes_key_convert:
+ //   Initialisation vector overwritten with last quadword of ciphertext
+ //   No output registers, usual AAPCS64 register preservation
+ ossl_bsaes_cbc_encrypt:
+        AARCH64_VALID_CALL_TARGET
+         cmp     x2, #128
+         bhs     .Lcbc_do_bsaes
+         b       AES_cbc_encrypt
+@@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt:
+ //   Output text filled in
+ //   No output registers, usual AAPCS64 register preservation
+ ossl_bsaes_ctr32_encrypt_blocks:
+-
+        AARCH64_VALID_CALL_TARGET
+         cmp     x2, #8                      // use plain AES for
+         blo     .Lctr_enc_short             // small sizes
+ 
+@@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks:
+ //   Output ciphertext filled in
+ //   No output registers, usual AAPCS64 register preservation
+ ossl_bsaes_xts_encrypt:
+        AARCH64_VALID_CALL_TARGET
+         // Stack layout:
+         // sp ->
+         //        nrounds*128-96 bytes: key schedule
+@@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt:
+ //   Output plaintext filled in
+ //   No output registers, usual AAPCS64 register preservation
+ ossl_bsaes_xts_decrypt:
+        AARCH64_VALID_CALL_TARGET
+         // Stack layout:
+         // sp ->
+         //        nrounds*128-96 bytes: key schedule
+-- 
+2.34.1
diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.5.bb b/meta/recipes-connectivity/openssl/openssl_3.1.5.bb
index 05bfeac45e..174b5f6ad3 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.1.5.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.1.5.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
           file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
           file://0001-Configure-do-not-tweak-mips-cflags.patch \
           file://0001-Added-handshake-history-reporting-when-test-fails.patch \
+           file://bti.patch \
           "
 SRC_URI:append:class-nativesdk = " \

diff --git a/meta/recipes-connectivity/openssl/openssl/bti.patch b/meta/recipes-connectivity/openssl/openssl/bti.patch new file mode 100644 index 0000000000..748576c30c --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/bti.patch
@@ -0,0 +1,58 @@
		1	From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001
		2	From: Tom Cosgrove <tom.cosgrove@arm.com>
		3	Date: Tue, 26 Mar 2024 13:18:00 +0000
		4	Subject: [PATCH] aarch64: fix BTI in bsaes assembly code
		5
		6	In Arm systems where BTI is enabled but the Crypto extensions are not (more
		7	likely in FVPs than in real hardware), the bit-sliced assembler code will
		8	be used. However, this wasn't annotated with BTI instructions when BTI was
		9	enabled, so the moment libssl jumps into this code it (correctly) aborts.
		10
		11	Solve this by adding the missing BTI landing pads.
		12
		13	Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982]
		14	Signed-off-by: Ross Burton <ross.burton@arm.com>
		15	---
		16	crypto/aes/asm/bsaes-armv8.pl \| 5 ++++-
		17	1 file changed, 4 insertions(+), 1 deletion(-)
		18
		19	diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl
		20	index b3c97e439f..c3c5ff3e05 100644
		21	--- a/crypto/aes/asm/bsaes-armv8.pl
		22	+++ b/crypto/aes/asm/bsaes-armv8.pl
		23	@@ -1018,6 +1018,7 @@ _bsaes_key_convert:
		24	// Initialisation vector overwritten with last quadword of ciphertext
		25	// No output registers, usual AAPCS64 register preservation
		26	ossl_bsaes_cbc_encrypt:
		27	+ AARCH64_VALID_CALL_TARGET
		28	cmp x2, #128
		29	bhs .Lcbc_do_bsaes
		30	b AES_cbc_encrypt
		31	@@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt:
		32	// Output text filled in
		33	// No output registers, usual AAPCS64 register preservation
		34	ossl_bsaes_ctr32_encrypt_blocks:
		35	-
		36	+ AARCH64_VALID_CALL_TARGET
		37	cmp x2, #8 // use plain AES for
		38	blo .Lctr_enc_short // small sizes
		39
		40	@@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks:
		41	// Output ciphertext filled in
		42	// No output registers, usual AAPCS64 register preservation
		43	ossl_bsaes_xts_encrypt:
		44	+ AARCH64_VALID_CALL_TARGET
		45	// Stack layout:
		46	// sp ->
		47	// nrounds*128-96 bytes: key schedule
		48	@@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt:
		49	// Output plaintext filled in
		50	// No output registers, usual AAPCS64 register preservation
		51	ossl_bsaes_xts_decrypt:
		52	+ AARCH64_VALID_CALL_TARGET
		53	// Stack layout:
		54	// sp ->
		55	// nrounds*128-96 bytes: key schedule
		56	--
		57	2.34.1
		58


diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.5.bb b/meta/recipes-connectivity/openssl/openssl_3.1.5.bb index 05bfeac45e..174b5f6ad3 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.1.5.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.1.5.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
12	file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \	12	file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
13	file://0001-Configure-do-not-tweak-mips-cflags.patch \	13	file://0001-Configure-do-not-tweak-mips-cflags.patch \
14	file://0001-Added-handshake-history-reporting-when-test-fails.patch \	14	file://0001-Added-handshake-history-reporting-when-test-fails.patch \
		15	file://bti.patch \
15	"	16	"
16		17
17	SRC_URI:append:class-nativesdk = " \	18	SRC_URI:append:class-nativesdk = " \