From 346c76e9fa41b5f11f76193a6762da288fa48efe Mon Sep 17 00:00:00 2001 From: Koen Kooi Date: Tue, 12 Jan 2016 08:49:32 +0100 Subject: openssl: import 1.0.2e from OE-core We only need to add the ilp32 bits to the .inc but that requires overlaying the whole recipe Change-Id: Ie9ba5683cae556e41c260792c86204e82bad0ec8 Signed-off-by: Koen Kooi --- meta-ilp32/recipes-overlayed/openssl/openssl.inc | 26 +- .../openssl/openssl/Makefiles-ptest.patch | 36 +-- .../openssl/openssl/configure-musl-target.patch | 27 ++ .../openssl/openssl/configure-targets.patch | 39 +-- .../openssl/crypto_use_bigint_in_x86-64_perl.patch | 35 +++ .../openssl/openssl/debian/c_rehash-compat.patch | 62 ++-- .../openssl/openssl/debian/debian-targets.patch | 25 +- .../openssl/openssl/debian/make-targets.patch | 15 - .../openssl/openssl/debian/version-script.patch | 311 ++++++++++----------- .../debian1.0.2/block_digicert_malaysia.patch | 29 ++ .../openssl/debian1.0.2/block_diginotar.patch | 67 +++++ .../openssl/engines-install-in-libdir-ssl.patch | 42 +-- .../openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 21 +- .../openssl/openssl/initial-aarch64-bits.patch | 120 -------- .../openssl/openssl/openssl-1.0.2a-x32-asm.patch | 46 +++ ...-pointer-dereference-in-EVP_DigestInit_ex.patch | 22 +- ...NULL-pointer-dereference-in-dh_pub_encode.patch | 39 --- .../openssl/openssl/openssl-fix-link.patch | 35 --- .../openssl/openssl/openssl_fix_for_x32.patch | 85 ++---- .../openssl/openssl/ptest-deps.patch | 16 +- .../openssl/openssl/ptest_makefile_deps.patch | 248 ++++++++++++++++ .../recipes-overlayed/openssl/openssl_1.0.1k.bb | 57 ---- .../recipes-overlayed/openssl/openssl_1.0.2e.bb | 57 ++++ 23 files changed, 852 insertions(+), 608 deletions(-) create mode 100644 meta-ilp32/recipes-overlayed/openssl/openssl/configure-musl-target.patch create mode 100644 meta-ilp32/recipes-overlayed/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch delete mode 100644 meta-ilp32/recipes-overlayed/openssl/openssl/debian/make-targets.patch create mode 100644 meta-ilp32/recipes-overlayed/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch create mode 100644 meta-ilp32/recipes-overlayed/openssl/openssl/debian1.0.2/block_diginotar.patch delete mode 100644 meta-ilp32/recipes-overlayed/openssl/openssl/initial-aarch64-bits.patch create mode 100644 meta-ilp32/recipes-overlayed/openssl/openssl/openssl-1.0.2a-x32-asm.patch delete mode 100644 meta-ilp32/recipes-overlayed/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch delete mode 100644 meta-ilp32/recipes-overlayed/openssl/openssl/openssl-fix-link.patch create mode 100644 meta-ilp32/recipes-overlayed/openssl/openssl/ptest_makefile_deps.patch delete mode 100644 meta-ilp32/recipes-overlayed/openssl/openssl_1.0.1k.bb create mode 100644 meta-ilp32/recipes-overlayed/openssl/openssl_1.0.2e.bb diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl.inc b/meta-ilp32/recipes-overlayed/openssl/openssl.inc index 70af9690..05f05c89 100644 --- a/meta-ilp32/recipes-overlayed/openssl/openssl.inc +++ b/meta-ilp32/recipes-overlayed/openssl/openssl.inc @@ -8,7 +8,7 @@ SECTION = "libs/network" LICENSE = "openssl" LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" -DEPENDS = "perl-native-runtime" +DEPENDS = "hostperl-runtime-native" DEPENDS_append_class-target = " openssl-native" SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ @@ -18,10 +18,12 @@ S = "${WORKDIR}/openssl-${PV}" PACKAGECONFIG[perl] = ",,," AR_append = " r" +TERMIO_libc-musl = "-DTERMIOS" +TERMIO ?= "-DTERMIO" # Avoid binaries being marked as requiring an executable stack since it # doesn't(which causes and this causes issues with SELinux CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \ - -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack" + ${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack" # -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}" @@ -118,10 +120,10 @@ do_configure () { linux-mipsel) target=debian-mipsel ;; - linux-*-mips64) + linux-*-mips64 | linux-mips64) target=linux-mips ;; - linux-microblaze*) + linux-microblaze*|linux-nios2*) target=linux-generic32 ;; linux-powerpc) @@ -194,19 +196,25 @@ do_install () { } do_install_ptest () { - cp -r Makefile test ${D}${PTEST_PATH} + cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH} + cp Configure config e_os.h ${D}${PTEST_PATH} + cp -r -L include ${D}${PTEST_PATH} + ln -sf ${base_libdir}/libcrypto.a ${D}${PTEST_PATH} + ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH} + mkdir -p ${D}${PTEST_PATH}/crypto + cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto cp -r certs ${D}${PTEST_PATH} mkdir -p ${D}${PTEST_PATH}/apps - ln -sf /usr/lib/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps - ln -sf /usr/lib/ssl/openssl.cnf ${D}${PTEST_PATH}/apps - ln -sf /usr/bin/openssl ${D}${PTEST_PATH}/apps + ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps + ln -sf ${libdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps + ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps cp apps/server2.pem ${D}${PTEST_PATH}/apps mkdir -p ${D}${PTEST_PATH}/util install util/opensslwrap.sh ${D}${PTEST_PATH}/util install util/shlib_wrap.sh ${D}${PTEST_PATH}/util } -do_install_append_virtclass-native() { +do_install_append_class-native() { create_wrapper ${D}${bindir}/openssl \ OPENSSL_CONF=${libdir}/ssl/openssl.cnf \ SSL_CERT_DIR=${libdir}/ssl/certs \ diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/Makefiles-ptest.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/Makefiles-ptest.patch index ac53a914..249446a5 100644 --- a/meta-ilp32/recipes-overlayed/openssl/openssl/Makefiles-ptest.patch +++ b/meta-ilp32/recipes-overlayed/openssl/openssl/Makefiles-ptest.patch @@ -5,10 +5,11 @@ Signed-off-by: Anders Roxell Signed-off-by: Maxin B. John Upstream-Status: Pending --- -diff -uNr a/Makefile b/Makefile ---- a/Makefile.org 2012-05-10 17:06:02.000000000 +0200 -+++ b/Makefile.org 2012-10-27 00:05:55.359424024 +0200 -@@ -411,8 +411,16 @@ +Index: openssl-1.0.2/Makefile.org +=================================================================== +--- openssl-1.0.2.orig/Makefile.org ++++ openssl-1.0.2/Makefile.org +@@ -451,8 +451,16 @@ rehash.time: certs apps test: tests tests: rehash @@ -26,11 +27,11 @@ diff -uNr a/Makefile b/Makefile OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a report: -diff --git a/test/Makefile b/test/Makefile -index 3912f82..1696767 100644 ---- a/test/Makefile -+++ b/test/Makefile -@@ -128,7 +128,7 @@ tests: exe apps $(TESTS) +Index: openssl-1.0.2/test/Makefile +=================================================================== +--- openssl-1.0.2.orig/test/Makefile ++++ openssl-1.0.2/test/Makefile +@@ -137,7 +137,7 @@ tests: exe apps $(TESTS) apps: @(cd ..; $(MAKE) DIRS=apps all) @@ -39,28 +40,28 @@ index 3912f82..1696767 100644 test_des test_idea test_sha test_md4 test_md5 test_hmac \ test_md2 test_mdc2 test_wp \ test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \ -@@ -138,6 +138,11 @@ alltests: \ - test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \ - test_jpake test_cms +@@ -148,6 +148,11 @@ alltests: \ + test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \ + test_constant_time +alltests: + @(for i in $(all-tests); do \ + ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \ + done) + - test_evp: + test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt -@@ -203,7 +208,7 @@ test_x509: +@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5 echo test second x509v3 certificate sh ./tx509 v3-cert2.pem 2>/dev/null --test_rsa: $(RSATEST)$(EXE_EXT) -+test_rsa: +-test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem ++test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem @sh ./trsa 2>/dev/null ../util/shlib_wrap.sh ./$(RSATEST) -@@ -298,11 +303,11 @@ test_tsa: +@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test sh ./testtsa; \ fi @@ -73,3 +74,4 @@ index 3912f82..1696767 100644 +test_jpake: @echo "Test JPAKE" ../util/shlib_wrap.sh ./$(JPAKETEST) + diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/configure-musl-target.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/configure-musl-target.patch new file mode 100644 index 00000000..613dc7b7 --- /dev/null +++ b/meta-ilp32/recipes-overlayed/openssl/openssl/configure-musl-target.patch @@ -0,0 +1,27 @@ +Add musl triplet support + +Upstream-Status: Pending +Signed-off-by: Khem Raj + +Index: openssl-1.0.2a/Configure +=================================================================== +--- openssl-1.0.2a.orig/Configure ++++ openssl-1.0.2a/Configure +@@ -431,7 +431,7 @@ my %table=( + # + # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 + # +-"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + # Configure script adds minimally required -march for assembly support, + # if no -march was specified at command line. mips32 and mips64 below +@@ -504,6 +504,8 @@ my %table=( + "linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-musleabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-musleabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + + "linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).", + diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/configure-targets.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/configure-targets.patch index c1f3d087..691e74af 100644 --- a/meta-ilp32/recipes-overlayed/openssl/openssl/configure-targets.patch +++ b/meta-ilp32/recipes-overlayed/openssl/openssl/configure-targets.patch @@ -7,28 +7,31 @@ The number of colons are important :) Configure | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) ---- a/Configure -+++ b/Configure -@@ -403,6 +403,22 @@ my %table=( - "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +Index: openssl-1.0.2a/Configure +=================================================================== +--- openssl-1.0.2a.orig/Configure ++++ openssl-1.0.2a/Configure +@@ -443,6 +443,23 @@ my %table=( + "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", + "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -+ # Linux on ARM -+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++ ++# Linux on ARM ++"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + -+"linux-avr32","$ENV{'CC'}:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).", ++"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).", + +#### Linux on MIPS/MIPS64 -+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + - # Android: linux-* but without -DTERMIO and pointers to headers and libs. + # Android: linux-* but without pointers to headers and libs. "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch new file mode 100644 index 00000000..af3989f6 --- /dev/null +++ b/meta-ilp32/recipes-overlayed/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch @@ -0,0 +1,35 @@ +Upstream-Status: Backport + +When building on x32 systems where the default type is 32bit, make sure +we can transparently represent 64bit integers. Otherwise we end up with +build errors like: +/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s +Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890. +... +ghash-x86_64.s: Assembler messages: +ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression + +We don't enable this globally as there are some cases where we'd get +32bit values interpreted as unsigned when we need them as signed. + +Reported-by: Bertrand Jacquin +URL: https://bugs.gentoo.org/542618 + +Signed-off-By: Armin Kuster + +Index: openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl +=================================================================== +--- openssl-1.0.2a.orig/crypto/perlasm/x86_64-xlate.pl ++++ openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl +@@ -194,7 +194,10 @@ my %globals; + } + sub out { + my $self = shift; +- ++ # When building on x32 ABIs, the expanded hex value might be too ++ # big to fit into 32bits. Enable transparent 64bit support here ++ # so we can safely print it out. ++ use bigint; + if ($gas) { + # Solaris /usr/ccs/bin/as can't handle multiplications + # in $self->{value} diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/debian/c_rehash-compat.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/debian/c_rehash-compat.patch index ac1b19b9..68e54d56 100644 --- a/meta-ilp32/recipes-overlayed/openssl/openssl/debian/c_rehash-compat.patch +++ b/meta-ilp32/recipes-overlayed/openssl/openssl/debian/c_rehash-compat.patch @@ -1,45 +1,71 @@ -Upstream-Status: Backport [debian] - From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Wed, 21 Apr 2010 15:52:10 +0200 Subject: [PATCH] also create old hash for compatibility ---- - tools/c_rehash.in | 8 +++++++- - 1 files changed, 7 insertions(+), 1 deletions(-) +Upstream-Status: Backport [debian] -Index: openssl-1.0.0d/tools/c_rehash.in -=================================================================== ---- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 -+++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 -@@ -86,6 +86,7 @@ - } +diff --git a/tools/c_rehash.in b/tools/c_rehash.in +index b086ff9..b777d79 100644 +--- a/tools/c_rehash.in ++++ b/tools/c_rehash.in +@@ -8,8 +8,6 @@ my $prefix; + + my $openssl = $ENV{OPENSSL} || "openssl"; + my $pwd; +-my $x509hash = "-subject_hash"; +-my $crlhash = "-hash"; + my $verbose = 0; + my $symlink_exists=eval {symlink("",""); 1}; + my $removelinks = 1; +@@ -18,10 +16,7 @@ my $removelinks = 1; + while ( $ARGV[0] =~ /^-/ ) { + my $flag = shift @ARGV; + last if ( $flag eq '--'); +- if ( $flag eq '-old') { +- $x509hash = "-subject_hash_old"; +- $crlhash = "-hash_old"; +- } elsif ( $flag eq '-h') { ++ if ( $flag eq '-h') { + help(); + } elsif ( $flag eq '-n' ) { + $removelinks = 0; +@@ -113,7 +108,9 @@ sub hash_dir { + next; } link_hash_cert($fname) if($cert); + link_hash_cert_old($fname) if($cert); link_hash_crl($fname) if($crl); ++ link_hash_crl_old($fname) if($crl); } } -@@ -119,8 +120,9 @@ + +@@ -146,6 +143,7 @@ sub check_file { sub link_hash_cert { my $fname = $_[0]; -+ my $hashopt = $_[1] || '-subject_hash'; ++ my $x509hash = $_[1] || '-subject_hash'; $fname =~ s/'/'\\''/g; -- my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`; -+ my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`; + my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; chomp $hash; - chomp $fprint; - $fprint =~ s/^.*=//; -@@ -150,6 +152,10 @@ +@@ -176,11 +174,21 @@ sub link_hash_cert { $hashlist{$hash} = $fprint; } +sub link_hash_cert_old { + link_hash_cert($_[0], '-subject_hash_old'); +} ++ ++sub link_hash_crl_old { ++ link_hash_crl($_[0], '-hash_old'); ++} ++ + # Same as above except for a CRL. CRL links are of the form .r sub link_hash_crl { + my $fname = $_[0]; ++ my $crlhash = $_[1] || "-hash"; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; + chomp $hash; diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/debian/debian-targets.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/debian/debian-targets.patch index 8101edf0..39d43281 100644 --- a/meta-ilp32/recipes-overlayed/openssl/openssl/debian/debian-targets.patch +++ b/meta-ilp32/recipes-overlayed/openssl/openssl/debian/debian-targets.patch @@ -1,12 +1,12 @@ Upstream-Status: Backport [debian] -Index: openssl-1.0.1/Configure +Index: openssl-1.0.2/Configure =================================================================== ---- openssl-1.0.1.orig/Configure 2012-03-17 15:37:54.000000000 +0000 -+++ openssl-1.0.1/Configure 2012-03-17 16:13:49.000000000 +0000 -@@ -105,6 +105,10 @@ +--- openssl-1.0.2.orig/Configure ++++ openssl-1.0.2/Configure +@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic - my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; + my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum"; +# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; @@ -15,7 +15,7 @@ Index: openssl-1.0.1/Configure my $strict_warnings = 0; my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; -@@ -338,6 +342,48 @@ +@@ -343,6 +347,55 @@ my %table=( "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", @@ -23,9 +23,9 @@ Index: openssl-1.0.1/Configure +"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", +"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -40,15 +40,21 @@ Index: openssl-1.0.1/Configure +"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -60,6 +66,7 @@ Index: openssl-1.0.1/Configure +"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", + #### #### Variety of LINUX:-) diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/debian/make-targets.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/debian/make-targets.patch deleted file mode 100644 index ee0a62c3..00000000 --- a/meta-ilp32/recipes-overlayed/openssl/openssl/debian/make-targets.patch +++ /dev/null @@ -1,15 +0,0 @@ -Upstream-Status: Backport [debian] - -Index: openssl-1.0.1/Makefile.org -=================================================================== ---- openssl-1.0.1.orig/Makefile.org 2012-03-17 09:41:07.000000000 +0000 -+++ openssl-1.0.1/Makefile.org 2012-03-17 09:41:21.000000000 +0000 -@@ -135,7 +135,7 @@ - - BASEADDR= - --DIRS= crypto ssl engines apps test tools -+DIRS= crypto ssl engines apps tools - ENGDIRS= ccgost - SHLIBDIRS= crypto ssl - diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/debian/version-script.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/debian/version-script.patch index ece8b9b4..a2491800 100644 --- a/meta-ilp32/recipes-overlayed/openssl/openssl/debian/version-script.patch +++ b/meta-ilp32/recipes-overlayed/openssl/openssl/debian/version-script.patch @@ -1,10 +1,8 @@ -Upstream-Status: Backport [debian] - -Index: openssl-1.0.1d/Configure +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure =================================================================== ---- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100 -+++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100 -@@ -1621,6 +1621,8 @@ +--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100 ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100 +@@ -1651,6 +1651,8 @@ } } @@ -13,11 +11,11 @@ Index: openssl-1.0.1d/Configure open(IN,'$Makefile.new") || die "unable to create $Makefile.new:$!\n"; -Index: openssl-1.0.1d/openssl.ld +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100 -@@ -0,0 +1,4620 @@ ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100 +@@ -0,0 +1,4615 @@ +OPENSSL_1.0.0 { + global: + BIO_f_ssl; @@ -2229,20 +2227,16 @@ Index: openssl-1.0.1d/openssl.ld + ERR_load_COMP_strings; + PKCS12_item_decrypt_d2i; + ASN1_UTF8STRING_it; -+ ASN1_UTF8STRING_it; + ENGINE_unregister_ciphers; + ENGINE_get_ciphers; + d2i_OCSP_BASICRESP; + KRB5_CHECKSUM_it; -+ KRB5_CHECKSUM_it; + EC_POINT_add; + ASN1_item_ex_i2d; + OCSP_CERTID_it; -+ OCSP_CERTID_it; + d2i_OCSP_RESPBYTES; + X509V3_add1_i2d; + PKCS7_ENVELOPE_it; -+ PKCS7_ENVELOPE_it; + UI_add_input_boolean; + ENGINE_unregister_RSA; + X509V3_EXT_nconf; @@ -2254,19 +2248,15 @@ Index: openssl-1.0.1d/openssl.ld + ENGINE_register_all_RAND; + ENGINE_load_dynamic; + PBKDF2PARAM_it; -+ PBKDF2PARAM_it; + EXTENDED_KEY_USAGE_new; + EC_GROUP_clear_free; + OCSP_sendreq_bio; + ASN1_item_digest; + OCSP_BASICRESP_delete_ext; + OCSP_SIGNATURE_it; -+ OCSP_SIGNATURE_it; -+ X509_CRL_it; + X509_CRL_it; + OCSP_BASICRESP_add_ext; + KRB5_ENCKEY_it; -+ KRB5_ENCKEY_it; + UI_method_set_closer; + X509_STORE_set_purpose; + i2d_ASN1_GENERALSTRING; @@ -2277,7 +2267,6 @@ Index: openssl-1.0.1d/openssl.ld + OCSP_REQUEST_get_ext_by_OBJ; + _ossl_old_des_random_key; + ASN1_T61STRING_it; -+ ASN1_T61STRING_it; + EC_GROUP_method_of; + i2d_KRB5_APREQ; + _ossl_old_des_encrypt; @@ -2293,7 +2282,6 @@ Index: openssl-1.0.1d/openssl.ld + OCSP_SINGLERESP_get_ext_count; + UI_ctrl; + _shadow_DES_rw_mode; -+ _shadow_DES_rw_mode; + asn1_do_adb; + ASN1_template_i2d; + ENGINE_register_DH; @@ -2307,8 +2295,6 @@ Index: openssl-1.0.1d/openssl.ld + KRB5_ENCKEY_free; + OCSP_resp_get0; + GENERAL_NAME_it; -+ GENERAL_NAME_it; -+ ASN1_GENERALIZEDTIME_it; + ASN1_GENERALIZEDTIME_it; + X509_STORE_set_flags; + EC_POINT_set_compressed_coordinates_GFp; @@ -2330,21 +2316,18 @@ Index: openssl-1.0.1d/openssl.ld + EC_POINT_set_affine_coords_GFp; + _ossl_old_des_options; + SXNET_it; -+ SXNET_it; + UI_dup_input_boolean; + PKCS12_add_CSPName_asc; + EC_POINT_is_at_infinity; + ENGINE_load_cryptodev; + DSO_convert_filename; + POLICYQUALINFO_it; -+ POLICYQUALINFO_it; + ENGINE_register_ciphers; + BN_mod_lshift_quick; + DSO_set_filename; + ASN1_item_free; + KRB5_TKTBODY_free; + AUTHORITY_KEYID_it; -+ AUTHORITY_KEYID_it; + KRB5_APREQBODY_new; + X509V3_EXT_REQ_add_nconf; + ENGINE_ctrl_cmd_string; @@ -2352,19 +2335,15 @@ Index: openssl-1.0.1d/openssl.ld + EVP_MD_CTX_init; + EXTENDED_KEY_USAGE_free; + PKCS7_ATTR_SIGN_it; -+ PKCS7_ATTR_SIGN_it; + UI_add_error_string; + KRB5_CHECKSUM_free; + OCSP_REQUEST_get_ext; + ENGINE_load_ubsec; + ENGINE_register_all_digests; + PKEY_USAGE_PERIOD_it; -+ PKEY_USAGE_PERIOD_it; + PKCS12_unpack_authsafes; + ASN1_item_unpack; + NETSCAPE_SPKAC_it; -+ NETSCAPE_SPKAC_it; -+ X509_REVOKED_it; + X509_REVOKED_it; + ASN1_STRING_encode; + EVP_aes_128_ecb; @@ -2376,7 +2355,6 @@ Index: openssl-1.0.1d/openssl.ld + UI_dup_info_string; + _ossl_old_des_xwhite_in2out; + PKCS12_it; -+ PKCS12_it; + OCSP_SINGLERESP_get_ext_by_critical; + OCSP_SINGLERESP_get_ext_by_crit; + OCSP_CERTSTATUS_free; @@ -2395,10 +2373,8 @@ Index: openssl-1.0.1d/openssl.ld + ENGINE_unregister_DSA; + _ossl_old_des_key_sched; + X509_EXTENSION_it; -+ X509_EXTENSION_it; + i2d_KRB5_AUTHENT; + SXNETID_it; -+ SXNETID_it; + d2i_OCSP_SINGLERESP; + EDIPARTYNAME_new; + PKCS12_certbag2x509; @@ -2409,10 +2385,8 @@ Index: openssl-1.0.1d/openssl.ld + d2i_KRB5_APREQBODY; + UI_method_get_flusher; + X509_PUBKEY_it; -+ X509_PUBKEY_it; + _ossl_old_des_enc_read; + PKCS7_ENCRYPT_it; -+ PKCS7_ENCRYPT_it; + i2d_OCSP_RESPONSE; + EC_GROUP_get_cofactor; + PKCS12_unpack_p7data; @@ -2430,10 +2404,8 @@ Index: openssl-1.0.1d/openssl.ld + PKCS12_item_i2d_encrypt; + X509_add1_ext_i2d; + PKCS7_SIGNER_INFO_it; -+ PKCS7_SIGNER_INFO_it; + KRB5_PRINCNAME_new; + PKCS12_SAFEBAG_it; -+ PKCS12_SAFEBAG_it; + EC_GROUP_get_order; + d2i_OCSP_RESPID; + OCSP_request_verify; @@ -2448,42 +2420,32 @@ Index: openssl-1.0.1d/openssl.ld + EVP_MD_CTX_create; + OCSP_resp_find_status; + X509_ALGOR_it; -+ X509_ALGOR_it; -+ ASN1_TIME_it; + ASN1_TIME_it; + OCSP_request_set1_name; + OCSP_ONEREQ_get_ext_count; + UI_get0_result; + PKCS12_AUTHSAFES_it; -+ PKCS12_AUTHSAFES_it; + EVP_aes_256_ecb; + PKCS12_pack_authsafes; + ASN1_IA5STRING_it; -+ ASN1_IA5STRING_it; + UI_get_input_flags; + EC_GROUP_set_generator; + _ossl_old_des_string_to_2keys; + OCSP_CERTID_free; + X509_CERT_AUX_it; -+ X509_CERT_AUX_it; -+ CERTIFICATEPOLICIES_it; + CERTIFICATEPOLICIES_it; + _ossl_old_des_ede3_cbc_encrypt; + RAND_set_rand_engine; + DSO_get_loaded_filename; + X509_ATTRIBUTE_it; -+ X509_ATTRIBUTE_it; + OCSP_ONEREQ_get_ext_by_NID; + PKCS12_decrypt_skey; + KRB5_AUTHENT_it; -+ KRB5_AUTHENT_it; + UI_dup_error_string; + RSAPublicKey_it; -+ RSAPublicKey_it; + i2d_OCSP_REQUEST; + PKCS12_x509crl2certbag; + OCSP_SERVICELOC_it; -+ OCSP_SERVICELOC_it; + ASN1_item_sign; + X509_CRL_set_issuer_name; + OBJ_NAME_do_all_sorted; @@ -2494,30 +2456,23 @@ Index: openssl-1.0.1d/openssl.ld + ENGINE_get_digest; + OCSP_RESPONSE_print; + KRB5_TKTBODY_it; -+ KRB5_TKTBODY_it; + ACCESS_DESCRIPTION_it; -+ ACCESS_DESCRIPTION_it; -+ PKCS7_ISSUER_AND_SERIAL_it; + PKCS7_ISSUER_AND_SERIAL_it; + PBE2PARAM_it; -+ PBE2PARAM_it; + PKCS12_certbag2x509crl; + PKCS7_SIGNED_it; -+ PKCS7_SIGNED_it; + ENGINE_get_cipher; + i2d_OCSP_CRLID; + OCSP_SINGLERESP_new; + ENGINE_cmd_is_executable; + RSA_up_ref; + ASN1_GENERALSTRING_it; -+ ASN1_GENERALSTRING_it; + ENGINE_register_DSA; + X509V3_EXT_add_nconf_sk; + ENGINE_set_load_pubkey_function; + PKCS8_decrypt; + PEM_bytes_read_bio; + DIRECTORYSTRING_it; -+ DIRECTORYSTRING_it; + d2i_OCSP_CRLID; + EC_POINT_is_on_curve; + CRYPTO_set_locked_mem_ex_functions; @@ -2525,7 +2480,6 @@ Index: openssl-1.0.1d/openssl.ld + d2i_KRB5_CHECKSUM; + ASN1_item_dup; + X509_it; -+ X509_it; + BN_mod_add; + KRB5_AUTHDATA_free; + _ossl_old_des_cbc_cksum; @@ -2534,7 +2488,6 @@ Index: openssl-1.0.1d/openssl.ld + EC_POINT_get_Jprojective_coordinates_GFp; + EC_POINT_get_Jproj_coords_GFp; + ZLONG_it; -+ ZLONG_it; + CRYPTO_get_locked_mem_ex_functions; + CRYPTO_get_locked_mem_ex_funcs; + ASN1_TIME_check; @@ -2544,41 +2497,30 @@ Index: openssl-1.0.1d/openssl.ld + _ossl_old_des_ede3_cfb64_encrypt; + _ossl_odes_ede3_cfb64_encrypt; + ASN1_BMPSTRING_it; -+ ASN1_BMPSTRING_it; + ASN1_tag2bit; + UI_method_set_flusher; + X509_ocspid_print; + KRB5_ENCDATA_it; -+ KRB5_ENCDATA_it; + ENGINE_get_load_pubkey_function; + UI_add_user_data; + OCSP_REQUEST_delete_ext; + UI_get_method; + OCSP_ONEREQ_free; + ASN1_PRINTABLESTRING_it; -+ ASN1_PRINTABLESTRING_it; + X509_CRL_set_nextUpdate; + OCSP_REQUEST_it; -+ OCSP_REQUEST_it; -+ OCSP_BASICRESP_it; + OCSP_BASICRESP_it; + AES_ecb_encrypt; + BN_mod_sqr; + NETSCAPE_CERT_SEQUENCE_it; -+ NETSCAPE_CERT_SEQUENCE_it; -+ GENERAL_NAMES_it; + GENERAL_NAMES_it; + AUTHORITY_INFO_ACCESS_it; -+ AUTHORITY_INFO_ACCESS_it; -+ ASN1_FBOOLEAN_it; + ASN1_FBOOLEAN_it; + UI_set_ex_data; + _ossl_old_des_string_to_key; + ENGINE_register_all_RSA; + d2i_KRB5_PRINCNAME; + OCSP_RESPBYTES_it; -+ OCSP_RESPBYTES_it; -+ X509_CINF_it; + X509_CINF_it; + ENGINE_unregister_digests; + d2i_EDIPARTYNAME; @@ -2588,7 +2530,6 @@ Index: openssl-1.0.1d/openssl.ld + OCSP_RESPDATA_free; + d2i_KRB5_TICKET; + OTHERNAME_it; -+ OTHERNAME_it; + EVP_MD_CTX_cleanup; + d2i_ASN1_GENERALSTRING; + X509_CRL_set_version; @@ -2598,7 +2539,6 @@ Index: openssl-1.0.1d/openssl.ld + OCSP_REQUEST_free; + OCSP_REQUEST_add1_ext_i2d; + X509_VAL_it; -+ X509_VAL_it; + EC_POINTs_make_affine; + EC_POINT_mul; + X509V3_EXT_add_nconf; @@ -2606,7 +2546,6 @@ Index: openssl-1.0.1d/openssl.ld + X509_CRL_add1_ext_i2d; + _ossl_old_des_fcrypt; + DISPLAYTEXT_it; -+ DISPLAYTEXT_it; + X509_CRL_set_lastUpdate; + OCSP_BASICRESP_free; + OCSP_BASICRESP_add1_ext_i2d; @@ -2619,7 +2558,6 @@ Index: openssl-1.0.1d/openssl.ld + UI_get0_result_string; + ASN1_GENERALSTRING_new; + X509_SIG_it; -+ X509_SIG_it; + ERR_set_implementation; + ERR_load_EC_strings; + UI_get0_action_string; @@ -2634,35 +2572,27 @@ Index: openssl-1.0.1d/openssl.ld + OCSP_ONEREQ_get_ext_by_OBJ; + ASN1_primitive_new; + ASN1_PRINTABLE_it; -+ ASN1_PRINTABLE_it; + EVP_aes_192_ecb; + OCSP_SIGNATURE_new; + LONG_it; -+ LONG_it; -+ ASN1_VISIBLESTRING_it; + ASN1_VISIBLESTRING_it; + OCSP_SINGLERESP_add1_ext_i2d; + d2i_OCSP_CERTID; + ASN1_item_d2i_fp; + CRL_DIST_POINTS_it; -+ CRL_DIST_POINTS_it; + GENERAL_NAME_print; + OCSP_SINGLERESP_delete_ext; + PKCS12_SAFEBAGS_it; -+ PKCS12_SAFEBAGS_it; + d2i_OCSP_SIGNATURE; + OCSP_request_add1_nonce; + ENGINE_set_cmd_defns; + OCSP_SERVICELOC_free; + EC_GROUP_free; + ASN1_BIT_STRING_it; -+ ASN1_BIT_STRING_it; -+ X509_REQ_it; + X509_REQ_it; + _ossl_old_des_cbc_encrypt; + ERR_unload_strings; + PKCS7_SIGN_ENVELOPE_it; -+ PKCS7_SIGN_ENVELOPE_it; + EDIPARTYNAME_free; + OCSP_REQINFO_free; + EC_GROUP_new_curve_GFp; @@ -2687,7 +2617,6 @@ Index: openssl-1.0.1d/openssl.ld + OCSP_CRLID_free; + OCSP_BASICRESP_get1_ext_d2i; + RSAPrivateKey_it; -+ RSAPrivateKey_it; + ENGINE_register_all_DH; + i2d_EDIPARTYNAME; + EC_POINT_get_affine_coordinates_GFp; @@ -2695,10 +2624,8 @@ Index: openssl-1.0.1d/openssl.ld + OCSP_CRLID_new; + ENGINE_get_flags; + OCSP_ONEREQ_it; -+ OCSP_ONEREQ_it; + UI_process; + ASN1_INTEGER_it; -+ ASN1_INTEGER_it; + EVP_CipherInit_ex; + UI_get_string_type; + ENGINE_unregister_DH; @@ -2707,7 +2634,6 @@ Index: openssl-1.0.1d/openssl.ld + bn_dup_expand; + OCSP_cert_id_new; + BASIC_CONSTRAINTS_it; -+ BASIC_CONSTRAINTS_it; + BN_mod_add_quick; + EC_POINT_new; + EVP_MD_CTX_destroy; @@ -2717,7 +2643,6 @@ Index: openssl-1.0.1d/openssl.ld + EC_POINT_free; + DH_up_ref; + X509_NAME_ENTRY_it; -+ X509_NAME_ENTRY_it; + UI_get_ex_new_index; + BN_mod_sub_quick; + OCSP_ONEREQ_add_ext; @@ -2730,7 +2655,6 @@ Index: openssl-1.0.1d/openssl.ld + ENGINE_register_complete; + X509V3_EXT_nconf_nid; + ASN1_SEQUENCE_it; -+ ASN1_SEQUENCE_it; + UI_set_default_method; + RAND_query_egd_bytes; + UI_method_get_writer; @@ -2738,8 +2662,6 @@ Index: openssl-1.0.1d/openssl.ld + PEM_def_callback; + ENGINE_cleanup; + DIST_POINT_it; -+ DIST_POINT_it; -+ OCSP_SINGLERESP_it; + OCSP_SINGLERESP_it; + d2i_KRB5_TKTBODY; + EC_POINT_cmp; @@ -2758,24 +2680,20 @@ Index: openssl-1.0.1d/openssl.ld + OCSP_cert_to_id; + OCSP_RESPID_new; + OCSP_RESPDATA_it; -+ OCSP_RESPDATA_it; + d2i_OCSP_RESPDATA; + ENGINE_register_all_complete; + OCSP_check_validity; + PKCS12_BAGS_it; -+ PKCS12_BAGS_it; + OCSP_url_svcloc_new; + ASN1_template_free; + OCSP_SINGLERESP_add_ext; + KRB5_AUTHENTBODY_it; -+ KRB5_AUTHENTBODY_it; + X509_supported_extension; + i2d_KRB5_AUTHDATA; + UI_method_get_opener; + ENGINE_set_ex_data; + OCSP_REQUEST_print; + CBIGNUM_it; -+ CBIGNUM_it; + KRB5_TICKET_new; + KRB5_APREQ_new; + EC_GROUP_get_curve_GFp; @@ -2785,27 +2703,20 @@ Index: openssl-1.0.1d/openssl.ld + OCSP_single_get0_status; + BN_swap; + POLICYINFO_it; -+ POLICYINFO_it; + ENGINE_set_destroy_function; + asn1_enc_free; + OCSP_RESPID_it; -+ OCSP_RESPID_it; + EC_GROUP_new; + EVP_aes_256_cbc; + i2d_KRB5_PRINCNAME; + _ossl_old_des_encrypt2; + _ossl_old_des_encrypt3; + PKCS8_PRIV_KEY_INFO_it; -+ PKCS8_PRIV_KEY_INFO_it; -+ OCSP_REQINFO_it; + OCSP_REQINFO_it; + PBEPARAM_it; -+ PBEPARAM_it; + KRB5_AUTHENTBODY_new; + X509_CRL_add0_revoked; + EDIPARTYNAME_it; -+ EDIPARTYNAME_it; -+ NETSCAPE_SPKI_it; + NETSCAPE_SPKI_it; + UI_get0_test_string; + ENGINE_get_cipher_engine; @@ -2817,14 +2728,12 @@ Index: openssl-1.0.1d/openssl.ld + UI_method_get_reader; + OCSP_BASICRESP_get_ext_count; + ASN1_ENUMERATED_it; -+ ASN1_ENUMERATED_it; + UI_set_result; + i2d_KRB5_TICKET; + X509_print_ex_fp; + EVP_CIPHER_CTX_set_padding; + d2i_OCSP_RESPONSE; + ASN1_UTCTIME_it; -+ ASN1_UTCTIME_it; + _ossl_old_des_enc_write; + OCSP_RESPONSE_new; + AES_set_encrypt_key; @@ -2834,14 +2743,11 @@ Index: openssl-1.0.1d/openssl.ld + OCSP_onereq_get0_id; + ENGINE_set_default_ciphers; + NOTICEREF_it; -+ NOTICEREF_it; + X509V3_EXT_CRL_add_nconf; + OCSP_REVOKEDINFO_it; -+ OCSP_REVOKEDINFO_it; + AES_encrypt; + OCSP_REQUEST_new; + ASN1_ANY_it; -+ ASN1_ANY_it; + CRYPTO_ex_data_new_class; + _ossl_old_des_ncbc_encrypt; + i2d_KRB5_TKTBODY; @@ -2864,19 +2770,15 @@ Index: openssl-1.0.1d/openssl.ld + ENGINE_load_nuron; + _ossl_old_des_pcbc_encrypt; + PKCS12_MAC_DATA_it; -+ PKCS12_MAC_DATA_it; + OCSP_accept_responses_new; + asn1_do_lock; + PKCS7_ATTR_VERIFY_it; -+ PKCS7_ATTR_VERIFY_it; -+ KRB5_APREQBODY_it; + KRB5_APREQBODY_it; + i2d_OCSP_SINGLERESP; + ASN1_item_ex_new; + UI_add_verify_string; + _ossl_old_des_set_key; + KRB5_PRINCNAME_it; -+ KRB5_PRINCNAME_it; + EVP_DecryptInit_ex; + i2d_OCSP_CERTID; + ASN1_item_d2i_bio; @@ -2890,20 +2792,17 @@ Index: openssl-1.0.1d/openssl.ld + OCSP_BASICRESP_new; + OCSP_REQUEST_get_ext_by_NID; + KRB5_APREQ_it; -+ KRB5_APREQ_it; + ENGINE_get_destroy_function; + CONF_set_nconf; + ASN1_PRINTABLE_free; + OCSP_BASICRESP_get_ext_by_NID; + DIST_POINT_NAME_it; -+ DIST_POINT_NAME_it; + X509V3_extensions_print; + _ossl_old_des_cfb64_encrypt; + X509_REVOKED_add1_ext_i2d; + _ossl_old_des_ofb_encrypt; + KRB5_TKTBODY_new; + ASN1_OCTET_STRING_it; -+ ASN1_OCTET_STRING_it; + ERR_load_UI_strings; + i2d_KRB5_ENCKEY; + ASN1_template_new; @@ -2911,8 +2810,6 @@ Index: openssl-1.0.1d/openssl.ld + ASN1_item_i2d_fp; + KRB5_PRINCNAME_free; + PKCS7_RECIP_INFO_it; -+ PKCS7_RECIP_INFO_it; -+ EXTENDED_KEY_USAGE_it; + EXTENDED_KEY_USAGE_it; + EC_GFp_simple_method; + EC_GROUP_precompute_mult; @@ -2920,42 +2817,33 @@ Index: openssl-1.0.1d/openssl.ld + UI_method_set_writer; + KRB5_AUTHENT_new; + X509_CRL_INFO_it; -+ X509_CRL_INFO_it; + DSO_set_name_converter; + AES_set_decrypt_key; + PKCS7_DIGEST_it; -+ PKCS7_DIGEST_it; + PKCS12_x5092certbag; + EVP_DigestInit_ex; + i2a_ACCESS_DESCRIPTION; + OCSP_RESPONSE_it; -+ OCSP_RESPONSE_it; -+ PKCS7_ENC_CONTENT_it; + PKCS7_ENC_CONTENT_it; + OCSP_request_add0_id; + EC_POINT_make_affine; + DSO_get_filename; + OCSP_CERTSTATUS_it; -+ OCSP_CERTSTATUS_it; + OCSP_request_add1_cert; + UI_get0_output_string; + UI_dup_verify_string; + BN_mod_lshift; + KRB5_AUTHDATA_it; -+ KRB5_AUTHDATA_it; + asn1_set_choice_selector; + OCSP_basic_add1_status; + OCSP_RESPID_free; + asn1_get_field_ptr; + UI_add_input_string; + OCSP_CRLID_it; -+ OCSP_CRLID_it; + i2d_KRB5_AUTHENTBODY; + OCSP_REQUEST_get_ext_count; + ENGINE_load_atalla; + X509_NAME_it; -+ X509_NAME_it; -+ USERNOTICE_it; + USERNOTICE_it; + OCSP_REQINFO_new; + OCSP_BASICRESP_get_ext; @@ -2965,33 +2853,27 @@ Index: openssl-1.0.1d/openssl.ld + i2d_KRB5_ENCDATA; + X509_PURPOSE_set; + X509_REQ_INFO_it; -+ X509_REQ_INFO_it; + UI_method_set_opener; + ASN1_item_ex_free; + ASN1_BOOLEAN_it; -+ ASN1_BOOLEAN_it; + ENGINE_get_table_flags; + UI_create_method; + OCSP_ONEREQ_add1_ext_i2d; + _shadow_DES_check_key; -+ _shadow_DES_check_key; + d2i_OCSP_REQINFO; + UI_add_info_string; + UI_get_result_minsize; + ASN1_NULL_it; -+ ASN1_NULL_it; + BN_mod_lshift1; + d2i_OCSP_ONEREQ; + OCSP_ONEREQ_new; + KRB5_TICKET_it; -+ KRB5_TICKET_it; + EVP_aes_192_cbc; + KRB5_TICKET_free; + UI_new; + OCSP_response_create; + _ossl_old_des_xcbc_encrypt; + PKCS7_it; -+ PKCS7_it; + OCSP_REQUEST_get_ext_by_critical; + OCSP_REQUEST_get_ext_by_crit; + ENGINE_set_flags; @@ -3000,11 +2882,9 @@ Index: openssl-1.0.1d/openssl.ld + EVP_Digest; + OCSP_ONEREQ_delete_ext; + ASN1_TBOOLEAN_it; -+ ASN1_TBOOLEAN_it; + ASN1_item_new; + ASN1_TIME_to_generalizedtime; + BIGNUM_it; -+ BIGNUM_it; + AES_cbc_encrypt; + ENGINE_get_load_privkey_function; + ENGINE_get_load_privkey_fn; @@ -3016,7 +2896,6 @@ Index: openssl-1.0.1d/openssl.ld + EC_POINT_point2oct; + KRB5_APREQ_free; + ASN1_OBJECT_it; -+ ASN1_OBJECT_it; + OCSP_crlID_new; + OCSP_crlID2_new; + CONF_modules_load_file; @@ -3074,7 +2953,6 @@ Index: openssl-1.0.1d/openssl.ld + i2d_ASN1_UNIVERSALSTRING; + ASN1_UNIVERSALSTRING_free; + ASN1_UNIVERSALSTRING_it; -+ ASN1_UNIVERSALSTRING_it; + d2i_ASN1_UNIVERSALSTRING; + EVP_des_ede3_ecb; + X509_REQ_print_ex; @@ -3130,14 +3008,12 @@ Index: openssl-1.0.1d/openssl.ld + HMAC_CTX_set_flags; + d2i_PROXY_CERT_INFO_EXTENSION; + PROXY_POLICY_it; -+ PROXY_POLICY_it; + i2d_PROXY_POLICY; + i2d_PROXY_CERT_INFO_EXTENSION; + d2i_PROXY_POLICY; + PROXY_CERT_INFO_EXTENSION_new; + PROXY_CERT_INFO_EXTENSION_free; + PROXY_CERT_INFO_EXTENSION_it; -+ PROXY_CERT_INFO_EXTENSION_it; + PROXY_POLICY_free; + PROXY_POLICY_new; + BN_MONT_CTX_set_locked; @@ -3174,7 +3050,6 @@ Index: openssl-1.0.1d/openssl.ld + BN_BLINDING_get_thread_id; + X509_STORE_CTX_set0_param; + POLICY_MAPPING_it; -+ POLICY_MAPPING_it; + STORE_parse_attrs_start; + POLICY_CONSTRAINTS_free; + EVP_PKEY_add1_attr_by_NID; @@ -3183,7 +3058,6 @@ Index: openssl-1.0.1d/openssl.ld + STORE_set_method; + GENERAL_SUBTREE_free; + NAME_CONSTRAINTS_it; -+ NAME_CONSTRAINTS_it; + ECDH_get_default_method; + PKCS12_add_safe; + EC_KEY_new_by_curve_name; @@ -3226,7 +3100,6 @@ Index: openssl-1.0.1d/openssl.ld + ENGINE_get_default_ECDH; + EC_KEY_get_conv_form; + ASN1_OCTET_STRING_NDEF_it; -+ ASN1_OCTET_STRING_NDEF_it; + STORE_delete_public_key; + STORE_get_public_key; + STORE_modify_arbitrary; @@ -3383,7 +3256,6 @@ Index: openssl-1.0.1d/openssl.ld + ENGINE_load_padlock; + EC_GROUP_set_curve_name; + X509_CERT_PAIR_it; -+ X509_CERT_PAIR_it; + STORE_meth_get_revoke_fn; + STORE_method_get_revoke_function; + STORE_method_set_get_function; @@ -3510,7 +3382,6 @@ Index: openssl-1.0.1d/openssl.ld + pqueue_pop; + STORE_ATTR_INFO_get0_cstr; + POLICY_CONSTRAINTS_it; -+ POLICY_CONSTRAINTS_it; + STORE_get_ex_new_index; + EVP_PKEY_get_attr_by_OBJ; + X509_VERIFY_PARAM_add0_policy; @@ -3558,8 +3429,6 @@ Index: openssl-1.0.1d/openssl.ld + STORE_modify_crl; + STORE_list_private_key_start; + POLICY_MAPPINGS_it; -+ POLICY_MAPPINGS_it; -+ GENERAL_SUBTREE_it; + GENERAL_SUBTREE_it; + EC_GROUP_get_curve_name; + PEM_write_X509_CERT_PAIR; @@ -3692,15 +3561,12 @@ Index: openssl-1.0.1d/openssl.ld + BIO_set_callback_arg; + v3_addr_add_prefix; + IPAddressOrRange_it; -+ IPAddressOrRange_it; + BIO_set_flags; + ASIdentifiers_it; -+ ASIdentifiers_it; + v3_addr_get_range; + BIO_method_type; + v3_addr_inherits; + IPAddressChoice_it; -+ IPAddressChoice_it; + AES_ige_encrypt; + v3_addr_add_range; + EVP_CIPHER_CTX_nid; @@ -3721,7 +3587,6 @@ Index: openssl-1.0.1d/openssl.ld + BIO_clear_flags; + i2d_ASRange; + IPAddressRange_it; -+ IPAddressRange_it; + IPAddressChoice_new; + ASIdentifierChoice_new; + ASRange_free; @@ -3742,7 +3607,6 @@ Index: openssl-1.0.1d/openssl.ld + BIO_test_flags; + i2d_ASIdentifierChoice; + ASRange_it; -+ ASRange_it; + d2i_ASIdentifiers; + ASRange_new; + d2i_IPAddressChoice; @@ -3751,7 +3615,6 @@ Index: openssl-1.0.1d/openssl.ld + EVP_Cipher; + i2d_IPAddressOrRange; + ASIdOrRange_it; -+ ASIdOrRange_it; + EVP_CIPHER_nid; + i2d_IPAddressChoice; + EVP_CIPHER_CTX_block_size; @@ -3762,7 +3625,6 @@ Index: openssl-1.0.1d/openssl.ld + v3_addr_is_canonical; + i2d_IPAddressRange; + IPAddressFamily_it; -+ IPAddressFamily_it; + v3_asid_inherits; + EVP_CIPHER_CTX_cipher; + EVP_CIPHER_CTX_get_app_data; @@ -3772,7 +3634,6 @@ Index: openssl-1.0.1d/openssl.ld + d2i_IPAddressOrRange; + v3_addr_canonize; + ASIdentifierChoice_it; -+ ASIdentifierChoice_it; + EVP_MD_CTX_md; + d2i_ASIdentifierChoice; + BIO_method_name; @@ -3795,7 +3656,6 @@ Index: openssl-1.0.1d/openssl.ld + SEED_set_key; + EVP_seed_cfb128; + X509_EXTENSIONS_it; -+ X509_EXTENSIONS_it; + X509_get1_ocsp; + OCSP_REQ_CTX_free; + i2d_X509_EXTENSIONS; @@ -3803,7 +3663,6 @@ Index: openssl-1.0.1d/openssl.ld + OCSP_sendreq_new; + d2i_X509_EXTENSIONS; + X509_ALGORS_it; -+ X509_ALGORS_it; + X509_ALGOR_get0; + X509_ALGOR_set0; + AES_unwrap_key; @@ -3848,7 +3707,6 @@ Index: openssl-1.0.1d/openssl.ld + CMS_SignerInfo_verify; + CMS_data; + CMS_ContentInfo_it; -+ CMS_ContentInfo_it; + d2i_CMS_ReceiptRequest; + CMS_compress; + CMS_digest_create; @@ -3893,7 +3751,6 @@ Index: openssl-1.0.1d/openssl.ld + CMS_RecipientInfo_kekri_get0_id; + CMS_verify_receipt; + CMS_ReceiptRequest_it; -+ CMS_ReceiptRequest_it; + PEM_read_bio_CMS; + CMS_get1_crls; + CMS_add0_recipient_key; @@ -4032,7 +3889,6 @@ Index: openssl-1.0.1d/openssl.ld + TS_REQ_dup; + GENERAL_NAME_dup; + ASN1_SEQUENCE_ANY_it; -+ ASN1_SEQUENCE_ANY_it; + WHIRLPOOL; + X509_STORE_get1_crls; + ENGINE_get_pkey_asn1_meth; @@ -4103,7 +3959,6 @@ Index: openssl-1.0.1d/openssl.ld + DIST_POINT_set_dpname; + i2d_ISSUING_DIST_POINT; + ASN1_SET_ANY_it; -+ ASN1_SET_ANY_it; + EVP_PKEY_CTX_get_data; + TS_STATUS_INFO_print_bio; + EVP_PKEY_derive_init; @@ -4263,7 +4118,6 @@ Index: openssl-1.0.1d/openssl.ld + EVP_DigestSignFinal; + TS_RESP_CTX_set_def_policy; + NETSCAPE_X509_it; -+ NETSCAPE_X509_it; + TS_RESP_create_response; + PKCS7_SIGNER_INFO_get0_algs; + TS_TST_INFO_get_nonce; @@ -4322,7 +4176,6 @@ Index: openssl-1.0.1d/openssl.ld + EVP_CIPHER_do_all_sorted; + EVP_PKEY_CTX_free; + ISSUING_DIST_POINT_it; -+ ISSUING_DIST_POINT_it; + d2i_TS_MSG_IMPRINT_fp; + X509_STORE_get1_certs; + EVP_PKEY_CTX_get_operation; @@ -4615,7 +4468,6 @@ Index: openssl-1.0.1d/openssl.ld + X509_signature_dump; + d2i_RSA_PSS_PARAMS; + RSA_PSS_PARAMS_it; -+ RSA_PSS_PARAMS_it; + RSA_PSS_PARAMS_free; + X509_sign_ctx; + i2d_RSA_PSS_PARAMS; @@ -4638,10 +4490,151 @@ Index: openssl-1.0.1d/openssl.ld + CRYPTO_memcmp; +} OPENSSL_1.0.1; + -Index: openssl-1.0.1d/engines/openssl.ld ++OPENSSL_1.0.2 { ++ global: ++ SSL_CTX_set_alpn_protos; ++ SSL_set_alpn_protos; ++ SSL_CTX_set_alpn_select_cb; ++ SSL_get0_alpn_selected; ++ SSL_CTX_set_custom_cli_ext; ++ SSL_CTX_set_custom_srv_ext; ++ SSL_CTX_set_srv_supp_data; ++ SSL_CTX_set_cli_supp_data; ++ SSL_set_cert_cb; ++ SSL_CTX_use_serverinfo; ++ SSL_CTX_use_serverinfo_file; ++ SSL_CTX_set_cert_cb; ++ SSL_CTX_get0_param; ++ SSL_get0_param; ++ SSL_certs_clear; ++ DTLSv1_2_method; ++ DTLSv1_2_server_method; ++ DTLSv1_2_client_method; ++ DTLS_method; ++ DTLS_server_method; ++ DTLS_client_method; ++ SSL_CTX_get_ssl_method; ++ SSL_CTX_get0_certificate; ++ SSL_CTX_get0_privatekey; ++ SSL_COMP_set0_compression_methods; ++ SSL_COMP_free_compression_methods; ++ SSL_CIPHER_find; ++ SSL_is_server; ++ SSL_CONF_CTX_new; ++ SSL_CONF_CTX_finish; ++ SSL_CONF_CTX_free; ++ SSL_CONF_CTX_set_flags; ++ SSL_CONF_CTX_clear_flags; ++ SSL_CONF_CTX_set1_prefix; ++ SSL_CONF_CTX_set_ssl; ++ SSL_CONF_CTX_set_ssl_ctx; ++ SSL_CONF_cmd; ++ SSL_CONF_cmd_argv; ++ SSL_CONF_cmd_value_type; ++ SSL_trace; ++ SSL_CIPHER_standard_name; ++ SSL_get_tlsa_record_byname; ++ ASN1_TIME_diff; ++ BIO_hex_string; ++ CMS_RecipientInfo_get0_pkey_ctx; ++ CMS_RecipientInfo_encrypt; ++ CMS_SignerInfo_get0_pkey_ctx; ++ CMS_SignerInfo_get0_md_ctx; ++ CMS_SignerInfo_get0_signature; ++ CMS_RecipientInfo_kari_get0_alg; ++ CMS_RecipientInfo_kari_get0_reks; ++ CMS_RecipientInfo_kari_get0_orig_id; ++ CMS_RecipientInfo_kari_orig_id_cmp; ++ CMS_RecipientEncryptedKey_get0_id; ++ CMS_RecipientEncryptedKey_cert_cmp; ++ CMS_RecipientInfo_kari_set0_pkey; ++ CMS_RecipientInfo_kari_get0_ctx; ++ CMS_RecipientInfo_kari_decrypt; ++ CMS_SharedInfo_encode; ++ DH_compute_key_padded; ++ d2i_DHxparams; ++ i2d_DHxparams; ++ DH_get_1024_160; ++ DH_get_2048_224; ++ DH_get_2048_256; ++ DH_KDF_X9_42; ++ ECDH_KDF_X9_62; ++ ECDSA_METHOD_new; ++ ECDSA_METHOD_free; ++ ECDSA_METHOD_set_app_data; ++ ECDSA_METHOD_get_app_data; ++ ECDSA_METHOD_set_sign; ++ ECDSA_METHOD_set_sign_setup; ++ ECDSA_METHOD_set_verify; ++ ECDSA_METHOD_set_flags; ++ ECDSA_METHOD_set_name; ++ EVP_des_ede3_wrap; ++ EVP_aes_128_wrap; ++ EVP_aes_192_wrap; ++ EVP_aes_256_wrap; ++ EVP_aes_128_cbc_hmac_sha256; ++ EVP_aes_256_cbc_hmac_sha256; ++ CRYPTO_128_wrap; ++ CRYPTO_128_unwrap; ++ OCSP_REQ_CTX_nbio; ++ OCSP_REQ_CTX_new; ++ OCSP_set_max_response_length; ++ OCSP_REQ_CTX_i2d; ++ OCSP_REQ_CTX_nbio_d2i; ++ OCSP_REQ_CTX_get0_mem_bio; ++ OCSP_REQ_CTX_http; ++ RSA_padding_add_PKCS1_OAEP_mgf1; ++ RSA_padding_check_PKCS1_OAEP_mgf1; ++ RSA_OAEP_PARAMS_free; ++ RSA_OAEP_PARAMS_it; ++ RSA_OAEP_PARAMS_new; ++ SSL_get_sigalgs; ++ SSL_get_shared_sigalgs; ++ SSL_check_chain; ++ X509_chain_up_ref; ++ X509_http_nbio; ++ X509_CRL_http_nbio; ++ X509_REVOKED_dup; ++ i2d_re_X509_tbs; ++ X509_get0_signature; ++ X509_get_signature_nid; ++ X509_CRL_diff; ++ X509_chain_check_suiteb; ++ X509_CRL_check_suiteb; ++ X509_check_host; ++ X509_check_email; ++ X509_check_ip; ++ X509_check_ip_asc; ++ X509_STORE_set_lookup_crls_cb; ++ X509_STORE_CTX_get0_store; ++ X509_VERIFY_PARAM_set1_host; ++ X509_VERIFY_PARAM_add1_host; ++ X509_VERIFY_PARAM_set_hostflags; ++ X509_VERIFY_PARAM_get0_peername; ++ X509_VERIFY_PARAM_set1_email; ++ X509_VERIFY_PARAM_set1_ip; ++ X509_VERIFY_PARAM_set1_ip_asc; ++ X509_VERIFY_PARAM_get0_name; ++ X509_VERIFY_PARAM_get_count; ++ X509_VERIFY_PARAM_get0; ++ X509V3_EXT_free; ++ EC_GROUP_get_mont_data; ++ EC_curve_nid2nist; ++ EC_curve_nist2nid; ++ PEM_write_bio_DHxparams; ++ PEM_write_DHxparams; ++ SSL_CTX_add_client_custom_ext; ++ SSL_CTX_add_server_custom_ext; ++ SSL_extension_supported; ++ BUF_strnlen; ++ sk_deep_copy; ++ SSL_test_functions; ++} OPENSSL_1.0.1d; ++ +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100 ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100 @@ -0,0 +1,10 @@ +OPENSSL_1.0.0 { + global: @@ -4653,10 +4646,10 @@ Index: openssl-1.0.1d/engines/openssl.ld + *; +}; + -Index: openssl-1.0.1d/engines/ccgost/openssl.ld +Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100 ++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100 @@ -0,0 +1,10 @@ +OPENSSL_1.0.0 { + global: diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch new file mode 100644 index 00000000..c43bcd1c --- /dev/null +++ b/meta-ilp32/recipes-overlayed/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch @@ -0,0 +1,29 @@ +From: Raphael Geissert +Description: make X509_verify_cert indicate that any certificate whose + name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked. +Forwarded: not-needed +Origin: vendor +Last-Update: 2011-11-05 + +Upstream-Status: Backport [debian] + + +Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c +=================================================================== +--- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.488028844 +0100 ++++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929 +0100 +@@ -964,10 +964,11 @@ + for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) + { + x = sk_X509_value(ctx->chain, i); +- /* Mark DigiNotar certificates as revoked, no matter +- * where in the chain they are. ++ /* Mark certificates containing the following names as ++ * revoked, no matter where in the chain they are. + */ +- if (x->name && strstr(x->name, "DigiNotar")) ++ if (x->name && (strstr(x->name, "DigiNotar") || ++ strstr(x->name, "Digicert Sdn. Bhd."))) + { + ctx->error = X509_V_ERR_CERT_REVOKED; + ctx->error_depth = i; diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/debian1.0.2/block_diginotar.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/debian1.0.2/block_diginotar.patch new file mode 100644 index 00000000..0c1a0b65 --- /dev/null +++ b/meta-ilp32/recipes-overlayed/openssl/openssl/debian1.0.2/block_diginotar.patch @@ -0,0 +1,67 @@ +From: Raphael Geissert +Description: make X509_verify_cert indicate that any certificate whose + name contains "DigiNotar" is revoked. +Forwarded: not-needed +Origin: vendor +Last-Update: 2011-09-08 +Bug: http://bugs.debian.org/639744 +Reviewed-by: Kurt Roeckx +Reviewed-by: Dr Stephen N Henson + +This is not meant as final patch. + +Upstream-Status: Backport [debian] + + +Index: openssl-1.0.2/crypto/x509/x509_vfy.c +=================================================================== +--- openssl-1.0.2.orig/crypto/x509/x509_vfy.c ++++ openssl-1.0.2/crypto/x509/x509_vfy.c +@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c + static int check_revocation(X509_STORE_CTX *ctx); + static int check_cert(X509_STORE_CTX *ctx); + static int check_policy(X509_STORE_CTX *ctx); ++static int check_ca_blacklist(X509_STORE_CTX *ctx); + + static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, + unsigned int *preasons, X509_CRL *crl, X509 *x); +@@ -438,6 +439,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx + if (!ok) + goto end; + ++ ok = check_ca_blacklist(ctx); ++ if(!ok) goto end; ++ + #ifndef OPENSSL_NO_RFC3779 + /* RFC 3779 path validation, now that CRL check has been done */ + ok = v3_asid_validate_path(ctx); +@@ -938,6 +942,29 @@ static int check_crl_time(X509_STORE_CTX + return 1; + } + ++static int check_ca_blacklist(X509_STORE_CTX *ctx) ++ { ++ X509 *x; ++ int i; ++ /* Check all certificates against the blacklist */ ++ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) ++ { ++ x = sk_X509_value(ctx->chain, i); ++ /* Mark DigiNotar certificates as revoked, no matter ++ * where in the chain they are. ++ */ ++ if (x->name && strstr(x->name, "DigiNotar")) ++ { ++ ctx->error = X509_V_ERR_CERT_REVOKED; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ if (!ctx->verify_cb(0,ctx)) ++ return 0; ++ } ++ } ++ return 1; ++ } ++ + static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, + X509 **pissuer, int *pscore, unsigned int *preasons, + STACK_OF(X509_CRL) *crls) diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/engines-install-in-libdir-ssl.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/engines-install-in-libdir-ssl.patch index d8a6f1a2..a5746483 100644 --- a/meta-ilp32/recipes-overlayed/openssl/openssl/engines-install-in-libdir-ssl.patch +++ b/meta-ilp32/recipes-overlayed/openssl/openssl/engines-install-in-libdir-ssl.patch @@ -1,11 +1,11 @@ Upstream-Status: Inappropriate [configuration] -Index: openssl-1.0.0/engines/Makefile +Index: openssl-1.0.2/engines/Makefile =================================================================== ---- openssl-1.0.0.orig/engines/Makefile -+++ openssl-1.0.0/engines/Makefile -@@ -107,7 +107,7 @@ +--- openssl-1.0.2.orig/engines/Makefile ++++ openssl-1.0.2/engines/Makefile +@@ -107,13 +107,13 @@ install: @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... @if [ -n "$(SHARED_LIBS)" ]; then \ set -e; \ @@ -14,16 +14,19 @@ Index: openssl-1.0.0/engines/Makefile for l in $(LIBNAMES); do \ ( echo installing $$l; \ pfx=lib; \ -@@ -119,13 +119,13 @@ + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ + sfx=".so"; \ +- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ + else \ + case "$(CFLAGS)" in \ + *DSO_BEOS*) sfx=".so";; \ +@@ -122,10 +122,10 @@ install: *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ *) sfx=".bad";; \ esac; \ - cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ + cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ - else \ - sfx=".so"; \ -- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \ fi; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ @@ -32,20 +35,25 @@ Index: openssl-1.0.0/engines/Makefile done; \ fi @target=install; $(RECURSIVE_MAKE) -Index: openssl-1.0.0/engines/ccgost/Makefile +Index: openssl-1.0.2/engines/ccgost/Makefile =================================================================== ---- openssl-1.0.0.orig/engines/ccgost/Makefile -+++ openssl-1.0.0/engines/ccgost/Makefile -@@ -53,13 +53,13 @@ +--- openssl-1.0.2.orig/engines/ccgost/Makefile ++++ openssl-1.0.2/engines/ccgost/Makefile +@@ -47,7 +47,7 @@ install: + pfx=lib; \ + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ + sfx=".so"; \ +- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + else \ + case "$(CFLAGS)" in \ + *DSO_BEOS*) sfx=".so";; \ +@@ -56,10 +56,10 @@ install: *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ *) sfx=".bad";; \ esac; \ - cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - else \ - sfx=".so"; \ -- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \ fi; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/fix-cipher-des-ede3-cfb1.patch index f0e17784..06d1ea69 100644 --- a/meta-ilp32/recipes-overlayed/openssl/openssl/fix-cipher-des-ede3-cfb1.patch +++ b/meta-ilp32/recipes-overlayed/openssl/openssl/fix-cipher-des-ede3-cfb1.patch @@ -6,17 +6,16 @@ http://rt.openssl.org/Ticket/Display.html?id=2867 Signed-Off-By: Muhammad Shakeel -diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c -index 3232cfe..df84922 100644 +Index: openssl-1.0.2/crypto/evp/e_des3.c =================================================================== ---- a/crypto/evp/e_des3.c -+++ b/crypto/evp/e_des3.c -@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +--- openssl-1.0.2.orig/crypto/evp/e_des3.c ++++ openssl-1.0.2/crypto/evp/e_des3.c +@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH size_t n; - unsigned char c[1],d[1]; + unsigned char c[1], d[1]; -- for(n=0 ; n < inl ; ++n) -+ for(n=0 ; n < inl*8 ; ++n) - { - c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; - DES_ede3_cfb_encrypt(c,d,1,1, +- for (n = 0; n < inl; ++n) { ++ for (n = 0; n * 8 < inl; ++n) { + c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; + DES_ede3_cfb_encrypt(c, d, 1, 1, + &data(ctx)->ks1, &data(ctx)->ks2, diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/initial-aarch64-bits.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/initial-aarch64-bits.patch deleted file mode 100644 index 770097db..00000000 --- a/meta-ilp32/recipes-overlayed/openssl/openssl/initial-aarch64-bits.patch +++ /dev/null @@ -1,120 +0,0 @@ -From: Andy Polyakov -Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200) -Subject: Initial aarch64 bits. -X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956 - -Initial aarch64 bits. -Upstream-Status: backport (will be included in 1.0.2) ---- - crypto/bn/bn_lcl.h | 9 +++++++++ - crypto/md32_common.h | 18 ++++++++++++++++++ - crypto/modes/modes_lcl.h | 8 ++++++++ - crypto/sha/sha512.c | 13 +++++++++++++ - 4 files changed, 48 insertions(+) - -Index: openssl-1.0.1f/crypto/bn/bn_lcl.h -=================================================================== ---- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/crypto/bn/bn_lcl.h 2014-02-28 10:37:55.495979037 +0200 -@@ -300,6 +300,15 @@ - : "r"(a), "r"(b)); - # endif - # endif -+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG) -+# if defined(__GNUC__) && __GNUC__>=2 -+# define BN_UMULT_HIGH(a,b) ({ \ -+ register BN_ULONG ret; \ -+ asm ("umulh %0,%1,%2" \ -+ : "=r"(ret) \ -+ : "r"(a), "r"(b)); \ -+ ret; }) -+# endif - # endif /* cpu */ - #endif /* OPENSSL_NO_ASM */ - -Index: openssl-1.0.1f/crypto/md32_common.h -=================================================================== ---- openssl-1.0.1f.orig/crypto/md32_common.h 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200 -@@ -213,6 +213,24 @@ - asm ("bswapl %0":"=r"(r):"0"(r)); \ - *((unsigned int *)(c))=r; (c)+=4; r; }) - # endif -+# elif defined(__aarch64__) -+# if defined(__BYTE_ORDER__) -+# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ -+# define HOST_c2l(c,l) ({ unsigned int r; \ -+ asm ("rev %w0,%w1" \ -+ :"=r"(r) \ -+ :"r"(*((const unsigned int *)(c))));\ -+ (c)+=4; (l)=r; }) -+# define HOST_l2c(l,c) ({ unsigned int r; \ -+ asm ("rev %w0,%w1" \ -+ :"=r"(r) \ -+ :"r"((unsigned int)(l)));\ -+ *((unsigned int *)(c))=r; (c)+=4; r; }) -+# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ -+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) -+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) -+# endif -+# endif - # endif - # endif - #endif -Index: openssl-1.0.1f/crypto/modes/modes_lcl.h -=================================================================== ---- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h 2014-02-28 10:47:48.731979011 +0200 -+++ openssl-1.0.1f/crypto/modes/modes_lcl.h 2014-02-28 10:48:49.707978919 +0200 -@@ -29,6 +29,7 @@ - #if defined(__i386) || defined(__i386__) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ -+ defined(__aarch64__) || \ - defined(__s390__) || defined(__s390x__) - # undef STRICT_ALIGNMENT - #endif -@@ -50,6 +51,13 @@ - # define BSWAP4(x) ({ u32 ret=(x); \ - asm ("bswapl %0" \ - : "+r"(ret)); ret; }) -+# elif defined(__aarch64__) -+# define BSWAP8(x) ({ u64 ret; \ -+ asm ("rev %0,%1" \ -+ : "=r"(ret) : "r"(x)); ret; }) -+# define BSWAP4(x) ({ u32 ret; \ -+ asm ("rev %w0,%w1" \ -+ : "=r"(ret) : "r"(x)); ret; }) - # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) - # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \ - asm ("rev %0,%0; rev %1,%1" \ -Index: openssl-1.0.1f/crypto/sha/sha512.c -=================================================================== ---- openssl-1.0.1f.orig/crypto/sha/sha512.c 2014-01-06 15:47:42.000000000 +0200 -+++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200 -@@ -55,6 +55,7 @@ - #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ - defined(__s390__) || defined(__s390x__) || \ -+ defined(__aarch64__) || \ - defined(SHA512_ASM) - #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA - #endif -@@ -347,6 +348,18 @@ - asm ("rotrdi %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a),"K"(n)); ret; }) -+# elif defined(__aarch64__) -+# define ROTR(a,n) ({ SHA_LONG64 ret; \ -+ asm ("ror %0,%1,%2" \ -+ : "=r"(ret) \ -+ : "r"(a),"I"(n)); ret; }) -+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ -+ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ -+# define PULL64(x) ({ SHA_LONG64 ret; \ -+ asm ("rev %0,%1" \ -+ : "=r"(ret) \ -+ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; }) -+# endif - # endif - # elif defined(_MSC_VER) - # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/openssl-1.0.2a-x32-asm.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/openssl-1.0.2a-x32-asm.patch new file mode 100644 index 00000000..1e5bfa17 --- /dev/null +++ b/meta-ilp32/recipes-overlayed/openssl/openssl/openssl-1.0.2a-x32-asm.patch @@ -0,0 +1,46 @@ +https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest + +From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Sat, 21 Mar 2015 06:01:25 -0400 +Subject: [PATCH] crypto: use bigint in x86-64 perl + +Upstream-Status: Pending +Signed-off-by: Cristian Iorga + +When building on x32 systems where the default type is 32bit, make sure +we can transparently represent 64bit integers. Otherwise we end up with +build errors like: +/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s +Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890. +... +ghash-x86_64.s: Assembler messages: +ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression + +We don't enable this globally as there are some cases where we'd get +32bit values interpreted as unsigned when we need them as signed. + +Reported-by: Bertrand Jacquin +URL: https://bugs.gentoo.org/542618 +--- + crypto/perlasm/x86_64-xlate.pl | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl +index aae8288..0bf9774 100755 +--- a/crypto/perlasm/x86_64-xlate.pl ++++ b/crypto/perlasm/x86_64-xlate.pl +@@ -195,6 +195,10 @@ my %globals; + sub out { + my $self = shift; + ++ # When building on x32 ABIs, the expanded hex value might be too ++ # big to fit into 32bits. Enable transparent 64bit support here ++ # so we can safely print it out. ++ use bigint; + if ($gas) { + # Solaris /usr/ccs/bin/as can't handle multiplications + # in $self->{value} +-- +2.3.3 + diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch index c161e62f..cebc8cf0 100644 --- a/meta-ilp32/recipes-overlayed/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch +++ b/meta-ilp32/recipes-overlayed/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch @@ -8,14 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html Signed-off-by: Xufeng Zhang --- ---- a/crypto/evp/digest.c -+++ b/crypto/evp/digest.c -@@ -199,7 +199,7 @@ - return 0; - } +Index: openssl-1.0.2/crypto/evp/digest.c +=================================================================== +--- openssl-1.0.2.orig/crypto/evp/digest.c ++++ openssl-1.0.2/crypto/evp/digest.c +@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c + return 0; + } #endif -- if (ctx->digest != type) -+ if (type && (ctx->digest != type)) - { - if (ctx->digest && ctx->digest->ctx_size) - OPENSSL_free(ctx->md_data); +- if (ctx->digest != type) { ++ if (type && (ctx->digest != type)) { + if (ctx->digest && ctx->digest->ctx_size) + OPENSSL_free(ctx->md_data); + ctx->digest = type; diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch deleted file mode 100644 index 3e93fe4e..00000000 --- a/meta-ilp32/recipes-overlayed/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch +++ /dev/null @@ -1,39 +0,0 @@ -openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode() - -We should avoid accessing the pointer if ASN1_STRING_new() -allocates memory failed. - -Upstream-Status: Submitted -http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html - -Signed-off-by: Xufeng Zhang ---- ---- a/crypto/dh/dh_ameth.c -+++ b/crypto/dh/dh_ameth.c -@@ -139,6 +139,12 @@ - dh=pkey->pkey.dh; - - str = ASN1_STRING_new(); -+ if (!str) -+ { -+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } -+ - str->length = i2d_DHparams(dh, &str->data); - if (str->length <= 0) - { ---- a/crypto/dsa/dsa_ameth.c -+++ b/crypto/dsa/dsa_ameth.c -@@ -148,6 +148,11 @@ - { - ASN1_STRING *str; - str = ASN1_STRING_new(); -+ if (!str) -+ { -+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); -+ goto err; -+ } - str->length = i2d_DSAparams(dsa, &str->data); - if (str->length <= 0) - { diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/openssl-fix-link.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/openssl-fix-link.patch deleted file mode 100644 index 154106cb..00000000 --- a/meta-ilp32/recipes-overlayed/openssl/openssl/openssl-fix-link.patch +++ /dev/null @@ -1,35 +0,0 @@ -From aabfb6f78af8e337d3239142117ba303fce55e7e Mon Sep 17 00:00:00 2001 -From: Dmitry Eremin-Solenikov -Date: Thu, 22 Sep 2011 08:55:26 +0200 -Subject: [PATCH] fix the parallel build regarding shared libraries. - -Upstream-Status: Pending ---- - .../openssl-1.0.0e/Makefile.org | 8 ++++---- - 1 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/Makefile.org -index 3c7aea1..6326cd6 100644 ---- a/Makefile.org -+++ b/Makefile.org -@@ -243,13 +243,13 @@ build_libs: build_crypto build_ssl build_engines - - build_crypto: - @dir=crypto; target=all; $(BUILD_ONE_CMD) --build_ssl: -+build_ssl: build_crypto - @dir=ssl; target=all; $(BUILD_ONE_CMD) --build_engines: -+build_engines: build_crypto - @dir=engines; target=all; $(BUILD_ONE_CMD) --build_apps: -+build_apps: build_crypto build_ssl - @dir=apps; target=all; $(BUILD_ONE_CMD) --build_tests: -+build_tests: build_crypto build_ssl - @dir=test; target=all; $(BUILD_ONE_CMD) - build_tools: - @dir=tools; target=all; $(BUILD_ONE_CMD) --- -1.6.6.1 - diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/openssl_fix_for_x32.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/openssl_fix_for_x32.patch index 93ce0343..cbce32c8 100644 --- a/meta-ilp32/recipes-overlayed/openssl/openssl/openssl_fix_for_x32.patch +++ b/meta-ilp32/recipes-overlayed/openssl/openssl/openssl_fix_for_x32.patch @@ -6,64 +6,13 @@ Signed-Off-By: Nitin A Kamble 2011/07/13 ported the patch to the 1.0.0e version Signed-Off-By: Nitin A Kamble 2011/12/01 -Index: openssl-1.0.1e/Configure +Index: openssl-1.0.2/crypto/bn/bn.h =================================================================== ---- openssl-1.0.1e.orig/Configure -+++ openssl-1.0.1e/Configure -@@ -402,6 +402,7 @@ my %table=( - "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", - "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - #### So called "highgprs" target for z/Architecture CPUs - # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see -Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c -=================================================================== ---- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c -+++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c -@@ -55,7 +55,7 @@ - * machine. - */ - --#ifdef _WIN64 -+#if defined _WIN64 || !defined __LP64__ - #define BN_ULONG unsigned long long - #else - #define BN_ULONG unsigned long -@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con - asm ( - " subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " adcq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " adcq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n" -@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con - asm ( - " subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " sbbq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " sbbq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n" -Index: openssl-1.0.1e/crypto/bn/bn.h -=================================================================== ---- openssl-1.0.1e.orig/crypto/bn/bn.h -+++ openssl-1.0.1e/crypto/bn/bn.h -@@ -172,6 +172,13 @@ extern "C" { +--- openssl-1.0.2.orig/crypto/bn/bn.h ++++ openssl-1.0.2/crypto/bn/bn.h +@@ -173,6 +173,13 @@ extern "C" { + # endif # endif - #endif +/* Address type. */ +#ifdef _WIN64 @@ -72,19 +21,19 @@ Index: openssl-1.0.1e/crypto/bn/bn.h +#define BN_ADDR unsigned long +#endif + - /* assuming long is 64bit - this is the DEC Alpha - * unsigned long long is only 64 bits :-(, don't define - * BN_LLONG for the DEC Alpha */ -Index: openssl-1.0.1e/crypto/bn/bn_exp.c + /* + * assuming long is 64bit - this is the DEC Alpha unsigned long long is only + * 64 bits :-(, don't define BN_LLONG for the DEC Alpha +Index: openssl-1.0.2/crypto/bn/bn_exp.c =================================================================== ---- openssl-1.0.1e.orig/crypto/bn/bn_exp.c -+++ openssl-1.0.1e/crypto/bn/bn_exp.c -@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU - - /* Given a pointer value, compute the next address that is a cache line multiple. */ +--- openssl-1.0.2.orig/crypto/bn/bn_exp.c ++++ openssl-1.0.2/crypto/bn/bn_exp.c +@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU + * multiple. + */ #define MOD_EXP_CTIME_ALIGN(x_) \ -- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) +- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) + ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) - /* This variant of BN_mod_exp_mont() uses fixed windows and the special - * precomputation memory layout to limit data-dependency to a minimum + /* + * This variant of BN_mod_exp_mont() uses fixed windows and the special diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/ptest-deps.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/ptest-deps.patch index 527e10c5..ef6d1793 100644 --- a/meta-ilp32/recipes-overlayed/openssl/openssl/ptest-deps.patch +++ b/meta-ilp32/recipes-overlayed/openssl/openssl/ptest-deps.patch @@ -10,11 +10,11 @@ Upstream-Status: Inappropriate [config] Signed-off-by: Paul Eggleton -diff --git a/test/Makefile b/test/Makefile -index e6fcfb4..5ae043b 100644 ---- a/test/Makefile -+++ b/test/Makefile -@@ -322,11 +322,11 @@ test_cms: +Index: openssl-1.0.2/test/Makefile +=================================================================== +--- openssl-1.0.2.orig/test/Makefile ++++ openssl-1.0.2/test/Makefile +@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms- @echo "CMS consistency test" $(PERL) cms-test.pl @@ -23,8 +23,12 @@ index e6fcfb4..5ae043b 100644 @echo "Test SRP" ../util/shlib_wrap.sh ./srptest +@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT) + @echo "Test X509v3_check_*" + ../util/shlib_wrap.sh ./$(V3NAMETEST) + -test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT) +test_heartbeat: ../util/shlib_wrap.sh ./$(HEARTBEATTEST) - lint: + test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl/ptest_makefile_deps.patch b/meta-ilp32/recipes-overlayed/openssl/openssl/ptest_makefile_deps.patch new file mode 100644 index 00000000..4202e61d --- /dev/null +++ b/meta-ilp32/recipes-overlayed/openssl/openssl/ptest_makefile_deps.patch @@ -0,0 +1,248 @@ +Additional Makefile dependencies removal for test targets + +Removing the dependency check for test targets as these tests are +causing a number of failures and "noise" during ptest execution. + +Upstream-Status: Inappropriate [config] + +Signed-off-by: Maxin B. John + +diff -Naur openssl-1.0.2d-orig/test/Makefile openssl-1.0.2d/test/Makefile +--- openssl-1.0.2d-orig/test/Makefile 2015-09-28 12:50:41.530022979 +0300 ++++ openssl-1.0.2d/test/Makefile 2015-09-28 12:57:45.930717240 +0300 +@@ -155,67 +155,67 @@ + ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \ + done) + +-test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt ++test_evp: + ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt + +-test_evp_extra: $(EVPEXTRATEST)$(EXE_EXT) ++test_evp_extra: + ../util/shlib_wrap.sh ./$(EVPEXTRATEST) + +-test_des: $(DESTEST)$(EXE_EXT) ++test_des: + ../util/shlib_wrap.sh ./$(DESTEST) + +-test_idea: $(IDEATEST)$(EXE_EXT) ++test_idea: + ../util/shlib_wrap.sh ./$(IDEATEST) + +-test_sha: $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) ++test_sha: + ../util/shlib_wrap.sh ./$(SHATEST) + ../util/shlib_wrap.sh ./$(SHA1TEST) + ../util/shlib_wrap.sh ./$(SHA256TEST) + ../util/shlib_wrap.sh ./$(SHA512TEST) + +-test_mdc2: $(MDC2TEST)$(EXE_EXT) ++test_mdc2: + ../util/shlib_wrap.sh ./$(MDC2TEST) + +-test_md5: $(MD5TEST)$(EXE_EXT) ++test_md5: + ../util/shlib_wrap.sh ./$(MD5TEST) + +-test_md4: $(MD4TEST)$(EXE_EXT) ++test_md4: + ../util/shlib_wrap.sh ./$(MD4TEST) + +-test_hmac: $(HMACTEST)$(EXE_EXT) ++test_hmac: + ../util/shlib_wrap.sh ./$(HMACTEST) + +-test_wp: $(WPTEST)$(EXE_EXT) ++test_wp: + ../util/shlib_wrap.sh ./$(WPTEST) + +-test_md2: $(MD2TEST)$(EXE_EXT) ++test_md2: + ../util/shlib_wrap.sh ./$(MD2TEST) + +-test_rmd: $(RMDTEST)$(EXE_EXT) ++test_rmd: + ../util/shlib_wrap.sh ./$(RMDTEST) + +-test_bf: $(BFTEST)$(EXE_EXT) ++test_bf: + ../util/shlib_wrap.sh ./$(BFTEST) + +-test_cast: $(CASTTEST)$(EXE_EXT) ++test_cast: + ../util/shlib_wrap.sh ./$(CASTTEST) + +-test_rc2: $(RC2TEST)$(EXE_EXT) ++test_rc2: + ../util/shlib_wrap.sh ./$(RC2TEST) + +-test_rc4: $(RC4TEST)$(EXE_EXT) ++test_rc4: + ../util/shlib_wrap.sh ./$(RC4TEST) + +-test_rc5: $(RC5TEST)$(EXE_EXT) ++test_rc5: + ../util/shlib_wrap.sh ./$(RC5TEST) + +-test_rand: $(RANDTEST)$(EXE_EXT) ++test_rand: + ../util/shlib_wrap.sh ./$(RANDTEST) + +-test_enc: ../apps/openssl$(EXE_EXT) testenc ++test_enc: + @sh ./testenc + +-test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pem ++test_x509: + echo test normal x509v1 certificate + sh ./tx509 2>/dev/null + echo test first x509v3 certificate +@@ -223,25 +223,25 @@ + echo test second x509v3 certificate + sh ./tx509 v3-cert2.pem 2>/dev/null + +-test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem ++test_rsa: + @sh ./trsa 2>/dev/null + ../util/shlib_wrap.sh ./$(RSATEST) + +-test_crl: ../apps/openssl$(EXE_EXT) tcrl testcrl.pem ++test_crl: + @sh ./tcrl 2>/dev/null + +-test_sid: ../apps/openssl$(EXE_EXT) tsid testsid.pem ++test_sid: + @sh ./tsid 2>/dev/null + +-test_req: ../apps/openssl$(EXE_EXT) treq testreq.pem testreq2.pem ++test_req: + @sh ./treq 2>/dev/null + @sh ./treq testreq2.pem 2>/dev/null + +-test_pkcs7: ../apps/openssl$(EXE_EXT) tpkcs7 tpkcs7d testp7.pem pkcs7-1.pem ++test_pkcs7: + @sh ./tpkcs7 2>/dev/null + @sh ./tpkcs7d 2>/dev/null + +-test_bn: $(BNTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) bctest ++test_bn: + @echo starting big number library test, could take a while... + @../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest + @echo quit >>tmp.bntest +@@ -250,33 +250,33 @@ + @echo 'test a^b%c implementations' + ../util/shlib_wrap.sh ./$(EXPTEST) + +-test_ec: $(ECTEST)$(EXE_EXT) ++test_ec: + @echo 'test elliptic curves' + ../util/shlib_wrap.sh ./$(ECTEST) + +-test_ecdsa: $(ECDSATEST)$(EXE_EXT) ++test_ecdsa: + @echo 'test ecdsa' + ../util/shlib_wrap.sh ./$(ECDSATEST) + +-test_ecdh: $(ECDHTEST)$(EXE_EXT) ++test_ecdh: + @echo 'test ecdh' + ../util/shlib_wrap.sh ./$(ECDHTEST) + +-test_verify: ../apps/openssl$(EXE_EXT) ++test_verify: + @echo "The following command should have some OK's and some failures" + @echo "There are definitly a few expired certificates" + ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem + +-test_dh: $(DHTEST)$(EXE_EXT) ++test_dh: + @echo "Generate a set of DH parameters" + ../util/shlib_wrap.sh ./$(DHTEST) + +-test_dsa: $(DSATEST)$(EXE_EXT) ++test_dsa: + @echo "Generate a set of DSA parameters" + ../util/shlib_wrap.sh ./$(DSATEST) + ../util/shlib_wrap.sh ./$(DSATEST) -app2_1 + +-test_gen testreq.pem: ../apps/openssl$(EXE_EXT) testgen test.cnf ++test_gen testreq.pem: + @echo "Generate and verify a certificate request" + @sh ./testgen + +@@ -288,13 +288,11 @@ + @cat certCA.ss certU.ss > intP1.ss + @cat certCA.ss certU.ss certP1.ss > intP2.ss + +-test_engine: $(ENGINETEST)$(EXE_EXT) ++test_engine: + @echo "Manipulate the ENGINE structures" + ../util/shlib_wrap.sh ./$(ENGINETEST) + +-test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \ +- intP1.ss intP2.ss $(SSLTEST)$(EXE_EXT) testssl testsslproxy \ +- ../apps/server2.pem serverinfo.pem ++test_ssl: + @echo "test SSL protocol" + @if [ -n "$(FIPSCANLIB)" ]; then \ + sh ./testfipsssl keyU.ss certU.ss certCA.ss; \ +@@ -304,7 +302,7 @@ + @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss + @sh ./testsslproxy keyP2.ss certP2.ss intP2.ss + +-test_ca: ../apps/openssl$(EXE_EXT) testca CAss.cnf Uss.cnf ++test_ca: + @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \ + echo "skipping CA.sh test -- requires RSA"; \ + else \ +@@ -312,11 +310,11 @@ + sh ./testca; \ + fi + +-test_aes: #$(AESTEST) ++test_aes: + # @echo "test Rijndael" + # ../util/shlib_wrap.sh ./$(AESTEST) + +-test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh ++test_tsa: + @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \ + echo "skipping testtsa test -- requires RSA"; \ + else \ +@@ -331,7 +329,7 @@ + @echo "Test JPAKE" + ../util/shlib_wrap.sh ./$(JPAKETEST) + +-test_cms: ../apps/openssl$(EXE_EXT) cms-test.pl smcont.txt ++test_cms: + @echo "CMS consistency test" + $(PERL) cms-test.pl + +@@ -339,22 +337,22 @@ + @echo "Test SRP" + ../util/shlib_wrap.sh ./srptest + +-test_ocsp: ../apps/openssl$(EXE_EXT) tocsp ++test_ocsp: + @echo "Test OCSP" + @sh ./tocsp + +-test_v3name: $(V3NAMETEST)$(EXE_EXT) ++test_v3name: + @echo "Test X509v3_check_*" + ../util/shlib_wrap.sh ./$(V3NAMETEST) + + test_heartbeat: + ../util/shlib_wrap.sh ./$(HEARTBEATTEST) + +-test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) ++test_constant_time: + @echo "Test constant time utilites" + ../util/shlib_wrap.sh ./$(CONSTTIMETEST) + +-test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT) ++test_verify_extra: + @echo $(START) $@ + ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST) + diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl_1.0.1k.bb b/meta-ilp32/recipes-overlayed/openssl/openssl_1.0.1k.bb deleted file mode 100644 index 16ffc58a..00000000 --- a/meta-ilp32/recipes-overlayed/openssl/openssl_1.0.1k.bb +++ /dev/null @@ -1,57 +0,0 @@ -require openssl.inc - -# For target side versions of openssl enable support for OCF Linux driver -# if they are available. -DEPENDS += "cryptodev-linux" - -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" - -export DIRS = "crypto ssl apps engines" -export OE_LDFLAGS="${LDFLAGS}" - -SRC_URI += "file://configure-targets.patch \ - file://shared-libs.patch \ - file://oe-ldflags.patch \ - file://engines-install-in-libdir-ssl.patch \ - file://openssl-fix-link.patch \ - file://debian/version-script.patch \ - file://debian/pic.patch \ - file://debian/c_rehash-compat.patch \ - file://debian/ca.patch \ - file://debian/make-targets.patch \ - file://debian/no-rpath.patch \ - file://debian/man-dir.patch \ - file://debian/man-section.patch \ - file://debian/no-symbolic.patch \ - file://debian/debian-targets.patch \ - file://openssl_fix_for_x32.patch \ - file://fix-cipher-des-ede3-cfb1.patch \ - file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ - file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \ - file://initial-aarch64-bits.patch \ - file://find.pl \ - file://openssl-fix-des.pod-error.patch \ - file://Makefiles-ptest.patch \ - file://ptest-deps.patch \ - file://run-ptest \ - " - -SRC_URI[md5sum] = "d4f002bd22a56881340105028842ae1f" -SRC_URI[sha256sum] = "8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c" - -PACKAGES =+ " \ - ${PN}-engines \ - ${PN}-engines-dbg \ - " - -FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" -FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug" - -PARALLEL_MAKE = "" -PARALLEL_MAKEINST = "" - -do_configure_prepend() { - cp ${WORKDIR}/find.pl ${S}/util/find.pl -} diff --git a/meta-ilp32/recipes-overlayed/openssl/openssl_1.0.2e.bb b/meta-ilp32/recipes-overlayed/openssl/openssl_1.0.2e.bb new file mode 100644 index 00000000..d2a265a7 --- /dev/null +++ b/meta-ilp32/recipes-overlayed/openssl/openssl_1.0.2e.bb @@ -0,0 +1,57 @@ +require openssl.inc + +# For target side versions of openssl enable support for OCF Linux driver +# if they are available. +DEPENDS += "cryptodev-linux" + +CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" + +export DIRS = "crypto ssl apps engines" +export OE_LDFLAGS="${LDFLAGS}" + +SRC_URI += "file://find.pl;subdir=${BP}/util/ \ + file://run-ptest \ + file://configure-targets.patch \ + file://shared-libs.patch \ + file://oe-ldflags.patch \ + file://engines-install-in-libdir-ssl.patch \ + file://debian1.0.2/block_diginotar.patch \ + file://debian1.0.2/block_digicert_malaysia.patch \ + file://debian/ca.patch \ + file://debian/c_rehash-compat.patch \ + file://debian/debian-targets.patch \ + file://debian/man-dir.patch \ + file://debian/man-section.patch \ + file://debian/no-rpath.patch \ + file://debian/no-symbolic.patch \ + file://debian/pic.patch \ + file://debian/version-script.patch \ + file://openssl_fix_for_x32.patch \ + file://fix-cipher-des-ede3-cfb1.patch \ + file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ + file://openssl-fix-des.pod-error.patch \ + file://Makefiles-ptest.patch \ + file://ptest-deps.patch \ + file://crypto_use_bigint_in_x86-64_perl.patch \ + file://openssl-1.0.2a-x32-asm.patch \ + file://ptest_makefile_deps.patch \ + file://configure-musl-target.patch \ + " + +SRC_URI[md5sum] = "5262bfa25b60ed9de9f28d5d52d77fc5" +SRC_URI[sha256sum] = "e23ccafdb75cfcde782da0151731aa2185195ac745eea3846133f2e05c0e0bff" + +PACKAGES =+ "${PN}-engines" +FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" + +# The crypto_use_bigint patch means that perl's bignum module needs to be +# installed, but some distributions (for example Fedora 23) don't ship it by +# default. As the resulting error is very misleading check for bignum before +# building. +do_configure_prepend() { + if ! perl -Mbigint -e true; then + bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." + fi +} -- cgit v1.2.3