| Age | Commit message (Collapse) | Author |
|---|
|
For now, if 'openssl' is enabled for ntp, ntp would still be built
without openssl & libcrypto. This is because that ntp thinks openssl
and libcrypto locates under the same directory.
This patch removes the codes of moving libcrypto to base_libdir.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
|
|
Machine specific over-rides for mtx-1 (aka MeshCube) and
mtx-2 (aka SurfBox 2nd generation) don't belong in oe-core.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The openssl recipe currently relies on EXTRA_OEMAKE having been set to
"-e MAKEFLAGS=" in bitbake.conf to operate. It is necessary to make this
explicit so that the default in bitbake.conf can be changed.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The code in native.bbclass adds -native suffix to the package
names that don't have it. perl-native-runtime becomes
perl-native-runtime-native because of this.
Renamed perl-native-runtime -> hostperl-runtime-native to avoid
mangling it and to conform with the naming convetion for native
packages.
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
use termios instead of termio
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* follow symbolic links while copying sources from test/*
* install required target files to remove Make errors:
make[2]: *** No rule to make target 'xxx', needed by 'yyy'.
* fix hardcode pathes:
/usr/lib -> ${libdir}, /usr/bin -> ${bindir}
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Match target name linux-mips64 as well, all mips64 targets will have
mips(32) userspace.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Map nios2 architecture to linux-generic32 target.
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The virtclass-native is out of date.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Because of the SSLv3 POODLE vulnerability, it's preferred to simply disable
SSLv3 even if patched with the TLS_FALLBACK_SCSV
Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixed:
Cannot create directory image/usr: File exists
make: *** [install_sw] Error 17
Create /usr to avoid race issues.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Map the microblaze architecture to the linux-generic32 target.
Signed-off-by: Nathan Rossi <nathan.rossi@xilinx.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This causes the package to not be relocateable from sstate
The OpenSSL binaries respect a few environment variables for determining
locations of files, so we now use these to point the binaries to the
relocated locations.
[YOCTO #6827]
Signed-off-by: André Draszik <adraszik@digisoft.tv>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
With last restructuring for musl, some of uclibc targets got ignored
fsl/ppc and ARM worked ok since they use special target triplets which
were already considered but other like mips, x86 and so on failed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
'make rehash' used the compiled openssl to get hash value
for files, it always failed when cross compiling:
/path/to/openssl/1.0.1i-r0/openssl-1.0.1i/util/shlib_wrap.sh:
line 96: /path/to/openssl/1.0.1i-r0/openssl-1.0.1i/util/../apps/openssl:
cannot execute binary file
so add DEPENDS on openssl-native for target package and use it
instead of the one compiled from target package.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Simplifies the code and adds knowlwdge about musl targets
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add some missing dependencies and fix the Makefile in order to get most
of the ptest tests working (specifically test_bn, test_verify, test_cms,
test_srp and test_heartbeat). test_verify still fails for unknown
reasons (perhaps some of the now expired certificates weren't meant to
have expired as far as the test is concerned?) but at least it has the
certificates to run now.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
Install openssl test suite and run it as ptest.
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The base_contains is kept as a compatibility method and we ought to
not use it in OE-Core so we can remove it from base metadata in
future.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The trigger for the upgrade was the serious "heartbleed" vulnerability
(CVE-2014-0160). More information:
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx
Dropped obsolete patches, because the new version contains them:
0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch
0001-Fix-DTLS-retransmission-from-previous-session.patch
0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch
Modified 2 patches (small changes), in order to apply properly:
initial-aarch64-bits.patch
openssl-fix-doc.patch
Addresses CVEs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
we need to map OS string correctly to include linux-uclibcspe
which is what we use with ppc+spe on uclibc, additionally move
gnuspe triplet mapping to same code as well
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Adding perl to the RDEPENDS caused a performance hit to the overall build time since this was
the only package that depended on perl. The openssl-misc package is not installed by default
so use a PACKAGECONFIG which can be overridden to allow the perl scripts along with perl to
be installed.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
c_rehash utility is not being installed with openssl.It conveniently
generates hash and symbolic links based on it for CA certificates
stored locally for SSL based server authentication
Signed-off-by: Yasir-Khan <yasir_khan@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* Add the openssl-conf package to the list of packages to
be created. This package contains the openssl.cnf file
which is used by both the openssl executable in the
openssl package and the libcrypto library.
* This is to avoid messages like:
WARNING: can't open config file: /usr/lib/ssl/openssl.cnf
* When running "openssl req" to request and generate a certificate
the command will fail without the openssl.cnf file being
installed on the target system.
* Made this package an RRECOMMENDS for libcrypto since:
* libcrypto is a RDEPENDS for the openssl package
* Users can specify a configuration file at another
location so it is not stricly required and many
commands will work without it (with warnings)
Signed-off-by: Chase Maupin <Chase.Maupin@ti.com>
Signed-off-by: Qiang Chen <qiang.chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This enables aes and sha1 assembly at buildtime. Openssl does a
runtime check to see which portion gets enabled.
'./Configure TABLE' gives the following:
*** linux-elf-arm
$cc =
$cflags = -DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall -Wa,--noexecstack -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = BN_LLONG DES_RISC1
$cpuid_obj =
$bn_obj =
$des_obj =
$aes_obj =
$bf_obj =
$md5_obj =
$sha1_obj =
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$wp_obj =
$cmll_obj =
$modes_obj =
$engines_obj =
$perlasm_scheme = void
$dso_scheme = dlfcn
$shared_target= linux-shared
$shared_cflag = -fPIC
$shared_ldflag =
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$arflags =
$multilib =
*** linux-armv4
$cc = gcc
$cflags = -DTERMIO -O3 -Wall
$unistd =
$thread_cflag = -D_REENTRANT
$sys_id =
$lflags = -ldl
$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR
$cpuid_obj = armcap.o armv4cpuid.o
$bn_obj = bn_asm.o armv4-mont.o armv4-gf2m.o
$des_obj =
$aes_obj = aes_cbc.o aes-armv4.o bsaes-armv7.o
$bf_obj =
$md5_obj =
$sha1_obj = sha1-armv4-large.o sha256-armv4.o sha512-armv4.o
$cast_obj =
$rc4_obj =
$rmd160_obj =
$rc5_obj =
$wp_obj =
$cmll_obj =
$modes_obj = ghash-armv4.o
$engines_obj =
$perlasm_scheme = void
$dso_scheme = dlfcn
$shared_target= linux-shared
$shared_cflag = -fPIC
$shared_ldflag =
$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
$ranlib =
$arflags =
$multilib =
Build tested on armv7a/angstrom and armv8/distroless, runtime tested on armv7a/angstrom.
'openssl speed' results:
Algo blocksize ops/s after
ops/s before difference
-------------------------------------------
MD5 16 308,766 264,664 -14.28%
64 277,090 263,340 -4.96%
256 212,652 197,043 -7.34%
1024 103,604 100,157 -3.33%
8192 17,936 17,796 -0.78%
sha1 16 290,011 385,098 32.79%
64 234,939 302,788 28.88%
256 144,831 177,028 22.23%
1024 57,043 67,374 18.11%
8192 8,586 9,932 15.68%
sha256 16 290,443 605,747 108.56%
64 178,010 370,598 108.19%
256 82,107 168,770 105.55%
1024 26,064 53,068 103.61%
8192 3,550 7,211 103.10%
sha512 16 59,618 259,354 335.03%
64 59,616 258,265 333.22%
256 21,727 98,057 351.31%
1024 7,449 34,304 360.49%
8192 1,047 4,842 362.63%
des cbc 16 964,682 1,124,459 16.56%
64 260,188 298,910 14.88%
256 65,945 76,273 15.66%
1024 16,570 19,110 15.33%
8192 2,082 2,398 15.17%
des ede3 16 370,442 429,906 16.05%
64 95,429 110,147 15.42%
256 23,928 27,808 16.21%
1024 5,993 6,960 16.13%
8192 752 868 15.36%
aes128 16 1,712,050 2,301,100 34.41%
64 466,491 651,155 39.59%
256 120,181 168,953 40.58%
1024 30,177 42,792 41.80%
8192 3,791 5,361 41.41%
aes192 16 1,472,560 1,964,900 33.43%
64 400,087 544,971 36.21%
256 103,245 141,062 36.63%
1024 25,902 35,389 36.63%
8192 3,256 4,451 36.67%
eas256 16 1,330,524 1,772,143 33.19%
64 355,025 486,221 36.95%
256 90,663 125,281 38.18%
1024 22,725 31,484 38.54%
8192 2,837 3,952 39.31%
rsa 2048bit 15 25 69.94%
public 547 832 52.00%
dsa 2048bit 55 86 54.26%
verify 47 73 53.33%
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Update configure-targets.patch:
- drop linux-aarch64 configuration
Update do_configure():
- add linux-aarch64* case to cover linux-aarch64 and linux-aarch64_be
- use linux-generic64 target in above case
Backport initial-aarch64-bits.patch:
- first order optimizations for Aarch64
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
opensslconf.h conflicts between 32-bit and 64-bit versions.
Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
There is no reason to disable exec-stack only for -native builds;
binaries on the target will suffer from the same SELinux ACLs.
OpenSSL does not use executable stack so this option can be disabled
unconditionally.
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add mips64 configure support but assume mips(32) userspace.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The overrides virtclass-native and virtclass-nativesdk are deprecated,
which should be replaced by class-native and class-nativesdk.
[YOCTO #3297]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The latter variable is only applicable for target builds and could
result in passing incompatible options (and/or failing to pass
required options) to ${BUILD_CC} for a virtclass-native build.
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Restore INC_PR to r15 to prevent breakage with out of tree openssl
recipes (e.g, meta-oe).
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Addresses CVE-2012-2110
Fixes bug [YOCTO #2368]
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This fix is for dhclient. It needs libcrypto at runtime and if
libcrypto is in libdir, it's path can be inaccessible on systems
where /usr is on nfs for example or dhclient is needed before
/usr is mounted.
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
[Fix comment to from /usr -> /lib - sgw]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Add BN_ADDR for address type instead of using BN_ULONG or unsigned long:
1. For W64, address type is unsigned long long, not unsigned long.
2. For x32, address type is unsigned long , not BN_ULONG.
Added a new targetlinux-x32 in the config file
The do_install() code to move lib/* to lib64 is not needed now with the
enhanced multilib support.
Make the x86-64 assembly syntax compatible with x32 compiler.
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* Thanks to meta-oe for this contribution
* Add Patch Upstream-Status info
* Merged the meta-oe version of openssl-1.0.inc with openssl.inc
* Fix make install parallel issue with PARALLEL_MAKEINST = ""
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Without this change the perl path from the build system is used.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There is this discrepency in spelling. Lets fix it in
core. There are lot of layers using SITEINFO_ENDIANNESS
This was shielded since meta-oe had its own copy of
siteinfo class. But that class has now been deleted in
favor of oe-core
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If try to build for an ppc64 target openssl will fail to build since
the configure script didn't know how to handle a 'linux-powerpc64' target.
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If trying to build for an e500v2 target openssl will fail to build since
the configure script didn't know how to handle a 'gnuspe' target.
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
|
|
Otherwise it will use the openssl internal default of /usr/share/man which may not be correct.
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
if libdir is not /usr/lib, e.g /usr/lib64, openssl build will fail
because it still use /usr/lib as library dir.
this patch appends the configure option "--libdir" to specify the correct
library directory
Signed-off-by: Yu Ke <ke.yu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
|
|
This fixes a build failure when ${prefix}="".
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[YOCTO #979]
from 0.9.8p
fixes CVE-2010-4180, CVE-2010-4252, CVE-2010-0014
Signed-off-by: Qing He <qing.he@intel.com>
|
|
Signed-off-by: Qing He <qing.he@intel.com>
|
|
The -Wall flag was unintentionally removed from the end of the CFLAG var in
089612794d4d8d9c79bd2a4365d6df78371f7f40 by me. This patch puts it back in.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
|
|
The execstack flag gets set on libcrypto.so by default which causes SELinux
to prevent it from being loaded on systems using SELinux, which includes
Fedora. This patch disables the execstack flag. (Note: Red Hat do this in
their openssl packaging.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
point to incorrect places
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
|
Chen Qi
Andre McCurdy
Mike Crowe
Ed Bartosh
Khem Raj
Wenzong Fan
Marek Vasut
Robert Yang
Brendan Le Foll
Nathan Rossi
André Draszik
Jackie Huang
Paul Eggleton
Maxin B. John
Otavio Salvador
Cristiana Voicu
Saul Wold
mykhani
Qiang Chen
Koen Kooi
Fathi Boudra
Ming Liu
Enrico Scholz
Randy MacLeod
Phil Blundell
Scott Garman
Andrei Gherzan
Nitin A Kamble
Richard Purdie
Kumar Gala
Yu Ke
Dexuan Cui
Phil Blundell
Qing He
Paul Eggleton
Richard Purdie