| Age | Commit message (Collapse) | Author |
|---|
|
Disable neon if the machine does not support it. --enable-fat also
includes the neon assembler code, therefore also disable it.
Signed-off-by: Benjamin Bara <benjamin.bara@skidata.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bug fixes:
==========
* Fix OCB loop for processing messages of size 272 bytes or
larger.
* Fix alignment bug in the new x86_64 non-pclmul assembly
implementation of ghash.
* Fix build-time memory leak in eccdata.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Nettle is primarily a library that ships some tools, so inherit the
lib_package class to package the tools in nettle-bin, and add a
dependency on it to nettle-ptest.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Instead of patching a relative path to an unversioned libnettle.so to be
a bare filename which then needs nettle-dev to be installed, create a
symlink in the expected place which points to the actual library. This
means nettle-ptest no longer needs to depend on nettle-dev.
Explicitly skip symbols-test, it has been silently failing as nm isn't
available and also needs a static libnettle.a to run.
Install two rsa-* example binaries that are needed for pkcs1-conv-test
to pass.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
==========
This release includes a couple of new features, and many
performance improvements. It adds assembly code for two more
architectures: ARM64 and S390x.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.5 and libhogweed.so.6.5, with sonames
libnettle.so.8 and libhogweed.so.6.
New features:
--------------
* AES keywrap (RFC 3394), contributed by Nicolas Mora.
* SM3 hash function, contributed by Tianjia Zhang.
* New functions cbc_aes128_encrypt, cbc_aes192_encrypt,
cbc_aes256_encrypt.
On processors where AES is fast enough, e.g., x86_64 with
aesni instructions, the overhead of using Nettle's general
cbc_encrypt can be significant. The new functions can be
implemented in assembly, to do multiple blocks with reduced
per-block overhead.
Note that there's no corresponding new decrypt functions,
since the general cbc_decrypt doesn't suffer from the same
performance problem.
Bug fixes:
-------------
* Fix fat builds for x86_64 windows, these appear to never
have worked.
Optimizations:
----------------
* New ARM64 implementation of AES, GCM, Chacha, SHA1 and
SHA256, for processors supporting crypto extensions. Great
speedups, and fat builds are supported. Contributed by
Mamone Tarsha.
* New s390x implementation of AES, GCM, Chacha, memxor, SHA1,
SHA256, SHA512 and SHA3. Great speedups, and fat builds are
supported. Contributed by Mamone Tarsha.
* New PPC64 assembly for ecc modulo/redc operations,
contributed by Amitay Isaacs, Martin Schwenke and Alastair
D´Silva.
* The x86_64 AES implementation using aesni instructions has
been reorganized with one separate function per key size,
each interleaving the processing of two blocks at a time
(when the caller processes multiple blocks with each call).
This gives a modest performance improvement on some
processors.
* Rewritten and faster x86_64 poly1305 assembly.
Known issues:
-------------
* Nettle's testsuite doesn't work out-of-the-box on recent
MacOS, due to /bin/sh discarding the DYLD_LIBRARY_PATH
environment variable. Nettle's test scripts handle this in
some cases, but currently fails the test cases that are
themselves written as /bin/sh scripts. As a workaround, use
make check EMULATOR='env DYLD_LIBRARY_PATH=$(TEST_SHLIB_DIR)'
Miscellaneous:
--------------
* Updated manual to current makeinfo conventions, with no
explicit node pointers. Generate pdf version with texi2pdf,
to get working hyper links.
* Added square root functions for NIST ecc curves, as a
preparation for supporting compact point representation.
* Reworked internal GCM/ghash interfaces, simplifying assembly
implementations. Deleted unused GCM C implementation
variants with less than 8-bit lookup table.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
license identifiers
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Version 3.7.2 includes a fix for CVE-2021-20305.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes: [YOCTO #13471]
Signed-off-by: Ida Delphine <idadelm@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
bugfix release [1]
[1] https://lists.gnu.org/archive/html/info-gnu/2021-02/msg00011.html
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
refresh the following patches:
Add-target-to-only-build-tests-not-run-them.patch
dlopen-test.patch
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
nettle-stdint.h was no longer use.
Remove nettle/nettle-stdint.h in do_install_append() of .bb file.
Changelog in ChangeLog file as follows:
2019-01-06 Niels Möller <nisse@lysator.liu.se>
* nettle-types.h: Don't use nettle-stdint.h, include <stdint.h>
directly.
* nettle-write.h: Likewise.
* configure.ac: Delete use of AX_CREATE_STDINT_H.
* aclocal.m4 (AX_CREATE_STDINT_H): Delete.
* Makefile.in (INSTALL_HEADERS, distclean-here): Delete mention of
nettle-stdint.h.
Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Rework dlopen-test.patch to fix below
dlopen-test failure:
# cd /usr/lib64/nettle/ptest
# ./run-ptest
dlopen failed: /usr/lib/libnettle.so: cannot open shared object file: No such file or directory
./run-ptest: line 8: 7607 Aborted "./$f"
FAIL: dlopen-test
As the test dlopen-test depends on libnettle.so
which belongs to nettle-dev package, so add it
to rdepends of nettle-ptest.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The commit[8ac8fa8ee1 nettle: update to 3.4.1]
add CFLAGS_append = " -std=c99" to silence the
below error for native build:
| ../nettle-3.4.1/rsa-sign-tr.c: In function 'sec_equal':
| ../nettle-3.4.1/rsa-sign-tr.c:243:3: error: 'for' loop initial declarations are only allowed in C99 mode
for (size_t i = 0; i < limbs; i++)
^
| ../nettle-3.4.1/rsa-sign-tr.c:243:3: note: use option -std=c99 or -std=gnu99 to compile your code
| Makefile:263: recipe for target 'rsa-sign-tr.o' failed
But the above change will trigger below Segmentation
fault:
# echo -n passwd| nettle-pbkdf2 -i 1 -l 16 salt
[65534.886509] nettle-pbkdf2[708]: segfault at 1f594260 ip 00007f3332256998 sp 00007fff60d44410 error 4 in libnettle.so.6.5[7f3332244000+1d00]
[65534.887525] Code: e8 6d db fe ff 44 01 6d 68 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 66 2e 0f 1f 84 00 00 00 00 00 49 89 dc e9 68 ff f
Segmentation fault
So update the logic to CFLAGS_append = " -std=gnu99"
to fix the issue.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This reverts commit 83faaf7b2a5f4fc4ae504b300134409e90389770.
This should never have merged as the change was rejected upstream and adding a library
to the ptest package resulted in it providing that SONAME which led to being
included in images like core-image-sato.
This in turn led to a ton of ptest failures in the 2.7 r1 QA report.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove dlopen-test.patch which originally used
to fix the test dlopen-test, but autually the
patch didn't resolve the issue as dlopen-test.patch
supposes the file /usr/lib/libnettle.so exists.
Instead deploy ${D}${PTEST_PATH}/libnettle.so to
fix the dlopen-test failure.
Update the initialization for the salt to fix
below Segmentation fault and also nettle-pbkdf2-test
failure.
# echo -n passwd| nettle-pbkdf2 -i 1 -l 16 salt
[65534.886509] nettle-pbkdf2[708]: segfault at 1f594260 ip 00007f3332256998 sp 00007fff60d44410 error 4 in libnettle.so.6.5[7f3332244000+1d00]
[65534.887525] Code: e8 6d db fe ff 44 01 6d 68 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 66 2e 0f 1f 84 00 00 00 00 00 49 89 dc e9 68 ff f
Segmentation fault
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bug fix only release
Include:
CVE-2018-16868 gnutls: Bleichenbacher-like side channel leakage in
PKCS#1 1.5 verification and padding oracle verification
CVE-2018-16869 nettle: Leaky data conversion exposing a manager oracle
For full details see:
http://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007369.html
[V2]
Add -std=c99 to cflags
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
add multilib support for this receipe, or it will conflicts in mutlilib setting
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
merge .inc
forward ported two patches to work with 3.4
for more info see:
http://lists.gnu.org/archive/html/info-gnu/2017-11/msg00007.html
Change SRC_URI to use GNU download instead of liu.se, which interacts badly with
wget 1.19.2 and downloads uncompressed tarballs (RB).
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
XX nettle: update SRC_URI
|
|
This patch changes the result of the nettle dlopen-test
from FAIL to PASS. The test used to fail because the test could not
find and load libnettle.so.
This patch fixes this by using absolute path instead of relative.
This was the only test out of 88 that used to fail.
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
These are recipes where the upstream has moved to GPLv3 and these old
versions are the last ones under the GPLv2 license.
There are several reasons for making this move. There is a different
quality of service with these recipes in that they don't get security
fixes and upstream no longer care about them, in fact they're actively
hostile against people using old versions. The recipes tend to need a
different kind of maintenance to work with changes in the wider ecosystem
and there needs to be isolation between changes made in the v3 versions
and those in the v2 versions.
There are probably better ways to handle a "non-GPLv3" system but right
now having these in OE-Core makes them look like a first class citizen
when I believe they have potential for a variety of undesireable issues.
Moving them into a separate layer makes their different needs clearer, it
also makes it clear how many of these there are. Some are probably not
needed (e.g. mc), I also wonder whether some are useful (e.g. gmp)
since most things that use them are GPLv3 only already. Someone could
now more clearly see how to streamline the list of recipes here.
I'm proposing we mmove to this separate layer for 2.3 with its future
maintinership and testing to be determined in 2.4 and beyond.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The original configure script detects the header files
of openssl to set variable like 'HAVE_OPENSSL_AES_H' in
config.h and ignore the value of '--enable-openssl', this
may cause inconsistent build.
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
LICENSE_${PN} shouldn't contain anything that is not specified in LICENSE.
[YOCTO #10075]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The variable in question should have been called ecc->p. The patch has been updated
so that the compilation of the nettle recipe would complete successfully. The backport
originated from this commit https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
Signed-off-by: ngutzmann <nathangutzmann@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
|
|
(From OE-Core master rev: 7474c7dbf98c1a068bfd9b14627b604da5d79b67)
minor tweak to get x86_64/ecc-384-modp.asm to apply
(From OE-Core rev: d1903e264ab62d34daeb652c89c6fb67e7c9b42d)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core master rev: f62eb452244c3124cc88ef01c14116dac43f377a)
hand applied changes for ecc-256.c
(From OE-Core rev: cb03397ac97bfa99df6b72c80e1e03214e059e6e)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
LIC_FILES_CHKSUM and the SRC_URI hashes are both set from within
the recipe files, so should not be duplicated in nettle.inc.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Use the nettle testsuite as ptests. Skip "sha1-huge-test" because
it can take 20 minutes to finish.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Newer nettle versions are "LGPLv3+ | GPLv2+". Add 3.1.1 but also
keep version 2.7.1 since it's LGPLv2.1+
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* Set the nettle binary package license to LGPLv2.1+:
There are GPL files in the sources but none of these are used
to produce the files we ship.
* Remove the useless package specific licenses: none of the named
packages are actually produced and the licenses do not affect
the overall license of either the sources or the binary package.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
adding the license definitions on the few packages that
deviate from the overall package license.
based on http://www.lysator.liu.se/~nisse/nettle/nettle.html#Copyright
and spot checking files.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
GNU Wget cannot be upgrated to a newer that 1.12 version on supported
Centos distro. GNU Wget 1.12 and earlier uses a server-provided filename
instead of the original URL to determine the destination filename of a
download.
This means the files downloaded when fetching cannot be properly used:
$ wget http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.4.2/source/eventlog_0.2.13.tar.gz
$ ls
eventlog_0.2.13.tar.gz?AWSAccessKeyId=AKIAICTJ5MANGPMOH7JA&Expires=1400838672&Signature=TjakOBpOvHtEKKDgF14iVinWpY0=
This in turn lead to build errors like:
WARNING: Failed to fetch URL http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.4.2/source/eventlog_0.2.13.tar.gz, attempting MIRRORS if available
ERROR: Fetcher failure for URL: 'http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.4.2/source/eventlog_0.2.13.tar.gz'. The fetch command returned success for url http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.4.2/source/eventlog_0.2.13.tar.gz but /path/to/downloads/eventlog_0.2.13.tar.gz doesn't exist?!
ERROR: Function failed: Fetcher failure for URL: 'http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.4.2/source/eventlog_0.2.13.tar.gz'. Unable to fetch URL from any source.
ERROR: Logfile of failure stored in: /path/to/tmp/work/ppce500v2-enea-linux-gnuspe/eventlog/0.2.13-r0/temp/log.do_fetch.28302
ERROR: Task 4 (/path/to/poky/meta-openembedded/meta-oe/recipes-support/eventlog/eventlog_0.2.13.bb, do_fetch) failed with exit code '1'
[YOCTO #6549]
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Do not include openssl glue in the benchmark program.
This should fix a compile issue on multilib.
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Newer versions of gnutls depends on nettle.
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
Benjamin Bara
Wang Mingyu
Alexander Kanavin
Ross Burton
Richard Purdie
Trevor Gamblin
Meh Mbeh Ida Delphine
Khem Raj
Wang Mingyu
Maxime Roussin-Bélanger
Adrian Bunk
Yuan Chao
Mingli Yu
Armin Kuster
Changqing Li
Ross Burton
Armin Kuster
Juro Bystricky
Haiqing Bai
Fabio Berton
Maxin B. John
ngutzmann
Alexander Kanavin
Andre McCurdy
Jussi Kukkonen
Tudor Florea
Valentin Popa