summaryrefslogtreecommitdiff
path: root/meta/recipes-connectivity/openssl
AgeCommit message (Collapse)AuthorFiles
2013-10-30openssl: create package for openssl configuration fileQiang Chen1
* Add the openssl-conf package to the list of packages to be created. This package contains the openssl.cnf file which is used by both the openssl executable in the openssl package and the libcrypto library. * This is to avoid messages like: WARNING: can't open config file: /usr/lib/ssl/openssl.cnf * When running "openssl req" to request and generate a certificate the command will fail without the openssl.cnf file being installed on the target system. * Made this package an RRECOMMENDS for libcrypto since: * libcrypto is a RDEPENDS for the openssl package * Users can specify a configuration file at another location so it is not stricly required and many commands will work without it (with warnings) Signed-off-by: Chase Maupin <Chase.Maupin@ti.com> Signed-off-by: Qiang Chen <qiang.chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-10-26openssl: switch ARM builds from linux-elf-arm to linux-armv4 configKoen Kooi1
This enables aes and sha1 assembly at buildtime. Openssl does a runtime check to see which portion gets enabled. './Configure TABLE' gives the following: *** linux-elf-arm $cc = $cflags = -DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall -Wa,--noexecstack -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl $bn_ops = BN_LLONG DES_RISC1 $cpuid_obj = $bn_obj = $des_obj = $aes_obj = $bf_obj = $md5_obj = $sha1_obj = $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = $wp_obj = $cmll_obj = $modes_obj = $engines_obj = $perlasm_scheme = void $dso_scheme = dlfcn $shared_target= linux-shared $shared_cflag = -fPIC $shared_ldflag = $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = $multilib = *** linux-armv4 $cc = gcc $cflags = -DTERMIO -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = armcap.o armv4cpuid.o $bn_obj = bn_asm.o armv4-mont.o armv4-gf2m.o $des_obj = $aes_obj = aes_cbc.o aes-armv4.o bsaes-armv7.o $bf_obj = $md5_obj = $sha1_obj = sha1-armv4-large.o sha256-armv4.o sha512-armv4.o $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = $wp_obj = $cmll_obj = $modes_obj = ghash-armv4.o $engines_obj = $perlasm_scheme = void $dso_scheme = dlfcn $shared_target= linux-shared $shared_cflag = -fPIC $shared_ldflag = $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = $multilib = Build tested on armv7a/angstrom and armv8/distroless, runtime tested on armv7a/angstrom. 'openssl speed' results: Algo blocksize ops/s after ops/s before difference ------------------------------------------- MD5 16 308,766 264,664 -14.28% 64 277,090 263,340 -4.96% 256 212,652 197,043 -7.34% 1024 103,604 100,157 -3.33% 8192 17,936 17,796 -0.78% sha1 16 290,011 385,098 32.79% 64 234,939 302,788 28.88% 256 144,831 177,028 22.23% 1024 57,043 67,374 18.11% 8192 8,586 9,932 15.68% sha256 16 290,443 605,747 108.56% 64 178,010 370,598 108.19% 256 82,107 168,770 105.55% 1024 26,064 53,068 103.61% 8192 3,550 7,211 103.10% sha512 16 59,618 259,354 335.03% 64 59,616 258,265 333.22% 256 21,727 98,057 351.31% 1024 7,449 34,304 360.49% 8192 1,047 4,842 362.63% des cbc 16 964,682 1,124,459 16.56% 64 260,188 298,910 14.88% 256 65,945 76,273 15.66% 1024 16,570 19,110 15.33% 8192 2,082 2,398 15.17% des ede3 16 370,442 429,906 16.05% 64 95,429 110,147 15.42% 256 23,928 27,808 16.21% 1024 5,993 6,960 16.13% 8192 752 868 15.36% aes128 16 1,712,050 2,301,100 34.41% 64 466,491 651,155 39.59% 256 120,181 168,953 40.58% 1024 30,177 42,792 41.80% 8192 3,791 5,361 41.41% aes192 16 1,472,560 1,964,900 33.43% 64 400,087 544,971 36.21% 256 103,245 141,062 36.63% 1024 25,902 35,389 36.63% 8192 3,256 4,451 36.67% eas256 16 1,330,524 1,772,143 33.19% 64 355,025 486,221 36.95% 256 90,663 125,281 38.18% 1024 22,725 31,484 38.54% 8192 2,837 3,952 39.31% rsa 2048bit 15 25 69.94% public 547 832 52.00% dsa 2048bit 55 86 54.26% verify 47 73 53.33% Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-10-26openssl: use linux-generic64 target for Aarch64 (LE and BE)Fathi Boudra4
Update configure-targets.patch: - drop linux-aarch64 configuration Update do_configure(): - add linux-aarch64* case to cover linux-aarch64 and linux-aarch64_be - use linux-generic64 target in above case Backport initial-aarch64-bits.patch: - first order optimizations for Aarch64 Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-08-26openssl: avoid NULL pointer dereference in three placesXufeng Zhang3
There are three potential NULL pointer dereference in EVP_DigestInit_ex(), dh_pub_encode() and dsa_pub_encode() functions. Fix them by adding proper null pointer check. [YOCTO #4600] [ CQID: WIND00373257 ] Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-07-29openssl: Fix multilib header conflict - opensslconf.hMing Liu1
opensslconf.h conflicts between 32-bit and 64-bit versions. Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-06-17openssl: Add fix for cipher des-ede3-cfb1Muhammad Shakeel2
Add patch file for one of the ciphers used in openssl, namely the cipher des-ede3-cfb1. Details of the bug, without this patch, can be found here. http://rt.openssl.org/Ticket/Display.html?id=2867 Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-05-30openssl: fix documentation build errors with Perl 5.18 pod2manJonathan Liu2
Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-04-28openssl: Disable parallel makePhil Blundell1
Otherwise you get errors like: | ../libcrypto.so: file not recognized: File truncated | collect2: error: ld returned 1 exit status | make[2]: *** [link_o.gnu] Error 1 Signed-off-by: Phil Blundell <philb@gnu.org> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-04-16openssl: update range information in man-section.patchTing Liu1
do_patch failed after upgrading to openssl-1.0.1e. Log: | ERROR: Command Error: exit status: 1 Output: | Applying patch man-section.patch | patching file Makefile.org | Hunk #1 succeeded at 160 (offset 26 lines). | Hunk #2 succeeded at 626 (offset 19 lines). | misordered hunks! output would be garbled | Hunk #3 FAILED at 633. | 1 out of 3 hunks FAILED -- rejects in file Makefile.org | Patch man-section.patch does not apply (enforce with -f) | ERROR: Function failed: patch_do_patch | ERROR: Logfile of failure stored in:temp/log.do_patch.14679 | ERROR: Task 646 (virtual:native:openssl_1.0.1e.bb, do_patch) failed with exit code '1' Change-Id: Ib63031fdbd09443e387ee57efa70381e0aca382c Signed-off-by: Ting Liu <b28495@freescale.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-04-09openssl: Upgrade to v1.0.1eRadu Moisan20
Dropped obolete patches and pulled updates for debian patches. Addresses CVEs: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2686 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0166 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169 [YOCTO #3965] Signed-off-by: Radu Moisan <radu.moisan@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-03-18openssl: build always with -Wa,--noexecstackEnrico Scholz1
There is no reason to disable exec-stack only for -native builds; binaries on the target will suffer from the same SELinux ACLs. OpenSSL does not use executable stack so this option can be disabled unconditionally. Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-03-04recipes: Fix ALLOW_EMPTY with no package specifiedRichard Purdie1
There are various usages of ALLOW_EMPTY with no packages specified. This is not recommended syntax, nor is it likely to be supported in the future. This patch improves the references in OE-Core, either removing them if they're pointless (e.g. when PACKAGES="") or specifying which package it applies to. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-02-08openssl: Add mips64 configure support.Randy MacLeod1
Add mips64 configure support but assume mips(32) userspace. Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-12-03ocf-linux: Update to 20120127Saul Wold3
README changes to update the CHKSUM ocf directory is now in main tarball so no need to untar now. Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-11-02recipes-connectivity: replace virtclass-native(sdk) with class-native(sdk)Robert Yang1
The overrides virtclass-native and virtclass-nativesdk are deprecated, which should be replaced by class-native and class-nativesdk. [YOCTO #3297] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-10-30openssl: Use ${CFLAGS} not ${FULL_OPTIMIZATION}Phil Blundell1
The latter variable is only applicable for target builds and could result in passing incompatible options (and/or failing to pass required options) to ${BUILD_CC} for a virtclass-native build. Signed-off-by: Phil Blundell <philb@gnu.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-10-18openssl: add AArch64 supportMarcin Juszkiewicz2
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-07-22openssl: upgrade to 1.0.0jScott Garman18
Addresses CVE-2012-2333 Fixes [YOCTO #2682] Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-06-21openssl: add deprecated and unmaintained find.pl from perl-5.14 to fix ↵Martin Jansa2
perlpath.pl * openembedded-core/meta/recipes-connectivity/openssl/openssl.inc * * is using perlpath.pl: * * do_configure () { * cd util * perl perlpath.pl ${STAGING_BINDIR_NATIVE} * ... * * and perlpath.pl is using find.pl: * openssl-1.0.0i/util/perlpath.pl: * #!/usr/local/bin/perl * # * # modify the '#!/usr/local/bin/perl' * # line in all scripts that rely on perl. * # * * require "find.pl"; * ... * * which was removed in perl-5.16.0 and marked as deprecated and * unmaintained in 5.14 and older: * /tmp/usr/lib/perl5/5.14.2/find.pl: * warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl * core distribution in the next major release. Please install it from the * CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, * line @{[(caller)[2]]}.\n"; * * # This library is deprecated and unmaintained. It is included for * # compatibility with Perl 4 scripts which may use it, but it will be * # removed in a future version of Perl. Please use the File::Find module * # instead. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2012-05-09openssl: Fix build for mips64(el)Khem Raj2
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2012-05-08openssl: fix incorrect INC_PRScott Garman1
Restore INC_PR to r15 to prevent breakage with out of tree openssl recipes (e.g, meta-oe). Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-04-25openssl: upgrade to 1.0.0iScott Garman18
Addresses CVE-2012-2110 Fixes bug [YOCTO #2368] Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-03-21openssl: upgrade to 1.0.0.hScott Garman18
Removed pkg-config.patch, which was incorporated upstream. Addresses CVE-2012-0884. Fixes bug [YOCTO #2139]. Signed-off-by: Scott Garman <scott.a.garman@intel.com>
2012-02-23openssl: Move libcrypto to base_libdirAndrei Gherzan2
This fix is for dhclient. It needs libcrypto at runtime and if libcrypto is in libdir, it's path can be inaccessible on systems where /usr is on nfs for example or dhclient is needed before /usr is mounted. Signed-off-by: Andrei Gherzan <andrei@gherzan.ro> [Fix comment to from /usr -> /lib - sgw] Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-02-07openssl-0.9.8: Remove in favor or 1.0.0Saul Wold24
Now that Openssl 1.0.0 has been out for a while, there is no need to keep multiple versions. Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-02-02openssl: Update to 0.9.8t (gplv2)Saul Wold24
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-02-02openssl: Update to 1.0.0gSaul Wold18
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-01-17openssl-1.0.0: Update to 1.0.0e and fix QA WarningSaul Wold18
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4108 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4576 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4577 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4619 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0027 [YOCTO #1905] Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-01-17openssl-0.9.8: Update to 0.9.8sSaul Wold24
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4108 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4109 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4576 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4577 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4619 [YOCTO #1904] Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-01-03misc patches: fix patch headersNitin A Kamble1
These patches were marked by "UpstreamStatus:" line, fix it to use "Upstream-Status:" instead. Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
2011-12-12openssl-1.0.0e: Update x32 ConfigureH.J. Lu1
Make linux-x32 as close to linux-x86_64 as possible: 1. Add -mx32 -DMD32_REG_T=int. 2. Changed to -O3. 3. Remove -pipe -g -feliminate-unused-debug-types. 4. Remove -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS. 5. Add :::x32 for multilib. Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> Signed-Off-By: H.J. Lu <hjl.tools@gmail.com>
2011-12-05openssl-1.0.0e: fix to wotk with x32 toolchainNitin A Kamble3
Add BN_ADDR for address type instead of using BN_ULONG or unsigned long: 1. For W64, address type is unsigned long long, not unsigned long. 2. For x32, address type is unsigned long , not BN_ULONG. Added a new targetlinux-x32 in the config file The do_install() code to move lib/* to lib64 is not needed now with the enhanced multilib support. Make the x86-64 assembly syntax compatible with x32 compiler. Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2011-11-30openssl: Add openssl 1.0Saul Wold18
* Thanks to meta-oe for this contribution * Add Patch Upstream-Status info * Merged the meta-oe version of openssl-1.0.inc with openssl.inc * Fix make install parallel issue with PARALLEL_MAKEINST = "" Signed-off-by: Saul Wold <sgw@linux.intel.com>
2011-11-30openssl-0.9.8: move parallel-make fix to 0.9.8Saul Wold2
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2011-11-30ocf-linux: Add ocf-linux to support openssl 1.0Saul Wold2
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2011-11-07libcense.bbclass: fix OpenSSL mappingMartin Jansa1
[YOCTO #1712] Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Fixed YOCTO bug format and location Signed-off-by: Saul Wold <sgw@linux.intel.com>
2011-09-28openssl: Ensure perl scripts reference the correct perlRichard Purdie2
Without this change the perl path from the build system is used. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2011-07-26meta: Rename SITEINFO_ENDIANESS to SITEINFO_ENDIANNESSKhem Raj2
There is this discrepency in spelling. Lets fix it in core. There are lot of layers using SITEINFO_ENDIANNESS This was shielded since meta-oe had its own copy of siteinfo class. But that class has now been deleted in favor of oe-core Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2011-07-22openssl: Add handling for building on linux-powerpc64Kumar Gala1
If try to build for an ppc64 target openssl will fail to build since the configure script didn't know how to handle a 'linux-powerpc64' target. Signed-off-by: Kumar Gala <galak@kernel.crashing.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2011-07-20openssl: Add handling for linux-gnuspe-powerpcKumar Gala2
If trying to build for an e500v2 target openssl will fail to build since the configure script didn't know how to handle a 'gnuspe' target. Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
2011-07-14openssl: pass ${mandir} explicitly to "make install"Phil Blundell2
Otherwise it will use the openssl internal default of /usr/share/man which may not be correct. Signed-off-by: Phil Blundell <philb@gnu.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2011-07-12openssl: fix for non /usr/lib libdir caseYu Ke2
if libdir is not /usr/lib, e.g /usr/lib64, openssl build will fail because it still use /usr/lib as library dir. this patch appends the configure option "--libdir" to specify the correct library directory Signed-off-by: Yu Ke <ke.yu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2011-06-14openssl: should depend on perl-native-runtime rather than perl-nativeDexuan Cui2
Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
2011-05-17openssl: backport fix for empty prefix from oe masterPhil Blundell1
This fixes a build failure when ${prefix}="". Signed-off-by: Phil Blundell <philb@gnu.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2011-05-13update patch upstream statusQing He20
This patch includes the update of patch upstream status of the following recipes (50 in all): grub pciutils setserial dhcp iproute2 libnss-mdns nfs-utils openssl portmap busybox coreutils dbus dropbear ncurses readline sysfsutils sysvinit tinylogin udev update-rc.d util-linux elfutils file pkgconfig syslinux ubootchart yaffs2 findutils gamin hdparm libaio libzypp parted procps sat-solver screen sed sysklogd tcp-wrapper time zypper attr boost createrepo gnutls hal js libgcrypt libnl libusb-compat Signed-off-by: Qing He <qing.he@intel.com>
2011-04-18openssl: upgrade to version 0.9.8rQing He25
[YOCTO #979] from 0.9.8p fixes CVE-2010-4180, CVE-2010-4252, CVE-2010-0014 Signed-off-by: Qing He <qing.he@intel.com>
2011-04-04recipes: Use -uclibceabi instead of -uclibcgnueabiKhem Raj1
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2011-02-17openssl: fix parallel makeQing He3
Signed-off-by: Qing He <qing.he@intel.com>
2011-01-20openssl: drop the valgrind patch that introduce a security holeIlya Yanok2
debian/valgrind.patch is the 'famous' Debian OpenSSL patch responsible for everyone using Debian and derivatives changing their keys. All keys generated with the patched OpenSSL are compromised so at very least we have to drop this patch for good. Signed-off-by: Ilya Yanok <yanok@emcraft.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2010-12-16openssl: restore -Wall flagPaul Eggleton2
The -Wall flag was unintentionally removed from the end of the CFLAG var in 089612794d4d8d9c79bd2a4365d6df78371f7f40 by me. This patch puts it back in. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>