From 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd Mon Sep 17 00:00:00 2001 From: ToshikazuOhiwa Date: Mon, 30 Mar 2020 09:24:26 +0900 Subject: agl-basesystem --- ...ve-test-that-requires-running-as-non-root.patch | 49 +++++ ...1-Take-linking-flags-from-LDFLAGS-env-var.patch | 43 ++++ ...-armv4-bsaes-armv7-.pl-make-it-work-with-.patch | 88 ++++++++ .../openssl/openssl-qoriq/openssl-c_rehash.sh | 222 +++++++++++++++++++++ .../openssl/openssl-qoriq/run-ptest | 4 + 5 files changed, 406 insertions(+) create mode 100644 bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/0001-Remove-test-that-requires-running-as-non-root.patch create mode 100644 bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/0001-Take-linking-flags-from-LDFLAGS-env-var.patch create mode 100644 bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch create mode 100644 bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh create mode 100644 bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/run-ptest (limited to 'bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq') diff --git a/bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/0001-Remove-test-that-requires-running-as-non-root.patch b/bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/0001-Remove-test-that-requires-running-as-non-root.patch new file mode 100644 index 00000000..736bb39a --- /dev/null +++ b/bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/0001-Remove-test-that-requires-running-as-non-root.patch @@ -0,0 +1,49 @@ +From 3fdb1e2a16ea405c6731447a8994f222808ef7e6 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin +Date: Fri, 7 Apr 2017 18:01:52 +0300 +Subject: [PATCH] Remove test that requires running as non-root + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin +--- + test/recipes/40-test_rehash.t | 17 +---------------- + 1 file changed, 1 insertion(+), 16 deletions(-) + +diff --git a/test/recipes/40-test_rehash.t b/test/recipes/40-test_rehash.t +index f902c23..c7567c1 100644 +--- a/test/recipes/40-test_rehash.t ++++ b/test/recipes/40-test_rehash.t +@@ -23,7 +23,7 @@ setup("test_rehash"); + plan skip_all => "test_rehash is not available on this platform" + unless run(app(["openssl", "rehash", "-help"])); + +-plan tests => 5; ++plan tests => 3; + + indir "rehash.$$" => sub { + prepare(); +@@ -42,21 +42,6 @@ indir "rehash.$$" => sub { + 'Testing rehash operations on empty directory'); + }, create => 1, cleanup => 1; + +-indir "rehash.$$" => sub { +- prepare(); +- chmod 0500, curdir(); +- SKIP: { +- if (!ok(!open(FOO, ">unwritable.txt"), +- "Testing that we aren't running as a privileged user, such as root")) { +- close FOO; +- skip "It's pointless to run the next test as root", 1; +- } +- isnt(run(app(["openssl", "rehash", curdir()])), 1, +- 'Testing rehash operations on readonly directory'); +- } +- chmod 0700, curdir(); # make it writable again, so cleanup works +-}, create => 1, cleanup => 1; +- + sub prepare { + my @pemsourcefiles = sort glob(srctop_file('test', "*.pem")); + my @destfiles = (); +-- +2.11.0 + diff --git a/bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/0001-Take-linking-flags-from-LDFLAGS-env-var.patch b/bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/0001-Take-linking-flags-from-LDFLAGS-env-var.patch new file mode 100644 index 00000000..6ce4e47d --- /dev/null +++ b/bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/0001-Take-linking-flags-from-LDFLAGS-env-var.patch @@ -0,0 +1,43 @@ +From 08face4353d80111973aba9c1304c92158cfad0e Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin +Date: Tue, 28 Mar 2017 16:40:12 +0300 +Subject: [PATCH] Take linking flags from LDFLAGS env var + +This fixes "No GNU_HASH in the elf binary" issues. + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin +--- + Configurations/unix-Makefile.tmpl | 2 +- + Configure | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index c029817..43b769b 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -173,7 +173,7 @@ CROSS_COMPILE= {- $config{cross_compile_prefix} -} + CC= $(CROSS_COMPILE){- $target{cc} -} + CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -} + CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -} +-LDFLAGS= {- $target{lflags} -} ++LDFLAGS= {- $target{lflags}." ".$ENV{'LDFLAGS'} -} + PLIB_LDFLAGS= {- $target{plib_lflags} -} + EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -} + LIB_CFLAGS={- $target{shared_cflag} || "" -} +diff --git a/Configure b/Configure +index aee7cc3..274d236 100755 +--- a/Configure ++++ b/Configure +@@ -979,7 +979,7 @@ $config{build_file} = $target{build_file}; + $config{defines} = []; + $config{cflags} = ""; + $config{ex_libs} = ""; +-$config{shared_ldflag} = ""; ++$config{shared_ldflag} = $ENV{'LDFLAGS'}; + + # Make sure build_scheme is consistent. + $target{build_scheme} = [ $target{build_scheme} ] +-- +2.11.0 + diff --git a/bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch b/bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch new file mode 100644 index 00000000..bb0a1689 --- /dev/null +++ b/bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch @@ -0,0 +1,88 @@ +From bcc096a50811bf0f0c4fd34b2993fed7a7015972 Mon Sep 17 00:00:00 2001 +From: Andy Polyakov +Date: Fri, 3 Nov 2017 23:30:01 +0100 +Subject: [PATCH] aes/asm/{aes-armv4|bsaes-armv7}.pl: make it work with + binutils-2.29. + +It's not clear if it's a feature or bug, but binutils-2.29[.1] +interprets 'adr' instruction with Thumb2 code reference differently, +in a way that affects calculation of addresses of constants' tables. + +Upstream-Status: Backport + +Reviewed-by: Tim Hudson +Reviewed-by: Bernd Edlinger +Signed-off-by: Stefan Agner +(Merged from https://github.com/openssl/openssl/pull/4669) + +(cherry picked from commit b82acc3c1a7f304c9df31841753a0fa76b5b3cda) +--- + crypto/aes/asm/aes-armv4.pl | 6 +++--- + crypto/aes/asm/bsaes-armv7.pl | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl +index 16d79aae53..c6474b8aad 100644 +--- a/crypto/aes/asm/aes-armv4.pl ++++ b/crypto/aes/asm/aes-armv4.pl +@@ -200,7 +200,7 @@ AES_encrypt: + #ifndef __thumb2__ + sub r3,pc,#8 @ AES_encrypt + #else +- adr r3,AES_encrypt ++ adr r3,. + #endif + stmdb sp!,{r1,r4-r12,lr} + #ifdef __APPLE__ +@@ -450,7 +450,7 @@ _armv4_AES_set_encrypt_key: + #ifndef __thumb2__ + sub r3,pc,#8 @ AES_set_encrypt_key + #else +- adr r3,AES_set_encrypt_key ++ adr r3,. + #endif + teq r0,#0 + #ifdef __thumb2__ +@@ -976,7 +976,7 @@ AES_decrypt: + #ifndef __thumb2__ + sub r3,pc,#8 @ AES_decrypt + #else +- adr r3,AES_decrypt ++ adr r3,. + #endif + stmdb sp!,{r1,r4-r12,lr} + #ifdef __APPLE__ +diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl +index 9f288660ef..a27bb4a179 100644 +--- a/crypto/aes/asm/bsaes-armv7.pl ++++ b/crypto/aes/asm/bsaes-armv7.pl +@@ -744,7 +744,7 @@ $code.=<<___; + .type _bsaes_decrypt8,%function + .align 4 + _bsaes_decrypt8: +- adr $const,_bsaes_decrypt8 ++ adr $const,. + vldmia $key!, {@XMM[9]} @ round 0 key + #ifdef __APPLE__ + adr $const,.LM0ISR +@@ -843,7 +843,7 @@ _bsaes_const: + .type _bsaes_encrypt8,%function + .align 4 + _bsaes_encrypt8: +- adr $const,_bsaes_encrypt8 ++ adr $const,. + vldmia $key!, {@XMM[9]} @ round 0 key + #ifdef __APPLE__ + adr $const,.LM0SR +@@ -951,7 +951,7 @@ $code.=<<___; + .type _bsaes_key_convert,%function + .align 4 + _bsaes_key_convert: +- adr $const,_bsaes_key_convert ++ adr $const,. + vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key + #ifdef __APPLE__ + adr $const,.LM0 +-- +2.15.0 + diff --git a/bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh b/bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh new file mode 100644 index 00000000..6620fdcb --- /dev/null +++ b/bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/openssl-c_rehash.sh @@ -0,0 +1,222 @@ +#!/bin/sh +# +# Ben Secrest +# +# sh c_rehash script, scan all files in a directory +# and add symbolic links to their hash values. +# +# based on the c_rehash perl script distributed with openssl +# +# LICENSE: See OpenSSL license +# ^^acceptable?^^ +# + +# default certificate location +DIR=/etc/openssl + +# for filetype bitfield +IS_CERT=$(( 1 << 0 )) +IS_CRL=$(( 1 << 1 )) + + +# check to see if a file is a certificate file or a CRL file +# arguments: +# 1. the filename to be scanned +# returns: +# bitfield of file type; uses ${IS_CERT} and ${IS_CRL} +# +check_file() +{ + local IS_TYPE=0 + + # make IFS a newline so we can process grep output line by line + local OLDIFS=${IFS} + IFS=$( printf "\n" ) + + # XXX: could be more efficient to have two 'grep -m' but is -m portable? + for LINE in $( grep '^-----BEGIN .*-----' ${1} ) + do + if echo ${LINE} \ + | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----' + then + IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} )) + + if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ] + then + break + fi + elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----' + then + IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} )) + + if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ] + then + break + fi + fi + done + + # restore IFS + IFS=${OLDIFS} + + return ${IS_TYPE} +} + + +# +# use openssl to fingerprint a file +# arguments: +# 1. the filename to fingerprint +# 2. the method to use (x509, crl) +# returns: +# none +# assumptions: +# user will capture output from last stage of pipeline +# +fingerprint() +{ + ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':' +} + + +# +# link_hash - create links to certificate files +# arguments: +# 1. the filename to create a link for +# 2. the type of certificate being linked (x509, crl) +# returns: +# 0 on success, 1 otherwise +# +link_hash() +{ + local FINGERPRINT=$( fingerprint ${1} ${2} ) + local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} ) + local SUFFIX=0 + local LINKFILE='' + local TAG='' + + if [ ${2} = "crl" ] + then + TAG='r' + fi + + LINKFILE=${HASH}.${TAG}${SUFFIX} + + while [ -f ${LINKFILE} ] + do + if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ] + then + echo "NOTE: Skipping duplicate file ${1}" >&2 + return 1 + fi + + SUFFIX=$(( ${SUFFIX} + 1 )) + LINKFILE=${HASH}.${TAG}${SUFFIX} + done + + echo "${3} => ${LINKFILE}" + + # assume any system with a POSIX shell will either support symlinks or + # do something to handle this gracefully + ln -s ${3} ${LINKFILE} + + return 0 +} + + +# hash_dir create hash links in a given directory +hash_dir() +{ + echo "Doing ${1}" + + cd ${1} + + ls -1 * 2>/dev/null | while read FILE + do + if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \ + && [ -h "${FILE}" ] + then + rm ${FILE} + fi + done + + ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE + do + REAL_FILE=${FILE} + # if we run on build host then get to the real files in rootfs + if [ -n "${SYSROOT}" -a -h ${FILE} ] + then + FILE=$( readlink ${FILE} ) + # check the symlink is absolute (or dangling in other word) + if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ] + then + REAL_FILE=${SYSROOT}/${FILE} + fi + fi + + check_file ${REAL_FILE} + local FILE_TYPE=${?} + local TYPE_STR='' + + if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ] + then + TYPE_STR='x509' + elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ] + then + TYPE_STR='crl' + else + echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2 + continue + fi + + link_hash ${REAL_FILE} ${TYPE_STR} ${FILE} + done +} + + +# choose the name of an ssl application +if [ -n "${OPENSSL}" ] +then + SSL_CMD=$(which ${OPENSSL} 2>/dev/null) +else + SSL_CMD=/usr/bin/openssl + OPENSSL=${SSL_CMD} + export OPENSSL +fi + +# fix paths +PATH=${PATH}:${DIR}/bin +export PATH + +# confirm existance/executability of ssl command +if ! [ -x ${SSL_CMD} ] +then + echo "${0}: rehashing skipped ('openssl' program not available)" >&2 + exit 0 +fi + +# determine which directories to process +old_IFS=$IFS +if [ ${#} -gt 0 ] +then + IFS=':' + DIRLIST=${*} +elif [ -n "${SSL_CERT_DIR}" ] +then + DIRLIST=$SSL_CERT_DIR +else + DIRLIST=${DIR}/certs +fi + +IFS=':' + +# process directories +for CERT_DIR in ${DIRLIST} +do + if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ] + then + IFS=$old_IFS + hash_dir ${CERT_DIR} + IFS=':' + fi +done diff --git a/bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/run-ptest b/bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/run-ptest new file mode 100644 index 00000000..65c6cc7b --- /dev/null +++ b/bsp/meta-freescale/recipes-connectivity/openssl/openssl-qoriq/run-ptest @@ -0,0 +1,4 @@ +#!/bin/sh +cd test +OPENSSL_ENGINES=../engines BLDTOP=.. SRCTOP=.. perl run_tests.pl +cd .. -- cgit 1.2.3-korg