For details see https://bugs.archlinux.org/task/61623
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OPENSSL_SMALL_FOOTPRINT mode selects alternate paths in the sha512 and
blake2 algorithms which resolves a assembler issue like the following.
/tmp/ccfnLhKQ.s: Assembler messages:
/tmp/ccfnLhKQ.s:11167: Error: value -32790 out of range
make[2]: *** [crypto/blake2/blake2b.o] Error 1
This issue was found after the OpenSSL1.1.x bump.
Fixes
http://autobuild.buildroot.net/results/533e817695cde321b725145112cfd83c092d9d75
Upstream ticket
https://github.com/openssl/openssl/issues/8190
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- use BR2_TOOLCHAIN_HAS_UCONTEXT
This is used to set -DOPENSSL_NO_ASYNC if needed.
- apply the CFLAGS correctly when compiling with -Os (bugfix).
- use -latomic when needed
This fixes the build for br-sparc-uclibc-2018.05
- don't use madvise() if no MMU
Trying to do so results in undefined reference to madvise() as
it is not available on uclibc without MMU.
The original openssl code checks if a macro used in the madvise call
is defined. The problem comes from the fact that the code in
crypto/mem_sec.c also includes a kernel header defining the same macro
unconditionally. Thus the check is always true in that case.
Upstream: https://github.com/openssl/openssl/pull/8089
- don't compile test/fuzzers
These binaries introduced with 1.1.x sometimes do not compile.
This is the case with the br-arm-cortex-m4-full toolchain
- don't build ocsp daemon if no MMU.
Patch from Richard Levitte.
- correctly enable cryptodev engine
Thanks to Arnout Vandecappelle for spotting this.
- remove all parallel build patches (openssl build-system changed)
- rebased 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
to apply to Configurations/unix-Makefile.tmpl (Makefile template)
- removed 0002-cryptodev-Fix-issue-with-signature-generation.patch
(upstream applied)
- rebased 0003-Reproducible-build-do-not-leak-compiler-path.patch to
apply to crypto/build.info (Makefile template)
- fix musl/uclibc build failure, use '-DOPENSSL_NO_ASYNC'
- remove legacy enable-tlsext configure option
- remove target/host libdir configure options, fixes openssl.pc installation
path, fixes wget compile
- change legacy INSTALL_PREFIX to DESTDIR
- remove 'libraries gets installed read only, so strip fails'
workaround (not needed anymore)
- change engine directory from /usr/lib/engines to
/usr/lib/engines-1.1
- change license file hash, no license change, only the following
hint was removed:
Actually both licenses are BSD-style Open Source licenses.
In case of any license issues related to OpenSSL please
contact openssl-core@openssl.org.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Tested-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The host forces HTTPS regardless. This can be seen in the build logs:
>>> host-libopenssl 1.0.2q Downloading
URL transformed to HTTPS due to an HSTS policy
--2018-12-10 09:53:27-- https://www.openssl.org/source/openssl-1.0.2q.tar.gz
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security vulnerabilities:
*) Microarchitecture timing vulnerability in ECC scalar multiplication
OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been
shown to be vulnerable to a microarchitecture timing side channel attack.
An attacker with sufficient access to mount local timing attacks during
ECDSA signature generation could recover the private key.
This issue was reported to OpenSSL on 26th October 2018 by Alejandro
Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and
Nicola Tuveri.
(CVE-2018-5407)
[Billy Brumley]
*) Timing vulnerability in DSA signature generation
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
(CVE-2018-0734)
[Paul Dale]
For more information, see the changelog:
https://www.openssl.org/news/cl102.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
