This reverts commit 27ab880ebb.
With the (proposed) fix from the openssl developers added as
0004-Serialize-install-process-to-avoid-multiple-make-dep.patch, the
workaround can now be dropped so openssl can again be built and installed in
parallel, significantly speeding up builds.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 86f173a744)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
The openssl developers have proposed a fix for the parallel installation
issue worked around by commit 27ab880ebb (package/libopenssl do not build
in parallel).
Add the fix here so the workaround can dropped again.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 36b0a3ef9c)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
With highly parallel builds on a heavily loaded machine, the libopenssl
build often (about half of the time) fails with spurious missing rules
in its Makefile:
>>> host-libopenssl 3.4.1 Installing to host directory
[...] /usr/bin/make -C [...]/build/host-libopenssl-3.4.1 install
"/usr/bin/make" depend && "/usr/bin/make" _build_libs
"/usr/bin/make" depend && "/usr/bin/make" _build_modules
"/usr/bin/make" depend && "/usr/bin/make" _build_programs
[...]
make[3]: *** No rule to make target '_build_modules'. Stop.
make[2]: *** [Makefile:3159: build_modules] Error 2
make[2]: *** Waiting for unfinished jobs....
make[3]: Nothing to be done for '_build_programs'.
make[3]: Nothing to be done for '_build_libs'.
make[1]: *** [package/pkg-generic.mk:283: [...]/build/host-libopenssl-3.4.1/.stamp_host_installed] Error 2
make[1]: *** Waiting for unfinished jobs....
[...]
make: *** [Makefile:23: _all] Error 2
Ideally, we'd like to fix the issue. However, the Nakefile is generated
by the Configure script, written in perl, from the template in
Configurations/unix-Makefile.tmpl, which also uses some kind of special
(perl-related, probably) templating language. That makes it pretty
difficult to see what is going on, though, and nigh impossible to fix
without a deep understanding of the openssl buildsystem.
So, we can only disable parallel builds until the issue is fixed
upstream [0]. Add a comment to both build commands (host and target) to
reference the upstream issue report.
Note that the issue has mostly been observed in the build of the host
variant so far, but there is no reason why it can't happen in the build
of the target variant.
[0] https://github.com/openssl/openssl/issues/27074
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The transition from version 1.1 to 3.0.9, and subsequently to 3.3.1,
added new compilation options. This led to a significant increase in the
size of the library. These options allow user to disable these features
to obtain a smaller library size.
To ensure backward compatibility, all items are selected by default.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit allows the package patches to be applied with fuzz factor 0.
The fuzz factor specifies how many lines of the patch can be inexactly
matched, so the value 0 requires all lines to be exactly matched.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Even though the "no-engine" option effectively disables the compilation
of the engine, it still creates the installation directory, which ends up
being empty. For this reason, the patch does not remove the hook for
removing the directory if the BR2_PACKAGE_LIBOPENSSL_ENGINES option is
not enabled.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
With version 3.2.0 of OpenSSL, the "no-apps" configuration option was
added, which does not build apps, e.g. the openssl program. This is
handy for minimization. This option also disables tests.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The patch expresses the same condition in positive logic, consistent
with what has been coded in other parts of the module and generally
in Buildroot.
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The bump to version 3.0.9 in commit 3c66f65a6a (package/libopenssl:
bump version to 3.0.9), and all subsequent updates, forgot to change
the directory name, which remained that of version 1.1. The patch
fixes the directory name to be consistent with the version.
In the case the library was not built with engine support, this resulted
in the presence of files in the root file system that should have been
removed.
Fixes: 3c66f65a6a
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The asn1parse command hangs forever on 3.2.0 when the genstr or genconf
option is passed.
This commit fixes the issue by adding upstream commits [1] [2].
[1] a552c23c65
[2] 749fcc0e3c
Signed-off-by: Martin Kurbanov <mmkurbanov@salutedevices.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 973b1eba5a removed third patch
because of
78634e8ac2
however OPENSSL_NO_MADVISE wasn't updated to reflect the new
HAVE_MADVISE logic resulting in the following build failure without MMU:
/home/buildroot/autobuild/instance-2/output-1/host/riscv64-buildroot-linux-uclibc/bin/ld.real: libcrypto.a(libcrypto-lib-mem_sec.o): in function `sh_init':
/home/buildroot/autobuild/instance-2/output-1/build/libopenssl-3.2.0/crypto/mem_sec.c:557: undefined reference to `madvise'
Fixes:
- http://autobuild.buildroot.org/results/4328c025f6f2bcd2ebc5a4368c78e00da0aea1ae
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Use linux64-s390x configure target to fix the following s390x build
failure raised since bump to version 3.2.0 in commit
973b1eba5a and
79040cf29e:
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/s390x-buildroot-linux-gnu/13.2.0/../../../../s390x-buildroot-linux-gnu/bin/ld: libcrypto.a(libcrypto-lib-dh_key.o): in function `dh_bn_mod_exp':
dh_key.c:(.text+0x3c8): undefined reference to `s390x_mod_exp'
/home/buildroot/autobuild/instance-3/output-1/host/lib/gcc/s390x-buildroot-linux-gnu/13.2.0/../../../../s390x-buildroot-linux-gnu/bin/ld: libcrypto.a(libcrypto-lib-rsa_ossl.o): in function `rsa_ossl_s390x_mod_exp':
rsa_ossl.c:(.text+0xd2c): undefined reference to `s390x_crt'
Fixes:
- http://autobuild.buildroot.org/results/77c5e13127de67a69782f138aa28c8b0ad951941
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Adds BR2_PACKAGE_LIBOPENSSL_TARGET_ARCH for riscv32 and riscv64.
Otherwise, riscv targets fall back to the linux-generic libopenssl
configs. This exacerbates the issue partially addressed in
openssl/openssl#22871 which causes build failures.
Fixes a mispelling in upstream causing 0builds for riscv32 to fail when
linking.
Signed-off-by: Grant Nichol <me@grantnichol.com>
[yann.morin.1998@free.fr: squash the two commits together]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Without this patch openssl adds -latomic twice to Libs.private in
libcrypto.pc:
cat output/per-package/opensc/host/arceb-buildroot-linux-uclibc/sysroot/usr/lib/pkgconfig/libcrypto.pc | grep atomic
Libs.private: -ldl -pthread -latomic -latomic
Instead of passing -latomic to Configure we use the target arch
"linux-latomic" which is provided by upstream since version 3.0.0
especially for libatomic handling:
535130c39dcdf2986a70
To be noted: the build still fails for both bootlin-armv7m-uclibc and
bootlin-m68k-5208-uclibc, but this is not a regression due to this
patch, and is tracked as #15709.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Rebase patches onto new version
Remove 0005-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch,
0006-Add-support-for-io_pgetevents_time64-syscall.patch, and
0007-Fixup-support-for-io_pgetevents_time64-syscall.patch as these are
already applied upstream
Updated license after switch to Apache license:
https://www.openssl.org/blog/blog/2021/06/17/OpenSSL3.0ReleaseCandidate/
[Bernd: fixed license file/hash]
Signed-off-by: Danny Wood <danny@rotronics.co.uk>
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
[Peter: update .checkpackageignore]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Changelog (for details see [1] and [2]):
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
*) Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
*) Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
(CVE-2023-0215)
[Viktor Dukhovni, Matt Caswell]
*) Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
(CVE-2022-4450)
[Kurt Roeckx, Matt Caswell]
*) Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
(CVE-2022-4304)
[Dmitry Belyavsky, Hubert Kario]
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
[Gibeom Gwon]
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
[Adam Joseph]
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
[Paul Dale]
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
[Matt Caswell]
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
[Todd Short]
*) Added the loongarch64 target
[Shi Pujin]
*) Fixed a DRBG seed propagation thread safety issue
[Bernd Edlinger]
*) Fixed a memory leak in tls13_generate_secret
[Bernd Edlinger]
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
[Bernd Edlinger]
*) Added a missing header for memcmp that caused compilation failure on some
platforms
[Gregor Jasny]
[1] https://www.openssl.org/news/cl111.txt
[2] https://www.openssl.org/news/vulnerabilities.html
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 3dbc86f098 (openssl: bump version, enable mdc2+camellia+tlsext)
form 2010-06-03, forced the build of mdc2. Commit a83d41867c
(package/libopenssl: add option to enable some features) added an option
to explicitly disable mdc2, but forgot to amend the existing enabling
option.
It appears that, like most (all?) openssl config options, mdc2 ends up
enabled unless explicitly disabled.
Additionally, mdc2 depends on DES, so without DES, mdc2 gets disabled.
So, drop the explicit enabling option, and make mdc2 select DES.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: "GAUTRON, Erwan" <erwan.gautron@bertin.fr>
Cc: "Weber, Matthew L Collins" <Matthew.Weber@collins.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Commit a83d41867c (package/libopenssl: add option to enable some
features) added an option to enable rc5. However, since commit
1fff941219 (Fixup non-x86 openssl build), dated 2002-12-30, rc5
has always been forcibly disabled in Buildroot.
Given that it was unconditionally disabled all this time, and no
one complained, it means there is virtually no-one using rc5, so we
can just drop the option.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: "GAUTRON, Erwan" <erwan.gautron@bertin.fr>
Cc: "Weber, Matthew L Collins" <Matthew.Weber@collins.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The openssl configure script disables the afalg engine when it detects
cross-compilation, but the detection missfires because it is based on
the CROSS_COMPILE environment variable, which we do not set (as we pass
fully qualified CC et al.).
So, the afalg engine is built, but it is built for the host, not the
target, so it does not make sense to build and install it. Besides, it
leaks build host info.
Signed-off-by: Nuno Gonçalves <nunog@fr24.com>
[yann.morin.1998@free.fr: extend commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Drop unneeded SED hacks (including build_tests) to fix the following
build failure with BR2_OPTIMIZE_FAST:
In file included from crypto/async/arch/../async_local.h:30,
from crypto/async/arch/async_null.c:11:
crypto/async/arch/../arch/async_posix.h:32:5: error: unknown type name 'ucontext_t'
32 | ucontext_t fibre;
| ^~~~~~~~~~
While at it, also "drop parentheses as all it does is spawn a useless
sub-shell" as noticed by Yann E. Morin
Fixes:
- http://autobuild.buildroot.org/results/3ce202f11a821940ff55eafa1dc7cea54b8c0da2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
AES OCB fails to encrypt some bytes (CVE-2022-2097)
===================================================
Severity: MODERATE
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation will not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written. In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.
Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The c_rehash script allows command injection (CVE-2022-2068)
============================================================
Severity: Moderate
In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further circumstances where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection were
found by code review.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the
shell.
This script is distributed by some operating systems in a manner where
it is automatically executed. On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
https://www.openssl.org/news/secadv/20220621.txt
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- The c_rehash script allows command injection (CVE-2022-1292)
The c_rehash script does not properly sanitise shell metacharacters to
prevent command injection. This script is distributed by some operating
systems in a manner where it is automatically executed. On such operating
systems, an attacker could execute arbitrary commands with the privileges of
the script.
Use of the c_rehash script is considered obsolete and should be replaced by
the OpenSSL rehash command line tool.
https://www.openssl.org/news/secadv/20220503.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Changes between 1.1.1m and 1.1.1n [15 Mar 2022]
*) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
for non-prime moduli.
Internally this function is used when parsing certificates that contain
elliptic curve public keys in compressed form or explicit elliptic curve
parameters with a base point encoded in compressed form.
It is possible to trigger the infinite loop by crafting a certificate that
has invalid explicit curve parameters.
Since certificate parsing happens prior to verification of the certificate
signature, any process that parses an externally supplied certificate may
thus be subject to a denial of service attack. The infinite loop can also
be reached when parsing crafted private keys as they can contain explicit
elliptic curve parameters.
Thus vulnerable situations include:
- TLS clients consuming server certificates
- TLS servers consuming client certificates
- Hosting providers taking certificates or private keys from customers
- Certificate authorities parsing certification requests from subscribers
- Anything else which parses ASN.1 elliptic curve parameters
Also any other applications that use the BN_mod_sqrt() where the attacker
can control the parameter values are vulnerable to this DoS issue.
(CVE-2022-0778)
[Tomáš Mráz]
*) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
to the list of ciphersuites providing Perfect Forward Secrecy as
required by SECLEVEL >= 3.
[Dmitry Belyavskiy, Nicola Tuveri]
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Minor bugfix release:
Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
*) Avoid loading of a dynamic engine twice.
[Bernd Edlinger]
*) Fixed building on Debian with kfreebsd kernels
[Mattias Ellert]
*) Prioritise DANE TLSA issuer certs over peer certs
[Viktor Dukhovni]
*) Fixed random API for MacOS prior to 10.12
These MacOS versions don't support the CommonCrypto APIs
[Lenny Primak]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Openssl implements lot of algorithms that are not required in some
emdedded devices and cyphers known as weak. Secure embedded systems
shall disable unused algorithms (and weak algo) in order to be
certified.
This patch allows to select weak algorithms and mecanims to enable
such as md5.
To ensure backward compatibility, all items are selected by default.
Signed-off-by: Erwan GAUTRON <erwan.gautron@bertin.fr>
[yann.morin.1998@free.fr:
- drop help texts that just repeat the prompts
- fix check-package
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
