openssl: Upgrade to 1.0.1m

Security update, some patches modified to apply correctly mostly due to upstream changing indentation/styling * configure-targets.patch updated * fix-cipher-des-ede3-cfb1.patch updated * openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch updated * openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch removed as no merged with 3942e7d9ebc262fa5c5c42aba0167e06d981f004 in upstream (From OE-Core rev: 03739bcc1672df8f55c6428184670f1a8c8f80b2) Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-01-01 13:58:04 +00:00 · 2015-03-25 13:15:43 +00:00 · 2015-03-25 13:15:43 +00:00 · 2a3805a666
commit 2a3805a666
parent 4c6ceb07f0
7 changed files with 121 additions and 157 deletions
--- a/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
+++ b/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
@ -10,25 +10,25 @@ The number of colons are important :)
 --- a/Configure
 +++ b/Configure
@@ -403,6 +403,22 @@ my %table=(
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 
 + # Linux on ARM
-+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +
-+"linux-avr32","$ENV{'CC'}:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
+"linux-avr32","$ENV{'CC'}: -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
 +
 +#### Linux on MIPS/MIPS64
-+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +
- # Android: linux-* but without -DTERMIO and pointers to headers and libs.
+ # Android: linux-* but without pointers to headers and libs.
 "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
+++ b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
@ -6,17 +6,20 @@ http://rt.openssl.org/Ticket/Display.html?id=2867

 Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com>

+ported the patch to the 1.0.0m version
+Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24
+
 diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
 index 3232cfe..df84922 100644
 ===================================================================
 --- a/crypto/evp/e_des3.c
 +++ b/crypto/evp/e_des3.c
-@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+@@ -181,7 +181,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     size_t n;
-     unsigned char c[1],d[1];
+     unsigned char c[1], d[1];
 
-    for(n=0 ; n < inl ; ++n)
-+    for(n=0 ; n < inl*8 ; ++n)
- 	{
- 	c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-	DES_ede3_cfb_encrypt(c,d,1,1,
+-    for (n = 0; n < inl; ++n) {
+    for (n = 0; n < inl * 8; ++n) {
+         c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+         DES_ede3_cfb_encrypt(c, d, 1, 1,
+                              &data(ctx)->ks1, &data(ctx)->ks2,
--- a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
+++ b/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
@ -5,6 +5,9 @@ X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039

 Initial aarch64 bits.
 Upstream-Status: backport (will be included in 1.0.2)
+
+ported the patch to the 1.0.0m version
+Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24
 ---
 crypto/bn/bn_lcl.h       |    9 +++++++++
 crypto/md32_common.h     |   18 ++++++++++++++++++
@ -16,10 +19,10 @@ Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
 ===================================================================
 --- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h	2014-01-06 15:47:42.000000000 +0200
 +++ openssl-1.0.1f/crypto/bn/bn_lcl.h	2014-02-28 10:37:55.495979037 +0200
-@@ -300,6 +300,15 @@
- 	     : "r"(a), "r"(b));
+@@ -295,6 +295,15 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
+              : "r"(a), "r"(b));
 #    endif
- #  endif
+ #   endif
 +# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
 +#  if defined(__GNUC__) && __GNUC__>=2
 +#   define BN_UMULT_HIGH(a,b)  ({  \
@ -29,17 +32,17 @@ Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
 +        : "r"(a), "r"(b));     \
 +   ret;            })
 +#  endif
- # endif		/* cpu */
- #endif		/* OPENSSL_NO_ASM */
+ #  endif                        /* cpu */
+ # endif                         /* OPENSSL_NO_ASM */
 
 Index: openssl-1.0.1f/crypto/md32_common.h
 ===================================================================
 --- openssl-1.0.1f.orig/crypto/md32_common.h	2014-01-06 15:47:42.000000000 +0200
 +++ openssl-1.0.1f/crypto/md32_common.h	2014-02-28 10:39:21.751979107 +0200
-@@ -213,6 +213,24 @@
- 				   asm ("bswapl %0":"=r"(r):"0"(r));	\
- 				   *((unsigned int *)(c))=r; (c)+=4; r;	})
- #   endif
+@@ -213,6 +213,42 @@
+                                    asm ("bswapl %0":"=r"(r):"0"(r));    \
+                                    *((unsigned int *)(c))=r; (c)+=4; r; })
+ #    endif
 +#  elif defined(__aarch64__)
 +#   if defined(__BYTE_ORDER__)
 +#    if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
@ -58,25 +61,43 @@ Index: openssl-1.0.1f/crypto/md32_common.h
 +#     define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
 +#    endif
 +#   endif
+#   endif
+#  elif defined(__aarch64__)
+#   if defined(__BYTE_ORDER__)
+#    if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
+#     define HOST_c2l(c,l) ({ unsigned int r;      \
+                  asm ("rev    %w0,%w1"    \
+                   :"=r"(r)        \
+                   :"r"(*((const unsigned int *)(c))));\
+                  (c)+=4; (l)=r;       })
+#     define HOST_l2c(l,c) ({ unsigned int r;      \
+                  asm ("rev    %w0,%w1"    \
+                   :"=r"(r)        \
+                   :"r"((unsigned int)(l)));\
+                  *((unsigned int *)(c))=r; (c)+=4; r; })
+#    elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
+#     define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
+#     define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
+#    endif
+ #   endif
 #  endif
 # endif
- #endif
 Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
 ===================================================================
 --- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h	2014-02-28 10:47:48.731979011 +0200
 +++ openssl-1.0.1f/crypto/modes/modes_lcl.h	2014-02-28 10:48:49.707978919 +0200
-@@ -29,6 +29,7 @@
- #if defined(__i386)	|| defined(__i386__)	|| \
-     defined(__x86_64)	|| defined(__x86_64__)	|| \
-     defined(_M_IX86)	|| defined(_M_AMD64)	|| defined(_M_X64) || \
+@@ -28,6 +28,7 @@ typedef unsigned char u8;
+ #if defined(__i386)     || defined(__i386__)    || \
+     defined(__x86_64)   || defined(__x86_64__)  || \
+     defined(_M_IX86)    || defined(_M_AMD64)    || defined(_M_X64) || \
 +    defined(__aarch64__)           || \
-     defined(__s390__)	|| defined(__s390x__)
+     defined(__s390__)   || defined(__s390x__)
 # undef STRICT_ALIGNMENT
 #endif
-@@ -50,6 +51,13 @@
- #  define BSWAP4(x) ({	u32 ret=(x);			\
- 			asm ("bswapl %0"		\
- 			: "+r"(ret));	ret;		})
+@@ -49,6 +50,13 @@ typedef unsigned char u8;
+ #   define BSWAP4(x) ({ u32 ret=(x);                    \
+                         asm ("bswapl %0"                \
+                         : "+r"(ret));   ret;            })
 +# elif defined(__aarch64__)
 +#  define BSWAP8(x) ({ u64 ret;            \
 +           asm ("rev %0,%1"        \
@ -84,25 +105,25 @@ Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
 +#  define BSWAP4(x) ({ u32 ret;            \
 +           asm ("rev %w0,%w1"      \
 +           : "=r"(ret) : "r"(x)); ret; })
- # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
- #  define BSWAP8(x) ({	u32 lo=(u64)(x)>>32,hi=(x);	\
- 			asm ("rev %0,%0; rev %1,%1"	\
+ #  elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
+ #   define BSWAP8(x) ({  u32 lo=(u64)(x)>>32,hi=(x);     \
+                         asm ("rev %0,%0; rev %1,%1"     \
 Index: openssl-1.0.1f/crypto/sha/sha512.c
 ===================================================================
 --- openssl-1.0.1f.orig/crypto/sha/sha512.c	2014-01-06 15:47:42.000000000 +0200
 +++ openssl-1.0.1f/crypto/sha/sha512.c	2014-02-28 10:52:14.579978981 +0200
-@@ -55,6 +55,7 @@
- #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+@@ -55,6 +55,7 @@ const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT;
+ # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
     defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
     defined(__s390__) || defined(__s390x__) || \
 +    defined(__aarch64__) || \
     defined(SHA512_ASM)
- #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
- #endif
-@@ -347,6 +348,18 @@
- 				asm ("rotrdi %0,%1,%2"	\
- 				: "=r"(ret)		\
- 				: "r"(a),"K"(n)); ret;	})
+ #  define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+ # endif
+@@ -353,6 +354,18 @@ static const SHA_LONG64 K512[80] = {
+                                 asm ("rotrdi %0,%1,%2"  \
+                                 : "=r"(ret)             \
+                                 : "r"(a),"K"(n)); ret;  })
 +#  elif defined(__aarch64__)
 +#   define ROTR(a,n)   ({ SHA_LONG64 ret;      \
 +               asm ("ror %0,%1,%2" \
@ -115,6 +136,6 @@ Index: openssl-1.0.1f/crypto/sha/sha512.c
 +               : "=r"(ret)         \
 +               : "r"(*((const SHA_LONG64 *)(&(x))))); ret;     })
 +#   endif
- #  endif
- # elif defined(_MSC_VER)
- #  if defined(_WIN64)	/* applies to both IA-64 and AMD64 */
+ #    endif
+ #   elif defined(_MSC_VER)
+ #    if defined(_WIN64)         /* applies to both IA-64 and AMD64 */
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@ -7,15 +7,18 @@ Upstream-Status: Submitted
 http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html

 Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
+
+ported the patch to the 1.0.0m version
+Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24
 ---
 --- a/crypto/evp/digest.c
 +++ b/crypto/evp/digest.c
-@@ -199,7 +199,7 @@
- 		return 0;
- 		}
+@@ -199,7 +199,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+         type = ctx->digest;
+     }
 #endif
-	if (ctx->digest != type)
-+	if (type && (ctx->digest != type))
- 		{
- 		if (ctx->digest && ctx->digest->ctx_size)
- 			OPENSSL_free(ctx->md_data);
+-    if (ctx->digest != type) {
+    if (type && (ctx->digest != type)) {
+         if (ctx->digest && ctx->digest->ctx_size)
+             OPENSSL_free(ctx->md_data);
+         ctx->digest = type;
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
@ -1,39 +0,0 @@
-openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
-
-We should avoid accessing the pointer if ASN1_STRING_new()
-allocates memory failed.
-
-Upstream-Status: Submitted
-http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
-
-Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
---
--- a/crypto/dh/dh_ameth.c
-+++ b/crypto/dh/dh_ameth.c
-@@ -139,6 +139,12 @@
- 	dh=pkey->pkey.dh;
- 
- 	str = ASN1_STRING_new();
-+	if (!str)
-+		{
-+		DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-+		goto err;
-+		}
-+
- 	str->length = i2d_DHparams(dh, &str->data);
- 	if (str->length <= 0)
- 		{
--- a/crypto/dsa/dsa_ameth.c
-+++ b/crypto/dsa/dsa_ameth.c
-@@ -148,6 +148,11 @@
- 		{
- 		ASN1_STRING *str;
- 		str = ASN1_STRING_new();
-+		if (!str)
-+			{
-+			DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-+			goto err;
-+			}
- 		str->length = i2d_DSAparams(dsa, &str->data);
- 		if (str->length <= 0)
- 			{
--- a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
@ -6,16 +6,19 @@ Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13

 ported the patch to the 1.0.0e version
 Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
+
+ported the patch to the 1.0.0m version
+Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24
 Index: openssl-1.0.1e/Configure
 ===================================================================
 --- openssl-1.0.1e.orig/Configure
 +++ openssl-1.0.1e/Configure
@@ -402,6 +402,7 @@ my %table=(
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
- "linux64-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-x86_64",	"gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
+ "linux64-s390x",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### So called "highgprs" target for z/Architecture CPUs
 # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
 Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
@ -26,65 +29,39 @@ Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
  *    machine.
  */
 
-#ifdef _WIN64
-+#if defined _WIN64 || !defined __LP64__
- #define BN_ULONG unsigned long long
- #else
- #define BN_ULONG unsigned long
-@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
- 	asm (
- 	"	subq	%2,%2		\n"
- 	".p2align 4			\n"
-	"1:	movq	(%4,%2,8),%0	\n"
-	"	adcq	(%5,%2,8),%0	\n"
-	"	movq	%0,(%3,%2,8)	\n"
-+	"1:	movq	(%q4,%2,8),%0	\n"
-+	"	adcq	(%q5,%2,8),%0	\n"
-+	"	movq	%0,(%q3,%2,8)	\n"
- 	"	leaq	1(%2),%2	\n"
- 	"	loop	1b		\n"
- 	"	sbbq	%0,%0		\n"
-@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
- 	asm (
- 	"	subq	%2,%2		\n"
- 	".p2align 4			\n"
-	"1:	movq	(%4,%2,8),%0	\n"
-	"	sbbq	(%5,%2,8),%0	\n"
-	"	movq	%0,(%3,%2,8)	\n"
-+	"1:	movq	(%q4,%2,8),%0	\n"
-+	"	sbbq	(%q5,%2,8),%0	\n"
-+	"	movq	%0,(%q3,%2,8)	\n"
- 	"	leaq	1(%2),%2	\n"
- 	"	loop	1b		\n"
- 	"	sbbq	%0,%0		\n"
+-# ifdef _WIN64
+# if defined _WIN64 || !defined __LP64__
+ #  define BN_ULONG unsigned long long
+ # else
+ #  define BN_ULONG unsigned long
 Index: openssl-1.0.1e/crypto/bn/bn.h
 ===================================================================
 --- openssl-1.0.1e.orig/crypto/bn/bn.h
 +++ openssl-1.0.1e/crypto/bn/bn.h
-@@ -172,6 +172,13 @@ extern "C" {
+@@ -173,6 +173,13 @@ extern "C" {
+ #  endif
 # endif
- #endif
 
 +/* Address type.  */
-+#ifdef _WIN64
-+#define BN_ADDR unsigned long long
-+#else
-+#define BN_ADDR unsigned long
-+#endif
+# ifdef _WIN64
+#   define BN_ADDR unsigned long long
+# else
+#   define BN_ADDR unsigned long
+# endif
 +
- /* assuming long is 64bit - this is the DEC Alpha
-  * unsigned long long is only 64 bits :-(, don't define
-  * BN_LLONG for the DEC Alpha */
+ /*
+  * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
+  * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
 Index: openssl-1.0.1e/crypto/bn/bn_exp.c
 ===================================================================
 --- openssl-1.0.1e.orig/crypto/bn/bn_exp.c
 +++ openssl-1.0.1e/crypto/bn/bn_exp.c
-@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
- 
- /* Given a pointer value, compute the next address that is a cache line multiple. */
+@@ -572,7 +572,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+  * multiple.
+  */
 #define MOD_EXP_CTIME_ALIGN(x_) \
-	((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-+	((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+-        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
 
- /* This variant of BN_mod_exp_mont() uses fixed windows and the special
-  * precomputation memory layout to limit data-dependency to a minimum
+ /*
+  * This variant of BN_mod_exp_mont() uses fixed windows and the special
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1m.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1m.bb
@ -29,7 +29,6 @@ SRC_URI += "file://configure-targets.patch \
            file://openssl_fix_for_x32.patch \
            file://fix-cipher-des-ede3-cfb1.patch \
            file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
-            file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
            file://initial-aarch64-bits.patch \
            file://find.pl \
            file://openssl-fix-des.pod-error.patch \
@ -38,8 +37,8 @@ SRC_URI += "file://configure-targets.patch \
            file://run-ptest \
           "

-SRC_URI[md5sum] = "f7175c9cd3c39bb1907ac8bba9df8ed3"
-SRC_URI[sha256sum] = "1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3"
+SRC_URI[md5sum] = "d143d1555d842a069cb7cc34ba745a06"
+SRC_URI[sha256sum] = "095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74"

 PACKAGES =+ " \
 	${PN}-engines \