diff options
Diffstat (limited to 'patches/openssl-1.1.1k')
-rw-r--r-- | patches/openssl-1.1.1k/0001-debian-targets.patch | 228 | ||||
-rw-r--r-- | patches/openssl-1.1.1k/0002-pic.patch | 189 | ||||
-rw-r--r-- | patches/openssl-1.1.1k/0003-Set-systemwide-default-settings-for-libssl-users.patch | 46 | ||||
-rw-r--r-- | patches/openssl-1.1.1k/series | 6 |
4 files changed, 0 insertions, 469 deletions
diff --git a/patches/openssl-1.1.1k/0001-debian-targets.patch b/patches/openssl-1.1.1k/0001-debian-targets.patch deleted file mode 100644 index 940d68e3d..000000000 --- a/patches/openssl-1.1.1k/0001-debian-targets.patch +++ /dev/null @@ -1,228 +0,0 @@ -From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> -Date: Sun, 5 Nov 2017 15:09:09 +0100 -Subject: [PATCH] debian-targets - -Imported from openssl_1.1.1k-1.debian.tar.xz - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - Configurations/20-debian.conf | 210 ++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 210 insertions(+) - create mode 100644 Configurations/20-debian.conf - -diff --git a/Configurations/20-debian.conf b/Configurations/20-debian.conf -new file mode 100644 -index 000000000000..a3d5f68d36aa ---- /dev/null -+++ b/Configurations/20-debian.conf -@@ -0,0 +1,210 @@ -+my %targets = ( -+ "debian" => { -+ cflags => add("-Wa,--noexecstack -Wall"), -+ }, -+ "debian-alpha" => { -+ inherit_from => [ "linux-alpha-gcc", "debian" ], -+ }, -+ "debian-alpha-ev4" => { -+ inherit_from => [ "debian-alpha" ], -+ cflags => add("-mcpu=ev4"), -+ }, -+ "debian-alpha-ev5" => { -+ inherit_from => [ "debian-alpha" ], -+ cflags => add("-mcpu=ev5"), -+ }, -+ "debian-arm64" => { -+ inherit_from => [ "linux-aarch64", "debian" ], -+ }, -+ "debian-arm64ilp32" => { -+ inherit_from => [ "linux-arm64ilp32", "debian" ], -+ }, -+ "debian-armel" => { -+ inherit_from => [ "linux-armv4", "debian" ], -+ }, -+ "debian-armhf" => { -+ inherit_from => [ "linux-armv4", "debian" ], -+ }, -+ "debian-amd64" => { -+ inherit_from => [ "linux-x86_64", "debian" ], -+ }, -+ "debian-i386" => { -+ inherit_from => [ "linux-elf", "debian" ], -+ }, -+ "debian-avr32" => { -+ inherit_from => [ "linux-generic32", "debian" ], -+ }, -+ "debian-kfreebsd-amd64" => { -+ inherit_from => [ "debian-amd64" ], -+ enable => [ ], -+ }, -+ "debian-kfreebsd-i386" => { -+ inherit_from => [ "debian-i386" ], -+ enable => [ ], -+ }, -+ "debian-hppa" => { -+ inherit_from => [ "linux-generic32", "debian" ], -+ }, -+ "debian-hurd-i386" => { -+ inherit_from => [ "hurd-x86", "debian" ], -+ }, -+ "debian-ia64" => { -+ inherit_from => [ "linux-ia64", "debian" ], -+ }, -+ "debian-m68k" => { -+ inherit_from => [ "linux-generic32", "debian" ], -+ }, -+ "debian-mips" => { -+ inherit_from => [ "linux-mips32", "debian" ], -+ cflags => add("-DB_ENDIAN"), -+ }, -+ "debian-mipsel" => { -+ inherit_from => [ "linux-mips32", "debian" ], -+ cflags => add("-DL_ENDIAN"), -+ }, -+ "debian-mipsn32" => { -+ inherit_from => [ "linux-mips64", "debian" ], -+ cflags => add("-DB_ENDIAN"), -+ }, -+ "debian-mipsn32el" => { -+ inherit_from => [ "linux-mips64", "debian" ], -+ cflags => add("-DL_ENDIAN"), -+ }, -+ "debian-mips64" => { -+ inherit_from => [ "linux64-mips64", "debian" ], -+ cflags => add("-DB_ENDIAN"), -+ }, -+ "debian-mips64el" => { -+ inherit_from => [ "linux64-mips64", "debian" ], -+ cflags => add("-DL_ENDIAN"), -+ }, -+ -+ # Temporary MIPS R6 targets. Those will vanish approx in 1.1.1 because -+ # aes-mips.pl creates proper R6 ASM code. After that, we can inherit from -+ # the linux*-mips* targets. -+ "linux-mips32r6" => { -+ # Configure script adds minimally required -march for assembly -+ # support, if no -march was specified at command line. -+ inherit_from => [ "linux-generic32"], -+ cflags => add("-mabi=32"), -+ perlasm_scheme => "o32", -+ shared_ldflag => add("-mabi=32"), -+ }, -+ # mips32 and mips64 below refer to contemporary MIPS Architecture -+ # specifications, MIPS32 and MIPS64, rather than to kernel bitness. -+ "linux-mips64r6" => { -+ inherit_from => [ "linux-generic32"], -+ cflags => add("-mabi=n32"), -+ bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", -+ perlasm_scheme => "n32", -+ shared_ldflag => add("-mabi=n32"), -+ multilib => "32", -+ }, -+ "linux64-mips64r6" => { -+ inherit_from => [ "linux-generic64"], -+ cflags => add("-mabi=64"), -+ perlasm_scheme => "64", -+ shared_ldflag => add("-mabi=64"), -+ multilib => "64", -+ }, -+ "debian-mipsr6" => { -+ inherit_from => [ "linux-mips32r6", "debian" ], -+ cflags => add("-DB_ENDIAN"), -+ }, -+ "debian-mipsr6el" => { -+ inherit_from => [ "linux-mips32r6", "debian" ], -+ cflags => add("-DL_ENDIAN"), -+ }, -+ "debian-mipsn32r6" => { -+ inherit_from => [ "linux-mips64r6", "debian" ], -+ cflags => add("-DB_ENDIAN"), -+ }, -+ "debian-mipsn32r6el" => { -+ inherit_from => [ "linux-mips64r6", "debian" ], -+ cflags => add("-DL_ENDIAN"), -+ }, -+ "debian-mips64r6" => { -+ inherit_from => [ "linux64-mips64r6", "debian" ], -+ cflags => add("-DB_ENDIAN"), -+ }, -+ "debian-mips64r6el" => { -+ inherit_from => [ "linux64-mips64r6", "debian" ], -+ cflags => add("-DL_ENDIAN"), -+ }, -+ -+ "debian-musl-linux-arm64" => { -+ inherit_from => [ "linux-aarch64", "debian" ], -+ }, -+ "debian-musl-linux-armhf" => { -+ inherit_from => [ "linux-armv4", "debian" ], -+ }, -+ "debian-musl-linux-i386" => { -+ inherit_from => [ "linux-elf", "debian" ], -+ }, -+ "debian-musl-linux-mips" => { -+ inherit_from => [ "linux-mips32", "debian" ], -+ cflags => add("-DB_ENDIAN"), -+ }, -+ "debian-musl-linux-mipsel" => { -+ inherit_from => [ "linux-mips32", "debian" ], -+ cflags => add("-DL_ENDIAN"), -+ }, -+ -+ "debian-nios2" => { -+ inherit_from => [ "linux-generic32", "debian" ], -+ }, -+ "debian-powerpc" => { -+ inherit_from => [ "linux-ppc", "debian" ], -+ }, -+ "debian-powerpcspe" => { -+ inherit_from => [ "linux-ppc", "debian" ], -+ }, -+ "debian-ppc64" => { -+ inherit_from => [ "linux-generic64", "debian", asm("ppc64_asm") ], -+ cflags => add("-DB_ENDIAN"), -+ perlasm_scheme => "linux64", -+ }, -+ "debian-ppc64el" => { -+ inherit_from => [ "linux-ppc64le", "debian" ], -+ }, -+ "debian-riscv64" => { -+ inherit_from => [ "linux-generic64", "debian" ], -+ }, -+ "debian-s390" => { -+ inherit_from => [ "linux-generic32", "debian" ], -+ }, -+ "debian-s390x" => { -+ inherit_from => [ "linux64-s390x", "debian" ], -+ }, -+ "debian-sh3" => { -+ inherit_from => [ "linux-generic32", "debian" ], -+ }, -+ "debian-sh3eb" => { -+ inherit_from => [ "linux-generic32", "debian" ], -+ }, -+ "debian-sh4" => { -+ inherit_from => [ "linux-generic32", "debian" ], -+ }, -+ "debian-sh4eb" => { -+ inherit_from => [ "linux-generic32", "debian" ], -+ }, -+ "debian-m32r" => { -+ inherit_from => [ "linux-generic32", "debian" ], -+ }, -+ "debian-sparc" => { -+ inherit_from => [ "linux-generic32", "debian", asm("sparcv9_asm") ], -+ cflags => add("-DB_ENDIAN -DBN_DIV2W"), -+ }, -+ "debian-sparc64" => { -+ inherit_from => [ "linux-generic64", "debian", asm("sparcv9_asm") ], -+ cflags => add("-m64 -mcpu=ultrasparc -DB_ENDIAN"), -+ bn_ops => "BN_LLONG RC4_CHAR", -+ }, -+ "debian-tilegx" => { -+ inherit_from => [ "linux-generic64", "debian" ], -+ }, -+ "debian-x32" => { -+ inherit_from => [ "linux-x32", "debian" ], -+ }, -+); -+ diff --git a/patches/openssl-1.1.1k/0002-pic.patch b/patches/openssl-1.1.1k/0002-pic.patch deleted file mode 100644 index d833d93e8..000000000 --- a/patches/openssl-1.1.1k/0002-pic.patch +++ /dev/null @@ -1,189 +0,0 @@ -From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> -Date: Sun, 5 Nov 2017 15:09:09 +0100 -Subject: [PATCH] pic - -Imported from openssl_1.1.1k-1.debian.tar.xz - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - crypto/des/asm/desboth.pl | 17 ++++++++++++++--- - crypto/perlasm/cbc.pl | 24 ++++++++++++++++++++---- - crypto/perlasm/x86gas.pl | 16 ++++++++++++++++ - crypto/x86cpuid.pl | 10 +++++----- - 4 files changed, 55 insertions(+), 12 deletions(-) - -diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl -index ef7054e27506..50765d2b1552 100644 ---- a/crypto/des/asm/desboth.pl -+++ b/crypto/des/asm/desboth.pl -@@ -23,6 +23,11 @@ sub DES_encrypt3 - - &push("edi"); - -+ &call (&label("pic_point0")); -+ &set_label("pic_point0"); -+ &blindpop("ebp"); -+ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); -+ - &comment(""); - &comment("Load the data words"); - &mov($L,&DWP(0,"ebx","",0)); -@@ -54,15 +59,21 @@ sub DES_encrypt3 - &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); - &mov(&swtmp(1), "eax"); - &mov(&swtmp(0), "ebx"); -- &call("DES_encrypt2"); -+ &exch("ebx", "ebp"); -+ &call("DES_encrypt2\@PLT"); -+ &exch("ebx", "ebp"); - &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); - &mov(&swtmp(1), "edi"); - &mov(&swtmp(0), "ebx"); -- &call("DES_encrypt2"); -+ &exch("ebx", "ebp"); -+ &call("DES_encrypt2\@PLT"); -+ &exch("ebx", "ebp"); - &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); - &mov(&swtmp(1), "esi"); - &mov(&swtmp(0), "ebx"); -- &call("DES_encrypt2"); -+ &exch("ebx", "ebp"); -+ &call("DES_encrypt2\@PLT"); -+ &exch("ebx", "ebp"); - - &stack_pop(3); - &mov($L,&DWP(0,"ebx","",0)); -diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl -index 01bafe457d68..c093be5a4fd6 100644 ---- a/crypto/perlasm/cbc.pl -+++ b/crypto/perlasm/cbc.pl -@@ -129,7 +129,11 @@ sub cbc - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($enc_func); -+ &call (&label("pic_point0")); -+ &set_label("pic_point0"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); -+ &call("$enc_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -192,7 +196,11 @@ sub cbc - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($enc_func); -+ &call (&label("pic_point1")); -+ &set_label("pic_point1"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]"); -+ &call("$enc_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -225,7 +233,11 @@ sub cbc - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($dec_func); -+ &call (&label("pic_point2")); -+ &set_label("pic_point2"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]"); -+ &call("$dec_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # -@@ -268,7 +280,11 @@ sub cbc - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($dec_func); -+ &call (&label("pic_point3")); -+ &set_label("pic_point3"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]"); -+ &call("$dec_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # -diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl -index 5c7ea3880e4d..7e49b55e97c7 100644 ---- a/crypto/perlasm/x86gas.pl -+++ b/crypto/perlasm/x86gas.pl -@@ -170,6 +170,7 @@ sub ::file_end - if ($::macosx) { push (@out,"$tmp,2\n"); } - elsif ($::elf) { push (@out,"$tmp,4\n"); } - else { push (@out,"$tmp\n"); } -+ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); } - } - push(@out,$initseg) if ($initseg); - } -@@ -228,8 +229,23 @@ ___ - elsif ($::elf) - { $initseg.=<<___; - .section .init -+___ -+ if ($::pic) -+ { $initseg.=<<___; -+ pushl %ebx -+ call .pic_point0 -+.pic_point0: -+ popl %ebx -+ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx -+ call $f\@PLT -+ popl %ebx -+___ -+ } -+ else -+ { $initseg.=<<___; - call $f - ___ -+ } - } - elsif ($::coff) - { $initseg.=<<___; # applies to both Cygwin and Mingw -diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl -index ba4fd80fb32e..18c124707587 100644 ---- a/crypto/x86cpuid.pl -+++ b/crypto/x86cpuid.pl -@@ -18,6 +18,8 @@ open OUT,">$output"; - - for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -+push(@out, ".hidden OPENSSL_ia32cap_P\n"); -+ - &function_begin("OPENSSL_ia32_cpuid"); - &xor ("edx","edx"); - &pushf (); -@@ -163,9 +165,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - &set_label("nocpuid"); - &function_end("OPENSSL_ia32_cpuid"); - --&external_label("OPENSSL_ia32cap_P"); -- --&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); -+&function_begin_B("OPENSSL_rdtsc"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &picmeup("ecx","OPENSSL_ia32cap_P"); -@@ -179,7 +179,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], - # but it's safe to call it on any [supported] 32-bit platform... - # Just check for [non-]zero return value... --&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); -+&function_begin_B("OPENSSL_instrument_halt"); - &picmeup("ecx","OPENSSL_ia32cap_P"); - &bt (&DWP(0,"ecx"),4); - &jnc (&label("nohalt")); # no TSC -@@ -246,7 +246,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - &ret (); - &function_end_B("OPENSSL_far_spin"); - --&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); -+&function_begin_B("OPENSSL_wipe_cpu"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &picmeup("ecx","OPENSSL_ia32cap_P"); diff --git a/patches/openssl-1.1.1k/0003-Set-systemwide-default-settings-for-libssl-users.patch b/patches/openssl-1.1.1k/0003-Set-systemwide-default-settings-for-libssl-users.patch deleted file mode 100644 index 2377d8017..000000000 --- a/patches/openssl-1.1.1k/0003-Set-systemwide-default-settings-for-libssl-users.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> -Date: Tue, 20 Mar 2018 22:07:30 +0100 -Subject: [PATCH] Set systemwide default settings for libssl users - -This config change enforeces a TLS1.2 protocol version as minimum. It -can be overwritten by the system administrator. - -It also changes the default security level from 1 to 2, moving from the 80 bit -security level to the 112 bit security level. - -Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> - -Imported from openssl_1.1.1k-1.debian.tar.xz - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - apps/openssl.cnf | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/apps/openssl.cnf b/apps/openssl.cnf -index 4acca4b0446f..a6fed92a2e75 100644 ---- a/apps/openssl.cnf -+++ b/apps/openssl.cnf -@@ -15,6 +15,9 @@ HOME = . - #oid_file = $ENV::HOME/.oid - oid_section = new_oids - -+# System default -+openssl_conf = default_conf -+ - # To use this configuration file with the "-extfile" option of the - # "openssl x509" utility, name here the section containing the - # X.509v3 extensions to use: -@@ -348,3 +351,12 @@ ess_cert_id_chain = no # Must the ESS cert id chain be included? - # (optional, default: no) - ess_cert_id_alg = sha1 # algorithm to compute certificate - # identifier (optional, default: sha1) -+[default_conf] -+ssl_conf = ssl_sect -+ -+[ssl_sect] -+system_default = system_default_sect -+ -+[system_default_sect] -+MinProtocol = TLSv1.2 -+CipherString = DEFAULT@SECLEVEL=2 diff --git a/patches/openssl-1.1.1k/series b/patches/openssl-1.1.1k/series deleted file mode 100644 index 2bfca5ade..000000000 --- a/patches/openssl-1.1.1k/series +++ /dev/null @@ -1,6 +0,0 @@ -# generated by git-ptx-patches -#tag:base --start-number 1 -0001-debian-targets.patch -0002-pic.patch -0003-Set-systemwide-default-settings-for-libssl-users.patch -# 0312ece60c710f114a26383fdd75ddcb - git-ptx-patches magic |