mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-31 03:52:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

openssl: Upgrade to 1.0.1j

Browse Source 
This address the latest set of CVE issues

(From OE-Core rev: 461e598815f8749bb26e97369e3b877f7ce749cf)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Saul Wold
2014-10-20 14:16:23 -07:00
committed by Richard Purdie
parent df4a397df9
commit e93f9a8382
12 changed files with 145 additions and 688 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
meta/recipes-connectivity/openssl/openssl.inc
View File

@@ -9,6 +9,7 @@ LICENSE = "openssl"
LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
DEPENDS = "perl-native-runtime"
DEPENDS_append_class-target = " openssl-native"
SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
"
@@ -30,14 +31,14 @@ export DIRS = "crypto ssl apps"
export EX_LIBS = "-lgcc -ldl"
export AS = "${CC} -c"
inherit pkgconfig siteinfo multilib_header
inherit pkgconfig siteinfo multilib_header ptest
PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}"
FILES_libssl = "${libdir}/libssl.so.*"
FILES_${PN} =+ " ${libdir}/ssl/*"
FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
RDEPENDS_${PN}-misc = "${@base_contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}"
# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
@@ -47,6 +48,7 @@ FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}"
FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
RRECOMMENDS_libcrypto += "openssl-conf"
RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
do_configure_prepend_darwin () {
sed -i -e '/version-script=openssl\.ld/d' Configure
@@ -59,17 +61,18 @@ do_configure () {
ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
os=${HOST_OS}
if [ "x$os" = "xlinux-uclibc" ]; then
case $os in
linux-uclibc |\
linux-uclibceabi |\
linux-gnueabi |\
linux-uclibcspe |\
linux-gnuspe |\
linux-musl*)
os=linux
elif [ "x$os" = "xlinux-uclibceabi" ]; then
os=linux
elif [ "x$os" = "xlinux-uclibcspe" ]; then
os=linux
elif [ "x$os" = "xlinux-gnuspe" ]; then
os=linux
elif [ "x$os" = "xlinux-gnueabi" ]; then
os=linux
fi
;;
*)
;;
esac
target="$os-${HOST_ARCH}"
case $target in
linux-arm)
@@ -136,10 +139,18 @@ do_configure () {
perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
}
do_compile_prepend_class-target () {
sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
}
do_compile () {
oe_runmake
}
do_compile_ptest () {
oe_runmake buildtest
}
do_install () {
oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
@@ -157,7 +168,7 @@ do_install () {
cp --dereference -R include/openssl ${D}${includedir}
oe_multilib_header openssl/opensslconf.h
if [ "${@base_contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
@@ -169,5 +180,18 @@ do_install () {
fi
}
do_install_ptest () {
cp -r Makefile test ${D}${PTEST_PATH}
cp -r certs ${D}${PTEST_PATH}
mkdir -p ${D}${PTEST_PATH}/apps
ln -sf /usr/lib/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
ln -sf /usr/lib/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
ln -sf /usr/bin/openssl ${D}${PTEST_PATH}/apps
cp apps/server2.pem ${D}${PTEST_PATH}/apps
mkdir -p ${D}${PTEST_PATH}/util
install util/opensslwrap.sh ${D}${PTEST_PATH}/util
install util/shlib_wrap.sh ${D}${PTEST_PATH}/util
}
BBCLASSEXTEND = "native nativesdk"

75
meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch Normal file
View File

@@ -0,0 +1,75 @@
Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests
cross-compiled.
Signed-off-by: Anders Roxell <anders.roxell@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Upstream-Status: Pending
---
diff -uNr a/Makefile b/Makefile
--- a/Makefile.org 2012-05-10 17:06:02.000000000 +0200
+++ b/Makefile.org 2012-10-27 00:05:55.359424024 +0200
@@ -411,8 +411,16 @@
test: tests
tests: rehash
+ $(MAKE) buildtest
+ $(MAKE) runtest
+
+buildtest:
+ @(cd test && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf exe apps);
+
+runtest:
@(cd test && echo "testing..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf alltests );
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
report:
diff --git a/test/Makefile b/test/Makefile
index 3912f82..1696767 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -128,7 +128,7 @@ tests: exe apps $(TESTS)
apps:
@(cd ..; $(MAKE) DIRS=apps all)
-alltests: \
+all-tests= \
test_des test_idea test_sha test_md4 test_md5 test_hmac \
test_md2 test_mdc2 test_wp \
test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
@@ -138,6 +138,11 @@ alltests: \
test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \
test_jpake test_cms
+alltests:
+ @(for i in $(all-tests); do \
+ ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
+ done)
+
test_evp:
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
@@ -203,7 +208,7 @@ test_x509:
echo test second x509v3 certificate
sh ./tx509 v3-cert2.pem 2>/dev/null
-test_rsa: $(RSATEST)$(EXE_EXT)
+test_rsa:
@sh ./trsa 2>/dev/null
../util/shlib_wrap.sh ./$(RSATEST)
@@ -298,11 +303,11 @@ test_tsa:
sh ./testtsa; \
fi
-test_ige: $(IGETEST)$(EXE_EXT)
+test_ige:
@echo "Test IGE mode"
../util/shlib_wrap.sh ./$(IGETEST)
-test_jpake: $(JPAKETEST)$(EXE_EXT)
+test_jpake:
@echo "Test JPAKE"
../util/shlib_wrap.sh ./$(JPAKETEST)

1
meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
View File

@@ -4,6 +4,7 @@ Subject: Initial aarch64 bits.
X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956
Initial aarch64 bits.
Upstream-Status: backport (will be included in 1.0.2)
---
crypto/bn/bn_lcl.h | 9 +++++++++
crypto/md32_common.h | 18 ++++++++++++++++++

40
meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0195.patch
View File

@@ -1,40 +0,0 @@
commit 208d54db20d58c9a5e45e856a0650caadd7d9612
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Tue May 13 18:48:31 2014 +0100
Fix for CVE-2014-0195
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
Fixed by adding consistency check for DTLS fragments.
Thanks to Jüri Aedla for reporting this issue.
Patch borrowed from Fedora
Upstream-Status: Backport
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 2e8cf68..07f67f8 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -627,7 +627,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
frag->msg_header.frag_off = 0;
}
else
+ {
frag = (hm_fragment*) item->data;
+ if (frag->msg_header.msg_len != msg_hdr->msg_len)
+ {
+ item = NULL;
+ frag = NULL;
+ goto err;
+ }
+ }
+
/* If message is already reassembled, this must be a
* retransmit and can be dropped.

38
meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0198.patch
View File

@@ -1,38 +0,0 @@
From: Matt Caswell <matt@openssl.org>
Date: Sun, 11 May 2014 23:38:37 +0000 (+0100)
Subject: Fixed NULL pointer dereference. See PR#3321
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=b107586
Fixed NULL pointer dereference. See PR#3321
Patch borrowed from Fedora
Upstream-Status: Backport
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 40eb0dd..d961d12 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
SSL3_BUFFER *wb=&(s->s3->wbuf);
SSL_SESSION *sess;
- if (wb->buf == NULL)
- if (!ssl3_setup_write_buffer(s))
- return -1;
/* first check if there is a SSL3_BUFFER still being written
* out. This will happen with non blocking IO */
@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* if it went, fall through and send more stuff */
}
+ if (wb->buf == NULL)
+ if (!ssl3_setup_write_buffer(s))
+ return -1;
+
if (len == 0 && !create_empty_fragment)
return 0;

38
meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0221.patch
View File

@@ -1,38 +0,0 @@
commit d30e582446b027868cdabd0994681643682045a4
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Fri May 16 13:00:45 2014 +0100
Fix CVE-2014-0221
Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without recursion.
Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
Patch borrowed from Fedora
Upstream-Status: Backport
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 07f67f8..4c2fd03 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -793,6 +793,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
int i,al;
struct hm_header_st msg_hdr;
+ redo:
/* see if we have the required fragment already */
if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
{
@@ -851,8 +852,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
s->msg_callback_arg);
s->init_num = 0;
- return dtls1_get_message_fragment(s, st1, stn,
- max, ok);
+ goto redo;
}
else /* Incorrectly formated Hello request */
{

103
meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0224.patch
View File

@@ -1,103 +0,0 @@
Fix for CVE-2014-0224
Only accept change cipher spec when it is expected instead of at any
time. This prevents premature setting of session keys before the master
secret is determined which an attacker could use as a MITM attack.
Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
and providing the initial fix this patch is based on.
Patch borrowed from Fedora
Upstream-Status: Backport
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
diff -up openssl-1.0.1e/ssl/ssl3.h.keying-mitm openssl-1.0.1e/ssl/ssl3.h
--- openssl-1.0.1e/ssl/ssl3.h.keying-mitm 2014-06-02 19:48:04.518100562 +0200
+++ openssl-1.0.1e/ssl/ssl3.h 2014-06-02 19:48:04.642103429 +0200
@@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
+#define SSL3_FLAGS_CCS_OK 0x0080
/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
* restart a handshake because of MS SGC and so prevents us
diff -up openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm openssl-1.0.1e/ssl/s3_clnt.c
--- openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/ssl/s3_clnt.c 2014-06-02 19:49:57.042701985 +0200
@@ -559,6 +559,7 @@ int ssl3_connect(SSL *s)
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
SSL3_ST_CR_FINISHED_B);
if (ret <= 0) goto end;
@@ -916,6 +917,7 @@ int ssl3_get_server_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
goto f_err;
}
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->hit=1;
}
else /* a miss or crap from the other end */
diff -up openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm openssl-1.0.1e/ssl/s3_pkt.c
--- openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm 2014-06-02 19:48:04.640103383 +0200
+++ openssl-1.0.1e/ssl/s3_pkt.c 2014-06-02 19:48:04.643103452 +0200
@@ -1298,6 +1298,15 @@ start:
goto f_err;
}
+ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
+ {
+ al=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
+ goto f_err;
+ }
+
+ s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
+
rr->length=0;
if (s->msg_callback)
@@ -1432,7 +1441,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
if (s->s3->tmp.key_block == NULL)
{
- if (s->session == NULL)
+ if (s->session == NULL || s->session->master_key_length == 0)
{
/* might happen if dtls1_read_bytes() calls this */
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
diff -up openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm openssl-1.0.1e/ssl/s3_srvr.c
--- openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm 2014-06-02 19:48:04.630103151 +0200
+++ openssl-1.0.1e/ssl/s3_srvr.c 2014-06-02 19:48:04.643103452 +0200
@@ -673,6 +673,7 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SR_CERT_VRFY_A:
case SSL3_ST_SR_CERT_VRFY_B:
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
/* we should decide if we expected this one */
ret=ssl3_get_cert_verify(s);
if (ret <= 0) goto end;
@@ -700,6 +701,7 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
if (ret <= 0) goto end;
@@ -770,7 +772,10 @@ int ssl3_accept(SSL *s)
s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
#else
if (s->s3->next_proto_neg_seen)
+ {
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
+ }
else
s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
#endif

31
meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-3470.patch
View File

@@ -1,31 +0,0 @@
commit 4ad43d511f6cf064c66eb4bfd0fb0919b5dd8a86
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Thu May 29 15:00:05 2014 +0100
Fix CVE-2014-3470
Check session_cert is not NULL before dereferencing it.
Patch borrowed from Fedora
Upstream-Status: Backport
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index d35376d..4324f8d 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2511,6 +2511,13 @@ int ssl3_send_client_key_exchange(SSL *s)
int ecdh_clnt_cert = 0;
int field_size = 0;
+ if (s->session->sess_cert == NULL)
+ {
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+ goto err;
+ }
+
/* Did we send out the client's
* ECDH share for use in premaster
* computation as part of client certificate?

24
meta/recipes-connectivity/openssl/openssl/openssl-CVE-2010-5298.patch
View File

@@ -1,24 +0,0 @@
openssl fix for CVE-2010-5298
Upstream-Status: Backport
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
attackers to inject data across sessions or cause a denial of service
(use-after-free and parsing error) via an SSL connection in a
multithreaded environment.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1013,7 +1013,7 @@ start:
{
s->rstate=SSL_ST_READ_HEADER;
rr->off=0;
- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+ if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
ssl3_release_read_buffer(s);
}
}

401
meta/recipes-connectivity/openssl/openssl/openssl-fix-doc.patch
View File

@@ -1,401 +0,0 @@
Fix documentation build errors with Perl 5.18 pod2man
This fixes errors building man pages with newer versions of pod2man
included with Perl 5.18.
Upstream-Status: Submitted
Signed-off-by: Jonathan Liu
Index: openssl-1.0.1f/doc/apps/cms.pod
===================================================================
--- openssl-1.0.1f.orig/doc/apps/cms.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/apps/cms.pod 2014-02-28 10:13:51.899979213 +0200
@@ -450,28 +450,28 @@
=over 4
-=item 0
+=item Z<>0
the operation was completely successfully.
-=item 1
+=item Z<>1
an error occurred parsing the command options.
-=item 2
+=item Z<>2
one of the input files could not be read.
-=item 3
+=item Z<>3
an error occurred creating the CMS file or when reading the MIME
message.
-=item 4
+=item Z<>4
an error occurred decrypting or verifying the message.
-=item 5
+=item Z<>5
the message was verified correctly but an error occurred writing out
the signers certificates.
Index: openssl-1.0.1f/doc/apps/smime.pod
===================================================================
--- openssl-1.0.1f.orig/doc/apps/smime.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/apps/smime.pod 2014-02-28 10:16:57.795979233 +0200
@@ -308,28 +308,28 @@
=over 4
-=item 0
+=item Z<>0
the operation was completely successfully.
-=item 1
+=item Z<>1
an error occurred parsing the command options.
-=item 2
+=item Z<>2
one of the input files could not be read.
-=item 3
+=item Z<>3
an error occurred creating the PKCS#7 file or when reading the MIME
message.
-=item 4
+=item Z<>4
an error occurred decrypting or verifying the message.
-=item 5
+=item Z<>5
the message was verified correctly but an error occurred writing out
the signers certificates.
Index: openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod 2014-02-28 10:18:09.679979225 +0200
@@ -53,11 +53,11 @@
=over 4
-=item 0
+=item Z<>0
The operation succeeded.
-=item 1
+=item Z<>1
The operation failed. Check the error queue to find out the reason.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_add_session.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod 2014-02-28 10:18:42.687979221 +0200
@@ -52,13 +52,13 @@
=over 4
-=item 0
+=item Z<>0
The operation failed. In case of the add operation, it was tried to add
the same (identical) session twice. In case of the remove operation, the
session was not found in the cache.
-=item 1
+=item Z<>1
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-02-28 10:19:09.079979218 +0200
@@ -100,13 +100,13 @@
=over 4
-=item 0
+=item Z<>0
The operation failed because B<CAfile> and B<CApath> are NULL or the
processing at one of the locations specified failed. Check the error
stack to find out the reason.
-=item 1
+=item Z<>1
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-02-28 10:19:42.999979220 +0200
@@ -66,13 +66,13 @@
=over 4
-=item 0
+=item Z<>0
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
the X509_NAME could not be extracted from B<cacert>. Check the error stack
to find out the reason.
-=item 1
+=item Z<>1
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-02-28 10:20:06.495979211 +0200
@@ -64,13 +64,13 @@
=over 4
-=item 0
+=item Z<>0
The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
is logged to the error stack.
-=item 1
+=item Z<>1
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-02-28 10:20:32.111979208 +0200
@@ -42,11 +42,11 @@
=over 4
-=item 0
+=item Z<>0
The new choice failed, check the error stack to find out the reason.
-=item 1
+=item Z<>1
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-02-28 10:21:12.351979203 +0200
@@ -96,7 +96,7 @@
connection will fail with decryption_error before it will be finished
completely.
-=item 0
+=item Z<>0
PSK identity was not found. An "unknown_psk_identity" alert message
will be sent and the connection setup fails.
Index: openssl-1.0.1f/doc/ssl/SSL_accept.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_accept.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_accept.pod 2014-02-28 10:21:51.535979215 +0200
@@ -44,13 +44,13 @@
=over 4
-=item 0
+=item Z<>0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
-=item 1
+=item Z<>1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
Index: openssl-1.0.1f/doc/ssl/SSL_clear.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_clear.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_clear.pod 2014-02-28 10:22:13.087979196 +0200
@@ -56,12 +56,12 @@
=over 4
-=item 0
+=item Z<>0
The SSL_clear() operation could not be performed. Check the error stack to
find out the reason.
-=item 1
+=item Z<>1
The SSL_clear() operation was successful.
Index: openssl-1.0.1f/doc/ssl/SSL_connect.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_connect.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_connect.pod 2014-02-28 10:22:33.991979193 +0200
@@ -41,13 +41,13 @@
=over 4
-=item 0
+=item Z<>0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
-=item 1
+=item Z<>1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
Index: openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_do_handshake.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod 2014-02-28 10:22:56.887979159 +0200
@@ -45,13 +45,13 @@
=over 4
-=item 0
+=item Z<>0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
-=item 1
+=item Z<>1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
Index: openssl-1.0.1f/doc/ssl/SSL_read.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_read.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_read.pod 2014-02-28 10:23:15.303979188 +0200
@@ -86,7 +86,7 @@
The read operation was successful; the return value is the number of
bytes actually read from the TLS/SSL connection.
-=item 0
+=item Z<>0
The read operation was not successful. The reason may either be a clean
shutdown due to a "close notify" alert sent by the peer (in which case
Index: openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_session_reused.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod 2014-02-28 10:23:36.615979186 +0200
@@ -27,11 +27,11 @@
=over 4
-=item 0
+=item Z<>0
A new session was negotiated.
-=item 1
+=item Z<>1
A session was reused.
Index: openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_set_fd.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod 2014-02-28 10:23:57.599979183 +0200
@@ -35,11 +35,11 @@
=over 4
-=item 0
+=item Z<>0
The operation failed. Check the error stack to find out why.
-=item 1
+=item Z<>1
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_set_session.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_set_session.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod 2014-02-28 10:24:16.943979181 +0200
@@ -37,11 +37,11 @@
=over 4
-=item 0
+=item Z<>0
The operation failed; check the error stack to find out the reason.
-=item 1
+=item Z<>1
The operation succeeded.
Index: openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_shutdown.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod 2014-02-28 10:25:03.623979175 +0200
@@ -92,19 +92,19 @@
=over 4
-=item 0
+=item Z<>0
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
if a bidirectional shutdown shall be performed.
The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
-=item 1
+=item Z<>1
The shutdown was successfully completed. The "close notify" alert was sent
and the peer's "close notify" alert was received.
-=item -1
+=item Z<>-1
The shutdown was not successful because a fatal error occurred either
at the protocol level or a connection failure occurred. It can also occur if
Index: openssl-1.0.1f/doc/ssl/SSL_write.pod
===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_write.pod 2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/doc/ssl/SSL_write.pod 2014-02-28 10:25:36.031979168 +0200
@@ -79,7 +79,7 @@
The write operation was successful, the return value is the number of
bytes actually written to the TLS/SSL connection.
-=item 0
+=item Z<>0
The write operation was not successful. Probably the underlying connection
was closed. Call SSL_get_error() with the return value B<ret> to find out,

30
meta/recipes-connectivity/openssl/openssl/ptest-deps.patch Normal file
View File

@@ -0,0 +1,30 @@
Remove Makefile dependencies for test targets
These are probably here because the executables aren't always built for
other platforms (e.g. Windows); however we can safely assume they'll
always be there. None of the other test targets have such dependencies
and if we don't remove them, make tries to rebuild the executables and
fails during run-ptest.
Upstream-Status: Inappropriate [config]
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
diff --git a/test/Makefile b/test/Makefile
index e6fcfb4..5ae043b 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -322,11 +322,11 @@ test_cms:
@echo "CMS consistency test"
$(PERL) cms-test.pl
-test_srp: $(SRPTEST)$(EXE_EXT)
+test_srp:
@echo "Test SRP"
../util/shlib_wrap.sh ./srptest
-test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
+test_heartbeat:
../util/shlib_wrap.sh ./$(HEARTBEATTEST)
lint:

2
meta/recipes-connectivity/openssl/openssl/run-ptest Executable file
View File

@@ -0,0 +1,2 @@
#!/bin/sh
make -k runtest