Add LibreSSL support

Submitted by Ruslan Babayev on Nov. 3, 2015, 11:34 p.m. | Patch ID: 106655

Details

Message ID 87d1vqk67s.fsf@babayev.com
State New
Headers show

Commit Message

Ruslan Babayev Nov. 3, 2015, 11:34 p.m.
Please find attached the patch to add support for LibreSSL.

OpenSSL is still preferred, so you'd have add these to your local.conf

PREFERRED_PROVIDER_openssl ?= "openssl"
PREFERRED_PROVIDER_openssl-native ?= "openssl-native"
PREFERRED_PROVIDER_nativesdk-openssl ?= "nativesdk-openssl"

Patch hide | download patch | download mbox

From db63d8224c0779d6de466014adf10e0a092a210c Mon Sep 17 00:00:00 2001
From: Ruslan Babayev <ruslan@babayev.com>
Date: Mon, 2 Nov 2015 17:56:27 -0800
Subject: [PATCH] Add LibreSSL

---
 meta/conf/distro/include/default-providers.inc       |  3 +++
 .../libressl/files/gnuc_prereq.patch                 | 13 +++++++++++++
 meta/recipes-connectivity/libressl/libressl.inc      | 20 ++++++++++++++++++++
 meta/recipes-connectivity/libressl/libressl_2.2.4.bb |  6 ++++++
 4 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-connectivity/libressl/files/gnuc_prereq.patch
 create mode 100644 meta/recipes-connectivity/libressl/libressl.inc
 create mode 100644 meta/recipes-connectivity/libressl/libressl_2.2.4.bb

diff --git a/meta/conf/distro/include/default-providers.inc b/meta/conf/distro/include/default-providers.inc
index 9f84d5c..205f1cd 100644
--- a/meta/conf/distro/include/default-providers.inc
+++ b/meta/conf/distro/include/default-providers.inc
@@ -49,3 +49,6 @@  PREFERRED_PROVIDER_bluez-hcidump ?= "${@bb.utils.contains('DISTRO_FEATURES','blu
 # Alternative is ltp-ddt in meta-oe: meta-oe/recipes-devtools/ltp-ddt/ltp-ddt_0.0.4.bb
 PREFERRED_PROVIDER_ltp ?= "ltp"
 PREFERRED_PROVIDER_getopt ?= "util-linux-getopt"
+PREFERRED_PROVIDER_openssl ?= "openssl"
+PREFERRED_PROVIDER_openssl-native ?= "openssl-native"
+PREFERRED_PROVIDER_nativesdk-openssl ?= "nativesdk-openssl"
diff --git a/meta/recipes-connectivity/libressl/files/gnuc_prereq.patch b/meta/recipes-connectivity/libressl/files/gnuc_prereq.patch
new file mode 100644
index 0000000..61fa51a
--- /dev/null
+++ b/meta/recipes-connectivity/libressl/files/gnuc_prereq.patch
@@ -0,0 +1,13 @@ 
+Index: libressl-2.2.4/crypto/bn/bn_lcl.h
+===================================================================
+--- libressl-2.2.4.orig/crypto/bn/bn_lcl.h
++++ libressl-2.2.4/crypto/bn/bn_lcl.h
+@@ -259,7 +259,7 @@ extern "C" {
+ #  endif
+ # elif defined(__mips) && defined(_LP64)
+ #  if defined(__GNUC__) && __GNUC__>=2
+-#   if __GNUC__>=4 && __GNUC_MINOR__>=4 /* "h" constraint is no more since 4.4 */
++#   if __GNUC_PREREQ(4,4) /* "h" constraint is no more since 4.4 */
+ #     define BN_UMULT_HIGH(a,b)		 (((__uint128_t)(a)*(b))>>64)
+ #     define BN_UMULT_LOHI(low,high,a,b) ({	\
+ 	__uint128_t ret=(__uint128_t)(a)*(b);	\
diff --git a/meta/recipes-connectivity/libressl/libressl.inc b/meta/recipes-connectivity/libressl/libressl.inc
new file mode 100644
index 0000000..d0acdc4
--- /dev/null
+++ b/meta/recipes-connectivity/libressl/libressl.inc
@@ -0,0 +1,20 @@ 
+SUMMARY = "LibreSSL fork of OpenSSL"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.libressl.org/"
+SECTION = "libs/network"
+
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://COPYING;md5=01f9bb4d275f5eeea905377bef3de622"
+
+SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${PV}.tar.gz"
+
+S = "${WORKDIR}/libressl-${PV}"
+
+inherit pkgconfig autotools
+
+PROVIDES += "openssl"
+
+RPROVIDES_${PN} += "openssl"
+RCONFLICTS_${PN} += "openssl"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-connectivity/libressl/libressl_2.2.4.bb b/meta/recipes-connectivity/libressl/libressl_2.2.4.bb
new file mode 100644
index 0000000..f2f6fc2
--- /dev/null
+++ b/meta/recipes-connectivity/libressl/libressl_2.2.4.bb
@@ -0,0 +1,6 @@ 
+require libressl.inc
+
+SRC_URI += " file://gnuc_prereq.patch"
+
+SRC_URI[md5sum] = "bae037598bd63987666302f9644de237"
+SRC_URI[sha256sum] = "6b409859be8654afc3862549494e097017e64c8d167f12584383586306ef9a7e"
-- 
2.6.2


Comments

Ross Burton Nov. 3, 2015, 10:38 p.m.
On 3 November 2015 at 23:34, Ruslan Babayev <ruslan@babayev.com> wrote:

> Please find attached the patch to add support for LibreSSL.
>

I think I'd prefer oe-core to have just the one provider of the openssl
APIs, so if oe-core sticks with openssl then libressl should go into
another layer, meta-networking maybe?

Ross
Armin Kuster Nov. 3, 2015, 11:28 p.m.
Ruslan,

any reason version 2.3.1 was not picked?

I believe 2.2.4 is missing  (CVE-2015-5333 and CVE-2015-5334)

- armin

On 11/03/2015 03:34 PM, Ruslan Babayev wrote:
> Please find attached the patch to add support for LibreSSL.
> 
> OpenSSL is still preferred, so you'd have add these to your local.conf
> 
> PREFERRED_PROVIDER_openssl ?= "openssl"
> PREFERRED_PROVIDER_openssl-native ?= "openssl-native"
> PREFERRED_PROVIDER_nativesdk-openssl ?= "nativesdk-openssl"
> 
> 
>
Ruslan Babayev Nov. 3, 2015, 11:39 p.m.
Sorry I meant this:

PREFERRED_PROVIDER_openssl ?= "libressl"
PREFERRED_PROVIDER_openssl-native ?= "libressl-native"
PREFERRED_PROVIDER_nativesdk-openssl ?= "nativesdk-libressl"

Ruslan Babayev writes:

> Please find attached the patch to add support for LibreSSL.
>
> OpenSSL is still preferred, so you'd have add these to your local.conf
>
> PREFERRED_PROVIDER_openssl ?= "openssl"
> PREFERRED_PROVIDER_openssl-native ?= "openssl-native"
> PREFERRED_PROVIDER_nativesdk-openssl ?= "nativesdk-openssl"
Armin Kuster Nov. 4, 2015, 12:46 a.m.
Ruslan,

On 11/03/2015 04:53 PM, Ruslan Babayev wrote:
> Hi Armin,
> 
> It is the latest stable. And it looks like this patch has made it into
> 2.2.4

Thanks for double checking.

- armin

> http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/007_obj2txt.patch.sig
> 
> akuster808 writes:
> 
>> Ruslan,
>>
>> any reason version 2.3.1 was not picked?
>>
>> I believe 2.2.4 is missing  (CVE-2015-5333 and CVE-2015-5334)
>>
>> - armin
>>
>> On 11/03/2015 03:34 PM, Ruslan Babayev wrote:
>>> Please find attached the patch to add support for LibreSSL.
>>>
>>> OpenSSL is still preferred, so you'd have add these to your local.conf
>>>
>>> PREFERRED_PROVIDER_openssl ?= "openssl"
>>> PREFERRED_PROVIDER_openssl-native ?= "openssl-native"
>>> PREFERRED_PROVIDER_nativesdk-openssl ?= "nativesdk-openssl"
>>>
>>>
>>>
>
Ruslan Babayev Nov. 4, 2015, 12:53 a.m.
Hi Armin,

It is the latest stable. And it looks like this patch has made it into
2.2.4

http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/007_obj2txt.patch.sig

akuster808 writes:

> Ruslan,
>
> any reason version 2.3.1 was not picked?
>
> I believe 2.2.4 is missing  (CVE-2015-5333 and CVE-2015-5334)
>
> - armin
>
> On 11/03/2015 03:34 PM, Ruslan Babayev wrote:
>> Please find attached the patch to add support for LibreSSL.
>> 
>> OpenSSL is still preferred, so you'd have add these to your local.conf
>> 
>> PREFERRED_PROVIDER_openssl ?= "openssl"
>> PREFERRED_PROVIDER_openssl-native ?= "openssl-native"
>> PREFERRED_PROVIDER_nativesdk-openssl ?= "nativesdk-openssl"
>> 
>> 
>>