openssl: mark assembler sections as call targets for PAC/BTI support on aarch64

From: Ross Burton <ross.burton@arm.com>

The assembler sections in OpenSSL were not marked as valid call targets,
so branch protection could not be enabled for libcrypto.so.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 .../openssl/openssl/aarch64-bti.patch         | 35 +++++++++++++++++++
 .../openssl/openssl_3.2.0.bb                  |  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch

On Wed, Dec 13, 2023 at 2:48 AM Ross Burton <ross.burton@arm.com> wrote:
>
> From: Ross Burton <ross.burton@arm.com>
>
> The assembler sections in OpenSSL were not marked as valid call targets,
> so branch protection could not be enabled for libcrypto.so.
>
> Signed-off-by: Ross Burton <ross.burton@arm.com>
> ---
>  .../openssl/openssl/aarch64-bti.patch         | 35 +++++++++++++++++++
>  .../openssl/openssl_3.2.0.bb                  |  1 +
>  2 files changed, 36 insertions(+)
>  create mode 100644 meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch
>
> diff --git a/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch b/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch
> new file mode 100644
> index 00000000000..2a16debb76e
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch
> @@ -0,0 +1,35 @@
> +From ad347c9ff0fd93bdd2fa2085611c65b88e94829f Mon Sep 17 00:00:00 2001
> +From: "fangming.fang" <fangming.fang@arm.com>
> +Date: Thu, 7 Dec 2023 06:17:51 +0000
> +Subject: [PATCH] Enable BTI feature for md5 on aarch64
> +
> +Fixes: #22959
> +
> +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
> +Reviewed-by: Tomas Mraz <tomas@openssl.org>
> +(Merged from https://github.com/openssl/openssl/pull/22971)
> +
> +Upstream-Status: Backport
> +Signed-off-by: Ross Burton <ross.burton@arm.com>
> +---
> + crypto/md5/asm/md5-aarch64.pl | 3 +++
> + 1 file changed, 3 insertions(+)
> +
> +diff --git a/crypto/md5/asm/md5-aarch64.pl b/crypto/md5/asm/md5-aarch64.pl
> +index 3200a0fa9bff0..5a8608069691d 100755
> +--- a/crypto/md5/asm/md5-aarch64.pl
> ++++ b/crypto/md5/asm/md5-aarch64.pl
> +@@ -28,10 +28,13 @@
> + *STDOUT=*OUT;
> +
> + $code .= <<EOF;
> ++#include "arm_arch.h"
> ++
> + .text
> + .globl  ossl_md5_block_asm_data_order
> + .type   ossl_md5_block_asm_data_order,\@function
> + ossl_md5_block_asm_data_order:
> ++        AARCH64_VALID_CALL_TARGET
> +         // Save all callee-saved registers
> +         stp     x19,x20,[sp,#-80]!
> +         stp     x21,x22,[sp,#16]
> diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.0.bb b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
> index ab0562bd730..1c97d853f11 100644
> --- a/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb
> @@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
>             file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
>             file://0001-Configure-do-not-tweak-mips-cflags.patch \
>             file://0001-Added-handshake-history-reporting-when-test-fails.patch \
> +                  file://aarch64-bti.patch \

it looks funnily indented :)

>             "
>
>  SRC_URI:append:class-nativesdk = " \
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#192280): https://lists.openembedded.org/g/openembedded-core/message/192280
> Mute This Topic: https://lists.openembedded.org/mt/103147125/1997914
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>