From: Brendan Le Foll <brendan.le.f...@intel.com>

Security update, some patches modified to apply correctly mostly due to
upstream changing indentation/styling

* configure-targets.patch updated
* fix-cipher-des-ede3-cfb1.patch updated
* openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch updated
* openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch removed as no
merged with 3942e7d9ebc262fa5c5c42aba0167e06d981f004 in upstream

Signed-off-by: Brendan Le Foll <brendan.le.f...@intel.com>
---
 .../openssl/openssl/configure-targets.patch        | 28 +++----
 .../openssl/openssl/fix-cipher-des-ede3-cfb1.patch | 17 +++--
 .../openssl/openssl/initial-aarch64-bits.patch     | 87 ++++++++++++++--------
 ...-pointer-dereference-in-EVP_DigestInit_ex.patch | 19 +++--
 ...NULL-pointer-dereference-in-dh_pub_encode.patch | 39 ----------
 .../openssl/openssl/openssl_fix_for_x32.patch      | 83 ++++++++-------------
 .../recipes-connectivity/openssl/openssl_1.0.1j.bb | 57 --------------
 .../recipes-connectivity/openssl/openssl_1.0.1m.bb | 56 ++++++++++++++
 8 files changed, 175 insertions(+), 211 deletions(-)
 delete mode 100644 
meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.1j.bb
 create mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.1m.bb

diff --git a/meta/recipes-connectivity/openssl/openssl/configure-targets.patch 
b/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
index c1f3d08..dbc10f9 100644
--- a/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
+++ b/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
@@ -10,25 +10,25 @@ The number of colons are important :)
 --- a/Configure
 +++ b/Configure
 @@ -403,6 +403,22 @@ my %table=(
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN 
-DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR 
DES_RISC1 DES_UNROLL:${alpha_asm}",
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN 
-DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR 
DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha-ccc","ccc:-fast -readonly_strings 
-DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR 
DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings 
-DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT 
DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
  
 + # Linux on ARM
-+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:BN_LLONG 
DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:BN_LLONG 
DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:BN_LLONG 
DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 
-fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG 
DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 
-fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG 
DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 
-fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG 
DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:BN_LLONG 
DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:BN_LLONG 
DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:BN_LLONG 
DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:BN_LLONG 
DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:BN_LLONG 
DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:BN_LLONG 
DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +
-+"linux-avr32","$ENV{'CC'}:-DTERMIO -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:BN_LLONG 
DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
++"linux-avr32","$ENV{'CC'}: -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:BN_LLONG 
DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
 +
 +#### Linux on MIPS/MIPS64
-+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL 
DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -DTERMIO -mabi=64 -O3 
-fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR 
RC4_INDEX DES_INT DES_UNROLL 
DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -mabi=64 -O3 
-fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR 
RC4_INDEX DES_INT DES_UNROLL 
DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL 
DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL 
DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT 
DES_UNROLL 
DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT 
DES_UNROLL 
DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer 
-Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL 
DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +
- # Android: linux-* but without -DTERMIO and pointers to headers and libs.
+ # Android: linux-* but without pointers to headers and libs.
  "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 
-fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK 
DES_INT DES_UNROLL 
BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib 
-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:".eval{my 
$asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git 
a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch 
b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
index f0e1778..2412a3b 100644
--- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
+++ b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
@@ -6,17 +6,20 @@ http://rt.openssl.org/Ticket/Display.html?id=2867
 
 Signed-Off-By: Muhammad Shakeel <muhammad_shak...@mentor.com>
 
+ported the patch to the 1.0.0m version
+Signed-off-by: Brendan Le Foll <brendan.le.f...@intel.com> 2015/03/24
+
 diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
 index 3232cfe..df84922 100644
 ===================================================================
 --- a/crypto/evp/e_des3.c
 +++ b/crypto/evp/e_des3.c
-@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
+@@ -181,7 +181,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
      size_t n;
-     unsigned char c[1],d[1];
+     unsigned char c[1], d[1];
  
--    for(n=0 ; n < inl ; ++n)
-+    for(n=0 ; n < inl*8 ; ++n)
-       {
-       c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-       DES_ede3_cfb_encrypt(c,d,1,1,
+-    for (n = 0; n < inl; ++n) {
++    for (n = 0; n < inl * 8; ++n) {
+         c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+         DES_ede3_cfb_encrypt(c, d, 1, 1,
+                              &data(ctx)->ks1, &data(ctx)->ks2,
diff --git 
a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch 
b/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
index 770097d..972b367 100644
--- a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
+++ b/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
@@ -5,6 +5,9 @@ X-Git-Url: 
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039
 
 Initial aarch64 bits.
 Upstream-Status: backport (will be included in 1.0.2)
+
+ported the patch to the 1.0.0m version
+Signed-off-by: Brendan Le Foll <brendan.le.f...@intel.com> 2015/03/24
 ---
  crypto/bn/bn_lcl.h       |    9 +++++++++
  crypto/md32_common.h     |   18 ++++++++++++++++++
@@ -16,10 +19,10 @@ Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
 ===================================================================
 --- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h     2014-01-06 15:47:42.000000000 
+0200
 +++ openssl-1.0.1f/crypto/bn/bn_lcl.h  2014-02-28 10:37:55.495979037 +0200
-@@ -300,6 +300,15 @@
-            : "r"(a), "r"(b));
+@@ -295,6 +295,15 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned 
__int64 b,
+              : "r"(a), "r"(b));
  #    endif
- #  endif
+ #   endif
 +# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
 +#  if defined(__GNUC__) && __GNUC__>=2
 +#   define BN_UMULT_HIGH(a,b)  ({  \
@@ -29,17 +32,17 @@ Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
 +        : "r"(a), "r"(b));     \
 +   ret;            })
 +#  endif
- # endif               /* cpu */
- #endif                /* OPENSSL_NO_ASM */
+ #  endif                        /* cpu */
+ # endif                         /* OPENSSL_NO_ASM */
  
 Index: openssl-1.0.1f/crypto/md32_common.h
 ===================================================================
 --- openssl-1.0.1f.orig/crypto/md32_common.h   2014-01-06 15:47:42.000000000 
+0200
 +++ openssl-1.0.1f/crypto/md32_common.h        2014-02-28 10:39:21.751979107 
+0200
-@@ -213,6 +213,24 @@
-                                  asm ("bswapl %0":"=r"(r):"0"(r));    \
-                                  *((unsigned int *)(c))=r; (c)+=4; r; })
- #   endif
+@@ -213,6 +213,42 @@
+                                    asm ("bswapl %0":"=r"(r):"0"(r));    \
+                                    *((unsigned int *)(c))=r; (c)+=4; r; })
+ #    endif
 +#  elif defined(__aarch64__)
 +#   if defined(__BYTE_ORDER__)
 +#    if defined(__ORDER_LITTLE_ENDIAN__) && 
__BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
@@ -58,25 +61,43 @@ Index: openssl-1.0.1f/crypto/md32_common.h
 +#     define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
 +#    endif
 +#   endif
++#   endif
++#  elif defined(__aarch64__)
++#   if defined(__BYTE_ORDER__)
++#    if defined(__ORDER_LITTLE_ENDIAN__) && 
__BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
++#     define HOST_c2l(c,l) ({ unsigned int r;      \
++                  asm ("rev    %w0,%w1"    \
++                   :"=r"(r)        \
++                   :"r"(*((const unsigned int *)(c))));\
++                  (c)+=4; (l)=r;       })
++#     define HOST_l2c(l,c) ({ unsigned int r;      \
++                  asm ("rev    %w0,%w1"    \
++                   :"=r"(r)        \
++                   :"r"((unsigned int)(l)));\
++                  *((unsigned int *)(c))=r; (c)+=4; r; })
++#    elif defined(__ORDER_BIG_ENDIAN__) && 
__BYTE_ORDER__==__ORDER_BIG_ENDIAN__
++#     define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
++#     define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
++#    endif
+ #   endif
  #  endif
  # endif
- #endif
 Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
 ===================================================================
 --- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h       2014-02-28 
10:47:48.731979011 +0200
 +++ openssl-1.0.1f/crypto/modes/modes_lcl.h    2014-02-28 10:48:49.707978919 
+0200
-@@ -29,6 +29,7 @@
- #if defined(__i386)   || defined(__i386__)    || \
-     defined(__x86_64) || defined(__x86_64__)  || \
-     defined(_M_IX86)  || defined(_M_AMD64)    || defined(_M_X64) || \
+@@ -28,6 +28,7 @@ typedef unsigned char u8;
+ #if defined(__i386)     || defined(__i386__)    || \
+     defined(__x86_64)   || defined(__x86_64__)  || \
+     defined(_M_IX86)    || defined(_M_AMD64)    || defined(_M_X64) || \
 +    defined(__aarch64__)           || \
-     defined(__s390__) || defined(__s390x__)
+     defined(__s390__)   || defined(__s390x__)
  # undef STRICT_ALIGNMENT
  #endif
-@@ -50,6 +51,13 @@
- #  define BSWAP4(x) ({        u32 ret=(x);                    \
-                       asm ("bswapl %0"                \
-                       : "+r"(ret));   ret;            })
+@@ -49,6 +50,13 @@ typedef unsigned char u8;
+ #   define BSWAP4(x) ({ u32 ret=(x);                    \
+                         asm ("bswapl %0"                \
+                         : "+r"(ret));   ret;            })
 +# elif defined(__aarch64__)
 +#  define BSWAP8(x) ({ u64 ret;            \
 +           asm ("rev %0,%1"        \
@@ -84,25 +105,25 @@ Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
 +#  define BSWAP4(x) ({ u32 ret;            \
 +           asm ("rev %w0,%w1"      \
 +           : "=r"(ret) : "r"(x)); ret; })
- # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
- #  define BSWAP8(x) ({        u32 lo=(u64)(x)>>32,hi=(x);     \
-                       asm ("rev %0,%0; rev %1,%1"     \
+ #  elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
+ #   define BSWAP8(x) ({  u32 lo=(u64)(x)>>32,hi=(x);     \
+                         asm ("rev %0,%0; rev %1,%1"     \
 Index: openssl-1.0.1f/crypto/sha/sha512.c
 ===================================================================
 --- openssl-1.0.1f.orig/crypto/sha/sha512.c    2014-01-06 15:47:42.000000000 
+0200
 +++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200
-@@ -55,6 +55,7 @@
- #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+@@ -55,6 +55,7 @@ const char SHA512_version[] = "SHA-512" 
OPENSSL_VERSION_PTEXT;
+ # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
      defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
      defined(__s390__) || defined(__s390x__) || \
 +    defined(__aarch64__) || \
      defined(SHA512_ASM)
- #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
- #endif
-@@ -347,6 +348,18 @@
-                               asm ("rotrdi %0,%1,%2"  \
-                               : "=r"(ret)             \
-                               : "r"(a),"K"(n)); ret;  })
+ #  define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+ # endif
+@@ -353,6 +354,18 @@ static const SHA_LONG64 K512[80] = {
+                                 asm ("rotrdi %0,%1,%2"  \
+                                 : "=r"(ret)             \
+                                 : "r"(a),"K"(n)); ret;  })
 +#  elif defined(__aarch64__)
 +#   define ROTR(a,n)   ({ SHA_LONG64 ret;      \
 +               asm ("ror %0,%1,%2" \
@@ -115,6 +136,6 @@ Index: openssl-1.0.1f/crypto/sha/sha512.c
 +               : "=r"(ret)         \
 +               : "r"(*((const SHA_LONG64 *)(&(x))))); ret;     })
 +#   endif
- #  endif
- # elif defined(_MSC_VER)
- #  if defined(_WIN64) /* applies to both IA-64 and AMD64 */
+ #    endif
+ #   elif defined(_MSC_VER)
+ #    if defined(_WIN64)         /* applies to both IA-64 and AMD64 */
diff --git 
a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
 
b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
index c161e62..36aa442 100644
--- 
a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ 
b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -7,15 +7,18 @@ Upstream-Status: Submitted
 http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
 
 Signed-off-by: Xufeng Zhang <xufeng.zh...@windriver.com>
+
+ported the patch to the 1.0.0m version
+Signed-off-by: Brendan Le Foll <brendan.le.f...@intel.com> 2015/03/24
 ---
 --- a/crypto/evp/digest.c
 +++ b/crypto/evp/digest.c
-@@ -199,7 +199,7 @@
-               return 0;
-               }
+@@ -199,7 +199,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, 
ENGINE *impl)
+         type = ctx->digest;
+     }
  #endif
--      if (ctx->digest != type)
-+      if (type && (ctx->digest != type))
-               {
-               if (ctx->digest && ctx->digest->ctx_size)
-                       OPENSSL_free(ctx->md_data);
+-    if (ctx->digest != type) {
++    if (type && (ctx->digest != type)) {
+         if (ctx->digest && ctx->digest->ctx_size)
+             OPENSSL_free(ctx->md_data);
+         ctx->digest = type;
diff --git 
a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
 
b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
deleted file mode 100644
index 3e93fe4..0000000
--- 
a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
-
-We should avoid accessing the pointer if ASN1_STRING_new()
-allocates memory failed.
-
-Upstream-Status: Submitted
-http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
-
-Signed-off-by: Xufeng Zhang <xufeng.zh...@windriver.com>
----
---- a/crypto/dh/dh_ameth.c
-+++ b/crypto/dh/dh_ameth.c
-@@ -139,6 +139,12 @@
-       dh=pkey->pkey.dh;
- 
-       str = ASN1_STRING_new();
-+      if (!str)
-+              {
-+              DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-+              goto err;
-+              }
-+
-       str->length = i2d_DHparams(dh, &str->data);
-       if (str->length <= 0)
-               {
---- a/crypto/dsa/dsa_ameth.c
-+++ b/crypto/dsa/dsa_ameth.c
-@@ -148,6 +148,11 @@
-               {
-               ASN1_STRING *str;
-               str = ASN1_STRING_new();
-+              if (!str)
-+                      {
-+                      DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-+                      goto err;
-+                      }
-               str->length = i2d_DSAparams(dsa, &str->data);
-               if (str->length <= 0)
-                       {
diff --git 
a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch 
b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
index 93ce034..0d3902f 100644
--- a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
@@ -6,16 +6,19 @@ Signed-Off-By: Nitin A Kamble <nitin.a.kam...@intel.com> 
2011/07/13
 
 ported the patch to the 1.0.0e version
 Signed-Off-By: Nitin A Kamble <nitin.a.kam...@intel.com> 2011/12/01
+
+ported the patch to the 1.0.0m version
+Signed-off-by: Brendan Le Foll <brendan.le.f...@intel.com> 2015/03/24
 Index: openssl-1.0.1e/Configure
 ===================================================================
 --- openssl-1.0.1e.orig/Configure
 +++ openssl-1.0.1e/Configure
 @@ -402,6 +402,7 @@ my %table=(
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall 
-no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK 
DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall 
-no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 
DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-x86_64",       "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 
-Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT 
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall 
-DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT 
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
- "linux64-s390x",      "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 
-Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT 
DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall 
-no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK 
DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall 
-no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 
DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-x86_64",       "gcc:-m64 -DL_ENDIAN -O3 
-Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT 
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall 
-DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT 
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
+ "linux64-s390x",      "gcc:-m64 -DB_ENDIAN -O3 
-Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT 
DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
  #### So called "highgprs" target for z/Architecture CPUs
  # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
 Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
@@ -26,65 +29,39 @@ Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
   *    machine.
   */
  
--#ifdef _WIN64
-+#if defined _WIN64 || !defined __LP64__
- #define BN_ULONG unsigned long long
- #else
- #define BN_ULONG unsigned long
-@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
-       asm (
-       "       subq    %2,%2           \n"
-       ".p2align 4                     \n"
--      "1:     movq    (%4,%2,8),%0    \n"
--      "       adcq    (%5,%2,8),%0    \n"
--      "       movq    %0,(%3,%2,8)    \n"
-+      "1:     movq    (%q4,%2,8),%0   \n"
-+      "       adcq    (%q5,%2,8),%0   \n"
-+      "       movq    %0,(%q3,%2,8)   \n"
-       "       leaq    1(%2),%2        \n"
-       "       loop    1b              \n"
-       "       sbbq    %0,%0           \n"
-@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
-       asm (
-       "       subq    %2,%2           \n"
-       ".p2align 4                     \n"
--      "1:     movq    (%4,%2,8),%0    \n"
--      "       sbbq    (%5,%2,8),%0    \n"
--      "       movq    %0,(%3,%2,8)    \n"
-+      "1:     movq    (%q4,%2,8),%0   \n"
-+      "       sbbq    (%q5,%2,8),%0   \n"
-+      "       movq    %0,(%q3,%2,8)   \n"
-       "       leaq    1(%2),%2        \n"
-       "       loop    1b              \n"
-       "       sbbq    %0,%0           \n"
+-# ifdef _WIN64
++# if defined _WIN64 || !defined __LP64__
+ #  define BN_ULONG unsigned long long
+ # else
+ #  define BN_ULONG unsigned long
 Index: openssl-1.0.1e/crypto/bn/bn.h
 ===================================================================
 --- openssl-1.0.1e.orig/crypto/bn/bn.h
 +++ openssl-1.0.1e/crypto/bn/bn.h
-@@ -172,6 +172,13 @@ extern "C" {
+@@ -173,6 +173,13 @@ extern "C" {
+ #  endif
  # endif
- #endif
  
 +/* Address type.  */
-+#ifdef _WIN64
-+#define BN_ADDR unsigned long long
-+#else
-+#define BN_ADDR unsigned long
-+#endif
++# ifdef _WIN64
++#   define BN_ADDR unsigned long long
++# else
++#   define BN_ADDR unsigned long
++# endif
 +
- /* assuming long is 64bit - this is the DEC Alpha
-  * unsigned long long is only 64 bits :-(, don't define
-  * BN_LLONG for the DEC Alpha */
+ /*
+  * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
+  * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
 Index: openssl-1.0.1e/crypto/bn/bn_exp.c
 ===================================================================
 --- openssl-1.0.1e.orig/crypto/bn/bn_exp.c
 +++ openssl-1.0.1e/crypto/bn/bn_exp.c
-@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
- 
- /* Given a pointer value, compute the next address that is a cache line 
multiple. */
+@@ -572,7 +572,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int 
top,
+  * multiple.
+  */
  #define MOD_EXP_CTIME_ALIGN(x_) \
--      ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 
(((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-+      ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 
(((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+-        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 
(((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
++        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 
(((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
  
- /* This variant of BN_mod_exp_mont() uses fixed windows and the special
-  * precomputation memory layout to limit data-dependency to a minimum
+ /*
+  * This variant of BN_mod_exp_mont() uses fixed windows and the special
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1j.bb 
b/meta/recipes-connectivity/openssl/openssl_1.0.1j.bb
deleted file mode 100644
index 2da18ae..0000000
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1j.bb
+++ /dev/null
@@ -1,57 +0,0 @@
-require openssl.inc
-
-# For target side versions of openssl enable support for OCF Linux driver
-# if they are available.
-DEPENDS += "cryptodev-linux"
-
-CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
-
-export DIRS = "crypto ssl apps engines"
-export OE_LDFLAGS="${LDFLAGS}"
-
-SRC_URI += "file://configure-targets.patch \
-            file://shared-libs.patch \
-            file://oe-ldflags.patch \
-            file://engines-install-in-libdir-ssl.patch \
-            file://openssl-fix-link.patch \
-            file://debian/version-script.patch \
-            file://debian/pic.patch \
-            file://debian/c_rehash-compat.patch \
-            file://debian/ca.patch \
-            file://debian/make-targets.patch \
-            file://debian/no-rpath.patch \
-            file://debian/man-dir.patch \
-            file://debian/man-section.patch \
-            file://debian/no-symbolic.patch \
-            file://debian/debian-targets.patch \
-            file://openssl_fix_for_x32.patch \
-            file://fix-cipher-des-ede3-cfb1.patch \
-            
file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
-            
file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
-            file://initial-aarch64-bits.patch \
-            file://find.pl \
-            file://openssl-fix-des.pod-error.patch \
-            file://Makefiles-ptest.patch \
-            file://ptest-deps.patch \
-            file://run-ptest \
-           "
-
-SRC_URI[md5sum] = "f7175c9cd3c39bb1907ac8bba9df8ed3"
-SRC_URI[sha256sum] = 
"1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3"
-
-PACKAGES =+ " \
-       ${PN}-engines \
-       ${PN}-engines-dbg \
-       "
-
-FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
-FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug"
-
-PARALLEL_MAKE = ""
-PARALLEL_MAKEINST = ""
-
-do_configure_prepend() {
-  cp ${WORKDIR}/find.pl ${S}/util/find.pl
-}
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1m.bb 
b/meta/recipes-connectivity/openssl/openssl_1.0.1m.bb
new file mode 100644
index 0000000..cab6b3f
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1m.bb
@@ -0,0 +1,56 @@
+require openssl.inc
+
+# For target side versions of openssl enable support for OCF Linux driver
+# if they are available.
+DEPENDS += "cryptodev-linux"
+
+CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
+
+export DIRS = "crypto ssl apps engines"
+export OE_LDFLAGS="${LDFLAGS}"
+
+SRC_URI += "file://configure-targets.patch \
+            file://shared-libs.patch \
+            file://oe-ldflags.patch \
+            file://engines-install-in-libdir-ssl.patch \
+            file://openssl-fix-link.patch \
+            file://debian/version-script.patch \
+            file://debian/pic.patch \
+            file://debian/c_rehash-compat.patch \
+            file://debian/ca.patch \
+            file://debian/make-targets.patch \
+            file://debian/no-rpath.patch \
+            file://debian/man-dir.patch \
+            file://debian/man-section.patch \
+            file://debian/no-symbolic.patch \
+            file://debian/debian-targets.patch \
+            file://openssl_fix_for_x32.patch \
+            file://fix-cipher-des-ede3-cfb1.patch \
+            
file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
+            file://initial-aarch64-bits.patch \
+            file://find.pl \
+            file://openssl-fix-des.pod-error.patch \
+            file://Makefiles-ptest.patch \
+            file://ptest-deps.patch \
+            file://run-ptest \
+           "
+
+SRC_URI[md5sum] = "d143d1555d842a069cb7cc34ba745a06"
+SRC_URI[sha256sum] = 
"095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74"
+
+PACKAGES =+ " \
+       ${PN}-engines \
+       ${PN}-engines-dbg \
+       "
+
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
+FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug"
+
+PARALLEL_MAKE = ""
+PARALLEL_MAKEINST = ""
+
+do_configure_prepend() {
+  cp ${WORKDIR}/find.pl ${S}/util/find.pl
+}
-- 
2.3.2

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Reply via email to