From: Richard Purdie <[email protected]> Fix an issue introduced in the new openssl version where an assembler file isn't generated in a reproducible way by seeding the perl random number generator consistently. It has no crypto impact, it is just used to avoid function name clashes.
Signed-off-by: Richard Purdie <[email protected]> (backported from 448df3e1c02fe224d62f59a236fdcd47ea7e695f http://cgit.openembedded.org/openembedded-core master) Signed-off-by: Maik Otto <[email protected]> --- .../openssl/openssl/fix_random_labels.patch | 22 +++++++++++++++++++ .../openssl/openssl_3.1.0.bb | 1 + 2 files changed, 23 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch diff --git a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch b/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch new file mode 100644 index 0000000000..78dcd81685 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch @@ -0,0 +1,22 @@ +The perl script adds random suffixes to the local function names to ensure +it doesn't clash with other parts of openssl. Set the random number seed +to something predictable so the assembler files are generated consistently +and our own reproducible builds tests pass. + +Upstream-Status: Pending +Signed-off-by: Richard Purdie <[email protected]> + +Index: openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl +=================================================================== +--- openssl-3.1.0.orig/crypto/modes/asm/aes-gcm-avx512.pl ++++ openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl +@@ -191,6 +191,9 @@ my $CTX_OFFSET_HTable = (16 * 6); + # ;;; Helper functions + # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ++# Ensure the local labels are reproduicble ++srand(10000); ++ + # ; Generates "random" local labels + sub random_string() { + my @chars = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '_'); diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.0.bb b/meta/recipes-connectivity/openssl/openssl_3.1.0.bb index b7251cb68e..dd58597773 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.1.0.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.1.0.bb @@ -14,6 +14,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://CVE-2023-0464.patch \ file://CVE-2023-0465.patch \ file://CVE-2023-0466.patch \ + file://fix_random_labels.patch \ " SRC_URI:append:class-nativesdk = " \ -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#181176): https://lists.openembedded.org/g/openembedded-core/message/181176 Mute This Topic: https://lists.openembedded.org/mt/98846330/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
