On Wed, Dec 13, 2023 at 2:48 AM Ross Burton <[email protected]> wrote: > > From: Ross Burton <[email protected]> > > The assembler sections in OpenSSL were not marked as valid call targets, > so branch protection could not be enabled for libcrypto.so. > > Signed-off-by: Ross Burton <[email protected]> > --- > .../openssl/openssl/aarch64-bti.patch | 35 +++++++++++++++++++ > .../openssl/openssl_3.2.0.bb | 1 + > 2 files changed, 36 insertions(+) > create mode 100644 > meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch > > diff --git a/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch > b/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch > new file mode 100644 > index 00000000000..2a16debb76e > --- /dev/null > +++ b/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch > @@ -0,0 +1,35 @@ > +From ad347c9ff0fd93bdd2fa2085611c65b88e94829f Mon Sep 17 00:00:00 2001 > +From: "fangming.fang" <[email protected]> > +Date: Thu, 7 Dec 2023 06:17:51 +0000 > +Subject: [PATCH] Enable BTI feature for md5 on aarch64 > + > +Fixes: #22959 > + > +Reviewed-by: Tom Cosgrove <[email protected]> > +Reviewed-by: Tomas Mraz <[email protected]> > +(Merged from https://github.com/openssl/openssl/pull/22971) > + > +Upstream-Status: Backport > +Signed-off-by: Ross Burton <[email protected]> > +--- > + crypto/md5/asm/md5-aarch64.pl | 3 +++ > + 1 file changed, 3 insertions(+) > + > +diff --git a/crypto/md5/asm/md5-aarch64.pl b/crypto/md5/asm/md5-aarch64.pl > +index 3200a0fa9bff0..5a8608069691d 100755 > +--- a/crypto/md5/asm/md5-aarch64.pl > ++++ b/crypto/md5/asm/md5-aarch64.pl > +@@ -28,10 +28,13 @@ > + *STDOUT=*OUT; > + > + $code .= <<EOF; > ++#include "arm_arch.h" > ++ > + .text > + .globl ossl_md5_block_asm_data_order > + .type ossl_md5_block_asm_data_order,\@function > + ossl_md5_block_asm_data_order: > ++ AARCH64_VALID_CALL_TARGET > + // Save all callee-saved registers > + stp x19,x20,[sp,#-80]! > + stp x21,x22,[sp,#16] > diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.0.bb > b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb > index ab0562bd730..1c97d853f11 100644 > --- a/meta/recipes-connectivity/openssl/openssl_3.2.0.bb > +++ b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb > @@ -12,6 +12,7 @@ SRC_URI = > "http://www.openssl.org/source/openssl-${PV}.tar.gz \ > > file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ > file://0001-Configure-do-not-tweak-mips-cflags.patch \ > > file://0001-Added-handshake-history-reporting-when-test-fails.patch \ > + file://aarch64-bti.patch \
it looks funnily indented :) > " > > SRC_URI:append:class-nativesdk = " \ > -- > 2.34.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#192323): https://lists.openembedded.org/g/openembedded-core/message/192323 Mute This Topic: https://lists.openembedded.org/mt/103147125/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
