Hi, I got an issue with riscv32
| crypto/riscv32cpuid.s:77: Error: symbol `riscv_vlen_asm' is already defined 6703 It seems that it's due to OE that is applying a patch that has been upstreameder https://github.com/openssl/openssl/commit/8702320db98d1346c230aff1282ade3ecdca681a On Tue, 4 Jun 2024 at 22:37, Peter Marko via lists.openembedded.org <[email protected]> wrote: > > From: Peter Marko <[email protected]> > > Handles CVE-2024-4741 > > Removed included backports. > > Release information: > https://github.com/openssl/openssl/blob/openssl-3.3/NEWS.md#major-changes-between-openssl-330-and-openssl-331-4-jun-2024 > > Signed-off-by: Peter Marko <[email protected]> > --- > .../openssl/openssl/CVE-2024-4603.patch | 179 ------------------ > .../openssl/openssl/bti.patch | 58 ------ > .../{openssl_3.3.0.bb => openssl_3.3.1.bb} | 4 +- > 3 files changed, 1 insertion(+), 240 deletions(-) > delete mode 100644 > meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch > delete mode 100644 meta/recipes-connectivity/openssl/openssl/bti.patch > rename meta/recipes-connectivity/openssl/{openssl_3.3.0.bb => > openssl_3.3.1.bb} (98%) > > diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch > b/meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch > deleted file mode 100644 > index cdc3d0d503..0000000000 > --- a/meta/recipes-connectivity/openssl/openssl/CVE-2024-4603.patch > +++ /dev/null > @@ -1,179 +0,0 @@ > -From 53ea06486d296b890d565fb971b2764fcd826e7e Mon Sep 17 00:00:00 2001 > -From: Tomas Mraz <[email protected]> > -Date: Wed, 8 May 2024 15:23:45 +0200 > -Subject: [PATCH] Check DSA parameters for excessive sizes before validating > - > -This avoids overly long computation of various validation > -checks. > - > -Fixes CVE-2024-4603 > - > -Reviewed-by: Paul Dale <[email protected]> > -Reviewed-by: Matt Caswell <[email protected]> > -Reviewed-by: Neil Horman <[email protected]> > -Reviewed-by: Shane Lontis <[email protected]> > -(Merged from https://github.com/openssl/openssl/pull/24346) > - > -(cherry picked from commit 85ccbab216da245cf9a6503dd327072f21950d9b) > - > -<dropped CHANGES.md modifications as it would need backport of all previous > changes> > - > -CVE: CVE-2024-4603 > -Upstream-Status: Backport > [https://github.com/openssl/openssl/commit/53ea06486d296b890d565fb971b2764fcd826e7e] > -Signed-off-by: Peter Marko <[email protected]> > ---- > - crypto/dsa/dsa_check.c | 44 ++++++++++++-- > - .../invalid/p10240_q256_too_big.pem | 57 +++++++++++++++++++ > - 2 files changed, 97 insertions(+), 4 deletions(-) > - > -diff --git a/crypto/dsa/dsa_check.c b/crypto/dsa/dsa_check.c > -index 7b6d7df88f..e1375dfad9 100644 > ---- a/crypto/dsa/dsa_check.c > -+++ b/crypto/dsa/dsa_check.c > -@@ -19,8 +19,34 @@ > - #include "dsa_local.h" > - #include "crypto/dsa.h" > - > -+static int dsa_precheck_params(const DSA *dsa, int *ret) > -+{ > -+ if (dsa->params.p == NULL || dsa->params.q == NULL) { > -+ ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS); > -+ *ret = FFC_CHECK_INVALID_PQ; > -+ return 0; > -+ } > -+ > -+ if (BN_num_bits(dsa->params.p) > OPENSSL_DSA_MAX_MODULUS_BITS) { > -+ ERR_raise(ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE); > -+ *ret = FFC_CHECK_INVALID_PQ; > -+ return 0; > -+ } > -+ > -+ if (BN_num_bits(dsa->params.q) >= BN_num_bits(dsa->params.p)) { > -+ ERR_raise(ERR_LIB_DSA, DSA_R_BAD_Q_VALUE); > -+ *ret = FFC_CHECK_INVALID_PQ; > -+ return 0; > -+ } > -+ > -+ return 1; > -+} > -+ > - int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret) > - { > -+ if (!dsa_precheck_params(dsa, ret)) > -+ return 0; > -+ > - if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK) > - return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params, > - FFC_PARAM_TYPE_DSA, ret); > -@@ -39,6 +65,9 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, > int *ret) > - */ > - int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) > - { > -+ if (!dsa_precheck_params(dsa, ret)) > -+ return 0; > -+ > - return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret) > - && *ret == 0; > - } > -@@ -50,6 +79,9 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM > *pub_key, int *ret) > - */ > - int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, > int *ret) > - { > -+ if (!dsa_precheck_params(dsa, ret)) > -+ return 0; > -+ > - return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret) > - && *ret == 0; > - } > -@@ -58,8 +90,10 @@ int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM > *priv_key, int *ret) > - { > - *ret = 0; > - > -- return (dsa->params.q != NULL > -- && ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret)); > -+ if (!dsa_precheck_params(dsa, ret)) > -+ return 0; > -+ > -+ return ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret); > - } > - > - /* > -@@ -72,8 +106,10 @@ int ossl_dsa_check_pairwise(const DSA *dsa) > - BN_CTX *ctx = NULL; > - BIGNUM *pub_key = NULL; > - > -- if (dsa->params.p == NULL > -- || dsa->params.g == NULL > -+ if (!dsa_precheck_params(dsa, &ret)) > -+ return 0; > -+ > -+ if (dsa->params.g == NULL > - || dsa->priv_key == NULL > - || dsa->pub_key == NULL) > - return 0; > -diff --git > a/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem > b/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem > -new file mode 100644 > -index 0000000000..e85e2953b7 > ---- /dev/null > -+++ b/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem > -@@ -0,0 +1,57 @@ > -+-----BEGIN DSA PARAMETERS----- > -+MIIKLAKCBQEAym47LzPFZdbz16WvjczLKuzLtsP8yRk/exxL4bBthJhP1qOwctja > -+p1586SF7gDxCMn7yWVEYdfRbFefGoq0gj1XOE917XqlbnkmZhMgxut2KbNJo/xil > -+XNFUjGvKs3F413U9rAodC8f07cWHP1iTcWL+vPe6u2yilKWYYfnLWHQH+Z6aPrrF > -+x/R08LI6DZ6nEsIo+hxaQnEtx+iqNTJC6Q1RIjWDqxQkFVTkJ0Y7miRDXmRdneWk > -+oLrMZRpaXr5l5tSjEghh1pBgJcdyOv0lh4dlDy/alAiqE2Qlb667yHl6A9dDPlpW > -+dAntpffy4LwOxfbuEhISvKjjQoBwIvYE4TBPqL0Q6bC6HgQ4+tqd9b44pQjdIQjb > -+Xcjc6azheITSnPEex3OdKtKoQeRq01qCeLBpMXu1c+CTf4ApKArZvT3vZSg0hM1O > -+pR71bRZrEEegDj0LH2HCgI5W6H3blOS9A0kUTddCoQXr2lsVdiPtRbPKH1gcd9FQ > -+P8cGrvbakpTiC0dCczOMDaCteM1QNILlkM7ZoV6VghsKvDnFPxFsiIr5GgjasXP5 > -+hhbn3g7sDoq1LiTEo+IKQY28pBWx7etSOSRuXW/spnvCkivZla7lSEGljoy9QlQ2 > -+UZmsEQI9G3YyzgpxHvKZBK1CiZVTywdYKTZ4TYCxvqzhYhjv2bqbpjI12HRFLojB > -+koyEmMSp53lldCzp158PrIanqSp2rksMR8SmmCL3FwfAp2OjqFMEglG9DT8x0WaN > -+TLSkjGC6t2csMte7WyU1ekNoFDKfMjDSAz0+xIx21DEmZtYqFOg1DNPK1xYLS0pl > -+RSMRRkJVN2mk/G7/1oxlB8Wb9wgi3GKUqqCYT11SnBjzq0NdoJ3E4GMedp5Lx3AZ > -+4mFuRPUd4iV86tE0XDSHSFE7Y3ZkrOjD7Q/26/L53L/UH5z4HW6CHP5os7QERJjg > -+c1S3x87wXWo9QXbB9b2xmf+c+aWwAAr1cviw38tru58jF3/IGyduj9H8claKQqBG > -+cIOUF4aNe1hK2K3ArAOApUxr4KE+tCvrltRfiTmVFip0g9Jt1CPY3Zu7Bd4Z2ZkE > -+DtSztpwa49HrWF5E9xpquvBL2U8jQ68E7Xd8Wp4orI/TIChriamBmdkgRz3H2LvN > -+Ozb6+hsnEGrz3sp2RVAToSqA9ysa6nHZdfufPNtMEbQdO/k1ehmGRb0ljBRsO6b2 > -+rsG2eYuC8tg8eCrIkua0TGRI7g6a4K32AJdzaX6NsISaaIW+OYJuoDSscvD3oOg8 > -+PPEhU+zM7xJskTA+jxvPlikKx8V7MNHOCQECldJlUBwzJvqp40JvwfnDsF+8VYwd > -+UaiieR3pzMzyTjpReXRmZbnRPusRcsVzxb2OhB79wmuy4UPjjQBX+7eD0rs8xxvW > -+5a5q1Cjq4AvbwmmcA/wDrHDOjcbD/zodad2O1QtBWa/R4xyWea4zKsflgACE1zY9 > -+wW2br7+YQFekcrXkkkEzgxd6zxv8KVEDpXRZjmAM1cI5LvkoN64To4GedN8Qe/G7 > -+R9SZh9gnS17PTP64hK+aYqhFafMdu87q/+qLfxaSux727qE5hiW01u4nnWhACf9s > -+xuOozowKqxZxkolMIyZv6Lddwy1Zv5qjCyd0DvM/1skpXWkb9kfabYC+OhjsjVhs > -+0Ktfs6a5B3eixiw5x94hhIcTEcS4hmvhGUL72FiTca6ZeSERTKmNBy8CIQC9/ZUN > -+uU/V5JTcnYyUGHzm7+XcZBjyGBagBj9rCmW3SQKCBQAJ/k9rb39f1cO+/3XDEMjy > -+9bIEXSuS48g5RAc1UGd5nrrBQwuDxGWFyz0yvAY7LgyidZuJS21+MAp9EY7AOMmx > -+TDttifNaBJYt4GZ8of166PcqTKkHQwq5uBpxeSDv/ZE8YbYfaCtLTcUC8KlO+l36 > -+gjJHSkdkflSsGy1yObSNDQDfVAAwQs//TjDMnuEtvlNXZllsTvFFBceXVETn10K2 > -+ZMmdSIJNfLnjReUKEN6PfeGqv7F4xoyGwUybEfRE4u5RmXrqCODaIjY3SNMrOq8B > -+R3Ata/cCozsM1jIdIW2z+OybDJH+BYsYm2nkSZQjZS6javTYClLrntEKG/hAQwL8 > -+F16YLOQXpHhgiAaWnTZzANtLppB2+5qCVy5ElzKongOwT8JTjTFXOaRnqe/ngm9W > -+SSbrxfDaoWUOyK9XD8Cydzpv3n4Y8nWNGayi7/yAFCU36Ri040ufgv/TZLuKacnl > -++3ga3ZUpRlSigzx0kb1+KjTSWeQ8vE/psdWjvBukVEbzdUauMLyRLo/6znSVvvPX > -+UGhviThE5uhrsUg+wEPFINriSHfF7JDKVhDcJnLBdaXvfN52pkF/naLBF5Rt3Gvq > -+fjCxjx0Sy9Lag1hDN4dor7dzuO7wmwOS01DJW1PtNLuuH0Bbqh1kYSaQkmyXBZWX > -+qo8K3nkoDM0niOtJJubOhTNrGmSaZpNXkK3Mcy9rBbdvEs5O0Jmqaax/eOdU0Yot > -+B3lX+3ddOseT2ZEFjzObqTtkWuFBeBxuYNcRTsu3qMdIBsEb8URQdsTtjoIja2fK > -+hreVgjK36GW70KXEl8V/vq5qjQulmqkBEjmilcDuiREKqQuyeagUOnhQaBplqVco > -+4xznh5DMBMRbpGb5lHxKv4cPNi+uNAJ5i98zWUM1JRt6aXnRCuWcll1z8fRZ+5kD > -+vK9FaZU3VRMK/eknEG49cGr8OuJ6ZRSaC+tKwV1y+amkSZpKPWnk2bUnQI3ApJv3 > -+k1e1EToeECpMUkLMDgNbpKBoz4nqMEvAAlYgw9xKNbLlQlahqTVEAmaJHh4yDMDy > -+i7IZ9Wrn47IGoR7s3cvhDHUpRPeW4nsmgzj+tf5EAxemI61STZJTTWo0iaPGJxct > -+9nhOOhw1I38Mvm4vkAbFH7YJ0B6QrjjYL2MbOTp5JiIh4vdOeWwNo9/y4ffyaN5+ > -+ADpxuuIAmcbdr6GPOhkOFFixRJa0B2eP1i032HESlLs8RB9oYtdTXdXQotnIgJGd > -+Y8tSKOa1zjzeLHn3AVpRZTUW++/BxmApV3GKIeG8fsUjg/df0QRrBcdC/1uccdaG > -+KKlAOwlywVn5jUlwHkTmDiTM9w5AqVVGHZ2b+4ZgQW8jnPKN0SrKf6U555D+zp7E > -+x4uXoE8ojN9y8m8UKf0cTLnujH2XgZorjPfuMOt5VZEhQFMS2QaljSeni5CJJ8gk > -+XtztNqfBlAtWR4V5iAHeQOfIB2YaOy8GESda89tyKraKeaez41VblpTVHTeq9IIF > -+YB4cQA2PfuNaGVRGLMAgT3Dvl+mxxxeJyxnGAiUcETU/jJJt9QombiuszBlYGQ5d > -+ELOSm/eQSRARV9zNSt5jaQlMSjMBqenIEM09BzYqa7jDwqoztFxNdO8bcuQPuKwa > -+4z3bBZ1yYm63WFdNbQqqGEwc0OYmqg1raJ0zltgHyjFyw8IGu4g/wETs+nVQcH7D > -+vKuje86bePD6kD/LH3wmkA== > -+-----END DSA PARAMETERS----- > --- > -2.30.2 > - > diff --git a/meta/recipes-connectivity/openssl/openssl/bti.patch > b/meta/recipes-connectivity/openssl/openssl/bti.patch > deleted file mode 100644 > index 748576c30c..0000000000 > --- a/meta/recipes-connectivity/openssl/openssl/bti.patch > +++ /dev/null > @@ -1,58 +0,0 @@ > -From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001 > -From: Tom Cosgrove <[email protected]> > -Date: Tue, 26 Mar 2024 13:18:00 +0000 > -Subject: [PATCH] aarch64: fix BTI in bsaes assembly code > - > -In Arm systems where BTI is enabled but the Crypto extensions are not (more > -likely in FVPs than in real hardware), the bit-sliced assembler code will > -be used. However, this wasn't annotated with BTI instructions when BTI was > -enabled, so the moment libssl jumps into this code it (correctly) aborts. > - > -Solve this by adding the missing BTI landing pads. > - > -Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982] > -Signed-off-by: Ross Burton <[email protected]> > ---- > - crypto/aes/asm/bsaes-armv8.pl | 5 ++++- > - 1 file changed, 4 insertions(+), 1 deletion(-) > - > -diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl > -index b3c97e439f..c3c5ff3e05 100644 > ---- a/crypto/aes/asm/bsaes-armv8.pl > -+++ b/crypto/aes/asm/bsaes-armv8.pl > -@@ -1018,6 +1018,7 @@ _bsaes_key_convert: > - // Initialisation vector overwritten with last quadword of ciphertext > - // No output registers, usual AAPCS64 register preservation > - ossl_bsaes_cbc_encrypt: > -+ AARCH64_VALID_CALL_TARGET > - cmp x2, #128 > - bhs .Lcbc_do_bsaes > - b AES_cbc_encrypt > -@@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt: > - // Output text filled in > - // No output registers, usual AAPCS64 register preservation > - ossl_bsaes_ctr32_encrypt_blocks: > -- > -+ AARCH64_VALID_CALL_TARGET > - cmp x2, #8 // use plain AES for > - blo .Lctr_enc_short // small sizes > - > -@@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks: > - // Output ciphertext filled in > - // No output registers, usual AAPCS64 register preservation > - ossl_bsaes_xts_encrypt: > -+ AARCH64_VALID_CALL_TARGET > - // Stack layout: > - // sp -> > - // nrounds*128-96 bytes: key schedule > -@@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt: > - // Output plaintext filled in > - // No output registers, usual AAPCS64 register preservation > - ossl_bsaes_xts_decrypt: > -+ AARCH64_VALID_CALL_TARGET > - // Stack layout: > - // sp -> > - // nrounds*128-96 bytes: key schedule > --- > -2.34.1 > - > diff --git a/meta/recipes-connectivity/openssl/openssl_3.3.0.bb > b/meta/recipes-connectivity/openssl/openssl_3.3.1.bb > similarity index 98% > rename from meta/recipes-connectivity/openssl/openssl_3.3.0.bb > rename to meta/recipes-connectivity/openssl/openssl_3.3.1.bb > index a361185b65..a8746842b2 100644 > --- a/meta/recipes-connectivity/openssl/openssl_3.3.0.bb > +++ b/meta/recipes-connectivity/openssl/openssl_3.3.1.bb > @@ -13,15 +13,13 @@ SRC_URI = > "http://www.openssl.org/source/openssl-${PV}.tar.gz \ > file://0001-Configure-do-not-tweak-mips-cflags.patch \ > > file://0001-Added-handshake-history-reporting-when-test-fails.patch \ > file://0001-Implement-riscv_vlen_asm-for-riscv32.patch \ > - file://bti.patch \ > - file://CVE-2024-4603.patch \ > " > > SRC_URI:append:class-nativesdk = " \ > file://environment.d-openssl.sh \ > " > > -SRC_URI[sha256sum] = > "53e66b043322a606abf0087e7699a0e033a37fa13feb9742df35c3a33b18fb02" > +SRC_URI[sha256sum] = > "777cd596284c883375a2a7a11bf5d2786fc5413255efab20c50d6ffe6d020b7e" > > inherit lib_package multilib_header multilib_script ptest perlnative manpages > MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" > -- > 2.30.2 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#201003): https://lists.openembedded.org/g/openembedded-core/message/201003 Mute This Topic: https://lists.openembedded.org/mt/106490812/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
