Fails with | /home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/bearssl/0.6-r0/recipe-sysroot-native/usr/bin/x86_64-poky-linux/../../libexec/x86_64-poky-linux/gcc/x86_64-poky-linux/10.1.0/ld: build/obj/rsa_i62_pub.o: warning: relocation against `br_rsa_i62_public' in read-only section `.text' | /home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/bearssl/0.6-r0/recipe-sysroot-native/usr/bin/x86_64-poky-linux/../../libexec/x86_64-poky-linux/gcc/x86_64-poky-linux/10.1.0/ld: build/obj/ec_prime_i15.o: relocation R_X86_64_PC32 against symbol `br_secp521r1' can not be used when making a shared object; recompile with -fPIC | /home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/core2-64-poky-linux/bearssl/0.6-r0/recipe-sysroot-native/usr/bin/x86_64-poky-linux/../../libexec/x86_64-poky-linux/gcc/x86_64-poky-linux/10.1.0/ld: final link failed: bad value | collect2: error: ld returned 1 exit status | make: *** [mk/Rules.mk:347: build/libbearssl.so] Error 1
see https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/507 On Thu, Aug 13, 2020 at 8:50 AM Jens Rehsack <[email protected]> wrote: > > Add recipe for BearSSL - an an implementation of the SSL/TLS protocol with > the approach of: > * Be correct and secure. > * Be small > * Be highly portable > * Be feature-rich and extensible > > See https://bearssl.org for more details. > > Signed-off-by: Jens Rehsack <[email protected]> > --- > ....mk-remove-fixed-command-definitions.patch | 57 +++++++++++++++++++ > ..._x509.c-fix-potential-overflow-issue.patch | 41 +++++++++++++ > .../bearssl/bearssl_0.6.bb | 31 ++++++++++ > 3 files changed, 129 insertions(+) > create mode 100644 > meta-networking/recipes-connectivity/bearssl/bearssl/0001-conf-Unix.mk-remove-fixed-command-definitions.patch > create mode 100644 > meta-networking/recipes-connectivity/bearssl/bearssl/0002-test-test_x509.c-fix-potential-overflow-issue.patch > create mode 100644 > meta-networking/recipes-connectivity/bearssl/bearssl_0.6.bb > > diff --git > a/meta-networking/recipes-connectivity/bearssl/bearssl/0001-conf-Unix.mk-remove-fixed-command-definitions.patch > > b/meta-networking/recipes-connectivity/bearssl/bearssl/0001-conf-Unix.mk-remove-fixed-command-definitions.patch > new file mode 100644 > index 000000000..00be22499 > --- /dev/null > +++ > b/meta-networking/recipes-connectivity/bearssl/bearssl/0001-conf-Unix.mk-remove-fixed-command-definitions.patch > @@ -0,0 +1,57 @@ > +From 4ba61c59d3488c263d106d486b656854a57ad79f Mon Sep 17 00:00:00 2001 > +From: Jens Rehsack <[email protected]> > +Date: Thu, 13 Aug 2020 15:26:30 +0200 > +Subject: [PATCH 1/2] conf/Unix.mk: remove fixed command definitions > + > +For cross compiling in Yocto or with appropriate SDKs, commands like > +`$CC` are reasonably predefined. > + > +Upstream-Status: Inappropriate > + > +Signed-off-by: Jens Rehsack <[email protected]> > +--- > + conf/Unix.mk | 10 +++------- > + 1 file changed, 3 insertions(+), 7 deletions(-) > + > +diff --git a/conf/Unix.mk b/conf/Unix.mk > +index 02f2b2b..05979fc 100644 > +--- a/conf/Unix.mk > ++++ b/conf/Unix.mk > +@@ -37,23 +37,19 @@ RM = rm -f > + MKDIR = mkdir -p > + > + # C compiler and flags. > +-CC = cc > +-CFLAGS = -W -Wall -Os -fPIC > + CCOUT = -c -o > + > + # Static library building tool. > +-AR = ar > + ARFLAGS = -rcs > + AROUT = > + > + # DLL building tool. > +-LDDLL = cc > ++LDDLL = $(CCLD) > + LDDLLFLAGS = -shared > + LDDLLOUT = -o > + > + # Static linker. > +-LD = cc > +-LDFLAGS = > ++LD = $(CCLD) > + LDOUT = -o > + > + # C# compiler; we assume usage of Mono. > +@@ -63,7 +59,7 @@ RUNT0COMP = mono T0Comp.exe > + # Set the values to 'no' to disable building of the corresponding element > + # by default. Building can still be invoked with an explicit target call > + # (e.g. 'make dll' to force build the DLL). > +-#STATICLIB = no > ++STATICLIB = no > + #DLL = no > + #TOOLS = no > + #TESTS = no > +-- > +2.17.1 > + > diff --git > a/meta-networking/recipes-connectivity/bearssl/bearssl/0002-test-test_x509.c-fix-potential-overflow-issue.patch > > b/meta-networking/recipes-connectivity/bearssl/bearssl/0002-test-test_x509.c-fix-potential-overflow-issue.patch > new file mode 100644 > index 000000000..94abd27fa > --- /dev/null > +++ > b/meta-networking/recipes-connectivity/bearssl/bearssl/0002-test-test_x509.c-fix-potential-overflow-issue.patch > @@ -0,0 +1,41 @@ > +From 542380a13f178d97851751b57054a6b5be555d1c Mon Sep 17 00:00:00 2001 > +From: Jens Rehsack <[email protected]> > +Date: Thu, 13 Aug 2020 16:16:44 +0200 > +Subject: [PATCH 2/2] test/test_x509.c: fix potential overflow issue > + > +Instead of doing a memcpy() which does static overflow checking, use > +snprintf() for string copying which does the check dynamically. > + > +Fixes: > +| In file included from .../recipe-sysroot/usr/include/string.h:519, > +| from test/test_x509.c:27: > +| In function 'memcpy', > +| inlined from 'parse_keyvalue' at test/test_x509.c:845:2, > +| inlined from 'process_conf_file' at test/test_x509.c:1360:7, > +| inlined from 'main' at test/test_x509.c:2038:2: > +| .../recipe-sysroot/usr/include/bits/string_fortified.h:34:10: warning: > '__builtin_memcpy' specified bound 4294967295 exceeds maximum object size > 2147483647 [-Wstringop-overflow=] > +| 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 > (__dest)); > +| | > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > + > +Signed-off-by: Jens Rehsack <[email protected]> > +--- > + test/test_x509.c | 3 +-- > + 1 file changed, 1 insertion(+), 2 deletions(-) > + > +diff --git a/test/test_x509.c b/test/test_x509.c > +index 2c61cf5..76f6ab9 100644 > +--- a/test/test_x509.c > ++++ b/test/test_x509.c > +@@ -842,8 +842,7 @@ parse_keyvalue(HT *d) > + return -1; > + } > + name = xmalloc(u + 1); > +- memcpy(name, buf, u); > +- name[u] = 0; > ++ snprintf(name, u, "%s", buf); > + if (HT_get(d, name) != NULL) { > + xfree(name); > + return -1; > +-- > +2.17.1 > + > diff --git a/meta-networking/recipes-connectivity/bearssl/bearssl_0.6.bb > b/meta-networking/recipes-connectivity/bearssl/bearssl_0.6.bb > new file mode 100644 > index 000000000..7bd0e549d > --- /dev/null > +++ b/meta-networking/recipes-connectivity/bearssl/bearssl_0.6.bb > @@ -0,0 +1,31 @@ > +SUMMARY = "BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) > written in C" > +DESCRIPTION = "BearSSL is an implementation of the SSL/TLS protocol (RFC \ > +5246) written in C. It aims at offering the following features: \ > + * Be correct and secure. In particular, insecure protocol versions and \ > + choices of algorithms are not supported, by design; cryptographic \ > + algorithm implementations are constant-time by default. \ > + * Be small, both in RAM and code footprint. For instance, a minimal \ > + server implementation may fit in about 20 kilobytes of compiled code \ > + and 25 kilobytes of RAM. \ > + * Be highly portable. BearSSL targets not only “big” operating systems \ > + like Linux and Windows, but also small embedded systems and even special > \ > + contexts like bootstrap code. \ > + * Be feature-rich and extensible. SSL/TLS has many defined cipher suites \ > + and extensions; BearSSL should implement most of them, and allow extra \ > + algorithm implementations to be added afterwards, possibly from third \ > + parties." > +HOMEPAGE = "https://bearssl.org"; > + > +SECTION = "libs" > + > +LICENSE = "MIT" > +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=1fc37e1037ae673975fbcb96a98f7191" > + > +SRCREV = "8ef7680081c61b486622f2d983c0d3d21e83caad" > +SRC_URI = "git://www.bearssl.org/git/BearSSL;protocol=https;nobranch=1 \ > + file://0001-conf-Unix.mk-remove-fixed-command-definitions.patch \ > + file://0002-test-test_x509.c-fix-potential-overflow-issue.patch \ > + " > + > +S = "${WORKDIR}/git" > +B = "${S}" > -- > 2.17.1 >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#86361): https://lists.openembedded.org/g/openembedded-devel/message/86361 Mute This Topic: https://lists.openembedded.org/mt/76170162/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
