openssl-qoriq: add version 1.1.0hpyro-fnc-el7

author: Cristian Bercaru <cristian.bercaru@enea.com> 2018-05-14 15:09:15 +0200
committer: Cristian Bercaru <cristian.bercaru@enea.com> 2018-05-14 15:09:15 +0200
commit: c4127de63ca38ca6bdcfb8b75c84589ab887893f (patch)
tree: 1af5f1e669eeaafbd19e470094fb725283094271 /openssl-1.1.0h.patch
parent: 522cbc53e56efb9ca3b9b775e8ee1bb095fc220a (diff)
download: meta-freescale-pyro-fnc-el7.tar.gz
1 files changed, 409 insertions, 0 deletions
diff --git a/openssl-1.1.0h.patch b/openssl-1.1.0h.patch
new file mode 100644
index 00000000..0cb5a1a8
--- /dev/null
+++ b/openssl-1.1.0h.patch
@@ -0,0 +1,409 @@
+diff --git a/recipes-connectivity/openssl/openssl-qoriq/perlpath.pl b/recipes-connectivity/openssl/openssl-qoriq/perlpath.pl
+new file mode 100755
+index 0000000..79d4a40
+--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/perlpath.pl
+@@ -0,0 +1,35 @@
+#!/media/data/fb/daaz/p2040/tmp/work/ppce500mc-qoriq-poky-linux/openssl-qoriq/1.0.2l-r0/recipe-sysroot-native/usr/bin/perl
+#
+# modify the '#!/usr/local/bin/perl'
+# line in all scripts that rely on perl.
+#
+
+require "find.pl";
+
+$#ARGV == 0 || print STDERR "usage: perlpath newpath  (eg /usr/bin)\n";
+&find(".");
+
+sub wanted
+       {
+       return unless /\.pl$/ || /^[Cc]onfigur/;
+
+       open(IN,"<$_") || die "unable to open $dir/$_:$!\n";
+       @a=<IN>;
+       close(IN);
+
+       if (-d $ARGV[0]) {
+               $a[0]="#!$ARGV[0]/perl\n";
+       }
+       else {
+               $a[0]="#!$ARGV[0]\n";
+       }
+
+       # Playing it safe...
+       $new="$_.new";
+       open(OUT,">$new") || die "unable to open $dir/$new:$!\n";
+       print OUT @a;
+       close(OUT);
+
+       rename($new,$_) || die "unable to rename $dir/$new:$!\n";
+       chmod(0755,$_) || die "unable to chmod $dir/$new:$!\n";
+       }
+diff --git a/recipes-connectivity/openssl/openssl-qoriq/run-ptest.new b/recipes-connectivity/openssl/openssl-qoriq/run-ptest.new
+new file mode 100644
+index 0000000..65c6cc7
+--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq/run-ptest.new
+@@ -0,0 +1,4 @@
+#!/bin/sh
+cd test
+OPENSSL_ENGINES=../engines BLDTOP=.. SRCTOP=.. perl run_tests.pl
+cd ..
+diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.bb b/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.bb
+new file mode 100644
+index 0000000..53a2181
+--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.bb
+@@ -0,0 +1,79 @@
+require openssl-qoriq_1.1.0h.inc
+
+DISABLE_STATIC = ""
+# For target side versions of openssl enable support for OCF Linux driver
+# if they are available.
+DEPENDS += "cryptodev-linux"
+
+CFLAGS += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
+
+SRC_URI[md5sum] = "5271477e4d93f4ea032b665ef095ff24"
+
+export DIRS = "crypto ssl apps engines"
+export OE_LDFLAGS="${LDFLAGS}"
+
+SRC_URI = " \
+           https://www.openssl.org/source/openssl-1.1.0h.tar.gz \
+           file://openssl-c_rehash.sh \
+           file://run-ptest \
+           file://perlpath.pl \
+           file://find.pl \
+           file://debian/pic.patch \
+           file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
+           file://openssl-1.0.2a-x32-asm.patch \
+    "
+#            file://0001-Fix-build-with-clang-using-external-assembler.patch \
+#            file://Use-SHA256-not-MD5-as-default-digest.patch \
+#            file://openssl-util-perlpath.pl-cwd.patch \
+#            file://parallel.patch \
+#            file://configure-musl-target.patch \
+#            file://ptest_makefile_deps.patch \
+#            file://ptest-deps.patch \
+#            file://Makefiles-ptest.patch \
+#            file://openssl-fix-des.pod-error.patch \
+#            file://openssl_fix_for_x32.patch \
+#            file://debian1.0.2/soname.patch \
+#            file://debian1.0.2/version-script.patch \
+#            file://debian/no-symbolic.patch \
+#            file://debian/no-rpath.patch \
+#            file://debian/man-dir.patch \
+#            file://debian/man-section.patch \
+#            file://debian/debian-targets.patch \
+#            file://debian/c_rehash-compat.patch \
+#            file://debian/ca.patch \
+#            file://debian1.0.2/block_digicert_malaysia.patch \
+#            file://debian1.0.2/block_diginotar.patch \
+#            file://engines-install-in-libdir-ssl.patch \
+#            file://oe-ldflags.patch \
+#            file://shared-libs.patch \
+#            file://configure-targets.patch
+#
+
+S = "${WORKDIR}/openssl-1.1.0h/"
+
+PACKAGES =+ "${PN}-engines"
+
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines ${libdir}/engines-1.1/*.so"
+
+# The crypto_use_bigint patch means that perl's bignum module needs to be
+# installed, but some distributions (for example Fedora 23) don't ship it by
+# default.  As the resulting error is very misleading check for bignum before
+# building.
+do_configure_prepend() {
+    mkdir -p ${S}/util/
+    cp ${WORKDIR}/perlpath.pl ${S}/util/
+    cp ${WORKDIR}/find.pl ${S}/util/
+       if ! perl -Mbigint -e true; then
+               bbfatal "The perl module 'bignum' was not found but this is required to build openssl.  Please install this module (often packaged as perl-bignum) and re-run bitbake."
+       fi
+}
+
+do_compile_ptest_base() {
+    echo
+}
+
+TARGET_CC_ARCH += "${LDFLAGS}"
+
+COMPATIBLE_MACHINE = "(qoriq)"
+diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.inc b/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.inc
+new file mode 100644
+index 0000000..f58774f
+--- /dev/null
+++ b/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.inc
+@@ -0,0 +1,267 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+# "openssl | SSLeay" dual license
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
+
+DEPENDS = "makedepend-native hostperl-runtime-native"
+DEPENDS_append_class-target = " openssl-native"
+
+PROVIDES = "openssl"
+
+python() {
+    pkgs = d.getVar('PACKAGES', True).split()
+    for p in pkgs:
+        if 'openssl-qoriq' in p:
+            d.appendVar("RPROVIDES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
+            d.appendVar("RCONFLICTS_%s" % p, p.replace('openssl-qoriq', 'openssl'))
+            d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
+}
+
+SRC_URI = "git://source.codeaurora.org/external/qoriq/qoriq-components/openssl;nobranch=1"
+
+S = "${WORKDIR}/git"
+
+PACKAGECONFIG[perl] = ",,,"
+
+TERMIO_libc-musl = "-DTERMIOS"
+TERMIO ?= "-DTERMIO"
+# Avoid binaries being marked as requiring an executable stack since it
+# doesn't(which causes and this causes issues with SELinux
+CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
+        ${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack"
+
+export DIRS = "crypto ssl apps"
+export EX_LIBS = "-lgcc -ldl"
+export AS = "${CC} -c"
+
+inherit pkgconfig siteinfo multilib_header ptest relative_symlinks
+
+PACKAGES =+ "libcrypto libssl ${PN}-misc ${PN}-conf"
+FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl${SOLIBS}"
+FILES_${PN} =+ " ${libdir}/ssl/*"
+FILES_${PN}-misc = "${libdir}/ssl/misc"
+RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
+
+PROVIDES += "openssl10"
+
+# Add the openssl.cnf file to the openssl-conf package.  Make the libcrypto
+# package RRECOMMENDS on this package.  This will enable the configuration
+# file to be installed for both the base openssl package and the libcrypto
+# package since the base openssl package depends on the libcrypto package.
+FILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf"
+CONFFILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf"
+RRECOMMENDS_libcrypto += "${PN}-conf"
+RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
+
+# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
+# vulnerability
+EXTRA_OECONF = " -no-ssl3"
+
+do_configure_prepend_darwin () {
+       sed -i -e '/version-script=openssl\.ld/d' Configure
+}
+
+do_configure () {
+       cd util
+       perl perlpath.pl ${STAGING_BINDIR_NATIVE}
+       cd ..
+       ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
+
+       os=${HOST_OS}
+       case $os in
+       linux-uclibc |\
+       linux-uclibceabi |\
+       linux-gnueabi |\
+       linux-uclibcspe |\
+       linux-gnuspe |\
+       linux-musl*)
+               os=linux
+               ;;
+               *)
+               ;;
+       esac
+       target="$os-${HOST_ARCH}"
+       case $target in
+       linux-arm)
+               target=linux-armv4
+               ;;
+       linux-armeb)
+               target=linux-elf-armeb
+               ;;
+       linux-aarch64*)
+               target=linux-aarch64
+               ;;
+       linux-sh3)
+               target=debian-sh3
+               ;;
+       linux-sh4)
+               target=debian-sh4
+               ;;
+       linux-i486)
+               target=debian-i386-i486
+               ;;
+       linux-i586 | linux-viac3)
+               target=debian-i386-i586
+               ;;
+       linux-i686)
+               target=debian-i386-i686/cmov
+               ;;
+       linux-gnux32-x86_64)
+               target=linux-x32
+               ;;
+       linux-gnu64-x86_64)
+               target=linux-x86_64
+               ;;
+       linux-gnun32-mips*el)
+               target=debian-mipsn32el
+               ;;
+       linux-gnun32-mips*)
+               target=debian-mipsn32
+               ;;
+       linux-mips*64*el)
+               target=debian-mips64el
+               ;;
+       linux-mips*64*)
+               target=debian-mips64
+               ;;
+       linux-mips*el)
+               target=debian-mipsel
+               ;;
+       linux-mips*)
+               target=debian-mips
+               ;;
+       linux-microblaze*|linux-nios2*)
+               target=linux-generic32
+               ;;
+       linux-powerpc)
+               target=linux-ppc
+               ;;
+       linux-powerpc64)
+               target=linux-ppc64
+               ;;
+       linux-supersparc)
+               target=linux-sparcv8
+               ;;
+       linux-sparc)
+               target=linux-sparcv8
+               ;;
+       darwin-i386)
+               target=darwin-i386-cc
+               ;;
+       esac
+       # inject machine-specific flags
+       sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
+        useprefix=${prefix}
+        if [ "x$useprefix" = "x" ]; then
+                useprefix=/
+        fi
+       perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
+}
+
+do_compile_prepend_class-target () {
+    sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
+}
+
+do_compile () {
+       oe_runmake depend
+       oe_runmake
+}
+
+do_compile_ptest () {
+       # build dependencies for test directory too
+        rm  -rf test/ssltest_old
+        rm  -rf test/x509aux
+        rm  -rf test/v3ext
+       export DIRS="$DIRS test"
+       oe_runmake depend
+       oe_runmake buildtest
+}
+
+do_install () {
+       # Create ${D}/${prefix} to fix parallel issues
+       mkdir -p ${D}/${prefix}/
+
+       oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" DESTDIR="${D}" install
+
+       oe_libinstall -so libcrypto ${D}${libdir}
+       oe_libinstall -so libssl ${D}${libdir}
+       oe_libinstall -so capi ${D}${libdir}
+       oe_libinstall -so padlock ${D}${libdir}
+
+       install -d ${D}${includedir}
+       cp --dereference -R include/openssl ${D}${includedir}
+
+       install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
+       sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
+
+       oe_multilib_header openssl/opensslconf.h
+       if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then
+               sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
+               sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
+       else
+               rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
+       fi
+
+       # Create SSL structure
+       install -d ${D}${sysconfdir}/ssl/
+       mv ${D}${libdir}/ssl/openssl.cnf \
+          ${D}${libdir}/ssl/certs \
+          ${D}${libdir}/ssl/private \
+          \
+          ${D}${sysconfdir}/ssl/
+       ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
+       ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
+       ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
+}
+
+do_install_ptest () {
+    # cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
+    cp -r -L Makefile test ${D}${PTEST_PATH}
+
+        # Replace the path to native perl with the path to target perl
+        sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile
+
+       cp Configure config e_os.h ${D}${PTEST_PATH}
+       cp -r -L include ${D}${PTEST_PATH}
+       ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
+       ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
+       mkdir -p ${D}${PTEST_PATH}/crypto
+       cp include/internal/constant_time_locl.h ${D}${PTEST_PATH}/crypto
+       cp -r demos/certs ${D}${PTEST_PATH}
+       mkdir -p ${D}${PTEST_PATH}/apps
+       ln -sf ${libdir}/ssl/misc/CA.sh  ${D}${PTEST_PATH}/apps
+       ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+       ln -sf ${bindir}/openssl         ${D}${PTEST_PATH}/apps
+       cp apps/server.pem              ${D}${PTEST_PATH}/apps
+       cp apps/server2.pem             ${D}${PTEST_PATH}/apps
+       mkdir -p ${D}${PTEST_PATH}/util
+       install util/opensslwrap.sh    ${D}${PTEST_PATH}/util
+       install util/shlib_wrap.sh     ${D}${PTEST_PATH}/util
+       # Time stamps are relevant for "make alltests", otherwise
+       # make may try to recompile binaries. Not only must the
+       # binary files be newer than the sources, they also must
+       # be more recent than the header files in /usr/include.
+       #
+       # Using "cp -a" is not sufficient, because do_install
+       # does not preserve the original time stamps.
+       #
+       # So instead of using the original file stamps, we set
+       # the current time for all files. Binaries will get
+       # modified again later when stripping them, but that's okay.
+       touch ${D}${PTEST_PATH}
+       find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
+}
+
+do_install_append_class-native() {
+       create_wrapper ${D}${bindir}/openssl \
+           OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
+           SSL_CERT_DIR=${libdir}/ssl/certs \
+           SSL_CERT_FILE=${libdir}/ssl/cert.pem \
+           OPENSSL_ENGINES=${libdir}/ssl/engines
+}
author	Cristian Bercaru <cristian.bercaru@enea.com>	2018-05-14 15:09:15 +0200
committer	Cristian Bercaru <cristian.bercaru@enea.com>	2018-05-14 15:09:15 +0200
commit	c4127de63ca38ca6bdcfb8b75c84589ab887893f (patch)
tree	1af5f1e669eeaafbd19e470094fb725283094271 /openssl-1.1.0h.patch
parent	522cbc53e56efb9ca3b9b775e8ee1bb095fc220a (diff)
download	meta-freescale-pyro-fnc-el7.tar.gz

diff --git a/openssl-1.1.0h.patch b/openssl-1.1.0h.patch new file mode 100644 index 00000000..0cb5a1a8 --- /dev/null +++ b/openssl-1.1.0h.patch
@@ -0,0 +1,409 @@
	1	diff --git a/recipes-connectivity/openssl/openssl-qoriq/perlpath.pl b/recipes-connectivity/openssl/openssl-qoriq/perlpath.pl
	2	new file mode 100755
	3	index 0000000..79d4a40
	4	--- /dev/null
	5	+++ b/recipes-connectivity/openssl/openssl-qoriq/perlpath.pl
	6	@@ -0,0 +1,35 @@
	7	+#!/media/data/fb/daaz/p2040/tmp/work/ppce500mc-qoriq-poky-linux/openssl-qoriq/1.0.2l-r0/recipe-sysroot-native/usr/bin/perl
	8	+#
	9	+# modify the '#!/usr/local/bin/perl'
	10	+# line in all scripts that rely on perl.
	11	+#
	12	+
	13	+require "find.pl";
	14	+
	15	+$#ARGV == 0 \|\| print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
	16	+&find(".");
	17	+
	18	+sub wanted
	19	+ {
	20	+ return unless /\.pl$/ \|\| /^[Cc]onfigur/;
	21	+
	22	+ open(IN,"<$_") \|\| die "unable to open $dir/$_:$!\n";
	23	+ @a=<IN>;
	24	+ close(IN);
	25	+
	26	+ if (-d $ARGV[0]) {
	27	+ $a[0]="#!$ARGV[0]/perl\n";
	28	+ }
	29	+ else {
	30	+ $a[0]="#!$ARGV[0]\n";
	31	+ }
	32	+
	33	+ # Playing it safe...
	34	+ $new="$_.new";
	35	+ open(OUT,">$new") \|\| die "unable to open $dir/$new:$!\n";
	36	+ print OUT @a;
	37	+ close(OUT);
	38	+
	39	+ rename($new,$_) \|\| die "unable to rename $dir/$new:$!\n";
	40	+ chmod(0755,$_) \|\| die "unable to chmod $dir/$new:$!\n";
	41	+ }
	42	diff --git a/recipes-connectivity/openssl/openssl-qoriq/run-ptest.new b/recipes-connectivity/openssl/openssl-qoriq/run-ptest.new
	43	new file mode 100644
	44	index 0000000..65c6cc7
	45	--- /dev/null
	46	+++ b/recipes-connectivity/openssl/openssl-qoriq/run-ptest.new
	47	@@ -0,0 +1,4 @@
	48	+#!/bin/sh
	49	+cd test
	50	+OPENSSL_ENGINES=../engines BLDTOP=.. SRCTOP=.. perl run_tests.pl
	51	+cd ..
	52	diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.bb b/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.bb
	53	new file mode 100644
	54	index 0000000..53a2181
	55	--- /dev/null
	56	+++ b/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.bb
	57	@@ -0,0 +1,79 @@
	58	+require openssl-qoriq_1.1.0h.inc
	59	+
	60	+DISABLE_STATIC = ""
	61	+# For target side versions of openssl enable support for OCF Linux driver
	62	+# if they are available.
	63	+DEPENDS += "cryptodev-linux"
	64	+
	65	+CFLAGS += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
	66	+
	67	+LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
	68	+
	69	+SRC_URI[md5sum] = "5271477e4d93f4ea032b665ef095ff24"
	70	+
	71	+export DIRS = "crypto ssl apps engines"
	72	+export OE_LDFLAGS="${LDFLAGS}"
	73	+
	74	+SRC_URI = " \
	75	+ https://www.openssl.org/source/openssl-1.1.0h.tar.gz \
	76	+ file://openssl-c_rehash.sh \
	77	+ file://run-ptest \
	78	+ file://perlpath.pl \
	79	+ file://find.pl \
	80	+ file://debian/pic.patch \
	81	+ file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
	82	+ file://openssl-1.0.2a-x32-asm.patch \
	83	+ "
	84	+# file://0001-Fix-build-with-clang-using-external-assembler.patch \
	85	+# file://Use-SHA256-not-MD5-as-default-digest.patch \
	86	+# file://openssl-util-perlpath.pl-cwd.patch \
	87	+# file://parallel.patch \
	88	+# file://configure-musl-target.patch \
	89	+# file://ptest_makefile_deps.patch \
	90	+# file://ptest-deps.patch \
	91	+# file://Makefiles-ptest.patch \
	92	+# file://openssl-fix-des.pod-error.patch \
	93	+# file://openssl_fix_for_x32.patch \
	94	+# file://debian1.0.2/soname.patch \
	95	+# file://debian1.0.2/version-script.patch \
	96	+# file://debian/no-symbolic.patch \
	97	+# file://debian/no-rpath.patch \
	98	+# file://debian/man-dir.patch \
	99	+# file://debian/man-section.patch \
	100	+# file://debian/debian-targets.patch \
	101	+# file://debian/c_rehash-compat.patch \
	102	+# file://debian/ca.patch \
	103	+# file://debian1.0.2/block_digicert_malaysia.patch \
	104	+# file://debian1.0.2/block_diginotar.patch \
	105	+# file://engines-install-in-libdir-ssl.patch \
	106	+# file://oe-ldflags.patch \
	107	+# file://shared-libs.patch \
	108	+# file://configure-targets.patch
	109	+#
	110	+
	111	+S = "${WORKDIR}/openssl-1.1.0h/"
	112	+
	113	+PACKAGES =+ "${PN}-engines"
	114	+
	115	+FILES_${PN}-engines = "${libdir}/ssl/engines/.so ${libdir}/engines ${libdir}/engines-1.1/.so"
	116	+
	117	+# The crypto_use_bigint patch means that perl's bignum module needs to be
	118	+# installed, but some distributions (for example Fedora 23) don't ship it by
	119	+# default. As the resulting error is very misleading check for bignum before
	120	+# building.
	121	+do_configure_prepend() {
	122	+ mkdir -p ${S}/util/
	123	+ cp ${WORKDIR}/perlpath.pl ${S}/util/
	124	+ cp ${WORKDIR}/find.pl ${S}/util/
	125	+ if ! perl -Mbigint -e true; then
	126	+ bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
	127	+ fi
	128	+}
	129	+
	130	+do_compile_ptest_base() {
	131	+ echo
	132	+}
	133	+
	134	+TARGET_CC_ARCH += "${LDFLAGS}"
	135	+
	136	+COMPATIBLE_MACHINE = "(qoriq)"
	137	diff --git a/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.inc b/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.inc
	138	new file mode 100644
	139	index 0000000..f58774f
	140	--- /dev/null
	141	+++ b/recipes-connectivity/openssl/openssl-qoriq_1.1.0h.inc
	142	@@ -0,0 +1,267 @@
	143	+SUMMARY = "Secure Socket Layer"
	144	+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
	145	+HOMEPAGE = "http://www.openssl.org/"
	146	+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
	147	+SECTION = "libs/network"
	148	+
	149	+# "openssl \| SSLeay" dual license
	150	+LICENSE = "openssl"
	151	+LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
	152	+
	153	+DEPENDS = "makedepend-native hostperl-runtime-native"
	154	+DEPENDS_append_class-target = " openssl-native"
	155	+
	156	+PROVIDES = "openssl"
	157	+
	158	+python() {
	159	+ pkgs = d.getVar('PACKAGES', True).split()
	160	+ for p in pkgs:
	161	+ if 'openssl-qoriq' in p:
	162	+ d.appendVar("RPROVIDES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
	163	+ d.appendVar("RCONFLICTS_%s" % p, p.replace('openssl-qoriq', 'openssl'))
	164	+ d.appendVar("RREPLACES_%s" % p, p.replace('openssl-qoriq', 'openssl'))
	165	+}
	166	+
	167	+SRC_URI = "git://source.codeaurora.org/external/qoriq/qoriq-components/openssl;nobranch=1"
	168	+
	169	+S = "${WORKDIR}/git"
	170	+
	171	+PACKAGECONFIG[perl] = ",,,"
	172	+
	173	+TERMIO_libc-musl = "-DTERMIOS"
	174	+TERMIO ?= "-DTERMIO"
	175	+# Avoid binaries being marked as requiring an executable stack since it
	176	+# doesn't(which causes and this causes issues with SELinux
	177	+CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
	178	+ ${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack"
	179	+
	180	+export DIRS = "crypto ssl apps"
	181	+export EX_LIBS = "-lgcc -ldl"
	182	+export AS = "${CC} -c"
	183	+
	184	+inherit pkgconfig siteinfo multilib_header ptest relative_symlinks
	185	+
	186	+PACKAGES =+ "libcrypto libssl ${PN}-misc ${PN}-conf"
	187	+FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
	188	+FILES_libssl = "${libdir}/libssl${SOLIBS}"
	189	+FILES_${PN} =+ " ${libdir}/ssl/*"
	190	+FILES_${PN}-misc = "${libdir}/ssl/misc"
	191	+RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
	192	+
	193	+PROVIDES += "openssl10"
	194	+
	195	+# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
	196	+# package RRECOMMENDS on this package. This will enable the configuration
	197	+# file to be installed for both the base openssl package and the libcrypto
	198	+# package since the base openssl package depends on the libcrypto package.
	199	+FILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf"
	200	+CONFFILES_${PN}-conf = "${sysconfdir}/ssl/openssl.cnf"
	201	+RRECOMMENDS_libcrypto += "${PN}-conf"
	202	+RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
	203	+
	204	+# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
	205	+# vulnerability
	206	+EXTRA_OECONF = " -no-ssl3"
	207	+
	208	+do_configure_prepend_darwin () {
	209	+ sed -i -e '/version-script=openssl\.ld/d' Configure
	210	+}
	211	+
	212	+do_configure () {
	213	+ cd util
	214	+ perl perlpath.pl ${STAGING_BINDIR_NATIVE}
	215	+ cd ..
	216	+ ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
	217	+
	218	+ os=${HOST_OS}
	219	+ case $os in
	220	+ linux-uclibc \|\
	221	+ linux-uclibceabi \|\
	222	+ linux-gnueabi \|\
	223	+ linux-uclibcspe \|\
	224	+ linux-gnuspe \|\
	225	+ linux-musl*)
	226	+ os=linux
	227	+ ;;
	228	+ *)
	229	+ ;;
	230	+ esac
	231	+ target="$os-${HOST_ARCH}"
	232	+ case $target in
	233	+ linux-arm)
	234	+ target=linux-armv4
	235	+ ;;
	236	+ linux-armeb)
	237	+ target=linux-elf-armeb
	238	+ ;;
	239	+ linux-aarch64*)
	240	+ target=linux-aarch64
	241	+ ;;
	242	+ linux-sh3)
	243	+ target=debian-sh3
	244	+ ;;
	245	+ linux-sh4)
	246	+ target=debian-sh4
	247	+ ;;
	248	+ linux-i486)
	249	+ target=debian-i386-i486
	250	+ ;;
	251	+ linux-i586 \| linux-viac3)
	252	+ target=debian-i386-i586
	253	+ ;;
	254	+ linux-i686)
	255	+ target=debian-i386-i686/cmov
	256	+ ;;
	257	+ linux-gnux32-x86_64)
	258	+ target=linux-x32
	259	+ ;;
	260	+ linux-gnu64-x86_64)
	261	+ target=linux-x86_64
	262	+ ;;
	263	+ linux-gnun32-mips*el)
	264	+ target=debian-mipsn32el
	265	+ ;;
	266	+ linux-gnun32-mips*)
	267	+ target=debian-mipsn32
	268	+ ;;
	269	+ linux-mips64el)
	270	+ target=debian-mips64el
	271	+ ;;
	272	+ linux-mips64)
	273	+ target=debian-mips64
	274	+ ;;
	275	+ linux-mips*el)
	276	+ target=debian-mipsel
	277	+ ;;
	278	+ linux-mips*)
	279	+ target=debian-mips
	280	+ ;;
	281	+ linux-microblaze\|linux-nios2)
	282	+ target=linux-generic32
	283	+ ;;
	284	+ linux-powerpc)
	285	+ target=linux-ppc
	286	+ ;;
	287	+ linux-powerpc64)
	288	+ target=linux-ppc64
	289	+ ;;
	290	+ linux-supersparc)
	291	+ target=linux-sparcv8
	292	+ ;;
	293	+ linux-sparc)
	294	+ target=linux-sparcv8
	295	+ ;;
	296	+ darwin-i386)
	297	+ target=darwin-i386-cc
	298	+ ;;
	299	+ esac
	300	+ # inject machine-specific flags
	301	+ sed -i -e "s\|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)\|\1:${CFLAG}\|g" Configure
	302	+ useprefix=${prefix}
	303	+ if [ "x$useprefix" = "x" ]; then
	304	+ useprefix=/
	305	+ fi
	306	+ perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
	307	+}
	308	+
	309	+do_compile_prepend_class-target () {
	310	+ sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
	311	+}
	312	+
	313	+do_compile () {
	314	+ oe_runmake depend
	315	+ oe_runmake
	316	+}
	317	+
	318	+do_compile_ptest () {
	319	+ # build dependencies for test directory too
	320	+ rm -rf test/ssltest_old
	321	+ rm -rf test/x509aux
	322	+ rm -rf test/v3ext
	323	+ export DIRS="$DIRS test"
	324	+ oe_runmake depend
	325	+ oe_runmake buildtest
	326	+}
	327	+
	328	+do_install () {
	329	+ # Create ${D}/${prefix} to fix parallel issues
	330	+ mkdir -p ${D}/${prefix}/
	331	+
	332	+ oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" DESTDIR="${D}" install
	333	+
	334	+ oe_libinstall -so libcrypto ${D}${libdir}
	335	+ oe_libinstall -so libssl ${D}${libdir}
	336	+ oe_libinstall -so capi ${D}${libdir}
	337	+ oe_libinstall -so padlock ${D}${libdir}
	338	+
	339	+ install -d ${D}${includedir}
	340	+ cp --dereference -R include/openssl ${D}${includedir}
	341	+
	342	+ install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
	343	+ sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
	344	+
	345	+ oe_multilib_header openssl/opensslconf.h
	346	+ if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then
	347	+ sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
	348	+ sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
	349	+ else
	350	+ rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
	351	+ fi
	352	+
	353	+ # Create SSL structure
	354	+ install -d ${D}${sysconfdir}/ssl/
	355	+ mv ${D}${libdir}/ssl/openssl.cnf \
	356	+ ${D}${libdir}/ssl/certs \
	357	+ ${D}${libdir}/ssl/private \
	358	+ \
	359	+ ${D}${sysconfdir}/ssl/
	360	+ ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
	361	+ ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
	362	+ ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
	363	+}
	364	+
	365	+do_install_ptest () {
	366	+ # cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
	367	+ cp -r -L Makefile test ${D}${PTEST_PATH}
	368	+
	369	+ # Replace the path to native perl with the path to target perl
	370	+ sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile
	371	+
	372	+ cp Configure config e_os.h ${D}${PTEST_PATH}
	373	+ cp -r -L include ${D}${PTEST_PATH}
	374	+ ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
	375	+ ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
	376	+ mkdir -p ${D}${PTEST_PATH}/crypto
	377	+ cp include/internal/constant_time_locl.h ${D}${PTEST_PATH}/crypto
	378	+ cp -r demos/certs ${D}${PTEST_PATH}
	379	+ mkdir -p ${D}${PTEST_PATH}/apps
	380	+ ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
	381	+ ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
	382	+ ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
	383	+ cp apps/server.pem ${D}${PTEST_PATH}/apps
	384	+ cp apps/server2.pem ${D}${PTEST_PATH}/apps
	385	+ mkdir -p ${D}${PTEST_PATH}/util
	386	+ install util/opensslwrap.sh ${D}${PTEST_PATH}/util
	387	+ install util/shlib_wrap.sh ${D}${PTEST_PATH}/util
	388	+ # Time stamps are relevant for "make alltests", otherwise
	389	+ # make may try to recompile binaries. Not only must the
	390	+ # binary files be newer than the sources, they also must
	391	+ # be more recent than the header files in /usr/include.
	392	+ #
	393	+ # Using "cp -a" is not sufficient, because do_install
	394	+ # does not preserve the original time stamps.
	395	+ #
	396	+ # So instead of using the original file stamps, we set
	397	+ # the current time for all files. Binaries will get
	398	+ # modified again later when stripping them, but that's okay.
	399	+ touch ${D}${PTEST_PATH}
	400	+ find ${D}${PTEST_PATH} -type f -print0 \| xargs --verbose -0 touch -r ${D}${PTEST_PATH}
	401	+}
	402	+
	403	+do_install_append_class-native() {
	404	+ create_wrapper ${D}${bindir}/openssl \
	405	+ OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
	406	+ SSL_CERT_DIR=${libdir}/ssl/certs \
	407	+ SSL_CERT_FILE=${libdir}/ssl/cert.pem \
	408	+ OPENSSL_ENGINES=${libdir}/ssl/engines
	409	+}