We need to relax what ciphers are allowed with openssl-3.0 so that we do
not break Digi/RM. See DAL commit ec586a621c24f840ac7cc4f91241c55581698ba3
https://onedigi.atlassian.net/browse/DEL-7999
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Remove deprecated versions of recipes updated in other general layers
(poky, meta-openembedded). Also remove duplicated IMX specific recipes that
are available in other BSP layers (meta-freescale, meta-fsl-demos, etc).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit adds the support for the cryptodev
engine into OpenSSL. So OpenSSL can use hardware
accelerated support through the CAAM driver.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
https://jira.digi.com/browse/DEL-7439
The previous patch was outdated, but now that we have a working PKCS11 engine
and the cryptochip supports it, update the patch with the new engine info.
https://jira.digi.com/browse/DEL-6835
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This way, we assure that the openssl binary is included in the rootfs whenever
the base openssl package is included.
https://jira.digi.com/browse/DEL-6710
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Removed patches already integrated in the OpenSSL code and
refreshed the necessary ones.
https://jira.digi.com/browse/DEL-6412
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Our current OpenSSL libraries are only functional when applications link
against v1.0.2d or higher, making some packages containing pre-compiled
applications that link to older versions (like AWS Greengrass) fail to build
and/or run properly.
This commit includes:
* Changing SHLIB_EXT from so.1.0.2 to so.1.0.0
* Reverting the version-script to an older version with backwards
compatibility plus newer symbols
Specifically, these changes partially revert the patches added in the poky
layer's commits a59bfd05d15085a3dc5669b47fd19867246c846b and
73a43fc15e0463c39baaadecab78fb3ef51b8cd0 respectively.
Please note that this only modifies the cryptographic library's ABI, its code
remains unchanged.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
As of Yocto 2.0, the cryptodev module used as interface between
user-space and hardware encryption is the version 1.7.
According to that cryptodev's version documentation, the cryptodev
engine in openssh is outdated:
https://github.com/cryptodev-linux/cryptodev-linux/blob/cryptodev-linux-1.7/README
They provide an URL with two patches to update openssl. This commit
forward port those patches to the Openssl version used in this version
of Yocto.
https://jira.digi.com/browse/DEL-2501
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Isaac Hermida
Javier Viguera
Mike Engel
Gabriel Valcazar
Arturo Buzarra