* [Buildroot] [PATCH 1/2] openssl: use git formatted patches
@ 2015-05-16 19:04 Thomas Petazzoni
2015-05-16 19:04 ` [Buildroot] [PATCH 2/2] openssl: enable parallel build and installation Thomas Petazzoni
2015-07-20 14:07 ` [Buildroot] [PATCH 1/2] openssl: use git formatted patches Thomas Petazzoni
0 siblings, 2 replies; 8+ messages in thread
From: Thomas Petazzoni @ 2015-05-16 19:04 UTC (permalink / raw)
To: buildroot
Using Git formatted patches makes it easier to adjust the patches when
needed.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
...time-building-manpages-if-we-re-not-going.patch | 27 +++++++++
...odev-Fix-issue-with-signature-generation.patch} | 70 +++++++++++++---------
...h-minus-inste.patch => 0003-Fix-c_rehash.patch} | 10 ++--
package/openssl/001-do-not-build-docs.patch | 13 ----
4 files changed, 74 insertions(+), 46 deletions(-)
create mode 100644 package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
rename package/openssl/{003-cryptodev-Fix-issue-with-signature-generation.patch => 0002-cryptodev-Fix-issue-with-signature-generation.patch} (82%)
rename package/openssl/{005-Make-c_rehash-match-commands-starting-with-minus-inste.patch => 0003-Fix-c_rehash.patch} (71%)
delete mode 100644 package/openssl/001-do-not-build-docs.patch
diff --git a/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch b/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
new file mode 100644
index 0000000..93e2118
--- /dev/null
+++ b/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
@@ -0,0 +1,27 @@
+From 53980448064b362a58e4ab2aca6f38fec93c07c3 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sat, 16 May 2015 18:53:51 +0200
+Subject: [PATCH 1/3] Dont waste time building manpages if we're not going to
+ use em.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ Makefile.org | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.org b/Makefile.org
+index b7a3f96..8a47840 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -536,7 +536,7 @@ dist:
+ dist_pem_h:
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+
+-install: all install_docs install_sw
++install: all install_sw
+
+ install_sw:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+--
+2.1.0
+
diff --git a/package/openssl/003-cryptodev-Fix-issue-with-signature-generation.patch b/package/openssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
similarity index 82%
rename from package/openssl/003-cryptodev-Fix-issue-with-signature-generation.patch
rename to package/openssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
index 19ed5e7..17887d3 100644
--- a/package/openssl/003-cryptodev-Fix-issue-with-signature-generation.patch
+++ b/package/openssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
@@ -1,14 +1,23 @@
+From 0718df24bd828f26d7d0e8e7f935d8e21f70ebca Mon Sep 17 00:00:00 2001
+From: Gustavo Zacarias <gustavo@zacarias.com.ar>
+Date: Sat, 16 May 2015 18:55:08 +0200
+Subject: [PATCH 2/3] cryptodev: Fix issue with signature generation
+
Forward port of 0001-cryptodev-Fix-issue-with-signature-generation.patch
from http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
It was originally targetted at 1.0.2-beta3.
Without this patch digest acceleration via cryptodev is broken.
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ crypto/engine/eng_cryptodev.c | 195 +++++++++++++++++++++++++++++++-----------
+ 1 file changed, 146 insertions(+), 49 deletions(-)
-diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto/engine/eng_cryptodev.c
---- openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c 2015-01-28 14:59:58.146682462 -0300
-+++ openssl-1.0.2/crypto/engine/eng_cryptodev.c 2015-01-28 15:29:25.107649077 -0300
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 926d95c..7021d9a 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
@@ -2,6 +2,7 @@
* Copyright (c) 2002 Bob Beck <beck@openbsd.org>
* Copyright (c) 2002 Theo de Raadt
@@ -17,7 +26,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
-@@ -72,7 +73,6 @@
+@@ -72,7 +73,6 @@ struct dev_crypto_state {
struct session_op d_sess;
int d_fd;
# ifdef USE_CRYPTODEV_DIGESTS
@@ -25,7 +34,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
unsigned char digest_res[HASH_MAX_LEN];
char *mac_data;
int mac_len;
-@@ -189,8 +189,10 @@
+@@ -189,8 +189,10 @@ static struct {
static struct {
int id;
int nid;
@@ -37,7 +46,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
{
CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
},
-@@ -198,15 +200,15 @@
+@@ -198,15 +200,15 @@ static struct {
CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
},
{
@@ -57,7 +66,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
{
CRYPTO_MD5, NID_md5, 16
},
-@@ -214,6 +216,15 @@
+@@ -214,6 +216,15 @@ static struct {
CRYPTO_SHA1, NID_sha1, 20
},
{
@@ -73,7 +82,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
0, NID_undef, 0
},
};
-@@ -288,13 +299,14 @@
+@@ -288,13 +299,14 @@ static int get_cryptodev_ciphers(const int **cnids)
static int nids[CRYPTO_ALGORITHM_MAX];
struct session_op sess;
int fd, i, count = 0;
@@ -89,7 +98,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
if (ciphers[i].nid == NID_undef)
-@@ -327,18 +339,19 @@
+@@ -327,18 +339,19 @@ static int get_cryptodev_digests(const int **cnids)
static int nids[CRYPTO_ALGORITHM_MAX];
struct session_op sess;
int fd, i, count = 0;
@@ -111,7 +120,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
sess.cipher = 0;
if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-@@ -424,14 +437,14 @@
+@@ -424,14 +437,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
cryp.ses = sess->ses;
cryp.flags = 0;
cryp.len = inl;
@@ -129,7 +138,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
if (!ctx->encrypt) {
iiv = in + inl - ctx->cipher->iv_len;
memcpy(save_iv, iiv, ctx->cipher->iv_len);
-@@ -483,7 +496,7 @@
+@@ -483,7 +496,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
if ((state->d_fd = get_dev_crypto()) < 0)
return (0);
@@ -138,7 +147,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
sess->keylen = ctx->key_len;
sess->cipher = cipher;
-@@ -749,16 +762,6 @@
+@@ -749,16 +762,6 @@ static int digest_nid_to_cryptodev(int nid)
return (0);
}
@@ -155,7 +164,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
static int cryptodev_digest_init(EVP_MD_CTX *ctx)
{
struct dev_crypto_state *state = ctx->md_data;
-@@ -769,7 +772,6 @@
+@@ -769,7 +772,6 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
printf("cryptodev_digest_init: Can't get digest \n");
return (0);
}
@@ -163,7 +172,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
memset(state, 0, sizeof(struct dev_crypto_state));
if ((state->d_fd = get_dev_crypto()) < 0) {
-@@ -777,8 +779,8 @@
+@@ -777,8 +779,8 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
return (0);
}
@@ -174,7 +183,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
sess->mac = digest;
if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-@@ -794,8 +796,8 @@
+@@ -794,8 +796,8 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
@@ -184,7 +193,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
struct session_op *sess = &state->d_sess;
if (!data || state->d_fd < 0) {
-@@ -804,7 +806,7 @@
+@@ -804,7 +806,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
}
if (!count) {
@@ -193,7 +202,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
}
if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-@@ -828,9 +830,9 @@
+@@ -828,9 +830,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
cryp.ses = sess->ses;
cryp.flags = 0;
cryp.len = count;
@@ -205,7 +214,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
printf("cryptodev_digest_update: digest failed\n");
return (0);
-@@ -844,8 +846,6 @@
+@@ -844,8 +846,6 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
struct dev_crypto_state *state = ctx->md_data;
struct session_op *sess = &state->d_sess;
@@ -214,7 +223,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
if (!md || state->d_fd < 0) {
printf("cryptodev_digest_final: illegal input\n");
return (0);
-@@ -859,7 +859,7 @@
+@@ -859,7 +859,7 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
cryp.len = state->mac_len;
cryp.src = state->mac_data;
cryp.dst = NULL;
@@ -223,7 +232,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
printf("cryptodev_digest_final: digest failed\n");
return (0);
-@@ -870,7 +870,7 @@
+@@ -870,7 +870,7 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
memcpy(md, state->digest_res, ctx->digest->md_size);
@@ -232,7 +241,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
}
static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
-@@ -921,8 +921,8 @@
+@@ -921,8 +921,8 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
digest = digest_nid_to_cryptodev(to->digest->type);
@@ -243,7 +252,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
sess->mac = digest;
dstate->d_fd = get_dev_crypto();
-@@ -947,32 +947,116 @@
+@@ -947,32 +947,116 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
const EVP_MD cryptodev_sha1 = {
NID_sha1,
@@ -367,7 +376,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
};
# endif /* USE_CRYPTODEV_DIGESTS */
-@@ -992,6 +1076,18 @@
+@@ -992,6 +1076,18 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
case NID_sha1:
*digest = &cryptodev_sha1;
break;
@@ -386,7 +395,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
default:
# endif /* USE_CRYPTODEV_DIGESTS */
*digest = NULL;
-@@ -1022,7 +1118,7 @@
+@@ -1022,7 +1118,7 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
return (1);
memset(b, 0, bytes);
@@ -395,7 +404,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
crp->crp_nbits = bits;
for (i = 0, j = 0; i < a->top; i++) {
-@@ -1277,7 +1373,7 @@
+@@ -1277,7 +1373,7 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
kop.crk_op = CRK_DSA_SIGN;
/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
@@ -404,7 +413,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
kop.crk_param[0].crp_nbits = dlen * 8;
if (bn2crparam(dsa->p, &kop.crk_param[1]))
goto err;
-@@ -1317,7 +1413,7 @@
+@@ -1317,7 +1413,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
kop.crk_op = CRK_DSA_VERIFY;
/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
@@ -413,7 +422,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
kop.crk_param[0].crp_nbits = dlen * 8;
if (bn2crparam(dsa->p, &kop.crk_param[1]))
goto err;
-@@ -1398,9 +1494,10 @@
+@@ -1398,9 +1494,10 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err;
kop.crk_iparams = 3;
@@ -426,7 +435,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
if (ioctl(fd, CIOCKEY, &kop) == -1) {
const DH_METHOD *meth = DH_OpenSSL();
-@@ -1470,7 +1567,7 @@
+@@ -1470,7 +1567,7 @@ void ENGINE_load_cryptodev(void)
put_dev_crypto(fd);
if (!ENGINE_set_id(engine, "cryptodev") ||
@@ -435,3 +444,6 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
!ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
!ENGINE_set_digests(engine, cryptodev_engine_digests) ||
!ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
+--
+2.1.0
+
diff --git a/package/openssl/005-Make-c_rehash-match-commands-starting-with-minus-inste.patch b/package/openssl/0003-Fix-c_rehash.patch
similarity index 71%
rename from package/openssl/005-Make-c_rehash-match-commands-starting-with-minus-inste.patch
rename to package/openssl/0003-Fix-c_rehash.patch
index 5db95d6..2c51832 100644
--- a/package/openssl/005-Make-c_rehash-match-commands-starting-with-minus-inste.patch
+++ b/package/openssl/0003-Fix-c_rehash.patch
@@ -1,8 +1,10 @@
-From 079cae9d7628f16b9efdf5723d2bfae5bdc2ba4e Mon Sep 17 00:00:00 2001
+From e2b290598f513a5bc4d8187cbc53bbc98b7a1e49 Mon Sep 17 00:00:00 2001
From: Gustavo Zacarias <gustavo@zacarias.com.ar>
Date: Tue, 27 Jan 2015 18:27:32 -0300
-Subject: [PATCH] Make c_rehash match commands starting with - (minus) instead
- of minus in any starting position, otherwise a directory named a-b breaks it
+Subject: [PATCH 3/3] Fix c_rehash
+
+Make c_rehash match commands starting with - (minus) instead of minus
+in any starting position, otherwise a directory named a-b breaks it
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
@@ -23,5 +25,5 @@ index 887e927..1df2fab 100644
last if ( $flag eq '--');
if ( $flag =~ /-old/) {
--
-2.0.5
+2.1.0
diff --git a/package/openssl/001-do-not-build-docs.patch b/package/openssl/001-do-not-build-docs.patch
deleted file mode 100644
index 135a9d3..0000000
--- a/package/openssl/001-do-not-build-docs.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Dont waste time building manpages if we're not going to use em.
-
---- openssl/Makefile.org
-+++ openssl/Makefile.org
-@@ -792,7 +792,7 @@
- dist_pem_h:
- (cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
-
--install: all install_docs install_sw
-+install: all install_sw
-
- install_sw:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
--
2.1.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 2/2] openssl: enable parallel build and installation
2015-05-16 19:04 [Buildroot] [PATCH 1/2] openssl: use git formatted patches Thomas Petazzoni
@ 2015-05-16 19:04 ` Thomas Petazzoni
2015-07-20 14:07 ` [Buildroot] [PATCH 1/2] openssl: use git formatted patches Thomas Petazzoni
1 sibling, 0 replies; 8+ messages in thread
From: Thomas Petazzoni @ 2015-05-16 19:04 UTC (permalink / raw)
To: buildroot
On my build server, the current build of OpenSSL takes 1 minutes and
20 seconds. With this commit applied, enabling parallel build and
installation, the build only takes 28 seconds.
All the patches are downloaded from Gentoo.
There is apparently some interest in upstream OpenSSL to enable
parallel build, see for example commit
https://github.com/openssl/openssl/commit/c3f22253b139793ff3b91ff7e6969e180cf06815. This
commit is not part of any OpenSSL release, but we can hope that the
problem will resolved in the future.
I have tested 20 consecutive builds of a config that has openssl and
host-openssl being used by uboot-tools and host-uboot-tools (through
the FIT image support).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
...ste-time-building-manpages-if-we-re-not-going.patch | 12 ++++++------
...cryptodev-Fix-issue-with-signature-generation.patch | 2 +-
package/openssl/0003-Fix-c_rehash.patch | 2 +-
package/openssl/openssl.hash | 4 ++++
package/openssl/openssl.mk | 18 +++++++++++++-----
5 files changed, 25 insertions(+), 13 deletions(-)
diff --git a/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch b/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
index 93e2118..4066dae 100644
--- a/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
+++ b/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
@@ -1,4 +1,4 @@
-From 53980448064b362a58e4ab2aca6f38fec93c07c3 Mon Sep 17 00:00:00 2001
+From 167e29662b07805eac9ef67e10af9d71761233c3 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sat, 16 May 2015 18:53:51 +0200
Subject: [PATCH 1/3] Dont waste time building manpages if we're not going to
@@ -10,17 +10,17 @@ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.org b/Makefile.org
-index b7a3f96..8a47840 100644
+index f2c5eff..4d58a9a 100644
--- a/Makefile.org
+++ b/Makefile.org
-@@ -536,7 +536,7 @@ dist:
+@@ -539,7 +539,7 @@ dist:
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
--install: all install_docs install_sw
-+install: all install_sw
+-install: install_docs install_sw
++install: install_sw
- install_sw:
+ install_dirs:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
--
2.1.0
diff --git a/package/openssl/0002-cryptodev-Fix-issue-with-signature-generation.patch b/package/openssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
index 17887d3..8b77157 100644
--- a/package/openssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
+++ b/package/openssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
@@ -1,4 +1,4 @@
-From 0718df24bd828f26d7d0e8e7f935d8e21f70ebca Mon Sep 17 00:00:00 2001
+From 426288a7c55ddd2ad63a11d8a05defe165448213 Mon Sep 17 00:00:00 2001
From: Gustavo Zacarias <gustavo@zacarias.com.ar>
Date: Sat, 16 May 2015 18:55:08 +0200
Subject: [PATCH 2/3] cryptodev: Fix issue with signature generation
diff --git a/package/openssl/0003-Fix-c_rehash.patch b/package/openssl/0003-Fix-c_rehash.patch
index 2c51832..b69bf11 100644
--- a/package/openssl/0003-Fix-c_rehash.patch
+++ b/package/openssl/0003-Fix-c_rehash.patch
@@ -1,4 +1,4 @@
-From e2b290598f513a5bc4d8187cbc53bbc98b7a1e49 Mon Sep 17 00:00:00 2001
+From c52bc9d5e2195427aa322f2607d55211306648f1 Mon Sep 17 00:00:00 2001
From: Gustavo Zacarias <gustavo@zacarias.com.ar>
Date: Tue, 27 Jan 2015 18:27:32 -0300
Subject: [PATCH 3/3] Fix c_rehash
diff --git a/package/openssl/openssl.hash b/package/openssl/openssl.hash
index c9987fc..b14c9bb 100644
--- a/package/openssl/openssl.hash
+++ b/package/openssl/openssl.hash
@@ -2,3 +2,7 @@
# From https://www.openssl.org/source/openssl-1.0.2a.tar.gz.sha1
md5 a06c547dac9044161a477211049f60ef openssl-1.0.2a.tar.gz
sha1 46ecd325b8e587fa491f6bb02ad4a9fb9f382f5f openssl-1.0.2a.tar.gz
+sha256 db2dcdb27062923d2818f988787bb802c292053d1d8a5bf032800e658c7bd196 openssl-1.0.2a-parallel-build.patch?revision=1.2
+sha256 147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f openssl-1.0.2a-parallel-obj-headers.patch?revision=1.1
+sha256 eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9 openssl-1.0.2a-parallel-install-dirs.patch?revision=1.1
+sha256 5be3c20d64cadaed7bc4e8e500e8a67faafded7fb326779620fdb29397c44d87 openssl-1.0.2a-parallel-symlinking.patch?revision=1.1
diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
index f90c811..328b8aa 100644
--- a/package/openssl/openssl.mk
+++ b/package/openssl/openssl.mk
@@ -13,6 +13,14 @@ OPENSSL_DEPENDENCIES = zlib
HOST_OPENSSL_DEPENDENCIES = host-zlib
OPENSSL_TARGET_ARCH = generic32
OPENSSL_CFLAGS = $(TARGET_CFLAGS)
+OPENSSL_GENTOO_PATCHES = \
+ build.patch?revision=1.2 \
+ obj-headers.patch?revision=1.1 \
+ install-dirs.patch?revision=1.1 \
+ symlinking.patch?revision=1.1
+OPENSSL_PATCH = \
+ $(foreach p,$(OPENSSL_GENTOO_PATCHES),\
+ https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-libs/openssl/files/openssl-1.0.2a-parallel-$(p))
ifeq ($(BR2_PACKAGE_OPENSSL_BIN),)
define OPENSSL_DISABLE_APPS
@@ -95,23 +103,23 @@ define OPENSSL_CONFIGURE_CMDS
endef
define HOST_OPENSSL_BUILD_CMDS
- $(MAKE1) -C $(@D)
+ $(MAKE) -C $(@D)
endef
define OPENSSL_BUILD_CMDS
- $(MAKE1) -C $(@D)
+ $(MAKE) -C $(@D)
endef
define OPENSSL_INSTALL_STAGING_CMDS
- $(MAKE1) -C $(@D) INSTALL_PREFIX=$(STAGING_DIR) install
+ $(MAKE) -C $(@D) INSTALL_PREFIX=$(STAGING_DIR) install
endef
define HOST_OPENSSL_INSTALL_CMDS
- $(MAKE1) -C $(@D) install
+ $(MAKE) -C $(@D) install
endef
define OPENSSL_INSTALL_TARGET_CMDS
- $(MAKE1) -C $(@D) INSTALL_PREFIX=$(TARGET_DIR) install
+ $(MAKE) -C $(@D) INSTALL_PREFIX=$(TARGET_DIR) install
rm -rf $(TARGET_DIR)/usr/lib/ssl
rm -f $(TARGET_DIR)/usr/bin/c_rehash
endef
--
2.1.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/2] openssl: use git formatted patches
2015-05-16 19:04 [Buildroot] [PATCH 1/2] openssl: use git formatted patches Thomas Petazzoni
2015-05-16 19:04 ` [Buildroot] [PATCH 2/2] openssl: enable parallel build and installation Thomas Petazzoni
@ 2015-07-20 14:07 ` Thomas Petazzoni
2015-07-21 13:05 ` Gustavo Zacarias
1 sibling, 1 reply; 8+ messages in thread
From: Thomas Petazzoni @ 2015-07-20 14:07 UTC (permalink / raw)
To: buildroot
Gustavo,
On Sat, 16 May 2015 21:04:37 +0200, Thomas Petazzoni wrote:
> Using Git formatted patches makes it easier to adjust the patches when
> needed.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since you are the de-facto maintainer of the OpenSSL package, could you
give your opinion about the two patches in this series. I believe PATCH
1/2 is OK, but what do you think about PATCH 2/2 ?
Back in November 2014, Bernd also submitted some patches to enable
parallel build of OpenSSL, see
http://lists.busybox.net/pipermail/buildroot/2014-November/112183.html.
Peter and I rejected them because they were a bit big. My proposal
relies on downloading Gentoo patches instead, but I don't now if it's
really any better, since those patches may cause some problems in the
future to bump OpenSSL.
What do you think? Should we simply wait for OpenSSL upstream to see
the light and support parallel build?
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/2] openssl: use git formatted patches
2015-07-20 14:07 ` [Buildroot] [PATCH 1/2] openssl: use git formatted patches Thomas Petazzoni
@ 2015-07-21 13:05 ` Gustavo Zacarias
0 siblings, 0 replies; 8+ messages in thread
From: Gustavo Zacarias @ 2015-07-21 13:05 UTC (permalink / raw)
To: buildroot
On 20/07/15 11:07, Thomas Petazzoni wrote:
Hi Thomas.
> Since you are the de-facto maintainer of the OpenSSL package, could you
> give your opinion about the two patches in this series. I believe PATCH
> 1/2 is OK, but what do you think about PATCH 2/2 ?
It looks fine, however it needs a small refresh (c_rehash was fixed
upstream, hence gone).
> Back in November 2014, Bernd also submitted some patches to enable
> parallel build of OpenSSL, see
> http://lists.busybox.net/pipermail/buildroot/2014-November/112183.html.
> Peter and I rejected them because they were a bit big. My proposal
> relies on downloading Gentoo patches instead, but I don't now if it's
> really any better, since those patches may cause some problems in the
> future to bump OpenSSL.
>
> What do you think? Should we simply wait for OpenSSL upstream to see
> the light and support parallel build?
I don't expect build patches to change much among what are usually
security bumps, and also gentoo has a history of being fast updating
openssl.
I wouldn't hold my breath expecting openssl upstream to fix anything
soon, example patch we have:
http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
And my personal history with sending patches to them (c_rehash being one
of the cases BTW) vouches for that. If you send it to the RT it may get
"lost" for whatever reason, if you send the patch to the openssl-dev
mailing list it gets ignored.
So +1 from me, openssl is one of those builds you see building and yawn
about.
If it becomes an obstacle to a security bump we can just roll back to
$(MAKE1) until a new patchset arrives.
Regards.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/2] openssl: use git formatted patches
2015-09-15 3:59 [Buildroot] [PATCH 0/2] openssl parallel build Ryan Barnett
@ 2015-09-15 3:59 ` Ryan Barnett
2015-09-15 16:47 ` Arnout Vandecappelle
0 siblings, 1 reply; 8+ messages in thread
From: Ryan Barnett @ 2015-09-15 3:59 UTC (permalink / raw)
To: buildroot
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Using Git formatted patches makes it easier to adjust the patches when
needed.
[Ryan: removed unnecessary patch and updated offsets]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
---
...time-building-manpages-if-we-re-not-going.patch | 27 +++++++++
...odev-Fix-issue-with-signature-generation.patch} | 70 +++++++++++++---------
package/openssl/001-do-not-build-docs.patch | 13 ----
3 files changed, 68 insertions(+), 42 deletions(-)
create mode 100644 package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
rename package/openssl/{003-cryptodev-Fix-issue-with-signature-generation.patch => 0002-cryptodev-Fix-issue-with-signature-generation.patch} (82%)
delete mode 100644 package/openssl/001-do-not-build-docs.patch
diff --git a/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch b/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
new file mode 100644
index 0000000..93e2118
--- /dev/null
+++ b/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
@@ -0,0 +1,27 @@
+From 53980448064b362a58e4ab2aca6f38fec93c07c3 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sat, 16 May 2015 18:53:51 +0200
+Subject: [PATCH 1/3] Dont waste time building manpages if we're not going to
+ use em.
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ Makefile.org | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.org b/Makefile.org
+index b7a3f96..8a47840 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -536,7 +536,7 @@ dist:
+ dist_pem_h:
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+
+-install: all install_docs install_sw
++install: all install_sw
+
+ install_sw:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+--
+2.1.0
+
diff --git a/package/openssl/003-cryptodev-Fix-issue-with-signature-generation.patch b/package/openssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
similarity index 82%
rename from package/openssl/003-cryptodev-Fix-issue-with-signature-generation.patch
rename to package/openssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
index 19ed5e7..17887d3 100644
--- a/package/openssl/003-cryptodev-Fix-issue-with-signature-generation.patch
+++ b/package/openssl/0002-cryptodev-Fix-issue-with-signature-generation.patch
@@ -1,14 +1,23 @@
+From 0718df24bd828f26d7d0e8e7f935d8e21f70ebca Mon Sep 17 00:00:00 2001
+From: Gustavo Zacarias <gustavo@zacarias.com.ar>
+Date: Sat, 16 May 2015 18:55:08 +0200
+Subject: [PATCH 2/3] cryptodev: Fix issue with signature generation
+
Forward port of 0001-cryptodev-Fix-issue-with-signature-generation.patch
from http://rt.openssl.org/Ticket/Display.html?id=2770&user=guest&pass=guest
It was originally targetted at 1.0.2-beta3.
Without this patch digest acceleration via cryptodev is broken.
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ crypto/engine/eng_cryptodev.c | 195 +++++++++++++++++++++++++++++++-----------
+ 1 file changed, 146 insertions(+), 49 deletions(-)
-diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto/engine/eng_cryptodev.c
---- openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c 2015-01-28 14:59:58.146682462 -0300
-+++ openssl-1.0.2/crypto/engine/eng_cryptodev.c 2015-01-28 15:29:25.107649077 -0300
+diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
+index 926d95c..7021d9a 100644
+--- a/crypto/engine/eng_cryptodev.c
++++ b/crypto/engine/eng_cryptodev.c
@@ -2,6 +2,7 @@
* Copyright (c) 2002 Bob Beck <beck@openbsd.org>
* Copyright (c) 2002 Theo de Raadt
@@ -17,7 +26,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
-@@ -72,7 +73,6 @@
+@@ -72,7 +73,6 @@ struct dev_crypto_state {
struct session_op d_sess;
int d_fd;
# ifdef USE_CRYPTODEV_DIGESTS
@@ -25,7 +34,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
unsigned char digest_res[HASH_MAX_LEN];
char *mac_data;
int mac_len;
-@@ -189,8 +189,10 @@
+@@ -189,8 +189,10 @@ static struct {
static struct {
int id;
int nid;
@@ -37,7 +46,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
{
CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
},
-@@ -198,15 +200,15 @@
+@@ -198,15 +200,15 @@ static struct {
CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
},
{
@@ -57,7 +66,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
{
CRYPTO_MD5, NID_md5, 16
},
-@@ -214,6 +216,15 @@
+@@ -214,6 +216,15 @@ static struct {
CRYPTO_SHA1, NID_sha1, 20
},
{
@@ -73,7 +82,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
0, NID_undef, 0
},
};
-@@ -288,13 +299,14 @@
+@@ -288,13 +299,14 @@ static int get_cryptodev_ciphers(const int **cnids)
static int nids[CRYPTO_ALGORITHM_MAX];
struct session_op sess;
int fd, i, count = 0;
@@ -89,7 +98,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
if (ciphers[i].nid == NID_undef)
-@@ -327,18 +339,19 @@
+@@ -327,18 +339,19 @@ static int get_cryptodev_digests(const int **cnids)
static int nids[CRYPTO_ALGORITHM_MAX];
struct session_op sess;
int fd, i, count = 0;
@@ -111,7 +120,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
sess.cipher = 0;
if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-@@ -424,14 +437,14 @@
+@@ -424,14 +437,14 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
cryp.ses = sess->ses;
cryp.flags = 0;
cryp.len = inl;
@@ -129,7 +138,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
if (!ctx->encrypt) {
iiv = in + inl - ctx->cipher->iv_len;
memcpy(save_iv, iiv, ctx->cipher->iv_len);
-@@ -483,7 +496,7 @@
+@@ -483,7 +496,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
if ((state->d_fd = get_dev_crypto()) < 0)
return (0);
@@ -138,7 +147,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
sess->keylen = ctx->key_len;
sess->cipher = cipher;
-@@ -749,16 +762,6 @@
+@@ -749,16 +762,6 @@ static int digest_nid_to_cryptodev(int nid)
return (0);
}
@@ -155,7 +164,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
static int cryptodev_digest_init(EVP_MD_CTX *ctx)
{
struct dev_crypto_state *state = ctx->md_data;
-@@ -769,7 +772,6 @@
+@@ -769,7 +772,6 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
printf("cryptodev_digest_init: Can't get digest \n");
return (0);
}
@@ -163,7 +172,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
memset(state, 0, sizeof(struct dev_crypto_state));
if ((state->d_fd = get_dev_crypto()) < 0) {
-@@ -777,8 +779,8 @@
+@@ -777,8 +779,8 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
return (0);
}
@@ -174,7 +183,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
sess->mac = digest;
if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-@@ -794,8 +796,8 @@
+@@ -794,8 +796,8 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
@@ -184,7 +193,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
struct session_op *sess = &state->d_sess;
if (!data || state->d_fd < 0) {
-@@ -804,7 +806,7 @@
+@@ -804,7 +806,7 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
}
if (!count) {
@@ -193,7 +202,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
}
if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-@@ -828,9 +830,9 @@
+@@ -828,9 +830,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
cryp.ses = sess->ses;
cryp.flags = 0;
cryp.len = count;
@@ -205,7 +214,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
printf("cryptodev_digest_update: digest failed\n");
return (0);
-@@ -844,8 +846,6 @@
+@@ -844,8 +846,6 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
struct dev_crypto_state *state = ctx->md_data;
struct session_op *sess = &state->d_sess;
@@ -214,7 +223,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
if (!md || state->d_fd < 0) {
printf("cryptodev_digest_final: illegal input\n");
return (0);
-@@ -859,7 +859,7 @@
+@@ -859,7 +859,7 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
cryp.len = state->mac_len;
cryp.src = state->mac_data;
cryp.dst = NULL;
@@ -223,7 +232,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
printf("cryptodev_digest_final: digest failed\n");
return (0);
-@@ -870,7 +870,7 @@
+@@ -870,7 +870,7 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
memcpy(md, state->digest_res, ctx->digest->md_size);
@@ -232,7 +241,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
}
static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
-@@ -921,8 +921,8 @@
+@@ -921,8 +921,8 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
digest = digest_nid_to_cryptodev(to->digest->type);
@@ -243,7 +252,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
sess->mac = digest;
dstate->d_fd = get_dev_crypto();
-@@ -947,32 +947,116 @@
+@@ -947,32 +947,116 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
const EVP_MD cryptodev_sha1 = {
NID_sha1,
@@ -367,7 +376,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
};
# endif /* USE_CRYPTODEV_DIGESTS */
-@@ -992,6 +1076,18 @@
+@@ -992,6 +1076,18 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
case NID_sha1:
*digest = &cryptodev_sha1;
break;
@@ -386,7 +395,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
default:
# endif /* USE_CRYPTODEV_DIGESTS */
*digest = NULL;
-@@ -1022,7 +1118,7 @@
+@@ -1022,7 +1118,7 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
return (1);
memset(b, 0, bytes);
@@ -395,7 +404,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
crp->crp_nbits = bits;
for (i = 0, j = 0; i < a->top; i++) {
-@@ -1277,7 +1373,7 @@
+@@ -1277,7 +1373,7 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
kop.crk_op = CRK_DSA_SIGN;
/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
@@ -404,7 +413,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
kop.crk_param[0].crp_nbits = dlen * 8;
if (bn2crparam(dsa->p, &kop.crk_param[1]))
goto err;
-@@ -1317,7 +1413,7 @@
+@@ -1317,7 +1413,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
kop.crk_op = CRK_DSA_VERIFY;
/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
@@ -413,7 +422,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
kop.crk_param[0].crp_nbits = dlen * 8;
if (bn2crparam(dsa->p, &kop.crk_param[1]))
goto err;
-@@ -1398,9 +1494,10 @@
+@@ -1398,9 +1494,10 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err;
kop.crk_iparams = 3;
@@ -426,7 +435,7 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
if (ioctl(fd, CIOCKEY, &kop) == -1) {
const DH_METHOD *meth = DH_OpenSSL();
-@@ -1470,7 +1567,7 @@
+@@ -1470,7 +1567,7 @@ void ENGINE_load_cryptodev(void)
put_dev_crypto(fd);
if (!ENGINE_set_id(engine, "cryptodev") ||
@@ -435,3 +444,6 @@ diff -Nura openssl-1.0.2.orig/crypto/engine/eng_cryptodev.c openssl-1.0.2/crypto
!ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
!ENGINE_set_digests(engine, cryptodev_engine_digests) ||
!ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
+--
+2.1.0
+
diff --git a/package/openssl/001-do-not-build-docs.patch b/package/openssl/001-do-not-build-docs.patch
deleted file mode 100644
index 135a9d3..0000000
--- a/package/openssl/001-do-not-build-docs.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Dont waste time building manpages if we're not going to use em.
-
---- openssl/Makefile.org
-+++ openssl/Makefile.org
-@@ -792,7 +792,7 @@
- dist_pem_h:
- (cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
-
--install: all install_docs install_sw
-+install: all install_sw
-
- install_sw:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
--
1.9.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/2] openssl: use git formatted patches
2015-09-15 3:59 ` [Buildroot] [PATCH 1/2] openssl: use git formatted patches Ryan Barnett
@ 2015-09-15 16:47 ` Arnout Vandecappelle
2015-09-15 19:44 ` Ryan Barnett
0 siblings, 1 reply; 8+ messages in thread
From: Arnout Vandecappelle @ 2015-09-15 16:47 UTC (permalink / raw)
To: buildroot
On 15-09-15 05:59, Ryan Barnett wrote:
> From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
>
> Using Git formatted patches makes it easier to adjust the patches when
> needed.
>
> [Ryan: removed unnecessary patch and updated offsets]
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
> ---
> ...time-building-manpages-if-we-re-not-going.patch | 27 +++++++++
> ...odev-Fix-issue-with-signature-generation.patch} | 70 +++++++++++++---------
> package/openssl/001-do-not-build-docs.patch | 13 ----
> 3 files changed, 68 insertions(+), 42 deletions(-)
> create mode 100644 package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
> rename package/openssl/{003-cryptodev-Fix-issue-with-signature-generation.patch => 0002-cryptodev-Fix-issue-with-signature-generation.patch} (82%)
> delete mode 100644 package/openssl/001-do-not-build-docs.patch
>
> diff --git a/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch b/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
> new file mode 100644
> index 0000000..93e2118
> --- /dev/null
> +++ b/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
> @@ -0,0 +1,27 @@
> +From 53980448064b362a58e4ab2aca6f38fec93c07c3 Mon Sep 17 00:00:00 2001
> +From: Mike Frysinger <vapier@gentoo.org>
> +Date: Sat, 16 May 2015 18:53:51 +0200
> +Subject: [PATCH 1/3] Dont waste time building manpages if we're not going to
^^^^^^^^^^
Please generate patches with -N to avoid the 1/3: it's incorrect (there are
only 2 patches) and it causes additional churn when patches are regenerated.
I also like to add --subject-prefix= to remove the [PATCH] part, which is not
at all useful in this context. But others may disagree.
> + use em.
> +
> +Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> +---
> + Makefile.org | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
[snip]
> diff --git a/package/openssl/001-do-not-build-docs.patch b/package/openssl/001-do-not-build-docs.patch
If you resend, perhaps you can add -M20% so the rename is detected?
Regards,
Arnout
> deleted file mode 100644
> index 135a9d3..0000000
> --- a/package/openssl/001-do-not-build-docs.patch
> +++ /dev/null
> @@ -1,13 +0,0 @@
> -Dont waste time building manpages if we're not going to use em.
> -
> ---- openssl/Makefile.org
> -+++ openssl/Makefile.org
> -@@ -792,7 +792,7 @@
> - dist_pem_h:
> - (cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
> -
> --install: all install_docs install_sw
> -+install: all install_sw
> -
> - install_sw:
> - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
>
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/2] openssl: use git formatted patches
2015-09-15 16:47 ` Arnout Vandecappelle
@ 2015-09-15 19:44 ` Ryan Barnett
2015-09-15 20:39 ` Arnout Vandecappelle
0 siblings, 1 reply; 8+ messages in thread
From: Ryan Barnett @ 2015-09-15 19:44 UTC (permalink / raw)
To: buildroot
Arnout,
On Tue, Sep 15, 2015 at 11:47 AM, Arnout Vandecappelle <arnout@mind.be> wrote:
> On 15-09-15 05:59, Ryan Barnett wrote:
>> From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
>>
>> Using Git formatted patches makes it easier to adjust the patches when
>> needed.
>>
>> [Ryan: removed unnecessary patch and updated offsets]
>>
>> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
>> Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
>> ---
>> ...time-building-manpages-if-we-re-not-going.patch | 27 +++++++++
>> ...odev-Fix-issue-with-signature-generation.patch} | 70 +++++++++++++---------
>> package/openssl/001-do-not-build-docs.patch | 13 ----
>> 3 files changed, 68 insertions(+), 42 deletions(-)
>> create mode 100644 package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
>> rename package/openssl/{003-cryptodev-Fix-issue-with-signature-generation.patch => 0002-cryptodev-Fix-issue-with-signature-generation.patch} (82%)
>> delete mode 100644 package/openssl/001-do-not-build-docs.patch
>>
>> diff --git a/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch b/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
>> new file mode 100644
>> index 0000000..93e2118
>> --- /dev/null
>> +++ b/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
>> @@ -0,0 +1,27 @@
>> +From 53980448064b362a58e4ab2aca6f38fec93c07c3 Mon Sep 17 00:00:00 2001
>> +From: Mike Frysinger <vapier@gentoo.org>
>> +Date: Sat, 16 May 2015 18:53:51 +0200
>> +Subject: [PATCH 1/3] Dont waste time building manpages if we're not going to
> ^^^^^^^^^^
> Please generate patches with -N to avoid the 1/3: it's incorrect (there are
> only 2 patches) and it causes additional churn when patches are regenerated.
When I was adopting these patches, I was lazy and didn't make any
changes from Thomas's last patch other than just dropping the
unnecessary third patch.
> I also like to add --subject-prefix= to remove the [PATCH] part, which is not
> at all useful in this context. But others may disagree.
I agree with this.
Do we want to update our buildroot documentation to reflect this?
Secondly, do you think it would be useful to add a new subsection that
documents how to properly use git to generate patches for use within
buildroot?
http://nightly.buildroot.org/manual.html#patch-policy
>> + use em.
>> +
>> +Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
>> +---
>> + Makefile.org | 2 +-
>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>> +
> [snip]
>> diff --git a/package/openssl/001-do-not-build-docs.patch b/package/openssl/001-do-not-build-docs.patch
>
> If you resend, perhaps you can add -M20% so the rename is detected?
Sure. Might just stick with '-M'.
Is 20% similarity more acceptable amount than just -M (by default it
is 50%)? In our buildroot documentation we list just using -M when
sending patches upstream.
Thanks,
-Ryan
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/2] openssl: use git formatted patches
2015-09-15 19:44 ` Ryan Barnett
@ 2015-09-15 20:39 ` Arnout Vandecappelle
0 siblings, 0 replies; 8+ messages in thread
From: Arnout Vandecappelle @ 2015-09-15 20:39 UTC (permalink / raw)
To: buildroot
On 15-09-15 21:44, Ryan Barnett wrote:
> Arnout,
>
> On Tue, Sep 15, 2015 at 11:47 AM, Arnout Vandecappelle <arnout@mind.be> wrote:
>> On 15-09-15 05:59, Ryan Barnett wrote:
>>> From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
>>>
>>> Using Git formatted patches makes it easier to adjust the patches when
>>> needed.
>>>
>>> [Ryan: removed unnecessary patch and updated offsets]
>>>
>>> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
>>> Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
>>> ---
>>> ...time-building-manpages-if-we-re-not-going.patch | 27 +++++++++
>>> ...odev-Fix-issue-with-signature-generation.patch} | 70 +++++++++++++---------
>>> package/openssl/001-do-not-build-docs.patch | 13 ----
>>> 3 files changed, 68 insertions(+), 42 deletions(-)
>>> create mode 100644 package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
>>> rename package/openssl/{003-cryptodev-Fix-issue-with-signature-generation.patch => 0002-cryptodev-Fix-issue-with-signature-generation.patch} (82%)
>>> delete mode 100644 package/openssl/001-do-not-build-docs.patch
>>>
>>> diff --git a/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch b/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
>>> new file mode 100644
>>> index 0000000..93e2118
>>> --- /dev/null
>>> +++ b/package/openssl/0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch
>>> @@ -0,0 +1,27 @@
>>> +From 53980448064b362a58e4ab2aca6f38fec93c07c3 Mon Sep 17 00:00:00 2001
>>> +From: Mike Frysinger <vapier@gentoo.org>
>>> +Date: Sat, 16 May 2015 18:53:51 +0200
>>> +Subject: [PATCH 1/3] Dont waste time building manpages if we're not going to
>> ^^^^^^^^^^
>> Please generate patches with -N to avoid the 1/3: it's incorrect (there are
>> only 2 patches) and it causes additional churn when patches are regenerated.
>
> When I was adopting these patches, I was lazy and didn't make any
> changes from Thomas's last patch other than just dropping the
> unnecessary third patch.
>
>> I also like to add --subject-prefix= to remove the [PATCH] part, which is not
>> at all useful in this context. But others may disagree.
>
> I agree with this.
>
> Do we want to update our buildroot documentation to reflect this?
>
> Secondly, do you think it would be useful to add a new subsection that
> documents how to properly use git to generate patches for use within
> buildroot?
>
> http://nightly.buildroot.org/manual.html#patch-policy
Both suggestions sound really nice!
>
>>> + use em.
>>> +
>>> +Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
>>> +---
>>> + Makefile.org | 2 +-
>>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>>> +
>> [snip]
>>> diff --git a/package/openssl/001-do-not-build-docs.patch b/package/openssl/001-do-not-build-docs.patch
>>
>> If you resend, perhaps you can add -M20% so the rename is detected?
>
> Sure. Might just stick with '-M'.
>
> Is 20% similarity more acceptable amount than just -M (by default it
> is 50%)? In our buildroot documentation we list just using -M when
> sending patches upstream.
I thought you already did use -M, otherwise the other patch wouldn't have been
detected as a rename. The default -M50% is normally good enough - if more than
half the lines change, it's probably not a reall rename. Only in this case, the
file was pretty small to begin with and all the git headers double its size, so
-M50% won't hit it. So if you see that in your format-patch output you can
decide to go for a smaller -M.
Obviously, it makes no difference for what gets committed in the end. It just
looks nicer for the reviewers.
Regards,
Arnout
--
Arnout Vandecappelle arnout dot vandecappelle at essensium dot com
Senior Embedded Software Architect . . . . . . +32-478-010353 (mobile)
Essensium, Mind division . . . . . . . . . . . . . . http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium . . . . . BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2015-09-15 20:39 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-05-16 19:04 [Buildroot] [PATCH 1/2] openssl: use git formatted patches Thomas Petazzoni
2015-05-16 19:04 ` [Buildroot] [PATCH 2/2] openssl: enable parallel build and installation Thomas Petazzoni
2015-07-20 14:07 ` [Buildroot] [PATCH 1/2] openssl: use git formatted patches Thomas Petazzoni
2015-07-21 13:05 ` Gustavo Zacarias
-- strict thread matches above, loose matches on Subject: below --
2015-09-15 3:59 [Buildroot] [PATCH 0/2] openssl parallel build Ryan Barnett
2015-09-15 3:59 ` [Buildroot] [PATCH 1/2] openssl: use git formatted patches Ryan Barnett
2015-09-15 16:47 ` Arnout Vandecappelle
2015-09-15 19:44 ` Ryan Barnett
2015-09-15 20:39 ` Arnout Vandecappelle
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox