Patchwork [meta-fsl-ppc,4/4] openssl: use fsl maintained source

login
register
mail settings
Submitter Ting Liu
Date July 9, 2014, 8:16 a.m.
Message ID <1404893803-3879-4-git-send-email-ting.liu@freescale.com>
Download mbox | patch
Permalink /patch/75215/
State Superseded
Headers show

Comments

Ting Liu - July 9, 2014, 8:16 a.m.
From: Ting Liu <b28495@freescale.com>

add bbappend to use fsl own openssl source code which was tested

Signed-off-by: Ting Liu <b28495@freescale.com>
---
 .../openssl/openssl_1.0.1g.bbappend                |   40 ++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 recipes-connectivity/openssl/openssl_1.0.1g.bbappend
Redwan Mohamed - July 9, 2014, 8:32 a.m.
Thanks Ting, will apply the patches and check.Hope all the four patches are with respect to reported qtdemoE issue in qte-in-use-image recipe.

Thanks & Best Regards,Redwan A M | Senior Software EngineerZumi Solutions (P) Ltd.,#956, 16th Main Road, BTM 2nd Stage,Bangalore-560 076. India.Mob: +91 9535687671Tel: +91 80 41126182
> From: ting.liu@freescale.com
> To: meta-freescale@yoctoproject.org
> Date: Wed, 9 Jul 2014 03:16:43 -0500
> Subject: [meta-freescale] [meta-fsl-ppc][PATCH 4/4] openssl: use fsl	maintained source
> 
> From: Ting Liu <b28495@freescale.com>
> 
> add bbappend to use fsl own openssl source code which was tested
> 
> Signed-off-by: Ting Liu <b28495@freescale.com>
> ---
>  .../openssl/openssl_1.0.1g.bbappend                |   40 ++++++++++++++++++++
>  1 file changed, 40 insertions(+)
>  create mode 100644 recipes-connectivity/openssl/openssl_1.0.1g.bbappend
> 
> diff --git a/recipes-connectivity/openssl/openssl_1.0.1g.bbappend b/recipes-connectivity/openssl/openssl_1.0.1g.bbappend
> new file mode 100644
> index 0000000..b86af36
> --- /dev/null
> +++ b/recipes-connectivity/openssl/openssl_1.0.1g.bbappend
> @@ -0,0 +1,40 @@
> +RDEPENDS_${PN}_class-target += "cryptodev-module"
> +
> +# base package is taken from Freescale repository
> +SRC_URI = "git://git.freescale.com/ppc/sdk/openssl.git;nobranch=1"
> +SRCREV = "9dfc18846063a110070782ede699c513b30257e5"
> +
> +SRC_URI += "file://configure-targets.patch \
> +            file://shared-libs.patch \
> +            file://oe-ldflags.patch \
> +            file://engines-install-in-libdir-ssl.patch \
> +            file://openssl-fix-link.patch \
> +            file://debian/version-script.patch \
> +            file://debian/pic.patch \
> +            file://debian/c_rehash-compat.patch \
> +            file://debian/ca.patch \
> +            file://debian/make-targets.patch \
> +            file://debian/no-rpath.patch \
> +            file://debian/man-dir.patch \
> +            file://debian/man-section.patch \
> +            file://debian/no-symbolic.patch \
> +            file://debian/debian-targets.patch \
> +            file://openssl_fix_for_x32.patch \
> +            file://openssl-fix-doc.patch \
> +            file://fix-cipher-des-ede3-cfb1.patch \
> +            file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
> +            file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
> +            file://initial-aarch64-bits.patch \
> +            file://find.pl \
> +            file://openssl-fix-des.pod-error.patch \
> +           "
> +S = "${WORKDIR}/git"
> +
> +# Digest offloading through cryptodev is not recommended because of the
> +# performance penalty of the Openssl engine interface. Openssl generates a huge
> +# number of calls to digest functions for even a small amount of work data.
> +# For example there are 70 calls to cipher code and over 10000 to digest code
> +# when downloading only 10 files of 700 bytes each.
> +# Do not build OpenSSL with cryptodev digest support until engine digest
> +# interface gets some rework:
> +CFLAG := "${@'${CFLAG}'.replace('-DUSE_CRYPTODEV_DIGESTS', '')}"
> -- 
> 1.7.9.7
> 
> -- 
> _______________________________________________
> meta-freescale mailing list
> meta-freescale@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-freescale
Otavio Salvador - July 9, 2014, 5:24 p.m.
On Wed, Jul 9, 2014 at 5:16 AM,  <ting.liu@freescale.com> wrote:
> From: Ting Liu <b28495@freescale.com>
>
> add bbappend to use fsl own openssl source code which was tested
>
> Signed-off-by: Ting Liu <b28495@freescale.com>

Did you compare the source code changes?

OpenSSL is a critical piece of software and which has severe security
impact so I don't think we ought to keep a fork of it.
Ting Liu - July 10, 2014, 2:28 a.m.
Just read your another email. These patches were used for qoriq boards. I think you need to find other solution for the qtdemoE issue.

From: Redwan Mohamed [mailto:redwan@zumisolutions.com]
Sent: Wednesday, July 09, 2014 4:33 PM
To: Liu Ting-B28495; meta-freescale@yoctoproject.org
Subject: RE: [meta-freescale] [meta-fsl-ppc][PATCH 4/4] openssl: use fsl maintained source

Thanks Ting, will apply the patches and check.
Hope all the four patches are with respect to reported qtdemoE issue in qte-in-use-image recipe.

Thanks & Best Regards,
Redwan A M | Senior Software Engineer
Zumi Solutions (P) Ltd.,
#956, 16th Main Road, BTM 2nd Stage,
Bangalore-560 076. India.
Mob: +91 9535687671
Tel: +91 80 41126182

> From: ting.liu@freescale.com<mailto:ting.liu@freescale.com>
> To: meta-freescale@yoctoproject.org<mailto:meta-freescale@yoctoproject.org>
> Date: Wed, 9 Jul 2014 03:16:43 -0500
> Subject: [meta-freescale] [meta-fsl-ppc][PATCH 4/4] openssl: use fsl maintained source
>
> From: Ting Liu <b28495@freescale.com<mailto:b28495@freescale.com>>
>
> add bbappend to use fsl own openssl source code which was tested
>
> Signed-off-by: Ting Liu <b28495@freescale.com<mailto:b28495@freescale.com>>
> ---
> .../openssl/openssl_1.0.1g.bbappend | 40 ++++++++++++++++++++
> 1 file changed, 40 insertions(+)
> create mode 100644 recipes-connectivity/openssl/openssl_1.0.1g.bbappend
>
> diff --git a/recipes-connectivity/openssl/openssl_1.0.1g.bbappend b/recipes-connectivity/openssl/openssl_1.0.1g.bbappend
> new file mode 100644
> index 0000000..b86af36
> --- /dev/null
> +++ b/recipes-connectivity/openssl/openssl_1.0.1g.bbappend
> @@ -0,0 +1,40 @@
> +RDEPENDS_${PN}_class-target += "cryptodev-module"
> +
> +# base package is taken from Freescale repository
> +SRC_URI = "git://git.freescale.com/ppc/sdk/openssl.git;nobranch=1"
> +SRCREV = "9dfc18846063a110070782ede699c513b30257e5"
> +
> +SRC_URI += "file://configure-targets.patch \
> + file://shared-libs.patch \
> + file://oe-ldflags.patch \
> + file://engines-install-in-libdir-ssl.patch \
> + file://openssl-fix-link.patch \
> + file://debian/version-script.patch \
> + file://debian/pic.patch \
> + file://debian/c_rehash-compat.patch \
> + file://debian/ca.patch \
> + file://debian/make-targets.patch \
> + file://debian/no-rpath.patch \
> + file://debian/man-dir.patch \
> + file://debian/man-section.patch \
> + file://debian/no-symbolic.patch \
> + file://debian/debian-targets.patch \
> + file://openssl_fix_for_x32.patch \
> + file://openssl-fix-doc.patch \
> + file://fix-cipher-des-ede3-cfb1.patch \
> + file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
> + file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
> + file://initial-aarch64-bits.patch \
> + file://find.pl \
> + file://openssl-fix-des.pod-error.patch \
> + <file:///\\configure-targets.patch%20\%0b%3e%20+%20file:\shared-libs.patch%20\%0b%3e%20+%20file:\oe-ldflags.patch%20\%0b%3e%20+%20file:\engines-install-in-libdir-ssl.patch%20\%0b%3e%20+%20file:\openssl-fix-link.patch%20\%0b%3e%20+%20file:\debian\version-script.patch%20\%0b%3e%20+%20file:\debian\pic.patch%20\%0b%3e%20+%20file:\debian\c_rehash-compat.patch%20\%0b%3e%20+%20file:\debian\ca.patch%20\%0b%3e%20+%20file:\debian\make-targets.patch%20\%0b%3e%20+%20file:\debian\no-rpath.patch%20\%0b%3e%20+%20file:\debian\man-dir.patch%20\%0b%3e%20+%20file:\debian\man-section.patch%20\%0b%3e%20+%20file:\debian\no-symbolic.patch%20\%0b%3e%20+%20file:\debian\debian-targets.patch%20\%0b%3e%20+%20file:\openssl_fix_for_x32.patch%20\%0b%3e%20+%20file:\openssl-fix-doc.patch%20\%0b%3e%20+%20file:\fix-cipher-des-ede3-cfb1.patch%20\%0b%3e%20+%20file:\openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch%20\%0b%3e%20+%20file:\openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch%20\%0b%3e%20+%20file:\initial-aarch64-bits.patch%20\%0b%3e%20+%20file:\find.pl%20\%0b%3e%20+%20file:\openssl-fix-des.pod-error.patch%20\%0b%3e%20+%20> "
> +S = "${WORKDIR}/git"
> +
> +# Digest offloading through cryptodev is not recommended because of the
> +# performance penalty of the Openssl engine interface. Openssl generates a huge
> +# number of calls to digest functions for even a small amount of work data.
> +# For example there are 70 calls to cipher code and over 10000 to digest code
> +# when downloading only 10 files of 700 bytes each.
> +# Do not build OpenSSL with cryptodev digest support until engine digest
> +# interface gets some rework:
> +CFLAG := "${@'${CFLAG}'.replace('-DUSE_CRYPTODEV_DIGESTS', '')}<mailto:$%7b@'$%7bCFLAG%7d'.replace('-DUSE_CRYPTODEV_DIGESTS',%20'')%7d>"
> --
> 1.7.9.7
>
> --
> _______________________________________________
> meta-freescale mailing list
> meta-freescale@yoctoproject.org<mailto:meta-freescale@yoctoproject.org>
> https://lists.yoctoproject.org/listinfo/meta-freescale

Patch

diff --git a/recipes-connectivity/openssl/openssl_1.0.1g.bbappend b/recipes-connectivity/openssl/openssl_1.0.1g.bbappend
new file mode 100644
index 0000000..b86af36
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl_1.0.1g.bbappend
@@ -0,0 +1,40 @@ 
+RDEPENDS_${PN}_class-target += "cryptodev-module"
+
+# base package is taken from Freescale repository
+SRC_URI = "git://git.freescale.com/ppc/sdk/openssl.git;nobranch=1"
+SRCREV = "9dfc18846063a110070782ede699c513b30257e5"
+
+SRC_URI += "file://configure-targets.patch \
+            file://shared-libs.patch \
+            file://oe-ldflags.patch \
+            file://engines-install-in-libdir-ssl.patch \
+            file://openssl-fix-link.patch \
+            file://debian/version-script.patch \
+            file://debian/pic.patch \
+            file://debian/c_rehash-compat.patch \
+            file://debian/ca.patch \
+            file://debian/make-targets.patch \
+            file://debian/no-rpath.patch \
+            file://debian/man-dir.patch \
+            file://debian/man-section.patch \
+            file://debian/no-symbolic.patch \
+            file://debian/debian-targets.patch \
+            file://openssl_fix_for_x32.patch \
+            file://openssl-fix-doc.patch \
+            file://fix-cipher-des-ede3-cfb1.patch \
+            file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
+            file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
+            file://initial-aarch64-bits.patch \
+            file://find.pl \
+            file://openssl-fix-des.pod-error.patch \
+           "
+S = "${WORKDIR}/git"
+
+# Digest offloading through cryptodev is not recommended because of the
+# performance penalty of the Openssl engine interface. Openssl generates a huge
+# number of calls to digest functions for even a small amount of work data.
+# For example there are 70 calls to cipher code and over 10000 to digest code
+# when downloading only 10 files of 700 bytes each.
+# Do not build OpenSSL with cryptodev digest support until engine digest
+# interface gets some rework:
+CFLAG := "${@'${CFLAG}'.replace('-DUSE_CRYPTODEV_DIGESTS', '')}"