1072633 – Enable openssl for ppc64le

Bug 1072633 - Enable openssl for ppc64le

Summary: Enable openssl for ppc64le

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openssl
Sub Component:
Version:	rawhide
Hardware:	ppc64le
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	F-ExcludeArch-ppc64le, PPC64LETracker
TreeView+	depends on / blocked

Reported:	2014-03-05 00:00 UTC by Brent Baude
Modified:	2014-04-03 14:25 UTC (History)
CC List:	2 users (show)
Fixed In Version:	openssl-1.0.1e-43.fc21
Clone Of:
Environment:
Last Closed:	2014-04-03 14:25:41 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Brent Baude 2014-03-05 00:00:53 UTC

The following changes to the latest rawhide openssl will enable ppc64le and openssl.  I defer to you on implementation (i.e changes) but this should give you a rough guideline of what is needed.

This will include:

1. change to the spec
2. change to opensslconf-new.h
3. additional patch

As we discussed via email, 1.0.2 should have the proper ppc64le upstream enablement.


diff --git a/openssl.spec b/openssl.spec
index c8d3dd9..2961202 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -92,6 +92,7 @@ Patch86: openssl-1.0.1e-cve-2013-6449.patch
 Patch87: openssl-1.0.1e-cve-2013-6450.patch
 Patch88: openssl-1.0.1e-cve-2013-4353.patch
 Patch89: openssl-1.0.1e-ephemeral-key-size.patch
+Patch99: openssl-1.0.1e-ppc64le-target.patch
 
 License: OpenSSL
 Group: System Environment/Libraries
@@ -217,6 +218,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
 %patch87 -p1 -b .dtls1-mitm
 %patch88 -p1 -b .handshake-crash
 %patch89 -p1 -b .ephemeral
+%patch99 -p1 -b .ppc64letarget
 
 sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
 
@@ -260,9 +262,13 @@ sslarch=linux-armv4
 %ifarch sh3 sh4
 sslarch=linux-generic32
 %endif
-%ifarch %{power64}
+%ifarch ppc64 ppc64p7
 sslarch=linux-ppc64
 %endif
+%ifarch ppc64le
+sslarch="linux-ppc64le"
+%endif
+
 
 # ia64, x86_64, ppc are OK by default
 # Configure the build tree.  Override OpenSSL defaults with known-good defaults
diff --git a/opensslconf-new.h b/opensslconf-new.h
index cf22738..bd56c73 100644
--- a/opensslconf-new.h
+++ b/opensslconf-new.h
@@ -14,7 +14,12 @@
 #elif defined(__ia64__)
 #include "opensslconf-ia64.h"
 #elif defined(__powerpc64__)
+#include <endian.h>
+#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
 #include "opensslconf-ppc64.h"
+#else
+#include "opensslconf-ppc64le.h"
+#endif
 #elif defined(__powerpc__)
 #include "opensslconf-ppc.h"
 #elif defined(__s390x__)


[baude@ppc64le openssl]$ cat openssl-1.0.1e-ppc64le-target.patch
--- openssl-1.0.1e.orig/Configure	2013-08-20 13:42:58.996358664 +1000
+++ openssl-1.0.1e/Configure	2013-08-20 13:43:54.246608197 +1000
@@ -357,6 +357,7 @@
 ####
 "linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 "linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
+"linux-ppc64le",	"gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
 "linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

Comment 1 Brent Baude 2014-04-02 19:02:44 UTC

Also, consider adding:

%ifnarch ppc64le
%patch74 -p1 -b .no-md5-verify
%endif

For some reason this patch impacts how openssl works, specifically with koji.

Comment 2 Tomas Mraz 2014-04-02 19:10:34 UTC

(In reply to baude from comment #1)
> Also, consider adding:
> 
> %ifnarch ppc64le
> %patch74 -p1 -b .no-md5-verify
> %endif
> 
> For some reason this patch impacts how openssl works, specifically with koji.

This does not make any sense. This patch should be architecture agnostic.

Comment 3 Gustavo Luiz Duarte 2014-04-02 19:35:10 UTC

(In reply to Tomas Mraz from comment #2)
> This does not make any sense. This patch should be architecture agnostic.

I agree that this is not architecture specific. It is just annoying that users are required to rework their environment because of this.
Dropping md5 support seems like a regression to me, specially considering not all users are required high standards security. A warning would be much more friendly than breaking users environment.

Comment 4 Tomas Mraz 2014-04-02 19:48:17 UTC

Note this is not about MD5 support in general. This is just about disabling support to verify certificates and CRLs that use MD5 in signatures. And that is something that no serious certificate authority supports anymore anyway, because it is a real security risk. So we will not revert this patch. And you can also set OPENSSL_ENABLE_MD5_VERIFY environment variable if you really know what you're doing.

Comment 5 Brent Baude 2014-04-02 19:52:15 UTC

Tomas, fair enough.  Can you commit the other ppc64le related changes to rawhide?

Note You need to log in before you can comment on or make changes to this bug.