Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1072633 - Enable openssl for ppc64le
Summary: Enable openssl for ppc64le
Alias: None
Product: Fedora
Classification: Fedora
Component: openssl
Version: rawhide
Hardware: ppc64le
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: F-ExcludeArch-ppc64le, PPC64LETracker
TreeView+ depends on / blocked
Reported: 2014-03-05 00:00 UTC by Brent Baude
Modified: 2014-04-03 14:25 UTC (History)
2 users (show)

Fixed In Version: openssl-1.0.1e-43.fc21
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-04-03 14:25:41 UTC

Attachments (Terms of Use)

Description Brent Baude 2014-03-05 00:00:53 UTC
The following changes to the latest rawhide openssl will enable ppc64le and openssl.  I defer to you on implementation (i.e changes) but this should give you a rough guideline of what is needed.

This will include:

1. change to the spec
2. change to opensslconf-new.h
3. additional patch

As we discussed via email, 1.0.2 should have the proper ppc64le upstream enablement.

diff --git a/openssl.spec b/openssl.spec
index c8d3dd9..2961202 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -92,6 +92,7 @@ Patch86: openssl-1.0.1e-cve-2013-6449.patch
 Patch87: openssl-1.0.1e-cve-2013-6450.patch
 Patch88: openssl-1.0.1e-cve-2013-4353.patch
 Patch89: openssl-1.0.1e-ephemeral-key-size.patch
+Patch99: openssl-1.0.1e-ppc64le-target.patch
 License: OpenSSL
 Group: System Environment/Libraries
@@ -217,6 +218,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
 %patch87 -p1 -b .dtls1-mitm
 %patch88 -p1 -b .handshake-crash
 %patch89 -p1 -b .ephemeral
+%patch99 -p1 -b .ppc64letarget
 sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
@@ -260,9 +262,13 @@ sslarch=linux-armv4
 %ifarch sh3 sh4
-%ifarch %{power64}
+%ifarch ppc64 ppc64p7
+%ifarch ppc64le
 # ia64, x86_64, ppc are OK by default
 # Configure the build tree.  Override OpenSSL defaults with known-good defaults
diff --git a/opensslconf-new.h b/opensslconf-new.h
index cf22738..bd56c73 100644
--- a/opensslconf-new.h
+++ b/opensslconf-new.h
@@ -14,7 +14,12 @@
 #elif defined(__ia64__)
 #include "opensslconf-ia64.h"
 #elif defined(__powerpc64__)
+#include <endian.h>
 #include "opensslconf-ppc64.h"
+#include "opensslconf-ppc64le.h"
 #elif defined(__powerpc__)
 #include "opensslconf-ppc.h"
 #elif defined(__s390x__)

[baude@ppc64le openssl]$ cat openssl-1.0.1e-ppc64le-target.patch
--- openssl-1.0.1e.orig/Configure	2013-08-20 13:42:58.996358664 +1000
+++ openssl-1.0.1e/Configure	2013-08-20 13:43:54.246608197 +1000
@@ -357,6 +357,7 @@
 "linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS)\$(SHLIB_SONAMEVER)",
 "linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS)\$(SHLIB_SONAMEVER):::64",
+"linux-ppc64le",	"gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS)\$(SHLIB_SONAMEVER):::64",
 "linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS)\$(SHLIB_SONAMEVER)",
 "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

Comment 1 Brent Baude 2014-04-02 19:02:44 UTC
Also, consider adding:

%ifnarch ppc64le
%patch74 -p1 -b .no-md5-verify

For some reason this patch impacts how openssl works, specifically with koji.

Comment 2 Tomas Mraz 2014-04-02 19:10:34 UTC
(In reply to baude from comment #1)
> Also, consider adding:
> %ifnarch ppc64le
> %patch74 -p1 -b .no-md5-verify
> %endif
> For some reason this patch impacts how openssl works, specifically with koji.

This does not make any sense. This patch should be architecture agnostic.

Comment 3 Gustavo Luiz Duarte 2014-04-02 19:35:10 UTC
(In reply to Tomas Mraz from comment #2)
> This does not make any sense. This patch should be architecture agnostic.

I agree that this is not architecture specific. It is just annoying that users are required to rework their environment because of this.
Dropping md5 support seems like a regression to me, specially considering not all users are required high standards security. A warning would be much more friendly than breaking users environment.

Comment 4 Tomas Mraz 2014-04-02 19:48:17 UTC
Note this is not about MD5 support in general. This is just about disabling support to verify certificates and CRLs that use MD5 in signatures. And that is something that no serious certificate authority supports anymore anyway, because it is a real security risk. So we will not revert this patch. And you can also set OPENSSL_ENABLE_MD5_VERIFY environment variable if you really know what you're doing.

Comment 5 Brent Baude 2014-04-02 19:52:15 UTC
Tomas, fair enough.  Can you commit the other ppc64le related changes to rawhide?

Note You need to log in before you can comment on or make changes to this bug.