Via Padlock support in OpenSSL is suboptimal at the moment, the attached patch adds some 3rd party openssl patches to enable full support for Via Padlock CPUs: $ dmesg | grep CPU CPU: VIA Nano U3300@1200MHz (1197.03-MHz K8-class CPU) $ /usr/local/bin/openssl engine -c -tt (cryptodev) BSD cryptodev engine [RSA, DSA, DH, AES-128-CBC, AES-192-CBC, AES-256-CBC] [ available ] (dynamic) Dynamic engine loading support [ unavailable ] (padlock) VIA PadLock: RNG ACE2 PHE PMM NANO [AES-128-ECB, AES-128-CBC, AES-128-CFB, AES-128-OFB, AES-192-ECB, AES-192-CBC, AES-192-CFB, AES-192-OFB, AES-256-ECB, AES-256-CBC, AES-256-CFB, AES-256-OFB, SHA1, DSA, SHA224, SHA256] [ available ] $ /usr/local/bin/openssl speed sha1 sha256 hmac-sha1 -engine padlock engine "padlock" set. .. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha1 31285.09k 93837.78k 216682.72k 322326.58k 376196.59k sha256 28490.06k 84352.09k 190977.55k 279109.44k 322914.87k hmac(sha1) 11233.03k 40204.20k 122229.52k 249804.46k 361585.79k Fix: +.if defined(WITH_PADLOCK) +PATCH_DIST_STRIP= -p1 +PATCH_SITES+= http://git.alpinelinux.org/cgit/aports/plain/main/openssl/:padlock +PATCHFILES+= 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch:padlock \ + 0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch:padlock \ + 0003-engines-e_padlock-backport-cvs-head-changes.patch:padlock \ + 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch:padlock \ + 0005-crypto-engine-autoload-padlock-dynamic-engine.patch:padlock +.endif + .if defined(WITH_GMP) EXTRACONFIGURE+= enable-gmp IGNORE= GMP is LGPLv3 an can not be linked. How-To-Repeat: There's no support for Via CPUs's sha1/sha224/sha256/hmac-sha1 in OpenSSL. Running "/usr/local/bin/openssl speed sha1 sha256 hmac-sha1 -engine padlock" will not make use of hw accel. The third patch (0003-engines-e_padlock-backport-cvs-head-changes.patch) also fixes 64bit issues with newer Via Nano 64bit CPUs.
Responsible Changed From-To: freebsd-ports-bugs->dinoex Over to maintainer (via the GNATS Auto Assign Tool)
State Changed From-To: open->analyzed patch in testing
State Changed From-To: analyzed->feedback sorry but this don't work well with all other patches. ===> Vulnerability check disabled, database not found ===> License check disabled, port has not defined LICENSE ===> Extracting for openssl-full-current-1.0.0_10 ===> Vulnerability check disabled, database not found ===> License check disabled, port has not defined LICENSE => SHA256 Checksum OK for openssl-1.0.0g/openssl-1.0.0g.tar.gz. => SHA256 Checksum OK for openssl-1.0.0g/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch. => SHA256 Checksum OK for openssl-1.0.0g/0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch. => SHA256 Checksum OK for openssl-1.0.0g/0003-engines-e_padlock-backport-cvs-head-changes.patch. => SHA256 Checksum OK for openssl-1.0.0g/0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch. => SHA256 Checksum OK for openssl-1.0.0g/0005-crypto-engine-autoload-padlock-dynamic-engine.patch. => SHA256 Checksum OK for openssl-1.0.0g/dtls-sctp-24.patch. ===> openssl-full-current-1.0.0_10 depends on file: /usr/local/bin/perl5.12.4 - found ===> Patching for openssl-full-current-1.0.0_10 ===> openssl-full-current-1.0.0_10 depends on file: /usr/local/bin/perl5.12.4 - found ===> Applying distribution patches for openssl-full-current-1.0.0_10 No file to patch. Skipping... 6 out of 6 hunks ignored--saving rejects to bio/bio.h.rej Can't create bio/bio.h.rej, output is in /tmp//patchrTUNKFd: No such file or directory No file to patch. Skipping... 11 out of 11 hunks ignored--saving rejects to bio/bss_dgram.c.rej Can't create bio/bss_dgram.c.rej, output is in /tmp//patchrTUNKFd: No such file or directory No file to patch. Skipping... 1 out of 1 hunks ignored--saving rejects to d1_both.c.rej No file to patch. Skipping... 13 out of 13 hunks ignored--saving rejects to d1_clnt.c.rej No file to patch. Skipping... 1 out of 1 hunks ignored--saving rejects to d1_lib.c.rej No file to patch. Skipping... 8 out of 8 hunks ignored--saving rejects to d1_pkt.c.rej No file to patch. Skipping... 12 out of 12 hunks ignored--saving rejects to d1_srvr.c.rej No file to patch. Skipping... 3 out of 3 hunks ignored--saving rejects to dtls1.h.rej No file to patch. Skipping... 2 out of 2 hunks ignored--saving rejects to ssl3.h.rej No file to patch. Skipping... 2 out of 2 hunks ignored--saving rejects to ssl_locl.h.rej *** Error code 59 Stop in /usr/ports/current/openssl-full. *** Error code 1 Stop in /usr/ports/current/openssl-full.
On Wed, 22 Feb 2012, dinoex@FreeBSD.org wrote: > Synopsis: Add Via Padlock support to security/openssl (patch included) > > State-Changed-From-To: analyzed->feedback > State-Changed-By: dinoex > State-Changed-When: Wed Feb 22 06:10:54 CET 2012 > State-Changed-Why: > > sorry but this don't work well with all other patches. > > ===> Vulnerability check disabled, database not found > ===> License check disabled, port has not defined LICENSE > ===> Extracting for openssl-full-current-1.0.0_10 > ===> Vulnerability check disabled, database not found > ===> License check disabled, port has not defined LICENSE > => SHA256 Checksum OK for openssl-1.0.0g/openssl-1.0.0g.tar.gz. > => SHA256 Checksum OK for openssl-1.0.0g/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch. > => SHA256 Checksum OK for openssl-1.0.0g/0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch. > => SHA256 Checksum OK for openssl-1.0.0g/0003-engines-e_padlock-backport-cvs-head-changes.patch. > => SHA256 Checksum OK for openssl-1.0.0g/0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch. > => SHA256 Checksum OK for openssl-1.0.0g/0005-crypto-engine-autoload-padlock-dynamic-engine.patch. > => SHA256 Checksum OK for openssl-1.0.0g/dtls-sctp-24.patch. > ===> openssl-full-current-1.0.0_10 depends on file: /usr/local/bin/perl5.12.4 - found > ===> Patching for openssl-full-current-1.0.0_10 > ===> openssl-full-current-1.0.0_10 depends on file: /usr/local/bin/perl5.12.4 - found > ===> Applying distribution patches for openssl-full-current-1.0.0_10 > No file to patch. Skipping... > 6 out of 6 hunks ignored--saving rejects to bio/bio.h.rej > Can't create bio/bio.h.rej, output is in /tmp//patchrTUNKFd: No such file or directory > No file to patch. Skipping... > 11 out of 11 hunks ignored--saving rejects to bio/bss_dgram.c.rej > Can't create bio/bss_dgram.c.rej, output is in /tmp//patchrTUNKFd: No such file or directory > No file to patch. Skipping... > 1 out of 1 hunks ignored--saving rejects to d1_both.c.rej > No file to patch. Skipping... > 13 out of 13 hunks ignored--saving rejects to d1_clnt.c.rej > No file to patch. Skipping... > 1 out of 1 hunks ignored--saving rejects to d1_lib.c.rej > No file to patch. Skipping... > 8 out of 8 hunks ignored--saving rejects to d1_pkt.c.rej > No file to patch. Skipping... > 12 out of 12 hunks ignored--saving rejects to d1_srvr.c.rej > No file to patch. Skipping... > 3 out of 3 hunks ignored--saving rejects to dtls1.h.rej > No file to patch. Skipping... > 2 out of 2 hunks ignored--saving rejects to ssl3.h.rej > No file to patch. Skipping... > 2 out of 2 hunks ignored--saving rejects to ssl_locl.h.rej > *** Error code 59 > > Stop in /usr/ports/current/openssl-full. > *** Error code 1 > > Stop in /usr/ports/current/openssl-full. > > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=164795 Hm, that's strange, because the padlock patches don't touch any of the files you mentioned at all: me@host:/usr/ports/distfiles/openssl-1.0.0g $ grep diff 000* 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch:diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c 0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch:diff --git a/apps/speed.c b/apps/speed.c 0003-engines-e_padlock-backport-cvs-head-changes.patch:diff --git a/engines/e_padlock.c b/engines/e_padlock.c 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch:diff --git a/engines/e_padlock.c b/engines/e_padlock.c 0005-crypto-engine-autoload-padlock-dynamic-engine.patch:diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c Is the DTLS patch broken?
The patches work with my VIA VB8001 board. Thank you! I had no errors while compiling and installing.
Patch applies fine after extracting from wrangled PR. Updated Patch against current version (including ports/166064): https://redports.org/export/2622/Nukama/Attic/patches/openssl-164795.patch Builds on all redports backends: https://redports.org/buildarchive/20120314145625-42451/ Builds with current patched version from ports: https://redports.org/buildarchive/20120314184501-48586/ And runs on my VIA board. https://forums.freebsd.org/showpost.php?p=170214&postcount=3
State Changed From-To: feedback->analyzed patchset only works if no other patches are applied. sadly we can support only one PATCH_DIST_STRIP= and for now it collids with the the sctp patches, that will return shortly.
State Changed From-To: analyzed->feedback please update your patch for openssl 1.0.1
On Sat, 02 Jun 2012, dinoex@FreeBSD.org wrote: > Synopsis: Add Via Padlock support to security/openssl (patch included) > > State-Changed-From-To: analyzed->feedback > State-Changed-By: dinoex > State-Changed-When: Sat Jun 2 11:15:39 CEST 2012 > State-Changed-Why: > > please update your patch for openssl 1.0.1 > > http://www.freebsd.org/cgi/query-pr.cgi?pr=164795 See attached patch
dinoex 2012-06-15 21:07:56 UTC FreeBSD ports repository Modified files: security/openssl Makefile distinfo Log: - use OPTIONS_DEFINE - add VIA padlock support PR: 164795 Submitted by: Stefan Krüger Revision Changes Path 1.188 +42 -27 ports/security/openssl/Makefile 1.74 +8 -0 ports/security/openssl/distinfo _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: feedback->closed committed, thanks.