* [PATCH] openssl: Fix reproducibility issue
@ 2020-02-06 22:48 Richard Purdie
0 siblings, 0 replies; 2+ messages in thread
From: Richard Purdie @ 2020-02-06 22:48 UTC (permalink / raw)
To: openembedded-core
There was a build architecture leaking into the target ptest which
could vary depending upon host. Remove it as its cosmetic.
[YOCTO #13770]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
.../openssl/openssl/reproducible.patch | 32 +++++++++++++++++++
.../openssl/openssl_1.1.1d.bb | 1 +
2 files changed, 33 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/reproducible.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/meta/recipes-connectivity/openssl/openssl/reproducible.patch
new file mode 100644
index 00000000000..a24260c95d0
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/reproducible.patch
@@ -0,0 +1,32 @@
+The value for perl_archname can vary depending on the host, e.g.
+x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which
+makes the ptest package non-reproducible. Its unused other than
+these references so drop it.
+
+RP 2020/2/6
+
+Upstream-Status: Pending
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: openssl-1.1.1d/Configure
+===================================================================
+--- openssl-1.1.1d.orig/Configure
++++ openssl-1.1.1d/Configure
+@@ -286,7 +286,7 @@ if (defined env($local_config_envname))
+ # Save away perl command information
+ $config{perl_cmd} = $^X;
+ $config{perl_version} = $Config{version};
+-$config{perl_archname} = $Config{archname};
++#$config{perl_archname} = $Config{archname};
+
+ $config{prefix}="";
+ $config{openssldir}="";
+@@ -2517,7 +2517,7 @@ _____
+ @{$config{perlargv}}), "\n";
+ print "\nPerl information:\n\n";
+ print ' ',$config{perl_cmd},"\n";
+- print ' ',$config{perl_version},' for ',$config{perl_archname},"\n";
++ print ' ',$config{perl_version},"\n";
+ }
+ if ($dump || $options) {
+ my $longest = 0;
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
index 7fd0f9a269c..c2ba005f47f 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
@@ -17,6 +17,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://CVE-2019-1551.patch \
+ file://reproducible.patch \
"
SRC_URI_append_class-nativesdk = " \
--
2.20.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH] openssl: Fix reproducibility issue
@ 2023-03-16 17:34 Richard Purdie
0 siblings, 0 replies; 2+ messages in thread
From: Richard Purdie @ 2023-03-16 17:34 UTC (permalink / raw)
To: openembedded-core
Fix an issue introduced in the new openssl version where an assembler file
isn't generated in a reproducible way by seeding the perl random number
generator consistently. It has no crypto impact, it is just used to
avoid function name clashes.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
.../openssl/openssl/fix_random_labels.patch | 22 +++++++++++++++++++
.../openssl/openssl_3.1.0.bb | 1 +
2 files changed, 23 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch b/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
new file mode 100644
index 00000000000..78dcd816854
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/fix_random_labels.patch
@@ -0,0 +1,22 @@
+The perl script adds random suffixes to the local function names to ensure
+it doesn't clash with other parts of openssl. Set the random number seed
+to something predictable so the assembler files are generated consistently
+and our own reproducible builds tests pass.
+
+Upstream-Status: Pending
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl
+===================================================================
+--- openssl-3.1.0.orig/crypto/modes/asm/aes-gcm-avx512.pl
++++ openssl-3.1.0/crypto/modes/asm/aes-gcm-avx512.pl
+@@ -191,6 +191,9 @@ my $CTX_OFFSET_HTable = (16 * 6);
+ # ;;; Helper functions
+ # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
++# Ensure the local labels are reproduicble
++srand(10000);
++
+ # ; Generates "random" local labels
+ sub random_string() {
+ my @chars = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '_');
diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.0.bb b/meta/recipes-connectivity/openssl/openssl_3.1.0.bb
index 4ae376d18ae..85286a06180 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.1.0.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.1.0.bb
@@ -11,6 +11,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://run-ptest \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://0001-Configure-do-not-tweak-mips-cflags.patch \
+ file://fix_random_labels.patch \
"
SRC_URI:append:class-nativesdk = " \
--
2.38.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-03-16 17:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-06 22:48 [PATCH] openssl: Fix reproducibility issue Richard Purdie
2023-03-16 17:34 Richard Purdie
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.