diff mbox series

[2/2] openssl: don't disable the AFALG engine based on host kernel

Message ID 20181122140516.10420-2-ross.burton@intel.com
State Accepted
Commit 4b6c566c0540fe8e560d0feeb9c765c0eb6e5182
Headers show
Series [1/2] openssl: output the configure data in do_configure | expand

Commit Message

Ross Burton Nov. 22, 2018, 2:05 p.m. UTC 
Whether the AFALG engine (use of hardware crypto via AF_ALG) is enable or
disable depends on whether the host kernel is 4.1 or above, which has no bearing
on whether the target system supports it.

Remove the complicated logic and simply enable/disable as requested.

Signed-off-by: Ross Burton <ross.burton@intel.com>

---
 .../openssl/openssl/afalg.patch                    | 31 ++++++++++++++++++++++
 meta/recipes-connectivity/openssl/openssl_1.1.1.bb |  1 +
 2 files changed, 32 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/afalg.patch

-- 
2.11.0

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
diff mbox series

Patch

diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch
new file mode 100644
index 00000000000..7c4b084f3df
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/afalg.patch
@@ -0,0 +1,31 @@ 
+Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
+
+Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/Configure b/Configure
+index 3baa8ce..9ef52ed 100755
+--- a/Configure
++++ b/Configure
+@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"})
+ unless ($disabled{afalgeng}) {
+     $config{afalgeng}="";
+     if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
+-        my $minver = 4*10000 + 1*100 + 0;
+-        if ($config{CROSS_COMPILE} eq "") {
+-            my $verstr = `uname -r`;
+-            my ($ma, $mi1, $mi2) = split("\\.", $verstr);
+-            ($mi2) = $mi2 =~ /(\d+)/;
+-            my $ver = $ma*10000 + $mi1*100 + $mi2;
+-            if ($ver < $minver) {
+-                $disabled{afalgeng} = "too-old-kernel";
+-            } else {
+-                push @{$config{engdirs}}, "afalg";
+-            }
+-        } else {
+-            $disabled{afalgeng} = "cross-compiling";
+-        }
++        push @{$config{engdirs}}, "afalg";
+     } else {
+         $disabled{afalgeng}  = "not-linux";
+     }
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1.bb
index 8d5d4b146e7..5d19910941e 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1.bb
@@ -18,6 +18,7 @@  SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0002-fix-CVE-2018-0734.patch \
            file://0003-fix-CVE-2018-0735.patch \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
+           file://afalg.patch \
            "
 
 SRC_URI_append_class-nativesdk = " \