Join the community today
Become a Member

Beta Branch exclude openssl 1.1.0h from CLOUDFLARE_PATCHSSL='y'

Discussion in 'Centmin Mod Github Commits' started by eva2000, Mar 28, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    4:53 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
  2. bassie

    bassie Active Member

    939
    220
    43
    Apr 29, 2016
    Ratings:
    +664
    Local Time:
    8:53 AM
    OpenSSL1.1g-double-performance-ecdhx-25519.patch
    OpenSSL1.1g-improve-ECDSA-sign-30-40.patch

    Working fine on OpenSSL1.1h.
    Please verify.
     
  3. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    4:53 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    During patching i get 'patch unexpectedly ends in middle of line' messages so not sure if it's patched cleanly ? Guess i need to add a line to end of my patches ?

    from nginx recompile generated /root/centminlogs/patch_opensslpatches_270318-205334.log patching logs
    Code (Text):
    ######################################################################
    Patching OpenSSL 1.1.0g
    ######################################################################
    30-40% performance improvement patch for ECDSA
    https://community.centminmod.com/posts/57725/
    ######################################################################
    /svr-setup/openssl-1.1.0h /svr-setup/openssl-1.1.0h
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-improve-ECDSA-sign-30-40.patch
    patching file ECDSA-PATCH-CHANGELOG
    patching file crypto/ec/asm/ecp_nistz256-armv8.pl
    patching file crypto/ec/asm/ecp_nistz256-x86_64.pl
    patching file crypto/ec/ec_err.c
    patching file crypto/ec/ec_lcl.h
    patching file crypto/ec/ec_lib.c
    patching file crypto/ec/ecdsa_ossl.c
    patching file crypto/ec/ecp_nistz256.c
    patching file crypto/perlasm/x86_64-xlate.pl
    patching file include/openssl/ec.h
    patch unexpectedly ends in middle of line
    Hunk #1 succeeded at 1389 with fuzz 1.
    /svr-setup/openssl-1.1.0h
    

    Code (Text):
    ######################################################################
    Patching OpenSSL 1.1.0g
    ######################################################################
    ECDHX 25519 performance patch
    https://community.centminmod.com/posts/57726/
    ######################################################################
    /svr-setup/openssl-1.1.0h /svr-setup/openssl-1.1.0h
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-double-performance-ecdhx-25519.patch
    patching file crypto/ec/curve25519.c
    patch unexpectedly ends in middle of line
    Hunk #4 succeeded at 3842 with fuzz 1.
    /svr-setup/openssl-1.1.0h
    

    Code (Text):
    ######################################################################
    Patching OpenSSL 1.1.0 branch
    ######################################################################
    Cloudflare Smart ChaCha20 patch
    https://community.centminmod.com/posts/35727/
    only support ChaCha20 if client's preferred cipher
    ######################################################################
    /usr/local/src/centminmod/patches/openssl/chacha20-smarter.patch
    patching file ssl/s3_lib.c
    Hunk #1 succeeded at 3601 (offset 19 lines).
    Hunk #2 succeeded at 3630 (offset 19 lines).
    Hunk #3 succeeded at 3661 (offset 19 lines).
    patch unexpectedly ends in middle of line
    Hunk #4 succeeded at 3718 (offset 19 lines).
    ######################################################################
    OpenSSL 1.1.0 branch Smart Chacha20 patched
    ######################################################################
    
     
  4. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    4:53 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    whoops was saving the patches in non-unix format - now fixed
    Code (Text):
    [00:02][[email protected] openssl-1.1.0h]# patch -p1 < /usr/local/src/centminmod/patches/openssl/chacha20-smarter.patch
    patching file ssl/s3_lib.c
    Hunk #1 succeeded at 3601 (offset 19 lines).
    Hunk #2 succeeded at 3630 (offset 19 lines).
    Hunk #3 succeeded at 3661 (offset 19 lines).
    Hunk #4 succeeded at 3718 (offset 19 lines).
    


    recompile nginx via centmin.sh menu option 4 and saved openssl patch log at /root/centminlogs/patch_opensslpatches_280318-001457.log
    Code (Text):
    ######################################################################
    Patching OpenSSL 1.1.0g
    ######################################################################
    30-40% performance improvement patch for ECDSA
    https://community.centminmod.com/posts/57725/
    ######################################################################
    /svr-setup/openssl-1.1.0h /svr-setup/openssl-1.1.0h
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-improve-ECDSA-sign-30-40.patch
    patching file ECDSA-PATCH-CHANGELOG
    patching file crypto/ec/asm/ecp_nistz256-armv8.pl
    patching file crypto/ec/asm/ecp_nistz256-x86_64.pl
    patching file crypto/ec/ec_err.c
    patching file crypto/ec/ec_lcl.h
    patching file crypto/ec/ec_lib.c
    patching file crypto/ec/ecdsa_ossl.c
    patching file crypto/ec/ecp_nistz256.c
    patching file crypto/perlasm/x86_64-xlate.pl
    patching file include/openssl/ec.h
    /svr-setup/openssl-1.1.0h
    
    
    ######################################################################
    Patching OpenSSL 1.1.0g
    ######################################################################
    ECDHX 25519 performance patch
    https://community.centminmod.com/posts/57726/
    ######################################################################
    /svr-setup/openssl-1.1.0h /svr-setup/openssl-1.1.0h
    patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-double-performance-ecdhx-25519.patch
    patching file crypto/ec/curve25519.c
    /svr-setup/openssl-1.1.0h
    
                 ____  _                    _   __  _                   
                / ___|| |  ___   _   _   __| | / _|| |  __ _  _ __  ___ 
               | |    | | / _ \ | | | | / _` || |_ | | / _` || '__|/ _ \
               | |___ | || (_) || |_| || (_| ||  _|| || (_| || |  |  __/
                \____||_| \___/  \__,_| \__,_||_|  |_| \__,_||_|   \___|
                                                                       
                 ___                       ____  ____   _       _     _ 
                / _ \  _ __    ___  _ __  / ___|/ ___| | |     / |   / |
               | | | || '_ \  / _ \| '_ \ \___ \\___ \ | |     | |   | |
               | |_| || |_) ||  __/| | | | ___) |___) || |___  | | _ | |
                \___/ | .__/  \___||_| |_||____/|____/ |_____| |_|(_)|_|
                      |_|                                               
                     ____                           _             
                    / ___|  _ __ ___    __ _  _ __ | |_  ___  _ __ 
                    \___ \ | '_ ` _ \  / _` || '__|| __|/ _ \| '__|
                     ___) || | | | | || (_| || |   | |_|  __/| |   
                    |____/ |_| |_| |_| \__,_||_|    \__|\___||_|   
                                                                   
                  ____  _                   _             ____    ___ 
                 / ___|| |__    __ _   ___ | |__    __ _ |___ \  / _ \ 
                | |    | '_ \  / _` | / __|| '_ \  / _` |  __) || | | |
                | |___ | | | || (_| || (__ | | | || (_| | / __/ | |_| |
                 \____||_| |_| \__,_| \___||_| |_| \__,_||_____| \___/ 
                                                                       
                              ____         _         _     
                             |  _ \  __ _ | |_  ___ | |__ 
                             | |_) |/ _` || __|/ __|| '_ \ 
                             |  __/| (_| || |_| (__ | | | |
                             |_|    \__,_| \__|\___||_| |_|
                                                           
    ######################################################################
    Patching OpenSSL 1.1.0 branch
    ######################################################################
    Cloudflare Smart ChaCha20 patch
    https://community.centminmod.com/posts/35727/
    only support ChaCha20 if client's preferred cipher
    ######################################################################
    /usr/local/src/centminmod/patches/openssl/chacha20-smarter.patch
    patching file ssl/s3_lib.c
    Hunk #1 succeeded at 3601 (offset 19 lines).
    Hunk #2 succeeded at 3630 (offset 19 lines).
    Hunk #3 succeeded at 3661 (offset 19 lines).
    Hunk #4 succeeded at 3718 (offset 19 lines).
    ######################################################################
    OpenSSL 1.1.0 branch Smart Chacha20 patched
    ######################################################################
                 ____  _                    _   __  _                   
                / ___|| |  ___   _   _   __| | / _|| |  __ _  _ __  ___ 
               | |    | | / _ \ | | | | / _` || |_ | | / _` || '__|/ _ \
               | |___ | || (_) || |_| || (_| ||  _|| || (_| || |  |  __/
                \____||_| \___/  \__,_| \__,_||_|  |_| \__,_||_|   \___|
                                                                       
                 ___                       ____  ____   _       _     _ 
                / _ \  _ __    ___  _ __  / ___|/ ___| | |     / |   / |
               | | | || '_ \  / _ \| '_ \ \___ \\___ \ | |     | |   | |
               | |_| || |_) ||  __/| | | | ___) |___) || |___  | | _ | |
                \___/ | .__/  \___||_| |_||____/|____/ |_____| |_|(_)|_|
                      |_|                                               
                     ____                           _             
                    / ___|  _ __ ___    __ _  _ __ | |_  ___  _ __ 
                    \___ \ | '_ ` _ \  / _` || '__|| __|/ _ \| '__|
                     ___) || | | | | || (_| || |   | |_|  __/| |   
                    |____/ |_| |_| |_| \__,_||_|    \__|\___||_|   
                                                                   
                  ____  _                   _             ____    ___ 
                 / ___|| |__    __ _   ___ | |__    __ _ |___ \  / _ \ 
                | |    | '_ \  / _` | / __|| '_ \  / _` |  __) || | | |
                | |___ | | | || (_| || (__ | | | || (_| | / __/ | |_| |
                 \____||_| |_| \__,_| \___||_| |_| \__,_||_____| \___/ 
                                                                       
                       ____         _         _                _ 
                      |  _ \  __ _ | |_  ___ | |__    ___   __| |
                      | |_) |/ _` || __|/ __|| '_ \  / _ \ / _` |
                      |  __/| (_| || |_| (__ | | | ||  __/| (_| |
                      |_|    \__,_| \__|\___||_| |_| \___| \__,_|
    
     
  5. bassie

    bassie Active Member

    939
    220
    43
    Apr 29, 2016
    Ratings:
    +664
    Local Time:
    8:53 AM
    Nothing here. Both Patching directly + against Nginx.
     
  6. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    4:53 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Yeah fixed the patch file format saved as Unix in previous post. Seems it's related when I am saving other folks patches as opposed to starting a fresh file.
     
  7. bassie

    bassie Active Member

    939
    220
    43
    Apr 29, 2016
    Ratings:
    +664
    Local Time:
    8:53 AM
    Therefore you could use GIT.
    I never copy it.
    Patches are very sensitive to form errors, after copy paste RAW data.
    And you know that too:)
     
  8. eva2000

    eva2000 Administrator Staff Member

    36,054
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    4:53 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Yeah true. Though I will be mindful for how I save the patches now :)
     
  9. bassie

    bassie Active Member

    939
    220
    43
    Apr 29, 2016
    Ratings:
    +664
    Local Time:
    8:53 AM
    Sure.
    I know exactly what you meant.
    Fast copying from RAW is of course much faster.

    I've also had a malformed patch in the past.
    You do not understand that at first. Until he appears to have been copied incorrectly. After that.

    I have learned my lesson and never copy it again.
     
    • Agree Agree x 1
..