/ Register

Learn about Centmin Mod LEMP Stack today
Become a Member

Beta Branch exclude openssl 1.1.0h from CLOUDFLARE_PATCHSSL='y'

Discussion in 'Centmin Mod Github Commits' started by eva2000, Mar 28, 2018.

Previous Thread Next Thread
Loading...
  1. Mar 28, 2018 #1
    eva2000

    eva2000 Administrator Staff Member

    33,668
    7,456
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,461
    Local Time:
    11:41 PM
    Nginx 1.13.x
    MariaDB 5.5
  2. Mar 28, 2018 #2
    bassie

    bassie Active Member

    804
    190
    43
    Apr 29, 2016
    Ratings:
    +569
    Local Time:
    3:41 PM
    OpenSSL1.1g-double-performance-ecdhx-25519.patch
    OpenSSL1.1g-improve-ECDSA-sign-30-40.patch

    Working fine on OpenSSL1.1h.
    Please verify.
     
  3. Mar 28, 2018 #3
    eva2000

    eva2000 Administrator Staff Member

    33,668
    7,456
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,461
    Local Time:
    11:41 PM
    Nginx 1.13.x
    MariaDB 5.5
    During patching i get 'patch unexpectedly ends in middle of line' messages so not sure if it's patched cleanly ? Guess i need to add a line to end of my patches ?

    from nginx recompile generated /root/centminlogs/patch_opensslpatches_270318-205334.log patching logs
    Code (Text):
    ######################################################################
Patching OpenSSL 1.1.0g
######################################################################
30-40% performance improvement patch for ECDSA
https://community.centminmod.com/posts/57725/
######################################################################
/svr-setup/openssl-1.1.0h /svr-setup/openssl-1.1.0h
patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-improve-ECDSA-sign-30-40.patch
patching file ECDSA-PATCH-CHANGELOG
patching file crypto/ec/asm/ecp_nistz256-armv8.pl
patching file crypto/ec/asm/ecp_nistz256-x86_64.pl
patching file crypto/ec/ec_err.c
patching file crypto/ec/ec_lcl.h
patching file crypto/ec/ec_lib.c
patching file crypto/ec/ecdsa_ossl.c
patching file crypto/ec/ecp_nistz256.c
patching file crypto/perlasm/x86_64-xlate.pl
patching file include/openssl/ec.h
patch unexpectedly ends in middle of line
Hunk #1 succeeded at 1389 with fuzz 1.
/svr-setup/openssl-1.1.0h

    Code (Text):
    ######################################################################
Patching OpenSSL 1.1.0g
######################################################################
ECDHX 25519 performance patch
https://community.centminmod.com/posts/57726/
######################################################################
/svr-setup/openssl-1.1.0h /svr-setup/openssl-1.1.0h
patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-double-performance-ecdhx-25519.patch
patching file crypto/ec/curve25519.c
patch unexpectedly ends in middle of line
Hunk #4 succeeded at 3842 with fuzz 1.
/svr-setup/openssl-1.1.0h

    Code (Text):
    ######################################################################
Patching OpenSSL 1.1.0 branch
######################################################################
Cloudflare Smart ChaCha20 patch
https://community.centminmod.com/posts/35727/
only support ChaCha20 if client's preferred cipher
######################################################################
/usr/local/src/centminmod/patches/openssl/chacha20-smarter.patch
patching file ssl/s3_lib.c
Hunk #1 succeeded at 3601 (offset 19 lines).
Hunk #2 succeeded at 3630 (offset 19 lines).
Hunk #3 succeeded at 3661 (offset 19 lines).
patch unexpectedly ends in middle of line
Hunk #4 succeeded at 3718 (offset 19 lines).
######################################################################
OpenSSL 1.1.0 branch Smart Chacha20 patched
######################################################################
     
  4. Mar 28, 2018 #4
    eva2000

    eva2000 Administrator Staff Member

    33,668
    7,456
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,461
    Local Time:
    11:41 PM
    Nginx 1.13.x
    MariaDB 5.5
    whoops was saving the patches in non-unix format - now fixed
    Code (Text):
    
[00:02][root@hostname openssl-1.1.0h]# patch -p1 < /usr/local/src/centminmod/patches/openssl/chacha20-smarter.patch
patching file ssl/s3_lib.c
Hunk #1 succeeded at 3601 (offset 19 lines).
Hunk #2 succeeded at 3630 (offset 19 lines).
Hunk #3 succeeded at 3661 (offset 19 lines).
Hunk #4 succeeded at 3718 (offset 19 lines).


    recompile nginx via centmin.sh menu option 4 and saved openssl patch log at /root/centminlogs/patch_opensslpatches_280318-001457.log
    Code (Text):
    ######################################################################
Patching OpenSSL 1.1.0g
######################################################################
30-40% performance improvement patch for ECDSA
https://community.centminmod.com/posts/57725/
######################################################################
/svr-setup/openssl-1.1.0h /svr-setup/openssl-1.1.0h
patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-improve-ECDSA-sign-30-40.patch
patching file ECDSA-PATCH-CHANGELOG
patching file crypto/ec/asm/ecp_nistz256-armv8.pl
patching file crypto/ec/asm/ecp_nistz256-x86_64.pl
patching file crypto/ec/ec_err.c
patching file crypto/ec/ec_lcl.h
patching file crypto/ec/ec_lib.c
patching file crypto/ec/ecdsa_ossl.c
patching file crypto/ec/ecp_nistz256.c
patching file crypto/perlasm/x86_64-xlate.pl
patching file include/openssl/ec.h
/svr-setup/openssl-1.1.0h


######################################################################
Patching OpenSSL 1.1.0g
######################################################################
ECDHX 25519 performance patch
https://community.centminmod.com/posts/57726/
######################################################################
/svr-setup/openssl-1.1.0h /svr-setup/openssl-1.1.0h
patch -p1 < /usr/local/src/centminmod/patches/openssl/OpenSSL1.1g-double-performance-ecdhx-25519.patch
patching file crypto/ec/curve25519.c
/svr-setup/openssl-1.1.0h

             ____  _                    _   __  _                   
            / ___|| |  ___   _   _   __| | / _|| |  __ _  _ __  ___ 
           | |    | | / _ \ | | | | / _` || |_ | | / _` || '__|/ _ \
           | |___ | || (_) || |_| || (_| ||  _|| || (_| || |  |  __/
            \____||_| \___/  \__,_| \__,_||_|  |_| \__,_||_|   \___|
                                                                   
             ___                       ____  ____   _       _     _ 
            / _ \  _ __    ___  _ __  / ___|/ ___| | |     / |   / |
           | | | || '_ \  / _ \| '_ \ \___ \\___ \ | |     | |   | |
           | |_| || |_) ||  __/| | | | ___) |___) || |___  | | _ | |
            \___/ | .__/  \___||_| |_||____/|____/ |_____| |_|(_)|_|
                  |_|                                               
                 ____                           _             
                / ___|  _ __ ___    __ _  _ __ | |_  ___  _ __ 
                \___ \ | '_ ` _ \  / _` || '__|| __|/ _ \| '__|
                 ___) || | | | | || (_| || |   | |_|  __/| |   
                |____/ |_| |_| |_| \__,_||_|    \__|\___||_|   
                                                               
              ____  _                   _             ____    ___ 
             / ___|| |__    __ _   ___ | |__    __ _ |___ \  / _ \ 
            | |    | '_ \  / _` | / __|| '_ \  / _` |  __) || | | |
            | |___ | | | || (_| || (__ | | | || (_| | / __/ | |_| |
             \____||_| |_| \__,_| \___||_| |_| \__,_||_____| \___/ 
                                                                   
                          ____         _         _     
                         |  _ \  __ _ | |_  ___ | |__ 
                         | |_) |/ _` || __|/ __|| '_ \ 
                         |  __/| (_| || |_| (__ | | | |
                         |_|    \__,_| \__|\___||_| |_|
                                                       
######################################################################
Patching OpenSSL 1.1.0 branch
######################################################################
Cloudflare Smart ChaCha20 patch
https://community.centminmod.com/posts/35727/
only support ChaCha20 if client's preferred cipher
######################################################################
/usr/local/src/centminmod/patches/openssl/chacha20-smarter.patch
patching file ssl/s3_lib.c
Hunk #1 succeeded at 3601 (offset 19 lines).
Hunk #2 succeeded at 3630 (offset 19 lines).
Hunk #3 succeeded at 3661 (offset 19 lines).
Hunk #4 succeeded at 3718 (offset 19 lines).
######################################################################
OpenSSL 1.1.0 branch Smart Chacha20 patched
######################################################################
             ____  _                    _   __  _                   
            / ___|| |  ___   _   _   __| | / _|| |  __ _  _ __  ___ 
           | |    | | / _ \ | | | | / _` || |_ | | / _` || '__|/ _ \
           | |___ | || (_) || |_| || (_| ||  _|| || (_| || |  |  __/
            \____||_| \___/  \__,_| \__,_||_|  |_| \__,_||_|   \___|
                                                                   
             ___                       ____  ____   _       _     _ 
            / _ \  _ __    ___  _ __  / ___|/ ___| | |     / |   / |
           | | | || '_ \  / _ \| '_ \ \___ \\___ \ | |     | |   | |
           | |_| || |_) ||  __/| | | | ___) |___) || |___  | | _ | |
            \___/ | .__/  \___||_| |_||____/|____/ |_____| |_|(_)|_|
                  |_|                                               
                 ____                           _             
                / ___|  _ __ ___    __ _  _ __ | |_  ___  _ __ 
                \___ \ | '_ ` _ \  / _` || '__|| __|/ _ \| '__|
                 ___) || | | | | || (_| || |   | |_|  __/| |   
                |____/ |_| |_| |_| \__,_||_|    \__|\___||_|   
                                                               
              ____  _                   _             ____    ___ 
             / ___|| |__    __ _   ___ | |__    __ _ |___ \  / _ \ 
            | |    | '_ \  / _` | / __|| '_ \  / _` |  __) || | | |
            | |___ | | | || (_| || (__ | | | || (_| | / __/ | |_| |
             \____||_| |_| \__,_| \___||_| |_| \__,_||_____| \___/ 
                                                                   
                   ____         _         _                _ 
                  |  _ \  __ _ | |_  ___ | |__    ___   __| |
                  | |_) |/ _` || __|/ __|| '_ \  / _ \ / _` |
                  |  __/| (_| || |_| (__ | | | ||  __/| (_| |
                  |_|    \__,_| \__|\___||_| |_| \___| \__,_|
     
  5. Mar 28, 2018 #5
    bassie

    bassie Active Member

    804
    190
    43
    Apr 29, 2016
    Ratings:
    +569
    Local Time:
    3:41 PM
    Nothing here. Both Patching directly + against Nginx.
     
  6. Mar 28, 2018 #6
    eva2000

    eva2000 Administrator Staff Member

    33,668
    7,456
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,461
    Local Time:
    11:41 PM
    Nginx 1.13.x
    MariaDB 5.5
    Yeah fixed the patch file format saved as Unix in previous post. Seems it's related when I am saving other folks patches as opposed to starting a fresh file.
     
  7. Mar 28, 2018 #7
    bassie

    bassie Active Member

    804
    190
    43
    Apr 29, 2016
    Ratings:
    +569
    Local Time:
    3:41 PM
    Therefore you could use GIT.
    I never copy it.
    Patches are very sensitive to form errors, after copy paste RAW data.
    And you know that too:)
     
  8. Mar 28, 2018 #8
    eva2000

    eva2000 Administrator Staff Member

    33,668
    7,456
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,461
    Local Time:
    11:41 PM
    Nginx 1.13.x
    MariaDB 5.5
    Yeah true. Though I will be mindful for how I save the patches now :)
     
  9. Mar 28, 2018 #9
    bassie

    bassie Active Member

    804
    190
    43
    Apr 29, 2016
    Ratings:
    +569
    Local Time:
    3:41 PM
    Sure.
    I know exactly what you meant.
    Fast copying from RAW is of course much faster.

    I've also had a malformed patch in the past.
    You do not understand that at first. Until he appears to have been copied incorrectly. After that.

    I have learned my lesson and never copy it again.
     
    • Agree Agree x 1
Previous Thread Next Thread
Loading...
..

.

Premium Membership Benefits