@@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openssl
PKG_BASE:=1.1.1
-PKG_BUGFIX:=a
+PKG_BUGFIX:=b
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=2
+PKG_RELEASE:=1
PKG_USE_MIPS16:=0
ENGINES_DIR=engines-1.1
@@ -25,7 +25,7 @@ PKG_SOURCE_URL:= \
ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
http://www.openssl.org/source/ \
http://www.openssl.org/source/old/$(PKG_BASE)/
-PKG_HASH:=fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41
+PKG_HASH:=5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
PKG_LICENSE:=OpenSSL
PKG_LICENSE_FILES:=LICENSE
@@ -295,10 +295,6 @@ OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
define Build/Configure
- [ -f $(STAMP_CONFIGURED) ] || { \
- rm -f $(PKG_BUILD_DIR)/*.so.* $(PKG_BUILD_DIR)/*.a; \
- find $(PKG_BUILD_DIR) -name \*.o | xargs rm -f; \
- }
(cd $(PKG_BUILD_DIR); \
./Configure $(OPENSSL_TARGET) \
--prefix=/usr \
@@ -306,7 +302,8 @@ define Build/Configure
--openssldir=/etc/ssl \
$(TARGET_CPPFLAGS) \
$(TARGET_LDFLAGS) \
- $(OPENSSL_OPTIONS) \
+ $(OPENSSL_OPTIONS) && \
+ { [ -f $(STAMP_CONFIGURED) ] || make clean; } \
)
endef
deleted file mode 100644
@@ -1,42 +0,0 @@
-From be5cf61caa425070ec4f3e925d4e9aa484c8315b Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Mon, 5 Nov 2018 17:59:42 -0200
-Subject: [PATCH 1/7] eng_devcrypto: don't leak methods tables
-
-Call functions to prepare methods after confirming that /dev/crytpo was
-sucessfully open and that the destroy function has been set.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit d9d4dff5c640990d45af115353fc9f88a497a56c)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -619,11 +619,6 @@ void engine_load_devcrypto_int()
- return;
- }
-
-- prepare_cipher_methods();
--#ifdef IMPLEMENT_DIGEST
-- prepare_digest_methods();
--#endif
--
- if ((e = ENGINE_new()) == NULL
- || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
- ENGINE_free(e);
-@@ -636,6 +631,11 @@ void engine_load_devcrypto_int()
- return;
- }
-
-+ prepare_cipher_methods();
-+#ifdef IMPLEMENT_DIGEST
-+ prepare_digest_methods();
-+#endif
-+
- if (!ENGINE_set_id(e, "devcrypto")
- || !ENGINE_set_name(e, "/dev/crypto engine")
-
deleted file mode 100644
@@ -1,37 +0,0 @@
-From add2ab1f289c24a1563c5b895d5cd133fe874f12 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Wed, 14 Nov 2018 11:22:14 -0200
-Subject: [PATCH 2/7] eng_devcrypto: expand digest failure cases
-
-Return failure when the digest_ctx is null in digest_update and
-digest_final, and when md is null in digest_final.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit 4d9f99654441e36fdcb49540a1dbc9d4c70ccb68)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -438,6 +438,9 @@ static int digest_update(EVP_MD_CTX *ctx
- if (count == 0)
- return 1;
-
-+ if (digest_ctx == NULL)
-+ return 0;
-+
- if (digest_op(digest_ctx, data, count, NULL, COP_FLAG_UPDATE) < 0) {
- SYSerr(SYS_F_IOCTL, errno);
- return 0;
-@@ -451,6 +454,8 @@ static int digest_final(EVP_MD_CTX *ctx,
- struct digest_ctx *digest_ctx =
- (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
-
-+ if (md == NULL || digest_ctx == NULL)
-+ return 0;
- if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) {
- SYSerr(SYS_F_IOCTL, errno);
- return 0;
deleted file mode 100644
@@ -1,53 +0,0 @@
-From 68b02a8ab798b7e916c8141a36ab69d7493fc707 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Wed, 14 Nov 2018 13:58:06 -0200
-Subject: [PATCH 3/7] eng_devcrypto: fix copy of unitilialized digest
-
-If the source ctx has not been initialized, don't initialize the copy
-either.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit ae8183690fa53b978d4647563f5a521c4cafe94c)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -338,7 +338,8 @@ static int devcrypto_ciphers(ENGINE *e,
-
- struct digest_ctx {
- struct session_op sess;
-- int init;
-+ /* This signals that the init function was called, not that it succeeded. */
-+ int init_called;
- };
-
- static const struct digest_data_st {
-@@ -403,7 +404,7 @@ static int digest_init(EVP_MD_CTX *ctx)
- const struct digest_data_st *digest_d =
- get_digest_data(EVP_MD_CTX_type(ctx));
-
-- digest_ctx->init = 1;
-+ digest_ctx->init_called = 1;
-
- memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess));
- digest_ctx->sess.mac = digest_d->devcryptoid;
-@@ -476,14 +477,9 @@ static int digest_copy(EVP_MD_CTX *to, c
- (struct digest_ctx *)EVP_MD_CTX_md_data(to);
- struct cphash_op cphash;
-
-- if (digest_from == NULL)
-+ if (digest_from == NULL || digest_from->init_called != 1)
- return 1;
-
-- if (digest_from->init != 1) {
-- SYSerr(SYS_F_IOCTL, EINVAL);
-- return 0;
-- }
--
- if (!digest_init(to)) {
- SYSerr(SYS_F_IOCTL, errno);
- return 0;
deleted file mode 100644
@@ -1,46 +0,0 @@
-From 5378c582c8d3f1130b17abb2950bfd09cde099c6 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Mon, 5 Nov 2018 15:59:44 -0200
-Subject: [PATCH 4/7] eng_devcrypto: close session on cleanup, not final
-
-Close the session in digest_cleanup instead of digest_final. A failure
-in closing the session does not mean a previous successful digest final
-has failed as well.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit a67203a19d379a8cc8b369587c60c46eb4e19014)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -461,10 +461,6 @@ static int digest_final(EVP_MD_CTX *ctx,
- SYSerr(SYS_F_IOCTL, errno);
- return 0;
- }
-- if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
-- SYSerr(SYS_F_IOCTL, errno);
-- return 0;
-- }
-
- return 1;
- }
-@@ -496,6 +492,15 @@ static int digest_copy(EVP_MD_CTX *to, c
-
- static int digest_cleanup(EVP_MD_CTX *ctx)
- {
-+ struct digest_ctx *digest_ctx =
-+ (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
-+
-+ if (digest_ctx == NULL)
-+ return 1;
-+ if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
-+ SYSerr(SYS_F_IOCTL, errno);
-+ return 0;
-+ }
- return 1;
- }
-
deleted file mode 100644
@@ -1,54 +0,0 @@
-From a19d1a1d370e2959555fccbafc4e970634840352 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Tue, 13 Nov 2018 09:23:22 -0200
-Subject: [PATCH 5/7] eng_devcrypto: add cipher CTX copy function
-
-The engine needs a custom cipher context copy function to open a new
-/dev/crypto session.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit 6d99e238397859f2df58c60e28905193b2dd6762)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -207,6 +207,22 @@ static int cipher_do_cipher(EVP_CIPHER_C
- return 1;
- }
-
-+static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2)
-+{
-+ EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2;
-+ struct cipher_ctx *cipher_ctx;
-+
-+ if (type == EVP_CTRL_COPY) {
-+ /* when copying the context, a new session needs to be initialized */
-+ cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
-+ return (cipher_ctx == NULL)
-+ || cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx),
-+ (cipher_ctx->op == COP_ENCRYPT));
-+ }
-+
-+ return -1;
-+}
-+
- static int cipher_cleanup(EVP_CIPHER_CTX *ctx)
- {
- struct cipher_ctx *cipher_ctx =
-@@ -258,10 +274,12 @@ static void prepare_cipher_methods(void)
- cipher_data[i].ivlen)
- || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i],
- cipher_data[i].flags
-+ | EVP_CIPH_CUSTOM_COPY
- | EVP_CIPH_FLAG_DEFAULT_ASN1)
- || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
- || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
- cipher_do_cipher)
-+ || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl)
- || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i],
- cipher_cleanup)
- || !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i],
deleted file mode 100644
@@ -1,217 +0,0 @@
-From 2887a5c8f9a385b3ebee12b98f68e7d1f9cc0ea0 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Wed, 28 Nov 2018 11:26:27 -0200
-Subject: [PATCH 6/7] eng_devcrypto: fix ctr mode
-
-Make CTR mode behave like a stream cipher.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit b5015e834aa7d3f0a5d7585a8fae05cecbdbb848)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -47,10 +47,12 @@ static int cfd;
-
- struct cipher_ctx {
- struct session_op sess;
--
-- /* to pass from init to do_cipher */
-- const unsigned char *iv;
- int op; /* COP_ENCRYPT or COP_DECRYPT */
-+ unsigned long mode; /* EVP_CIPH_*_MODE */
-+
-+ /* to handle ctr mode being a stream cipher */
-+ unsigned char partial[EVP_MAX_BLOCK_LENGTH];
-+ unsigned int blocksize, num;
- };
-
- static const struct cipher_data_st {
-@@ -87,9 +89,9 @@ static const struct cipher_data_st {
- { NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS },
- #endif
- #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_ECB)
-- { NID_aes_128_ecb, 16, 128 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-- { NID_aes_192_ecb, 16, 192 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-- { NID_aes_256_ecb, 16, 256 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-+ { NID_aes_128_ecb, 16, 128 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-+ { NID_aes_192_ecb, 16, 192 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-+ { NID_aes_256_ecb, 16, 256 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
- #endif
- #if 0 /* Not yet supported */
- { NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
-@@ -146,6 +148,8 @@ static int cipher_init(EVP_CIPHER_CTX *c
- cipher_ctx->sess.keylen = cipher_d->keylen;
- cipher_ctx->sess.key = (void *)key;
- cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
-+ cipher_ctx->mode = cipher_d->flags & EVP_CIPH_MODE;
-+ cipher_ctx->blocksize = cipher_d->blocksize;
- if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
- SYSerr(SYS_F_IOCTL, errno);
- return 0;
-@@ -160,8 +164,11 @@ static int cipher_do_cipher(EVP_CIPHER_C
- struct cipher_ctx *cipher_ctx =
- (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
- struct crypt_op cryp;
-+ unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
- #if !defined(COP_FLAG_WRITE_IV)
- unsigned char saved_iv[EVP_MAX_IV_LENGTH];
-+ const unsigned char *ivptr;
-+ size_t nblocks, ivlen;
- #endif
-
- memset(&cryp, 0, sizeof(cryp));
-@@ -169,19 +176,28 @@ static int cipher_do_cipher(EVP_CIPHER_C
- cryp.len = inl;
- cryp.src = (void *)in;
- cryp.dst = (void *)out;
-- cryp.iv = (void *)EVP_CIPHER_CTX_iv_noconst(ctx);
-+ cryp.iv = (void *)iv;
- cryp.op = cipher_ctx->op;
- #if !defined(COP_FLAG_WRITE_IV)
- cryp.flags = 0;
-
-- if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
-- assert(inl >= EVP_CIPHER_CTX_iv_length(ctx));
-- if (!EVP_CIPHER_CTX_encrypting(ctx)) {
-- unsigned char *ivptr = in + inl - EVP_CIPHER_CTX_iv_length(ctx);
-+ ivlen = EVP_CIPHER_CTX_iv_length(ctx);
-+ if (ivlen > 0)
-+ switch (cipher_ctx->mode) {
-+ case EVP_CIPH_CBC_MODE:
-+ assert(inl >= ivlen);
-+ if (!EVP_CIPHER_CTX_encrypting(ctx)) {
-+ ivptr = in + inl - ivlen;
-+ memcpy(saved_iv, ivptr, ivlen);
-+ }
-+ break;
-+
-+ case EVP_CIPH_CTR_MODE:
-+ break;
-
-- memcpy(saved_iv, ivptr, EVP_CIPHER_CTX_iv_length(ctx));
-+ default: /* should not happen */
-+ return 0;
- }
-- }
- #else
- cryp.flags = COP_FLAG_WRITE_IV;
- #endif
-@@ -192,17 +208,74 @@ static int cipher_do_cipher(EVP_CIPHER_C
- }
-
- #if !defined(COP_FLAG_WRITE_IV)
-- if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
-- unsigned char *ivptr = saved_iv;
-+ if (ivlen > 0)
-+ switch (cipher_ctx->mode) {
-+ case EVP_CIPH_CBC_MODE:
-+ assert(inl >= ivlen);
-+ if (EVP_CIPHER_CTX_encrypting(ctx))
-+ ivptr = out + inl - ivlen;
-+ else
-+ ivptr = saved_iv;
-+
-+ memcpy(iv, ivptr, ivlen);
-+ break;
-+
-+ case EVP_CIPH_CTR_MODE:
-+ nblocks = (inl + cipher_ctx->blocksize - 1)
-+ / cipher_ctx->blocksize;
-+ do {
-+ ivlen--;
-+ nblocks += iv[ivlen];
-+ iv[ivlen] = (uint8_t) nblocks;
-+ nblocks >>= 8;
-+ } while (ivlen);
-+ break;
-+
-+ default: /* should not happen */
-+ return 0;
-+ }
-+#endif
-+
-+ return 1;
-+}
-
-- assert(inl >= EVP_CIPHER_CTX_iv_length(ctx));
-- if (!EVP_CIPHER_CTX_encrypting(ctx))
-- ivptr = out + inl - EVP_CIPHER_CTX_iv_length(ctx);
-+static int ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t inl)
-+{
-+ struct cipher_ctx *cipher_ctx =
-+ (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
-+ size_t nblocks, len;
-
-- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), ivptr,
-- EVP_CIPHER_CTX_iv_length(ctx));
-+ /* initial partial block */
-+ while (cipher_ctx->num && inl) {
-+ (*out++) = *(in++) ^ cipher_ctx->partial[cipher_ctx->num];
-+ --inl;
-+ cipher_ctx->num = (cipher_ctx->num + 1) % cipher_ctx->blocksize;
-+ }
-+
-+ /* full blocks */
-+ if (inl > (unsigned int) cipher_ctx->blocksize) {
-+ nblocks = inl/cipher_ctx->blocksize;
-+ len = nblocks * cipher_ctx->blocksize;
-+ if (cipher_do_cipher(ctx, out, in, len) < 1)
-+ return 0;
-+ inl -= len;
-+ out += len;
-+ in += len;
-+ }
-+
-+ /* final partial block */
-+ if (inl) {
-+ memset(cipher_ctx->partial, 0, cipher_ctx->blocksize);
-+ if (cipher_do_cipher(ctx, cipher_ctx->partial, cipher_ctx->partial,
-+ cipher_ctx->blocksize) < 1)
-+ return 0;
-+ while (inl--) {
-+ out[cipher_ctx->num] = in[cipher_ctx->num]
-+ ^ cipher_ctx->partial[cipher_ctx->num];
-+ cipher_ctx->num++;
-+ }
- }
--#endif
-
- return 1;
- }
-@@ -249,6 +322,7 @@ static void prepare_cipher_methods(void)
- {
- size_t i;
- struct session_op sess;
-+ unsigned long cipher_mode;
-
- memset(&sess, 0, sizeof(sess));
- sess.key = (void *)"01234567890123456789012345678901234567890123456789";
-@@ -266,9 +340,12 @@ static void prepare_cipher_methods(void)
- || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
- continue;
-
-+ cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE;
-+
- if ((known_cipher_methods[i] =
- EVP_CIPHER_meth_new(cipher_data[i].nid,
-- cipher_data[i].blocksize,
-+ cipher_mode == EVP_CIPH_CTR_MODE ? 1 :
-+ cipher_data[i].blocksize,
- cipher_data[i].keylen)) == NULL
- || !EVP_CIPHER_meth_set_iv_length(known_cipher_methods[i],
- cipher_data[i].ivlen)
-@@ -278,6 +355,8 @@ static void prepare_cipher_methods(void)
- | EVP_CIPH_FLAG_DEFAULT_ASN1)
- || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
- || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
-+ cipher_mode == EVP_CIPH_CTR_MODE ?
-+ ctr_do_cipher :
- cipher_do_cipher)
- || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl)
- || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i],
deleted file mode 100644
@@ -1,71 +0,0 @@
-From 488521d77fdc1de5ae256ce0d9203e35ebc92993 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Sat, 8 Dec 2018 18:01:04 -0200
-Subject: [PATCH 7/7] eng_devcrypto: make sure digest can do copy
-
-Digest must be able to do partial-state copy to be used.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit 16e252a01b754a13e83d5e5e87afbe389997926b)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -601,6 +601,30 @@ static int digest_cleanup(EVP_MD_CTX *ct
- return 1;
- }
-
-+static int devcrypto_test_digest(size_t digest_data_index)
-+{
-+ struct session_op sess1, sess2;
-+ struct cphash_op cphash;
-+ int ret=0;
-+
-+ memset(&sess1, 0, sizeof(sess1));
-+ memset(&sess2, 0, sizeof(sess2));
-+ sess1.mac = digest_data[digest_data_index].devcryptoid;
-+ if (ioctl(cfd, CIOCGSESSION, &sess1) < 0)
-+ return 0;
-+ /* Make sure the driver is capable of hash state copy */
-+ sess2.mac = sess1.mac;
-+ if (ioctl(cfd, CIOCGSESSION, &sess2) >= 0) {
-+ cphash.src_ses = sess1.ses;
-+ cphash.dst_ses = sess2.ses;
-+ if (ioctl(cfd, CIOCCPHASH, &cphash) >= 0)
-+ ret = 1;
-+ ioctl(cfd, CIOCFSESSION, &sess2.ses);
-+ }
-+ ioctl(cfd, CIOCFSESSION, &sess1.ses);
-+ return ret;
-+}
-+
- /*
- * Keep a table of known nids and associated methods.
- * Note that known_digest_nids[] isn't necessarily indexed the same way as
-@@ -613,20 +637,14 @@ static EVP_MD *known_digest_methods[OSSL
- static void prepare_digest_methods(void)
- {
- size_t i;
-- struct session_op sess;
--
-- memset(&sess, 0, sizeof(sess));
-
- for (i = 0, known_digest_nids_amount = 0; i < OSSL_NELEM(digest_data);
- i++) {
-
- /*
-- * Check that the algo is really availably by trying to open and close
-- * a session.
-+ * Check that the algo is usable
- */
-- sess.mac = digest_data[i].devcryptoid;
-- if (ioctl(cfd, CIOCGSESSION, &sess) < 0
-- || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
-+ if (!devcrypto_test_digest(i))
- continue;
-
- if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
deleted file mode 100644
@@ -1,115 +0,0 @@
-From 82b269fd77d20aa86d0825d798f3045dfe0a7a86 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Tue, 12 Feb 2019 10:44:19 -0200
-Subject: [PATCH] eng_devcrypto: close open session on init
-
-cipher_init may be called on an already initialized context, without a
-necessary cleanup. This separates cleanup from initialization, closing
-an eventual open session before creating a new one.
-
-Move the /dev/crypto session cleanup code to its own function.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -35,6 +35,15 @@
- */
- static int cfd;
-
-+static int clean_devcrypto_session(struct session_op *sess) {
-+ if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) {
-+ SYSerr(SYS_F_IOCTL, errno);
-+ return 0;
-+ }
-+ memset(sess, 0, sizeof(struct session_op));
-+ return 1;
-+}
-+
- /******************************************************************************
- *
- * Ciphers
-@@ -143,7 +152,11 @@ static int cipher_init(EVP_CIPHER_CTX *c
- const struct cipher_data_st *cipher_d =
- get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
-
-- memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
-+ /* cleanup a previous session */
-+ if (cipher_ctx->sess.ses != 0 &&
-+ clean_devcrypto_session(&cipher_ctx->sess) == 0)
-+ return 0;
-+
- cipher_ctx->sess.cipher = cipher_d->devcryptoid;
- cipher_ctx->sess.keylen = cipher_d->keylen;
- cipher_ctx->sess.key = (void *)key;
-@@ -282,15 +295,29 @@ static int ctr_do_cipher(EVP_CIPHER_CTX
-
- static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2)
- {
-+ struct cipher_ctx *cipher_ctx =
-+ (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
- EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2;
-- struct cipher_ctx *cipher_ctx;
-+ struct cipher_ctx *to_cipher_ctx;
-+
-+ switch (type) {
-
-- if (type == EVP_CTRL_COPY) {
-+ case EVP_CTRL_COPY:
-+ if (cipher_ctx == NULL)
-+ return 1;
- /* when copying the context, a new session needs to be initialized */
-- cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
-- return (cipher_ctx == NULL)
-- || cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx),
-+ to_cipher_ctx =
-+ (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(to_ctx);
-+ memset(&to_cipher_ctx->sess, 0, sizeof(to_cipher_ctx->sess));
-+ return cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx),
- (cipher_ctx->op == COP_ENCRYPT));
-+
-+ case EVP_CTRL_INIT:
-+ memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
-+ return 1;
-+
-+ default:
-+ break;
- }
-
- return -1;
-@@ -301,12 +328,7 @@ static int cipher_cleanup(EVP_CIPHER_CTX
- struct cipher_ctx *cipher_ctx =
- (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
-
-- if (ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) < 0) {
-- SYSerr(SYS_F_IOCTL, errno);
-- return 0;
-- }
--
-- return 1;
-+ return clean_devcrypto_session(&cipher_ctx->sess);
- }
-
- /*
-@@ -352,6 +374,7 @@ static void prepare_cipher_methods(void)
- || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i],
- cipher_data[i].flags
- | EVP_CIPH_CUSTOM_COPY
-+ | EVP_CIPH_CTRL_INIT
- | EVP_CIPH_FLAG_DEFAULT_ASN1)
- || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
- || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
-@@ -594,11 +617,8 @@ static int digest_cleanup(EVP_MD_CTX *ct
-
- if (digest_ctx == NULL)
- return 1;
-- if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
-- SYSerr(SYS_F_IOCTL, errno);
-- return 0;
-- }
-- return 1;
-+
-+ return clean_devcrypto_session(&digest_ctx->sess);
- }
-
- static int devcrypto_test_digest(size_t digest_data_index)
The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. This is bugfix release that incorporated all of the devcrypto engine patches currently in the tree. The cleaning procedure in Package/Configure was not removing the dependency files, causing linking errors during a rebuild with different options. It was replaced by a simple make clean. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> --- This was compiled-tested on mips_24kc with no relevant size increase; run-tested on Linksys WRT3200ACM/mvebu/arm, Asus RT-N56U/ramips/mipsel_74kc, & Linksys WRT610N/brcm47xx/mipsel_mips32. This superseeds 'openssl: fix devcrypto engine md blocksize', merged upstream before this release.