@@ -11,7 +11,7 @@ PKG_NAME:=openssl
PKG_BASE:=1.1.1
PKG_BUGFIX:=a
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_USE_MIPS16:=0
ENGINES_DIR=engines-1.1
new file mode 100644
@@ -0,0 +1,70 @@
+From e35d5af11088f6ec329ebc1b7d645beabb8ca77e Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 21 Feb 2019 14:16:12 -0300
+Subject: [PATCH] e_devcrypto: set digest input_blocksize
+
+This restores the behavior of previous versions of the /dev/crypto
+engine, in alignment with the default implementation.
+
+Reported-by: Gerard Looije <lglooije@hotmail.com>
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c
+index 0c49238901..11ec4393e7 100644
+--- a/crypto/engine/eng_devcrypto.c
++++ b/crypto/engine/eng_devcrypto.c
+@@ -464,29 +464,30 @@ struct digest_ctx {
+
+ static const struct digest_data_st {
+ int nid;
++ int blocksize;
+ int digestlen;
+ int devcryptoid;
+ } digest_data[] = {
+ #ifndef OPENSSL_NO_MD5
+- { NID_md5, 16, CRYPTO_MD5 },
++ { NID_md5, /* MD5_CBLOCK */ 64, 16, CRYPTO_MD5 },
+ #endif
+- { NID_sha1, 20, CRYPTO_SHA1 },
++ { NID_sha1, SHA_CBLOCK, 20, CRYPTO_SHA1 },
+ #ifndef OPENSSL_NO_RMD160
+ # if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_RIPEMD160)
+- { NID_ripemd160, 20, CRYPTO_RIPEMD160 },
++ { NID_ripemd160, /* RIPEMD160_CBLOCK */ 64, 20, CRYPTO_RIPEMD160 },
+ # endif
+ #endif
+ #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_224)
+- { NID_sha224, 224 / 8, CRYPTO_SHA2_224 },
++ { NID_sha224, SHA256_CBLOCK, 224 / 8, CRYPTO_SHA2_224 },
+ #endif
+ #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_256)
+- { NID_sha256, 256 / 8, CRYPTO_SHA2_256 },
++ { NID_sha256, SHA256_CBLOCK, 256 / 8, CRYPTO_SHA2_256 },
+ #endif
+ #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_384)
+- { NID_sha384, 384 / 8, CRYPTO_SHA2_384 },
++ { NID_sha384, SHA512_CBLOCK, 384 / 8, CRYPTO_SHA2_384 },
+ #endif
+ #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_512)
+- { NID_sha512, 512 / 8, CRYPTO_SHA2_512 },
++ { NID_sha512, SHA512_CBLOCK, 512 / 8, CRYPTO_SHA2_512 },
+ #endif
+ };
+
+@@ -532,7 +533,6 @@ static int digest_init(EVP_MD_CTX *ctx)
+ SYSerr(SYS_F_IOCTL, errno);
+ return 0;
+ }
+-
+ return 1;
+ }
+
+@@ -669,6 +669,8 @@ static void prepare_digest_methods(void)
+
+ if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
+ NID_undef)) == NULL
++ || !EVP_MD_meth_set_input_blocksize(known_digest_methods[i],
++ digest_data[i].blocksize)
+ || !EVP_MD_meth_set_result_size(known_digest_methods[i],
+ digest_data[i].digestlen)
+ || !EVP_MD_meth_set_init(known_digest_methods[i], digest_init)
The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Sets input block size info for message digests. This was breaking openssh with a 'ssh_dispatch_fatal: ... invalid argument' error. The patch was sent upstream as part of openssl/openssl#8213. Reported-by: Gerard Looije <lglooije@hotmail.com> Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> --- Run-tested on Linksys WRT3200ACM with openssh 7.9p1 This patch interferes with a previous patch that I've sent, which is currently pending, and is not as critical: openssl: backport devcrypto changes from master I'll shortly send a v2 of that patch, to be applied after this one is merged.