openssl: bump to release 1.1.1b
authorEneas U de Queiroz <cote2004-github@yahoo.com>
Wed, 27 Feb 2019 21:06:44 +0000 (18:06 -0300)
committerHauke Mehrtens <hauke@hauke-m.de>
Wed, 27 Feb 2019 21:43:30 +0000 (22:43 +0100)
This is bugfix release that incorporated all of the devcrypto engine
patches currently in the tree.

The cleaning procedure in Package/Configure was not removing the
dependency files, causing linking errors during a rebuild with
different options.  It was replaced by a simple make clean.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
package/libs/openssl/Makefile
package/libs/openssl/patches/200-eng_devcrypto-don-t-leak-methods-tables.patch [deleted file]
package/libs/openssl/patches/210-eng_devcrypto-expand-digest-failure-cases.patch [deleted file]
package/libs/openssl/patches/220-eng_devcrypto-fix-copy-of-unitilialized-digest.patch [deleted file]
package/libs/openssl/patches/230-eng_devcrypto-close-session-on-cleanup-not-final.patch [deleted file]
package/libs/openssl/patches/240-eng_devcrypto-add-cipher-CTX-copy-function.patch [deleted file]
package/libs/openssl/patches/250-eng_devcrypto-fix-ctr-mode.patch [deleted file]
package/libs/openssl/patches/260-eng_devcrypto-make-sure-digest-can-do-copy.patch [deleted file]
package/libs/openssl/patches/300-eng_devcrypto-close-open-session-on-init.patch [deleted file]

index 732e3eb..ab02f09 100644 (file)
@@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.1.1
-PKG_BUGFIX:=a
+PKG_BUGFIX:=b
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=2
+PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 ENGINES_DIR=engines-1.1
 
@@ -25,7 +25,7 @@ PKG_SOURCE_URL:= \
        ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
        http://www.openssl.org/source/ \
        http://www.openssl.org/source/old/$(PKG_BASE)/
-PKG_HASH:=fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41
+PKG_HASH:=5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE
@@ -295,10 +295,6 @@ OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
 STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
 
 define Build/Configure
-       [ -f $(STAMP_CONFIGURED) ] || { \
-               rm -f $(PKG_BUILD_DIR)/*.so.* $(PKG_BUILD_DIR)/*.a; \
-               find $(PKG_BUILD_DIR) -name \*.o | xargs rm -f; \
-       }
        (cd $(PKG_BUILD_DIR); \
                ./Configure $(OPENSSL_TARGET) \
                        --prefix=/usr \
@@ -306,7 +302,8 @@ define Build/Configure
                        --openssldir=/etc/ssl \
                        $(TARGET_CPPFLAGS) \
                        $(TARGET_LDFLAGS) \
-                       $(OPENSSL_OPTIONS) \
+                       $(OPENSSL_OPTIONS) && \
+               { [ -f $(STAMP_CONFIGURED) ] || make clean; } \
        )
 endef
 
diff --git a/package/libs/openssl/patches/200-eng_devcrypto-don-t-leak-methods-tables.patch b/package/libs/openssl/patches/200-eng_devcrypto-don-t-leak-methods-tables.patch
deleted file mode 100644 (file)
index 228654f..0000000
+++ /dev/null
@@ -1,42 +0,0 @@
-From be5cf61caa425070ec4f3e925d4e9aa484c8315b Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Mon, 5 Nov 2018 17:59:42 -0200
-Subject: [PATCH 1/7] eng_devcrypto: don't leak methods tables
-
-Call functions to prepare methods after confirming that /dev/crytpo was
-sucessfully open and that the destroy function has been set.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit d9d4dff5c640990d45af115353fc9f88a497a56c)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -619,11 +619,6 @@ void engine_load_devcrypto_int()
-         return;
-     }
--    prepare_cipher_methods();
--#ifdef IMPLEMENT_DIGEST
--    prepare_digest_methods();
--#endif
--
-     if ((e = ENGINE_new()) == NULL
-         || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
-         ENGINE_free(e);
-@@ -636,6 +631,11 @@ void engine_load_devcrypto_int()
-         return;
-     }
-+    prepare_cipher_methods();
-+#ifdef IMPLEMENT_DIGEST
-+    prepare_digest_methods();
-+#endif
-+
-     if (!ENGINE_set_id(e, "devcrypto")
-         || !ENGINE_set_name(e, "/dev/crypto engine")
diff --git a/package/libs/openssl/patches/210-eng_devcrypto-expand-digest-failure-cases.patch b/package/libs/openssl/patches/210-eng_devcrypto-expand-digest-failure-cases.patch
deleted file mode 100644 (file)
index 9e59a16..0000000
+++ /dev/null
@@ -1,37 +0,0 @@
-From add2ab1f289c24a1563c5b895d5cd133fe874f12 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Wed, 14 Nov 2018 11:22:14 -0200
-Subject: [PATCH 2/7] eng_devcrypto: expand digest failure cases
-
-Return failure when the digest_ctx is null in digest_update and
-digest_final, and when md is null in digest_final.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit 4d9f99654441e36fdcb49540a1dbc9d4c70ccb68)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -438,6 +438,9 @@ static int digest_update(EVP_MD_CTX *ctx
-     if (count == 0)
-         return 1;
-+    if (digest_ctx == NULL)
-+        return 0;
-+
-     if (digest_op(digest_ctx, data, count, NULL, COP_FLAG_UPDATE) < 0) {
-         SYSerr(SYS_F_IOCTL, errno);
-         return 0;
-@@ -451,6 +454,8 @@ static int digest_final(EVP_MD_CTX *ctx,
-     struct digest_ctx *digest_ctx =
-         (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
-+    if (md == NULL || digest_ctx == NULL)
-+        return 0;
-     if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) {
-         SYSerr(SYS_F_IOCTL, errno);
-         return 0;
diff --git a/package/libs/openssl/patches/220-eng_devcrypto-fix-copy-of-unitilialized-digest.patch b/package/libs/openssl/patches/220-eng_devcrypto-fix-copy-of-unitilialized-digest.patch
deleted file mode 100644 (file)
index 2cfff60..0000000
+++ /dev/null
@@ -1,53 +0,0 @@
-From 68b02a8ab798b7e916c8141a36ab69d7493fc707 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Wed, 14 Nov 2018 13:58:06 -0200
-Subject: [PATCH 3/7] eng_devcrypto: fix copy of unitilialized digest
-
-If the source ctx has not been initialized, don't initialize the copy
-either.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit ae8183690fa53b978d4647563f5a521c4cafe94c)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -338,7 +338,8 @@ static int devcrypto_ciphers(ENGINE *e,
- struct digest_ctx {
-     struct session_op sess;
--    int init;
-+    /* This signals that the init function was called, not that it succeeded. */
-+    int init_called;
- };
- static const struct digest_data_st {
-@@ -403,7 +404,7 @@ static int digest_init(EVP_MD_CTX *ctx)
-     const struct digest_data_st *digest_d =
-         get_digest_data(EVP_MD_CTX_type(ctx));
--    digest_ctx->init = 1;
-+    digest_ctx->init_called = 1;
-     memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess));
-     digest_ctx->sess.mac = digest_d->devcryptoid;
-@@ -476,14 +477,9 @@ static int digest_copy(EVP_MD_CTX *to, c
-         (struct digest_ctx *)EVP_MD_CTX_md_data(to);
-     struct cphash_op cphash;
--    if (digest_from == NULL)
-+    if (digest_from == NULL || digest_from->init_called != 1)
-         return 1;
--    if (digest_from->init != 1) {
--        SYSerr(SYS_F_IOCTL, EINVAL);
--        return 0;
--    }
--
-     if (!digest_init(to)) {
-         SYSerr(SYS_F_IOCTL, errno);
-         return 0;
diff --git a/package/libs/openssl/patches/230-eng_devcrypto-close-session-on-cleanup-not-final.patch b/package/libs/openssl/patches/230-eng_devcrypto-close-session-on-cleanup-not-final.patch
deleted file mode 100644 (file)
index 050853a..0000000
+++ /dev/null
@@ -1,46 +0,0 @@
-From 5378c582c8d3f1130b17abb2950bfd09cde099c6 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Mon, 5 Nov 2018 15:59:44 -0200
-Subject: [PATCH 4/7] eng_devcrypto: close session on cleanup, not final
-
-Close the session in digest_cleanup instead of digest_final.  A failure
-in closing the session does not mean a previous successful digest final
-has failed as well.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit a67203a19d379a8cc8b369587c60c46eb4e19014)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -461,10 +461,6 @@ static int digest_final(EVP_MD_CTX *ctx,
-         SYSerr(SYS_F_IOCTL, errno);
-         return 0;
-     }
--    if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
--        SYSerr(SYS_F_IOCTL, errno);
--        return 0;
--    }
-     return 1;
- }
-@@ -496,6 +492,15 @@ static int digest_copy(EVP_MD_CTX *to, c
- static int digest_cleanup(EVP_MD_CTX *ctx)
- {
-+    struct digest_ctx *digest_ctx =
-+        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
-+
-+    if (digest_ctx == NULL)
-+        return 1;
-+    if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
-+        SYSerr(SYS_F_IOCTL, errno);
-+        return 0;
-+    }
-     return 1;
- }
diff --git a/package/libs/openssl/patches/240-eng_devcrypto-add-cipher-CTX-copy-function.patch b/package/libs/openssl/patches/240-eng_devcrypto-add-cipher-CTX-copy-function.patch
deleted file mode 100644 (file)
index 948ff7c..0000000
+++ /dev/null
@@ -1,54 +0,0 @@
-From a19d1a1d370e2959555fccbafc4e970634840352 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Tue, 13 Nov 2018 09:23:22 -0200
-Subject: [PATCH 5/7] eng_devcrypto: add cipher CTX copy function
-
-The engine needs a custom cipher context copy function to open a new
-/dev/crypto session.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit 6d99e238397859f2df58c60e28905193b2dd6762)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -207,6 +207,22 @@ static int cipher_do_cipher(EVP_CIPHER_C
-     return 1;
- }
-+static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2)
-+{
-+    EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2;
-+    struct cipher_ctx *cipher_ctx;
-+
-+    if (type == EVP_CTRL_COPY) {
-+        /* when copying the context, a new session needs to be initialized */
-+        cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
-+        return (cipher_ctx == NULL)
-+            || cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx),
-+                           (cipher_ctx->op == COP_ENCRYPT));
-+    }
-+
-+    return -1;
-+}
-+
- static int cipher_cleanup(EVP_CIPHER_CTX *ctx)
- {
-     struct cipher_ctx *cipher_ctx =
-@@ -258,10 +274,12 @@ static void prepare_cipher_methods(void)
-                                               cipher_data[i].ivlen)
-             || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i],
-                                           cipher_data[i].flags
-+                                          | EVP_CIPH_CUSTOM_COPY
-                                           | EVP_CIPH_FLAG_DEFAULT_ASN1)
-             || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
-             || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
-                                               cipher_do_cipher)
-+            || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl)
-             || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i],
-                                             cipher_cleanup)
-             || !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i],
diff --git a/package/libs/openssl/patches/250-eng_devcrypto-fix-ctr-mode.patch b/package/libs/openssl/patches/250-eng_devcrypto-fix-ctr-mode.patch
deleted file mode 100644 (file)
index 54a9236..0000000
+++ /dev/null
@@ -1,217 +0,0 @@
-From 2887a5c8f9a385b3ebee12b98f68e7d1f9cc0ea0 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Wed, 28 Nov 2018 11:26:27 -0200
-Subject: [PATCH 6/7] eng_devcrypto: fix ctr mode
-
-Make CTR mode behave like a stream cipher.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit b5015e834aa7d3f0a5d7585a8fae05cecbdbb848)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -47,10 +47,12 @@ static int cfd;
- struct cipher_ctx {
-     struct session_op sess;
--
--    /* to pass from init to do_cipher */
--    const unsigned char *iv;
-     int op;                      /* COP_ENCRYPT or COP_DECRYPT */
-+    unsigned long mode;          /* EVP_CIPH_*_MODE */
-+
-+    /* to handle ctr mode being a stream cipher */
-+    unsigned char partial[EVP_MAX_BLOCK_LENGTH];
-+    unsigned int blocksize, num;
- };
- static const struct cipher_data_st {
-@@ -87,9 +89,9 @@ static const struct cipher_data_st {
-     { NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS },
- #endif
- #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_ECB)
--    { NID_aes_128_ecb, 16, 128 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
--    { NID_aes_192_ecb, 16, 192 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
--    { NID_aes_256_ecb, 16, 256 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-+    { NID_aes_128_ecb, 16, 128 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-+    { NID_aes_192_ecb, 16, 192 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-+    { NID_aes_256_ecb, 16, 256 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
- #endif
- #if 0                            /* Not yet supported */
-     { NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
-@@ -146,6 +148,8 @@ static int cipher_init(EVP_CIPHER_CTX *c
-     cipher_ctx->sess.keylen = cipher_d->keylen;
-     cipher_ctx->sess.key = (void *)key;
-     cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
-+    cipher_ctx->mode = cipher_d->flags & EVP_CIPH_MODE;
-+    cipher_ctx->blocksize = cipher_d->blocksize;
-     if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
-         SYSerr(SYS_F_IOCTL, errno);
-         return 0;
-@@ -160,8 +164,11 @@ static int cipher_do_cipher(EVP_CIPHER_C
-     struct cipher_ctx *cipher_ctx =
-         (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
-     struct crypt_op cryp;
-+    unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
- #if !defined(COP_FLAG_WRITE_IV)
-     unsigned char saved_iv[EVP_MAX_IV_LENGTH];
-+    const unsigned char *ivptr;
-+    size_t nblocks, ivlen;
- #endif
-     memset(&cryp, 0, sizeof(cryp));
-@@ -169,19 +176,28 @@ static int cipher_do_cipher(EVP_CIPHER_C
-     cryp.len = inl;
-     cryp.src = (void *)in;
-     cryp.dst = (void *)out;
--    cryp.iv = (void *)EVP_CIPHER_CTX_iv_noconst(ctx);
-+    cryp.iv = (void *)iv;
-     cryp.op = cipher_ctx->op;
- #if !defined(COP_FLAG_WRITE_IV)
-     cryp.flags = 0;
--    if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
--        assert(inl >= EVP_CIPHER_CTX_iv_length(ctx));
--        if (!EVP_CIPHER_CTX_encrypting(ctx)) {
--            unsigned char *ivptr = in + inl - EVP_CIPHER_CTX_iv_length(ctx);
-+    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
-+    if (ivlen > 0)
-+        switch (cipher_ctx->mode) {
-+        case EVP_CIPH_CBC_MODE:
-+            assert(inl >= ivlen);
-+            if (!EVP_CIPHER_CTX_encrypting(ctx)) {
-+                ivptr = in + inl - ivlen;
-+                memcpy(saved_iv, ivptr, ivlen);
-+            }
-+            break;
-+
-+        case EVP_CIPH_CTR_MODE:
-+            break;
--            memcpy(saved_iv, ivptr, EVP_CIPHER_CTX_iv_length(ctx));
-+        default: /* should not happen */
-+            return 0;
-         }
--    }
- #else
-     cryp.flags = COP_FLAG_WRITE_IV;
- #endif
-@@ -192,17 +208,74 @@ static int cipher_do_cipher(EVP_CIPHER_C
-     }
- #if !defined(COP_FLAG_WRITE_IV)
--    if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
--        unsigned char *ivptr = saved_iv;
-+    if (ivlen > 0)
-+        switch (cipher_ctx->mode) {
-+        case EVP_CIPH_CBC_MODE:
-+            assert(inl >= ivlen);
-+            if (EVP_CIPHER_CTX_encrypting(ctx))
-+                ivptr = out + inl - ivlen;
-+            else
-+                ivptr = saved_iv;
-+
-+            memcpy(iv, ivptr, ivlen);
-+            break;
-+
-+        case EVP_CIPH_CTR_MODE:
-+            nblocks = (inl + cipher_ctx->blocksize - 1)
-+                      / cipher_ctx->blocksize;
-+            do {
-+                ivlen--;
-+                nblocks += iv[ivlen];
-+                iv[ivlen] = (uint8_t) nblocks;
-+                nblocks >>= 8;
-+            } while (ivlen);
-+            break;
-+
-+        default: /* should not happen */
-+            return 0;
-+        }
-+#endif
-+
-+    return 1;
-+}
--        assert(inl >= EVP_CIPHER_CTX_iv_length(ctx));
--        if (!EVP_CIPHER_CTX_encrypting(ctx))
--            ivptr = out + inl - EVP_CIPHER_CTX_iv_length(ctx);
-+static int ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+                         const unsigned char *in, size_t inl)
-+{
-+    struct cipher_ctx *cipher_ctx =
-+        (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
-+    size_t nblocks, len;
--        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), ivptr,
--               EVP_CIPHER_CTX_iv_length(ctx));
-+    /* initial partial block */
-+    while (cipher_ctx->num && inl) {
-+        (*out++) = *(in++) ^ cipher_ctx->partial[cipher_ctx->num];
-+        --inl;
-+        cipher_ctx->num = (cipher_ctx->num + 1) % cipher_ctx->blocksize;
-+    }
-+
-+    /* full blocks */
-+    if (inl > (unsigned int) cipher_ctx->blocksize) {
-+        nblocks = inl/cipher_ctx->blocksize;
-+        len = nblocks * cipher_ctx->blocksize;
-+        if (cipher_do_cipher(ctx, out, in, len) < 1)
-+            return 0;
-+        inl -= len;
-+        out += len;
-+        in += len;
-+    }
-+
-+    /* final partial block */
-+    if (inl) {
-+        memset(cipher_ctx->partial, 0, cipher_ctx->blocksize);
-+        if (cipher_do_cipher(ctx, cipher_ctx->partial, cipher_ctx->partial,
-+            cipher_ctx->blocksize) < 1)
-+            return 0;
-+        while (inl--) {
-+            out[cipher_ctx->num] = in[cipher_ctx->num]
-+                                   ^ cipher_ctx->partial[cipher_ctx->num];
-+            cipher_ctx->num++;
-+        }
-     }
--#endif
-     return 1;
- }
-@@ -249,6 +322,7 @@ static void prepare_cipher_methods(void)
- {
-     size_t i;
-     struct session_op sess;
-+    unsigned long cipher_mode;
-     memset(&sess, 0, sizeof(sess));
-     sess.key = (void *)"01234567890123456789012345678901234567890123456789";
-@@ -266,9 +340,12 @@ static void prepare_cipher_methods(void)
-             || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
-             continue;
-+        cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE;
-+
-         if ((known_cipher_methods[i] =
-                  EVP_CIPHER_meth_new(cipher_data[i].nid,
--                                     cipher_data[i].blocksize,
-+                                     cipher_mode == EVP_CIPH_CTR_MODE ? 1 :
-+                                                    cipher_data[i].blocksize,
-                                      cipher_data[i].keylen)) == NULL
-             || !EVP_CIPHER_meth_set_iv_length(known_cipher_methods[i],
-                                               cipher_data[i].ivlen)
-@@ -278,6 +355,8 @@ static void prepare_cipher_methods(void)
-                                           | EVP_CIPH_FLAG_DEFAULT_ASN1)
-             || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
-             || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
-+                                     cipher_mode == EVP_CIPH_CTR_MODE ?
-+                                              ctr_do_cipher :
-                                               cipher_do_cipher)
-             || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl)
-             || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i],
diff --git a/package/libs/openssl/patches/260-eng_devcrypto-make-sure-digest-can-do-copy.patch b/package/libs/openssl/patches/260-eng_devcrypto-make-sure-digest-can-do-copy.patch
deleted file mode 100644 (file)
index df87192..0000000
+++ /dev/null
@@ -1,71 +0,0 @@
-From 488521d77fdc1de5ae256ce0d9203e35ebc92993 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Sat, 8 Dec 2018 18:01:04 -0200
-Subject: [PATCH 7/7] eng_devcrypto: make sure digest can do copy
-
-Digest must be able to do partial-state copy to be used.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit 16e252a01b754a13e83d5e5e87afbe389997926b)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -601,6 +601,30 @@ static int digest_cleanup(EVP_MD_CTX *ct
-     return 1;
- }
-+static int devcrypto_test_digest(size_t digest_data_index)
-+{
-+    struct session_op sess1, sess2;
-+    struct cphash_op cphash;
-+    int ret=0;
-+
-+    memset(&sess1, 0, sizeof(sess1));
-+    memset(&sess2, 0, sizeof(sess2));
-+    sess1.mac = digest_data[digest_data_index].devcryptoid;
-+    if (ioctl(cfd, CIOCGSESSION, &sess1) < 0)
-+        return 0;
-+    /* Make sure the driver is capable of hash state copy */
-+    sess2.mac = sess1.mac;
-+    if (ioctl(cfd, CIOCGSESSION, &sess2) >= 0) {
-+        cphash.src_ses = sess1.ses;
-+        cphash.dst_ses = sess2.ses;
-+        if (ioctl(cfd, CIOCCPHASH, &cphash) >= 0)
-+            ret = 1;
-+        ioctl(cfd, CIOCFSESSION, &sess2.ses);
-+    }
-+    ioctl(cfd, CIOCFSESSION, &sess1.ses);
-+    return ret;
-+}
-+
- /*
-  * Keep a table of known nids and associated methods.
-  * Note that known_digest_nids[] isn't necessarily indexed the same way as
-@@ -613,20 +637,14 @@ static EVP_MD *known_digest_methods[OSSL
- static void prepare_digest_methods(void)
- {
-     size_t i;
--    struct session_op sess;
--
--    memset(&sess, 0, sizeof(sess));
-     for (i = 0, known_digest_nids_amount = 0; i < OSSL_NELEM(digest_data);
-          i++) {
-         /*
--         * Check that the algo is really availably by trying to open and close
--         * a session.
-+         * Check that the algo is usable
-          */
--        sess.mac = digest_data[i].devcryptoid;
--        if (ioctl(cfd, CIOCGSESSION, &sess) < 0
--            || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
-+        if (!devcrypto_test_digest(i))
-             continue;
-         if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
diff --git a/package/libs/openssl/patches/300-eng_devcrypto-close-open-session-on-init.patch b/package/libs/openssl/patches/300-eng_devcrypto-close-open-session-on-init.patch
deleted file mode 100644 (file)
index e857f01..0000000
+++ /dev/null
@@ -1,115 +0,0 @@
-From 82b269fd77d20aa86d0825d798f3045dfe0a7a86 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Tue, 12 Feb 2019 10:44:19 -0200
-Subject: [PATCH] eng_devcrypto: close open session on init
-
-cipher_init may be called on an already initialized context, without a
-necessary cleanup.  This separates cleanup from initialization, closing
-an eventual open session before creating a new one.
-
-Move the /dev/crypto session cleanup code to its own function.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -35,6 +35,15 @@
-  */
- static int cfd;
-+static int clean_devcrypto_session(struct session_op *sess) {
-+    if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) {
-+        SYSerr(SYS_F_IOCTL, errno);
-+        return 0;
-+    }
-+    memset(sess, 0, sizeof(struct session_op));
-+    return 1;
-+}
-+
- /******************************************************************************
-  *
-  * Ciphers
-@@ -143,7 +152,11 @@ static int cipher_init(EVP_CIPHER_CTX *c
-     const struct cipher_data_st *cipher_d =
-         get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
--    memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
-+    /* cleanup a previous session */
-+    if (cipher_ctx->sess.ses != 0 &&
-+        clean_devcrypto_session(&cipher_ctx->sess) == 0)
-+        return 0;
-+
-     cipher_ctx->sess.cipher = cipher_d->devcryptoid;
-     cipher_ctx->sess.keylen = cipher_d->keylen;
-     cipher_ctx->sess.key = (void *)key;
-@@ -282,15 +295,29 @@ static int ctr_do_cipher(EVP_CIPHER_CTX
- static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2)
- {
-+    struct cipher_ctx *cipher_ctx =
-+        (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
-     EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2;
--    struct cipher_ctx *cipher_ctx;
-+    struct cipher_ctx *to_cipher_ctx;
-+
-+    switch (type) {
--    if (type == EVP_CTRL_COPY) {
-+    case EVP_CTRL_COPY:
-+        if (cipher_ctx == NULL)
-+            return 1;
-         /* when copying the context, a new session needs to be initialized */
--        cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
--        return (cipher_ctx == NULL)
--            || cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx),
-+        to_cipher_ctx =
-+            (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(to_ctx);
-+        memset(&to_cipher_ctx->sess, 0, sizeof(to_cipher_ctx->sess));
-+        return cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx),
-                            (cipher_ctx->op == COP_ENCRYPT));
-+
-+    case EVP_CTRL_INIT:
-+        memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
-+        return 1;
-+
-+    default:
-+        break;
-     }
-     return -1;
-@@ -301,12 +328,7 @@ static int cipher_cleanup(EVP_CIPHER_CTX
-     struct cipher_ctx *cipher_ctx =
-         (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
--    if (ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) < 0) {
--        SYSerr(SYS_F_IOCTL, errno);
--        return 0;
--    }
--
--    return 1;
-+    return clean_devcrypto_session(&cipher_ctx->sess);
- }
- /*
-@@ -352,6 +374,7 @@ static void prepare_cipher_methods(void)
-             || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i],
-                                           cipher_data[i].flags
-                                           | EVP_CIPH_CUSTOM_COPY
-+                                          | EVP_CIPH_CTRL_INIT
-                                           | EVP_CIPH_FLAG_DEFAULT_ASN1)
-             || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
-             || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
-@@ -594,11 +617,8 @@ static int digest_cleanup(EVP_MD_CTX *ct
-     if (digest_ctx == NULL)
-         return 1;
--    if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
--        SYSerr(SYS_F_IOCTL, errno);
--        return 0;
--    }
--    return 1;
-+
-+    return clean_devcrypto_session(&digest_ctx->sess);
- }
- static int devcrypto_test_digest(size_t digest_data_index)