From a5bb705f424ca11549d03d178ca41918fc1ce5a4 Mon Sep 17 00:00:00 2001 From: CN_SZTL Date: Sun, 22 Mar 2020 02:06:29 +0800 Subject: [PATCH] openssl: refresh patches --- .../patches/100-Configure-afalg-support.patch | 4 +- .../openssl/patches/110-openwrt_targets.patch | 3 ++ .../120-strip-cflags-from-binary.patch | 4 +- .../patches/130-dont-build-tests-fuzz.patch | 6 ++- .../patches/140-allow-prefer-chacha20.patch | 8 +++- .../150-openssl.cnf-add-engines-conf.patch | 31 ++++++++++++- ...o-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch | 6 ++- ..._devcrypto-add-configuration-options.patch | 21 +++++---- ...ypto-add-command-to-dump-driver-info.patch | 16 ++++--- ...o-make-the-dev-crypto-engine-dynamic.patch | 43 ++++++------------- ...default-to-not-use-digests-in-engine.patch | 8 ++-- ...to-ignore-error-when-closing-session.patch | 6 ++- 12 files changed, 95 insertions(+), 61 deletions(-) diff --git a/package/libs/openssl/patches/100-Configure-afalg-support.patch b/package/libs/openssl/patches/100-Configure-afalg-support.patch index 457e238959..0f91a9d5da 100644 --- a/package/libs/openssl/patches/100-Configure-afalg-support.patch +++ b/package/libs/openssl/patches/100-Configure-afalg-support.patch @@ -8,9 +8,11 @@ version to disable building the AFALG engine on openwrt targets. Signed-off-by: Eneas U de Queiroz +diff --git a/Configure b/Configure +index 5a699836f3..74d057c219 100755 --- a/Configure +++ b/Configure -@@ -1532,7 +1532,9 @@ unless ($disabled{"crypto-mdebug-backtra +@@ -1532,7 +1532,9 @@ unless ($disabled{"crypto-mdebug-backtrace"}) unless ($disabled{afalgeng}) { $config{afalgeng}=""; diff --git a/package/libs/openssl/patches/110-openwrt_targets.patch b/package/libs/openssl/patches/110-openwrt_targets.patch index b2786e8fee..d0530b4661 100644 --- a/package/libs/openssl/patches/110-openwrt_targets.patch +++ b/package/libs/openssl/patches/110-openwrt_targets.patch @@ -7,6 +7,9 @@ Targets are named: linux-$(CONFIG_ARCH)-openwrt Signed-off-by: Eneas U de Queiroz +diff --git a/Configurations/25-openwrt.conf b/Configurations/25-openwrt.conf +new file mode 100644 +index 0000000000..86a86d31e4 --- /dev/null +++ b/Configurations/25-openwrt.conf @@ -0,0 +1,48 @@ diff --git a/package/libs/openssl/patches/120-strip-cflags-from-binary.patch b/package/libs/openssl/patches/120-strip-cflags-from-binary.patch index 4a7dce366b..7faec9ab88 100644 --- a/package/libs/openssl/patches/120-strip-cflags-from-binary.patch +++ b/package/libs/openssl/patches/120-strip-cflags-from-binary.patch @@ -8,9 +8,11 @@ OpenSSL_version(OPENSSL_CFLAGS), or running openssl version -a Signed-off-by: Eneas U de Queiroz +diff --git a/crypto/build.info b/crypto/build.info +index 2c619c62e8..893128345a 100644 --- a/crypto/build.info +++ b/crypto/build.info -@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink +@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl DEPEND[cversion.o]=buildinf.h diff --git a/package/libs/openssl/patches/130-dont-build-tests-fuzz.patch b/package/libs/openssl/patches/130-dont-build-tests-fuzz.patch index 98d1865aed..fa79cc6022 100644 --- a/package/libs/openssl/patches/130-dont-build-tests-fuzz.patch +++ b/package/libs/openssl/patches/130-dont-build-tests-fuzz.patch @@ -7,9 +7,11 @@ This shortens build time. Signed-off-by: Eneas U de Queiroz +diff --git a/Configure b/Configure +index 74d057c219..5813e9f8fe 100755 --- a/Configure +++ b/Configure -@@ -308,7 +308,7 @@ my $auto_threads=1; # enable threads +@@ -296,7 +296,7 @@ my $auto_threads=1; # enable threads automatically? true by default my $default_ranlib; # Top level directories to build @@ -18,7 +20,7 @@ Signed-off-by: Eneas U de Queiroz # crypto/ subdirectories to build $config{sdirs} = [ "objects", -@@ -320,7 +320,7 @@ $config{sdirs} = [ +@@ -308,7 +308,7 @@ $config{sdirs} = [ "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store" ]; # test/ subdirectories to build diff --git a/package/libs/openssl/patches/140-allow-prefer-chacha20.patch b/package/libs/openssl/patches/140-allow-prefer-chacha20.patch index 71c7c72881..b293db28f7 100644 --- a/package/libs/openssl/patches/140-allow-prefer-chacha20.patch +++ b/package/libs/openssl/patches/140-allow-prefer-chacha20.patch @@ -14,6 +14,8 @@ when the client has it on top of its ciphersuite preference. Signed-off-by: Eneas U de Queiroz +diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h +index 6724ccf2d2..96d959427e 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -173,9 +173,15 @@ extern "C" { @@ -35,9 +37,11 @@ Signed-off-by: Eneas U de Queiroz # else # define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ "TLS_AES_128_GCM_SHA256" +diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c +index 27a1b2ec68..7039811323 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c -@@ -1467,11 +1467,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1467,11 +1467,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); @@ -67,7 +71,7 @@ Signed-off-by: Eneas U de Queiroz /* * ...and generally, our preferred cipher is AES. -@@ -1527,7 +1545,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1527,7 +1545,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, * Within each group, ciphers remain sorted by strength and previous * preference, i.e., * 1) ECDHE > DHE diff --git a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch index 6c7143dd7e..81d41963c6 100644 --- a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch +++ b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch @@ -1,6 +1,6 @@ --- a/apps/openssl.cnf +++ b/apps/openssl.cnf -@@ -22,6 +22,53 @@ oid_section = new_oids +@@ -22,6 +22,82 @@ oid_section = new_oids # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) @@ -16,8 +16,37 @@ +#padlock=padlock + +[afalg] ++# Leave this alone and configure algorithms with CIPERS/DIGESTS below +default_algorithms = ALL + ++# The following commands are only available if using the alternative ++# (sync) AFALG engine ++# Configuration commands: ++# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a ++# list of supported algorithms, along with their driver, whether they ++# are hw accelerated or not, and the engine's configuration commands. ++ ++# USE_SOFTDRIVERS: specifies whether to use software (not accelerated) ++# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use ++# if acceleration can't be determined) [default=2] ++#USE_SOFTDRIVERS = 2 ++ ++# CIPHERS: either ALL, NONE, NO_ECB (all except ECB-mode) or a ++# comma-separated list of ciphers to enable [default=NO_ECB] ++# Starting in 1.2.0, if you use a cipher list, each cipher may be ++# followed by a colon (:) and the minimum request length to use ++# AF_ALG drivers for that cipher; smaller requests are processed by ++# softare; a negative value will use the default for that cipher ++#CIPHERS=AES-128-CBC:1024, AES-256-CBC:768, DES-EDE3-CBC:0 ++ ++# DIGESTS: either ALL, NONE, or a comma-separated list of digests to ++# enable [default=NONE] ++# It is strongly recommended not to enable digests; their performance ++# is poor, and there are many cases in which they will not work, ++# especially when calling fork with open crypto contexts. Openssh, ++# for example, does this, and you may not be able to login. ++#DIGESTS = NONE ++ +[devcrypto] +# Leave this alone and configure algorithms with CIPERS/DIGESTS below +default_algorithms = ALL diff --git a/package/libs/openssl/patches/400-eng_devcrypto-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch b/package/libs/openssl/patches/400-eng_devcrypto-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch index 57962ec9c7..84c68b16a2 100644 --- a/package/libs/openssl/patches/400-eng_devcrypto-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch +++ b/package/libs/openssl/patches/400-eng_devcrypto-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch @@ -14,6 +14,8 @@ Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7585) +diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c +index a727c6f646..a2c9a966f7 100644 --- a/crypto/engine/eng_devcrypto.c +++ b/crypto/engine/eng_devcrypto.c @@ -461,6 +461,7 @@ struct digest_ctx { @@ -24,7 +26,7 @@ Reviewed-by: Richard Levitte }; static const struct digest_data_st { -@@ -564,12 +565,15 @@ static int digest_update(EVP_MD_CTX *ctx +@@ -564,12 +565,15 @@ static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) if (digest_ctx == NULL) return 0; @@ -44,7 +46,7 @@ Reviewed-by: Richard Levitte } static int digest_final(EVP_MD_CTX *ctx, unsigned char *md) -@@ -579,7 +583,10 @@ static int digest_final(EVP_MD_CTX *ctx, +@@ -579,7 +583,10 @@ static int digest_final(EVP_MD_CTX *ctx, unsigned char *md) if (md == NULL || digest_ctx == NULL) return 0; diff --git a/package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch b/package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch index 12fe7b4199..8745364cf2 100644 --- a/package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch +++ b/package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch @@ -13,6 +13,8 @@ Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7585) +diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c +index a2c9a966f7..5ec38ca8f3 100644 --- a/crypto/engine/eng_devcrypto.c +++ b/crypto/engine/eng_devcrypto.c @@ -16,6 +16,7 @@ @@ -78,7 +80,7 @@ Reviewed-by: Richard Levitte /* * Code further down must make sure that only NIDs in the table above -@@ -333,19 +367,40 @@ static int cipher_cleanup(EVP_CIPHER_CTX +@@ -333,19 +367,40 @@ static int cipher_cleanup(EVP_CIPHER_CTX *ctx) } /* @@ -184,7 +186,7 @@ Reviewed-by: Richard Levitte static const EVP_CIPHER *get_cipher_method(int nid) { size_t i = get_cipher_data_index(nid); -@@ -438,6 +520,36 @@ static int devcrypto_ciphers(ENGINE *e, +@@ -438,6 +520,36 @@ static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher, return *cipher != NULL; } @@ -245,7 +247,7 @@ Reviewed-by: Richard Levitte /* * Code further down must make sure that only NIDs in the table above -@@ -516,8 +637,8 @@ static const struct digest_data_st *get_ +@@ -516,8 +637,8 @@ static const struct digest_data_st *get_digest_data(int nid) } /* @@ -256,7 +258,7 @@ Reviewed-by: Richard Levitte */ static int digest_init(EVP_MD_CTX *ctx) -@@ -630,52 +751,94 @@ static int digest_cleanup(EVP_MD_CTX *ct +@@ -630,52 +751,94 @@ static int digest_cleanup(EVP_MD_CTX *ctx) return clean_devcrypto_session(&digest_ctx->sess); } @@ -401,7 +403,7 @@ Reviewed-by: Richard Levitte } } -@@ -739,7 +909,153 @@ static int devcrypto_digests(ENGINE *e, +@@ -739,8 +909,154 @@ static int devcrypto_digests(ENGINE *e, const EVP_MD **digest, return *digest != NULL; } @@ -477,8 +479,8 @@ Reviewed-by: Richard Levitte + "DIGESTS", + "either ALL, NONE, or a comma-separated list of digests to enable [default=ALL]", + ENGINE_CMD_FLAG_STRING}, -+#endif -+ + #endif + + {0, NULL, NULL, 0} +}; + @@ -502,7 +504,7 @@ Reviewed-by: Richard Levitte + use_softdrivers = i; +#ifdef IMPLEMENT_DIGEST + rebuild_known_digest_nids(e); - #endif ++#endif + rebuild_known_cipher_nids(e); + return 1; +#endif /* CIOCGSESSINFO */ @@ -552,9 +554,10 @@ Reviewed-by: Richard Levitte + } + return 0; +} - ++ /****************************************************************************** * + * LOAD / UNLOAD @@ -793,6 +1109,8 @@ void engine_load_devcrypto_int() if (!ENGINE_set_id(e, "devcrypto") diff --git a/package/libs/openssl/patches/420-eng_devcrypto-add-command-to-dump-driver-info.patch b/package/libs/openssl/patches/420-eng_devcrypto-add-command-to-dump-driver-info.patch index b7e1f6a411..ad83a51a10 100644 --- a/package/libs/openssl/patches/420-eng_devcrypto-add-command-to-dump-driver-info.patch +++ b/package/libs/openssl/patches/420-eng_devcrypto-add-command-to-dump-driver-info.patch @@ -11,9 +11,11 @@ Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7585) +diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c +index 5ec38ca8f3..64dc6b891d 100644 --- a/crypto/engine/eng_devcrypto.c +++ b/crypto/engine/eng_devcrypto.c -@@ -50,16 +50,20 @@ static int use_softdrivers = DEVCRYPTO_D +@@ -50,16 +50,20 @@ static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS; */ struct driver_info_st { enum devcrypto_status_t { @@ -80,7 +82,7 @@ Reviewed-by: Richard Levitte #endif /* CIOCGSESSINFO */ } ioctl(cfd, CIOCFSESSION, &sess.ses); -@@ -505,8 +514,11 @@ static void destroy_all_cipher_methods(v +@@ -505,8 +514,11 @@ static void destroy_all_cipher_methods(void) { size_t i; @@ -93,7 +95,7 @@ Reviewed-by: Richard Levitte } static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher, -@@ -550,6 +562,40 @@ static int cryptodev_select_cipher_cb(co +@@ -550,6 +562,40 @@ static int cryptodev_select_cipher_cb(const char *str, int len, void *usr) return 1; } @@ -188,7 +190,7 @@ Reviewed-by: Richard Levitte EVP_MD_meth_free(known_digest_methods[i]); known_digest_methods[i] = NULL; goto finish; -@@ -894,8 +945,11 @@ static void destroy_all_digest_methods(v +@@ -894,8 +945,11 @@ static void destroy_all_digest_methods(void) { size_t i; @@ -201,7 +203,7 @@ Reviewed-by: Richard Levitte } static int devcrypto_digests(ENGINE *e, const EVP_MD **digest, -@@ -939,6 +993,43 @@ static int cryptodev_select_digest_cb(co +@@ -939,6 +993,43 @@ static int cryptodev_select_digest_cb(const char *str, int len, void *usr) return 1; } @@ -245,7 +247,7 @@ Reviewed-by: Richard Levitte #endif /****************************************************************************** -@@ -983,6 +1074,11 @@ static const ENGINE_CMD_DEFN devcrypto_c +@@ -983,6 +1074,11 @@ static const ENGINE_CMD_DEFN devcrypto_cmds[] = { ENGINE_CMD_FLAG_STRING}, #endif @@ -257,7 +259,7 @@ Reviewed-by: Richard Levitte {0, NULL, NULL, 0} }; -@@ -1051,6 +1147,13 @@ static int devcrypto_ctrl(ENGINE *e, int +@@ -1051,6 +1147,13 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) return 1; #endif /* IMPLEMENT_DIGEST */ diff --git a/package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch b/package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch index f9b88ab84a..71dc5bf99b 100644 --- a/package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch +++ b/package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch @@ -1,4 +1,4 @@ -From f3cef70b34afde3afd13ce3636232d41533b0162 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Tue, 6 Nov 2018 10:57:03 -0200 Subject: e_devcrypto: make the /dev/crypto engine dynamic @@ -20,7 +20,7 @@ index e00802a3fd..47fe948966 100644 - SOURCE[../../libcrypto]=eng_devcrypto.c -ENDIF diff --git a/crypto/init.c b/crypto/init.c -index 9fc0e8ef68..b387559920 100644 +index 1b0d523bea..ee3e2eb075 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -329,18 +329,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl) @@ -116,7 +116,7 @@ diff --git a/crypto/engine/eng_devcrypto.c b/engines/e_devcrypto.c similarity index 95% rename from crypto/engine/eng_devcrypto.c rename to engines/e_devcrypto.c -index 64dc6b891d..fb5c6e1636 100644 +index 0d420e50aa..3fcd81de7a 100644 --- a/crypto/engine/eng_devcrypto.c +++ b/engines/e_devcrypto.c @@ -7,7 +7,7 @@ @@ -128,15 +128,7 @@ index 64dc6b891d..fb5c6e1636 100644 #include #include #include -@@ -23,26 +23,26 @@ - #include - #include - --#include "crypto/engine.h" -- - /* #define ENGINE_DEVCRYPTO_DEBUG */ - - #if CRYPTO_ALGORITHM_MIN < CRYPTO_ALGORITHM_MAX +@@ -31,18 +31,20 @@ # define CHECK_BSD_STYLE_MACROS #endif @@ -160,18 +152,7 @@ index 64dc6b891d..fb5c6e1636 100644 /* * cipher/digest status & acceleration definitions -@@ -66,6 +66,10 @@ struct driver_info_st { - char *driver_name; - }; - -+#ifdef OPENSSL_NO_DYNAMIC_ENGINE -+void engine_load_devcrypto_int(void); -+#endif -+ - static int clean_devcrypto_session(struct session_op *sess) { - if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) { - SYSerr(SYS_F_IOCTL, errno); -@@ -341,6 +345,7 @@ static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2) +@@ -341,6 +343,7 @@ static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2) struct cipher_ctx *to_cipher_ctx; switch (type) { @@ -179,7 +160,7 @@ index 64dc6b891d..fb5c6e1636 100644 case EVP_CTRL_COPY: if (cipher_ctx == NULL) return 1; -@@ -702,7 +707,6 @@ static int digest_init(EVP_MD_CTX *ctx) +@@ -702,7 +705,6 @@ static int digest_init(EVP_MD_CTX *ctx) SYSerr(SYS_F_IOCTL, errno); return 0; } @@ -187,7 +168,7 @@ index 64dc6b891d..fb5c6e1636 100644 return 1; } -@@ -1058,7 +1062,7 @@ static const ENGINE_CMD_DEFN devcrypto_cmds[] = { +@@ -1058,7 +1060,7 @@ static const ENGINE_CMD_DEFN devcrypto_cmds[] = { OPENSSL_MSTR(DEVCRYPTO_USE_SOFTWARE) "=allow all drivers, " OPENSSL_MSTR(DEVCRYPTO_REJECT_SOFTWARE) "=use if acceleration can't be determined) [default=" @@ -196,7 +177,7 @@ index 64dc6b891d..fb5c6e1636 100644 ENGINE_CMD_FLAG_NUMERIC}, #endif -@@ -1166,55 +1170,70 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) +@@ -1166,55 +1168,70 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) * *****/ @@ -284,12 +265,12 @@ index 64dc6b891d..fb5c6e1636 100644 - || !ENGINE_set_ctrl_function(e, devcrypto_ctrl) + || !ENGINE_set_ctrl_function(e, devcrypto_ctrl)) + return 0; -+ + + prepare_cipher_methods(); +#ifdef IMPLEMENT_DIGEST + prepare_digest_methods(); +#endif - ++ + return (ENGINE_set_ciphers(e, devcrypto_ciphers) +#ifdef IMPLEMENT_DIGEST + && ENGINE_set_digests(e, devcrypto_digests) @@ -297,7 +278,7 @@ index 64dc6b891d..fb5c6e1636 100644 /* * Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD * implementations, it seems to only exist in FreeBSD, and regarding the -@@ -1237,23 +1256,36 @@ void engine_load_devcrypto_int() +@@ -1237,23 +1254,36 @@ void engine_load_devcrypto_int() */ #if 0 # ifndef OPENSSL_NO_RSA @@ -343,7 +324,7 @@ index 64dc6b891d..fb5c6e1636 100644 ENGINE_free(e); return; } -@@ -1262,3 +1294,22 @@ void engine_load_devcrypto_int() +@@ -1262,3 +1292,22 @@ void engine_load_devcrypto_int() ENGINE_free(e); /* Loose our local reference */ ERR_clear_error(); } diff --git a/package/libs/openssl/patches/500-e_devcrypto-default-to-not-use-digests-in-engine.patch b/package/libs/openssl/patches/500-e_devcrypto-default-to-not-use-digests-in-engine.patch index e8239c2888..1f1cd7a582 100644 --- a/package/libs/openssl/patches/500-e_devcrypto-default-to-not-use-digests-in-engine.patch +++ b/package/libs/openssl/patches/500-e_devcrypto-default-to-not-use-digests-in-engine.patch @@ -1,4 +1,4 @@ -From 52ddedc09ee81fe05ea2fa384fce89afe92d6d72 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Mon, 11 Mar 2019 09:29:13 -0300 Subject: e_devcrypto: default to not use digests in engine @@ -19,9 +19,11 @@ turn them on if it is safe and fast enough. Signed-off-by: Eneas U de Queiroz +diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c +index 3fcd81de7a..d25230d366 100644 --- a/engines/e_devcrypto.c +++ b/engines/e_devcrypto.c -@@ -854,7 +854,7 @@ static void prepare_digest_methods(void) +@@ -852,7 +852,7 @@ static void prepare_digest_methods(void) for (i = 0, known_digest_nids_amount = 0; i < OSSL_NELEM(digest_data); i++) { @@ -30,7 +32,7 @@ Signed-off-by: Eneas U de Queiroz /* * Check that the digest is usable -@@ -1074,7 +1074,7 @@ static const ENGINE_CMD_DEFN devcrypto_c +@@ -1072,7 +1072,7 @@ static const ENGINE_CMD_DEFN devcrypto_cmds[] = { #ifdef IMPLEMENT_DIGEST {DEVCRYPTO_CMD_DIGESTS, "DIGESTS", diff --git a/package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch b/package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch index 0cbe5e7e50..bc514b88c9 100644 --- a/package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch +++ b/package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch @@ -1,4 +1,4 @@ -From b6b2744f06f64922b449b3cb4bf0ad3df3efba71 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Mon, 11 Mar 2019 10:15:14 -0300 Subject: e_devcrypto: ignore error when closing session @@ -8,9 +8,11 @@ session. It may have been closed by another process after a fork. Signed-off-by: Eneas U de Queiroz +diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c +index d25230d366..f4570f1666 100644 --- a/engines/e_devcrypto.c +++ b/engines/e_devcrypto.c -@@ -197,9 +197,8 @@ static int cipher_init(EVP_CIPHER_CTX *c +@@ -195,9 +195,8 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, get_cipher_data(EVP_CIPHER_CTX_nid(ctx)); /* cleanup a previous session */