[From nobody Thu Jun 25 05:55:03 2020 Received: from sonic308-3.consmr.mail.bf2.yahoo.com ([74.6.130.42]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gwtZd-00062M-IS for openwrt-devel@lists.openwrt.org; Thu, 21 Feb 2019 18:59:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1550775595; bh=4jnCckl3egLKupv78ecnOODpTZ9opKp+sT8gb20p/C0=; h=From:To:Cc:Subject:Date:From:Subject; b=ls7Sc1Hj3e8vl/PcmXow8nME5O5DVsSA8IeNkfrgyUpcHpuY0HmzLbdDXq863tcaI5smai8rJCS3SZpAJVzYJB3GvzTjKPIJnKtLCyqMTrTdwoh8p/CJfVjrg8f4gigmvY0TXPoRrqBceN8UL5DR4x/egxuu85jlfUea6+bT4el7V/KSMrOGFFOsPeQD7LFeaKI1+EMmxSF+Eqve6XB0k7kKFx2qI/vYkIH1Y+KDVQ427nZ3C+hnoK2NtGffJKRH0lq6oZxki4ekyv/+51R5ppaEW5+QcUNk43zoU/duV51sXnjxFYcF0so2vwr4J8OnB2IP8VzdtR+OYbrkjEGL4A== X-YMail-OSG: OTuRLw4VM1mBG1hV6iDXSVHLK0ot7PpVTAhgWC.fX8nnwmo1uiWlhvJr4_gnKHJ 78SQfByG9ff7_pj99GQ6lmn0N9sTgzPFBkYiiuY6YVcH3wy1UWTmfvUdfXB1zTqSGQjzPNz4Sn9d WyieorbkFmNaqXYChTUe0wdCrPgfFIbqrJZuLgfON3eIrzUXb1lbxYcNiAyoNkxCWiNoKNbhXlP_ Ixy3e62ng5_miBhM2vhoWnBqBOnVkyUFc1I.WWyn2QEYYPJXUoMWOEn8laMuka_lB6J2dcb.j6nx _sFyupaxeztm5PuE6KGvmE1DYS1QYnHDZNA6YMDp3.zCKhJ5gQ4MuCUx3eK_KBjUYBGHvJpUixxS HNWhmEv1YxMbexCcfGYGtmwE22WLpsjcudeb6zTHUwOvbQIz.INDMfqTMX1aom5Vlj2DRD99u0Zw pIz0PNjB65ny14In6FyVv7sqUmGaVUsZWsZE8Vcy.mqZty5uEp1hyHFLwtE5mBdlZzLRCFbln5Iy AoFyzcCRrDssFnjexfo7V3Q5Qo8rMVUcFj1RoU0Sm6td7bvASLU.qoXm30WNqbI6jmufYm7OfApm c604cSJS8Yqmcp5hfIEkl_b0bTqBGU1M84BzCQkNVcEdHc9hoy7UOR344qYX0WQY0tG1Zfps825q V9c7ZOiICNmFHyibT2Tn6TtG2SZkDJRtVUCgiolZCuTjo7Rnq_G..NccJb0tfcC5d.A.CKtcOCps mEislJB1idd1qlLe1.6U1S5wOZ5Om6516T1GXIeOV.OKW0PBC8TQS.wGDIfKn1kIgPsoY62X9yJJ uN23Hh__gG8jb5H5rqAlbx2gbZSJva5cvOkYsSuMzJ91CWSv4nqcoAH7Ko5fHG9gzTG35HXPFsGK vg2yAWaClt9LOWWBfn1pbTTPgwcETRyJ7947A1NA1uiihz9QaqFmmiGILVeJtVhSnImv8IgdNOZ6 lzy.EzvpcgV0m6KCe7y5a7bmvr.pijQDIWI3i.QFhR3zLCipKmb_N51bnngNtaW95rn1bIVQ5X4Q LpCA8hVnflV1mEROScSplMt5bIRoUj9NQ3SxFmujC0DH665vXI.dx67s- Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.bf2.yahoo.com with HTTP; Thu, 21 Feb 2019 18:59:55 +0000 Received: from 18.175.75.177.infopasa.com.br (EHLO gateway.troianet.com.br) ([177.75.175.18]) by smtp419.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID d3b374992142720a85f7e64b9e370514; Thu, 21 Feb 2019 18:59:54 +0000 (UTC) From: Eneas U de Queiroz <cote2004-github@yahoo.com> To: openwrt-devel@lists.openwrt.org Cc: Eneas U de Queiroz <cote2004-github@yahoo.com> Subject: [PATCH] openssl: fix devcrypto engine md blocksize Date: Thu, 21 Feb 2019 15:59:31 -0300 Message-Id: <20190221185931.14749-1-cote2004-github@yahoo.com> X-Mailer: git-send-email 2.19.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190221_105957_675940_55059C88 X-CRM114-Status: UNSURE ( 8.66 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [74.6.130.42 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (cote2004-github[at]yahoo.com) 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Sets input block size info for message digests. This was breaking openssh with a 'ssh_dispatch_fatal: ... invalid argument' error. The patch was sent upstream as part of openssl/openssl#8213. Reported-by: Gerard Looije <lglooije@hotmail.com> Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> --- Run-tested on Linksys WRT3200ACM with openssh 7.9p1 This patch interferes with a previous patch that I've sent, which is currently pending, and is not as critical: openssl: backport devcrypto changes from master I'll shortly send a v2 of that patch, to be applied after this one is merged. diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 9b97b5399b..e5a5f2d0c4 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -11,7 +11,7 @@ PKG_NAME:=openssl PKG_BASE:=1.1.1 PKG_BUGFIX:=a PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_USE_MIPS16:=0 ENGINES_DIR=engines-1.1 diff --git a/package/libs/openssl/patches/310-e_devcrypto-set-digest-input_blocksize.patch b/package/libs/openssl/patches/310-e_devcrypto-set-digest-input_blocksize.patch new file mode 100644 index 0000000000..c9c2c3c5fa --- /dev/null +++ b/package/libs/openssl/patches/310-e_devcrypto-set-digest-input_blocksize.patch @@ -0,0 +1,70 @@ +From e35d5af11088f6ec329ebc1b7d645beabb8ca77e Mon Sep 17 00:00:00 2001 +From: Eneas U de Queiroz <cote2004-github@yahoo.com> +Date: Thu, 21 Feb 2019 14:16:12 -0300 +Subject: [PATCH] e_devcrypto: set digest input_blocksize + +This restores the behavior of previous versions of the /dev/crypto +engine, in alignment with the default implementation. + +Reported-by: Gerard Looije <lglooije@hotmail.com> +Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> + +diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c +index 0c49238901..11ec4393e7 100644 +--- a/crypto/engine/eng_devcrypto.c ++++ b/crypto/engine/eng_devcrypto.c +@@ -464,29 +464,30 @@ struct digest_ctx { + + static const struct digest_data_st { + int nid; ++ int blocksize; + int digestlen; + int devcryptoid; + } digest_data[] = { + #ifndef OPENSSL_NO_MD5 +- { NID_md5, 16, CRYPTO_MD5 }, ++ { NID_md5, /* MD5_CBLOCK */ 64, 16, CRYPTO_MD5 }, + #endif +- { NID_sha1, 20, CRYPTO_SHA1 }, ++ { NID_sha1, SHA_CBLOCK, 20, CRYPTO_SHA1 }, + #ifndef OPENSSL_NO_RMD160 + # if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_RIPEMD160) +- { NID_ripemd160, 20, CRYPTO_RIPEMD160 }, ++ { NID_ripemd160, /* RIPEMD160_CBLOCK */ 64, 20, CRYPTO_RIPEMD160 }, + # endif + #endif + #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_224) +- { NID_sha224, 224 / 8, CRYPTO_SHA2_224 }, ++ { NID_sha224, SHA256_CBLOCK, 224 / 8, CRYPTO_SHA2_224 }, + #endif + #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_256) +- { NID_sha256, 256 / 8, CRYPTO_SHA2_256 }, ++ { NID_sha256, SHA256_CBLOCK, 256 / 8, CRYPTO_SHA2_256 }, + #endif + #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_384) +- { NID_sha384, 384 / 8, CRYPTO_SHA2_384 }, ++ { NID_sha384, SHA512_CBLOCK, 384 / 8, CRYPTO_SHA2_384 }, + #endif + #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_512) +- { NID_sha512, 512 / 8, CRYPTO_SHA2_512 }, ++ { NID_sha512, SHA512_CBLOCK, 512 / 8, CRYPTO_SHA2_512 }, + #endif + }; + +@@ -532,7 +533,6 @@ static int digest_init(EVP_MD_CTX *ctx) + SYSerr(SYS_F_IOCTL, errno); + return 0; + } +- + return 1; + } + +@@ -669,6 +669,8 @@ static void prepare_digest_methods(void) + + if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid, + NID_undef)) == NULL ++ || !EVP_MD_meth_set_input_blocksize(known_digest_methods[i], ++ digest_data[i].blocksize) + || !EVP_MD_meth_set_result_size(known_digest_methods[i], + digest_data[i].digestlen) + || !EVP_MD_meth_set_init(known_digest_methods[i], digest_init) ]