PKG_NAME:=openssl
PKG_BASE:=1.1.1
-PKG_BUGFIX:=a
+PKG_BUGFIX:=b
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=2
+PKG_RELEASE:=1
PKG_USE_MIPS16:=0
ENGINES_DIR=engines-1.1
ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
http://www.openssl.org/source/ \
http://www.openssl.org/source/old/$(PKG_BASE)/
-PKG_HASH:=fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41
+PKG_HASH:=5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
PKG_LICENSE:=OpenSSL
PKG_LICENSE_FILES:=LICENSE
STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
define Build/Configure
- [ -f $(STAMP_CONFIGURED) ] || { \
- rm -f $(PKG_BUILD_DIR)/*.so.* $(PKG_BUILD_DIR)/*.a; \
- find $(PKG_BUILD_DIR) -name \*.o | xargs rm -f; \
- }
(cd $(PKG_BUILD_DIR); \
./Configure $(OPENSSL_TARGET) \
--prefix=/usr \
--openssldir=/etc/ssl \
$(TARGET_CPPFLAGS) \
$(TARGET_LDFLAGS) \
- $(OPENSSL_OPTIONS) \
+ $(OPENSSL_OPTIONS) && \
+ { [ -f $(STAMP_CONFIGURED) ] || make clean; } \
)
endef
+++ /dev/null
-From be5cf61caa425070ec4f3e925d4e9aa484c8315b Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Mon, 5 Nov 2018 17:59:42 -0200
-Subject: [PATCH 1/7] eng_devcrypto: don't leak methods tables
-
-Call functions to prepare methods after confirming that /dev/crytpo was
-sucessfully open and that the destroy function has been set.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit d9d4dff5c640990d45af115353fc9f88a497a56c)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -619,11 +619,6 @@ void engine_load_devcrypto_int()
- return;
- }
-
-- prepare_cipher_methods();
--#ifdef IMPLEMENT_DIGEST
-- prepare_digest_methods();
--#endif
--
- if ((e = ENGINE_new()) == NULL
- || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
- ENGINE_free(e);
-@@ -636,6 +631,11 @@ void engine_load_devcrypto_int()
- return;
- }
-
-+ prepare_cipher_methods();
-+#ifdef IMPLEMENT_DIGEST
-+ prepare_digest_methods();
-+#endif
-+
- if (!ENGINE_set_id(e, "devcrypto")
- || !ENGINE_set_name(e, "/dev/crypto engine")
-
+++ /dev/null
-From add2ab1f289c24a1563c5b895d5cd133fe874f12 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Wed, 14 Nov 2018 11:22:14 -0200
-Subject: [PATCH 2/7] eng_devcrypto: expand digest failure cases
-
-Return failure when the digest_ctx is null in digest_update and
-digest_final, and when md is null in digest_final.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit 4d9f99654441e36fdcb49540a1dbc9d4c70ccb68)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -438,6 +438,9 @@ static int digest_update(EVP_MD_CTX *ctx
- if (count == 0)
- return 1;
-
-+ if (digest_ctx == NULL)
-+ return 0;
-+
- if (digest_op(digest_ctx, data, count, NULL, COP_FLAG_UPDATE) < 0) {
- SYSerr(SYS_F_IOCTL, errno);
- return 0;
-@@ -451,6 +454,8 @@ static int digest_final(EVP_MD_CTX *ctx,
- struct digest_ctx *digest_ctx =
- (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
-
-+ if (md == NULL || digest_ctx == NULL)
-+ return 0;
- if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) {
- SYSerr(SYS_F_IOCTL, errno);
- return 0;
+++ /dev/null
-From 68b02a8ab798b7e916c8141a36ab69d7493fc707 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Wed, 14 Nov 2018 13:58:06 -0200
-Subject: [PATCH 3/7] eng_devcrypto: fix copy of unitilialized digest
-
-If the source ctx has not been initialized, don't initialize the copy
-either.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit ae8183690fa53b978d4647563f5a521c4cafe94c)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -338,7 +338,8 @@ static int devcrypto_ciphers(ENGINE *e,
-
- struct digest_ctx {
- struct session_op sess;
-- int init;
-+ /* This signals that the init function was called, not that it succeeded. */
-+ int init_called;
- };
-
- static const struct digest_data_st {
-@@ -403,7 +404,7 @@ static int digest_init(EVP_MD_CTX *ctx)
- const struct digest_data_st *digest_d =
- get_digest_data(EVP_MD_CTX_type(ctx));
-
-- digest_ctx->init = 1;
-+ digest_ctx->init_called = 1;
-
- memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess));
- digest_ctx->sess.mac = digest_d->devcryptoid;
-@@ -476,14 +477,9 @@ static int digest_copy(EVP_MD_CTX *to, c
- (struct digest_ctx *)EVP_MD_CTX_md_data(to);
- struct cphash_op cphash;
-
-- if (digest_from == NULL)
-+ if (digest_from == NULL || digest_from->init_called != 1)
- return 1;
-
-- if (digest_from->init != 1) {
-- SYSerr(SYS_F_IOCTL, EINVAL);
-- return 0;
-- }
--
- if (!digest_init(to)) {
- SYSerr(SYS_F_IOCTL, errno);
- return 0;
+++ /dev/null
-From 5378c582c8d3f1130b17abb2950bfd09cde099c6 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Mon, 5 Nov 2018 15:59:44 -0200
-Subject: [PATCH 4/7] eng_devcrypto: close session on cleanup, not final
-
-Close the session in digest_cleanup instead of digest_final. A failure
-in closing the session does not mean a previous successful digest final
-has failed as well.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit a67203a19d379a8cc8b369587c60c46eb4e19014)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -461,10 +461,6 @@ static int digest_final(EVP_MD_CTX *ctx,
- SYSerr(SYS_F_IOCTL, errno);
- return 0;
- }
-- if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
-- SYSerr(SYS_F_IOCTL, errno);
-- return 0;
-- }
-
- return 1;
- }
-@@ -496,6 +492,15 @@ static int digest_copy(EVP_MD_CTX *to, c
-
- static int digest_cleanup(EVP_MD_CTX *ctx)
- {
-+ struct digest_ctx *digest_ctx =
-+ (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
-+
-+ if (digest_ctx == NULL)
-+ return 1;
-+ if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
-+ SYSerr(SYS_F_IOCTL, errno);
-+ return 0;
-+ }
- return 1;
- }
-
+++ /dev/null
-From a19d1a1d370e2959555fccbafc4e970634840352 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Tue, 13 Nov 2018 09:23:22 -0200
-Subject: [PATCH 5/7] eng_devcrypto: add cipher CTX copy function
-
-The engine needs a custom cipher context copy function to open a new
-/dev/crypto session.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit 6d99e238397859f2df58c60e28905193b2dd6762)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -207,6 +207,22 @@ static int cipher_do_cipher(EVP_CIPHER_C
- return 1;
- }
-
-+static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2)
-+{
-+ EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2;
-+ struct cipher_ctx *cipher_ctx;
-+
-+ if (type == EVP_CTRL_COPY) {
-+ /* when copying the context, a new session needs to be initialized */
-+ cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
-+ return (cipher_ctx == NULL)
-+ || cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx),
-+ (cipher_ctx->op == COP_ENCRYPT));
-+ }
-+
-+ return -1;
-+}
-+
- static int cipher_cleanup(EVP_CIPHER_CTX *ctx)
- {
- struct cipher_ctx *cipher_ctx =
-@@ -258,10 +274,12 @@ static void prepare_cipher_methods(void)
- cipher_data[i].ivlen)
- || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i],
- cipher_data[i].flags
-+ | EVP_CIPH_CUSTOM_COPY
- | EVP_CIPH_FLAG_DEFAULT_ASN1)
- || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
- || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
- cipher_do_cipher)
-+ || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl)
- || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i],
- cipher_cleanup)
- || !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i],
+++ /dev/null
-From 2887a5c8f9a385b3ebee12b98f68e7d1f9cc0ea0 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Wed, 28 Nov 2018 11:26:27 -0200
-Subject: [PATCH 6/7] eng_devcrypto: fix ctr mode
-
-Make CTR mode behave like a stream cipher.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit b5015e834aa7d3f0a5d7585a8fae05cecbdbb848)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -47,10 +47,12 @@ static int cfd;
-
- struct cipher_ctx {
- struct session_op sess;
--
-- /* to pass from init to do_cipher */
-- const unsigned char *iv;
- int op; /* COP_ENCRYPT or COP_DECRYPT */
-+ unsigned long mode; /* EVP_CIPH_*_MODE */
-+
-+ /* to handle ctr mode being a stream cipher */
-+ unsigned char partial[EVP_MAX_BLOCK_LENGTH];
-+ unsigned int blocksize, num;
- };
-
- static const struct cipher_data_st {
-@@ -87,9 +89,9 @@ static const struct cipher_data_st {
- { NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS },
- #endif
- #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_ECB)
-- { NID_aes_128_ecb, 16, 128 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-- { NID_aes_192_ecb, 16, 192 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-- { NID_aes_256_ecb, 16, 256 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-+ { NID_aes_128_ecb, 16, 128 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-+ { NID_aes_192_ecb, 16, 192 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
-+ { NID_aes_256_ecb, 16, 256 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB },
- #endif
- #if 0 /* Not yet supported */
- { NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM },
-@@ -146,6 +148,8 @@ static int cipher_init(EVP_CIPHER_CTX *c
- cipher_ctx->sess.keylen = cipher_d->keylen;
- cipher_ctx->sess.key = (void *)key;
- cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
-+ cipher_ctx->mode = cipher_d->flags & EVP_CIPH_MODE;
-+ cipher_ctx->blocksize = cipher_d->blocksize;
- if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
- SYSerr(SYS_F_IOCTL, errno);
- return 0;
-@@ -160,8 +164,11 @@ static int cipher_do_cipher(EVP_CIPHER_C
- struct cipher_ctx *cipher_ctx =
- (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
- struct crypt_op cryp;
-+ unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
- #if !defined(COP_FLAG_WRITE_IV)
- unsigned char saved_iv[EVP_MAX_IV_LENGTH];
-+ const unsigned char *ivptr;
-+ size_t nblocks, ivlen;
- #endif
-
- memset(&cryp, 0, sizeof(cryp));
-@@ -169,19 +176,28 @@ static int cipher_do_cipher(EVP_CIPHER_C
- cryp.len = inl;
- cryp.src = (void *)in;
- cryp.dst = (void *)out;
-- cryp.iv = (void *)EVP_CIPHER_CTX_iv_noconst(ctx);
-+ cryp.iv = (void *)iv;
- cryp.op = cipher_ctx->op;
- #if !defined(COP_FLAG_WRITE_IV)
- cryp.flags = 0;
-
-- if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
-- assert(inl >= EVP_CIPHER_CTX_iv_length(ctx));
-- if (!EVP_CIPHER_CTX_encrypting(ctx)) {
-- unsigned char *ivptr = in + inl - EVP_CIPHER_CTX_iv_length(ctx);
-+ ivlen = EVP_CIPHER_CTX_iv_length(ctx);
-+ if (ivlen > 0)
-+ switch (cipher_ctx->mode) {
-+ case EVP_CIPH_CBC_MODE:
-+ assert(inl >= ivlen);
-+ if (!EVP_CIPHER_CTX_encrypting(ctx)) {
-+ ivptr = in + inl - ivlen;
-+ memcpy(saved_iv, ivptr, ivlen);
-+ }
-+ break;
-+
-+ case EVP_CIPH_CTR_MODE:
-+ break;
-
-- memcpy(saved_iv, ivptr, EVP_CIPHER_CTX_iv_length(ctx));
-+ default: /* should not happen */
-+ return 0;
- }
-- }
- #else
- cryp.flags = COP_FLAG_WRITE_IV;
- #endif
-@@ -192,17 +208,74 @@ static int cipher_do_cipher(EVP_CIPHER_C
- }
-
- #if !defined(COP_FLAG_WRITE_IV)
-- if (EVP_CIPHER_CTX_iv_length(ctx) > 0) {
-- unsigned char *ivptr = saved_iv;
-+ if (ivlen > 0)
-+ switch (cipher_ctx->mode) {
-+ case EVP_CIPH_CBC_MODE:
-+ assert(inl >= ivlen);
-+ if (EVP_CIPHER_CTX_encrypting(ctx))
-+ ivptr = out + inl - ivlen;
-+ else
-+ ivptr = saved_iv;
-+
-+ memcpy(iv, ivptr, ivlen);
-+ break;
-+
-+ case EVP_CIPH_CTR_MODE:
-+ nblocks = (inl + cipher_ctx->blocksize - 1)
-+ / cipher_ctx->blocksize;
-+ do {
-+ ivlen--;
-+ nblocks += iv[ivlen];
-+ iv[ivlen] = (uint8_t) nblocks;
-+ nblocks >>= 8;
-+ } while (ivlen);
-+ break;
-+
-+ default: /* should not happen */
-+ return 0;
-+ }
-+#endif
-+
-+ return 1;
-+}
-
-- assert(inl >= EVP_CIPHER_CTX_iv_length(ctx));
-- if (!EVP_CIPHER_CTX_encrypting(ctx))
-- ivptr = out + inl - EVP_CIPHER_CTX_iv_length(ctx);
-+static int ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+ const unsigned char *in, size_t inl)
-+{
-+ struct cipher_ctx *cipher_ctx =
-+ (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
-+ size_t nblocks, len;
-
-- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), ivptr,
-- EVP_CIPHER_CTX_iv_length(ctx));
-+ /* initial partial block */
-+ while (cipher_ctx->num && inl) {
-+ (*out++) = *(in++) ^ cipher_ctx->partial[cipher_ctx->num];
-+ --inl;
-+ cipher_ctx->num = (cipher_ctx->num + 1) % cipher_ctx->blocksize;
-+ }
-+
-+ /* full blocks */
-+ if (inl > (unsigned int) cipher_ctx->blocksize) {
-+ nblocks = inl/cipher_ctx->blocksize;
-+ len = nblocks * cipher_ctx->blocksize;
-+ if (cipher_do_cipher(ctx, out, in, len) < 1)
-+ return 0;
-+ inl -= len;
-+ out += len;
-+ in += len;
-+ }
-+
-+ /* final partial block */
-+ if (inl) {
-+ memset(cipher_ctx->partial, 0, cipher_ctx->blocksize);
-+ if (cipher_do_cipher(ctx, cipher_ctx->partial, cipher_ctx->partial,
-+ cipher_ctx->blocksize) < 1)
-+ return 0;
-+ while (inl--) {
-+ out[cipher_ctx->num] = in[cipher_ctx->num]
-+ ^ cipher_ctx->partial[cipher_ctx->num];
-+ cipher_ctx->num++;
-+ }
- }
--#endif
-
- return 1;
- }
-@@ -249,6 +322,7 @@ static void prepare_cipher_methods(void)
- {
- size_t i;
- struct session_op sess;
-+ unsigned long cipher_mode;
-
- memset(&sess, 0, sizeof(sess));
- sess.key = (void *)"01234567890123456789012345678901234567890123456789";
-@@ -266,9 +340,12 @@ static void prepare_cipher_methods(void)
- || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
- continue;
-
-+ cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE;
-+
- if ((known_cipher_methods[i] =
- EVP_CIPHER_meth_new(cipher_data[i].nid,
-- cipher_data[i].blocksize,
-+ cipher_mode == EVP_CIPH_CTR_MODE ? 1 :
-+ cipher_data[i].blocksize,
- cipher_data[i].keylen)) == NULL
- || !EVP_CIPHER_meth_set_iv_length(known_cipher_methods[i],
- cipher_data[i].ivlen)
-@@ -278,6 +355,8 @@ static void prepare_cipher_methods(void)
- | EVP_CIPH_FLAG_DEFAULT_ASN1)
- || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
- || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
-+ cipher_mode == EVP_CIPH_CTR_MODE ?
-+ ctr_do_cipher :
- cipher_do_cipher)
- || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl)
- || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i],
+++ /dev/null
-From 488521d77fdc1de5ae256ce0d9203e35ebc92993 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Sat, 8 Dec 2018 18:01:04 -0200
-Subject: [PATCH 7/7] eng_devcrypto: make sure digest can do copy
-
-Digest must be able to do partial-state copy to be used.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
-Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7585)
-
-(cherry picked from commit 16e252a01b754a13e83d5e5e87afbe389997926b)
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -601,6 +601,30 @@ static int digest_cleanup(EVP_MD_CTX *ct
- return 1;
- }
-
-+static int devcrypto_test_digest(size_t digest_data_index)
-+{
-+ struct session_op sess1, sess2;
-+ struct cphash_op cphash;
-+ int ret=0;
-+
-+ memset(&sess1, 0, sizeof(sess1));
-+ memset(&sess2, 0, sizeof(sess2));
-+ sess1.mac = digest_data[digest_data_index].devcryptoid;
-+ if (ioctl(cfd, CIOCGSESSION, &sess1) < 0)
-+ return 0;
-+ /* Make sure the driver is capable of hash state copy */
-+ sess2.mac = sess1.mac;
-+ if (ioctl(cfd, CIOCGSESSION, &sess2) >= 0) {
-+ cphash.src_ses = sess1.ses;
-+ cphash.dst_ses = sess2.ses;
-+ if (ioctl(cfd, CIOCCPHASH, &cphash) >= 0)
-+ ret = 1;
-+ ioctl(cfd, CIOCFSESSION, &sess2.ses);
-+ }
-+ ioctl(cfd, CIOCFSESSION, &sess1.ses);
-+ return ret;
-+}
-+
- /*
- * Keep a table of known nids and associated methods.
- * Note that known_digest_nids[] isn't necessarily indexed the same way as
-@@ -613,20 +637,14 @@ static EVP_MD *known_digest_methods[OSSL
- static void prepare_digest_methods(void)
- {
- size_t i;
-- struct session_op sess;
--
-- memset(&sess, 0, sizeof(sess));
-
- for (i = 0, known_digest_nids_amount = 0; i < OSSL_NELEM(digest_data);
- i++) {
-
- /*
-- * Check that the algo is really availably by trying to open and close
-- * a session.
-+ * Check that the algo is usable
- */
-- sess.mac = digest_data[i].devcryptoid;
-- if (ioctl(cfd, CIOCGSESSION, &sess) < 0
-- || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
-+ if (!devcrypto_test_digest(i))
- continue;
-
- if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
+++ /dev/null
-From 82b269fd77d20aa86d0825d798f3045dfe0a7a86 Mon Sep 17 00:00:00 2001
-From: Eneas U de Queiroz <cote2004-github@yahoo.com>
-Date: Tue, 12 Feb 2019 10:44:19 -0200
-Subject: [PATCH] eng_devcrypto: close open session on init
-
-cipher_init may be called on an already initialized context, without a
-necessary cleanup. This separates cleanup from initialization, closing
-an eventual open session before creating a new one.
-
-Move the /dev/crypto session cleanup code to its own function.
-
-Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
-
---- a/crypto/engine/eng_devcrypto.c
-+++ b/crypto/engine/eng_devcrypto.c
-@@ -35,6 +35,15 @@
- */
- static int cfd;
-
-+static int clean_devcrypto_session(struct session_op *sess) {
-+ if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) {
-+ SYSerr(SYS_F_IOCTL, errno);
-+ return 0;
-+ }
-+ memset(sess, 0, sizeof(struct session_op));
-+ return 1;
-+}
-+
- /******************************************************************************
- *
- * Ciphers
-@@ -143,7 +152,11 @@ static int cipher_init(EVP_CIPHER_CTX *c
- const struct cipher_data_st *cipher_d =
- get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
-
-- memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
-+ /* cleanup a previous session */
-+ if (cipher_ctx->sess.ses != 0 &&
-+ clean_devcrypto_session(&cipher_ctx->sess) == 0)
-+ return 0;
-+
- cipher_ctx->sess.cipher = cipher_d->devcryptoid;
- cipher_ctx->sess.keylen = cipher_d->keylen;
- cipher_ctx->sess.key = (void *)key;
-@@ -282,15 +295,29 @@ static int ctr_do_cipher(EVP_CIPHER_CTX
-
- static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2)
- {
-+ struct cipher_ctx *cipher_ctx =
-+ (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
- EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2;
-- struct cipher_ctx *cipher_ctx;
-+ struct cipher_ctx *to_cipher_ctx;
-+
-+ switch (type) {
-
-- if (type == EVP_CTRL_COPY) {
-+ case EVP_CTRL_COPY:
-+ if (cipher_ctx == NULL)
-+ return 1;
- /* when copying the context, a new session needs to be initialized */
-- cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
-- return (cipher_ctx == NULL)
-- || cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx),
-+ to_cipher_ctx =
-+ (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(to_ctx);
-+ memset(&to_cipher_ctx->sess, 0, sizeof(to_cipher_ctx->sess));
-+ return cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx),
- (cipher_ctx->op == COP_ENCRYPT));
-+
-+ case EVP_CTRL_INIT:
-+ memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
-+ return 1;
-+
-+ default:
-+ break;
- }
-
- return -1;
-@@ -301,12 +328,7 @@ static int cipher_cleanup(EVP_CIPHER_CTX
- struct cipher_ctx *cipher_ctx =
- (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
-
-- if (ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) < 0) {
-- SYSerr(SYS_F_IOCTL, errno);
-- return 0;
-- }
--
-- return 1;
-+ return clean_devcrypto_session(&cipher_ctx->sess);
- }
-
- /*
-@@ -352,6 +374,7 @@ static void prepare_cipher_methods(void)
- || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i],
- cipher_data[i].flags
- | EVP_CIPH_CUSTOM_COPY
-+ | EVP_CIPH_CTRL_INIT
- | EVP_CIPH_FLAG_DEFAULT_ASN1)
- || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
- || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
-@@ -594,11 +617,8 @@ static int digest_cleanup(EVP_MD_CTX *ct
-
- if (digest_ctx == NULL)
- return 1;
-- if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
-- SYSerr(SYS_F_IOCTL, errno);
-- return 0;
-- }
-- return 1;
-+
-+ return clean_devcrypto_session(&digest_ctx->sess);
- }
-
- static int devcrypto_test_digest(size_t digest_data_index)