--- Begin Message ---
Sets input block size info for message digests. This was breaking
openssh with a 'ssh_dispatch_fatal: ... invalid argument' error.
The patch was sent upstream as part of openssl/openssl#8213.
Reported-by: Gerard Looije <[email protected]>
Signed-off-by: Eneas U de Queiroz <[email protected]>
---
Run-tested on Linksys WRT3200ACM with openssh 7.9p1
This patch interferes with a previous patch that I've sent, which is
currently pending, and is not as critical:
openssl: backport devcrypto changes from master
I'll shortly send a v2 of that patch, to be applied after this one is
merged.
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 9b97b5399b..e5a5f2d0c4 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -11,7 +11,7 @@ PKG_NAME:=openssl
PKG_BASE:=1.1.1
PKG_BUGFIX:=a
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_USE_MIPS16:=0
ENGINES_DIR=engines-1.1
diff --git
a/package/libs/openssl/patches/310-e_devcrypto-set-digest-input_blocksize.patch
b/package/libs/openssl/patches/310-e_devcrypto-set-digest-input_blocksize.patch
new file mode 100644
index 0000000000..c9c2c3c5fa
--- /dev/null
+++
b/package/libs/openssl/patches/310-e_devcrypto-set-digest-input_blocksize.patch
@@ -0,0 +1,70 @@
+From e35d5af11088f6ec329ebc1b7d645beabb8ca77e Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <[email protected]>
+Date: Thu, 21 Feb 2019 14:16:12 -0300
+Subject: [PATCH] e_devcrypto: set digest input_blocksize
+
+This restores the behavior of previous versions of the /dev/crypto
+engine, in alignment with the default implementation.
+
+Reported-by: Gerard Looije <[email protected]>
+Signed-off-by: Eneas U de Queiroz <[email protected]>
+
+diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c
+index 0c49238901..11ec4393e7 100644
+--- a/crypto/engine/eng_devcrypto.c
++++ b/crypto/engine/eng_devcrypto.c
+@@ -464,29 +464,30 @@ struct digest_ctx {
+
+ static const struct digest_data_st {
+ int nid;
++ int blocksize;
+ int digestlen;
+ int devcryptoid;
+ } digest_data[] = {
+ #ifndef OPENSSL_NO_MD5
+- { NID_md5, 16, CRYPTO_MD5 },
++ { NID_md5, /* MD5_CBLOCK */ 64, 16, CRYPTO_MD5 },
+ #endif
+- { NID_sha1, 20, CRYPTO_SHA1 },
++ { NID_sha1, SHA_CBLOCK, 20, CRYPTO_SHA1 },
+ #ifndef OPENSSL_NO_RMD160
+ # if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_RIPEMD160)
+- { NID_ripemd160, 20, CRYPTO_RIPEMD160 },
++ { NID_ripemd160, /* RIPEMD160_CBLOCK */ 64, 20, CRYPTO_RIPEMD160 },
+ # endif
+ #endif
+ #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_224)
+- { NID_sha224, 224 / 8, CRYPTO_SHA2_224 },
++ { NID_sha224, SHA256_CBLOCK, 224 / 8, CRYPTO_SHA2_224 },
+ #endif
+ #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_256)
+- { NID_sha256, 256 / 8, CRYPTO_SHA2_256 },
++ { NID_sha256, SHA256_CBLOCK, 256 / 8, CRYPTO_SHA2_256 },
+ #endif
+ #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_384)
+- { NID_sha384, 384 / 8, CRYPTO_SHA2_384 },
++ { NID_sha384, SHA512_CBLOCK, 384 / 8, CRYPTO_SHA2_384 },
+ #endif
+ #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_512)
+- { NID_sha512, 512 / 8, CRYPTO_SHA2_512 },
++ { NID_sha512, SHA512_CBLOCK, 512 / 8, CRYPTO_SHA2_512 },
+ #endif
+ };
+
+@@ -532,7 +533,6 @@ static int digest_init(EVP_MD_CTX *ctx)
+ SYSerr(SYS_F_IOCTL, errno);
+ return 0;
+ }
+-
+ return 1;
+ }
+
+@@ -669,6 +669,8 @@ static void prepare_digest_methods(void)
+
+ if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
+ NID_undef)) == NULL
++ || !EVP_MD_meth_set_input_blocksize(known_digest_methods[i],
++ digest_data[i].blocksize)
+ || !EVP_MD_meth_set_result_size(known_digest_methods[i],
+ digest_data[i].digestlen)
+ || !EVP_MD_meth_set_init(known_digest_methods[i], digest_init)
--- End Message ---
