The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped automatically by the mailing list software.
--- Begin Message ---I'm sending two patches, which I haven't made part of a series, since they can be applied (and reverted, if needed) independently. One of them is to re-enable parallel building. I couldn't find out exactly what was failing when it was disabled, back in 1.0.2, but the openssl build system has changed so much since then, that enabling it may be possible. I've tested it with about 10 different targets, and compared the resulting packages, all checked. The other patch is about a limitation of using engines that affects openssh, and can lock one out of ssh access. When using a hw-crypto engine, you can't copy an open crypo context across a fork. If using the main library, that operation works because all of the necessary state information is kept in userspace, and each process gets its own copy. When using an engine, there's a session open within the kernel, which does not get duplicated, so both processes end up sharing that session. When the first process closes (or updates it, which is not the actual case), the other process gets locked out. This is done in sshd as a HMAC optimization, where the first part of the digest computation, which does not change, is copied from one operation to the next, even accross forks. I reported the issue at https://github.com/openssl/openssl/issues/8430, and proposed the patches' idea (not yet the patches themselves) to mitigate the problem. I haven't got feedback on them yet, but decided to send the patches here anyway to avoid user pain. Another option is to patch openssh, but there's nothing that documents this restriction, and other applications may use the same logic. I've edited the document about Cryptographic Hardware Accelerators, to provide detailed instructions on how to configure the engines, with /dev/crypto examples. I'm adding a link to it in the engine packages' description. It is not trivial to just add the configuration to openssl.cnf, as openssl will complain if you configure nonexisting engines. Please review my additions to the document as well. I will probably get in trouble for writing instructions on how to measure performance, but I feel it is useful anyway. Eneas U de Queiroz (2): openssl: revert disallowing parallel build openssl: disable digests by default, misc fixes package/libs/openssl/Config.in | 5 ++- package/libs/openssl/Makefile | 7 +++- ...default-to-not-use-digests-in-engine.patch | 41 +++++++++++++++++++ ...to-ignore-error-when-closing-session.patch | 24 +++++++++++ 4 files changed, 74 insertions(+), 3 deletions(-) create mode 100644 package/libs/openssl/patches/500-e_devcrypto-default-to-not-use-digests-in-engine.patch create mode 100644 package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch
--- End Message ---
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
