openwrt/package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Mon, 11 Mar 2019 10:15:14 -0300
Subject: e_devcrypto: ignore error when closing session

In cipher_init, ignore an eventual error when closing the previous
session.  It may have been closed by another process after a fork.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

--- a/engines/e_devcrypto.c
+++ b/engines/e_devcrypto.c
@@ -195,9 +195,8 @@ static int cipher_init(EVP_CIPHER_CTX *c
         get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
 
     /* cleanup a previous session */
-    if (cipher_ctx->sess.ses != 0 &&
-        clean_devcrypto_session(&cipher_ctx->sess) == 0)
-        return 0;
+    if (cipher_ctx->sess.ses != 0)
+        clean_devcrypto_session(&cipher_ctx->sess);
 
     cipher_ctx->sess.cipher = cipher_d->devcryptoid;
     cipher_ctx->sess.keylen = cipher_d->keylen;
openssl: update to 1.1.1e This version includes bug and security fixes, including medium-severity CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> 2020-03-19 19:12:15 +00:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
openssl: disable digests by default, misc fixes Openssh uses digest contexts across forks, which is not supported by the /dev/crypto engine. The speed of digests is usually not worth enabling them anyway. This changes the default of the DIGESTS option to NONE, so the user still has the option to enable them. Added another patch related to the use of encryption contexts across forks, that ignores a failure to close a previous open session when reinitializing a context, instead of failing the reinitialization. Added a link to the Cryptographic Hardware Accelerators document to the engine pacakges description, to provide more detailed instructions to configure the engines. Revert the removal of the OPENSSL_ENGINE_CRYPTO symbol, currently used by openssh. There is an open PR to update openssh; when merged, this symbol can be safely removed. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patches] 2019-03-12 13:16:01 +00:00			`From: Eneas U de Queiroz <cote2004-github@yahoo.com>`
			`Date: Mon, 11 Mar 2019 10:15:14 -0300`
openssl: bump to 1.1.1d This version fixes 3 low-severity vulnerabilities: - CVE-2019-1547: ECDSA remote timing attack - CVE-2019-1549: Fork Protection - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> 2019-09-17 13:52:11 +00:00			`Subject: e_devcrypto: ignore error when closing session`
openssl: disable digests by default, misc fixes Openssh uses digest contexts across forks, which is not supported by the /dev/crypto engine. The speed of digests is usually not worth enabling them anyway. This changes the default of the DIGESTS option to NONE, so the user still has the option to enable them. Added another patch related to the use of encryption contexts across forks, that ignores a failure to close a previous open session when reinitializing a context, instead of failing the reinitialization. Added a link to the Cryptographic Hardware Accelerators document to the engine pacakges description, to provide more detailed instructions to configure the engines. Revert the removal of the OPENSSL_ENGINE_CRYPTO symbol, currently used by openssh. There is an open PR to update openssh; when merged, this symbol can be safely removed. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patches] 2019-03-12 13:16:01 +00:00
			`In cipher_init, ignore an eventual error when closing the previous`
			`session. It may have been closed by another process after a fork.`

			`Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>`

			`--- a/engines/e_devcrypto.c`
			`+++ b/engines/e_devcrypto.c`
openssl: bump to 1.1.1s Changes between 1.1.1r and 1.1.1s [1 Nov 2022] ) Fixed a regression introduced in 1.1.1r version not refreshing the certificate data to be signed before signing the certificate. [Gibeom Gwon] Changes between 1.1.1q and 1.1.1r [11 Oct 2022] ) Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that platform. [Adam Joseph] ) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was causing incorrect results in some cases as a result. [Paul Dale] ) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to report correct results in some cases [Matt Caswell] ) Fixed a regression introduced in 1.1.1o for re-signing certificates with different key sizes [Todd Short] ) Added the loongarch64 target [Shi Pujin] ) Fixed a DRBG seed propagation thread safety issue [Bernd Edlinger] ) Fixed a memory leak in tls13_generate_secret [Bernd Edlinger] ) Fixed reported performance degradation on aarch64. Restored the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower and the silicon errata only affects 32bit targets. The new algorithm is still used for 32 bit targets. [Bernd Edlinger] ) Added a missing header for memcmp that caused compilation failure on some platforms [Gregor Jasny] Build system: x86_64 Build-tested: bcm2711/RPi4B Run-tested: bcm2711/RPi4B Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit a0814f04ed955eb10b25df0ce6666ed91f11ca1b) 2022-11-03 13:27:49 +00:00			`@@ -195,9 +195,8 @@ static int cipher_init(EVP_CIPHER_CTX *c`
openssl: disable digests by default, misc fixes Openssh uses digest contexts across forks, which is not supported by the /dev/crypto engine. The speed of digests is usually not worth enabling them anyway. This changes the default of the DIGESTS option to NONE, so the user still has the option to enable them. Added another patch related to the use of encryption contexts across forks, that ignores a failure to close a previous open session when reinitializing a context, instead of failing the reinitialization. Added a link to the Cryptographic Hardware Accelerators document to the engine pacakges description, to provide more detailed instructions to configure the engines. Revert the removal of the OPENSSL_ENGINE_CRYPTO symbol, currently used by openssh. There is an open PR to update openssh; when merged, this symbol can be safely removed. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patches] 2019-03-12 13:16:01 +00:00			`get_cipher_data(EVP_CIPHER_CTX_nid(ctx));`

			`/* cleanup a previous session */`
			`- if (cipher_ctx->sess.ses != 0 &&`
			`- clean_devcrypto_session(&cipher_ctx->sess) == 0)`
			`- return 0;`
			`+ if (cipher_ctx->sess.ses != 0)`
			`+ clean_devcrypto_session(&cipher_ctx->sess);`

			`cipher_ctx->sess.cipher = cipher_d->devcryptoid;`
			`cipher_ctx->sess.keylen = cipher_d->keylen;`