mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-27 01:11:14 +00:00
2407b1edcc
Openssh uses digest contexts across forks, which is not supported by the /dev/crypto engine. The speed of digests is usually not worth enabling them anyway. This changes the default of the DIGESTS option to NONE, so the user still has the option to enable them. Added another patch related to the use of encryption contexts across forks, that ignores a failure to close a previous open session when reinitializing a context, instead of failing the reinitialization. Added a link to the Cryptographic Hardware Accelerators document to the engine pacakges description, to provide more detailed instructions to configure the engines. Revert the removal of the OPENSSL_ENGINE_CRYPTO symbol, currently used by openssh. There is an open PR to update openssh; when merged, this symbol can be safely removed. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patches]
25 lines
942 B
Diff
25 lines
942 B
Diff
From b6e6d157367bae91a8015434769572e430257d40 Mon Sep 17 00:00:00 2001
|
|
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
Date: Mon, 11 Mar 2019 10:15:14 -0300
|
|
Subject: [PATCH] e_devcrypto: ignore error when closing session
|
|
|
|
In cipher_init, ignore an eventual error when closing the previous
|
|
session. It may have been closed by another process after a fork.
|
|
|
|
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
|
|
--- a/engines/e_devcrypto.c
|
|
+++ b/engines/e_devcrypto.c
|
|
@@ -197,9 +197,8 @@ static int cipher_init(EVP_CIPHER_CTX *c
|
|
get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
|
|
|
|
/* cleanup a previous session */
|
|
- if (cipher_ctx->sess.ses != 0 &&
|
|
- clean_devcrypto_session(&cipher_ctx->sess) == 0)
|
|
- return 0;
|
|
+ if (cipher_ctx->sess.ses != 0)
|
|
+ clean_devcrypto_session(&cipher_ctx->sess);
|
|
|
|
cipher_ctx->sess.cipher = cipher_d->devcryptoid;
|
|
cipher_ctx->sess.keylen = cipher_d->keylen;
|