From 9e8cbecb7f188dcf31b3a4e268d8e2b8e6d55a58 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Wed, 27 Feb 2019 18:06:44 -0300 Subject: openssl: bump to release 1.1.1b This is bugfix release that incorporated all of the devcrypto engine patches currently in the tree. The cleaning procedure in Package/Configure was not removing the dependency files, causing linking errors during a rebuild with different options. It was replaced by a simple make clean. Signed-off-by: Eneas U de Queiroz --- .../patches/250-eng_devcrypto-fix-ctr-mode.patch | 217 --------------------- 1 file changed, 217 deletions(-) delete mode 100644 package/libs/openssl/patches/250-eng_devcrypto-fix-ctr-mode.patch (limited to 'package/libs/openssl/patches/250-eng_devcrypto-fix-ctr-mode.patch') diff --git a/package/libs/openssl/patches/250-eng_devcrypto-fix-ctr-mode.patch b/package/libs/openssl/patches/250-eng_devcrypto-fix-ctr-mode.patch deleted file mode 100644 index 54a9236f13..0000000000 --- a/package/libs/openssl/patches/250-eng_devcrypto-fix-ctr-mode.patch +++ /dev/null @@ -1,217 +0,0 @@ -From 2887a5c8f9a385b3ebee12b98f68e7d1f9cc0ea0 Mon Sep 17 00:00:00 2001 -From: Eneas U de Queiroz -Date: Wed, 28 Nov 2018 11:26:27 -0200 -Subject: [PATCH 6/7] eng_devcrypto: fix ctr mode - -Make CTR mode behave like a stream cipher. - -Signed-off-by: Eneas U de Queiroz - -Reviewed-by: Matthias St. Pierre -Reviewed-by: Richard Levitte -(Merged from https://github.com/openssl/openssl/pull/7585) - -(cherry picked from commit b5015e834aa7d3f0a5d7585a8fae05cecbdbb848) - ---- a/crypto/engine/eng_devcrypto.c -+++ b/crypto/engine/eng_devcrypto.c -@@ -47,10 +47,12 @@ static int cfd; - - struct cipher_ctx { - struct session_op sess; -- -- /* to pass from init to do_cipher */ -- const unsigned char *iv; - int op; /* COP_ENCRYPT or COP_DECRYPT */ -+ unsigned long mode; /* EVP_CIPH_*_MODE */ -+ -+ /* to handle ctr mode being a stream cipher */ -+ unsigned char partial[EVP_MAX_BLOCK_LENGTH]; -+ unsigned int blocksize, num; - }; - - static const struct cipher_data_st { -@@ -87,9 +89,9 @@ static const struct cipher_data_st { - { NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS }, - #endif - #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_ECB) -- { NID_aes_128_ecb, 16, 128 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, -- { NID_aes_192_ecb, 16, 192 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, -- { NID_aes_256_ecb, 16, 256 / 8, 16, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, -+ { NID_aes_128_ecb, 16, 128 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, -+ { NID_aes_192_ecb, 16, 192 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, -+ { NID_aes_256_ecb, 16, 256 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, - #endif - #if 0 /* Not yet supported */ - { NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM }, -@@ -146,6 +148,8 @@ static int cipher_init(EVP_CIPHER_CTX *c - cipher_ctx->sess.keylen = cipher_d->keylen; - cipher_ctx->sess.key = (void *)key; - cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT; -+ cipher_ctx->mode = cipher_d->flags & EVP_CIPH_MODE; -+ cipher_ctx->blocksize = cipher_d->blocksize; - if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) { - SYSerr(SYS_F_IOCTL, errno); - return 0; -@@ -160,8 +164,11 @@ static int cipher_do_cipher(EVP_CIPHER_C - struct cipher_ctx *cipher_ctx = - (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); - struct crypt_op cryp; -+ unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); - #if !defined(COP_FLAG_WRITE_IV) - unsigned char saved_iv[EVP_MAX_IV_LENGTH]; -+ const unsigned char *ivptr; -+ size_t nblocks, ivlen; - #endif - - memset(&cryp, 0, sizeof(cryp)); -@@ -169,19 +176,28 @@ static int cipher_do_cipher(EVP_CIPHER_C - cryp.len = inl; - cryp.src = (void *)in; - cryp.dst = (void *)out; -- cryp.iv = (void *)EVP_CIPHER_CTX_iv_noconst(ctx); -+ cryp.iv = (void *)iv; - cryp.op = cipher_ctx->op; - #if !defined(COP_FLAG_WRITE_IV) - cryp.flags = 0; - -- if (EVP_CIPHER_CTX_iv_length(ctx) > 0) { -- assert(inl >= EVP_CIPHER_CTX_iv_length(ctx)); -- if (!EVP_CIPHER_CTX_encrypting(ctx)) { -- unsigned char *ivptr = in + inl - EVP_CIPHER_CTX_iv_length(ctx); -+ ivlen = EVP_CIPHER_CTX_iv_length(ctx); -+ if (ivlen > 0) -+ switch (cipher_ctx->mode) { -+ case EVP_CIPH_CBC_MODE: -+ assert(inl >= ivlen); -+ if (!EVP_CIPHER_CTX_encrypting(ctx)) { -+ ivptr = in + inl - ivlen; -+ memcpy(saved_iv, ivptr, ivlen); -+ } -+ break; -+ -+ case EVP_CIPH_CTR_MODE: -+ break; - -- memcpy(saved_iv, ivptr, EVP_CIPHER_CTX_iv_length(ctx)); -+ default: /* should not happen */ -+ return 0; - } -- } - #else - cryp.flags = COP_FLAG_WRITE_IV; - #endif -@@ -192,17 +208,74 @@ static int cipher_do_cipher(EVP_CIPHER_C - } - - #if !defined(COP_FLAG_WRITE_IV) -- if (EVP_CIPHER_CTX_iv_length(ctx) > 0) { -- unsigned char *ivptr = saved_iv; -+ if (ivlen > 0) -+ switch (cipher_ctx->mode) { -+ case EVP_CIPH_CBC_MODE: -+ assert(inl >= ivlen); -+ if (EVP_CIPHER_CTX_encrypting(ctx)) -+ ivptr = out + inl - ivlen; -+ else -+ ivptr = saved_iv; -+ -+ memcpy(iv, ivptr, ivlen); -+ break; -+ -+ case EVP_CIPH_CTR_MODE: -+ nblocks = (inl + cipher_ctx->blocksize - 1) -+ / cipher_ctx->blocksize; -+ do { -+ ivlen--; -+ nblocks += iv[ivlen]; -+ iv[ivlen] = (uint8_t) nblocks; -+ nblocks >>= 8; -+ } while (ivlen); -+ break; -+ -+ default: /* should not happen */ -+ return 0; -+ } -+#endif -+ -+ return 1; -+} - -- assert(inl >= EVP_CIPHER_CTX_iv_length(ctx)); -- if (!EVP_CIPHER_CTX_encrypting(ctx)) -- ivptr = out + inl - EVP_CIPHER_CTX_iv_length(ctx); -+static int ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, size_t inl) -+{ -+ struct cipher_ctx *cipher_ctx = -+ (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); -+ size_t nblocks, len; - -- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), ivptr, -- EVP_CIPHER_CTX_iv_length(ctx)); -+ /* initial partial block */ -+ while (cipher_ctx->num && inl) { -+ (*out++) = *(in++) ^ cipher_ctx->partial[cipher_ctx->num]; -+ --inl; -+ cipher_ctx->num = (cipher_ctx->num + 1) % cipher_ctx->blocksize; -+ } -+ -+ /* full blocks */ -+ if (inl > (unsigned int) cipher_ctx->blocksize) { -+ nblocks = inl/cipher_ctx->blocksize; -+ len = nblocks * cipher_ctx->blocksize; -+ if (cipher_do_cipher(ctx, out, in, len) < 1) -+ return 0; -+ inl -= len; -+ out += len; -+ in += len; -+ } -+ -+ /* final partial block */ -+ if (inl) { -+ memset(cipher_ctx->partial, 0, cipher_ctx->blocksize); -+ if (cipher_do_cipher(ctx, cipher_ctx->partial, cipher_ctx->partial, -+ cipher_ctx->blocksize) < 1) -+ return 0; -+ while (inl--) { -+ out[cipher_ctx->num] = in[cipher_ctx->num] -+ ^ cipher_ctx->partial[cipher_ctx->num]; -+ cipher_ctx->num++; -+ } - } --#endif - - return 1; - } -@@ -249,6 +322,7 @@ static void prepare_cipher_methods(void) - { - size_t i; - struct session_op sess; -+ unsigned long cipher_mode; - - memset(&sess, 0, sizeof(sess)); - sess.key = (void *)"01234567890123456789012345678901234567890123456789"; -@@ -266,9 +340,12 @@ static void prepare_cipher_methods(void) - || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0) - continue; - -+ cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE; -+ - if ((known_cipher_methods[i] = - EVP_CIPHER_meth_new(cipher_data[i].nid, -- cipher_data[i].blocksize, -+ cipher_mode == EVP_CIPH_CTR_MODE ? 1 : -+ cipher_data[i].blocksize, - cipher_data[i].keylen)) == NULL - || !EVP_CIPHER_meth_set_iv_length(known_cipher_methods[i], - cipher_data[i].ivlen) -@@ -278,6 +355,8 @@ static void prepare_cipher_methods(void) - | EVP_CIPH_FLAG_DEFAULT_ASN1) - || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init) - || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i], -+ cipher_mode == EVP_CIPH_CTR_MODE ? -+ ctr_do_cipher : - cipher_do_cipher) - || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl) - || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i], -- cgit v1.2.3