mirror of
https://git.openwrt.org/openwrt/openwrt.git
synced 2024-06-15 19:53:59 +02:00
04ca5a8678
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
[Gibeom Gwon]
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
[Adam Joseph]
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
[Paul Dale]
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
[Matt Caswell]
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
[Todd Short]
*) Added the loongarch64 target
[Shi Pujin]
*) Fixed a DRBG seed propagation thread safety issue
[Bernd Edlinger]
*) Fixed a memory leak in tls13_generate_secret
[Bernd Edlinger]
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
[Bernd Edlinger]
*) Added a missing header for memcmp that caused compilation failure on some
platforms
[Gregor Jasny]
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit a0814f04ed
)
59 lines
2.1 KiB
Diff
59 lines
2.1 KiB
Diff
From f14345422747a495a52f9237a43b8be189f21912 Mon Sep 17 00:00:00 2001
|
|
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
Date: Mon, 5 Nov 2018 15:54:17 -0200
|
|
Subject: eng_devcrypto: save ioctl if EVP_MD_..FLAG_ONESHOT
|
|
|
|
Since each ioctl causes a context switch, slowing things down, if
|
|
EVP_MD_CTX_FLAG_ONESHOT is set, then:
|
|
- call the ioctl in digest_update, saving the result; and
|
|
- just copy the result in digest_final, instead of using another ioctl.
|
|
|
|
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
|
|
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
(Merged from https://github.com/openssl/openssl/pull/7585)
|
|
|
|
--- a/crypto/engine/eng_devcrypto.c
|
|
+++ b/crypto/engine/eng_devcrypto.c
|
|
@@ -461,6 +461,7 @@ struct digest_ctx {
|
|
struct session_op sess;
|
|
/* This signals that the init function was called, not that it succeeded. */
|
|
int init_called;
|
|
+ unsigned char digest_res[HASH_MAX_LEN];
|
|
};
|
|
|
|
static const struct digest_data_st {
|
|
@@ -564,12 +565,15 @@ static int digest_update(EVP_MD_CTX *ctx
|
|
if (digest_ctx == NULL)
|
|
return 0;
|
|
|
|
- if (digest_op(digest_ctx, data, count, NULL, COP_FLAG_UPDATE) < 0) {
|
|
- SYSerr(SYS_F_IOCTL, errno);
|
|
- return 0;
|
|
+ if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) {
|
|
+ if (digest_op(digest_ctx, data, count, digest_ctx->digest_res, 0) >= 0)
|
|
+ return 1;
|
|
+ } else if (digest_op(digest_ctx, data, count, NULL, COP_FLAG_UPDATE) >= 0) {
|
|
+ return 1;
|
|
}
|
|
|
|
- return 1;
|
|
+ SYSerr(SYS_F_IOCTL, errno);
|
|
+ return 0;
|
|
}
|
|
|
|
static int digest_final(EVP_MD_CTX *ctx, unsigned char *md)
|
|
@@ -579,7 +583,10 @@ static int digest_final(EVP_MD_CTX *ctx,
|
|
|
|
if (md == NULL || digest_ctx == NULL)
|
|
return 0;
|
|
- if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) {
|
|
+
|
|
+ if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) {
|
|
+ memcpy(md, digest_ctx->digest_res, EVP_MD_CTX_size(ctx));
|
|
+ } else if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) {
|
|
SYSerr(SYS_F_IOCTL, errno);
|
|
return 0;
|
|
}
|