On Mon, Feb 25, 2019 at 11:09 AM Rosen Penev <ros...@gmail.com> wrote: > > On Mon, Feb 25, 2019 at 10:01 AM Eneas U de Queiroz via openwrt-devel > <openwrt-devel@lists.openwrt.org> wrote: > > > > The sender domain has a DMARC Reject/Quarantine policy which disallows > > sending mailing list messages using the original "From" header. > > > > To mitigate this problem, the original message has been wrapped > > automatically by the mailing list software. > > > > > > ---------- Forwarded message ---------- > > From: Eneas U de Queiroz <cote2004-git...@yahoo.com> > > To: openwrt-devel@lists.openwrt.org > > Cc: Eneas U de Queiroz <cote2004-git...@yahoo.com> > > Bcc: > > Date: Mon, 25 Feb 2019 15:00:58 -0300 > > Subject: [PATCH v3] openssl: backport devcrypto changes from master > > The patches to the /dev/crypto engine were commited to openssl master, > > and will be in the next major version (3.0). > This version does not apply to master. Never mind. It does apply like this:
git pw series apply 93498 git pw series apply 94090 > > > > Changes: > > - Optimization in computing a digest in one operation, saving an ioctl > > - Runtime configuration options for the choice of algorithms to use > > - Command to dump useful information about the algorithms supported by > > the engine and the system. > > - Build the devcrypto engine as a dynamic module, like other engines. > > > > The devcrypto engine is built as a separate package by default, but > > options were added to allow building the engines into the main library. > > > > Signed-off-by: Eneas U de Queiroz <cote2004-git...@yahoo.com> > > --- > > This should only be merged after > > openssl: fix devcrypto engine md blocksize > > > > I forgot to mention it before, but this was run-tested on Linksys > > WRT3200ACM, WRT610N (software-only), & ASUS RT-N56U (software-only), > > running nginx, bind, unbound, and now openssh. > > > > Changes: > > v3: remove PKG_BUILD_DEPENDS:=cryptodev-linux, as it has been properly > > added to DEPENDS now. > > > > v2: accommodate changes from openssl: fix devcrypto engine md blocksize > > increased PKG_RELEASE > > > > diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in > > index 3ad8a66b9e..235f38e787 100644 > > --- a/package/libs/openssl/Config.in > > +++ b/package/libs/openssl/Config.in > > @@ -253,18 +253,41 @@ config OPENSSL_ENGINE > > Note that you need to enable KERNEL_AIO to be able to build > > the > > afalg engine package. > > > > -config OPENSSL_ENGINE_CRYPTO > > +config OPENSSL_ENGINE_BUILTIN > > + bool "Build chosen engines into libcrypto" > > + depends on OPENSSL_ENGINE > > + help > > + This builds all chosen engines into libcrypto.so, instead > > of building > > + them as dynamic engines in separate packages. > > + The benefit of building the engines into libcrypto is that > > they won't > > + require any configuration to be used by default. > > + > > +config OPENSSL_ENGINE_BUILTIN_AFALG > > bool > > - select OPENSSL_ENGINE > > - select PACKAGE_kmod-cryptodev > > + prompt "Acceleration support through AF_ALG sockets engine" > > + depends on OPENSSL_ENGINE_BUILTIN && KERNEL_AIO && !LINUX_3_18 > > select PACKAGE_libopenssl-conf > > + help > > + This enables use of hardware acceleration through the > > + AF_ALG kenrel interface. > > + > > +config OPENSSL_ENGINE_BUILTIN_DEVCRYPTO > > + bool > > prompt "Acceleration support through /dev/crypto" > > + depends on OPENSSL_ENGINE_BUILTIN > > + select PACKAGE_libopenssl-conf > > help > > This enables use of hardware acceleration through OpenBSD > > Cryptodev API (/dev/crypto) interface. > > - You must install kmod-cryptodev (under Kernel modules, > > Cryptographic > > - API modules) for /dev/crypto to show up and use hardware > > - acceleration; otherwise it falls back to software. > > + > > +config OPENSSL_ENGINE_BUILTIN_PADLOCK > > + bool > > + prompt "VIA Padlock Acceleration support engine" > > + depends on OPENSSL_ENGINE_BUILTIN && TARGET_x86 > > + select PACKAGE_libopenssl-conf > > + help > > + This enables use of hardware acceleration through the > > + VIA Padlock module. > > > > config OPENSSL_WITH_ASYNC > > bool > > diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile > > index ab32668cb9..a7dbbae2b1 100644 > > --- a/package/libs/openssl/Makefile > > +++ b/package/libs/openssl/Makefile > > @@ -11,12 +11,11 @@ PKG_NAME:=openssl > > PKG_BASE:=1.1.1 > > PKG_BUGFIX:=a > > PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) > > -PKG_RELEASE:=3 > > +PKG_RELEASE:=4 > > PKG_USE_MIPS16:=0 > > ENGINES_DIR=engines-1.1 > > > > PKG_BUILD_PARALLEL:=0 > > -PKG_BUILD_DEPENDS:=cryptodev-linux > > > > PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz > > PKG_SOURCE_URL:= \ > > @@ -32,7 +31,10 @@ PKG_LICENSE_FILES:=LICENSE > > PKG_CPE_ID:=cpe:/a:openssl:openssl > > PKG_CONFIG_DEPENDS:= \ > > CONFIG_OPENSSL_ENGINE \ > > - CONFIG_OPENSSL_ENGINE_CRYPTO \ > > + CONFIG_OPENSSL_ENGINE_BUILTIN \ > > + CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG \ > > + CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO \ > > + CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK \ > > CONFIG_OPENSSL_NO_DEPRECATED \ > > CONFIG_OPENSSL_OPTIMIZE_SPEED \ > > CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \ > > @@ -89,7 +91,10 @@ endef > > define Package/libopenssl > > $(call Package/openssl/Default) > > SUBMENU:=SSL > > - DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib > > + DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib \ > > + +OPENSSL_ENGINE_BUILTIN_AFALG:kmod-crypto-user \ > > + +OPENSSL_ENGINE_BUILTIN_DEVCRYPTO:kmod-cryptodev \ > > + +OPENSSL_ENGINE_BUILTIN_PADLOCK:kmod-crypto-hw-padlock > > TITLE+= (libraries) > > ABI_VERSION:=1.1 > > MENU:=1 > > @@ -134,7 +139,7 @@ define Package/libopenssl-afalg > > SUBMENU:=SSL > > TITLE:=AFALG hardware acceleration engine > > DEPENDS:=libopenssl @OPENSSL_ENGINE @KERNEL_AIO @!LINUX_3_18 > > +kmod-crypto-user \ > > - +libopenssl-conf > > + +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN > > endef > > > > define Package/libopenssl-afalg/description > > @@ -145,12 +150,28 @@ See > > https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration- > > The engine_id is "afalg" > > endef > > > > +define Package/libopenssl-devcrypto > > + $(call Package/openssl/Default) > > + SUBMENU:=SSL > > + TITLE:=/dev/crypto hardware acceleration engine > > + DEPENDS:=libopenssl @OPENSSL_ENGINE +kmod-cryptodev +libopenssl-conf \ > > + @!OPENSSL_ENGINE_BUILTIN > > +endef > > + > > +define Package/libopenssl-devcrypto/description > > +This package adds an engine that enables hardware acceleration > > +through the /dev/crypto kernel interface. > > +To use it, you need to configure the engine in /etc/ssl/openssl.cnf > > +See > > https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module > > +The engine_id is "devcrypto" > > +endef > > + > > define Package/libopenssl-padlock > > $(call Package/openssl/Default) > > SUBMENU:=SSL > > TITLE:=VIA Padlock hardware acceleration engine > > DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +kmod-crypto-hw-padlock \ > > - +libopenssl-conf > > + +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN > > endef > > > > define Package/libopenssl-padlock/description > > @@ -241,14 +262,27 @@ else > > endif > > > > ifdef CONFIG_OPENSSL_ENGINE > > - ifdef CONFIG_OPENSSL_ENGINE_CRYPTO > > - OPENSSL_OPTIONS += enable-devcryptoeng > > - endif > > - ifndef CONFIG_PACKAGE_libopenssl-afalg > > - OPENSSL_OPTIONS += no-afalgeng > > - endif > > - ifndef CONFIG_PACKAGE_libopenssl-padlock > > - OPENSSL_OPTIONS += no-hw-padlock > > + ifdef CONFIG_OPENSSL_ENGINE_BUILTIN > > + OPENSSL_OPTIONS += disable-dynamic-engine > > + ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG > > + OPENSSL_OPTIONS += no-afalgeng > > + endif > > + ifdef CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO > > + OPENSSL_OPTIONS += enable-devcryptoeng > > + endif > > + ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK > > + OPENSSL_OPTIONS += no-hw-padlock > > + endif > > + else > > + ifdef CONFIG_PACKAGE_libopenssl-devcrypto > > + OPENSSL_OPTIONS += enable-devcryptoeng > > + endif > > + ifndef CONFIG_PACKAGE_libopenssl-afalg > > + OPENSSL_OPTIONS += no-afalgeng > > + endif > > + ifndef CONFIG_PACKAGE_libopenssl-padlock > > + OPENSSL_OPTIONS += no-hw-padlock > > + endif > > endif > > else > > OPENSSL_OPTIONS += no-engine > > @@ -364,6 +398,11 @@ define Package/libopenssl-afalg/install > > $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/afalg.so > > $(1)/usr/lib/$(ENGINES_DIR) > > endef > > > > +define Package/libopenssl-devcrypto/install > > + $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR) > > + $(INSTALL_BIN) > > $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/devcrypto.so > > $(1)/usr/lib/$(ENGINES_DIR) > > +endef > > + > > define Package/libopenssl-padlock/install > > $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR) > > $(INSTALL_BIN) > > $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so > > $(1)/usr/lib/$(ENGINES_DIR) > > @@ -372,5 +411,6 @@ endef > > $(eval $(call BuildPackage,libopenssl)) > > $(eval $(call BuildPackage,libopenssl-conf)) > > $(eval $(call BuildPackage,libopenssl-afalg)) > > +$(eval $(call BuildPackage,libopenssl-devcrypto)) > > $(eval $(call BuildPackage,libopenssl-padlock)) > > $(eval $(call BuildPackage,openssl-util)) > > diff --git > > a/package/libs/openssl/patches/400-eng_devcrypto-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch > > > > b/package/libs/openssl/patches/400-eng_devcrypto-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch > > new file mode 100644 > > index 0000000000..9ea3aef6ec > > --- /dev/null > > +++ > > b/package/libs/openssl/patches/400-eng_devcrypto-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch > > @@ -0,0 +1,60 @@ > > +From c50879688edc862213b19ae9993a4ac037af4781 Mon Sep 17 00:00:00 2001 > > +From: Eneas U de Queiroz <cote2004-git...@yahoo.com> > > +Date: Mon, 5 Nov 2018 15:54:17 -0200 > > +Subject: [PATCH 1/4] eng_devcrypto: save ioctl if EVP_MD_..FLAG_ONESHOT > > + > > +Since each ioctl causes a context switch, slowing things down, if > > +EVP_MD_CTX_FLAG_ONESHOT is set, then: > > + - call the ioctl in digest_update, saving the result; and > > + - just copy the result in digest_final, instead of using another ioctl. > > + > > +Signed-off-by: Eneas U de Queiroz <cote2004-git...@yahoo.com> > > + > > +Reviewed-by: Matthias St. Pierre <matthias.st.pie...@ncp-e.com> > > +Reviewed-by: Richard Levitte <levi...@openssl.org> > > +(Merged from https://github.com/openssl/openssl/pull/7585) > > + > > +diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c > > +index 11ec4393e7..f96cba70d7 100644 > > +--- a/crypto/engine/eng_devcrypto.c > > ++++ b/crypto/engine/eng_devcrypto.c > > +@@ -460,6 +460,7 @@ struct digest_ctx { > > + struct session_op sess; > > + /* This signals that the init function was called, not that it > > succeeded. */ > > + int init_called; > > ++ unsigned char digest_res[HASH_MAX_LEN]; > > + }; > > + > > + static const struct digest_data_st { > > +@@ -562,12 +563,15 @@ static int digest_update(EVP_MD_CTX *ctx, const void > > *data, size_t count) > > + if (digest_ctx == NULL) > > + return 0; > > + > > +- if (digest_op(digest_ctx, data, count, NULL, COP_FLAG_UPDATE) < 0) { > > +- SYSerr(SYS_F_IOCTL, errno); > > +- return 0; > > ++ if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) { > > ++ if (digest_op(digest_ctx, data, count, digest_ctx->digest_res, 0) > > >= 0) > > ++ return 1; > > ++ } else if (digest_op(digest_ctx, data, count, NULL, COP_FLAG_UPDATE) > > >= 0) { > > ++ return 1; > > + } > > + > > +- return 1; > > ++ SYSerr(SYS_F_IOCTL, errno); > > ++ return 0; > > + } > > + > > + static int digest_final(EVP_MD_CTX *ctx, unsigned char *md) > > +@@ -577,7 +581,10 @@ static int digest_final(EVP_MD_CTX *ctx, unsigned > > char *md) > > + > > + if (md == NULL || digest_ctx == NULL) > > + return 0; > > +- if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) { > > ++ > > ++ if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) { > > ++ memcpy(md, digest_ctx->digest_res, EVP_MD_CTX_size(ctx)); > > ++ } else if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) { > > + SYSerr(SYS_F_IOCTL, errno); > > + return 0; > > + } > > diff --git > > a/package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch > > > > b/package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch > > new file mode 100644 > > index 0000000000..bc716a92e2 > > --- /dev/null > > +++ > > b/package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch > > @@ -0,0 +1,569 @@ > > +From f9e4bf71b6ecff66a19a3594c870cd2f58e23af6 Mon Sep 17 00:00:00 2001 > > +From: Eneas U de Queiroz <cote2004-git...@yahoo.com> > > +Date: Sat, 3 Nov 2018 15:41:10 -0300 > > +Subject: [PATCH 2/4] eng_devcrypto: add configuration options > > + > > +USE_SOFTDRIVERS: whether to use software (not accelerated) drivers > > +CIPHERS: list of ciphers to enable > > +DIGESTS: list of digests to enable > > + > > +Signed-off-by: Eneas U de Queiroz <cote2004-git...@yahoo.com> > > + > > +Reviewed-by: Matthias St. Pierre <matthias.st.pie...@ncp-e.com> > > +Reviewed-by: Richard Levitte <levi...@openssl.org> > > +(Merged from https://github.com/openssl/openssl/pull/7585) > > + > > +diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c > > +index f96cba70d7..0f0aee6b57 100644 > > +--- a/crypto/engine/eng_devcrypto.c > > ++++ b/crypto/engine/eng_devcrypto.c > > +@@ -16,6 +16,7 @@ > > + #include <unistd.h> > > + #include <assert.h> > > + > > ++#include <openssl/conf.h> > > + #include <openssl/evp.h> > > + #include <openssl/err.h> > > + #include <openssl/engine.h> > > +@@ -34,6 +35,30 @@ > > + * saner... why re-open /dev/crypto for every session? > > + */ > > + static int cfd; > > ++#define DEVCRYPTO_REQUIRE_ACCELERATED 0 /* require confirmation of > > acceleration */ > > ++#define DEVCRYPTO_USE_SOFTWARE 1 /* allow software drivers */ > > ++#define DEVCRYPTO_REJECT_SOFTWARE 2 /* only disallow confirmed > > software drivers */ > > ++ > > ++#define DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS DEVCRYPTO_REJECT_SOFTWARE > > ++static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS; > > ++ > > ++/* > > ++ * cipher/digest status & acceleration definitions > > ++ * Make sure the defaults are set to 0 > > ++ */ > > ++struct driver_info_st { > > ++ enum devcrypto_status_t { > > ++ DEVCRYPTO_STATUS_UNUSABLE = -1, /* session open failed */ > > ++ DEVCRYPTO_STATUS_UNKNOWN = 0, /* not tested yet */ > > ++ DEVCRYPTO_STATUS_USABLE = 1 /* algo can be used */ > > ++ } status; > > ++ > > ++ enum devcrypto_accelerated_t { > > ++ DEVCRYPTO_NOT_ACCELERATED = -1, /* software implemented */ > > ++ DEVCRYPTO_ACCELERATION_UNKNOWN = 0, /* acceleration support > > unkown */ > > ++ DEVCRYPTO_ACCELERATED = 1 /* hardware accelerated */ > > ++ } accelerated; > > ++}; > > + > > + static int clean_devcrypto_session(struct session_op *sess) { > > + if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) { > > +@@ -117,13 +142,22 @@ static const struct cipher_data_st { > > + #endif > > + }; > > + > > +-static size_t get_cipher_data_index(int nid) > > ++static size_t find_cipher_data_index(int nid) > > + { > > + size_t i; > > + > > + for (i = 0; i < OSSL_NELEM(cipher_data); i++) > > + if (nid == cipher_data[i].nid) > > + return i; > > ++ return (size_t)-1; > > ++} > > ++ > > ++static size_t get_cipher_data_index(int nid) > > ++{ > > ++ size_t i = find_cipher_data_index(nid); > > ++ > > ++ if (i != (size_t)-1) > > ++ return i; > > + > > + /* > > + * Code further down must make sure that only NIDs in the table above > > +@@ -332,19 +366,40 @@ static int cipher_cleanup(EVP_CIPHER_CTX *ctx) > > + } > > + > > + /* > > +- * Keep a table of known nids and associated methods. > > ++ * Keep tables of known nids, associated methods, selected ciphers, and > > driver > > ++ * info. > > + * Note that known_cipher_nids[] isn't necessarily indexed the same way as > > +- * cipher_data[] above, which known_cipher_methods[] is. > > ++ * cipher_data[] above, which the other tables are. > > + */ > > + static int known_cipher_nids[OSSL_NELEM(cipher_data)]; > > + static int known_cipher_nids_amount = -1; /* -1 indicates not yet > > initialised */ > > + static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { > > NULL, }; > > ++static int selected_ciphers[OSSL_NELEM(cipher_data)]; > > ++static struct driver_info_st cipher_driver_info[OSSL_NELEM(cipher_data)]; > > ++ > > ++ > > ++static int devcrypto_test_cipher(size_t cipher_data_index) > > ++{ > > ++ return (cipher_driver_info[cipher_data_index].status == > > DEVCRYPTO_STATUS_USABLE > > ++ && selected_ciphers[cipher_data_index] == 1 > > ++ && (cipher_driver_info[cipher_data_index].accelerated > > ++ == DEVCRYPTO_ACCELERATED > > ++ || use_softdrivers == DEVCRYPTO_USE_SOFTWARE > > ++ || (cipher_driver_info[cipher_data_index].accelerated > > ++ != DEVCRYPTO_NOT_ACCELERATED > > ++ && use_softdrivers == DEVCRYPTO_REJECT_SOFTWARE))); > > ++} > > + > > + static void prepare_cipher_methods(void) > > + { > > + size_t i; > > + struct session_op sess; > > + unsigned long cipher_mode; > > ++#ifdef CIOCGSESSINFO > > ++ struct session_info_op siop; > > ++#endif > > ++ > > ++ memset(&cipher_driver_info, 0, sizeof(cipher_driver_info)); > > + > > + memset(&sess, 0, sizeof(sess)); > > + sess.key = (void > > *)"01234567890123456789012345678901234567890123456789"; > > +@@ -352,15 +407,16 @@ static void prepare_cipher_methods(void) > > + for (i = 0, known_cipher_nids_amount = 0; > > + i < OSSL_NELEM(cipher_data); i++) { > > + > > ++ selected_ciphers[i] = 1; > > + /* > > +- * Check that the algo is really availably by trying to open and > > close > > +- * a session. > > ++ * Check that the cipher is usable > > + */ > > + sess.cipher = cipher_data[i].devcryptoid; > > + sess.keylen = cipher_data[i].keylen; > > +- if (ioctl(cfd, CIOCGSESSION, &sess) < 0 > > +- || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0) > > ++ if (ioctl(cfd, CIOCGSESSION, &sess) < 0) { > > ++ cipher_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE; > > + continue; > > ++ } > > + > > + cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE; > > + > > +@@ -386,15 +442,41 @@ static void prepare_cipher_methods(void) > > + cipher_cleanup) > > + || !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i], > > + sizeof(struct > > cipher_ctx))) { > > ++ cipher_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE; > > + EVP_CIPHER_meth_free(known_cipher_methods[i]); > > + known_cipher_methods[i] = NULL; > > + } else { > > ++ cipher_driver_info[i].status = DEVCRYPTO_STATUS_USABLE; > > ++#ifdef CIOCGSESSINFO > > ++ siop.ses = sess.ses; > > ++ if (ioctl(cfd, CIOCGSESSINFO, &siop) < 0) > > ++ cipher_driver_info[i].accelerated = > > DEVCRYPTO_ACCELERATION_UNKNOWN; > > ++ else if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY)) > > ++ cipher_driver_info[i].accelerated = > > DEVCRYPTO_NOT_ACCELERATED; > > ++ else > > ++ cipher_driver_info[i].accelerated = DEVCRYPTO_ACCELERATED; > > ++#endif /* CIOCGSESSINFO */ > > ++ } > > ++ ioctl(cfd, CIOCFSESSION, &sess.ses); > > ++ if (devcrypto_test_cipher(i)) { > > + known_cipher_nids[known_cipher_nids_amount++] = > > + cipher_data[i].nid; > > + } > > + } > > + } > > + > > ++static void rebuild_known_cipher_nids(ENGINE *e) > > ++{ > > ++ size_t i; > > ++ > > ++ for (i = 0, known_cipher_nids_amount = 0; i < > > OSSL_NELEM(cipher_data); i++) { > > ++ if (devcrypto_test_cipher(i)) > > ++ known_cipher_nids[known_cipher_nids_amount++] = > > cipher_data[i].nid; > > ++ } > > ++ ENGINE_unregister_ciphers(e); > > ++ ENGINE_register_ciphers(e); > > ++} > > ++ > > + static const EVP_CIPHER *get_cipher_method(int nid) > > + { > > + size_t i = get_cipher_data_index(nid); > > +@@ -437,6 +519,36 @@ static int devcrypto_ciphers(ENGINE *e, const > > EVP_CIPHER **cipher, > > + return *cipher != NULL; > > + } > > + > > ++static void devcrypto_select_all_ciphers(int *cipher_list) > > ++{ > > ++ size_t i; > > ++ > > ++ for (i = 0; i < OSSL_NELEM(cipher_data); i++) > > ++ cipher_list[i] = 1; > > ++} > > ++ > > ++static int cryptodev_select_cipher_cb(const char *str, int len, void *usr) > > ++{ > > ++ int *cipher_list = (int *)usr; > > ++ char *name; > > ++ const EVP_CIPHER *EVP; > > ++ size_t i; > > ++ > > ++ if (len == 0) > > ++ return 1; > > ++ if (usr == NULL || (name = OPENSSL_strndup(str, len)) == NULL) > > ++ return 0; > > ++ EVP = EVP_get_cipherbyname(name); > > ++ if (EVP == NULL) > > ++ fprintf(stderr, "devcrypto: unknown cipher %s\n", name); > > ++ else if ((i = find_cipher_data_index(EVP_CIPHER_nid(EVP))) != > > (size_t)-1) > > ++ cipher_list[i] = 1; > > ++ else > > ++ fprintf(stderr, "devcrypto: cipher %s not available\n", name); > > ++ OPENSSL_free(name); > > ++ return 1; > > ++} > > ++ > > + /* > > + * We only support digests if the cryptodev implementation supports > > multiple > > + * data updates and session copying. Otherwise, we would be forced to > > maintain > > +@@ -492,13 +604,22 @@ static const struct digest_data_st { > > + #endif > > + }; > > + > > +-static size_t get_digest_data_index(int nid) > > ++static size_t find_digest_data_index(int nid) > > + { > > + size_t i; > > + > > + for (i = 0; i < OSSL_NELEM(digest_data); i++) > > + if (nid == digest_data[i].nid) > > + return i; > > ++ return (size_t)-1; > > ++} > > ++ > > ++static size_t get_digest_data_index(int nid) > > ++{ > > ++ size_t i = find_digest_data_index(nid); > > ++ > > ++ if (i != (size_t)-1) > > ++ return i; > > + > > + /* > > + * Code further down must make sure that only NIDs in the table above > > +@@ -515,8 +636,8 @@ static const struct digest_data_st > > *get_digest_data(int nid) > > + } > > + > > + /* > > +- * Following are the four necessary functions to map OpenSSL functionality > > +- * with cryptodev. > > ++ * Following are the five necessary functions to map OpenSSL functionality > > ++ * with cryptodev: init, update, final, cleanup, and copy. > > + */ > > + > > + static int digest_init(EVP_MD_CTX *ctx) > > +@@ -628,52 +749,94 @@ static int digest_cleanup(EVP_MD_CTX *ctx) > > + return clean_devcrypto_session(&digest_ctx->sess); > > + } > > + > > +-static int devcrypto_test_digest(size_t digest_data_index) > > +-{ > > +- struct session_op sess1, sess2; > > +- struct cphash_op cphash; > > +- int ret=0; > > +- > > +- memset(&sess1, 0, sizeof(sess1)); > > +- memset(&sess2, 0, sizeof(sess2)); > > +- sess1.mac = digest_data[digest_data_index].devcryptoid; > > +- if (ioctl(cfd, CIOCGSESSION, &sess1) < 0) > > +- return 0; > > +- /* Make sure the driver is capable of hash state copy */ > > +- sess2.mac = sess1.mac; > > +- if (ioctl(cfd, CIOCGSESSION, &sess2) >= 0) { > > +- cphash.src_ses = sess1.ses; > > +- cphash.dst_ses = sess2.ses; > > +- if (ioctl(cfd, CIOCCPHASH, &cphash) >= 0) > > +- ret = 1; > > +- ioctl(cfd, CIOCFSESSION, &sess2.ses); > > +- } > > +- ioctl(cfd, CIOCFSESSION, &sess1.ses); > > +- return ret; > > +-} > > +- > > + /* > > +- * Keep a table of known nids and associated methods. > > ++ * Keep tables of known nids, associated methods, selected digests, and > > ++ * driver info. > > + * Note that known_digest_nids[] isn't necessarily indexed the same way as > > +- * digest_data[] above, which known_digest_methods[] is. > > ++ * digest_data[] above, which the other tables are. > > + */ > > + static int known_digest_nids[OSSL_NELEM(digest_data)]; > > + static int known_digest_nids_amount = -1; /* -1 indicates not yet > > initialised */ > > + static EVP_MD *known_digest_methods[OSSL_NELEM(digest_data)] = { NULL, }; > > ++static int selected_digests[OSSL_NELEM(digest_data)]; > > ++static struct driver_info_st digest_driver_info[OSSL_NELEM(digest_data)]; > > ++ > > ++static int devcrypto_test_digest(size_t digest_data_index) > > ++{ > > ++ return (digest_driver_info[digest_data_index].status == > > DEVCRYPTO_STATUS_USABLE > > ++ && selected_digests[digest_data_index] == 1 > > ++ && (digest_driver_info[digest_data_index].accelerated > > ++ == DEVCRYPTO_ACCELERATED > > ++ || use_softdrivers == DEVCRYPTO_USE_SOFTWARE > > ++ || (digest_driver_info[digest_data_index].accelerated > > ++ != DEVCRYPTO_NOT_ACCELERATED > > ++ && use_softdrivers == DEVCRYPTO_REJECT_SOFTWARE))); > > ++} > > ++ > > ++static void rebuild_known_digest_nids(ENGINE *e) > > ++{ > > ++ size_t i; > > ++ > > ++ for (i = 0, known_digest_nids_amount = 0; i < > > OSSL_NELEM(digest_data); i++) { > > ++ if (devcrypto_test_digest(i)) > > ++ known_digest_nids[known_digest_nids_amount++] = > > digest_data[i].nid; > > ++ } > > ++ ENGINE_unregister_digests(e); > > ++ ENGINE_register_digests(e); > > ++} > > + > > + static void prepare_digest_methods(void) > > + { > > + size_t i; > > ++ struct session_op sess1, sess2; > > ++#ifdef CIOCGSESSINFO > > ++ struct session_info_op siop; > > ++#endif > > ++ struct cphash_op cphash; > > ++ > > ++ memset(&digest_driver_info, 0, sizeof(digest_driver_info)); > > ++ > > ++ memset(&sess1, 0, sizeof(sess1)); > > ++ memset(&sess2, 0, sizeof(sess2)); > > + > > + for (i = 0, known_digest_nids_amount = 0; i < OSSL_NELEM(digest_data); > > + i++) { > > + > > ++ selected_digests[i] = 1; > > ++ > > + /* > > +- * Check that the algo is usable > > ++ * Check that the digest is usable > > + */ > > +- if (!devcrypto_test_digest(i)) > > +- continue; > > ++ sess1.mac = digest_data[i].devcryptoid; > > ++ sess2.ses = 0; > > ++ if (ioctl(cfd, CIOCGSESSION, &sess1) < 0) { > > ++ digest_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE; > > ++ goto finish; > > ++ } > > + > > ++#ifdef CIOCGSESSINFO > > ++ /* gather hardware acceleration info from the driver */ > > ++ siop.ses = sess1.ses; > > ++ if (ioctl(cfd, CIOCGSESSINFO, &siop) < 0) > > ++ digest_driver_info[i].accelerated = > > DEVCRYPTO_ACCELERATION_UNKNOWN; > > ++ else if (siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY) > > ++ digest_driver_info[i].accelerated = DEVCRYPTO_ACCELERATED; > > ++ else > > ++ digest_driver_info[i].accelerated = DEVCRYPTO_NOT_ACCELERATED; > > ++#endif > > ++ > > ++ /* digest must be capable of hash state copy */ > > ++ sess2.mac = sess1.mac; > > ++ if (ioctl(cfd, CIOCGSESSION, &sess2) < 0) { > > ++ digest_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE; > > ++ goto finish; > > ++ } > > ++ cphash.src_ses = sess1.ses; > > ++ cphash.dst_ses = sess2.ses; > > ++ if (ioctl(cfd, CIOCCPHASH, &cphash) < 0) { > > ++ digest_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE; > > ++ goto finish; > > ++ } > > + if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid, > > + NID_undef)) == NULL > > + || !EVP_MD_meth_set_input_blocksize(known_digest_methods[i], > > +@@ -687,11 +850,18 @@ static void prepare_digest_methods(void) > > + || !EVP_MD_meth_set_cleanup(known_digest_methods[i], > > digest_cleanup) > > + || !EVP_MD_meth_set_app_datasize(known_digest_methods[i], > > + sizeof(struct digest_ctx))) { > > ++ digest_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE; > > + EVP_MD_meth_free(known_digest_methods[i]); > > + known_digest_methods[i] = NULL; > > +- } else { > > +- known_digest_nids[known_digest_nids_amount++] = > > digest_data[i].nid; > > ++ goto finish; > > + } > > ++ digest_driver_info[i].status = DEVCRYPTO_STATUS_USABLE; > > ++finish: > > ++ ioctl(cfd, CIOCFSESSION, &sess1.ses); > > ++ if (sess2.ses != 0) > > ++ ioctl(cfd, CIOCFSESSION, &sess2.ses); > > ++ if (devcrypto_test_digest(i)) > > ++ known_digest_nids[known_digest_nids_amount++] = > > digest_data[i].nid; > > + } > > + } > > + > > +@@ -737,8 +907,154 @@ static int devcrypto_digests(ENGINE *e, const EVP_MD > > **digest, > > + return *digest != NULL; > > + } > > + > > ++static void devcrypto_select_all_digests(int *digest_list) > > ++{ > > ++ size_t i; > > ++ > > ++ for (i = 0; i < OSSL_NELEM(digest_data); i++) > > ++ digest_list[i] = 1; > > ++} > > ++ > > ++static int cryptodev_select_digest_cb(const char *str, int len, void *usr) > > ++{ > > ++ int *digest_list = (int *)usr; > > ++ char *name; > > ++ const EVP_MD *EVP; > > ++ size_t i; > > ++ > > ++ if (len == 0) > > ++ return 1; > > ++ if (usr == NULL || (name = OPENSSL_strndup(str, len)) == NULL) > > ++ return 0; > > ++ EVP = EVP_get_digestbyname(name); > > ++ if (EVP == NULL) > > ++ fprintf(stderr, "devcrypto: unknown digest %s\n", name); > > ++ else if ((i = find_digest_data_index(EVP_MD_type(EVP))) != (size_t)-1) > > ++ digest_list[i] = 1; > > ++ else > > ++ fprintf(stderr, "devcrypto: digest %s not available\n", name); > > ++ OPENSSL_free(name); > > ++ return 1; > > ++} > > ++ > > ++#endif > > ++ > > ++/****************************************************************************** > > ++ * > > ++ * CONTROL COMMANDS > > ++ * > > ++ *****/ > > ++ > > ++#define DEVCRYPTO_CMD_USE_SOFTDRIVERS ENGINE_CMD_BASE > > ++#define DEVCRYPTO_CMD_CIPHERS (ENGINE_CMD_BASE + 1) > > ++#define DEVCRYPTO_CMD_DIGESTS (ENGINE_CMD_BASE + 2) > > ++#define DEVCRYPTO_CMD_DUMP_INFO (ENGINE_CMD_BASE + 3) > > ++ > > ++/* Helper macros for CPP string composition */ > > ++#ifndef OPENSSL_MSTR > > ++# define OPENSSL_MSTR_HELPER(x) #x > > ++# define OPENSSL_MSTR(x) OPENSSL_MSTR_HELPER(x) > > ++#endif > > ++ > > ++static const ENGINE_CMD_DEFN devcrypto_cmds[] = { > > ++#ifdef CIOCGSESSINFO > > ++ {DEVCRYPTO_CMD_USE_SOFTDRIVERS, > > ++ "USE_SOFTDRIVERS", > > ++ "specifies whether to use software (not accelerated) drivers (" > > ++ OPENSSL_MSTR(DEVCRYPTO_REQUIRE_ACCELERATED) "=use only > > accelerated drivers, " > > ++ OPENSSL_MSTR(DEVCRYPTO_USE_SOFTWARE) "=allow all drivers, " > > ++ OPENSSL_MSTR(DEVCRYPTO_REJECT_SOFTWARE) > > ++ "=use if acceleration can't be determined) [default=" > > ++ OPENSSL_MSTR(DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS) "]", > > ++ ENGINE_CMD_FLAG_NUMERIC}, > > ++#endif > > ++ > > ++ {DEVCRYPTO_CMD_CIPHERS, > > ++ "CIPHERS", > > ++ "either ALL, NONE, or a comma-separated list of ciphers to enable > > [default=ALL]", > > ++ ENGINE_CMD_FLAG_STRING}, > > ++ > > ++#ifdef IMPLEMENT_DIGEST > > ++ {DEVCRYPTO_CMD_DIGESTS, > > ++ "DIGESTS", > > ++ "either ALL, NONE, or a comma-separated list of digests to enable > > [default=ALL]", > > ++ ENGINE_CMD_FLAG_STRING}, > > + #endif > > + > > ++ {0, NULL, NULL, 0} > > ++}; > > ++ > > ++static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) > > (void)) > > ++{ > > ++ int *new_list; > > ++ switch (cmd) { > > ++#ifdef CIOCGSESSINFO > > ++ case DEVCRYPTO_CMD_USE_SOFTDRIVERS: > > ++ switch (i) { > > ++ case DEVCRYPTO_REQUIRE_ACCELERATED: > > ++ case DEVCRYPTO_USE_SOFTWARE: > > ++ case DEVCRYPTO_REJECT_SOFTWARE: > > ++ break; > > ++ default: > > ++ fprintf(stderr, "devcrypto: invalid value (%ld) for > > USE_SOFTDRIVERS\n", i); > > ++ return 0; > > ++ } > > ++ if (use_softdrivers == i) > > ++ return 1; > > ++ use_softdrivers = i; > > ++#ifdef IMPLEMENT_DIGEST > > ++ rebuild_known_digest_nids(e); > > ++#endif > > ++ rebuild_known_cipher_nids(e); > > ++ return 1; > > ++#endif /* CIOCGSESSINFO */ > > ++ > > ++ case DEVCRYPTO_CMD_CIPHERS: > > ++ if (p == NULL) > > ++ return 1; > > ++ if (strcasecmp((const char *)p, "ALL") == 0) { > > ++ devcrypto_select_all_ciphers(selected_ciphers); > > ++ } else if (strcasecmp((const char*)p, "NONE") == 0) { > > ++ memset(selected_ciphers, 0, sizeof(selected_ciphers)); > > ++ } else { > > ++ new_list=OPENSSL_zalloc(sizeof(selected_ciphers)); > > ++ if (!CONF_parse_list(p, ',', 1, cryptodev_select_cipher_cb, > > new_list)) { > > ++ OPENSSL_free(new_list); > > ++ return 0; > > ++ } > > ++ memcpy(selected_ciphers, new_list, sizeof(selected_ciphers)); > > ++ OPENSSL_free(new_list); > > ++ } > > ++ rebuild_known_cipher_nids(e); > > ++ return 1; > > ++ > > ++#ifdef IMPLEMENT_DIGEST > > ++ case DEVCRYPTO_CMD_DIGESTS: > > ++ if (p == NULL) > > ++ return 1; > > ++ if (strcasecmp((const char *)p, "ALL") == 0) { > > ++ devcrypto_select_all_digests(selected_digests); > > ++ } else if (strcasecmp((const char*)p, "NONE") == 0) { > > ++ memset(selected_digests, 0, sizeof(selected_digests)); > > ++ } else { > > ++ new_list=OPENSSL_zalloc(sizeof(selected_digests)); > > ++ if (!CONF_parse_list(p, ',', 1, cryptodev_select_digest_cb, > > new_list)) { > > ++ OPENSSL_free(new_list); > > ++ return 0; > > ++ } > > ++ memcpy(selected_digests, new_list, sizeof(selected_digests)); > > ++ OPENSSL_free(new_list); > > ++ } > > ++ rebuild_known_digest_nids(e); > > ++ return 1; > > ++#endif /* IMPLEMENT_DIGEST */ > > ++ > > ++ default: > > ++ break; > > ++ } > > ++ return 0; > > ++} > > ++ > > + > > /****************************************************************************** > > + * > > + * LOAD / UNLOAD > > +@@ -788,6 +1104,8 @@ void engine_load_devcrypto_int() > > + > > + if (!ENGINE_set_id(e, "devcrypto") > > + || !ENGINE_set_name(e, "/dev/crypto engine") > > ++ || !ENGINE_set_cmd_defns(e, devcrypto_cmds) > > ++ || !ENGINE_set_ctrl_function(e, devcrypto_ctrl) > > + > > + /* > > + * Asymmetric ciphers aren't well supported with /dev/crypto. Among the > > BSD > > diff --git > > a/package/libs/openssl/patches/420-eng_devcrypto-add-command-to-dump-driver-info.patch > > > > b/package/libs/openssl/patches/420-eng_devcrypto-add-command-to-dump-driver-info.patch > > new file mode 100644 > > index 0000000000..4e3b8597bb > > --- /dev/null > > +++ > > b/package/libs/openssl/patches/420-eng_devcrypto-add-command-to-dump-driver-info.patch > > @@ -0,0 +1,275 @@ > > +From 8cc22636b95de928f5abaebd0d19e2f040870953 Mon Sep 17 00:00:00 2001 > > +From: Eneas U de Queiroz <cote2004-git...@yahoo.com> > > +Date: Tue, 6 Nov 2018 22:54:07 -0200 > > +Subject: [PATCH 3/4] eng_devcrypto: add command to dump driver info > > + > > +This is useful to determine the kernel driver running each algorithm. > > + > > +Signed-off-by: Eneas U de Queiroz <cote2004-git...@yahoo.com> > > + > > +Reviewed-by: Matthias St. Pierre <matthias.st.pie...@ncp-e.com> > > +Reviewed-by: Richard Levitte <levi...@openssl.org> > > +(Merged from https://github.com/openssl/openssl/pull/7585) > > + > > +diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c > > +index 0f0aee6b57..44e60cbc7b 100644 > > +--- a/crypto/engine/eng_devcrypto.c > > ++++ b/crypto/engine/eng_devcrypto.c > > +@@ -48,16 +48,20 @@ static int use_softdrivers = > > DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS; > > + */ > > + struct driver_info_st { > > + enum devcrypto_status_t { > > +- DEVCRYPTO_STATUS_UNUSABLE = -1, /* session open failed */ > > +- DEVCRYPTO_STATUS_UNKNOWN = 0, /* not tested yet */ > > +- DEVCRYPTO_STATUS_USABLE = 1 /* algo can be used */ > > ++ DEVCRYPTO_STATUS_FAILURE = -3, /* unusable for other > > reason */ > > ++ DEVCRYPTO_STATUS_NO_CIOCCPHASH = -2, /* hash state copy not > > supported */ > > ++ DEVCRYPTO_STATUS_NO_CIOCGSESSION = -1, /* session open failed */ > > ++ DEVCRYPTO_STATUS_UNKNOWN = 0, /* not tested yet */ > > ++ DEVCRYPTO_STATUS_USABLE = 1 /* algo can be used */ > > + } status; > > + > > + enum devcrypto_accelerated_t { > > +- DEVCRYPTO_NOT_ACCELERATED = -1, /* software implemented */ > > +- DEVCRYPTO_ACCELERATION_UNKNOWN = 0, /* acceleration support > > unkown */ > > +- DEVCRYPTO_ACCELERATED = 1 /* hardware accelerated */ > > ++ DEVCRYPTO_NOT_ACCELERATED = -1, /* software implemented */ > > ++ DEVCRYPTO_ACCELERATION_UNKNOWN = 0, /* acceleration support > > unkown */ > > ++ DEVCRYPTO_ACCELERATED = 1 /* hardware accelerated */ > > + } accelerated; > > ++ > > ++ char *driver_name; > > + }; > > + > > + static int clean_devcrypto_session(struct session_op *sess) { > > +@@ -414,7 +418,7 @@ static void prepare_cipher_methods(void) > > + sess.cipher = cipher_data[i].devcryptoid; > > + sess.keylen = cipher_data[i].keylen; > > + if (ioctl(cfd, CIOCGSESSION, &sess) < 0) { > > +- cipher_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE; > > ++ cipher_driver_info[i].status = > > DEVCRYPTO_STATUS_NO_CIOCGSESSION; > > + continue; > > + } > > + > > +@@ -442,19 +446,24 @@ static void prepare_cipher_methods(void) > > + cipher_cleanup) > > + || !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i], > > + sizeof(struct > > cipher_ctx))) { > > +- cipher_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE; > > ++ cipher_driver_info[i].status = DEVCRYPTO_STATUS_FAILURE; > > + EVP_CIPHER_meth_free(known_cipher_methods[i]); > > + known_cipher_methods[i] = NULL; > > + } else { > > + cipher_driver_info[i].status = DEVCRYPTO_STATUS_USABLE; > > + #ifdef CIOCGSESSINFO > > + siop.ses = sess.ses; > > +- if (ioctl(cfd, CIOCGSESSINFO, &siop) < 0) > > ++ if (ioctl(cfd, CIOCGSESSINFO, &siop) < 0) { > > + cipher_driver_info[i].accelerated = > > DEVCRYPTO_ACCELERATION_UNKNOWN; > > +- else if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY)) > > +- cipher_driver_info[i].accelerated = > > DEVCRYPTO_NOT_ACCELERATED; > > +- else > > +- cipher_driver_info[i].accelerated = DEVCRYPTO_ACCELERATED; > > ++ } else { > > ++ cipher_driver_info[i].driver_name = > > ++ OPENSSL_strndup(siop.cipher_info.cra_driver_name, > > ++ CRYPTODEV_MAX_ALG_NAME); > > ++ if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY)) > > ++ cipher_driver_info[i].accelerated = > > DEVCRYPTO_NOT_ACCELERATED; > > ++ else > > ++ cipher_driver_info[i].accelerated = > > DEVCRYPTO_ACCELERATED; > > ++ } > > + #endif /* CIOCGSESSINFO */ > > + } > > + ioctl(cfd, CIOCFSESSION, &sess.ses); > > +@@ -504,8 +513,11 @@ static void destroy_all_cipher_methods(void) > > + { > > + size_t i; > > + > > +- for (i = 0; i < OSSL_NELEM(cipher_data); i++) > > ++ for (i = 0; i < OSSL_NELEM(cipher_data); i++) { > > + destroy_cipher_method(cipher_data[i].nid); > > ++ OPENSSL_free(cipher_driver_info[i].driver_name); > > ++ cipher_driver_info[i].driver_name = NULL; > > ++ } > > + } > > + > > + static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher, > > +@@ -549,6 +561,40 @@ static int cryptodev_select_cipher_cb(const char > > *str, int len, void *usr) > > + return 1; > > + } > > + > > ++static void dump_cipher_info(void) > > ++{ > > ++ size_t i; > > ++ const char *name; > > ++ > > ++ fprintf (stderr, "Information about ciphers supported by the > > /dev/crypto" > > ++ " engine:\n"); > > ++#ifndef CIOCGSESSINFO > > ++ fprintf(stderr, "CIOCGSESSINFO (session info call) unavailable\n"); > > ++#endif > > ++ for (i = 0; i < OSSL_NELEM(cipher_data); i++) { > > ++ name = OBJ_nid2sn(cipher_data[i].nid); > > ++ fprintf (stderr, "Cipher %s, NID=%d, /dev/crypto info: id=%d, ", > > ++ name ? name : "unknown", cipher_data[i].nid, > > ++ cipher_data[i].devcryptoid); > > ++ if (cipher_driver_info[i].status == > > DEVCRYPTO_STATUS_NO_CIOCGSESSION ) { > > ++ fprintf (stderr, "CIOCGSESSION (session open call) failed\n"); > > ++ continue; > > ++ } > > ++ fprintf (stderr, "driver=%s ", cipher_driver_info[i].driver_name ? > > ++ cipher_driver_info[i].driver_name : "unknown"); > > ++ if (cipher_driver_info[i].accelerated == DEVCRYPTO_ACCELERATED) > > ++ fprintf(stderr, "(hw accelerated)"); > > ++ else if (cipher_driver_info[i].accelerated == > > DEVCRYPTO_NOT_ACCELERATED) > > ++ fprintf(stderr, "(software)"); > > ++ else > > ++ fprintf(stderr, "(acceleration status unknown)"); > > ++ if (cipher_driver_info[i].status == DEVCRYPTO_STATUS_FAILURE) > > ++ fprintf (stderr, ". Cipher setup failed"); > > ++ fprintf(stderr, "\n"); > > ++ } > > ++ fprintf(stderr, "\n"); > > ++} > > ++ > > + /* > > + * We only support digests if the cryptodev implementation supports > > multiple > > + * data updates and session copying. Otherwise, we would be forced to > > maintain > > +@@ -810,31 +856,36 @@ static void prepare_digest_methods(void) > > + sess1.mac = digest_data[i].devcryptoid; > > + sess2.ses = 0; > > + if (ioctl(cfd, CIOCGSESSION, &sess1) < 0) { > > +- digest_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE; > > ++ digest_driver_info[i].status = > > DEVCRYPTO_STATUS_NO_CIOCGSESSION; > > + goto finish; > > + } > > + > > + #ifdef CIOCGSESSINFO > > + /* gather hardware acceleration info from the driver */ > > + siop.ses = sess1.ses; > > +- if (ioctl(cfd, CIOCGSESSINFO, &siop) < 0) > > ++ if (ioctl(cfd, CIOCGSESSINFO, &siop) < 0) { > > + digest_driver_info[i].accelerated = > > DEVCRYPTO_ACCELERATION_UNKNOWN; > > +- else if (siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY) > > +- digest_driver_info[i].accelerated = DEVCRYPTO_ACCELERATED; > > +- else > > +- digest_driver_info[i].accelerated = DEVCRYPTO_NOT_ACCELERATED; > > ++ } else { > > ++ digest_driver_info[i].driver_name = > > ++ OPENSSL_strndup(siop.hash_info.cra_driver_name, > > ++ CRYPTODEV_MAX_ALG_NAME); > > ++ if (siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY) > > ++ digest_driver_info[i].accelerated = DEVCRYPTO_ACCELERATED; > > ++ else > > ++ digest_driver_info[i].accelerated = > > DEVCRYPTO_NOT_ACCELERATED; > > ++ } > > + #endif > > + > > + /* digest must be capable of hash state copy */ > > + sess2.mac = sess1.mac; > > + if (ioctl(cfd, CIOCGSESSION, &sess2) < 0) { > > +- digest_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE; > > ++ digest_driver_info[i].status = DEVCRYPTO_STATUS_FAILURE; > > + goto finish; > > + } > > + cphash.src_ses = sess1.ses; > > + cphash.dst_ses = sess2.ses; > > + if (ioctl(cfd, CIOCCPHASH, &cphash) < 0) { > > +- digest_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE; > > ++ digest_driver_info[i].status = DEVCRYPTO_STATUS_NO_CIOCCPHASH; > > + goto finish; > > + } > > + if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid, > > +@@ -850,7 +901,7 @@ static void prepare_digest_methods(void) > > + || !EVP_MD_meth_set_cleanup(known_digest_methods[i], > > digest_cleanup) > > + || !EVP_MD_meth_set_app_datasize(known_digest_methods[i], > > + sizeof(struct digest_ctx))) { > > +- digest_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE; > > ++ digest_driver_info[i].status = DEVCRYPTO_STATUS_FAILURE; > > + EVP_MD_meth_free(known_digest_methods[i]); > > + known_digest_methods[i] = NULL; > > + goto finish; > > +@@ -892,8 +943,11 @@ static void destroy_all_digest_methods(void) > > + { > > + size_t i; > > + > > +- for (i = 0; i < OSSL_NELEM(digest_data); i++) > > ++ for (i = 0; i < OSSL_NELEM(digest_data); i++) { > > + destroy_digest_method(digest_data[i].nid); > > ++ OPENSSL_free(digest_driver_info[i].driver_name); > > ++ digest_driver_info[i].driver_name = NULL; > > ++ } > > + } > > + > > + static int devcrypto_digests(ENGINE *e, const EVP_MD **digest, > > +@@ -937,6 +991,43 @@ static int cryptodev_select_digest_cb(const char > > *str, int len, void *usr) > > + return 1; > > + } > > + > > ++static void dump_digest_info(void) > > ++{ > > ++ size_t i; > > ++ const char *name; > > ++ > > ++ fprintf (stderr, "Information about digests supported by the > > /dev/crypto" > > ++ " engine:\n"); > > ++#ifndef CIOCGSESSINFO > > ++ fprintf(stderr, "CIOCGSESSINFO (session info call) unavailable\n"); > > ++#endif > > ++ > > ++ for (i = 0; i < OSSL_NELEM(digest_data); i++) { > > ++ name = OBJ_nid2sn(digest_data[i].nid); > > ++ fprintf (stderr, "Digest %s, NID=%d, /dev/crypto info: id=%d, > > driver=%s", > > ++ name ? name : "unknown", digest_data[i].nid, > > ++ digest_data[i].devcryptoid, > > ++ digest_driver_info[i].driver_name ? > > digest_driver_info[i].driver_name : "unknown"); > > ++ if (digest_driver_info[i].status == > > DEVCRYPTO_STATUS_NO_CIOCGSESSION) { > > ++ fprintf (stderr, ". CIOCGSESSION (session open) failed\n"); > > ++ continue; > > ++ } > > ++ if (digest_driver_info[i].accelerated == DEVCRYPTO_ACCELERATED) > > ++ fprintf(stderr, " (hw accelerated)"); > > ++ else if (digest_driver_info[i].accelerated == > > DEVCRYPTO_NOT_ACCELERATED) > > ++ fprintf(stderr, " (software)"); > > ++ else > > ++ fprintf(stderr, " (acceleration status unknown)"); > > ++ if (cipher_driver_info[i].status == DEVCRYPTO_STATUS_FAILURE) > > ++ fprintf (stderr, ". Cipher setup failed\n"); > > ++ else if (digest_driver_info[i].status == > > DEVCRYPTO_STATUS_NO_CIOCCPHASH) > > ++ fprintf(stderr, ", CIOCCPHASH failed\n"); > > ++ else > > ++ fprintf(stderr, ", CIOCCPHASH capable\n"); > > ++ } > > ++ fprintf(stderr, "\n"); > > ++} > > ++ > > + #endif > > + > > + > > /****************************************************************************** > > +@@ -981,6 +1072,11 @@ static const ENGINE_CMD_DEFN devcrypto_cmds[] = { > > + ENGINE_CMD_FLAG_STRING}, > > + #endif > > + > > ++ {DEVCRYPTO_CMD_DUMP_INFO, > > ++ "DUMP_INFO", > > ++ "dump info about each algorithm to stderr; use 'openssl engine -pre > > DUMP_INFO devcrypto'", > > ++ ENGINE_CMD_FLAG_NO_INPUT}, > > ++ > > + {0, NULL, NULL, 0} > > + }; > > + > > +@@ -1049,6 +1145,13 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long > > i, void *p, void (*f) (void)) > > + return 1; > > + #endif /* IMPLEMENT_DIGEST */ > > + > > ++ case DEVCRYPTO_CMD_DUMP_INFO: > > ++ dump_cipher_info(); > > ++#ifdef IMPLEMENT_DIGEST > > ++ dump_digest_info(); > > ++#endif > > ++ return 1; > > ++ > > + default: > > + break; > > + } > > diff --git > > a/package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch > > > > b/package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch > > new file mode 100644 > > index 0000000000..fa5e48f36a > > --- /dev/null > > +++ > > b/package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch > > @@ -0,0 +1,336 @@ > > +From 9e0ca5fff3fa439fc36fa5374671b91dc5657b6a Mon Sep 17 00:00:00 2001 > > +From: Eneas U de Queiroz <cote2004-git...@yahoo.com> > > +Date: Tue, 6 Nov 2018 10:57:03 -0200 > > +Subject: [PATCH 4/4] e_devcrypto: make the /dev/crypto engine dynamic > > + > > +Engine has been moved from crypto/engine/eng_devcrypto.c to > > +engines/e_devcrypto.c. > > + > > +Signed-off-by: Eneas U de Queiroz <cote2004-git...@yahoo.com> > > + > > +diff --git a/crypto/engine/build.info b/crypto/engine/build.info > > +index e00802a3fd..47fe948966 100644 > > +--- a/crypto/engine/build.info > > ++++ b/crypto/engine/build.info > > +@@ -6,6 +6,3 @@ SOURCE[../../libcrypto]=\ > > + tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c \ > > + eng_openssl.c eng_cnf.c eng_dyn.c \ > > + eng_rdrand.c > > +-IF[{- !$disabled{devcryptoeng} -}] > > +- SOURCE[../../libcrypto]=eng_devcrypto.c > > +-ENDIF > > +diff --git a/crypto/init.c b/crypto/init.c > > +index 209d1a483d..02c609535f 100644 > > +--- a/crypto/init.c > > ++++ b/crypto/init.c > > +@@ -290,18 +290,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl) > > + engine_load_openssl_int(); > > + return 1; > > + } > > +-# ifndef OPENSSL_NO_DEVCRYPTOENG > > +-static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT; > > +-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto) > > +-{ > > +-# ifdef OPENSSL_INIT_DEBUG > > +- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: " > > +- "engine_load_devcrypto_int()\n"); > > +-# endif > > +- engine_load_devcrypto_int(); > > +- return 1; > > +-} > > +-# endif > > + > > + # ifndef OPENSSL_NO_RDRAND > > + static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT; > > +@@ -326,6 +314,18 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic) > > + return 1; > > + } > > + # ifndef OPENSSL_NO_STATIC_ENGINE > > ++# ifndef OPENSSL_NO_DEVCRYPTOENG > > ++static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT; > > ++DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto) > > ++{ > > ++# ifdef OPENSSL_INIT_DEBUG > > ++ fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: " > > ++ "engine_load_devcrypto_int()\n"); > > ++# endif > > ++ engine_load_devcrypto_int(); > > ++ return 1; > > ++} > > ++# endif > > + # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) > > + static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT; > > + DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock) > > +@@ -645,11 +645,6 @@ int OPENSSL_init_crypto(uint64_t opts, const > > OPENSSL_INIT_SETTINGS *settings) > > + if ((opts & OPENSSL_INIT_ENGINE_OPENSSL) > > + && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl)) > > + return 0; > > +-# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG) > > +- if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV) > > +- && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto)) > > +- return 0; > > +-# endif > > + # ifndef OPENSSL_NO_RDRAND > > + if ((opts & OPENSSL_INIT_ENGINE_RDRAND) > > + && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand)) > > +@@ -659,6 +654,11 @@ int OPENSSL_init_crypto(uint64_t opts, const > > OPENSSL_INIT_SETTINGS *settings) > > + && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic)) > > + return 0; > > + # ifndef OPENSSL_NO_STATIC_ENGINE > > ++# ifndef OPENSSL_NO_DEVCRYPTOENG > > ++ if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV) > > ++ && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto)) > > ++ return 0; > > ++# endif > > + # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) > > + if ((opts & OPENSSL_INIT_ENGINE_PADLOCK) > > + && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock)) > > +diff --git a/engines/build.info b/engines/build.info > > +index df173ea69d..dc0cbeb0a3 100644 > > +--- a/engines/build.info > > ++++ b/engines/build.info > > +@@ -10,6 +10,9 @@ IF[{- !$disabled{"engine"} -}] > > + IF[{- !$disabled{afalgeng} -}] > > + SOURCE[../libcrypto]=e_afalg.c > > + ENDIF > > ++ IF[{- !$disabled{"devcryptoeng"} -}] > > ++ SOURCE[../libcrypto]=e_devcrypto.c > > ++ ENDIF > > + ELSE > > + ENGINES=padlock > > + SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -} > > +@@ -27,6 +30,12 @@ IF[{- !$disabled{"engine"} -}] > > + DEPEND[afalg]=../libcrypto > > + INCLUDE[afalg]= ../include > > + ENDIF > > ++ IF[{- !$disabled{"devcryptoeng"} -}] > > ++ ENGINES=devcrypto > > ++ SOURCE[devcrypto]=e_devcrypto.c > > ++ DEPEND[devcrypto]=../libcrypto > > ++ INCLUDE[devcrypto]=../include > > ++ ENDIF > > + > > + ENGINES_NO_INST=ossltest dasync > > + SOURCE[dasync]=e_dasync.c > > +diff --git a/crypto/engine/eng_devcrypto.c b/engines/e_devcrypto.c > > +similarity index 95% > > +rename from crypto/engine/eng_devcrypto.c > > +rename to engines/e_devcrypto.c > > +index 44e60cbc7b..9af2ce174a 100644 > > +--- a/crypto/engine/eng_devcrypto.c > > ++++ b/engines/e_devcrypto.c > > +@@ -7,7 +7,7 @@ > > + * https://www.openssl.org/source/license.html > > + */ > > + > > +-#include "e_os.h" > > ++#include "../e_os.h" > > + #include <string.h> > > + #include <sys/types.h> > > + #include <sys/stat.h> > > +@@ -23,24 +23,24 @@ > > + #include <openssl/objects.h> > > + #include <crypto/cryptodev.h> > > + > > +-#include "internal/engine.h" > > +- > > + #ifdef CRYPTO_ALGORITHM_MIN > > + # define CHECK_BSD_STYLE_MACROS > > + #endif > > + > > ++#define engine_devcrypto_id "devcrypto" > > ++ > > + /* > > + * ONE global file descriptor for all sessions. This allows operations > > + * such as digest session data copying (see digest_copy()), but is also > > + * saner... why re-open /dev/crypto for every session? > > + */ > > +-static int cfd; > > ++static int cfd = -1; > > + #define DEVCRYPTO_REQUIRE_ACCELERATED 0 /* require confirmation of > > acceleration */ > > + #define DEVCRYPTO_USE_SOFTWARE 1 /* allow software drivers */ > > + #define DEVCRYPTO_REJECT_SOFTWARE 2 /* only disallow confirmed > > software drivers */ > > + > > +-#define DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS DEVCRYPTO_REJECT_SOFTWARE > > +-static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS; > > ++#define DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS DEVCRYPTO_REJECT_SOFTWARE > > ++static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS; > > + > > + /* > > + * cipher/digest status & acceleration definitions > > +@@ -73,6 +73,10 @@ static int clean_devcrypto_session(struct session_op > > *sess) { > > + return 1; > > + } > > + > > ++#ifdef OPENSSL_NO_DYNAMIC_ENGINE > > ++void engine_load_devcrypto_int(void); > > ++#endif > > ++ > > + > > /****************************************************************************** > > + * > > + * Ciphers > > +@@ -1164,6 +1168,37 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long > > i, void *p, void (*f) (void)) > > + * > > + *****/ > > + > > ++/* > > ++ * Opens /dev/crypto > > ++ */ > > ++static int open_devcrypto(void) > > ++{ > > ++ if (cfd >= 0) > > ++ return 1; > > ++ > > ++ if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) { > > ++ fprintf(stderr, "Could not open /dev/crypto: %s\n", > > strerror(errno)); > > ++ return 0; > > ++ } > > ++ > > ++ return 1; > > ++} > > ++ > > ++static int close_devcrypto(void) > > ++{ > > ++ int ret; > > ++ > > ++ if (cfd < 0) > > ++ return 1; > > ++ ret = close(cfd); > > ++ cfd = -1; > > ++ if (ret != 0) { > > ++ fprintf(stderr, "Error closing /dev/crypto: %s\n", > > strerror(errno)); > > ++ return 0; > > ++ } > > ++ return 1; > > ++} > > ++ > > + static int devcrypto_unload(ENGINE *e) > > + { > > + destroy_all_cipher_methods(); > > +@@ -1171,45 +1206,29 @@ static int devcrypto_unload(ENGINE *e) > > + destroy_all_digest_methods(); > > + #endif > > + > > +- close(cfd); > > ++ close_devcrypto(); > > + > > + return 1; > > + } > > +-/* > > +- * This engine is always built into libcrypto, so it doesn't offer any > > +- * ability to be dynamically loadable. > > +- */ > > +-void engine_load_devcrypto_int() > > +-{ > > +- ENGINE *e = NULL; > > + > > +- if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) { > > +- fprintf(stderr, "Could not open /dev/crypto: %s\n", > > strerror(errno)); > > +- return; > > +- } > > ++static int bind_devcrypto(ENGINE *e) { > > + > > +- if ((e = ENGINE_new()) == NULL > > +- || !ENGINE_set_destroy_function(e, devcrypto_unload)) { > > +- ENGINE_free(e); > > +- /* > > +- * We know that devcrypto_unload() won't be called when one of the > > +- * above two calls have failed, so we close cfd explicitly here to > > +- * avoid leaking resources. > > +- */ > > +- close(cfd); > > +- return; > > +- } > > ++ if (!ENGINE_set_id(e, engine_devcrypto_id) > > ++ || !ENGINE_set_name(e, "/dev/crypto engine") > > ++ || !ENGINE_set_destroy_function(e, devcrypto_unload) > > ++ || !ENGINE_set_cmd_defns(e, devcrypto_cmds) > > ++ || !ENGINE_set_ctrl_function(e, devcrypto_ctrl)) > > ++ return 0; > > + > > + prepare_cipher_methods(); > > + #ifdef IMPLEMENT_DIGEST > > + prepare_digest_methods(); > > + #endif > > + > > +- if (!ENGINE_set_id(e, "devcrypto") > > +- || !ENGINE_set_name(e, "/dev/crypto engine") > > +- || !ENGINE_set_cmd_defns(e, devcrypto_cmds) > > +- || !ENGINE_set_ctrl_function(e, devcrypto_ctrl) > > +- > > ++ return (ENGINE_set_ciphers(e, devcrypto_ciphers) > > ++#ifdef IMPLEMENT_DIGEST > > ++ && ENGINE_set_digests(e, devcrypto_digests) > > ++#endif > > + /* > > + * Asymmetric ciphers aren't well supported with /dev/crypto. Among the > > BSD > > + * implementations, it seems to only exist in FreeBSD, and regarding the > > +@@ -1232,23 +1251,36 @@ void engine_load_devcrypto_int() > > + */ > > + #if 0 > > + # ifndef OPENSSL_NO_RSA > > +- || !ENGINE_set_RSA(e, devcrypto_rsa) > > ++ && ENGINE_set_RSA(e, devcrypto_rsa) > > + # endif > > + # ifndef OPENSSL_NO_DSA > > +- || !ENGINE_set_DSA(e, devcrypto_dsa) > > ++ && ENGINE_set_DSA(e, devcrypto_dsa) > > + # endif > > + # ifndef OPENSSL_NO_DH > > +- || !ENGINE_set_DH(e, devcrypto_dh) > > ++ && ENGINE_set_DH(e, devcrypto_dh) > > + # endif > > + # ifndef OPENSSL_NO_EC > > +- || !ENGINE_set_EC(e, devcrypto_ec) > > ++ && ENGINE_set_EC(e, devcrypto_ec) > > + # endif > > + #endif > > +- || !ENGINE_set_ciphers(e, devcrypto_ciphers) > > +-#ifdef IMPLEMENT_DIGEST > > +- || !ENGINE_set_digests(e, devcrypto_digests) > > +-#endif > > +- ) { > > ++ ); > > ++} > > ++ > > ++#ifdef OPENSSL_NO_DYNAMIC_ENGINE > > ++/* > > ++ * In case this engine is built into libcrypto, then it doesn't offer any > > ++ * ability to be dynamically loadable. > > ++ */ > > ++void engine_load_devcrypto_int(void) > > ++{ > > ++ ENGINE *e = NULL; > > ++ > > ++ if (!open_devcrypto()) > > ++ return; > > ++ > > ++ if ((e = ENGINE_new()) == NULL > > ++ || !bind_devcrypto(e)) { > > ++ close_devcrypto(); > > + ENGINE_free(e); > > + return; > > + } > > +@@ -1257,3 +1289,22 @@ void engine_load_devcrypto_int() > > + ENGINE_free(e); /* Loose our local reference */ > > + ERR_clear_error(); > > + } > > ++ > > ++#else > > ++ > > ++static int bind_helper(ENGINE *e, const char *id) > > ++{ > > ++ if ((id && (strcmp(id, engine_devcrypto_id) != 0)) > > ++ || !open_devcrypto()) > > ++ return 0; > > ++ if (!bind_devcrypto(e)) { > > ++ close_devcrypto(); > > ++ return 0; > > ++ } > > ++ return 1; > > ++} > > ++ > > ++IMPLEMENT_DYNAMIC_CHECK_FN() > > ++IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) > > ++ > > ++#endif > > > > _______________________________________________ > > openwrt-devel mailing list > > openwrt-devel@lists.openwrt.org > > https://lists.openwrt.org/mailman/listinfo/openwrt-devel _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
