connection failed when using gnutls/cryptodev, due to wrongly closing the fd(/dev/crypto) in worker/main function

Description of problem:

Building gnultls with hw accelerated, ocserv connection always failed on SHA1 calculation. Using strace to trace "open, close, ioctl", it's found that "/dev/crypto" was opened as fd=1 as the STDOUT_FILENO. and fd=1 was closed earlier than we begin to use gnutls SHA1 by cryptodev/ioctl.

Searching in source code, seems this issue is caused in worker/main function, "close(STDOUT_FILENO);".

BTW, there is also a possible typo, not STDIN, if you really meant to close STDOUT and STDERR.

diff --git a/src/worker.c b/src/worker.c
index 1e915c3..25a1915 100644
--- a/src/worker.c
+++ b/src/worker.c
@@ -126,8 +126,9 @@ int main(int argc, char **argv)
 
        // Close stdout and stderr early to avoid spurious logs
        /* we don't need them */
-       close(STDIN_FILENO);
-       close(STDOUT_FILENO);
+//bynj: STDOUT_FILENO as fd=1, actually might be not for stdout, but for open(/dev/crypto). closing here will break all gnutls/cryptodev
+//     close(STDIN_FILENO);
+//     close(STDOUT_FILENO);

Version of ocserv used:

ocserv-1.1.2 GnuTLS 3.7.0

Client used:

anyconnect, and openconnect

Distributor of ocserv

(e.g., Ubuntu, Fedora, RHEL)

How reproducible:

Describe the steps to reproduce the issue:

• build gnultls with cryptodev enabled
• make sure ocserv server running with the GnuTLS above
• client connects

Actual results:

(Describe the actual results after following the instructions above)

Expected results:

(Describe the expected results)