[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Tue Feb 12 19:08:21 UTC 2019
The branch master has been updated
via c703a808a1394fea7f77067db20c9508e6964d0b (commit)
via c244aa7bdac4eb26504b68e430557ed3e5a12ae9 (commit)
via 2afebe0bab5e03c9ae1555fd79044940245d7235 (commit)
from 9a18aae5f21efc59da8b697ad67d5d37b95ab322 (commit)
- Log -----------------------------------------------------------------
commit c703a808a1394fea7f77067db20c9508e6964d0b
Author: Eneas U de Queiroz <cote2004-github at yahoo.com>
Date: Tue Feb 12 10:44:19 2019 -0200
eng_devcrypto.c: close open session on init
cipher_init may be called on an already initialized context, without a
necessary cleanup. This separates cleanup from initialization, closing
an eventual open session before creating a new one.
Signed-off-by: Eneas U de Queiroz <cote2004-github at yahoo.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7859)
commit c244aa7bdac4eb26504b68e430557ed3e5a12ae9
Author: Eneas U de Queiroz <cote2004-github at yahoo.com>
Date: Thu Nov 8 11:07:44 2018 -0200
CHANGES: add note about building devcrypto dynamic
Signed-off-by: Eneas U de Queiroz <cote2004-github at yahoo.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7859)
commit 2afebe0bab5e03c9ae1555fd79044940245d7235
Author: Eneas U de Queiroz <cote2004-github at yahoo.com>
Date: Tue Nov 6 10:57:03 2018 -0200
e_devcrypto: make the /dev/crypto engine dynamic
Engine has been moved from crypto/engine/eng_devcrypto.c to
engines/e_devcrypto.c.
Signed-off-by: Eneas U de Queiroz <cote2004-github at yahoo.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7859)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 3 +
crypto/engine/build.info | 3 -
crypto/init.c | 34 ++---
engines/build.info | 13 ++
.../eng_devcrypto.c => engines/e_devcrypto.c | 160 ++++++++++++++-------
5 files changed, 144 insertions(+), 69 deletions(-)
rename crypto/engine/eng_devcrypto.c => engines/e_devcrypto.c (94%)
diff --git a/CHANGES b/CHANGES
index 9d712f0..02258ce 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,9 @@
Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
+ *) Build devcrypto engine as a dynamic engine.
+ [Eneas U de Queiroz]
+
*) Add keyed BLAKE2 to EVP_MAC.
[Antoine Salon]
diff --git a/crypto/engine/build.info b/crypto/engine/build.info
index e00802a..47fe948 100644
--- a/crypto/engine/build.info
+++ b/crypto/engine/build.info
@@ -6,6 +6,3 @@ SOURCE[../../libcrypto]=\
tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c \
eng_openssl.c eng_cnf.c eng_dyn.c \
eng_rdrand.c
-IF[{- !$disabled{devcryptoeng} -}]
- SOURCE[../../libcrypto]=eng_devcrypto.c
-ENDIF
diff --git a/crypto/init.c b/crypto/init.c
index 22d28a9..ddea63a 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -353,18 +353,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
engine_load_openssl_int();
return 1;
}
-# ifndef OPENSSL_NO_DEVCRYPTOENG
-static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
-{
-# ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
- "engine_load_devcrypto_int()\n");
-# endif
- engine_load_devcrypto_int();
- return 1;
-}
-# endif
# ifndef OPENSSL_NO_RDRAND
static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
@@ -389,6 +377,18 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
return 1;
}
# ifndef OPENSSL_NO_STATIC_ENGINE
+# ifndef OPENSSL_NO_DEVCRYPTOENG
+static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
+{
+# ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
+ "engine_load_devcrypto_int()\n");
+# endif
+ engine_load_devcrypto_int();
+ return 1;
+}
+# endif
# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
@@ -747,11 +747,6 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
&& !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
return 0;
-# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
- if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
- && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
- return 0;
-# endif
# ifndef OPENSSL_NO_RDRAND
if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
&& !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
@@ -761,6 +756,11 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
&& !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
return 0;
# ifndef OPENSSL_NO_STATIC_ENGINE
+# ifndef OPENSSL_NO_DEVCRYPTOENG
+ if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
+ && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
+ return 0;
+# endif
# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
&& !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
diff --git a/engines/build.info b/engines/build.info
index 27f1cec..f94e620 100644
--- a/engines/build.info
+++ b/engines/build.info
@@ -10,6 +10,9 @@ IF[{- !$disabled{"engine"} -}]
IF[{- !$disabled{afalgeng} -}]
SOURCE[../libcrypto]=e_afalg.c
ENDIF
+ IF[{- !$disabled{"devcryptoeng"} -}]
+ SOURCE[../libcrypto]=e_devcrypto.c
+ ENDIF
ELSE
MODULES{engine}=padlock
SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -}
@@ -39,6 +42,16 @@ IF[{- !$disabled{"engine"} -}]
GENERATE[afalg.ld]=../util/engines.num
ENDIF
ENDIF
+ IF[{- !$disabled{"devcryptoeng"} -}]
+ ENGINES=devcrypto
+ SOURCE[devcrypto]=e_devcrypto.c
+ DEPEND[devcrypto]=../libcrypto
+ INCLUDE[devcrypto]=../include
+ IF[{- defined $target{shared_defflag} -}]
+ SHARED_SOURCE[devcrypto]=devcrypto.ld
+ GENERATE[devcrypto.ld]=../util/engines.num
+ ENDIF
+ ENDIF
MODULES{noinst,engine}=ossltest dasync
SOURCE[dasync]=e_dasync.c
diff --git a/crypto/engine/eng_devcrypto.c b/engines/e_devcrypto.c
similarity index 94%
rename from crypto/engine/eng_devcrypto.c
rename to engines/e_devcrypto.c
index ec6337d..1d733e5 100644
--- a/crypto/engine/eng_devcrypto.c
+++ b/engines/e_devcrypto.c
@@ -7,7 +7,7 @@
* https://www.openssl.org/source/license.html
*/
-#include "e_os.h"
+#include "../e_os.h"
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -23,26 +23,26 @@
#include <openssl/objects.h>
#include <crypto/cryptodev.h>
-#include "internal/engine.h"
-
/* #define ENGINE_DEVCRYPTO_DEBUG */
#ifdef CRYPTO_ALGORITHM_MIN
# define CHECK_BSD_STYLE_MACROS
#endif
+#define engine_devcrypto_id "devcrypto"
+
/*
* ONE global file descriptor for all sessions. This allows operations
* such as digest session data copying (see digest_copy()), but is also
* saner... why re-open /dev/crypto for every session?
*/
-static int cfd;
+static int cfd = -1;
#define DEVCRYPTO_REQUIRE_ACCELERATED 0 /* require confirmation of acceleration */
#define DEVCRYPTO_USE_SOFTWARE 1 /* allow software drivers */
#define DEVCRYPTO_REJECT_SOFTWARE 2 /* only disallow confirmed software drivers */
-#define DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS DEVCRYPTO_REJECT_SOFTWARE
-static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS;
+#define DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS DEVCRYPTO_REJECT_SOFTWARE
+static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS;
/*
* cipher/digest status & acceleration definitions
@@ -66,6 +66,10 @@ struct driver_info_st {
char *driver_name;
};
+#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+void engine_load_devcrypto_int(void);
+#endif
+
/******************************************************************************
*
* Ciphers
@@ -182,8 +186,13 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
(struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
const struct cipher_data_st *cipher_d =
get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
+ int sess = cipher_ctx->sess.ses;
+
+ /* close a previous open session */
+ if (cipher_ctx->sess.ses != 0 &&
+ ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) <0)
+ SYSerr(SYS_F_IOCTL, errno);
- memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
cipher_ctx->sess.cipher = cipher_d->devcryptoid;
cipher_ctx->sess.keylen = cipher_d->keylen;
cipher_ctx->sess.key = (void *)key;
@@ -325,10 +334,17 @@ static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2)
EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2;
struct cipher_ctx *cipher_ctx;
- if (type == EVP_CTRL_COPY) {
- /* when copying the context, a new session needs to be initialized */
+ if (type == EVP_CTRL_COPY || type == EVP_CTRL_INIT) {
cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
- return (cipher_ctx == NULL)
+
+ if (cipher_ctx == NULL) /* OK for copy, error for init */
+ return (type == EVP_CTRL_COPY);
+
+ /* both COPY & INIT need a clean context */
+ memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
+
+ /* when copying the context, a new session needs to be open as well */
+ return (type == EVP_CTRL_INIT)
|| cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx),
(cipher_ctx->op == COP_ENCRYPT));
}
@@ -345,6 +361,7 @@ static int cipher_cleanup(EVP_CIPHER_CTX *ctx)
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
+ memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
return 1;
}
@@ -414,6 +431,7 @@ static void prepare_cipher_methods(void)
|| !EVP_CIPHER_meth_set_flags(known_cipher_methods[i],
cipher_data[i].flags
| EVP_CIPH_CUSTOM_COPY
+ | EVP_CIPH_CTRL_INIT
| EVP_CIPH_FLAG_DEFAULT_ASN1)
|| !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init)
|| !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i],
@@ -1138,55 +1156,67 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
*
*****/
-static int devcrypto_unload(ENGINE *e)
-{
- destroy_all_cipher_methods();
-#ifdef IMPLEMENT_DIGEST
- destroy_all_digest_methods();
-#endif
-
- close(cfd);
-
- return 1;
-}
/*
- * This engine is always built into libcrypto, so it doesn't offer any
- * ability to be dynamically loadable.
+ * Opens /dev/crypto
*/
-void engine_load_devcrypto_int()
+static int open_devcrypto(void)
{
- ENGINE *e = NULL;
+ if (cfd >= 0)
+ return 1;
if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
#ifndef ENGINE_DEVCRYPTO_DEBUG
if (errno != ENOENT)
#endif
fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
- return;
+ return 0;
}
- if ((e = ENGINE_new()) == NULL
- || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
- ENGINE_free(e);
- /*
- * We know that devcrypto_unload() won't be called when one of the
- * above two calls have failed, so we close cfd explicitly here to
- * avoid leaking resources.
- */
- close(cfd);
- return;
+ return 1;
+}
+
+static int close_devcrypto(void)
+{
+ if (cfd < 0)
+ return 1;
+ cfd = -1;
+ if (close(cfd) == 0) {
+ fprintf(stderr, "Error closing /dev/crypto: %s\n", strerror(errno));
+ return 0;
}
+ return 1;
+}
- prepare_cipher_methods();
+static int devcrypto_unload(ENGINE *e)
+{
+ destroy_all_cipher_methods();
#ifdef IMPLEMENT_DIGEST
- prepare_digest_methods();
+ destroy_all_digest_methods();
#endif
- if (!ENGINE_set_id(e, "devcrypto")
+ close_devcrypto();
+
+ return 1;
+}
+
+static int bind_devcrypto(ENGINE *e) {
+
+ if (!ENGINE_set_id(e, engine_devcrypto_id)
|| !ENGINE_set_name(e, "/dev/crypto engine")
+ || !ENGINE_set_destroy_function(e, devcrypto_unload)
|| !ENGINE_set_cmd_defns(e, devcrypto_cmds)
- || !ENGINE_set_ctrl_function(e, devcrypto_ctrl)
+ || !ENGINE_set_ctrl_function(e, devcrypto_ctrl))
+ return 0;
+ prepare_cipher_methods();
+#ifdef IMPLEMENT_DIGEST
+ prepare_digest_methods();
+#endif
+
+ return (ENGINE_set_ciphers(e, devcrypto_ciphers)
+#ifdef IMPLEMENT_DIGEST
+ && ENGINE_set_digests(e, devcrypto_digests)
+#endif
/*
* Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD
* implementations, it seems to only exist in FreeBSD, and regarding the
@@ -1209,23 +1239,36 @@ void engine_load_devcrypto_int()
*/
#if 0
# ifndef OPENSSL_NO_RSA
- || !ENGINE_set_RSA(e, devcrypto_rsa)
+ && ENGINE_set_RSA(e, devcrypto_rsa)
# endif
# ifndef OPENSSL_NO_DSA
- || !ENGINE_set_DSA(e, devcrypto_dsa)
+ && ENGINE_set_DSA(e, devcrypto_dsa)
# endif
# ifndef OPENSSL_NO_DH
- || !ENGINE_set_DH(e, devcrypto_dh)
+ && ENGINE_set_DH(e, devcrypto_dh)
# endif
# ifndef OPENSSL_NO_EC
- || !ENGINE_set_EC(e, devcrypto_ec)
+ && ENGINE_set_EC(e, devcrypto_ec)
# endif
#endif
- || !ENGINE_set_ciphers(e, devcrypto_ciphers)
-#ifdef IMPLEMENT_DIGEST
- || !ENGINE_set_digests(e, devcrypto_digests)
-#endif
- ) {
+ );
+}
+
+#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+/*
+ * In case this engine is built into libcrypto, then it doesn't offer any
+ * ability to be dynamically loadable.
+ */
+void engine_load_devcrypto_int(void)
+{
+ ENGINE *e = NULL;
+
+ if (!open_devcrypto())
+ return;
+
+ if ((e = ENGINE_new()) == NULL
+ || !bind_devcrypto(e)) {
+ close_devcrypto();
ENGINE_free(e);
return;
}
@@ -1234,3 +1277,22 @@ void engine_load_devcrypto_int()
ENGINE_free(e); /* Loose our local reference */
ERR_clear_error();
}
+
+#else
+
+static int bind_helper(ENGINE *e, const char *id)
+{
+ if ((id && (strcmp(id, engine_devcrypto_id) != 0))
+ || !open_devcrypto())
+ return 0;
+ if (!bind_devcrypto(e)) {
+ close_devcrypto();
+ return 0;
+ }
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+
+#endif
More information about the openssl-commits
mailing list