[openssl] OpenSSL_1_1_1-stable update

kaduk at mit.edu kaduk at mit.edu
Thu Feb 18 21:51:26 UTC 2021 

The branch OpenSSL_1_1_1-stable has been updated
       via  a12c6442f24a32867c971b6feb5db61d01b02c1f (commit)
       via  b6de54b2c1062f15819174784d9bd53c85c432d3 (commit)
      from  01cf4f868e08f82daa16d049fa7d241d8089c8d8 (commit)


- Log -----------------------------------------------------------------
commit a12c6442f24a32867c971b6feb5db61d01b02c1f
Author: John Baldwin <jhb at FreeBSD.org>
Date:   Thu Jan 7 14:09:41 2021 -0800

    Close /dev/crypto file descriptor after CRIOGET ioctl().
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    
    (cherry picked from commit 3ddf44ea5a2c1c8c55f4f4072a611791c79d4e7c)
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13853)

commit b6de54b2c1062f15819174784d9bd53c85c432d3
Author: John Baldwin <jhb at FreeBSD.org>
Date:   Fri Nov 20 17:07:35 2020 -0800

    Use CRIOGET to fetch a crypto descriptor when present.
    
    FreeBSD's current /dev/crypto implementation requires that consumers
    clone a separate file descriptor via the CRIOGET ioctl that can then
    be used with other ioctls such as CIOCGSESSION.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    
    (cherry picked from commit b39c215decf6e68c28cb64dcfaf5ae5a7e8d35b4)
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13853)

-----------------------------------------------------------------------

Summary of changes:
 crypto/engine/eng_devcrypto.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c
index 49e9ce1af3..997271e150 100644
--- a/crypto/engine/eng_devcrypto.c
+++ b/crypto/engine/eng_devcrypto.c
@@ -758,8 +758,9 @@ static int devcrypto_unload(ENGINE *e)
 void engine_load_devcrypto_int()
 {
     ENGINE *e = NULL;
+    int fd;
 
-    if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+    if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
 #ifndef ENGINE_DEVCRYPTO_DEBUG
         if (errno != ENOENT)
 #endif
@@ -767,6 +768,18 @@ void engine_load_devcrypto_int()
         return;
     }
 
+#ifdef CRIOGET
+    if (ioctl(fd, CRIOGET, &cfd) < 0) {
+        fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno));
+        close(fd);
+        cfd = -1;
+        return;
+    }
+    close(fd);
+#else
+    cfd = fd;
+#endif
+
     if ((e = ENGINE_new()) == NULL
         || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
         ENGINE_free(e);

More information about the openssl-commits mailing list