package/libs/openssl/patches/420-eng_devcrypto-add-command-to-dump-driver-info.patch

   1 From 78e7b1cc7119622645bc5a8542c55b6c95dc7868 Mon Sep 17 00:00:00 2001
   2 From: Eneas U de Queiroz <cote2004-github@yahoo.com>
   3 Date: Tue, 6 Nov 2018 22:54:07 -0200
   4 Subject: eng_devcrypto: add command to dump driver info
   5
   6 This is useful to determine the kernel driver running each algorithm.
   7
   8 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
   9
  10 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
  11 Reviewed-by: Richard Levitte <levitte@openssl.org>
  12 (Merged from https://github.com/openssl/openssl/pull/7585)
  13
  14 diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c
  15 index 5ec38ca8f3..64dc6b891d 100644
  16 --- a/crypto/engine/eng_devcrypto.c
  17 +++ b/crypto/engine/eng_devcrypto.c
  18 @@ -50,16 +50,20 @@ static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS;
  19   */
  20  struct driver_info_st {
  21      enum devcrypto_status_t {
  22 -        DEVCRYPTO_STATUS_UNUSABLE       = -1, /* session open failed */
  23 -        DEVCRYPTO_STATUS_UNKNOWN        =  0, /* not tested yet */
  24 -        DEVCRYPTO_STATUS_USABLE         =  1  /* algo can be used */
  25 +        DEVCRYPTO_STATUS_FAILURE         = -3, /* unusable for other reason */
  26 +        DEVCRYPTO_STATUS_NO_CIOCCPHASH   = -2, /* hash state copy not supported */
  27 +        DEVCRYPTO_STATUS_NO_CIOCGSESSION = -1, /* session open failed */
  28 +        DEVCRYPTO_STATUS_UNKNOWN         =  0, /* not tested yet */
  29 +        DEVCRYPTO_STATUS_USABLE          =  1  /* algo can be used */
  30      } status;
  31
  32      enum devcrypto_accelerated_t {
  33 -        DEVCRYPTO_NOT_ACCELERATED       = -1, /* software implemented */
  34 -        DEVCRYPTO_ACCELERATION_UNKNOWN  =  0, /* acceleration support unkown */
  35 -        DEVCRYPTO_ACCELERATED           =  1  /* hardware accelerated */
  36 +        DEVCRYPTO_NOT_ACCELERATED        = -1, /* software implemented */
  37 +        DEVCRYPTO_ACCELERATION_UNKNOWN   =  0, /* acceleration support unkown */
  38 +        DEVCRYPTO_ACCELERATED            =  1  /* hardware accelerated */
  39      } accelerated;
  40 +
  41 +    char *driver_name;
  42  };
  43
  44  static int clean_devcrypto_session(struct session_op *sess) {
  45 @@ -415,7 +419,7 @@ static void prepare_cipher_methods(void)
  46          sess.cipher = cipher_data[i].devcryptoid;
  47          sess.keylen = cipher_data[i].keylen;
  48          if (ioctl(cfd, CIOCGSESSION, &sess) < 0) {
  49 -            cipher_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE;
  50 +            cipher_driver_info[i].status = DEVCRYPTO_STATUS_NO_CIOCGSESSION;
  51              continue;
  52          }
  53
  54 @@ -443,19 +447,24 @@ static void prepare_cipher_methods(void)
  55                                              cipher_cleanup)
  56              || !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i],
  57                                                    sizeof(struct cipher_ctx))) {
  58 -            cipher_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE;
  59 +            cipher_driver_info[i].status = DEVCRYPTO_STATUS_FAILURE;
  60              EVP_CIPHER_meth_free(known_cipher_methods[i]);
  61              known_cipher_methods[i] = NULL;
  62          } else {
  63              cipher_driver_info[i].status = DEVCRYPTO_STATUS_USABLE;
  64  #ifdef CIOCGSESSINFO
  65              siop.ses = sess.ses;
  66 -            if (ioctl(cfd, CIOCGSESSINFO, &siop) < 0)
  67 +            if (ioctl(cfd, CIOCGSESSINFO, &siop) < 0) {
  68                  cipher_driver_info[i].accelerated = DEVCRYPTO_ACCELERATION_UNKNOWN;
  69 -            else if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY))
  70 -                cipher_driver_info[i].accelerated = DEVCRYPTO_NOT_ACCELERATED;
  71 -            else
  72 -                cipher_driver_info[i].accelerated = DEVCRYPTO_ACCELERATED;
  73 +            } else {
  74 +                cipher_driver_info[i].driver_name =
  75 +                    OPENSSL_strndup(siop.cipher_info.cra_driver_name,
  76 +                                    CRYPTODEV_MAX_ALG_NAME);
  77 +                if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY))
  78 +                    cipher_driver_info[i].accelerated = DEVCRYPTO_NOT_ACCELERATED;
  79 +                else
  80 +                    cipher_driver_info[i].accelerated = DEVCRYPTO_ACCELERATED;
  81 +            }
  82  #endif /* CIOCGSESSINFO */
  83          }
  84          ioctl(cfd, CIOCFSESSION, &sess.ses);
  85 @@ -505,8 +514,11 @@ static void destroy_all_cipher_methods(void)
  86  {
  87      size_t i;
  88
  89 -    for (i = 0; i < OSSL_NELEM(cipher_data); i++)
  90 +    for (i = 0; i < OSSL_NELEM(cipher_data); i++) {
  91          destroy_cipher_method(cipher_data[i].nid);
  92 +        OPENSSL_free(cipher_driver_info[i].driver_name);
  93 +        cipher_driver_info[i].driver_name = NULL;
  94 +    }
  95  }
  96
  97  static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
  98 @@ -550,6 +562,40 @@ static int cryptodev_select_cipher_cb(const char *str, int len, void *usr)
  99      return 1;
 100  }
 101
 102 +static void dump_cipher_info(void)
 103 +{
 104 +    size_t i;
 105 +    const char *name;
 106 +
 107 +    fprintf (stderr, "Information about ciphers supported by the /dev/crypto"
 108 +             " engine:\n");
 109 +#ifndef CIOCGSESSINFO
 110 +    fprintf(stderr, "CIOCGSESSINFO (session info call) unavailable\n");
 111 +#endif
 112 +    for (i = 0; i < OSSL_NELEM(cipher_data); i++) {
 113 +        name = OBJ_nid2sn(cipher_data[i].nid);
 114 +        fprintf (stderr, "Cipher %s, NID=%d, /dev/crypto info: id=%d, ",
 115 +                 name ? name : "unknown", cipher_data[i].nid,
 116 +                 cipher_data[i].devcryptoid);
 117 +        if (cipher_driver_info[i].status == DEVCRYPTO_STATUS_NO_CIOCGSESSION ) {
 118 +            fprintf (stderr, "CIOCGSESSION (session open call) failed\n");
 119 +            continue;
 120 +        }
 121 +        fprintf (stderr, "driver=%s ", cipher_driver_info[i].driver_name ?
 122 +                 cipher_driver_info[i].driver_name : "unknown");
 123 +        if (cipher_driver_info[i].accelerated == DEVCRYPTO_ACCELERATED)
 124 +            fprintf(stderr, "(hw accelerated)");
 125 +        else if (cipher_driver_info[i].accelerated == DEVCRYPTO_NOT_ACCELERATED)
 126 +            fprintf(stderr, "(software)");
 127 +        else
 128 +            fprintf(stderr, "(acceleration status unknown)");
 129 +        if (cipher_driver_info[i].status == DEVCRYPTO_STATUS_FAILURE)
 130 +            fprintf (stderr, ". Cipher setup failed");
 131 +        fprintf(stderr, "\n");
 132 +    }
 133 +    fprintf(stderr, "\n");
 134 +}
 135 +
 136  /*
 137   * We only support digests if the cryptodev implementation supports multiple
 138   * data updates and session copying.  Otherwise, we would be forced to maintain
 139 @@ -812,31 +858,36 @@ static void prepare_digest_methods(void)
 140          sess1.mac = digest_data[i].devcryptoid;
 141          sess2.ses = 0;
 142          if (ioctl(cfd, CIOCGSESSION, &sess1) < 0) {
 143 -            digest_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE;
 144 +            digest_driver_info[i].status = DEVCRYPTO_STATUS_NO_CIOCGSESSION;
 145              goto finish;
 146          }
 147
 148  #ifdef CIOCGSESSINFO
 149          /* gather hardware acceleration info from the driver */
 150          siop.ses = sess1.ses;
 151 -        if (ioctl(cfd, CIOCGSESSINFO, &siop) < 0)
 152 +        if (ioctl(cfd, CIOCGSESSINFO, &siop) < 0) {
 153              digest_driver_info[i].accelerated = DEVCRYPTO_ACCELERATION_UNKNOWN;
 154 -        else if (siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY)
 155 -            digest_driver_info[i].accelerated = DEVCRYPTO_ACCELERATED;
 156 -        else
 157 -            digest_driver_info[i].accelerated = DEVCRYPTO_NOT_ACCELERATED;
 158 +        } else {
 159 +            digest_driver_info[i].driver_name =
 160 +                OPENSSL_strndup(siop.hash_info.cra_driver_name,
 161 +                                CRYPTODEV_MAX_ALG_NAME);
 162 +            if (siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY)
 163 +                digest_driver_info[i].accelerated = DEVCRYPTO_ACCELERATED;
 164 +            else
 165 +                digest_driver_info[i].accelerated = DEVCRYPTO_NOT_ACCELERATED;
 166 +        }
 167  #endif
 168
 169          /* digest must be capable of hash state copy */
 170          sess2.mac = sess1.mac;
 171          if (ioctl(cfd, CIOCGSESSION, &sess2) < 0) {
 172 -            digest_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE;
 173 +            digest_driver_info[i].status = DEVCRYPTO_STATUS_FAILURE;
 174              goto finish;
 175          }
 176          cphash.src_ses = sess1.ses;
 177          cphash.dst_ses = sess2.ses;
 178          if (ioctl(cfd, CIOCCPHASH, &cphash) < 0) {
 179 -            digest_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE;
 180 +            digest_driver_info[i].status = DEVCRYPTO_STATUS_NO_CIOCCPHASH;
 181              goto finish;
 182          }
 183          if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
 184 @@ -852,7 +903,7 @@ static void prepare_digest_methods(void)
 185              || !EVP_MD_meth_set_cleanup(known_digest_methods[i], digest_cleanup)
 186              || !EVP_MD_meth_set_app_datasize(known_digest_methods[i],
 187                                               sizeof(struct digest_ctx))) {
 188 -            digest_driver_info[i].status = DEVCRYPTO_STATUS_UNUSABLE;
 189 +            digest_driver_info[i].status = DEVCRYPTO_STATUS_FAILURE;
 190              EVP_MD_meth_free(known_digest_methods[i]);
 191              known_digest_methods[i] = NULL;
 192              goto finish;
 193 @@ -894,8 +945,11 @@ static void destroy_all_digest_methods(void)
 194  {
 195      size_t i;
 196
 197 -    for (i = 0; i < OSSL_NELEM(digest_data); i++)
 198 +    for (i = 0; i < OSSL_NELEM(digest_data); i++) {
 199          destroy_digest_method(digest_data[i].nid);
 200 +        OPENSSL_free(digest_driver_info[i].driver_name);
 201 +        digest_driver_info[i].driver_name = NULL;
 202 +    }
 203  }
 204
 205  static int devcrypto_digests(ENGINE *e, const EVP_MD **digest,
 206 @@ -939,6 +993,43 @@ static int cryptodev_select_digest_cb(const char *str, int len, void *usr)
 207      return 1;
 208  }
 209
 210 +static void dump_digest_info(void)
 211 +{
 212 +    size_t i;
 213 +    const char *name;
 214 +
 215 +    fprintf (stderr, "Information about digests supported by the /dev/crypto"
 216 +             " engine:\n");
 217 +#ifndef CIOCGSESSINFO
 218 +    fprintf(stderr, "CIOCGSESSINFO (session info call) unavailable\n");
 219 +#endif
 220 +
 221 +    for (i = 0; i < OSSL_NELEM(digest_data); i++) {
 222 +        name = OBJ_nid2sn(digest_data[i].nid);
 223 +        fprintf (stderr, "Digest %s, NID=%d, /dev/crypto info: id=%d, driver=%s",
 224 +                 name ? name : "unknown", digest_data[i].nid,
 225 +                 digest_data[i].devcryptoid,
 226 +                 digest_driver_info[i].driver_name ? digest_driver_info[i].driver_name : "unknown");
 227 +        if (digest_driver_info[i].status == DEVCRYPTO_STATUS_NO_CIOCGSESSION) {
 228 +            fprintf (stderr, ". CIOCGSESSION (session open) failed\n");
 229 +            continue;
 230 +        }
 231 +        if (digest_driver_info[i].accelerated == DEVCRYPTO_ACCELERATED)
 232 +            fprintf(stderr, " (hw accelerated)");
 233 +        else if (digest_driver_info[i].accelerated == DEVCRYPTO_NOT_ACCELERATED)
 234 +            fprintf(stderr, " (software)");
 235 +        else
 236 +            fprintf(stderr, " (acceleration status unknown)");
 237 +        if (cipher_driver_info[i].status == DEVCRYPTO_STATUS_FAILURE)
 238 +            fprintf (stderr, ". Cipher setup failed\n");
 239 +        else if (digest_driver_info[i].status == DEVCRYPTO_STATUS_NO_CIOCCPHASH)
 240 +            fprintf(stderr, ", CIOCCPHASH failed\n");
 241 +        else
 242 +            fprintf(stderr, ", CIOCCPHASH capable\n");
 243 +    }
 244 +    fprintf(stderr, "\n");
 245 +}
 246 +
 247  #endif
 248
 249  /******************************************************************************
 250 @@ -983,6 +1074,11 @@ static const ENGINE_CMD_DEFN devcrypto_cmds[] = {
 251      ENGINE_CMD_FLAG_STRING},
 252  #endif
 253
 254 +   {DEVCRYPTO_CMD_DUMP_INFO,
 255 +    "DUMP_INFO",
 256 +    "dump info about each algorithm to stderr; use 'openssl engine -pre DUMP_INFO devcrypto'",
 257 +    ENGINE_CMD_FLAG_NO_INPUT},
 258 +
 259     {0, NULL, NULL, 0}
 260  };
 261
 262 @@ -1051,6 +1147,13 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
 263          return 1;
 264  #endif /* IMPLEMENT_DIGEST */
 265
 266 +    case DEVCRYPTO_CMD_DUMP_INFO:
 267 +        dump_cipher_info();
 268 +#ifdef IMPLEMENT_DIGEST
 269 +        dump_digest_info();
 270 +#endif
 271 +        return 1;
 272 +
 273      default:
 274          break;
 275      }