projects / openwrt / openwrt.git / blob
? search:


ee33942426c133f59c798e04f860a412c6de51e1
[openwrt/openwrt.git] / package / libs / openssl / patches / 430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch
1 From f3cef70b34afde3afd13ce3636232d41533b0162 Mon Sep 17 00:00:00 2001
2 From: Eneas U de Queiroz <cote2004-github@yahoo.com>
3 Date: Tue, 6 Nov 2018 10:57:03 -0200
4 Subject: e_devcrypto: make the /dev/crypto engine dynamic
5
6 Engine has been moved from crypto/engine/eng_devcrypto.c to
7 engines/e_devcrypto.c.
8
9 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
10
11 diff --git a/crypto/engine/build.info b/crypto/engine/build.info
12 index e00802a3fd..47fe948966 100644
13 --- a/crypto/engine/build.info
14 +++ b/crypto/engine/build.info
15 @@ -6,6 +6,3 @@ SOURCE[../../libcrypto]=\
16 tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c \
17 eng_openssl.c eng_cnf.c eng_dyn.c \
18 eng_rdrand.c
19 -IF[{- !$disabled{devcryptoeng} -}]
20 - SOURCE[../../libcrypto]=eng_devcrypto.c
21 -ENDIF
22 diff --git a/crypto/init.c b/crypto/init.c
23 index 9fc0e8ef68..b387559920 100644
24 --- a/crypto/init.c
25 +++ b/crypto/init.c
26 @@ -329,18 +329,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
27 engine_load_openssl_int();
28 return 1;
29 }
30 -# ifndef OPENSSL_NO_DEVCRYPTOENG
31 -static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
32 -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
33 -{
34 -# ifdef OPENSSL_INIT_DEBUG
35 - fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
36 - "engine_load_devcrypto_int()\n");
37 -# endif
38 - engine_load_devcrypto_int();
39 - return 1;
40 -}
41 -# endif
42
43 # ifndef OPENSSL_NO_RDRAND
44 static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
45 @@ -365,6 +353,18 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
46 return 1;
47 }
48 # ifndef OPENSSL_NO_STATIC_ENGINE
49 +# ifndef OPENSSL_NO_DEVCRYPTOENG
50 +static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
51 +DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
52 +{
53 +# ifdef OPENSSL_INIT_DEBUG
54 + fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
55 + "engine_load_devcrypto_int()\n");
56 +# endif
57 + engine_load_devcrypto_int();
58 + return 1;
59 +}
60 +# endif
61 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
62 static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
63 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
64 @@ -713,11 +713,6 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
65 if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
66 && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
67 return 0;
68 -# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
69 - if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
70 - && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
71 - return 0;
72 -# endif
73 # ifndef OPENSSL_NO_RDRAND
74 if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
75 && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
76 @@ -727,6 +722,11 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
77 && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
78 return 0;
79 # ifndef OPENSSL_NO_STATIC_ENGINE
80 +# ifndef OPENSSL_NO_DEVCRYPTOENG
81 + if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
82 + && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
83 + return 0;
84 +# endif
85 # if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
86 if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
87 && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
88 diff --git a/engines/build.info b/engines/build.info
89 index 1db771971c..33a25d7004 100644
90 --- a/engines/build.info
91 +++ b/engines/build.info
92 @@ -11,6 +11,9 @@ IF[{- !$disabled{"engine"} -}]
93 IF[{- !$disabled{afalgeng} -}]
94 SOURCE[../libcrypto]=e_afalg.c
95 ENDIF
96 + IF[{- !$disabled{"devcryptoeng"} -}]
97 + SOURCE[../libcrypto]=e_devcrypto.c
98 + ENDIF
99 ELSE
100 IF[{- !$disabled{hw} && !$disabled{'hw-padlock'} -}]
101 ENGINES=padlock
102 @@ -30,6 +33,12 @@ IF[{- !$disabled{"engine"} -}]
103 DEPEND[afalg]=../libcrypto
104 INCLUDE[afalg]= ../include
105 ENDIF
106 + IF[{- !$disabled{"devcryptoeng"} -}]
107 + ENGINES=devcrypto
108 + SOURCE[devcrypto]=e_devcrypto.c
109 + DEPEND[devcrypto]=../libcrypto
110 + INCLUDE[devcrypto]=../include
111 + ENDIF
112
113 ENGINES_NO_INST=ossltest dasync
114 SOURCE[dasync]=e_dasync.c
115 diff --git a/crypto/engine/eng_devcrypto.c b/engines/e_devcrypto.c
116 similarity index 95%
117 rename from crypto/engine/eng_devcrypto.c
118 rename to engines/e_devcrypto.c
119 index 64dc6b891d..fb5c6e1636 100644
120 --- a/crypto/engine/eng_devcrypto.c
121 +++ b/engines/e_devcrypto.c
122 @@ -7,7 +7,7 @@
123 * https://www.openssl.org/source/license.html
124 */
125
126 -#include "e_os.h"
127 +#include "../e_os.h"
128 #include <string.h>
129 #include <sys/types.h>
130 #include <sys/stat.h>
131 @@ -23,26 +23,26 @@
132 #include <openssl/objects.h>
133 #include <crypto/cryptodev.h>
134
135 -#include "internal/engine.h"
136 -
137 /* #define ENGINE_DEVCRYPTO_DEBUG */
138
139 #if CRYPTO_ALGORITHM_MIN < CRYPTO_ALGORITHM_MAX
140 # define CHECK_BSD_STYLE_MACROS
141 #endif
142
143 +#define engine_devcrypto_id "devcrypto"
144 +
145 /*
146 * ONE global file descriptor for all sessions. This allows operations
147 * such as digest session data copying (see digest_copy()), but is also
148 * saner... why re-open /dev/crypto for every session?
149 */
150 -static int cfd;
151 +static int cfd = -1;
152 #define DEVCRYPTO_REQUIRE_ACCELERATED 0 /* require confirmation of acceleration */
153 #define DEVCRYPTO_USE_SOFTWARE 1 /* allow software drivers */
154 #define DEVCRYPTO_REJECT_SOFTWARE 2 /* only disallow confirmed software drivers */
155
156 -#define DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS DEVCRYPTO_REJECT_SOFTWARE
157 -static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS;
158 +#define DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS DEVCRYPTO_REJECT_SOFTWARE
159 +static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS;
160
161 /*
162 * cipher/digest status & acceleration definitions
163 @@ -66,6 +66,10 @@ struct driver_info_st {
164 char *driver_name;
165 };
166
167 +#ifdef OPENSSL_NO_DYNAMIC_ENGINE
168 +void engine_load_devcrypto_int(void);
169 +#endif
170 +
171 static int clean_devcrypto_session(struct session_op *sess) {
172 if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) {
173 SYSerr(SYS_F_IOCTL, errno);
174 @@ -341,6 +345,7 @@ static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2)
175 struct cipher_ctx *to_cipher_ctx;
176
177 switch (type) {
178 +
179 case EVP_CTRL_COPY:
180 if (cipher_ctx == NULL)
181 return 1;
182 @@ -702,7 +707,6 @@ static int digest_init(EVP_MD_CTX *ctx)
183 SYSerr(SYS_F_IOCTL, errno);
184 return 0;
185 }
186 -
187 return 1;
188 }
189
190 @@ -1058,7 +1062,7 @@ static const ENGINE_CMD_DEFN devcrypto_cmds[] = {
191 OPENSSL_MSTR(DEVCRYPTO_USE_SOFTWARE) "=allow all drivers, "
192 OPENSSL_MSTR(DEVCRYPTO_REJECT_SOFTWARE)
193 "=use if acceleration can't be determined) [default="
194 - OPENSSL_MSTR(DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS) "]",
195 + OPENSSL_MSTR(DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS) "]",
196 ENGINE_CMD_FLAG_NUMERIC},
197 #endif
198
199 @@ -1166,55 +1170,70 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
200 *
201 *****/
202
203 -static int devcrypto_unload(ENGINE *e)
204 -{
205 - destroy_all_cipher_methods();
206 -#ifdef IMPLEMENT_DIGEST
207 - destroy_all_digest_methods();
208 -#endif
209 -
210 - close(cfd);
211 -
212 - return 1;
213 -}
214 /*
215 - * This engine is always built into libcrypto, so it doesn't offer any
216 - * ability to be dynamically loadable.
217 + * Opens /dev/crypto
218 */
219 -void engine_load_devcrypto_int()
220 +static int open_devcrypto(void)
221 {
222 - ENGINE *e = NULL;
223 + if (cfd >= 0)
224 + return 1;
225
226 if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
227 #ifndef ENGINE_DEVCRYPTO_DEBUG
228 if (errno != ENOENT)
229 #endif
230 fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
231 - return;
232 + return 0;
233 }
234
235 - if ((e = ENGINE_new()) == NULL
236 - || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
237 - ENGINE_free(e);
238 - /*
239 - * We know that devcrypto_unload() won't be called when one of the
240 - * above two calls have failed, so we close cfd explicitly here to
241 - * avoid leaking resources.
242 - */
243 - close(cfd);
244 - return;
245 + return 1;
246 +}
247 +
248 +static int close_devcrypto(void)
249 +{
250 + int ret;
251 +
252 + if (cfd < 0)
253 + return 1;
254 + ret = close(cfd);
255 + cfd = -1;
256 + if (ret != 0) {
257 + fprintf(stderr, "Error closing /dev/crypto: %s\n", strerror(errno));
258 + return 0;
259 }
260 + return 1;
261 +}
262
263 - prepare_cipher_methods();
264 +static int devcrypto_unload(ENGINE *e)
265 +{
266 + destroy_all_cipher_methods();
267 #ifdef IMPLEMENT_DIGEST
268 - prepare_digest_methods();
269 + destroy_all_digest_methods();
270 #endif
271
272 - if (!ENGINE_set_id(e, "devcrypto")
273 + close_devcrypto();
274 +
275 + return 1;
276 +}
277 +
278 +static int bind_devcrypto(ENGINE *e) {
279 +
280 + if (!ENGINE_set_id(e, engine_devcrypto_id)
281 || !ENGINE_set_name(e, "/dev/crypto engine")
282 + || !ENGINE_set_destroy_function(e, devcrypto_unload)
283 || !ENGINE_set_cmd_defns(e, devcrypto_cmds)
284 - || !ENGINE_set_ctrl_function(e, devcrypto_ctrl)
285 + || !ENGINE_set_ctrl_function(e, devcrypto_ctrl))
286 + return 0;
287 +
288 + prepare_cipher_methods();
289 +#ifdef IMPLEMENT_DIGEST
290 + prepare_digest_methods();
291 +#endif
292
293 + return (ENGINE_set_ciphers(e, devcrypto_ciphers)
294 +#ifdef IMPLEMENT_DIGEST
295 + && ENGINE_set_digests(e, devcrypto_digests)
296 +#endif
297 /*
298 * Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD
299 * implementations, it seems to only exist in FreeBSD, and regarding the
300 @@ -1237,23 +1256,36 @@ void engine_load_devcrypto_int()
301 */
302 #if 0
303 # ifndef OPENSSL_NO_RSA
304 - || !ENGINE_set_RSA(e, devcrypto_rsa)
305 + && ENGINE_set_RSA(e, devcrypto_rsa)
306 # endif
307 # ifndef OPENSSL_NO_DSA
308 - || !ENGINE_set_DSA(e, devcrypto_dsa)
309 + && ENGINE_set_DSA(e, devcrypto_dsa)
310 # endif
311 # ifndef OPENSSL_NO_DH
312 - || !ENGINE_set_DH(e, devcrypto_dh)
313 + && ENGINE_set_DH(e, devcrypto_dh)
314 # endif
315 # ifndef OPENSSL_NO_EC
316 - || !ENGINE_set_EC(e, devcrypto_ec)
317 + && ENGINE_set_EC(e, devcrypto_ec)
318 # endif
319 #endif
320 - || !ENGINE_set_ciphers(e, devcrypto_ciphers)
321 -#ifdef IMPLEMENT_DIGEST
322 - || !ENGINE_set_digests(e, devcrypto_digests)
323 -#endif
324 - ) {
325 + );
326 +}
327 +
328 +#ifdef OPENSSL_NO_DYNAMIC_ENGINE
329 +/*
330 + * In case this engine is built into libcrypto, then it doesn't offer any
331 + * ability to be dynamically loadable.
332 + */
333 +void engine_load_devcrypto_int(void)
334 +{
335 + ENGINE *e = NULL;
336 +
337 + if (!open_devcrypto())
338 + return;
339 +
340 + if ((e = ENGINE_new()) == NULL
341 + || !bind_devcrypto(e)) {
342 + close_devcrypto();
343 ENGINE_free(e);
344 return;
345 }
346 @@ -1262,3 +1294,22 @@ void engine_load_devcrypto_int()
347 ENGINE_free(e); /* Loose our local reference */
348 ERR_clear_error();
349 }
350 +
351 +#else
352 +
353 +static int bind_helper(ENGINE *e, const char *id)
354 +{
355 + if ((id && (strcmp(id, engine_devcrypto_id) != 0))
356 + || !open_devcrypto())
357 + return 0;
358 + if (!bind_devcrypto(e)) {
359 + close_devcrypto();
360 + return 0;
361 + }
362 + return 1;
363 +}
364 +
365 +IMPLEMENT_DYNAMIC_CHECK_FN()
366 +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
367 +
368 +#endif
OpenWrt Source Repository