projects / librecmc / librecmc.git / blob
? search:


ea3f8fb8a7f5dda53b3faace5993a6a89075c2ea
[librecmc/librecmc.git] / package / libs / openssl / patches / 430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch
1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2 From: Eneas U de Queiroz <cote2004-github@yahoo.com>
3 Date: Tue, 6 Nov 2018 10:57:03 -0200
4 Subject: e_devcrypto: make the /dev/crypto engine dynamic
5
6 Engine has been moved from crypto/engine/eng_devcrypto.c to
7 engines/e_devcrypto.c.
8
9 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
10
11 diff --git a/crypto/engine/build.info b/crypto/engine/build.info
12 index e00802a3fd..47fe948966 100644
13 --- a/crypto/engine/build.info
14 +++ b/crypto/engine/build.info
15 @@ -6,6 +6,3 @@ SOURCE[../../libcrypto]=\
16          tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c \
17          eng_openssl.c eng_cnf.c eng_dyn.c \
18          eng_rdrand.c
19 -IF[{- !$disabled{devcryptoeng} -}]
20 -  SOURCE[../../libcrypto]=eng_devcrypto.c
21 -ENDIF
22 diff --git a/crypto/init.c b/crypto/init.c
23 index 1b0d523bea..ee3e2eb075 100644
24 --- a/crypto/init.c
25 +++ b/crypto/init.c
26 @@ -329,18 +329,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
27      engine_load_openssl_int();
28      return 1;
29  }
30 -# ifndef OPENSSL_NO_DEVCRYPTOENG
31 -static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
32 -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
33 -{
34 -#  ifdef OPENSSL_INIT_DEBUG
35 -    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
36 -                    "engine_load_devcrypto_int()\n");
37 -#  endif
38 -    engine_load_devcrypto_int();
39 -    return 1;
40 -}
41 -# endif
42  
43  # ifndef OPENSSL_NO_RDRAND
44  static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
45 @@ -365,6 +353,18 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
46      return 1;
47  }
48  # ifndef OPENSSL_NO_STATIC_ENGINE
49 +#  ifndef OPENSSL_NO_DEVCRYPTOENG
50 +static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
51 +DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
52 +{
53 +#   ifdef OPENSSL_INIT_DEBUG
54 +    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
55 +                    "engine_load_devcrypto_int()\n");
56 +#   endif
57 +    engine_load_devcrypto_int();
58 +    return 1;
59 +}
60 +#  endif
61  #  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
62  static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
63  DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
64 @@ -713,11 +713,6 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
65      if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
66              && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
67          return 0;
68 -# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
69 -    if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
70 -            && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
71 -        return 0;
72 -# endif
73  # ifndef OPENSSL_NO_RDRAND
74      if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
75              && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
76 @@ -727,6 +722,11 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
77              && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
78          return 0;
79  # ifndef OPENSSL_NO_STATIC_ENGINE
80 +#  ifndef OPENSSL_NO_DEVCRYPTOENG
81 +    if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
82 +            && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
83 +        return 0;
84 +#  endif
85  #  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
86      if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
87              && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
88 diff --git a/engines/build.info b/engines/build.info
89 index 1db771971c..33a25d7004 100644
90 --- a/engines/build.info
91 +++ b/engines/build.info
92 @@ -11,6 +11,9 @@ IF[{- !$disabled{"engine"} -}]
93      IF[{- !$disabled{afalgeng} -}]
94        SOURCE[../libcrypto]=e_afalg.c
95      ENDIF
96 +    IF[{- !$disabled{"devcryptoeng"} -}]
97 +      SOURCE[../libcrypto]=e_devcrypto.c
98 +    ENDIF
99    ELSE
100      IF[{- !$disabled{hw} && !$disabled{'hw-padlock'} -}]
101        ENGINES=padlock
102 @@ -30,6 +33,12 @@ IF[{- !$disabled{"engine"} -}]
103        DEPEND[afalg]=../libcrypto
104        INCLUDE[afalg]= ../include
105      ENDIF
106 +    IF[{- !$disabled{"devcryptoeng"} -}]
107 +      ENGINES=devcrypto
108 +      SOURCE[devcrypto]=e_devcrypto.c
109 +      DEPEND[devcrypto]=../libcrypto
110 +      INCLUDE[devcrypto]=../include
111 +    ENDIF
112  
113      ENGINES_NO_INST=ossltest dasync
114      SOURCE[dasync]=e_dasync.c
115 diff --git a/crypto/engine/eng_devcrypto.c b/engines/e_devcrypto.c
116 similarity index 95%
117 rename from crypto/engine/eng_devcrypto.c
118 rename to engines/e_devcrypto.c
119 index 2c1b52d572..eff1ed3a7d 100644
120 --- a/crypto/engine/eng_devcrypto.c
121 +++ b/engines/e_devcrypto.c
122 @@ -7,7 +7,7 @@
123   * https://www.openssl.org/source/license.html
124   */
125  
126 -#include "e_os.h"
127 +#include "../e_os.h"
128  #include <string.h>
129  #include <sys/types.h>
130  #include <sys/stat.h>
131 @@ -31,18 +31,20 @@
132  # define CHECK_BSD_STYLE_MACROS
133  #endif
134  
135 +#define engine_devcrypto_id "devcrypto"
136 +
137  /*
138   * ONE global file descriptor for all sessions.  This allows operations
139   * such as digest session data copying (see digest_copy()), but is also
140   * saner...  why re-open /dev/crypto for every session?
141   */
142 -static int cfd;
143 +static int cfd = -1;
144  #define DEVCRYPTO_REQUIRE_ACCELERATED 0 /* require confirmation of acceleration */
145  #define DEVCRYPTO_USE_SOFTWARE        1 /* allow software drivers */
146  #define DEVCRYPTO_REJECT_SOFTWARE     2 /* only disallow confirmed software drivers */
147  
148 -#define DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS DEVCRYPTO_REJECT_SOFTWARE
149 -static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS;
150 +#define DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS DEVCRYPTO_REJECT_SOFTWARE
151 +static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS;
152  
153  /*
154   * cipher/digest status & acceleration definitions
155 @@ -1058,7 +1060,7 @@ static const ENGINE_CMD_DEFN devcrypto_cmds[] = {
156          OPENSSL_MSTR(DEVCRYPTO_USE_SOFTWARE) "=allow all drivers, "
157          OPENSSL_MSTR(DEVCRYPTO_REJECT_SOFTWARE)
158          "=use if acceleration can't be determined) [default="
159 -        OPENSSL_MSTR(DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS) "]",
160 +        OPENSSL_MSTR(DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS) "]",
161      ENGINE_CMD_FLAG_NUMERIC},
162  #endif
163  
164 @@ -1166,32 +1168,22 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
165   *
166   *****/
167  
168 -static int devcrypto_unload(ENGINE *e)
169 -{
170 -    destroy_all_cipher_methods();
171 -#ifdef IMPLEMENT_DIGEST
172 -    destroy_all_digest_methods();
173 -#endif
174 -
175 -    close(cfd);
176 -
177 -    return 1;
178 -}
179  /*
180 - * This engine is always built into libcrypto, so it doesn't offer any
181 - * ability to be dynamically loadable.
182 + * Opens /dev/crypto
183   */
184 -void engine_load_devcrypto_int()
185 +static int open_devcrypto(void)
186  {
187 -    ENGINE *e = NULL;
188      int fd;
189  
190 +    if (cfd >= 0)
191 +        return 1;
192 +
193      if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
194  #ifndef ENGINE_DEVCRYPTO_DEBUG
195          if (errno != ENOENT)
196  #endif
197              fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
198 -        return;
199 +        return 0;
200      }
201  
202  #ifdef CRIOGET
203 @@ -1199,35 +1191,61 @@ void engine_load_devcrypto_int()
204          fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno));
205          close(fd);
206          cfd = -1;
207 -        return;
208 +        return 0;
209      }
210      close(fd);
211  #else
212      cfd = fd;
213  #endif
214  
215 -    if ((e = ENGINE_new()) == NULL
216 -        || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
217 -        ENGINE_free(e);
218 -        /*
219 -         * We know that devcrypto_unload() won't be called when one of the
220 -         * above two calls have failed, so we close cfd explicitly here to
221 -         * avoid leaking resources.
222 -         */
223 -        close(cfd);
224 -        return;
225 +    return 1;
226 +}
227 +
228 +static int close_devcrypto(void)
229 +{
230 +    int ret;
231 +
232 +    if (cfd < 0)
233 +        return 1;
234 +    ret = close(cfd);
235 +    cfd = -1;
236 +    if (ret != 0) {
237 +        fprintf(stderr, "Error closing /dev/crypto: %s\n", strerror(errno));
238 +        return 0;
239      }
240 +    return 1;
241 +}
242  
243 -    prepare_cipher_methods();
244 +static int devcrypto_unload(ENGINE *e)
245 +{
246 +    destroy_all_cipher_methods();
247  #ifdef IMPLEMENT_DIGEST
248 -    prepare_digest_methods();
249 +    destroy_all_digest_methods();
250  #endif
251  
252 -    if (!ENGINE_set_id(e, "devcrypto")
253 +    close_devcrypto();
254 +
255 +    return 1;
256 +}
257 +
258 +static int bind_devcrypto(ENGINE *e) {
259 +
260 +    if (!ENGINE_set_id(e, engine_devcrypto_id)
261          || !ENGINE_set_name(e, "/dev/crypto engine")
262 +        || !ENGINE_set_destroy_function(e, devcrypto_unload)
263          || !ENGINE_set_cmd_defns(e, devcrypto_cmds)
264 -        || !ENGINE_set_ctrl_function(e, devcrypto_ctrl)
265 +        || !ENGINE_set_ctrl_function(e, devcrypto_ctrl))
266 +        return 0;
267  
268 +    prepare_cipher_methods();
269 +#ifdef IMPLEMENT_DIGEST
270 +    prepare_digest_methods();
271 +#endif
272 +
273 +    return (ENGINE_set_ciphers(e, devcrypto_ciphers)
274 +#ifdef IMPLEMENT_DIGEST
275 +        && ENGINE_set_digests(e, devcrypto_digests)
276 +#endif
277  /*
278   * Asymmetric ciphers aren't well supported with /dev/crypto.  Among the BSD
279   * implementations, it seems to only exist in FreeBSD, and regarding the
280 @@ -1250,23 +1268,36 @@ void engine_load_devcrypto_int()
281   */
282  #if 0
283  # ifndef OPENSSL_NO_RSA
284 -        || !ENGINE_set_RSA(e, devcrypto_rsa)
285 +        && ENGINE_set_RSA(e, devcrypto_rsa)
286  # endif
287  # ifndef OPENSSL_NO_DSA
288 -        || !ENGINE_set_DSA(e, devcrypto_dsa)
289 +        && ENGINE_set_DSA(e, devcrypto_dsa)
290  # endif
291  # ifndef OPENSSL_NO_DH
292 -        || !ENGINE_set_DH(e, devcrypto_dh)
293 +        && ENGINE_set_DH(e, devcrypto_dh)
294  # endif
295  # ifndef OPENSSL_NO_EC
296 -        || !ENGINE_set_EC(e, devcrypto_ec)
297 +        && ENGINE_set_EC(e, devcrypto_ec)
298  # endif
299  #endif
300 -        || !ENGINE_set_ciphers(e, devcrypto_ciphers)
301 -#ifdef IMPLEMENT_DIGEST
302 -        || !ENGINE_set_digests(e, devcrypto_digests)
303 -#endif
304 -        ) {
305 +        );
306 +}
307 +
308 +#ifdef OPENSSL_NO_DYNAMIC_ENGINE
309 +/*
310 + * In case this engine is built into libcrypto, then it doesn't offer any
311 + * ability to be dynamically loadable.
312 + */
313 +void engine_load_devcrypto_int(void)
314 +{
315 +    ENGINE *e = NULL;
316 +
317 +    if (!open_devcrypto())
318 +        return;
319 +
320 +    if ((e = ENGINE_new()) == NULL
321 +        || !bind_devcrypto(e)) {
322 +        close_devcrypto();
323          ENGINE_free(e);
324          return;
325      }
326 @@ -1275,3 +1306,22 @@ void engine_load_devcrypto_int()
327      ENGINE_free(e);          /* Loose our local reference */
328      ERR_clear_error();
329  }
330 +
331 +#else
332 +
333 +static int bind_helper(ENGINE *e, const char *id)
334 +{
335 +    if ((id && (strcmp(id, engine_devcrypto_id) != 0))
336 +        || !open_devcrypto())
337 +        return 0;
338 +    if (!bind_devcrypto(e)) {
339 +        close_devcrypto();
340 +        return 0;
341 +    }
342 +    return 1;
343 +}
344 +
345 +IMPLEMENT_DYNAMIC_CHECK_FN()
346 +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
347 +
348 +#endif