package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch

   1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
   2 From: Eneas U de Queiroz <cote2004-github@yahoo.com>
   3 Date: Tue, 6 Nov 2018 10:57:03 -0200
   4 Subject: e_devcrypto: make the /dev/crypto engine dynamic
   5
   6 Engine has been moved from crypto/engine/eng_devcrypto.c to
   7 engines/e_devcrypto.c.
   8
   9 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
  10
  11 diff --git a/crypto/engine/build.info b/crypto/engine/build.info
  12 --- a/crypto/engine/build.info
  13 +++ b/crypto/engine/build.info
  14 @@ -6,6 +6,3 @@ SOURCE[../../libcrypto]=\
  15          tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c \
  16          eng_openssl.c eng_cnf.c eng_dyn.c \
  17          eng_rdrand.c
  18 -IF[{- !$disabled{devcryptoeng} -}]
  19 -  SOURCE[../../libcrypto]=eng_devcrypto.c
  20 -ENDIF
  21 diff --git a/crypto/init.c b/crypto/init.c
  22 --- a/crypto/init.c
  23 +++ b/crypto/init.c
  24 @@ -329,18 +329,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
  25      engine_load_openssl_int();
  26      return 1;
  27  }
  28 -# ifndef OPENSSL_NO_DEVCRYPTOENG
  29 -static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
  30 -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
  31 -{
  32 -#  ifdef OPENSSL_INIT_DEBUG
  33 -    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
  34 -                    "engine_load_devcrypto_int()\n");
  35 -#  endif
  36 -    engine_load_devcrypto_int();
  37 -    return 1;
  38 -}
  39 -# endif
  40
  41  # ifndef OPENSSL_NO_RDRAND
  42  static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
  43 @@ -365,6 +353,18 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
  44      return 1;
  45  }
  46  # ifndef OPENSSL_NO_STATIC_ENGINE
  47 +#  ifndef OPENSSL_NO_DEVCRYPTOENG
  48 +static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
  49 +DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
  50 +{
  51 +#   ifdef OPENSSL_INIT_DEBUG
  52 +    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
  53 +                    "engine_load_devcrypto_int()\n");
  54 +#   endif
  55 +    engine_load_devcrypto_int();
  56 +    return 1;
  57 +}
  58 +#  endif
  59  #  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
  60  static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
  61  DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
  62 @@ -713,11 +713,6 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
  63      if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
  64              && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
  65          return 0;
  66 -# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
  67 -    if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
  68 -            && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
  69 -        return 0;
  70 -# endif
  71  # ifndef OPENSSL_NO_RDRAND
  72      if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
  73              && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
  74 @@ -727,6 +722,11 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
  75              && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
  76          return 0;
  77  # ifndef OPENSSL_NO_STATIC_ENGINE
  78 +#  ifndef OPENSSL_NO_DEVCRYPTOENG
  79 +    if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
  80 +            && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
  81 +        return 0;
  82 +#  endif
  83  #  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
  84      if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
  85              && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
  86 diff --git a/engines/build.info b/engines/build.info
  87 --- a/engines/build.info
  88 +++ b/engines/build.info
  89 @@ -11,6 +11,9 @@ IF[{- !$disabled{"engine"} -}]
  90      IF[{- !$disabled{afalgeng} -}]
  91        SOURCE[../libcrypto]=e_afalg.c
  92      ENDIF
  93 +    IF[{- !$disabled{"devcryptoeng"} -}]
  94 +      SOURCE[../libcrypto]=e_devcrypto.c
  95 +    ENDIF
  96    ELSE
  97      IF[{- !$disabled{hw} && !$disabled{'hw-padlock'} -}]
  98        ENGINES=padlock
  99 @@ -30,6 +33,12 @@ IF[{- !$disabled{"engine"} -}]
 100        DEPEND[afalg]=../libcrypto
 101        INCLUDE[afalg]= ../include
 102      ENDIF
 103 +    IF[{- !$disabled{"devcryptoeng"} -}]
 104 +      ENGINES=devcrypto
 105 +      SOURCE[devcrypto]=e_devcrypto.c
 106 +      DEPEND[devcrypto]=../libcrypto
 107 +      INCLUDE[devcrypto]=../include
 108 +    ENDIF
 109
 110      ENGINES_NO_INST=ossltest dasync
 111      SOURCE[dasync]=e_dasync.c
 112 diff --git a/crypto/engine/eng_devcrypto.c b/engines/e_devcrypto.c
 113 similarity index 95%
 114 rename from crypto/engine/eng_devcrypto.c
 115 rename to engines/e_devcrypto.c
 116 --- a/crypto/engine/eng_devcrypto.c
 117 +++ b/engines/e_devcrypto.c
 118 @@ -7,7 +7,7 @@
 119   * https://www.openssl.org/source/license.html
 120   */
 121
 122 -#include "e_os.h"
 123 +#include "../e_os.h"
 124  #include <string.h>
 125  #include <sys/types.h>
 126  #include <sys/stat.h>
 127 @@ -31,18 +31,20 @@
 128  # define CHECK_BSD_STYLE_MACROS
 129  #endif
 130
 131 +#define engine_devcrypto_id "devcrypto"
 132 +
 133  /*
 134   * ONE global file descriptor for all sessions.  This allows operations
 135   * such as digest session data copying (see digest_copy()), but is also
 136   * saner...  why re-open /dev/crypto for every session?
 137   */
 138 -static int cfd;
 139 +static int cfd = -1;
 140  #define DEVCRYPTO_REQUIRE_ACCELERATED 0 /* require confirmation of acceleration */
 141  #define DEVCRYPTO_USE_SOFTWARE        1 /* allow software drivers */
 142  #define DEVCRYPTO_REJECT_SOFTWARE     2 /* only disallow confirmed software drivers */
 143
 144 -#define DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS DEVCRYPTO_REJECT_SOFTWARE
 145 -static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS;
 146 +#define DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS DEVCRYPTO_REJECT_SOFTWARE
 147 +static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS;
 148
 149  /*
 150   * cipher/digest status & acceleration definitions
 151 @@ -1058,7 +1060,7 @@ static const ENGINE_CMD_DEFN devcrypto_cmds[] = {
 152          OPENSSL_MSTR(DEVCRYPTO_USE_SOFTWARE) "=allow all drivers, "
 153          OPENSSL_MSTR(DEVCRYPTO_REJECT_SOFTWARE)
 154          "=use if acceleration can't be determined) [default="
 155 -        OPENSSL_MSTR(DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS) "]",
 156 +        OPENSSL_MSTR(DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS) "]",
 157      ENGINE_CMD_FLAG_NUMERIC},
 158  #endif
 159
 160 @@ -1166,32 +1168,22 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
 161   *
 162   *****/
 163
 164 -static int devcrypto_unload(ENGINE *e)
 165 -{
 166 -    destroy_all_cipher_methods();
 167 -#ifdef IMPLEMENT_DIGEST
 168 -    destroy_all_digest_methods();
 169 -#endif
 170 -
 171 -    close(cfd);
 172 -
 173 -    return 1;
 174 -}
 175  /*
 176 - * This engine is always built into libcrypto, so it doesn't offer any
 177 - * ability to be dynamically loadable.
 178 + * Opens /dev/crypto
 179   */
 180 -void engine_load_devcrypto_int()
 181 +static int open_devcrypto(void)
 182  {
 183 -    ENGINE *e = NULL;
 184      int fd;
 185
 186 +    if (cfd >= 0)
 187 +        return 1;
 188 +
 189      if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
 190  #ifndef ENGINE_DEVCRYPTO_DEBUG
 191          if (errno != ENOENT)
 192  #endif
 193              fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
 194 -        return;
 195 +        return 0;
 196      }
 197
 198  #ifdef CRIOGET
 199 @@ -1199,35 +1191,61 @@ void engine_load_devcrypto_int()
 200          fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno));
 201          close(fd);
 202          cfd = -1;
 203 -        return;
 204 +        return 0;
 205      }
 206      close(fd);
 207  #else
 208      cfd = fd;
 209  #endif
 210
 211 -    if ((e = ENGINE_new()) == NULL
 212 -        || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
 213 -        ENGINE_free(e);
 214 -        /*
 215 -         * We know that devcrypto_unload() won't be called when one of the
 216 -         * above two calls have failed, so we close cfd explicitly here to
 217 -         * avoid leaking resources.
 218 -         */
 219 -        close(cfd);
 220 -        return;
 221 +    return 1;
 222 +}
 223 +
 224 +static int close_devcrypto(void)
 225 +{
 226 +    int ret;
 227 +
 228 +    if (cfd < 0)
 229 +        return 1;
 230 +    ret = close(cfd);
 231 +    cfd = -1;
 232 +    if (ret != 0) {
 233 +        fprintf(stderr, "Error closing /dev/crypto: %s\n", strerror(errno));
 234 +        return 0;
 235      }
 236 +    return 1;
 237 +}
 238
 239 -    prepare_cipher_methods();
 240 +static int devcrypto_unload(ENGINE *e)
 241 +{
 242 +    destroy_all_cipher_methods();
 243  #ifdef IMPLEMENT_DIGEST
 244 -    prepare_digest_methods();
 245 +    destroy_all_digest_methods();
 246  #endif
 247
 248 -    if (!ENGINE_set_id(e, "devcrypto")
 249 +    close_devcrypto();
 250 +
 251 +    return 1;
 252 +}
 253 +
 254 +static int bind_devcrypto(ENGINE *e) {
 255 +
 256 +    if (!ENGINE_set_id(e, engine_devcrypto_id)
 257          || !ENGINE_set_name(e, "/dev/crypto engine")
 258 +        || !ENGINE_set_destroy_function(e, devcrypto_unload)
 259          || !ENGINE_set_cmd_defns(e, devcrypto_cmds)
 260 -        || !ENGINE_set_ctrl_function(e, devcrypto_ctrl)
 261 +        || !ENGINE_set_ctrl_function(e, devcrypto_ctrl))
 262 +        return 0;
 263
 264 +    prepare_cipher_methods();
 265 +#ifdef IMPLEMENT_DIGEST
 266 +    prepare_digest_methods();
 267 +#endif
 268 +
 269 +    return (ENGINE_set_ciphers(e, devcrypto_ciphers)
 270 +#ifdef IMPLEMENT_DIGEST
 271 +        && ENGINE_set_digests(e, devcrypto_digests)
 272 +#endif
 273  /*
 274   * Asymmetric ciphers aren't well supported with /dev/crypto.  Among the BSD
 275   * implementations, it seems to only exist in FreeBSD, and regarding the
 276 @@ -1250,23 +1268,36 @@ void engine_load_devcrypto_int()
 277   */
 278  #if 0
 279  # ifndef OPENSSL_NO_RSA
 280 -        || !ENGINE_set_RSA(e, devcrypto_rsa)
 281 +        && ENGINE_set_RSA(e, devcrypto_rsa)
 282  # endif
 283  # ifndef OPENSSL_NO_DSA
 284 -        || !ENGINE_set_DSA(e, devcrypto_dsa)
 285 +        && ENGINE_set_DSA(e, devcrypto_dsa)
 286  # endif
 287  # ifndef OPENSSL_NO_DH
 288 -        || !ENGINE_set_DH(e, devcrypto_dh)
 289 +        && ENGINE_set_DH(e, devcrypto_dh)
 290  # endif
 291  # ifndef OPENSSL_NO_EC
 292 -        || !ENGINE_set_EC(e, devcrypto_ec)
 293 +        && ENGINE_set_EC(e, devcrypto_ec)
 294  # endif
 295  #endif
 296 -        || !ENGINE_set_ciphers(e, devcrypto_ciphers)
 297 -#ifdef IMPLEMENT_DIGEST
 298 -        || !ENGINE_set_digests(e, devcrypto_digests)
 299 -#endif
 300 -        ) {
 301 +        );
 302 +}
 303 +
 304 +#ifdef OPENSSL_NO_DYNAMIC_ENGINE
 305 +/*
 306 + * In case this engine is built into libcrypto, then it doesn't offer any
 307 + * ability to be dynamically loadable.
 308 + */
 309 +void engine_load_devcrypto_int(void)
 310 +{
 311 +    ENGINE *e = NULL;
 312 +
 313 +    if (!open_devcrypto())
 314 +        return;
 315 +
 316 +    if ((e = ENGINE_new()) == NULL
 317 +        || !bind_devcrypto(e)) {
 318 +        close_devcrypto();
 319          ENGINE_free(e);
 320          return;
 321      }
 322 @@ -1275,3 +1306,22 @@ void engine_load_devcrypto_int()
 323      ENGINE_free(e);          /* Loose our local reference */
 324      ERR_clear_error();
 325  }
 326 +
 327 +#else
 328 +
 329 +static int bind_helper(ENGINE *e, const char *id)
 330 +{
 331 +    if ((id && (strcmp(id, engine_devcrypto_id) != 0))
 332 +        || !open_devcrypto())
 333 +        return 0;
 334 +    if (!bind_devcrypto(e)) {
 335 +        close_devcrypto();
 336 +        return 0;
 337 +    }
 338 +    return 1;
 339 +}
 340 +
 341 +IMPLEMENT_DYNAMIC_CHECK_FN()
 342 +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
 343 +
 344 +#endif