OSDN Git Service

1298efe546ba818d97ed8ad1bca2bf57a2b911d3
[immortalwrt/immortalwrt.git] / package / libs / openssl / patches / 430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch
1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2 From: Eneas U de Queiroz <cote2004-github@yahoo.com>
3 Date: Tue, 6 Nov 2018 10:57:03 -0200
4 Subject: e_devcrypto: make the /dev/crypto engine dynamic
5
6 Engine has been moved from crypto/engine/eng_devcrypto.c to
7 engines/e_devcrypto.c.
8
9 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
10
11 diff --git a/crypto/engine/build.info b/crypto/engine/build.info
12 --- a/crypto/engine/build.info
13 +++ b/crypto/engine/build.info
14 @@ -6,6 +6,3 @@ SOURCE[../../libcrypto]=\
15          tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c \
16          eng_openssl.c eng_cnf.c eng_dyn.c \
17          eng_rdrand.c
18 -IF[{- !$disabled{devcryptoeng} -}]
19 -  SOURCE[../../libcrypto]=eng_devcrypto.c
20 -ENDIF
21 diff --git a/crypto/init.c b/crypto/init.c
22 --- a/crypto/init.c
23 +++ b/crypto/init.c
24 @@ -329,18 +329,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
25      engine_load_openssl_int();
26      return 1;
27  }
28 -# ifndef OPENSSL_NO_DEVCRYPTOENG
29 -static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
30 -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
31 -{
32 -#  ifdef OPENSSL_INIT_DEBUG
33 -    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
34 -                    "engine_load_devcrypto_int()\n");
35 -#  endif
36 -    engine_load_devcrypto_int();
37 -    return 1;
38 -}
39 -# endif
40  
41  # ifndef OPENSSL_NO_RDRAND
42  static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
43 @@ -365,6 +353,18 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
44      return 1;
45  }
46  # ifndef OPENSSL_NO_STATIC_ENGINE
47 +#  ifndef OPENSSL_NO_DEVCRYPTOENG
48 +static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
49 +DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
50 +{
51 +#   ifdef OPENSSL_INIT_DEBUG
52 +    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
53 +                    "engine_load_devcrypto_int()\n");
54 +#   endif
55 +    engine_load_devcrypto_int();
56 +    return 1;
57 +}
58 +#  endif
59  #  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
60  static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
61  DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
62 @@ -713,11 +713,6 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
63      if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
64              && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
65          return 0;
66 -# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
67 -    if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
68 -            && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
69 -        return 0;
70 -# endif
71  # ifndef OPENSSL_NO_RDRAND
72      if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
73              && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
74 @@ -727,6 +722,11 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
75              && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
76          return 0;
77  # ifndef OPENSSL_NO_STATIC_ENGINE
78 +#  ifndef OPENSSL_NO_DEVCRYPTOENG
79 +    if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
80 +            && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
81 +        return 0;
82 +#  endif
83  #  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
84      if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
85              && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
86 diff --git a/engines/build.info b/engines/build.info
87 --- a/engines/build.info
88 +++ b/engines/build.info
89 @@ -11,6 +11,9 @@ IF[{- !$disabled{"engine"} -}]
90      IF[{- !$disabled{afalgeng} -}]
91        SOURCE[../libcrypto]=e_afalg.c
92      ENDIF
93 +    IF[{- !$disabled{"devcryptoeng"} -}]
94 +      SOURCE[../libcrypto]=e_devcrypto.c
95 +    ENDIF
96    ELSE
97      IF[{- !$disabled{hw} && !$disabled{'hw-padlock'} -}]
98        ENGINES=padlock
99 @@ -30,6 +33,12 @@ IF[{- !$disabled{"engine"} -}]
100        DEPEND[afalg]=../libcrypto
101        INCLUDE[afalg]= ../include
102      ENDIF
103 +    IF[{- !$disabled{"devcryptoeng"} -}]
104 +      ENGINES=devcrypto
105 +      SOURCE[devcrypto]=e_devcrypto.c
106 +      DEPEND[devcrypto]=../libcrypto
107 +      INCLUDE[devcrypto]=../include
108 +    ENDIF
109  
110      ENGINES_NO_INST=ossltest dasync
111      SOURCE[dasync]=e_dasync.c
112 diff --git a/crypto/engine/eng_devcrypto.c b/engines/e_devcrypto.c
113 similarity index 95%
114 rename from crypto/engine/eng_devcrypto.c
115 rename to engines/e_devcrypto.c
116 --- a/crypto/engine/eng_devcrypto.c
117 +++ b/engines/e_devcrypto.c
118 @@ -7,7 +7,7 @@
119   * https://www.openssl.org/source/license.html
120   */
121  
122 -#include "e_os.h"
123 +#include "../e_os.h"
124  #include <string.h>
125  #include <sys/types.h>
126  #include <sys/stat.h>
127 @@ -31,18 +31,20 @@
128  # define CHECK_BSD_STYLE_MACROS
129  #endif
130  
131 +#define engine_devcrypto_id "devcrypto"
132 +
133  /*
134   * ONE global file descriptor for all sessions.  This allows operations
135   * such as digest session data copying (see digest_copy()), but is also
136   * saner...  why re-open /dev/crypto for every session?
137   */
138 -static int cfd;
139 +static int cfd = -1;
140  #define DEVCRYPTO_REQUIRE_ACCELERATED 0 /* require confirmation of acceleration */
141  #define DEVCRYPTO_USE_SOFTWARE        1 /* allow software drivers */
142  #define DEVCRYPTO_REJECT_SOFTWARE     2 /* only disallow confirmed software drivers */
143  
144 -#define DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS DEVCRYPTO_REJECT_SOFTWARE
145 -static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS;
146 +#define DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS DEVCRYPTO_REJECT_SOFTWARE
147 +static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS;
148  
149  /*
150   * cipher/digest status & acceleration definitions
151 @@ -1058,7 +1060,7 @@ static const ENGINE_CMD_DEFN devcrypto_cmds[] = {
152          OPENSSL_MSTR(DEVCRYPTO_USE_SOFTWARE) "=allow all drivers, "
153          OPENSSL_MSTR(DEVCRYPTO_REJECT_SOFTWARE)
154          "=use if acceleration can't be determined) [default="
155 -        OPENSSL_MSTR(DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS) "]",
156 +        OPENSSL_MSTR(DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS) "]",
157      ENGINE_CMD_FLAG_NUMERIC},
158  #endif
159  
160 @@ -1166,32 +1168,22 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
161   *
162   *****/
163  
164 -static int devcrypto_unload(ENGINE *e)
165 -{
166 -    destroy_all_cipher_methods();
167 -#ifdef IMPLEMENT_DIGEST
168 -    destroy_all_digest_methods();
169 -#endif
170 -
171 -    close(cfd);
172 -
173 -    return 1;
174 -}
175  /*
176 - * This engine is always built into libcrypto, so it doesn't offer any
177 - * ability to be dynamically loadable.
178 + * Opens /dev/crypto
179   */
180 -void engine_load_devcrypto_int()
181 +static int open_devcrypto(void)
182  {
183 -    ENGINE *e = NULL;
184      int fd;
185  
186 +    if (cfd >= 0)
187 +        return 1;
188 +
189      if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
190  #ifndef ENGINE_DEVCRYPTO_DEBUG
191          if (errno != ENOENT)
192  #endif
193              fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
194 -        return;
195 +        return 0;
196      }
197  
198  #ifdef CRIOGET
199 @@ -1199,35 +1191,61 @@ void engine_load_devcrypto_int()
200          fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno));
201          close(fd);
202          cfd = -1;
203 -        return;
204 +        return 0;
205      }
206      close(fd);
207  #else
208      cfd = fd;
209  #endif
210  
211 -    if ((e = ENGINE_new()) == NULL
212 -        || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
213 -        ENGINE_free(e);
214 -        /*
215 -         * We know that devcrypto_unload() won't be called when one of the
216 -         * above two calls have failed, so we close cfd explicitly here to
217 -         * avoid leaking resources.
218 -         */
219 -        close(cfd);
220 -        return;
221 +    return 1;
222 +}
223 +
224 +static int close_devcrypto(void)
225 +{
226 +    int ret;
227 +
228 +    if (cfd < 0)
229 +        return 1;
230 +    ret = close(cfd);
231 +    cfd = -1;
232 +    if (ret != 0) {
233 +        fprintf(stderr, "Error closing /dev/crypto: %s\n", strerror(errno));
234 +        return 0;
235      }
236 +    return 1;
237 +}
238  
239 -    prepare_cipher_methods();
240 +static int devcrypto_unload(ENGINE *e)
241 +{
242 +    destroy_all_cipher_methods();
243  #ifdef IMPLEMENT_DIGEST
244 -    prepare_digest_methods();
245 +    destroy_all_digest_methods();
246  #endif
247  
248 -    if (!ENGINE_set_id(e, "devcrypto")
249 +    close_devcrypto();
250 +
251 +    return 1;
252 +}
253 +
254 +static int bind_devcrypto(ENGINE *e) {
255 +
256 +    if (!ENGINE_set_id(e, engine_devcrypto_id)
257          || !ENGINE_set_name(e, "/dev/crypto engine")
258 +        || !ENGINE_set_destroy_function(e, devcrypto_unload)
259          || !ENGINE_set_cmd_defns(e, devcrypto_cmds)
260 -        || !ENGINE_set_ctrl_function(e, devcrypto_ctrl)
261 +        || !ENGINE_set_ctrl_function(e, devcrypto_ctrl))
262 +        return 0;
263  
264 +    prepare_cipher_methods();
265 +#ifdef IMPLEMENT_DIGEST
266 +    prepare_digest_methods();
267 +#endif
268 +
269 +    return (ENGINE_set_ciphers(e, devcrypto_ciphers)
270 +#ifdef IMPLEMENT_DIGEST
271 +        && ENGINE_set_digests(e, devcrypto_digests)
272 +#endif
273  /*
274   * Asymmetric ciphers aren't well supported with /dev/crypto.  Among the BSD
275   * implementations, it seems to only exist in FreeBSD, and regarding the
276 @@ -1250,23 +1268,36 @@ void engine_load_devcrypto_int()
277   */
278  #if 0
279  # ifndef OPENSSL_NO_RSA
280 -        || !ENGINE_set_RSA(e, devcrypto_rsa)
281 +        && ENGINE_set_RSA(e, devcrypto_rsa)
282  # endif
283  # ifndef OPENSSL_NO_DSA
284 -        || !ENGINE_set_DSA(e, devcrypto_dsa)
285 +        && ENGINE_set_DSA(e, devcrypto_dsa)
286  # endif
287  # ifndef OPENSSL_NO_DH
288 -        || !ENGINE_set_DH(e, devcrypto_dh)
289 +        && ENGINE_set_DH(e, devcrypto_dh)
290  # endif
291  # ifndef OPENSSL_NO_EC
292 -        || !ENGINE_set_EC(e, devcrypto_ec)
293 +        && ENGINE_set_EC(e, devcrypto_ec)
294  # endif
295  #endif
296 -        || !ENGINE_set_ciphers(e, devcrypto_ciphers)
297 -#ifdef IMPLEMENT_DIGEST
298 -        || !ENGINE_set_digests(e, devcrypto_digests)
299 -#endif
300 -        ) {
301 +        );
302 +}
303 +
304 +#ifdef OPENSSL_NO_DYNAMIC_ENGINE
305 +/*
306 + * In case this engine is built into libcrypto, then it doesn't offer any
307 + * ability to be dynamically loadable.
308 + */
309 +void engine_load_devcrypto_int(void)
310 +{
311 +    ENGINE *e = NULL;
312 +
313 +    if (!open_devcrypto())
314 +        return;
315 +
316 +    if ((e = ENGINE_new()) == NULL
317 +        || !bind_devcrypto(e)) {
318 +        close_devcrypto();
319          ENGINE_free(e);
320          return;
321      }
322 @@ -1275,3 +1306,22 @@ void engine_load_devcrypto_int()
323      ENGINE_free(e);          /* Loose our local reference */
324      ERR_clear_error();
325  }
326 +
327 +#else
328 +
329 +static int bind_helper(ENGINE *e, const char *id)
330 +{
331 +    if ((id && (strcmp(id, engine_devcrypto_id) != 0))
332 +        || !open_devcrypto())
333 +        return 0;
334 +    if (!bind_devcrypto(e)) {
335 +        close_devcrypto();
336 +        return 0;
337 +    }
338 +    return 1;
339 +}
340 +
341 +IMPLEMENT_DYNAMIC_CHECK_FN()
342 +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
343 +
344 +#endif