1 files changed, 51 insertions, 20 deletions
diff --git a/src/lib/libcrypto/engine/eng_cryptodev.c b/src/lib/libcrypto/engine/eng_cryptodev.c
index 52f4ca3901..5a715aca4f 100644
--- a/src/lib/libcrypto/engine/eng_cryptodev.c
+++ b/src/lib/libcrypto/engine/eng_cryptodev.c
@@ -79,8 +79,6 @@ struct dev_crypto_state {
        unsigned char digest_res[HASH_MAX_LEN];
        char *mac_data;
        int mac_len;
-        int copy;
 #endif
 };
@@ -200,6 +198,7 @@ get_dev_crypto(void)
        if ((fd = open_dev_crypto()) == -1)
                return (-1);
+#ifndef CRIOGET_NOT_NEEDED
        if (ioctl(fd, CRIOGET, &retfd) == -1)
                return (-1);
@@ -208,9 +207,19 @@ get_dev_crypto(void)
                close(retfd);
                return (-1);
        }
+#else
+        retfd = fd;
+#endif
        return (retfd);
 }
+static void put_dev_crypto(int fd)
+{
+#ifndef CRIOGET_NOT_NEEDED
+        close(fd);
+#endif
+}
 /* Caching version for asym operations */
 static int
 get_asym_dev_crypto(void)
@@ -252,7 +261,7 @@ get_cryptodev_ciphers(const int **cnids)
                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
                        nids[count++] = ciphers[i].nid;
        }
-        close(fd);
+        put_dev_crypto(fd);
        if (count > 0)
                *cnids = nids;
@@ -291,7 +300,7 @@ get_cryptodev_digests(const int **cnids)
                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
                        nids[count++] = digests[i].nid;
        }
-        close(fd);
+        put_dev_crypto(fd);
        if (count > 0)
                *cnids = nids;
@@ -436,7 +445,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        sess->cipher = cipher;
        if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-                close(state->d_fd);
+                put_dev_crypto(state->d_fd);
                state->d_fd = -1;
                return (0);
        }
@@ -473,7 +482,7 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
        } else {
                ret = 1;
        }
-        close(state->d_fd);
+        put_dev_crypto(state->d_fd);
        state->d_fd = -1;
        return (ret);
@@ -686,7 +695,7 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
        sess->mac = digest;
        if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-                close(state->d_fd);
+                put_dev_crypto(state->d_fd);
                state->d_fd = -1;
                printf("cryptodev_digest_init: Open session failed\n");
                return (0);
@@ -758,14 +767,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
        if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
                /* if application doesn't support one buffer */
                memset(&cryp, 0, sizeof(cryp));
                cryp.ses = sess->ses;
                cryp.flags = 0;
                cryp.len = state->mac_len;
                cryp.src = state->mac_data;
                cryp.dst = NULL;
                cryp.mac = (caddr_t)md;
                if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
                        printf("cryptodev_digest_final: digest failed\n");
                        return (0);
@@ -786,6 +793,9 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
        struct dev_crypto_state *state = ctx->md_data;
        struct session_op *sess = &state->d_sess;
+        if (state == NULL)
+          return 0;
        if (state->d_fd < 0) {
                printf("cryptodev_digest_cleanup: illegal input\n");
                return (0);
@@ -797,16 +807,13 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
                state->mac_len = 0;
        }
-        if (state->copy)
-                return 1;
        if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
                printf("cryptodev_digest_cleanup: failed to close session\n");
                ret = 0;
        } else {
                ret = 1;
        }
-        close(state->d_fd);     
+        put_dev_crypto(state->d_fd);    
        state->d_fd = -1;
        return (ret);
@@ -816,15 +823,39 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
 {
        struct dev_crypto_state *fstate = from->md_data;
        struct dev_crypto_state *dstate = to->md_data;
+        struct session_op *sess;
+        int digest;
-        memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
+        if (dstate == NULL || fstate == NULL)
+          return 1;
-        if (fstate->mac_len != 0) {
+        memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
-                dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
-                memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+        sess = &dstate->d_sess;
+        digest = digest_nid_to_cryptodev(to->digest->type);
+        sess->mackey = dstate->dummy_mac_key;
+        sess->mackeylen = digest_key_length(to->digest->type);
+        sess->mac = digest;
+        dstate->d_fd = get_dev_crypto();
+        if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
+                put_dev_crypto(dstate->d_fd);
+                dstate->d_fd = -1;
+                printf("cryptodev_digest_init: Open session failed\n");
+                return (0);
        }
-        dstate->copy = 1;
+        if (fstate->mac_len != 0) {
+                if (fstate->mac_data != NULL)
+                        {
+                        dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+                        memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+                        dstate->mac_len = fstate->mac_len;
+                        }
+        }
        return 1;
 }
@@ -1347,11 +1378,11 @@ ENGINE_load_cryptodev(void)
         * find out what asymmetric crypto algorithms we support
         */
        if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
-                close(fd);
+                put_dev_crypto(fd);
                ENGINE_free(engine);
                return;
        }
-        close(fd);
+        put_dev_crypto(fd);
        if (!ENGINE_set_id(engine, "cryptodev") ||
            !ENGINE_set_name(engine, "BSD cryptodev engine") ||

diff --git a/src/lib/libcrypto/engine/eng_cryptodev.c b/src/lib/libcrypto/engine/eng_cryptodev.c index 52f4ca3901..5a715aca4f 100644 --- a/src/lib/libcrypto/engine/eng_cryptodev.c +++ b/src/lib/libcrypto/engine/eng_cryptodev.c
@@ -79,8 +79,6 @@ struct dev_crypto_state {
79	unsigned char digest_res[HASH_MAX_LEN];	79	unsigned char digest_res[HASH_MAX_LEN];
80	char *mac_data;	80	char *mac_data;
81	int mac_len;	81	int mac_len;
82
83	int copy;
84	#endif	82	#endif
85	};	83	};
86		84
@@ -200,6 +198,7 @@ get_dev_crypto(void)
200		198
201	if ((fd = open_dev_crypto()) == -1)	199	if ((fd = open_dev_crypto()) == -1)
202	return (-1);	200	return (-1);
		201	#ifndef CRIOGET_NOT_NEEDED
203	if (ioctl(fd, CRIOGET, &retfd) == -1)	202	if (ioctl(fd, CRIOGET, &retfd) == -1)
204	return (-1);	203	return (-1);
205		204
@@ -208,9 +207,19 @@ get_dev_crypto(void)
208	close(retfd);	207	close(retfd);
209	return (-1);	208	return (-1);
210	}	209	}
		210	#else
		211	retfd = fd;
		212	#endif
211	return (retfd);	213	return (retfd);
212	}	214	}
213		215
		216	static void put_dev_crypto(int fd)
		217	{
		218	#ifndef CRIOGET_NOT_NEEDED
		219	close(fd);
		220	#endif
		221	}
		222
214	/* Caching version for asym operations */	223	/* Caching version for asym operations */
215	static int	224	static int
216	get_asym_dev_crypto(void)	225	get_asym_dev_crypto(void)
@@ -252,7 +261,7 @@ get_cryptodev_ciphers(const int **cnids)
252	ioctl(fd, CIOCFSESSION, &sess.ses) != -1)	261	ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
253	nids[count++] = ciphers[i].nid;	262	nids[count++] = ciphers[i].nid;
254	}	263	}
255	close(fd);	264	put_dev_crypto(fd);
256		265
257	if (count > 0)	266	if (count > 0)
258	*cnids = nids;	267	*cnids = nids;
@@ -291,7 +300,7 @@ get_cryptodev_digests(const int **cnids)
291	ioctl(fd, CIOCFSESSION, &sess.ses) != -1)	300	ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
292	nids[count++] = digests[i].nid;	301	nids[count++] = digests[i].nid;
293	}	302	}
294	close(fd);	303	put_dev_crypto(fd);
295		304
296	if (count > 0)	305	if (count > 0)
297	*cnids = nids;	306	*cnids = nids;
@@ -436,7 +445,7 @@ cryptodev_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
436	sess->cipher = cipher;	445	sess->cipher = cipher;
437		446
438	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {	447	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
439	close(state->d_fd);	448	put_dev_crypto(state->d_fd);
440	state->d_fd = -1;	449	state->d_fd = -1;
441	return (0);	450	return (0);
442	}	451	}
@@ -473,7 +482,7 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
473	} else {	482	} else {
474	ret = 1;	483	ret = 1;
475	}	484	}
476	close(state->d_fd);	485	put_dev_crypto(state->d_fd);
477	state->d_fd = -1;	486	state->d_fd = -1;
478		487
479	return (ret);	488	return (ret);
@@ -686,7 +695,7 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
686	sess->mac = digest;	695	sess->mac = digest;
687		696
688	if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {	697	if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
689	close(state->d_fd);	698	put_dev_crypto(state->d_fd);
690	state->d_fd = -1;	699	state->d_fd = -1;
691	printf("cryptodev_digest_init: Open session failed\n");	700	printf("cryptodev_digest_init: Open session failed\n");
692	return (0);	701	return (0);
@@ -758,14 +767,12 @@ static int cryptodev_digest_final(EVP_MD_CTX ctx, unsigned char md)
758	if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {	767	if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
759	/* if application doesn't support one buffer */	768	/* if application doesn't support one buffer */
760	memset(&cryp, 0, sizeof(cryp));	769	memset(&cryp, 0, sizeof(cryp));
761
762	cryp.ses = sess->ses;	770	cryp.ses = sess->ses;
763	cryp.flags = 0;	771	cryp.flags = 0;
764	cryp.len = state->mac_len;	772	cryp.len = state->mac_len;
765	cryp.src = state->mac_data;	773	cryp.src = state->mac_data;
766	cryp.dst = NULL;	774	cryp.dst = NULL;
767	cryp.mac = (caddr_t)md;	775	cryp.mac = (caddr_t)md;
768
769	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {	776	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
770	printf("cryptodev_digest_final: digest failed\n");	777	printf("cryptodev_digest_final: digest failed\n");
771	return (0);	778	return (0);
@@ -786,6 +793,9 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
786	struct dev_crypto_state *state = ctx->md_data;	793	struct dev_crypto_state *state = ctx->md_data;
787	struct session_op *sess = &state->d_sess;	794	struct session_op *sess = &state->d_sess;
788		795
		796	if (state == NULL)
		797	return 0;
		798
789	if (state->d_fd < 0) {	799	if (state->d_fd < 0) {
790	printf("cryptodev_digest_cleanup: illegal input\n");	800	printf("cryptodev_digest_cleanup: illegal input\n");
791	return (0);	801	return (0);
@@ -797,16 +807,13 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
797	state->mac_len = 0;	807	state->mac_len = 0;
798	}	808	}
799		809
800	if (state->copy)
801	return 1;
802
803	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {	810	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
804	printf("cryptodev_digest_cleanup: failed to close session\n");	811	printf("cryptodev_digest_cleanup: failed to close session\n");
805	ret = 0;	812	ret = 0;
806	} else {	813	} else {
807	ret = 1;	814	ret = 1;
808	}	815	}
809	close(state->d_fd);	816	put_dev_crypto(state->d_fd);
810	state->d_fd = -1;	817	state->d_fd = -1;
811		818
812	return (ret);	819	return (ret);
@@ -816,15 +823,39 @@ static int cryptodev_digest_copy(EVP_MD_CTX to,const EVP_MD_CTX from)
816	{	823	{
817	struct dev_crypto_state *fstate = from->md_data;	824	struct dev_crypto_state *fstate = from->md_data;
818	struct dev_crypto_state *dstate = to->md_data;	825	struct dev_crypto_state *dstate = to->md_data;
		826	struct session_op *sess;
		827	int digest;
819		828
820	memcpy(dstate, fstate, sizeof(struct dev_crypto_state));	829	if (dstate == NULL \|\| fstate == NULL)
		830	return 1;
821		831
822	if (fstate->mac_len != 0) {	832	memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
823	dstate->mac_data = OPENSSL_malloc(fstate->mac_len);	833
824	memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);	834	sess = &dstate->d_sess;
		835
		836	digest = digest_nid_to_cryptodev(to->digest->type);
		837
		838	sess->mackey = dstate->dummy_mac_key;
		839	sess->mackeylen = digest_key_length(to->digest->type);
		840	sess->mac = digest;
		841
		842	dstate->d_fd = get_dev_crypto();
		843
		844	if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
		845	put_dev_crypto(dstate->d_fd);
		846	dstate->d_fd = -1;
		847	printf("cryptodev_digest_init: Open session failed\n");
		848	return (0);
825	}	849	}
826		850
827	dstate->copy = 1;	851	if (fstate->mac_len != 0) {
		852	if (fstate->mac_data != NULL)
		853	{
		854	dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
		855	memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
		856	dstate->mac_len = fstate->mac_len;
		857	}
		858	}
828		859
829	return 1;	860	return 1;
830	}	861	}
@@ -1347,11 +1378,11 @@ ENGINE_load_cryptodev(void)
1347	* find out what asymmetric crypto algorithms we support	1378	* find out what asymmetric crypto algorithms we support
1348	*/	1379	*/
1349	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {	1380	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
1350	close(fd);	1381	put_dev_crypto(fd);
1351	ENGINE_free(engine);	1382	ENGINE_free(engine);
1352	return;	1383	return;
1353	}	1384	}
1354	close(fd);	1385	put_dev_crypto(fd);
1355		1386
1356	if (!ENGINE_set_id(engine, "cryptodev") \|\|	1387	if (!ENGINE_set_id(engine, "cryptodev") \|\|
1357	!ENGINE_set_name(engine, "BSD cryptodev engine") \|\|	1388	!ENGINE_set_name(engine, "BSD cryptodev engine") \|\|