summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/engine/eng_cryptodev.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/engine/eng_cryptodev.c')
-rw-r--r--src/lib/libcrypto/engine/eng_cryptodev.c74
1 files changed, 21 insertions, 53 deletions
diff --git a/src/lib/libcrypto/engine/eng_cryptodev.c b/src/lib/libcrypto/engine/eng_cryptodev.c
index 5a715aca4f..10b3856b4e 100644
--- a/src/lib/libcrypto/engine/eng_cryptodev.c
+++ b/src/lib/libcrypto/engine/eng_cryptodev.c
@@ -32,7 +32,7 @@
32#include <openssl/bn.h> 32#include <openssl/bn.h>
33 33
34#if (defined(__unix__) || defined(unix)) && !defined(USG) && \ 34#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
35 (defined(OpenBSD) || defined(__FreeBSD__)) 35 (defined(__OpenBSD__) || defined(__FreeBSD__))
36#include <sys/param.h> 36#include <sys/param.h>
37# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) 37# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
38# define HAVE_CRYPTODEV 38# define HAVE_CRYPTODEV
@@ -79,6 +79,8 @@ struct dev_crypto_state {
79 unsigned char digest_res[HASH_MAX_LEN]; 79 unsigned char digest_res[HASH_MAX_LEN];
80 char *mac_data; 80 char *mac_data;
81 int mac_len; 81 int mac_len;
82
83 int copy;
82#endif 84#endif
83}; 85};
84 86
@@ -149,7 +151,6 @@ static struct {
149 { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, 151 { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
150 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, 152 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
151 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, 153 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
152 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
153 { 0, NID_undef, 0, 0, }, 154 { 0, NID_undef, 0, 0, },
154}; 155};
155 156
@@ -198,7 +199,6 @@ get_dev_crypto(void)
198 199
199 if ((fd = open_dev_crypto()) == -1) 200 if ((fd = open_dev_crypto()) == -1)
200 return (-1); 201 return (-1);
201#ifndef CRIOGET_NOT_NEEDED
202 if (ioctl(fd, CRIOGET, &retfd) == -1) 202 if (ioctl(fd, CRIOGET, &retfd) == -1)
203 return (-1); 203 return (-1);
204 204
@@ -207,19 +207,9 @@ get_dev_crypto(void)
207 close(retfd); 207 close(retfd);
208 return (-1); 208 return (-1);
209 } 209 }
210#else
211 retfd = fd;
212#endif
213 return (retfd); 210 return (retfd);
214} 211}
215 212
216static void put_dev_crypto(int fd)
217{
218#ifndef CRIOGET_NOT_NEEDED
219 close(fd);
220#endif
221}
222
223/* Caching version for asym operations */ 213/* Caching version for asym operations */
224static int 214static int
225get_asym_dev_crypto(void) 215get_asym_dev_crypto(void)
@@ -261,7 +251,7 @@ get_cryptodev_ciphers(const int **cnids)
261 ioctl(fd, CIOCFSESSION, &sess.ses) != -1) 251 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
262 nids[count++] = ciphers[i].nid; 252 nids[count++] = ciphers[i].nid;
263 } 253 }
264 put_dev_crypto(fd); 254 close(fd);
265 255
266 if (count > 0) 256 if (count > 0)
267 *cnids = nids; 257 *cnids = nids;
@@ -300,7 +290,7 @@ get_cryptodev_digests(const int **cnids)
300 ioctl(fd, CIOCFSESSION, &sess.ses) != -1) 290 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
301 nids[count++] = digests[i].nid; 291 nids[count++] = digests[i].nid;
302 } 292 }
303 put_dev_crypto(fd); 293 close(fd);
304 294
305 if (count > 0) 295 if (count > 0)
306 *cnids = nids; 296 *cnids = nids;
@@ -445,7 +435,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
445 sess->cipher = cipher; 435 sess->cipher = cipher;
446 436
447 if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { 437 if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
448 put_dev_crypto(state->d_fd); 438 close(state->d_fd);
449 state->d_fd = -1; 439 state->d_fd = -1;
450 return (0); 440 return (0);
451 } 441 }
@@ -482,7 +472,7 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
482 } else { 472 } else {
483 ret = 1; 473 ret = 1;
484 } 474 }
485 put_dev_crypto(state->d_fd); 475 close(state->d_fd);
486 state->d_fd = -1; 476 state->d_fd = -1;
487 477
488 return (ret); 478 return (ret);
@@ -695,7 +685,7 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
695 sess->mac = digest; 685 sess->mac = digest;
696 686
697 if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { 687 if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
698 put_dev_crypto(state->d_fd); 688 close(state->d_fd);
699 state->d_fd = -1; 689 state->d_fd = -1;
700 printf("cryptodev_digest_init: Open session failed\n"); 690 printf("cryptodev_digest_init: Open session failed\n");
701 return (0); 691 return (0);
@@ -767,12 +757,14 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
767 if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) { 757 if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
768 /* if application doesn't support one buffer */ 758 /* if application doesn't support one buffer */
769 memset(&cryp, 0, sizeof(cryp)); 759 memset(&cryp, 0, sizeof(cryp));
760
770 cryp.ses = sess->ses; 761 cryp.ses = sess->ses;
771 cryp.flags = 0; 762 cryp.flags = 0;
772 cryp.len = state->mac_len; 763 cryp.len = state->mac_len;
773 cryp.src = state->mac_data; 764 cryp.src = state->mac_data;
774 cryp.dst = NULL; 765 cryp.dst = NULL;
775 cryp.mac = (caddr_t)md; 766 cryp.mac = (caddr_t)md;
767
776 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { 768 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
777 printf("cryptodev_digest_final: digest failed\n"); 769 printf("cryptodev_digest_final: digest failed\n");
778 return (0); 770 return (0);
@@ -793,9 +785,6 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
793 struct dev_crypto_state *state = ctx->md_data; 785 struct dev_crypto_state *state = ctx->md_data;
794 struct session_op *sess = &state->d_sess; 786 struct session_op *sess = &state->d_sess;
795 787
796 if (state == NULL)
797 return 0;
798
799 if (state->d_fd < 0) { 788 if (state->d_fd < 0) {
800 printf("cryptodev_digest_cleanup: illegal input\n"); 789 printf("cryptodev_digest_cleanup: illegal input\n");
801 return (0); 790 return (0);
@@ -807,13 +796,16 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
807 state->mac_len = 0; 796 state->mac_len = 0;
808 } 797 }
809 798
799 if (state->copy)
800 return 1;
801
810 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { 802 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
811 printf("cryptodev_digest_cleanup: failed to close session\n"); 803 printf("cryptodev_digest_cleanup: failed to close session\n");
812 ret = 0; 804 ret = 0;
813 } else { 805 } else {
814 ret = 1; 806 ret = 1;
815 } 807 }
816 put_dev_crypto(state->d_fd); 808 close(state->d_fd);
817 state->d_fd = -1; 809 state->d_fd = -1;
818 810
819 return (ret); 811 return (ret);
@@ -823,40 +815,16 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
823{ 815{
824 struct dev_crypto_state *fstate = from->md_data; 816 struct dev_crypto_state *fstate = from->md_data;
825 struct dev_crypto_state *dstate = to->md_data; 817 struct dev_crypto_state *dstate = to->md_data;
826 struct session_op *sess;
827 int digest;
828
829 if (dstate == NULL || fstate == NULL)
830 return 1;
831
832 memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
833
834 sess = &dstate->d_sess;
835
836 digest = digest_nid_to_cryptodev(to->digest->type);
837
838 sess->mackey = dstate->dummy_mac_key;
839 sess->mackeylen = digest_key_length(to->digest->type);
840 sess->mac = digest;
841 818
842 dstate->d_fd = get_dev_crypto(); 819 memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
843
844 if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
845 put_dev_crypto(dstate->d_fd);
846 dstate->d_fd = -1;
847 printf("cryptodev_digest_init: Open session failed\n");
848 return (0);
849 }
850 820
851 if (fstate->mac_len != 0) { 821 if (fstate->mac_len != 0) {
852 if (fstate->mac_data != NULL) 822 dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
853 { 823 memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
854 dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
855 memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
856 dstate->mac_len = fstate->mac_len;
857 }
858 } 824 }
859 825
826 dstate->copy = 1;
827
860 return 1; 828 return 1;
861} 829}
862 830
@@ -1378,11 +1346,11 @@ ENGINE_load_cryptodev(void)
1378 * find out what asymmetric crypto algorithms we support 1346 * find out what asymmetric crypto algorithms we support
1379 */ 1347 */
1380 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { 1348 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
1381 put_dev_crypto(fd); 1349 close(fd);
1382 ENGINE_free(engine); 1350 ENGINE_free(engine);
1383 return; 1351 return;
1384 } 1352 }
1385 put_dev_crypto(fd); 1353 close(fd);
1386 1354
1387 if (!ENGINE_set_id(engine, "cryptodev") || 1355 if (!ENGINE_set_id(engine, "cryptodev") ||
1388 !ENGINE_set_name(engine, "BSD cryptodev engine") || 1356 !ENGINE_set_name(engine, "BSD cryptodev engine") ||
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 00:18:11 +0000