1 files changed, 51 insertions, 20 deletions
diff --git a/src/lib/libcrypto/engine/eng_cryptodev.c b/src/lib/libcrypto/engine/eng_cryptodev.c
index 10b3856b4e..a7abac1a7b 100644
--- a/src/lib/libcrypto/engine/eng_cryptodev.c
+++ b/src/lib/libcrypto/engine/eng_cryptodev.c
@@ -79,8 +79,6 @@ struct dev_crypto_state {
        unsigned char digest_res[HASH_MAX_LEN];
        char *mac_data;
        int mac_len;
-        int copy;
 #endif
 };
@@ -199,6 +197,7 @@ get_dev_crypto(void)
        if ((fd = open_dev_crypto()) == -1)
                return (-1);
+#ifndef CRIOGET_NOT_NEEDED
        if (ioctl(fd, CRIOGET, &retfd) == -1)
                return (-1);
@@ -207,9 +206,19 @@ get_dev_crypto(void)
                close(retfd);
                return (-1);
        }
+#else
+        retfd = fd;
+#endif
        return (retfd);
 }
+static void put_dev_crypto(int fd)
+{
+#ifndef CRIOGET_NOT_NEEDED
+        close(fd);
+#endif
+}
 /* Caching version for asym operations */
 static int
 get_asym_dev_crypto(void)
@@ -251,7 +260,7 @@ get_cryptodev_ciphers(const int **cnids)
                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
                        nids[count++] = ciphers[i].nid;
        }
-        close(fd);
+        put_dev_crypto(fd);
        if (count > 0)
                *cnids = nids;
@@ -290,7 +299,7 @@ get_cryptodev_digests(const int **cnids)
                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
                        nids[count++] = digests[i].nid;
        }
-        close(fd);
+        put_dev_crypto(fd);
        if (count > 0)
                *cnids = nids;
@@ -435,7 +444,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        sess->cipher = cipher;
        if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-                close(state->d_fd);
+                put_dev_crypto(state->d_fd);
                state->d_fd = -1;
                return (0);
        }
@@ -472,7 +481,7 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
        } else {
                ret = 1;
        }
-        close(state->d_fd);
+        put_dev_crypto(state->d_fd);
        state->d_fd = -1;
        return (ret);
@@ -685,7 +694,7 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
        sess->mac = digest;
        if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-                close(state->d_fd);
+                put_dev_crypto(state->d_fd);
                state->d_fd = -1;
                printf("cryptodev_digest_init: Open session failed\n");
                return (0);
@@ -757,14 +766,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
        if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
                /* if application doesn't support one buffer */
                memset(&cryp, 0, sizeof(cryp));
                cryp.ses = sess->ses;
                cryp.flags = 0;
                cryp.len = state->mac_len;
                cryp.src = state->mac_data;
                cryp.dst = NULL;
                cryp.mac = (caddr_t)md;
                if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
                        printf("cryptodev_digest_final: digest failed\n");
                        return (0);
@@ -785,6 +792,9 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
        struct dev_crypto_state *state = ctx->md_data;
        struct session_op *sess = &state->d_sess;
+        if (state == NULL)
+          return 0;
        if (state->d_fd < 0) {
                printf("cryptodev_digest_cleanup: illegal input\n");
                return (0);
@@ -796,16 +806,13 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
                state->mac_len = 0;
        }
-        if (state->copy)
-                return 1;
        if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
                printf("cryptodev_digest_cleanup: failed to close session\n");
                ret = 0;
        } else {
                ret = 1;
        }
-        close(state->d_fd);     
+        put_dev_crypto(state->d_fd);    
        state->d_fd = -1;
        return (ret);
@@ -815,15 +822,39 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
 {
        struct dev_crypto_state *fstate = from->md_data;
        struct dev_crypto_state *dstate = to->md_data;
+        struct session_op *sess;
+        int digest;
-        memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
+        if (dstate == NULL || fstate == NULL)
+          return 1;
-        if (fstate->mac_len != 0) {
+        memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
-                dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
-                memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+        sess = &dstate->d_sess;
+        digest = digest_nid_to_cryptodev(to->digest->type);
+        sess->mackey = dstate->dummy_mac_key;
+        sess->mackeylen = digest_key_length(to->digest->type);
+        sess->mac = digest;
+        dstate->d_fd = get_dev_crypto();
+        if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
+                put_dev_crypto(dstate->d_fd);
+                dstate->d_fd = -1;
+                printf("cryptodev_digest_init: Open session failed\n");
+                return (0);
        }
-        dstate->copy = 1;
+        if (fstate->mac_len != 0) {
+                if (fstate->mac_data != NULL)
+                        {
+                        dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+                        memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+                        dstate->mac_len = fstate->mac_len;
+                        }
+        }
        return 1;
 }
@@ -1346,11 +1377,11 @@ ENGINE_load_cryptodev(void)
         * find out what asymmetric crypto algorithms we support
         */
        if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
-                close(fd);
+                put_dev_crypto(fd);
                ENGINE_free(engine);
                return;
        }
-        close(fd);
+        put_dev_crypto(fd);
        if (!ENGINE_set_id(engine, "cryptodev") ||
            !ENGINE_set_name(engine, "BSD cryptodev engine") ||

diff --git a/src/lib/libcrypto/engine/eng_cryptodev.c b/src/lib/libcrypto/engine/eng_cryptodev.c index 10b3856b4e..a7abac1a7b 100644 --- a/src/lib/libcrypto/engine/eng_cryptodev.c +++ b/src/lib/libcrypto/engine/eng_cryptodev.c
@@ -79,8 +79,6 @@ struct dev_crypto_state {
79	unsigned char digest_res[HASH_MAX_LEN];	79	unsigned char digest_res[HASH_MAX_LEN];
80	char *mac_data;	80	char *mac_data;
81	int mac_len;	81	int mac_len;
82
83	int copy;
84	#endif	82	#endif
85	};	83	};
86		84
@@ -199,6 +197,7 @@ get_dev_crypto(void)
199		197
200	if ((fd = open_dev_crypto()) == -1)	198	if ((fd = open_dev_crypto()) == -1)
201	return (-1);	199	return (-1);
		200	#ifndef CRIOGET_NOT_NEEDED
202	if (ioctl(fd, CRIOGET, &retfd) == -1)	201	if (ioctl(fd, CRIOGET, &retfd) == -1)
203	return (-1);	202	return (-1);
204		203
@@ -207,9 +206,19 @@ get_dev_crypto(void)
207	close(retfd);	206	close(retfd);
208	return (-1);	207	return (-1);
209	}	208	}
		209	#else
		210	retfd = fd;
		211	#endif
210	return (retfd);	212	return (retfd);
211	}	213	}
212		214
		215	static void put_dev_crypto(int fd)
		216	{
		217	#ifndef CRIOGET_NOT_NEEDED
		218	close(fd);
		219	#endif
		220	}
		221
213	/* Caching version for asym operations */	222	/* Caching version for asym operations */
214	static int	223	static int
215	get_asym_dev_crypto(void)	224	get_asym_dev_crypto(void)
@@ -251,7 +260,7 @@ get_cryptodev_ciphers(const int **cnids)
251	ioctl(fd, CIOCFSESSION, &sess.ses) != -1)	260	ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
252	nids[count++] = ciphers[i].nid;	261	nids[count++] = ciphers[i].nid;
253	}	262	}
254	close(fd);	263	put_dev_crypto(fd);
255		264
256	if (count > 0)	265	if (count > 0)
257	*cnids = nids;	266	*cnids = nids;
@@ -290,7 +299,7 @@ get_cryptodev_digests(const int **cnids)
290	ioctl(fd, CIOCFSESSION, &sess.ses) != -1)	299	ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
291	nids[count++] = digests[i].nid;	300	nids[count++] = digests[i].nid;
292	}	301	}
293	close(fd);	302	put_dev_crypto(fd);
294		303
295	if (count > 0)	304	if (count > 0)
296	*cnids = nids;	305	*cnids = nids;
@@ -435,7 +444,7 @@ cryptodev_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
435	sess->cipher = cipher;	444	sess->cipher = cipher;
436		445
437	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {	446	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
438	close(state->d_fd);	447	put_dev_crypto(state->d_fd);
439	state->d_fd = -1;	448	state->d_fd = -1;
440	return (0);	449	return (0);
441	}	450	}
@@ -472,7 +481,7 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
472	} else {	481	} else {
473	ret = 1;	482	ret = 1;
474	}	483	}
475	close(state->d_fd);	484	put_dev_crypto(state->d_fd);
476	state->d_fd = -1;	485	state->d_fd = -1;
477		486
478	return (ret);	487	return (ret);
@@ -685,7 +694,7 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
685	sess->mac = digest;	694	sess->mac = digest;
686		695
687	if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {	696	if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
688	close(state->d_fd);	697	put_dev_crypto(state->d_fd);
689	state->d_fd = -1;	698	state->d_fd = -1;
690	printf("cryptodev_digest_init: Open session failed\n");	699	printf("cryptodev_digest_init: Open session failed\n");
691	return (0);	700	return (0);
@@ -757,14 +766,12 @@ static int cryptodev_digest_final(EVP_MD_CTX ctx, unsigned char md)
757	if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {	766	if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
758	/* if application doesn't support one buffer */	767	/* if application doesn't support one buffer */
759	memset(&cryp, 0, sizeof(cryp));	768	memset(&cryp, 0, sizeof(cryp));
760
761	cryp.ses = sess->ses;	769	cryp.ses = sess->ses;
762	cryp.flags = 0;	770	cryp.flags = 0;
763	cryp.len = state->mac_len;	771	cryp.len = state->mac_len;
764	cryp.src = state->mac_data;	772	cryp.src = state->mac_data;
765	cryp.dst = NULL;	773	cryp.dst = NULL;
766	cryp.mac = (caddr_t)md;	774	cryp.mac = (caddr_t)md;
767
768	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {	775	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
769	printf("cryptodev_digest_final: digest failed\n");	776	printf("cryptodev_digest_final: digest failed\n");
770	return (0);	777	return (0);
@@ -785,6 +792,9 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
785	struct dev_crypto_state *state = ctx->md_data;	792	struct dev_crypto_state *state = ctx->md_data;
786	struct session_op *sess = &state->d_sess;	793	struct session_op *sess = &state->d_sess;
787		794
		795	if (state == NULL)
		796	return 0;
		797
788	if (state->d_fd < 0) {	798	if (state->d_fd < 0) {
789	printf("cryptodev_digest_cleanup: illegal input\n");	799	printf("cryptodev_digest_cleanup: illegal input\n");
790	return (0);	800	return (0);
@@ -796,16 +806,13 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
796	state->mac_len = 0;	806	state->mac_len = 0;
797	}	807	}
798		808
799	if (state->copy)
800	return 1;
801
802	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {	809	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
803	printf("cryptodev_digest_cleanup: failed to close session\n");	810	printf("cryptodev_digest_cleanup: failed to close session\n");
804	ret = 0;	811	ret = 0;
805	} else {	812	} else {
806	ret = 1;	813	ret = 1;
807	}	814	}
808	close(state->d_fd);	815	put_dev_crypto(state->d_fd);
809	state->d_fd = -1;	816	state->d_fd = -1;
810		817
811	return (ret);	818	return (ret);
@@ -815,15 +822,39 @@ static int cryptodev_digest_copy(EVP_MD_CTX to,const EVP_MD_CTX from)
815	{	822	{
816	struct dev_crypto_state *fstate = from->md_data;	823	struct dev_crypto_state *fstate = from->md_data;
817	struct dev_crypto_state *dstate = to->md_data;	824	struct dev_crypto_state *dstate = to->md_data;
		825	struct session_op *sess;
		826	int digest;
818		827
819	memcpy(dstate, fstate, sizeof(struct dev_crypto_state));	828	if (dstate == NULL \|\| fstate == NULL)
		829	return 1;
820		830
821	if (fstate->mac_len != 0) {	831	memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
822	dstate->mac_data = OPENSSL_malloc(fstate->mac_len);	832
823	memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);	833	sess = &dstate->d_sess;
		834
		835	digest = digest_nid_to_cryptodev(to->digest->type);
		836
		837	sess->mackey = dstate->dummy_mac_key;
		838	sess->mackeylen = digest_key_length(to->digest->type);
		839	sess->mac = digest;
		840
		841	dstate->d_fd = get_dev_crypto();
		842
		843	if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
		844	put_dev_crypto(dstate->d_fd);
		845	dstate->d_fd = -1;
		846	printf("cryptodev_digest_init: Open session failed\n");
		847	return (0);
824	}	848	}
825		849
826	dstate->copy = 1;	850	if (fstate->mac_len != 0) {
		851	if (fstate->mac_data != NULL)
		852	{
		853	dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
		854	memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
		855	dstate->mac_len = fstate->mac_len;
		856	}
		857	}
827		858
828	return 1;	859	return 1;
829	}	860	}
@@ -1346,11 +1377,11 @@ ENGINE_load_cryptodev(void)
1346	* find out what asymmetric crypto algorithms we support	1377	* find out what asymmetric crypto algorithms we support
1347	*/	1378	*/
1348	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {	1379	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
1349	close(fd);	1380	put_dev_crypto(fd);
1350	ENGINE_free(engine);	1381	ENGINE_free(engine);
1351	return;	1382	return;
1352	}	1383	}
1353	close(fd);	1384	put_dev_crypto(fd);
1354		1385
1355	if (!ENGINE_set_id(engine, "cryptodev") \|\|	1386	if (!ENGINE_set_id(engine, "cryptodev") \|\|
1356	!ENGINE_set_name(engine, "BSD cryptodev engine") \|\|	1387	!ENGINE_set_name(engine, "BSD cryptodev engine") \|\|