5 files changed, 102 insertions, 27 deletions
diff --git a/src/lib/libcrypto/engine/Makefile b/src/lib/libcrypto/engine/Makefile
index 9c214824eb..d29bdd09a0 100644
--- a/src/lib/libcrypto/engine/Makefile
+++ b/src/lib/libcrypto/engine/Makefile
@@ -21,12 +21,14 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
        eng_table.c eng_pkey.c eng_fat.c eng_all.c \
        tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
        tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
-        eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c
+        eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
+        eng_rsax.c eng_rdrand.c
 LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
        eng_table.o eng_pkey.o eng_fat.o eng_all.o \
        tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
        tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
-        eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o
+        eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \
+        eng_rsax.o eng_rdrand.o
 SRC= $(LIBSRC)
@@ -249,6 +251,34 @@ eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 eng_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_pkey.c
+eng_rdrand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_rdrand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_rdrand.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_rdrand.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_rdrand.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_rdrand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+eng_rdrand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_rdrand.o: ../../include/openssl/opensslconf.h
+eng_rdrand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_rdrand.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+eng_rdrand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_rdrand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_rdrand.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_rdrand.o: eng_rdrand.c
+eng_rsax.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_rsax.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+eng_rsax.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+eng_rsax.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_rsax.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_rsax.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_rsax.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_rsax.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_rsax.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_rsax.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+eng_rsax.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_rsax.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_rsax.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_rsax.o: eng_rsax.c
 eng_table.o: ../../e_os.h ../../include/openssl/asn1.h
 eng_table.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
index 79d1f2beff..0ae5d672b1 100644
--- a/src/lib/libcrypto/engine/eng_all.c
+++ b/src/lib/libcrypto/engine/eng_all.c
@@ -61,6 +61,8 @@
 void ENGINE_load_builtin_engines(void)
        {
+        /* Some ENGINEs need this */
+        OPENSSL_cpuid_setup();
 #if 0
        /* There's no longer any need for an "openssl" ENGINE unless, one day,
         * it is the *only* way for standard builtin implementations to be be
@@ -72,10 +74,12 @@ void ENGINE_load_builtin_engines(void)
        ENGINE_load_cryptodev();
 #endif
-#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI)
+#ifndef OPENSSL_NO_RSAX
-        ENGINE_load_aesni();
+        ENGINE_load_rsax();
+#endif
+#ifndef OPENSSL_NO_RDRAND
+        ENGINE_load_rdrand();
 #endif
        ENGINE_load_dynamic();
 #ifndef OPENSSL_NO_STATIC_ENGINE
 #ifndef OPENSSL_NO_HW
@@ -117,6 +121,7 @@ void ENGINE_load_builtin_engines(void)
        ENGINE_load_capi();
 #endif
 #endif
+        ENGINE_register_all_complete();
        }
 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
diff --git a/src/lib/libcrypto/engine/eng_cryptodev.c b/src/lib/libcrypto/engine/eng_cryptodev.c
index 10b3856b4e..a7abac1a7b 100644
--- a/src/lib/libcrypto/engine/eng_cryptodev.c
+++ b/src/lib/libcrypto/engine/eng_cryptodev.c
@@ -79,8 +79,6 @@ struct dev_crypto_state {
        unsigned char digest_res[HASH_MAX_LEN];
        char *mac_data;
        int mac_len;
-        int copy;
 #endif
 };
@@ -199,6 +197,7 @@ get_dev_crypto(void)
        if ((fd = open_dev_crypto()) == -1)
                return (-1);
+#ifndef CRIOGET_NOT_NEEDED
        if (ioctl(fd, CRIOGET, &retfd) == -1)
                return (-1);
@@ -207,9 +206,19 @@ get_dev_crypto(void)
                close(retfd);
                return (-1);
        }
+#else
+        retfd = fd;
+#endif
        return (retfd);
 }
+static void put_dev_crypto(int fd)
+{
+#ifndef CRIOGET_NOT_NEEDED
+        close(fd);
+#endif
+}
 /* Caching version for asym operations */
 static int
 get_asym_dev_crypto(void)
@@ -251,7 +260,7 @@ get_cryptodev_ciphers(const int **cnids)
                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
                        nids[count++] = ciphers[i].nid;
        }
-        close(fd);
+        put_dev_crypto(fd);
        if (count > 0)
                *cnids = nids;
@@ -290,7 +299,7 @@ get_cryptodev_digests(const int **cnids)
                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
                        nids[count++] = digests[i].nid;
        }
-        close(fd);
+        put_dev_crypto(fd);
        if (count > 0)
                *cnids = nids;
@@ -435,7 +444,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        sess->cipher = cipher;
        if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-                close(state->d_fd);
+                put_dev_crypto(state->d_fd);
                state->d_fd = -1;
                return (0);
        }
@@ -472,7 +481,7 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
        } else {
                ret = 1;
        }
-        close(state->d_fd);
+        put_dev_crypto(state->d_fd);
        state->d_fd = -1;
        return (ret);
@@ -685,7 +694,7 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
        sess->mac = digest;
        if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-                close(state->d_fd);
+                put_dev_crypto(state->d_fd);
                state->d_fd = -1;
                printf("cryptodev_digest_init: Open session failed\n");
                return (0);
@@ -757,14 +766,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
        if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
                /* if application doesn't support one buffer */
                memset(&cryp, 0, sizeof(cryp));
                cryp.ses = sess->ses;
                cryp.flags = 0;
                cryp.len = state->mac_len;
                cryp.src = state->mac_data;
                cryp.dst = NULL;
                cryp.mac = (caddr_t)md;
                if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
                        printf("cryptodev_digest_final: digest failed\n");
                        return (0);
@@ -785,6 +792,9 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
        struct dev_crypto_state *state = ctx->md_data;
        struct session_op *sess = &state->d_sess;
+        if (state == NULL)
+          return 0;
        if (state->d_fd < 0) {
                printf("cryptodev_digest_cleanup: illegal input\n");
                return (0);
@@ -796,16 +806,13 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
                state->mac_len = 0;
        }
-        if (state->copy)
-                return 1;
        if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
                printf("cryptodev_digest_cleanup: failed to close session\n");
                ret = 0;
        } else {
                ret = 1;
        }
-        close(state->d_fd);     
+        put_dev_crypto(state->d_fd);    
        state->d_fd = -1;
        return (ret);
@@ -815,15 +822,39 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
 {
        struct dev_crypto_state *fstate = from->md_data;
        struct dev_crypto_state *dstate = to->md_data;
+        struct session_op *sess;
+        int digest;
-        memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
+        if (dstate == NULL || fstate == NULL)
+          return 1;
-        if (fstate->mac_len != 0) {
+        memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
-                dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
-                memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+        sess = &dstate->d_sess;
+        digest = digest_nid_to_cryptodev(to->digest->type);
+        sess->mackey = dstate->dummy_mac_key;
+        sess->mackeylen = digest_key_length(to->digest->type);
+        sess->mac = digest;
+        dstate->d_fd = get_dev_crypto();
+        if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
+                put_dev_crypto(dstate->d_fd);
+                dstate->d_fd = -1;
+                printf("cryptodev_digest_init: Open session failed\n");
+                return (0);
        }
-        dstate->copy = 1;
+        if (fstate->mac_len != 0) {
+                if (fstate->mac_data != NULL)
+                        {
+                        dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+                        memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+                        dstate->mac_len = fstate->mac_len;
+                        }
+        }
        return 1;
 }
@@ -1346,11 +1377,11 @@ ENGINE_load_cryptodev(void)
         * find out what asymmetric crypto algorithms we support
         */
        if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
-                close(fd);
+                put_dev_crypto(fd);
                ENGINE_free(engine);
                return;
        }
-        close(fd);
+        put_dev_crypto(fd);
        if (!ENGINE_set_id(engine, "cryptodev") ||
            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c
index db66e62350..789b8d57e5 100644
--- a/src/lib/libcrypto/engine/eng_fat.c
+++ b/src/lib/libcrypto/engine/eng_fat.c
@@ -176,6 +176,7 @@ int ENGINE_register_all_complete(void)
        ENGINE *e;
        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-                ENGINE_register_complete(e);
+                if (!(e->flags & ENGINE_FLAGS_NO_REGISTER_ALL))
+                        ENGINE_register_complete(e);
        return 1;
        }
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
index 9d73abac8e..f8be497724 100644
--- a/src/lib/libcrypto/engine/engine.h
+++ b/src/lib/libcrypto/engine/engine.h
@@ -141,6 +141,13 @@ extern "C" {
 * the existing ENGINE's structural reference count. */
 #define ENGINE_FLAGS_BY_ID_COPY         (int)0x0004
+/* This flag if for an ENGINE that does not want its methods registered as 
+ * part of ENGINE_register_all_complete() for example if the methods are
+ * not usable as default methods.
+ */
+#define ENGINE_FLAGS_NO_REGISTER_ALL    (int)0x0008
 /* ENGINEs can support their own command types, and these flags are used in
 * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
 * command expects. Currently only numeric and string input is supported. If a
@@ -344,7 +351,8 @@ void ENGINE_load_gost(void);
 #endif
 #endif
 void ENGINE_load_cryptodev(void);
-void ENGINE_load_aesni(void);
+void ENGINE_load_rsax(void);
+void ENGINE_load_rdrand(void);
 void ENGINE_load_builtin_engines(void);
 /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation

diff --git a/src/lib/libcrypto/engine/Makefile b/src/lib/libcrypto/engine/Makefile index 9c214824eb..d29bdd09a0 100644 --- a/src/lib/libcrypto/engine/Makefile +++ b/src/lib/libcrypto/engine/Makefile
@@ -21,12 +21,14 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
21	eng_table.c eng_pkey.c eng_fat.c eng_all.c \	21	eng_table.c eng_pkey.c eng_fat.c eng_all.c \
22	tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \	22	tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
23	tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \	23	tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
24	eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c	24	eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
		25	eng_rsax.c eng_rdrand.c
25	LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \	26	LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
26	eng_table.o eng_pkey.o eng_fat.o eng_all.o \	27	eng_table.o eng_pkey.o eng_fat.o eng_all.o \
27	tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \	28	tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
28	tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \	29	tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
29	eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o	30	eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \
		31	eng_rsax.o eng_rdrand.o
30		32
31	SRC= $(LIBSRC)	33	SRC= $(LIBSRC)
32		34
@@ -249,6 +251,34 @@ eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
249	eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h	251	eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
250	eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h	252	eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
251	eng_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_pkey.c	253	eng_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_pkey.c
		254	eng_rdrand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
		255	eng_rdrand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
		256	eng_rdrand.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
		257	eng_rdrand.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
		258	eng_rdrand.o: ../../include/openssl/engine.h ../../include/openssl/err.h
		259	eng_rdrand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
		260	eng_rdrand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
		261	eng_rdrand.o: ../../include/openssl/opensslconf.h
		262	eng_rdrand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
		263	eng_rdrand.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
		264	eng_rdrand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
		265	eng_rdrand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
		266	eng_rdrand.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
		267	eng_rdrand.o: eng_rdrand.c
		268	eng_rsax.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
		269	eng_rsax.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
		270	eng_rsax.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
		271	eng_rsax.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
		272	eng_rsax.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
		273	eng_rsax.o: ../../include/openssl/err.h ../../include/openssl/evp.h
		274	eng_rsax.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
		275	eng_rsax.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
		276	eng_rsax.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
		277	eng_rsax.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
		278	eng_rsax.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
		279	eng_rsax.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
		280	eng_rsax.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
		281	eng_rsax.o: eng_rsax.c
252	eng_table.o: ../../e_os.h ../../include/openssl/asn1.h	282	eng_table.o: ../../e_os.h ../../include/openssl/asn1.h
253	eng_table.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h	283	eng_table.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
254	eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h	284	eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h


diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c index 79d1f2beff..0ae5d672b1 100644 --- a/src/lib/libcrypto/engine/eng_all.c +++ b/src/lib/libcrypto/engine/eng_all.c
@@ -61,6 +61,8 @@
61		61
62	void ENGINE_load_builtin_engines(void)	62	void ENGINE_load_builtin_engines(void)
63	{	63	{
		64	/* Some ENGINEs need this */
		65	OPENSSL_cpuid_setup();
64	#if 0	66	#if 0
65	/* There's no longer any need for an "openssl" ENGINE unless, one day,	67	/* There's no longer any need for an "openssl" ENGINE unless, one day,
66	* it is the only way for standard builtin implementations to be be	68	* it is the only way for standard builtin implementations to be be
@@ -72,10 +74,12 @@ void ENGINE_load_builtin_engines(void)
72	ENGINE_load_cryptodev();	74	ENGINE_load_cryptodev();
73	#endif	75	#endif
74		76
75	#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI)	77	#ifndef OPENSSL_NO_RSAX
76	ENGINE_load_aesni();	78	ENGINE_load_rsax();
		79	#endif
		80	#ifndef OPENSSL_NO_RDRAND
		81	ENGINE_load_rdrand();
77	#endif	82	#endif
78
79	ENGINE_load_dynamic();	83	ENGINE_load_dynamic();
80	#ifndef OPENSSL_NO_STATIC_ENGINE	84	#ifndef OPENSSL_NO_STATIC_ENGINE
81	#ifndef OPENSSL_NO_HW	85	#ifndef OPENSSL_NO_HW
@@ -117,6 +121,7 @@ void ENGINE_load_builtin_engines(void)
117	ENGINE_load_capi();	121	ENGINE_load_capi();
118	#endif	122	#endif
119	#endif	123	#endif
		124	ENGINE_register_all_complete();
120	}	125	}
121		126
122	#if defined(__OpenBSD__) \|\| defined(__FreeBSD__) \|\| defined(HAVE_CRYPTODEV)	127	#if defined(__OpenBSD__) \|\| defined(__FreeBSD__) \|\| defined(HAVE_CRYPTODEV)


diff --git a/src/lib/libcrypto/engine/eng_cryptodev.c b/src/lib/libcrypto/engine/eng_cryptodev.c index 10b3856b4e..a7abac1a7b 100644 --- a/src/lib/libcrypto/engine/eng_cryptodev.c +++ b/src/lib/libcrypto/engine/eng_cryptodev.c
@@ -79,8 +79,6 @@ struct dev_crypto_state {
79	unsigned char digest_res[HASH_MAX_LEN];	79	unsigned char digest_res[HASH_MAX_LEN];
80	char *mac_data;	80	char *mac_data;
81	int mac_len;	81	int mac_len;
82
83	int copy;
84	#endif	82	#endif
85	};	83	};
86		84
@@ -199,6 +197,7 @@ get_dev_crypto(void)
199		197
200	if ((fd = open_dev_crypto()) == -1)	198	if ((fd = open_dev_crypto()) == -1)
201	return (-1);	199	return (-1);
		200	#ifndef CRIOGET_NOT_NEEDED
202	if (ioctl(fd, CRIOGET, &retfd) == -1)	201	if (ioctl(fd, CRIOGET, &retfd) == -1)
203	return (-1);	202	return (-1);
204		203
@@ -207,9 +206,19 @@ get_dev_crypto(void)
207	close(retfd);	206	close(retfd);
208	return (-1);	207	return (-1);
209	}	208	}
		209	#else
		210	retfd = fd;
		211	#endif
210	return (retfd);	212	return (retfd);
211	}	213	}
212		214
		215	static void put_dev_crypto(int fd)
		216	{
		217	#ifndef CRIOGET_NOT_NEEDED
		218	close(fd);
		219	#endif
		220	}
		221
213	/* Caching version for asym operations */	222	/* Caching version for asym operations */
214	static int	223	static int
215	get_asym_dev_crypto(void)	224	get_asym_dev_crypto(void)
@@ -251,7 +260,7 @@ get_cryptodev_ciphers(const int **cnids)
251	ioctl(fd, CIOCFSESSION, &sess.ses) != -1)	260	ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
252	nids[count++] = ciphers[i].nid;	261	nids[count++] = ciphers[i].nid;
253	}	262	}
254	close(fd);	263	put_dev_crypto(fd);
255		264
256	if (count > 0)	265	if (count > 0)
257	*cnids = nids;	266	*cnids = nids;
@@ -290,7 +299,7 @@ get_cryptodev_digests(const int **cnids)
290	ioctl(fd, CIOCFSESSION, &sess.ses) != -1)	299	ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
291	nids[count++] = digests[i].nid;	300	nids[count++] = digests[i].nid;
292	}	301	}
293	close(fd);	302	put_dev_crypto(fd);
294		303
295	if (count > 0)	304	if (count > 0)
296	*cnids = nids;	305	*cnids = nids;
@@ -435,7 +444,7 @@ cryptodev_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
435	sess->cipher = cipher;	444	sess->cipher = cipher;
436		445
437	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {	446	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
438	close(state->d_fd);	447	put_dev_crypto(state->d_fd);
439	state->d_fd = -1;	448	state->d_fd = -1;
440	return (0);	449	return (0);
441	}	450	}
@@ -472,7 +481,7 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
472	} else {	481	} else {
473	ret = 1;	482	ret = 1;
474	}	483	}
475	close(state->d_fd);	484	put_dev_crypto(state->d_fd);
476	state->d_fd = -1;	485	state->d_fd = -1;
477		486
478	return (ret);	487	return (ret);
@@ -685,7 +694,7 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
685	sess->mac = digest;	694	sess->mac = digest;
686		695
687	if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {	696	if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
688	close(state->d_fd);	697	put_dev_crypto(state->d_fd);
689	state->d_fd = -1;	698	state->d_fd = -1;
690	printf("cryptodev_digest_init: Open session failed\n");	699	printf("cryptodev_digest_init: Open session failed\n");
691	return (0);	700	return (0);
@@ -757,14 +766,12 @@ static int cryptodev_digest_final(EVP_MD_CTX ctx, unsigned char md)
757	if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {	766	if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
758	/* if application doesn't support one buffer */	767	/* if application doesn't support one buffer */
759	memset(&cryp, 0, sizeof(cryp));	768	memset(&cryp, 0, sizeof(cryp));
760
761	cryp.ses = sess->ses;	769	cryp.ses = sess->ses;
762	cryp.flags = 0;	770	cryp.flags = 0;
763	cryp.len = state->mac_len;	771	cryp.len = state->mac_len;
764	cryp.src = state->mac_data;	772	cryp.src = state->mac_data;
765	cryp.dst = NULL;	773	cryp.dst = NULL;
766	cryp.mac = (caddr_t)md;	774	cryp.mac = (caddr_t)md;
767
768	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {	775	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
769	printf("cryptodev_digest_final: digest failed\n");	776	printf("cryptodev_digest_final: digest failed\n");
770	return (0);	777	return (0);
@@ -785,6 +792,9 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
785	struct dev_crypto_state *state = ctx->md_data;	792	struct dev_crypto_state *state = ctx->md_data;
786	struct session_op *sess = &state->d_sess;	793	struct session_op *sess = &state->d_sess;
787		794
		795	if (state == NULL)
		796	return 0;
		797
788	if (state->d_fd < 0) {	798	if (state->d_fd < 0) {
789	printf("cryptodev_digest_cleanup: illegal input\n");	799	printf("cryptodev_digest_cleanup: illegal input\n");
790	return (0);	800	return (0);
@@ -796,16 +806,13 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
796	state->mac_len = 0;	806	state->mac_len = 0;
797	}	807	}
798		808
799	if (state->copy)
800	return 1;
801
802	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {	809	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
803	printf("cryptodev_digest_cleanup: failed to close session\n");	810	printf("cryptodev_digest_cleanup: failed to close session\n");
804	ret = 0;	811	ret = 0;
805	} else {	812	} else {
806	ret = 1;	813	ret = 1;
807	}	814	}
808	close(state->d_fd);	815	put_dev_crypto(state->d_fd);
809	state->d_fd = -1;	816	state->d_fd = -1;
810		817
811	return (ret);	818	return (ret);
@@ -815,15 +822,39 @@ static int cryptodev_digest_copy(EVP_MD_CTX to,const EVP_MD_CTX from)
815	{	822	{
816	struct dev_crypto_state *fstate = from->md_data;	823	struct dev_crypto_state *fstate = from->md_data;
817	struct dev_crypto_state *dstate = to->md_data;	824	struct dev_crypto_state *dstate = to->md_data;
		825	struct session_op *sess;
		826	int digest;
818		827
819	memcpy(dstate, fstate, sizeof(struct dev_crypto_state));	828	if (dstate == NULL \|\| fstate == NULL)
		829	return 1;
820		830
821	if (fstate->mac_len != 0) {	831	memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
822	dstate->mac_data = OPENSSL_malloc(fstate->mac_len);	832
823	memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);	833	sess = &dstate->d_sess;
		834
		835	digest = digest_nid_to_cryptodev(to->digest->type);
		836
		837	sess->mackey = dstate->dummy_mac_key;
		838	sess->mackeylen = digest_key_length(to->digest->type);
		839	sess->mac = digest;
		840
		841	dstate->d_fd = get_dev_crypto();
		842
		843	if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
		844	put_dev_crypto(dstate->d_fd);
		845	dstate->d_fd = -1;
		846	printf("cryptodev_digest_init: Open session failed\n");
		847	return (0);
824	}	848	}
825		849
826	dstate->copy = 1;	850	if (fstate->mac_len != 0) {
		851	if (fstate->mac_data != NULL)
		852	{
		853	dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
		854	memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
		855	dstate->mac_len = fstate->mac_len;
		856	}
		857	}
827		858
828	return 1;	859	return 1;
829	}	860	}
@@ -1346,11 +1377,11 @@ ENGINE_load_cryptodev(void)
1346	* find out what asymmetric crypto algorithms we support	1377	* find out what asymmetric crypto algorithms we support
1347	*/	1378	*/
1348	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {	1379	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
1349	close(fd);	1380	put_dev_crypto(fd);
1350	ENGINE_free(engine);	1381	ENGINE_free(engine);
1351	return;	1382	return;
1352	}	1383	}
1353	close(fd);	1384	put_dev_crypto(fd);
1354		1385
1355	if (!ENGINE_set_id(engine, "cryptodev") \|\|	1386	if (!ENGINE_set_id(engine, "cryptodev") \|\|
1356	!ENGINE_set_name(engine, "BSD cryptodev engine") \|\|	1387	!ENGINE_set_name(engine, "BSD cryptodev engine") \|\|


diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c index db66e62350..789b8d57e5 100644 --- a/src/lib/libcrypto/engine/eng_fat.c +++ b/src/lib/libcrypto/engine/eng_fat.c
@@ -176,6 +176,7 @@ int ENGINE_register_all_complete(void)
176	ENGINE *e;	176	ENGINE *e;
177		177
178	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))	178	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
179	ENGINE_register_complete(e);	179	if (!(e->flags & ENGINE_FLAGS_NO_REGISTER_ALL))
		180	ENGINE_register_complete(e);
180	return 1;	181	return 1;
181	}	182	}


diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h index 9d73abac8e..f8be497724 100644 --- a/src/lib/libcrypto/engine/engine.h +++ b/src/lib/libcrypto/engine/engine.h
@@ -141,6 +141,13 @@ extern "C" {
141	* the existing ENGINE's structural reference count. */	141	* the existing ENGINE's structural reference count. */
142	#define ENGINE_FLAGS_BY_ID_COPY (int)0x0004	142	#define ENGINE_FLAGS_BY_ID_COPY (int)0x0004
143		143
		144	/* This flag if for an ENGINE that does not want its methods registered as
		145	* part of ENGINE_register_all_complete() for example if the methods are
		146	* not usable as default methods.
		147	*/
		148
		149	#define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008
		150
144	/* ENGINEs can support their own command types, and these flags are used in	151	/* ENGINEs can support their own command types, and these flags are used in
145	* ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each	152	* ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
146	* command expects. Currently only numeric and string input is supported. If a	153	* command expects. Currently only numeric and string input is supported. If a
@@ -344,7 +351,8 @@ void ENGINE_load_gost(void);
344	#endif	351	#endif
345	#endif	352	#endif
346	void ENGINE_load_cryptodev(void);	353	void ENGINE_load_cryptodev(void);
347	void ENGINE_load_aesni(void);	354	void ENGINE_load_rsax(void);
		355	void ENGINE_load_rdrand(void);
348	void ENGINE_load_builtin_engines(void);	356	void ENGINE_load_builtin_engines(void);
349		357
350	/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation	358	/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation