]>
Commit | Line | Data |
---|---|---|
619eb33a | 1 | /* |
fecb3aae | 2 | * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. |
619eb33a | 3 | * |
3c120f91 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
619eb33a RL |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
77ae4f6f | 10 | /* We need to use some deprecated APIs */ |
cf8e8cba P |
11 | #define OPENSSL_SUPPRESS_DEPRECATED |
12 | ||
d5f9166b | 13 | #include "internal/e_os.h" |
619eb33a RL |
14 | #include <string.h> |
15 | #include <sys/types.h> | |
16 | #include <sys/stat.h> | |
17 | #include <fcntl.h> | |
18 | #include <sys/ioctl.h> | |
19 | #include <unistd.h> | |
20 | #include <assert.h> | |
21 | ||
166261a5 | 22 | #include <openssl/conf.h> |
619eb33a RL |
23 | #include <openssl/evp.h> |
24 | #include <openssl/err.h> | |
25 | #include <openssl/engine.h> | |
26 | #include <openssl/objects.h> | |
9d0dd1d5 | 27 | #include "crypto/cryptodev.h" |
f2a6f838 | 28 | #include "internal/nelem.h" |
619eb33a | 29 | |
c79a022d JK |
30 | /* #define ENGINE_DEVCRYPTO_DEBUG */ |
31 | ||
fdbb3a86 | 32 | #if CRYPTO_ALGORITHM_MIN < CRYPTO_ALGORITHM_MAX |
619eb33a RL |
33 | # define CHECK_BSD_STYLE_MACROS |
34 | #endif | |
35 | ||
2afebe0b EQ |
36 | #define engine_devcrypto_id "devcrypto" |
37 | ||
7fd1ca72 JB |
38 | /* |
39 | * Use session2_op on FreeBSD which permits requesting specific | |
40 | * drivers or classes of drivers at session creation time. | |
41 | */ | |
42 | #ifdef CIOCGSESSION2 | |
43 | typedef struct session2_op session_op_t; | |
44 | #else | |
45 | typedef struct session_op session_op_t; | |
46 | #endif | |
47 | ||
458c7dad RL |
48 | /* |
49 | * ONE global file descriptor for all sessions. This allows operations | |
50 | * such as digest session data copying (see digest_copy()), but is also | |
51 | * saner... why re-open /dev/crypto for every session? | |
52 | */ | |
2afebe0b | 53 | static int cfd = -1; |
166261a5 EQ |
54 | #define DEVCRYPTO_REQUIRE_ACCELERATED 0 /* require confirmation of acceleration */ |
55 | #define DEVCRYPTO_USE_SOFTWARE 1 /* allow software drivers */ | |
56 | #define DEVCRYPTO_REJECT_SOFTWARE 2 /* only disallow confirmed software drivers */ | |
57 | ||
c703a808 EQ |
58 | #define DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS DEVCRYPTO_REJECT_SOFTWARE |
59 | static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS; | |
166261a5 EQ |
60 | |
61 | /* | |
62 | * cipher/digest status & acceleration definitions | |
63 | * Make sure the defaults are set to 0 | |
64 | */ | |
65 | struct driver_info_st { | |
66 | enum devcrypto_status_t { | |
2bafe6cf EQ |
67 | DEVCRYPTO_STATUS_FAILURE = -3, /* unusable for other reason */ |
68 | DEVCRYPTO_STATUS_NO_CIOCCPHASH = -2, /* hash state copy not supported */ | |
69 | DEVCRYPTO_STATUS_NO_CIOCGSESSION = -1, /* session open failed */ | |
70 | DEVCRYPTO_STATUS_UNKNOWN = 0, /* not tested yet */ | |
71 | DEVCRYPTO_STATUS_USABLE = 1 /* algo can be used */ | |
166261a5 EQ |
72 | } status; |
73 | ||
74 | enum devcrypto_accelerated_t { | |
2bafe6cf | 75 | DEVCRYPTO_NOT_ACCELERATED = -1, /* software implemented */ |
c2969ff6 | 76 | DEVCRYPTO_ACCELERATION_UNKNOWN = 0, /* acceleration support unknown */ |
2bafe6cf | 77 | DEVCRYPTO_ACCELERATED = 1 /* hardware accelerated */ |
166261a5 | 78 | } accelerated; |
2bafe6cf EQ |
79 | |
80 | char *driver_name; | |
166261a5 | 81 | }; |
458c7dad | 82 | |
2afebe0b EQ |
83 | #ifdef OPENSSL_NO_DYNAMIC_ENGINE |
84 | void engine_load_devcrypto_int(void); | |
85 | #endif | |
86 | ||
7fd1ca72 | 87 | static int clean_devcrypto_session(session_op_t *sess) { |
91958d71 | 88 | if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) { |
ff988500 | 89 | ERR_raise_data(ERR_LIB_SYS, errno, "calling ioctl()"); |
91958d71 EQ |
90 | return 0; |
91 | } | |
7fd1ca72 | 92 | memset(sess, 0, sizeof(*sess)); |
91958d71 EQ |
93 | return 1; |
94 | } | |
95 | ||
619eb33a RL |
96 | /****************************************************************************** |
97 | * | |
98 | * Ciphers | |
99 | * | |
100 | * Because they all do the same basic operation, we have only one set of | |
101 | * method functions for them all to share, and a mapping table between | |
102 | * NIDs and cryptodev IDs, with all the necessary size data. | |
103 | * | |
104 | *****/ | |
105 | ||
106 | struct cipher_ctx { | |
7fd1ca72 | 107 | session_op_t sess; |
619eb33a | 108 | int op; /* COP_ENCRYPT or COP_DECRYPT */ |
b5015e83 EQ |
109 | unsigned long mode; /* EVP_CIPH_*_MODE */ |
110 | ||
111 | /* to handle ctr mode being a stream cipher */ | |
112 | unsigned char partial[EVP_MAX_BLOCK_LENGTH]; | |
113 | unsigned int blocksize, num; | |
619eb33a RL |
114 | }; |
115 | ||
116 | static const struct cipher_data_st { | |
117 | int nid; | |
118 | int blocksize; | |
119 | int keylen; | |
120 | int ivlen; | |
121 | int flags; | |
122 | int devcryptoid; | |
123 | } cipher_data[] = { | |
124 | #ifndef OPENSSL_NO_DES | |
125 | { NID_des_cbc, 8, 8, 8, EVP_CIPH_CBC_MODE, CRYPTO_DES_CBC }, | |
126 | { NID_des_ede3_cbc, 8, 24, 8, EVP_CIPH_CBC_MODE, CRYPTO_3DES_CBC }, | |
127 | #endif | |
128 | #ifndef OPENSSL_NO_BF | |
129 | { NID_bf_cbc, 8, 16, 8, EVP_CIPH_CBC_MODE, CRYPTO_BLF_CBC }, | |
130 | #endif | |
131 | #ifndef OPENSSL_NO_CAST | |
132 | { NID_cast5_cbc, 8, 16, 8, EVP_CIPH_CBC_MODE, CRYPTO_CAST_CBC }, | |
133 | #endif | |
134 | { NID_aes_128_cbc, 16, 128 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC }, | |
135 | { NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC }, | |
136 | { NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC }, | |
137 | #ifndef OPENSSL_NO_RC4 | |
f52f2c1a | 138 | { NID_rc4, 1, 16, 0, EVP_CIPH_STREAM_CIPHER, CRYPTO_ARC4 }, |
619eb33a RL |
139 | #endif |
140 | #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_CTR) | |
141 | { NID_aes_128_ctr, 16, 128 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR }, | |
142 | { NID_aes_192_ctr, 16, 192 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR }, | |
143 | { NID_aes_256_ctr, 16, 256 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR }, | |
144 | #endif | |
145 | #if 0 /* Not yet supported */ | |
146 | { NID_aes_128_xts, 16, 128 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS }, | |
147 | { NID_aes_256_xts, 16, 256 / 8 * 2, 16, EVP_CIPH_XTS_MODE, CRYPTO_AES_XTS }, | |
148 | #endif | |
149 | #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_ECB) | |
b5015e83 EQ |
150 | { NID_aes_128_ecb, 16, 128 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, |
151 | { NID_aes_192_ecb, 16, 192 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, | |
152 | { NID_aes_256_ecb, 16, 256 / 8, 0, EVP_CIPH_ECB_MODE, CRYPTO_AES_ECB }, | |
619eb33a RL |
153 | #endif |
154 | #if 0 /* Not yet supported */ | |
155 | { NID_aes_128_gcm, 16, 128 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM }, | |
156 | { NID_aes_192_gcm, 16, 192 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM }, | |
157 | { NID_aes_256_gcm, 16, 256 / 8, 16, EVP_CIPH_GCM_MODE, CRYPTO_AES_GCM }, | |
158 | #endif | |
159 | #ifndef OPENSSL_NO_CAMELLIA | |
160 | { NID_camellia_128_cbc, 16, 128 / 8, 16, EVP_CIPH_CBC_MODE, | |
161 | CRYPTO_CAMELLIA_CBC }, | |
162 | { NID_camellia_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, | |
163 | CRYPTO_CAMELLIA_CBC }, | |
164 | { NID_camellia_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, | |
165 | CRYPTO_CAMELLIA_CBC }, | |
166 | #endif | |
167 | }; | |
168 | ||
166261a5 | 169 | static size_t find_cipher_data_index(int nid) |
619eb33a RL |
170 | { |
171 | size_t i; | |
172 | ||
173 | for (i = 0; i < OSSL_NELEM(cipher_data); i++) | |
174 | if (nid == cipher_data[i].nid) | |
175 | return i; | |
166261a5 EQ |
176 | return (size_t)-1; |
177 | } | |
178 | ||
179 | static size_t get_cipher_data_index(int nid) | |
180 | { | |
181 | size_t i = find_cipher_data_index(nid); | |
182 | ||
183 | if (i != (size_t)-1) | |
184 | return i; | |
619eb33a RL |
185 | |
186 | /* | |
187 | * Code further down must make sure that only NIDs in the table above | |
188 | * are used. If any other NID reaches this function, there's a grave | |
189 | * coding error further down. | |
190 | */ | |
191 | assert("Code that never should be reached" == NULL); | |
192 | return -1; | |
193 | } | |
194 | ||
195 | static const struct cipher_data_st *get_cipher_data(int nid) | |
196 | { | |
197 | return &cipher_data[get_cipher_data_index(nid)]; | |
198 | } | |
199 | ||
200 | /* | |
201 | * Following are the three necessary functions to map OpenSSL functionality | |
202 | * with cryptodev. | |
203 | */ | |
204 | ||
205 | static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |
206 | const unsigned char *iv, int enc) | |
207 | { | |
208 | struct cipher_ctx *cipher_ctx = | |
209 | (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); | |
210 | const struct cipher_data_st *cipher_d = | |
ed576acd | 211 | get_cipher_data(EVP_CIPHER_CTX_get_nid(ctx)); |
7fd1ca72 | 212 | int ret; |
c703a808 | 213 | |
91958d71 | 214 | /* cleanup a previous session */ |
c703a808 | 215 | if (cipher_ctx->sess.ses != 0 && |
91958d71 EQ |
216 | clean_devcrypto_session(&cipher_ctx->sess) == 0) |
217 | return 0; | |
619eb33a | 218 | |
619eb33a RL |
219 | cipher_ctx->sess.cipher = cipher_d->devcryptoid; |
220 | cipher_ctx->sess.keylen = cipher_d->keylen; | |
221 | cipher_ctx->sess.key = (void *)key; | |
222 | cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT; | |
b5015e83 EQ |
223 | cipher_ctx->mode = cipher_d->flags & EVP_CIPH_MODE; |
224 | cipher_ctx->blocksize = cipher_d->blocksize; | |
7fd1ca72 JB |
225 | #ifdef CIOCGSESSION2 |
226 | cipher_ctx->sess.crid = (use_softdrivers == DEVCRYPTO_USE_SOFTWARE) ? | |
227 | CRYPTO_FLAG_SOFTWARE | CRYPTO_FLAG_HARDWARE : | |
228 | CRYPTO_FLAG_HARDWARE; | |
229 | ret = ioctl(cfd, CIOCGSESSION2, &cipher_ctx->sess); | |
230 | #else | |
231 | ret = ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess); | |
232 | #endif | |
233 | if (ret < 0) { | |
ff988500 | 234 | ERR_raise_data(ERR_LIB_SYS, errno, "calling ioctl()"); |
619eb33a RL |
235 | return 0; |
236 | } | |
237 | ||
238 | return 1; | |
239 | } | |
240 | ||
241 | static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |
242 | const unsigned char *in, size_t inl) | |
243 | { | |
244 | struct cipher_ctx *cipher_ctx = | |
245 | (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); | |
246 | struct crypt_op cryp; | |
b5015e83 | 247 | unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); |
4f79affb RL |
248 | #if !defined(COP_FLAG_WRITE_IV) |
249 | unsigned char saved_iv[EVP_MAX_IV_LENGTH]; | |
b5015e83 EQ |
250 | const unsigned char *ivptr; |
251 | size_t nblocks, ivlen; | |
4f79affb | 252 | #endif |
619eb33a RL |
253 | |
254 | memset(&cryp, 0, sizeof(cryp)); | |
255 | cryp.ses = cipher_ctx->sess.ses; | |
256 | cryp.len = inl; | |
257 | cryp.src = (void *)in; | |
258 | cryp.dst = (void *)out; | |
b5015e83 | 259 | cryp.iv = (void *)iv; |
619eb33a | 260 | cryp.op = cipher_ctx->op; |
4f79affb RL |
261 | #if !defined(COP_FLAG_WRITE_IV) |
262 | cryp.flags = 0; | |
263 | ||
ed576acd | 264 | ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); |
b5015e83 EQ |
265 | if (ivlen > 0) |
266 | switch (cipher_ctx->mode) { | |
267 | case EVP_CIPH_CBC_MODE: | |
268 | assert(inl >= ivlen); | |
ed576acd | 269 | if (!EVP_CIPHER_CTX_is_encrypting(ctx)) { |
b5015e83 EQ |
270 | ivptr = in + inl - ivlen; |
271 | memcpy(saved_iv, ivptr, ivlen); | |
272 | } | |
273 | break; | |
274 | ||
275 | case EVP_CIPH_CTR_MODE: | |
276 | break; | |
277 | ||
278 | default: /* should not happen */ | |
279 | return 0; | |
4f79affb | 280 | } |
4f79affb | 281 | #else |
619eb33a | 282 | cryp.flags = COP_FLAG_WRITE_IV; |
4f79affb RL |
283 | #endif |
284 | ||
458c7dad | 285 | if (ioctl(cfd, CIOCCRYPT, &cryp) < 0) { |
ff988500 | 286 | ERR_raise_data(ERR_LIB_SYS, errno, "calling ioctl()"); |
619eb33a RL |
287 | return 0; |
288 | } | |
289 | ||
4f79affb | 290 | #if !defined(COP_FLAG_WRITE_IV) |
b5015e83 EQ |
291 | if (ivlen > 0) |
292 | switch (cipher_ctx->mode) { | |
293 | case EVP_CIPH_CBC_MODE: | |
294 | assert(inl >= ivlen); | |
ed576acd | 295 | if (EVP_CIPHER_CTX_is_encrypting(ctx)) |
b5015e83 EQ |
296 | ivptr = out + inl - ivlen; |
297 | else | |
298 | ivptr = saved_iv; | |
299 | ||
300 | memcpy(iv, ivptr, ivlen); | |
301 | break; | |
302 | ||
303 | case EVP_CIPH_CTR_MODE: | |
304 | nblocks = (inl + cipher_ctx->blocksize - 1) | |
305 | / cipher_ctx->blocksize; | |
306 | do { | |
307 | ivlen--; | |
308 | nblocks += iv[ivlen]; | |
309 | iv[ivlen] = (uint8_t) nblocks; | |
310 | nblocks >>= 8; | |
311 | } while (ivlen); | |
312 | break; | |
313 | ||
314 | default: /* should not happen */ | |
315 | return 0; | |
316 | } | |
317 | #endif | |
4f79affb | 318 | |
b5015e83 EQ |
319 | return 1; |
320 | } | |
4f79affb | 321 | |
b5015e83 EQ |
322 | static int ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
323 | const unsigned char *in, size_t inl) | |
324 | { | |
325 | struct cipher_ctx *cipher_ctx = | |
326 | (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); | |
327 | size_t nblocks, len; | |
328 | ||
329 | /* initial partial block */ | |
330 | while (cipher_ctx->num && inl) { | |
331 | (*out++) = *(in++) ^ cipher_ctx->partial[cipher_ctx->num]; | |
332 | --inl; | |
333 | cipher_ctx->num = (cipher_ctx->num + 1) % cipher_ctx->blocksize; | |
334 | } | |
335 | ||
336 | /* full blocks */ | |
337 | if (inl > (unsigned int) cipher_ctx->blocksize) { | |
338 | nblocks = inl/cipher_ctx->blocksize; | |
339 | len = nblocks * cipher_ctx->blocksize; | |
340 | if (cipher_do_cipher(ctx, out, in, len) < 1) | |
341 | return 0; | |
342 | inl -= len; | |
343 | out += len; | |
344 | in += len; | |
345 | } | |
346 | ||
347 | /* final partial block */ | |
348 | if (inl) { | |
349 | memset(cipher_ctx->partial, 0, cipher_ctx->blocksize); | |
350 | if (cipher_do_cipher(ctx, cipher_ctx->partial, cipher_ctx->partial, | |
351 | cipher_ctx->blocksize) < 1) | |
352 | return 0; | |
353 | while (inl--) { | |
354 | out[cipher_ctx->num] = in[cipher_ctx->num] | |
355 | ^ cipher_ctx->partial[cipher_ctx->num]; | |
356 | cipher_ctx->num++; | |
357 | } | |
4f79affb | 358 | } |
4f79affb | 359 | |
619eb33a RL |
360 | return 1; |
361 | } | |
362 | ||
6d99e238 EQ |
363 | static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2) |
364 | { | |
91958d71 EQ |
365 | struct cipher_ctx *cipher_ctx = |
366 | (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); | |
6d99e238 | 367 | EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2; |
91958d71 | 368 | struct cipher_ctx *to_cipher_ctx; |
6d99e238 | 369 | |
91958d71 | 370 | switch (type) { |
c703a808 | 371 | |
91958d71 EQ |
372 | case EVP_CTRL_COPY: |
373 | if (cipher_ctx == NULL) | |
374 | return 1; | |
375 | /* when copying the context, a new session needs to be initialized */ | |
376 | to_cipher_ctx = | |
377 | (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(to_ctx); | |
378 | memset(&to_cipher_ctx->sess, 0, sizeof(to_cipher_ctx->sess)); | |
226f2bf1 | 379 | return cipher_init(to_ctx, (void *)cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx), |
91958d71 | 380 | (cipher_ctx->op == COP_ENCRYPT)); |
c703a808 | 381 | |
91958d71 | 382 | case EVP_CTRL_INIT: |
c703a808 | 383 | memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess)); |
91958d71 | 384 | return 1; |
c703a808 | 385 | |
91958d71 EQ |
386 | default: |
387 | break; | |
6d99e238 EQ |
388 | } |
389 | ||
390 | return -1; | |
391 | } | |
392 | ||
619eb33a RL |
393 | static int cipher_cleanup(EVP_CIPHER_CTX *ctx) |
394 | { | |
395 | struct cipher_ctx *cipher_ctx = | |
396 | (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); | |
397 | ||
91958d71 | 398 | return clean_devcrypto_session(&cipher_ctx->sess); |
619eb33a RL |
399 | } |
400 | ||
401 | /* | |
166261a5 EQ |
402 | * Keep tables of known nids, associated methods, selected ciphers, and driver |
403 | * info. | |
f4411faa | 404 | * Note that known_cipher_nids[] isn't necessarily indexed the same way as |
166261a5 | 405 | * cipher_data[] above, which the other tables are. |
619eb33a RL |
406 | */ |
407 | static int known_cipher_nids[OSSL_NELEM(cipher_data)]; | |
408 | static int known_cipher_nids_amount = -1; /* -1 indicates not yet initialised */ | |
409 | static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { NULL, }; | |
166261a5 EQ |
410 | static int selected_ciphers[OSSL_NELEM(cipher_data)]; |
411 | static struct driver_info_st cipher_driver_info[OSSL_NELEM(cipher_data)]; | |
412 | ||
413 | ||
414 | static int devcrypto_test_cipher(size_t cipher_data_index) | |
415 | { | |
416 | return (cipher_driver_info[cipher_data_index].status == DEVCRYPTO_STATUS_USABLE | |
417 | && selected_ciphers[cipher_data_index] == 1 | |
418 | && (cipher_driver_info[cipher_data_index].accelerated | |
419 | == DEVCRYPTO_ACCELERATED | |
420 | || use_softdrivers == DEVCRYPTO_USE_SOFTWARE | |
421 | || (cipher_driver_info[cipher_data_index].accelerated | |
422 | != DEVCRYPTO_NOT_ACCELERATED | |
423 | && use_softdrivers == DEVCRYPTO_REJECT_SOFTWARE))); | |
424 | } | |
619eb33a | 425 | |
28ac1bd9 | 426 | static void prepare_cipher_methods(void) |
619eb33a RL |
427 | { |
428 | size_t i; | |
7fd1ca72 | 429 | session_op_t sess; |
b5015e83 | 430 | unsigned long cipher_mode; |
7fd1ca72 JB |
431 | #ifdef CIOCGSESSION2 |
432 | struct crypt_find_op fop; | |
433 | enum devcrypto_accelerated_t accelerated; | |
434 | #elif defined(CIOCGSESSINFO) | |
166261a5 EQ |
435 | struct session_info_op siop; |
436 | #endif | |
437 | ||
438 | memset(&cipher_driver_info, 0, sizeof(cipher_driver_info)); | |
619eb33a RL |
439 | |
440 | memset(&sess, 0, sizeof(sess)); | |
441 | sess.key = (void *)"01234567890123456789012345678901234567890123456789"; | |
442 | ||
443 | for (i = 0, known_cipher_nids_amount = 0; | |
444 | i < OSSL_NELEM(cipher_data); i++) { | |
445 | ||
166261a5 | 446 | selected_ciphers[i] = 1; |
619eb33a | 447 | /* |
166261a5 | 448 | * Check that the cipher is usable |
619eb33a RL |
449 | */ |
450 | sess.cipher = cipher_data[i].devcryptoid; | |
451 | sess.keylen = cipher_data[i].keylen; | |
7fd1ca72 JB |
452 | #ifdef CIOCGSESSION2 |
453 | /* | |
454 | * When using CIOCGSESSION2, first try to allocate a hardware | |
455 | * ("accelerated") session. If that fails, fall back to | |
456 | * allocating a software session. | |
457 | */ | |
458 | sess.crid = CRYPTO_FLAG_HARDWARE; | |
459 | if (ioctl(cfd, CIOCGSESSION2, &sess) == 0) { | |
460 | accelerated = DEVCRYPTO_ACCELERATED; | |
461 | } else { | |
462 | sess.crid = CRYPTO_FLAG_SOFTWARE; | |
463 | if (ioctl(cfd, CIOCGSESSION2, &sess) < 0) { | |
464 | cipher_driver_info[i].status = DEVCRYPTO_STATUS_NO_CIOCGSESSION; | |
465 | continue; | |
466 | } | |
467 | accelerated = DEVCRYPTO_NOT_ACCELERATED; | |
468 | } | |
469 | #else | |
166261a5 | 470 | if (ioctl(cfd, CIOCGSESSION, &sess) < 0) { |
2bafe6cf | 471 | cipher_driver_info[i].status = DEVCRYPTO_STATUS_NO_CIOCGSESSION; |
619eb33a | 472 | continue; |
166261a5 | 473 | } |
7fd1ca72 | 474 | #endif |
619eb33a | 475 | |
b5015e83 EQ |
476 | cipher_mode = cipher_data[i].flags & EVP_CIPH_MODE; |
477 | ||
619eb33a RL |
478 | if ((known_cipher_methods[i] = |
479 | EVP_CIPHER_meth_new(cipher_data[i].nid, | |
b5015e83 EQ |
480 | cipher_mode == EVP_CIPH_CTR_MODE ? 1 : |
481 | cipher_data[i].blocksize, | |
619eb33a RL |
482 | cipher_data[i].keylen)) == NULL |
483 | || !EVP_CIPHER_meth_set_iv_length(known_cipher_methods[i], | |
484 | cipher_data[i].ivlen) | |
485 | || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i], | |
486 | cipher_data[i].flags | |
6d99e238 | 487 | | EVP_CIPH_CUSTOM_COPY |
c703a808 | 488 | | EVP_CIPH_CTRL_INIT |
619eb33a RL |
489 | | EVP_CIPH_FLAG_DEFAULT_ASN1) |
490 | || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init) | |
491 | || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i], | |
b5015e83 EQ |
492 | cipher_mode == EVP_CIPH_CTR_MODE ? |
493 | ctr_do_cipher : | |
619eb33a | 494 | cipher_do_cipher) |
6d99e238 | 495 | || !EVP_CIPHER_meth_set_ctrl(known_cipher_methods[i], cipher_ctrl) |
619eb33a RL |
496 | || !EVP_CIPHER_meth_set_cleanup(known_cipher_methods[i], |
497 | cipher_cleanup) | |
498 | || !EVP_CIPHER_meth_set_impl_ctx_size(known_cipher_methods[i], | |
499 | sizeof(struct cipher_ctx))) { | |
2bafe6cf | 500 | cipher_driver_info[i].status = DEVCRYPTO_STATUS_FAILURE; |
619eb33a RL |
501 | EVP_CIPHER_meth_free(known_cipher_methods[i]); |
502 | known_cipher_methods[i] = NULL; | |
503 | } else { | |
166261a5 | 504 | cipher_driver_info[i].status = DEVCRYPTO_STATUS_USABLE; |
7fd1ca72 JB |
505 | #ifdef CIOCGSESSION2 |
506 | cipher_driver_info[i].accelerated = accelerated; | |
507 | fop.crid = sess.crid; | |
508 | if (ioctl(cfd, CIOCFINDDEV, &fop) == 0) { | |
509 | cipher_driver_info[i].driver_name = | |
510 | OPENSSL_strndup(fop.name, sizeof(fop.name)); | |
511 | } | |
512 | #elif defined(CIOCGSESSINFO) | |
166261a5 | 513 | siop.ses = sess.ses; |
2bafe6cf | 514 | if (ioctl(cfd, CIOCGSESSINFO, &siop) < 0) { |
166261a5 | 515 | cipher_driver_info[i].accelerated = DEVCRYPTO_ACCELERATION_UNKNOWN; |
2bafe6cf EQ |
516 | } else { |
517 | cipher_driver_info[i].driver_name = | |
518 | OPENSSL_strndup(siop.cipher_info.cra_driver_name, | |
519 | CRYPTODEV_MAX_ALG_NAME); | |
520 | if (!(siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY)) | |
521 | cipher_driver_info[i].accelerated = DEVCRYPTO_NOT_ACCELERATED; | |
522 | else | |
523 | cipher_driver_info[i].accelerated = DEVCRYPTO_ACCELERATED; | |
524 | } | |
166261a5 EQ |
525 | #endif /* CIOCGSESSINFO */ |
526 | } | |
527 | ioctl(cfd, CIOCFSESSION, &sess.ses); | |
528 | if (devcrypto_test_cipher(i)) { | |
619eb33a RL |
529 | known_cipher_nids[known_cipher_nids_amount++] = |
530 | cipher_data[i].nid; | |
531 | } | |
532 | } | |
619eb33a RL |
533 | } |
534 | ||
166261a5 EQ |
535 | static void rebuild_known_cipher_nids(ENGINE *e) |
536 | { | |
537 | size_t i; | |
538 | ||
539 | for (i = 0, known_cipher_nids_amount = 0; i < OSSL_NELEM(cipher_data); i++) { | |
540 | if (devcrypto_test_cipher(i)) | |
541 | known_cipher_nids[known_cipher_nids_amount++] = cipher_data[i].nid; | |
542 | } | |
543 | ENGINE_unregister_ciphers(e); | |
544 | ENGINE_register_ciphers(e); | |
545 | } | |
546 | ||
619eb33a RL |
547 | static const EVP_CIPHER *get_cipher_method(int nid) |
548 | { | |
549 | size_t i = get_cipher_data_index(nid); | |
550 | ||
551 | if (i == (size_t)-1) | |
552 | return NULL; | |
553 | return known_cipher_methods[i]; | |
554 | } | |
555 | ||
556 | static int get_cipher_nids(const int **nids) | |
557 | { | |
558 | *nids = known_cipher_nids; | |
559 | return known_cipher_nids_amount; | |
560 | } | |
561 | ||
562 | static void destroy_cipher_method(int nid) | |
563 | { | |
564 | size_t i = get_cipher_data_index(nid); | |
565 | ||
566 | EVP_CIPHER_meth_free(known_cipher_methods[i]); | |
567 | known_cipher_methods[i] = NULL; | |
568 | } | |
569 | ||
28ac1bd9 | 570 | static void destroy_all_cipher_methods(void) |
619eb33a RL |
571 | { |
572 | size_t i; | |
573 | ||
2bafe6cf | 574 | for (i = 0; i < OSSL_NELEM(cipher_data); i++) { |
619eb33a | 575 | destroy_cipher_method(cipher_data[i].nid); |
2bafe6cf EQ |
576 | OPENSSL_free(cipher_driver_info[i].driver_name); |
577 | cipher_driver_info[i].driver_name = NULL; | |
578 | } | |
619eb33a RL |
579 | } |
580 | ||
581 | static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher, | |
582 | const int **nids, int nid) | |
583 | { | |
584 | if (cipher == NULL) | |
585 | return get_cipher_nids(nids); | |
586 | ||
587 | *cipher = get_cipher_method(nid); | |
588 | ||
589 | return *cipher != NULL; | |
590 | } | |
591 | ||
166261a5 EQ |
592 | static void devcrypto_select_all_ciphers(int *cipher_list) |
593 | { | |
594 | size_t i; | |
595 | ||
596 | for (i = 0; i < OSSL_NELEM(cipher_data); i++) | |
597 | cipher_list[i] = 1; | |
598 | } | |
599 | ||
600 | static int cryptodev_select_cipher_cb(const char *str, int len, void *usr) | |
601 | { | |
602 | int *cipher_list = (int *)usr; | |
603 | char *name; | |
604 | const EVP_CIPHER *EVP; | |
605 | size_t i; | |
606 | ||
607 | if (len == 0) | |
608 | return 1; | |
609 | if (usr == NULL || (name = OPENSSL_strndup(str, len)) == NULL) | |
610 | return 0; | |
611 | EVP = EVP_get_cipherbyname(name); | |
612 | if (EVP == NULL) | |
613 | fprintf(stderr, "devcrypto: unknown cipher %s\n", name); | |
ed576acd | 614 | else if ((i = find_cipher_data_index(EVP_CIPHER_get_nid(EVP))) != (size_t)-1) |
166261a5 EQ |
615 | cipher_list[i] = 1; |
616 | else | |
617 | fprintf(stderr, "devcrypto: cipher %s not available\n", name); | |
618 | OPENSSL_free(name); | |
619 | return 1; | |
620 | } | |
621 | ||
2bafe6cf EQ |
622 | static void dump_cipher_info(void) |
623 | { | |
624 | size_t i; | |
625 | const char *name; | |
626 | ||
627 | fprintf (stderr, "Information about ciphers supported by the /dev/crypto" | |
628 | " engine:\n"); | |
629 | #ifndef CIOCGSESSINFO | |
630 | fprintf(stderr, "CIOCGSESSINFO (session info call) unavailable\n"); | |
631 | #endif | |
632 | for (i = 0; i < OSSL_NELEM(cipher_data); i++) { | |
633 | name = OBJ_nid2sn(cipher_data[i].nid); | |
634 | fprintf (stderr, "Cipher %s, NID=%d, /dev/crypto info: id=%d, ", | |
635 | name ? name : "unknown", cipher_data[i].nid, | |
636 | cipher_data[i].devcryptoid); | |
1287dabd | 637 | if (cipher_driver_info[i].status == DEVCRYPTO_STATUS_NO_CIOCGSESSION) { |
2bafe6cf EQ |
638 | fprintf (stderr, "CIOCGSESSION (session open call) failed\n"); |
639 | continue; | |
640 | } | |
641 | fprintf (stderr, "driver=%s ", cipher_driver_info[i].driver_name ? | |
642 | cipher_driver_info[i].driver_name : "unknown"); | |
643 | if (cipher_driver_info[i].accelerated == DEVCRYPTO_ACCELERATED) | |
644 | fprintf(stderr, "(hw accelerated)"); | |
645 | else if (cipher_driver_info[i].accelerated == DEVCRYPTO_NOT_ACCELERATED) | |
646 | fprintf(stderr, "(software)"); | |
647 | else | |
648 | fprintf(stderr, "(acceleration status unknown)"); | |
649 | if (cipher_driver_info[i].status == DEVCRYPTO_STATUS_FAILURE) | |
650 | fprintf (stderr, ". Cipher setup failed"); | |
651 | fprintf(stderr, "\n"); | |
652 | } | |
653 | fprintf(stderr, "\n"); | |
654 | } | |
655 | ||
4f79affb RL |
656 | /* |
657 | * We only support digests if the cryptodev implementation supports multiple | |
36af124b RL |
658 | * data updates and session copying. Otherwise, we would be forced to maintain |
659 | * a cache, which is perilous if there's a lot of data coming in (if someone | |
660 | * wants to checksum an OpenSSL tarball, for example). | |
4f79affb | 661 | */ |
36af124b RL |
662 | #if defined(CIOCCPHASH) && defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL) |
663 | #define IMPLEMENT_DIGEST | |
4f79affb | 664 | |
619eb33a RL |
665 | /****************************************************************************** |
666 | * | |
667 | * Digests | |
668 | * | |
669 | * Because they all do the same basic operation, we have only one set of | |
670 | * method functions for them all to share, and a mapping table between | |
671 | * NIDs and cryptodev IDs, with all the necessary size data. | |
672 | * | |
673 | *****/ | |
674 | ||
675 | struct digest_ctx { | |
7fd1ca72 | 676 | session_op_t sess; |
ae818369 EQ |
677 | /* This signals that the init function was called, not that it succeeded. */ |
678 | int init_called; | |
b2db94d1 | 679 | unsigned char digest_res[HASH_MAX_LEN]; |
619eb33a RL |
680 | }; |
681 | ||
682 | static const struct digest_data_st { | |
683 | int nid; | |
f7c5b120 | 684 | int blocksize; |
619eb33a RL |
685 | int digestlen; |
686 | int devcryptoid; | |
687 | } digest_data[] = { | |
688 | #ifndef OPENSSL_NO_MD5 | |
f7c5b120 | 689 | { NID_md5, /* MD5_CBLOCK */ 64, 16, CRYPTO_MD5 }, |
619eb33a | 690 | #endif |
f7c5b120 | 691 | { NID_sha1, SHA_CBLOCK, 20, CRYPTO_SHA1 }, |
619eb33a | 692 | #ifndef OPENSSL_NO_RMD160 |
5d58e8f1 | 693 | # if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_RIPEMD160) |
f7c5b120 | 694 | { NID_ripemd160, /* RIPEMD160_CBLOCK */ 64, 20, CRYPTO_RIPEMD160 }, |
619eb33a RL |
695 | # endif |
696 | #endif | |
5d58e8f1 | 697 | #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_224) |
f7c5b120 | 698 | { NID_sha224, SHA256_CBLOCK, 224 / 8, CRYPTO_SHA2_224 }, |
619eb33a | 699 | #endif |
5d58e8f1 | 700 | #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_256) |
f7c5b120 | 701 | { NID_sha256, SHA256_CBLOCK, 256 / 8, CRYPTO_SHA2_256 }, |
619eb33a | 702 | #endif |
5d58e8f1 | 703 | #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_384) |
f7c5b120 | 704 | { NID_sha384, SHA512_CBLOCK, 384 / 8, CRYPTO_SHA2_384 }, |
619eb33a | 705 | #endif |
5d58e8f1 | 706 | #if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_512) |
f7c5b120 | 707 | { NID_sha512, SHA512_CBLOCK, 512 / 8, CRYPTO_SHA2_512 }, |
619eb33a RL |
708 | #endif |
709 | }; | |
710 | ||
166261a5 | 711 | static size_t find_digest_data_index(int nid) |
619eb33a RL |
712 | { |
713 | size_t i; | |
714 | ||
715 | for (i = 0; i < OSSL_NELEM(digest_data); i++) | |
716 | if (nid == digest_data[i].nid) | |
717 | return i; | |
166261a5 EQ |
718 | return (size_t)-1; |
719 | } | |
720 | ||
721 | static size_t get_digest_data_index(int nid) | |
722 | { | |
723 | size_t i = find_digest_data_index(nid); | |
724 | ||
725 | if (i != (size_t)-1) | |
726 | return i; | |
619eb33a RL |
727 | |
728 | /* | |
729 | * Code further down must make sure that only NIDs in the table above | |
730 | * are used. If any other NID reaches this function, there's a grave | |
731 | * coding error further down. | |
732 | */ | |
733 | assert("Code that never should be reached" == NULL); | |
734 | return -1; | |
735 | } | |
736 | ||
737 | static const struct digest_data_st *get_digest_data(int nid) | |
738 | { | |
739 | return &digest_data[get_digest_data_index(nid)]; | |
740 | } | |
741 | ||
742 | /* | |
166261a5 EQ |
743 | * Following are the five necessary functions to map OpenSSL functionality |
744 | * with cryptodev: init, update, final, cleanup, and copy. | |
619eb33a RL |
745 | */ |
746 | ||
747 | static int digest_init(EVP_MD_CTX *ctx) | |
748 | { | |
749 | struct digest_ctx *digest_ctx = | |
ed576acd | 750 | (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx); |
619eb33a | 751 | const struct digest_data_st *digest_d = |
ed576acd | 752 | get_digest_data(EVP_MD_CTX_get_type(ctx)); |
619eb33a | 753 | |
ae818369 | 754 | digest_ctx->init_called = 1; |
619eb33a RL |
755 | |
756 | memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess)); | |
757 | digest_ctx->sess.mac = digest_d->devcryptoid; | |
458c7dad | 758 | if (ioctl(cfd, CIOCGSESSION, &digest_ctx->sess) < 0) { |
ff988500 | 759 | ERR_raise_data(ERR_LIB_SYS, errno, "calling ioctl()"); |
619eb33a RL |
760 | return 0; |
761 | } | |
619eb33a RL |
762 | return 1; |
763 | } | |
764 | ||
4f79affb RL |
765 | static int digest_op(struct digest_ctx *ctx, const void *src, size_t srclen, |
766 | void *res, unsigned int flags) | |
767 | { | |
768 | struct crypt_op cryp; | |
769 | ||
770 | memset(&cryp, 0, sizeof(cryp)); | |
771 | cryp.ses = ctx->sess.ses; | |
772 | cryp.len = srclen; | |
773 | cryp.src = (void *)src; | |
774 | cryp.dst = NULL; | |
775 | cryp.mac = res; | |
776 | cryp.flags = flags; | |
458c7dad | 777 | return ioctl(cfd, CIOCCRYPT, &cryp); |
4f79affb RL |
778 | } |
779 | ||
619eb33a RL |
780 | static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) |
781 | { | |
782 | struct digest_ctx *digest_ctx = | |
ed576acd | 783 | (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx); |
619eb33a | 784 | |
4f79affb RL |
785 | if (count == 0) |
786 | return 1; | |
787 | ||
4d9f9965 EQ |
788 | if (digest_ctx == NULL) |
789 | return 0; | |
790 | ||
b2db94d1 EQ |
791 | if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) { |
792 | if (digest_op(digest_ctx, data, count, digest_ctx->digest_res, 0) >= 0) | |
793 | return 1; | |
794 | } else if (digest_op(digest_ctx, data, count, NULL, COP_FLAG_UPDATE) >= 0) { | |
795 | return 1; | |
619eb33a RL |
796 | } |
797 | ||
ff988500 | 798 | ERR_raise_data(ERR_LIB_SYS, errno, "calling ioctl()"); |
b2db94d1 | 799 | return 0; |
619eb33a RL |
800 | } |
801 | ||
802 | static int digest_final(EVP_MD_CTX *ctx, unsigned char *md) | |
803 | { | |
804 | struct digest_ctx *digest_ctx = | |
ed576acd | 805 | (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx); |
619eb33a | 806 | |
4d9f9965 EQ |
807 | if (md == NULL || digest_ctx == NULL) |
808 | return 0; | |
b2db94d1 EQ |
809 | |
810 | if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) { | |
ed576acd | 811 | memcpy(md, digest_ctx->digest_res, EVP_MD_CTX_get_size(ctx)); |
b2db94d1 | 812 | } else if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) { |
ff988500 | 813 | ERR_raise_data(ERR_LIB_SYS, errno, "calling ioctl()"); |
619eb33a RL |
814 | return 0; |
815 | } | |
619eb33a RL |
816 | |
817 | return 1; | |
818 | } | |
819 | ||
36af124b RL |
820 | static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) |
821 | { | |
822 | struct digest_ctx *digest_from = | |
ed576acd | 823 | (struct digest_ctx *)EVP_MD_CTX_get0_md_data(from); |
36af124b | 824 | struct digest_ctx *digest_to = |
ed576acd | 825 | (struct digest_ctx *)EVP_MD_CTX_get0_md_data(to); |
36af124b RL |
826 | struct cphash_op cphash; |
827 | ||
ae818369 | 828 | if (digest_from == NULL || digest_from->init_called != 1) |
36af124b RL |
829 | return 1; |
830 | ||
36af124b | 831 | if (!digest_init(to)) { |
ff988500 | 832 | ERR_raise_data(ERR_LIB_SYS, errno, "calling ioctl()"); |
36af124b RL |
833 | return 0; |
834 | } | |
835 | ||
836 | cphash.src_ses = digest_from->sess.ses; | |
837 | cphash.dst_ses = digest_to->sess.ses; | |
838 | if (ioctl(cfd, CIOCCPHASH, &cphash) < 0) { | |
ff988500 | 839 | ERR_raise_data(ERR_LIB_SYS, errno, "calling ioctl()"); |
36af124b RL |
840 | return 0; |
841 | } | |
842 | return 1; | |
843 | } | |
844 | ||
619eb33a RL |
845 | static int digest_cleanup(EVP_MD_CTX *ctx) |
846 | { | |
a67203a1 | 847 | struct digest_ctx *digest_ctx = |
ed576acd | 848 | (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx); |
a67203a1 EQ |
849 | |
850 | if (digest_ctx == NULL) | |
851 | return 1; | |
91958d71 EQ |
852 | |
853 | return clean_devcrypto_session(&digest_ctx->sess); | |
619eb33a RL |
854 | } |
855 | ||
856 | /* | |
166261a5 EQ |
857 | * Keep tables of known nids, associated methods, selected digests, and |
858 | * driver info. | |
f4411faa | 859 | * Note that known_digest_nids[] isn't necessarily indexed the same way as |
166261a5 | 860 | * digest_data[] above, which the other tables are. |
619eb33a RL |
861 | */ |
862 | static int known_digest_nids[OSSL_NELEM(digest_data)]; | |
863 | static int known_digest_nids_amount = -1; /* -1 indicates not yet initialised */ | |
864 | static EVP_MD *known_digest_methods[OSSL_NELEM(digest_data)] = { NULL, }; | |
166261a5 EQ |
865 | static int selected_digests[OSSL_NELEM(digest_data)]; |
866 | static struct driver_info_st digest_driver_info[OSSL_NELEM(digest_data)]; | |
867 | ||
868 | static int devcrypto_test_digest(size_t digest_data_index) | |
869 | { | |
870 | return (digest_driver_info[digest_data_index].status == DEVCRYPTO_STATUS_USABLE | |
871 | && selected_digests[digest_data_index] == 1 | |
872 | && (digest_driver_info[digest_data_index].accelerated | |
873 | == DEVCRYPTO_ACCELERATED | |
874 | || use_softdrivers == DEVCRYPTO_USE_SOFTWARE | |
875 | || (digest_driver_info[digest_data_index].accelerated | |
876 | != DEVCRYPTO_NOT_ACCELERATED | |
877 | && use_softdrivers == DEVCRYPTO_REJECT_SOFTWARE))); | |
878 | } | |
879 | ||
880 | static void rebuild_known_digest_nids(ENGINE *e) | |
881 | { | |
882 | size_t i; | |
883 | ||
884 | for (i = 0, known_digest_nids_amount = 0; i < OSSL_NELEM(digest_data); i++) { | |
885 | if (devcrypto_test_digest(i)) | |
886 | known_digest_nids[known_digest_nids_amount++] = digest_data[i].nid; | |
887 | } | |
888 | ENGINE_unregister_digests(e); | |
889 | ENGINE_register_digests(e); | |
890 | } | |
619eb33a | 891 | |
28ac1bd9 | 892 | static void prepare_digest_methods(void) |
619eb33a RL |
893 | { |
894 | size_t i; | |
7fd1ca72 | 895 | session_op_t sess1, sess2; |
166261a5 EQ |
896 | #ifdef CIOCGSESSINFO |
897 | struct session_info_op siop; | |
898 | #endif | |
899 | struct cphash_op cphash; | |
900 | ||
901 | memset(&digest_driver_info, 0, sizeof(digest_driver_info)); | |
902 | ||
903 | memset(&sess1, 0, sizeof(sess1)); | |
904 | memset(&sess2, 0, sizeof(sess2)); | |
619eb33a RL |
905 | |
906 | for (i = 0, known_digest_nids_amount = 0; i < OSSL_NELEM(digest_data); | |
907 | i++) { | |
908 | ||
166261a5 EQ |
909 | selected_digests[i] = 1; |
910 | ||
619eb33a | 911 | /* |
166261a5 | 912 | * Check that the digest is usable |
619eb33a | 913 | */ |
166261a5 EQ |
914 | sess1.mac = digest_data[i].devcryptoid; |
915 | sess2.ses = 0; | |
916 | if (ioctl(cfd, CIOCGSESSION, &sess1) < 0) { | |
2bafe6cf | 917 | digest_driver_info[i].status = DEVCRYPTO_STATUS_NO_CIOCGSESSION; |
166261a5 EQ |
918 | goto finish; |
919 | } | |
619eb33a | 920 | |
166261a5 EQ |
921 | #ifdef CIOCGSESSINFO |
922 | /* gather hardware acceleration info from the driver */ | |
923 | siop.ses = sess1.ses; | |
2bafe6cf | 924 | if (ioctl(cfd, CIOCGSESSINFO, &siop) < 0) { |
166261a5 | 925 | digest_driver_info[i].accelerated = DEVCRYPTO_ACCELERATION_UNKNOWN; |
2bafe6cf EQ |
926 | } else { |
927 | digest_driver_info[i].driver_name = | |
928 | OPENSSL_strndup(siop.hash_info.cra_driver_name, | |
929 | CRYPTODEV_MAX_ALG_NAME); | |
930 | if (siop.flags & SIOP_FLAG_KERNEL_DRIVER_ONLY) | |
931 | digest_driver_info[i].accelerated = DEVCRYPTO_ACCELERATED; | |
932 | else | |
933 | digest_driver_info[i].accelerated = DEVCRYPTO_NOT_ACCELERATED; | |
934 | } | |
166261a5 EQ |
935 | #endif |
936 | ||
937 | /* digest must be capable of hash state copy */ | |
938 | sess2.mac = sess1.mac; | |
939 | if (ioctl(cfd, CIOCGSESSION, &sess2) < 0) { | |
2bafe6cf | 940 | digest_driver_info[i].status = DEVCRYPTO_STATUS_FAILURE; |
166261a5 EQ |
941 | goto finish; |
942 | } | |
943 | cphash.src_ses = sess1.ses; | |
944 | cphash.dst_ses = sess2.ses; | |
945 | if (ioctl(cfd, CIOCCPHASH, &cphash) < 0) { | |
2bafe6cf | 946 | digest_driver_info[i].status = DEVCRYPTO_STATUS_NO_CIOCCPHASH; |
166261a5 EQ |
947 | goto finish; |
948 | } | |
619eb33a RL |
949 | if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid, |
950 | NID_undef)) == NULL | |
f7c5b120 EQ |
951 | || !EVP_MD_meth_set_input_blocksize(known_digest_methods[i], |
952 | digest_data[i].blocksize) | |
619eb33a RL |
953 | || !EVP_MD_meth_set_result_size(known_digest_methods[i], |
954 | digest_data[i].digestlen) | |
955 | || !EVP_MD_meth_set_init(known_digest_methods[i], digest_init) | |
956 | || !EVP_MD_meth_set_update(known_digest_methods[i], digest_update) | |
957 | || !EVP_MD_meth_set_final(known_digest_methods[i], digest_final) | |
36af124b | 958 | || !EVP_MD_meth_set_copy(known_digest_methods[i], digest_copy) |
619eb33a RL |
959 | || !EVP_MD_meth_set_cleanup(known_digest_methods[i], digest_cleanup) |
960 | || !EVP_MD_meth_set_app_datasize(known_digest_methods[i], | |
961 | sizeof(struct digest_ctx))) { | |
2bafe6cf | 962 | digest_driver_info[i].status = DEVCRYPTO_STATUS_FAILURE; |
619eb33a RL |
963 | EVP_MD_meth_free(known_digest_methods[i]); |
964 | known_digest_methods[i] = NULL; | |
166261a5 | 965 | goto finish; |
619eb33a | 966 | } |
166261a5 EQ |
967 | digest_driver_info[i].status = DEVCRYPTO_STATUS_USABLE; |
968 | finish: | |
969 | ioctl(cfd, CIOCFSESSION, &sess1.ses); | |
970 | if (sess2.ses != 0) | |
971 | ioctl(cfd, CIOCFSESSION, &sess2.ses); | |
972 | if (devcrypto_test_digest(i)) | |
973 | known_digest_nids[known_digest_nids_amount++] = digest_data[i].nid; | |
619eb33a | 974 | } |
619eb33a RL |
975 | } |
976 | ||
977 | static const EVP_MD *get_digest_method(int nid) | |
978 | { | |
979 | size_t i = get_digest_data_index(nid); | |
980 | ||
981 | if (i == (size_t)-1) | |
982 | return NULL; | |
983 | return known_digest_methods[i]; | |
984 | } | |
985 | ||
986 | static int get_digest_nids(const int **nids) | |
987 | { | |
988 | *nids = known_digest_nids; | |
989 | return known_digest_nids_amount; | |
990 | } | |
991 | ||
992 | static void destroy_digest_method(int nid) | |
993 | { | |
994 | size_t i = get_digest_data_index(nid); | |
995 | ||
996 | EVP_MD_meth_free(known_digest_methods[i]); | |
997 | known_digest_methods[i] = NULL; | |
998 | } | |
999 | ||
28ac1bd9 | 1000 | static void destroy_all_digest_methods(void) |
619eb33a RL |
1001 | { |
1002 | size_t i; | |
1003 | ||
2bafe6cf | 1004 | for (i = 0; i < OSSL_NELEM(digest_data); i++) { |
619eb33a | 1005 | destroy_digest_method(digest_data[i].nid); |
2bafe6cf EQ |
1006 | OPENSSL_free(digest_driver_info[i].driver_name); |
1007 | digest_driver_info[i].driver_name = NULL; | |
1008 | } | |
619eb33a RL |
1009 | } |
1010 | ||
1011 | static int devcrypto_digests(ENGINE *e, const EVP_MD **digest, | |
1012 | const int **nids, int nid) | |
1013 | { | |
1014 | if (digest == NULL) | |
1015 | return get_digest_nids(nids); | |
1016 | ||
1017 | *digest = get_digest_method(nid); | |
1018 | ||
1019 | return *digest != NULL; | |
1020 | } | |
1021 | ||
166261a5 EQ |
1022 | static void devcrypto_select_all_digests(int *digest_list) |
1023 | { | |
1024 | size_t i; | |
1025 | ||
1026 | for (i = 0; i < OSSL_NELEM(digest_data); i++) | |
1027 | digest_list[i] = 1; | |
1028 | } | |
1029 | ||
1030 | static int cryptodev_select_digest_cb(const char *str, int len, void *usr) | |
1031 | { | |
1032 | int *digest_list = (int *)usr; | |
1033 | char *name; | |
1034 | const EVP_MD *EVP; | |
1035 | size_t i; | |
1036 | ||
1037 | if (len == 0) | |
1038 | return 1; | |
1039 | if (usr == NULL || (name = OPENSSL_strndup(str, len)) == NULL) | |
1040 | return 0; | |
1041 | EVP = EVP_get_digestbyname(name); | |
1042 | if (EVP == NULL) | |
1043 | fprintf(stderr, "devcrypto: unknown digest %s\n", name); | |
ed576acd | 1044 | else if ((i = find_digest_data_index(EVP_MD_get_type(EVP))) != (size_t)-1) |
166261a5 EQ |
1045 | digest_list[i] = 1; |
1046 | else | |
1047 | fprintf(stderr, "devcrypto: digest %s not available\n", name); | |
1048 | OPENSSL_free(name); | |
1049 | return 1; | |
1050 | } | |
1051 | ||
2bafe6cf EQ |
1052 | static void dump_digest_info(void) |
1053 | { | |
1054 | size_t i; | |
1055 | const char *name; | |
1056 | ||
1057 | fprintf (stderr, "Information about digests supported by the /dev/crypto" | |
1058 | " engine:\n"); | |
1059 | #ifndef CIOCGSESSINFO | |
1060 | fprintf(stderr, "CIOCGSESSINFO (session info call) unavailable\n"); | |
1061 | #endif | |
1062 | ||
1063 | for (i = 0; i < OSSL_NELEM(digest_data); i++) { | |
1064 | name = OBJ_nid2sn(digest_data[i].nid); | |
1065 | fprintf (stderr, "Digest %s, NID=%d, /dev/crypto info: id=%d, driver=%s", | |
1066 | name ? name : "unknown", digest_data[i].nid, | |
1067 | digest_data[i].devcryptoid, | |
1068 | digest_driver_info[i].driver_name ? digest_driver_info[i].driver_name : "unknown"); | |
1069 | if (digest_driver_info[i].status == DEVCRYPTO_STATUS_NO_CIOCGSESSION) { | |
1070 | fprintf (stderr, ". CIOCGSESSION (session open) failed\n"); | |
1071 | continue; | |
1072 | } | |
1073 | if (digest_driver_info[i].accelerated == DEVCRYPTO_ACCELERATED) | |
1074 | fprintf(stderr, " (hw accelerated)"); | |
1075 | else if (digest_driver_info[i].accelerated == DEVCRYPTO_NOT_ACCELERATED) | |
1076 | fprintf(stderr, " (software)"); | |
1077 | else | |
1078 | fprintf(stderr, " (acceleration status unknown)"); | |
1079 | if (cipher_driver_info[i].status == DEVCRYPTO_STATUS_FAILURE) | |
1080 | fprintf (stderr, ". Cipher setup failed\n"); | |
1081 | else if (digest_driver_info[i].status == DEVCRYPTO_STATUS_NO_CIOCCPHASH) | |
1082 | fprintf(stderr, ", CIOCCPHASH failed\n"); | |
1083 | else | |
1084 | fprintf(stderr, ", CIOCCPHASH capable\n"); | |
1085 | } | |
1086 | fprintf(stderr, "\n"); | |
1087 | } | |
1088 | ||
4f79affb RL |
1089 | #endif |
1090 | ||
166261a5 EQ |
1091 | /****************************************************************************** |
1092 | * | |
1093 | * CONTROL COMMANDS | |
1094 | * | |
1095 | *****/ | |
1096 | ||
1097 | #define DEVCRYPTO_CMD_USE_SOFTDRIVERS ENGINE_CMD_BASE | |
1098 | #define DEVCRYPTO_CMD_CIPHERS (ENGINE_CMD_BASE + 1) | |
1099 | #define DEVCRYPTO_CMD_DIGESTS (ENGINE_CMD_BASE + 2) | |
1100 | #define DEVCRYPTO_CMD_DUMP_INFO (ENGINE_CMD_BASE + 3) | |
1101 | ||
1102 | static const ENGINE_CMD_DEFN devcrypto_cmds[] = { | |
7fd1ca72 | 1103 | #if defined(CIOCGSESSINFO) || defined(CIOCGSESSION2) |
166261a5 EQ |
1104 | {DEVCRYPTO_CMD_USE_SOFTDRIVERS, |
1105 | "USE_SOFTDRIVERS", | |
1106 | "specifies whether to use software (not accelerated) drivers (" | |
1107 | OPENSSL_MSTR(DEVCRYPTO_REQUIRE_ACCELERATED) "=use only accelerated drivers, " | |
1108 | OPENSSL_MSTR(DEVCRYPTO_USE_SOFTWARE) "=allow all drivers, " | |
1109 | OPENSSL_MSTR(DEVCRYPTO_REJECT_SOFTWARE) | |
1110 | "=use if acceleration can't be determined) [default=" | |
583fd0c1 | 1111 | OPENSSL_MSTR(DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS) "]", |
166261a5 EQ |
1112 | ENGINE_CMD_FLAG_NUMERIC}, |
1113 | #endif | |
1114 | ||
1115 | {DEVCRYPTO_CMD_CIPHERS, | |
1116 | "CIPHERS", | |
1117 | "either ALL, NONE, or a comma-separated list of ciphers to enable [default=ALL]", | |
1118 | ENGINE_CMD_FLAG_STRING}, | |
1119 | ||
1120 | #ifdef IMPLEMENT_DIGEST | |
1121 | {DEVCRYPTO_CMD_DIGESTS, | |
1122 | "DIGESTS", | |
1123 | "either ALL, NONE, or a comma-separated list of digests to enable [default=ALL]", | |
1124 | ENGINE_CMD_FLAG_STRING}, | |
1125 | #endif | |
1126 | ||
2bafe6cf EQ |
1127 | {DEVCRYPTO_CMD_DUMP_INFO, |
1128 | "DUMP_INFO", | |
1129 | "dump info about each algorithm to stderr; use 'openssl engine -pre DUMP_INFO devcrypto'", | |
1130 | ENGINE_CMD_FLAG_NO_INPUT}, | |
1131 | ||
166261a5 EQ |
1132 | {0, NULL, NULL, 0} |
1133 | }; | |
1134 | ||
1135 | static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) | |
1136 | { | |
1137 | int *new_list; | |
1138 | switch (cmd) { | |
7fd1ca72 | 1139 | #if defined(CIOCGSESSINFO) || defined(CIOCGSESSION2) |
166261a5 EQ |
1140 | case DEVCRYPTO_CMD_USE_SOFTDRIVERS: |
1141 | switch (i) { | |
1142 | case DEVCRYPTO_REQUIRE_ACCELERATED: | |
1143 | case DEVCRYPTO_USE_SOFTWARE: | |
1144 | case DEVCRYPTO_REJECT_SOFTWARE: | |
1145 | break; | |
1146 | default: | |
1147 | fprintf(stderr, "devcrypto: invalid value (%ld) for USE_SOFTDRIVERS\n", i); | |
1148 | return 0; | |
1149 | } | |
1150 | if (use_softdrivers == i) | |
1151 | return 1; | |
1152 | use_softdrivers = i; | |
1153 | #ifdef IMPLEMENT_DIGEST | |
1154 | rebuild_known_digest_nids(e); | |
1155 | #endif | |
1156 | rebuild_known_cipher_nids(e); | |
1157 | return 1; | |
7fd1ca72 | 1158 | #endif /* CIOCGSESSINFO || CIOCGSESSION2 */ |
166261a5 EQ |
1159 | |
1160 | case DEVCRYPTO_CMD_CIPHERS: | |
1161 | if (p == NULL) | |
1162 | return 1; | |
fba140c7 | 1163 | if (OPENSSL_strcasecmp((const char *)p, "ALL") == 0) { |
166261a5 | 1164 | devcrypto_select_all_ciphers(selected_ciphers); |
fba140c7 | 1165 | } else if (OPENSSL_strcasecmp((const char*)p, "NONE") == 0) { |
166261a5 EQ |
1166 | memset(selected_ciphers, 0, sizeof(selected_ciphers)); |
1167 | } else { | |
1168 | new_list=OPENSSL_zalloc(sizeof(selected_ciphers)); | |
1169 | if (!CONF_parse_list(p, ',', 1, cryptodev_select_cipher_cb, new_list)) { | |
1170 | OPENSSL_free(new_list); | |
1171 | return 0; | |
1172 | } | |
1173 | memcpy(selected_ciphers, new_list, sizeof(selected_ciphers)); | |
1174 | OPENSSL_free(new_list); | |
1175 | } | |
1176 | rebuild_known_cipher_nids(e); | |
1177 | return 1; | |
1178 | ||
1179 | #ifdef IMPLEMENT_DIGEST | |
1180 | case DEVCRYPTO_CMD_DIGESTS: | |
1181 | if (p == NULL) | |
1182 | return 1; | |
fba140c7 | 1183 | if (OPENSSL_strcasecmp((const char *)p, "ALL") == 0) { |
166261a5 | 1184 | devcrypto_select_all_digests(selected_digests); |
fba140c7 | 1185 | } else if (OPENSSL_strcasecmp((const char*)p, "NONE") == 0) { |
166261a5 EQ |
1186 | memset(selected_digests, 0, sizeof(selected_digests)); |
1187 | } else { | |
1188 | new_list=OPENSSL_zalloc(sizeof(selected_digests)); | |
1189 | if (!CONF_parse_list(p, ',', 1, cryptodev_select_digest_cb, new_list)) { | |
1190 | OPENSSL_free(new_list); | |
1191 | return 0; | |
1192 | } | |
1193 | memcpy(selected_digests, new_list, sizeof(selected_digests)); | |
1194 | OPENSSL_free(new_list); | |
1195 | } | |
1196 | rebuild_known_digest_nids(e); | |
1197 | return 1; | |
1198 | #endif /* IMPLEMENT_DIGEST */ | |
1199 | ||
2bafe6cf EQ |
1200 | case DEVCRYPTO_CMD_DUMP_INFO: |
1201 | dump_cipher_info(); | |
1202 | #ifdef IMPLEMENT_DIGEST | |
1203 | dump_digest_info(); | |
1204 | #endif | |
1205 | return 1; | |
1206 | ||
166261a5 EQ |
1207 | default: |
1208 | break; | |
1209 | } | |
1210 | return 0; | |
1211 | } | |
1212 | ||
619eb33a RL |
1213 | /****************************************************************************** |
1214 | * | |
1215 | * LOAD / UNLOAD | |
1216 | * | |
1217 | *****/ | |
1218 | ||
619eb33a | 1219 | /* |
2afebe0b | 1220 | * Opens /dev/crypto |
619eb33a | 1221 | */ |
2afebe0b | 1222 | static int open_devcrypto(void) |
619eb33a | 1223 | { |
b39c215d JB |
1224 | int fd; |
1225 | ||
2afebe0b EQ |
1226 | if (cfd >= 0) |
1227 | return 1; | |
619eb33a | 1228 | |
b39c215d | 1229 | if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) { |
c79a022d | 1230 | #ifndef ENGINE_DEVCRYPTO_DEBUG |
1636b355 | 1231 | if (errno != ENOENT && errno != ENXIO) |
c79a022d JK |
1232 | #endif |
1233 | fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno)); | |
2afebe0b | 1234 | return 0; |
619eb33a RL |
1235 | } |
1236 | ||
b39c215d JB |
1237 | #ifdef CRIOGET |
1238 | if (ioctl(fd, CRIOGET, &cfd) < 0) { | |
1239 | fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno)); | |
3ddf44ea | 1240 | close(fd); |
b39c215d JB |
1241 | cfd = -1; |
1242 | return 0; | |
1243 | } | |
3ddf44ea | 1244 | close(fd); |
b39c215d JB |
1245 | #else |
1246 | cfd = fd; | |
1247 | #endif | |
1248 | ||
2afebe0b EQ |
1249 | return 1; |
1250 | } | |
1251 | ||
1252 | static int close_devcrypto(void) | |
1253 | { | |
41bffb9d EQ |
1254 | int ret; |
1255 | ||
2afebe0b EQ |
1256 | if (cfd < 0) |
1257 | return 1; | |
41bffb9d | 1258 | ret = close(cfd); |
2afebe0b | 1259 | cfd = -1; |
41bffb9d | 1260 | if (ret != 0) { |
2afebe0b EQ |
1261 | fprintf(stderr, "Error closing /dev/crypto: %s\n", strerror(errno)); |
1262 | return 0; | |
681e8cac | 1263 | } |
2afebe0b EQ |
1264 | return 1; |
1265 | } | |
619eb33a | 1266 | |
2afebe0b EQ |
1267 | static int devcrypto_unload(ENGINE *e) |
1268 | { | |
1269 | destroy_all_cipher_methods(); | |
d9d4dff5 | 1270 | #ifdef IMPLEMENT_DIGEST |
2afebe0b | 1271 | destroy_all_digest_methods(); |
d9d4dff5 EQ |
1272 | #endif |
1273 | ||
2afebe0b EQ |
1274 | close_devcrypto(); |
1275 | ||
1276 | return 1; | |
1277 | } | |
1278 | ||
1279 | static int bind_devcrypto(ENGINE *e) { | |
1280 | ||
1281 | if (!ENGINE_set_id(e, engine_devcrypto_id) | |
619eb33a | 1282 | || !ENGINE_set_name(e, "/dev/crypto engine") |
2afebe0b | 1283 | || !ENGINE_set_destroy_function(e, devcrypto_unload) |
166261a5 | 1284 | || !ENGINE_set_cmd_defns(e, devcrypto_cmds) |
2afebe0b EQ |
1285 | || !ENGINE_set_ctrl_function(e, devcrypto_ctrl)) |
1286 | return 0; | |
8bd2c65f | 1287 | |
2afebe0b EQ |
1288 | prepare_cipher_methods(); |
1289 | #ifdef IMPLEMENT_DIGEST | |
1290 | prepare_digest_methods(); | |
1291 | #endif | |
1292 | ||
1293 | return (ENGINE_set_ciphers(e, devcrypto_ciphers) | |
1294 | #ifdef IMPLEMENT_DIGEST | |
1295 | && ENGINE_set_digests(e, devcrypto_digests) | |
1296 | #endif | |
8bd2c65f RL |
1297 | /* |
1298 | * Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD | |
1299 | * implementations, it seems to only exist in FreeBSD, and regarding the | |
1300 | * parameters in its crypt_kop, the manual crypto(4) has this to say: | |
1301 | * | |
1302 | * The semantics of these arguments are currently undocumented. | |
1303 | * | |
1304 | * Reading through the FreeBSD source code doesn't give much more than | |
1305 | * their CRK_MOD_EXP implementation for ubsec. | |
1306 | * | |
1307 | * It doesn't look much better with cryptodev-linux. They have the crypt_kop | |
1308 | * structure as well as the command (CRK_*) in cryptodev.h, but no support | |
1309 | * seems to be implemented at all for the moment. | |
1310 | * | |
1311 | * At the time of writing, it seems impossible to write proper support for | |
1312 | * FreeBSD's asym features without some very deep knowledge and access to | |
1313 | * specific kernel modules. | |
1314 | * | |
1315 | * /Richard Levitte, 2017-05-11 | |
1316 | */ | |
1317 | #if 0 | |
2afebe0b | 1318 | && ENGINE_set_RSA(e, devcrypto_rsa) |
619eb33a | 1319 | # ifndef OPENSSL_NO_DSA |
2afebe0b | 1320 | && ENGINE_set_DSA(e, devcrypto_dsa) |
619eb33a RL |
1321 | # endif |
1322 | # ifndef OPENSSL_NO_DH | |
2afebe0b | 1323 | && ENGINE_set_DH(e, devcrypto_dh) |
619eb33a RL |
1324 | # endif |
1325 | # ifndef OPENSSL_NO_EC | |
2afebe0b | 1326 | && ENGINE_set_EC(e, devcrypto_ec) |
619eb33a RL |
1327 | # endif |
1328 | #endif | |
2afebe0b EQ |
1329 | ); |
1330 | } | |
1331 | ||
1332 | #ifdef OPENSSL_NO_DYNAMIC_ENGINE | |
1333 | /* | |
1334 | * In case this engine is built into libcrypto, then it doesn't offer any | |
1335 | * ability to be dynamically loadable. | |
1336 | */ | |
1337 | void engine_load_devcrypto_int(void) | |
1338 | { | |
1339 | ENGINE *e = NULL; | |
1340 | ||
1341 | if (!open_devcrypto()) | |
1342 | return; | |
1343 | ||
1344 | if ((e = ENGINE_new()) == NULL | |
1345 | || !bind_devcrypto(e)) { | |
1346 | close_devcrypto(); | |
619eb33a RL |
1347 | ENGINE_free(e); |
1348 | return; | |
1349 | } | |
1350 | ||
b9b2135d | 1351 | ERR_set_mark(); |
619eb33a | 1352 | ENGINE_add(e); |
b9b2135d MC |
1353 | /* |
1354 | * If the "add" worked, it gets a structural reference. So either way, we | |
1355 | * release our just-created reference. | |
1356 | */ | |
619eb33a | 1357 | ENGINE_free(e); /* Loose our local reference */ |
b9b2135d MC |
1358 | /* |
1359 | * If the "add" didn't work, it was probably a conflict because it was | |
1360 | * already added (eg. someone calling ENGINE_load_blah then calling | |
1361 | * ENGINE_load_builtin_engines() perhaps). | |
1362 | */ | |
1363 | ERR_pop_to_mark(); | |
1364 | } | |
2afebe0b EQ |
1365 | |
1366 | #else | |
1367 | ||
1368 | static int bind_helper(ENGINE *e, const char *id) | |
1369 | { | |
1370 | if ((id && (strcmp(id, engine_devcrypto_id) != 0)) | |
1371 | || !open_devcrypto()) | |
1372 | return 0; | |
1373 | if (!bind_devcrypto(e)) { | |
1374 | close_devcrypto(); | |
1375 | return 0; | |
1376 | } | |
1377 | return 1; | |
1378 | } | |
1379 | ||
1380 | IMPLEMENT_DYNAMIC_CHECK_FN() | |
1381 | IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) | |
1382 | ||
1383 | #endif |