Use CRIOGET to fetch a crypto descriptor when present.

FreeBSD's current /dev/crypto implementation requires that consumers
clone a separate file descriptor via the CRIOGET ioctl that can then
be used with other ioctls such as CIOCGSESSION.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13468)

diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
index d54ca3bbc1161bb687d76d926272c7f54ac04564..6715ef408e385cd18b968905a3e99322fb692969 100644 (file)
--- a/engines/e_devcrypto.c
+++ b/engines/e_devcrypto.c
@@ -1172,10 +1172,12 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
  */
 static int open_devcrypto(void)
 {
+    int fd;
+
     if (cfd >= 0)
         return 1;
 
-    if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+    if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
 #ifndef ENGINE_DEVCRYPTO_DEBUG
         if (errno != ENOENT)
 #endif
@@ -1183,6 +1185,16 @@ static int open_devcrypto(void)
         return 0;
     }
 
+#ifdef CRIOGET
+    if (ioctl(fd, CRIOGET, &cfd) < 0) {
+        fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno));
+        cfd = -1;
+        return 0;
+    }
+#else
+    cfd = fd;
+#endif
+
     return 1;
 }