From b39c215decf6e68c28cb64dcfaf5ae5a7e8d35b4 Mon Sep 17 00:00:00 2001
From: John Baldwin <jhb@FreeBSD.org>
Date: Fri, 20 Nov 2020 17:07:35 -0800
Subject: [PATCH] Use CRIOGET to fetch a crypto descriptor when present.

FreeBSD's current /dev/crypto implementation requires that consumers
clone a separate file descriptor via the CRIOGET ioctl that can then
be used with other ioctls such as CIOCGSESSION.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13468)
---
 engines/e_devcrypto.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
index d54ca3bbc11..6715ef408e3 100644
--- a/engines/e_devcrypto.c
+++ b/engines/e_devcrypto.c
@@ -1172,10 +1172,12 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
  */
 static int open_devcrypto(void)
 {
+    int fd;
+
     if (cfd >= 0)
         return 1;
 
-    if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+    if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
 #ifndef ENGINE_DEVCRYPTO_DEBUG
         if (errno != ENOENT)
 #endif
@@ -1183,6 +1185,16 @@ static int open_devcrypto(void)
         return 0;
     }
 
+#ifdef CRIOGET
+    if (ioctl(fd, CRIOGET, &cfd) < 0) {
+        fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno));
+        cfd = -1;
+        return 0;
+    }
+#else
+    cfd = fd;
+#endif
+
     return 1;
 }
 
-- 
2.47.2