e_devcrypto: make the /dev/crypto engine dynamic

Engine has been moved from crypto/engine/eng_devcrypto.c to engines/e_devcrypto.c. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7859)
2024-11-27 03:54:14 +08:00 · 2018-11-06 10:57:03 -02:00 · 2018-11-06 10:57:03 -02:00 · 2afebe0bab
commit 2afebe0bab
parent 9a18aae5f2
4 changed files with 122 additions and 64 deletions
--- a/crypto/engine/build.info
+++ b/crypto/engine/build.info
@ -6,6 +6,3 @@ SOURCE[../../libcrypto]=\
        tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c \
        eng_openssl.c eng_cnf.c eng_dyn.c \
        eng_rdrand.c
-IF[{- !$disabled{devcryptoeng} -}]
-  SOURCE[../../libcrypto]=eng_devcrypto.c
-ENDIF
--- a/crypto/init.c
+++ b/crypto/init.c
@ -353,18 +353,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
    engine_load_openssl_int();
    return 1;
 }
-# ifndef OPENSSL_NO_DEVCRYPTOENG
-static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
-{
-#  ifdef OPENSSL_INIT_DEBUG
-    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
-                    "engine_load_devcrypto_int()\n");
-#  endif
-    engine_load_devcrypto_int();
-    return 1;
-}
-# endif

 # ifndef OPENSSL_NO_RDRAND
 static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
@ -389,6 +377,18 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
    return 1;
 }
 # ifndef OPENSSL_NO_STATIC_ENGINE
+#  ifndef OPENSSL_NO_DEVCRYPTOENG
+static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
+{
+#   ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
+                    "engine_load_devcrypto_int()\n");
+#   endif
+    engine_load_devcrypto_int();
+    return 1;
+}
+#  endif
 #  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
 static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
 DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
@ -747,11 +747,6 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
    if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
            && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
        return 0;
-# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
-    if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
-            && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
-        return 0;
-# endif
 # ifndef OPENSSL_NO_RDRAND
    if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
            && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
@ -761,6 +756,11 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
            && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
        return 0;
 # ifndef OPENSSL_NO_STATIC_ENGINE
+#  ifndef OPENSSL_NO_DEVCRYPTOENG
+    if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
+            && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
+        return 0;
+#  endif
 #  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
    if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
            && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
--- a/engines/build.info
+++ b/engines/build.info
@ -10,6 +10,9 @@ IF[{- !$disabled{"engine"} -}]
    IF[{- !$disabled{afalgeng} -}]
      SOURCE[../libcrypto]=e_afalg.c
    ENDIF
+    IF[{- !$disabled{"devcryptoeng"} -}]
+      SOURCE[../libcrypto]=e_devcrypto.c
+    ENDIF
  ELSE
    MODULES{engine}=padlock
    SOURCE[padlock]=e_padlock.c {- $target{padlock_asm_src} -}
@ -39,6 +42,16 @@ IF[{- !$disabled{"engine"} -}]
        GENERATE[afalg.ld]=../util/engines.num
      ENDIF
    ENDIF
+    IF[{- !$disabled{"devcryptoeng"} -}]
+      ENGINES=devcrypto
+      SOURCE[devcrypto]=e_devcrypto.c
+      DEPEND[devcrypto]=../libcrypto
+      INCLUDE[devcrypto]=../include
+      IF[{- defined $target{shared_defflag} -}]
+        SHARED_SOURCE[devcrypto]=devcrypto.ld
+        GENERATE[devcrypto.ld]=../util/engines.num
+      ENDIF
+    ENDIF

    MODULES{noinst,engine}=ossltest dasync
    SOURCE[dasync]=e_dasync.c
--- a/crypto/engine/eng_devcrypto.c
+++ b/crypto/engine/eng_devcrypto.c
@ -7,7 +7,7 @@
 * https://www.openssl.org/source/license.html
 */

-#include "e_os.h"
+#include "../e_os.h"
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
@ -23,20 +23,20 @@
 #include <openssl/objects.h>
 #include <crypto/cryptodev.h>

-#include "internal/engine.h"
-
 /* #define ENGINE_DEVCRYPTO_DEBUG */

 #ifdef CRYPTO_ALGORITHM_MIN
 # define CHECK_BSD_STYLE_MACROS
 #endif

+#define engine_devcrypto_id "devcrypto"
+
 /*
 * ONE global file descriptor for all sessions.  This allows operations
 * such as digest session data copying (see digest_copy()), but is also
 * saner...  why re-open /dev/crypto for every session?
 */
-static int cfd;
+static int cfd = -1;
 #define DEVCRYPTO_REQUIRE_ACCELERATED 0 /* require confirmation of acceleration */
 #define DEVCRYPTO_USE_SOFTWARE        1 /* allow software drivers */
 #define DEVCRYPTO_REJECT_SOFTWARE     2 /* only disallow confirmed software drivers */
@ -66,6 +66,10 @@ struct driver_info_st {
    char *driver_name;
 };

+#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+void engine_load_devcrypto_int(void);
+#endif
+
 /******************************************************************************
 *
 * Ciphers
@ -1138,6 +1142,37 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
 *
 *****/

+/*
+ * Opens /dev/crypto
+ */
+static int open_devcrypto(void)
+{
+    if (cfd >= 0)
+        return 1;
+
+    if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+#ifndef ENGINE_DEVCRYPTO_DEBUG
+        if (errno != ENOENT)
+#endif
+            fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
+        return 0;
+    }
+
+    return 1;
+}
+
+static int close_devcrypto(void)
+{
+    if (cfd < 0)
+        return 1;
+    cfd = -1;
+    if (close(cfd) == 0) {
+        fprintf(stderr, "Error closing /dev/crypto: %s\n", strerror(errno));
+        return 0;
+    }
+    return 1;
+}
+
 static int devcrypto_unload(ENGINE *e)
 {
    destroy_all_cipher_methods();
@ -1145,48 +1180,29 @@ static int devcrypto_unload(ENGINE *e)
    destroy_all_digest_methods();
 #endif

-    close(cfd);
+    close_devcrypto();

    return 1;
 }
-/*
- * This engine is always built into libcrypto, so it doesn't offer any
- * ability to be dynamically loadable.
- */
-void engine_load_devcrypto_int()
-{
-    ENGINE *e = NULL;

-    if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
-#ifndef ENGINE_DEVCRYPTO_DEBUG
-        if (errno != ENOENT)
-#endif
-            fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
-        return;
-    }
+static int bind_devcrypto(ENGINE *e) {

-    if ((e = ENGINE_new()) == NULL
-        || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
-        ENGINE_free(e);
-        /*
-         * We know that devcrypto_unload() won't be called when one of the
-         * above two calls have failed, so we close cfd explicitly here to
-         * avoid leaking resources.
-         */
-        close(cfd);
-        return;
-    }
+    if (!ENGINE_set_id(e, engine_devcrypto_id)
+        || !ENGINE_set_name(e, "/dev/crypto engine")
+        || !ENGINE_set_destroy_function(e, devcrypto_unload)
+        || !ENGINE_set_cmd_defns(e, devcrypto_cmds)
+        || !ENGINE_set_ctrl_function(e, devcrypto_ctrl))
+        return 0;

    prepare_cipher_methods();
 #ifdef IMPLEMENT_DIGEST
    prepare_digest_methods();
 #endif

-    if (!ENGINE_set_id(e, "devcrypto")
-        || !ENGINE_set_name(e, "/dev/crypto engine")
-        || !ENGINE_set_cmd_defns(e, devcrypto_cmds)
-        || !ENGINE_set_ctrl_function(e, devcrypto_ctrl)
-
+    return (ENGINE_set_ciphers(e, devcrypto_ciphers)
+#ifdef IMPLEMENT_DIGEST
+        && ENGINE_set_digests(e, devcrypto_digests)
+#endif
 /*
 * Asymmetric ciphers aren't well supported with /dev/crypto.  Among the BSD
 * implementations, it seems to only exist in FreeBSD, and regarding the
@ -1209,23 +1225,36 @@ void engine_load_devcrypto_int()
 */
 #if 0
 # ifndef OPENSSL_NO_RSA
-        || !ENGINE_set_RSA(e, devcrypto_rsa)
+        && ENGINE_set_RSA(e, devcrypto_rsa)
 # endif
 # ifndef OPENSSL_NO_DSA
-        || !ENGINE_set_DSA(e, devcrypto_dsa)
+        && ENGINE_set_DSA(e, devcrypto_dsa)
 # endif
 # ifndef OPENSSL_NO_DH
-        || !ENGINE_set_DH(e, devcrypto_dh)
+        && ENGINE_set_DH(e, devcrypto_dh)
 # endif
 # ifndef OPENSSL_NO_EC
-        || !ENGINE_set_EC(e, devcrypto_ec)
+        && ENGINE_set_EC(e, devcrypto_ec)
 # endif
 #endif
-        || !ENGINE_set_ciphers(e, devcrypto_ciphers)
-#ifdef IMPLEMENT_DIGEST
-        || !ENGINE_set_digests(e, devcrypto_digests)
-#endif
-        ) {
+        );
+}
+
+#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+/*
+ * In case this engine is built into libcrypto, then it doesn't offer any
+ * ability to be dynamically loadable.
+ */
+void engine_load_devcrypto_int(void)
+{
+    ENGINE *e = NULL;
+
+    if (!open_devcrypto())
+        return;
+
+    if ((e = ENGINE_new()) == NULL
+        || !bind_devcrypto(e)) {
+        close_devcrypto();
        ENGINE_free(e);
        return;
    }
@ -1234,3 +1263,22 @@ void engine_load_devcrypto_int()
    ENGINE_free(e);          /* Loose our local reference */
    ERR_clear_error();
 }
+
+#else
+
+static int bind_helper(ENGINE *e, const char *id)
+{
+    if ((id && (strcmp(id, engine_devcrypto_id) != 0))
+        || !open_devcrypto())
+        return 0;
+    if (!bind_devcrypto(e)) {
+        close_devcrypto();
+        return 0;
+    }
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+
+#endif