From 7f458a48ff3a231d5841466525d2aacbcd4f6b77 Mon Sep 17 00:00:00 2001 From: clucey Date: Wed, 17 Feb 2016 13:38:36 +0000 Subject: [PATCH] ALG: Add AFALG engine Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell --- Configure | 13 + Makefile.in | 3 + engines/Makefile.in | 13 +- engines/afalg/Makefile.in | 89 ++++ engines/afalg/build.info | 8 + engines/afalg/e_afalg.c | 839 ++++++++++++++++++++++++++++++++++++ engines/afalg/e_afalg.ec | 1 + engines/afalg/e_afalg.h | 111 +++++ engines/afalg/e_afalg_err.c | 151 +++++++ engines/afalg/e_afalg_err.h | 99 +++++ 10 files changed, 1326 insertions(+), 1 deletion(-) create mode 100644 engines/afalg/Makefile.in create mode 100644 engines/afalg/build.info create mode 100644 engines/afalg/e_afalg.c create mode 100644 engines/afalg/e_afalg.ec create mode 100644 engines/afalg/e_afalg.h create mode 100644 engines/afalg/e_afalg_err.c create mode 100644 engines/afalg/e_afalg_err.h diff --git a/Configure b/Configure index 305820b6f1..1a578be091 100755 --- a/Configure +++ b/Configure @@ -1175,6 +1175,19 @@ else { $no_user_defines=1; } # ALL MODIFICATIONS TO %config and %target MUST BE DONE FROM HERE ON +$config{afalg}=""; +if ($target =~ m/^linux/) { + my $minver = 4*10000 + 1*100 + 0; + if ($config{cross_compile_prefix} eq "") { + my $verstr = `uname -r`; + my ($ma, $mi1, $mi2) = split("\\.", $verstr); + ($mi2) = $mi2 =~ /(\d+)/; + my $ver = $ma*10000 + $mi1*100 + $mi2; + $config{afalg}="afalg" if ($ver >= $minver); + } +} +push @{$config{engdirs}}, $config{afalg}; + # If we use the unified build, collect information from build.info files my %unified_info = (); diff --git a/Makefile.in b/Makefile.in index 9fcdb394a6..892a20866e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -230,6 +230,8 @@ INSTALLDIRS= \ $(DESTDIR)$(OPENSSLDIR)/certs \ $(DESTDIR)$(OPENSSLDIR)/private +ENGDIRS={- join(" ", @{$config{engdirs}}) -} + all: Makefile build_all_but_tests # as we stick to -e, CLEARENV ensures that local variables in lower @@ -275,6 +277,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\ AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \ BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \ RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \ + ENGDIRS='$(ENGDIRS)' \ SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \ MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \ RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \ diff --git a/engines/Makefile.in b/engines/Makefile.in index cfe550fb49..7a284cf57a 100644 --- a/engines/Makefile.in +++ b/engines/Makefile.in @@ -10,6 +10,11 @@ CFLAG=-g MAKEFILE= Makefile AR= ar r +RECURSIVE_MAKE= [ -z "$(ENGDIRS)" ] || for i in $(ENGDIRS) ; do \ + (cd $$i && echo "making $$target in $(DIR)/$$i..." && \ + $(MAKE) -e TOP=../.. DIR=$$i $$target ) || exit 1; \ + done; + PADLOCK_ASM_OBJ= PLIB_LDFLAG= @@ -49,7 +54,7 @@ ALL= $(GENERAL) $(SRC) $(HEADER) top: (cd ..; $(MAKE) DIRS=$(DIR) all) -all: lib +all: lib subdirs lib: $(LIBOBJ) $(TESTLIBOBJ) @if [ "$(DYNAMIC_ENGINES)" = 1 ]; then \ @@ -71,8 +76,12 @@ e_padlock-x86.s: asm/e_padlock-x86.pl e_padlock-x86_64.s: asm/e_padlock-x86_64.pl $(PERL) asm/e_padlock-x86_64.pl $(PERLASM_SCHEME) > $@ +subdirs: + @target=all; $(RECURSIVE_MAKE) + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + @target=files; $(RECURSIVE_MAKE) install: @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... @@ -94,6 +103,7 @@ uninstall: $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/engines/$${l}$(DSO_EXT); \ done; \ fi + @target=install; $(RECURSIVE_MAKE) errors: set -e; for l in $(LIBNAMES); do \ @@ -107,5 +117,6 @@ depend: clean: rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + @target=clean; $(RECURSIVE_MAKE) # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/engines/afalg/Makefile.in b/engines/afalg/Makefile.in new file mode 100644 index 0000000000..8120272324 --- /dev/null +++ b/engines/afalg/Makefile.in @@ -0,0 +1,89 @@ +# +# OpenSSL/engines/afalg/Makefile +# + +DIR= afalg +TOP= ../.. +CC= cc +INCLUDES= -I../../include +CFLAG=-g +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) +LIB=$(TOP)/libcrypto.a + +LIBNAME=afalg +LIBSRC= e_afalg.c +LIBOBJ= e_afalg.o e_afalg_err.o + +SRC= $(LIBSRC) + +top: + (cd $(TOP); $(MAKE) DIRS=engines sub_all) + +all: errors lib + +errors: + $(PERL) $(TOP)/util/mkerr.pl -conf e_afalg.ec -nostatic -write $(SRC) + +lib: $(LIBOBJ) + @if [ -n "$(SHARED_LIBS)" ]; then \ + $(MAKE) -f $(TOP)/Makefile.shared -e \ + LIBNAME=$(LIBNAME) \ + LIBEXTRAS='$(LIBOBJ)' \ + LIBDEPS='-L$(TOP) -lcrypto' \ + link_o.$(SHLIB_TARGET); \ + else \ + $(AR) $(LIB) $(LIBOBJ); \ + fi + @touch lib + +install: + [ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ + echo installing $(LIBNAME); \ + pfx=lib; \ + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ + sfx=".so"; \ + cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + else \ + case "$(CFLAGS)" in \ + *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \ + *DSO_DL*) sfx=".sl";; \ + *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ + *) sfx=".bad";; \ + esac; \ + cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + fi; \ + chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ + fi + +depend: + @[ -z "$(THIS)" ] || $(TOP)/util/domd $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(TESTLIBSRC) + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +clean: + rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff *.so *.dll *.dylib + +# DO NOT DELETE THIS LINE -- make depend depends on it. +e_afalg.o: e_afalg.c ../../include/openssl/engine.h \ + ../../include/openssl/opensslconf.h ../../include/openssl/bn.h \ + ../../include/openssl/e_os2.h ../../include/openssl/ossl_typ.h \ + ../../include/openssl/crypto.h ../../include/openssl/stack.h \ + ../../include/openssl/safestack.h ../../include/openssl/opensslv.h \ + ../../include/openssl/symhacks.h ../../include/openssl/rsa.h \ + ../../include/openssl/asn1.h ../../include/openssl/bio.h \ + ../../include/openssl/dsa.h ../../include/openssl/dh.h \ + ../../include/openssl/ec.h ../../include/openssl/rand.h \ + ../../include/openssl/ui.h ../../include/openssl/err.h \ + ../../include/openssl/lhash.h ../../include/openssl/x509.h \ + ../../include/openssl/buffer.h ../../include/openssl/evp.h \ + ../../include/openssl/objects.h ../../include/openssl/obj_mac.h \ + ../../include/openssl/sha.h ../../include/openssl/x509_vfy.h \ + ../../include/openssl/pkcs7.h ../../include/openssl/async.h e_afalg.h \ + e_afalg_err.h diff --git a/engines/afalg/build.info b/engines/afalg/build.info new file mode 100644 index 0000000000..5336de7995 --- /dev/null +++ b/engines/afalg/build.info @@ -0,0 +1,8 @@ +{- use File::Spec::Functions qw/:DEFAULT rel2abs/; -} + +IF[{- $config{afalg} eq "afalg" -}] + ENGINES=libafalg + SOURCE[libafalg]=e_afalg.c e_afalg_err.c + DEPEND[libafalg]=../../libcrypto + INCLUDE[libafalg]= {- rel2abs(catdir($builddir,"../include")) -} ../../include +ENDIF diff --git a/engines/afalg/e_afalg.c b/engines/afalg/e_afalg.c new file mode 100644 index 0000000000..b3ca38accb --- /dev/null +++ b/engines/afalg/e_afalg.c @@ -0,0 +1,839 @@ +/* ==================================================================== + * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Required for vmsplice */ +#define _GNU_SOURCE +#include +#include +#include + +#include +#include + +#include +#define K_MAJ 4 +#define K_MIN1 1 +#define K_MIN2 0 +#if LINUX_VERSION_CODE <= KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2) +# warning "AFALG ENGINE requires Kernel Headers >= 4.1.0" +# warning "Skipping Compilation of AFALG engine" +#else + +# include +# include +# include +# include + +# include +# include +# include + +# include "e_afalg.h" + +# define AFALG_LIB_NAME "AFALG" +# include "e_afalg_err.h" + +# ifndef SOL_ALG +# define SOL_ALG 279 +# endif + +# ifdef ALG_ZERO_COPY +# ifndef SPLICE_F_GIFT +# define SPLICE_F_GIFT (0x08) +# endif +# endif + +# define ALG_AES_IV_LEN 16 +# define ALG_IV_LEN(len) (sizeof(struct af_alg_iv) + (len)) +# define ALG_OP_TYPE unsigned int +# define ALG_OP_LEN (sizeof(ALG_OP_TYPE)) + +/* Local Linkage Functions */ +static int afalg_init_aio(afalg_aio *aio); +static int afalg_fin_cipher_aio(afalg_aio *ptr, int sfd, + unsigned char *buf, size_t len); +static int afalg_create_bind_sk(void); +static int afalg_destroy(ENGINE *e); +static int afalg_init(ENGINE *e); +static int afalg_finish(ENGINE *e); +const EVP_CIPHER *afalg_aes_128_cbc(void); +static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + const int **nids, int nid); +static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx); +static int afalg_chk_platform(void); + +/* Engine Id and Name */ +static const char *engine_afalg_id = "afalg"; +static const char *engine_afalg_name = "AFLAG engine support"; + +int afalg_cipher_nids[] = { + NID_aes_128_cbc +}; + +static EVP_CIPHER *_hidden_aes_128_cbc = NULL; + +static inline int io_setup(unsigned n, aio_context_t *ctx) +{ + return syscall(__NR_io_setup, n, ctx); +} + +static inline int eventfd(int n) +{ + return syscall(__NR_eventfd, n); +} + +static inline int io_destroy(aio_context_t ctx) +{ + return syscall(__NR_io_destroy, ctx); +} + +static inline int io_read(aio_context_t ctx, long n, struct iocb **iocb) +{ + return syscall(__NR_io_submit, ctx, n, iocb); +} + +static inline int io_getevents(aio_context_t ctx, long min, long max, + struct io_event *events, + struct timespec *timeout) +{ + return syscall(__NR_io_getevents, ctx, min, max, events, timeout); +} + +static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, + OSSL_ASYNC_FD waitfd, void *custom) +{ + close(waitfd); +} + +static int afalg_setup_async_event_notification(afalg_aio *aio) +{ + ASYNC_JOB *job; + ASYNC_WAIT_CTX *waitctx; + void *custom = NULL; + + if ((job = ASYNC_get_current_job()) != NULL) { + /* Async mode */ + waitctx = ASYNC_get_wait_ctx(job); + if (waitctx == NULL) { + ALG_WARN("%s: ASYNC_get_wait_ctx error", __func__); + return 0; + } + /* Get waitfd from ASYNC_WAIT_CTX if it is alreday set */ + if (0 == ASYNC_WAIT_CTX_get_fd(waitctx, engine_afalg_id, + &aio->efd_async, &custom)) { + /* waitfd is not set in ASYNC_WAIT_CTX so we set it */ + /* efd_async will be signaled when AIO operation completes */ + aio->efd_async = eventfd(0); + if (aio->efd_async == -1) { + ALG_PERR("%s: Failed to get eventfd : ", __func__); + AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, + AFALG_R_EVENTFD_FAILED); + return 0; + } + if (0 == + ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_afalg_id, + aio->efd_async, custom, + afalg_waitfd_cleanup)) { + ALG_WARN("%s: Failed to set wait fd", __func__); + close(aio->efd_async); + return 0; + } + /* make fd non-blocking in async mode */ + if (fcntl(aio->efd_async, F_SETFL, O_NONBLOCK) != 0) { + ALG_WARN("%s: Failed to set event fd as NONBLOCKING", + __func__); + } + } + /* efd_async is the active fd to be used */ + aio->efd = aio->efd_async; + } else { + /* Sync mode */ + /* efd_sync will be signaled when AIO operation completes */ + aio->efd_sync = eventfd(0); + if (aio->efd_sync == -1) { + ALG_PERR("%s: Failed to get eventfd : ", __func__); + AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, + AFALG_R_EVENTFD_FAILED); + return 0; + } + /* efd_async is the active fd to be used */ + aio->efd = aio->efd_sync; + } + return 1; +} + +int afalg_init_aio(afalg_aio *aio) +{ + int r = -1; + + /* Initialise for AIO */ + aio->aio_ctx = 0; + r = io_setup(MAX_INFLIGHTS, &aio->aio_ctx); + if (r < 0) { + ALG_PERR("%s: io_setup error : ", __func__); + AFALGerr(AFALG_F_AFALG_INIT_AIO, AFALG_R_IO_SETUP_FAILED); + return 0; + } + + memset(aio->cbt, 0, sizeof(aio->cbt)); + aio->efd_sync = -1; + aio->efd_async = -1; + aio->efd = -1; + + return 1; +} + +int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf, + size_t len) +{ + int r; + int retry = 0; + unsigned int done = 0; + struct iocb *cb; + struct timespec timeout; + struct io_event events[MAX_INFLIGHTS]; + u_int64_t eval = 0; + + timeout.tv_sec = 0; + timeout.tv_nsec = 0; + + /* if efd has not been initialised yet do it here */ + if (aio->efd == -1) { + r = afalg_setup_async_event_notification(aio); + if (r == 0) + return 0; + } + + cb = &(aio->cbt[0 % MAX_INFLIGHTS]); + memset(cb, '\0', sizeof(*cb)); + cb->aio_fildes = sfd; + cb->aio_lio_opcode = IOCB_CMD_PREAD; + cb->aio_buf = (unsigned long)buf; + cb->aio_offset = 0; + cb->aio_data = 0; + cb->aio_nbytes = len; + cb->aio_flags = IOCB_FLAG_RESFD; + cb->aio_resfd = aio->efd; + + /* + * Perform AIO read on AFALG socket, this in turn performs an async + * crypto operation in kernel space + */ + r = io_read(aio->aio_ctx, 1, &cb); + if (r < 0) { + ALG_PERR("%s: io_read failed : ", __func__); + return 0; + } + + do { + /* While AIO read is being performed pause job */ + ASYNC_pause_job(); + + /* Check for completion of AIO read */ + r = read(aio->efd, &eval, sizeof(eval)); + if (r < 0) { + if (errno == EAGAIN || errno == EWOULDBLOCK) + continue; + ALG_PERR("%s: read failed for event fd : ", __func__); + return 0; + } else if (r == 0 || eval <= 0) { + ALG_WARN("%s: eventfd read %d bytes, eval = %lu\n", __func__, r, + eval); + } + if (eval > 0) { + + /* Get results of AIO read */ + r = io_getevents(aio->aio_ctx, 1, 1, events, &timeout); + if (r > 0) { + /* + * events.res indicates the actual status of the operation. + * Handle the error condition first. + */ + if (events[0].res < 0) { + /* + * Underlying operation cannot be completed at the time + * of previous submission. Resubmit for the operation. + */ + if (events[0].res == -EBUSY && retry++ < 3) { + r = io_read(aio->aio_ctx, 1, &cb); + if (r < 0) { + ALG_PERR("%s: retry %d for io_read failed : ", + __func__, retry); + return 0; + } + continue; + } else { + /* + * Retries exceed for -EBUSY or unrecoverable error + * condition for this instance of operation. + */ + ALG_WARN + ("%s: Crypto Operation failed with code %lld\n", + __func__, events[0].res); + return 0; + } + } + /* Operation successful. */ + done = 1; + } else if (r < 0) { + ALG_PERR("%s: io_getevents failed : ", __func__); + return 0; + } else { + ALG_WARN("%s: io_geteventd read 0 bytes\n", __func__); + } + } + } while (!done); + + return 1; +} + +static int afalg_create_bind_sk(void) +{ + struct sockaddr_alg sa = { + .salg_family = AF_ALG, + .salg_type = "skcipher", + .salg_name = "cbc(aes)" + }; + + int sfd; + int r = -1; + + /* Create AFALG socket for crypto processing */ + sfd = socket(AF_ALG, SOCK_SEQPACKET, 0); + if (sfd == -1) { + ALG_PERR("%s: Failed to open socket : ", __func__); + AFALGerr(AFALG_F_AFALG_CREATE_BIND_SK, AFALG_R_SOCKET_CREATE_FAILED); + goto err; + } + + /* Set cipher algorithm for aes-cbc */ + r = bind(sfd, (struct sockaddr *)&sa, sizeof(sa)); + if (r < 0) { + ALG_PERR("%s: Failed to bind socket : ", __func__); + AFALGerr(AFALG_F_AFALG_CREATE_BIND_SK, AFALG_R_SOCKET_BIND_FAILED); + goto err; + } + + return sfd; + + err: + if (sfd >= 0) + close(sfd); + return r; +} + +static inline void afalg_set_op_sk(struct cmsghdr *cmsg, + const unsigned int op) +{ + cmsg->cmsg_level = SOL_ALG; + cmsg->cmsg_type = ALG_SET_OP; + cmsg->cmsg_len = CMSG_LEN(ALG_OP_LEN); + *CMSG_DATA(cmsg) = (char)op; +} + +static void afalg_set_iv_sk(struct cmsghdr *cmsg, const unsigned char *iv, + const unsigned int len) +{ + struct af_alg_iv *aiv; + + cmsg->cmsg_level = SOL_ALG; + cmsg->cmsg_type = ALG_SET_IV; + cmsg->cmsg_len = CMSG_LEN(ALG_IV_LEN(len)); + aiv = (struct af_alg_iv *)CMSG_DATA(cmsg); + aiv->ivlen = len; + memcpy(aiv->iv, iv, len); +} + +static void afalg_socket(afalg_ctx *actx, const unsigned char *key, + const int klen) +{ + int ret; + + actx->bfd = actx->sfd = -1; + + actx->bfd = afalg_create_bind_sk(); + if (actx->bfd < 0) { + return; + } + + /* + * Send cipher key to the kernel in preparation for future crypto + * requests + */ + ret = setsockopt(actx->bfd, SOL_ALG, ALG_SET_KEY, key, klen); + if (ret < 0) { + ALG_PERR("%s: Failed to set socket option : ", __func__); + AFALGerr(AFALG_F_AFALG_SOCKET, AFALG_R_SOCKET_SET_KEY_FAILED); + goto err; + } + + /* Get fd to perform future aes-cbc operations with given key */ + actx->sfd = accept(actx->bfd, NULL, 0); + if (actx->sfd < 0) { + ALG_PERR("%s: Socket Accept Failed : ", __func__); + AFALGerr(AFALG_F_AFALG_SOCKET, AFALG_R_SOCKET_BIND_FAILED); + goto err; + } + + return; + + err: + if (actx->bfd >= 0) + close(actx->bfd); + if (actx->sfd >= 0) + close(actx->sfd); + actx->bfd = actx->sfd = -1; + return; +} + +static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in, + size_t inl, const unsigned char *iv, + unsigned int enc) +{ + struct msghdr msg = { 0 }; + struct cmsghdr *cmsg; + struct iovec iov; + ssize_t sbytes; +# ifdef ALG_ZERO_COPY + int ret; +# endif + + const ssize_t cbuf_sz = CMSG_SPACE(ALG_IV_LEN(ALG_AES_IV_LEN)) + + CMSG_SPACE(ALG_OP_LEN); + char cbuf[cbuf_sz]; + + memset(cbuf, 0, cbuf_sz); + msg.msg_control = cbuf; + msg.msg_controllen = cbuf_sz; + + /* + * cipher direction (i.e. encrypt or decrypt) and iv are sent to the + * kernel as part of sendmsg()'s ancillary data + */ + cmsg = CMSG_FIRSTHDR(&msg); + afalg_set_op_sk(cmsg, enc); + cmsg = CMSG_NXTHDR(&msg, cmsg); + afalg_set_iv_sk(cmsg, iv, ALG_AES_IV_LEN); + + /* iov that describes input data */ + iov.iov_base = (unsigned char *)in; + iov.iov_len = inl; + + msg.msg_flags = MSG_MORE; + +# ifdef ALG_ZERO_COPY + /* + * ZERO_COPY mode + * Works best when buffer is 4k aligned + * OPENS: out of place processing (i.e. out != in) + */ + + /* Input data is not sent as part of call to sendmsg() */ + msg.msg_iovlen = 0; + msg.msg_iov = NULL; + + /* Sendmsg() sends iv and cipher direction to the kernel */ + sbytes = sendmsg(actx->sfd, &msg, 0); + if (sbytes < 0) { + ALG_PERR("%s: sendmsg failed for zero copy cipher operation : ", + __func__); + return 0; + } + + /* + * vmsplice and splice are used to pin the user space input buffer for + * kernel space processing avoiding copys from user to kernel space + */ + ret = vmsplice(actx->zc_pipe[1], &iov, 1, SPLICE_F_GIFT); + if (ret < 0) { + ALG_PERR("%s: vmsplice failed : ", __func__); + return 0; + } + + ret = splice(actx->zc_pipe[0], NULL, actx->sfd, NULL, inl, 0); + if (ret < 0) { + ALG_PERR("%s: splice failed : ", __func__); + return 0; + } +# else + msg.msg_iovlen = 1; + msg.msg_iov = &iov; + + /* Sendmsg() sends iv, cipher direction and input data to the kernel */ + sbytes = sendmsg(actx->sfd, &msg, 0); + if (sbytes < 0) { + ALG_PERR("%s: sendmsg failed for cipher operation : ", __func__); + return 0; + } + + if (sbytes != (ssize_t) inl) { + ALG_ERR("Cipher operation send bytes %zd != inlen %zd\n", sbytes, + inl); + return 0; + } +# endif + + return 1; +} + +static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + int ciphertype; + afalg_ctx *actx; + + if (ctx == NULL || key == NULL) { + ALG_WARN("%s: Null Parameter\n", __func__); + return 0; + } + + if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { + ALG_WARN("%s: Cipher object NULL\n", __func__); + return 0; + } + + actx = EVP_CIPHER_CTX_cipher_data(ctx); + if (actx == NULL) { + ALG_WARN("%s: Cipher data NULL\n", __func__); + return 0; + } + + ciphertype = EVP_CIPHER_CTX_nid(ctx); + switch (ciphertype) { + case NID_aes_128_cbc: + break; + default: + ALG_WARN("%s: Unsupported Cipher type %d\n", __func__, ciphertype); + return 0; + } + + if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) { + ALG_ERR("%s: Unsupported IV length :%d\n", __func__, + EVP_CIPHER_CTX_iv_length(ctx)); + return 0; + } + + /* Setup AFALG socket for crypto processing */ + afalg_socket(actx, key, EVP_CIPHER_CTX_key_length(ctx)); + if (actx->sfd < 0) { + return 0; + } + + /* Setup AIO ctx to allow async AFALG crypto processing */ + if (afalg_init_aio(&actx->aio) == 0) { + close(actx->sfd); + close(actx->bfd); + return 0; + } +# ifdef ALG_ZERO_COPY + pipe(actx->zc_pipe); +# endif + + actx->init_done = MAGIC_INIT_NUM; + + return 1; +} + +static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + afalg_ctx *actx; + int ret; + char nxtiv[ALG_AES_IV_LEN] = { 0 }; + + if (ctx == NULL || out == NULL || in == NULL) { + ALG_WARN("NULL parameter passed to function %s\n", __func__); + return 0; + } + + actx = (afalg_ctx *) EVP_CIPHER_CTX_cipher_data(ctx); + if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) { + ALG_WARN("%s afalg ctx passed\n", + ctx == NULL ? "NULL" : "Uninitialised"); + return 0; + } + + /* + * set iv now for decrypt operation as the input buffer can be + * overwritten for inplace operation where in = out. + */ + if (EVP_CIPHER_CTX_encrypting(ctx) == 0) { + memcpy(nxtiv, in + (inl - ALG_AES_IV_LEN), ALG_AES_IV_LEN); + } + + /* Send input data to kernel space */ + ret = afalg_start_cipher_sk(actx, (unsigned char *)in, inl, + EVP_CIPHER_CTX_iv(ctx), + EVP_CIPHER_CTX_encrypting(ctx)); + if (ret < 1) { + return 0; + } + + /* Perform async crypto operation in kernel space */ + ret = afalg_fin_cipher_aio(&actx->aio, actx->sfd, out, inl); + if (ret < 1) { + ALG_WARN("%s: Socket cipher operation failed\n", __func__); + return 0; + } + + if (EVP_CIPHER_CTX_encrypting(ctx)) { + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), out + (inl - ALG_AES_IV_LEN), + ALG_AES_IV_LEN); + } else { + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), nxtiv, ALG_AES_IV_LEN); + } + + return 1; +} + +static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx) +{ + afalg_ctx *actx; + + if (ctx == NULL) { + ALG_WARN("NULL parameter passed to function %s\n", __func__); + return 0; + } + + actx = (afalg_ctx *) EVP_CIPHER_CTX_cipher_data(ctx); + if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) { + ALG_WARN("%s afalg ctx passed\n", + ctx == NULL ? "NULL" : "Uninitialised"); + return 0; + } + + close(actx->sfd); + close(actx->bfd); +# ifdef ALG_ZERO_COPY + close(actx->zc_pipe[0]); + close(actx->zc_pipe[1]); +# endif + /* close sync mode efd, async mode is closed in afalg_waitfd_cleanup() */ + if (actx->aio.efd_sync >= 0) + close(actx->aio.efd_sync); + io_destroy(actx->aio.aio_ctx); + + return 1; +} + +const EVP_CIPHER *afalg_aes_128_cbc(void) +{ + if (_hidden_aes_128_cbc == NULL + && ((_hidden_aes_128_cbc = + EVP_CIPHER_meth_new(NID_aes_128_cbc, + AES_BLOCK_SIZE, + AES_KEY_SIZE_128)) == NULL + || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc, AES_IV_LEN) + || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, + EVP_CIPH_CBC_MODE | + EVP_CIPH_FLAG_DEFAULT_ASN1) + || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, + afalg_cipher_init) + || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, + afalg_do_cipher) + || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc, + afalg_cipher_cleanup) + || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc, + sizeof(afalg_ctx)))) { + EVP_CIPHER_meth_free(_hidden_aes_128_cbc); + _hidden_aes_128_cbc = NULL; + } + return _hidden_aes_128_cbc; +} + +static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + const int **nids, int nid) +{ + int r = 1; + + if (cipher == NULL) { + *nids = afalg_cipher_nids; + return (sizeof(afalg_cipher_nids) / sizeof(afalg_cipher_nids[0])); + } + + switch (nid) { + case NID_aes_128_cbc: + *cipher = afalg_aes_128_cbc(); + break; + default: + *cipher = NULL; + r = 0; + } + + return r; +} + +static int bind_afalg(ENGINE *e) +{ + /* Ensure the afalg error handling is set up */ + ERR_load_AFALG_strings(); + + if (!ENGINE_set_id(e, engine_afalg_id) + || !ENGINE_set_name(e, engine_afalg_name) + || !ENGINE_set_destroy_function(e, afalg_destroy) + || !ENGINE_set_init_function(e, afalg_init) + || !ENGINE_set_finish_function(e, afalg_finish)) { + AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED); + return 0; + } + + if (!ENGINE_set_ciphers(e, afalg_ciphers)) { + AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED); + return 0; + } + + return 1; +} + +# ifndef OPENSSL_NO_DYNAMIC_ENGINE +static int bind_helper(ENGINE *e, const char *id) +{ + if (id && (strcmp(id, engine_afalg_id) != 0)) + return 0; + + if (!afalg_chk_platform()) + return 0; + + if (!bind_afalg(e)) + return 0; + return 1; +} + +IMPLEMENT_DYNAMIC_CHECK_FN() + IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) +# endif +static int afalg_chk_platform(void) +{ + int ret; + int i; + int kver[3] = { -1, -1, -1 }; + char *str; + struct utsname ut; + + ret = uname(&ut); + if (ret != 0) { + ALG_ERR("%s: Failed to get system information\n", __func__); + return 0; + } + + str = strtok(ut.release, "."); + for (i = 0; i < 3 && str != NULL; i++) { + kver[i] = atoi(str); + str = strtok(NULL, "."); + } + + if (KERNEL_VERSION(kver[0], kver[1], kver[2]) + < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2)) { + ALG_WARN("ASYNC AFALG not supported this kernel(%d.%d.%d)\n", + kver[0], kver[1], kver[2]); + ALG_WARN("ASYNC AFALG requires kernel version %d.%d.%d or later\n", + K_MAJ, K_MIN1, K_MIN2); + AFALGerr(AFALG_F_AFALG_CHK_PLATFORM, + AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG); + return 0; + } + + return 1; +} + +# ifdef OPENSSL_NO_DYNAMIC_ENGINE +static ENGINE *engine_afalg(void) +{ + ENGINE *ret = ENGINE_new(); + if (ret == NULL) + return NULL; + if (!bind_afalg(ret)) { + ENGINE_free(ret); + return NULL; + } + return ret; +} + +static void ENGINE_load_afalg(void) +{ + ENGINE *toadd; + + if (!afalg_chk_platform()) + return; + + toadd = engine_afalg(); + if (toadd == NULL) + return; + ENGINE_add(toadd); + ENGINE_free(toadd); + ERR_clear_error(); +} +# endif + +static int afalg_init(ENGINE *e) +{ + return 1; +} + +static int afalg_finish(ENGINE *e) +{ + return 1; +} + +static int afalg_destroy(ENGINE *e) +{ + ERR_unload_AFALG_strings(); + return 1; +} + +#endif /* KERNEL VERSION */ diff --git a/engines/afalg/e_afalg.ec b/engines/afalg/e_afalg.ec new file mode 100644 index 0000000000..2d14d6597d --- /dev/null +++ b/engines/afalg/e_afalg.ec @@ -0,0 +1 @@ +L AFALG e_afalg_err.h e_afalg_err.c diff --git a/engines/afalg/e_afalg.h b/engines/afalg/e_afalg.h new file mode 100644 index 0000000000..6c92485f3f --- /dev/null +++ b/engines/afalg/e_afalg.h @@ -0,0 +1,111 @@ +/* ==================================================================== + * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef _E_AFALG_H_ +# define _E_AFALG_H_ + +# ifdef ALG_DEBUG +# define ALG_DGB(x, ...) fprintf(stderr, "ALG_DBG: " x, __VA_ARGS__) +# define ALG_INFO(x, ...) fprintf(stderr, "ALG_INFO: " x, __VA_ARGS__) +# define ALG_WARN(x, ...) fprintf(stderr, "ALG_WARN: " x, __VA_ARGS__) +# else +# define ALG_DGB(x, ...) +# define ALG_INFO(x, ...) +# define ALG_WARN(x, ...) +# endif + +# define ALG_ERR(x, ...) fprintf(stderr, "ALG_ERR: " x, __VA_ARGS__) +# define ALG_PERR(x, ...) \ + do { \ + fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \ + perror(NULL); \ + } while(0) + +# ifndef AES_BLOCK_SIZE +# define AES_BLOCK_SIZE 16 +# endif +# define AES_KEY_SIZE_128 16 +# define AES_IV_LEN 16 + +# define MAX_INFLIGHTS 1 + +struct afalg_aio_st { + int efd_sync; /* event fd when sync mode is used */ + int efd_async; /* event fd when async mode is used */ + int efd; /* event fd that is currently in use equal + to either efd_sync or efd_async */ + aio_context_t aio_ctx; + struct io_event events[MAX_INFLIGHTS]; + struct iocb cbt[MAX_INFLIGHTS]; +}; +typedef struct afalg_aio_st afalg_aio; + +/* + * MAGIC Number to identify correct initialisation + * of afalg_ctx. + */ +# define MAGIC_INIT_NUM 0x1890671 + +struct afalg_ctx_st { + int init_done; + int sfd; + int bfd; +# ifdef ALG_ZERO_COPY + int zc_pipe[2]; +# endif + afalg_aio aio; +}; + +typedef struct afalg_ctx_st afalg_ctx; +#endif diff --git a/engines/afalg/e_afalg_err.c b/engines/afalg/e_afalg_err.c new file mode 100644 index 0000000000..3324701570 --- /dev/null +++ b/engines/afalg/e_afalg_err.c @@ -0,0 +1,151 @@ +/* ==================================================================== + * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* + * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include "e_afalg_err.h" + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +# define ERR_FUNC(func) ERR_PACK(0,func,0) +# define ERR_REASON(reason) ERR_PACK(0,0,reason) + +static ERR_STRING_DATA AFALG_str_functs[] = { + {ERR_FUNC(AFALG_F_AFALG_CHK_PLATFORM), "afalg_chk_platform"}, + {ERR_FUNC(AFALG_F_AFALG_CREATE_BIND_SK), "afalg_create_bind_sk"}, + {ERR_FUNC(AFALG_F_AFALG_CREATE_BIND_SOCKET), "afalg_create_bind_sk"}, + {ERR_FUNC(AFALG_F_AFALG_INIT_AIO), "afalg_init_aio"}, + {ERR_FUNC(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION), + "afalg_setup_async_event_notification"}, + {ERR_FUNC(AFALG_F_AFALG_SOCKET), "afalg_socket"}, + {ERR_FUNC(AFALG_F_AFALG_START_CIPHER_SK), "afalg_start_cipher_sk"}, + {ERR_FUNC(AFALG_F_BIND_AFALG), "bind_afalg"}, + {0, NULL} +}; + +static ERR_STRING_DATA AFALG_str_reasons[] = { + {ERR_REASON(AFALG_R_EVENTFD_FAILED), "eventfd failed"}, + {ERR_REASON(AFALG_R_INIT_FAILED), "init failed"}, + {ERR_REASON(AFALG_R_IO_SETUP_FAILED), "io setup failed"}, + {ERR_REASON(AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG), + "kernel does not support afalg"}, + {ERR_REASON(AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG), + "kernel does not support async afalg"}, + {ERR_REASON(AFALG_R_MEM_ALLOC_FAILED), "mem alloc failed"}, + {ERR_REASON(AFALG_R_SOCKET_BIND_FAILED), "socket bind failed"}, + {ERR_REASON(AFALG_R_SOCKET_CREATE_FAILED), "socket create failed"}, + {ERR_REASON(AFALG_R_SOCKET_OPERATION_FAILED), "socket operation failed"}, + {ERR_REASON(AFALG_R_SOCKET_SET_KEY_FAILED), "socket set key failed"}, + {0, NULL} +}; + +#endif + +#ifdef AFALG_LIB_NAME +static ERR_STRING_DATA AFALG_lib_name[] = { + {0, AFALG_LIB_NAME}, + {0, NULL} +}; +#endif + +static int AFALG_lib_error_code = 0; +static int AFALG_error_init = 1; + +void ERR_load_AFALG_strings(void) +{ + if (AFALG_lib_error_code == 0) + AFALG_lib_error_code = ERR_get_next_error_library(); + + if (AFALG_error_init) { + AFALG_error_init = 0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(AFALG_lib_error_code, AFALG_str_functs); + ERR_load_strings(AFALG_lib_error_code, AFALG_str_reasons); +#endif + +#ifdef AFALG_LIB_NAME + AFALG_lib_name->error = ERR_PACK(AFALG_lib_error_code, 0, 0); + ERR_load_strings(0, AFALG_lib_name); +#endif + } +} + +void ERR_unload_AFALG_strings(void) +{ + if (AFALG_error_init == 0) { +#ifndef OPENSSL_NO_ERR + ERR_unload_strings(AFALG_lib_error_code, AFALG_str_functs); + ERR_unload_strings(AFALG_lib_error_code, AFALG_str_reasons); +#endif + +#ifdef AFALG_LIB_NAME + ERR_unload_strings(0, AFALG_lib_name); +#endif + AFALG_error_init = 1; + } +} + +void ERR_AFALG_error(int function, int reason, char *file, int line) +{ + if (AFALG_lib_error_code == 0) + AFALG_lib_error_code = ERR_get_next_error_library(); + ERR_PUT_error(AFALG_lib_error_code, function, reason, file, line); +} diff --git a/engines/afalg/e_afalg_err.h b/engines/afalg/e_afalg_err.h new file mode 100644 index 0000000000..e6a654c74b --- /dev/null +++ b/engines/afalg/e_afalg_err.h @@ -0,0 +1,99 @@ +/* ==================================================================== + * Copyright (c) 2001-2016 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_AFALG_ERR_H +# define HEADER_AFALG_ERR_H + +# ifdef __cplusplus +extern "C" { +# endif + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_AFALG_strings(void); +void ERR_unload_AFALG_strings(void); +void ERR_AFALG_error(int function, int reason, char *file, int line); +# define AFALGerr(f,r) ERR_AFALG_error((f),(r),__FILE__,__LINE__) + +/* Error codes for the AFALG functions. */ + +/* Function codes. */ +# define AFALG_F_AFALG_CHK_PLATFORM 100 +# define AFALG_F_AFALG_CREATE_BIND_SK 106 +# define AFALG_F_AFALG_CREATE_BIND_SOCKET 105 +# define AFALG_F_AFALG_INIT_AIO 101 +# define AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION 107 +# define AFALG_F_AFALG_SOCKET 102 +# define AFALG_F_AFALG_START_CIPHER_SK 103 +# define AFALG_F_BIND_AFALG 104 + +/* Reason codes. */ +# define AFALG_R_EVENTFD_FAILED 108 +# define AFALG_R_INIT_FAILED 100 +# define AFALG_R_IO_SETUP_FAILED 105 +# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG 101 +# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG 107 +# define AFALG_R_MEM_ALLOC_FAILED 102 +# define AFALG_R_SOCKET_BIND_FAILED 103 +# define AFALG_R_SOCKET_CREATE_FAILED 109 +# define AFALG_R_SOCKET_OPERATION_FAILED 104 +# define AFALG_R_SOCKET_SET_KEY_FAILED 106 + +#ifdef __cplusplus +} +#endif +#endif -- GitLab