提交 d441e6d8 编写于 作者: D Dr. Stephen Henson

PR: 2735

Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.
上级 228a8599
...@@ -79,8 +79,6 @@ struct dev_crypto_state { ...@@ -79,8 +79,6 @@ struct dev_crypto_state {
unsigned char digest_res[HASH_MAX_LEN]; unsigned char digest_res[HASH_MAX_LEN];
char *mac_data; char *mac_data;
int mac_len; int mac_len;
int copy;
#endif #endif
}; };
...@@ -200,6 +198,7 @@ get_dev_crypto(void) ...@@ -200,6 +198,7 @@ get_dev_crypto(void)
if ((fd = open_dev_crypto()) == -1) if ((fd = open_dev_crypto()) == -1)
return (-1); return (-1);
#ifndef CRIOGET_NOT_NEEDED
if (ioctl(fd, CRIOGET, &retfd) == -1) if (ioctl(fd, CRIOGET, &retfd) == -1)
return (-1); return (-1);
...@@ -208,9 +207,19 @@ get_dev_crypto(void) ...@@ -208,9 +207,19 @@ get_dev_crypto(void)
close(retfd); close(retfd);
return (-1); return (-1);
} }
#else
retfd = fd;
#endif
return (retfd); return (retfd);
} }
static void put_dev_crypto(int fd)
{
#ifndef CRIOGET_NOT_NEEDED
close(fd);
#endif
}
/* Caching version for asym operations */ /* Caching version for asym operations */
static int static int
get_asym_dev_crypto(void) get_asym_dev_crypto(void)
...@@ -252,7 +261,7 @@ get_cryptodev_ciphers(const int **cnids) ...@@ -252,7 +261,7 @@ get_cryptodev_ciphers(const int **cnids)
ioctl(fd, CIOCFSESSION, &sess.ses) != -1) ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
nids[count++] = ciphers[i].nid; nids[count++] = ciphers[i].nid;
} }
close(fd); put_dev_crypto(fd);
if (count > 0) if (count > 0)
*cnids = nids; *cnids = nids;
...@@ -291,7 +300,7 @@ get_cryptodev_digests(const int **cnids) ...@@ -291,7 +300,7 @@ get_cryptodev_digests(const int **cnids)
ioctl(fd, CIOCFSESSION, &sess.ses) != -1) ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
nids[count++] = digests[i].nid; nids[count++] = digests[i].nid;
} }
close(fd); put_dev_crypto(fd);
if (count > 0) if (count > 0)
*cnids = nids; *cnids = nids;
...@@ -436,7 +445,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ...@@ -436,7 +445,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
sess->cipher = cipher; sess->cipher = cipher;
if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
close(state->d_fd); put_dev_crypto(state->d_fd);
state->d_fd = -1; state->d_fd = -1;
return (0); return (0);
} }
...@@ -473,7 +482,7 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) ...@@ -473,7 +482,7 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
} else { } else {
ret = 1; ret = 1;
} }
close(state->d_fd); put_dev_crypto(state->d_fd);
state->d_fd = -1; state->d_fd = -1;
return (ret); return (ret);
...@@ -686,7 +695,7 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) ...@@ -686,7 +695,7 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
sess->mac = digest; sess->mac = digest;
if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
close(state->d_fd); put_dev_crypto(state->d_fd);
state->d_fd = -1; state->d_fd = -1;
printf("cryptodev_digest_init: Open session failed\n"); printf("cryptodev_digest_init: Open session failed\n");
return (0); return (0);
...@@ -758,14 +767,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) ...@@ -758,14 +767,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) { if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
/* if application doesn't support one buffer */ /* if application doesn't support one buffer */
memset(&cryp, 0, sizeof(cryp)); memset(&cryp, 0, sizeof(cryp));
cryp.ses = sess->ses; cryp.ses = sess->ses;
cryp.flags = 0; cryp.flags = 0;
cryp.len = state->mac_len; cryp.len = state->mac_len;
cryp.src = state->mac_data; cryp.src = state->mac_data;
cryp.dst = NULL; cryp.dst = NULL;
cryp.mac = (caddr_t)md; cryp.mac = (caddr_t)md;
if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
printf("cryptodev_digest_final: digest failed\n"); printf("cryptodev_digest_final: digest failed\n");
return (0); return (0);
...@@ -786,6 +793,9 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) ...@@ -786,6 +793,9 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
struct dev_crypto_state *state = ctx->md_data; struct dev_crypto_state *state = ctx->md_data;
struct session_op *sess = &state->d_sess; struct session_op *sess = &state->d_sess;
if (state == NULL)
return 0;
if (state->d_fd < 0) { if (state->d_fd < 0) {
printf("cryptodev_digest_cleanup: illegal input\n"); printf("cryptodev_digest_cleanup: illegal input\n");
return (0); return (0);
...@@ -797,16 +807,13 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) ...@@ -797,16 +807,13 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
state->mac_len = 0; state->mac_len = 0;
} }
if (state->copy)
return 1;
if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
printf("cryptodev_digest_cleanup: failed to close session\n"); printf("cryptodev_digest_cleanup: failed to close session\n");
ret = 0; ret = 0;
} else { } else {
ret = 1; ret = 1;
} }
close(state->d_fd); put_dev_crypto(state->d_fd);
state->d_fd = -1; state->d_fd = -1;
return (ret); return (ret);
...@@ -816,15 +823,39 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) ...@@ -816,15 +823,39 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
{ {
struct dev_crypto_state *fstate = from->md_data; struct dev_crypto_state *fstate = from->md_data;
struct dev_crypto_state *dstate = to->md_data; struct dev_crypto_state *dstate = to->md_data;
struct session_op *sess;
int digest;
memcpy(dstate, fstate, sizeof(struct dev_crypto_state)); if (dstate == NULL || fstate == NULL)
return 1;
if (fstate->mac_len != 0) { memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len); sess = &dstate->d_sess;
digest = digest_nid_to_cryptodev(to->digest->type);
sess->mackey = dstate->dummy_mac_key;
sess->mackeylen = digest_key_length(to->digest->type);
sess->mac = digest;
dstate->d_fd = get_dev_crypto();
if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
put_dev_crypto(dstate->d_fd);
dstate->d_fd = -1;
printf("cryptodev_digest_init: Open session failed\n");
return (0);
} }
dstate->copy = 1; if (fstate->mac_len != 0) {
if (fstate->mac_data != NULL)
{
dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
dstate->mac_len = fstate->mac_len;
}
}
return 1; return 1;
} }
...@@ -1347,11 +1378,11 @@ ENGINE_load_cryptodev(void) ...@@ -1347,11 +1378,11 @@ ENGINE_load_cryptodev(void)
* find out what asymmetric crypto algorithms we support * find out what asymmetric crypto algorithms we support
*/ */
if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
close(fd); put_dev_crypto(fd);
ENGINE_free(engine); ENGINE_free(engine);
return; return;
} }
close(fd); put_dev_crypto(fd);
if (!ENGINE_set_id(engine, "cryptodev") || if (!ENGINE_set_id(engine, "cryptodev") ||
!ENGINE_set_name(engine, "BSD cryptodev engine") || !ENGINE_set_name(engine, "BSD cryptodev engine") ||
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册