The branch master has been updated
via f7c5b12034f1971f30a4a73fbf3e04f0b0c0766f (commit)
via 41bffb9da082e49378ef0c027beac75399315bb9 (commit)
via 91958d71aaea98854a9709a8489263c79a01addd (commit)
via 84effd3d16b8e8d86a4829c6a80767f59e4bc3af (commit)
from 84712024da5e5485e8397afc763555355bddf960 (commit)
- Log -----------------------------------------------------------------
commit f7c5b12034f1971f30a4a73fbf3e04f0b0c0766f
Author: Eneas U de Queiroz <cote2004-git...@yahoo.com>
Date: Thu Feb 21 14:16:12 2019 -0300
engines/e_devcrypto: set digest input_blocksize
This restores the behavior of previous versions of the /dev/crypto
engine, in alignment with the default implementation.
Reported-by: Gerard Looije <lgloo...@hotmail.com>
Signed-off-by: Eneas U de Queiroz <cote2004-git...@yahoo.com>
Reviewed-by: Paul Dale <paul.d...@oracle.com>
Reviewed-by: Richard Levitte <levi...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8213)
commit 41bffb9da082e49378ef0c027beac75399315bb9
Author: Eneas U de Queiroz <cote2004-git...@yahoo.com>
Date: Fri Feb 15 15:51:59 2019 -0200
engines/e_devcrypto: fixes logic in close_devcrypto
Call close(cfd) before setting cfd = -1.
Signed-off-by: Eneas U de Queiroz <cote2004-git...@yahoo.com>
Reviewed-by: Paul Dale <paul.d...@oracle.com>
Reviewed-by: Richard Levitte <levi...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8213)
commit 91958d71aaea98854a9709a8489263c79a01addd
Author: Eneas U de Queiroz <cote2004-git...@yahoo.com>
Date: Tue Feb 12 16:53:15 2019 -0200
engines/e_devcrypto.c: fix cipher_ctrl function
This fixes commit c703a80, which had a mistake in cipher_ctrl function.
Move the /dev/crypto session cleanup code to its own function.
Signed-off-by: Eneas U de Queiroz <cote2004-git...@yahoo.com>
Reviewed-by: Paul Dale <paul.d...@oracle.com>
Reviewed-by: Richard Levitte <levi...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8213)
commit 84effd3d16b8e8d86a4829c6a80767f59e4bc3af
Author: Eneas U de Queiroz <cote2004-git...@yahoo.com>
Date: Tue Feb 12 18:02:51 2019 -0200
engines/build.info: fix devcrypto MODULES entry
The devcrypto MODULES line was missing the "engine" attribute.
Signed-off-by: Eneas U de Queiroz <cote2004-git...@yahoo.com>
Reviewed-by: Paul Dale <paul.d...@oracle.com>
Reviewed-by: Richard Levitte <levi...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8213)
-----------------------------------------------------------------------
Summary of changes:
engines/build.info | 2 +-
engines/e_devcrypto.c | 81 +++++++++++++++++++++++++++++----------------------
2 files changed, 47 insertions(+), 36 deletions(-)
diff --git a/engines/build.info b/engines/build.info
index e493ced..cf00a97 100644
--- a/engines/build.info
+++ b/engines/build.info
@@ -43,7 +43,7 @@ IF[{- !$disabled{"engine"} -}]
ENDIF
ENDIF
IF[{- !$disabled{"devcryptoeng"} -}]
- MODULES=devcrypto
+ MODULES{engine}=devcrypto
SOURCE[devcrypto]=e_devcrypto.c
DEPEND[devcrypto]=../libcrypto
INCLUDE[devcrypto]=../include
diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
index 77f0e48..c0b0d1e 100644
--- a/engines/e_devcrypto.c
+++ b/engines/e_devcrypto.c
@@ -70,6 +70,15 @@ struct driver_info_st {
void engine_load_devcrypto_int(void);
#endif
+static int clean_devcrypto_session(struct session_op *sess) {
+ if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) {
+ SYSerr(SYS_F_IOCTL, errno);
+ return 0;
+ }
+ memset(sess, 0, sizeof(struct session_op));
+ return 1;
+}
+
/******************************************************************************
*
* Ciphers
@@ -186,12 +195,11 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const
unsigned char *key,
(struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
const struct cipher_data_st *cipher_d =
get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
- int sess = cipher_ctx->sess.ses;
- /* close a previous open session */
+ /* cleanup a previous session */
if (cipher_ctx->sess.ses != 0 &&
- ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) <0)
- SYSerr(SYS_F_IOCTL, errno);
+ clean_devcrypto_session(&cipher_ctx->sess) == 0)
+ return 0;
cipher_ctx->sess.cipher = cipher_d->devcryptoid;
cipher_ctx->sess.keylen = cipher_d->keylen;
@@ -331,22 +339,29 @@ static int ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned
char *out,
static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2)
{
+ struct cipher_ctx *cipher_ctx =
+ (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2;
- struct cipher_ctx *cipher_ctx;
+ struct cipher_ctx *to_cipher_ctx;
- if (type == EVP_CTRL_COPY || type == EVP_CTRL_INIT) {
- cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+ switch (type) {
- if (cipher_ctx == NULL) /* OK for copy, error for init */
- return (type == EVP_CTRL_COPY);
+ case EVP_CTRL_COPY:
+ if (cipher_ctx == NULL)
+ return 1;
+ /* when copying the context, a new session needs to be initialized */
+ to_cipher_ctx =
+ (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(to_ctx);
+ memset(&to_cipher_ctx->sess, 0, sizeof(to_cipher_ctx->sess));
+ return cipher_init(to_ctx, cipher_ctx->sess.key,
EVP_CIPHER_CTX_iv(ctx),
+ (cipher_ctx->op == COP_ENCRYPT));
- /* both COPY & INIT need a clean context */
+ case EVP_CTRL_INIT:
memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
+ return 1;
- /* when copying the context, a new session needs to be open as well */
- return (type == EVP_CTRL_INIT)
- || cipher_init(to_ctx, cipher_ctx->sess.key,
EVP_CIPHER_CTX_iv(ctx),
- (cipher_ctx->op == COP_ENCRYPT));
+ default:
+ break;
}
return -1;
@@ -357,13 +372,7 @@ static int cipher_cleanup(EVP_CIPHER_CTX *ctx)
struct cipher_ctx *cipher_ctx =
(struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
- if (ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) < 0) {
- SYSerr(SYS_F_IOCTL, errno);
- return 0;
- }
- memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
-
- return 1;
+ return clean_devcrypto_session(&cipher_ctx->sess);
}
/*
@@ -620,29 +629,30 @@ struct digest_ctx {
static const struct digest_data_st {
int nid;
+ int blocksize;
int digestlen;
int devcryptoid;
} digest_data[] = {
#ifndef OPENSSL_NO_MD5
- { NID_md5, 16, CRYPTO_MD5 },
+ { NID_md5, /* MD5_CBLOCK */ 64, 16, CRYPTO_MD5 },
#endif
- { NID_sha1, 20, CRYPTO_SHA1 },
+ { NID_sha1, SHA_CBLOCK, 20, CRYPTO_SHA1 },
#ifndef OPENSSL_NO_RMD160
# if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_RIPEMD160)
- { NID_ripemd160, 20, CRYPTO_RIPEMD160 },
+ { NID_ripemd160, /* RIPEMD160_CBLOCK */ 64, 20, CRYPTO_RIPEMD160 },
# endif
#endif
#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_224)
- { NID_sha224, 224 / 8, CRYPTO_SHA2_224 },
+ { NID_sha224, SHA256_CBLOCK, 224 / 8, CRYPTO_SHA2_224 },
#endif
#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_256)
- { NID_sha256, 256 / 8, CRYPTO_SHA2_256 },
+ { NID_sha256, SHA256_CBLOCK, 256 / 8, CRYPTO_SHA2_256 },
#endif
#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_384)
- { NID_sha384, 384 / 8, CRYPTO_SHA2_384 },
+ { NID_sha384, SHA512_CBLOCK, 384 / 8, CRYPTO_SHA2_384 },
#endif
#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_512)
- { NID_sha512, 512 / 8, CRYPTO_SHA2_512 },
+ { NID_sha512, SHA512_CBLOCK, 512 / 8, CRYPTO_SHA2_512 },
#endif
};
@@ -697,7 +707,6 @@ static int digest_init(EVP_MD_CTX *ctx)
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
-
return 1;
}
@@ -788,11 +797,8 @@ static int digest_cleanup(EVP_MD_CTX *ctx)
if (digest_ctx == NULL)
return 1;
- if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
- SYSerr(SYS_F_IOCTL, errno);
- return 0;
- }
- return 1;
+
+ return clean_devcrypto_session(&digest_ctx->sess);
}
/*
@@ -890,6 +896,8 @@ static void prepare_digest_methods(void)
}
if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
NID_undef)) == NULL
+ || !EVP_MD_meth_set_input_blocksize(known_digest_methods[i],
+ digest_data[i].blocksize)
|| !EVP_MD_meth_set_result_size(known_digest_methods[i],
digest_data[i].digestlen)
|| !EVP_MD_meth_set_init(known_digest_methods[i], digest_init)
@@ -1177,10 +1185,13 @@ static int open_devcrypto(void)
static int close_devcrypto(void)
{
+ int ret;
+
if (cfd < 0)
return 1;
+ ret = close(cfd);
cfd = -1;
- if (close(cfd) == 0) {
+ if (ret != 0) {
fprintf(stderr, "Error closing /dev/crypto: %s\n", strerror(errno));
return 0;
}
