Commit graph

23 commits

Author SHA1 Message Date
Eneas U de Queiroz
047463833e e_devcrypto: set digest input_blocksize
This restores the behavior of previous versions of the /dev/crypto
engine, in alignment with the default implementation.

Reported-by: Gerard Looije <lglooije@hotmail.com>
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8306)
2019-02-26 13:38:53 +00:00
Eneas U de Queiroz
02f84c3e4a eng_devcrypto: close open session on init
cipher_init may be called on an already initialized context, without a
necessary cleanup.  This separates cleanup from initialization, closing
an eventual open session before creating a new one.

Move the /dev/crypto session cleanup code to its own function.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8306)
2019-02-26 13:38:53 +00:00
Jung-uk Kim
2988abe069 Do not complain when /dev/crypto does not exist.
FreeBSD does not enable cryptodev(4) by default.  OpenBSD disabled support
for /dev/crypto by default from 4.9 and removed it from 5.7.  Now the engine
is properly enabled by default on BSD platforms (see #7885), it continuously
complains:

Could not open /dev/crypto: No such file or directory

Hide the nagging error message behind ENGINE_DEVCRYPTO_DEBUG.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7896)

(cherry picked from commit c79a022da9)
2018-12-23 08:32:43 +01:00
Eneas U de Queiroz
488521d77f eng_devcrypto: make sure digest can do copy
Digest must be able to do partial-state copy to be used.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

(cherry picked from commit 16e252a01b)
2018-12-10 13:22:14 +01:00
Eneas U de Queiroz
2887a5c8f9 eng_devcrypto: fix ctr mode
Make CTR mode behave like a stream cipher.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

(cherry picked from commit b5015e834a)
2018-12-10 13:22:14 +01:00
Eneas U de Queiroz
a19d1a1d37 eng_devcrypto: add cipher CTX copy function
The engine needs a custom cipher context copy function to open a new
/dev/crypto session.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

(cherry picked from commit 6d99e23839)
2018-12-10 13:22:14 +01:00
Eneas U de Queiroz
5378c582c8 eng_devcrypto: close session on cleanup, not final
Close the session in digest_cleanup instead of digest_final.  A failure
in closing the session does not mean a previous successful digest final
has failed as well.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

(cherry picked from commit a67203a19d)
2018-12-10 13:22:14 +01:00
Eneas U de Queiroz
68b02a8ab7 eng_devcrypto: fix copy of unitilialized digest
If the source ctx has not been initialized, don't initialize the copy
either.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

(cherry picked from commit ae8183690f)
2018-12-10 13:22:14 +01:00
Eneas U de Queiroz
add2ab1f28 eng_devcrypto: expand digest failure cases
Return failure when the digest_ctx is null in digest_update and
digest_final, and when md is null in digest_final.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

(cherry picked from commit 4d9f996544)
2018-12-10 13:22:14 +01:00
Eneas U de Queiroz
be5cf61caa eng_devcrypto: don't leak methods tables
Call functions to prepare methods after confirming that /dev/crytpo was
sucessfully open and that the destroy function has been set.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)

(cherry picked from commit d9d4dff5c6)
2018-12-10 13:22:14 +01:00
Richard Levitte
cd01707b7f crypto/engine/eng_devcrypto.c: ensure we don't leak resources
If engine building fails for some reason, we must make sure to close
the /dev/crypto handle.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7506)

(cherry picked from commit 681e8cacdb)
2018-11-02 20:24:08 +01:00
Richard Levitte
120fc33e29 crypto/engine/eng_devcrypto.c: open /dev/crypto only once
We opened /dev/crypto once for each session, which is quite unnecessary.
With this change, we open /dev/crypto once at engine init, and close
it on unload.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7506)

(cherry picked from commit 458c7dad9e)
2018-11-02 20:24:00 +01:00
Richard Levitte
dcbbcf083c crypto/engine/eng_devcrypto.c: new compilers are strict on prototypes
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7506)

(cherry picked from commit 28ac1bd9a9)
2018-11-02 20:23:53 +01:00
Richard Levitte
3dcca12a20 crypto/engine/eng_devcrypto.c: add digest copy
Copying an EVP_MD_CTX, including the implementation local bits, is a
necessary operation.  In this case, though, it's the same as
initializing the local bits to be "copied to".

Fixes #7495

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7506)

(cherry picked from commit 36af124bfb)
2018-11-02 20:23:47 +01:00
Richard Levitte
e9a4fb4997 /dev/crypto engine: give CIOCFSESSION the actual sess-id
We passed that ioctl a pointer to the whole session_op structure,
which wasn't quite right.

Notified by David Legault.

Fixes #7302

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7304)

(cherry picked from commit 470096e576)
2018-10-05 21:55:38 +02:00
Richard Levitte
baa5cdad88 /dev/crypto engine: add missing RC4 parameter
Fixes #7280

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7281)

(cherry picked from commit f52f2c1ae8)
2018-09-20 22:02:43 +02:00
Matt Caswell
1212818eb0 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7176)
2018-09-11 13:45:17 +01:00
Conrad Meyer
5d58e8f171 Correctly check for cryptodev hash support
The sense of the check for build-time support for most hashes was inverted.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6673)
2018-07-09 12:45:28 -04:00
FdaSilvaYY
f4411faac4 Various typo
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4457)
2017-11-07 17:09:36 +01:00
Pauli
07016a8a31 Move e_os.h to be the very first include.
cryptilib.h is the second.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)
2017-08-30 07:20:44 +10:00
Richard Levitte
8bd2c65fbb Comment on the lack of documentation for asymmetric ciphers
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)
2017-06-28 12:54:33 +02:00
Richard Levitte
4f79affb05 Adapt for BSD cryptodev.h differences
The BSD cryptodev.h doesn't have things like COP_FLAG_WRITE_IV and
COP_FLAG_UPDATE.  In that case, we need to implement that
functionality ourselves.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)
2017-06-28 12:54:33 +02:00
Richard Levitte
619eb33a0c Add new /dev/crypto engine
Based on cryptodev-linux

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)
2017-06-28 12:54:33 +02:00