diff options
author | Eneas U de Queiroz <cote2004-github@yahoo.com> | 2019-02-12 13:44:19 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2019-02-12 20:06:00 +0100 |
commit | c703a808a1394fea7f77067db20c9508e6964d0b (patch) | |
tree | 224c929f87db332beac42315945b8bbb97bbee85 | |
parent | CHANGES: add note about building devcrypto dynamic (diff) | |
download | openssl-c703a808a1394fea7f77067db20c9508e6964d0b.tar.xz openssl-c703a808a1394fea7f77067db20c9508e6964d0b.zip |
eng_devcrypto.c: close open session on init
cipher_init may be called on an already initialized context, without a
necessary cleanup. This separates cleanup from initialization, closing
an eventual open session before creating a new one.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7859)
-rw-r--r-- | engines/e_devcrypto.c | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c index 87e4c2437c..1d733e53c2 100644 --- a/engines/e_devcrypto.c +++ b/engines/e_devcrypto.c @@ -41,8 +41,8 @@ static int cfd = -1; #define DEVCRYPTO_USE_SOFTWARE 1 /* allow software drivers */ #define DEVCRYPTO_REJECT_SOFTWARE 2 /* only disallow confirmed software drivers */ -#define DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS DEVCRYPTO_REJECT_SOFTWARE -static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS; +#define DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS DEVCRYPTO_REJECT_SOFTWARE +static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFTDRIVERS; /* * cipher/digest status & acceleration definitions @@ -186,8 +186,13 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); const struct cipher_data_st *cipher_d = get_cipher_data(EVP_CIPHER_CTX_nid(ctx)); + int sess = cipher_ctx->sess.ses; + + /* close a previous open session */ + if (cipher_ctx->sess.ses != 0 && + ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) <0) + SYSerr(SYS_F_IOCTL, errno); - memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess)); cipher_ctx->sess.cipher = cipher_d->devcryptoid; cipher_ctx->sess.keylen = cipher_d->keylen; cipher_ctx->sess.key = (void *)key; @@ -329,10 +334,17 @@ static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2) EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2; struct cipher_ctx *cipher_ctx; - if (type == EVP_CTRL_COPY) { - /* when copying the context, a new session needs to be initialized */ + if (type == EVP_CTRL_COPY || type == EVP_CTRL_INIT) { cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); - return (cipher_ctx == NULL) + + if (cipher_ctx == NULL) /* OK for copy, error for init */ + return (type == EVP_CTRL_COPY); + + /* both COPY & INIT need a clean context */ + memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess)); + + /* when copying the context, a new session needs to be open as well */ + return (type == EVP_CTRL_INIT) || cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx), (cipher_ctx->op == COP_ENCRYPT)); } @@ -349,6 +361,7 @@ static int cipher_cleanup(EVP_CIPHER_CTX *ctx) SYSerr(SYS_F_IOCTL, errno); return 0; } + memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess)); return 1; } @@ -418,6 +431,7 @@ static void prepare_cipher_methods(void) || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i], cipher_data[i].flags | EVP_CIPH_CUSTOM_COPY + | EVP_CIPH_CTRL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init) || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i], |