mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity
f928304a9d
openssl/crypto
History
Ingo Franzki f928304a9d s390x: Don't probe crypto cards for ME/CRT offloading during initialization 
Probing for crypto cards during initialization by issuing an ioctl to the
zcrypt device driver can cause a lot of traffic and overhead, because it
runs for each and every application that uses OpenSSL, regardless if that
application will later perform ME or CRT operations or not.

Fix this by performing no probing during initialization, but detect the
crypto card availability only at the first ME/CRT operation that is subject
to be offloaded. If the ioctl returns ENODEV, then no suitable crypto
card is available in the system, and we disable further offloading
attempts by setting flag OPENSSL_s390xcex_nodev to 1.

Setting the global flag OPENSSL_s390xcex_nodev in case of ENODEV is
intentionally not made in a thread save manner, because the only thing
that could happen is that another thread, that misses the flag update,
also issues an ioctl and gets ENODEV as well.

The file descriptor is not closed in such error cases, because this could
cause raise conditions where we would close a foreign file if the same
file descriptor got reused by another thread. The file descriptor is finally
closed during termination by the atexit handler.

In case the ioctl returns ENOTTY then this indicates that the file descriptor
was closed (e.g. by a sandbox), but in the meantime the same file descriptor
has been reused for another file. Do not use the file descriptor anymore,
and also do not close it during termination.

Fixes: 79040cf29e

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25576)
2024-10-23 15:07:01 +02:00
..
aes Copyright year updates 2024-09-05 09:35:49 +02:00
aria
asn1 Fix smime-type for AuthEnvelopedData 2024-09-19 20:59:25 +02:00
async Copyright year updates 2024-09-05 09:35:49 +02:00
bf Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
bio replace various calls to sprintf() by BiO_snprintf() to avoid compiler warnings, e.g., on MacOS 2024-10-12 15:38:07 +02:00
bn s390x: Don't probe crypto cards for ME/CRT offloading during initialization 2024-10-23 15:07:01 +02:00
buffer
camellia Copyright year updates 2024-09-05 09:35:49 +02:00
cast Copyright year updates 2023-09-07 09:59:15 +01:00
chacha Fix big-endian Power10 chacha20 implementation 2024-09-19 11:13:35 +02:00
cmac Add FIPS indicator to CMAC. 2024-07-31 09:04:17 +10:00
cmp Fix potential memory leak in save_statusInfo() 2024-10-07 17:58:12 +02:00
cms Fix memleak in rsa_cms_sign error path 2024-09-05 17:04:59 +02:00
comp Copyright year updates 2023-09-07 09:59:15 +01:00
conf Copyright year updates 2024-09-05 09:35:49 +02:00
crmf Copyright year updates 2024-09-05 09:35:49 +02:00
ct
des Copyright year updates 2024-09-05 09:35:49 +02:00
dh Copyright year updates 2024-04-09 13:43:26 +02:00
dsa Copyright year updates 2024-09-05 09:35:49 +02:00
dso replace various calls to sprintf() by BiO_snprintf() to avoid compiler warnings, e.g., on MacOS 2024-10-12 15:38:07 +02:00
ec Remove double engine reference in ossl_ec_key_dup() 2024-09-26 10:26:19 +02:00
encode_decode Copyright year updates 2024-04-09 13:43:26 +02:00
engine Copyright year updates 2024-09-05 09:35:49 +02:00
err Add failed entropy continuous test error 2024-09-19 08:43:58 +10:00
ess Copyright year updates 2024-09-05 09:35:49 +02:00
evp Exclude EVP_DigestSign and EVP_DigestVerify related APIs from the FIPS 2024-10-04 17:41:13 +02:00
ffc Copyright year updates 2024-09-05 09:35:49 +02:00
hashtable ossl_ht_insert(): Allow for 4 iterations of grow_hashtable() 2024-08-22 14:52:43 +02:00
hmac s390x: Disable HMAC hardware acceleration when an engine is used for the digest 2024-09-03 21:15:00 +02:00
hpke open brace '{' following struct go on the same line 2024-07-22 06:55:35 -04:00
http OSSL_HTTP_adapt_proxy(): fix handling of escaped IPv6 host addresses and of whitespace in no_proxy 2024-09-23 22:15:50 +02:00
idea Copyright year updates 2024-09-05 09:35:49 +02:00
kdf
lhash Copyright year updates 2024-04-09 13:43:26 +02:00
md2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
md4 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
md5 md5: add assembly implementation for loongarch64 2023-12-27 10:15:29 +01:00
mdc2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
modes fix small footprint builds on arm 2024-09-12 09:07:12 +10:00
objects feat: add TCG / platform certificate OIDs 2024-09-05 17:22:40 +02:00
ocsp Copyright year updates 2024-09-05 09:35:49 +02:00
pem Fix Edge Cases in Password Callback Handling 2024-09-09 08:58:03 +02:00
perlasm Copyright year updates 2024-09-05 09:35:49 +02:00
pkcs7 Add support for p7->d.sign->contents with the V_ASN1_SEQUENCE type 2024-10-21 11:32:04 +01:00
pkcs12 Handle PBMAC1 with absent PBKDF2 PRF 2024-10-07 17:51:54 +02:00
poly1305 Copyright year updates 2024-09-05 09:35:49 +02:00
property Copyright year updates 2024-09-05 09:35:49 +02:00
rand jitter: support an internal jitter entropy source in the FIPS provider 2024-10-09 13:53:10 +11:00
rc2 Copyright year updates 2023-09-07 09:59:15 +01:00
rc4 Copyright year updates 2023-09-07 09:59:15 +01:00
rc5 Copyright year updates 2023-09-07 09:59:15 +01:00
ripemd Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
rsa Copyright year updates 2024-09-05 09:35:49 +02:00
seed Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
sha Copyright year updates 2024-09-05 09:35:49 +02:00
siphash
sm2 Copyright year updates 2024-09-05 09:35:49 +02:00
sm3 Copyright year updates 2024-09-05 09:35:49 +02:00
sm4 Copyright year updates 2024-09-05 09:35:49 +02:00
srp Fix potential double free through SRP_user_pwd_set1_ids() 2024-10-11 14:22:36 +02:00
stack Copyright year updates 2024-04-09 13:43:26 +02:00
store Copyright year updates 2024-09-05 09:35:49 +02:00
thread Fix no-thread-pool build on Windows 2024-09-10 16:36:39 +02:00
ts Copyright year updates 2024-09-05 09:35:49 +02:00
txt_db Copyright year updates 2023-09-07 09:59:15 +01:00
ui Fix Edge Cases in Password Callback Handling 2024-09-09 08:58:03 +02:00
whrlpool Copyright year updates 2024-09-05 09:35:49 +02:00
x509 Increase limit for CRL download 2024-10-08 15:59:38 +02:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h Copyright year updates 2024-04-09 13:43:26 +02:00
armcap.c Add support for elf_aux_info() on OpenBSD 2024-09-02 16:12:48 +02:00
armv4cpuid.pl Copyright year updates 2023-09-07 09:59:15 +01:00
asn1_dsa.c
bsearch.c
build.info Add FIPS indicator callback. 2024-07-11 08:29:43 +10:00
c64xpluscpuid.pl
comp_methods.c Move stack of compression methods from libssl to OSSL_LIB_CTX 2024-05-28 08:56:13 +02:00
context.c fips: continuous random bit generator tests 2024-09-19 08:44:14 +10:00
core_algorithm.c
core_fetch.c
core_namemap.c Copyright year updates 2024-09-05 09:35:49 +02:00
cpt_err.c Use the new hashtable for core_namemap 2024-08-21 15:21:26 +02:00
cpuid.c Copyright year updates 2023-09-28 14:23:29 +01:00
cryptlib.c Copyright year updates 2023-09-07 09:59:15 +01:00
ctype.c Copyright year updates 2023-09-07 09:59:15 +01:00
cversion.c Revert API change of OPENSSL_version() 2024-10-17 13:36:58 +02:00
defaults.c Fix typos found by codespell 2024-08-07 19:09:43 +02:00
der_writer.c
deterministic_nonce.c Copyright year updates 2024-09-05 09:35:49 +02:00
dllmain.c
ebcdic.c
ex_data.c Fix error handling in CRYPTO_get_ex_new_index 2023-09-21 14:43:08 +02:00
getenv.c
ia64cpuid.S
indicator_core.c Add FIPS indicator callback. 2024-07-11 08:29:43 +10:00
info.c Add 'openssl info' item for the Windows install context 2024-10-16 19:29:53 +02:00
init.c Copyright year updates 2024-04-09 13:43:26 +02:00
initthread.c Recycle the TLS key that holds thread_event_handler 2024-09-05 17:19:53 +02:00
loongarch64cpuid.pl LoongArch64 assembly pack: Really implement OPENSSL_rdtsc 2023-12-19 18:34:34 +01:00
loongarch_arch.h Copyright year updates 2023-09-07 09:59:15 +01:00
loongarchcap.c Copyright year updates 2023-09-07 09:59:15 +01:00
LPdir_nyi.c
LPdir_unix.c Copyright year updates 2023-09-07 09:59:15 +01:00
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c Copyright year updates 2024-09-05 09:35:49 +02:00
mem.c mem: Don't use posix_memalign() and friends with custom wrapper 2024-10-16 10:13:49 +02:00
mips_arch.h
o_dir.c
o_fopen.c Copyright year updates 2024-09-05 09:35:49 +02:00
o_init.c
o_str.c crypto: factorize to hex chars conversion code. 2024-08-07 19:25:10 +02:00
o_time.c
packet.c Copyright year updates 2023-09-07 09:59:15 +01:00
param_build_set.c ossl_param_build_set_multi_key_bn(): Do not set NULL BIGNUMs 2023-10-18 18:07:13 +02:00
param_build.c params: drop INT_MAX checks 2023-12-29 10:21:10 +01:00
params_dup.c
params_from_text.c Copyright year updates 2024-04-09 13:43:26 +02:00
params_idx.c.in params: provide a faster TRIE based param lookup. 2023-06-02 15:13:20 +10:00
params.c uefi: move variables 2024-05-30 18:38:12 +02:00
pariscid.pl
passphrase.c
ppccap.c Copyright year updates 2024-09-05 09:35:49 +02:00
ppccpuid.pl
provider_child.c Copyright year updates 2023-09-07 09:59:15 +01:00
provider_conf.c Fix remaining provider config settings to be decisive in value 2023-12-27 09:32:48 +01:00
provider_core.c Add FIPS indicator callback. 2024-07-11 08:29:43 +10:00
provider_local.h
provider_predefined.c
provider.c Copyright year updates 2023-09-07 09:59:15 +01:00
punycode.c Copyright year updates 2023-09-07 09:59:15 +01:00
quic_vlint.c QUIC: Enable building with QUIC support disabled 2023-01-13 13:20:16 +00:00
rcu_internal.h Copyright year updates 2024-04-09 13:43:26 +02:00
README-sparse_array.md
riscv32cpuid.pl Copyright year updates 2024-09-05 09:35:49 +02:00
riscv64cpuid.pl riscv: Add basic vector extension support 2023-10-26 15:55:49 +01:00
riscvcap.c Avoid undefined behaviour with the <ctype.h> functions. 2024-10-10 20:47:48 +02:00
s390x_arch.h s390x: Don't probe crypto cards for ME/CRT offloading during initialization 2024-10-23 15:07:01 +02:00
s390xcap.c s390x: Don't probe crypto cards for ME/CRT offloading during initialization 2024-10-23 15:07:01 +02:00
s390xcpuid.pl Copyright year updates 2024-09-05 09:35:49 +02:00
self_test_core.c Copyright year updates 2024-09-05 09:35:49 +02:00
sleep.c For Unix, refactor OSSL_sleep() to use nanosleep() instead of usleep() 2024-05-22 09:59:32 +02:00
sparccpuid.S
sparcv9cap.c
sparse_array.c Copyright year updates 2024-09-05 09:35:49 +02:00
threads_lib.c
threads_none.c threads: follow formatting rules 2024-09-05 17:09:50 +02:00
threads_pthread.c threads: follow formatting rules 2024-09-05 17:09:50 +02:00
threads_win.c threads_win: fix improper cast to long * instead of LONG * 2024-09-05 17:09:50 +02:00
time.c crypto: fix missing <winsock.h> indirection inclusion. 2024-09-05 17:02:51 +02:00
trace.c "foo * bar" should be "foo *bar" 2023-09-11 10:15:30 +02:00
uid.c Copyright year updates 2023-09-07 09:59:15 +01:00
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl