packages/uadk_engine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!44 20240118

Browse Source 
From: @gaozhangfei 
Reviewed-by: @xiao_jiang_shui, @hao-fang 
Signed-off-by: @hao-fang
This commit is contained in:
openeuler-ci-bot 2024-02-27 12:01:59 +00:00 committed by Gitee
commit c7e31747fa
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
16 changed files with 145 additions and 1788 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
0001-readme-export-PKG_CONFIG_PATH-on-openEuler.patch
View File

@ -1,85 +0,0 @@
From 2f129935991cb3d8e3fdb8b85f5c8e500390ab01 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Tue, 6 Jun 2023 03:44:14 +0000
Subject: [PATCH 1/7] readme: export PKG_CONFIG_PATH on openEuler
openEuler requires setting PKG_CONFIG_PATH though /usr/local/lib/pkgconfig
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
README.md | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/README.md b/README.md
index 2fe165a..ac721e3 100644
--- a/README.md
+++ b/README.md
@@ -21,21 +21,32 @@ Installation Instruction
========================
Build and install OpenSSL
------------------------
+------------------------
```
git clone https://github.com/openssl/openssl.git
cd openssl
git checkout -b OpenSSL_1_1_1f OpenSSL_1_1_1f
- ./config -Wl,-rpath=/usr/local/lib
+ ./config
make
- make test
sudo make install
openssl version
```
+Run pkg-config to ensure env is setup correctly
+-----------------------------------------------
+
+```
+ $ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/
+ $ pkg-config libcrypto --libs
+ -L/usr/local/lib -lcrypto
+```
+
+* export ``PKG_CONFIG_PATH`` is required on openEuler,
+ where /usr/local/lib is not set as the default pkgconfig search path.
+
Build and install UADK
---------------------
+----------------------
```
git clone https://github.com/Linaro/uadk.git
@@ -46,16 +57,17 @@ Build and install UADK
make
sudo make install
```
+
* If get error:"cannot find -lnuma", please install the libnuma-dev
* If get error:"fatal error: zlib.h: No such file or directory", please install zlib.
Build and install UADK Engine
------------------------------------
+-----------------------------
```
git clone https://github.com/Linaro/uadk_engine.git
cd uadk_engine
autoreconf -i
- ./configure --libdir=/usr/local/lib/engines-1.1/ --enable-kae
+ ./configure --libdir=/usr/local/lib/engines-1.1/ [--enable-kae]
make
sudo make install
@@ -93,7 +105,7 @@ Install libraries to the temp folder
-L/tmp/build/lib -lwd
$ cd uadk_engine
- $ autoreconf
+ $ autoreconf -i
$ ./configure --prefix=/tmp/build
$ make; make install
--
2.25.1

29
0001-v1-dh-add-iova_map-and-iova_unmap-ops.patch Normal file
View File

@ -0,0 +1,29 @@
From 984b503e018ebc6964e47c3784fd0f204b0c28fd Mon Sep 17 00:00:00 2001
From: Liulongfang <liulongfang@huawei.com>
Date: Tue, 9 Jan 2024 17:28:20 +0800
Subject: [PATCH 1/3] v1/dh: add iova_map and iova_unmap ops
If iova_map and iova_unmap ops are not registered,
wcrypto_create_dh_ctx() will return fail since parameters check fails.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/v1/alg/dh/hpre_dh_wd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/v1/alg/dh/hpre_dh_wd.c b/src/v1/alg/dh/hpre_dh_wd.c
index b8ca9a1..556e744 100644
--- a/src/v1/alg/dh/hpre_dh_wd.c
+++ b/src/v1/alg/dh/hpre_dh_wd.c
@@ -314,6 +314,8 @@ static int hpre_dh_init_eng_ctx(hpre_dh_engine_ctx_t *eng_ctx, int bits, bool is
eng_ctx->dh_setup.cb = hpre_dh_cb;
eng_ctx->dh_setup.br.alloc = kae_wd_alloc_blk;
eng_ctx->dh_setup.br.free = kae_wd_free_blk;
+ eng_ctx->dh_setup.br.iova_map = kae_dma_map;
+ eng_ctx->dh_setup.br.iova_unmap = kae_dma_unmap;
eng_ctx->dh_setup.br.usr = pool;
eng_ctx->dh_setup.is_g2 = is_g2;
eng_ctx->ctx = wcrypto_create_dh_ctx(q, &eng_ctx->dh_setup);
--
2.25.1

222
0002-uadk_engine-use-calloc-to-replace-malloc-memset.patch
View File

@ -1,222 +0,0 @@
From e6dcaa276f295a5baa6ea5109a943d2299ade757 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Tue, 6 Jun 2023 05:06:32 +0000
Subject: [PATCH 2/7] uadk_engine: use calloc to replace malloc+memset
malloc + memset(0) can be replaced by calloc
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk_async.c | 5 +----
src/uadk_ecx.c | 6 ++----
src/uadk_sm2.c | 4 +---
src/v1/alg/dh/hpre_dh_wd.c | 3 +--
src/v1/async/async_task_queue.c | 4 +---
src/v1/utils/engine_log.c | 6 ++----
src/v1/wdmngr/wd_alg_queue.c | 6 ++----
src/v1/wdmngr/wd_queue_memory.c | 11 ++++-------
8 files changed, 14 insertions(+), 31 deletions(-)
diff --git a/src/uadk_async.c b/src/uadk_async.c
index f21eabb..86aa9e5 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -362,13 +362,10 @@ int async_module_init(void)
if (pthread_mutex_init(&(poll_queue.async_task_mutex), NULL) < 0)
return 0;
- poll_queue.head = malloc(sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM);
+ poll_queue.head = calloc(ASYNC_QUEUE_TASK_NUM, sizeof(struct async_poll_task));
if (poll_queue.head == NULL)
return 0;
- memset(poll_queue.head, 0,
- sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM);
-
if (sem_init(&poll_queue.empty_sem, 0, ASYNC_QUEUE_TASK_NUM) != 0)
goto err;
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 2824a0d..0537890 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -89,12 +89,11 @@ static int x25519_init(EVP_PKEY_CTX *ctx)
return UADK_E_FAIL;
}
- x25519_ctx = malloc(sizeof(struct ecx_ctx));
+ x25519_ctx = calloc(1, sizeof(struct ecx_ctx));
if (!x25519_ctx) {
fprintf(stderr, "failed to alloc x25519 ctx\n");
return UADK_E_FAIL;
}
- memset(x25519_ctx, 0, sizeof(struct ecx_ctx));
setup.alg = "x25519";
setup.key_bits = X25519_KEYBITS;
@@ -146,13 +145,12 @@ static int x448_init(EVP_PKEY_CTX *ctx)
return UADK_E_FAIL;
}
- x448_ctx = malloc(sizeof(struct ecx_ctx));
+ x448_ctx = calloc(1, sizeof(struct ecx_ctx));
if (!x448_ctx) {
fprintf(stderr, "failed to alloc x448 ctx\n");
return UADK_E_FAIL;
}
- memset(x448_ctx, 0, sizeof(struct ecx_ctx));
setup.alg = "x448";
setup.key_bits = X448_KEYBITS;
params.numa_id = uadk_e_ecc_get_numa_id();
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 01186ef..63d4fdf 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -1157,14 +1157,12 @@ static int sm2_init(EVP_PKEY_CTX *ctx)
struct sm2_ctx *smctx;
int ret;
- smctx = malloc(sizeof(*smctx));
+ smctx = calloc(1, sizeof(*smctx));
if (!smctx) {
fprintf(stderr, "failed to alloc sm2 ctx\n");
return 0;
}
- memset(smctx, 0, sizeof(*smctx));
-
ret = uadk_e_ecc_get_support_state(SM2_SUPPORT);
if (!ret) {
fprintf(stderr, "sm2 is not supported\n");
diff --git a/src/v1/alg/dh/hpre_dh_wd.c b/src/v1/alg/dh/hpre_dh_wd.c
index 38a3d09..8dbb9b4 100644
--- a/src/v1/alg/dh/hpre_dh_wd.c
+++ b/src/v1/alg/dh/hpre_dh_wd.c
@@ -265,12 +265,11 @@ static hpre_dh_engine_ctx_t *hpre_dh_new_eng_ctx(DH *alg)
{
hpre_dh_engine_ctx_t *eng_ctx = NULL;
- eng_ctx = (hpre_dh_engine_ctx_t *)OPENSSL_malloc(sizeof(hpre_dh_engine_ctx_t));
+ eng_ctx = (hpre_dh_engine_ctx_t *)OPENSSL_calloc(1, sizeof(hpre_dh_engine_ctx_t));
if (eng_ctx == NULL) {
US_ERR("hpre engine_ctx malloc fail");
return NULL;
}
- kae_memset(eng_ctx, 0, sizeof(hpre_dh_engine_ctx_t));
eng_ctx->priv_ctx.ssl_alg = alg;
eng_ctx->qlist = kae_get_node_from_pool(g_hpre_dh_qnode_pool);
diff --git a/src/v1/async/async_task_queue.c b/src/v1/async/async_task_queue.c
index 2feea7e..0ef1e84 100644
--- a/src/v1/async/async_task_queue.c
+++ b/src/v1/async/async_task_queue.c
@@ -60,13 +60,11 @@ int async_poll_task_init_v1(void)
kae_memset(&g_async_poll_queue, 0, sizeof(g_async_poll_queue));
g_async_poll_queue.async_poll_task_queue_head =
- (async_poll_task *)malloc(sizeof(async_poll_task) * ASYNC_POLL_TASK_NUM);
+ (async_poll_task *)calloc(ASYNC_POLL_TASK_NUM, sizeof(async_poll_task));
if (g_async_poll_queue.async_poll_task_queue_head == NULL) {
US_ERR("no enough memory for task queue, errno=%d", errno); //lint !e666
return 0;
}
- kae_memset(g_async_poll_queue.async_poll_task_queue_head, 0,
- sizeof(async_poll_task) * ASYNC_POLL_TASK_NUM);
g_async_poll_queue.left_task = ASYNC_POLL_TASK_NUM;
ret = sem_init(&g_async_poll_queue.empty_sem, 0, (unsigned int)g_async_poll_queue.left_task);
diff --git a/src/v1/utils/engine_log.c b/src/v1/utils/engine_log.c
index 6e32b97..ef009e5 100644
--- a/src/v1/utils/engine_log.c
+++ b/src/v1/utils/engine_log.c
@@ -60,12 +60,10 @@ static void kae_set_conf_debuglevel(void)
if (conf_path == NULL || strlen(conf_path) > MAX_CONFIG_LEN)
goto err;
- file_path = (char *)kae_malloc(strlen(conf_path) + strlen(filename) + 1);
- debuglev = (char *)kae_malloc(MAX_LEVEL_LEN);
+ file_path = (char *)kae_calloc(1, strlen(conf_path) + strlen(filename) + 1);
+ debuglev = (char *)kae_calloc(1, MAX_LEVEL_LEN);
if (!file_path || !debuglev)
goto err;
- memset(debuglev, 0, MAX_LEVEL_LEN);
- memset(file_path, 0, sizeof(conf_path) + sizeof(filename) + 1);
strcat(file_path, conf_path);
strcat(file_path, filename);
ret = kae_drv_get_item(file_path, "LogSection", "debug_level", debuglev);
diff --git a/src/v1/wdmngr/wd_alg_queue.c b/src/v1/wdmngr/wd_alg_queue.c
index 5cd33ae..098231f 100644
--- a/src/v1/wdmngr/wd_alg_queue.c
+++ b/src/v1/wdmngr/wd_alg_queue.c
@@ -21,16 +21,14 @@
struct wd_queue *wd_new_queue(int algtype)
{
- struct wd_queue *queue = (struct wd_queue *)kae_malloc(sizeof(struct wd_queue));
int ret;
-
+ struct wd_queue *queue = (struct wd_queue *)kae_calloc(1,
+ sizeof(struct wd_queue));
if (queue == NULL) {
US_ERR("malloc failed");
return NULL;
}
- kae_memset(queue, 0, sizeof(struct wd_queue));
-
switch (algtype) {
case WCRYPTO_RSA:
queue->capa.alg = "rsa";
diff --git a/src/v1/wdmngr/wd_queue_memory.c b/src/v1/wdmngr/wd_queue_memory.c
index e6e7a2c..5f28357 100644
--- a/src/v1/wdmngr/wd_queue_memory.c
+++ b/src/v1/wdmngr/wd_queue_memory.c
@@ -62,13 +62,12 @@ struct wd_queue_mempool *wd_queue_mempool_create(struct wd_queue *q, unsigned in
kae_memset(addr, 0, rsv_mm_sz);
bitmap_sz = (block_num / BLOCKS_PER_BITMAP + 1) * sizeof(unsigned int);
- pool =
- (struct wd_queue_mempool *)kae_malloc(sizeof(struct wd_queue_mempool) + bitmap_sz);
+ pool = (struct wd_queue_mempool *)kae_calloc(1,
+ sizeof(struct wd_queue_mempool) + bitmap_sz);
if (pool == NULL) {
US_ERR("Alloc pool handle fail!");
return NULL;
}
- kae_memset(pool, 0, sizeof(struct wd_queue_mempool) + bitmap_sz);
pool->base = addr;
sem_init(&pool->mempool_sem, 0, 1);
@@ -190,13 +189,12 @@ KAE_QUEUE_POOL_HEAD_S *kae_init_queue_pool(int algtype)
/* malloc a pool */
kae_pool->kae_queue_pool = (KAE_QUEUE_POOL_NODE_S *)
- kae_malloc(KAE_QUEUE_POOL_MAX_SIZE * sizeof(KAE_QUEUE_POOL_NODE_S));
+ kae_calloc(KAE_QUEUE_POOL_MAX_SIZE, sizeof(KAE_QUEUE_POOL_NODE_S));
if (kae_pool->kae_queue_pool == NULL) {
US_ERR("malloc failed");
kae_free(kae_pool);
return NULL;
}
- kae_memset(kae_pool->kae_queue_pool, 0, KAE_QUEUE_POOL_MAX_SIZE * sizeof(KAE_QUEUE_POOL_NODE_S));
pthread_mutex_init(&kae_pool->kae_queue_mutex, NULL);
pthread_mutex_init(&kae_pool->destroy_mutex, NULL);
@@ -271,12 +269,11 @@ static KAE_QUEUE_DATA_NODE_S *kae_new_wd_queue_memory(int algtype)
{
KAE_QUEUE_DATA_NODE_S *queue_node = NULL;
- queue_node = (KAE_QUEUE_DATA_NODE_S *)kae_malloc(sizeof(KAE_QUEUE_DATA_NODE_S));
+ queue_node = (KAE_QUEUE_DATA_NODE_S *)kae_calloc(1, sizeof(KAE_QUEUE_DATA_NODE_S));
if (queue_node == NULL) {
US_ERR("malloc failed");
return NULL;
}
- kae_memset(queue_node, 0, sizeof(KAE_QUEUE_DATA_NODE_S));
queue_node->kae_wd_queue = wd_new_queue(algtype);
if (queue_node->kae_wd_queue == NULL) {
--
2.25.1

36
0002-uadk_util-fix-clang-build-error.patch Normal file
View File

@ -0,0 +1,36 @@
From 0f4d9a02e3a2984a48535e6a38107a0f61631e5d Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Wed, 17 Jan 2024 14:09:11 +0000
Subject: [PATCH 2/3] uadk_util: fix clang build error
autoreconf -i
./configure CC=clang
make -j8
reports error:
uadk_utils.c:53:33: error: unknown register name 'q0' in asm
uadk_utils.c:53:39: error: unknown register name 'q1' in asm
Fix with "v0", "v1", instead of "q0", "q1"
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk_utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uadk_utils.c b/src/uadk_utils.c
index 275a124..4a50bc4 100644
--- a/src/uadk_utils.c
+++ b/src/uadk_utils.c
@@ -50,7 +50,7 @@ static void *memcpy_large(void *dstpp, const void *srcpp, size_t len)
: [res] "+r"(dstpp)
: [src] "r"(srcpp), [count] "r"(len)
- : "x3", "x4", "x5", "x14", "q0", "q1"
+ : "x3", "x4", "x5", "x14", "v0", "v1"
);
return dstpp;
--
2.25.1

70
0003-uadk_engine-add-secure-compilation-option.patch Normal file
View File

@ -0,0 +1,70 @@
From 638ee431907af6e9f4916e95a4f367e14499e819 Mon Sep 17 00:00:00 2001
From: Qi Tao <taoqi10@huawei.com>
Date: Thu, 18 Jan 2024 21:12:11 +0800
Subject: [PATCH 3/3] uadk_engine: add secure compilation option
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Add PIE, PIC, BIND_NOW, SP, NO Rpath/RunPath, FS,
Ftrapv and Strip compilation options.
PIC-fPIC):
Generate position-Independent-Code and andomly load
dynamic libraries.
PIE(-fPIE -pie):
Generate location-independent executables,which
reduces the probability of fixed address attacks
and buffer overflow attacks.
BIND_NOW(-Wl,-z,relro,-z,now):
GOT table redirects all read-only,which defends
against ret2plt attacks.
SP(-fstack-protector-strong/all):
Determine whether an overflow attack occurs.
Strip(-Wl,-s):
Deleting symbol tables defends against hacker
attacks and reduces the file size.
FS(-D_FORTIFY_SOURCE=2 -O2):
Provides access checks for fixed-size buffers
at compile time and at run time.
Ftrapv(-ftrapv):
Detects integer overflow.
NO Rpath/RunPath(hardcode_into_libs=no):
Eliminates dynamic library search paths,
which defense against attacks by replacing
dynamic libraries with the same name.
Signed-off-by: Qi Tao <taoqi10@huawei.com>
---
configure.ac | 1 +
src/Makefile.am | 2 ++
2 files changed, 3 insertions(+)
diff --git a/configure.ac b/configure.ac
index 6c5369e..99b85e9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -7,6 +7,7 @@ AC_CONFIG_HEADERS([config.h])
AC_PROG_CC
LT_INIT
+AC_SUBST([hardcode_into_libs], [no])
AC_ARG_ENABLE(kae,
AS_HELP_STRING([--enable-kae],[Enable kae support]))
diff --git a/src/Makefile.am b/src/Makefile.am
index c4b8aa9..e014052 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -18,6 +18,8 @@ uadk_engine_la_LIBADD=-ldl $(WD_LIBS) -lpthread
uadk_engine_la_LDFLAGS=-module -version-number $(VERSION)
uadk_engine_la_CFLAGS=$(WD_CFLAGS) $(libcrypto_CFLAGS)
uadk_engine_la_CFLAGS+=-DCRYPTO
+uadk_engine_la_CFLAGS+=-fPIC -fPIE -pie -fstack-protector-strong -D_FORTIFY_SOURCE=2 \
+ -O2 -ftrapv -Wl,-z,relro,-z,now -Wl,-s
AUTOMAKE_OPTIONS = subdir-objects
--
2.25.1

125
0003-v1-some-code-clean.patch
View File

@ -1,125 +0,0 @@
From e6dae9e2197dad6173f9ec7fbc55373adcfbb29e Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Tue, 6 Jun 2023 06:12:23 +0000
Subject: [PATCH 3/7] v1: some code clean
remove #if 0, print address, etc
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/v1/alg/ciphers/sec_ciphers_soft.c | 15 ++++-----------
src/v1/alg/pkey/hpre_rsa.c | 20 +-------------------
src/v1/alg/pkey/hpre_rsa_utils.c | 5 ++---
3 files changed, 7 insertions(+), 33 deletions(-)
diff --git a/src/v1/alg/ciphers/sec_ciphers_soft.c b/src/v1/alg/ciphers/sec_ciphers_soft.c
index 71fbb33..9c597b5 100644
--- a/src/v1/alg/ciphers/sec_ciphers_soft.c
+++ b/src/v1/alg/ciphers/sec_ciphers_soft.c
@@ -110,11 +110,11 @@ int sec_ciphers_sw_impl_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
/* allowed iv to be empty. */
if (unlikely(key == NULL)) {
- US_ERR("kae sw init parameter is NULL. key=%p", key);
+ US_ERR("kae sw init parameter is NULL");
return KAE_FAIL;
}
if (unlikely(ctx == NULL)) {
- US_ERR("kae sw init parameter is NULL. ctx=%p", ctx);
+ US_ERR("kae sw init parameter is NULL");
return KAE_FAIL;
}
@@ -155,11 +155,10 @@ int sec_ciphers_sw_impl_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
ret = EVP_CIPHER_meth_get_init(sw_cipher)(ctx, key, iv, enc);
EVP_CIPHER_CTX_set_cipher_data(ctx, priv_ctx);
if (ret != OPENSSL_SUCCESS) {
- US_ERR("OPENSSL init key failed. ctx=%p", ctx);
+ US_ERR("OPENSSL init key failed.");
kae_free(priv_ctx->sw_ctx_data);
return KAE_FAIL;
}
- US_DEBUG("kae sw init impl success. ctx=%p", ctx);
return KAE_SUCCESS;
}
@@ -185,18 +184,14 @@ int sec_ciphers_sw_impl_cleanup(EVP_CIPHER_CTX *ctx)
kae_free(priv_ctx->sw_ctx_data);
- US_DEBUG("kae sw cleanup impl success, ctx=%p", ctx);
-
return KAE_SUCCESS;
}
static int sec_ciphers_sw_impl_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
- if (unlikely((ctx == NULL) || (out == NULL) || (in == NULL))) {
- US_ERR("kae sw cipher parameter is null.ctx=%p, in=%p, out=%p, inl=%d", ctx, out, in, (int)inl);
+ if (unlikely((ctx == NULL) || (out == NULL) || (in == NULL)))
return KAE_FAIL;
- }
cipher_priv_ctx_t *priv_ctx = (cipher_priv_ctx_t *)EVP_CIPHER_CTX_get_cipher_data(ctx);
@@ -277,8 +272,6 @@ int sec_ciphers_sw_hw_ctx_sync(EVP_CIPHER_CTX *ctx, sec_cipher_priv_ctx_syncto_t
}
}
- US_DEBUG("state sync success, direct=%d[1:SW_TO_HW, 2:HW_TO_SW], offset=%d", direction, num);
-
return KAE_SUCCESS;
}
diff --git a/src/v1/alg/pkey/hpre_rsa.c b/src/v1/alg/pkey/hpre_rsa.c
index 6c1d96d..4e21dde 100644
--- a/src/v1/alg/pkey/hpre_rsa.c
+++ b/src/v1/alg/pkey/hpre_rsa.c
@@ -67,25 +67,7 @@ RSA_METHOD *hpre_get_rsa_methods(void)
return g_hpre_rsa_method;
if (g_soft_rsa_method != NULL)
return g_soft_rsa_method;
-#if 0
- if (!kae_get_device(g_hpre_device)) {
- const RSA_METHOD *default_soft_method = RSA_PKCS1_OpenSSL();
-
- g_soft_rsa_method = RSA_meth_new("SOFT RSA METHOD", 0);
- ret &= RSA_meth_set_pub_enc(g_soft_rsa_method, RSA_meth_get_pub_enc(default_soft_method));
- ret &= RSA_meth_set_priv_enc(g_soft_rsa_method, RSA_meth_get_priv_enc(default_soft_method));
- ret &= RSA_meth_set_pub_dec(g_soft_rsa_method, RSA_meth_get_pub_dec(default_soft_method));
- ret &= RSA_meth_set_priv_dec(g_soft_rsa_method, RSA_meth_get_priv_dec(default_soft_method));
- ret &= RSA_meth_set_keygen(g_soft_rsa_method, hpre_rsa_soft_genkey);
- ret &= RSA_meth_set_mod_exp(g_soft_rsa_method, RSA_meth_get_mod_exp(default_soft_method));
- ret &= RSA_meth_set_bn_mod_exp(g_soft_rsa_method, RSA_meth_get_bn_mod_exp(default_soft_method));
- if (ret == 0) {
- US_ERR("Failed to set SOFT RSA methods");
- return NULL;
- }
- return g_soft_rsa_method;
- }
-#endif
+
g_hpre_rsa_method = RSA_meth_new("HPRE RSA method", 0);
if (g_hpre_rsa_method == NULL) {
KAEerr(KAE_F_HPRE_GET_RSA_METHODS, KAE_R_MALLOC_FAILURE);
diff --git a/src/v1/alg/pkey/hpre_rsa_utils.c b/src/v1/alg/pkey/hpre_rsa_utils.c
index 0630b28..317a5a0 100644
--- a/src/v1/alg/pkey/hpre_rsa_utils.c
+++ b/src/v1/alg/pkey/hpre_rsa_utils.c
@@ -44,10 +44,9 @@ void hpre_free_bn_ctx_buf(BN_CTX *bn_ctx, unsigned char *in_buf, int num)
int hpre_rsa_check_para(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa)
{
- if ((rsa == NULL || from == NULL || to == NULL || flen <= 0)) {
- US_ERR("RSA key %p, input %p or output %p are NULL, or flen invalid length.\n", rsa, from, to);
+ if ((rsa == NULL || from == NULL || to == NULL || flen <= 0))
return HPRE_CRYPTO_FAIL;
- }
+
return HPRE_CRYPTO_SUCC;
}
--
2.25.1

41
0004-v1-fix-implicit-declaration-of-function-OPENSSL_call.patch
View File

@ -1,41 +0,0 @@
From 1d05480962b3110b8da9f467cc3dbd9047f04589 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Fri, 16 Jun 2023 02:09:00 +0000
Subject: [PATCH 4/7] =?UTF-8?q?v1:=20fix=20implicit=20declaration=20of=20f?=
=?UTF-8?q?unction=20=E2=80=98OPENSSL=5Fcalloc=E2=80=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fix implicit declaration of function OPENSSL_calloc with calloc
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/v1/alg/dh/hpre_dh_wd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/v1/alg/dh/hpre_dh_wd.c b/src/v1/alg/dh/hpre_dh_wd.c
index 8dbb9b4..b8ca9a1 100644
--- a/src/v1/alg/dh/hpre_dh_wd.c
+++ b/src/v1/alg/dh/hpre_dh_wd.c
@@ -199,7 +199,7 @@ void hpre_dh_free_eng_ctx(hpre_dh_engine_ctx_t *eng_ctx)
eng_ctx->opdata.pri = NULL;
eng_ctx->opdata.x_p = NULL;
eng_ctx->opdata.pv = NULL;
- OPENSSL_free(eng_ctx);
+ free(eng_ctx);
eng_ctx = NULL;
}
@@ -265,7 +265,7 @@ static hpre_dh_engine_ctx_t *hpre_dh_new_eng_ctx(DH *alg)
{
hpre_dh_engine_ctx_t *eng_ctx = NULL;
- eng_ctx = (hpre_dh_engine_ctx_t *)OPENSSL_calloc(1, sizeof(hpre_dh_engine_ctx_t));
+ eng_ctx = (hpre_dh_engine_ctx_t *)calloc(1, sizeof(hpre_dh_engine_ctx_t));
if (eng_ctx == NULL) {
US_ERR("hpre engine_ctx malloc fail");
return NULL;
--
2.25.1

93
0005-uadk-build-uadk_engine-only-if-openssl-1.1.patch
View File

@ -1,93 +0,0 @@
From aa06f50efb5725a99f5ff93cca04c968ec981635 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Fri, 9 Jun 2023 04:52:30 +0000
Subject: [PATCH 5/7] uadk: build uadk_engine only if openssl 1.1
Rename e_uadk.c to uadk_engine_init.c
Build uadk_engine only if openssl 1.1
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
Makefile.am | 2 --
configure.ac | 7 ++++---
src/Makefile.am | 11 ++++++++---
src/{e_uadk.c => uadk_engine_init.c} | 0
4 files changed, 12 insertions(+), 8 deletions(-)
rename src/{e_uadk.c => uadk_engine_init.c} (100%)
diff --git a/Makefile.am b/Makefile.am
index 55fd400..1ade214 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,7 +1,5 @@
ACLOCAL_AMFLAGS = -I m4
-if HAVE_CRYPTO
if HAVE_WD
SUBDIRS = src
endif
-endif
diff --git a/configure.ac b/configure.ac
index fb03a5b..0fc14ed 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,5 @@
AC_PREREQ([2.69])
AC_INIT([uadk_engine], [1.2])
-AC_CONFIG_SRCDIR([src/e_uadk.c])
AM_INIT_AUTOMAKE([1.10 no-define])
AC_CONFIG_MACRO_DIR([m4])
@@ -15,8 +14,6 @@ AC_ARG_ENABLE(kae,
AC_SUBST(enable_kae)
AM_CONDITIONAL([WD_KAE], [test "$enable_kae" = "yes"])
-AC_CHECK_HEADERS([openssl/engine.h])
-
PKG_CHECK_MODULES(WD, libwd libwd_crypto, [with_wd=yes], [with_wd=no])
AM_CONDITIONAL(HAVE_WD, [test "$with_wd" != "no"])
@@ -24,6 +21,10 @@ PKG_CHECK_MODULES(libcrypto, libcrypto < 3.0 libcrypto >= 1.1,
[with_crypto=yes], [with_crypto=no])
AM_CONDITIONAL(HAVE_CRYPTO, test "$with_crypto" != "no")
+PKG_CHECK_MODULES(libcrypto, libcrypto >= 3.0,
+ [with_crypto3=yes], [with_crypto3=no])
+AM_CONDITIONAL(HAVE_CRYPTO3, test "$with_crypto3" != "no")
+
AC_CONFIG_FILES([
Makefile
src/Makefile])
diff --git a/src/Makefile.am b/src/Makefile.am
index 8ced0e8..65afe1d 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,13 +1,18 @@
VERSION = 1:2
ACLOCAL_AMFLAGS = -I m4
+if HAVE_CRYPTO
lib_LTLIBRARIES=uadk_engine.la
+endif #HAVE_CRYPTO
+
+uadk_engine_la_SOURCES=uadk_utils.c uadk_engine_init.c uadk_cipher.c \
+ uadk_digest.c uadk_async.c uadk_rsa.c uadk_sm2.c \
+ uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c
-uadk_engine_la_SOURCES=uadk_utils.c e_uadk.c uadk_cipher.c uadk_digest.c uadk_async.c \
- uadk_rsa.c uadk_sm2.c uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c
uadk_engine_la_LIBADD=-ldl $(WD_LIBS) -lpthread
uadk_engine_la_LDFLAGS=-module -version-number $(VERSION)
-uadk_engine_la_CFLAGS=$(WD_CFLAGS)
+uadk_engine_la_CFLAGS=$(WD_CFLAGS) $(libcrypto_CFLAGS)
+uadk_engine_la_CFLAGS+=-DCRYPTO
AUTOMAKE_OPTIONS = subdir-objects
diff --git a/src/e_uadk.c b/src/uadk_engine_init.c
similarity index 100%
rename from src/e_uadk.c
rename to src/uadk_engine_init.c
--
2.25.1

915
0006-uadk-support-openssl-3.0.patch
View File

@ -1,915 +0,0 @@
From c6aab5dadf83fad2716b1687366d040303b1301c Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Fri, 9 Jun 2023 09:04:30 +0000
Subject: [PATCH 6/7] uadk: support openssl 3.0
Openssl3.0 provoder will be built when libcrypto >= 3.0
First step to support digest
Test with
openssl speed -provider xx/uadk_provider.so -provider default -evp md5
openssl speed -provider xx/uadk_provider.so -provider default -evp sm3
openssl speed -provider xx/uadk_provider.so -provider default -evp sha1
openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-224
openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-256
openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-384
openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-512
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/Makefile.am | 11 +
src/uadk_prov.h | 30 ++
src/uadk_prov_digest.c | 699 +++++++++++++++++++++++++++++++++++++++++
src/uadk_prov_init.c | 110 +++++++
4 files changed, 850 insertions(+)
create mode 100644 src/uadk_prov.h
create mode 100644 src/uadk_prov_digest.c
create mode 100644 src/uadk_prov_init.c
diff --git a/src/Makefile.am b/src/Makefile.am
index 65afe1d..bfaeb78 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -5,6 +5,10 @@ if HAVE_CRYPTO
lib_LTLIBRARIES=uadk_engine.la
endif #HAVE_CRYPTO
+if HAVE_CRYPTO3
+lib_LTLIBRARIES=uadk_provider.la
+endif #HAVE_CRYPTO3
+
uadk_engine_la_SOURCES=uadk_utils.c uadk_engine_init.c uadk_cipher.c \
uadk_digest.c uadk_async.c uadk_rsa.c uadk_sm2.c \
uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c
@@ -45,3 +49,10 @@ uadk_engine_la_SOURCES+=v1/alg/ciphers/sec_ciphers.c \
v1/async/async_poll.c \
v1/async/async_task_queue.c
endif #WD_KAE
+
+uadk_provider_la_SOURCES=uadk_prov_init.c uadk_prov_digest.c uadk_async.c uadk_utils.c
+
+uadk_provider_la_LDFLAGS=-module -version-number $(VERSION)
+uadk_provider_la_LIBADD=$(WD_LIBS) -lpthread
+uadk_provider_la_CFLAGS=$(WD_CFLAGS) $(libcrypto_CFLAGS)
+uadk_provider_la_CFLAGS+=-DCRYPTO3
diff --git a/src/uadk_prov.h b/src/uadk_prov.h
new file mode 100644
index 0000000..c63c3fe
--- /dev/null
+++ b/src/uadk_prov.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2023-2024 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2023-2024 Linaro ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+#ifndef UADK_PROV_H
+#define UADK_PROV_H
+
+extern const OSSL_DISPATCH uadk_md5_functions[];
+extern const OSSL_DISPATCH uadk_sm3_functions[];
+extern const OSSL_DISPATCH uadk_sha1_functions[];
+extern const OSSL_DISPATCH uadk_sha224_functions[];
+extern const OSSL_DISPATCH uadk_sha256_functions[];
+extern const OSSL_DISPATCH uadk_sha384_functions[];
+extern const OSSL_DISPATCH uadk_sha512_functions[];
+
+void uadk_prov_destroy_digest(void);
+#endif
diff --git a/src/uadk_prov_digest.c b/src/uadk_prov_digest.c
new file mode 100644
index 0000000..fd05753
--- /dev/null
+++ b/src/uadk_prov_digest.c
@@ -0,0 +1,699 @@
+/*
+ * Copyright 2023-2024 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2023-2024 Linaro ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdio.h>
+#include <stdbool.h>
+#include <string.h>
+#include <dlfcn.h>
+#include <openssl/md5.h>
+#include <openssl/evp.h>
+#include <openssl/core_names.h>
+#include <openssl/proverr.h>
+#include <uadk/wd_cipher.h>
+#include <uadk/wd_digest.h>
+#include <uadk/wd_sched.h>
+#include "uadk.h"
+#include "uadk_async.h"
+#include "uadk_utils.h"
+
+#define UADK_DO_SOFT (-0xE0)
+#define CTX_SYNC 0
+#define CTX_ASYNC 1
+#define CTX_NUM 2
+#define DIGEST_DOING 1
+#define DIGEST_END 0
+
+/* The max BD data length is 16M-512B */
+#define BUF_LEN 0xFFFE00
+
+#define SM3_DIGEST_LENGTH 32
+#define SM3_CBLOCK 64
+#define SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
+#define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024)
+#define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
+#define MAX_DIGEST_LENGTH 64
+#define DIGEST_BLOCK_SIZE (512 * 1024)
+#define ALG_NAME_SIZE 128
+
+enum sec_digest_state {
+ SEC_DIGEST_INIT,
+ SEC_DIGEST_FIRST_UPDATING,
+ SEC_DIGEST_DOING,
+ SEC_DIGEST_FINAL
+};
+
+struct digest_threshold_table {
+ int nid;
+ int threshold;
+};
+
+struct digest_prov {
+ int pid;
+};
+
+static struct digest_prov prov;
+static pthread_mutex_t digest_mutex = PTHREAD_MUTEX_INITIALIZER;
+
+struct evp_md_ctx_st {
+ const EVP_MD *digest;
+ /* Functional reference if 'digest' is ENGINE-provided */
+ ENGINE *engine;
+ unsigned long flags;
+ void *md_data;
+ /* Public key context for sign/verify */
+ EVP_PKEY_CTX *pctx;
+ /* Update function: usually copied from EVP_MD */
+ int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
+};
+
+struct digest_priv_ctx {
+ handle_t sess;
+ struct wd_digest_sess_setup setup;
+ struct wd_digest_req req;
+ unsigned char *data;
+ unsigned char out[MAX_DIGEST_LENGTH];
+ EVP_MD_CTX *soft_ctx;
+ EVP_MD *soft_md;
+ size_t last_update_bufflen;
+ uint32_t e_nid;
+ uint32_t state;
+ uint32_t switch_threshold;
+ int switch_flag;
+ size_t md_size;
+ size_t blk_size;
+ char alg_name[ALG_NAME_SIZE];
+};
+
+struct digest_info {
+ int nid;
+ enum wd_digest_mode mode;
+ enum wd_digest_type alg;
+ __u32 out_len;
+};
+
+static struct digest_threshold_table digest_pkt_threshold_table[] = {
+ { NID_sm3, SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_md5, MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_sha1, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_sha224, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_sha256, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_sha384, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_sha512, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+};
+
+static struct digest_info digest_info_table[] = {
+ {NID_md5, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16},
+ {NID_sm3, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32},
+ {NID_sha1, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20},
+ {NID_sha224, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28},
+ {NID_sha256, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32},
+ {NID_sha384, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48},
+ {NID_sha512, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64},
+};
+
+static int uadk_e_digests_soft_md(struct digest_priv_ctx *priv)
+{
+ if (priv->soft_md)
+ return 1;
+
+ switch (priv->e_nid) {
+ case NID_sm3:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SM3, "provider=default");
+ break;
+ case NID_md5:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_MD5, "provider=default");
+ break;
+ case NID_sha1:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA1, "provider=default");
+ break;
+ case NID_sha224:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_224, "provider=default");
+ break;
+ case NID_sha256:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_256, "provider=default");
+ break;
+ case NID_sha384:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_384, "provider=default");
+ break;
+ case NID_sha512:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_512, "provider=default");
+ break;
+ default:
+ break;
+ }
+
+ if (unlikely(priv->soft_md == NULL))
+ return 0;
+
+ return 1;
+}
+
+static uint32_t sec_digest_get_sw_threshold(int n_id)
+{
+ int threshold_table_size = ARRAY_SIZE(digest_pkt_threshold_table);
+ int i = 0;
+
+ do {
+ if (digest_pkt_threshold_table[i].nid == n_id)
+ return digest_pkt_threshold_table[i].threshold;
+ } while (++i < threshold_table_size);
+
+ fprintf(stderr, "nid %d not found in digest threshold table", n_id);
+ return 0;
+}
+
+static int digest_soft_init(struct digest_priv_ctx *priv)
+{
+ return EVP_DigestInit(priv->soft_ctx, priv->soft_md);
+}
+
+static int digest_soft_update(EVP_MD_CTX *ctx, const void *data, size_t len)
+{
+ return EVP_DigestUpdate(ctx, data, len);
+}
+
+static int digest_soft_final(struct digest_priv_ctx *priv, unsigned char *digest)
+{
+ unsigned int digest_length = EVP_MD_get_size(priv->soft_md);
+
+ return EVP_DigestFinal(priv->soft_ctx, digest, &digest_length);
+}
+
+static void digest_soft_cleanup(struct digest_priv_ctx *priv)
+{
+ EVP_MD_CTX *ctx = priv->soft_ctx;
+
+ if (ctx != NULL) {
+ if (ctx->md_data) {
+ OPENSSL_free(ctx->md_data);
+ ctx->md_data = NULL;
+ }
+ EVP_MD_CTX_free(ctx);
+ ctx = NULL;
+ }
+
+ if (priv->soft_md) {
+ EVP_MD_free(priv->soft_md);
+ priv->soft_md = NULL;
+ }
+}
+
+static int uadk_e_digest_soft_work(struct digest_priv_ctx *priv, int len,
+ unsigned char *digest)
+{
+ digest_soft_init(priv);
+
+ if (len != 0)
+ digest_soft_update(priv->soft_ctx, priv->data, len);
+
+ digest_soft_final(priv, digest);
+ digest_soft_cleanup(priv);
+
+ return 1;
+}
+
+static int uadk_e_digest_env_poll(void *ctx)
+{
+ __u64 rx_cnt = 0;
+ __u32 recv = 0;
+ /* Poll one packet currently */
+ int expt = 1;
+ int ret;
+
+ do {
+ ret = wd_digest_poll(expt, &recv);
+ if (ret < 0 || recv == expt)
+ return ret;
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
+
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
+}
+
+static int uadk_digest_init(struct digest_priv_ctx *priv)
+{
+ int digest_counts = ARRAY_SIZE(digest_info_table);
+ struct sched_params params = {0};
+ int nid = priv->e_nid;
+ int ret, i;
+
+ pthread_mutex_lock(&digest_mutex);
+ if (prov.pid != getpid()) {
+ ret = wd_digest_init2(priv->alg_name, 0, 0);
+ if (unlikely(ret)) {
+ priv->switch_flag = UADK_DO_SOFT;
+ goto soft_init;
+ }
+ prov.pid = getpid();
+ async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_env_poll);
+ }
+ pthread_mutex_unlock(&digest_mutex);
+
+ for (i = 0; i < digest_counts; i++) {
+ if (nid == digest_info_table[i].nid) {
+ priv->setup.alg = digest_info_table[i].alg;
+ priv->setup.mode = digest_info_table[i].mode;
+ priv->req.out_buf_bytes = MAX_DIGEST_LENGTH;
+ priv->req.out_bytes = digest_info_table[i].out_len;
+ break;
+ }
+ }
+
+ if (unlikely(i == digest_counts)) {
+ fprintf(stderr, "failed to setup the private ctx.\n");
+ return 0;
+ }
+
+ /* Use the default numa parameters */
+ params.numa_id = -1;
+ priv->setup.sched_param = &params;
+ priv->sess = wd_digest_alloc_sess(&priv->setup);
+ if (unlikely(!priv->sess))
+ return 0;
+
+ priv->data = malloc(DIGEST_BLOCK_SIZE);
+ if (unlikely(!priv->data)) {
+ wd_digest_free_sess(priv->sess);
+ return 0;
+ }
+
+ if (uadk_e_digests_soft_md(priv))
+ priv->switch_threshold = sec_digest_get_sw_threshold(nid);
+
+ return 1;
+
+soft_init:
+ pthread_mutex_unlock(&digest_mutex);
+ fprintf(stderr, "uadk failed to initialize digest.\n");
+ return digest_soft_init(priv);
+}
+
+static void digest_update_out_length(struct digest_priv_ctx *priv)
+{
+ /* Sha224 and Sha384 need full length mac buffer as doing long hash */
+ if (priv->e_nid == NID_sha224)
+ priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN;
+
+ if (priv->e_nid == NID_sha384)
+ priv->req.out_bytes = WD_DIGEST_SHA384_FULL_LEN;
+}
+
+static int digest_update_inner(struct digest_priv_ctx *priv, const void *data, size_t data_len)
+{
+ const unsigned char *tmpdata = (const unsigned char *)data;
+ size_t left_len = data_len;
+ int copy_to_bufflen;
+ int ret;
+
+ digest_update_out_length(priv);
+
+ priv->req.has_next = DIGEST_DOING;
+
+ while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) {
+ copy_to_bufflen = DIGEST_BLOCK_SIZE - priv->last_update_bufflen;
+ uadk_memcpy(priv->data + priv->last_update_bufflen, tmpdata,
+ copy_to_bufflen);
+
+ priv->last_update_bufflen = DIGEST_BLOCK_SIZE;
+ priv->req.in_bytes = DIGEST_BLOCK_SIZE;
+ priv->req.in = priv->data;
+ priv->req.out = priv->out;
+ left_len -= copy_to_bufflen;
+ tmpdata += copy_to_bufflen;
+ if (priv->state == SEC_DIGEST_INIT)
+ priv->state = SEC_DIGEST_FIRST_UPDATING;
+ else if (priv->state == SEC_DIGEST_FIRST_UPDATING)
+ priv->state = SEC_DIGEST_DOING;
+
+ ret = wd_do_digest_sync(priv->sess, &priv->req);
+ if (ret) {
+ fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n");
+ goto do_soft_digest;
+ }
+
+ priv->last_update_bufflen = 0;
+ if (left_len <= DIGEST_BLOCK_SIZE) {
+ priv->last_update_bufflen = left_len;
+ uadk_memcpy(priv->data, tmpdata, priv->last_update_bufflen);
+ break;
+ }
+ }
+
+ return 1;
+
+do_soft_digest:
+ if (priv->state == SEC_DIGEST_FIRST_UPDATING
+ && priv->data
+ && priv->last_update_bufflen != 0) {
+ priv->switch_flag = UADK_DO_SOFT;
+ digest_soft_init(priv);
+ ret = digest_soft_update(priv->soft_ctx,
+ priv->data, priv->last_update_bufflen);
+ if (ret != 1)
+ return ret;
+
+ return digest_soft_update(priv->soft_ctx,
+ tmpdata, left_len);
+ }
+
+ fprintf(stderr, "do soft digest failed during updating!\n");
+ return 0;
+}
+
+static int uadk_digest_update(struct digest_priv_ctx *priv, const void *data, size_t data_len)
+{
+ if (unlikely(priv->switch_flag == UADK_DO_SOFT))
+ goto soft_update;
+
+ if (priv->last_update_bufflen + data_len <= DIGEST_BLOCK_SIZE) {
+ uadk_memcpy(priv->data + priv->last_update_bufflen, data, data_len);
+ priv->last_update_bufflen += data_len;
+ return 1;
+ }
+
+ return digest_update_inner(priv, data, data_len);
+
+soft_update:
+ return digest_soft_update(priv->soft_ctx, data, data_len);
+}
+
+static void async_cb(struct wd_digest_req *req, void *data)
+{
+ struct uadk_e_cb_info *cb_param;
+ struct async_op *op;
+
+ if (!req)
+ return;
+
+ cb_param = req->cb_param;
+ if (!cb_param)
+ return;
+ op = cb_param->op;
+ if (op && op->job && !op->done) {
+ op->done = 1;
+ async_free_poll_task(op->idx, 1);
+ async_wake_job(op->job);
+ }
+}
+
+static int do_digest_sync(struct digest_priv_ctx *priv)
+{
+ int ret;
+
+ if (priv->req.in_bytes <= priv->switch_threshold &&
+ priv->state == SEC_DIGEST_INIT)
+ return 0;
+
+ ret = wd_do_digest_sync(priv->sess, &priv->req);
+ if (ret) {
+ fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n");
+ return 0;
+ }
+ return 1;
+}
+
+static int do_digest_async(struct digest_priv_ctx *priv, struct async_op *op)
+{
+ struct uadk_e_cb_info cb_param;
+ int idx, ret;
+
+ if (unlikely(priv->switch_flag == UADK_DO_SOFT)) {
+ fprintf(stderr, "async cipher init failed.\n");
+ return 0;
+ }
+
+ cb_param.op = op;
+ cb_param.priv = priv;
+ priv->req.cb = (void *)async_cb;
+ priv->req.cb_param = &cb_param;
+
+ ret = async_get_free_task(&idx);
+ if (!ret)
+ return 0;
+
+ op->idx = idx;
+
+ do {
+ ret = wd_do_digest_async(priv->sess, &priv->req);
+ if (ret < 0 && ret != -EBUSY) {
+ fprintf(stderr, "do sec digest async failed.\n");
+ async_free_poll_task(op->idx, 0);
+ return 0;
+ }
+ } while (ret == -EBUSY);
+
+ ret = async_pause_job(priv, op, ASYNC_TASK_DIGEST, idx);
+ if (!ret)
+ return 0;
+ return 1;
+}
+
+static int uadk_digest_final(struct digest_priv_ctx *priv, unsigned char *digest)
+{
+ struct async_op op;
+ int ret;
+
+ priv->req.has_next = DIGEST_END;
+ priv->req.in = priv->data;
+ priv->req.out = priv->out;
+ priv->req.in_bytes = priv->last_update_bufflen;
+
+ if (priv->e_nid == NID_sha224)
+ priv->req.out_bytes = WD_DIGEST_SHA224_LEN;
+
+ if (priv->e_nid == NID_sha384)
+ priv->req.out_bytes = WD_DIGEST_SHA384_LEN;
+
+ ret = async_setup_async_event_notification(&op);
+ if (unlikely(!ret)) {
+ fprintf(stderr, "failed to setup async event notification.\n");
+ return 0;
+ }
+
+ if (op.job == NULL) {
+ /* Synchronous, only the synchronous mode supports soft computing */
+ if (unlikely(priv->switch_flag == UADK_DO_SOFT)) {
+ ret = digest_soft_final(priv, digest);
+ digest_soft_cleanup(priv);
+ goto clear;
+ }
+
+ ret = do_digest_sync(priv);
+ if (!ret)
+ goto sync_err;
+ } else {
+ ret = do_digest_async(priv, &op);
+ if (!ret)
+ goto clear;
+ }
+ memcpy(digest, priv->req.out, priv->req.out_bytes);
+
+ return 1;
+
+sync_err:
+ if (priv->state == SEC_DIGEST_INIT) {
+ ret = uadk_e_digest_soft_work(priv, priv->req.in_bytes, digest);
+ } else {
+ ret = 0;
+ fprintf(stderr, "do sec digest stream mode failed.\n");
+ }
+clear:
+ async_clear_async_event_notification();
+ return ret;
+}
+
+static int uadk_digest_cleanup(struct digest_priv_ctx *priv)
+{
+ if (priv->sess) {
+ wd_digest_free_sess(priv->sess);
+ priv->sess = 0;
+ }
+
+ if (priv->data)
+ OPENSSL_free(priv->data);
+
+ return 1;
+}
+
+/* some params related code is copied from OpenSSL v3.0 prov/digestcommon.h */
+static const OSSL_PARAM uadk_digest_default_known_gettable_params[] = {
+ OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, NULL),
+ OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_SIZE, NULL),
+ OSSL_PARAM_int(OSSL_DIGEST_PARAM_XOF, NULL),
+ OSSL_PARAM_int(OSSL_DIGEST_PARAM_ALGID_ABSENT, NULL),
+ OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *uadk_prov_gettable_params(void *provctx)
+{
+ return uadk_digest_default_known_gettable_params;
+}
+
+static int uadk_digest_default_get_params(OSSL_PARAM params[], size_t blksz,
+ size_t paramsz)
+{
+ OSSL_PARAM *p = NULL;
+
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_BLOCK_SIZE);
+ if (p != NULL && !OSSL_PARAM_set_size_t(p, blksz)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE);
+ if (p != NULL && !OSSL_PARAM_set_size_t(p, paramsz)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_XOF);
+ if (p != NULL
+ && !OSSL_PARAM_set_int(p, 0)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_ALGID_ABSENT);
+ if (p != NULL
+ && !OSSL_PARAM_set_int(p, 0)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+
+ return 1;
+}
+
+static void uadk_prov_freectx(void *dctx)
+{
+ struct digest_priv_ctx *priv = (struct digest_priv_ctx *)dctx;
+
+ uadk_digest_cleanup(priv);
+ OPENSSL_clear_free(priv, sizeof(*priv));
+}
+
+static void *uadk_prov_dupctx(void *dctx)
+{
+ struct digest_priv_ctx *in;
+ struct digest_priv_ctx *ret;
+
+ in = (struct digest_priv_ctx *)dctx;
+ ret = OPENSSL_zalloc(sizeof(struct digest_priv_ctx *));
+
+ if (ret != NULL)
+ *ret = *in;
+ return ret;
+}
+
+static int uadk_prov_init(void *dctx, const OSSL_PARAM params[])
+{
+ struct digest_priv_ctx *priv =
+ (struct digest_priv_ctx *) dctx;
+
+ return uadk_digest_init(priv);
+}
+
+static int uadk_prov_update(void *dctx, const unsigned char *in, size_t inl)
+{
+ return uadk_digest_update((struct digest_priv_ctx *)dctx, in, inl);
+}
+
+/*
+ * Note:
+ * The I<dctx> parameter contains a pointer to the provider side context.
+ * The digest should be written to I<*out> and the length of the digest to I<*outl>.
+ * The digest should not exceed I<outsz> bytes.
+ */
+static int uadk_prov_final(void *dctx, unsigned char *out,
+ size_t *outl, size_t outsz)
+{
+ struct digest_priv_ctx *priv =
+ (struct digest_priv_ctx *) dctx;
+ int ret;
+
+ if (outsz > 0) {
+ ret = uadk_digest_final(priv, out);
+ if (!ret)
+ return ret;
+ }
+
+ if (unlikely(outl != NULL))
+ *outl = priv->md_size;
+
+ return 1;
+}
+
+void uadk_prov_destroy_digest(void)
+{
+ pthread_mutex_lock(&digest_mutex);
+ if (prov.pid == getpid()) {
+ wd_digest_uninit2();
+ prov.pid = 0;
+ }
+ pthread_mutex_unlock(&digest_mutex);
+}
+
+static OSSL_FUNC_digest_freectx_fn uadk_prov_freectx;
+static OSSL_FUNC_digest_dupctx_fn uadk_prov_dupctx;
+static OSSL_FUNC_digest_init_fn uadk_prov_init;
+static OSSL_FUNC_digest_update_fn uadk_prov_update;
+static OSSL_FUNC_digest_final_fn uadk_prov_final;
+static OSSL_FUNC_digest_gettable_params_fn
+ uadk_prov_gettable_params;
+
+#define UADK_PROVIDER_IMPLEMENTATION(name, nid, mdsize, blksize) \
+static OSSL_FUNC_digest_newctx_fn uadk_##name##_newctx; \
+static void *uadk_##name##_newctx(void *provctx) \
+{ \
+ struct digest_priv_ctx *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
+ \
+ if (ctx == NULL) \
+ return NULL; \
+ ctx->blk_size = blksize; \
+ ctx->md_size = mdsize; \
+ ctx->e_nid = nid; \
+ ctx->soft_ctx = EVP_MD_CTX_new(); \
+ if (ctx->soft_ctx == NULL) \
+ fprintf(stderr, "EVP_MD_CTX_new failed.\n"); \
+ strncpy(ctx->alg_name, #name, ALG_NAME_SIZE - 1); \
+ return ctx; \
+} \
+static OSSL_FUNC_digest_get_params_fn uadk_##name##_get_params; \
+static int uadk_##name##_get_params(OSSL_PARAM params[]) \
+{ \
+ return uadk_digest_default_get_params(params, blksize, mdsize); \
+} \
+const OSSL_DISPATCH uadk_##name##_functions[] = { \
+ { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))uadk_##name##_newctx }, \
+ { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))uadk_prov_freectx }, \
+ { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))uadk_prov_dupctx }, \
+ { OSSL_FUNC_DIGEST_INIT, (void (*)(void))uadk_prov_init }, \
+ { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))uadk_prov_update }, \
+ { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))uadk_prov_final }, \
+ { OSSL_FUNC_DIGEST_GET_PARAMS, \
+ (void (*)(void))uadk_##name##_get_params }, \
+ { OSSL_FUNC_DIGEST_GETTABLE_PARAMS, \
+ (void (*)(void))uadk_prov_gettable_params }, \
+ { 0, NULL } \
+}
+
+UADK_PROVIDER_IMPLEMENTATION(md5, NID_md5, MD5_DIGEST_LENGTH, MD5_CBLOCK);
+UADK_PROVIDER_IMPLEMENTATION(sm3, NID_sm3, SM3_DIGEST_LENGTH, SM3_CBLOCK);
+UADK_PROVIDER_IMPLEMENTATION(sha1, NID_sha1, 20, 64);
+UADK_PROVIDER_IMPLEMENTATION(sha224, NID_sha224, 28, 64);
+UADK_PROVIDER_IMPLEMENTATION(sha256, NID_sha256, 32, 64);
+UADK_PROVIDER_IMPLEMENTATION(sha384, NID_sha384, 48, 128);
+UADK_PROVIDER_IMPLEMENTATION(sha512, NID_sha512, 64, 128);
diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c
new file mode 100644
index 0000000..e363584
--- /dev/null
+++ b/src/uadk_prov_init.c
@@ -0,0 +1,110 @@
+/*
+ * Copyright 2023-2024 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2023-2024 Linaro ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/core_dispatch.h>
+#include <openssl/core_names.h>
+#include <openssl/crypto.h>
+
+#include "uadk_async.h"
+#include "uadk_prov.h"
+
+struct p_uadk_ctx {
+ const OSSL_CORE_HANDLE *handle;
+ OSSL_LIB_CTX *libctx;
+};
+
+const char *engine_uadk_id = "uadk_provider";
+static const char UADK_DEFAULT_PROPERTIES[] = "provider=uadk";
+
+const OSSL_ALGORITHM uadk_prov_digests[] = {
+ { OSSL_DIGEST_NAME_MD5, UADK_DEFAULT_PROPERTIES,
+ uadk_md5_functions, "uadk_provider md5" },
+ { OSSL_DIGEST_NAME_SM3, UADK_DEFAULT_PROPERTIES,
+ uadk_sm3_functions, "uadk_provider sm3" },
+ { OSSL_DIGEST_NAME_SHA1, UADK_DEFAULT_PROPERTIES,
+ uadk_sha1_functions, "uadk_provider sha1" },
+ { OSSL_DIGEST_NAME_SHA2_224, UADK_DEFAULT_PROPERTIES,
+ uadk_sha224_functions, "uadk_provider sha2-224" },
+ { OSSL_DIGEST_NAME_SHA2_256, UADK_DEFAULT_PROPERTIES,
+ uadk_sha256_functions, "uadk_provider sha2-256" },
+ { OSSL_DIGEST_NAME_SHA2_384, UADK_DEFAULT_PROPERTIES,
+ uadk_sha384_functions, "uadk_provider sha2-384" },
+ { OSSL_DIGEST_NAME_SHA2_512, UADK_DEFAULT_PROPERTIES,
+ uadk_sha512_functions, "uadk_provider sha2-512" },
+ { NULL, NULL, NULL }
+};
+
+static const OSSL_ALGORITHM *p_prov_query(void *provctx, int operation_id,
+ int *no_cache)
+{
+ *no_cache = 0;
+
+ switch (operation_id) {
+ case OSSL_OP_DIGEST:
+ return uadk_prov_digests;
+ }
+ return NULL;
+}
+
+static void p_teardown(void *provctx)
+{
+ struct p_uadk_ctx *ctx = (struct p_uadk_ctx *)provctx;
+
+ uadk_prov_destroy_digest();
+ OPENSSL_free(ctx);
+}
+
+static const OSSL_DISPATCH p_test_table[] = {
+ { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_prov_query },
+ { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown },
+ { 0, NULL }
+};
+
+static void provider_init_child_at_fork_handler(void)
+{
+ int ret;
+
+ ret = async_module_init();
+ if (!ret)
+ fprintf(stderr, "async_module_init fail!\n");
+}
+
+int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
+ const OSSL_DISPATCH *oin,
+ const OSSL_DISPATCH **out,
+ void **provctx)
+{
+ struct p_uadk_ctx *ctx;
+ int ret;
+
+ ctx = OPENSSL_zalloc(sizeof(*ctx));
+ if (ctx == NULL)
+ return 0;
+
+ ret = async_module_init();
+ if (!ret)
+ fprintf(stderr, "async_module_init fail!\n");
+ pthread_atfork(NULL, NULL, provider_init_child_at_fork_handler);
+
+ *provctx = (void *)ctx;
+ *out = p_test_table;
+ return 1;
+}
--
2.25.1

173
0007-README-update-openssl-3.0.patch
View File

@ -1,173 +0,0 @@
From bbf050d5f1eb525e881c7d581f913f2df27d2637 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Tue, 13 Jun 2023 09:24:19 +0000
Subject: [PATCH 7/7] README: update openssl 3.0
Update build steps for openssl 3.0
Also update sanity_test.sh
If ./configure --libdir=/usr/local/lib/ossl-modules/
$ ./test/sanity_test.sh
If ./configure --prefix=/tmp/build
$ ./test/sanity_test.sh /tmp/build/lib/uadk_provider.so
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
README.md | 34 ++++++++++++++++++++++++++------
test/sanity_test.sh | 48 +++++++++++++++++++++++++++++++++++++++------
2 files changed, 70 insertions(+), 12 deletions(-)
diff --git a/README.md b/README.md
index ac721e3..86676db 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ OpenSSL engine for uadk
Prerequisites
=============
* CPU: aarch64
-* OpenSSL: 1.1.1f
+* OpenSSL: 1.1.1f or 3.0
* libnuma
* zlib
@@ -26,24 +26,26 @@ Build and install OpenSSL
```
git clone https://github.com/openssl/openssl.git
cd openssl
- git checkout -b OpenSSL_1_1_1f OpenSSL_1_1_1f
+ // For openssl1.1.1f
+ git checkout -b opensssl1.1 OpenSSL_1_1_1f
+ // for openssl 3.0
+ git checkout -b openssl3.0 openssl-3.0.0
./config
make
sudo make install
openssl version
```
-Run pkg-config to ensure env is setup correctly
+Setup env on-demand
-----------------------------------------------
```
$ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/
$ pkg-config libcrypto --libs
-L/usr/local/lib -lcrypto
-```
-* export ``PKG_CONFIG_PATH`` is required on openEuler,
- where /usr/local/lib is not set as the default pkgconfig search path.
+ $ export LD_LIBRARY_PATH=/usr/local/lib
+```
Build and install UADK
----------------------
@@ -63,6 +65,7 @@ Build and install UADK
Build and install UADK Engine
-----------------------------
+For openssl 1.1
```
git clone https://github.com/Linaro/uadk_engine.git
cd uadk_engine
@@ -74,6 +77,20 @@ Build and install UADK Engine
Option --enable-kae can be chosen to enable KAE for non-sva version
```
+For openssl 3.0
+```
+ git clone https://github.com/Linaro/uadk_engine.git
+ cd uadk_engine
+ autoreconf -i
+ // openEuler
+ ./configure --libdir=/usr/local/lib/engines-3/
+ // ubuntu
+ ./configure --libdir=/usr/local/lib/ossl-modules/
+ make
+ sudo make install
+
+```
+
Testing
-------
```
@@ -109,9 +126,14 @@ Install libraries to the temp folder
$ ./configure --prefix=/tmp/build
$ make; make install
+ // For openssl 1.1
$ openssl engine -c /tmp/build/lib/uadk_engine.so
$ ./test/sanity_test.sh /tmp/build/lib/uadk_engine.so
+ // For openssl 3.0
+ $ openssl speed -provider /tmp/build/lib/uadk_provider.so -provider default -evp md5
+ $ ./test/sanity_test.sh /tmp/build/lib/uadk_provider.so
+
```
Environment variable of uadk engine
diff --git a/test/sanity_test.sh b/test/sanity_test.sh
index bdedc15..899d02c 100755
--- a/test/sanity_test.sh
+++ b/test/sanity_test.sh
@@ -2,14 +2,50 @@
sudo chmod 666 /dev/hisi_*
-if [ ! -n "$1" ]; then
- engine_id=uadk_engine
-else
- engine_id=$1
+
+version=$(openssl version)
+echo $version
+if [[ $version =~ "3.0" ]]; then
+ echo "openssl 3.0"
+ if [ ! -n "$1" ]; then
+ engine_id=uadk_provider
+ else
+ engine_id=$1
+ fi
+
+ digest_algs=$(openssl list -provider $engine_id -digest-algorithms)
+fi
+
+if [[ $digest_algs =~ "uadk_provider" ]]; then
+ echo "uadk_provider testing digest"
+ openssl speed -provider $engine_id -provider default -evp md5
+ openssl speed -provider $engine_id -provider default -evp sm3
+ openssl speed -provider $engine_id -provider default -evp sha1
+ openssl speed -provider $engine_id -provider default -evp sha2-224
+ openssl speed -provider $engine_id -provider default -evp sha2-256
+ openssl speed -provider $engine_id -provider default -evp sha2-384
+ openssl speed -provider $engine_id -provider default -evp sha2-512
+
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp md5
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sm3
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha1
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-224
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-256
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-384
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-512
fi
-algs=$(openssl engine -c $engine_id)
-echo $algs
+if [[ $version =~ "1.1.1" ]]; then
+ echo "openssl 1.1.1"
+ if [ ! -n "$1" ]; then
+ engine_id=uadk_engine
+ else
+ engine_id=$1
+ fi
+
+ algs=$(openssl engine -c $engine_id)
+ echo $algs
+fi
#digest
if [[ $algs =~ "MD5" ]]; then
--
2.25.1

29
0008-cipher-fix-double-free-error.patch
View File

@ -1,29 +0,0 @@
From 516c9a1c8f77e8d1d91c78478425b4df585ec485 Mon Sep 17 00:00:00 2001
From: taoqi <taoqi10@huawei.com>
Date: Tue, 20 Jun 2023 22:38:01 +0800
Subject: [PATCH 08/10] cipher: fix double free error
When wd_cipher_set_key() failed, after the handle
is released, the handle should be set to 0 to avoid
reusing.
Signed-off-by: taoqi <taoqi10@huawei.com>
---
src/uadk_cipher.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index c7be21a..1905e47 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -878,6 +878,7 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
ret = wd_cipher_set_key(priv->sess, priv->key, EVP_CIPHER_CTX_key_length(ctx));
if (ret) {
wd_cipher_free_sess(priv->sess);
+ priv->sess = 0;
fprintf(stderr, "uadk failed to set key!\n");
}
}
--
2.25.1

56
0009-cipher-fix-set-key-error.patch
View File

@ -1,56 +0,0 @@
From c8f3d1d021f028a9ca500d079c4158038e1b22c9 Mon Sep 17 00:00:00 2001
From: taoqi <taoqi10@huawei.com>
Date: Tue, 20 Jun 2023 23:05:06 +0800
Subject: [PATCH 09/10] cipher: fix set key error
Initialize the algorithm type again to prevent
the algorithm type from being changed.
Signed-off-by: taoqi <taoqi10@huawei.com>
---
src/uadk_cipher.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 1905e47..cc13823 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -840,8 +840,10 @@ static int do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *op)
static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
{
+ __u32 cipher_counts = ARRAY_SIZE(cipher_info_table);
struct sched_params params = {0};
- int ret;
+ int nid, ret;
+ __u32 i;
priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx);
priv->req.iv = priv->iv;
@@ -869,7 +871,23 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
/* Use the default numa parameters */
params.numa_id = -1;
priv->setup.sched_param = &params;
+
if (!priv->sess) {
+ nid = EVP_CIPHER_CTX_nid(ctx);
+
+ for (i = 0; i < cipher_counts; i++) {
+ if (nid == cipher_info_table[i].nid) {
+ cipher_priv_ctx_setup(priv, cipher_info_table[i].alg,
+ cipher_info_table[i].mode, cipher_info_table[i].out_bytes);
+ break;
+ }
+ }
+
+ if (i == cipher_counts) {
+ fprintf(stderr, "failed to setup the private ctx.\n");
+ return;
+ }
+
priv->sess = wd_cipher_alloc_sess(&priv->setup);
if (!priv->sess)
fprintf(stderr, "uadk failed to alloc session!\n");
--
2.25.1

36
0010-cipher-fix-async-hardware-computing-error.patch
View File

@ -1,36 +0,0 @@
From 9fa67d9748d0e8b710bc8a0cdd3f289e3a1b2f8f Mon Sep 17 00:00:00 2001
From: taoqi <taoqi10@huawei.com>
Date: Tue, 20 Jun 2023 23:07:31 +0800
Subject: [PATCH 10/10] cipher: fix async hardware computing error
If the length of the input data does not reach to
hardware computing threshold, directly switch to
soft cipher.
Signed-off-by: taoqi <taoqi10@huawei.com>
---
src/uadk_cipher.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index cc13823..940c26c 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -927,6 +927,14 @@ static int uadk_e_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (!ret)
goto sync_err;
} else {
+ /*
+ * If the length of the input data
+ * does not reach to hardware computing threshold,
+ * directly switch to soft cipher.
+ */
+ if (priv->req.in_bytes <= priv->switch_threshold)
+ goto sync_err;
+
ret = do_cipher_async(priv, &op);
if (!ret)
goto out_notify;
--
2.25.1

BIN
uadk_engine-1.2.0.tar.gz
View File

Binary file not shown.

BIN
uadk_engine-1.3.0.tar.gz Normal file
View File

Binary file not shown.

23
uadk_engine.spec
View File

@ -1,6 +1,6 @@
Name: uadk_engine
Summary: UADK Accelerator Engine
Version: 1.2.0
Version: 1.3.0
Release: 1
License: Apache-2.0
Source: %{name}-%{version}.tar.gz
@ -9,24 +9,18 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-root
Prefix: /usr/local/lib/engines-1.1
Conflicts: %{name} < %{version}-%{release}
Provides: %{name} = %{version}-%{release}
BuildRequires: libwd >= 2.3.21
BuildRequires: compat-openssl11-devel sed autoconf automake libtool
BuildRequires: libwd >= 2.6.0
BuildRequires: compat-openssl11-devel sed autoconf automake libtool numactl-devel
ExclusiveArch: aarch64
Patch0001: 0001-readme-export-PKG_CONFIG_PATH-on-openEuler.patch
Patch0002: 0002-uadk_engine-use-calloc-to-replace-malloc-memset.patch
Patch0003: 0003-v1-some-code-clean.patch
Patch0004: 0004-v1-fix-implicit-declaration-of-function-OPENSSL_call.patch
Patch0005: 0005-uadk-build-uadk_engine-only-if-openssl-1.1.patch
Patch0006: 0006-uadk-support-openssl-3.0.patch
Patch0007: 0007-README-update-openssl-3.0.patch
Patch0008: 0008-cipher-fix-double-free-error.patch
Patch0009: 0009-cipher-fix-set-key-error.patch
Patch0010: 0010-cipher-fix-async-hardware-computing-error.patch
Patch0001: 0001-v1-dh-add-iova_map-and-iova_unmap-ops.patch
Patch0002: 0002-uadk_util-fix-clang-build-error.patch
Patch0003: 0003-uadk_engine-add-secure-compilation-option.patch
%description
This package contains the UADK Accelerator Engine
%global debug_package %{nil}
%prep
%autosetup -n %{name} -p1
@ -72,6 +66,9 @@ fi
/sbin/ldconfig
%changelog
* Mon Jan 22 2024 Zhangfei Gao <zhangfei.gao@linaro.org> 1.3.0-1
- uadk_eingine: update to 1.3.0
* Tue Aug 22 2023 JiangShui Yang <yangjiangshui@h-partners.com> 1.2.0-1
- Backport uadk engine patch form v1.0.1 to 1.2.0