diff --git a/0001-readme-export-PKG_CONFIG_PATH-on-openEuler.patch b/0001-readme-export-PKG_CONFIG_PATH-on-openEuler.patch deleted file mode 100644 index fe1a1f9..0000000 --- a/0001-readme-export-PKG_CONFIG_PATH-on-openEuler.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 2f129935991cb3d8e3fdb8b85f5c8e500390ab01 Mon Sep 17 00:00:00 2001 -From: Zhangfei Gao -Date: Tue, 6 Jun 2023 03:44:14 +0000 -Subject: [PATCH 1/7] readme: export PKG_CONFIG_PATH on openEuler - -openEuler requires setting PKG_CONFIG_PATH though /usr/local/lib/pkgconfig - -Signed-off-by: Zhangfei Gao ---- - README.md | 26 +++++++++++++++++++------- - 1 file changed, 19 insertions(+), 7 deletions(-) - -diff --git a/README.md b/README.md -index 2fe165a..ac721e3 100644 ---- a/README.md -+++ b/README.md -@@ -21,21 +21,32 @@ Installation Instruction - ======================== - - Build and install OpenSSL ------------------------- -+------------------------ - - ``` - git clone https://github.com/openssl/openssl.git - cd openssl - git checkout -b OpenSSL_1_1_1f OpenSSL_1_1_1f -- ./config -Wl,-rpath=/usr/local/lib -+ ./config - make -- make test - sudo make install - openssl version - ``` - -+Run pkg-config to ensure env is setup correctly -+----------------------------------------------- -+ -+``` -+ $ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/ -+ $ pkg-config libcrypto --libs -+ -L/usr/local/lib -lcrypto -+``` -+ -+* export ``PKG_CONFIG_PATH`` is required on openEuler, -+ where /usr/local/lib is not set as the default pkgconfig search path. -+ - Build and install UADK ---------------------- -+---------------------- - - ``` - git clone https://github.com/Linaro/uadk.git -@@ -46,16 +57,17 @@ Build and install UADK - make - sudo make install - ``` -+ - * If get error:"cannot find -lnuma", please install the libnuma-dev - * If get error:"fatal error: zlib.h: No such file or directory", please install zlib. - - Build and install UADK Engine ------------------------------------- -+----------------------------- - ``` - git clone https://github.com/Linaro/uadk_engine.git - cd uadk_engine - autoreconf -i -- ./configure --libdir=/usr/local/lib/engines-1.1/ --enable-kae -+ ./configure --libdir=/usr/local/lib/engines-1.1/ [--enable-kae] - make - sudo make install - -@@ -93,7 +105,7 @@ Install libraries to the temp folder - -L/tmp/build/lib -lwd - - $ cd uadk_engine -- $ autoreconf -+ $ autoreconf -i - $ ./configure --prefix=/tmp/build - $ make; make install - --- -2.25.1 - diff --git a/0001-v1-dh-add-iova_map-and-iova_unmap-ops.patch b/0001-v1-dh-add-iova_map-and-iova_unmap-ops.patch new file mode 100644 index 0000000..42a28b2 --- /dev/null +++ b/0001-v1-dh-add-iova_map-and-iova_unmap-ops.patch @@ -0,0 +1,29 @@ +From 984b503e018ebc6964e47c3784fd0f204b0c28fd Mon Sep 17 00:00:00 2001 +From: Liulongfang +Date: Tue, 9 Jan 2024 17:28:20 +0800 +Subject: [PATCH 1/3] v1/dh: add iova_map and iova_unmap ops + +If iova_map and iova_unmap ops are not registered, +wcrypto_create_dh_ctx() will return fail since parameters check fails. + +Signed-off-by: Weili Qian +--- + src/v1/alg/dh/hpre_dh_wd.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/v1/alg/dh/hpre_dh_wd.c b/src/v1/alg/dh/hpre_dh_wd.c +index b8ca9a1..556e744 100644 +--- a/src/v1/alg/dh/hpre_dh_wd.c ++++ b/src/v1/alg/dh/hpre_dh_wd.c +@@ -314,6 +314,8 @@ static int hpre_dh_init_eng_ctx(hpre_dh_engine_ctx_t *eng_ctx, int bits, bool is + eng_ctx->dh_setup.cb = hpre_dh_cb; + eng_ctx->dh_setup.br.alloc = kae_wd_alloc_blk; + eng_ctx->dh_setup.br.free = kae_wd_free_blk; ++ eng_ctx->dh_setup.br.iova_map = kae_dma_map; ++ eng_ctx->dh_setup.br.iova_unmap = kae_dma_unmap; + eng_ctx->dh_setup.br.usr = pool; + eng_ctx->dh_setup.is_g2 = is_g2; + eng_ctx->ctx = wcrypto_create_dh_ctx(q, &eng_ctx->dh_setup); +-- +2.25.1 + diff --git a/0002-uadk_engine-use-calloc-to-replace-malloc-memset.patch b/0002-uadk_engine-use-calloc-to-replace-malloc-memset.patch deleted file mode 100644 index f84e879..0000000 --- a/0002-uadk_engine-use-calloc-to-replace-malloc-memset.patch +++ /dev/null @@ -1,222 +0,0 @@ -From e6dcaa276f295a5baa6ea5109a943d2299ade757 Mon Sep 17 00:00:00 2001 -From: Zhangfei Gao -Date: Tue, 6 Jun 2023 05:06:32 +0000 -Subject: [PATCH 2/7] uadk_engine: use calloc to replace malloc+memset - -malloc + memset(0) can be replaced by calloc - -Signed-off-by: Zhangfei Gao ---- - src/uadk_async.c | 5 +---- - src/uadk_ecx.c | 6 ++---- - src/uadk_sm2.c | 4 +--- - src/v1/alg/dh/hpre_dh_wd.c | 3 +-- - src/v1/async/async_task_queue.c | 4 +--- - src/v1/utils/engine_log.c | 6 ++---- - src/v1/wdmngr/wd_alg_queue.c | 6 ++---- - src/v1/wdmngr/wd_queue_memory.c | 11 ++++------- - 8 files changed, 14 insertions(+), 31 deletions(-) - -diff --git a/src/uadk_async.c b/src/uadk_async.c -index f21eabb..86aa9e5 100644 ---- a/src/uadk_async.c -+++ b/src/uadk_async.c -@@ -362,13 +362,10 @@ int async_module_init(void) - if (pthread_mutex_init(&(poll_queue.async_task_mutex), NULL) < 0) - return 0; - -- poll_queue.head = malloc(sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM); -+ poll_queue.head = calloc(ASYNC_QUEUE_TASK_NUM, sizeof(struct async_poll_task)); - if (poll_queue.head == NULL) - return 0; - -- memset(poll_queue.head, 0, -- sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM); -- - if (sem_init(&poll_queue.empty_sem, 0, ASYNC_QUEUE_TASK_NUM) != 0) - goto err; - -diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c -index 2824a0d..0537890 100644 ---- a/src/uadk_ecx.c -+++ b/src/uadk_ecx.c -@@ -89,12 +89,11 @@ static int x25519_init(EVP_PKEY_CTX *ctx) - return UADK_E_FAIL; - } - -- x25519_ctx = malloc(sizeof(struct ecx_ctx)); -+ x25519_ctx = calloc(1, sizeof(struct ecx_ctx)); - if (!x25519_ctx) { - fprintf(stderr, "failed to alloc x25519 ctx\n"); - return UADK_E_FAIL; - } -- memset(x25519_ctx, 0, sizeof(struct ecx_ctx)); - - setup.alg = "x25519"; - setup.key_bits = X25519_KEYBITS; -@@ -146,13 +145,12 @@ static int x448_init(EVP_PKEY_CTX *ctx) - return UADK_E_FAIL; - } - -- x448_ctx = malloc(sizeof(struct ecx_ctx)); -+ x448_ctx = calloc(1, sizeof(struct ecx_ctx)); - if (!x448_ctx) { - fprintf(stderr, "failed to alloc x448 ctx\n"); - return UADK_E_FAIL; - } - -- memset(x448_ctx, 0, sizeof(struct ecx_ctx)); - setup.alg = "x448"; - setup.key_bits = X448_KEYBITS; - params.numa_id = uadk_e_ecc_get_numa_id(); -diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c -index 01186ef..63d4fdf 100644 ---- a/src/uadk_sm2.c -+++ b/src/uadk_sm2.c -@@ -1157,14 +1157,12 @@ static int sm2_init(EVP_PKEY_CTX *ctx) - struct sm2_ctx *smctx; - int ret; - -- smctx = malloc(sizeof(*smctx)); -+ smctx = calloc(1, sizeof(*smctx)); - if (!smctx) { - fprintf(stderr, "failed to alloc sm2 ctx\n"); - return 0; - } - -- memset(smctx, 0, sizeof(*smctx)); -- - ret = uadk_e_ecc_get_support_state(SM2_SUPPORT); - if (!ret) { - fprintf(stderr, "sm2 is not supported\n"); -diff --git a/src/v1/alg/dh/hpre_dh_wd.c b/src/v1/alg/dh/hpre_dh_wd.c -index 38a3d09..8dbb9b4 100644 ---- a/src/v1/alg/dh/hpre_dh_wd.c -+++ b/src/v1/alg/dh/hpre_dh_wd.c -@@ -265,12 +265,11 @@ static hpre_dh_engine_ctx_t *hpre_dh_new_eng_ctx(DH *alg) - { - hpre_dh_engine_ctx_t *eng_ctx = NULL; - -- eng_ctx = (hpre_dh_engine_ctx_t *)OPENSSL_malloc(sizeof(hpre_dh_engine_ctx_t)); -+ eng_ctx = (hpre_dh_engine_ctx_t *)OPENSSL_calloc(1, sizeof(hpre_dh_engine_ctx_t)); - if (eng_ctx == NULL) { - US_ERR("hpre engine_ctx malloc fail"); - return NULL; - } -- kae_memset(eng_ctx, 0, sizeof(hpre_dh_engine_ctx_t)); - - eng_ctx->priv_ctx.ssl_alg = alg; - eng_ctx->qlist = kae_get_node_from_pool(g_hpre_dh_qnode_pool); -diff --git a/src/v1/async/async_task_queue.c b/src/v1/async/async_task_queue.c -index 2feea7e..0ef1e84 100644 ---- a/src/v1/async/async_task_queue.c -+++ b/src/v1/async/async_task_queue.c -@@ -60,13 +60,11 @@ int async_poll_task_init_v1(void) - kae_memset(&g_async_poll_queue, 0, sizeof(g_async_poll_queue)); - - g_async_poll_queue.async_poll_task_queue_head = -- (async_poll_task *)malloc(sizeof(async_poll_task) * ASYNC_POLL_TASK_NUM); -+ (async_poll_task *)calloc(ASYNC_POLL_TASK_NUM, sizeof(async_poll_task)); - if (g_async_poll_queue.async_poll_task_queue_head == NULL) { - US_ERR("no enough memory for task queue, errno=%d", errno); //lint !e666 - return 0; - } -- kae_memset(g_async_poll_queue.async_poll_task_queue_head, 0, -- sizeof(async_poll_task) * ASYNC_POLL_TASK_NUM); - g_async_poll_queue.left_task = ASYNC_POLL_TASK_NUM; - - ret = sem_init(&g_async_poll_queue.empty_sem, 0, (unsigned int)g_async_poll_queue.left_task); -diff --git a/src/v1/utils/engine_log.c b/src/v1/utils/engine_log.c -index 6e32b97..ef009e5 100644 ---- a/src/v1/utils/engine_log.c -+++ b/src/v1/utils/engine_log.c -@@ -60,12 +60,10 @@ static void kae_set_conf_debuglevel(void) - - if (conf_path == NULL || strlen(conf_path) > MAX_CONFIG_LEN) - goto err; -- file_path = (char *)kae_malloc(strlen(conf_path) + strlen(filename) + 1); -- debuglev = (char *)kae_malloc(MAX_LEVEL_LEN); -+ file_path = (char *)kae_calloc(1, strlen(conf_path) + strlen(filename) + 1); -+ debuglev = (char *)kae_calloc(1, MAX_LEVEL_LEN); - if (!file_path || !debuglev) - goto err; -- memset(debuglev, 0, MAX_LEVEL_LEN); -- memset(file_path, 0, sizeof(conf_path) + sizeof(filename) + 1); - strcat(file_path, conf_path); - strcat(file_path, filename); - ret = kae_drv_get_item(file_path, "LogSection", "debug_level", debuglev); -diff --git a/src/v1/wdmngr/wd_alg_queue.c b/src/v1/wdmngr/wd_alg_queue.c -index 5cd33ae..098231f 100644 ---- a/src/v1/wdmngr/wd_alg_queue.c -+++ b/src/v1/wdmngr/wd_alg_queue.c -@@ -21,16 +21,14 @@ - - struct wd_queue *wd_new_queue(int algtype) - { -- struct wd_queue *queue = (struct wd_queue *)kae_malloc(sizeof(struct wd_queue)); - int ret; -- -+ struct wd_queue *queue = (struct wd_queue *)kae_calloc(1, -+ sizeof(struct wd_queue)); - if (queue == NULL) { - US_ERR("malloc failed"); - return NULL; - } - -- kae_memset(queue, 0, sizeof(struct wd_queue)); -- - switch (algtype) { - case WCRYPTO_RSA: - queue->capa.alg = "rsa"; -diff --git a/src/v1/wdmngr/wd_queue_memory.c b/src/v1/wdmngr/wd_queue_memory.c -index e6e7a2c..5f28357 100644 ---- a/src/v1/wdmngr/wd_queue_memory.c -+++ b/src/v1/wdmngr/wd_queue_memory.c -@@ -62,13 +62,12 @@ struct wd_queue_mempool *wd_queue_mempool_create(struct wd_queue *q, unsigned in - kae_memset(addr, 0, rsv_mm_sz); - - bitmap_sz = (block_num / BLOCKS_PER_BITMAP + 1) * sizeof(unsigned int); -- pool = -- (struct wd_queue_mempool *)kae_malloc(sizeof(struct wd_queue_mempool) + bitmap_sz); -+ pool = (struct wd_queue_mempool *)kae_calloc(1, -+ sizeof(struct wd_queue_mempool) + bitmap_sz); - if (pool == NULL) { - US_ERR("Alloc pool handle fail!"); - return NULL; - } -- kae_memset(pool, 0, sizeof(struct wd_queue_mempool) + bitmap_sz); - - pool->base = addr; - sem_init(&pool->mempool_sem, 0, 1); -@@ -190,13 +189,12 @@ KAE_QUEUE_POOL_HEAD_S *kae_init_queue_pool(int algtype) - - /* malloc a pool */ - kae_pool->kae_queue_pool = (KAE_QUEUE_POOL_NODE_S *) -- kae_malloc(KAE_QUEUE_POOL_MAX_SIZE * sizeof(KAE_QUEUE_POOL_NODE_S)); -+ kae_calloc(KAE_QUEUE_POOL_MAX_SIZE, sizeof(KAE_QUEUE_POOL_NODE_S)); - if (kae_pool->kae_queue_pool == NULL) { - US_ERR("malloc failed"); - kae_free(kae_pool); - return NULL; - } -- kae_memset(kae_pool->kae_queue_pool, 0, KAE_QUEUE_POOL_MAX_SIZE * sizeof(KAE_QUEUE_POOL_NODE_S)); - - pthread_mutex_init(&kae_pool->kae_queue_mutex, NULL); - pthread_mutex_init(&kae_pool->destroy_mutex, NULL); -@@ -271,12 +269,11 @@ static KAE_QUEUE_DATA_NODE_S *kae_new_wd_queue_memory(int algtype) - { - KAE_QUEUE_DATA_NODE_S *queue_node = NULL; - -- queue_node = (KAE_QUEUE_DATA_NODE_S *)kae_malloc(sizeof(KAE_QUEUE_DATA_NODE_S)); -+ queue_node = (KAE_QUEUE_DATA_NODE_S *)kae_calloc(1, sizeof(KAE_QUEUE_DATA_NODE_S)); - if (queue_node == NULL) { - US_ERR("malloc failed"); - return NULL; - } -- kae_memset(queue_node, 0, sizeof(KAE_QUEUE_DATA_NODE_S)); - - queue_node->kae_wd_queue = wd_new_queue(algtype); - if (queue_node->kae_wd_queue == NULL) { --- -2.25.1 - diff --git a/0002-uadk_util-fix-clang-build-error.patch b/0002-uadk_util-fix-clang-build-error.patch new file mode 100644 index 0000000..66198b2 --- /dev/null +++ b/0002-uadk_util-fix-clang-build-error.patch @@ -0,0 +1,36 @@ +From 0f4d9a02e3a2984a48535e6a38107a0f61631e5d Mon Sep 17 00:00:00 2001 +From: Zhangfei Gao +Date: Wed, 17 Jan 2024 14:09:11 +0000 +Subject: [PATCH 2/3] uadk_util: fix clang build error + +autoreconf -i +./configure CC=clang +make -j8 + +reports error: +uadk_utils.c:53:33: error: unknown register name 'q0' in asm +uadk_utils.c:53:39: error: unknown register name 'q1' in asm + +Fix with "v0", "v1", instead of "q0", "q1" + +Signed-off-by: Zhangfei Gao +--- + src/uadk_utils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/uadk_utils.c b/src/uadk_utils.c +index 275a124..4a50bc4 100644 +--- a/src/uadk_utils.c ++++ b/src/uadk_utils.c +@@ -50,7 +50,7 @@ static void *memcpy_large(void *dstpp, const void *srcpp, size_t len) + + : [res] "+r"(dstpp) + : [src] "r"(srcpp), [count] "r"(len) +- : "x3", "x4", "x5", "x14", "q0", "q1" ++ : "x3", "x4", "x5", "x14", "v0", "v1" + ); + + return dstpp; +-- +2.25.1 + diff --git a/0003-uadk_engine-add-secure-compilation-option.patch b/0003-uadk_engine-add-secure-compilation-option.patch new file mode 100644 index 0000000..78eb436 --- /dev/null +++ b/0003-uadk_engine-add-secure-compilation-option.patch @@ -0,0 +1,70 @@ +From 638ee431907af6e9f4916e95a4f367e14499e819 Mon Sep 17 00:00:00 2001 +From: Qi Tao +Date: Thu, 18 Jan 2024 21:12:11 +0800 +Subject: [PATCH 3/3] uadk_engine: add secure compilation option +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add PIE, PIC, BIND_NOW, SP, NO Rpath/RunPath, FS, +Ftrapv and Strip compilation options. + +PIC(-fPIC): + Generate position-Independent-Code and andomly load + dynamic libraries. +PIE(-fPIE -pie): + Generate location-independent executables,which + reduces the probability of fixed address attacks + and buffer overflow attacks. +BIND_NOW(-Wl,-z,relro,-z,now): + GOT table redirects all read-only,which defends + against ret2plt attacks. +SP(-fstack-protector-strong/all): + Determine whether an overflow attack occurs. +Strip(-Wl,-s): + Deleting symbol tables defends against hacker + attacks and reduces the file size. +FS(-D_FORTIFY_SOURCE=2 -O2): + Provides access checks for fixed-size buffers + at compile time and at run time. +Ftrapv(-ftrapv): + Detects integer overflow. +NO Rpath/RunPath(hardcode_into_libs=no): + Eliminates dynamic library search paths, + which defense against attacks by replacing + dynamic libraries with the same name. + +Signed-off-by: Qi Tao +--- + configure.ac | 1 + + src/Makefile.am | 2 ++ + 2 files changed, 3 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 6c5369e..99b85e9 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -7,6 +7,7 @@ AC_CONFIG_HEADERS([config.h]) + + AC_PROG_CC + LT_INIT ++AC_SUBST([hardcode_into_libs], [no]) + + AC_ARG_ENABLE(kae, + AS_HELP_STRING([--enable-kae],[Enable kae support])) +diff --git a/src/Makefile.am b/src/Makefile.am +index c4b8aa9..e014052 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -18,6 +18,8 @@ uadk_engine_la_LIBADD=-ldl $(WD_LIBS) -lpthread + uadk_engine_la_LDFLAGS=-module -version-number $(VERSION) + uadk_engine_la_CFLAGS=$(WD_CFLAGS) $(libcrypto_CFLAGS) + uadk_engine_la_CFLAGS+=-DCRYPTO ++uadk_engine_la_CFLAGS+=-fPIC -fPIE -pie -fstack-protector-strong -D_FORTIFY_SOURCE=2 \ ++ -O2 -ftrapv -Wl,-z,relro,-z,now -Wl,-s + + AUTOMAKE_OPTIONS = subdir-objects + +-- +2.25.1 + diff --git a/0003-v1-some-code-clean.patch b/0003-v1-some-code-clean.patch deleted file mode 100644 index 922a812..0000000 --- a/0003-v1-some-code-clean.patch +++ /dev/null @@ -1,125 +0,0 @@ -From e6dae9e2197dad6173f9ec7fbc55373adcfbb29e Mon Sep 17 00:00:00 2001 -From: Zhangfei Gao -Date: Tue, 6 Jun 2023 06:12:23 +0000 -Subject: [PATCH 3/7] v1: some code clean - -remove #if 0, print address, etc - -Signed-off-by: Zhangfei Gao ---- - src/v1/alg/ciphers/sec_ciphers_soft.c | 15 ++++----------- - src/v1/alg/pkey/hpre_rsa.c | 20 +------------------- - src/v1/alg/pkey/hpre_rsa_utils.c | 5 ++--- - 3 files changed, 7 insertions(+), 33 deletions(-) - -diff --git a/src/v1/alg/ciphers/sec_ciphers_soft.c b/src/v1/alg/ciphers/sec_ciphers_soft.c -index 71fbb33..9c597b5 100644 ---- a/src/v1/alg/ciphers/sec_ciphers_soft.c -+++ b/src/v1/alg/ciphers/sec_ciphers_soft.c -@@ -110,11 +110,11 @@ int sec_ciphers_sw_impl_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - - /* allowed iv to be empty. */ - if (unlikely(key == NULL)) { -- US_ERR("kae sw init parameter is NULL. key=%p", key); -+ US_ERR("kae sw init parameter is NULL"); - return KAE_FAIL; - } - if (unlikely(ctx == NULL)) { -- US_ERR("kae sw init parameter is NULL. ctx=%p", ctx); -+ US_ERR("kae sw init parameter is NULL"); - return KAE_FAIL; - } - -@@ -155,11 +155,10 @@ int sec_ciphers_sw_impl_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - ret = EVP_CIPHER_meth_get_init(sw_cipher)(ctx, key, iv, enc); - EVP_CIPHER_CTX_set_cipher_data(ctx, priv_ctx); - if (ret != OPENSSL_SUCCESS) { -- US_ERR("OPENSSL init key failed. ctx=%p", ctx); -+ US_ERR("OPENSSL init key failed."); - kae_free(priv_ctx->sw_ctx_data); - return KAE_FAIL; - } -- US_DEBUG("kae sw init impl success. ctx=%p", ctx); - - return KAE_SUCCESS; - } -@@ -185,18 +184,14 @@ int sec_ciphers_sw_impl_cleanup(EVP_CIPHER_CTX *ctx) - - kae_free(priv_ctx->sw_ctx_data); - -- US_DEBUG("kae sw cleanup impl success, ctx=%p", ctx); -- - return KAE_SUCCESS; - } - - static int sec_ciphers_sw_impl_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) - { -- if (unlikely((ctx == NULL) || (out == NULL) || (in == NULL))) { -- US_ERR("kae sw cipher parameter is null.ctx=%p, in=%p, out=%p, inl=%d", ctx, out, in, (int)inl); -+ if (unlikely((ctx == NULL) || (out == NULL) || (in == NULL))) - return KAE_FAIL; -- } - - cipher_priv_ctx_t *priv_ctx = (cipher_priv_ctx_t *)EVP_CIPHER_CTX_get_cipher_data(ctx); - -@@ -277,8 +272,6 @@ int sec_ciphers_sw_hw_ctx_sync(EVP_CIPHER_CTX *ctx, sec_cipher_priv_ctx_syncto_t - } - } - -- US_DEBUG("state sync success, direct=%d[1:SW_TO_HW, 2:HW_TO_SW], offset=%d", direction, num); -- - return KAE_SUCCESS; - } - -diff --git a/src/v1/alg/pkey/hpre_rsa.c b/src/v1/alg/pkey/hpre_rsa.c -index 6c1d96d..4e21dde 100644 ---- a/src/v1/alg/pkey/hpre_rsa.c -+++ b/src/v1/alg/pkey/hpre_rsa.c -@@ -67,25 +67,7 @@ RSA_METHOD *hpre_get_rsa_methods(void) - return g_hpre_rsa_method; - if (g_soft_rsa_method != NULL) - return g_soft_rsa_method; --#if 0 -- if (!kae_get_device(g_hpre_device)) { -- const RSA_METHOD *default_soft_method = RSA_PKCS1_OpenSSL(); -- -- g_soft_rsa_method = RSA_meth_new("SOFT RSA METHOD", 0); -- ret &= RSA_meth_set_pub_enc(g_soft_rsa_method, RSA_meth_get_pub_enc(default_soft_method)); -- ret &= RSA_meth_set_priv_enc(g_soft_rsa_method, RSA_meth_get_priv_enc(default_soft_method)); -- ret &= RSA_meth_set_pub_dec(g_soft_rsa_method, RSA_meth_get_pub_dec(default_soft_method)); -- ret &= RSA_meth_set_priv_dec(g_soft_rsa_method, RSA_meth_get_priv_dec(default_soft_method)); -- ret &= RSA_meth_set_keygen(g_soft_rsa_method, hpre_rsa_soft_genkey); -- ret &= RSA_meth_set_mod_exp(g_soft_rsa_method, RSA_meth_get_mod_exp(default_soft_method)); -- ret &= RSA_meth_set_bn_mod_exp(g_soft_rsa_method, RSA_meth_get_bn_mod_exp(default_soft_method)); -- if (ret == 0) { -- US_ERR("Failed to set SOFT RSA methods"); -- return NULL; -- } -- return g_soft_rsa_method; -- } --#endif -+ - g_hpre_rsa_method = RSA_meth_new("HPRE RSA method", 0); - if (g_hpre_rsa_method == NULL) { - KAEerr(KAE_F_HPRE_GET_RSA_METHODS, KAE_R_MALLOC_FAILURE); -diff --git a/src/v1/alg/pkey/hpre_rsa_utils.c b/src/v1/alg/pkey/hpre_rsa_utils.c -index 0630b28..317a5a0 100644 ---- a/src/v1/alg/pkey/hpre_rsa_utils.c -+++ b/src/v1/alg/pkey/hpre_rsa_utils.c -@@ -44,10 +44,9 @@ void hpre_free_bn_ctx_buf(BN_CTX *bn_ctx, unsigned char *in_buf, int num) - int hpre_rsa_check_para(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa) - { -- if ((rsa == NULL || from == NULL || to == NULL || flen <= 0)) { -- US_ERR("RSA key %p, input %p or output %p are NULL, or flen invalid length.\n", rsa, from, to); -+ if ((rsa == NULL || from == NULL || to == NULL || flen <= 0)) - return HPRE_CRYPTO_FAIL; -- } -+ - return HPRE_CRYPTO_SUCC; - } - --- -2.25.1 - diff --git a/0004-v1-fix-implicit-declaration-of-function-OPENSSL_call.patch b/0004-v1-fix-implicit-declaration-of-function-OPENSSL_call.patch deleted file mode 100644 index aac63af..0000000 --- a/0004-v1-fix-implicit-declaration-of-function-OPENSSL_call.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 1d05480962b3110b8da9f467cc3dbd9047f04589 Mon Sep 17 00:00:00 2001 -From: Zhangfei Gao -Date: Fri, 16 Jun 2023 02:09:00 +0000 -Subject: [PATCH 4/7] =?UTF-8?q?v1:=20fix=20implicit=20declaration=20of=20f?= - =?UTF-8?q?unction=20=E2=80=98OPENSSL=5Fcalloc=E2=80=99?= -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Fix implicit declaration of function ‘OPENSSL_calloc’ with calloc - -Signed-off-by: Zhangfei Gao ---- - src/v1/alg/dh/hpre_dh_wd.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/v1/alg/dh/hpre_dh_wd.c b/src/v1/alg/dh/hpre_dh_wd.c -index 8dbb9b4..b8ca9a1 100644 ---- a/src/v1/alg/dh/hpre_dh_wd.c -+++ b/src/v1/alg/dh/hpre_dh_wd.c -@@ -199,7 +199,7 @@ void hpre_dh_free_eng_ctx(hpre_dh_engine_ctx_t *eng_ctx) - eng_ctx->opdata.pri = NULL; - eng_ctx->opdata.x_p = NULL; - eng_ctx->opdata.pv = NULL; -- OPENSSL_free(eng_ctx); -+ free(eng_ctx); - eng_ctx = NULL; - } - -@@ -265,7 +265,7 @@ static hpre_dh_engine_ctx_t *hpre_dh_new_eng_ctx(DH *alg) - { - hpre_dh_engine_ctx_t *eng_ctx = NULL; - -- eng_ctx = (hpre_dh_engine_ctx_t *)OPENSSL_calloc(1, sizeof(hpre_dh_engine_ctx_t)); -+ eng_ctx = (hpre_dh_engine_ctx_t *)calloc(1, sizeof(hpre_dh_engine_ctx_t)); - if (eng_ctx == NULL) { - US_ERR("hpre engine_ctx malloc fail"); - return NULL; --- -2.25.1 - diff --git a/0005-uadk-build-uadk_engine-only-if-openssl-1.1.patch b/0005-uadk-build-uadk_engine-only-if-openssl-1.1.patch deleted file mode 100644 index 07c8f1d..0000000 --- a/0005-uadk-build-uadk_engine-only-if-openssl-1.1.patch +++ /dev/null @@ -1,93 +0,0 @@ -From aa06f50efb5725a99f5ff93cca04c968ec981635 Mon Sep 17 00:00:00 2001 -From: Zhangfei Gao -Date: Fri, 9 Jun 2023 04:52:30 +0000 -Subject: [PATCH 5/7] uadk: build uadk_engine only if openssl 1.1 - -Rename e_uadk.c to uadk_engine_init.c -Build uadk_engine only if openssl 1.1 - -Signed-off-by: Zhangfei Gao ---- - Makefile.am | 2 -- - configure.ac | 7 ++++--- - src/Makefile.am | 11 ++++++++--- - src/{e_uadk.c => uadk_engine_init.c} | 0 - 4 files changed, 12 insertions(+), 8 deletions(-) - rename src/{e_uadk.c => uadk_engine_init.c} (100%) - -diff --git a/Makefile.am b/Makefile.am -index 55fd400..1ade214 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -1,7 +1,5 @@ - ACLOCAL_AMFLAGS = -I m4 - --if HAVE_CRYPTO - if HAVE_WD - SUBDIRS = src - endif --endif -diff --git a/configure.ac b/configure.ac -index fb03a5b..0fc14ed 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1,6 +1,5 @@ - AC_PREREQ([2.69]) - AC_INIT([uadk_engine], [1.2]) --AC_CONFIG_SRCDIR([src/e_uadk.c]) - AM_INIT_AUTOMAKE([1.10 no-define]) - - AC_CONFIG_MACRO_DIR([m4]) -@@ -15,8 +14,6 @@ AC_ARG_ENABLE(kae, - AC_SUBST(enable_kae) - AM_CONDITIONAL([WD_KAE], [test "$enable_kae" = "yes"]) - --AC_CHECK_HEADERS([openssl/engine.h]) -- - PKG_CHECK_MODULES(WD, libwd libwd_crypto, [with_wd=yes], [with_wd=no]) - AM_CONDITIONAL(HAVE_WD, [test "$with_wd" != "no"]) - -@@ -24,6 +21,10 @@ PKG_CHECK_MODULES(libcrypto, libcrypto < 3.0 libcrypto >= 1.1, - [with_crypto=yes], [with_crypto=no]) - AM_CONDITIONAL(HAVE_CRYPTO, test "$with_crypto" != "no") - -+PKG_CHECK_MODULES(libcrypto, libcrypto >= 3.0, -+ [with_crypto3=yes], [with_crypto3=no]) -+AM_CONDITIONAL(HAVE_CRYPTO3, test "$with_crypto3" != "no") -+ - AC_CONFIG_FILES([ - Makefile - src/Makefile]) -diff --git a/src/Makefile.am b/src/Makefile.am -index 8ced0e8..65afe1d 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -1,13 +1,18 @@ - VERSION = 1:2 - ACLOCAL_AMFLAGS = -I m4 - -+if HAVE_CRYPTO - lib_LTLIBRARIES=uadk_engine.la -+endif #HAVE_CRYPTO -+ -+uadk_engine_la_SOURCES=uadk_utils.c uadk_engine_init.c uadk_cipher.c \ -+ uadk_digest.c uadk_async.c uadk_rsa.c uadk_sm2.c \ -+ uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c - --uadk_engine_la_SOURCES=uadk_utils.c e_uadk.c uadk_cipher.c uadk_digest.c uadk_async.c \ -- uadk_rsa.c uadk_sm2.c uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c - uadk_engine_la_LIBADD=-ldl $(WD_LIBS) -lpthread - uadk_engine_la_LDFLAGS=-module -version-number $(VERSION) --uadk_engine_la_CFLAGS=$(WD_CFLAGS) -+uadk_engine_la_CFLAGS=$(WD_CFLAGS) $(libcrypto_CFLAGS) -+uadk_engine_la_CFLAGS+=-DCRYPTO - - AUTOMAKE_OPTIONS = subdir-objects - -diff --git a/src/e_uadk.c b/src/uadk_engine_init.c -similarity index 100% -rename from src/e_uadk.c -rename to src/uadk_engine_init.c --- -2.25.1 - diff --git a/0006-uadk-support-openssl-3.0.patch b/0006-uadk-support-openssl-3.0.patch deleted file mode 100644 index 0a28d7f..0000000 --- a/0006-uadk-support-openssl-3.0.patch +++ /dev/null @@ -1,915 +0,0 @@ -From c6aab5dadf83fad2716b1687366d040303b1301c Mon Sep 17 00:00:00 2001 -From: Zhangfei Gao -Date: Fri, 9 Jun 2023 09:04:30 +0000 -Subject: [PATCH 6/7] uadk: support openssl 3.0 - -Openssl3.0 provoder will be built when libcrypto >= 3.0 - -First step to support digest - -Test with -openssl speed -provider xx/uadk_provider.so -provider default -evp md5 -openssl speed -provider xx/uadk_provider.so -provider default -evp sm3 -openssl speed -provider xx/uadk_provider.so -provider default -evp sha1 -openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-224 -openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-256 -openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-384 -openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-512 - -Signed-off-by: Zhangfei Gao ---- - src/Makefile.am | 11 + - src/uadk_prov.h | 30 ++ - src/uadk_prov_digest.c | 699 +++++++++++++++++++++++++++++++++++++++++ - src/uadk_prov_init.c | 110 +++++++ - 4 files changed, 850 insertions(+) - create mode 100644 src/uadk_prov.h - create mode 100644 src/uadk_prov_digest.c - create mode 100644 src/uadk_prov_init.c - -diff --git a/src/Makefile.am b/src/Makefile.am -index 65afe1d..bfaeb78 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -5,6 +5,10 @@ if HAVE_CRYPTO - lib_LTLIBRARIES=uadk_engine.la - endif #HAVE_CRYPTO - -+if HAVE_CRYPTO3 -+lib_LTLIBRARIES=uadk_provider.la -+endif #HAVE_CRYPTO3 -+ - uadk_engine_la_SOURCES=uadk_utils.c uadk_engine_init.c uadk_cipher.c \ - uadk_digest.c uadk_async.c uadk_rsa.c uadk_sm2.c \ - uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c -@@ -45,3 +49,10 @@ uadk_engine_la_SOURCES+=v1/alg/ciphers/sec_ciphers.c \ - v1/async/async_poll.c \ - v1/async/async_task_queue.c - endif #WD_KAE -+ -+uadk_provider_la_SOURCES=uadk_prov_init.c uadk_prov_digest.c uadk_async.c uadk_utils.c -+ -+uadk_provider_la_LDFLAGS=-module -version-number $(VERSION) -+uadk_provider_la_LIBADD=$(WD_LIBS) -lpthread -+uadk_provider_la_CFLAGS=$(WD_CFLAGS) $(libcrypto_CFLAGS) -+uadk_provider_la_CFLAGS+=-DCRYPTO3 -diff --git a/src/uadk_prov.h b/src/uadk_prov.h -new file mode 100644 -index 0000000..c63c3fe ---- /dev/null -+++ b/src/uadk_prov.h -@@ -0,0 +1,30 @@ -+/* -+ * Copyright 2023-2024 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2023-2024 Linaro ltd. -+ * -+ * Licensed under the Apache License, Version 2.0 (the "License"); -+ * you may not use this file except in compliance with the License. -+ * You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ * -+ */ -+#ifndef UADK_PROV_H -+#define UADK_PROV_H -+ -+extern const OSSL_DISPATCH uadk_md5_functions[]; -+extern const OSSL_DISPATCH uadk_sm3_functions[]; -+extern const OSSL_DISPATCH uadk_sha1_functions[]; -+extern const OSSL_DISPATCH uadk_sha224_functions[]; -+extern const OSSL_DISPATCH uadk_sha256_functions[]; -+extern const OSSL_DISPATCH uadk_sha384_functions[]; -+extern const OSSL_DISPATCH uadk_sha512_functions[]; -+ -+void uadk_prov_destroy_digest(void); -+#endif -diff --git a/src/uadk_prov_digest.c b/src/uadk_prov_digest.c -new file mode 100644 -index 0000000..fd05753 ---- /dev/null -+++ b/src/uadk_prov_digest.c -@@ -0,0 +1,699 @@ -+/* -+ * Copyright 2023-2024 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2023-2024 Linaro ltd. -+ * -+ * Licensed under the Apache License, Version 2.0 (the "License"); -+ * you may not use this file except in compliance with the License. -+ * You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ * -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "uadk.h" -+#include "uadk_async.h" -+#include "uadk_utils.h" -+ -+#define UADK_DO_SOFT (-0xE0) -+#define CTX_SYNC 0 -+#define CTX_ASYNC 1 -+#define CTX_NUM 2 -+#define DIGEST_DOING 1 -+#define DIGEST_END 0 -+ -+/* The max BD data length is 16M-512B */ -+#define BUF_LEN 0xFFFE00 -+ -+#define SM3_DIGEST_LENGTH 32 -+#define SM3_CBLOCK 64 -+#define SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512) -+#define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024) -+#define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512) -+#define MAX_DIGEST_LENGTH 64 -+#define DIGEST_BLOCK_SIZE (512 * 1024) -+#define ALG_NAME_SIZE 128 -+ -+enum sec_digest_state { -+ SEC_DIGEST_INIT, -+ SEC_DIGEST_FIRST_UPDATING, -+ SEC_DIGEST_DOING, -+ SEC_DIGEST_FINAL -+}; -+ -+struct digest_threshold_table { -+ int nid; -+ int threshold; -+}; -+ -+struct digest_prov { -+ int pid; -+}; -+ -+static struct digest_prov prov; -+static pthread_mutex_t digest_mutex = PTHREAD_MUTEX_INITIALIZER; -+ -+struct evp_md_ctx_st { -+ const EVP_MD *digest; -+ /* Functional reference if 'digest' is ENGINE-provided */ -+ ENGINE *engine; -+ unsigned long flags; -+ void *md_data; -+ /* Public key context for sign/verify */ -+ EVP_PKEY_CTX *pctx; -+ /* Update function: usually copied from EVP_MD */ -+ int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); -+}; -+ -+struct digest_priv_ctx { -+ handle_t sess; -+ struct wd_digest_sess_setup setup; -+ struct wd_digest_req req; -+ unsigned char *data; -+ unsigned char out[MAX_DIGEST_LENGTH]; -+ EVP_MD_CTX *soft_ctx; -+ EVP_MD *soft_md; -+ size_t last_update_bufflen; -+ uint32_t e_nid; -+ uint32_t state; -+ uint32_t switch_threshold; -+ int switch_flag; -+ size_t md_size; -+ size_t blk_size; -+ char alg_name[ALG_NAME_SIZE]; -+}; -+ -+struct digest_info { -+ int nid; -+ enum wd_digest_mode mode; -+ enum wd_digest_type alg; -+ __u32 out_len; -+}; -+ -+static struct digest_threshold_table digest_pkt_threshold_table[] = { -+ { NID_sm3, SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT }, -+ { NID_md5, MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT }, -+ { NID_sha1, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT }, -+ { NID_sha224, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT }, -+ { NID_sha256, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT }, -+ { NID_sha384, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT }, -+ { NID_sha512, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT }, -+}; -+ -+static struct digest_info digest_info_table[] = { -+ {NID_md5, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16}, -+ {NID_sm3, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32}, -+ {NID_sha1, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20}, -+ {NID_sha224, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28}, -+ {NID_sha256, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32}, -+ {NID_sha384, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48}, -+ {NID_sha512, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64}, -+}; -+ -+static int uadk_e_digests_soft_md(struct digest_priv_ctx *priv) -+{ -+ if (priv->soft_md) -+ return 1; -+ -+ switch (priv->e_nid) { -+ case NID_sm3: -+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SM3, "provider=default"); -+ break; -+ case NID_md5: -+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_MD5, "provider=default"); -+ break; -+ case NID_sha1: -+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA1, "provider=default"); -+ break; -+ case NID_sha224: -+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_224, "provider=default"); -+ break; -+ case NID_sha256: -+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_256, "provider=default"); -+ break; -+ case NID_sha384: -+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_384, "provider=default"); -+ break; -+ case NID_sha512: -+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_512, "provider=default"); -+ break; -+ default: -+ break; -+ } -+ -+ if (unlikely(priv->soft_md == NULL)) -+ return 0; -+ -+ return 1; -+} -+ -+static uint32_t sec_digest_get_sw_threshold(int n_id) -+{ -+ int threshold_table_size = ARRAY_SIZE(digest_pkt_threshold_table); -+ int i = 0; -+ -+ do { -+ if (digest_pkt_threshold_table[i].nid == n_id) -+ return digest_pkt_threshold_table[i].threshold; -+ } while (++i < threshold_table_size); -+ -+ fprintf(stderr, "nid %d not found in digest threshold table", n_id); -+ return 0; -+} -+ -+static int digest_soft_init(struct digest_priv_ctx *priv) -+{ -+ return EVP_DigestInit(priv->soft_ctx, priv->soft_md); -+} -+ -+static int digest_soft_update(EVP_MD_CTX *ctx, const void *data, size_t len) -+{ -+ return EVP_DigestUpdate(ctx, data, len); -+} -+ -+static int digest_soft_final(struct digest_priv_ctx *priv, unsigned char *digest) -+{ -+ unsigned int digest_length = EVP_MD_get_size(priv->soft_md); -+ -+ return EVP_DigestFinal(priv->soft_ctx, digest, &digest_length); -+} -+ -+static void digest_soft_cleanup(struct digest_priv_ctx *priv) -+{ -+ EVP_MD_CTX *ctx = priv->soft_ctx; -+ -+ if (ctx != NULL) { -+ if (ctx->md_data) { -+ OPENSSL_free(ctx->md_data); -+ ctx->md_data = NULL; -+ } -+ EVP_MD_CTX_free(ctx); -+ ctx = NULL; -+ } -+ -+ if (priv->soft_md) { -+ EVP_MD_free(priv->soft_md); -+ priv->soft_md = NULL; -+ } -+} -+ -+static int uadk_e_digest_soft_work(struct digest_priv_ctx *priv, int len, -+ unsigned char *digest) -+{ -+ digest_soft_init(priv); -+ -+ if (len != 0) -+ digest_soft_update(priv->soft_ctx, priv->data, len); -+ -+ digest_soft_final(priv, digest); -+ digest_soft_cleanup(priv); -+ -+ return 1; -+} -+ -+static int uadk_e_digest_env_poll(void *ctx) -+{ -+ __u64 rx_cnt = 0; -+ __u32 recv = 0; -+ /* Poll one packet currently */ -+ int expt = 1; -+ int ret; -+ -+ do { -+ ret = wd_digest_poll(expt, &recv); -+ if (ret < 0 || recv == expt) -+ return ret; -+ rx_cnt++; -+ } while (rx_cnt < ENGINE_RECV_MAX_CNT); -+ -+ fprintf(stderr, "failed to poll msg: timeout!\n"); -+ -+ return -ETIMEDOUT; -+} -+ -+static int uadk_digest_init(struct digest_priv_ctx *priv) -+{ -+ int digest_counts = ARRAY_SIZE(digest_info_table); -+ struct sched_params params = {0}; -+ int nid = priv->e_nid; -+ int ret, i; -+ -+ pthread_mutex_lock(&digest_mutex); -+ if (prov.pid != getpid()) { -+ ret = wd_digest_init2(priv->alg_name, 0, 0); -+ if (unlikely(ret)) { -+ priv->switch_flag = UADK_DO_SOFT; -+ goto soft_init; -+ } -+ prov.pid = getpid(); -+ async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_env_poll); -+ } -+ pthread_mutex_unlock(&digest_mutex); -+ -+ for (i = 0; i < digest_counts; i++) { -+ if (nid == digest_info_table[i].nid) { -+ priv->setup.alg = digest_info_table[i].alg; -+ priv->setup.mode = digest_info_table[i].mode; -+ priv->req.out_buf_bytes = MAX_DIGEST_LENGTH; -+ priv->req.out_bytes = digest_info_table[i].out_len; -+ break; -+ } -+ } -+ -+ if (unlikely(i == digest_counts)) { -+ fprintf(stderr, "failed to setup the private ctx.\n"); -+ return 0; -+ } -+ -+ /* Use the default numa parameters */ -+ params.numa_id = -1; -+ priv->setup.sched_param = ¶ms; -+ priv->sess = wd_digest_alloc_sess(&priv->setup); -+ if (unlikely(!priv->sess)) -+ return 0; -+ -+ priv->data = malloc(DIGEST_BLOCK_SIZE); -+ if (unlikely(!priv->data)) { -+ wd_digest_free_sess(priv->sess); -+ return 0; -+ } -+ -+ if (uadk_e_digests_soft_md(priv)) -+ priv->switch_threshold = sec_digest_get_sw_threshold(nid); -+ -+ return 1; -+ -+soft_init: -+ pthread_mutex_unlock(&digest_mutex); -+ fprintf(stderr, "uadk failed to initialize digest.\n"); -+ return digest_soft_init(priv); -+} -+ -+static void digest_update_out_length(struct digest_priv_ctx *priv) -+{ -+ /* Sha224 and Sha384 need full length mac buffer as doing long hash */ -+ if (priv->e_nid == NID_sha224) -+ priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN; -+ -+ if (priv->e_nid == NID_sha384) -+ priv->req.out_bytes = WD_DIGEST_SHA384_FULL_LEN; -+} -+ -+static int digest_update_inner(struct digest_priv_ctx *priv, const void *data, size_t data_len) -+{ -+ const unsigned char *tmpdata = (const unsigned char *)data; -+ size_t left_len = data_len; -+ int copy_to_bufflen; -+ int ret; -+ -+ digest_update_out_length(priv); -+ -+ priv->req.has_next = DIGEST_DOING; -+ -+ while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) { -+ copy_to_bufflen = DIGEST_BLOCK_SIZE - priv->last_update_bufflen; -+ uadk_memcpy(priv->data + priv->last_update_bufflen, tmpdata, -+ copy_to_bufflen); -+ -+ priv->last_update_bufflen = DIGEST_BLOCK_SIZE; -+ priv->req.in_bytes = DIGEST_BLOCK_SIZE; -+ priv->req.in = priv->data; -+ priv->req.out = priv->out; -+ left_len -= copy_to_bufflen; -+ tmpdata += copy_to_bufflen; -+ if (priv->state == SEC_DIGEST_INIT) -+ priv->state = SEC_DIGEST_FIRST_UPDATING; -+ else if (priv->state == SEC_DIGEST_FIRST_UPDATING) -+ priv->state = SEC_DIGEST_DOING; -+ -+ ret = wd_do_digest_sync(priv->sess, &priv->req); -+ if (ret) { -+ fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n"); -+ goto do_soft_digest; -+ } -+ -+ priv->last_update_bufflen = 0; -+ if (left_len <= DIGEST_BLOCK_SIZE) { -+ priv->last_update_bufflen = left_len; -+ uadk_memcpy(priv->data, tmpdata, priv->last_update_bufflen); -+ break; -+ } -+ } -+ -+ return 1; -+ -+do_soft_digest: -+ if (priv->state == SEC_DIGEST_FIRST_UPDATING -+ && priv->data -+ && priv->last_update_bufflen != 0) { -+ priv->switch_flag = UADK_DO_SOFT; -+ digest_soft_init(priv); -+ ret = digest_soft_update(priv->soft_ctx, -+ priv->data, priv->last_update_bufflen); -+ if (ret != 1) -+ return ret; -+ -+ return digest_soft_update(priv->soft_ctx, -+ tmpdata, left_len); -+ } -+ -+ fprintf(stderr, "do soft digest failed during updating!\n"); -+ return 0; -+} -+ -+static int uadk_digest_update(struct digest_priv_ctx *priv, const void *data, size_t data_len) -+{ -+ if (unlikely(priv->switch_flag == UADK_DO_SOFT)) -+ goto soft_update; -+ -+ if (priv->last_update_bufflen + data_len <= DIGEST_BLOCK_SIZE) { -+ uadk_memcpy(priv->data + priv->last_update_bufflen, data, data_len); -+ priv->last_update_bufflen += data_len; -+ return 1; -+ } -+ -+ return digest_update_inner(priv, data, data_len); -+ -+soft_update: -+ return digest_soft_update(priv->soft_ctx, data, data_len); -+} -+ -+static void async_cb(struct wd_digest_req *req, void *data) -+{ -+ struct uadk_e_cb_info *cb_param; -+ struct async_op *op; -+ -+ if (!req) -+ return; -+ -+ cb_param = req->cb_param; -+ if (!cb_param) -+ return; -+ op = cb_param->op; -+ if (op && op->job && !op->done) { -+ op->done = 1; -+ async_free_poll_task(op->idx, 1); -+ async_wake_job(op->job); -+ } -+} -+ -+static int do_digest_sync(struct digest_priv_ctx *priv) -+{ -+ int ret; -+ -+ if (priv->req.in_bytes <= priv->switch_threshold && -+ priv->state == SEC_DIGEST_INIT) -+ return 0; -+ -+ ret = wd_do_digest_sync(priv->sess, &priv->req); -+ if (ret) { -+ fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n"); -+ return 0; -+ } -+ return 1; -+} -+ -+static int do_digest_async(struct digest_priv_ctx *priv, struct async_op *op) -+{ -+ struct uadk_e_cb_info cb_param; -+ int idx, ret; -+ -+ if (unlikely(priv->switch_flag == UADK_DO_SOFT)) { -+ fprintf(stderr, "async cipher init failed.\n"); -+ return 0; -+ } -+ -+ cb_param.op = op; -+ cb_param.priv = priv; -+ priv->req.cb = (void *)async_cb; -+ priv->req.cb_param = &cb_param; -+ -+ ret = async_get_free_task(&idx); -+ if (!ret) -+ return 0; -+ -+ op->idx = idx; -+ -+ do { -+ ret = wd_do_digest_async(priv->sess, &priv->req); -+ if (ret < 0 && ret != -EBUSY) { -+ fprintf(stderr, "do sec digest async failed.\n"); -+ async_free_poll_task(op->idx, 0); -+ return 0; -+ } -+ } while (ret == -EBUSY); -+ -+ ret = async_pause_job(priv, op, ASYNC_TASK_DIGEST, idx); -+ if (!ret) -+ return 0; -+ return 1; -+} -+ -+static int uadk_digest_final(struct digest_priv_ctx *priv, unsigned char *digest) -+{ -+ struct async_op op; -+ int ret; -+ -+ priv->req.has_next = DIGEST_END; -+ priv->req.in = priv->data; -+ priv->req.out = priv->out; -+ priv->req.in_bytes = priv->last_update_bufflen; -+ -+ if (priv->e_nid == NID_sha224) -+ priv->req.out_bytes = WD_DIGEST_SHA224_LEN; -+ -+ if (priv->e_nid == NID_sha384) -+ priv->req.out_bytes = WD_DIGEST_SHA384_LEN; -+ -+ ret = async_setup_async_event_notification(&op); -+ if (unlikely(!ret)) { -+ fprintf(stderr, "failed to setup async event notification.\n"); -+ return 0; -+ } -+ -+ if (op.job == NULL) { -+ /* Synchronous, only the synchronous mode supports soft computing */ -+ if (unlikely(priv->switch_flag == UADK_DO_SOFT)) { -+ ret = digest_soft_final(priv, digest); -+ digest_soft_cleanup(priv); -+ goto clear; -+ } -+ -+ ret = do_digest_sync(priv); -+ if (!ret) -+ goto sync_err; -+ } else { -+ ret = do_digest_async(priv, &op); -+ if (!ret) -+ goto clear; -+ } -+ memcpy(digest, priv->req.out, priv->req.out_bytes); -+ -+ return 1; -+ -+sync_err: -+ if (priv->state == SEC_DIGEST_INIT) { -+ ret = uadk_e_digest_soft_work(priv, priv->req.in_bytes, digest); -+ } else { -+ ret = 0; -+ fprintf(stderr, "do sec digest stream mode failed.\n"); -+ } -+clear: -+ async_clear_async_event_notification(); -+ return ret; -+} -+ -+static int uadk_digest_cleanup(struct digest_priv_ctx *priv) -+{ -+ if (priv->sess) { -+ wd_digest_free_sess(priv->sess); -+ priv->sess = 0; -+ } -+ -+ if (priv->data) -+ OPENSSL_free(priv->data); -+ -+ return 1; -+} -+ -+/* some params related code is copied from OpenSSL v3.0 prov/digestcommon.h */ -+static const OSSL_PARAM uadk_digest_default_known_gettable_params[] = { -+ OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, NULL), -+ OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_SIZE, NULL), -+ OSSL_PARAM_int(OSSL_DIGEST_PARAM_XOF, NULL), -+ OSSL_PARAM_int(OSSL_DIGEST_PARAM_ALGID_ABSENT, NULL), -+ OSSL_PARAM_END -+}; -+ -+static const OSSL_PARAM *uadk_prov_gettable_params(void *provctx) -+{ -+ return uadk_digest_default_known_gettable_params; -+} -+ -+static int uadk_digest_default_get_params(OSSL_PARAM params[], size_t blksz, -+ size_t paramsz) -+{ -+ OSSL_PARAM *p = NULL; -+ -+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_BLOCK_SIZE); -+ if (p != NULL && !OSSL_PARAM_set_size_t(p, blksz)) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); -+ return 0; -+ } -+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE); -+ if (p != NULL && !OSSL_PARAM_set_size_t(p, paramsz)) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); -+ return 0; -+ } -+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_XOF); -+ if (p != NULL -+ && !OSSL_PARAM_set_int(p, 0)) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); -+ return 0; -+ } -+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_ALGID_ABSENT); -+ if (p != NULL -+ && !OSSL_PARAM_set_int(p, 0)) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); -+ return 0; -+ } -+ -+ return 1; -+} -+ -+static void uadk_prov_freectx(void *dctx) -+{ -+ struct digest_priv_ctx *priv = (struct digest_priv_ctx *)dctx; -+ -+ uadk_digest_cleanup(priv); -+ OPENSSL_clear_free(priv, sizeof(*priv)); -+} -+ -+static void *uadk_prov_dupctx(void *dctx) -+{ -+ struct digest_priv_ctx *in; -+ struct digest_priv_ctx *ret; -+ -+ in = (struct digest_priv_ctx *)dctx; -+ ret = OPENSSL_zalloc(sizeof(struct digest_priv_ctx *)); -+ -+ if (ret != NULL) -+ *ret = *in; -+ return ret; -+} -+ -+static int uadk_prov_init(void *dctx, const OSSL_PARAM params[]) -+{ -+ struct digest_priv_ctx *priv = -+ (struct digest_priv_ctx *) dctx; -+ -+ return uadk_digest_init(priv); -+} -+ -+static int uadk_prov_update(void *dctx, const unsigned char *in, size_t inl) -+{ -+ return uadk_digest_update((struct digest_priv_ctx *)dctx, in, inl); -+} -+ -+/* -+ * Note: -+ * The I parameter contains a pointer to the provider side context. -+ * The digest should be written to I<*out> and the length of the digest to I<*outl>. -+ * The digest should not exceed I bytes. -+ */ -+static int uadk_prov_final(void *dctx, unsigned char *out, -+ size_t *outl, size_t outsz) -+{ -+ struct digest_priv_ctx *priv = -+ (struct digest_priv_ctx *) dctx; -+ int ret; -+ -+ if (outsz > 0) { -+ ret = uadk_digest_final(priv, out); -+ if (!ret) -+ return ret; -+ } -+ -+ if (unlikely(outl != NULL)) -+ *outl = priv->md_size; -+ -+ return 1; -+} -+ -+void uadk_prov_destroy_digest(void) -+{ -+ pthread_mutex_lock(&digest_mutex); -+ if (prov.pid == getpid()) { -+ wd_digest_uninit2(); -+ prov.pid = 0; -+ } -+ pthread_mutex_unlock(&digest_mutex); -+} -+ -+static OSSL_FUNC_digest_freectx_fn uadk_prov_freectx; -+static OSSL_FUNC_digest_dupctx_fn uadk_prov_dupctx; -+static OSSL_FUNC_digest_init_fn uadk_prov_init; -+static OSSL_FUNC_digest_update_fn uadk_prov_update; -+static OSSL_FUNC_digest_final_fn uadk_prov_final; -+static OSSL_FUNC_digest_gettable_params_fn -+ uadk_prov_gettable_params; -+ -+#define UADK_PROVIDER_IMPLEMENTATION(name, nid, mdsize, blksize) \ -+static OSSL_FUNC_digest_newctx_fn uadk_##name##_newctx; \ -+static void *uadk_##name##_newctx(void *provctx) \ -+{ \ -+ struct digest_priv_ctx *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ -+ \ -+ if (ctx == NULL) \ -+ return NULL; \ -+ ctx->blk_size = blksize; \ -+ ctx->md_size = mdsize; \ -+ ctx->e_nid = nid; \ -+ ctx->soft_ctx = EVP_MD_CTX_new(); \ -+ if (ctx->soft_ctx == NULL) \ -+ fprintf(stderr, "EVP_MD_CTX_new failed.\n"); \ -+ strncpy(ctx->alg_name, #name, ALG_NAME_SIZE - 1); \ -+ return ctx; \ -+} \ -+static OSSL_FUNC_digest_get_params_fn uadk_##name##_get_params; \ -+static int uadk_##name##_get_params(OSSL_PARAM params[]) \ -+{ \ -+ return uadk_digest_default_get_params(params, blksize, mdsize); \ -+} \ -+const OSSL_DISPATCH uadk_##name##_functions[] = { \ -+ { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))uadk_##name##_newctx }, \ -+ { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))uadk_prov_freectx }, \ -+ { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))uadk_prov_dupctx }, \ -+ { OSSL_FUNC_DIGEST_INIT, (void (*)(void))uadk_prov_init }, \ -+ { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))uadk_prov_update }, \ -+ { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))uadk_prov_final }, \ -+ { OSSL_FUNC_DIGEST_GET_PARAMS, \ -+ (void (*)(void))uadk_##name##_get_params }, \ -+ { OSSL_FUNC_DIGEST_GETTABLE_PARAMS, \ -+ (void (*)(void))uadk_prov_gettable_params }, \ -+ { 0, NULL } \ -+} -+ -+UADK_PROVIDER_IMPLEMENTATION(md5, NID_md5, MD5_DIGEST_LENGTH, MD5_CBLOCK); -+UADK_PROVIDER_IMPLEMENTATION(sm3, NID_sm3, SM3_DIGEST_LENGTH, SM3_CBLOCK); -+UADK_PROVIDER_IMPLEMENTATION(sha1, NID_sha1, 20, 64); -+UADK_PROVIDER_IMPLEMENTATION(sha224, NID_sha224, 28, 64); -+UADK_PROVIDER_IMPLEMENTATION(sha256, NID_sha256, 32, 64); -+UADK_PROVIDER_IMPLEMENTATION(sha384, NID_sha384, 48, 128); -+UADK_PROVIDER_IMPLEMENTATION(sha512, NID_sha512, 64, 128); -diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c -new file mode 100644 -index 0000000..e363584 ---- /dev/null -+++ b/src/uadk_prov_init.c -@@ -0,0 +1,110 @@ -+/* -+ * Copyright 2023-2024 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2023-2024 Linaro ltd. -+ * -+ * Licensed under the Apache License, Version 2.0 (the "License"); -+ * you may not use this file except in compliance with the License. -+ * You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ * -+ */ -+ -+#include -+#include -+ -+#include -+#include -+#include -+ -+#include "uadk_async.h" -+#include "uadk_prov.h" -+ -+struct p_uadk_ctx { -+ const OSSL_CORE_HANDLE *handle; -+ OSSL_LIB_CTX *libctx; -+}; -+ -+const char *engine_uadk_id = "uadk_provider"; -+static const char UADK_DEFAULT_PROPERTIES[] = "provider=uadk"; -+ -+const OSSL_ALGORITHM uadk_prov_digests[] = { -+ { OSSL_DIGEST_NAME_MD5, UADK_DEFAULT_PROPERTIES, -+ uadk_md5_functions, "uadk_provider md5" }, -+ { OSSL_DIGEST_NAME_SM3, UADK_DEFAULT_PROPERTIES, -+ uadk_sm3_functions, "uadk_provider sm3" }, -+ { OSSL_DIGEST_NAME_SHA1, UADK_DEFAULT_PROPERTIES, -+ uadk_sha1_functions, "uadk_provider sha1" }, -+ { OSSL_DIGEST_NAME_SHA2_224, UADK_DEFAULT_PROPERTIES, -+ uadk_sha224_functions, "uadk_provider sha2-224" }, -+ { OSSL_DIGEST_NAME_SHA2_256, UADK_DEFAULT_PROPERTIES, -+ uadk_sha256_functions, "uadk_provider sha2-256" }, -+ { OSSL_DIGEST_NAME_SHA2_384, UADK_DEFAULT_PROPERTIES, -+ uadk_sha384_functions, "uadk_provider sha2-384" }, -+ { OSSL_DIGEST_NAME_SHA2_512, UADK_DEFAULT_PROPERTIES, -+ uadk_sha512_functions, "uadk_provider sha2-512" }, -+ { NULL, NULL, NULL } -+}; -+ -+static const OSSL_ALGORITHM *p_prov_query(void *provctx, int operation_id, -+ int *no_cache) -+{ -+ *no_cache = 0; -+ -+ switch (operation_id) { -+ case OSSL_OP_DIGEST: -+ return uadk_prov_digests; -+ } -+ return NULL; -+} -+ -+static void p_teardown(void *provctx) -+{ -+ struct p_uadk_ctx *ctx = (struct p_uadk_ctx *)provctx; -+ -+ uadk_prov_destroy_digest(); -+ OPENSSL_free(ctx); -+} -+ -+static const OSSL_DISPATCH p_test_table[] = { -+ { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_prov_query }, -+ { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown }, -+ { 0, NULL } -+}; -+ -+static void provider_init_child_at_fork_handler(void) -+{ -+ int ret; -+ -+ ret = async_module_init(); -+ if (!ret) -+ fprintf(stderr, "async_module_init fail!\n"); -+} -+ -+int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, -+ const OSSL_DISPATCH *oin, -+ const OSSL_DISPATCH **out, -+ void **provctx) -+{ -+ struct p_uadk_ctx *ctx; -+ int ret; -+ -+ ctx = OPENSSL_zalloc(sizeof(*ctx)); -+ if (ctx == NULL) -+ return 0; -+ -+ ret = async_module_init(); -+ if (!ret) -+ fprintf(stderr, "async_module_init fail!\n"); -+ pthread_atfork(NULL, NULL, provider_init_child_at_fork_handler); -+ -+ *provctx = (void *)ctx; -+ *out = p_test_table; -+ return 1; -+} --- -2.25.1 - diff --git a/0007-README-update-openssl-3.0.patch b/0007-README-update-openssl-3.0.patch deleted file mode 100644 index d565bb8..0000000 --- a/0007-README-update-openssl-3.0.patch +++ /dev/null @@ -1,173 +0,0 @@ -From bbf050d5f1eb525e881c7d581f913f2df27d2637 Mon Sep 17 00:00:00 2001 -From: Zhangfei Gao -Date: Tue, 13 Jun 2023 09:24:19 +0000 -Subject: [PATCH 7/7] README: update openssl 3.0 - -Update build steps for openssl 3.0 - -Also update sanity_test.sh -If ./configure --libdir=/usr/local/lib/ossl-modules/ -$ ./test/sanity_test.sh - -If ./configure --prefix=/tmp/build -$ ./test/sanity_test.sh /tmp/build/lib/uadk_provider.so - -Signed-off-by: Zhangfei Gao ---- - README.md | 34 ++++++++++++++++++++++++++------ - test/sanity_test.sh | 48 +++++++++++++++++++++++++++++++++++++++------ - 2 files changed, 70 insertions(+), 12 deletions(-) - -diff --git a/README.md b/README.md -index ac721e3..86676db 100644 ---- a/README.md -+++ b/README.md -@@ -13,7 +13,7 @@ OpenSSL engine for uadk - Prerequisites - ============= - * CPU: aarch64 --* OpenSSL: 1.1.1f -+* OpenSSL: 1.1.1f or 3.0 - * libnuma - * zlib - -@@ -26,24 +26,26 @@ Build and install OpenSSL - ``` - git clone https://github.com/openssl/openssl.git - cd openssl -- git checkout -b OpenSSL_1_1_1f OpenSSL_1_1_1f -+ // For openssl1.1.1f -+ git checkout -b opensssl1.1 OpenSSL_1_1_1f -+ // for openssl 3.0 -+ git checkout -b openssl3.0 openssl-3.0.0 - ./config - make - sudo make install - openssl version - ``` - --Run pkg-config to ensure env is setup correctly -+Setup env on-demand - ----------------------------------------------- - - ``` - $ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/ - $ pkg-config libcrypto --libs - -L/usr/local/lib -lcrypto --``` - --* export ``PKG_CONFIG_PATH`` is required on openEuler, -- where /usr/local/lib is not set as the default pkgconfig search path. -+ $ export LD_LIBRARY_PATH=/usr/local/lib -+``` - - Build and install UADK - ---------------------- -@@ -63,6 +65,7 @@ Build and install UADK - - Build and install UADK Engine - ----------------------------- -+For openssl 1.1 - ``` - git clone https://github.com/Linaro/uadk_engine.git - cd uadk_engine -@@ -74,6 +77,20 @@ Build and install UADK Engine - Option --enable-kae can be chosen to enable KAE for non-sva version - ``` - -+For openssl 3.0 -+``` -+ git clone https://github.com/Linaro/uadk_engine.git -+ cd uadk_engine -+ autoreconf -i -+ // openEuler -+ ./configure --libdir=/usr/local/lib/engines-3/ -+ // ubuntu -+ ./configure --libdir=/usr/local/lib/ossl-modules/ -+ make -+ sudo make install -+ -+``` -+ - Testing - ------- - ``` -@@ -109,9 +126,14 @@ Install libraries to the temp folder - $ ./configure --prefix=/tmp/build - $ make; make install - -+ // For openssl 1.1 - $ openssl engine -c /tmp/build/lib/uadk_engine.so - $ ./test/sanity_test.sh /tmp/build/lib/uadk_engine.so - -+ // For openssl 3.0 -+ $ openssl speed -provider /tmp/build/lib/uadk_provider.so -provider default -evp md5 -+ $ ./test/sanity_test.sh /tmp/build/lib/uadk_provider.so -+ - ``` - - Environment variable of uadk engine -diff --git a/test/sanity_test.sh b/test/sanity_test.sh -index bdedc15..899d02c 100755 ---- a/test/sanity_test.sh -+++ b/test/sanity_test.sh -@@ -2,14 +2,50 @@ - - sudo chmod 666 /dev/hisi_* - --if [ ! -n "$1" ]; then -- engine_id=uadk_engine --else -- engine_id=$1 -+ -+version=$(openssl version) -+echo $version -+if [[ $version =~ "3.0" ]]; then -+ echo "openssl 3.0" -+ if [ ! -n "$1" ]; then -+ engine_id=uadk_provider -+ else -+ engine_id=$1 -+ fi -+ -+ digest_algs=$(openssl list -provider $engine_id -digest-algorithms) -+fi -+ -+if [[ $digest_algs =~ "uadk_provider" ]]; then -+ echo "uadk_provider testing digest" -+ openssl speed -provider $engine_id -provider default -evp md5 -+ openssl speed -provider $engine_id -provider default -evp sm3 -+ openssl speed -provider $engine_id -provider default -evp sha1 -+ openssl speed -provider $engine_id -provider default -evp sha2-224 -+ openssl speed -provider $engine_id -provider default -evp sha2-256 -+ openssl speed -provider $engine_id -provider default -evp sha2-384 -+ openssl speed -provider $engine_id -provider default -evp sha2-512 -+ -+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp md5 -+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sm3 -+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha1 -+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-224 -+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-256 -+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-384 -+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-512 - fi - --algs=$(openssl engine -c $engine_id) --echo $algs -+if [[ $version =~ "1.1.1" ]]; then -+ echo "openssl 1.1.1" -+ if [ ! -n "$1" ]; then -+ engine_id=uadk_engine -+ else -+ engine_id=$1 -+ fi -+ -+ algs=$(openssl engine -c $engine_id) -+ echo $algs -+fi - - #digest - if [[ $algs =~ "MD5" ]]; then --- -2.25.1 - diff --git a/0008-cipher-fix-double-free-error.patch b/0008-cipher-fix-double-free-error.patch deleted file mode 100644 index e229475..0000000 --- a/0008-cipher-fix-double-free-error.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 516c9a1c8f77e8d1d91c78478425b4df585ec485 Mon Sep 17 00:00:00 2001 -From: taoqi -Date: Tue, 20 Jun 2023 22:38:01 +0800 -Subject: [PATCH 08/10] cipher: fix double free error - -When wd_cipher_set_key() failed, after the handle -is released, the handle should be set to 0 to avoid -reusing. - -Signed-off-by: taoqi ---- - src/uadk_cipher.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index c7be21a..1905e47 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -878,6 +878,7 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv) - ret = wd_cipher_set_key(priv->sess, priv->key, EVP_CIPHER_CTX_key_length(ctx)); - if (ret) { - wd_cipher_free_sess(priv->sess); -+ priv->sess = 0; - fprintf(stderr, "uadk failed to set key!\n"); - } - } --- -2.25.1 - diff --git a/0009-cipher-fix-set-key-error.patch b/0009-cipher-fix-set-key-error.patch deleted file mode 100644 index 4575d1d..0000000 --- a/0009-cipher-fix-set-key-error.patch +++ /dev/null @@ -1,56 +0,0 @@ -From c8f3d1d021f028a9ca500d079c4158038e1b22c9 Mon Sep 17 00:00:00 2001 -From: taoqi -Date: Tue, 20 Jun 2023 23:05:06 +0800 -Subject: [PATCH 09/10] cipher: fix set key error - -Initialize the algorithm type again to prevent -the algorithm type from being changed. - -Signed-off-by: taoqi ---- - src/uadk_cipher.c | 20 +++++++++++++++++++- - 1 file changed, 19 insertions(+), 1 deletion(-) - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index 1905e47..cc13823 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -840,8 +840,10 @@ static int do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *op) - - static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv) - { -+ __u32 cipher_counts = ARRAY_SIZE(cipher_info_table); - struct sched_params params = {0}; -- int ret; -+ int nid, ret; -+ __u32 i; - - priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx); - priv->req.iv = priv->iv; -@@ -869,7 +871,23 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv) - /* Use the default numa parameters */ - params.numa_id = -1; - priv->setup.sched_param = ¶ms; -+ - if (!priv->sess) { -+ nid = EVP_CIPHER_CTX_nid(ctx); -+ -+ for (i = 0; i < cipher_counts; i++) { -+ if (nid == cipher_info_table[i].nid) { -+ cipher_priv_ctx_setup(priv, cipher_info_table[i].alg, -+ cipher_info_table[i].mode, cipher_info_table[i].out_bytes); -+ break; -+ } -+ } -+ -+ if (i == cipher_counts) { -+ fprintf(stderr, "failed to setup the private ctx.\n"); -+ return; -+ } -+ - priv->sess = wd_cipher_alloc_sess(&priv->setup); - if (!priv->sess) - fprintf(stderr, "uadk failed to alloc session!\n"); --- -2.25.1 - diff --git a/0010-cipher-fix-async-hardware-computing-error.patch b/0010-cipher-fix-async-hardware-computing-error.patch deleted file mode 100644 index 6a91b91..0000000 --- a/0010-cipher-fix-async-hardware-computing-error.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 9fa67d9748d0e8b710bc8a0cdd3f289e3a1b2f8f Mon Sep 17 00:00:00 2001 -From: taoqi -Date: Tue, 20 Jun 2023 23:07:31 +0800 -Subject: [PATCH 10/10] cipher: fix async hardware computing error - -If the length of the input data does not reach to -hardware computing threshold, directly switch to -soft cipher. - -Signed-off-by: taoqi ---- - src/uadk_cipher.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index cc13823..940c26c 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -927,6 +927,14 @@ static int uadk_e_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - if (!ret) - goto sync_err; - } else { -+ /* -+ * If the length of the input data -+ * does not reach to hardware computing threshold, -+ * directly switch to soft cipher. -+ */ -+ if (priv->req.in_bytes <= priv->switch_threshold) -+ goto sync_err; -+ - ret = do_cipher_async(priv, &op); - if (!ret) - goto out_notify; --- -2.25.1 - diff --git a/uadk_engine-1.2.0.tar.gz b/uadk_engine-1.2.0.tar.gz deleted file mode 100644 index 1f652fe..0000000 Binary files a/uadk_engine-1.2.0.tar.gz and /dev/null differ diff --git a/uadk_engine-1.3.0.tar.gz b/uadk_engine-1.3.0.tar.gz new file mode 100644 index 0000000..5875ec1 Binary files /dev/null and b/uadk_engine-1.3.0.tar.gz differ diff --git a/uadk_engine.spec b/uadk_engine.spec index c72bf53..3cdd1c1 100644 --- a/uadk_engine.spec +++ b/uadk_engine.spec @@ -1,6 +1,6 @@ Name: uadk_engine Summary: UADK Accelerator Engine -Version: 1.2.0 +Version: 1.3.0 Release: 1 License: Apache-2.0 Source: %{name}-%{version}.tar.gz @@ -9,24 +9,18 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-root Prefix: /usr/local/lib/engines-1.1 Conflicts: %{name} < %{version}-%{release} Provides: %{name} = %{version}-%{release} -BuildRequires: libwd >= 2.3.21 -BuildRequires: compat-openssl11-devel sed autoconf automake libtool +BuildRequires: libwd >= 2.6.0 +BuildRequires: compat-openssl11-devel sed autoconf automake libtool numactl-devel ExclusiveArch: aarch64 -Patch0001: 0001-readme-export-PKG_CONFIG_PATH-on-openEuler.patch -Patch0002: 0002-uadk_engine-use-calloc-to-replace-malloc-memset.patch -Patch0003: 0003-v1-some-code-clean.patch -Patch0004: 0004-v1-fix-implicit-declaration-of-function-OPENSSL_call.patch -Patch0005: 0005-uadk-build-uadk_engine-only-if-openssl-1.1.patch -Patch0006: 0006-uadk-support-openssl-3.0.patch -Patch0007: 0007-README-update-openssl-3.0.patch -Patch0008: 0008-cipher-fix-double-free-error.patch -Patch0009: 0009-cipher-fix-set-key-error.patch -Patch0010: 0010-cipher-fix-async-hardware-computing-error.patch +Patch0001: 0001-v1-dh-add-iova_map-and-iova_unmap-ops.patch +Patch0002: 0002-uadk_util-fix-clang-build-error.patch +Patch0003: 0003-uadk_engine-add-secure-compilation-option.patch %description This package contains the UADK Accelerator Engine +%global debug_package %{nil} %prep %autosetup -n %{name} -p1 @@ -72,6 +66,9 @@ fi /sbin/ldconfig %changelog +* Mon Jan 22 2024 Zhangfei Gao 1.3.0-1 +- uadk_eingine: update to 1.3.0 + * Tue Aug 22 2023 JiangShui Yang 1.2.0-1 - Backport uadk engine patch form v1.0.1 to 1.2.0