Merge pull request #15 from yuhongxiao123456/master

fix bugs and update kae version to 1.3.10
kunpengcompute · Feb 5, 2021 · 261947f · 261947f
2 parents e60dda6 + ef95788
commit 261947f
Show file tree

Hide file tree

Showing 13 changed files with 55 additions and 225 deletions.
diff --git a/Makefile b/Makefile
@@ -18,7 +18,7 @@ ENGINE_INSTALL_PATH := $(OPENSSL_WORK_PATH)/lib/engines-1.1
 CC=gcc
 
 LIBNAME := libkae.so
-VERSION = 1.3.9
+VERSION = 1.3.10
 TARGET = ${LIBNAME}.${VERSION}
 SOFTLINK = kae.so
 

diff --git a/alg/ciphers/sec_ciphers_wd.c b/alg/ciphers/sec_ciphers_wd.c
@@ -34,8 +34,7 @@
 #define MAX_IV_SIZE        16
 
 
-static KAE_QUEUE_POOL_HEAD_S* g_sec_ciphers_qnode_pool = NULL;
-
+KAE_QUEUE_POOL_HEAD_S* g_sec_ciphers_qnode_pool = NULL;
 static cipher_engine_ctx_t* wd_ciphers_new_engine_ctx(KAE_QUEUE_DATA_NODE_S* q_node, cipher_priv_ctx_t* priv_ctx);
 
 void wd_ciphers_free_engine_ctx(void* engine_ctx)

diff --git a/alg/ciphers/sec_ciphers_wd.h b/alg/ciphers/sec_ciphers_wd.h
@@ -28,6 +28,8 @@
 
 #include "sec_ciphers.h"
 
+extern KAE_QUEUE_POOL_HEAD_S *g_sec_ciphers_qnode_pool;
+
 cipher_engine_ctx_t* wd_ciphers_get_engine_ctx(cipher_priv_ctx_t* priv_ctx);
 void wd_ciphers_put_engine_ctx(cipher_engine_ctx_t* e_cipher_ctx);
 int wd_ciphers_do_crypto_impl(cipher_engine_ctx_t *e_cipher_ctx);

diff --git a/alg/dh/hpre_dh.c b/alg/dh/hpre_dh.c
@@ -57,10 +57,6 @@ static int prepare_dh_data(const int bits, const BIGNUM* g, DH* dh, hpre_dh_engi
 
 static int hpre_dh_ctx_poll(void* engine_ctx);
 
-static int hpre_dh_keygen(EVP_PKEY_CTX* ctx, EVP_PKEY* pkey);
-
-static int hpre_dh_derive(EVP_PKEY_CTX* ctx, unsigned char* key, size_t* keylen);
-
 const DH_METHOD* hpre_get_dh_methods(void)
 {
     int ret = 1;
@@ -96,6 +92,9 @@ int hpre_module_dh_init()
 {
     wd_hpre_dh_init_qnode_pool();
 
+    (void)get_dh_pkey_meth();
+    (void)hpre_get_dh_methods();
+
     /* register async poll func */
     async_register_poll_fn(ASYNC_TASK_DH, hpre_dh_ctx_poll);
 
@@ -119,11 +118,8 @@ EVP_PKEY_METHOD* get_dh_pkey_meth(void)
             US_ERR("failed to new pkey meth");
             return NULL;
         }
+        EVP_PKEY_meth_copy(g_hpre_dh_pkey_meth, def_dh);
     }
-    EVP_PKEY_meth_copy(g_hpre_dh_pkey_meth, def_dh);
-
-    EVP_PKEY_meth_set_keygen(g_hpre_dh_pkey_meth, 0, hpre_dh_keygen);
-    EVP_PKEY_meth_set_derive(g_hpre_dh_pkey_meth, 0, hpre_dh_derive);
 
     return g_hpre_dh_pkey_meth;
 }
@@ -133,82 +129,6 @@ EVP_PKEY_METHOD *get_dsa_pkey_meth(void)
     return (EVP_PKEY_METHOD*)EVP_PKEY_meth_get0(DHPKEYMETH_IDX);
 }
 
-static DH* change_dh_method(DH* dh_default)
-{
-    const DH_METHOD* hw_dh = hpre_get_dh_methods();
-    DH* dh = DH_new();
-
-    const BIGNUM *p, *q, *g, *priv_key, *pub_key;
-    BIGNUM *p1, *q1, *g1, *priv_key1, *pub_key1;
-    DH_get0_pqg(dh_default, &p, &q, &g);
-    DH_get0_key(dh_default, &pub_key, &priv_key);
-    p1 = BN_dup(p);
-    q1 = BN_dup(q);
-    g1 = BN_dup(g);
-    priv_key1 = BN_dup(priv_key);
-    pub_key1 = BN_dup(pub_key);
-    if (dh != NULL) {
-        DH_set_method(dh, hw_dh);
-        DH_set0_pqg(dh, p1, q1, g1);
-        DH_set0_key(dh, pub_key1, priv_key1);
-        return dh;
-    } else {
-        KAEerr(KAE_F_CHANGDHMETHOD, KAE_R_MALLOC_FAILURE);
-        US_ERR("changDHMethod failed.");
-        return (DH*)NULL;
-    }
-}
-
-static int hpre_dh_keygen(EVP_PKEY_CTX* ctx, EVP_PKEY* pkey)
-{
-    DH* dh = NULL;
-    int ret = 0;
-    int (*pkeygen)(EVP_PKEY_CTX* ctx, EVP_PKEY* pkey);
-    EVP_PKEY* pk = EVP_PKEY_CTX_get0_pkey(ctx);
-    DH* dh_default = EVP_PKEY_get1_DH(pk);
-    bool is_dsa = DH_get0_q(dh_default) != NULL;
-    if (is_dsa) {
-        const EVP_PKEY_METHOD* def_dh_meth = EVP_PKEY_meth_get0(DHPKEYMETH_IDX);
-        EVP_PKEY_meth_get_keygen(def_dh_meth, (int (**)(EVP_PKEY_CTX*))NULL, &pkeygen);
-        ret = pkeygen(ctx, pkey);
-    } else {
-        dh = change_dh_method(dh_default);
-        EVP_PKEY_set1_DH(pk, dh);
-        const EVP_PKEY_METHOD* def_dh_meth = EVP_PKEY_meth_get0(DHPKEYMETH_IDX);
-        EVP_PKEY_meth_get_keygen(def_dh_meth, (int (**)(EVP_PKEY_CTX*))NULL, &pkeygen);
-        ret = pkeygen(ctx, pkey);
-        EVP_PKEY_assign_DH(pk, dh_default);
-        DH_free(dh);
-    }
-
-    return ret;
-}
-
-static int hpre_dh_derive(EVP_PKEY_CTX* ctx, unsigned char* key, size_t* keylen)
-{
-    DH* dh = NULL;
-    int ret = 0;
-    int (*pderive)(EVP_PKEY_CTX* ctx, unsigned char* key, size_t* keylen);
-    EVP_PKEY* pk = EVP_PKEY_CTX_get0_pkey(ctx);
-    DH* dh_default = EVP_PKEY_get1_DH(pk);
-    bool is_dsa = DH_get0_q(dh_default) != NULL;
-    if (is_dsa) {
-        const EVP_PKEY_METHOD* def_dh_meth = EVP_PKEY_meth_get0(DHPKEYMETH_IDX);
-        EVP_PKEY_meth_get_derive(def_dh_meth, (int (**)(EVP_PKEY_CTX*))NULL, &pderive);
-        ret = pderive(ctx, key, keylen);
-    } else {
-        dh = change_dh_method(dh_default);
-        EVP_PKEY_set1_DH(pk, dh);
-        const EVP_PKEY_METHOD* def_dh_meth = EVP_PKEY_meth_get0(DHPKEYMETH_IDX);
-        EVP_PKEY_meth_get_derive(def_dh_meth, (int (**)(EVP_PKEY_CTX*))NULL, &pderive);
-        ret = pderive(ctx, key, keylen);
-        EVP_PKEY_assign_DH(pk, dh_default);
-        DH_free(dh);
-    }
-
-    return ret;
-}
-
 static int hpre_dh_ctx_poll(void* engine_ctx)
 {
     int ret;

diff --git a/alg/dh/hpre_dh_wd.h b/alg/dh/hpre_dh_wd.h
@@ -42,6 +42,8 @@ struct hpre_dh_engine_ctx {
 
 typedef struct hpre_dh_engine_ctx hpre_dh_engine_ctx_t;
 
+extern KAE_QUEUE_POOL_HEAD_S *g_hpre_dh_qnode_pool;
+
 int wd_hpre_dh_init_qnode_pool(void);
 void wd_hpre_dh_uninit_qnode_pool(void);
 

diff --git a/alg/digests/sec_digests_wd.c b/alg/digests/sec_digests_wd.c
@@ -22,7 +22,7 @@
 #include "engine_types.h"
 #include "engine_log.h"
 
-static KAE_QUEUE_POOL_HEAD_S* g_sec_digests_qnode_pool = NULL;
+KAE_QUEUE_POOL_HEAD_S* g_sec_digests_qnode_pool = NULL;
 static digest_engine_ctx_t* wd_digests_new_engine_ctx(KAE_QUEUE_DATA_NODE_S* q_node, sec_digest_priv_t* md_ctx);
 static int wd_digests_init_engine_ctx(digest_engine_ctx_t *e_digest_ctx);
 

diff --git a/alg/digests/sec_digests_wd.h b/alg/digests/sec_digests_wd.h
@@ -21,6 +21,7 @@
 
 #include "sec_digests.h"
 
+extern KAE_QUEUE_POOL_HEAD_S *g_sec_digests_qnode_pool;
 
 digest_engine_ctx_t* wd_digests_get_engine_ctx(sec_digest_priv_t* md_ctx);
 void wd_digests_put_engine_ctx(digest_engine_ctx_t* e_digest_ctx);

diff --git a/alg/pkey/hpre_rsa.c b/alg/pkey/hpre_rsa.c
@@ -58,18 +58,6 @@ static int hpre_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
 static int hpre_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 
-static int hpre_evp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *sig,
-                            size_t *siglen, const unsigned char *tbs, size_t tbslen);
-
-static int hpre_evp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
-                            size_t *outlen, const unsigned char *in, size_t inlen);
-
-static int hpre_evp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-                         const unsigned char *tbs, size_t tbslen);
-
-static int hpre_evp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
-                           const unsigned char *tbs, size_t tbslen);
-
 RSA_METHOD *hpre_get_rsa_methods(void)
 {
     int ret = 1;
@@ -152,6 +140,9 @@ int hpre_module_init()
 {
     /* init queue */
     wd_hpre_init_qnode_pool();
+
+    (void)get_rsa_pkey_meth();
+    (void)hpre_get_rsa_methods();
 
     /* register async poll func */
     async_register_poll_fn(ASYNC_TASK_RSA, hpre_engine_ctx_poll);
@@ -168,12 +159,9 @@ EVP_PKEY_METHOD *get_rsa_pkey_meth(void)
             US_ERR("failed to new pkey meth");
             return NULL;
         }
+
+        EVP_PKEY_meth_copy(g_hpre_pkey_meth, def_rsa);
     }
-    EVP_PKEY_meth_copy(g_hpre_pkey_meth, def_rsa);
-    EVP_PKEY_meth_set_encrypt(g_hpre_pkey_meth, 0, hpre_evp_encrypt);
-    EVP_PKEY_meth_set_decrypt(g_hpre_pkey_meth, 0, hpre_evp_decrypt);
-    EVP_PKEY_meth_set_sign(g_hpre_pkey_meth, 0, hpre_evp_sign);
-    EVP_PKEY_meth_set_verify(g_hpre_pkey_meth, 0, hpre_evp_verify);
 
     return g_hpre_pkey_meth;
 }
@@ -183,112 +171,6 @@ void hpre_destroy()
     hpre_free_rsa_methods();
 }
 
-/*
- * Description: Update RsaMethod (not generated by the hardware engine for incoming rsa keys)
- * @param rsa_default ctx incoming RSA key
- * @return RSA* RSA key with hardware method
- * note:The RSA_set_method is not directly used here because rsa_default may be referenced elsewhere.
- * Set will call free and then init causes failure
- */
-static RSA *change_rsa_method(RSA *rsa_default)
-{
-    RSA_METHOD* hw_rsa = hpre_get_rsa_methods();
-    RSA *rsa = RSA_new();
-
-    const BIGNUM *e, *p, *q, *n, *d, *dmp1, *dmq1, *iqmp;
-    BIGNUM *e1, *p1, *q1, *n1, *d1, *dmp11, *dmq11, *iqmp1;
-    RSA_get0_key(rsa_default, &n, &e, &d);
-    RSA_get0_factors(rsa_default, &p, &q);
-    RSA_get0_crt_params(rsa_default, &dmp1, &dmq1, &iqmp);
-    e1 = BN_dup(e);
-    p1 = BN_dup(p);
-    q1 = BN_dup(q);
-    n1 = BN_dup(n);
-    d1 = BN_dup(d);
-    dmp11 = BN_dup(dmp1);
-    dmq11 = BN_dup(dmq1);
-    iqmp1 = BN_dup(iqmp);
-    if (rsa != NULL) {
-        RSA_set_method(rsa, hw_rsa);
-        RSA_set0_key(rsa, n1, e1, d1);
-        RSA_set0_factors(rsa, p1, q1);
-        RSA_set0_crt_params(rsa, dmp11, dmq11, iqmp1);
-        return rsa;
-    } else {
-        KAEerr(KAE_F_CHANGRSAMETHOD, KAE_R_MALLOC_FAILURE);
-        US_ERR("changRsaMethod failed.");
-        return (RSA *)NULL;
-    }
-}
-
-static int hpre_evp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *sig,
-                            size_t *siglen, const unsigned char *tbs, size_t tbslen)
-{
-    int (*pencryptfn)(EVP_PKEY_CTX *, unsigned char *,
-                      size_t *, const unsigned char *, size_t);
-    EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(ctx);
-    RSA *rsa_default = EVP_PKEY_get1_RSA(pk);
-    RSA *rsa = change_rsa_method(rsa_default);
-    EVP_PKEY_set1_RSA(pk, rsa);
-    const EVP_PKEY_METHOD *def_rsa_meth = EVP_PKEY_meth_get0(RSAPKEYMETH_IDX);
-    EVP_PKEY_meth_get_encrypt (def_rsa_meth, (int(**)(EVP_PKEY_CTX *))NULL, &pencryptfn);
-    int ret = pencryptfn(ctx, sig, siglen, tbs, tbslen);
-    EVP_PKEY_assign_RSA(pk, rsa_default);
-
-    RSA_free(rsa);
-
-    return ret;
-}
-
-static int hpre_evp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
-                            size_t *outlen, const unsigned char *in, size_t inlen)
-{
-    int (*pdecrypt)(EVP_PKEY_CTX *, unsigned char *,
-                    size_t *, const unsigned char *, size_t);
-    EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(ctx);
-    RSA *rsa_default = EVP_PKEY_get1_RSA(pk);
-    RSA *rsa = change_rsa_method(rsa_default);
-    EVP_PKEY_set1_RSA(pk, rsa);
-    const EVP_PKEY_METHOD *def_rsa_meth = EVP_PKEY_meth_get0(RSAPKEYMETH_IDX);
-    EVP_PKEY_meth_get_decrypt (def_rsa_meth, (int(**)(EVP_PKEY_CTX *))NULL, &pdecrypt);
-    int ret = pdecrypt(ctx, out, outlen, in, inlen);
-    EVP_PKEY_assign_RSA(pk, rsa_default);
-    RSA_free(rsa);
-    return ret;
-}
-static int hpre_evp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-                         const unsigned char *tbs, size_t tbslen)
-{
-    int (*psign)(EVP_PKEY_CTX *, unsigned char *, size_t *,
-                 const unsigned char *, size_t);
-    EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(ctx);
-    RSA *rsa_default = EVP_PKEY_get1_RSA(pk);
-    RSA *rsa = change_rsa_method(rsa_default);
-    EVP_PKEY_set1_RSA(pk, rsa);
-    const EVP_PKEY_METHOD *def_rsa_meth = EVP_PKEY_meth_get0(RSAPKEYMETH_IDX);
-    EVP_PKEY_meth_get_sign (def_rsa_meth, (int(**)(EVP_PKEY_CTX *))NULL, &psign);
-    int ret = psign(ctx, sig, siglen, tbs, tbslen);
-    EVP_PKEY_assign_RSA(pk, rsa_default);
-    RSA_free(rsa);
-    return ret;
-}
-static int hpre_evp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
-                           const unsigned char *tbs, size_t tbslen)
-{
-    int (*pverify)(EVP_PKEY_CTX *, const unsigned char *,
-                   size_t, const unsigned char *, size_t);
-    EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(ctx);
-    RSA *rsa_default = EVP_PKEY_get1_RSA(pk);
-    RSA *rsa = change_rsa_method(rsa_default);
-    EVP_PKEY_set1_RSA(pk, rsa);
-    const EVP_PKEY_METHOD *def_rsa_meth = EVP_PKEY_meth_get0(RSAPKEYMETH_IDX);
-    EVP_PKEY_meth_get_verify (def_rsa_meth, (int(**)(EVP_PKEY_CTX *))NULL, &pverify);
-    int ret = pverify(ctx, sig, siglen, tbs, tbslen);
-    EVP_PKEY_assign_RSA(pk, rsa_default);
-    RSA_free(rsa);
-    return ret;
-}
-
 //lint -save -e506
 #undef GOTOEND_IF
 #define GOTOEND_IF(cond, mesg, f, r) \

diff --git a/alg/pkey/hpre_wd.c b/alg/pkey/hpre_wd.c
@@ -153,12 +153,7 @@ void hpre_free_eng_ctx(hpre_engine_ctx_t *eng_ctx)
         US_DEBUG("no eng_ctx to free");
         return;
     }
-
-    if (eng_ctx->qlist != NULL) {
-        hpre_free_rsa_ctx(eng_ctx->ctx);
-        kae_put_node_to_pool(g_hpre_rsa_qnode_pool, eng_ctx->qlist);
-    }
-
+
     if (eng_ctx->opdata.op_type != WCRYPTO_RSA_GENKEY) {
         if (eng_ctx->opdata.in) {
             eng_ctx->rsa_setup.br.free(eng_ctx->qlist->kae_queue_mem_pool, eng_ctx->opdata.in);
@@ -176,6 +171,12 @@ void hpre_free_eng_ctx(hpre_engine_ctx_t *eng_ctx)
             wcrypto_del_kg_out(eng_ctx->ctx, (struct wcrypto_rsa_kg_out *)eng_ctx->opdata.out);
         }
     }
+
+    if (eng_ctx->qlist != NULL) {
+        hpre_free_rsa_ctx(eng_ctx->ctx);
+        kae_put_node_to_pool(g_hpre_rsa_qnode_pool, eng_ctx->qlist);
+    }
+
     eng_ctx->priv_ctx.ssl_alg = NULL;
     eng_ctx->qlist = NULL;
     eng_ctx->ctx = NULL;

diff --git a/alg/pkey/hpre_wd.h b/alg/pkey/hpre_wd.h
@@ -58,6 +58,8 @@ struct hpre_engine_ctx {
 
 typedef struct hpre_engine_ctx hpre_engine_ctx_t;
 
+extern KAE_QUEUE_POOL_HEAD_S *g_hpre_rsa_qnode_pool;
+
 int wd_hpre_init_qnode_pool(void);
 void wd_hpre_uninit_qnode_pool(void);
 

diff --git a/engine_kae.c b/engine_kae.c
@@ -340,27 +340,31 @@ static int bind_kae(ENGINE *e, const char *id)
 
     ret = kae_get_device(sec_device);
     if (ret != 0) {
+#ifndef KAE_NO_CIPHER_METH
         ret = ENGINE_set_ciphers(e, sec_engine_ciphers);
         RETURN_FAIL_IF(ret != 1, "ENGINE_set_ciphers failed.",
             KAE_F_BIND_HELPER, KAE_R_SET_CIPHERS_FAILURE);
-
+#endif
+#ifndef KAE_NO_DIGEST_METH
         ret = ENGINE_set_digests(e, sec_engine_digests);
         RETURN_FAIL_IF(ret != 1, "ENGINE_set_digests failed.",
             KAE_F_BIND_HELPER, KAE_R_SET_DIGESTS_FAILURE);
+#endif        
     }
 
     ret = ENGINE_set_pkey_meths(e, hpre_pkey_meths);
     RETURN_FAIL_IF(ret != 1, "ENGINE_set_finish_function failed",
         KAE_F_BIND_HELPER, KAE_R_SET_PKEYMETH_FAILURE);
-
+#ifndef KAE_NO_RSA_METH
     ret = ENGINE_set_RSA(e, hpre_get_rsa_methods());
     RETURN_FAIL_IF(ret != 1, "ENGINE_set_RSA failed.",
         KAE_F_BIND_HELPER, KAE_R_SET_RSA_FAILURE);
-
+#endif
+#ifndef KAE_NO_DH_METH
     ret = ENGINE_set_DH(e, hpre_get_dh_methods());
     RETURN_FAIL_IF(ret != 1, "ENGINE_set_DH failed.",
         KAE_F_BIND_HELPER, KAE_R_SET_DH_FAILURE);
-
+#endif
     ret = ENGINE_set_destroy_function(e, kae_engine_destroy);
     RETURN_FAIL_IF(ret != 1, "ENGINE_set_destroy_function failed.",
         KAE_F_BIND_HELPER, KAE_R_SET_DESTORY_FAILURE);