From db09ea12d7a95247022f8907b3321c3cb4b42900 Mon Sep 17 00:00:00 2001 From: Zhangfei Gao Date: Fri, 20 Oct 2023 08:46:18 +0000 Subject: [PATCH 50/63] uadk_prov: reuse OSSL_OP_STORE from default provider The store func is provided in default provider, so "-provider default" is required. otherwise errors reported: Could not open file or uri for loading private key from privatekey1.pem 2020D5BEFFFF0000:error:16000069:STORE routines:ossl_store_get0_loader_int:\ unregistered scheme:crypto/store/store_register.c:237:scheme=file 2020D5BEFFFF0000:error:1608010C:STORE routines:inner_loader_fetch: \ unsupported:crypto/store/store_meth.c:356:No store loader found. \ For standard store loaders you need at least one of the default or base \ providers available. Did you forget to load them? Info: \ Global default library context, Scheme (file : 0), Properties () Instead, uadk_provider can provide OSSL_OP_STORE by reusing the default provider's prov->query_operation Signed-off-by: Zhangfei Gao --- src/uadk_prov.h | 62 ++++++++++++++++++++++++++++++++++++++++++++ src/uadk_prov_init.c | 2 ++ src/uadk_prov_rsa.c | 4 +-- test/sanity_test.sh | 6 ++--- 4 files changed, 68 insertions(+), 6 deletions(-) diff --git a/src/uadk_prov.h b/src/uadk_prov.h index efb29ee..01e799e 100644 --- a/src/uadk_prov.h +++ b/src/uadk_prov.h @@ -18,6 +18,68 @@ #ifndef UADK_PROV_H #define UADK_PROV_H +typedef int CRYPTO_REF_COUNT; + +struct ossl_provider_st { + /* Flag bits */ + unsigned int flag_initialized:1; + unsigned int flag_activated:1; + unsigned int flag_fallback:1; /* Can be used as fallback */ + + /* Getting and setting the flags require synchronization */ + CRYPTO_RWLOCK *flag_lock; + + /* OpenSSL library side data */ + CRYPTO_REF_COUNT refcnt; + CRYPTO_RWLOCK *refcnt_lock; /* For the ref counter */ + int activatecnt; + char *name; + char *path; + void *module; + OSSL_provider_init_fn *init_function; + + STACK_OF(INFOPAIR) * parameters; + OSSL_LIB_CTX *libctx; /* The library context this instance is in */ + struct provider_store_st *store; /* The store this instance belongs to */ +#ifndef FIPS_MODULE + /* + * In the FIPS module inner provider, this isn't needed, since the + * error upcalls are always direct calls to the outer provider. + */ + int error_lib; /* ERR library number, one for each provider */ +# ifndef OPENSSL_NO_ERR + char *error_strings; /* Copy of what the provider gives us */ +# endif +#endif + + /* Provider side functions */ + OSSL_FUNC_provider_teardown_fn * teardown; + OSSL_FUNC_provider_gettable_params_fn *gettable_params; + OSSL_FUNC_provider_get_params_fn *get_params; + OSSL_FUNC_provider_get_capabilities_fn *get_capabilities; + OSSL_FUNC_provider_self_test_fn *self_test; + OSSL_FUNC_provider_query_operation_fn *query_operation; + OSSL_FUNC_provider_unquery_operation_fn *unquery_operation; + + /* + * Cache of bit to indicate of query_operation() has been called on + * a specific operation or not. + */ + unsigned char *operation_bits; + size_t operation_bits_sz; + CRYPTO_RWLOCK *opbits_lock; + +#ifndef FIPS_MODULE + /* Whether this provider is the child of some other provider */ + const OSSL_CORE_HANDLE * handle; + unsigned int ischild:1; +#endif + + /* Provider side data */ + void *provctx; + const OSSL_DISPATCH *dispatch; +}; + struct uadk_prov_ctx { const OSSL_CORE_HANDLE *handle; OSSL_LIB_CTX *libctx; diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c index 9b2c190..fc09b64 100644 --- a/src/uadk_prov_init.c +++ b/src/uadk_prov_init.c @@ -120,6 +120,8 @@ static const OSSL_ALGORITHM *uadk_query(void *provctx, int operation_id, return uadk_prov_keymgmt; case OSSL_OP_ASYM_CIPHER: return uadk_prov_asym_cipher; + case OSSL_OP_STORE: + return prov->query_operation(provctx, operation_id, no_cache); } return NULL; } diff --git a/src/uadk_prov_rsa.c b/src/uadk_prov_rsa.c index a342e92..cd9b1e1 100644 --- a/src/uadk_prov_rsa.c +++ b/src/uadk_prov_rsa.c @@ -220,7 +220,7 @@ struct rsa_st { /* Be careful using this if the RSA structure is shared */ CRYPTO_EX_DATA ex_data; - int references; //CRYPTO_REF_COUNT references; + CRYPTO_REF_COUNT references; int flags; /* Used to cache montgomery values */ BN_MONT_CTX *_method_mod_n; @@ -235,8 +235,6 @@ struct rsa_st { typedef struct rsa_st RSA; -typedef int CRYPTO_REF_COUNT; - struct evp_signature_st { int name_id; char *type_name; diff --git a/test/sanity_test.sh b/test/sanity_test.sh index 6a37014..5b61da3 100755 --- a/test/sanity_test.sh +++ b/test/sanity_test.sh @@ -78,14 +78,14 @@ if [[ $signature_algs =~ "uadk_provider" ]]; then openssl speed -provider $engine_id -async_jobs 1 rsa4096 openssl genrsa -out prikey.pem -provider $engine_id 1024 - openssl rsa -in prikey.pem -pubout -out pubkey.pem -provider $engine_id -provider default + openssl rsa -in prikey.pem -pubout -out pubkey.pem -provider $engine_id echo "Content to be encrypted" > plain.txt openssl pkeyutl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt \ - -pkeyopt rsa_padding_mode:pkcs1 -provider uadk_provider -provider default + -pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id openssl pkeyutl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt \ - -pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id -provider default + -pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id fi if [[ $version =~ "1.1.1" ]]; then -- 2.25.1