162 lines
5.4 KiB
Diff
162 lines
5.4 KiB
Diff
From db09ea12d7a95247022f8907b3321c3cb4b42900 Mon Sep 17 00:00:00 2001
|
|
From: Zhangfei Gao <zhangfei.gao@linaro.org>
|
|
Date: Fri, 20 Oct 2023 08:46:18 +0000
|
|
Subject: [PATCH 50/63] uadk_prov: reuse OSSL_OP_STORE from default provider
|
|
|
|
The store func is provided in default provider, so "-provider default"
|
|
is required. otherwise errors reported:
|
|
|
|
Could not open file or uri for loading private key from privatekey1.pem
|
|
2020D5BEFFFF0000:error:16000069:STORE routines:ossl_store_get0_loader_int:\
|
|
unregistered scheme:crypto/store/store_register.c:237:scheme=file
|
|
2020D5BEFFFF0000:error:1608010C:STORE routines:inner_loader_fetch: \
|
|
unsupported:crypto/store/store_meth.c:356:No store loader found. \
|
|
For standard store loaders you need at least one of the default or base \
|
|
providers available. Did you forget to load them? Info: \
|
|
Global default library context, Scheme (file : 0), Properties (<null>)
|
|
|
|
Instead, uadk_provider can provide OSSL_OP_STORE by reusing
|
|
the default provider's prov->query_operation
|
|
|
|
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
|
|
---
|
|
src/uadk_prov.h | 62 ++++++++++++++++++++++++++++++++++++++++++++
|
|
src/uadk_prov_init.c | 2 ++
|
|
src/uadk_prov_rsa.c | 4 +--
|
|
test/sanity_test.sh | 6 ++---
|
|
4 files changed, 68 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/src/uadk_prov.h b/src/uadk_prov.h
|
|
index efb29ee..01e799e 100644
|
|
--- a/src/uadk_prov.h
|
|
+++ b/src/uadk_prov.h
|
|
@@ -18,6 +18,68 @@
|
|
#ifndef UADK_PROV_H
|
|
#define UADK_PROV_H
|
|
|
|
+typedef int CRYPTO_REF_COUNT;
|
|
+
|
|
+struct ossl_provider_st {
|
|
+ /* Flag bits */
|
|
+ unsigned int flag_initialized:1;
|
|
+ unsigned int flag_activated:1;
|
|
+ unsigned int flag_fallback:1; /* Can be used as fallback */
|
|
+
|
|
+ /* Getting and setting the flags require synchronization */
|
|
+ CRYPTO_RWLOCK *flag_lock;
|
|
+
|
|
+ /* OpenSSL library side data */
|
|
+ CRYPTO_REF_COUNT refcnt;
|
|
+ CRYPTO_RWLOCK *refcnt_lock; /* For the ref counter */
|
|
+ int activatecnt;
|
|
+ char *name;
|
|
+ char *path;
|
|
+ void *module;
|
|
+ OSSL_provider_init_fn *init_function;
|
|
+
|
|
+ STACK_OF(INFOPAIR) * parameters;
|
|
+ OSSL_LIB_CTX *libctx; /* The library context this instance is in */
|
|
+ struct provider_store_st *store; /* The store this instance belongs to */
|
|
+#ifndef FIPS_MODULE
|
|
+ /*
|
|
+ * In the FIPS module inner provider, this isn't needed, since the
|
|
+ * error upcalls are always direct calls to the outer provider.
|
|
+ */
|
|
+ int error_lib; /* ERR library number, one for each provider */
|
|
+# ifndef OPENSSL_NO_ERR
|
|
+ char *error_strings; /* Copy of what the provider gives us */
|
|
+# endif
|
|
+#endif
|
|
+
|
|
+ /* Provider side functions */
|
|
+ OSSL_FUNC_provider_teardown_fn * teardown;
|
|
+ OSSL_FUNC_provider_gettable_params_fn *gettable_params;
|
|
+ OSSL_FUNC_provider_get_params_fn *get_params;
|
|
+ OSSL_FUNC_provider_get_capabilities_fn *get_capabilities;
|
|
+ OSSL_FUNC_provider_self_test_fn *self_test;
|
|
+ OSSL_FUNC_provider_query_operation_fn *query_operation;
|
|
+ OSSL_FUNC_provider_unquery_operation_fn *unquery_operation;
|
|
+
|
|
+ /*
|
|
+ * Cache of bit to indicate of query_operation() has been called on
|
|
+ * a specific operation or not.
|
|
+ */
|
|
+ unsigned char *operation_bits;
|
|
+ size_t operation_bits_sz;
|
|
+ CRYPTO_RWLOCK *opbits_lock;
|
|
+
|
|
+#ifndef FIPS_MODULE
|
|
+ /* Whether this provider is the child of some other provider */
|
|
+ const OSSL_CORE_HANDLE * handle;
|
|
+ unsigned int ischild:1;
|
|
+#endif
|
|
+
|
|
+ /* Provider side data */
|
|
+ void *provctx;
|
|
+ const OSSL_DISPATCH *dispatch;
|
|
+};
|
|
+
|
|
struct uadk_prov_ctx {
|
|
const OSSL_CORE_HANDLE *handle;
|
|
OSSL_LIB_CTX *libctx;
|
|
diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c
|
|
index 9b2c190..fc09b64 100644
|
|
--- a/src/uadk_prov_init.c
|
|
+++ b/src/uadk_prov_init.c
|
|
@@ -120,6 +120,8 @@ static const OSSL_ALGORITHM *uadk_query(void *provctx, int operation_id,
|
|
return uadk_prov_keymgmt;
|
|
case OSSL_OP_ASYM_CIPHER:
|
|
return uadk_prov_asym_cipher;
|
|
+ case OSSL_OP_STORE:
|
|
+ return prov->query_operation(provctx, operation_id, no_cache);
|
|
}
|
|
return NULL;
|
|
}
|
|
diff --git a/src/uadk_prov_rsa.c b/src/uadk_prov_rsa.c
|
|
index a342e92..cd9b1e1 100644
|
|
--- a/src/uadk_prov_rsa.c
|
|
+++ b/src/uadk_prov_rsa.c
|
|
@@ -220,7 +220,7 @@ struct rsa_st {
|
|
/* Be careful using this if the RSA structure is shared */
|
|
CRYPTO_EX_DATA ex_data;
|
|
|
|
- int references; //CRYPTO_REF_COUNT references;
|
|
+ CRYPTO_REF_COUNT references;
|
|
int flags;
|
|
/* Used to cache montgomery values */
|
|
BN_MONT_CTX *_method_mod_n;
|
|
@@ -235,8 +235,6 @@ struct rsa_st {
|
|
|
|
typedef struct rsa_st RSA;
|
|
|
|
-typedef int CRYPTO_REF_COUNT;
|
|
-
|
|
struct evp_signature_st {
|
|
int name_id;
|
|
char *type_name;
|
|
diff --git a/test/sanity_test.sh b/test/sanity_test.sh
|
|
index 6a37014..5b61da3 100755
|
|
--- a/test/sanity_test.sh
|
|
+++ b/test/sanity_test.sh
|
|
@@ -78,14 +78,14 @@ if [[ $signature_algs =~ "uadk_provider" ]]; then
|
|
openssl speed -provider $engine_id -async_jobs 1 rsa4096
|
|
|
|
openssl genrsa -out prikey.pem -provider $engine_id 1024
|
|
- openssl rsa -in prikey.pem -pubout -out pubkey.pem -provider $engine_id -provider default
|
|
+ openssl rsa -in prikey.pem -pubout -out pubkey.pem -provider $engine_id
|
|
echo "Content to be encrypted" > plain.txt
|
|
|
|
openssl pkeyutl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt \
|
|
- -pkeyopt rsa_padding_mode:pkcs1 -provider uadk_provider -provider default
|
|
+ -pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id
|
|
|
|
openssl pkeyutl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt \
|
|
- -pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id -provider default
|
|
+ -pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id
|
|
fi
|
|
|
|
if [[ $version =~ "1.1.1" ]]; then
|
|
--
|
|
2.25.1
|
|
|