diff --git a/0001-Revert-sanity_test-test-rsa-digest-interface.patch b/0001-Revert-sanity_test-test-rsa-digest-interface.patch new file mode 100644 index 0000000000000000000000000000000000000000..73424a58fe3c7afeb2d9904b3d85aa4e7fa21376 --- /dev/null +++ b/0001-Revert-sanity_test-test-rsa-digest-interface.patch @@ -0,0 +1,32 @@ +From 6b98b1d7affee539f4b1e248aaabb6195718a7cf Mon Sep 17 00:00:00 2001 +From: Eingesch <884071658@qq.com> +Date: Wed, 25 Jun 2025 11:34:03 +0800 +Subject: [PATCH 1/2] Revert "sanity_test: test rsa digest interface:" + +This reverts commit 1840b9bed92905410aac70029d8b14a7a99a1a8a. +--- + test/sanity_test_provider.sh | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/test/sanity_test_provider.sh b/test/sanity_test_provider.sh +index f9552ca..281ebde 100755 +--- a/test/sanity_test_provider.sh ++++ b/test/sanity_test_provider.sh +@@ -80,14 +80,8 @@ if [[ $signature_algs =~ "uadk_provider" ]]; then + + openssl genrsa -out prikey.pem -provider $engine_id 1024 + openssl rsa -in prikey.pem -pubout -out pubkey.pem -provider $engine_id +- + echo "Content to be encrypted" > plain.txt + +- #sign +- openssl dgst -provider $engine_id -sha256 -sign prikey.pem -out rsa.sig plain.txt +- #verify +- openssl dgst -provider $engine_id -sha256 -verify pubkey.pem -signature rsa.sig plain.txt +- + openssl pkeyutl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt \ + -pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id + +-- +2.25.1 + diff --git a/0001-v1-dh-add-iova_map-and-iova_unmap-ops.patch b/0001-v1-dh-add-iova_map-and-iova_unmap-ops.patch deleted file mode 100644 index 42a28b23b6ba4576cdc1be6eaba14879bcb4a9d1..0000000000000000000000000000000000000000 --- a/0001-v1-dh-add-iova_map-and-iova_unmap-ops.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 984b503e018ebc6964e47c3784fd0f204b0c28fd Mon Sep 17 00:00:00 2001 -From: Liulongfang -Date: Tue, 9 Jan 2024 17:28:20 +0800 -Subject: [PATCH 1/3] v1/dh: add iova_map and iova_unmap ops - -If iova_map and iova_unmap ops are not registered, -wcrypto_create_dh_ctx() will return fail since parameters check fails. - -Signed-off-by: Weili Qian ---- - src/v1/alg/dh/hpre_dh_wd.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/v1/alg/dh/hpre_dh_wd.c b/src/v1/alg/dh/hpre_dh_wd.c -index b8ca9a1..556e744 100644 ---- a/src/v1/alg/dh/hpre_dh_wd.c -+++ b/src/v1/alg/dh/hpre_dh_wd.c -@@ -314,6 +314,8 @@ static int hpre_dh_init_eng_ctx(hpre_dh_engine_ctx_t *eng_ctx, int bits, bool is - eng_ctx->dh_setup.cb = hpre_dh_cb; - eng_ctx->dh_setup.br.alloc = kae_wd_alloc_blk; - eng_ctx->dh_setup.br.free = kae_wd_free_blk; -+ eng_ctx->dh_setup.br.iova_map = kae_dma_map; -+ eng_ctx->dh_setup.br.iova_unmap = kae_dma_unmap; - eng_ctx->dh_setup.br.usr = pool; - eng_ctx->dh_setup.is_g2 = is_g2; - eng_ctx->ctx = wcrypto_create_dh_ctx(q, &eng_ctx->dh_setup); --- -2.25.1 - diff --git a/0002-Revert-uadk_provider-rsa-support-rsa-digest-interfac.patch b/0002-Revert-uadk_provider-rsa-support-rsa-digest-interfac.patch new file mode 100644 index 0000000000000000000000000000000000000000..c3fc14489736bbc1add3ddefa38b553c13ef2b83 --- /dev/null +++ b/0002-Revert-uadk_provider-rsa-support-rsa-digest-interfac.patch @@ -0,0 +1,506 @@ +From ac4ccff101dc9453351b2b94905674f26dfa338b Mon Sep 17 00:00:00 2001 +From: Eingesch <884071658@qq.com> +Date: Wed, 25 Jun 2025 11:34:19 +0800 +Subject: [PATCH 2/2] Revert "uadk_provider/rsa: support rsa digest interface" + +This reverts commit ecbe8b54978f54d95f57421c3526bbf13fce6f37. +--- + src/uadk_prov_rsa.c | 396 +++----------------------------------------- + 1 file changed, 19 insertions(+), 377 deletions(-) + +diff --git a/src/uadk_prov_rsa.c b/src/uadk_prov_rsa.c +index 59cdc5d..96ca770 100644 +--- a/src/uadk_prov_rsa.c ++++ b/src/uadk_prov_rsa.c +@@ -23,7 +23,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -64,8 +63,6 @@ + #define GENCB_RETRY 3 + #define PRIME_CHECK_BIT_NUM 4 + +-#define rsa_pss_restricted(prsactx) (prsactx->min_saltlen != -1) +- + UADK_PKEY_KEYMGMT_DESCR(rsa, RSA); + UADK_PKEY_SIGNATURE_DESCR(rsa, RSA); + UADK_PKEY_ASYM_CIPHER_DESCR(rsa, RSA); +@@ -2145,7 +2142,6 @@ static void uadk_signature_rsa_freectx(void *vprsactx) + + free_tbuf(priv); + OPENSSL_clear_free(priv, sizeof(*priv)); +- uadk_prov_destroy_rsa(); + } + + static void *uadk_asym_cipher_rsa_newctx(void *provctx) +@@ -2168,7 +2164,6 @@ static void uadk_asym_cipher_rsa_freectx(void *vprsactx) + return; + + OPENSSL_free(priv); +- uadk_prov_destroy_rsa(); + } + + static int uadk_signature_rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) +@@ -2214,168 +2209,18 @@ static const OSSL_PARAM *uadk_signature_rsa_settable_ctx_params(void *vprsactx, + return settable_ctx_params; + } + +-static int uadk_rsa_check_padding(const PROV_RSA_SIG_CTX *prsactx, +- const char *mdname, const char *mgf1_mdname, +- int mdnid) +-{ +- switch (prsactx->pad_mode) { +- case RSA_NO_PADDING: +- ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE); +- return 0; +- case RSA_X931_PADDING: +- if (RSA_X931_hash_id(mdnid) == -1) { +- ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_X931_DIGEST); +- return 0; +- } +- break; +- case RSA_PKCS1_PSS_PADDING: +- if (rsa_pss_restricted(prsactx)) +- if ((mdname != NULL && !EVP_MD_is_a(prsactx->md, mdname)) || +- (mgf1_mdname != NULL && +- !EVP_MD_is_a(prsactx->mgf1_md, mgf1_mdname))) { +- ERR_raise(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED); +- return 0; +- } +- break; +- default: +- break; +- } +- +- return 1; +-} +- +-int uadk_digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len) +-{ +- size_t i; +- +- if (md == NULL) +- return NID_undef; +- +- for (i = 0; i < it_len; i++) +- if (EVP_MD_is_a(md, it[i].ptr)) +- return (int)it[i].id; +- return NID_undef; +-} +- +-int uadk_digest_get_approved_nid(const EVP_MD *md) +-{ +- static const OSSL_ITEM name_to_nid[] = { +- { NID_sha1, OSSL_DIGEST_NAME_SHA1 }, +- { NID_sha224, OSSL_DIGEST_NAME_SHA2_224 }, +- { NID_sha256, OSSL_DIGEST_NAME_SHA2_256 }, +- { NID_sha384, OSSL_DIGEST_NAME_SHA2_384 }, +- { NID_sha512, OSSL_DIGEST_NAME_SHA2_512 }, +- { NID_sha512_224, OSSL_DIGEST_NAME_SHA2_512_224 }, +- { NID_sha512_256, OSSL_DIGEST_NAME_SHA2_512_256 }, +- { NID_sha3_224, OSSL_DIGEST_NAME_SHA3_224 }, +- { NID_sha3_256, OSSL_DIGEST_NAME_SHA3_256 }, +- { NID_sha3_384, OSSL_DIGEST_NAME_SHA3_384 }, +- { NID_sha3_512, OSSL_DIGEST_NAME_SHA3_512 }, +- }; +- +- return uadk_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); +-} +- +-int uadk_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, +- int sha1_allowed) +-{ +- return uadk_digest_get_approved_nid(md); +-} +- +-static int uadk_rsa_setup_md(PROV_RSA_SIG_CTX *ctx, const char *mdname, +- const char *mdprops) +-{ +- if (mdprops == NULL) +- mdprops = ctx->propq; +- +- if (mdname != NULL) { +- EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); +- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); +- int md_nid = uadk_digest_rsa_sign_get_md_nid(ctx->libctx, md, +- sha1_allowed); +- size_t mdname_len = strlen(mdname); +- +- if (md == NULL || md_nid <= 0 || +- !uadk_rsa_check_padding(ctx, mdname, NULL, md_nid) || +- mdname_len >= sizeof(ctx->mdname)) { +- if (md == NULL) +- ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, +- "%s could not be fetched", mdname); +- if (md_nid <= 0) +- ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, +- "digest=%s", mdname); +- if (mdname_len >= sizeof(ctx->mdname)) +- ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, +- "%s exceeds name buffer length", mdname); +- EVP_MD_free(md); +- return 0; +- } +- +- if (!ctx->mgf1_md_set) { +- if (!EVP_MD_up_ref(md)) { +- EVP_MD_free(md); +- return 0; +- } +- EVP_MD_free(ctx->mgf1_md); +- ctx->mgf1_md = md; +- ctx->mgf1_mdnid = md_nid; +- OPENSSL_strlcpy(ctx->mgf1_mdname, mdname, sizeof(ctx->mgf1_mdname)); +- } +- +- EVP_MD_CTX_free(ctx->mdctx); +- EVP_MD_free(ctx->md); +- ctx->mdctx = NULL; +- ctx->md = md; +- ctx->mdnid = md_nid; +- OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname)); +- } +- +- return 1; +-} +- +-static int uadk_signature_rsa_digest_signverify_init(void *vprsactx, const char *mdname, +- void *vrsa, const OSSL_PARAM params[], +- int operation) +-{ +- PROV_RSA_SIG_CTX *priv = (PROV_RSA_SIG_CTX *)vprsactx; +- +- if (!uadk_rsa_init(vprsactx, vrsa, params, operation)) +- return 0; +- +- if (mdname != NULL && +- (mdname[0] == '\0' || OPENSSL_strcasecmp(priv->mdname, mdname) != 0) && +- !uadk_rsa_setup_md(priv, mdname, priv->propq)) +- return 0; +- +- priv->flag_allow_md = 0; +- +- if (priv->mdctx == NULL) { +- priv->mdctx = EVP_MD_CTX_new(); +- if (priv->mdctx == NULL) +- goto error; +- } +- +- if (!EVP_DigestInit_ex2(priv->mdctx, priv->md, params)) +- goto error; +- +- return 1; +- +-error: +- EVP_MD_CTX_free(priv->mdctx); +- priv->mdctx = NULL; +- return 0; +-} +- + static int uadk_signature_rsa_digest_sign_init(void *vprsactx, const char *mdname, + void *vrsa, const OSSL_PARAM params[]) + { +- return uadk_signature_rsa_digest_signverify_init(vprsactx, mdname, vrsa, +- params, EVP_PKEY_OP_SIGN); ++ if (!get_default_rsa_signature().digest_sign_init) ++ return UADK_E_FAIL; ++ ++ return get_default_rsa_signature().digest_sign_init(vprsactx, mdname, vrsa, params); + } + + static int uadk_signature_rsa_digest_sign_update(void *vprsactx, +- const unsigned char *data, +- size_t datalen) ++ const unsigned char *data, ++ size_t datalen) + { + PROV_RSA_SIG_CTX *priv = (PROV_RSA_SIG_CTX *)vprsactx; + +@@ -2385,130 +2230,19 @@ static int uadk_signature_rsa_digest_sign_update(void *vprsactx, + return EVP_DigestUpdate(priv->mdctx, data, datalen); + } + +-#define ASN1_SEQUENCE_RSA 0x30 +-#define ASN1_OCTET_STRING_ 0x04 +-#define ASN1_NULL 0x05 +-#define ASN1_OID 0x06 +- +-/* SHA OIDs are of the form: (2 16 840 1 101 3 4 2 |n|) */ +-#define ENCODE_DIGESTINFO_SHA(name, n, sz) \ +-static const unsigned char digestinfo_##name##_der[] = { \ +- ASN1_SEQUENCE_RSA, 0x11 + sz, \ +- ASN1_SEQUENCE_RSA, 0x0d, \ +- ASN1_OID, 0x09, 2 * 40 + 16, 0x86, 0x48, 1, 101, 3, 4, 2, n, \ +- ASN1_NULL, 0x00, \ +- ASN1_OCTET_STRING_, sz \ +-} +- +-/* SHA-1 (1 3 14 3 2 26) */ +-static const unsigned char digestinfo_sha1_der[] = { +- ASN1_SEQUENCE_RSA, 0x0d + SHA_DIGEST_LENGTH, +- ASN1_SEQUENCE_RSA, 0x09, +- ASN1_OID, 0x05, 1 * 40 + 3, 14, 3, 2, 26, +- ASN1_NULL, 0x00, +- ASN1_OCTET_STRING_, SHA_DIGEST_LENGTH +-}; +- +-ENCODE_DIGESTINFO_SHA(sha256, 0x01, SHA256_DIGEST_LENGTH); +-ENCODE_DIGESTINFO_SHA(sha384, 0x02, SHA384_DIGEST_LENGTH); +-ENCODE_DIGESTINFO_SHA(sha512, 0x03, SHA512_DIGEST_LENGTH); +-ENCODE_DIGESTINFO_SHA(sha224, 0x04, SHA224_DIGEST_LENGTH); +-ENCODE_DIGESTINFO_SHA(sha512_224, 0x05, SHA224_DIGEST_LENGTH); +-ENCODE_DIGESTINFO_SHA(sha512_256, 0x06, SHA256_DIGEST_LENGTH); +-ENCODE_DIGESTINFO_SHA(sha3_224, 0x07, SHA224_DIGEST_LENGTH); +-ENCODE_DIGESTINFO_SHA(sha3_256, 0x08, SHA256_DIGEST_LENGTH); +-ENCODE_DIGESTINFO_SHA(sha3_384, 0x09, SHA384_DIGEST_LENGTH); +-ENCODE_DIGESTINFO_SHA(sha3_512, 0x0a, SHA512_DIGEST_LENGTH); +- +-#define MD_CASE(name) \ +- case NID_##name: \ +- *len = sizeof(digestinfo_##name##_der); \ +- return digestinfo_##name##_der +- +- +-const unsigned char *uadk_rsa_digestinfo_encoding(int md_nid, size_t *len) +-{ +- switch (md_nid) { +- MD_CASE(sha1); +- MD_CASE(sha224); +- MD_CASE(sha256); +- MD_CASE(sha384); +- MD_CASE(sha512); +- MD_CASE(sha512_224); +- MD_CASE(sha512_256); +- MD_CASE(sha3_224); +- MD_CASE(sha3_256); +- MD_CASE(sha3_384); +- MD_CASE(sha3_512); +- default: +- return NULL; +- } +-} +- +-/* Size of an SSL signature: MD5+SHA1 */ +-#define SSL_SIG_LENGTH 36 +- +-/* +- * Encodes a DigestInfo prefix of hash |type| and digest |m|, as +- * described in EMSA-PKCS1-v1_5-ENCODE, RFC 3447 section 9.2 step 2. This +- * encodes the DigestInfo (T and tLen) but does not add the padding. +- * +- * On success, it returns one and sets |*out| to a newly allocated buffer +- * containing the result and |*out_len| to its length. The caller must free +- * |*out| with OPENSSL_free(). Otherwise, it returns zero. +- */ +-static int encode_pkcs1(unsigned char **out, size_t *out_len, int type, +- const unsigned char *m, size_t m_len) +-{ +- size_t di_prefix_len, dig_info_len; +- const unsigned char *di_prefix; +- unsigned char *dig_info; +- +- if (type == NID_undef) { +- ERR_raise(ERR_LIB_RSA, RSA_R_UNKNOWN_ALGORITHM_TYPE); +- return 0; +- } +- di_prefix = uadk_rsa_digestinfo_encoding(type, &di_prefix_len); +- if (di_prefix == NULL) { +- ERR_raise(ERR_LIB_RSA, +- RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); +- return 0; +- } +- dig_info_len = di_prefix_len + m_len; +- dig_info = OPENSSL_malloc(dig_info_len); +- if (dig_info == NULL) { +- ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- memcpy(dig_info, di_prefix, di_prefix_len); +- memcpy(dig_info + di_prefix_len, m, m_len); +- +- *out = dig_info; +- *out_len = dig_info_len; +- return 1; +-} +- + static int uadk_signature_rsa_digest_sign_final(void *vprsactx, unsigned char *sig, +- size_t *siglen, size_t sigsize) ++ size_t *siglen, size_t sigsize) + { + PROV_RSA_SIG_CTX *priv = (PROV_RSA_SIG_CTX *)vprsactx; + unsigned char digest[EVP_MAX_MD_SIZE]; +- const unsigned char *encoded = NULL; +- unsigned char *tmps = NULL; + unsigned int dlen = 0; +- size_t encoded_len = 0; +- size_t rsasize; +- int ret; + + if (priv == NULL) + return UADK_E_FAIL; ++ priv->flag_allow_md = 1; + + if (priv->mdctx == NULL) + return UADK_E_FAIL; +- +- priv->flag_allow_md = 1; +- rsasize = uadk_rsa_size(priv->rsa); +- + /* + * If sig is NULL then we're just finding out the sig size. Other fields + * are ignored. Defer to rsa_sign. +@@ -2520,72 +2254,36 @@ static int uadk_signature_rsa_digest_sign_final(void *vprsactx, unsigned char *s + */ + if (!EVP_DigestFinal_ex(priv->mdctx, digest, &dlen)) + return UADK_E_FAIL; +- } else { +- *siglen = rsasize; +- return 1; +- } +- +- if (priv->pad_mode == RSA_PKCS1_PADDING) { +- /* Compute the encoded digest. */ +- if (priv->mdnid == NID_md5_sha1) { +- /* +- * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and +- * earlier. It has no DigestInfo wrapper but otherwise is +- * RSASSA-PKCS1-v1_5. +- */ +- if (dlen != SSL_SIG_LENGTH) { +- ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MESSAGE_LENGTH); +- return 0; +- } +- encoded_len = SSL_SIG_LENGTH; +- encoded = digest; +- } else { +- if (!encode_pkcs1(&tmps, &encoded_len, priv->mdnid, digest, dlen)) +- goto err; +- encoded = tmps; +- } + } + +- ret = uadk_prov_rsa_private_sign(encoded_len, encoded, sig, priv->rsa, priv->pad_mode); +- if (ret == UADK_DO_SOFT || ret == UADK_E_FAIL) +- goto exe_soft; +- +- return ret; +-err: +- OPENSSL_clear_free(tmps, encoded_len); +-exe_soft: +- if (ret == UADK_DO_SOFT) +- uadk_rsa_sw_sign(vprsactx, sig, siglen, sigsize, digest, dlen); +- return UADK_E_FAIL; ++ return uadk_signature_rsa_sign(vprsactx, sig, siglen, sigsize, ++ digest, (size_t)dlen); + } + + static int uadk_signature_rsa_digest_verify_init(void *vprsactx, const char *mdname, + void *vrsa, const OSSL_PARAM params[]) + { +- return uadk_signature_rsa_digest_signverify_init(vprsactx, mdname, vrsa, +- params, EVP_PKEY_OP_VERIFY); ++ if (!get_default_rsa_signature().digest_verify_init) ++ return UADK_E_FAIL; ++ ++ return get_default_rsa_signature().digest_verify_init(vprsactx, mdname, vrsa, params); + } + + static int uadk_signature_rsa_digest_verify_update(void *vprsactx, const unsigned char *data, + size_t datalen) + { +- PROV_RSA_SIG_CTX *priv = (PROV_RSA_SIG_CTX *)vprsactx; +- +- if (priv == NULL || priv->mdctx == NULL) +- return 0; ++ if (!get_default_rsa_signature().digest_verify_update) ++ return UADK_E_FAIL; + +- return EVP_DigestUpdate(priv->mdctx, data, datalen); ++ return get_default_rsa_signature().digest_verify_update(vprsactx, data, datalen); + } + + static int uadk_signature_rsa_digest_verify_final(void *vprsactx, const unsigned char *sig, + size_t siglen) + { + PROV_RSA_SIG_CTX *priv = (PROV_RSA_SIG_CTX *)vprsactx; +- unsigned char *decrypt_buf = NULL, *encoded = NULL; +- size_t decrypt_len, encoded_len = 0; + unsigned char digest[EVP_MAX_MD_SIZE]; +- unsigned int dlen = 0, len; +- int ret = UADK_E_FAIL; ++ unsigned int dlen = 0; + + if (priv == NULL) + return UADK_E_FAIL; +@@ -2600,63 +2298,7 @@ static int uadk_signature_rsa_digest_verify_final(void *vprsactx, const unsigned + if (!EVP_DigestFinal_ex(priv->mdctx, digest, &dlen)) + return UADK_E_FAIL; + +- +- if (priv->pad_mode == RSA_PKCS1_PADDING) { +- if (siglen != (size_t)uadk_rsa_size(priv->rsa)) { +- ERR_raise(ERR_LIB_RSA, RSA_R_WRONG_SIGNATURE_LENGTH); +- return 0; +- } +- +- /* Recover the encoded digest. */ +- decrypt_buf = OPENSSL_malloc(siglen); +- if (decrypt_buf == NULL) { +- ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- len = uadk_prov_rsa_public_verify(siglen, sig, decrypt_buf, +- priv->rsa, priv->pad_mode); +- if (len <= 0) +- goto err; +- decrypt_len = len; +- +- if (priv->mdnid == NID_md5_sha1) { +- /* +- * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and +- * earlier. It has no DigestInfo wrapper but otherwise is +- * RSASSA-PKCS1-v1_5. +- */ +- if (decrypt_len != SSL_SIG_LENGTH) { +- ERR_raise(ERR_LIB_RSA, RSA_R_BAD_SIGNATURE); +- goto err; +- } +- +- if (siglen != SSL_SIG_LENGTH) { +- ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MESSAGE_LENGTH); +- goto err; +- } +- +- if (memcmp(decrypt_buf, sig, SSL_SIG_LENGTH) != 0) { +- ERR_raise(ERR_LIB_RSA, RSA_R_BAD_SIGNATURE); +- goto err; +- } +- } else { +- /* Construct the encoded digest and ensure it matches. */ +- if (!encode_pkcs1(&encoded, &encoded_len, priv->mdnid, digest, dlen)) +- goto err; +- +- if (encoded_len != decrypt_len +- || memcmp(encoded, decrypt_buf, encoded_len) != 0) { +- ERR_raise(ERR_LIB_RSA, RSA_R_BAD_SIGNATURE); +- goto err; +- } +- } +- ret = 1; +- } +-err: +- OPENSSL_clear_free(encoded, encoded_len); +- OPENSSL_clear_free(decrypt_buf, siglen); +- return ret; ++ return uadk_signature_rsa_verify(vprsactx, sig, siglen, digest, (size_t)dlen); + } + + static void *uadk_signature_rsa_dupctx(void *vprsactx) +-- +2.25.1 + diff --git a/0002-uadk_util-fix-clang-build-error.patch b/0002-uadk_util-fix-clang-build-error.patch deleted file mode 100644 index 66198b2379e3456d03ef50dc6287946a7a8fd957..0000000000000000000000000000000000000000 --- a/0002-uadk_util-fix-clang-build-error.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 0f4d9a02e3a2984a48535e6a38107a0f61631e5d Mon Sep 17 00:00:00 2001 -From: Zhangfei Gao -Date: Wed, 17 Jan 2024 14:09:11 +0000 -Subject: [PATCH 2/3] uadk_util: fix clang build error - -autoreconf -i -./configure CC=clang -make -j8 - -reports error: -uadk_utils.c:53:33: error: unknown register name 'q0' in asm -uadk_utils.c:53:39: error: unknown register name 'q1' in asm - -Fix with "v0", "v1", instead of "q0", "q1" - -Signed-off-by: Zhangfei Gao ---- - src/uadk_utils.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/uadk_utils.c b/src/uadk_utils.c -index 275a124..4a50bc4 100644 ---- a/src/uadk_utils.c -+++ b/src/uadk_utils.c -@@ -50,7 +50,7 @@ static void *memcpy_large(void *dstpp, const void *srcpp, size_t len) - - : [res] "+r"(dstpp) - : [src] "r"(srcpp), [count] "r"(len) -- : "x3", "x4", "x5", "x14", "q0", "q1" -+ : "x3", "x4", "x5", "x14", "v0", "v1" - ); - - return dstpp; --- -2.25.1 - diff --git a/0003-uadk_engine-add-secure-compilation-option.patch b/0003-uadk_engine-add-secure-compilation-option.patch deleted file mode 100644 index 78eb436561407c4dbf4161d9a98c23f95c68f336..0000000000000000000000000000000000000000 --- a/0003-uadk_engine-add-secure-compilation-option.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 638ee431907af6e9f4916e95a4f367e14499e819 Mon Sep 17 00:00:00 2001 -From: Qi Tao -Date: Thu, 18 Jan 2024 21:12:11 +0800 -Subject: [PATCH 3/3] uadk_engine: add secure compilation option -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Add PIE, PIC, BIND_NOW, SP, NO Rpath/RunPath, FS, -Ftrapv and Strip compilation options. - -PIC(-fPIC): - Generate position-Independent-Code and andomly load - dynamic libraries. -PIE(-fPIE -pie): - Generate location-independent executables,which - reduces the probability of fixed address attacks - and buffer overflow attacks. -BIND_NOW(-Wl,-z,relro,-z,now): - GOT table redirects all read-only,which defends - against ret2plt attacks. -SP(-fstack-protector-strong/all): - Determine whether an overflow attack occurs. -Strip(-Wl,-s): - Deleting symbol tables defends against hacker - attacks and reduces the file size. -FS(-D_FORTIFY_SOURCE=2 -O2): - Provides access checks for fixed-size buffers - at compile time and at run time. -Ftrapv(-ftrapv): - Detects integer overflow. -NO Rpath/RunPath(hardcode_into_libs=no): - Eliminates dynamic library search paths, - which defense against attacks by replacing - dynamic libraries with the same name. - -Signed-off-by: Qi Tao ---- - configure.ac | 1 + - src/Makefile.am | 2 ++ - 2 files changed, 3 insertions(+) - -diff --git a/configure.ac b/configure.ac -index 6c5369e..99b85e9 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -7,6 +7,7 @@ AC_CONFIG_HEADERS([config.h]) - - AC_PROG_CC - LT_INIT -+AC_SUBST([hardcode_into_libs], [no]) - - AC_ARG_ENABLE(kae, - AS_HELP_STRING([--enable-kae],[Enable kae support])) -diff --git a/src/Makefile.am b/src/Makefile.am -index c4b8aa9..e014052 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -18,6 +18,8 @@ uadk_engine_la_LIBADD=-ldl $(WD_LIBS) -lpthread - uadk_engine_la_LDFLAGS=-module -version-number $(VERSION) - uadk_engine_la_CFLAGS=$(WD_CFLAGS) $(libcrypto_CFLAGS) - uadk_engine_la_CFLAGS+=-DCRYPTO -+uadk_engine_la_CFLAGS+=-fPIC -fPIE -pie -fstack-protector-strong -D_FORTIFY_SOURCE=2 \ -+ -O2 -ftrapv -Wl,-z,relro,-z,now -Wl,-s - - AUTOMAKE_OPTIONS = subdir-objects - --- -2.25.1 - diff --git a/0004-uadk_engine-cleanup-code-style-of-async-functions.patch b/0004-uadk_engine-cleanup-code-style-of-async-functions.patch deleted file mode 100644 index 68be9126fa53c276df6c5129676af94d548c254b..0000000000000000000000000000000000000000 --- a/0004-uadk_engine-cleanup-code-style-of-async-functions.patch +++ /dev/null @@ -1,343 +0,0 @@ -From 54e2cf93c7a362031e7dacf550afe286b5a4656a Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Fri, 29 Mar 2024 10:13:22 +0800 -Subject: [PATCH 4/7] uadk_engine: cleanup code style of async functions - -Cleanup the return value and judgment code style -of async mode functions. - -Signed-off-by: Zhiqi Song -Signed-off-by: JiangShui Yang ---- - src/uadk_async.c | 126 +++++++++++++++++++++++------------------------ - src/uadk_async.h | 3 ++ - 2 files changed, 64 insertions(+), 65 deletions(-) - -diff --git a/src/uadk_async.c b/src/uadk_async.c -index 726ee09..1558996 100644 ---- a/src/uadk_async.c -+++ b/src/uadk_async.c -@@ -50,83 +50,79 @@ static void async_fd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, - int async_setup_async_event_notification(struct async_op *op) - { - ASYNC_WAIT_CTX *waitctx; -+ void *custom = NULL; - OSSL_ASYNC_FD efd; -- void *custom; - - memset(op, 0, sizeof(struct async_op)); - op->job = ASYNC_get_current_job(); -- if (op->job == NULL) -- return 1; -+ if (!op->job) -+ return DO_SYNC; - - waitctx = ASYNC_get_wait_ctx(op->job); -- if (waitctx == NULL) -- return 0; -+ if (!waitctx) -+ return UADK_E_FAIL; - -- if (ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, -- &efd, &custom) == 0) { -+ if (!ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom)) { - efd = eventfd(0, EFD_NONBLOCK); - if (efd == -1) -- return 0; -+ return UADK_E_FAIL; - -- if (ASYNC_WAIT_CTX_set_wait_fd(waitctx, uadk_async_key, efd, -- custom, async_fd_cleanup) == 0) { -+ if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, uadk_async_key, efd, -+ custom, async_fd_cleanup)) { - async_fd_cleanup(waitctx, uadk_async_key, efd, NULL); -- return 0; -+ return UADK_E_FAIL; - } - } - -- return 1; -+ return UADK_E_SUCCESS; - } - - int async_clear_async_event_notification(void) - { -- ASYNC_JOB *job; -+ size_t num_add_fds, num_del_fds; - ASYNC_WAIT_CTX *waitctx; -- OSSL_ASYNC_FD efd; -- size_t num_add_fds; -- size_t num_del_fds; - void *custom = NULL; -+ OSSL_ASYNC_FD efd; -+ ASYNC_JOB *job; - - job = ASYNC_get_current_job(); -- if (job == NULL) -- return 0; -+ if (!job) -+ return UADK_E_FAIL; - - waitctx = ASYNC_get_wait_ctx(job); -- if (waitctx == NULL) -- return 0; -+ if (!waitctx) -+ return UADK_E_FAIL; - -- if (ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &num_add_fds, -- NULL, &num_del_fds) == 0) -- return 0; -+ if (!ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &num_add_fds, NULL, &num_del_fds)) -+ return UADK_E_FAIL; - - if (num_add_fds > 0) { -- if (ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, -- &efd, &custom) == 0) -- return 0; -+ if (!ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom)) -+ return UADK_E_FAIL; - - async_fd_cleanup(waitctx, uadk_async_key, efd, NULL); - -- if (ASYNC_WAIT_CTX_clear_fd(waitctx, uadk_async_key) == 0) -- return 0; -+ if (!ASYNC_WAIT_CTX_clear_fd(waitctx, uadk_async_key)) -+ return UADK_E_FAIL; - } - -- return 1; -+ return UADK_E_SUCCESS; - } - - void async_poll_task_free(void) - { -- int error; - struct async_poll_task *task; -+ int error; - - /* Disable async poll state first */ - uadk_e_set_async_poll_state(DISABLE_ASYNC_POLLING); - - error = pthread_mutex_lock(&poll_queue.async_task_mutex); -- if (error != 0) -+ if (error) - return; - - task = poll_queue.head; -- if (task != NULL) -+ if (task) - OPENSSL_free(task); - - poll_queue.head = NULL; -@@ -146,13 +142,13 @@ static int async_get_poll_task(int *id) - while (!poll_queue.status[idx]) { - idx = (idx + 1) % ASYNC_QUEUE_TASK_NUM; - if (cnt++ == ASYNC_QUEUE_TASK_NUM) -- return 0; -+ return UADK_E_FAIL; - } - - *id = idx; - poll_queue.rid = (idx + 1) % ASYNC_QUEUE_TASK_NUM; - -- return 1; -+ return UADK_E_SUCCESS; - } - - static struct async_poll_task *async_get_queue_task(void) -@@ -161,11 +157,11 @@ static struct async_poll_task *async_get_queue_task(void) - struct async_poll_task *task_queue; - int idx, ret; - -- if (pthread_mutex_lock(&poll_queue.async_task_mutex) != 0) -+ if (pthread_mutex_lock(&poll_queue.async_task_mutex)) - return NULL; - - ret = async_get_poll_task(&idx); -- if (!ret) -+ if (ret == UADK_E_FAIL) - goto err; - - task_queue = poll_queue.head; -@@ -173,10 +169,10 @@ static struct async_poll_task *async_get_queue_task(void) - poll_queue.is_recv = 0; - - err: -- if (pthread_mutex_unlock(&poll_queue.async_task_mutex) != 0) -+ if (pthread_mutex_unlock(&poll_queue.async_task_mutex)) - return NULL; - -- if (cur_task && cur_task->op == NULL) -+ if (cur_task && !cur_task->op) - return NULL; - - return cur_task; -@@ -184,7 +180,7 @@ err: - - void async_free_poll_task(int id, bool is_cb) - { -- if (pthread_mutex_lock(&poll_queue.async_task_mutex) != 0) -+ if (pthread_mutex_lock(&poll_queue.async_task_mutex)) - return; - - poll_queue.status[id] = 0; -@@ -192,7 +188,7 @@ void async_free_poll_task(int id, bool is_cb) - if (is_cb) - poll_queue.is_recv = 1; - -- if (pthread_mutex_unlock(&poll_queue.async_task_mutex) != 0) -+ if (pthread_mutex_unlock(&poll_queue.async_task_mutex)) - return; - - (void)sem_post(&poll_queue.empty_sem); -@@ -205,17 +201,17 @@ int async_get_free_task(int *id) - int idx, ret; - int cnt = 0; - -- if (sem_wait(&poll_queue.empty_sem) != 0) -- return 0; -+ if (sem_wait(&poll_queue.empty_sem)) -+ return UADK_E_FAIL; - -- if (pthread_mutex_lock(&poll_queue.async_task_mutex) != 0) -- return 0; -+ if (pthread_mutex_lock(&poll_queue.async_task_mutex)) -+ return UADK_E_FAIL; - - idx = poll_queue.sid; - while (poll_queue.status[idx]) { - idx = (idx + 1) % ASYNC_QUEUE_TASK_NUM; - if (cnt++ == ASYNC_QUEUE_TASK_NUM) { -- ret = 0; -+ ret = UADK_E_FAIL; - goto out; - } - } -@@ -226,11 +222,11 @@ int async_get_free_task(int *id) - task_queue = poll_queue.head; - task = &task_queue[idx]; - task->op = NULL; -- ret = 1; -+ ret = UADK_E_SUCCESS; - - out: -- if (pthread_mutex_unlock(&poll_queue.async_task_mutex) != 0) -- return 0; -+ if (pthread_mutex_unlock(&poll_queue.async_task_mutex)) -+ return UADK_E_FAIL; - - return ret; - } -@@ -249,9 +245,9 @@ static int async_add_poll_task(void *ctx, struct async_op *op, enum task_type ty - - ret = sem_post(&poll_queue.full_sem); - if (ret) -- return 0; -+ return UADK_E_FAIL; - -- return 1; -+ return UADK_E_SUCCESS; - } - - int async_pause_job(void *ctx, struct async_op *op, enum task_type type) -@@ -263,16 +259,16 @@ int async_pause_job(void *ctx, struct async_op *op, enum task_type type) - int ret; - - ret = async_add_poll_task(ctx, op, type); -- if (ret == 0) -+ if (!ret) - return ret; - - waitctx = ASYNC_get_wait_ctx((ASYNC_JOB *)op->job); -- if (waitctx == NULL) -- return 0; -+ if (!waitctx) -+ return UADK_E_FAIL; - - do { -- if (ASYNC_pause_job() == 0) -- return 0; -+ if (!ASYNC_pause_job()) -+ return UADK_E_FAIL; - - ret = ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom); - if (ret <= 0) -@@ -293,13 +289,13 @@ int async_wake_job(ASYNC_JOB *job) - { - ASYNC_WAIT_CTX *waitctx; - OSSL_ASYNC_FD efd; -- void *custom; - uint64_t buf = 1; -+ void *custom; - int ret; - - waitctx = ASYNC_get_wait_ctx(job); -- if (waitctx == NULL) -- return 0; -+ if (!waitctx) -+ return UADK_E_FAIL; - - ret = ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom); - if (ret > 0) { -@@ -329,7 +325,7 @@ static void *async_poll_process_func(void *args) - int ret, idx; - - while (uadk_e_get_async_poll_state()) { -- if (sem_wait(&poll_queue.full_sem) != 0) { -+ if (sem_wait(&poll_queue.full_sem)) { - if (errno == EINTR) { - /* sem_wait is interrupted by interrupt, continue */ - continue; -@@ -337,7 +333,7 @@ static void *async_poll_process_func(void *args) - } - - task = async_get_queue_task(); -- if (task == NULL) { -+ if (!task) { - (void)sem_post(&poll_queue.full_sem); - usleep(1); - continue; -@@ -364,11 +360,11 @@ int async_module_init(void) - memset(&poll_queue, 0, sizeof(struct async_poll_queue)); - - if (pthread_mutex_init(&(poll_queue.async_task_mutex), NULL) < 0) -- return 0; -+ return UADK_E_FAIL; - - poll_queue.head = OPENSSL_malloc(ASYNC_QUEUE_TASK_NUM * sizeof(struct async_poll_task)); -- if (poll_queue.head == NULL) -- return 0; -+ if (!poll_queue.head) -+ return UADK_E_FAIL; - - if (sem_init(&poll_queue.empty_sem, 0, ASYNC_QUEUE_TASK_NUM) != 0) - goto err; -@@ -384,9 +380,9 @@ int async_module_init(void) - goto err; - - poll_queue.thread_id = thread_id; -- return 1; -+ return UADK_E_SUCCESS; - - err: - async_poll_task_free(); -- return 0; -+ return UADK_E_FAIL; - } -diff --git a/src/uadk_async.h b/src/uadk_async.h -index 6857927..5d73b60 100644 ---- a/src/uadk_async.h -+++ b/src/uadk_async.h -@@ -23,6 +23,9 @@ - #include - - #define ASYNC_QUEUE_TASK_NUM 1024 -+#define UADK_E_SUCCESS 1 -+#define UADK_E_FAIL 0 -+#define DO_SYNC 1 - - struct async_op { - ASYNC_JOB *job; --- -2.25.1 - diff --git a/0005-cipher-cleanup-repeated-function-invoking.patch b/0005-cipher-cleanup-repeated-function-invoking.patch deleted file mode 100644 index edf968d05f2b9ab3cf93ecfb14a2031b357eb676..0000000000000000000000000000000000000000 --- a/0005-cipher-cleanup-repeated-function-invoking.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 1cfb48c6d086fc82ea6b72bd9b8cb3c5cacac2b8 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Fri, 29 Mar 2024 10:13:23 +0800 -Subject: [PATCH 5/7] cipher: cleanup repeated function invoking - -Cleanup repeated function invoking of EVP_CIPHER_CTX_nid(). - -Signed-off-by: Zhiqi Song -Signed-off-by: JiangShui Yang ---- - src/uadk_cipher.c | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index 7b4ebd8..b506c22 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -39,6 +39,7 @@ - #define IV_LEN 16 - #define ENV_ENABLED 1 - #define MAX_KEY_LEN 64 -+#define SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT 192 - - struct cipher_engine { - struct wd_ctx_config ctx_cfg; -@@ -75,8 +76,6 @@ struct cipher_info { - __u32 out_bytes; - }; - --#define SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT 192 -- - static EVP_CIPHER *uadk_aes_128_cbc; - static EVP_CIPHER *uadk_aes_192_cbc; - static EVP_CIPHER *uadk_aes_256_cbc; -@@ -189,9 +188,9 @@ static int uadk_e_cipher_sw_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - return 0; - } - -- sw_cipher = sec_ciphers_get_cipher_sw_impl(EVP_CIPHER_CTX_nid(ctx)); -+ nid = EVP_CIPHER_CTX_nid(ctx); -+ sw_cipher = sec_ciphers_get_cipher_sw_impl(nid); - if (unlikely(sw_cipher == NULL)) { -- nid = EVP_CIPHER_CTX_nid(ctx); - fprintf(stderr, "get openssl software cipher failed, nid = %d.\n", nid); - return 0; - } --- -2.25.1 - diff --git a/0006-digest-add-ctx-allocation-check.patch b/0006-digest-add-ctx-allocation-check.patch deleted file mode 100644 index 707ae3ad722e8b81443515a0941735f596685302..0000000000000000000000000000000000000000 --- a/0006-digest-add-ctx-allocation-check.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 07324a0cdcad935e7d3449b8ff8907ca1c2a6b58 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Fri, 29 Mar 2024 10:13:24 +0800 -Subject: [PATCH 6/7] digest: add ctx allocation check - -Add result check of EVP_MD_CTX_new(). - -Signed-off-by: Zhiqi Song -Signed-off-by: JiangShui Yang ---- - src/uadk_digest.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index 8ab1b83..43bbf60 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -204,6 +204,8 @@ static int digest_soft_init(struct digest_priv_ctx *md_ctx) - /* Allocate a soft ctx for hardware engine */ - if (md_ctx->soft_ctx == NULL) - md_ctx->soft_ctx = EVP_MD_CTX_new(); -+ if (md_ctx->soft_ctx == NULL) -+ return 0; - - ctx = md_ctx->soft_ctx; - --- -2.25.1 - diff --git a/0007-sm2-add-ctx-allocation-check.patch b/0007-sm2-add-ctx-allocation-check.patch deleted file mode 100644 index fe0356ca9789a2941dad5022e0f5b07a324354c2..0000000000000000000000000000000000000000 --- a/0007-sm2-add-ctx-allocation-check.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 75ee064d69f687aa43cff40ce2061db1afe75f85 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Fri, 29 Mar 2024 10:13:25 +0800 -Subject: [PATCH 7/7] sm2: add ctx allocation check - -Add result check of EVP_MD_CTX_new(). - -Signed-off-by: Zhiqi Song -Signed-off-by: JiangShui Yang ---- - src/uadk_sm2.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c -index 8421931..c0a5303 100644 ---- a/src/uadk_sm2.c -+++ b/src/uadk_sm2.c -@@ -152,9 +152,13 @@ static int compute_hash(const char *in, size_t in_len, - char *out, size_t out_len, void *usr) - { - const EVP_MD *digest = (const EVP_MD *)usr; -- EVP_MD_CTX *hash = EVP_MD_CTX_new(); -+ EVP_MD_CTX *hash; - int ret = 0; - -+ hash = EVP_MD_CTX_new(); -+ if (!hash) -+ return -1; -+ - if (EVP_DigestInit(hash, digest) == 0 || - EVP_DigestUpdate(hash, in, in_len) == 0 || - EVP_DigestFinal(hash, (void *)out, NULL) == 0) { --- -2.25.1 - diff --git a/uadk_engine-1.3.0.tar.gz b/uadk_engine-1.3.0.tar.gz deleted file mode 100644 index 5875ec19b38eab044d586eb516cdcc2f18dffb79..0000000000000000000000000000000000000000 Binary files a/uadk_engine-1.3.0.tar.gz and /dev/null differ diff --git a/uadk_engine-1.6.0.tar.gz b/uadk_engine-1.6.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..abc1b2a560a10d417746d2ecd10cadc5efeb96c8 Binary files /dev/null and b/uadk_engine-1.6.0.tar.gz differ diff --git a/uadk_engine.spec b/uadk_engine.spec index 91314cb026691550dfe218a68d13fe2ccc90a203..f8a231d19707f973a6cb05f4415b5143e4205d72 100644 --- a/uadk_engine.spec +++ b/uadk_engine.spec @@ -1,7 +1,8 @@ +%define soversion 1 Name: uadk_engine Summary: UADK Accelerator Engine -Version: 1.3.0 -Release: 2 +Version: 1.6.0 +Release: 1 License: Apache-2.0 Source: %{name}-%{version}.tar.gz ExclusiveOS: linux @@ -10,74 +11,94 @@ Prefix: /usr/local/lib/engines-1.1 Conflicts: %{name} < %{version}-%{release} Provides: %{name} = %{version}-%{release} BuildRequires: libwd >= 2.6.0 -BuildRequires: compat-openssl11-devel sed autoconf automake libtool numactl-devel +BuildRequires: compat-openssl11-libs openssl-devel sed autoconf automake libtool numactl-devel ExclusiveArch: aarch64 -Patch0001: 0001-v1-dh-add-iova_map-and-iova_unmap-ops.patch -Patch0002: 0002-uadk_util-fix-clang-build-error.patch -Patch0003: 0003-uadk_engine-add-secure-compilation-option.patch -Patch0004: 0004-uadk_engine-cleanup-code-style-of-async-functions.patch -Patch0005: 0005-cipher-cleanup-repeated-function-invoking.patch -Patch0006: 0006-digest-add-ctx-allocation-check.patch -Patch0007: 0007-sm2-add-ctx-allocation-check.patch +Patch0001: 0001-Revert-sanity_test-test-rsa-digest-interface.patch +Patch0002: 0002-Revert-uadk_provider-rsa-support-rsa-digest-interfac.patch %description -This package contains the UADK Accelerator Engine +This package contains the UADK Accelerator Engine. +In this version, uadk_engine.rpm not only supports the engine 1 +function of openssl1.1, but also supports the provider function +of openssl3.0. %global debug_package %{nil} %prep -%autosetup -n %{name} -p1 +%autosetup -n %{name}-%{version} -p1 %build +tar -zxvf %{_builddir}/%{name}-%{version}/openssl.tar.gz +%define pkg_dir %{_builddir}/%{name}-%{version}/openssl%{_libdir}/pkgconfig +%define openssl_dir %{_builddir}/%{name}-%{version}/openssl/usr +echo "prefix=%{openssl_dir}" | cat - %{pkg_dir}/libcrypto.pc > tmp && mv tmp %{pkg_dir}/libcrypto.pc + +export PKG_CONFIG_PATH=%{pkg_dir} + autoreconf -i chmod +x configure ./configure --enable-kae make %install -mkdir -p ${RPM_BUILD_ROOT}/usr/local/lib/engines-1.1 -install -b -m755 src/.libs/uadk_engine.so.%{version} ${RPM_BUILD_ROOT}/usr/local/lib/engines-1.1 +mkdir -p ${RPM_BUILD_ROOT}%{_libdir}/engines-1.1 +install -b -m755 src/.libs/uadk_engine.so.%{version} ${RPM_BUILD_ROOT}%{_libdir}/engines-1.1 +for lib in $RPM_BUILD_ROOT%{_libdir}/engines-1.1/*.so.%{version} ; do + ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/engines-1.1/`basename ${lib} .%{version}` + ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/engines-1.1/`basename ${lib} .%{version}`.%{soversion} +done + +make clean +unset PKG_CONFIG_PATH +autoreconf -i +./configure --libdir=/usr/lib64/ossl-modules/ +make + +mkdir -p ${RPM_BUILD_ROOT}%{_libdir}/ossl-modules/ +install -b -m755 src/.libs/uadk_provider.so.%{version} ${RPM_BUILD_ROOT}%{_libdir}/ossl-modules/ +for lib in $RPM_BUILD_ROOT%{_libdir}/ossl-modules/*.so.%{version} ; do + ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/ossl-modules/`basename ${lib} .%{version}` + ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/ossl-modules/`basename ${lib} .%{version}`.%{soversion} +done %clean rm -rf ${RPM_BUILD_ROOT} %files %defattr(755,root,root) -/usr/local/lib/engines-1.1/uadk_engine.so.%{version} - -%pre -if [ "$1" = "2" ] ; then #2: update - rm -rf $RPM_INSTALL_PREFIX/uadk_engine.so > /dev/null 2>&1 || true - rm -rf $RPM_INSTALL_PREFIX/uadk_engine.so.0 > /dev/null 2>&1 || true -fi +%{_libdir}/engines-1.1/* +%{_libdir}/ossl-modules/* %post -if [[ "$1" = "1" || "$1" = "2" ]] ; then #1: install 2: update - ln -sf $RPM_INSTALL_PREFIX/uadk_engine.so.%{version} $RPM_INSTALL_PREFIX/uadk_engine.so - ln -sf $RPM_INSTALL_PREFIX/uadk_engine.so.%{version} $RPM_INSTALL_PREFIX/uadk_engine.so.0 -fi /sbin/ldconfig -%preun -if [ "$1" = "0" ] ; then #0: uninstall - rm -rf $RPM_INSTALL_PREFIX/uadk_engine.so > /dev/null 2>&1 || true - rm -rf $RPM_INSTALL_PREFIX/uadk_engine.so.0 > /dev/null 2>&1 || true - rm -f /var/log/uadk_engine.log > /dev/null 2>&1 || true - rm -f /var/log/uadk_engine.log.old > /dev/null 2>&1 || true -fi - %postun /sbin/ldconfig %changelog -* Sun Apr 7 2024 JiangShui Yang 1.2.0-1 -- Backport uadk engine patch +* Wed Jun 25 2025 JiangShui Yang 1.6.0-1 + - uadk_engine: update to 1.6.0 -* Mon Mar 20 2023 linwenkai 1.0.0-10 -- Backport uadk engine build patch +* Sun Apr 27 2025 JiangShui Yang 1.5.0-5 + - resolved the problem that the src package fails to be built. -* Thu Feb 9 2023 linwenkai 1.0.0-9 -- Fix uadk engine build compatiable problem +* Sun Apr 27 2025 JiangShui Yang 1.5.0-4 + - uadk_provider: add soft switching function for uadk_provider + +* Fri Apr 25 2025 JiangShui Yang 1.5.0-3 + - uadk_provider: add soft switching function for uadk_provider + +* Thu Feb 27 2025 JiangShui Yang 1.5.0-2 + - uadk_provider: the x25519 and ecdsa algorithms are supported. + +* Wed Dec 11 2024 JiangShui Yang 1.5.0-1 + - uadk_engine: adding the uadk_provider library + +* Fri Nov 22 2024 JiangShui Yang 1.3.0-3 + - Backport uadk engine patch + +* Thu Nov 21 2024 JiangShui Yang 1.3.0-2 + - Backport uadk engine patch * Mon Jan 22 2024 Zhangfei Gao 1.3.0-1 - uadk_eingine: update to 1.3.0 @@ -94,7 +115,7 @@ fi * Fri Dec 16 2022 JiangShui Yang 1.0.0-8 - Backport uadk engine patch for v1.0.1 -* Tus Jul 26 2022 Yang Shen 1.0.0-7 +* Tue Jul 26 2022 Yang Shen 1.0.0-7 - Backport uadk engine patch from v1.0.0 to v1.0.1 * Mon Mar 21 2022 linwenkai 1.0.0-6