uadk_provider: adapt uadk_provider with tls 1.3

src/Makefile.am

@@ -61,13 +61,15 @@ uadk_engine_la_SOURCES+=v1/alg/ciphers/sec_ciphers.c \
 endif #WD_KAE
 
 uadk_provider_la_SOURCES=uadk_prov_init.c uadk_async.c uadk_utils.c \
+			 uadk_prov_capabilities.c\
 			 uadk_prov_digest.c uadk_prov_cipher.c \
 			 uadk_prov_rsa.c uadk_prov_rsa_kmgmt.c \
 			 uadk_prov_rsa_enc.c uadk_prov_rsa_sign.c \
 			 uadk_prov_rsa_utils.c \
 			 uadk_prov_dh.c uadk_prov_bio.c \
 			 uadk_prov_der_writer.c uadk_prov_packet.c \
-			 uadk_prov_pkey.c uadk_prov_sm2.c \
+			 uadk_prov_pkey.c uadk_prov_sm2_sign.c \
+			 uadk_prov_sm2_kmgmt.c uadk_prov_sm2_enc.c \
 			 uadk_prov_ffc.c uadk_prov_aead.c \
 			 uadk_prov_ec_kmgmt.c uadk_prov_ecdh_exch.c \
 			 uadk_prov_ecx.c uadk_prov_ecdsa.c \

src/uadk_aead.c

@@ -263,6 +263,7 @@ static int uadk_e_init_aead_cipher(void)
 			return UADK_E_FAIL;
 		}
 
+		mb();
 		g_aead_engine.pid = getpid();
 		pthread_spin_unlock(&g_aead_engine.lock);
 		free(dev);

src/uadk_async.h

@@ -87,6 +87,5 @@ void async_module_uninit(void);
 int async_wake_job(ASYNC_JOB *job);
 void async_free_poll_task(int id, bool is_cb);
 int async_get_free_task(int *id);
-void async_poll_task_free(void);
 ASYNC_JOB *async_get_async_job(void);
 #endif

src/uadk_cipher.c

@@ -448,6 +448,7 @@ static int uadk_e_init_cipher(void)
 		if (ret)
 			goto err_unlock;
 
+		mb();
 		g_cipher_engine.pid = getpid();
 		pthread_spin_unlock(&g_cipher_engine.lock);
 		free(dev);

src/uadk_cipher_adapter.c

@@ -139,7 +139,7 @@ static void uadk_e_create_ciphers(int index)
 	}
 }
 
-int uadk_e_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
+static int uadk_e_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
 {
 	__u32 i;
 

src/uadk_dh.c

@@ -400,6 +400,7 @@ static int uadk_e_dh_init(void)
 	}
 
 	g_dh_res.numa_id = dev->numa_id;
+	mb();
 	g_dh_res.status = UADK_INIT_SUCCESS;
 	pthread_spin_unlock(&g_dh_res.lock);
 	free(dev);

src/uadk_digest.c

@@ -523,6 +523,7 @@ static int uadk_e_init_digest(void)
 		if (ret)
 			goto err_unlock;
 
+		mb();
 		g_digest_engine.pid = getpid();
 		pthread_spin_unlock(&g_digest_engine.lock);
 		free(dev);

src/uadk_ec.c

@@ -191,7 +191,7 @@ static int get_smallest_hw_keybits(int bits)
 		return ECC128BITS;
 }
 
-static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
+static handle_t ecc_alloc_sess(const EC_KEY *eckey, const char *alg)
 {
 	char buff[UADK_ECC_MAX_KEY_BYTES * UADK_ECC_CV_PARAM_NUM];
 	struct sched_params sch_p = {0};
@@ -880,39 +880,11 @@ static int sm2_keygen_init_iot(handle_t sess, struct wd_ecc_req *req)
 	return 0;
 }
 
-static int eckey_create_key(EC_KEY *eckey)
-{
-	BIGNUM *priv_key;
-	int ret;
-
-	priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey);
-	if (priv_key)
-		return 1;
-
-	priv_key = BN_new();
-	if (!priv_key) {
-		fprintf(stderr, "failed to BN_new priv_key\n");
-		return 0;
-	}
-
-	ret = EC_KEY_set_private_key(eckey, priv_key);
-	if (!ret)
-		fprintf(stderr, "failed to set private key\n");
-
-	BN_free(priv_key);
-
-	return ret;
-}
-
 static int ecdh_set_private_key(EC_KEY *eckey, BIGNUM *order)
 {
 	BIGNUM *priv_key;
 	int ret;
 
-	priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey);
-	if (priv_key)
-		return 1;
-
 	priv_key = BN_new();
 	if (!priv_key) {
 		fprintf(stderr, "failed to BN_new priv_key\n");
@@ -987,10 +959,6 @@ static int sm2_generate_key(EC_KEY *eckey)
 	if (ret)
 		goto soft_log;
 
-	ret = eckey_create_key(eckey);
-	if (!ret)
-		goto soft_log;
-
 	ret = uadk_e_ecc_get_support_state(SM2_SUPPORT);
 	if (!ret)
 		goto soft_log;

src/uadk_ecx.c

@@ -806,6 +806,7 @@ static int ecx_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
 
 	if (!key || !(*keylen)) {
 		*keylen = (size_t)derive_ctx->key_size;
+		ecx_uninit(ctx);
 		return UADK_E_SUCCESS;
 	}
 

src/uadk_engine_init.c

@@ -223,6 +223,10 @@ static int uadk_destroy(ENGINE *e)
 	kae_debug_close_log();
 #endif
 
+	pthread_mutex_lock(&uadk_engine_mutex);
+	if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc)
+		async_module_uninit();
+
 	if (uadk_cipher)
 		uadk_e_destroy_ciphers();
 	if (uadk_digest)
@@ -234,10 +238,6 @@ static int uadk_destroy(ENGINE *e)
 	if (uadk_dh)
 		uadk_e_destroy_dh();
 
-	if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc)
-		async_module_uninit();
-
-	pthread_mutex_lock(&uadk_engine_mutex);
 	uadk_inited = 0;
 	pthread_mutex_unlock(&uadk_engine_mutex);
 

src/uadk_pkey.c

@@ -599,6 +599,7 @@ int uadk_init_ecc(void)
 	}
 
 	ecc_res.numa_id = dev->numa_id;
+	mb();
 	ecc_res.status = UADK_INIT_SUCCESS;
 	pthread_spin_unlock(&ecc_res.lock);
 	free(dev);

src/uadk_prov.h

@@ -17,6 +17,7 @@
  */
 #ifndef UADK_PROV_H
 #define UADK_PROV_H
+#include <openssl/bio.h>
 #include <openssl/core_dispatch.h>
 
 #define FUNC_MAX_NUM			32
@@ -45,14 +46,14 @@
 #define PROV_NAMES_SHA2_512_224 "SHA2-512/224:SHA-512/224:SHA512-224:2.16.840.1.101.3.4.2.5"
 #define PROV_NAMES_SHA2_512_256 "SHA2-512/256:SHA-512/256:SHA512-256:2.16.840.1.101.3.4.2.6"
 
+OSSL_FUNC_provider_get_capabilities_fn uadk_get_capabilities;
+
 enum HW_SYMM_ENC_DEV {
 	HW_SYMM_ENC_INVALID = 0x0,
 	HW_SYMM_ENC_V2 = 0x2,
 	HW_SYMM_ENC_V3 = 0x3
 };
 
-typedef int CRYPTO_REF_COUNT;
-
 struct ossl_provider_st {
 	/* Flag bits */
 	unsigned int flag_initialized:1;
@@ -187,6 +188,7 @@ extern const OSSL_DISPATCH uadk_des_ede3_ecb_functions[FUNC_MAX_NUM];
 
 extern const OSSL_DISPATCH uadk_rsa_signature_functions[FUNC_MAX_NUM];
 extern const OSSL_DISPATCH uadk_rsa_keymgmt_functions[FUNC_MAX_NUM];
+extern const OSSL_DISPATCH uadk_rsapss_keymgmt_functions[FUNC_MAX_NUM];
 extern const OSSL_DISPATCH uadk_rsa_asym_cipher_functions[FUNC_MAX_NUM];
 
 extern const OSSL_DISPATCH uadk_dh_keymgmt_functions[FUNC_MAX_NUM];
@@ -219,6 +221,19 @@ int uadk_prov_cipher_version(void);
 int uadk_prov_digest_version(void);
 int uadk_get_sw_offload_state(void);
 void uadk_set_sw_offload_state(int enable);
+void set_default_dh_keymgmt(void);
+void set_default_dh_keyexch(void);
+void set_default_ec_keymgmt(void);
+void set_default_ecdh_keyexch(void);
+void set_default_ecx_keymgmt(void);
+void set_default_ecx_keyexch(void);
+void set_default_rsa_keymgmt(void);
+void set_default_rsapss_keymgmt(void);
+void set_default_rsa_signature(void);
+void set_default_rsa_asym_cipher(void);
+void set_default_sm2_asym_cipher(void);
+void set_default_sm2_signature(void);
+void set_default_sm2_keymgmt(void);
 
 /* offload small packets to sw */
 extern int enable_sw_offload;

src/uadk_prov_aead.c

@@ -293,39 +293,41 @@ static int uadk_prov_aead_dev_init(struct aead_priv_ctx *priv)
 	struct wd_ctx_params cparams = {0};
 	int ret = UADK_AEAD_SUCCESS;
 
-	pthread_atfork(NULL, NULL, uadk_aead_mutex_infork);
-	pthread_mutex_lock(&aead_mutex);
 	if (aprov.pid == getpid())
-		goto mutex_unlock;
+		return ret;
 
 	cparams.op_type_num = UADK_AEAD_OP_NUM;
 	cparams.ctx_set_num = &ctx_set_num;
 	cparams.bmp = numa_allocate_nodemask();
 	if (!cparams.bmp) {
-		ret = UADK_AEAD_FAIL;
 		UADK_ERR("failed to create nodemask!\n");
-		goto mutex_unlock;
+		return UADK_AEAD_FAIL;
 	}
 
 	numa_bitmask_setall(cparams.bmp);
 
 	ctx_set_num.sync_ctx_num = UADK_AEAD_DEF_CTXS;
 	ctx_set_num.async_ctx_num = UADK_AEAD_DEF_CTXS;
 
+	pthread_atfork(NULL, NULL, uadk_aead_mutex_infork);
+	pthread_mutex_lock(&aead_mutex);
+	if (aprov.pid == getpid())
+		goto free_nodemask;
+
 	ret = wd_aead_init2_(priv->alg_name, TASK_MIX, SCHED_POLICY_RR, &cparams);
 	if (unlikely(ret)) {
 		ret = UADK_AEAD_FAIL;
 		UADK_ERR("failed to init aead!\n");
 		goto free_nodemask;
 	}
 
-	aprov.pid = getpid();
 	async_register_poll_fn(ASYNC_TASK_AEAD, uadk_aead_poll);
+	mb();
+	aprov.pid = getpid();
 
 free_nodemask:
-	numa_free_nodemask(cparams.bmp);
-mutex_unlock:
 	pthread_mutex_unlock(&aead_mutex);
+	numa_free_nodemask(cparams.bmp);
 	return ret;
 }