From: Weili Qian <qianweili@huawei.com> Set the default provider when initializing the uadk provider to avoid data races that may occur when setting the default provider during business operations. Signed-off-by: Weili Qian <qianweili@huawei.com> --- src/uadk_prov.h | 12 +++++ src/uadk_prov_dh.c | 51 +++++++++++++------- src/uadk_prov_ec_kmgmt.c | 19 ++++++++ src/uadk_prov_ecdh_exch.c | 33 ++++++------- src/uadk_prov_ecx.c | 97 ++++++++++++++++++++++++--------------- src/uadk_prov_init.c | 81 +++++++++++++++++++++----------- src/uadk_prov_pkey.h | 19 -------- src/uadk_prov_rsa_enc.c | 34 ++++++-------- src/uadk_prov_rsa_kmgmt.c | 20 ++++++++ src/uadk_prov_rsa_sign.c | 34 ++++++-------- src/uadk_prov_sm2.c | 88 +++++++++++++++++++---------------- 11 files changed, 293 insertions(+), 195 deletions(-) diff --git a/src/uadk_prov.h b/src/uadk_prov.h index ac0de58..62a26fe 100644 --- a/src/uadk_prov.h +++ b/src/uadk_prov.h @@ -219,6 +219,18 @@ int uadk_prov_cipher_version(void); int uadk_prov_digest_version(void); int uadk_get_sw_offload_state(void); void uadk_set_sw_offload_state(int enable); +void set_default_dh_keymgmt(void); +void set_default_dh_keyexch(void); +void set_default_ec_keymgmt(void); +void set_default_ecdh_keyexch(void); +void set_default_ecx_keymgmt(void); +void set_default_ecx_keyexch(void); +void set_default_rsa_keymgmt(void); +void set_default_rsa_signature(void); +void set_default_rsa_asym_cipher(void); +void set_default_sm2_asym_cipher(void); +void set_default_sm2_signature(void); +void set_default_sm2_keymgmt(void); /* offload small packets to sw */ extern int enable_sw_offload; diff --git a/src/uadk_prov_dh.c b/src/uadk_prov_dh.c index 5bbab62..a89e555 100644 --- a/src/uadk_prov_dh.c +++ b/src/uadk_prov_dh.c @@ -60,29 +60,46 @@ UADK_PKEY_KEYMGMT_DESCR(dh, DH); UADK_PKEY_KEYEXCH_DESCR(dh, DH); static pthread_mutex_t dh_mutex = PTHREAD_MUTEX_INITIALIZER; -static pthread_mutex_t dh_default_mutex = PTHREAD_MUTEX_INITIALIZER; -static UADK_PKEY_KEYEXCH get_default_dh_keyexch(void) + +static UADK_PKEY_KEYEXCH s_keyexch; +static UADK_PKEY_KEYMGMT s_keymgmt; + +static UADK_PKEY_KEYMGMT get_default_dh_keymgmt(void) { - static UADK_PKEY_KEYEXCH s_keyexch; - static int initialized; - - pthread_mutex_lock(&dh_default_mutex); - if (!initialized) { - UADK_PKEY_KEYEXCH *keyexch = - (UADK_PKEY_KEYEXCH *)EVP_KEYEXCH_fetch(NULL, "dh", "provider=default"); - if (keyexch) { - s_keyexch = *keyexch; - EVP_KEYEXCH_free((EVP_KEYEXCH *)keyexch); - initialized = 1; - } else { - UADK_ERR("failed to EVP_KEYEXCH_fetch default dh provider\n"); - } + return s_keymgmt; +} + +void set_default_dh_keymgmt(void) +{ + UADK_PKEY_KEYMGMT *keymgmt; + + keymgmt = (UADK_PKEY_KEYMGMT *)EVP_KEYMGMT_fetch(NULL, "DH", "provider=default"); + if (keymgmt) { + s_keymgmt = *keymgmt; + EVP_KEYMGMT_free((EVP_KEYMGMT *)keymgmt); + } else { + UADK_INFO("failed to EVP_KEYMGMT_fetch dh default provider\n"); } - pthread_mutex_unlock(&dh_default_mutex); +} +static UADK_PKEY_KEYEXCH get_default_dh_keyexch(void) +{ return s_keyexch; } +void set_default_dh_keyexch(void) +{ + UADK_PKEY_KEYEXCH *keyexch; + + keyexch = (UADK_PKEY_KEYEXCH *)EVP_KEYEXCH_fetch(NULL, "DH", "provider=default"); + if (keyexch) { + s_keyexch = *keyexch; + EVP_KEYEXCH_free((EVP_KEYEXCH *)keyexch); + } else { + UADK_INFO("failed to EVP_KEYEXCH_fetch dh default provider\n"); + } +} + struct dh_st { /* * This first argument is used to pick up errors when a DH is passed diff --git a/src/uadk_prov_ec_kmgmt.c b/src/uadk_prov_ec_kmgmt.c index d3d4763..bd5cbd9 100644 --- a/src/uadk_prov_ec_kmgmt.c +++ b/src/uadk_prov_ec_kmgmt.c @@ -37,6 +37,25 @@ static const OSSL_ITEM check_group_type_nameid_map[] = { }; UADK_PKEY_KEYMGMT_DESCR(ec, EC); +static UADK_PKEY_KEYMGMT s_keymgmt; + +static UADK_PKEY_KEYMGMT get_default_ec_keymgmt(void) +{ + return s_keymgmt; +} + +void set_default_ec_keymgmt(void) +{ + UADK_PKEY_KEYMGMT *keymgmt; + + keymgmt = (UADK_PKEY_KEYMGMT *)EVP_KEYMGMT_fetch(NULL, "EC", "provider=default"); + if (keymgmt) { + s_keymgmt = *keymgmt; + EVP_KEYMGMT_free((EVP_KEYMGMT *)keymgmt); + } else { + UADK_INFO("failed to EVP_KEYMGMT_fetch EC default provider\n"); + } +} static int ec_param_check(struct ec_gen_ctx *gctx, EC_KEY *ec) { diff --git a/src/uadk_prov_ecdh_exch.c b/src/uadk_prov_ecdh_exch.c index 898e367..3ee7e5e 100644 --- a/src/uadk_prov_ecdh_exch.c +++ b/src/uadk_prov_ecdh_exch.c @@ -73,29 +73,26 @@ struct ecdh_sess_ctx { }; UADK_PKEY_KEYEXCH_DESCR(ecdh, ECDH); -static pthread_mutex_t ecdh_mutex = PTHREAD_MUTEX_INITIALIZER; +static UADK_PKEY_KEYEXCH s_keyexch; + static UADK_PKEY_KEYEXCH get_default_ecdh_keyexch(void) { - static UADK_PKEY_KEYEXCH s_keyexch; - static int initialized; - - pthread_mutex_lock(&ecdh_mutex); - if (!initialized) { - UADK_PKEY_KEYEXCH *keyexch = - (UADK_PKEY_KEYEXCH *)EVP_KEYEXCH_fetch(NULL, "ecdh", "provider=default"); - if (keyexch) { - s_keyexch = *keyexch; - EVP_KEYEXCH_free((EVP_KEYEXCH *)keyexch); - initialized = 1; - } else { - UADK_ERR("failed to EVP_KEYEXCH_fetch default X448 provider\n"); - } - } - pthread_mutex_unlock(&ecdh_mutex); - return s_keyexch; } +void set_default_ecdh_keyexch(void) +{ + UADK_PKEY_KEYEXCH *keyexch; + + keyexch = (UADK_PKEY_KEYEXCH *)EVP_KEYEXCH_fetch(NULL, "ecdh", "provider=default"); + if (keyexch) { + s_keyexch = *keyexch; + EVP_KEYEXCH_free((EVP_KEYEXCH *)keyexch); + } else { + UADK_INFO("failed to EVP_KEYEXCH_fetch default ecdh provider\n"); + } +} + static size_t ecdh_get_ec_size(const EC_GROUP *group) { size_t degree; diff --git a/src/uadk_prov_ecx.c b/src/uadk_prov_ecx.c index 878ac96..ebdfec4 100644 --- a/src/uadk_prov_ecx.c +++ b/src/uadk_prov_ecx.c @@ -51,55 +51,78 @@ static inline int UADK_CRYPTO_DOWN_REF(int *val, int *ret, __atomic_thread_fence(__ATOMIC_ACQUIRE); return 1; } -static pthread_mutex_t x25519_mutex = PTHREAD_MUTEX_INITIALIZER; -static pthread_mutex_t x448_mutex = PTHREAD_MUTEX_INITIALIZER; + +static UADK_PKEY_KEYEXCH s_x448_keyexch; +static UADK_PKEY_KEYEXCH s_x25519_keyexch; + +static UADK_PKEY_KEYMGMT s_x448_keymgmt; +static UADK_PKEY_KEYMGMT s_x25519_keymgmt; UADK_PKEY_KEYMGMT_DESCR(x448, X448); UADK_PKEY_KEYEXCH_DESCR(x448, X448); +UADK_PKEY_KEYMGMT_DESCR(x25519, X25519); +UADK_PKEY_KEYEXCH_DESCR(x25519, X25519); + +static UADK_PKEY_KEYEXCH get_default_x25519_keyexch(void) +{ + return s_x25519_keyexch; +} + static UADK_PKEY_KEYEXCH get_default_x448_keyexch(void) { - static UADK_PKEY_KEYEXCH s_keyexch; - static int initilazed; - - pthread_mutex_lock(&x448_mutex); - if (!initilazed) { - UADK_PKEY_KEYEXCH *keyexch = - (UADK_PKEY_KEYEXCH *)EVP_KEYEXCH_fetch(NULL, "X448", "provider=default"); - if (keyexch) { - s_keyexch = *keyexch; - EVP_KEYEXCH_free((EVP_KEYEXCH *)keyexch); - initilazed = 1; - } else { - UADK_ERR("failed to EVP_KEYEXCH_fetch default X448 provider\n"); - } + return s_x448_keyexch; +} + +void set_default_ecx_keyexch(void) +{ + UADK_PKEY_KEYEXCH *keyexch; + + keyexch = (UADK_PKEY_KEYEXCH *)EVP_KEYEXCH_fetch(NULL, "X448", "provider=default"); + if (keyexch) { + s_x448_keyexch = *keyexch; + EVP_KEYEXCH_free((EVP_KEYEXCH *)keyexch); + } else { + UADK_INFO("failed to EVP_KEYEXCH_fetch default X448 provider\n"); } - pthread_mutex_unlock(&x448_mutex); - return s_keyexch; + keyexch = (UADK_PKEY_KEYEXCH *)EVP_KEYEXCH_fetch(NULL, "X25519", "provider=default"); + if (keyexch) { + s_x25519_keyexch = *keyexch; + EVP_KEYEXCH_free((EVP_KEYEXCH *)keyexch); + } else { + UADK_INFO("failed to EVP_KEYEXCH_fetch default X25519 provider\n"); + } } -UADK_PKEY_KEYMGMT_DESCR(x25519, X25519); -UADK_PKEY_KEYEXCH_DESCR(x25519, X25519); -static UADK_PKEY_KEYEXCH get_default_x25519_keyexch(void) +static UADK_PKEY_KEYMGMT get_default_x25519_keymgmt(void) { - static UADK_PKEY_KEYEXCH s_keyexch; - static int initialized; - - pthread_mutex_lock(&x25519_mutex); - if (!initialized) { - UADK_PKEY_KEYEXCH *keyexch = - (UADK_PKEY_KEYEXCH *)EVP_KEYEXCH_fetch(NULL, "X25519", "provider=default"); - if (keyexch) { - s_keyexch = *keyexch; - EVP_KEYEXCH_free((EVP_KEYEXCH *)keyexch); - initialized = 1; - } else { - UADK_ERR("failed to EVP_KEYEXCH_fetch default X25519 provider\n"); - } + return s_x25519_keymgmt; +} + +static UADK_PKEY_KEYMGMT get_default_x448_keymgmt(void) +{ + return s_x448_keymgmt; +} + +void set_default_ecx_keymgmt(void) +{ + UADK_PKEY_KEYMGMT *keymgmt; + + keymgmt = (UADK_PKEY_KEYMGMT *)EVP_KEYMGMT_fetch(NULL, "X448", "provider=default"); + if (keymgmt) { + s_x448_keymgmt = *keymgmt; + EVP_KEYEXCH_free((EVP_KEYEXCH *)keymgmt); + } else { + UADK_INFO("failed to EVP_KEYMGMT_fetch X448 default provider\n"); } - pthread_mutex_unlock(&x25519_mutex); - return s_keyexch; + keymgmt = (UADK_PKEY_KEYMGMT *)EVP_KEYMGMT_fetch(NULL, "X25519", "provider=default"); + if (keymgmt) { + s_x25519_keymgmt = *keymgmt; + EVP_KEYEXCH_free((EVP_KEYEXCH *)keymgmt); + } else { + UADK_INFO("failed to EVP_KEYMGMT_fetch X25519 default provider\n"); + } } typedef enum { diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c index 0e050e1..406a0e3 100644 --- a/src/uadk_prov_init.c +++ b/src/uadk_prov_init.c @@ -666,34 +666,53 @@ static OSSL_ALGORITHM *uadk_generate_keyexch_array_v3(void) return keyexch_array_v3; } +static void uadk_set_default_alg(void) +{ + set_default_dh_keymgmt(); + set_default_dh_keyexch(); + set_default_ec_keymgmt(); + set_default_ecdh_keyexch(); + set_default_ecx_keymgmt(); + set_default_ecx_keyexch(); + set_default_rsa_keymgmt(); + set_default_rsa_asym_cipher(); + set_default_rsa_signature(); + set_default_sm2_asym_cipher(); + set_default_sm2_keymgmt(); + set_default_sm2_signature(); +} + +static int uadk_set_default_prov(OSSL_LIB_CTX *libctx) +{ + if (default_prov) + return UADK_P_SUCCESS; + + default_prov = OSSL_PROVIDER_load(libctx, "default"); + if (!default_prov) { + printf("failed to load default provider\n"); + return UADK_P_FAIL; + } + /* + * uadk_provider takes the highest priority + * and overwrite the openssl.cnf property. + */ + EVP_set_default_properties(libctx, "?provider=uadk_provider"); + /* + * In asynchronous scenarios, if random numbers are obtained using + * uadk provider cipher, deadlocks may occur. Therefore, random numbers are + * obtained using default provider cipher. + */ + (void)RAND_set_DRBG_type(libctx, NULL, "provider=default", NULL, NULL); + uadk_set_default_alg(); + + return UADK_P_SUCCESS; +} + static const OSSL_ALGORITHM *uadk_query(void *provctx, int operation_id, int *no_cache) { - OSSL_LIB_CTX *libctx; - static int prov_init; int ver; - if (__atomic_compare_exchange_n(&prov_init, &(int){0}, 1, false, __ATOMIC_SEQ_CST, - __ATOMIC_SEQ_CST)) { - libctx = prov_libctx_of(provctx); - default_prov = OSSL_PROVIDER_load(libctx, "default"); - if (!default_prov) { - UADK_ERR("failed to load default provider\n"); - return NULL; - } - /* - * uadk_provider takes the highest priority - * and overwrite the openssl.cnf property. - */ - EVP_set_default_properties(libctx, "?provider=uadk_provider"); - /* - * In asynchronous scenarios, if random numbers are obtained using - * uadk provider cipher, deadlocks may occur. Therefore, random numbers are - * obtained using default provider cipher. - */ - (void)RAND_set_DRBG_type(libctx, NULL, "provider=default", NULL, NULL); - } - if (no_cache) *no_cache = 0; @@ -995,10 +1014,12 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, ctx->libctx = (OSSL_LIB_CTX *)c_get_libctx(handle); ret = uadk_prov_ctx_set_core_bio_method(ctx); - if (!ret) { - OPENSSL_free(ctx); - return UADK_P_FAIL; - } + if (!ret) + goto free_ctx; + + ret = uadk_set_default_prov(ctx->libctx); + if (!ret) + goto free_corebiometh; ret = async_module_init(); if (!ret) @@ -1009,4 +1030,10 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, *out = uadk_dispatch_table; return UADK_P_SUCCESS; + +free_corebiometh: + BIO_meth_free(ctx->corebiometh); +free_ctx: + OPENSSL_free(ctx); + return UADK_P_FAIL; } diff --git a/src/uadk_prov_pkey.h b/src/uadk_prov_pkey.h index 7891011..7a77c5c 100644 --- a/src/uadk_prov_pkey.h +++ b/src/uadk_prov_pkey.h @@ -187,25 +187,6 @@ static OSSL_FUNC_keymgmt_export_fn uadk_keymgmt_##nm##_export; \ static OSSL_FUNC_keymgmt_export_types_fn uadk_keymgmt_##nm##_export_types; \ static OSSL_FUNC_keymgmt_dup_fn uadk_keymgmt_##nm##_dup; \ static OSSL_FUNC_keymgmt_query_operation_name_fn uadk_keymgmt_##nm##_query_operation_name; \ -static UADK_PKEY_KEYMGMT get_default_##nm##_keymgmt(void) \ -{ \ - static UADK_PKEY_KEYMGMT s_keymgmt; \ - static int initilazed; \ - \ - if (!initilazed) { \ - UADK_PKEY_KEYMGMT *keymgmt = \ - (UADK_PKEY_KEYMGMT *)EVP_KEYMGMT_fetch(NULL, #alg, "provider=default"); \ - \ - if (keymgmt) { \ - s_keymgmt = *keymgmt; \ - EVP_KEYMGMT_free((EVP_KEYMGMT *)keymgmt); \ - initilazed = 1; \ - } else { \ - fprintf(stderr, "failed to EVP_KEYMGMT_fetch default provider\n"); \ - } \ - } \ - return s_keymgmt; \ -} \ const OSSL_DISPATCH uadk_##nm##_keymgmt_functions[] = { \ { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))uadk_keymgmt_##nm##_new }, \ { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))uadk_keymgmt_##nm##_free }, \ diff --git a/src/uadk_prov_rsa_enc.c b/src/uadk_prov_rsa_enc.c index d4f8106..c6545c4 100644 --- a/src/uadk_prov_rsa_enc.c +++ b/src/uadk_prov_rsa_enc.c @@ -48,31 +48,27 @@ struct PROV_RSA_ASYM_CTX { unsigned int soft : 1; }; -static pthread_mutex_t asym_mutex = PTHREAD_MUTEX_INITIALIZER; +static UADK_PKEY_ASYM_CIPHER s_asym_cipher; static UADK_PKEY_ASYM_CIPHER get_default_rsa_asym_cipher(void) { - static UADK_PKEY_ASYM_CIPHER s_asym_cipher; - static int initilazed; - - pthread_mutex_lock(&asym_mutex); - if (!initilazed) { - UADK_PKEY_ASYM_CIPHER *asym_cipher = - (UADK_PKEY_ASYM_CIPHER *)EVP_ASYM_CIPHER_fetch(NULL, "RSA", - "provider=default"); - - if (asym_cipher) { - s_asym_cipher = *asym_cipher; - EVP_ASYM_CIPHER_free((EVP_ASYM_CIPHER *)asym_cipher); - initilazed = 1; - } else { - UADK_ERR("failed to EVP_ASYM_CIPHER_fetch default RSA provider\n"); - } - } - pthread_mutex_unlock(&asym_mutex); return s_asym_cipher; } +void set_default_rsa_asym_cipher(void) +{ + UADK_PKEY_ASYM_CIPHER *asym_cipher; + + asym_cipher = (UADK_PKEY_ASYM_CIPHER *)EVP_ASYM_CIPHER_fetch(NULL, + "RSA", "provider=default"); + if (asym_cipher) { + s_asym_cipher = *asym_cipher; + EVP_ASYM_CIPHER_free((EVP_ASYM_CIPHER *)asym_cipher); + } else { + UADK_INFO("failed to EVP_ASYM_CIPHER_fetch rsa default provider\n"); + } +} + /** * Checks and removes PKCS#1 v1.5 padding for TLS RSA decryption. * This function validates and strips PKCS#1 type 2 (v1.5) padding from an RSA-encrypted diff --git a/src/uadk_prov_rsa_kmgmt.c b/src/uadk_prov_rsa_kmgmt.c index f71eed3..a3cf065 100644 --- a/src/uadk_prov_rsa_kmgmt.c +++ b/src/uadk_prov_rsa_kmgmt.c @@ -74,6 +74,26 @@ struct rsa_gen_ctx { void *cbarg; }; +static UADK_PKEY_KEYMGMT s_keymgmt; + +static UADK_PKEY_KEYMGMT get_default_rsa_keymgmt(void) +{ + return s_keymgmt; +} + +void set_default_rsa_keymgmt(void) +{ + UADK_PKEY_KEYMGMT *keymgmt; + + keymgmt = (UADK_PKEY_KEYMGMT *)EVP_KEYMGMT_fetch(NULL, "RSA", "provider=default"); + if (keymgmt) { + s_keymgmt = *keymgmt; + EVP_KEYMGMT_free((EVP_KEYMGMT *)keymgmt); + } else { + UADK_INFO("failed to EVP_KEYMGMT_fetch rsa default provider\n"); + } +} + static void uadk_rsa_clear_flags(RSA *r, int flags) { r->flags &= ~flags; diff --git a/src/uadk_prov_rsa_sign.c b/src/uadk_prov_rsa_sign.c index 5009a0b..a297601 100644 --- a/src/uadk_prov_rsa_sign.c +++ b/src/uadk_prov_rsa_sign.c @@ -68,33 +68,29 @@ struct PROV_RSA_SIG_CTX { unsigned int soft : 1; }; -static pthread_mutex_t sig_mutex = PTHREAD_MUTEX_INITIALIZER; - static int encode_pkcs1(unsigned char **out, size_t *out_len, int type, const unsigned char *m, size_t m_len); +static UADK_PKEY_SIGNATURE s_signature; + static UADK_PKEY_SIGNATURE get_default_rsa_signature(void) { - static UADK_PKEY_SIGNATURE s_signature; - static int initilazed; - - pthread_mutex_lock(&sig_mutex); - if (!initilazed) { - UADK_PKEY_SIGNATURE *signature = - (UADK_PKEY_SIGNATURE *)EVP_SIGNATURE_fetch(NULL, "RSA", "provider=default"); - - if (signature) { - s_signature = *signature; - EVP_SIGNATURE_free((EVP_SIGNATURE *)signature); - initilazed = 1; - } else { - UADK_ERR("failed to EVP_SIGNATURE_fetch default RSA provider\n"); - } - } - pthread_mutex_unlock(&sig_mutex); return s_signature; } +void set_default_rsa_signature(void) +{ + UADK_PKEY_SIGNATURE *signature; + + signature = (UADK_PKEY_SIGNATURE *)EVP_SIGNATURE_fetch(NULL, "RSA", "provider=default"); + if (signature) { + s_signature = *signature; + EVP_SIGNATURE_free((EVP_SIGNATURE *)signature); + } else { + UADK_INFO("failed to EVP_SIGNATURE_fetch rsa default provider\n"); + } +} + static size_t uadk_rsa_get_md_size(struct PROV_RSA_SIG_CTX *prsactx) { if (prsactx->md != NULL) diff --git a/src/uadk_prov_sm2.c b/src/uadk_prov_sm2.c index 03c4e1e..83378f1 100644 --- a/src/uadk_prov_sm2.c +++ b/src/uadk_prov_sm2.c @@ -36,9 +36,6 @@ #define SM2_DEFAULT_USERID "1234567812345678" #define SM2_DEFAULT_USERID_LEN 16 -static pthread_mutex_t sign_mutex = PTHREAD_MUTEX_INITIALIZER; -static pthread_mutex_t asym_mutex = PTHREAD_MUTEX_INITIALIZER; - UADK_PKEY_KEYMGMT_DESCR(sm2, SM2); UADK_PKEY_SIGNATURE_DESCR(sm2, SM2); UADK_PKEY_ASYM_CIPHER_DESCR(sm2, SM2); @@ -221,6 +218,28 @@ ASN1_SEQUENCE(SM2_Ciphertext) = { IMPLEMENT_ASN1_FUNCTIONS(SM2_Ciphertext) +static UADK_PKEY_KEYMGMT s_keymgmt; +static UADK_PKEY_ASYM_CIPHER s_asym_cipher; +static UADK_PKEY_SIGNATURE s_signature; + +static UADK_PKEY_KEYMGMT get_default_sm2_keymgmt(void) +{ + return s_keymgmt; +} + +void set_default_sm2_keymgmt(void) +{ + UADK_PKEY_KEYMGMT *keymgmt; + + keymgmt = (UADK_PKEY_KEYMGMT *)EVP_KEYMGMT_fetch(NULL, "SM2", "provider=default"); + if (keymgmt) { + s_keymgmt = *keymgmt; + EVP_KEYMGMT_free((EVP_KEYMGMT *)keymgmt); + } else { + UADK_INFO("failed to EVP_KEYMGMT_fetch sm2 default provider\n"); + } +} + static const char *uadk_keymgmt_sm2_query_operation_name(int operation_id) { if (!get_default_sm2_keymgmt().query_operation_name) { @@ -711,26 +730,22 @@ free_ec_key: static UADK_PKEY_SIGNATURE get_default_sm2_signature(void) { - static UADK_PKEY_SIGNATURE s_signature; - static int initilazed; - - pthread_mutex_lock(&sign_mutex); - if (!initilazed) { - UADK_PKEY_SIGNATURE *signature = - (UADK_PKEY_SIGNATURE *)EVP_SIGNATURE_fetch(NULL, "SM2", "provider=default"); - if (signature) { - s_signature = *signature; - EVP_SIGNATURE_free((EVP_SIGNATURE *)signature); - initilazed = 1; - } else { - UADK_ERR("failed to EVP_SIGNATURE_fetch default SM2 provider\n"); - } - } - pthread_mutex_unlock(&sign_mutex); - return s_signature; } +void set_default_sm2_signature(void) +{ + UADK_PKEY_SIGNATURE *signature; + + signature = (UADK_PKEY_SIGNATURE *)EVP_SIGNATURE_fetch(NULL, "SM2", "provider=default"); + if (signature) { + s_signature = *signature; + EVP_SIGNATURE_free((EVP_SIGNATURE *)signature); + } else { + UADK_INFO("failed to EVP_SIGNATURE_fetch sm2 default provider\n"); + } +} + static void *uadk_signature_sm2_newctx(void *provctx, const char *propq) { PROV_SM2_SIGN_CTX *psm2ctx = OPENSSL_zalloc(sizeof(PROV_SM2_SIGN_CTX)); @@ -2371,28 +2386,23 @@ static int uadk_signature_sm2_verify_recover(void *vpsm2ctx, unsigned char *rout static UADK_PKEY_ASYM_CIPHER get_default_sm2_asym_cipher(void) { - static UADK_PKEY_ASYM_CIPHER s_asym_cipher; - static int initilazed; - - pthread_mutex_lock(&asym_mutex); - if (!initilazed) { - UADK_PKEY_ASYM_CIPHER *asym_cipher = - (UADK_PKEY_ASYM_CIPHER *)EVP_ASYM_CIPHER_fetch(NULL, "SM2", - "provider=default"); - - if (asym_cipher) { - s_asym_cipher = *asym_cipher; - EVP_ASYM_CIPHER_free((EVP_ASYM_CIPHER *)asym_cipher); - initilazed = 1; - } else { - UADK_ERR("failed to EVP_ASYM_CIPHER_fetch default SM2 provider\n"); - } - } - pthread_mutex_unlock(&asym_mutex); - return s_asym_cipher; } +void set_default_sm2_asym_cipher(void) +{ + UADK_PKEY_ASYM_CIPHER *asym_cipher; + + asym_cipher = (UADK_PKEY_ASYM_CIPHER *)EVP_ASYM_CIPHER_fetch(NULL, + "SM2", "provider=default"); + if (asym_cipher) { + s_asym_cipher = *asym_cipher; + EVP_ASYM_CIPHER_free((EVP_ASYM_CIPHER *)asym_cipher); + } else { + UADK_INFO("failed to EVP_ASYM_CIPHER_fetch sm2 default provider\n"); + } +} + static void *uadk_asym_cipher_sm2_newctx(void *provctx) { PROV_SM2_ASYM_CTX *psm2ctx = OPENSSL_zalloc(sizeof(PROV_SM2_ASYM_CTX)); -- 2.43.0