[PATCH 0/9] supports dynamic algorithm cropping func
From: parm64 <parm64@huawei.com> Zhushuai Yin (6): uadk_provider: fix spelling errors and incorrect return value issues uadk_provider: prov supports dynamic algorithm cropping func uadk_provider: provide log configuration functionality uadk_provider:fix the issue of algorithm prohibition failure for DH uadk_provider: fix issues that may cause encryption to fail uadk_engine: fix the issue of incorrect engine use the V2 interface ZongYu Wu (1): uadk_engine: fix uadk prov module spelling error lizhi (2): uadk_provider: fix poll timeout in abnormal scenarios uadk_engine: clean up unused functions src/uadk_aead.c | 2 +- src/uadk_async.c | 9 +- src/uadk_cipher.c | 3 +- src/uadk_cipher_adapter.c | 3 +- src/uadk_dh.c | 3 +- src/uadk_digest.c | 2 +- src/uadk_ec.c | 2 +- src/uadk_ecx.c | 18 -- src/uadk_engine_init.c | 11 +- src/uadk_pkey.c | 3 +- src/uadk_prov.h | 23 +- src/uadk_prov_aead.c | 105 +++---- src/uadk_prov_cipher.c | 120 ++++---- src/uadk_prov_dh.c | 194 ++++++------ src/uadk_prov_digest.c | 78 ++--- src/uadk_prov_ec_kmgmt.c | 60 ++-- src/uadk_prov_ecdh_exch.c | 73 ++--- src/uadk_prov_ecdsa.c | 118 ++++---- src/uadk_prov_ecx.c | 162 +++++----- src/uadk_prov_ffc.c | 9 +- src/uadk_prov_hmac.c | 76 ++--- src/uadk_prov_init.c | 607 +++++++++++++++++++++++++++++++++++--- src/uadk_prov_packet.c | 5 +- src/uadk_prov_pkey.c | 87 +++--- src/uadk_prov_pkey.h | 3 - src/uadk_prov_rsa.c | 111 ++++--- src/uadk_prov_sm2.c | 474 ++++++++++++++--------------- src/uadk_rsa.c | 3 +- src/uadk_sm2.c | 9 - src/uadk_utils.c | 14 + src/uadk_utils.h | 27 ++ uadk_provider.cnf | 27 ++ 32 files changed, 1507 insertions(+), 934 deletions(-) -- 2.43.0
From: Zhushuai Yin <yinzhushuai@huawei.com> fix variable spelling errors in the code that affect readability, as well as incorrect return values. Signed-off-by: Zhushuai Yin <yinzhushuai@huawei.com> --- src/uadk_ec.c | 2 +- src/uadk_prov_dh.c | 11 +++-------- src/uadk_prov_ec_kmgmt.c | 1 - src/uadk_prov_ecdh_exch.c | 8 ++++---- src/uadk_prov_ecdsa.c | 1 - 5 files changed, 8 insertions(+), 15 deletions(-) diff --git a/src/uadk_ec.c b/src/uadk_ec.c index bd82036..eac59b5 100644 --- a/src/uadk_ec.c +++ b/src/uadk_ec.c @@ -292,7 +292,7 @@ static int ecdsa_do_sign_check(EC_KEY *eckey, int ret; if (!dgst) { - fprintf(stderr, "eckey or dgst NULL\n"); + fprintf(stderr, "dgst NULL\n"); return -1; } diff --git a/src/uadk_prov_dh.c b/src/uadk_prov_dh.c index a7a6bf1..4cbfa71 100644 --- a/src/uadk_prov_dh.c +++ b/src/uadk_prov_dh.c @@ -64,16 +64,16 @@ static pthread_mutex_t dh_default_mutex = PTHREAD_MUTEX_INITIALIZER; static UADK_PKEY_KEYEXCH get_default_dh_keyexch(void) { static UADK_PKEY_KEYEXCH s_keyexch; - static int initilazed; + static int initialized; pthread_mutex_lock(&dh_default_mutex); - if (!initilazed) { + if (!initialized) { UADK_PKEY_KEYEXCH *keyexch = (UADK_PKEY_KEYEXCH *)EVP_KEYEXCH_fetch(NULL, "dh", "provider=default"); if (keyexch) { s_keyexch = *keyexch; EVP_KEYEXCH_free((EVP_KEYEXCH *)keyexch); - initilazed = 1; + initialized = 1; } else { fprintf(stderr, "failed to EVP_KEYEXCH_fetch default dh provider\n"); } @@ -1430,11 +1430,6 @@ static void uadk_keyexch_dh_freectx(void *dhctx) pdhctx->kdf_ukm = NULL; } - if (pdhctx->kdf_cekalg) { - OPENSSL_free(pdhctx->kdf_cekalg); - pdhctx->kdf_cekalg = NULL; - } - OPENSSL_free(pdhctx); } diff --git a/src/uadk_prov_ec_kmgmt.c b/src/uadk_prov_ec_kmgmt.c index 988be8b..2c6fcff 100644 --- a/src/uadk_prov_ec_kmgmt.c +++ b/src/uadk_prov_ec_kmgmt.c @@ -18,7 +18,6 @@ #include <openssl/err.h> #include <openssl/evp.h> -#include <openssl/err.h> #include <openssl/bn.h> #include <uadk/wd_ecc.h> #include "uadk_async.h" diff --git a/src/uadk_prov_ecdh_exch.c b/src/uadk_prov_ecdh_exch.c index 9bd7559..323e22f 100644 --- a/src/uadk_prov_ecdh_exch.c +++ b/src/uadk_prov_ecdh_exch.c @@ -76,16 +76,16 @@ static pthread_mutex_t ecdh_mutex = PTHREAD_MUTEX_INITIALIZER; static UADK_PKEY_KEYEXCH get_default_ecdh_keyexch(void) { static UADK_PKEY_KEYEXCH s_keyexch; - static int initilazed; + static int initialized; pthread_mutex_lock(&ecdh_mutex); - if (!initilazed) { + if (!initialized) { UADK_PKEY_KEYEXCH *keyexch = (UADK_PKEY_KEYEXCH *)EVP_KEYEXCH_fetch(NULL, "ecdh", "provider=default"); if (keyexch) { s_keyexch = *keyexch; EVP_KEYEXCH_free((EVP_KEYEXCH *)keyexch); - initilazed = 1; + initialized = 1; } else { fprintf(stderr, "failed to EVP_KEYEXCH_fetch default X448 provider\n"); } @@ -468,7 +468,7 @@ static int uadk_keyexch_ecdh_derive(void *vpecdhctx, unsigned char *secret, size_t *psecretlen, size_t outlen) { struct ecdh_ctx *pecdhctx = vpecdhctx; - int ret; + int ret = UADK_P_FAIL; if (!pecdhctx) { fprintf(stderr, "invalid: vpecdhctx is NULL to derive!\n"); diff --git a/src/uadk_prov_ecdsa.c b/src/uadk_prov_ecdsa.c index 300c940..912fe90 100644 --- a/src/uadk_prov_ecdsa.c +++ b/src/uadk_prov_ecdsa.c @@ -18,7 +18,6 @@ #include <openssl/err.h> #include <openssl/evp.h> -#include <openssl/err.h> #include <openssl/kdf.h> #include "uadk_async.h" #include "uadk_prov.h" -- 2.43.0
1.Change the parameter order of uadk_asym_cipher_sm2_dupctx 2.Correct 'initilazed' to 'initialized' Signed-off-by: ZongYu Wu <wuzongyu1@huawei.com> Signed-off-by: Zhushuai Yin <yinzhushuai@huawei.com> --- src/uadk_prov_ecx.c | 8 ++++---- src/uadk_prov_sm2.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/uadk_prov_ecx.c b/src/uadk_prov_ecx.c index 41b7a5e..646393b 100644 --- a/src/uadk_prov_ecx.c +++ b/src/uadk_prov_ecx.c @@ -82,16 +82,16 @@ UADK_PKEY_KEYEXCH_DESCR(x25519, X25519); static UADK_PKEY_KEYEXCH get_default_x25519_keyexch(void) { static UADK_PKEY_KEYEXCH s_keyexch; - static int initilazed; + static int initialized; pthread_mutex_lock(&x25519_mutex); - if (!initilazed) { + if (!initialized) { UADK_PKEY_KEYEXCH *keyexch = (UADK_PKEY_KEYEXCH *)EVP_KEYEXCH_fetch(NULL, "X25519", "provider=default"); if (keyexch) { s_keyexch = *keyexch; EVP_KEYEXCH_free((EVP_KEYEXCH *)keyexch); - initilazed = 1; + initialized = 1; } else { fprintf(stderr, "failed to EVP_KEYEXCH_fetch default X25519 provider\n"); } @@ -551,7 +551,7 @@ static ECX_KEY *uadk_prov_ecx_create_prikey(PROV_ECX_KEYMGMT_CTX *gctx) ecx_key = uadk_prov_ecx_key_new(gctx->libctx, gctx->type, 0, gctx->propq); if (ecx_key == NULL) { fprintf(stderr, "failed to new ecx_key\n"); - return UADK_P_FAIL; + return NULL; } if (gctx->type == ECX_KEY_TYPE_X448) diff --git a/src/uadk_prov_sm2.c b/src/uadk_prov_sm2.c index 9a71ed2..dc5df8d 100644 --- a/src/uadk_prov_sm2.c +++ b/src/uadk_prov_sm2.c @@ -3141,7 +3141,7 @@ static void *uadk_asym_cipher_sm2_dupctx(void *vpsm2ctx) dstctx->sm2_pctx = NULL; memset(&dstctx->md, 0, sizeof(dstctx->md)); - ret = ossl_prov_digest_copy(&srcctx->md, &dstctx->md); + ret = ossl_prov_digest_copy(&dstctx->md, &srcctx->md); if (!ret) goto free_ctx; -- 2.43.0
From: lizhi <lizhi206@huawei.com> In abnormal scenarios, if the alg cores of hardware device are closed, the hw async task may return busy and can not finish the task. There is be a max loop count to avoid infinite loop. But there is already a 'MAX_POLL_TIMES' (1000) in uadk default poll policy.If hpre use 'PROV_RECV_MAX_CNT' to control the poll loop count, the actual count will be: MAX_POLL_TIMES * PROV_RECV_MAX_CNT, which is too large. This will cause the process use a very long time to exit. So modify the env poll loop time count. Signed-off-by: lizhi <lizhi206@huawei.com> --- src/uadk_prov.h | 23 +++++++++++++---------- src/uadk_prov_aead.c | 2 +- src/uadk_prov_cipher.c | 2 +- src/uadk_prov_dh.c | 2 +- src/uadk_prov_digest.c | 2 +- src/uadk_prov_hmac.c | 2 +- src/uadk_prov_pkey.c | 2 +- src/uadk_prov_pkey.h | 3 --- src/uadk_prov_rsa.c | 2 +- 9 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/uadk_prov.h b/src/uadk_prov.h index 3ac4ac3..0829b19 100644 --- a/src/uadk_prov.h +++ b/src/uadk_prov.h @@ -19,16 +19,19 @@ #define UADK_PROV_H #include <openssl/core_dispatch.h> -#define FUNC_MAX_NUM 32 -#define CTX_ASYNC 1 -#define CTX_SYNC 0 -#define UADK_UNINIT 0 -#define UADK_INIT_SUCCESS 1 -#define UADK_INIT_FAIL 2 -#define UADK_DEVICE_ERROR 3 -#define HW_SEC_V2 2 -#define HW_SEC_V3 3 -#define POLL_ERROR (-1) +#define FUNC_MAX_NUM 32 +#define CTX_ASYNC 1 +#define CTX_SYNC 0 +#define UADK_UNINIT 0 +#define UADK_INIT_SUCCESS 1 +#define UADK_INIT_FAIL 2 +#define UADK_DEVICE_ERROR 3 +#define HW_SEC_V2 2 +#define HW_SEC_V3 3 +#define POLL_ERROR (-1) +#define PROV_SEND_MAX_CNT 90000000 +#define PROV_RECV_MAX_CNT 60000000 +#define PROV_SCH_RECV_MAX_CNT 60000 /* Copy openssl/providers/implementations/include/prov/names.h */ #define PROV_NAMES_MD5 "MD5:SSL3-MD5:1.2.840.113549.2.5" diff --git a/src/uadk_prov_aead.c b/src/uadk_prov_aead.c index 88cf927..17b498d 100644 --- a/src/uadk_prov_aead.c +++ b/src/uadk_prov_aead.c @@ -140,7 +140,7 @@ static int uadk_aead_poll(void *ctx) if (ret < 0 || recv >= expt) return ret; rx_cnt++; - } while (rx_cnt < ENGINE_RECV_MAX_CNT); + } while (rx_cnt < PROV_SCH_RECV_MAX_CNT); fprintf(stderr, "failed to poll msg: timeout!\n"); diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c index 82edc55..3c0d66b 100644 --- a/src/uadk_prov_cipher.c +++ b/src/uadk_prov_cipher.c @@ -390,7 +390,7 @@ static int uadk_cipher_poll(void *ctx) if (ret < 0 || recv >= expt) return ret; recv_cnt++; - } while (recv_cnt < ENGINE_RECV_MAX_CNT); + } while (recv_cnt < PROV_SCH_RECV_MAX_CNT); fprintf(stderr, "failed to poll provider cipher msg: timeout!\n"); diff --git a/src/uadk_prov_dh.c b/src/uadk_prov_dh.c index 4cbfa71..33729d2 100644 --- a/src/uadk_prov_dh.c +++ b/src/uadk_prov_dh.c @@ -630,7 +630,7 @@ static int uadk_prov_dh_poll(void *ctx) if (ret < 0 || recv == expt) return ret; rx_cnt++; - } while (rx_cnt < PROV_ENV_RECV_MAX_CNT); + } while (rx_cnt < PROV_SCH_RECV_MAX_CNT); fprintf(stderr, "failed to poll msg: timeout!\n"); diff --git a/src/uadk_prov_digest.c b/src/uadk_prov_digest.c index 457aa9a..486ed11 100644 --- a/src/uadk_prov_digest.c +++ b/src/uadk_prov_digest.c @@ -297,7 +297,7 @@ static int uadk_digest_poll(void *ctx) if (ret < 0 || recv == expt) return ret; rx_cnt++; - } while (rx_cnt < ENGINE_RECV_MAX_CNT); + } while (rx_cnt < PROV_SCH_RECV_MAX_CNT); fprintf(stderr, "failed to poll msg: timeout!\n"); diff --git a/src/uadk_prov_hmac.c b/src/uadk_prov_hmac.c index 0558bc2..49ae1d8 100644 --- a/src/uadk_prov_hmac.c +++ b/src/uadk_prov_hmac.c @@ -308,7 +308,7 @@ static int uadk_hmac_poll(void *ctx) if (ret < 0 || recv == expt) return ret; rx_cnt++; - } while (rx_cnt < ENGINE_RECV_MAX_CNT); + } while (rx_cnt < PROV_SCH_RECV_MAX_CNT); fprintf(stderr, "failed to poll msg: timeout!\n"); diff --git a/src/uadk_prov_pkey.c b/src/uadk_prov_pkey.c index 3c67c06..0acb53c 100644 --- a/src/uadk_prov_pkey.c +++ b/src/uadk_prov_pkey.c @@ -444,7 +444,7 @@ int uadk_prov_ecc_poll(void *ctx) if (ret < 0 || recv == expt) return ret; rx_cnt++; - } while (rx_cnt < PROV_RECV_MAX_CNT); + } while (rx_cnt < PROV_SCH_RECV_MAX_CNT); fprintf(stderr, "failed to recv msg: timeout!\n"); diff --git a/src/uadk_prov_pkey.h b/src/uadk_prov_pkey.h index 1886117..507e7ec 100644 --- a/src/uadk_prov_pkey.h +++ b/src/uadk_prov_pkey.h @@ -45,9 +45,6 @@ #define UADK_P_SUCCESS 1 #define UADK_P_FAIL 0 #define UADK_P_INVALID (-1) -#define PROV_SEND_MAX_CNT 90000000 -#define PROV_RECV_MAX_CNT 60000000 -#define PROV_ENV_RECV_MAX_CNT 60000 #define PROV_KEYMGMT_ALG_NUM 7 #define ECC_POINT_SIZE(n) ((n) << 1) #define UADK_OCTET_STRING 0x04 diff --git a/src/uadk_prov_rsa.c b/src/uadk_prov_rsa.c index 4218416..821ddde 100644 --- a/src/uadk_prov_rsa.c +++ b/src/uadk_prov_rsa.c @@ -1016,7 +1016,7 @@ static int uadk_rsa_env_poll(void *ctx) if (ret < 0 || recv == expt) return ret; rx_cnt++; - } while (rx_cnt < PROV_RECV_MAX_CNT); + } while (rx_cnt < PROV_SCH_RECV_MAX_CNT); fprintf(stderr, "failed to poll msg: timeout!\n"); -- 2.43.0
From: lizhi <lizhi206@huawei.com> The pkey method created in uadk_engine, will be released by openssl when the engine is destroyed. So these unused functions should be removed. Signed-off-by: lizhi <lizhi206@huawei.com> --- src/uadk_ecx.c | 18 ------------------ src/uadk_sm2.c | 9 --------- 2 files changed, 27 deletions(-) diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c index f40acb4..20a0f77 100644 --- a/src/uadk_ecx.c +++ b/src/uadk_ecx.c @@ -740,15 +740,6 @@ int uadk_x25519_create_pmeth(struct uadk_pkey_meth *pkey_meth) return UADK_E_SUCCESS; } -void uadk_x25519_delete_pmeth(struct uadk_pkey_meth *pkey_meth) -{ - if (!pkey_meth || !pkey_meth->x25519) - return; - - EVP_PKEY_meth_free(pkey_meth->x25519); - pkey_meth->x25519 = NULL; -} - int uadk_x448_create_pmeth(struct uadk_pkey_meth *pkey_meth) { const EVP_PKEY_METHOD *openssl_meth; @@ -785,12 +776,3 @@ int uadk_x448_create_pmeth(struct uadk_pkey_meth *pkey_meth) return UADK_E_SUCCESS; } - -void uadk_x448_delete_pmeth(struct uadk_pkey_meth *pkey_meth) -{ - if (!pkey_meth || !pkey_meth->x448) - return; - - EVP_PKEY_meth_free(pkey_meth->x448); - pkey_meth->x448 = NULL; -} diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c index f538594..9eb9f7b 100644 --- a/src/uadk_sm2.c +++ b/src/uadk_sm2.c @@ -1707,12 +1707,3 @@ int uadk_sm2_create_pmeth(struct uadk_pkey_meth *pkey_meth) return 1; } - -void uadk_sm2_delete_pmeth(struct uadk_pkey_meth *pkey_meth) -{ - if (!pkey_meth || !pkey_meth->sm2) - return; - - EVP_PKEY_meth_free(pkey_meth->sm2); - pkey_meth->sm2 = NULL; -} -- 2.43.0
From: Zhushuai Yin <yinzhushuai@huawei.com> The uadk prov algorithm supports dynamically enabling or disabling corresponding algorithms through configuration files. The algorithm enablement information can be obtained by reading the uadk_provider.cnf file. Algorithms that are disabled will return NULL during the query phase. Signed-off-by: Zhushuai Yin <yinzhushuai@huawei.com> --- src/uadk_prov_init.c | 588 ++++++++++++++++++++++++++++++++++++++++--- uadk_provider.cnf | 27 ++ 2 files changed, 582 insertions(+), 33 deletions(-) diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c index 7869303..f97b20b 100644 --- a/src/uadk_prov_init.c +++ b/src/uadk_prov_init.c @@ -32,6 +32,7 @@ #include "uadk_prov_bio.h" #include "uadk_prov_pkey.h" +#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) static const char UADK_DEFAULT_PROPERTIES[] = "provider=uadk_provider"; static OSSL_PROVIDER *default_prov; @@ -40,13 +41,114 @@ static OSSL_FUNC_core_gettable_params_fn *c_gettable_params; static OSSL_FUNC_core_get_params_fn *c_get_params; static OSSL_FUNC_core_get_libctx_fn *c_get_libctx; -struct uadk_provider_params { +static struct uadk_provider_params { char *enable_sw_flag; + char *sm2; + char *rsa; + char *ecdh; + char *ecdsa; + char *dh; + char *x25519; + char *x448; + char *hmac; + char *aes_ecb; + char *aes_cbc; + char *aes_xts; + char *aes_ctr; + char *aes_ofb128; + char *aes_cfb128; + char *sm4_cbc; + char *sm4_ofb128; + char *sm4_cfb128; + char *sm4_ecb; + char *sm4_ctr; + char *des_ede3_cbc; + char *des_ede3_ecb; + char *md5; + char *sm3; + char *sha1; + char *sha224; + char *sha256; + char *sha384; + char *sha512; + char *aes_gcm; } uadk_params; +static struct uadk_prov_alg_en_info { + int sm2_en; + int rsa_en; + int ecdh_en; + int ecdsa_en; + int dh_en; + int x25519_en; + int x448_en; + int hmac_en; + int aes_ecb_en; + int aes_cbc_en; + int aes_xts_en; + int aes_ctr_en; + int aes_ofb128_en; + int aes_cfb128_en; + int sm4_cbc_en; + int sm4_ofb128_en; + int sm4_cfb128_en; + int sm4_ecb_en; + int sm4_ctr_en; + int des_ede3_cbc_en; + int des_ede3_ecb_en; + int md5_en; + int sm3_en; + int sha1_en; + int sha224_en; + int sha256_en; + int sha384_en; + int sha512_en; + int aes_gcm_en; +} uadk_prov_alg_en; + /* offload small packets to sw */ int enable_sw_offload = 1; +struct uadk_prov_alg_cfg { + const char *name; + char **param; + int *enable; +}; + +static struct uadk_prov_alg_cfg uadk_prov_alg_cfg_info[] = { + {"sm2", &uadk_params.sm2, &uadk_prov_alg_en.sm2_en}, + {"rsa", &uadk_params.rsa, &uadk_prov_alg_en.rsa_en}, + {"ecdh", &uadk_params.ecdh, &uadk_prov_alg_en.ecdh_en}, + {"ecdsa", &uadk_params.ecdsa, &uadk_prov_alg_en.ecdsa_en}, + {"dh", &uadk_params.dh, &uadk_prov_alg_en.dh_en}, + {"x25519", &uadk_params.x25519, &uadk_prov_alg_en.x25519_en}, + {"x448", &uadk_params.x448, &uadk_prov_alg_en.x448_en}, + {"hmac", &uadk_params.hmac, &uadk_prov_alg_en.hmac_en}, + {"aes_ecb", &uadk_params.aes_ecb, &uadk_prov_alg_en.aes_ecb_en}, + {"aes_cbc", &uadk_params.aes_cbc, &uadk_prov_alg_en.aes_cbc_en}, + {"aes_xts", &uadk_params.aes_xts, &uadk_prov_alg_en.aes_xts_en}, + {"aes_ctr", &uadk_params.aes_ctr, &uadk_prov_alg_en.aes_ctr_en}, + {"aes_ofb128", &uadk_params.aes_ofb128, &uadk_prov_alg_en.aes_ofb128_en}, + {"aes_cfb128", &uadk_params.aes_cfb128, &uadk_prov_alg_en.aes_cfb128_en}, + {"sm4_cbc", &uadk_params.sm4_cbc, &uadk_prov_alg_en.sm4_cbc_en}, + {"sm4_ofb128", &uadk_params.sm4_ofb128, &uadk_prov_alg_en.sm4_ofb128_en}, + {"sm4_cfb128", &uadk_params.sm4_cfb128, &uadk_prov_alg_en.sm4_cfb128_en}, + {"sm4_ecb", &uadk_params.sm4_ecb, &uadk_prov_alg_en.sm4_ecb_en}, + {"sm4_ctr", &uadk_params.sm4_ctr, &uadk_prov_alg_en.sm4_ctr_en}, + {"des_ede3_cbc", &uadk_params.des_ede3_cbc, + &uadk_prov_alg_en.des_ede3_cbc_en}, + {"des_ede3_ecb", &uadk_params.des_ede3_ecb, + &uadk_prov_alg_en.des_ede3_ecb_en}, + {"md5", &uadk_params.md5, &uadk_prov_alg_en.md5_en}, + {"sm3", &uadk_params.sm3, &uadk_prov_alg_en.sm3_en}, + {"sha1", &uadk_params.sha1, &uadk_prov_alg_en.sha1_en}, + {"sha224", &uadk_params.sha224, &uadk_prov_alg_en.sha224_en}, + {"sha256", &uadk_params.sha256, &uadk_prov_alg_en.sha256_en}, + {"sha384", &uadk_params.sha384, &uadk_prov_alg_en.sha384_en}, + {"sha512", &uadk_params.sha512, &uadk_prov_alg_en.sha512_en}, + {"aes_gcm", &uadk_params.aes_gcm, &uadk_prov_alg_en.aes_gcm_en} +}; + const OSSL_ALGORITHM uadk_prov_digests[] = { { PROV_NAMES_MD5, UADK_DEFAULT_PROPERTIES, uadk_md5_functions, "uadk_provider md5" }, @@ -66,13 +168,13 @@ const OSSL_ALGORITHM uadk_prov_digests[] = { uadk_sha512_224_functions, "uadk_provider sha2-512-224" }, { PROV_NAMES_SHA2_512_256, UADK_DEFAULT_PROPERTIES, uadk_sha512_256_functions, "uadk_provider sha2-512-256" }, - { NULL, NULL, NULL } + { NULL, NULL, NULL, NULL } }; const OSSL_ALGORITHM uadk_prov_hmac[] = { { "HMAC", UADK_DEFAULT_PROPERTIES, uadk_hmac_functions, "uadk_provider hmac" }, - { NULL, NULL, NULL } + { NULL, NULL, NULL, NULL } }; const OSSL_ALGORITHM uadk_prov_ciphers_v2[] = { @@ -100,7 +202,7 @@ const OSSL_ALGORITHM uadk_prov_ciphers_v2[] = { uadk_des_ede3_cbc_functions, "uadk_provider des-ede3-cbc" }, { "DES-EDE3-ECB", UADK_DEFAULT_PROPERTIES, uadk_des_ede3_ecb_functions, "uadk_provider des-ede3-ecb" }, - { NULL, NULL, NULL } + { NULL, NULL, NULL, NULL } }; const OSSL_ALGORITHM uadk_prov_ciphers_v3[] = { @@ -164,13 +266,13 @@ const OSSL_ALGORITHM uadk_prov_ciphers_v3[] = { uadk_des_ede3_cbc_functions, "uadk_provider des-ede3-cbc" }, { "DES-EDE3-ECB", UADK_DEFAULT_PROPERTIES, uadk_des_ede3_ecb_functions, "uadk_provider des-ede3-ecb" }, - { NULL, NULL, NULL } + { NULL, NULL, NULL, NULL } }; static const OSSL_ALGORITHM uadk_prov_signature_v2[] = { { "RSA", UADK_DEFAULT_PROPERTIES, uadk_rsa_signature_functions, "uadk_provider rsa_signature" }, - { NULL, NULL, NULL } + { NULL, NULL, NULL, NULL } }; static const OSSL_ALGORITHM uadk_prov_signature_v3[] = { @@ -180,14 +282,14 @@ static const OSSL_ALGORITHM uadk_prov_signature_v3[] = { uadk_sm2_signature_functions, "uadk_provider sm2_signature" }, { "ECDSA", UADK_DEFAULT_PROPERTIES, uadk_ecdsa_signature_functions, "uadk_provider ecdsa_signature" }, - { NULL, NULL, NULL } + { NULL, NULL, NULL, NULL } }; static const OSSL_ALGORITHM uadk_prov_keymgmt_v2[] = { { "RSA", UADK_DEFAULT_PROPERTIES, uadk_rsa_keymgmt_functions, "uadk RSA Keymgmt implementation." }, { "DH", UADK_DEFAULT_PROPERTIES, uadk_dh_keymgmt_functions }, - { NULL, NULL, NULL } + { NULL, NULL, NULL, NULL } }; static const OSSL_ALGORITHM uadk_prov_keymgmt_v3[] = { @@ -202,13 +304,13 @@ static const OSSL_ALGORITHM uadk_prov_keymgmt_v3[] = { uadk_x448_keymgmt_functions, "uadk X448 Keymgmt implementation."}, { "X25519", UADK_DEFAULT_PROPERTIES, uadk_x25519_keymgmt_functions, "uadk X25519 Keymgmt implementation."}, - { NULL, NULL, NULL } + { NULL, NULL, NULL, NULL } }; static const OSSL_ALGORITHM uadk_prov_asym_cipher_v2[] = { { "RSA", UADK_DEFAULT_PROPERTIES, uadk_rsa_asym_cipher_functions, "uadk RSA asym cipher implementation." }, - { NULL, NULL, NULL } + { NULL, NULL, NULL, NULL } }; static const OSSL_ALGORITHM uadk_prov_asym_cipher_v3[] = { @@ -216,13 +318,13 @@ static const OSSL_ALGORITHM uadk_prov_asym_cipher_v3[] = { uadk_rsa_asym_cipher_functions, "uadk RSA asym cipher implementation." }, { "SM2", UADK_DEFAULT_PROPERTIES, uadk_sm2_asym_cipher_functions, "uadk SM2 asym cipher implementation." }, - { NULL, NULL, NULL } + { NULL, NULL, NULL, NULL } }; static const OSSL_ALGORITHM uadk_prov_keyexch_v2[] = { { "DH", UADK_DEFAULT_PROPERTIES, uadk_dh_keyexch_functions, "UADK DH keyexch implementation"}, - { NULL, NULL, NULL } + { NULL, NULL, NULL, NULL } }; static const OSSL_ALGORITHM uadk_prov_keyexch_v3[] = { @@ -234,9 +336,333 @@ static const OSSL_ALGORITHM uadk_prov_keyexch_v3[] = { uadk_x448_keyexch_functions, "uadk X448 keyexch implementation."}, { "X25519", UADK_DEFAULT_PROPERTIES, uadk_x25519_keyexch_functions, "uadk 25519 keyexch implementation."}, - { NULL, NULL, NULL } + { NULL, NULL, NULL, NULL } }; +static OSSL_ALGORITHM *uadk_generate_digests_array(void) +{ + OSSL_ALGORITHM *digests_array; + const char *name; + int index = 0; + int i, size; + + /* The algorithm will not exceed the size of a static array */ + size = ARRAY_SIZE(uadk_prov_digests); + digests_array = OPENSSL_zalloc(size * sizeof(OSSL_ALGORITHM)); + if (!digests_array) + return NULL; + for (i = 0; i < size; i++) { + name = uadk_prov_digests[i].algorithm_names; + + /* The last entry will be terminated by NULL. */ + if (name == NULL || + (uadk_prov_alg_en.md5_en && strstr(name, "MD5")) || + (uadk_prov_alg_en.sm3_en && strstr(name, "SM3")) || + (uadk_prov_alg_en.sha1_en && strstr(name, "SHA1")) || + (uadk_prov_alg_en.sha224_en && strstr(name, "SHA2-224")) || + (uadk_prov_alg_en.sha256_en && strstr(name, "SHA2-256")) || + (uadk_prov_alg_en.sha384_en && strstr(name, "SHA2-384")) || + (uadk_prov_alg_en.sha512_en && strstr(name, "SHA2-512"))) + memcpy(&digests_array[index++], + &uadk_prov_digests[i], sizeof(OSSL_ALGORITHM)); + } + + return digests_array; +} + +static OSSL_ALGORITHM *uadk_generate_hmac_array(void) +{ + OSSL_ALGORITHM *hmac_array; + const char *name; + int index = 0; + int i, size; + + /* The algorithm will not exceed the size of a static array */ + size = ARRAY_SIZE(uadk_prov_hmac); + hmac_array = OPENSSL_zalloc(size * sizeof(OSSL_ALGORITHM)); + if (!hmac_array) + return NULL; + for (i = 0; i < size; i++) { + name = uadk_prov_hmac[i].algorithm_names; + if (name == NULL || + (uadk_prov_alg_en.hmac_en && strstr(name, "HMAC"))) + memcpy(&hmac_array[index++], + &uadk_prov_hmac[i], sizeof(OSSL_ALGORITHM)); + } + + return hmac_array; +} + +static OSSL_ALGORITHM *uadk_generate_cipher_array_v2(void) +{ + OSSL_ALGORITHM *ciphers_array_v2; + const char *name; + int index = 0; + int i, size; + + /* The algorithm will not exceed the size of a static array */ + size = ARRAY_SIZE(uadk_prov_ciphers_v2); + ciphers_array_v2 = OPENSSL_zalloc(size * sizeof(OSSL_ALGORITHM)); + if (!ciphers_array_v2) + return NULL; + for (i = 0; i < size; i++) { + name = uadk_prov_ciphers_v2[i].algorithm_names; + + if (name == NULL || + (uadk_prov_alg_en.aes_cbc_en && + strstr(name, "AES") && strstr(name, "CBC")) || + (uadk_prov_alg_en.aes_ecb_en && + strstr(name, "AES") && strstr(name, "ECB")) || + (uadk_prov_alg_en.aes_xts_en && strstr(name, "XTS")) || + (uadk_prov_alg_en.sm4_cbc_en && strstr(name, "SM4-CBC")) || + (uadk_prov_alg_en.sm4_ecb_en && strstr(name, "SM4-ECB")) || + (uadk_prov_alg_en.des_ede3_cbc_en && strstr(name, "EDE3-CBC")) || + (uadk_prov_alg_en.des_ede3_ecb_en && strstr(name, "EDE3-ECB"))) + memcpy(&ciphers_array_v2[index++], + &uadk_prov_ciphers_v2[i], sizeof(OSSL_ALGORITHM)); + } + + return ciphers_array_v2; +} + +static OSSL_ALGORITHM *uadk_generate_cipher_array_v3(void) +{ + OSSL_ALGORITHM *ciphers_array_v3; + const char *name; + int index = 0; + int i, size; + + /* The algorithm will not exceed the size of a static array */ + size = ARRAY_SIZE(uadk_prov_ciphers_v3); + ciphers_array_v3 = OPENSSL_zalloc(size * sizeof(OSSL_ALGORITHM)); + if (!ciphers_array_v3) + return NULL; + for (i = 0; i < size; i++) { + name = uadk_prov_ciphers_v3[i].algorithm_names; + + if (name == NULL || + (uadk_prov_alg_en.aes_cbc_en && + strstr(name, "AES") && strstr(name, "CBC")) || + (uadk_prov_alg_en.aes_ecb_en && + strstr(name, "AES") && strstr(name, "ECB")) || + (uadk_prov_alg_en.aes_ctr_en && + strstr(name, "AES") && strstr(name, "CTR")) || + (uadk_prov_alg_en.aes_xts_en && strstr(name, "XTS")) || + (uadk_prov_alg_en.aes_ofb128_en && strstr(name, "OFB")) || + (uadk_prov_alg_en.aes_cfb128_en && strstr(name, "CFB")) || + (uadk_prov_alg_en.aes_gcm_en && strstr(name, "GCM")) || + (uadk_prov_alg_en.sm4_cbc_en && strstr(name, "SM4-CBC")) || + (uadk_prov_alg_en.sm4_ecb_en && strstr(name, "SM4-ECB")) || + (uadk_prov_alg_en.sm4_ofb128_en && strstr(name, "SM4-OFB")) || + (uadk_prov_alg_en.sm4_cfb128_en && strstr(name, "SM4-CFB")) || + (uadk_prov_alg_en.sm4_ctr_en && strstr(name, "SM4-CTR")) || + (uadk_prov_alg_en.des_ede3_cbc_en && strstr(name, "EDE3-CBC")) || + (uadk_prov_alg_en.des_ede3_ecb_en && strstr(name, "EDE3-ECB"))) + memcpy(&ciphers_array_v3[index++], + &uadk_prov_ciphers_v3[i], sizeof(OSSL_ALGORITHM)); + } + + return ciphers_array_v3; +} + +static OSSL_ALGORITHM *uadk_generate_signature_array_v2(void) +{ + OSSL_ALGORITHM *signature_array_v2; + const char *name; + int index = 0; + int i, size; + + /* The algorithm will not exceed the size of a static array */ + size = ARRAY_SIZE(uadk_prov_signature_v2); + signature_array_v2 = OPENSSL_zalloc(size * sizeof(OSSL_ALGORITHM)); + if (!signature_array_v2) + return NULL; + for (i = 0; i < size; i++) { + name = uadk_prov_signature_v2[i].algorithm_names; + if (name == NULL || (uadk_prov_alg_en.rsa_en && !strcmp(name, "RSA"))) + memcpy(&signature_array_v2[index++], + &uadk_prov_signature_v2[i], sizeof(OSSL_ALGORITHM)); + } + + return signature_array_v2; +} + +static OSSL_ALGORITHM *uadk_generate_signature_array_v3(void) +{ + OSSL_ALGORITHM *signature_array_v3; + const char *name; + int index = 0; + int i, size; + + /* The algorithm will not exceed the size of a static array */ + size = ARRAY_SIZE(uadk_prov_signature_v3); + signature_array_v3 = OPENSSL_zalloc(size * sizeof(OSSL_ALGORITHM)); + if (!signature_array_v3) + return NULL; + for (i = 0; i < size; i++) { + name = uadk_prov_signature_v3[i].algorithm_names; + if (name == NULL || + (uadk_prov_alg_en.rsa_en && !strcmp(name, "RSA")) || + (uadk_prov_alg_en.sm2_en && !strcmp(name, "SM2")) || + (uadk_prov_alg_en.ecdsa_en && !strcmp(name, "ECDSA"))) + memcpy(&signature_array_v3[index++], + &uadk_prov_signature_v3[i], sizeof(OSSL_ALGORITHM)); + } + + return signature_array_v3; +} + +static OSSL_ALGORITHM *uadk_generate_keymgmt_array_v2(void) +{ + OSSL_ALGORITHM *keymgmt_array_v2; + const char *name; + int index = 0; + int i, size; + + /* The algorithm will not exceed the size of a static array */ + size = ARRAY_SIZE(uadk_prov_keymgmt_v2); + keymgmt_array_v2 = OPENSSL_zalloc(size * sizeof(OSSL_ALGORITHM)); + if (!keymgmt_array_v2) + return NULL; + + for (i = 0; i < size; i++) { + name = uadk_prov_keymgmt_v2[i].algorithm_names; + if (name == NULL || + (uadk_prov_alg_en.rsa_en && !strcmp(name, "RSA")) || + (uadk_prov_alg_en.dh_en && !strcmp(name, "DH"))) + memcpy(&keymgmt_array_v2[index++], + &uadk_prov_keymgmt_v2[i], sizeof(OSSL_ALGORITHM)); + } + + return keymgmt_array_v2; +} + +static OSSL_ALGORITHM *uadk_generate_keymgmt_array_v3(void) +{ + OSSL_ALGORITHM *keymgmt_array_v3; + const char *name; + int index = 0; + int i, size; + + /* The algorithm will not exceed the size of a static array */ + size = ARRAY_SIZE(uadk_prov_keymgmt_v3); + keymgmt_array_v3 = OPENSSL_zalloc(size * sizeof(OSSL_ALGORITHM)); + if (!keymgmt_array_v3) + return NULL; + + for (i = 0; i < size; i++) { + name = uadk_prov_keymgmt_v3[i].algorithm_names; + if (name == NULL || + (uadk_prov_alg_en.rsa_en && !strcmp(name, "RSA")) || + (uadk_prov_alg_en.dh_en && !strcmp(name, "DH")) || + (uadk_prov_alg_en.sm2_en && !strcmp(name, "SM2")) || + (uadk_prov_alg_en.ecdh_en && !strcmp(name, "EC")) || + (uadk_prov_alg_en.x448_en && !strcmp(name, "X448")) || + (uadk_prov_alg_en.x25519_en && !strcmp(name, "X25519"))) + memcpy(&keymgmt_array_v3[index++], + &uadk_prov_keymgmt_v3[i], sizeof(OSSL_ALGORITHM)); + } + + return keymgmt_array_v3; +} + +static OSSL_ALGORITHM *uadk_generate_asym_cipher_array_v2(void) +{ + OSSL_ALGORITHM *asym_cipher_array_v2; + const char *name; + int index = 0; + int i, size; + + /* The algorithm will not exceed the size of a static array */ + size = ARRAY_SIZE(uadk_prov_asym_cipher_v2); + asym_cipher_array_v2 = OPENSSL_zalloc(size * sizeof(OSSL_ALGORITHM)); + if (!asym_cipher_array_v2) + return NULL; + + for (i = 0; i < size; i++) { + name = uadk_prov_asym_cipher_v2[i].algorithm_names; + if (name == NULL || (uadk_prov_alg_en.rsa_en && !strcmp(name, "RSA"))) + memcpy(&asym_cipher_array_v2[index++], + &uadk_prov_asym_cipher_v2[i], sizeof(OSSL_ALGORITHM)); + } + + return asym_cipher_array_v2; +} + +static OSSL_ALGORITHM *uadk_generate_asym_cipher_array_v3(void) +{ + OSSL_ALGORITHM *asym_cipher_array_v3; + const char *name; + int index = 0; + int i, size; + + /* The algorithm will not exceed the size of a static array */ + size = ARRAY_SIZE(uadk_prov_asym_cipher_v3); + asym_cipher_array_v3 = OPENSSL_zalloc(size * sizeof(OSSL_ALGORITHM)); + if (!asym_cipher_array_v3) + return NULL; + for (i = 0; i < size; i++) { + name = uadk_prov_asym_cipher_v3[i].algorithm_names; + if (name == NULL || + (uadk_prov_alg_en.rsa_en && !strcmp(name, "RSA")) || + (uadk_prov_alg_en.sm2_en && !strcmp(name, "SM2"))) + memcpy(&asym_cipher_array_v3[index++], + &uadk_prov_asym_cipher_v3[i], sizeof(OSSL_ALGORITHM)); + } + + return asym_cipher_array_v3; +} + +static OSSL_ALGORITHM *uadk_generate_keyexch_array_v2(void) +{ + OSSL_ALGORITHM *keyexch_array_v2; + const char *name; + int index = 0; + int i, size; + + /* The algorithm will not exceed the size of a static array */ + size = ARRAY_SIZE(uadk_prov_keyexch_v2); + keyexch_array_v2 = OPENSSL_zalloc(size * sizeof(OSSL_ALGORITHM)); + if (!keyexch_array_v2) + return NULL; + + for (i = 0; i < size; i++) { + name = uadk_prov_keyexch_v2[i].algorithm_names; + if (name == NULL || (uadk_prov_alg_en.dh_en && strcmp(name, "DH"))) + memcpy(&keyexch_array_v2[index++], + &uadk_prov_keyexch_v2[i], sizeof(OSSL_ALGORITHM)); + } + + return keyexch_array_v2; +} + +static OSSL_ALGORITHM *uadk_generate_keyexch_array_v3(void) +{ + OSSL_ALGORITHM *keyexch_array_v3; + const char *name; + int index = 0; + int i, size; + + /* The algorithm will not exceed the size of a static array */ + size = ARRAY_SIZE(uadk_prov_keyexch_v3); + keyexch_array_v3 = OPENSSL_zalloc(size * sizeof(OSSL_ALGORITHM)); + if (!keyexch_array_v3) + return NULL; + + for (i = 0; i < size; i++) { + name = uadk_prov_keyexch_v3[i].algorithm_names; + if (name == NULL || + (uadk_prov_alg_en.dh_en && strcmp(name, "DH")) || + (uadk_prov_alg_en.x448_en && strcmp(name, "X448")) || + (uadk_prov_alg_en.x25519_en && strcmp(name, "X25519")) || + (uadk_prov_alg_en.ecdh_en && strcmp(name, "ECDH"))) + memcpy(&keyexch_array_v3[index++], + &uadk_prov_keyexch_v3[i], sizeof(OSSL_ALGORITHM)); + } + + return keyexch_array_v3; +} + static const OSSL_ALGORITHM *uadk_query(void *provctx, int operation_id, int *no_cache) { @@ -273,48 +699,48 @@ static const OSSL_ALGORITHM *uadk_query(void *provctx, int operation_id, ver = uadk_prov_digest_version(); if (!ver && uadk_get_sw_offload_state()) break; - return uadk_prov_digests; + return uadk_generate_digests_array(); case OSSL_OP_MAC: - return uadk_prov_hmac; + return uadk_generate_hmac_array(); case OSSL_OP_CIPHER: ver = uadk_prov_cipher_version(); if (!ver && uadk_get_sw_offload_state()) break; else if (ver == HW_SEC_V2) - return uadk_prov_ciphers_v2; - return uadk_prov_ciphers_v3; + return uadk_generate_cipher_array_v2(); + return uadk_generate_cipher_array_v3(); case OSSL_OP_SIGNATURE: uadk_prov_signature_alg(); ver = uadk_prov_pkey_version(); if (!ver && uadk_get_sw_offload_state()) break; else if (ver == HW_PKEY_V2) - return uadk_prov_signature_v2; - return uadk_prov_signature_v3; + return uadk_generate_signature_array_v2(); + return uadk_generate_signature_array_v3(); case OSSL_OP_KEYMGMT: uadk_prov_keymgmt_alg(); ver = uadk_prov_pkey_version(); if (!ver && uadk_get_sw_offload_state()) break; else if (ver == HW_PKEY_V2) - return uadk_prov_keymgmt_v2; - return uadk_prov_keymgmt_v3; + return uadk_generate_keymgmt_array_v2(); + return uadk_generate_keymgmt_array_v3(); case OSSL_OP_ASYM_CIPHER: uadk_prov_asym_cipher_alg(); ver = uadk_prov_pkey_version(); if (!ver && uadk_get_sw_offload_state()) break; else if (ver == HW_PKEY_V2) - return uadk_prov_asym_cipher_v2; - return uadk_prov_asym_cipher_v3; + return uadk_generate_asym_cipher_array_v2(); + return uadk_generate_asym_cipher_array_v3(); case OSSL_OP_KEYEXCH: uadk_prov_keyexch_alg(); ver = uadk_prov_pkey_version(); if (!ver && uadk_get_sw_offload_state()) break; else if (ver == HW_PKEY_V2) - return uadk_prov_keyexch_v2; - return uadk_prov_keyexch_v3; + return uadk_generate_keyexch_array_v2(); + return uadk_generate_keyexch_array_v3(); default: break; } @@ -350,10 +776,51 @@ static int uadk_get_params(OSSL_PARAM params[]) return UADK_P_SUCCESS; } +static void uadk_unquery(void *provctx, int operation_id, + const OSSL_ALGORITHM *algs) +{ + int needs_version_check = 0; + int ver; + + switch (operation_id) { + case OSSL_OP_DIGEST: + ver = uadk_prov_digest_version(); + needs_version_check = 1; + break; + case OSSL_OP_CIPHER: + ver = uadk_prov_cipher_version(); + needs_version_check = 1; + break; + case OSSL_OP_SIGNATURE: + case OSSL_OP_KEYMGMT: + case OSSL_OP_ASYM_CIPHER: + case OSSL_OP_KEYEXCH: + ver = uadk_prov_pkey_version(); + needs_version_check = 1; + break; + case OSSL_OP_MAC: + if (algs) + OPENSSL_free((void *)algs); + return; + default: + break; + } + + if (needs_version_check && (ver || !uadk_get_sw_offload_state())) { + if (algs) + OPENSSL_free((void *)algs); + return; + } + + if (default_prov) + OSSL_PROVIDER_unquery_operation(default_prov, operation_id, algs); +} + static const OSSL_DISPATCH uadk_dispatch_table[] = { { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))uadk_query }, { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))uadk_teardown }, { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))uadk_get_params }, + { OSSL_FUNC_PROVIDER_UNQUERY_OPERATION, (void (*)(void))uadk_unquery }, { 0, NULL } }; @@ -362,25 +829,81 @@ int uadk_get_sw_offload_state(void) return enable_sw_offload; } +static void uadk_set_alg_sel_state(void) +{ + int size, i; + + if (uadk_params.enable_sw_flag) + uadk_set_sw_offload_state(atoi(uadk_params.enable_sw_flag)); + + size = ARRAY_SIZE(uadk_prov_alg_cfg_info); + for (i = 0; i < size; ++i) { + if (*uadk_prov_alg_cfg_info[i].param == NULL) { + *(uadk_prov_alg_cfg_info[i].enable) = 1; + continue; + } + + if (strcmp(*uadk_prov_alg_cfg_info[i].param, "1") == 0) + *(uadk_prov_alg_cfg_info[i].enable) = 1; + else if (strcmp(*uadk_prov_alg_cfg_info[i].param, "0") == 0) + *(uadk_prov_alg_cfg_info[i].enable) = 0; + else { + *(uadk_prov_alg_cfg_info[i].enable) = 1; + fprintf(stderr, "invalid: %s en param(%s) is error, default to enabled\n", + uadk_prov_alg_cfg_info[i].name, + *uadk_prov_alg_cfg_info[i].param); + } + } +} + /* enable = 0 means disable sw offload, enable = 1 means enable sw offload */ void uadk_set_sw_offload_state(int enable) { enable_sw_offload = enable; } -int uadk_get_params_from_core(const OSSL_CORE_HANDLE *handle) +static int uadk_get_params_from_core(const OSSL_CORE_HANDLE *handle) { - OSSL_PARAM core_params[2], *p = core_params; + OSSL_PARAM core_params[31], *p = core_params; if (handle == NULL) { fprintf(stderr, "invalid: OSSL_CORE_HANDLE is NULL\n"); return UADK_P_FAIL; } - *p++ = OSSL_PARAM_construct_utf8_ptr( - "enable_sw_offload", - (char **)&uadk_params.enable_sw_flag, - 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("enable_sw_offload", + (char **)&uadk_params.enable_sw_flag, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("SM2", (char **)&uadk_params.sm2, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("RSA", (char **)&uadk_params.rsa, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("ECDH", (char **)&uadk_params.ecdh, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("ECDSA", (char **)&uadk_params.ecdsa, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("DH", (char **)&uadk_params.dh, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("X25519", (char **)&uadk_params.x25519, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("X448", (char **)&uadk_params.x448, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("HMAC", (char **)&uadk_params.hmac, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("AES_ECB", (char **)&uadk_params.aes_ecb, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("AES_CBC", (char **)&uadk_params.aes_cbc, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("AES_XTS", (char **)&uadk_params.aes_xts, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("AES_CTR", (char **)&uadk_params.aes_ctr, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("AES_OFB128", (char **)&uadk_params.aes_ofb128, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("AES_CFB128", (char **)&uadk_params.aes_cfb128, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("SM4_CBC", (char **)&uadk_params.sm4_cbc, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("SM4_OFB128", (char **)&uadk_params.sm4_ofb128, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("SM4_CFB128", (char **)&uadk_params.sm4_cfb128, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("SM4_ECB", (char **)&uadk_params.sm4_ecb, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("SM4_CTR", (char **)&uadk_params.sm4_ctr, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("MD5", (char **)&uadk_params.md5, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("SM3", (char **)&uadk_params.sm3, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("SHA1", (char **)&uadk_params.sha1, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("SHA224", (char **)&uadk_params.sha224, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("SHA256", (char **)&uadk_params.sha256, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("SHA384", (char **)&uadk_params.sha384, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("SHA512", (char **)&uadk_params.sha512, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("AES_GCM", (char **)&uadk_params.aes_gcm, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("DES_EDE3_CBC", + (char **)&uadk_params.des_ede3_cbc, 0); + *p++ = OSSL_PARAM_construct_utf8_ptr("DES_EDE3_ECB", + (char **)&uadk_params.des_ede3_ecb, 0); *p = OSSL_PARAM_construct_end(); if (!c_get_params(handle, core_params)) { @@ -388,8 +911,7 @@ int uadk_get_params_from_core(const OSSL_CORE_HANDLE *handle) return UADK_P_FAIL; } - if (uadk_params.enable_sw_flag) - uadk_set_sw_offload_state(atoi(uadk_params.enable_sw_flag)); + uadk_set_alg_sel_state(); return UADK_P_SUCCESS; } diff --git a/uadk_provider.cnf b/uadk_provider.cnf index 7b277ac..9a80e19 100644 --- a/uadk_provider.cnf +++ b/uadk_provider.cnf @@ -14,3 +14,30 @@ uadk_provider = uadk_sect [uadk_sect] activate = 1 enable_sw_offload = 0 +SM2 = 1 +RSA = 1 +ECDH = 1 +ECDSA = 1 +DH = 1 +X25519 = 1 +X448 = 1 +HMAC = 1 +AES_ECB = 1 +AES_CBC = 1 +AES_XTS = 1 +AES_CTR = 1 +AES_OFB128 = 1 +AES_CFB128 = 1 +SM4_CBC = 1 +SM4_OFB128 = 1 +SM4_CFB128 = 1 +SM4_ECB = 1 +SM4_CTR = 1 +MD5 = 1 +SM3 = 1 +SHA1 = 1 +SHA224 = 1 +SHA256 = 1 +SHA384 = 1 +SHA512 = 1 +AES_GCM = 1 \ No newline at end of file -- 2.43.0
From: Zhushuai Yin <yinzhushuai@huawei.com> Three new logging levels have been added to prov: err, debug, and info. Users can specify the logging level to be directed to a designated file through a configuration file. Debug is the highest logging level, and when configured, it will output all information. Err is the lowest logging level. Signed-off-by: Zhushuai Yin <yinzhushuai@huawei.com> --- src/uadk_async.c | 9 +- src/uadk_prov_aead.c | 103 +++++---- src/uadk_prov_cipher.c | 113 ++++----- src/uadk_prov_dh.c | 181 +++++++-------- src/uadk_prov_digest.c | 74 +++--- src/uadk_prov_ec_kmgmt.c | 59 ++--- src/uadk_prov_ecdh_exch.c | 65 +++--- src/uadk_prov_ecdsa.c | 117 +++++----- src/uadk_prov_ecx.c | 154 ++++++------- src/uadk_prov_ffc.c | 9 +- src/uadk_prov_hmac.c | 74 +++--- src/uadk_prov_init.c | 23 +- src/uadk_prov_packet.c | 5 +- src/uadk_prov_pkey.c | 81 +++---- src/uadk_prov_rsa.c | 109 +++++---- src/uadk_prov_sm2.c | 472 +++++++++++++++++++------------------- src/uadk_utils.h | 26 +++ 17 files changed, 854 insertions(+), 820 deletions(-) diff --git a/src/uadk_async.c b/src/uadk_async.c index ead9893..76aa6a1 100644 --- a/src/uadk_async.c +++ b/src/uadk_async.c @@ -23,6 +23,7 @@ #include <openssl/async.h> #include "uadk.h" #include "uadk_async.h" +#include "uadk_utils.h" static const char *uadk_async_key = "uadk_async_key"; static struct async_poll_queue poll_queue; @@ -259,8 +260,8 @@ int async_pause_job(void *ctx, struct async_op *op, enum task_type type) if (read(efd, &buf, sizeof(uint64_t)) == -1) { if (errno != EAGAIN) - fprintf(stderr, "failed to read from fd: %d - error: %d\n", - efd, errno); + UADK_ERR("failed to read from fd: %d - error: %d\n", + efd, errno); /* Not resumed by the expected async_wake_job() */ } } while (!op->done); @@ -283,7 +284,7 @@ int async_wake_job(ASYNC_JOB *job) ret = ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom); if (ret > 0) { if (write(efd, &buf, sizeof(uint64_t)) == -1) { - fprintf(stderr, "failed to write to fd: %d - error: %d\n", efd, errno); + UADK_ERR("failed to write to fd: %d - error: %d\n", efd, errno); return errno; } } @@ -294,7 +295,7 @@ int async_wake_job(ASYNC_JOB *job) void async_register_poll_fn(int type, async_recv_t func) { if (type < ASYNC_TASK_CIPHER || type >= ASYNC_TASK_MAX) { - fprintf(stderr, "alg type is error, type= %d.\n", type); + UADK_ERR("alg type is error, type= %d.\n", type); return; } diff --git a/src/uadk_prov_aead.c b/src/uadk_prov_aead.c index 17b498d..f2e294b 100644 --- a/src/uadk_prov_aead.c +++ b/src/uadk_prov_aead.c @@ -29,6 +29,7 @@ #include "uadk.h" #include "uadk_async.h" #include "uadk_prov.h" +#include "uadk_utils.h" #define MAX_IV_LEN 16 #define MAX_KEY_LEN 64 @@ -142,7 +143,7 @@ static int uadk_aead_poll(void *ctx) rx_cnt++; } while (rx_cnt < PROV_SCH_RECV_MAX_CNT); - fprintf(stderr, "failed to poll msg: timeout!\n"); + UADK_ERR("failed to poll msg: timeout!\n"); return -ETIMEDOUT; } @@ -173,13 +174,13 @@ static int uadk_create_aead_soft_ctx(struct aead_priv_ctx *priv) } if (unlikely(!priv->sw_aead)) { - fprintf(stderr, "aead failed to fetch\n"); + UADK_ERR("aead failed to fetch\n"); return UADK_AEAD_FAIL; } priv->sw_ctx = EVP_CIPHER_CTX_new(); if (!priv->sw_ctx) { - fprintf(stderr, "EVP_AEAD_CTX_new failed.\n"); + UADK_ERR("EVP_AEAD_CTX_new failed.\n"); goto free; } @@ -206,7 +207,7 @@ static int uadk_prov_aead_soft_init(struct aead_priv_ctx *priv, const unsigned c ret = EVP_DecryptInit_ex2(priv->sw_ctx, priv->sw_aead, key, iv, params); if (!ret) { - fprintf(stderr, "aead soft init error!\n"); + UADK_ERR("aead soft init error!\n"); return UADK_AEAD_FAIL; } @@ -229,7 +230,7 @@ static int uadk_aead_soft_update(struct aead_priv_ctx *priv, unsigned char *out, ret = EVP_DecryptUpdate(priv->sw_ctx, out, outl, in, len); if (!ret) { - fprintf(stderr, "aead soft update error.\n"); + UADK_ERR("aead soft update error.\n"); return UADK_AEAD_FAIL; } @@ -270,7 +271,7 @@ static int uadk_aead_soft_final(struct aead_priv_ctx *priv, unsigned char *diges return UADK_AEAD_SUCCESS; error: - fprintf(stderr, "aead soft final failed.\n"); + UADK_ERR("aead soft final failed.\n"); return UADK_AEAD_FAIL; } @@ -303,7 +304,7 @@ static int uadk_prov_aead_dev_init(struct aead_priv_ctx *priv) cparams.bmp = numa_allocate_nodemask(); if (!cparams.bmp) { ret = UADK_AEAD_FAIL; - fprintf(stderr, "failed to create nodemask!\n"); + UADK_ERR("failed to create nodemask!\n"); goto mutex_unlock; } @@ -315,7 +316,7 @@ static int uadk_prov_aead_dev_init(struct aead_priv_ctx *priv) ret = wd_aead_init2_(priv->alg_name, TASK_MIX, SCHED_POLICY_RR, &cparams); if (unlikely(ret)) { ret = UADK_AEAD_FAIL; - fprintf(stderr, "failed to init aead!\n"); + UADK_ERR("failed to init aead!\n"); goto free_nodemask; } @@ -336,7 +337,7 @@ static int uadk_prov_aead_ctx_init(struct aead_priv_ctx *priv) int ret; if (!priv->key_set || !priv->iv_set) { - fprintf(stderr, "key or iv is not set yet!\n"); + UADK_ERR("key or iv is not set yet!\n"); return UADK_AEAD_FAIL; } @@ -361,19 +362,19 @@ static int uadk_prov_aead_ctx_init(struct aead_priv_ctx *priv) if (!priv->sess) { priv->sess = wd_aead_alloc_sess(&setup); if (!priv->sess) { - fprintf(stderr, "uadk failed to alloc session!\n"); + UADK_ERR("uadk failed to alloc session!\n"); return UADK_AEAD_FAIL; } ret = wd_aead_set_authsize(priv->sess, priv->taglen); if (ret) { - fprintf(stderr, "uadk failed to set authsize!\n"); + UADK_ERR("uadk failed to set authsize!\n"); goto free_sess; } ret = wd_aead_set_ckey(priv->sess, priv->key, priv->keylen); if (ret) { - fprintf(stderr, "uadk failed to set key!\n"); + UADK_ERR("uadk failed to set key!\n"); goto free_sess; } } @@ -422,7 +423,7 @@ static int do_aes_gcm_prepare(struct aead_priv_ctx *priv) memcpy(priv->req.mac, priv->buf, AES_GCM_TAG_LEN); priv->tag_set = SET_TAG; } else { - fprintf(stderr, "invalid: aead gcm mac length only support 16B.\n"); + UADK_ERR("invalid: aead gcm mac length only support 16B.\n"); return UADK_AEAD_FAIL; } } @@ -453,7 +454,7 @@ static int uadk_do_aead_sync_inner(struct aead_priv_ctx *priv, unsigned char *ou if ((state == AEAD_MSG_BLOCK || state == AEAD_MSG_END) && !priv->enc && priv->tag_set != SET_TAG) { - fprintf(stderr, "The tag for synchronous decryption is not set.\n"); + UADK_ERR("The tag for synchronous decryption is not set.\n"); return UADK_AEAD_FAIL; } @@ -464,7 +465,7 @@ static int uadk_do_aead_sync_inner(struct aead_priv_ctx *priv, unsigned char *ou priv->req.state = 0; ret = wd_do_aead_sync(priv->sess, &priv->req); if (unlikely(ret < 0 || priv->req.state)) { - fprintf(stderr, "do aead task failed, msg state: %u, ret: %d, state: %u!\n", + UADK_ERR("do aead task failed, msg state: %u, ret: %d, state: %u!\n", state, ret, priv->req.state); return UADK_AEAD_FAIL; } @@ -515,12 +516,12 @@ static int uadk_do_aead_async(struct aead_priv_ctx *priv, struct async_op *op, int ret; if (!priv->enc && priv->tag_set != SET_TAG) { - fprintf(stderr, "The tag for asynchronous decryption is not set.\n"); + UADK_ERR("The tag for asynchronous decryption is not set.\n"); return UADK_AEAD_FAIL; } if (unlikely(priv->req.assoc_bytes + inlen > AEAD_BLOCK_SIZE)) { - fprintf(stderr, "aead input data length is too long!\n"); + UADK_ERR("aead input data length is too long!\n"); return UADK_AEAD_FAIL; } @@ -541,9 +542,9 @@ static int uadk_do_aead_async(struct aead_priv_ctx *priv, struct async_op *op, ret = wd_do_aead_async(priv->sess, &priv->req); if (unlikely(ret < 0)) { if (unlikely(ret != -EBUSY)) - fprintf(stderr, "do aead async operation failed ret = %d.\n", ret); + UADK_ERR("do aead async operation failed ret = %d.\n", ret); else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT)) - fprintf(stderr, "do aead async operation timeout.\n"); + UADK_ERR("do aead async operation timeout.\n"); else continue; @@ -554,7 +555,7 @@ static int uadk_do_aead_async(struct aead_priv_ctx *priv, struct async_op *op, ret = async_pause_job(priv, op, ASYNC_TASK_AEAD); if (unlikely(!ret || priv->req.state)) { - fprintf(stderr, "do aead async job failed, ret: %d, state: %u!\n", + UADK_ERR("do aead async job failed, ret: %d, state: %u!\n", ret, priv->req.state); return UADK_AEAD_FAIL; } @@ -574,7 +575,7 @@ static int uadk_prov_do_aes_gcm_first(struct aead_priv_ctx *priv, unsigned char if (priv->mode != ASYNC_MODE) goto soft; - fprintf(stderr, "the aad len is out of range, aad len = %zu.\n", inlen); + UADK_ERR("the aad len is out of range, aad len = %zu.\n", inlen); return UADK_AEAD_FAIL; } @@ -596,7 +597,7 @@ static int uadk_prov_do_aes_gcm_first(struct aead_priv_ctx *priv, unsigned char return UADK_AEAD_SUCCESS; soft: - fprintf(stderr, "aead failed to update aad, switch to soft.\n"); + UADK_ERR("aead failed to update aad, switch to soft.\n"); return SWITCH_TO_SOFT; } @@ -613,13 +614,13 @@ static int uadk_prov_do_aes_gcm_update(struct aead_priv_ctx *priv, unsigned char ret = async_setup_async_event_notification(op); if (unlikely(!ret)) { - fprintf(stderr, "failed to setup async event notification.\n"); + UADK_ERR("failed to setup async event notification.\n"); goto free_op; } ret = uadk_do_aead_async(priv, op, out, in, inlen); if (unlikely(ret < 0)) { - fprintf(stderr, "uadk_do_aead_async failed ret = %d.\n", ret); + UADK_ERR("uadk_do_aead_async failed ret = %d.\n", ret); goto free_notification; } @@ -716,7 +717,7 @@ static int uadk_prov_aead_cipher(void *vctx, unsigned char *out, size_t *outl, return UADK_OSSL_FAIL; if (outsize < inl) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + UADK_ERR("invalid: aead cipher outsize is too small.\n"); return UADK_OSSL_FAIL; } @@ -739,7 +740,7 @@ static int uadk_prov_aead_stream_update(void *vctx, unsigned char *out, return UADK_OSSL_FAIL; if (outsize < inl) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + UADK_ERR("invalid: input param outsize is too small.\n"); return UADK_OSSL_FAIL; } @@ -749,7 +750,7 @@ static int uadk_prov_aead_stream_update(void *vctx, unsigned char *out, if (ret == SWITCH_TO_SOFT) goto do_soft; else if (ret < 0) { - fprintf(stderr, "stream data update failed.\n"); + UADK_ERR("stream data update failed.\n"); return UADK_OSSL_FAIL; } else { *outl = inl; @@ -785,7 +786,7 @@ static int uadk_prov_aead_stream_final(void *vctx, unsigned char *out, ret = uadk_prov_do_aes_gcm(priv, out, outl, outsize, NULL, 0); if (ret < 0) { - fprintf(stderr, "stream data final failed, ret = %d\n", ret); + UADK_ERR("stream data final failed, ret = %d\n", ret); return UADK_OSSL_FAIL; } @@ -816,7 +817,7 @@ static int uadk_get_aead_info(struct aead_priv_ctx *priv) } if (unlikely(i == aead_counts)) { - fprintf(stderr, "failed to get aead info.\n"); + UADK_ERR("failed to get aead info.\n"); return UADK_AEAD_FAIL; } @@ -829,7 +830,7 @@ static int uadk_prov_aead_init(struct aead_priv_ctx *priv, const unsigned char * int ret; if (ivlen > MAX_IV_LEN || keylen > MAX_KEY_LEN) { - fprintf(stderr, "invalid keylen or ivlen.\n"); + UADK_ERR("invalid keylen or ivlen.\n"); return UADK_OSSL_FAIL; } @@ -857,7 +858,7 @@ static int uadk_prov_aead_init(struct aead_priv_ctx *priv, const unsigned char * if (ASYNC_get_current_job()) return UADK_OSSL_FAIL; - fprintf(stderr, "aead switch to soft init.!\n"); + UADK_ERR("aead switch to soft init.!\n"); return uadk_prov_aead_soft_init(priv, key, iv, params); } @@ -921,12 +922,12 @@ static int uadk_prov_aead_set_ctx_params(void *vctx, const OSSL_PARAM params[]) if (p) { vp = priv->buf; if (!OSSL_PARAM_get_octet_string(p, &vp, EVP_GCM_TLS_TAG_LEN, &sz)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + UADK_ERR("failed to get string parameter: sz.\n"); return UADK_OSSL_FAIL; } if (sz == 0 || priv->enc) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG); + UADK_ERR("invalid sz or enc.\n"); return UADK_OSSL_FAIL; } priv->tag_set = READ_TAG; @@ -938,11 +939,11 @@ static int uadk_prov_aead_set_ctx_params(void *vctx, const OSSL_PARAM params[]) size_t keylen; if (!OSSL_PARAM_get_size_t(p, &keylen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + UADK_ERR("failed to get parameter: keylen.\n"); return UADK_OSSL_FAIL; } if (priv->keylen != keylen) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + UADK_ERR("keylen is invalid.\n"); return UADK_OSSL_FAIL; } } @@ -950,11 +951,11 @@ static int uadk_prov_aead_set_ctx_params(void *vctx, const OSSL_PARAM params[]) p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN); if (p) { if (!OSSL_PARAM_get_size_t(p, &sz)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + UADK_ERR("failed to get size parameter: sz.\n"); return UADK_OSSL_FAIL; } if (sz == 0 || sz > priv->ivlen) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); + UADK_ERR("invalid sz or ivlen.\n"); return UADK_OSSL_FAIL; } priv->ivlen = sz; @@ -985,13 +986,13 @@ static int uadk_prov_aead_get_ctx_iv(OSSL_PARAM *p, struct aead_priv_ctx *priv) return UADK_OSSL_FAIL; if (priv->ivlen > p->data_size) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); + UADK_ERR("invalid: input param ivlen is too long.\n"); return UADK_OSSL_FAIL; } if (!OSSL_PARAM_set_octet_string(p, priv->iv, priv->ivlen) && !OSSL_PARAM_set_octet_ptr(p, &priv->iv, priv->ivlen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set octet ptr parameter: iv.\n"); return UADK_OSSL_FAIL; } @@ -1008,13 +1009,13 @@ static int uadk_prov_aead_get_ctx_params(void *vctx, OSSL_PARAM params[]) p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); if (p && !OSSL_PARAM_set_size_t(p, priv->ivlen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set size parameter: ivlen.\n"); return UADK_OSSL_FAIL; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); if (p && !OSSL_PARAM_set_size_t(p, priv->keylen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set size parameter: keylen.\n"); return UADK_OSSL_FAIL; } @@ -1024,7 +1025,7 @@ static int uadk_prov_aead_get_ctx_params(void *vctx, OSSL_PARAM params[]) priv->taglen : AES_GCM_TAG_LEN; if (!OSSL_PARAM_set_size_t(p, taglen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set size parameter: taglen.\n"); return UADK_OSSL_FAIL; } } @@ -1043,12 +1044,12 @@ static int uadk_prov_aead_get_ctx_params(void *vctx, OSSL_PARAM params[]) if (sz == 0 || sz > EVP_GCM_TLS_TAG_LEN || !priv->enc || priv->taglen == UNINITIALISED_SIZET) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG); + UADK_ERR("invalid size enc or taglen.\n"); return UADK_OSSL_FAIL; } if (!OSSL_PARAM_set_octet_string(p, priv->buf, sz)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set octet string parameter: sz.\n"); return UADK_OSSL_FAIL; } } @@ -1079,32 +1080,32 @@ static int uadk_cipher_aead_get_params(OSSL_PARAM params[], unsigned int md, p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE); if (p && !OSSL_PARAM_set_uint(p, md)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set uint parameter: md.\n"); return UADK_OSSL_FAIL; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD); if (p && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_AEAD) != 0)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set int parameter: flag aead.\n"); return UADK_OSSL_FAIL; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CUSTOM_IV); if (p && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CUSTOM_IV) != 0)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set int parameter: flag custom iv.\n"); return UADK_OSSL_FAIL; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); if (p && !OSSL_PARAM_set_size_t(p, kbits)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set size parameter: kbits.\n"); return UADK_OSSL_FAIL; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE); if (p && !OSSL_PARAM_set_size_t(p, blkbits)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set size parameter: blkbits.\n"); return UADK_OSSL_FAIL; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); if (p && !OSSL_PARAM_set_size_t(p, ivbits)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set size parameter: ivbits.\n"); return UADK_OSSL_FAIL; } @@ -1132,7 +1133,7 @@ static void *uadk_prov_aead_dupctx(void *ctx) if (dst_ctx->sw_ctx) { dst_ctx->sw_ctx = EVP_CIPHER_CTX_dup(src_ctx->sw_ctx); if (!dst_ctx->sw_ctx) { - fprintf(stderr, "EVP_CIPHER_CTX_dup failed in ctx copy.\n"); + UADK_ERR("EVP_CIPHER_CTX_dup failed in ctx copy.\n"); goto free_data; } diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c index 3c0d66b..ad617a1 100644 --- a/src/uadk_prov_cipher.c +++ b/src/uadk_prov_cipher.c @@ -28,6 +28,7 @@ #include "uadk.h" #include "uadk_async.h" #include "uadk_prov.h" +#include "uadk_utils.h" #define UADK_DO_SOFT (-0xE0) #define UADK_DO_HW (-0xF0) @@ -297,13 +298,13 @@ static int uadk_create_cipher_soft_ctx(struct cipher_priv_ctx *priv) } if (unlikely(!priv->sw_cipher)) { - fprintf(stderr, "cipher failed to fetch\n"); + UADK_ERR("cipher failed to fetch\n"); return UADK_P_FAIL; } priv->sw_ctx = EVP_CIPHER_CTX_new(); if (!priv->sw_ctx) { - fprintf(stderr, "EVP_CIPHER_CTX_new failed.\n"); + UADK_ERR("EVP_CIPHER_CTX_new failed.\n"); goto free; } @@ -325,7 +326,7 @@ static int uadk_prov_cipher_sw_init(struct cipher_priv_ctx *priv, if (!EVP_CipherInit_ex2(priv->sw_ctx, priv->sw_cipher, key, iv, priv->enc, NULL)) { - fprintf(stderr, "cipher soft init failed!\n"); + UADK_ERR("cipher soft init failed!\n"); return UADK_P_FAIL; } @@ -342,12 +343,12 @@ static int uadk_prov_cipher_soft_update(struct cipher_priv_ctx *priv, unsigned c if (!EVP_CipherInit_ex2(priv->sw_ctx, priv->sw_cipher, priv->key, priv->iv, priv->enc, NULL)) { - fprintf(stderr, "cipher soft init error!\n"); + UADK_ERR("cipher soft init error!\n"); return UADK_P_FAIL; } if (!EVP_CipherUpdate(priv->sw_ctx, out, outl, in, len)) { - fprintf(stderr, "cipher soft update error!\n"); + UADK_ERR("cipher soft update error!\n"); return UADK_P_FAIL; } @@ -365,7 +366,7 @@ static int uadk_prov_cipher_soft_final(struct cipher_priv_ctx *priv, unsigned ch return UADK_P_FAIL; if (!EVP_CipherFinal_ex(priv->sw_ctx, out, &sw_final_len)) { - fprintf(stderr, "cipher soft final failed.\n"); + UADK_ERR("cipher soft final failed.\n"); return UADK_P_FAIL; } @@ -392,7 +393,7 @@ static int uadk_cipher_poll(void *ctx) recv_cnt++; } while (recv_cnt < PROV_SCH_RECV_MAX_CNT); - fprintf(stderr, "failed to poll provider cipher msg: timeout!\n"); + UADK_ERR("failed to poll provider cipher msg: timeout!\n"); return -ETIMEDOUT; } @@ -410,7 +411,7 @@ static int uadk_get_cipher_info(struct cipher_priv_ctx *priv) } } - fprintf(stderr, "failed to get cipher info.\n"); + UADK_ERR("failed to get cipher info.\n"); return UADK_P_FAIL; } @@ -422,7 +423,7 @@ static int uadk_prov_cipher_init(struct cipher_priv_ctx *priv, int ret; if ((iv && ivlen != priv->ivlen) || (key && keylen != priv->keylen)) { - fprintf(stderr, "invalid keylen or ivlen.\n"); + UADK_ERR("invalid keylen or ivlen.\n"); return UADK_P_FAIL; } @@ -448,7 +449,7 @@ static int uadk_prov_cipher_init(struct cipher_priv_ctx *priv, ret = uadk_prov_cipher_dev_init(priv); if (unlikely(ret <= 0)) { - fprintf(stderr, "cipher switch to soft init!\n"); + UADK_ERR("cipher switch to soft init!\n"); return uadk_prov_cipher_sw_init(priv, key, iv); } @@ -492,7 +493,7 @@ static int uadk_do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *o int idx, ret; if (unlikely(priv->switch_flag == UADK_DO_SOFT)) { - fprintf(stderr, "async cipher init failed.\n"); + UADK_ERR("async cipher init failed.\n"); return UADK_P_FAIL; } @@ -509,7 +510,7 @@ static int uadk_do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *o do { ret = wd_do_cipher_async(priv->sess, &priv->req); if (ret < 0 && ret != -EBUSY) { - fprintf(stderr, "do sec cipher failed, switch to soft cipher.\n"); + UADK_ERR("do sec cipher failed, switch to soft cipher.\n"); async_free_poll_task(op->idx, 0); return UADK_P_FAIL; } @@ -540,7 +541,7 @@ static int uadk_prov_cipher_dev_init(struct cipher_priv_ctx *priv) ctx_set_num = calloc(UADK_CIPHER_OP_NUM, sizeof(*ctx_set_num)); if (!ctx_set_num) { - fprintf(stderr, "failed to alloc ctx_set_size!\n"); + UADK_ERR("failed to alloc ctx_set_size!\n"); ret = UADK_P_FAIL; goto init_err; } @@ -549,7 +550,7 @@ static int uadk_prov_cipher_dev_init(struct cipher_priv_ctx *priv) cparams.ctx_set_num = ctx_set_num; cparams.bmp = numa_allocate_nodemask(); if (!cparams.bmp) { - fprintf(stderr, "failed to create nodemask!\n"); + UADK_ERR("failed to create nodemask!\n"); free(ctx_set_num); ret = UADK_P_FAIL; goto init_err; @@ -565,7 +566,7 @@ static int uadk_prov_cipher_dev_init(struct cipher_priv_ctx *priv) free(ctx_set_num); if (unlikely(ret)) { - fprintf(stderr, "failed to init cipher!\n"); + UADK_ERR("failed to init cipher!\n"); ret = UADK_P_FAIL; goto init_err; } @@ -588,7 +589,7 @@ static int uadk_prov_cipher_ctx_init(struct cipher_priv_ctx *priv) int ret; if (!priv->key_set || (!priv->iv_set && priv->ivlen)) { - fprintf(stderr, "key or iv is not set yet!\n"); + UADK_ERR("key or iv is not set yet!\n"); return UADK_P_FAIL; } @@ -613,7 +614,7 @@ static int uadk_prov_cipher_ctx_init(struct cipher_priv_ctx *priv) if (!priv->sess) { priv->sess = wd_cipher_alloc_sess(&setup); if (!priv->sess) { - fprintf(stderr, "uadk failed to alloc session!\n"); + UADK_ERR("uadk failed to alloc session!\n"); return UADK_P_FAIL; } } @@ -622,7 +623,7 @@ static int uadk_prov_cipher_ctx_init(struct cipher_priv_ctx *priv) if (ret) { wd_cipher_free_sess(priv->sess); priv->sess = 0; - fprintf(stderr, "uadk failed to set key!\n"); + UADK_ERR("uadk failed to set key!\n"); return UADK_P_FAIL; } @@ -677,7 +678,7 @@ static int ossl_cipher_trailingdata(unsigned char *buf, size_t *buflen, size_t b return UADK_P_SUCCESS; if (*buflen + *inlen > blocksize) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + UADK_ERR("invalid: inlen is too long.\n"); return UADK_P_FAIL; } @@ -704,7 +705,7 @@ static int ossl_cipher_unpadblock(unsigned char *buf, size_t *buflen, size_t blo size_t pad, i; if (len != blocksize) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + UADK_ERR("invalid: length and block size are not equal.\n"); return UADK_P_FAIL; } @@ -714,12 +715,12 @@ static int ossl_cipher_unpadblock(unsigned char *buf, size_t *buflen, size_t blo */ pad = buf[blocksize - 1]; if (pad == 0 || pad > blocksize) { - ERR_raise(ERR_LIB_PROV, PROV_R_BAD_DECRYPT); + UADK_ERR("invalid: pad is too big or is 0.\n"); return UADK_P_FAIL; } for (i = 0; i < pad; i++) { if (buf[--len] != pad) { - ERR_raise(ERR_LIB_PROV, PROV_R_BAD_DECRYPT); + UADK_ERR("invalid: pad and buf are not equal.\n"); return UADK_P_FAIL; } } @@ -737,7 +738,7 @@ static int uadk_prov_hw_cipher(struct cipher_priv_ctx *priv, unsigned char *out, int ret; if (outsize < blksz) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + UADK_ERR("invalid: hw cipher outsize is too small.\n"); return UADK_P_FAIL; } @@ -754,7 +755,7 @@ static int uadk_prov_hw_cipher(struct cipher_priv_ctx *priv, unsigned char *out, ret = async_setup_async_event_notification(&op); if (!ret) { - fprintf(stderr, "failed to setup async event notification.\n"); + UADK_ERR("failed to setup async event notification.\n"); return UADK_P_FAIL; } @@ -806,7 +807,7 @@ static int uadk_prov_do_cipher(struct cipher_priv_ctx *priv, unsigned char *out, if (priv->bufsz == blksz && (priv->enc || inlen > 0 || !priv->pad)) { ret = uadk_prov_hw_cipher(priv, out, outl, outsize, priv->buf, blksz); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "do hw ciphers failed.\n"); + UADK_ERR("do hw ciphers failed.\n"); if (priv->sw_cipher) goto do_soft; return ret; @@ -826,7 +827,7 @@ static int uadk_prov_do_cipher(struct cipher_priv_ctx *priv, unsigned char *out, if (nextblocks > 0) { ret = uadk_prov_hw_cipher(priv, out, outl, outsize, in, nextblocks); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "last block do hw ciphers failed.\n"); + UADK_ERR("last block do hw ciphers failed.\n"); if (priv->sw_cipher) goto do_soft; return ret; @@ -894,7 +895,7 @@ static int uadk_prov_cipher_cipher(void *vctx, unsigned char *output, size_t *ou } if (outsize < inl) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + UADK_ERR("invalid: cipher outsize is too small.\n"); return UADK_P_FAIL; } @@ -919,18 +920,18 @@ static int uadk_prov_cipher_block_encrypto(struct cipher_priv_ctx *priv, unsigne *outl = 0; return UADK_P_SUCCESS; } else if (priv->bufsz != blksz) { - ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH); + UADK_ERR("invalid: wrong final block length.\n"); return UADK_P_FAIL; } if (outsize < blksz) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + UADK_ERR("invalid: cipher block outsize is too small.\n"); return UADK_P_FAIL; } ret = uadk_prov_hw_cipher(priv, out, outl, outsize, priv->buf, blksz); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "do hw ciphers failed, switch to soft ciphers.\n"); + UADK_ERR("do hw ciphers encrypto failed, switch to soft ciphers.\n"); return uadk_prov_cipher_soft_final(priv, out, outl); } @@ -951,23 +952,23 @@ static int uadk_prov_cipher_block_decrypto(struct cipher_priv_ctx *priv, unsigne *outl = 0; return UADK_P_SUCCESS; } - ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH); + UADK_ERR("invalid: cipher decrypto wrong final block length.\n"); return UADK_P_FAIL; } ret = uadk_prov_hw_cipher(priv, priv->buf, outl, outsize, priv->buf, blksz); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "do hw ciphers failed, switch to soft ciphers.\n"); + UADK_ERR("do hw ciphers decrypto failed, switch to soft ciphers.\n"); return uadk_prov_cipher_soft_final(priv, out, outl); } if (priv->pad && !ossl_cipher_unpadblock(priv->buf, &priv->bufsz, blksz)) { - /* ERR_raise already called */ + /* UADK_ERR already called */ return UADK_P_FAIL; } if (outsize < priv->bufsz) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + UADK_ERR("invalid: cipher decrypto outsize is too small.\n"); return UADK_P_FAIL; } @@ -1013,7 +1014,7 @@ static int uadk_prov_cipher_block_update(void *vctx, unsigned char *output, } if (outsize < inl) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + UADK_ERR("invalid: cipher update outsize is too small.\n"); return UADK_P_FAIL; } @@ -1037,7 +1038,7 @@ static int uadk_prov_cipher_stream_update(void *vctx, unsigned char *output, } if (outsize < inl) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + UADK_ERR("invalid: cipher stream update outsize is too small.\n"); return UADK_P_FAIL; } @@ -1066,7 +1067,7 @@ do_soft: return UADK_P_SUCCESS; } - fprintf(stderr, "do soft ciphers failed.\n"); + UADK_ERR("do soft ciphers failed.\n"); return UADK_P_FAIL; } @@ -1144,7 +1145,7 @@ static int uadk_prov_cipher_set_ctx_params(void *vctx, const OSSL_PARAM params[] unsigned int pad; if (!OSSL_PARAM_get_uint(p, &pad)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + UADK_ERR("failed to get cipher uint: pad.\n"); return UADK_P_FAIL; } priv->pad = pad ? 1 : 0; @@ -1156,11 +1157,11 @@ static int uadk_prov_cipher_set_ctx_params(void *vctx, const OSSL_PARAM params[] size_t keylen; if (!OSSL_PARAM_get_size_t(p, &keylen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + UADK_ERR("failed to get cipher size parameter: keylen.\n"); return UADK_P_FAIL; } if (priv->keylen != keylen) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + UADK_ERR("invalid: cipher keylen.\n"); return UADK_P_FAIL; } } @@ -1170,11 +1171,11 @@ static int uadk_prov_cipher_set_ctx_params(void *vctx, const OSSL_PARAM params[] size_t ivlen; if (!OSSL_PARAM_get_size_t(p, &ivlen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + UADK_ERR("failed to get cipher size parameter: ivlen.\n"); return UADK_P_FAIL; } if (priv->ivlen != ivlen) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); + UADK_ERR("invalid: cipher ivlen.\n"); return UADK_P_FAIL; } } @@ -1184,13 +1185,13 @@ static int uadk_prov_cipher_set_ctx_params(void *vctx, const OSSL_PARAM params[] int id; if (p->data_type != OSSL_PARAM_UTF8_STRING) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + UADK_ERR("failed to get cipher cts mode: data_type.\n"); return UADK_P_FAIL; } id = ossl_cipher_cbc_cts_mode_name2id(p->data); if (id < 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + UADK_ERR("failed to get cipher cts mode: id.\n"); return UADK_P_FAIL; } @@ -1213,29 +1214,29 @@ static int uadk_prov_cipher_get_ctx_params(void *vctx, OSSL_PARAM params[]) p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); if (p != NULL && !OSSL_PARAM_set_size_t(p, priv->keylen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set cipher size parameter: keylen.\n"); return UADK_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); if (p != NULL && !OSSL_PARAM_set_size_t(p, priv->ivlen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set cipher size parameter: ivlen.\n"); return UADK_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING); if (p != NULL && !OSSL_PARAM_set_uint(p, priv->pad)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set cipher uint parameter: pad.\n"); return UADK_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); if (p != NULL && !OSSL_PARAM_set_octet_string(p, priv->iv, priv->ivlen) && !OSSL_PARAM_set_octet_ptr(p, &priv->iv, priv->ivlen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set cipher octet parameter: param iv.\n"); return UADK_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV); if (p != NULL && !OSSL_PARAM_set_octet_string(p, priv->iv, priv->ivlen) && !OSSL_PARAM_set_octet_ptr(p, &priv->iv, priv->ivlen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set cipher octet parameter: updated iv.\n"); return UADK_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS_MODE); @@ -1243,7 +1244,7 @@ static int uadk_prov_cipher_get_ctx_params(void *vctx, OSSL_PARAM params[]) const char *name = ossl_cipher_cbc_cts_mode_id2name(priv->cts_mode); if (name == NULL || !OSSL_PARAM_set_utf8_string(p, name)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set cipher utf8 parameter: name.\n"); return UADK_P_FAIL; } } @@ -1291,27 +1292,27 @@ static int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md, p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE); if (p != NULL && !OSSL_PARAM_set_uint(p, md)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set cipher uint parameter: md.\n"); return UADK_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CUSTOM_IV); if (p != NULL && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CUSTOM_IV) != 0)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set cipher int parameter: custom iv.\n"); return UADK_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); if (p != NULL && !OSSL_PARAM_set_size_t(p, kbits)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set cipher size parameter: kbits.\n"); return UADK_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE); if (p != NULL && !OSSL_PARAM_set_size_t(p, blkbits)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set cipher size parameter: block size.\n"); return UADK_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); if (p != NULL && !OSSL_PARAM_set_size_t(p, ivbits)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set cipher size parameter: ivbits.\n"); return UADK_P_FAIL; } @@ -1344,7 +1345,7 @@ int uadk_prov_cipher_version(void) dev = wd_get_accel_dev("cipher"); if (!dev) { - fprintf(stderr, "no cipher device available!\n"); + UADK_ERR("no cipher device available!\n"); return 0; } diff --git a/src/uadk_prov_dh.c b/src/uadk_prov_dh.c index 33729d2..9b9859e 100644 --- a/src/uadk_prov_dh.c +++ b/src/uadk_prov_dh.c @@ -27,6 +27,7 @@ #include "uadk_prov.h" #include "uadk_prov_ffc.h" #include "uadk_prov_pkey.h" +#include "uadk_utils.h" #define DH768BITS 768 #define DH1024BITS 1024 @@ -75,7 +76,7 @@ static UADK_PKEY_KEYEXCH get_default_dh_keyexch(void) EVP_KEYEXCH_free((EVP_KEYEXCH *)keyexch); initialized = 1; } else { - fprintf(stderr, "failed to EVP_KEYEXCH_fetch default dh provider\n"); + UADK_ERR("failed to EVP_KEYEXCH_fetch default dh provider\n"); } } pthread_mutex_unlock(&dh_default_mutex); @@ -386,7 +387,7 @@ static void *uadk_keymgmt_dh_dup(const void *keydata_from, int selection) static int uadk_DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) { if (dh == NULL) { - fprintf(stderr, "invalid: dh is NULL\n"); + UADK_ERR("invalid: dh is NULL\n"); return UADK_P_FAIL; } @@ -481,7 +482,7 @@ static int uadk_dh_gen_prikey_undef(const DH *dh, BIGNUM *new_prikey) bits = uadk_DH_get_length(dh) ? uadk_DH_get_length(dh) : BN_num_bits(uadk_DH_get0_p(dh)) - 1; if (!BN_priv_rand(new_prikey, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) { - fprintf(stderr, "failed to BN_priv_rand\n"); + UADK_ERR("failed to BN_priv_rand\n"); return UADK_P_FAIL; } @@ -508,14 +509,14 @@ static int dh_gen_rand_prikey(const DH *dh, BIGNUM *new_prikey) qbits = BN_num_bits(dh->params.q); /* Step (2) : check range of n */ if (n < (max_strength << 1) || n > qbits) { - fprintf(stderr, "n is invalid!\n"); + UADK_ERR("n is invalid!\n"); return UADK_P_FAIL; } two_powN = BN_new(); /* 2^n */ if (two_powN == NULL || !BN_lshift(two_powN, BN_value_one(), n)) { - fprintf(stderr, "failed to BN_new or two_powN is zero\n"); + UADK_ERR("failed to BN_new or two_powN is zero\n"); goto err; } @@ -525,7 +526,7 @@ static int dh_gen_rand_prikey(const DH *dh, BIGNUM *new_prikey) do { if (!BN_priv_rand_range_ex(new_prikey, two_powN, 0, NULL) || !BN_add_word(new_prikey, 1)) { - fprintf(stderr, "failed to BN_priv_rand_range_ex\n"); + UADK_ERR("failed to BN_priv_rand_range_ex\n"); goto err; } /* Step (6) : loop if c > M - 2 (i.e. c + 1 >= M) */ @@ -533,7 +534,7 @@ static int dh_gen_rand_prikey(const DH *dh, BIGNUM *new_prikey) break; if (cnt++ > RAND_MAX_CNT) { - fprintf(stderr, "failed to get appropriate prikey, timeout\n"); + UADK_ERR("failed to get appropriate prikey, timeout\n"); goto err; } } while (1); @@ -553,12 +554,12 @@ static int uadk_prov_dh_prepare_prikey(struct uadk_dh_sess *dh_sess, const DH *d if (*prikey == NULL) { *prikey = BN_secure_new(); if (*prikey == NULL) { - fprintf(stderr, "failed to do BN_secure_new\n"); + UADK_ERR("failed to do BN_secure_new\n"); return UADK_P_FAIL; } if (dh_gen_rand_prikey(dh, *prikey) == UADK_P_FAIL) { - fprintf(stderr, "failed to generate new private key\n"); + UADK_ERR("failed to generate new private key\n"); goto free_prikey; } @@ -632,7 +633,7 @@ static int uadk_prov_dh_poll(void *ctx) rx_cnt++; } while (rx_cnt < PROV_SCH_RECV_MAX_CNT); - fprintf(stderr, "failed to poll msg: timeout!\n"); + UADK_ERR("failed to poll msg: timeout!\n"); return -ETIMEDOUT; } @@ -682,7 +683,7 @@ static struct uadk_dh_sess *uadk_prov_dh_new_session(DH *dh, __u16 bits, bool is struct sched_params params = {0}; if (dh_sess == NULL) { - fprintf(stderr, "failed to alloc dh session\n"); + UADK_ERR("failed to alloc dh session\n"); return NULL; } @@ -695,7 +696,7 @@ static struct uadk_dh_sess *uadk_prov_dh_new_session(DH *dh, __u16 bits, bool is dh_sess->setup.sched_param = ¶ms; dh_sess->sess = wd_dh_alloc_sess(&dh_sess->setup); if (dh_sess->sess == (handle_t)0) { - fprintf(stderr, "failed to init dh sess\n"); + UADK_ERR("failed to init dh sess\n"); OPENSSL_free(dh_sess); return NULL; } @@ -752,25 +753,25 @@ static int uadk_prov_dh_prepare_data(const BIGNUM *g, DH *dh, struct uadk_dh_ses */ bits = (__u16)uadk_DH_bits(dh); if (bits == 0) { - fprintf(stderr, "invalid dh bits %u\n", bits); + UADK_ERR("invalid dh bits %u\n", bits); return UADK_P_FAIL; } ret = check_dh_bit_useful(bits); if (ret == UADK_P_FAIL) { - fprintf(stderr, "invalid: dh%u is not supported by uadk provider\n", bits); + UADK_ERR("invalid: dh%u is not supported by uadk provider\n", bits); return UADK_DO_SOFT; } *dh_sess = uadk_prov_dh_new_session(dh, bits, is_g2); if (*dh_sess == NULL) { - fprintf(stderr, "failed to get session\n"); + UADK_ERR("failed to get session\n"); return UADK_P_FAIL; } ret = uadk_prov_dh_prepare_prikey(*dh_sess, dh, prikey); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to get private key\n"); + UADK_ERR("failed to get private key\n"); uadk_prov_dh_free_session(*dh_sess); } @@ -797,7 +798,7 @@ static int dh_set_g(const BIGNUM *g, const __u16 key_size, ret = wd_dh_set_g(dh_sess->sess, &g_dtb); if (ret) { - fprintf(stderr, "failed to set dh g\n"); + UADK_ERR("failed to set dh g\n"); return UADK_P_FAIL; } @@ -810,13 +811,13 @@ static int uadk_prov_dh_get_pubkey(struct uadk_dh_sess *dh_sess, BIGNUM **pubkey pubkey_str = (const unsigned char *)dh_sess->req.pri; if (pubkey_str == NULL) { - fprintf(stderr, "dh_sess->req.pri is NULL\n"); + UADK_ERR("dh_sess->req.pri is NULL\n"); return UADK_P_FAIL; } *pubkey = BN_bin2bn(pubkey_str, dh_sess->req.pri_bytes, *pubkey); if (*pubkey == NULL) { - fprintf(stderr, "failed to trans pubkey outs\n"); + UADK_ERR("failed to trans pubkey outs\n"); return UADK_P_FAIL; } @@ -831,14 +832,14 @@ static int uadk_prov_dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p, const g_bin = OPENSSL_zalloc(key_size); if (g_bin == NULL) { - fprintf(stderr, "failed to alloc g_bin\n"); + UADK_ERR("failed to alloc g_bin\n"); return UADK_P_FAIL; } /* x is private key, x and p will be treated together in uadk */ x_bin = OPENSSL_zalloc(key_size * DH_PARAMS_CNT); if (x_bin == NULL) { - fprintf(stderr, "failed to alloc x_bin\n"); + UADK_ERR("failed to alloc x_bin\n"); goto free_g; } p_bin = x_bin + key_size; @@ -909,12 +910,12 @@ static int uadk_prov_dh_do_crypto(struct uadk_dh_sess *dh_sess) do { ret = wd_do_dh_async(dh_sess->sess, &dh_sess->req); if (ret < 0 && ret != -EBUSY) { - fprintf(stderr, "failed to do dh async\n"); + UADK_ERR("failed to do dh async\n"); goto free_poll_task; } if (unlikely(++cnt > PROV_SEND_MAX_CNT)) { - fprintf(stderr, "do dh async operation timeout\n"); + UADK_ERR("do dh async operation timeout\n"); goto free_poll_task; } } while (ret == -EBUSY); @@ -963,51 +964,51 @@ static int uadk_prov_dh_generate_key(DH *dh) int ret; if (dh == NULL) { - fprintf(stderr, "invalid: dh is NULL\n"); + UADK_ERR("invalid: dh is NULL\n"); return UADK_P_FAIL; } ret = uadk_prov_dh_init(); if (ret) { - fprintf(stderr, "failed to init dh\n"); + UADK_ERR("failed to init dh\n"); return UADK_DO_SOFT; } uadk_DH_get0_pqg(dh, &p, NULL, &g); if (p == NULL || g == NULL) { - fprintf(stderr, "invalid: p or g is NULL\n"); + UADK_ERR("invalid: p or g is NULL\n"); return UADK_P_FAIL; } /* Get session and prepare private key */ ret = uadk_prov_dh_prepare_data(g, dh, &dh_sess, &prikey); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to prepare dh data\n"); + UADK_ERR("failed to prepare dh data\n"); return ret; } ret = uadk_prov_dh_fill_genkey_req(g, p, prikey, dh_sess); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to fill req\n"); + UADK_ERR("failed to fill req\n"); goto free_data; } ret = uadk_prov_dh_do_crypto(dh_sess); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to generate DH key\n"); + UADK_ERR("failed to generate DH key\n"); ret = UADK_DO_SOFT; goto free_req; } ret = uadk_prov_dh_get_pubkey(dh_sess, &pubkey); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to get public key\n"); + UADK_ERR("failed to get public key\n"); goto free_req; } ret = uadk_prov_dh_set_pkey(dh, pubkey, prikey); if (ret == UADK_P_FAIL) - fprintf(stderr, "failed to set dh pkey\n"); + UADK_ERR("failed to set dh pkey\n"); uadk_prov_dh_free_genkey_req(dh_sess); uadk_prov_dh_free_session(dh_sess); @@ -1092,14 +1093,14 @@ static DH *ossl_dh_new_ex(OSSL_LIB_CTX *libctx) DH *dh = OPENSSL_zalloc(sizeof(*dh)); if (dh == NULL) { - fprintf(stderr, "failed to alloc dh\n"); + UADK_ERR("failed to alloc dh\n"); return NULL; } dh->references = 1; dh->lock = CRYPTO_THREAD_lock_new(); if (dh->lock == NULL) { - fprintf(stderr, "failed to new dh thread lock\n"); + UADK_ERR("failed to new dh thread lock\n"); OPENSSL_free(dh); return NULL; } @@ -1126,20 +1127,20 @@ static DH *uadk_prov_dh_gen_params_with_group(PROV_DH_KEYMGMT_CTX *gctx, FFC_PAR if (gctx->group_nid == NID_undef) { gctx->group_nid = ossl_dh_get_named_group_uid_from_size(gctx->pbits); if (gctx->group_nid == NID_undef) { - fprintf(stderr, "failed to get named group uid from size\n"); + UADK_ERR("failed to get named group uid from size\n"); return NULL; } } group = ossl_ffc_uid_to_dh_named_group(gctx->group_nid); if (!group) { - fprintf(stderr, "failed to get dh named group\n"); + UADK_ERR("failed to get dh named group\n"); return NULL; } dh = ossl_dh_new_ex(gctx->libctx); if (dh == NULL) { - fprintf(stderr, "failed to get dh from libctx\n"); + UADK_ERR("failed to get dh from libctx\n"); return NULL; } @@ -1150,7 +1151,7 @@ static DH *uadk_prov_dh_gen_params_with_group(PROV_DH_KEYMGMT_CTX *gctx, FFC_PAR *ffc = ossl_dh_get0_params(dh); if (*ffc == NULL) { - fprintf(stderr, "failed to gen ffc params\n"); + UADK_ERR("failed to gen ffc params\n"); ossl_dh_free_ex(dh); return NULL; } @@ -1165,24 +1166,24 @@ static DH *uadk_prov_dh_gen_params_ex(PROV_DH_KEYMGMT_CTX *gctx, FFC_PARAMS **ff /* Use existing params */ dh = ossl_dh_new_ex(gctx->libctx); if (dh == NULL) { - fprintf(stderr, "failed to new dh by nid\n"); + UADK_ERR("failed to new dh by nid\n"); return NULL; } *ffc = ossl_dh_get0_params(dh); if (*ffc == NULL) { - fprintf(stderr, "failed to get ffc params\n"); + UADK_ERR("failed to get ffc params\n"); goto free_dh; } /* Copy the template value if one was passed */ if (gctx->ffc_params != NULL && ossl_ffc_params_copy(*ffc, gctx->ffc_params) == 0) { - fprintf(stderr, "failed to copy params\n"); + UADK_ERR("failed to copy params\n"); goto free_dh; } if (ossl_ffc_params_set_seed(*ffc, gctx->seed, gctx->seedlen) == 0) { - fprintf(stderr, "failed to set seed\n"); + UADK_ERR("failed to set seed\n"); goto free_dh; } @@ -1196,7 +1197,7 @@ static DH *uadk_prov_dh_gen_params_ex(PROV_DH_KEYMGMT_CTX *gctx, FFC_PARAMS **ff if (gctx->mdname) { if (ossl_ffc_set_digest(*ffc, gctx->mdname, gctx->mdprops) == 0) { - fprintf(stderr, "failed to set digest\n"); + UADK_ERR("failed to set digest\n"); goto free_dh; } } @@ -1216,7 +1217,7 @@ static int uadk_prov_dh_gen_params_cb(PROV_DH_KEYMGMT_CTX *gctx, DH *dh, BN_GENCB *gencb; if (cb == NULL || cb_params == NULL) { - fprintf(stderr, "invalid: cb function or param is NULL\n"); + UADK_ERR("invalid: cb function or param is NULL\n"); return UADK_P_FAIL; } @@ -1241,7 +1242,7 @@ static int uadk_prov_dh_gen_params_cb(PROV_DH_KEYMGMT_CTX *gctx, DH *dh, gctx->pbits, gctx->qbits, gencb); if (ret <= 0) { - fprintf(stderr, "failed to generate ffc parameters\n"); + UADK_ERR("failed to generate ffc parameters\n"); ret = UADK_P_FAIL; } } @@ -1298,7 +1299,7 @@ static void *uadk_dh_sw_gen(void *genctx, OSSL_CALLBACK *cb, void *cb_params) if (!enable_sw_offload || !get_default_dh_keymgmt().gen) return NULL; - fprintf(stderr, "switch to openssl software calculation in dh generation.\n"); + UADK_INFO("switch to openssl software calculation in dh generation.\n"); return get_default_dh_keymgmt().gen(genctx, cb, cb_params); } @@ -1310,7 +1311,7 @@ static void *uadk_keymgmt_dh_gen(void *genctx, OSSL_CALLBACK *cb, void *cb_param int ret; if (gctx == NULL) { - fprintf(stderr, "invalid: keygen ctx is NULL\n"); + UADK_ERR("invalid: keygen ctx is NULL\n"); return NULL; } @@ -1330,7 +1331,7 @@ static void *uadk_keymgmt_dh_gen(void *genctx, OSSL_CALLBACK *cb, void *cb_param /* DH key generation */ if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { if (ffc->p == NULL || ffc->g == NULL) { - fprintf(stderr, "invalid: ffc->p or ffc->g is NULL\n"); + UADK_ERR("invalid: ffc->p or ffc->g is NULL\n"); goto free_gen_params; } @@ -1342,7 +1343,7 @@ static void *uadk_keymgmt_dh_gen(void *genctx, OSSL_CALLBACK *cb, void *cb_param ret = uadk_prov_dh_generate_key(dh); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to do dh generation key\n"); + UADK_ERR("failed to do dh generation key\n"); goto free_gen_params; } } @@ -1387,7 +1388,7 @@ static void *uadk_keyexch_dh_newctx(void *provctx) pdhctx = OPENSSL_zalloc(sizeof(PROV_DH_KEYEXCH_CTX)); if (pdhctx == NULL) { - fprintf(stderr, "failed to alloc pdhctx\n"); + UADK_ERR("failed to alloc pdhctx\n"); return NULL; } @@ -1438,12 +1439,12 @@ static int uadk_keyexch_dh_init(void *dhctx, void *dh, const OSSL_PARAM params[] PROV_DH_KEYEXCH_CTX *pdhctx = (PROV_DH_KEYEXCH_CTX *)dhctx; if (pdhctx == NULL) { - fprintf(stderr, "invalid: dhctx is NULL\n"); + UADK_ERR("invalid: dhctx is NULL\n"); return UADK_P_FAIL; } if (dh == NULL || !DH_up_ref(dh)) { - fprintf(stderr, "invalid: dh is NULL\n"); + UADK_ERR("invalid: dh is NULL\n"); return UADK_P_FAIL; } @@ -1468,13 +1469,13 @@ static int uadk_keyexch_dh_match_params(DH *priv, DH *peer) int ret; if (dhparams_priv == NULL || dhparams_peer == NULL) { - fprintf(stderr, "failed to get dh params\n"); + UADK_ERR("failed to get dh params\n"); return UADK_P_FAIL; } ret = ossl_ffc_params_cmp(dhparams_priv, dhparams_peer, IGNORE_Q); if (ret == UADK_P_FAIL) - fprintf(stderr, "invalid: domain parameters of both parties do not match\n"); + UADK_ERR("invalid: domain parameters of both parties do not match\n"); return ret; } @@ -1484,13 +1485,13 @@ static int uadk_keyexch_dh_set_peer(void *dhctx, void *dh) PROV_DH_KEYEXCH_CTX *pdhctx = (PROV_DH_KEYEXCH_CTX *)dhctx; if (pdhctx == NULL || dh == NULL) { - fprintf(stderr, "invalid: dh ctx or object is NULL\n"); + UADK_ERR("invalid: dh ctx or object is NULL\n"); return UADK_P_FAIL; } if (uadk_keyexch_dh_match_params(dh, pdhctx->dh) == UADK_P_FAIL || DH_up_ref(dh) == UADK_P_FAIL) { - fprintf(stderr, "failed to match dh params\n"); + UADK_ERR("failed to match dh params\n"); return UADK_P_FAIL; } @@ -1512,14 +1513,14 @@ static int uadk_prov_dh_fill_compkey_req(const BIGNUM *g, const BIGNUM *p, g_bin = OPENSSL_zalloc(key_size); if (g_bin == NULL) { - fprintf(stderr, "failed to alloc g\n"); + UADK_ERR("failed to alloc g\n"); return UADK_P_FAIL; } /* x is private key, x and p will be treated together in uadk */ x_bin = OPENSSL_zalloc(key_size * DH_PARAMS_CNT); if (x_bin == NULL) { - fprintf(stderr, "failed to alloc x_bin\n"); + UADK_ERR("failed to alloc x_bin\n"); goto free_g; } @@ -1577,37 +1578,37 @@ static int uadk_dh_compute_key(unsigned char *key, const BIGNUM *pubkey, DH *dh) int ret; if (!dh || !key || !pubkey || !uadk_DH_get0_priv_key(dh)) { - fprintf(stderr, "failed to check key params\n"); + UADK_ERR("failed to check key params\n"); return UADK_P_FAIL; } uadk_DH_get0_pqg(dh, &p, NULL, &g); if (!p || !g) { - fprintf(stderr, "failed to get p/q/g param\n"); + UADK_ERR("failed to get p/q/g param\n"); return UADK_P_FAIL; } ret = uadk_prov_dh_init(); if (ret) { - fprintf(stderr, "failed to init\n"); + UADK_ERR("failed to init\n"); return UADK_DO_SOFT; } ret = uadk_prov_dh_prepare_data(g, dh, &dh_sess, &prikey); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to prepare dh data\n"); + UADK_ERR("failed to prepare dh data\n"); return ret; } ret = uadk_prov_dh_fill_compkey_req(g, p, prikey, pubkey, dh_sess); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to fill req\n"); + UADK_ERR("failed to fill req\n"); goto free_data; } ret = uadk_prov_dh_do_crypto(dh_sess); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to generate DH shared key\n"); + UADK_ERR("failed to generate DH shared key\n"); ret = UADK_DO_SOFT; goto free_req; } @@ -1647,7 +1648,7 @@ static int uadk_dh_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, } if (pad < 0) { - fprintf(stderr, "invalid: recv key size(%d) > dhsize(%zu)", rv, dhsize); + UADK_ERR("invalid: recv key size(%d) > dhsize(%zu)", rv, dhsize); return UADK_P_FAIL; } @@ -1663,13 +1664,13 @@ static int uadk_prov_dh_plain_derive(PROV_DH_KEYEXCH_CTX *pdhctx, unsigned char /* pdhctx has been checked when the function is called */ if (pdhctx->dh == NULL) { - fprintf(stderr, "invalid: dh is NULL\n"); + UADK_ERR("invalid: dh is NULL\n"); return UADK_P_FAIL; } dhsize = (size_t)uadk_DH_size(pdhctx->dh); if (dhsize == 0) { - fprintf(stderr, "invalid: dhszie is zero\n"); + UADK_ERR("invalid: dhszie is zero\n"); return UADK_P_FAIL; } @@ -1679,12 +1680,12 @@ static int uadk_prov_dh_plain_derive(PROV_DH_KEYEXCH_CTX *pdhctx, unsigned char } if (outlen < dhsize) { - fprintf(stderr, "invalid: outlen(%zu) < dhsize(%zu)\n", outlen, dhsize); + UADK_ERR("invalid: outlen(%zu) < dhsize(%zu)\n", outlen, dhsize); return UADK_P_FAIL; } if (pdhctx->dhpeer == NULL) { - fprintf(stderr, "invalid: dhpeer is NULL\n"); + UADK_ERR("invalid: dhpeer is NULL\n"); return UADK_P_FAIL; } @@ -1695,7 +1696,7 @@ static int uadk_prov_dh_plain_derive(PROV_DH_KEYEXCH_CTX *pdhctx, unsigned char else ret = uadk_dh_compute_key(secret, pubkey, pdhctx->dh); if (ret <= 0) { - fprintf(stderr, "failed to do dh compute, pad(%u)\n", pad); + UADK_ERR("failed to do dh compute, pad(%u)\n", pad); return ret; } @@ -1764,7 +1765,7 @@ static int uadk_prov_dh_X9_42_kdf_derive(PROV_DH_KEYEXCH_CTX *pdhctx, unsigned c } if (outlen < pdhctx->kdf_outlen) { - fprintf(stderr, "invalid: outlen(%zu) < kdf_outlen(%zu)\n", + UADK_ERR("invalid: outlen(%zu) < kdf_outlen(%zu)\n", outlen, pdhctx->kdf_outlen); return UADK_P_FAIL; } @@ -1774,7 +1775,7 @@ static int uadk_prov_dh_X9_42_kdf_derive(PROV_DH_KEYEXCH_CTX *pdhctx, unsigned c stmp = OPENSSL_secure_malloc(stmplen); if (stmp == NULL) { - fprintf(stderr, "failed to do OPENSSL_secure_malloc\n"); + UADK_ERR("failed to do OPENSSL_secure_malloc\n"); return UADK_P_FAIL; } @@ -1786,7 +1787,7 @@ static int uadk_prov_dh_X9_42_kdf_derive(PROV_DH_KEYEXCH_CTX *pdhctx, unsigned c if (pdhctx->kdf_type == PROV_DH_KDF_X9_42_ASN1) { if (ossl_dh_kdf_X9_42_asn1(secret, pdhctx, stmp, stmplen, NULL) == UADK_P_FAIL) { ret = UADK_P_FAIL; - fprintf(stderr, "failed to do ossl_dh_kdf_X9_42_asn1\n"); + UADK_ERR("failed to do ossl_dh_kdf_X9_42_asn1\n"); goto end; } } @@ -1806,7 +1807,7 @@ static int uadk_dh_sw_derive(void *dhctx, unsigned char *secret, if (!enable_sw_offload || !get_default_dh_keyexch().derive) return UADK_P_FAIL; - fprintf(stderr, "switch to openssl software calculation in dh derivation.\n"); + UADK_INFO("switch to openssl software calculation in dh derivation.\n"); return get_default_dh_keyexch().derive(dhctx, secret, psecretlen, outlen); } @@ -1817,7 +1818,7 @@ static int uadk_keyexch_dh_derive(void *dhctx, unsigned char *secret, int ret = UADK_P_FAIL; if (pdhctx == NULL) { - fprintf(stderr, "invalid: pdhctx is NULL\n"); + UADK_ERR("invalid: pdhctx is NULL\n"); return UADK_P_FAIL; } @@ -1829,7 +1830,7 @@ static int uadk_keyexch_dh_derive(void *dhctx, unsigned char *secret, ret = uadk_prov_dh_X9_42_kdf_derive(pdhctx, secret, psecretlen, outlen); break; default: - fprintf(stderr, "invalid: unsupport kdf type\n"); + UADK_ERR("invalid: unsupport kdf type\n"); ret = UADK_DO_SOFT; break; } @@ -1847,13 +1848,13 @@ static void *uadk_keyexch_dh_dupctx(void *dhctx) PROV_DH_KEYEXCH_CTX *dstctx; if (srcctx == NULL) { - fprintf(stderr, "invalid: src ctx is NULL\n"); + UADK_ERR("invalid: src ctx is NULL\n"); return NULL; } dstctx = OPENSSL_zalloc(sizeof(*dstctx)); if (dstctx == NULL) { - fprintf(stderr, "failed to alloc dst ctx\n"); + UADK_ERR("failed to alloc dst ctx\n"); return NULL; } @@ -2018,7 +2019,7 @@ static int uadk_keyexch_dh_set_ctx_params(void *dhctx, const OSSL_PARAM params[] int ret = UADK_P_FAIL; if (pdhctx == NULL) { - fprintf(stderr, "invalid: dh ctx is NULL\n"); + UADK_ERR("invalid: dh ctx is NULL\n"); return ret; } @@ -2029,31 +2030,31 @@ static int uadk_keyexch_dh_set_ctx_params(void *dhctx, const OSSL_PARAM params[] pthread_mutex_lock(&dh_mutex); ret = uadk_prov_dh_locate_kdf_type(pdhctx, params); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to locate kdf type\n"); + UADK_ERR("failed to locate kdf type\n"); goto end; } ret = uadk_prov_dh_locate_kdf_digest(pdhctx, params); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to locate kdf digest\n"); + UADK_ERR("failed to locate kdf digest\n"); goto end; } ret = uadk_prov_dh_locate_kdf_outlen(pdhctx, params); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to locate kdf outlen\n"); + UADK_ERR("failed to locate kdf outlen\n"); goto end; } ret = uadk_prov_dh_locate_kdf_ukm(pdhctx, params); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to locate kdf ukm\n"); + UADK_ERR("failed to locate kdf ukm\n"); goto end; } ret = uadk_prov_dh_locate_kdf_pad(pdhctx, params); if (ret == UADK_P_FAIL) - fprintf(stderr, "failed to locate kdf pad\n"); + UADK_ERR("failed to locate kdf pad\n"); end: pthread_mutex_unlock(&dh_mutex); @@ -2099,7 +2100,7 @@ static int uadk_keyexch_dh_get_ctx_params(void *dhctx, OSSL_PARAM params[]) OSSL_PARAM *p; if (pdhctx == NULL) { - fprintf(stderr, "invalid: dh ctx is NULL\n"); + UADK_ERR("invalid: dh ctx is NULL\n"); return UADK_P_FAIL; } @@ -2113,12 +2114,12 @@ static int uadk_keyexch_dh_get_ctx_params(void *dhctx, OSSL_PARAM params[]) kdf_type = OSSL_KDF_NAME_X942KDF_ASN1; break; default: - fprintf(stderr, "invalid kdf_type\n"); + UADK_ERR("invalid kdf_type\n"); return UADK_P_FAIL; } if (!OSSL_PARAM_set_utf8_string(p, kdf_type)) { - fprintf(stderr, "failed to set utf8 string for kdf_type\n"); + UADK_ERR("failed to set utf8 string for kdf_type\n"); return UADK_P_FAIL; } } @@ -2127,19 +2128,19 @@ static int uadk_keyexch_dh_get_ctx_params(void *dhctx, OSSL_PARAM params[]) if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pdhctx->kdf_md == NULL ? "" : EVP_MD_get0_name(pdhctx->kdf_md))) { - fprintf(stderr, "failed to set kdf_md\n"); + UADK_ERR("failed to set kdf_md\n"); return UADK_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_OUTLEN); if (p != NULL && !OSSL_PARAM_set_size_t(p, pdhctx->kdf_outlen)) { - fprintf(stderr, "failed to set kdf_outlen\n"); + UADK_ERR("failed to set kdf_outlen\n"); return UADK_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_UKM); if (p != NULL && !OSSL_PARAM_set_octet_ptr(p, pdhctx->kdf_ukm, pdhctx->kdf_ukmlen)) { - fprintf(stderr, "failed to set kdf_ukm\n"); + UADK_ERR("failed to set kdf_ukm\n"); return UADK_P_FAIL; } @@ -2147,7 +2148,7 @@ static int uadk_keyexch_dh_get_ctx_params(void *dhctx, OSSL_PARAM params[]) if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pdhctx->kdf_cekalg == NULL ? "" : pdhctx->kdf_cekalg)) { - fprintf(stderr, "failed to set kdf_cekalg\n"); + UADK_ERR("failed to set kdf_cekalg\n"); return UADK_P_FAIL; } diff --git a/src/uadk_prov_digest.c b/src/uadk_prov_digest.c index 486ed11..6babd4b 100644 --- a/src/uadk_prov_digest.c +++ b/src/uadk_prov_digest.c @@ -170,13 +170,13 @@ static int uadk_create_digest_soft_ctx(struct digest_priv_ctx *priv) } if (unlikely(!priv->soft_md)) { - fprintf(stderr, "digest failed to fetch\n"); + UADK_ERR("digest failed to fetch\n"); return UADK_DIGEST_FAIL; } priv->soft_ctx = EVP_MD_CTX_new(); if (!priv->soft_ctx) { - fprintf(stderr, "EVP_MD_CTX_new failed.\n"); + UADK_ERR("EVP_MD_CTX_new failed.\n"); goto free; } @@ -195,7 +195,7 @@ static int uadk_digest_soft_init(struct digest_priv_ctx *priv) return UADK_DIGEST_FAIL; if (!EVP_DigestInit_ex(priv->soft_ctx, priv->soft_md, NULL)) { - fprintf(stderr, "soft digest init failed.\n"); + UADK_ERR("soft digest init failed.\n"); return UADK_DIGEST_FAIL; } @@ -211,7 +211,7 @@ static int uadk_digest_soft_update(struct digest_priv_ctx *priv, return UADK_DIGEST_FAIL; if (!EVP_DigestUpdate(priv->soft_ctx, data, len)) { - fprintf(stderr, "soft digest update failed.\n"); + UADK_ERR("soft digest update failed.\n"); return UADK_DIGEST_FAIL; } @@ -228,7 +228,7 @@ static int uadk_digest_soft_final(struct digest_priv_ctx *priv, unsigned char *d return UADK_DIGEST_FAIL; if (!EVP_DigestFinal_ex(priv->soft_ctx, digest, &digest_length)) { - fprintf(stderr, "soft digest final failed.\n"); + UADK_ERR("soft digest final failed.\n"); return UADK_DIGEST_FAIL; } @@ -299,7 +299,7 @@ static int uadk_digest_poll(void *ctx) rx_cnt++; } while (rx_cnt < PROV_SCH_RECV_MAX_CNT); - fprintf(stderr, "failed to poll msg: timeout!\n"); + UADK_ERR("failed to poll msg: timeout!\n"); return -ETIMEDOUT; } @@ -322,7 +322,7 @@ static int uadk_get_digest_info(struct digest_priv_ctx *priv) } if (unlikely(i == digest_counts)) { - fprintf(stderr, "failed to digest info.\n"); + UADK_ERR("failed to digest info.\n"); return UADK_DIGEST_FAIL; } @@ -351,7 +351,7 @@ static int uadk_prov_digest_dev_init(struct digest_priv_ctx *priv) cparams.bmp = numa_allocate_nodemask(); if (!cparams.bmp) { ret = UADK_DIGEST_FAIL; - fprintf(stderr, "failed to create nodemask!\n"); + UADK_ERR("failed to create nodemask!\n"); goto mutex_unlock; } @@ -362,7 +362,7 @@ static int uadk_prov_digest_dev_init(struct digest_priv_ctx *priv) ret = wd_digest_init2_(priv->alg_name, TASK_MIX, SCHED_POLICY_RR, &cparams); if (unlikely(ret && ret != -WD_EEXIST)) { - fprintf(stderr, "uadk failed to initialize digest dev, ret = %d\n", ret); + UADK_ERR("uadk failed to initialize digest dev, ret = %d\n", ret); goto free_nodemask; } ret = UADK_DIGEST_SUCCESS; @@ -396,7 +396,7 @@ static int uadk_digest_ctx_init(struct digest_priv_ctx *priv) if (!priv->sess) { priv->sess = wd_digest_alloc_sess(&setup); if (unlikely(!priv->sess)) { - fprintf(stderr, "uadk failed to alloc sess.\n"); + UADK_ERR("uadk failed to alloc sess.\n"); return UADK_DIGEST_FAIL; } } @@ -484,7 +484,7 @@ static int uadk_digest_update_inner(struct digest_priv_ctx *priv, const void *da ret = wd_do_digest_sync(priv->sess, &priv->req); if (ret) { - fprintf(stderr, "do sec digest update failed, switch to soft digest.\n"); + UADK_ERR("do sec digest update failed, switch to soft digest.\n"); goto do_soft_digest; } @@ -521,7 +521,7 @@ do_soft_digest: return ret; } - fprintf(stderr, "do soft digest failed during updating!\n"); + UADK_ERR("do soft digest failed during updating!\n"); return UADK_DIGEST_FAIL; @@ -533,7 +533,7 @@ out: static int uadk_digest_update(struct digest_priv_ctx *priv, const void *data, size_t data_len) { if (!priv->data) { - fprintf(stderr, "failed to do digest update, data in CTX is NULL.\n"); + UADK_ERR("failed to do digest update, data in CTX is NULL.\n"); return UADK_DIGEST_FAIL; } @@ -585,7 +585,7 @@ static int uadk_do_digest_sync(struct digest_priv_ctx *priv) ret = wd_do_digest_sync(priv->sess, &priv->req); if (ret) { - fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n"); + UADK_ERR("do sec digest sync failed, switch to soft digest.\n"); return UADK_DIGEST_FAIL; } @@ -599,7 +599,7 @@ static int uadk_do_digest_async(struct digest_priv_ctx *priv, struct async_op *o int cnt = 0; if (unlikely(priv->switch_flag == UADK_DO_SOFT)) { - fprintf(stderr, "digest soft switching is not supported in asynchronous mode.\n"); + UADK_ERR("digest soft switching is not supported in asynchronous mode.\n"); return UADK_DIGEST_FAIL; } @@ -618,12 +618,12 @@ static int uadk_do_digest_async(struct digest_priv_ctx *priv, struct async_op *o do { ret = wd_do_digest_async(priv->sess, &priv->req); if (ret < 0 && ret != -EBUSY) { - fprintf(stderr, "do sec digest async failed.\n"); + UADK_ERR("do sec digest async failed.\n"); goto free_poll_task; } if (unlikely(++cnt > ENGINE_SEND_MAX_CNT)) { - fprintf(stderr, "do digest async operation timeout.\n"); + UADK_ERR("do digest async operation timeout.\n"); goto free_poll_task; } } while (ret == -EBUSY); @@ -645,7 +645,7 @@ static int uadk_digest_final(struct digest_priv_ctx *priv, unsigned char *digest int ret; if (!priv->data) { - fprintf(stderr, "failed to do digest final, data in CTX is NULL.\n"); + UADK_ERR("failed to do digest final, data in CTX is NULL.\n"); return UADK_DIGEST_FAIL; } @@ -664,7 +664,7 @@ static int uadk_digest_final(struct digest_priv_ctx *priv, unsigned char *digest ret = async_setup_async_event_notification(&op); if (unlikely(!ret)) { - fprintf(stderr, "failed to setup async event notification.\n"); + UADK_ERR("failed to setup async event notification.\n"); return UADK_DIGEST_FAIL; } @@ -693,7 +693,7 @@ sync_err: ret = uadk_digest_soft_work(priv, priv->req.in_bytes, digest); } else { ret = UADK_DIGEST_FAIL; - fprintf(stderr, "do sec digest final failed.\n"); + UADK_ERR("do sec digest final failed.\n"); } clear: async_clear_async_event_notification(); @@ -707,7 +707,7 @@ static int uadk_digest_digest(struct digest_priv_ctx *priv, const void *data, int ret; if (!data) { - fprintf(stderr, "failed to do single digest, data in CTX is NULL.\n"); + UADK_ERR("failed to do single digest, data in CTX is NULL.\n"); return UADK_DIGEST_FAIL; } @@ -717,7 +717,7 @@ static int uadk_digest_digest(struct digest_priv_ctx *priv, const void *data, ret = async_setup_async_event_notification(&op); if (unlikely(!ret)) { - fprintf(stderr, "failed to setup async event notification.\n"); + UADK_ERR("failed to setup async event notification.\n"); return UADK_DIGEST_FAIL; } @@ -733,7 +733,7 @@ static int uadk_digest_digest(struct digest_priv_ctx *priv, const void *data, ret = uadk_do_digest_async(priv, &op); if (!ret) { - fprintf(stderr, "do sec single block digest failed.\n"); + UADK_ERR("do sec single block digest failed.\n"); async_clear_async_event_notification(); return ret; } @@ -782,22 +782,22 @@ static int uadk_digest_default_get_params(OSSL_PARAM params[], size_t blksz, p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_BLOCK_SIZE); if (p != NULL && !OSSL_PARAM_set_size_t(p, blksz)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set digest size parameter: blksz.\n"); return UADK_DIGEST_FAIL; } p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE); if (p != NULL && !OSSL_PARAM_set_size_t(p, paramsz)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set digest size parameter: paramsz.\n"); return UADK_DIGEST_FAIL; } p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_XOF); if (p != NULL && !OSSL_PARAM_set_int(p, 0)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set digest int parameter: xof.\n"); return UADK_DIGEST_FAIL; } p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_ALGID_ABSENT); if (p != NULL && !OSSL_PARAM_set_int(p, 0)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + UADK_ERR("failed to set digest int parameter: absent.\n"); return UADK_DIGEST_FAIL; } @@ -809,7 +809,7 @@ static void uadk_prov_freectx(void *dctx) struct digest_priv_ctx *priv = (struct digest_priv_ctx *)dctx; if (!dctx) { - fprintf(stderr, "the CTX to be free is NULL.\n"); + UADK_ERR("the CTX to be free is NULL.\n"); return; } @@ -852,7 +852,7 @@ static void *uadk_prov_dupctx(void *dctx) if (dst_ctx->soft_ctx) { dst_ctx->soft_ctx = EVP_MD_CTX_dup(src_ctx->soft_ctx); if (!dst_ctx->soft_ctx) { - fprintf(stderr, "EVP_MD_CTX_new failed in ctx copy.\n"); + UADK_ERR("EVP_MD_CTX_new failed in ctx copy.\n"); goto free_data; } @@ -879,7 +879,7 @@ static int uadk_prov_init(void *dctx, const OSSL_PARAM params[]) int ret; if (!dctx) { - fprintf(stderr, "CTX is NULL.\n"); + UADK_ERR("CTX is NULL.\n"); return UADK_DIGEST_FAIL; } @@ -894,7 +894,7 @@ static int uadk_prov_init(void *dctx, const OSSL_PARAM params[]) ret = uadk_prov_digest_dev_init(priv); if (unlikely(ret <= 0)) { - fprintf(stderr, "digest switch to soft init!\n"); + UADK_ERR("digest switch to soft init!\n"); return uadk_digest_soft_init(priv); } @@ -904,7 +904,7 @@ static int uadk_prov_init(void *dctx, const OSSL_PARAM params[]) static int uadk_prov_update(void *dctx, const unsigned char *in, size_t inl) { if (!dctx || !in) { - fprintf(stderr, "CTX or input data is NULL.\n"); + UADK_ERR("CTX or input data is NULL.\n"); return UADK_DIGEST_FAIL; } @@ -924,7 +924,7 @@ static int uadk_prov_final(void *dctx, unsigned char *out, int ret = UADK_DIGEST_SUCCESS; if (!dctx || !out) { - fprintf(stderr, "CTX or output data is NULL.\n"); + UADK_ERR("CTX or output data is NULL.\n"); return UADK_DIGEST_FAIL; } @@ -950,13 +950,13 @@ static int uadk_prov_digest(void *dctx, const unsigned char *in, size_t inl, int ret = UADK_DIGEST_SUCCESS; if (!dctx || !in || !out) { - fprintf(stderr, "CTX or input or output data is NULL.\n"); + UADK_ERR("CTX or input or output data is NULL.\n"); return UADK_DIGEST_FAIL; } if (inl > BUF_LEN) { - fprintf(stderr, "data len(%zu) can not be processed in single digest.\n", - inl); + UADK_ERR("data len(%zu) can not be processed in single digest.\n", + inl); return UADK_DIGEST_FAIL; } @@ -1045,7 +1045,7 @@ int uadk_prov_digest_version(void) dev = wd_get_accel_dev("digest"); if (!dev) { - fprintf(stderr, "no digest device available!\n"); + UADK_ERR("no digest device available!\n"); return UADK_DIGEST_FAIL; } diff --git a/src/uadk_prov_ec_kmgmt.c b/src/uadk_prov_ec_kmgmt.c index 2c6fcff..d3d4763 100644 --- a/src/uadk_prov_ec_kmgmt.c +++ b/src/uadk_prov_ec_kmgmt.c @@ -23,6 +23,7 @@ #include "uadk_async.h" #include "uadk_prov.h" #include "uadk_prov_pkey.h" +#include "uadk_utils.h" #define UADK_PROV_ECC_PADDING 7 #define UADK_PROV_RAND_MAX_CNT 1000 @@ -44,7 +45,7 @@ static int ec_param_check(struct ec_gen_ctx *gctx, EC_KEY *ec) ret = uadk_prov_ecc_genctx_check(gctx, ec); if (!ret) { - fprintf(stderr, "failed to check genctx!\n"); + UADK_ERR("failed to check genctx!\n"); return ret; } @@ -52,7 +53,7 @@ static int ec_param_check(struct ec_gen_ctx *gctx, EC_KEY *ec) /* Field GF(2m) is not supported by uadk */ type = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); if (type != NID_X9_62_prime_field) { - fprintf(stderr, "invalid: uadk unsupport Field GF(2m)!\n"); + UADK_ERR("invalid: uadk unsupport Field GF(2m)!\n"); return UADK_DO_SOFT; } @@ -74,14 +75,14 @@ static int ec_set_public_key(EC_KEY *ec, struct wd_ecc_out *ec_out) wd_ecxdh_get_out_params(ec_out, &pubkey); if (!pubkey) { - fprintf(stderr, "failed to get pubkey!\n"); + UADK_ERR("failed to get pubkey!\n"); return ret; } group = EC_KEY_get0_group(ec); point = EC_POINT_new(group); if (!point) { - fprintf(stderr, "failed to new ec point!\n"); + UADK_ERR("failed to new ec point!\n"); return ret; } @@ -90,7 +91,7 @@ static int ec_set_public_key(EC_KEY *ec, struct wd_ecc_out *ec_out) key_size_x = pubkey->x.dsize; key_size_y = pubkey->y.dsize; if (key_size_x > key_size_std || key_size_y > key_size_std) { - fprintf(stderr, "invalid: key size is error!\n"); + UADK_ERR("invalid: key size is error!\n"); goto free_point; } @@ -105,8 +106,8 @@ static int ec_set_public_key(EC_KEY *ec, struct wd_ecc_out *ec_out) y_shift = buff_size - key_size_y; buff = (unsigned char *)OPENSSL_zalloc(buff_size); if (!buff) { - fprintf(stderr, "failed to alloc buf, buff_size = %d!\n", - buff_size); + UADK_ERR("failed to alloc buf, buff_size = %d!\n", + buff_size); goto free_point; } @@ -116,13 +117,13 @@ static int ec_set_public_key(EC_KEY *ec, struct wd_ecc_out *ec_out) ret = EC_POINT_oct2point(group, point, buff, buff_size, NULL); if (!ret) { - fprintf(stderr, "failed to do EC_POINT_oct2point!\n"); + UADK_ERR("failed to do EC_POINT_oct2point!\n"); goto free_buf; } ret = EC_KEY_set_public_key(ec, point); if (!ret) - fprintf(stderr, "failed to do EC_KEY_set_public_key!\n"); + UADK_ERR("failed to do EC_KEY_set_public_key!\n"); free_buf: OPENSSL_free(buff); @@ -139,25 +140,25 @@ static handle_t ec_alloc_sess(EC_KEY *ec, struct wd_ecc_out **ec_out) ret = uadk_prov_keymgmt_get_support_state(KEYMGMT_ECDH); if (!ret) { - fprintf(stderr, "failed to get hardware ecdh keygen support!\n"); + UADK_ERR("failed to get hardware ecdh keygen support!\n"); return ret; } ret = uadk_prov_ecc_init("ecdh"); if (!ret) { - fprintf(stderr, "failed to init ecdh!\n"); + UADK_ERR("failed to init ecdh!\n"); return ret; } sess = uadk_prov_ecc_alloc_sess(ec, "ecdh"); if (!sess) { - fprintf(stderr, "failed to alloc ec sess!\n"); + UADK_ERR("failed to alloc ec sess!\n"); return ret; } *ec_out = wd_ecxdh_new_out(sess); if (!(*ec_out)) { - fprintf(stderr, "failed to new sign out\n"); + UADK_ERR("failed to new sign out\n"); wd_ecc_free_sess(sess); return UADK_P_FAIL; } @@ -184,7 +185,7 @@ static int ec_set_private_key(EC_KEY *ec, BIGNUM *priv_key) priv_k = BN_new(); if (!priv_k) { - fprintf(stderr, "failed to BN_new priv_k!\n"); + UADK_ERR("failed to BN_new priv_k!\n"); return UADK_P_FAIL; } @@ -194,12 +195,12 @@ static int ec_set_private_key(EC_KEY *ec, BIGNUM *priv_key) do { cnt++; if (cnt > UADK_PROV_RAND_MAX_CNT) { - fprintf(stderr, "failed to get appropriate prikey, timeout\n"); + UADK_ERR("failed to get appropriate prikey, timeout\n"); goto free_priv_k; } if (!BN_priv_rand_range(priv_k, order)) { - fprintf(stderr, "failed to get rand data!\n"); + UADK_ERR("failed to get rand data!\n"); goto free_priv_k; } } while (BN_is_zero(priv_k) || BN_is_one(priv_k)); @@ -207,7 +208,7 @@ static int ec_set_private_key(EC_KEY *ec, BIGNUM *priv_key) set_key: ret = EC_KEY_set_private_key(ec, priv_k); if (!ret) - fprintf(stderr, "failed to set private key!\n"); + UADK_ERR("failed to set private key!\n"); free_priv_k: if (!priv_key) @@ -235,20 +236,20 @@ static int ec_hw_keygen(EC_KEY *ec, BIGNUM *priv_key) sess = ec_alloc_sess(ec, &ec_out); if (!sess) { - fprintf(stderr, "failed to alloc sess!\n"); + UADK_ERR("failed to alloc sess!\n"); return UADK_DO_SOFT; } ret = ec_update_private_key(ec, sess, priv_key); if (!ret) { - fprintf(stderr, "failed to update private key!\n"); + UADK_ERR("failed to update private key!\n"); goto free_sess; } uadk_prov_ecc_fill_req(&req, WD_ECXDH_GEN_KEY, NULL, ec_out); ret = uadk_prov_ecc_crypto(sess, &req, (void *)sess); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to generate key!\n"); + UADK_ERR("failed to generate key!\n"); ret = UADK_DO_SOFT; goto free_sess; } @@ -326,7 +327,7 @@ static void *uadk_ec_sw_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) if (!enable_sw_offload || !get_default_ec_keymgmt().gen) return NULL; - fprintf(stderr, "switch to openssl software calculation in ecx generation.\n"); + UADK_INFO("switch to openssl software calculation in ecx generation.\n"); return get_default_ec_keymgmt().gen(genctx, osslcb, cbarg); } @@ -338,19 +339,19 @@ static void *uadk_keymgmt_ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbar int ret; if (!gctx) { - fprintf(stderr, "invalid: gctx is NULL to ec gen!\n"); + UADK_ERR("invalid: gctx is NULL to ec gen!\n"); return NULL; } ec = EC_KEY_new_ex(gctx->libctx, NULL); if (!ec) { - fprintf(stderr, "failed to new ec key!\n"); + UADK_ERR("failed to new ec key!\n"); return NULL; } ret = ec_param_check(genctx, ec); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to check genctx!\n"); + UADK_ERR("failed to check genctx!\n"); goto free_ec_key; } @@ -358,7 +359,7 @@ static void *uadk_keymgmt_ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbar if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { ret = ec_hw_keygen(ec, gctx->priv_key); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to gen public key!\n"); + UADK_ERR("failed to gen public key!\n"); goto free_ec_key; } } @@ -444,19 +445,19 @@ static int uadk_keymgmt_ec_gen_set_template(void *genctx, void *templ) EC_KEY *ec = templ; if (!gctx || !ec) { - fprintf(stderr, "invalid: genctx or templ is NULL!\n"); + UADK_ERR("invalid: genctx or templ is NULL!\n"); return UADK_P_FAIL; } src_group = EC_KEY_get0_group(ec); if (!src_group) { - fprintf(stderr, "failed to get source group!\n"); + UADK_ERR("failed to get source group!\n"); return UADK_P_FAIL; } dst_group = EC_GROUP_dup(src_group); if (!dst_group) { - fprintf(stderr, "failed to copy group!\n"); + UADK_ERR("failed to copy group!\n"); return UADK_P_FAIL; } @@ -541,7 +542,7 @@ static int uadk_keymgmt_ec_gen_set_params(void *genctx, const OSSL_PARAM params[ int ret; if (!gctx) { - fprintf(stderr, "invalid: gctx is NULL to set params!\n"); + UADK_ERR("invalid: gctx is NULL to set params!\n"); return UADK_P_FAIL; } diff --git a/src/uadk_prov_ecdh_exch.c b/src/uadk_prov_ecdh_exch.c index 323e22f..898e367 100644 --- a/src/uadk_prov_ecdh_exch.c +++ b/src/uadk_prov_ecdh_exch.c @@ -26,6 +26,7 @@ #include "uadk_prov.h" #include "uadk_prov_der_writer.h" #include "uadk_prov_pkey.h" +#include "uadk_utils.h" #define UADK_PROV_MAX_PARAM_LEN 80 @@ -87,7 +88,7 @@ static UADK_PKEY_KEYEXCH get_default_ecdh_keyexch(void) EVP_KEYEXCH_free((EVP_KEYEXCH *)keyexch); initialized = 1; } else { - fprintf(stderr, "failed to EVP_KEYEXCH_fetch default X448 provider\n"); + UADK_ERR("failed to EVP_KEYEXCH_fetch default X448 provider\n"); } } pthread_mutex_unlock(&ecdh_mutex); @@ -110,32 +111,32 @@ static int ecdh_param_check(struct ecdh_ctx *pecdhctx, struct ecdh_sess_ctx *ses int type; if (!pecdhctx->k || !pecdhctx->peerk) { - fprintf(stderr, "invalid: k or peerk is NULL.\n"); + UADK_ERR("invalid: k or peerk is NULL.\n"); return UADK_P_FAIL; } sess_ctx->pub_key = EC_KEY_get0_public_key(pecdhctx->peerk); if (!sess_ctx->pub_key) { - fprintf(stderr, "invalid: public key is NULL.\n"); + UADK_ERR("invalid: public key is NULL.\n"); return UADK_P_FAIL; } group = EC_KEY_get0_group(pecdhctx->k); if (!group) { - fprintf(stderr, "invalid: group is 0.\n"); + UADK_ERR("invalid: group is 0.\n"); return UADK_P_FAIL; } sess_ctx->cofactor = EC_GROUP_get0_cofactor(group); if (!sess_ctx->cofactor) { - fprintf(stderr, "invalid: cofactor is NULL!\n"); + UADK_ERR("invalid: cofactor is NULL!\n"); return UADK_P_FAIL; } /* Field GF(2m) is not supported by uadk */ type = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); if (type != NID_X9_62_prime_field) { - fprintf(stderr, "invalid: uadk unsupport Field GF(2m)!\n"); + UADK_ERR("invalid: uadk unsupport Field GF(2m)!\n"); return UADK_DO_SOFT; } @@ -190,13 +191,13 @@ static handle_t ecdh_alloc_sess(EC_KEY *privk) ret = uadk_prov_keyexch_get_support_state(KEYEXCH_ECDH); if (!ret) { - fprintf(stderr, "invalid: hardware not support ecdh!\n"); + UADK_ERR("invalid: hardware not support ecdh!\n"); return UADK_P_FAIL; } ret = uadk_prov_ecc_init("ecdh"); if (!ret) { - fprintf(stderr, "failed to init ecdh to compute key!\n"); + UADK_ERR("failed to init ecdh to compute key!\n"); return UADK_P_FAIL; } @@ -242,13 +243,13 @@ static int ecdh_init_req(struct ecdh_sess_ctx *sess_ctx, /* Set public key */ ecdh_in = wd_ecxdh_new_in(sess, &in_pkey); if (!ecdh_in) { - fprintf(stderr, "failed to new ecxdh in\n"); + UADK_ERR("failed to new ecxdh in\n"); goto free_ctx; } ecdh_out = wd_ecxdh_new_out(sess); if (!ecdh_out) { - fprintf(stderr, "failed to new ecxdh out\n"); + UADK_ERR("failed to new ecxdh out\n"); wd_ecc_del_in(sess, ecdh_in); goto free_ctx; } @@ -279,7 +280,7 @@ static int ecdh_get_shared_key(unsigned char *secret, wd_ecxdh_get_out_params(req->dst, &shared_key); if (!shared_key) { - fprintf(stderr, "failed to get ecdh shared key\n"); + UADK_ERR("failed to get ecdh shared key\n"); return UADK_P_FAIL; } @@ -303,25 +304,25 @@ static int ecdh_compute_key(struct ecdh_sess_ctx *sess_ctx, sess = ecdh_alloc_sess(sess_ctx->privk); if (!sess) { - fprintf(stderr, "failed to alloc sess to compute key!\n"); + UADK_ERR("failed to alloc sess to compute key!\n"); return UADK_DO_SOFT; } ret = uadk_prov_ecc_set_private_key(sess, sess_ctx->privk); if (!ret) { - fprintf(stderr, "failed to set private key!\n"); + UADK_ERR("failed to set private key!\n"); goto free_sess; } ret = ecdh_init_req(sess_ctx, &req, sess); if (!ret) { - fprintf(stderr, "failed to init req!\n"); + UADK_ERR("failed to init req!\n"); goto free_sess; } ret = uadk_prov_ecc_crypto(sess, &req, (void *)sess); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to calculate shared key!\n"); + UADK_ERR("failed to calculate shared key!\n"); ret = UADK_DO_SOFT; goto uninit_req; } @@ -355,7 +356,7 @@ static int ecdh_plain_derive(struct ecdh_ctx *pecdhctx, ret = ecdh_set_privk(pecdhctx, &sess_ctx); if (!ret) { - fprintf(stderr, "failed to set private key!\n"); + UADK_ERR("failed to set private key!\n"); return ret; } @@ -379,14 +380,14 @@ static int ecdh_kdf_X9_63(unsigned char *out, struct ecdh_ctx *pecdhctx, kdf = EVP_KDF_fetch(pecdhctx->libctx, OSSL_KDF_NAME_X963KDF, NULL); if (!kdf) { - fprintf(stderr, "failed to fetch kdf!\n"); + UADK_ERR("failed to fetch kdf!\n"); return ret; } mdname = EVP_MD_get0_name(pecdhctx->kdf_md); kctx = EVP_KDF_CTX_new(kdf); if (!kctx) { - fprintf(stderr, "failed to new kctx!\n"); + UADK_ERR("failed to new kctx!\n"); goto free_kdf; } @@ -423,8 +424,8 @@ static int ecdh_X9_63_kdf_derive(struct ecdh_ctx *pecdhctx, unsigned char *secre } if (outlen < pecdhctx->kdf_outlen) { - fprintf(stderr, "invalid: outlen %zu is less than kdf_outlen %zu!\n", - outlen, pecdhctx->kdf_outlen); + UADK_ERR("invalid: outlen %zu is less than kdf_outlen %zu!\n", + outlen, pecdhctx->kdf_outlen); return UADK_P_FAIL; } @@ -434,7 +435,7 @@ static int ecdh_X9_63_kdf_derive(struct ecdh_ctx *pecdhctx, unsigned char *secre stmp = OPENSSL_secure_malloc(stmplen); if (!stmp) { - fprintf(stderr, "failed to alloc stmp!\n"); + UADK_ERR("failed to alloc stmp!\n"); return UADK_P_FAIL; } @@ -459,7 +460,7 @@ static int uadk_ecdh_sw_derive(void *vpecdhctx, unsigned char *secret, if (!enable_sw_offload || !get_default_ecdh_keyexch().derive) return UADK_P_FAIL; - fprintf(stderr, "switch to openssl software calculation in ecdh derivation.\n"); + UADK_INFO("switch to openssl software calculation in ecdh derivation.\n"); return get_default_ecdh_keyexch().derive(vpecdhctx, secret, psecretlen, outlen); } @@ -471,7 +472,7 @@ static int uadk_keyexch_ecdh_derive(void *vpecdhctx, unsigned char *secret, int ret = UADK_P_FAIL; if (!pecdhctx) { - fprintf(stderr, "invalid: vpecdhctx is NULL to derive!\n"); + UADK_ERR("invalid: vpecdhctx is NULL to derive!\n"); return UADK_P_FAIL; } @@ -529,7 +530,7 @@ static int uadk_keyexch_ecdh_init(void *vpecdhctx, void *vecdh, const OSSL_PARAM int ret; if (!pecdhctx || !vecdh) { - fprintf(stderr, "invalid: pecdhctx or vecdh is to init!\n"); + UADK_ERR("invalid: pecdhctx or vecdh is to init!\n"); return UADK_P_FAIL; } @@ -543,7 +544,7 @@ static int uadk_keyexch_ecdh_init(void *vpecdhctx, void *vecdh, const OSSL_PARAM ret = uadk_keyexch_ecdh_set_ctx_params(pecdhctx, params); if (!ret) { - fprintf(stderr, "failed to set_ctx_params!\n"); + UADK_ERR("failed to set_ctx_params!\n"); return ret; } @@ -559,13 +560,13 @@ static int ecdh_match_params(const EC_KEY *privk, const EC_KEY *pubk) ctx = BN_CTX_new_ex(privk->libctx); if (!ctx) { - fprintf(stderr, "failed to new ctx!\n"); + UADK_ERR("failed to new ctx!\n"); return UADK_P_FAIL; } if (group_privk && group_pubk) { if (EC_GROUP_cmp(group_privk, group_pubk, ctx)) { - fprintf(stderr, "invalid: privk is not match pubk!\n"); + UADK_ERR("invalid: privk is not match pubk!\n"); ret = UADK_P_FAIL; } } @@ -581,7 +582,7 @@ static int uadk_keyexch_ecdh_set_peer(void *vpecdhctx, void *vecdh) int ret; if (!pecdhctx || !vecdh) { - fprintf(stderr, "invalid: vpecdhctx or vecdh is NULL to set_peer!\n"); + UADK_ERR("invalid: vpecdhctx or vecdh is NULL to set_peer!\n"); return UADK_P_FAIL; } @@ -608,13 +609,13 @@ static void *uadk_keyexch_ecdh_dupctx(void *vpecdhctx) struct ecdh_ctx *dstctx; if (!srcctx) { - fprintf(stderr, "invalid: source ecdh ctx is NULL!\n"); + UADK_ERR("invalid: source ecdh ctx is NULL!\n"); return NULL; } dstctx = OPENSSL_zalloc(sizeof(*srcctx)); if (!dstctx) { - fprintf(stderr, "failed to alloc dst ctx!\n"); + UADK_ERR("failed to alloc dst ctx!\n"); return NULL; } @@ -849,7 +850,7 @@ static int uadk_keyexch_ecdh_set_ctx_params(void *vpecdhctx, const OSSL_PARAM pa int ret; if (!pectx) { - fprintf(stderr, "invalid: pectx is NULL to set_ctx_params!\n"); + UADK_ERR("invalid: pectx is NULL to set_ctx_params!\n"); return UADK_P_FAIL; } @@ -881,7 +882,7 @@ static int uadk_keyexch_ecdh_get_ctx_params(void *vpecdhctx, OSSL_PARAM params[] int ret; if (!pectx) { - fprintf(stderr, "invalid: pectx is NULL to get_ctx_params!\n"); + UADK_ERR("invalid: pectx is NULL to get_ctx_params!\n"); return UADK_P_FAIL; } diff --git a/src/uadk_prov_ecdsa.c b/src/uadk_prov_ecdsa.c index 912fe90..3876488 100644 --- a/src/uadk_prov_ecdsa.c +++ b/src/uadk_prov_ecdsa.c @@ -23,6 +23,7 @@ #include "uadk_prov.h" #include "uadk_prov_der_writer.h" #include "uadk_prov_pkey.h" +#include "uadk_utils.h" #define DIGEST_MAX_NAME_SIZE 50 #define MAX_ALGORITHM_ID_SIZE 256 @@ -93,7 +94,7 @@ static void *uadk_signature_ecdsa_newctx(void *provctx, const char *propq) if (propq) { ctx->propq = OPENSSL_strdup(propq); if (!ctx->propq) { - fprintf(stderr, "failed to strdup propq!\n"); + UADK_ERR("failed to strdup propq!\n"); OPENSSL_free(ctx); ctx = NULL; } @@ -124,13 +125,13 @@ static void *uadk_signature_ecdsa_dupctx(void *vctx) struct ecdsa_ctx *dst_ctx; if (!src_ctx) { - fprintf(stderr, "invalid: src ctx is NULL to dupctx!\n"); + UADK_ERR("invalid: src ctx is NULL to dupctx!\n"); return NULL; } /* Test KATS should not need to be supported */ if (src_ctx->kinv || src_ctx->r) { - fprintf(stderr, "invalid: src ctx kinv or r is not NULL!\n"); + UADK_ERR("invalid: src ctx kinv or r is not NULL!\n"); return NULL; } @@ -253,8 +254,8 @@ static int ecdsa_setup_md(struct ecdsa_ctx *ctx, const char *mdname, const char mdname_len = strlen(mdname); if (mdname_len >= DIGEST_MAX_NAME_SIZE) { - fprintf(stderr, "invalid: %s size %zu exceeds name buffer length %d!\n", - mdname, mdname_len, DIGEST_MAX_NAME_SIZE); + UADK_ERR("invalid: %s size %zu exceeds name buffer length %d!\n", + mdname, mdname_len, DIGEST_MAX_NAME_SIZE); return UADK_P_FAIL; } @@ -263,20 +264,20 @@ static int ecdsa_setup_md(struct ecdsa_ctx *ctx, const char *mdname, const char md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); if (!md) { - fprintf(stderr, "failed to fetch %s!\n", mdname); + UADK_ERR("failed to fetch %s!\n", mdname); return UADK_P_FAIL; } md_nid = ecdsa_digest_get_approved_nid(ctx, md); if (md_nid < 0) { - fprintf(stderr, "digest %s not allowed!\n", mdname); + UADK_ERR("digest %s not allowed!\n", mdname); goto err; } if (!ctx->flag_allow_md) { if (ctx->mdname[0] != '\0' && !EVP_MD_is_a(md, ctx->mdname)) { - fprintf(stderr, "digest %s is not same ctx digest %s!\n", - mdname, ctx->mdname); + UADK_ERR("digest %s is not same ctx digest %s!\n", + mdname, ctx->mdname); goto err; } EVP_MD_free(md); @@ -309,7 +310,7 @@ static int ecdsa_signverify_init(void *vctx, void *ec, int ret; if (!ctx || (!ec && !ctx->ec)) { - fprintf(stderr, "invalid: ctx or ec is NULL to digest init!\n"); + UADK_ERR("invalid: ctx or ec is NULL to digest init!\n"); return UADK_P_FAIL; } @@ -352,7 +353,7 @@ static int ecdsa_soft_sign(struct ecdsa_ctx *ctx, unsigned char *sig, size_t *si if (!enable_sw_offload) return UADK_P_FAIL; - fprintf(stderr, "switch to openssl software calculation in ecdsa signature.\n"); + UADK_INFO("switch to openssl software calculation in ecdsa signature.\n"); ret = ECDSA_sign_ex(0, tbs, tbslen, sig, &tmplen, ctx->kinv, ctx->r, ctx->ec); if (ret <= 0) @@ -369,7 +370,7 @@ static int ecdsa_soft_verify(struct ecdsa_ctx *ctx, const unsigned char *sig, si if (!enable_sw_offload) return UADK_P_FAIL; - fprintf(stderr, "switch to openssl software calculation in ecdsa verification.\n"); + UADK_INFO("switch to openssl software calculation in ecdsa verification.\n"); return ECDSA_verify(0, tbs, tbslen, sig, siglen, ctx->ec); } @@ -381,26 +382,26 @@ static int ecdsa_common_params_check(struct ecdsa_ctx *ctx, int type; if (unlikely(!opdata->tbs || !opdata->tbslen)) { - fprintf(stderr, "invalid: tbs is NULL or tbslen %zu error!\n", opdata->tbslen); + UADK_ERR("invalid: tbs is NULL or tbslen %zu error!\n", opdata->tbslen); return UADK_P_FAIL; } if (ctx->mdsize && opdata->tbslen != ctx->mdsize) { - fprintf(stderr, "invalid: ctx->mdsize %zu not equal tbslen %zu!\n", - ctx->mdsize, opdata->tbslen); + UADK_ERR("invalid: ctx->mdsize %zu not equal tbslen %zu!\n", + ctx->mdsize, opdata->tbslen); return UADK_P_FAIL; } group = EC_KEY_get0_group(ctx->ec); if (unlikely(!group)) { - fprintf(stderr, "invalid: group is NULL!\n"); + UADK_ERR("invalid: group is NULL!\n"); return UADK_P_FAIL; } /* Field GF(2m) is not supported by uadk */ type = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); if (type != NID_X9_62_prime_field) { - fprintf(stderr, "invalid: uadk unsupport Field GF(2m)!\n"); + UADK_ERR("invalid: uadk unsupport Field GF(2m)!\n"); return UADK_DO_SOFT; } @@ -415,13 +416,13 @@ static handle_t ecdsa_alloc_sess(EC_KEY *ec) ret = uadk_prov_signature_get_support_state(SIGNATURE_ECDSA); if (!ret) { - fprintf(stderr, "failed to get hardware ecdsa support!\n"); + UADK_ERR("failed to get hardware ecdsa support!\n"); return ret; } ret = uadk_prov_ecc_init(UADK_PROV_ECDSA); if (!ret) { - fprintf(stderr, "failed to init ecdsa!\n"); + UADK_ERR("failed to init ecdsa!\n"); return ret; } @@ -455,7 +456,7 @@ static int ecdsa_set_digest(struct ecdsa_opdata *opdata, struct wd_dtb *e) if (BYTES_TO_BITS(data_len) > order_bits) { m = BN_new(); if (!m) { - fprintf(stderr, "failed to BN_new m!\n"); + UADK_ERR("failed to BN_new m!\n"); return UADK_P_FAIL; } @@ -465,7 +466,7 @@ static int ecdsa_set_digest(struct ecdsa_opdata *opdata, struct wd_dtb *e) */ data_len = BITS_TO_BYTES(order_bits); if (!BN_bin2bn(opdata->tbs, data_len, m)) { - fprintf(stderr, "failed to BN_bin2bn tbs!\n"); + UADK_ERR("failed to BN_bin2bn tbs!\n"); BN_free(m); return UADK_P_FAIL; } @@ -477,7 +478,7 @@ static int ecdsa_set_digest(struct ecdsa_opdata *opdata, struct wd_dtb *e) */ if (BYTES_TO_BITS(data_len) > order_bits && !BN_rshift(m, m, DGST_SHIFT_NUM(order_bits))) { - fprintf(stderr, "failed to truncate input tbs!\n"); + UADK_ERR("failed to truncate input tbs!\n"); BN_free(m); return UADK_P_FAIL; } @@ -512,13 +513,13 @@ static int ecdsa_sign_init_iot(handle_t sess, struct wd_ecc_req *req, ecc_in = wd_ecdsa_new_sign_in(sess, &e, NULL); if (unlikely(!ecc_in)) { - fprintf(stderr, "failed to new ecdsa sign in!\n"); + UADK_ERR("failed to new ecdsa sign in!\n"); return UADK_P_FAIL; } ecc_out = wd_ecdsa_new_sign_out(sess); if (unlikely(!ecc_out)) { - fprintf(stderr, "failed to new ecdsa sign out!\n"); + UADK_ERR("failed to new ecdsa sign out!\n"); wd_ecc_del_in(sess, ecc_in); return UADK_P_FAIL; } @@ -547,31 +548,31 @@ static ECDSA_SIG *ecdsa_get_sign_data(struct wd_ecc_req *req) br = BN_new(); bs = BN_new(); if (unlikely(!br || !bs)) { - fprintf(stderr, "failed to new br or bs!\n"); + UADK_ERR("failed to new br or bs!\n"); goto free_bn; } wd_ecdsa_get_sign_out_params(req->dst, &r, &s); if (unlikely(!r || !s)) { - fprintf(stderr, "failed to get r or s\n"); + UADK_ERR("failed to get r or s\n"); goto free_bn; } if (!BN_bin2bn((void *)r->data, r->dsize, br) || !BN_bin2bn((void *)s->data, s->dsize, bs)) { - fprintf(stderr, "failed to BN_bin2bn r or s\n"); + UADK_ERR("failed to BN_bin2bn r or s\n"); goto free_bn; } sig = ECDSA_SIG_new(); if (unlikely(!sig)) { - fprintf(stderr, "failed to new sig!\n"); + UADK_ERR("failed to new sig!\n"); goto free_bn; } ret = ECDSA_SIG_set0(sig, br, bs); if (unlikely(!ret)) { - fprintf(stderr, "failed to set br or bs to sig!\n"); + UADK_ERR("failed to set br or bs to sig!\n"); goto free_sig; } @@ -592,25 +593,25 @@ static int ecdsa_hw_sign(struct ecdsa_opdata *opdata) sess = ecdsa_alloc_sess(opdata->ec); if (unlikely(!sess)) { - fprintf(stderr, "failed to alloc ecdsa sess!\n"); + UADK_ERR("failed to alloc ecdsa sess!\n"); return UADK_DO_SOFT; } ret = ecdsa_sign_init_iot(sess, &req, opdata); if (unlikely(!ret)) { - fprintf(stderr, "failed to ecdsa_sign_init_iot!\n"); + UADK_ERR("failed to ecdsa_sign_init_iot!\n"); goto free_sess; } ret = uadk_prov_ecc_set_private_key(sess, opdata->ec); if (unlikely(!ret)) { - fprintf(stderr, "failed to set private key!\n"); + UADK_ERR("failed to set private key!\n"); goto free_iot; } ret = uadk_prov_ecc_crypto(sess, &req, (void *)sess); if (unlikely(!ret || req.status)) { - fprintf(stderr, "failed to hardware sign!\n"); + UADK_ERR("failed to hardware sign!\n"); ret = UADK_DO_SOFT; goto free_iot; } @@ -634,12 +635,12 @@ static int ecdsa_sign_params_check(struct ecdsa_ctx *ctx, size_t ecsize; if (unlikely(!siglen)) { - fprintf(stderr, "invalid: siglen is NULL to sign!\n"); + UADK_ERR("invalid: siglen is NULL to sign!\n"); return UADK_P_FAIL; } if (unlikely(!ctx || !ctx->ec)) { - fprintf(stderr, "invalid: ctx or ec is NULL to sign!\n"); + UADK_ERR("invalid: ctx or ec is NULL to sign!\n"); return UADK_P_FAIL; } @@ -650,8 +651,8 @@ static int ecdsa_sign_params_check(struct ecdsa_ctx *ctx, } if (unlikely(sigsize < ecsize)) { - fprintf(stderr, "invalid: sigsize %zu is less than ecsize %zu!\n", - sigsize, ecsize); + UADK_ERR("invalid: sigsize %zu is less than ecsize %zu!\n", + sigsize, ecsize); return UADK_P_FAIL; } @@ -671,7 +672,7 @@ static int uadk_signature_ecdsa_sign(void *vctx, unsigned char *sig, size_t *sig if (ret == UADK_SIGN_SIG_NULL) { return UADK_P_SUCCESS; } else if (unlikely(ret != UADK_P_SUCCESS)) { - fprintf(stderr, "failed to check params to sign!\n"); + UADK_ERR("failed to check params to sign!\n"); goto err; } @@ -725,7 +726,7 @@ static int ecdsa_verify_init_iot(handle_t sess, struct wd_ecc_req *req, s.dsize = BN_bn2bin(sig_s, (void *)s.data); ecc_in = wd_ecdsa_new_verf_in(sess, &e, &r, &s); if (unlikely(!ecc_in)) { - fprintf(stderr, "failed to new ecdsa verf in\n"); + UADK_ERR("failed to new ecdsa verf in\n"); return UADK_P_FAIL; } @@ -742,7 +743,7 @@ static int ecdsa_hw_verify(struct ecdsa_opdata *opdata) sess = ecdsa_alloc_sess(opdata->ec); if (unlikely(!sess)) { - fprintf(stderr, "failed to alloc ecdsa sess!\n"); + UADK_ERR("failed to alloc ecdsa sess!\n"); return UADK_DO_SOFT; } @@ -756,7 +757,7 @@ static int ecdsa_hw_verify(struct ecdsa_opdata *opdata) ret = uadk_prov_ecc_crypto(sess, &req, (void *)sess); if (unlikely(ret != UADK_P_SUCCESS || req.status)) { - fprintf(stderr, "failed to hardware verify!\n"); + UADK_ERR("failed to hardware verify!\n"); ret = UADK_DO_SOFT; } @@ -771,12 +772,12 @@ static int ecdsa_verify_params_check(struct ecdsa_ctx *ctx, struct ecdsa_opdata const unsigned char *sig, size_t siglen) { if (!ctx || !ctx->ec) { - fprintf(stderr, "invalid: ctx or ec is NULL to verify!\n"); + UADK_ERR("invalid: ctx or ec is NULL to verify!\n"); return UADK_P_FAIL; } if (!sig || !siglen) { - fprintf(stderr, "invalid: sig is NULL or siglen %zu error!\n", siglen); + UADK_ERR("invalid: sig is NULL or siglen %zu error!\n", siglen); return UADK_P_FAIL; } @@ -792,20 +793,20 @@ static ECDSA_SIG *ecdsa_create_sig(const unsigned char *sig, size_t siglen) s = ECDSA_SIG_new(); if (!s) { - fprintf(stderr, "failed to new s to verify!\n"); + UADK_ERR("failed to new s to verify!\n"); return NULL; } if (!d2i_ECDSA_SIG(&s, &p, siglen)) { - fprintf(stderr, "failed to d2i_ECDSA_SIG: siglen = %zu!\n", - siglen); + UADK_ERR("failed to d2i_ECDSA_SIG: siglen = %zu!\n", + siglen); goto err; } /* Ensure signature uses DER and doesn't have trailing garbage */ derlen = i2d_ECDSA_SIG(s, &der); if (derlen != siglen || memcmp(sig, der, derlen) != 0) { - fprintf(stderr, "sig have trailing garbage, derlen %d!\n", derlen); + UADK_ERR("sig have trailing garbage, derlen %d!\n", derlen); OPENSSL_free(der); goto err; } @@ -831,13 +832,13 @@ static int uadk_signature_ecdsa_verify(void *vctx, const unsigned char *sig, opdata.tbslen = tbslen; ret = ecdsa_verify_params_check(ctx, &opdata, sig, siglen); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to check params to sign!\n"); + UADK_ERR("failed to check params to sign!\n"); goto err; } opdata.sig = ecdsa_create_sig(sig, siglen); if (!opdata.sig) { - fprintf(stderr, "failed to create s to verify!\n"); + UADK_ERR("failed to create s to verify!\n"); return UADK_P_FAIL; } @@ -897,7 +898,7 @@ static int ecdsa_digest_signverify_update(void *vctx, const unsigned char *data, struct ecdsa_ctx *ctx = (struct ecdsa_ctx *)vctx; if (!ctx || !ctx->mdctx) { - fprintf(stderr, "invalid: ctx or mdctx is NULL to digest update!\n"); + UADK_ERR("invalid: ctx or mdctx is NULL to digest update!\n"); return UADK_P_FAIL; } @@ -918,7 +919,7 @@ static int uadk_signature_ecdsa_digest_sign_final(void *vctx, unsigned char *sig unsigned int dlen = 0; if (!ctx || !ctx->mdctx) { - fprintf(stderr, "invalid: ctx or mdctx is NULL to sign digest final!\n"); + UADK_ERR("invalid: ctx or mdctx is NULL to sign digest final!\n"); return UADK_P_FAIL; } @@ -954,7 +955,7 @@ static int uadk_signature_ecdsa_digest_verify_final(void *vctx, const unsigned c unsigned int dlen = 0; if (!ctx || !ctx->mdctx) { - fprintf(stderr, "invalid: ctx or mdctx is NULL to verify digest final!\n"); + UADK_ERR("invalid: ctx or mdctx is NULL to verify digest final!\n"); return UADK_P_FAIL; } @@ -1008,7 +1009,7 @@ static int uadk_signature_ecdsa_get_ctx_params(void *vctx, OSSL_PARAM *params) int ret; if (!ctx) { - fprintf(stderr, "invalid: ctx is NULL to get_ctx_params!\n"); + UADK_ERR("invalid: ctx is NULL to get_ctx_params!\n"); return UADK_P_FAIL; } @@ -1095,7 +1096,7 @@ static int uadk_signature_ecdsa_set_ctx_params(void *vctx, const OSSL_PARAM para int ret; if (!ctx) { - fprintf(stderr, "invalid: ctx is NULL to set_ctx_params!\n"); + UADK_ERR("invalid: ctx is NULL to set_ctx_params!\n"); return UADK_P_FAIL; } @@ -1138,7 +1139,7 @@ static int uadk_signature_ecdsa_get_ctx_md_params(void *vctx, OSSL_PARAM *params struct ecdsa_ctx *ctx = (struct ecdsa_ctx *)vctx; if (!ctx || !ctx->mdctx) { - fprintf(stderr, "invalid: ctx or md ctx is NULL to get_ctx_md_params!\n"); + UADK_ERR("invalid: ctx or md ctx is NULL to get_ctx_md_params!\n"); return UADK_P_FAIL; } @@ -1150,7 +1151,7 @@ static const OSSL_PARAM *uadk_signature_ecdsa_gettable_ctx_md_params(void *vctx) struct ecdsa_ctx *ctx = (struct ecdsa_ctx *)vctx; if (!ctx || !ctx->md) { - fprintf(stderr, "invalid: ctx or md is NULL to gettable_ctx_md_params!\n"); + UADK_ERR("invalid: ctx or md is NULL to gettable_ctx_md_params!\n"); return NULL; } @@ -1162,7 +1163,7 @@ static int uadk_signature_ecdsa_set_ctx_md_params(void *vctx, const OSSL_PARAM p struct ecdsa_ctx *ctx = (struct ecdsa_ctx *)vctx; if (!ctx || !ctx->mdctx) { - fprintf(stderr, "invalid: ctx or md ctx is NULL to set_ctx_md_params!\n"); + UADK_ERR("invalid: ctx or md ctx is NULL to set_ctx_md_params!\n"); return UADK_P_FAIL; } @@ -1174,7 +1175,7 @@ static const OSSL_PARAM *uadk_signature_ecdsa_settable_ctx_md_params(void *vctx) struct ecdsa_ctx *ctx = (struct ecdsa_ctx *)vctx; if (!ctx || !ctx->md) { - fprintf(stderr, "invalid: ctx or md is NULL to settable_ctx_md_params!\n"); + UADK_ERR("invalid: ctx or md is NULL to settable_ctx_md_params!\n"); return NULL; } diff --git a/src/uadk_prov_ecx.c b/src/uadk_prov_ecx.c index 646393b..878ac96 100644 --- a/src/uadk_prov_ecx.c +++ b/src/uadk_prov_ecx.c @@ -29,6 +29,7 @@ #include "uadk_async.h" #include "uadk_prov.h" #include "uadk_prov_pkey.h" +#include "uadk_utils.h" #define X448_KEYLEN 56 #define X448_KEYBITS 448 @@ -69,7 +70,7 @@ static UADK_PKEY_KEYEXCH get_default_x448_keyexch(void) EVP_KEYEXCH_free((EVP_KEYEXCH *)keyexch); initilazed = 1; } else { - fprintf(stderr, "failed to EVP_KEYEXCH_fetch default X448 provider\n"); + UADK_ERR("failed to EVP_KEYEXCH_fetch default X448 provider\n"); } } pthread_mutex_unlock(&x448_mutex); @@ -93,7 +94,7 @@ static UADK_PKEY_KEYEXCH get_default_x25519_keyexch(void) EVP_KEYEXCH_free((EVP_KEYEXCH *)keyexch); initialized = 1; } else { - fprintf(stderr, "failed to EVP_KEYEXCH_fetch default X25519 provider\n"); + UADK_ERR("failed to EVP_KEYEXCH_fetch default X25519 provider\n"); } } pthread_mutex_unlock(&x25519_mutex); @@ -381,7 +382,7 @@ static int ossl_ecx_gen_set_params(void *genctx, const OSSL_PARAM params[]) } if (p->data_type != OSSL_PARAM_UTF8_STRING || groupname == NULL || OPENSSL_strcasecmp(p->data, groupname) != 0) { - fprintf(stderr, "invalid ecx params\n"); + UADK_ERR("invalid ecx params\n"); return UADK_P_FAIL; } } @@ -433,7 +434,7 @@ static void *ossl_ecx_gen_init(void *provctx, int selection, const OSSL_PARAM pa gctx = OPENSSL_zalloc(sizeof(PROV_ECX_KEYMGMT_CTX)); if (gctx == NULL) { - fprintf(stderr, "failed to alloc ecx gctx\n"); + UADK_ERR("failed to alloc ecx gctx\n"); return NULL; } @@ -443,7 +444,7 @@ static void *ossl_ecx_gen_init(void *provctx, int selection, const OSSL_PARAM pa ret = ossl_ecx_gen_set_params(gctx, params); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to set ecx params\n"); + UADK_ERR("failed to set ecx params\n"); OPENSSL_free(gctx); gctx = NULL; } @@ -464,7 +465,7 @@ static void *uadk_keymgmt_x448_gen_init(void *provctx, int selection, const OSSL_PARAM params[]) { if (provctx == NULL) { - fprintf(stderr, "invalid: provctx is NULL\n"); + UADK_ERR("invalid: provctx is NULL\n"); return NULL; } @@ -477,7 +478,7 @@ static ECX_KEY *uadk_prov_ecx_key_new(OSSL_LIB_CTX *libctx, ECX_KEY_TYPE type, i ECX_KEY *ecx_key = OPENSSL_zalloc(sizeof(ECX_KEY)); if (ecx_key == NULL) { - fprintf(stderr, "failed to alloc ecx key"); + UADK_ERR("failed to alloc ecx key"); return NULL; } @@ -492,7 +493,7 @@ static ECX_KEY *uadk_prov_ecx_key_new(OSSL_LIB_CTX *libctx, ECX_KEY_TYPE type, i ecx_key->keylen = X25519_KEYLEN; break; default: - fprintf(stderr, "invalid: unsupported ecx type\n"); + UADK_ERR("invalid: unsupported ecx type\n"); goto free_ecx_key; } @@ -550,7 +551,7 @@ static ECX_KEY *uadk_prov_ecx_create_prikey(PROV_ECX_KEYMGMT_CTX *gctx) ecx_key = uadk_prov_ecx_key_new(gctx->libctx, gctx->type, 0, gctx->propq); if (ecx_key == NULL) { - fprintf(stderr, "failed to new ecx_key\n"); + UADK_ERR("failed to new ecx_key\n"); return NULL; } @@ -565,13 +566,13 @@ static ECX_KEY *uadk_prov_ecx_create_prikey(PROV_ECX_KEYMGMT_CTX *gctx) prikey = OPENSSL_secure_malloc(ecx_key->keylen); if (prikey == NULL) { - fprintf(stderr, "failed to alloc prikey\n"); + UADK_ERR("failed to alloc prikey\n"); goto free_ecx_key; } ret = RAND_priv_bytes(prikey, ecx_key->keylen); if (ret <= 0) { - fprintf(stderr, "failed to set rand bytes to prikey\n"); + UADK_ERR("failed to set rand bytes to prikey\n"); goto free_pri; } ecx_key->privkey = prikey; @@ -605,7 +606,7 @@ static int uadk_prov_ecx_keygen_init_iot(handle_t sess, struct wd_ecc_req *req) ecx_out = wd_ecxdh_new_out(sess); if (ecx_out == NULL) { - fprintf(stderr, "failed to new sign out\n"); + UADK_ERR("failed to new sign out\n"); return UADK_P_FAIL; } @@ -625,12 +626,12 @@ static int uadk_prov_reverse_bytes(unsigned char *to_buf, __u32 size) unsigned char tmp; if (size == 0) { - fprintf(stderr, "invalid size, size = %u\n", size); + UADK_ERR("invalid size, size = %u\n", size); return UADK_P_FAIL; } if (to_buf == NULL) { - fprintf(stderr, "to_buf is NULL\n"); + UADK_ERR("to_buf is NULL\n"); return UADK_P_FAIL; } @@ -649,17 +650,17 @@ static int uadk_prov_reverse_bytes_ex(unsigned char *src_buf, unsigned char *dst __u32 i; if (size == 0) { - fprintf(stderr, "invalid size, size = %u\n", size); + UADK_ERR("invalid size, size = %u\n", size); return UADK_P_FAIL; } if (src_buf == NULL) { - fprintf(stderr, "src_buf is NULL\n"); + UADK_ERR("src_buf is NULL\n"); return UADK_P_FAIL; } if (dst_buf == NULL) { - fprintf(stderr, "dst_buf is NULL\n"); + UADK_ERR("dst_buf is NULL\n"); return UADK_P_FAIL; } @@ -677,13 +678,12 @@ static int uadk_prov_ecx_set_pkey(PROV_ECX_KEYMGMT_CTX *gctx, struct wd_ecc_req wd_ecxdh_get_out_params(req->dst, &pubkey); if (pubkey == NULL) { - fprintf(stderr, "failed to get pubkey\n"); + UADK_ERR("failed to get pubkey\n"); return UADK_P_FAIL; } if (pubkey->x.dsize >= ECX_MAX_KEYLEN) { - fprintf(stderr, "invalid: pubkey->x.dsize = %u\n", - pubkey->x.dsize); + UADK_ERR("invalid: pubkey->x.dsize = %u\n", pubkey->x.dsize); return UADK_P_FAIL; } @@ -691,13 +691,13 @@ static int uadk_prov_ecx_set_pkey(PROV_ECX_KEYMGMT_CTX *gctx, struct wd_ecc_req ret = uadk_prov_reverse_bytes_ex((unsigned char *)pubkey->x.data, ecx_key->pubkey, pubkey->x.dsize); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to transform pubkey\n"); + UADK_ERR("failed to transform pubkey\n"); return ret; } /* Trans private key from big-endian to little-endian */ ret = uadk_prov_reverse_bytes(ecx_key->privkey, gctx->keylen); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to transform prikey\n"); + UADK_ERR("failed to transform prikey\n"); return ret; } /* @@ -721,7 +721,7 @@ static int uadk_prov_ecx_set_pkey(PROV_ECX_KEYMGMT_CTX *gctx, struct wd_ecc_req /* Set the second MSB of the last byte to 1 */ ecx_key->privkey[X25519_KEYLEN - 1] |= 0x40; } else { - fprintf(stderr, "invalid: unsupported ecx type\n"); + UADK_ERR("invalid: unsupported ecx type\n"); return UADK_P_FAIL; } @@ -741,7 +741,7 @@ static int uadk_prov_ecx_keygen_set_prikey(PROV_ECX_KEYMGMT_CTX *gctx, ECX_KEY * ecc_key = wd_ecc_get_key(sess); ret = wd_ecc_set_prikey(ecc_key, &prikey); if (ret) { - fprintf(stderr, "failed to set ecc prikey, ret = %d\n", ret); + UADK_ERR("failed to set ecc prikey, ret = %d\n", ret); return UADK_P_FAIL; } @@ -798,7 +798,7 @@ static void *uadk_ecx_sw_gen(void *genctx, OSSL_CALLBACK *cb, void *cb_params, if (!enable_sw_offload) return NULL; - fprintf(stderr, "switch to openssl software calculation in ecx generation.\n"); + UADK_INFO("switch to openssl software calculation in ecx generation.\n"); switch (alg_type) { case ECX_KEY_TYPE_X448: if (!get_default_x448_keymgmt().gen) @@ -819,7 +819,7 @@ static int uadk_ecx_sw_derive(void *vecxctx, unsigned char *secret, size_t *secr if (!enable_sw_offload) return UADK_P_FAIL; - fprintf(stderr, "switch to openssl software calculation in ecx derivation.\n"); + UADK_INFO("switch to openssl software calculation in ecx derivation.\n"); switch (alg_type) { case ECX_KEY_TYPE_X448: if (!get_default_x448_keyexch().derive) @@ -841,39 +841,39 @@ static void *uadk_keymgmt_x448_gen(void *genctx, OSSL_CALLBACK *cb, void *cb_par int ret; if (gctx == NULL) { - fprintf(stderr, "invalid: ecx keygen ctx is NULL\n"); + UADK_ERR("invalid: ecx keygen ctx is NULL\n"); return NULL; } if (gctx->type != ECX_KEY_TYPE_X448) { - fprintf(stderr, "invalid: unsupported ecx type\n"); + UADK_ERR("invalid: unsupported ecx type\n"); return NULL; } ret = uadk_prov_keymgmt_get_support_state(KEYMGMT_X448); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to get hardware x448 keygen support\n"); + UADK_ERR("failed to get hardware x448 keygen support\n"); ret = UADK_DO_SOFT; goto exe_soft; } ret = uadk_prov_ecc_init("x448"); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to init x448\n"); + UADK_ERR("failed to init x448\n"); ret = UADK_DO_SOFT; goto exe_soft; } gctx->sess = uadk_prov_ecx_alloc_sess(ECX_KEY_TYPE_X448); if (gctx->sess == (handle_t)0) { - fprintf(stderr, "failed to alloc x448 sess\n"); + UADK_ERR("failed to alloc x448 sess\n"); ret = UADK_P_FAIL; goto exe_soft; } ret = uadk_prov_ecx_keygen(gctx, &ecx_key); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to generate x448 key\n"); + UADK_ERR("failed to generate x448 key\n"); uadk_prov_ecx_free_sess(gctx->sess); goto exe_soft; } @@ -894,7 +894,7 @@ static void *uadk_keyexch_x448_newctx(void *provctx) ecxctx = OPENSSL_zalloc(sizeof(PROV_ECX_KEYEXCH_CTX)); if (ecxctx == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + UADK_ERR("invalid: ecx keyexch ctx is NULL\n"); return NULL; } @@ -967,18 +967,18 @@ static int uadk_keyexch_ecx_init(void *vecxctx, void *vkey, ECX_KEY *key = vkey; if (ecxctx == NULL) { - fprintf(stderr, "invalid: ecxctx is NULL\n"); + UADK_ERR("invalid: ecxctx is NULL\n"); return UADK_P_FAIL; } if (key == NULL) { - fprintf(stderr, "invalid: key is NULL\n"); + UADK_ERR("invalid: key is NULL\n"); return UADK_P_FAIL; } if (key->keylen != ecxctx->keylen || !ossl_ecx_key_up_ref(key)) { - fprintf(stderr, "invalid: key->keylen(%zu) != ecxctx->keylen(%zu)\n", - key->keylen, ecxctx->keylen); + UADK_ERR("invalid: key->keylen(%zu) != ecxctx->keylen(%zu)\n", + key->keylen, ecxctx->keylen); return UADK_P_FAIL; } @@ -1000,18 +1000,18 @@ static int uadk_keyexch_ecx_set_peer(void *vecxctx, void *vkey) ECX_KEY *peerkey = vkey; if (ecxctx == NULL) { - fprintf(stderr, "invalid: ecxctx is NULL\n"); + UADK_ERR("invalid: ecxctx is NULL\n"); return UADK_P_FAIL; } if (peerkey == NULL) { - fprintf(stderr, "invalid: key is NULL\n"); + UADK_ERR("invalid: key is NULL\n"); return UADK_P_FAIL; } if (peerkey->keylen != ecxctx->keylen || !ossl_ecx_key_up_ref(peerkey)) { - fprintf(stderr, "invalid: peerkey->keylen(%zu) != ecxctx->keylen(%zu)\n", - peerkey->keylen, ecxctx->keylen); + UADK_ERR("invalid: peerkey->keylen(%zu) != ecxctx->keylen(%zu)\n", + peerkey->keylen, ecxctx->keylen); return UADK_P_FAIL; } @@ -1038,7 +1038,7 @@ static int uadk_prov_ecx_compkey_init_iot(PROV_ECX_KEYEXCH_CTX *ecxctx, struct w /* Trans public key from little-endian to big-endian */ ret = uadk_prov_reverse_bytes(ecxctx->peerkey->pubkey, ecxctx->keylen); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to trans public key\n"); + UADK_ERR("failed to trans public key\n"); return UADK_P_FAIL; } @@ -1049,13 +1049,13 @@ static int uadk_prov_ecx_compkey_init_iot(PROV_ECX_KEYEXCH_CTX *ecxctx, struct w ecx_in = wd_ecxdh_new_in(sess, &in_pubkey); if (ecx_in == NULL) { - fprintf(stderr, "failed to new ecxdh in\n"); + UADK_ERR("failed to new ecxdh in\n"); return UADK_P_FAIL; } ecx_out = wd_ecxdh_new_out(sess); if (ecx_out == NULL) { - fprintf(stderr, "failed to new ecxdh out\n"); + UADK_ERR("failed to new ecxdh out\n"); ret = UADK_P_FAIL; goto del_ecx_in; } @@ -1065,7 +1065,7 @@ static int uadk_prov_ecx_compkey_init_iot(PROV_ECX_KEYEXCH_CTX *ecxctx, struct w /* Trans public key from big-endian to little-endian */ ret = uadk_prov_reverse_bytes(ecxctx->peerkey->pubkey, ecxctx->keylen); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to trans peer public key\n"); + UADK_ERR("failed to trans peer public key\n"); goto del_ecx_out; } @@ -1095,7 +1095,7 @@ static int uadk_prov_ecx_derive_set_prikey(PROV_ECX_KEYEXCH_CTX *ecxctx) /* Trans private key from little-endian to big-endian */ ret = uadk_prov_reverse_bytes(ecxctx->key->privkey, ecxctx->keylen); if (!ret) { - fprintf(stderr, "failed to trans private key\n"); + UADK_ERR("failed to trans private key\n"); return UADK_P_FAIL; } @@ -1104,14 +1104,14 @@ static int uadk_prov_ecx_derive_set_prikey(PROV_ECX_KEYEXCH_CTX *ecxctx) ecc_key = wd_ecc_get_key(sess); ret = wd_ecc_set_prikey(ecc_key, &prikey); if (ret) { - fprintf(stderr, "failed to set ecc prikey, ret = %d\n", ret); + UADK_ERR("failed to set ecc prikey, ret = %d\n", ret); return UADK_P_FAIL; } /* Trans private key from big-endian to little-endian */ ret = uadk_prov_reverse_bytes(ecxctx->key->privkey, ecxctx->keylen); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to trans private key\n"); + UADK_ERR("failed to trans private key\n"); return UADK_P_FAIL; } @@ -1155,14 +1155,14 @@ static int uadk_prov_ecx_derive(PROV_ECX_KEYEXCH_CTX *ecxctx, unsigned char *key int ret; if (ecxctx == NULL) { - fprintf(stderr, "invalid: ctx is NULL\n"); + UADK_ERR("invalid: ctx is NULL\n"); return UADK_P_FAIL; } peer_ecx_key = ecxctx->peerkey; ecx_key = ecxctx->key; if (peer_ecx_key == NULL || ecx_key == NULL) { - fprintf(stderr, "invalid: peer_ecx_key or ecx_key is NULL\n"); + UADK_ERR("invalid: peer_ecx_key or ecx_key is NULL\n"); return UADK_P_FAIL; } @@ -1210,17 +1210,17 @@ static int uadk_keyexch_x448_derive(void *vecxctx, unsigned char *secret, size_t int ret; if (ecxctx == NULL) { - fprintf(stderr, "invalid: ecxctx is NULL in x448 derive op\n"); + UADK_ERR("invalid: ecxctx is NULL in x448 derive op\n"); return UADK_P_FAIL; } if (ecxctx->key == NULL || ecxctx->key->privkey == NULL || ecxctx->peerkey == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); + UADK_ERR("invalid: ecxctx key privkey or peerkey is NULL.\n"); return UADK_P_FAIL; } if (ecxctx->keylen != X448_KEYLEN) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + UADK_ERR("invalid: ecxctx keylen.\n"); return UADK_P_FAIL; } @@ -1230,34 +1230,34 @@ static int uadk_keyexch_x448_derive(void *vecxctx, unsigned char *secret, size_t } if (outlen < ecxctx->keylen) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + UADK_ERR("invalid: ecxctx outlen is too small.\n"); return UADK_P_FAIL; } ret = uadk_prov_keyexch_get_support_state(KEYEXCH_X448); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to get hardware x448 keyexch support\n"); + UADK_ERR("failed to get hardware x448 keyexch support\n"); ret = UADK_DO_SOFT; goto exe_soft; } ret = uadk_prov_ecc_init("x448"); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to init x448\n"); + UADK_ERR("failed to init x448\n"); ret = UADK_DO_SOFT; goto exe_soft; } ecxctx->sess = uadk_prov_ecx_alloc_sess(ECX_KEY_TYPE_X448); if (ecxctx->sess == (handle_t)0) { - fprintf(stderr, "failed to alloc sess\n"); + UADK_ERR("failed to alloc sess\n"); ret = UADK_P_FAIL; goto exe_soft; } ret = uadk_prov_ecx_derive(ecxctx, secret, &ecxctx->keylen); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to do x448 derive\n"); + UADK_ERR("failed to do x448 derive\n"); uadk_prov_ecx_free_sess(ecxctx->sess); goto exe_soft; } @@ -1284,19 +1284,19 @@ static void *uadk_keyexch_ecx_dupctx(void *vecxctx) dstctx = OPENSSL_zalloc(sizeof(PROV_ECX_KEYEXCH_CTX)); if (dstctx == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + UADK_ERR("invalid: ecxctx dstctx is NULL.\n"); return NULL; } *dstctx = *srcctx; if (dstctx->key != NULL && !ossl_ecx_key_up_ref(dstctx->key)) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + UADK_ERR("failed to up ref dstctx key.\n"); OPENSSL_free(dstctx); return NULL; } if (dstctx->peerkey != NULL && !ossl_ecx_key_up_ref(dstctx->peerkey)) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + UADK_ERR("failed to up ref dstctx peerkey.\n"); uadk_prov_ecx_key_free(dstctx->key); OPENSSL_free(dstctx); return NULL; @@ -1476,7 +1476,7 @@ static void *uadk_keymgmt_x25519_gen_init(void *provctx, int selection, const OSSL_PARAM params[]) { if (provctx == NULL) { - fprintf(stderr, "invalid: provctx is NULL\n"); + UADK_ERR("invalid: provctx is NULL\n"); return NULL; } @@ -1490,39 +1490,39 @@ static void *uadk_keymgmt_x25519_gen(void *genctx, OSSL_CALLBACK *cb, void *cb_p int ret; if (gctx == NULL) { - fprintf(stderr, "invalid: ecx keygen ctx is NULL\n"); + UADK_ERR("invalid: ecx keygen ctx is NULL\n"); return NULL; } if (gctx->type != ECX_KEY_TYPE_X25519) { - fprintf(stderr, "invalid: unsupported ecx type\n"); + UADK_ERR("invalid: unsupported ecx type\n"); return NULL; } ret = uadk_prov_keymgmt_get_support_state(KEYMGMT_X25519); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to get hardware x25519 keygen support\n"); + UADK_ERR("failed to get hardware x25519 keygen support\n"); ret = UADK_DO_SOFT; goto exe_soft; } ret = uadk_prov_ecc_init("x25519"); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to init x25519\n"); + UADK_ERR("failed to init x25519\n"); ret = UADK_DO_SOFT; goto exe_soft; } gctx->sess = uadk_prov_ecx_alloc_sess(ECX_KEY_TYPE_X25519); if (gctx->sess == (handle_t)0) { - fprintf(stderr, "failed to alloc x25519 sess\n"); + UADK_ERR("failed to alloc x25519 sess\n"); ret = UADK_P_FAIL; return NULL; } ret = uadk_prov_ecx_keygen(gctx, &ecx_key); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to generate x25519 key\n"); + UADK_ERR("failed to generate x25519 key\n"); uadk_prov_ecx_free_sess(gctx->sess); goto exe_soft; } @@ -1543,7 +1543,7 @@ static void *uadk_keyexch_x25519_newctx(void *provctx) ecxctx = OPENSSL_zalloc(sizeof(PROV_ECX_KEYEXCH_CTX)); if (ecxctx == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + UADK_ERR("invalid: x25519 ecxctx is NULL.\n"); return NULL; } @@ -1617,17 +1617,17 @@ static int uadk_keyexch_x25519_derive(void *vecxctx, unsigned char *secret, size int ret; if (ecxctx == NULL) { - fprintf(stderr, "invalid: ecxctx is NULL in x25519 derive op\n"); + UADK_ERR("invalid: ecxctx is NULL in x25519 derive op\n"); return UADK_P_FAIL; } if (ecxctx->key == NULL || ecxctx->key->privkey == NULL || ecxctx->peerkey == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); + UADK_ERR("invalid: x25519 key privkey or peerkey is NULL.\n"); return UADK_P_FAIL; } if (ecxctx->keylen != X25519_KEYLEN) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + UADK_ERR("invalid: x25519 keylen.\n"); return UADK_P_FAIL; } @@ -1637,34 +1637,34 @@ static int uadk_keyexch_x25519_derive(void *vecxctx, unsigned char *secret, size } if (outlen < ecxctx->keylen) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + UADK_ERR("invalid: x25519 outlen is too small.\n"); return UADK_P_FAIL; } ret = uadk_prov_keyexch_get_support_state(KEYEXCH_X25519); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to get hardware x25519 keyexch support\n"); + UADK_ERR("failed to get hardware x25519 keyexch support\n"); ret = UADK_DO_SOFT; goto exe_soft; } ret = uadk_prov_ecc_init("x25519"); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to init x25519\n"); + UADK_ERR("failed to init x25519\n"); ret = UADK_DO_SOFT; goto exe_soft; } ecxctx->sess = uadk_prov_ecx_alloc_sess(ECX_KEY_TYPE_X25519); if (ecxctx->sess == (handle_t)0) { - fprintf(stderr, "failed to alloc sess\n"); + UADK_ERR("failed to alloc sess\n"); ret = UADK_P_FAIL; goto exe_soft; } ret = uadk_prov_ecx_derive(ecxctx, secret, &ecxctx->keylen); if (ret != UADK_P_SUCCESS) { - fprintf(stderr, "failed to do x25519 derive\n"); + UADK_ERR("failed to do x25519 derive\n"); uadk_prov_ecx_free_sess(ecxctx->sess); goto exe_soft; } diff --git a/src/uadk_prov_ffc.c b/src/uadk_prov_ffc.c index 88059e4..5d0a9d8 100644 --- a/src/uadk_prov_ffc.c +++ b/src/uadk_prov_ffc.c @@ -14,6 +14,7 @@ #include <openssl/rand.h> #include <openssl/sha.h> #include "uadk_prov_ffc.h" +#include "uadk_utils.h" #if BN_BITS2 == 64 #define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo @@ -1020,7 +1021,7 @@ static int ffc_validate_LN(size_t L, size_t N, int type, int verify) if (L == L_P_2048BITS && (N == N_Q_224BITS || N == N_Q_256BITS)) return SECURITY_STR_112BITS; # ifndef OPENSSL_NO_DH - ERR_raise(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS); + UADK_ERR("dh bad ffc parameters.\n"); # endif } else if (type == FFC_PARAM_TYPE_DSA) { /* Valid DSA L,N parameters from FIPS 186-4 Section 4.2 */ @@ -1032,7 +1033,7 @@ static int ffc_validate_LN(size_t L, size_t N, int type, int verify) if (L == L_P_3072BITS && N == N_Q_256BITS) return SECURITY_STR_128BITS; # ifndef OPENSSL_NO_DSA - ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS); + UADK_ERR("dsa bad ffc parameters.\n"); # endif } @@ -1049,7 +1050,7 @@ static int ffc_validate_LN(size_t L, size_t N, int type, int verify) if (L == L_P_2048BITS && (N == N_Q_224BITS || N == N_Q_256BITS)) return SECURITY_STR_112BITS; # ifndef OPENSSL_NO_DH - ERR_raise(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS); + UADK_ERR("dh bad ffc parameters.\n"); # endif } else if (type == FFC_PARAM_TYPE_DSA) { if (L >= L_P_3072BITS && N >= N_Q_256BITS) @@ -1059,7 +1060,7 @@ static int ffc_validate_LN(size_t L, size_t N, int type, int verify) if (L >= L_P_1024BITS && N >= N_Q_160BITS) return SECURITY_STR_80BITS; # ifndef OPENSSL_NO_DSA - ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS); + UADK_ERR("dsa bad ffc parameters.\n"); # endif } diff --git a/src/uadk_prov_hmac.c b/src/uadk_prov_hmac.c index 49ae1d8..d0b6a2c 100644 --- a/src/uadk_prov_hmac.c +++ b/src/uadk_prov_hmac.c @@ -130,7 +130,7 @@ static int uadk_create_hmac_soft_ctx(struct hmac_priv_ctx *priv) priv->soft_libctx = OSSL_LIB_CTX_new(); if (!priv->soft_libctx) { - fprintf(stderr, "new soft libctx failed.\n"); + UADK_ERR("new soft libctx failed.\n"); return UADK_HMAC_FAIL; } @@ -151,13 +151,13 @@ static int uadk_create_hmac_soft_ctx(struct hmac_priv_ctx *priv) } if (unlikely(!priv->soft_md)) { - fprintf(stderr, "hmac soft fetch failed.\n"); + UADK_ERR("hmac soft fetch failed.\n"); goto free_libctx; } priv->soft_ctx = EVP_MAC_CTX_new(priv->soft_md); if (!priv->soft_ctx) { - fprintf(stderr, "hmac soft new ctx failed.\n"); + UADK_ERR("hmac soft new ctx failed.\n"); goto free_mac_md; } @@ -189,7 +189,7 @@ static int uadk_hmac_soft_init(struct hmac_priv_ctx *priv) ret = EVP_MAC_init(priv->soft_ctx, priv->key, priv->keylen, params); if (!ret) { - fprintf(stderr, "do soft hmac init failed!\n"); + UADK_ERR("do soft hmac init failed!\n"); return UADK_HMAC_FAIL; } @@ -208,7 +208,7 @@ static int uadk_hmac_soft_update(struct hmac_priv_ctx *priv, ret = EVP_MAC_update(priv->soft_ctx, data, len); if (!ret) - fprintf(stderr, "do soft hmac update failed!\n"); + UADK_ERR("do soft hmac update failed!\n"); return ret; } @@ -223,7 +223,7 @@ static int uadk_hmac_soft_final(struct hmac_priv_ctx *priv, unsigned char *out) ret = EVP_MAC_final(priv->soft_ctx, out, &hmac_length, priv->out_len); if (!ret) - fprintf(stderr, "do soft hmac final failed!\n"); + UADK_ERR("do soft hmac final failed!\n"); return ret; } @@ -310,7 +310,7 @@ static int uadk_hmac_poll(void *ctx) rx_cnt++; } while (rx_cnt < PROV_SCH_RECV_MAX_CNT); - fprintf(stderr, "failed to poll msg: timeout!\n"); + UADK_ERR("failed to poll msg: timeout!\n"); return -ETIMEDOUT; } @@ -368,7 +368,7 @@ static int uadk_get_hmac_info(struct hmac_priv_ctx *priv) } } - fprintf(stderr, "failed to get hmac info, algname = %s.\n", priv->alg_name); + UADK_ERR("failed to get hmac info, algname = %s.\n", priv->alg_name); return UADK_HMAC_FAIL; } @@ -398,7 +398,7 @@ static const char *get_uadk_alg_name(__u32 alg_id) break; } - fprintf(stderr, "failed to find alg, nid = %u.\n", alg_id); + UADK_ERR("failed to find alg, nid = %u.\n", alg_id); return NULL; } @@ -432,7 +432,7 @@ static int uadk_prov_hmac_dev_init(struct hmac_priv_ctx *priv) cparams.bmp = numa_allocate_nodemask(); if (!cparams.bmp) { ret = UADK_HMAC_FAIL; - fprintf(stderr, "failed to create nodemask!\n"); + UADK_ERR("failed to create nodemask!\n"); goto mutex_unlock; } @@ -443,7 +443,7 @@ static int uadk_prov_hmac_dev_init(struct hmac_priv_ctx *priv) ret = wd_digest_init2_((char *)alg_name, TASK_MIX, SCHED_POLICY_RR, &cparams); if (unlikely(ret && ret != -WD_EEXIST)) { - fprintf(stderr, "uadk failed to initialize hmac, ret = %d\n", ret); + UADK_ERR("uadk failed to initialize hmac, ret = %d\n", ret); goto free_nodemask; } ret = UADK_HMAC_SUCCESS; @@ -501,8 +501,8 @@ static int uadk_hmac_ctx_init(struct hmac_priv_ctx *priv) ret = uadk_prov_hmac_dev_init(priv); if (unlikely(ret <= 0)) { - fprintf(stderr, "uadk failed to initialize hmac%s.\n", - SW_SWITCH_PRINT_ENABLE(enable_sw_offload)); + UADK_ERR("uadk failed to initialize hmac%s.\n", + SW_SWITCH_PRINT_ENABLE(enable_sw_offload)); goto soft_init; } @@ -515,15 +515,15 @@ static int uadk_hmac_ctx_init(struct hmac_priv_ctx *priv) if (!priv->sess) { priv->sess = wd_digest_alloc_sess(&setup); if (unlikely(!priv->sess)) { - fprintf(stderr, "uadk failed to alloc hmac sess%s.\n", - SW_SWITCH_PRINT_ENABLE(enable_sw_offload)); + UADK_ERR("uadk failed to alloc hmac sess%s.\n", + SW_SWITCH_PRINT_ENABLE(enable_sw_offload)); goto soft_init; } ret = wd_digest_set_key(priv->sess, priv->key, priv->keylen); if (ret) { - fprintf(stderr, "uadk failed to set hmac key%s.\n", - SW_SWITCH_PRINT_ENABLE(enable_sw_offload)); + UADK_ERR("uadk failed to set hmac key%s.\n", + SW_SWITCH_PRINT_ENABLE(enable_sw_offload)); goto free_sess; } } @@ -569,7 +569,7 @@ static int uadk_do_hmac_sync(struct hmac_priv_ctx *priv) ret = wd_do_digest_sync(priv->sess, &priv->req); if (ret) { - fprintf(stderr, "do sec hmac sync failed.\n"); + UADK_ERR("do sec hmac sync failed.\n"); return UADK_HMAC_FAIL; } @@ -583,7 +583,7 @@ static int uadk_do_hmac_async(struct hmac_priv_ctx *priv, struct async_op *op) int cnt = 0; if (unlikely(priv->switch_flag == UADK_DO_SOFT)) { - fprintf(stderr, "soft switching is not supported in asynchronous mode.\n"); + UADK_ERR("soft switching is not supported in asynchronous mode.\n"); return UADK_HMAC_FAIL; } @@ -601,12 +601,12 @@ static int uadk_do_hmac_async(struct hmac_priv_ctx *priv, struct async_op *op) do { ret = wd_do_digest_async(priv->sess, &priv->req); if (ret < 0 && ret != -EBUSY) { - fprintf(stderr, "do sec digest async failed.\n"); + UADK_ERR("do sec digest async failed.\n"); goto free_poll_task; } if (unlikely(++cnt > ENGINE_SEND_MAX_CNT)) { - fprintf(stderr, "do digest async operation timeout.\n"); + UADK_ERR("do digest async operation timeout.\n"); goto free_poll_task; } } while (ret == -EBUSY); @@ -669,8 +669,8 @@ static int uadk_hmac_update_inner(struct hmac_priv_ctx *priv, const void *data, ret = uadk_do_hmac_sync(priv); if (!ret) { - fprintf(stderr, "do sec hmac update failed%s.\n", - SW_SWITCH_PRINT_ENABLE(enable_sw_offload)); + UADK_ERR("do sec hmac update failed%s.\n", + SW_SWITCH_PRINT_ENABLE(enable_sw_offload)); goto do_soft_hmac; } @@ -720,7 +720,7 @@ err_out: static int uadk_hmac_update(struct hmac_priv_ctx *priv, const void *data, size_t data_len) { if (!priv->data) { - fprintf(stderr, "failed to do digest update, data in CTX is NULL.\n"); + UADK_ERR("failed to do digest update, data in CTX is NULL.\n"); return UADK_HMAC_FAIL; } @@ -747,7 +747,7 @@ static int uadk_hmac_final(struct hmac_priv_ctx *priv, unsigned char *digest) int ret; if (!priv->data) { - fprintf(stderr, "failed to do digest final, data in CTX is NULL.\n"); + UADK_ERR("failed to do digest final, data in CTX is NULL.\n"); return UADK_HMAC_FAIL; } @@ -767,7 +767,7 @@ static int uadk_hmac_final(struct hmac_priv_ctx *priv, unsigned char *digest) ret = async_setup_async_event_notification(&op); if (unlikely(!ret)) { - fprintf(stderr, "failed to setup async event notification.\n"); + UADK_ERR("failed to setup async event notification.\n"); return UADK_HMAC_FAIL; } @@ -795,12 +795,12 @@ static int uadk_hmac_final(struct hmac_priv_ctx *priv, unsigned char *digest) do_hmac_err: if (priv->state == SEC_DIGEST_INIT) { - fprintf(stderr, "do sec digest final failed%s.\n", - SW_SWITCH_PRINT_ENABLE(enable_sw_offload)); + UADK_ERR("do sec digest final failed%s.\n", + SW_SWITCH_PRINT_ENABLE(enable_sw_offload)); ret = uadk_hmac_soft_work(priv, priv->req.in_bytes, digest); } else { ret = UADK_HMAC_FAIL; - fprintf(stderr, "do sec digest final failed.\n"); + UADK_ERR("do sec digest final failed.\n"); } clear: async_clear_async_event_notification(); @@ -843,7 +843,7 @@ static void *uadk_prov_hmac_dupctx(void *hctx) dst_ctx->soft_libctx = NULL; dst_ctx->soft_ctx = EVP_MAC_CTX_dup(src_ctx->soft_ctx); if (!dst_ctx->soft_ctx) { - fprintf(stderr, "create soft_ctx failed in ctx copy.\n"); + UADK_ERR("create soft_ctx failed in ctx copy.\n"); goto free_data; } @@ -877,7 +877,7 @@ static void uadk_prov_hmac_freectx(void *hctx) struct hmac_priv_ctx *priv = (struct hmac_priv_ctx *)hctx; if (!hctx) { - fprintf(stderr, "the CTX to be free is NULL.\n"); + UADK_ERR("the CTX to be free is NULL.\n"); return; } @@ -910,7 +910,7 @@ static int uadk_prov_hmac_init(void *hctx, const unsigned char *key, int ret; if (!hctx) { - fprintf(stderr, "CTX is NULL.\n"); + UADK_ERR("CTX is NULL.\n"); return UADK_HMAC_FAIL; } @@ -938,15 +938,15 @@ static int uadk_prov_hmac_init(void *hctx, const unsigned char *key, return UADK_HMAC_SUCCESS; soft_init: - fprintf(stderr, "uadk failed to initialize dev%s.\n", - SW_SWITCH_PRINT_ENABLE(enable_sw_offload)); + UADK_ERR("uadk failed to initialize dev%s.\n", + SW_SWITCH_PRINT_ENABLE(enable_sw_offload)); return uadk_hmac_soft_init(priv); } static int uadk_prov_hmac_update(void *hctx, const unsigned char *data, size_t datalen) { if (!hctx || !data) { - fprintf(stderr, "CTX or input data is NULL.\n"); + UADK_ERR("CTX or input data is NULL.\n"); return UADK_HMAC_FAIL; } @@ -966,7 +966,7 @@ static int uadk_prov_hmac_final(void *hctx, unsigned char *out, size_t *outl, int ret = UADK_HMAC_SUCCESS; if (!hctx) { - fprintf(stderr, "hmac CTX or output data is NULL.\n"); + UADK_ERR("hmac CTX or output data is NULL.\n"); return UADK_HMAC_FAIL; } @@ -1073,7 +1073,7 @@ static int uadk_prov_hmac_set_ctx_params(void *hctx, const OSSL_PARAM params[]) */ ret = snprintf(priv->alg_name, ALG_NAME_SIZE, "%s", (char *)p->data); if (ret < 0) { - fprintf(stderr, "Invalid alg name %s.\n", (char *)p->data); + UADK_ERR("Invalid alg name %s.\n", (char *)p->data); return UADK_HMAC_FAIL; } diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c index f97b20b..dcd042f 100644 --- a/src/uadk_prov_init.c +++ b/src/uadk_prov_init.c @@ -31,6 +31,7 @@ #include "uadk_prov.h" #include "uadk_prov_bio.h" #include "uadk_prov_pkey.h" +#include "uadk_utils.h" #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) static const char UADK_DEFAULT_PROPERTIES[] = "provider=uadk_provider"; @@ -675,7 +676,7 @@ static const OSSL_ALGORITHM *uadk_query(void *provctx, int operation_id, libctx = prov_libctx_of(provctx); default_prov = OSSL_PROVIDER_load(libctx, "default"); if (!default_prov) { - fprintf(stderr, "failed to load default provider\n"); + UADK_ERR("failed to load default provider\n"); return NULL; } /* @@ -849,9 +850,9 @@ static void uadk_set_alg_sel_state(void) *(uadk_prov_alg_cfg_info[i].enable) = 0; else { *(uadk_prov_alg_cfg_info[i].enable) = 1; - fprintf(stderr, "invalid: %s en param(%s) is error, default to enabled\n", - uadk_prov_alg_cfg_info[i].name, - *uadk_prov_alg_cfg_info[i].param); + UADK_INFO("invalid: %s en param(%s) is error!, default to enabled\n", + uadk_prov_alg_cfg_info[i].name, + *uadk_prov_alg_cfg_info[i].param); } } } @@ -867,7 +868,7 @@ static int uadk_get_params_from_core(const OSSL_CORE_HANDLE *handle) OSSL_PARAM core_params[31], *p = core_params; if (handle == NULL) { - fprintf(stderr, "invalid: OSSL_CORE_HANDLE is NULL\n"); + UADK_ERR("invalid: OSSL_CORE_HANDLE is NULL\n"); return UADK_P_FAIL; } @@ -907,7 +908,7 @@ static int uadk_get_params_from_core(const OSSL_CORE_HANDLE *handle) *p = OSSL_PARAM_construct_end(); if (!c_get_params(handle, core_params)) { - fprintf(stderr, "WARN: UADK get parameters from core is failed.\n"); + UADK_ERR("WARN: UADK get parameters from core is failed.\n"); return UADK_P_FAIL; } @@ -922,7 +923,7 @@ static void provider_init_child_at_fork_handler(void) ret = async_module_init(); if (!ret) - fprintf(stderr, "async_module_init fail!\n"); + UADK_ERR("async_module_init fail!\n"); } static int uadk_prov_ctx_set_core_bio_method(struct uadk_prov_ctx *ctx) @@ -931,7 +932,7 @@ static int uadk_prov_ctx_set_core_bio_method(struct uadk_prov_ctx *ctx) core_bio = ossl_bio_prov_init_bio_method(); if (core_bio == NULL) { - fprintf(stderr, "failed to set bio from dispatch\n"); + UADK_ERR("failed to set bio from dispatch\n"); return UADK_P_FAIL; } @@ -970,7 +971,7 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, int ret; if (oin == NULL) { - fprintf(stderr, "failed to get dispatch in\n"); + UADK_ERR("failed to get dispatch in\n"); return UADK_P_FAIL; } @@ -983,7 +984,7 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) { - fprintf(stderr, "failed to alloc ctx\n"); + UADK_ERR("failed to alloc ctx\n"); return UADK_P_FAIL; } @@ -999,7 +1000,7 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, ret = async_module_init(); if (!ret) - fprintf(stderr, "async_module_init fail!\n"); + UADK_ERR("async_module_init fail!\n"); pthread_atfork(NULL, NULL, provider_init_child_at_fork_handler); *provctx = (void *)ctx; diff --git a/src/uadk_prov_packet.c b/src/uadk_prov_packet.c index d944442..051bd01 100644 --- a/src/uadk_prov_packet.c +++ b/src/uadk_prov_packet.c @@ -9,6 +9,7 @@ */ #include <openssl/err.h> #include "uadk_prov_packet.h" +#include "uadk_utils.h" #define DEFAULT_BUF_SIZE 256 #define REF_SIZE_LIMIT 2 @@ -106,7 +107,7 @@ static int wpacket_intern_init_len(WPACKET *pkt, size_t lenbytes) pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs)); if (pkt->subs == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); + UADK_ERR("failed to zalloc pkt subs!\n"); return 0; } @@ -351,7 +352,7 @@ int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes) sub = OPENSSL_zalloc(sizeof(*sub)); if (sub == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); + UADK_ERR("failed to zalloc sub!\n"); return 0; } diff --git a/src/uadk_prov_pkey.c b/src/uadk_prov_pkey.c index 0acb53c..ccfc0e7 100644 --- a/src/uadk_prov_pkey.c +++ b/src/uadk_prov_pkey.c @@ -17,6 +17,7 @@ * */ #include "uadk_prov_pkey.h" +#include "uadk_utils.h" #define ECC_TYPE 5 #define CTX_ASYNC 1 @@ -128,7 +129,7 @@ int uadk_prov_ecc_get_rand(char *out, size_t out_len, void *usr) int ret; if (out == NULL) { - fprintf(stderr, "out is NULL\n"); + UADK_ERR("out is NULL\n"); return UADK_P_INVALID; } @@ -139,7 +140,7 @@ int uadk_prov_ecc_get_rand(char *out, size_t out_len, void *usr) do { ret = BN_priv_rand_range(k, usr); if (ret == 0) { - fprintf(stderr, "failed to BN_priv_rand_range\n"); + UADK_ERR("failed to BN_priv_rand_range\n"); ret = -EINVAL; goto err; } @@ -147,7 +148,7 @@ int uadk_prov_ecc_get_rand(char *out, size_t out_len, void *usr) ret = BN_bn2binpad(k, (void *)out, (int)out_len); if (ret < 0) { ret = -EINVAL; - fprintf(stderr, "failed to BN_bn2binpad\n"); + UADK_ERR("failed to BN_bn2binpad\n"); goto err; } } while (--count >= 0 && BN_is_zero(k)); @@ -305,7 +306,7 @@ handle_t uadk_prov_ecc_alloc_sess(const EC_KEY *eckey, const char *alg) handle_t sess; if (!eckey) { - fprintf(stderr, "input eckey is NULL\n"); + UADK_ERR("input eckey is NULL\n"); return (handle_t)0; } @@ -317,13 +318,13 @@ handle_t uadk_prov_ecc_alloc_sess(const EC_KEY *eckey, const char *alg) group = EC_KEY_get0_group(eckey); ret = uadk_prov_set_sess_setup_cv(group, &sp.cv); if (ret == 0) { - fprintf(stderr, "failed to set_sess_setup_cv\n"); + UADK_ERR("failed to set_sess_setup_cv\n"); return (handle_t)0; } order = EC_GROUP_get0_order(group); if (order == NULL) { - fprintf(stderr, "failed to get ecc order\n"); + UADK_ERR("failed to get ecc order\n"); return (handle_t)0; } @@ -337,7 +338,7 @@ handle_t uadk_prov_ecc_alloc_sess(const EC_KEY *eckey, const char *alg) sp.sched_param = &sch_p; sess = wd_ecc_alloc_sess(&sp); if (sess == (handle_t)0) - fprintf(stderr, "failed to alloc ecc sess\n"); + UADK_ERR("failed to alloc ecc sess\n"); return sess; } @@ -379,7 +380,7 @@ int uadk_prov_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr) ret = async_setup_async_event_notification(&op); if (ret == 0) { - fprintf(stderr, "failed to setup async event notification\n"); + UADK_ERR("failed to setup async event notification\n"); return ret; } @@ -406,12 +407,12 @@ int uadk_prov_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr) do { ret = wd_do_ecc_async(sess, req); if (ret < 0 && ret != -EBUSY) { - fprintf(stderr, "failed to do ecc async\n"); + UADK_ERR("failed to do ecc async\n"); goto free_poll_task; } if (unlikely(++cnt > PROV_SEND_MAX_CNT)) { - fprintf(stderr, "do ecc async operation timeout\n"); + UADK_ERR("do ecc async operation timeout\n"); goto free_poll_task; } } while (ret == -EBUSY); @@ -446,7 +447,7 @@ int uadk_prov_ecc_poll(void *ctx) rx_cnt++; } while (rx_cnt < PROV_SCH_RECV_MAX_CNT); - fprintf(stderr, "failed to recv msg: timeout!\n"); + UADK_ERR("failed to recv msg: timeout!\n"); return -ETIMEDOUT; } @@ -458,13 +459,13 @@ static int set_group(OSSL_PARAM_BLD *bld, struct ec_gen_ctx *gctx) params = OSSL_PARAM_BLD_to_param(bld); if (params == NULL) { - fprintf(stderr, "failed to get params from bld\n"); + UADK_ERR("failed to get params from bld\n"); return UADK_P_FAIL; } group = EC_GROUP_new_from_params(params, gctx->libctx, NULL); if (group == NULL) { - fprintf(stderr, "failed to get group from params\n"); + UADK_ERR("failed to get group from params\n"); OSSL_PARAM_free(params); return UADK_P_FAIL; } @@ -485,27 +486,27 @@ static int check_curve_params(OSSL_PARAM_BLD *bld, struct ec_gen_ctx *gctx) !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, gctx->a) || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, gctx->b) || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_ORDER, gctx->order)) { - fprintf(stderr, "failed to set curve params\n"); + UADK_ERR("failed to set curve params\n"); return UADK_P_FAIL; } if (gctx->cofactor != NULL && !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, gctx->cofactor)) { - fprintf(stderr, "failed to set cofactor\n"); + UADK_ERR("failed to set cofactor\n"); return UADK_P_FAIL; } if (gctx->seed != NULL && !OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_EC_SEED, gctx->seed, gctx->seed_len)) { - fprintf(stderr, "failed to set seed\n"); + UADK_ERR("failed to set seed\n"); return UADK_P_FAIL; } if (gctx->gen == NULL || !OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_EC_GENERATOR, gctx->gen, gctx->gen_len)) { - fprintf(stderr, "failed to set gen params\n"); + UADK_ERR("failed to set gen params\n"); return UADK_P_FAIL; } @@ -519,28 +520,28 @@ static int ec_gen_set_group_from_params(struct ec_gen_ctx *gctx) bld = OSSL_PARAM_BLD_new(); if (bld == NULL) { - fprintf(stderr, "failed to OSSL_PARAM_BLD_new\n"); + UADK_ERR("failed to OSSL_PARAM_BLD_new\n"); return UADK_P_FAIL; } if (gctx->encoding != NULL && !OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_EC_ENCODING, gctx->encoding, 0)) { - fprintf(stderr, "failed to set encoding\n"); + UADK_ERR("failed to set encoding\n"); goto free_bld; } if (gctx->pt_format != NULL && !OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, gctx->pt_format, 0)) { - fprintf(stderr, "failed to set point format\n"); + UADK_ERR("failed to set point format\n"); goto free_bld; } if (gctx->group_name != NULL) { if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, gctx->group_name, 0)) { - fprintf(stderr, "failed to set group name\n"); + UADK_ERR("failed to set group name\n"); goto free_bld; } /* Ignore any other parameters if there is a group name */ @@ -549,7 +550,7 @@ static int ec_gen_set_group_from_params(struct ec_gen_ctx *gctx) } else if (gctx->field_type != NULL) { if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_EC_FIELD_TYPE, gctx->field_type, 0)) { - fprintf(stderr, "failed to set filed type\n"); + UADK_ERR("failed to set filed type\n"); goto free_bld; } } else { @@ -570,7 +571,7 @@ free_bld: static int ec_gen_assign_group(EC_KEY *ec, EC_GROUP *group) { if (group == NULL) { - fprintf(stderr, "invalid: ec group is NULL\n"); + UADK_ERR("invalid: ec group is NULL\n"); return UADK_P_FAIL; } @@ -616,7 +617,7 @@ int uadk_prov_ecc_genctx_check(struct ec_gen_ctx *gctx, EC_KEY *ec) if (gctx->gen_group == NULL) { ret = ec_gen_set_group_from_params(gctx); if (ret == 0) { - fprintf(stderr, "failed to set group from params\n"); + UADK_ERR("failed to set group from params\n"); return UADK_P_FAIL; } } else { @@ -627,7 +628,7 @@ int uadk_prov_ecc_genctx_check(struct ec_gen_ctx *gctx, EC_KEY *ec) */ ret = ossl_ec_encoding_name2id(gctx->encoding); if (ret < 0) { - fprintf(stderr, "failed to encoding name to id\n"); + UADK_ERR("failed to encoding name to id\n"); return UADK_P_FAIL; } EC_GROUP_set_asn1_flag(gctx->gen_group, ret); @@ -639,7 +640,7 @@ int uadk_prov_ecc_genctx_check(struct ec_gen_ctx *gctx, EC_KEY *ec) */ ret = ossl_ec_pt_format_name2id(gctx->pt_format); if (ret < 0) { - fprintf(stderr, "failed to point format name to id\n"); + UADK_ERR("failed to point format name to id\n"); return UADK_P_FAIL; } EC_GROUP_set_point_conversion_form(gctx->gen_group, ret); @@ -649,7 +650,7 @@ int uadk_prov_ecc_genctx_check(struct ec_gen_ctx *gctx, EC_KEY *ec) /* We must always assign a group, no matter what */ ret = ec_gen_assign_group(ec, gctx->gen_group); if (ret == 0) { - fprintf(stderr, "invalid: ec group is NULL\n"); + UADK_ERR("invalid: ec group is NULL\n"); return UADK_P_FAIL; } @@ -710,13 +711,13 @@ int uadk_prov_ecc_set_private_key(handle_t sess, const EC_KEY *ec) d = EC_KEY_get0_private_key(ec); if (d == NULL) { - fprintf(stderr, "private key not set\n"); + UADK_ERR("private key not set\n"); return UADK_P_FAIL; } group = EC_KEY_get0_group(ec); if (group == NULL) { - fprintf(stderr, "failed to get ecc group\n"); + UADK_ERR("failed to get ecc group\n"); return UADK_P_FAIL; } @@ -728,7 +729,7 @@ int uadk_prov_ecc_set_private_key(handle_t sess, const EC_KEY *ec) ret = wd_ecc_set_prikey(ecc_key, &prikey); if (ret) { - fprintf(stderr, "failed to set ecc prikey, ret = %d\n", ret); + UADK_ERR("failed to set ecc prikey, ret = %d\n", ret); return UADK_P_FAIL; } @@ -758,7 +759,7 @@ int uadk_prov_ecc_set_public_key(handle_t sess, const EC_KEY *ec) point = EC_KEY_get0_public_key(ec); if (point == NULL) { - fprintf(stderr, "pubkey not set!\n"); + UADK_ERR("pubkey not set!\n"); return UADK_P_FAIL; } @@ -766,7 +767,7 @@ int uadk_prov_ecc_set_public_key(handle_t sess, const EC_KEY *ec) len = EC_POINT_point2buf(group, point, UADK_OCTET_STRING, &point_bin, NULL); if (len == 0) { - fprintf(stderr, "EC_POINT_point2buf error.\n"); + UADK_ERR("EC_POINT_point2buf error.\n"); return UADK_P_FAIL; } @@ -778,7 +779,7 @@ int uadk_prov_ecc_set_public_key(handle_t sess, const EC_KEY *ec) ecc_key = wd_ecc_get_key(sess); ret = wd_ecc_set_pubkey(ecc_key, &pubkey); if (ret) { - fprintf(stderr, "failed to set ecc pubkey\n"); + UADK_ERR("failed to set ecc pubkey\n"); OPENSSL_free(point_bin); return UADK_P_FAIL; } @@ -872,7 +873,7 @@ int uadk_prov_ecc_bit_check(const EC_GROUP *group) break; } - fprintf(stderr, "invalid: unsupport key bits %d!\n", bits); + UADK_ERR("invalid: unsupport key bits %d!\n", bits); return UADK_DO_SOFT; } @@ -899,19 +900,19 @@ int uadk_prov_ecc_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect) return UADK_P_SUCCESS; if (!group) { - fprintf(stderr, "invalid: group is NULL!\n"); + UADK_ERR("invalid: group is NULL!\n"); return UADK_P_FAIL; } nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) { - fprintf(stderr, "invalid: explicit curves are not allowed in fips mode!\n"); + UADK_ERR("invalid: explicit curves are not allowed in fips mode!\n"); return UADK_P_FAIL; } curve_name = EC_curve_nid2nist(nid); if (!curve_name) { - fprintf(stderr, "invalid: Curve NID %d is not approved in FIPS mode!\n", + UADK_ERR("invalid: Curve NID %d is not approved in FIPS mode!\n", nid); return UADK_P_FAIL; } @@ -923,7 +924,7 @@ int uadk_prov_ecc_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect) strength = (unsigned int)EC_GROUP_order_bits(group) >> 1; /* The min security strength allowed for legacy verification is 80 bits */ if (strength < UADK_PROV_SECURITY_BITS) { - fprintf(stderr, "invalid: Curve %s strength %d is not approved in FIPS mode!\n", + UADK_ERR("invalid: Curve %s strength %d is not approved in FIPS mode!\n", curve_name, strength); return UADK_P_FAIL; } @@ -933,7 +934,7 @@ int uadk_prov_ecc_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect) * security strength */ if (protect && strength < UADK_PROV_MIN_BITS) { - fprintf(stderr, "invalid: Curve %s strength %d cannot be used for signing\n", + UADK_ERR("invalid: Curve %s strength %d cannot be used for signing\n", curve_name, strength); return UADK_P_FAIL; } @@ -948,7 +949,7 @@ int uadk_prov_pkey_version(void) dev1 = wd_get_accel_dev("rsa"); if (!dev1) { - fprintf(stderr, "no pkey device available!\n"); + UADK_ERR("no pkey device available!\n"); return HW_PKEY_INVALID; } diff --git a/src/uadk_prov_rsa.c b/src/uadk_prov_rsa.c index 821ddde..da5be2f 100644 --- a/src/uadk_prov_rsa.c +++ b/src/uadk_prov_rsa.c @@ -30,6 +30,7 @@ #include "uadk_async.h" #include "uadk_prov.h" #include "uadk_prov_pkey.h" +#include "uadk_utils.h" #define UN_SET 0 #define IS_SET 1 @@ -302,7 +303,7 @@ static UADK_PKEY_SIGNATURE get_default_rsa_signature(void) EVP_SIGNATURE_free((EVP_SIGNATURE *)signature); initilazed = 1; } else { - fprintf(stderr, "failed to EVP_SIGNATURE_fetch default RSA provider\n"); + UADK_ERR("failed to EVP_SIGNATURE_fetch default RSA provider\n"); } } pthread_mutex_unlock(&sig_mutex); @@ -324,7 +325,7 @@ static UADK_PKEY_ASYM_CIPHER get_default_rsa_asym_cipher(void) EVP_ASYM_CIPHER_free((EVP_ASYM_CIPHER *)asym_cipher); initilazed = 1; } else { - fprintf(stderr, "failed to EVP_ASYM_CIPHER_fetch default RSA provider\n"); + UADK_ERR("failed to EVP_ASYM_CIPHER_fetch default RSA provider\n"); } } pthread_mutex_unlock(&asym_mutex); @@ -489,7 +490,7 @@ static int setup_tbuf(PROV_RSA_SIG_CTX *ctx) ctx->tbuf = OPENSSL_malloc(uadk_rsa_size(ctx->rsa)); if (ctx->tbuf == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + UADK_ERR("failed to zalloc ctx tbuf!\n"); return UADK_E_FAIL; } @@ -779,7 +780,7 @@ static int get_rsa_prime_param(struct rsa_prime_param *param, BN_CTX *ctx) return UADK_E_SUCCESS; error: - fprintf(stderr, "failed to allocate rsa prime params\n"); + UADK_ERR("failed to allocate rsa prime params\n"); return -ENOMEM; } @@ -854,7 +855,7 @@ static int add_rsa_pubenc_padding(int flen, const unsigned char *from, int ret; if (!buf || !num) { - fprintf(stderr, "buf or num is invalid.\n"); + UADK_ERR("buf or num is invalid.\n"); return UADK_E_FAIL; } @@ -862,12 +863,12 @@ static int add_rsa_pubenc_padding(int flen, const unsigned char *from, case RSA_PKCS1_PADDING: ret = RSA_padding_add_PKCS1_type_2(buf, num, from, flen); if (!ret) - fprintf(stderr, "RSA_PKCS1_PADDING err.\n"); + UADK_ERR("RSA_PKCS1_PADDING err.\n"); break; case RSA_PKCS1_OAEP_PADDING: ret = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0); if (!ret) - fprintf(stderr, "RSA_PKCS1_OAEP_PADDING err.\n"); + UADK_ERR("RSA_PKCS1_OAEP_PADDING err.\n"); break; default: ret = UADK_E_FAIL; @@ -886,13 +887,13 @@ static int check_rsa_pridec_padding(unsigned char *to, int num, case RSA_PKCS1_PADDING: ret = RSA_padding_check_PKCS1_type_2(to, num, buf, flen, num); if (ret == CHECK_PADDING_FAIL) - fprintf(stderr, "RSA_PKCS1_PADDING err.\n"); + UADK_ERR("RSA_PKCS1_PADDING err.\n"); break; case RSA_PKCS1_OAEP_PADDING: ret = RSA_padding_check_PKCS1_OAEP(to, num, buf, flen, num, NULL, 0); if (ret == CHECK_PADDING_FAIL) - fprintf(stderr, "RSA_PKCS1_OAEP_PADDING err.\n"); + UADK_ERR("RSA_PKCS1_OAEP_PADDING err.\n"); break; default: ret = UADK_E_FAIL; @@ -914,12 +915,12 @@ static int add_rsa_prienc_padding(int flen, const unsigned char *from, case RSA_PKCS1_PADDING: ret = RSA_padding_add_PKCS1_type_1(to_buf, tlen, from, flen); if (!ret) - fprintf(stderr, "RSA_PKCS1_PADDING err.\n"); + UADK_ERR("RSA_PKCS1_PADDING err.\n"); break; case RSA_X931_PADDING: ret = RSA_padding_add_X931(to_buf, tlen, from, flen); if (ret == -1) - fprintf(stderr, "RSA_X931_PADDING err.\n"); + UADK_ERR("RSA_X931_PADDING err.\n"); break; default: ret = UADK_E_FAIL; @@ -940,12 +941,12 @@ static int check_rsa_pubdec_padding(unsigned char *to, int num, case RSA_PKCS1_PADDING: ret = RSA_padding_check_PKCS1_type_1(to, num, buf, len, num); if (ret == CHECK_PADDING_FAIL) - fprintf(stderr, "RSA_PKCS1_PADDING err.\n"); + UADK_ERR("RSA_PKCS1_PADDING err.\n"); break; case RSA_X931_PADDING: ret = RSA_padding_check_X931(to, num, buf, len, num); if (ret == CHECK_PADDING_FAIL) - fprintf(stderr, "RSA_X931_PADDING err.\n"); + UADK_ERR("RSA_X931_PADDING err.\n"); break; default: ret = UADK_E_FAIL; @@ -966,7 +967,7 @@ static int check_rsa_input_para(const int flen, const unsigned char *from, unsigned char *to, RSA *rsa) { if (!rsa || !to || !from || flen <= 0) { - fprintf(stderr, "input param invalid\n"); + UADK_ERR("input param invalid\n"); return UADK_E_FAIL; } @@ -1018,7 +1019,7 @@ static int uadk_rsa_env_poll(void *ctx) rx_cnt++; } while (rx_cnt < PROV_SCH_RECV_MAX_CNT); - fprintf(stderr, "failed to poll msg: timeout!\n"); + UADK_ERR("failed to poll msg: timeout!\n"); return -ETIMEDOUT; } @@ -1300,7 +1301,7 @@ static int rsa_do_crypto(struct uadk_rsa_sess *rsa_sess) ret = async_setup_async_event_notification(&op); if (!ret) { - fprintf(stderr, "failed to setup async event notification.\n"); + UADK_ERR("failed to setup async event notification.\n"); return UADK_E_FAIL; } @@ -1944,7 +1945,7 @@ static int uadk_rsa_asym_init(void *vprsactx, void *vrsa, priv->pad_mode = RSA_PKCS1_PSS_PADDING; break; default: - ERR_raise(ERR_LIB_RSA, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + UADK_ERR("rsa asym operation not supported this keytype!\n"); return UADK_E_FAIL; } @@ -1977,7 +1978,7 @@ static int uadk_rsa_init(void *vprsactx, void *vrsa, ctx->pad_mode = RSA_PKCS1_PSS_PADDING; break; default: - ERR_raise(ERR_LIB_RSA, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + UADK_ERR("rsa init operation not supported this keytype!\n"); return UADK_E_FAIL; } @@ -2013,7 +2014,7 @@ static int uadk_rsa_sw_verify(void *vprsactx, const unsigned char *sig, if (!enable_sw_offload || !get_default_rsa_signature().verify) return UADK_E_FAIL; - fprintf(stderr, "switch to openssl software calculation in verifaction.\n"); + UADK_INFO("switch to openssl software calculation in verifaction.\n"); return get_default_rsa_signature().verify(vprsactx, sig, siglen, tbs, tbslen); } @@ -2060,7 +2061,7 @@ static int uadk_rsa_sw_sign(void *vprsactx, unsigned char *sig, if (!enable_sw_offload || !get_default_rsa_signature().sign) return UADK_E_FAIL; - fprintf(stderr, "switch to openssl software calculation in rsa signature.\n"); + UADK_INFO("switch to openssl software calculation in rsa signature.\n"); return get_default_rsa_signature().sign(vprsactx, sig, siglen, sigsize, tbs, tbslen); } @@ -2083,8 +2084,8 @@ static int uadk_signature_rsa_sign(void *vprsactx, unsigned char *sig, } if (sigsize < rsasize) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_SIGNATURE_SIZE, - "is %zu, should be at least %zu", sigsize, rsasize); + UADK_ERR("invalid signature size is %zu, should be at least %zu!\n", + sigsize, rsasize); return UADK_E_FAIL; } @@ -2130,7 +2131,7 @@ static void *uadk_signature_rsa_newctx(void *provctx, const char *propq) err: OPENSSL_free(priv); - fprintf(stderr, "%s failed.\n", __func__); + UADK_ERR("%s failed.\n", __func__); return NULL; } @@ -2216,11 +2217,11 @@ static int uadk_rsa_check_padding(const PROV_RSA_SIG_CTX *prsactx, { switch (prsactx->pad_mode) { case RSA_NO_PADDING: - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE); + UADK_ERR("invalid rsa padding mode.\n"); return UADK_E_FAIL; case RSA_X931_PADDING: if (RSA_X931_hash_id(mdnid) == -1) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_X931_DIGEST); + UADK_ERR("invalid rsa x931 digest.\n"); return UADK_E_FAIL; } break; @@ -2229,7 +2230,7 @@ static int uadk_rsa_check_padding(const PROV_RSA_SIG_CTX *prsactx, if ((mdname != NULL && !EVP_MD_is_a(prsactx->md, mdname)) || (mgf1_mdname != NULL && !EVP_MD_is_a(prsactx->mgf1_md, mgf1_mdname))) { - ERR_raise(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED); + UADK_ERR("rsa digest is not allowed.\n"); return UADK_E_FAIL; } } @@ -2297,14 +2298,11 @@ static int uadk_rsa_setup_md(PROV_RSA_SIG_CTX *ctx, const char *mdname, !uadk_rsa_check_padding(ctx, mdname, NULL, md_nid) || mdname_len >= sizeof(ctx->mdname)) { if (md == NULL) - ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, - "%s could not be fetched", mdname); + UADK_ERR("invalid rsa name %s could not be fetched.\n", mdname); if (md_nid <= 0) - ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, - "digest=%s", mdname); + UADK_ERR("digest name is not allowed digest = %s.\n", mdname); if (mdname_len >= sizeof(ctx->mdname)) - ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, - "%s exceeds name buffer length", mdname); + UADK_ERR("invalid name %s exceeds name buffer length.\n", mdname); if (md) EVP_MD_free(md); return 0; @@ -2474,19 +2472,18 @@ static int encode_pkcs1(unsigned char **out, size_t *out_len, int type, unsigned char *dig_info; if (type == NID_undef) { - ERR_raise(ERR_LIB_RSA, RSA_R_UNKNOWN_ALGORITHM_TYPE); + UADK_ERR("invalid: rsa unknown algorithm type.\n"); return 0; } di_prefix = uadk_rsa_digestinfo_encoding(type, &di_prefix_len); if (di_prefix == NULL) { - ERR_raise(ERR_LIB_RSA, - RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); + UADK_ERR("invalid: rsa di prefix is NULL.\n"); return 0; } dig_info_len = di_prefix_len + m_len; dig_info = OPENSSL_malloc(dig_info_len); if (dig_info == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); + UADK_ERR("failed to malloc dig info.\n"); return 0; } memcpy(dig_info, di_prefix, di_prefix_len); @@ -2544,7 +2541,7 @@ static int uadk_signature_rsa_digest_sign_final(void *vprsactx, unsigned char *s * RSASSA-PKCS1-v1_5. */ if (dlen != SSL_SIG_LENGTH) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MESSAGE_LENGTH); + UADK_ERR("invalid: rsa message length.\n"); return 0; } encoded_len = SSL_SIG_LENGTH; @@ -2555,7 +2552,7 @@ static int uadk_signature_rsa_digest_sign_final(void *vprsactx, unsigned char *s encoded = tmps; } } else { - fprintf(stderr, "This padding mode is not supported\n"); + UADK_ERR("This padding mode is not supported\n"); return UADK_E_FAIL; } @@ -2616,14 +2613,14 @@ static int uadk_signature_rsa_digest_verify_final(void *vprsactx, const unsigned if (priv->pad_mode == RSA_PKCS1_PADDING) { if (siglen != (size_t)uadk_rsa_size(priv->rsa)) { - ERR_raise(ERR_LIB_RSA, RSA_R_WRONG_SIGNATURE_LENGTH); + UADK_ERR("invalid: rsa signature length.\n"); return UADK_E_FAIL; } /* Recover the encoded digest. */ decrypt_buf = OPENSSL_malloc(siglen); if (decrypt_buf == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); + UADK_ERR("failed to malloc decrypt buf.\n"); return UADK_E_FAIL; } @@ -2640,19 +2637,19 @@ static int uadk_signature_rsa_digest_verify_final(void *vprsactx, const unsigned * RSASSA-PKCS1-v1_5. */ if (decrypt_len != SSL_SIG_LENGTH) { - ERR_raise(ERR_LIB_RSA, RSA_R_BAD_SIGNATURE); + UADK_ERR("invalid: rsa decrypt length.\n"); ret = UADK_E_FAIL; goto err; } if (siglen != SSL_SIG_LENGTH) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MESSAGE_LENGTH); + UADK_ERR("invalid: rsa siglen.\n"); ret = UADK_E_FAIL; goto err; } if (memcmp(decrypt_buf, digest, SSL_SIG_LENGTH) != 0) { - ERR_raise(ERR_LIB_RSA, RSA_R_BAD_SIGNATURE); + UADK_ERR("failed to memcmp decrypt buf and digest.\n"); ret = UADK_E_FAIL; goto err; } @@ -2665,14 +2662,14 @@ static int uadk_signature_rsa_digest_verify_final(void *vprsactx, const unsigned if (encoded_len != decrypt_len || memcmp(encoded, decrypt_buf, encoded_len) != 0) { - ERR_raise(ERR_LIB_RSA, RSA_R_BAD_SIGNATURE); + UADK_ERR("failed to memcmp decrypt buf and encoded.\n"); ret = UADK_E_FAIL; goto err; } } ret = UADK_E_SUCCESS; } else { - fprintf(stderr, "This padding mode is not supported\n"); + UADK_ERR("This padding mode is not supported\n"); return UADK_E_FAIL; } @@ -2764,7 +2761,7 @@ static int uadk_rsa_sw_encrypt(void *vprsactx, unsigned char *out, if (!enable_sw_offload || !get_default_rsa_asym_cipher().encrypt) return UADK_E_FAIL; - fprintf(stderr, "switch to openssl software calculation in rsa encryption.\n"); + UADK_INFO("switch to openssl software calculation in rsa encryption.\n"); return get_default_rsa_asym_cipher().encrypt(vprsactx, out, outlen, outsize, in, inlen); } @@ -2785,7 +2782,7 @@ static int uadk_asym_cipher_rsa_encrypt(void *vprsactx, unsigned char *out, if (out == NULL) { len = uadk_rsa_size(priv->rsa); if (len == 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + UADK_ERR("invalid: rsa encrypt size.\n"); return UADK_E_FAIL; } *outlen = len; @@ -2812,7 +2809,7 @@ static int uadk_rsa_sw_decrypt(void *vprsactx, unsigned char *out, if (!enable_sw_offload || !get_default_rsa_asym_cipher().decrypt) return UADK_E_FAIL; - fprintf(stderr, "switch to openssl software calculation in rsa decryption.\n"); + UADK_INFO("switch to openssl software calculation in rsa decryption.\n"); return get_default_rsa_asym_cipher().decrypt(vprsactx, out, outlen, outsize, in, inlen); } @@ -2831,7 +2828,7 @@ static int uadk_asym_cipher_rsa_decrypt(void *vprsactx, unsigned char *out, if (out == NULL) { if (len == 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + UADK_ERR("invalid: rsa decrypt size.\n"); return UADK_E_FAIL; } *outlen = len; @@ -2839,7 +2836,7 @@ static int uadk_asym_cipher_rsa_decrypt(void *vprsactx, unsigned char *out, } if (outsize < len) { - ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH); + UADK_ERR("invalid: rsa decrypt outsize is too small.\n"); return UADK_E_FAIL; } @@ -2958,7 +2955,7 @@ static int uadk_keymgmt_rsa_gen_set_params(void *genctx, const OSSL_PARAM params static int uadk_keymgmt_rsa_gen_set_template(void *genctx, void *templates) { if (!get_default_rsa_keymgmt().gen_set_template) { - fprintf(stderr, "failed to get keymgmt gen_set_template function\n"); + UADK_ERR("failed to get keymgmt gen_set_template function\n"); return UADK_P_FAIL; } @@ -2989,14 +2986,14 @@ static RSA *ossl_rsa_new_with_ctx(OSSL_LIB_CTX *libctx) RSA *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); + UADK_ERR("failed to zalloc rsa ret\n"); return NULL; } ret->references = 1; ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); + UADK_ERR("failed to malloc thread lock\n"); OPENSSL_free(ret); return NULL; } @@ -3012,7 +3009,7 @@ static void *uadk_rsa_sw_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) if (!enable_sw_offload || !get_default_rsa_keymgmt().gen) return NULL; - fprintf(stderr, "switch to openssl software calculation in rsa key generation.\n"); + UADK_INFO("switch to openssl software calculation in rsa key generation.\n"); return get_default_rsa_keymgmt().gen(genctx, osslcb, cbarg); } @@ -3096,7 +3093,7 @@ static const OSSL_PARAM *uadk_keymgmt_rsa_gettable_params(void *provctx) static int uadk_keymgmt_rsa_set_params(void *key, const OSSL_PARAM params[]) { if (!get_default_rsa_keymgmt().set_params) { - fprintf(stderr, "failed to get keymgmt set_params function\n"); + UADK_ERR("failed to get keymgmt set_params function\n"); return UADK_P_FAIL; } @@ -3106,7 +3103,7 @@ static int uadk_keymgmt_rsa_set_params(void *key, const OSSL_PARAM params[]) static const OSSL_PARAM *uadk_keymgmt_rsa_settable_params(ossl_unused void *provctx) { if (!get_default_rsa_keymgmt().settable_params) { - fprintf(stderr, "failed to get keymgmt settable_params function\n"); + UADK_ERR("failed to get keymgmt settable_params function\n"); return NULL; } diff --git a/src/uadk_prov_sm2.c b/src/uadk_prov_sm2.c index dc5df8d..03c4e1e 100644 --- a/src/uadk_prov_sm2.c +++ b/src/uadk_prov_sm2.c @@ -28,6 +28,7 @@ #include "uadk_prov_der_writer.h" #include "uadk_prov_packet.h" #include "uadk_prov_pkey.h" +#include "uadk_utils.h" #define SM2_KEY_BYTES 32 #define SM2_GET_SIGNLEN 1 @@ -223,7 +224,7 @@ IMPLEMENT_ASN1_FUNCTIONS(SM2_Ciphertext) static const char *uadk_keymgmt_sm2_query_operation_name(int operation_id) { if (!get_default_sm2_keymgmt().query_operation_name) { - fprintf(stderr, "failed to get keymgmt query_operation_name function\n"); + UADK_ERR("failed to get keymgmt query_operation_name function\n"); return NULL; } @@ -239,7 +240,7 @@ static const char *uadk_keymgmt_sm2_query_operation_name(int operation_id) static void *uadk_keymgmt_sm2_new(void *provctx) { if (!get_default_sm2_keymgmt().new_fun) { - fprintf(stderr, "failed to get keymgmt new function\n"); + UADK_ERR("failed to get keymgmt new function\n"); return NULL; } @@ -254,7 +255,7 @@ static void *uadk_keymgmt_sm2_new(void *provctx) static void uadk_keymgmt_sm2_free(void *keydata) { if (!get_default_sm2_keymgmt().free) { - fprintf(stderr, "failed to get keymgmt free function\n"); + UADK_ERR("failed to get keymgmt free function\n"); return; } @@ -264,7 +265,7 @@ static void uadk_keymgmt_sm2_free(void *keydata) static int uadk_keymgmt_sm2_get_params(void *key, OSSL_PARAM params[]) { if (!get_default_sm2_keymgmt().get_params) { - fprintf(stderr, "failed to get keymgmt get_params function\n"); + UADK_ERR("failed to get keymgmt get_params function\n"); return UADK_P_FAIL; } @@ -274,7 +275,7 @@ static int uadk_keymgmt_sm2_get_params(void *key, OSSL_PARAM params[]) static const OSSL_PARAM *uadk_keymgmt_sm2_gettable_params(void *provctx) { if (!get_default_sm2_keymgmt().gettable_params) { - fprintf(stderr, "failed to get keymgmt gettable_params function\n"); + UADK_ERR("failed to get keymgmt gettable_params function\n"); return NULL; } @@ -284,7 +285,7 @@ static const OSSL_PARAM *uadk_keymgmt_sm2_gettable_params(void *provctx) static int uadk_keymgmt_sm2_set_params(void *key, const OSSL_PARAM params[]) { if (!get_default_sm2_keymgmt().set_params) { - fprintf(stderr, "failed to get keymgmt set_params function\n"); + UADK_ERR("failed to get keymgmt set_params function\n"); return UADK_P_FAIL; } @@ -294,7 +295,7 @@ static int uadk_keymgmt_sm2_set_params(void *key, const OSSL_PARAM params[]) static int uadk_keymgmt_sm2_gen_set_template(void *genctx, void *templates) { if (!get_default_sm2_keymgmt().gen_set_template) { - fprintf(stderr, "failed to get keymgmt gen_set_template function\n"); + UADK_ERR("failed to get keymgmt gen_set_template function\n"); return UADK_P_FAIL; } @@ -304,7 +305,7 @@ static int uadk_keymgmt_sm2_gen_set_template(void *genctx, void *templates) static void uadk_keymgmt_sm2_gen_cleanup(void *genctx) { if (!get_default_sm2_keymgmt().gen_cleanup) { - fprintf(stderr, "failed to get keymgmt gen_cleanup function\n"); + UADK_ERR("failed to get keymgmt gen_cleanup function\n"); return; } @@ -314,7 +315,7 @@ static void uadk_keymgmt_sm2_gen_cleanup(void *genctx) static void *uadk_keymgmt_sm2_load(const void *reference, size_t reference_sz) { if (!get_default_sm2_keymgmt().load) { - fprintf(stderr, "failed to get keymgmt load function\n"); + UADK_ERR("failed to get keymgmt load function\n"); return NULL; } @@ -324,7 +325,7 @@ static void *uadk_keymgmt_sm2_load(const void *reference, size_t reference_sz) static int uadk_keymgmt_sm2_validate(const void *keydata, int selection, int checktype) { if (!get_default_sm2_keymgmt().validate) { - fprintf(stderr, "failed to get keymgmt validate function\n"); + UADK_ERR("failed to get keymgmt validate function\n"); return UADK_P_FAIL; } @@ -334,7 +335,7 @@ static int uadk_keymgmt_sm2_validate(const void *keydata, int selection, int che static int uadk_keymgmt_sm2_match(const void *keydata1, const void *keydata2, int selection) { if (!get_default_sm2_keymgmt().match) { - fprintf(stderr, "failed to get keymgmt validate function\n"); + UADK_ERR("failed to get keymgmt validate function\n"); return UADK_P_FAIL; } @@ -352,7 +353,7 @@ static int uadk_keymgmt_sm2_match(const void *keydata1, const void *keydata2, in static int uadk_keymgmt_sm2_has(const void *keydata, int selection) { if (!get_default_sm2_keymgmt().has) { - fprintf(stderr, "failed to get keymgmt has function\n"); + UADK_ERR("failed to get keymgmt has function\n"); return UADK_P_FAIL; } @@ -370,7 +371,7 @@ static int uadk_keymgmt_sm2_has(const void *keydata, int selection) static int uadk_keymgmt_sm2_import(void *keydata, int selection, const OSSL_PARAM params[]) { if (!get_default_sm2_keymgmt().import) { - fprintf(stderr, "failed to get keymgmt import function\n"); + UADK_ERR("failed to get keymgmt import function\n"); return UADK_P_FAIL; } @@ -386,7 +387,7 @@ static int uadk_keymgmt_sm2_import(void *keydata, int selection, const OSSL_PARA static const OSSL_PARAM *uadk_keymgmt_sm2_import_types(int selection) { if (!get_default_sm2_keymgmt().import_types) { - fprintf(stderr, "failed to get keymgmt import_types function\n"); + UADK_ERR("failed to get keymgmt import_types function\n"); return NULL; } @@ -397,7 +398,7 @@ static int uadk_keymgmt_sm2_export(void *keydata, int selection, OSSL_CALLBACK *param_callback, void *cbarg) { if (!get_default_sm2_keymgmt().export_fun) { - fprintf(stderr, "failed to get keymgmt export function\n"); + UADK_ERR("failed to get keymgmt export function\n"); return UADK_P_FAIL; } @@ -407,7 +408,7 @@ static int uadk_keymgmt_sm2_export(void *keydata, int selection, static const OSSL_PARAM *uadk_keymgmt_sm2_export_types(int selection) { if (!get_default_sm2_keymgmt().export_types) { - fprintf(stderr, "failed to get keymgmt export_types function\n"); + UADK_ERR("failed to get keymgmt export_types function\n"); return NULL; } @@ -417,7 +418,7 @@ static const OSSL_PARAM *uadk_keymgmt_sm2_export_types(int selection) static void *uadk_keymgmt_sm2_dup(const void *keydata_from, int selection) { if (!get_default_sm2_keymgmt().dup) { - fprintf(stderr, "failed to get keymgmt dup function\n"); + UADK_ERR("failed to get keymgmt dup function\n"); return NULL; } @@ -436,7 +437,7 @@ static void *uadk_keymgmt_sm2_gen_init(void *provctx, int selection, const OSSL_PARAM params[]) { if (!get_default_sm2_keymgmt().gen_init) { - fprintf(stderr, "failed to get keymgmt gen_init function\n"); + UADK_ERR("failed to get keymgmt gen_init function\n"); return NULL; } @@ -453,7 +454,7 @@ static void *uadk_keymgmt_sm2_gen_init(void *provctx, int selection, static int uadk_keymgmt_sm2_gen_set_params(void *genctx, const OSSL_PARAM params[]) { if (!get_default_sm2_keymgmt().gen_set_params) { - fprintf(stderr, "failed to get keymgmt gen_set_params function\n"); + UADK_ERR("failed to get keymgmt gen_set_params function\n"); return UADK_P_FAIL; } @@ -463,7 +464,7 @@ static int uadk_keymgmt_sm2_gen_set_params(void *genctx, const OSSL_PARAM params static const OSSL_PARAM *uadk_keymgmt_sm2_settable_params(ossl_unused void *provctx) { if (!get_default_sm2_keymgmt().settable_params) { - fprintf(stderr, "failed to get keymgmt settable_params function\n"); + UADK_ERR("failed to get keymgmt settable_params function\n"); return NULL; } @@ -481,7 +482,7 @@ static const OSSL_PARAM *uadk_keymgmt_sm2_gen_settable_params(ossl_unused void * ossl_unused void *provctx) { if (!get_default_sm2_keymgmt().gen_settable_params) { - fprintf(stderr, "failed to get keymgmt gen_settable_params function\n"); + UADK_ERR("failed to get keymgmt gen_settable_params function\n"); return NULL; } @@ -493,7 +494,7 @@ static int uadk_prov_sm2_keygen_init_iot(handle_t sess, struct wd_ecc_req *req) struct wd_ecc_out *ecc_out = wd_sm2_new_kg_out(sess); if (ecc_out == NULL) { - fprintf(stderr, "failed to new sign out\n"); + UADK_ERR("failed to new sign out\n"); return UADK_P_FAIL; } @@ -514,12 +515,12 @@ static int uadk_prov_sm2_set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) wd_sm2_get_kg_out_params(req->dst, &privkey, &pubkey); if (privkey == NULL || pubkey == NULL) { - fprintf(stderr, "failed to get privkey or pubkey\n"); + UADK_ERR("failed to get privkey or pubkey\n"); return UADK_P_FAIL; } if (pubkey->x.dsize > SM2_KEY_BYTES || pubkey->y.dsize > SM2_KEY_BYTES) { - fprintf(stderr, "invalid pubkey size: %u, %u\n", pubkey->x.dsize, pubkey->y.dsize); + UADK_ERR("invalid pubkey size: %u, %u\n", pubkey->x.dsize, pubkey->y.dsize); return UADK_P_FAIL; } @@ -527,14 +528,14 @@ static int uadk_prov_sm2_set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) ret = EC_KEY_set_private_key(ec, bn_key); BN_free(bn_key); if (ret == 0) { - fprintf(stderr, "failed to EC KEY set private key\n"); + UADK_ERR("failed to EC KEY set private key\n"); return UADK_P_FAIL; } group = EC_KEY_get0_group(ec); point = EC_POINT_new(group); if (point == NULL) { - fprintf(stderr, "failed to EC POINT new\n"); + UADK_ERR("failed to EC POINT new\n"); return UADK_P_FAIL; } @@ -548,7 +549,7 @@ static int uadk_prov_sm2_set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) ptr = EC_POINT_bn2point(group, bn_key, point, NULL); BN_free(bn_key); if (ptr == NULL) { - fprintf(stderr, "failed to EC_POINT_bn2point\n"); + UADK_ERR("failed to EC_POINT_bn2point\n"); EC_POINT_free(point); return UADK_P_FAIL; } @@ -556,7 +557,7 @@ static int uadk_prov_sm2_set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) ret = EC_KEY_set_public_key(ec, point); EC_POINT_free(point); if (ret == 0) { - fprintf(stderr, "failed to EC_KEY_set_public_key\n"); + UADK_ERR("failed to EC_KEY_set_public_key\n"); return UADK_P_FAIL; } @@ -574,13 +575,13 @@ static int uadk_prov_sm2_check_priv_key(EC_KEY *eckey) priv_key = BN_new(); if (priv_key == NULL) { - fprintf(stderr, "failed to BN_new priv_key\n"); + UADK_ERR("failed to BN_new priv_key\n"); return UADK_P_FAIL; } ret = EC_KEY_set_private_key(eckey, priv_key); if (ret == 0) - fprintf(stderr, "failed to set private key\n"); + UADK_ERR("failed to set private key\n"); BN_free(priv_key); @@ -632,11 +633,11 @@ static void *uadk_keymgmt_sm2_gen_sw(void *genctx, OSSL_CALLBACK *osslcb, void * return NULL; if (!get_default_sm2_keymgmt().gen) { - fprintf(stderr, "failed to get keymgmt gen function\n"); + UADK_ERR("failed to get keymgmt gen function\n"); return NULL; } - fprintf(stderr, "switch to software sm2 keygen.\n"); + UADK_INFO("switch to software sm2 keygen.\n"); return get_default_sm2_keymgmt().gen(genctx, osslcb, cbarg); } @@ -656,44 +657,44 @@ static void *uadk_keymgmt_sm2_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cba int ret; if (gctx == NULL) { - fprintf(stderr, "invalid: the generation context is NULL\n"); + UADK_ERR("invalid: the generation context is NULL\n"); return NULL; } ec = EC_KEY_new_ex(gctx->libctx, NULL); if (ec == NULL) { - fprintf(stderr, "failed to EC_KEY_new_ex\n"); + UADK_ERR("failed to EC_KEY_new_ex\n"); return NULL; } ret = uadk_prov_ecc_genctx_check(genctx, ec); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to check genctx\n"); + UADK_ERR("failed to check genctx\n"); goto free_ec_key; } ret = uadk_prov_keymgmt_get_support_state(KEYMGMT_SM2); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to get hardware sm2 keygen support\n"); + UADK_ERR("failed to get hardware sm2 keygen support\n"); goto do_soft; } /* SM2 hardware init */ ret = uadk_prov_ecc_init("sm2"); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to init sm2\n"); + UADK_ERR("failed to init sm2\n"); goto do_soft; } /* Do sm2 keygen with hardware */ if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) { - fprintf(stderr, "invalid keymgmt keypair selection\n"); + UADK_ERR("invalid keymgmt keypair selection\n"); goto free_ec_key; } ret = uadk_prov_sm2_keygen(ec); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to generate sm2 key\n"); + UADK_ERR("failed to generate sm2 key\n"); goto do_soft; } @@ -722,7 +723,7 @@ static UADK_PKEY_SIGNATURE get_default_sm2_signature(void) EVP_SIGNATURE_free((EVP_SIGNATURE *)signature); initilazed = 1; } else { - fprintf(stderr, "failed to EVP_SIGNATURE_fetch default SM2 provider\n"); + UADK_ERR("failed to EVP_SIGNATURE_fetch default SM2 provider\n"); } } pthread_mutex_unlock(&sign_mutex); @@ -736,7 +737,7 @@ static void *uadk_signature_sm2_newctx(void *provctx, const char *propq) SM2_PROV_CTX *smctx; if (psm2ctx == NULL) { - fprintf(stderr, "failed to alloc sm2 signature ctx\n"); + UADK_ERR("failed to alloc sm2 signature ctx\n"); return NULL; } /* The libctx maybe NULL, if libctx is NULL, will use default ctx. */ @@ -744,19 +745,19 @@ static void *uadk_signature_sm2_newctx(void *provctx, const char *propq) smctx = OPENSSL_zalloc(sizeof(SM2_PROV_CTX)); if (smctx == NULL) { - fprintf(stderr, "failed to alloc sm2 prov ctx\n"); + UADK_ERR("failed to alloc sm2 prov ctx\n"); goto free_ctx; } smctx->sm2_pd = OPENSSL_zalloc(sizeof(SM2_PKEY_DATA)); if (smctx->sm2_pd == NULL) { - fprintf(stderr, "failed to alloc sm2 pkey data\n"); + UADK_ERR("failed to alloc sm2 pkey data\n"); goto free_smctx; } smctx->sm2_md = OPENSSL_zalloc(sizeof(SM2_MD_DATA)); if (smctx->sm2_md == NULL) { - fprintf(stderr, "failed to alloc sm2 md data\n"); + UADK_ERR("failed to alloc sm2 md data\n"); goto free_pd; } @@ -770,7 +771,7 @@ static void *uadk_signature_sm2_newctx(void *provctx, const char *propq) strcpy(psm2ctx->mdname, OSSL_DIGEST_NAME_SM3); smctx->sm2_md->mdctx = EVP_MD_CTX_new(); if (smctx->sm2_md->mdctx == NULL) { - fprintf(stderr, "failed to alloc sm2 mdctx\n"); + UADK_ERR("failed to alloc sm2 mdctx\n"); goto free_md; } @@ -779,7 +780,7 @@ static void *uadk_signature_sm2_newctx(void *provctx, const char *propq) if (propq) { psm2ctx->propq = OPENSSL_strdup(propq); if (psm2ctx->propq == NULL) { - fprintf(stderr, "failed to dup propq\n"); + UADK_ERR("failed to dup propq\n"); goto free_mdctx; } } @@ -840,17 +841,17 @@ static void uadk_signature_sm2_freectx(void *vpsm2ctx) static int uadk_prov_sm2_check_md_params(SM2_PROV_CTX *smctx) { if (smctx->sm2_md == NULL) { - fprintf(stderr, "invalid: sm2_md is NULL\n"); + UADK_ERR("invalid: sm2_md is NULL\n"); return UADK_P_FAIL; } if (smctx->sm2_md->md == NULL) { - fprintf(stderr, "invalid: md is NULL\n"); + UADK_ERR("invalid: md is NULL\n"); return UADK_P_FAIL; } if (smctx->sm2_md->mdctx == NULL) { - fprintf(stderr, "invalid: mdctx is NULL\n"); + UADK_ERR("invalid: mdctx is NULL\n"); return UADK_P_FAIL; } @@ -868,12 +869,12 @@ static int uadk_prov_sm2_sig_set_mdname(PROV_SM2_SIGN_CTX *psm2ctx, const char * /* 'psm2ctx' has already been checked when call this function, no need to check again */ smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + UADK_ERR("invalid: smctx is NULL\n"); return UADK_P_FAIL; } if (smctx->sm2_md == NULL) { - fprintf(stderr, "invalid: smctx->sm2_md is NULL\n"); + UADK_ERR("invalid: smctx->sm2_md is NULL\n"); return UADK_P_FAIL; } @@ -881,14 +882,14 @@ static int uadk_prov_sm2_sig_set_mdname(PROV_SM2_SIGN_CTX *psm2ctx, const char * smctx->sm2_md->md = EVP_MD_fetch(psm2ctx->libctx, psm2ctx->mdname, psm2ctx->propq); if (smctx->sm2_md->md == NULL) { - fprintf(stderr, "failed to fetch digest method\n"); + UADK_ERR("failed to fetch digest method\n"); return UADK_P_FAIL; } } if (strlen(mdname) >= sizeof(psm2ctx->mdname) || !EVP_MD_is_a(smctx->sm2_md->md, mdname)) { - fprintf(stderr, "failed to check mdname, digest=%s\n", mdname); + UADK_ERR("failed to check mdname, digest=%s\n", mdname); return UADK_P_FAIL; } @@ -911,7 +912,7 @@ static int uadk_prov_compute_hash(const char *in, size_t in_len, if (EVP_DigestInit(hash, digest) == 0 || EVP_DigestUpdate(hash, in, in_len) == 0 || EVP_DigestFinal(hash, (void *)out, NULL) == 0) { - fprintf(stderr, "compute hash failed\n"); + UADK_ERR("compute hash failed\n"); ret = -WD_EINVAL; } @@ -958,7 +959,7 @@ static int uadk_prov_sm2_update_sess(SM2_PROV_CTX *smctx) int type; if (smctx->sm2_pd == NULL) { - fprintf(stderr, "invalid: sm2 pd is NULL\n"); + UADK_ERR("invalid: sm2 pd is NULL\n"); return UADK_P_FAIL; } @@ -966,7 +967,7 @@ static int uadk_prov_sm2_update_sess(SM2_PROV_CTX *smctx) if (smctx->sm2_pd->order == NULL) { smctx->sm2_pd->order = BN_bin2bn((void *)sm2_order, sizeof(sm2_order), NULL); if (smctx->sm2_pd->order == NULL) { - fprintf(stderr, "failed to BN_bin2bn order\n"); + UADK_ERR("failed to BN_bin2bn order\n"); return UADK_P_FAIL; } } @@ -978,8 +979,7 @@ static int uadk_prov_sm2_update_sess(SM2_PROV_CTX *smctx) setup.hash.usr = (void *)smctx->sm2_md->md; type = uadk_prov_get_hash_type(smctx->sm2_md->md_nid); if (type < 0) { - fprintf(stderr, "uadk not support hash nid %d\n", - smctx->sm2_md->md_nid); + UADK_ERR("uadk not support hash nid %d\n", smctx->sm2_md->md_nid); return UADK_P_FAIL; } setup.hash.type = type; @@ -992,7 +992,7 @@ static int uadk_prov_sm2_update_sess(SM2_PROV_CTX *smctx) setup.rand.cb = uadk_prov_ecc_get_rand; sess = wd_ecc_alloc_sess(&setup); if (sess == (handle_t)0) { - fprintf(stderr, "failed to alloc sess\n"); + UADK_ERR("failed to alloc sess\n"); smctx->init_status = CTX_INIT_FAIL; return UADK_P_FAIL; } @@ -1012,7 +1012,7 @@ static int uadk_signature_sm2_sign_init_sw(void *vpsm2ctx, void *ec, const OSSL_PARAM params[]) { if (uadk_get_sw_offload_state() && get_default_sm2_signature().sign_init) { - fprintf(stderr, "switch to software sm2 sign_init.\n"); + UADK_INFO("switch to software sm2 sign_init.\n"); return get_default_sm2_signature().sign_init(vpsm2ctx, ec, params); } @@ -1026,18 +1026,18 @@ static int uadk_signature_sm2_sign_init(void *vpsm2ctx, void *ec, int ret; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: vpsm2ctx is NULL\n"); + UADK_ERR("invalid: vpsm2ctx is NULL\n"); return UADK_P_FAIL; } if (ec == NULL && psm2ctx->key == NULL) { - fprintf(stderr, "invalid: sm2 key is NULL\n"); + UADK_ERR("invalid: sm2 key is NULL\n"); return UADK_P_FAIL; } if (ec) { if (!EC_KEY_up_ref(ec)) { - fprintf(stderr, "failed to EC_KEY_up_ref\n"); + UADK_ERR("failed to EC_KEY_up_ref\n"); return UADK_P_FAIL; } EC_KEY_free(psm2ctx->key); @@ -1045,7 +1045,7 @@ static int uadk_signature_sm2_sign_init(void *vpsm2ctx, void *ec, } if (psm2ctx->sm2_pctx == NULL) { - fprintf(stderr, "failed to get smctx\n"); + UADK_ERR("failed to get smctx\n"); return UADK_P_FAIL; } @@ -1055,20 +1055,20 @@ static int uadk_signature_sm2_sign_init(void *vpsm2ctx, void *ec, ret = uadk_signature_sm2_set_ctx_params((void *)psm2ctx, params); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to set sm2 sig ctx params\n"); + UADK_ERR("failed to set sm2 sig ctx params\n"); goto do_soft; } ret = uadk_prov_signature_get_support_state(SIGNATURE_SM2); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to get hardware sm2 signature support\n"); + UADK_ERR("failed to get hardware sm2 signature support\n"); goto do_soft; } /* Init with UADK */ ret = uadk_prov_ecc_init("sm2"); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to init sm2\n"); + UADK_ERR("failed to init sm2\n"); goto do_soft; } @@ -1092,33 +1092,33 @@ static int uadk_prov_sm2_check_tbs_params(PROV_SM2_SIGN_CTX *psm2ctx, SM2_PROV_CTX *smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: ctx is NULL\n"); + UADK_ERR("invalid: ctx is NULL\n"); return UADK_P_FAIL; } if (smctx->init_status != CTX_INIT_SUCC) { - fprintf(stderr, "sm2 ctx init did not init\n"); + UADK_ERR("sm2 ctx init did not init\n"); return UADK_P_FAIL; } if (smctx->sm2_md == NULL) { - fprintf(stderr, "invalid: sm2_md is NULL\n"); + UADK_ERR("invalid: sm2_md is NULL\n"); return UADK_P_FAIL; } if (smctx->sm2_md->mdsize != 0 && tbslen != smctx->sm2_md->mdsize) { - fprintf(stderr, "invalid: tbslen(%zu) != mdsize(%zu)\n", - tbslen, smctx->sm2_md->mdsize); + UADK_ERR("invalid: tbslen(%zu) != mdsize(%zu)\n", + tbslen, smctx->sm2_md->mdsize); return UADK_P_FAIL; } if (tbslen > SM2_KEY_BYTES) { - fprintf(stderr, "invalid: tbslen(%zu) > SM2_KEY_BYTES(32)\n", tbslen); + UADK_ERR("invalid: tbslen(%zu) > SM2_KEY_BYTES(32)\n", tbslen); return UADK_P_FAIL; } if (uadk_prov_is_all_zero(tbs, tbslen)) { - fprintf(stderr, "invalid: tbs all zero\n"); + UADK_ERR("invalid: tbs all zero\n"); return UADK_P_FAIL; } @@ -1134,7 +1134,7 @@ static int uadk_prov_sm2_sign_init_iot(handle_t sess, struct wd_ecc_req *req, ecc_out = wd_sm2_new_sign_out(sess); if (ecc_out == NULL) { - fprintf(stderr, "failed to new sign out\n"); + UADK_ERR("failed to new sign out\n"); return UADK_P_FAIL; } @@ -1142,7 +1142,7 @@ static int uadk_prov_sm2_sign_init_iot(handle_t sess, struct wd_ecc_req *req, e.dsize = digest_len; ecc_in = wd_sm2_new_sign_in(sess, &e, NULL, NULL, 1); if (ecc_in == NULL) { - fprintf(stderr, "failed to new sign in\n"); + UADK_ERR("failed to new sign in\n"); wd_ecc_del_out(sess, ecc_out); return UADK_P_FAIL; } @@ -1159,17 +1159,17 @@ static int uadk_prov_sm2_update_private_key(SM2_PROV_CTX *smctx, EC_KEY *eckey) d = EC_KEY_get0_private_key(eckey); if (d == NULL) { - fprintf(stderr, "failed to set private key\n"); + UADK_ERR("failed to set private key\n"); return UADK_P_FAIL; } if (smctx->sm2_pd == NULL) { - fprintf(stderr, "invalid: sm2_pd is NULL\n"); + UADK_ERR("invalid: sm2_pd is NULL\n"); return UADK_P_FAIL; } if (smctx->sm2_pd->prikey && !BN_cmp(d, smctx->sm2_pd->prikey)) { - fprintf(stderr, "invalid: private key mismatch\n"); + UADK_ERR("invalid: private key mismatch\n"); return UADK_P_FAIL; } @@ -1191,31 +1191,31 @@ static int uadk_prov_sm2_sign_bin_to_ber(struct wd_dtb *r, struct wd_dtb *s, e_sig = ECDSA_SIG_new(); if (e_sig == NULL) { - fprintf(stderr, "failed to ECDSA_SIG_new\n"); + UADK_ERR("failed to ECDSA_SIG_new\n"); return UADK_P_FAIL; } bn_r = BN_bin2bn((void *)r->data, r->dsize, NULL); if (bn_r == NULL) { - fprintf(stderr, "failed to BN_bin2bn r\n"); + UADK_ERR("failed to BN_bin2bn r\n"); goto free_sig; } bn_s = BN_bin2bn((void *)s->data, s->dsize, NULL); if (bn_s == NULL) { - fprintf(stderr, "failed to BN_bin2bn s\n"); + UADK_ERR("failed to BN_bin2bn s\n"); goto free_r; } ret = ECDSA_SIG_set0(e_sig, bn_r, bn_s); if (ret == 0) { - fprintf(stderr, "failed to ECDSA_SIG_set0\n"); + UADK_ERR("failed to ECDSA_SIG_set0\n"); goto free_s; } sltmp = i2d_ECDSA_SIG(e_sig, &sig); if (sltmp < 0) { - fprintf(stderr, "failed to i2d_ECDSA_SIG\n"); + UADK_ERR("failed to i2d_ECDSA_SIG\n"); /* bs and br set to e_sig, use unified interface to prevent double release. */ goto free_sig; } @@ -1245,39 +1245,39 @@ static int uadk_prov_sm2_sign_ber_to_bin(unsigned char *sig, size_t sig_len, e_sig = ECDSA_SIG_new(); if (e_sig == NULL) { - fprintf(stderr, "failed to ECDSA_SIG_new\n"); + UADK_ERR("failed to ECDSA_SIG_new\n"); return UADK_P_FAIL; } if (d2i_ECDSA_SIG(&e_sig, &p, sig_len) == NULL) { - fprintf(stderr, "d2i_ECDSA_SIG error\n"); + UADK_ERR("d2i_ECDSA_SIG error\n"); goto free_sig; } /* Ensure signature uses DER and doesn't have trailing garbage */ len1 = i2d_ECDSA_SIG(e_sig, &der); if (len1 != sig_len || memcmp(sig, der, len1) != 0) { - fprintf(stderr, "sig data error, der_len(%d), sig_len(%zu)\n", - len1, sig_len); + UADK_ERR("sig data error, der_len(%d), sig_len(%zu)\n", + len1, sig_len); goto free_der; } bn_r = (void *)ECDSA_SIG_get0_r((const ECDSA_SIG *)e_sig); if (bn_r == NULL) { - fprintf(stderr, "failed to get r\n"); + UADK_ERR("failed to get r\n"); goto free_der; } bn_s = (void *)ECDSA_SIG_get0_s((const ECDSA_SIG *)e_sig); if (bn_s == NULL) { - fprintf(stderr, "failed to get s\n"); + UADK_ERR("failed to get s\n"); goto free_der; } len1 = BN_num_bytes(bn_r); len2 = BN_num_bytes(bn_s); if (len1 > UADK_ECC_MAX_KEY_BYTES || len2 > UADK_ECC_MAX_KEY_BYTES) { - fprintf(stderr, "r or s bytes = (%d, %d) error\n", len1, len2); + UADK_ERR("r or s bytes = (%d, %d) error\n", len1, len2); goto free_der; } r->dsize = BN_bn2bin(bn_r, (void *)r->data); @@ -1310,7 +1310,7 @@ static int uadk_prov_sm2_sign(PROV_SM2_SIGN_CTX *psm2ctx, if (smctx->sess == (handle_t)0) { ret = uadk_prov_sm2_update_sess(smctx); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to alloc sess in sign\n"); + UADK_ERR("failed to alloc sess in sign\n"); return ret; } } @@ -1325,13 +1325,13 @@ static int uadk_prov_sm2_sign(PROV_SM2_SIGN_CTX *psm2ctx, ret = uadk_prov_ecc_crypto(smctx->sess, &req, smctx); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret); + UADK_ERR("failed to uadk_ecc_crypto, ret = %d\n", ret); goto uninit_iot; } wd_sm2_get_sign_out_params(req.dst, &r, &s); if (r == NULL || s == NULL) { - fprintf(stderr, "failed to get sign result\n"); + UADK_ERR("failed to get sign result\n"); ret = UADK_P_FAIL; goto uninit_iot; } @@ -1349,7 +1349,7 @@ static int uadk_signature_sm2_sign_sw(void *vpsm2ctx, unsigned char *sig, size_t size_t sigsize, const unsigned char *tbs, size_t tbslen) { if (uadk_get_sw_offload_state() && get_default_sm2_signature().sign) { - fprintf(stderr, "switch to soft sm2 sign\n"); + UADK_INFO("switch to soft sm2 sign\n"); return get_default_sm2_signature().sign(vpsm2ctx, sig, siglen, sigsize, tbs, tbslen); } @@ -1365,18 +1365,18 @@ static int uadk_signature_sm2_sign(void *vpsm2ctx, unsigned char *sig, size_t *s size_t sltmp; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL\n"); + UADK_ERR("invalid: psm2ctx is NULL\n"); return UADK_P_FAIL; } if (psm2ctx->key == NULL) { - fprintf(stderr, "invalid: sm2 ec is NULL\n"); + UADK_ERR("invalid: sm2 ec is NULL\n"); return UADK_P_FAIL; } ecsize = ECDSA_size(psm2ctx->key); if (ecsize <= 0) { - fprintf(stderr, "ecsize error %d\n", ecsize); + UADK_ERR("ecsize error %d\n", ecsize); return UADK_P_FAIL; } @@ -1391,19 +1391,19 @@ static int uadk_signature_sm2_sign(void *vpsm2ctx, unsigned char *sig, size_t *s } if (sigsize < (size_t)ecsize) { - fprintf(stderr, "sigsize(%zu) < ecsize(%d)\n", sigsize, ecsize); + UADK_ERR("sigsize(%zu) < ecsize(%d)\n", sigsize, ecsize); return UADK_P_FAIL; } ret = uadk_prov_sm2_check_tbs_params(psm2ctx, tbs, tbslen); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to check sm2 signature params\n"); + UADK_ERR("failed to check sm2 signature params\n"); goto do_soft; } ret = uadk_prov_sm2_sign(psm2ctx, sig, &sltmp, tbs, tbslen); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to do sm2 sign\n"); + UADK_ERR("failed to do sm2 sign\n"); goto do_soft; } @@ -1423,7 +1423,7 @@ static int uadk_prov_sm2_verify_init_iot(handle_t sess, struct wd_ecc_req *req, ecc_in = wd_sm2_new_verf_in(sess, e, r, s, NULL, 1); if (ecc_in == NULL) { - fprintf(stderr, "failed to new verf in\n"); + UADK_ERR("failed to new verf in\n"); return UADK_E_FAIL; } @@ -1441,25 +1441,25 @@ static int uadk_prov_sm2_update_public_key(SM2_PROV_CTX *smctx, EC_KEY *eckey) point = EC_KEY_get0_public_key(eckey); if (point == NULL) { - fprintf(stderr, "pubkey not set!\n"); + UADK_ERR("pubkey not set!\n"); return UADK_E_FAIL; } if (spd == NULL) { - fprintf(stderr, "invalid: sm2_pd is NULL\n"); + UADK_ERR("invalid: sm2_pd is NULL\n"); return UADK_P_FAIL; } if (spd->pubkey) { group = EC_KEY_get0_group(eckey); if (group == NULL) { - fprintf(stderr, "failed to get group\n"); + UADK_ERR("failed to get group\n"); return UADK_E_FAIL; } ret = EC_POINT_cmp(group, (void *)spd->pubkey, point, NULL); if (ret == UADK_E_FAIL) { - fprintf(stderr, "failed to do EC_POINT_cmp\n"); + UADK_ERR("failed to do EC_POINT_cmp\n"); return ret; } } @@ -1491,7 +1491,7 @@ static int uadk_prov_sm2_verify(PROV_SM2_SIGN_CTX *psm2ctx, if (smctx->sess == (handle_t)0) { ret = uadk_prov_sm2_update_sess(smctx); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to alloc sess in verify\n"); + UADK_ERR("failed to alloc sess in verify\n"); return ret; } } @@ -1502,7 +1502,7 @@ static int uadk_prov_sm2_verify(PROV_SM2_SIGN_CTX *psm2ctx, s.bsize = UADK_ECC_MAX_KEY_BYTES; ret = uadk_prov_sm2_sign_ber_to_bin((void *)sig, siglen, &r, &s); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to uadk_prov_sm2_sign_ber_to_bin\n"); + UADK_ERR("failed to uadk_prov_sm2_sign_ber_to_bin\n"); return ret; } @@ -1510,19 +1510,19 @@ static int uadk_prov_sm2_verify(PROV_SM2_SIGN_CTX *psm2ctx, e.dsize = tbslen; ret = uadk_prov_sm2_verify_init_iot(smctx->sess, &req, &e, &r, &s); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to uadk_prov_sm2_verify_init_iot\n"); + UADK_ERR("failed to uadk_prov_sm2_verify_init_iot\n"); return ret; } ret = uadk_prov_sm2_update_public_key(smctx, ec); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to uadk_prov_sm2_update_public_key\n"); + UADK_ERR("failed to uadk_prov_sm2_update_public_key\n"); goto uninit_iot; } ret = uadk_prov_ecc_crypto(smctx->sess, &req, smctx); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret); + UADK_ERR("failed to uadk_ecc_crypto, ret = %d\n", ret); goto uninit_iot; } @@ -1540,7 +1540,7 @@ static int uadk_signature_sm2_verify_sw(void *vpsm2ctx, const unsigned char *sig const unsigned char *tbs, size_t tbslen) { if (uadk_get_sw_offload_state() && get_default_sm2_signature().verify) { - fprintf(stderr, "switch to soft sm2 verify\n"); + UADK_INFO("switch to soft sm2 verify\n"); return get_default_sm2_signature().verify(vpsm2ctx, sig, siglen, tbs, tbslen); } @@ -1554,19 +1554,19 @@ static int uadk_signature_sm2_verify(void *vpsm2ctx, const unsigned char *sig, s int ret; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL\n"); + UADK_ERR("invalid: psm2ctx is NULL\n"); return UADK_P_FAIL; } ret = uadk_prov_sm2_check_tbs_params(psm2ctx, tbs, tbslen); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to check sm2 verify params\n"); + UADK_ERR("failed to check sm2 verify params\n"); goto do_soft; } ret = uadk_prov_sm2_verify(psm2ctx, sig, siglen, tbs, tbslen); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to do sm2 verify\n"); + UADK_ERR("failed to do sm2 verify\n"); goto do_soft; } @@ -1593,7 +1593,7 @@ static int uadk_signature_sm2_digest_sign_init(void *vpsm2ctx, const char *mdnam if (smctx->sm2_md->mdctx == NULL) { smctx->sm2_md->mdctx = EVP_MD_CTX_new(); if (unlikely(smctx->sm2_md->mdctx == NULL)) { - fprintf(stderr, "failed to EVP_MD_CTX_new\n"); + UADK_ERR("failed to EVP_MD_CTX_new\n"); return UADK_P_FAIL; } } @@ -1617,7 +1617,7 @@ static int uadk_signature_sm2_digest_sign_init(void *vpsm2ctx, const char *mdnam WPACKET_cleanup(&pkt); if (!EVP_DigestInit_ex2(smctx->sm2_md->mdctx, smctx->sm2_md->md, params)) { - fprintf(stderr, "failed to do digest init\n"); + UADK_ERR("failed to do digest init\n"); EVP_MD_CTX_free(smctx->sm2_md->mdctx); return UADK_P_FAIL; } @@ -1634,7 +1634,7 @@ static int uadk_prov_check_equation_param(struct sm2_param *param, EVP_MD_CTX *h !EVP_DigestUpdate(hash, buf, p_bytes) || BN_bn2binpad(param->b, buf, p_bytes) < 0 || !EVP_DigestUpdate(hash, buf, p_bytes)) { - fprintf(stderr, "failed to check equation param\n"); + UADK_ERR("failed to check equation param\n"); return UADK_P_FAIL; } @@ -1649,7 +1649,7 @@ static int uadk_prov_check_base_point_group_param(struct sm2_param *param, BN_CT if (!EC_POINT_get_affine_coordinates(group, EC_GROUP_get0_generator(group), param->xG, param->yG, ctx)) { - fprintf(stderr, "failed to check base point group param\n"); + UADK_ERR("failed to check base point group param\n"); return UADK_P_FAIL; } @@ -1663,7 +1663,7 @@ static int uadk_prov_check_base_point_param(struct sm2_param *param, EVP_MD_CTX !EVP_DigestUpdate(hash, buf, p_bytes) || BN_bn2binpad(param->yG, buf, p_bytes) < 0 || !EVP_DigestUpdate(hash, buf, p_bytes)) { - fprintf(stderr, "failed to check base point param\n"); + UADK_ERR("failed to check base point param\n"); return UADK_P_FAIL; } @@ -1678,7 +1678,7 @@ static int uadk_prov_check_pkey_point_group_param(struct sm2_param *param, BN_CT if (!EC_POINT_get_affine_coordinates(group, EC_KEY_get0_public_key(key), param->xA, param->yA, ctx)) { - fprintf(stderr, "failed to check pkey point group param\n"); + UADK_ERR("failed to check pkey point group param\n"); return UADK_P_FAIL; } return UADK_P_SUCCESS; @@ -1692,7 +1692,7 @@ static int uadk_prov_check_pkey_point_param(struct sm2_param *param, EVP_MD_CTX BN_bn2binpad(param->yA, buf, p_bytes) < 0 || !EVP_DigestUpdate(hash, buf, p_bytes) || !EVP_DigestFinal(hash, out, NULL)) { - fprintf(stderr, "failed to check pkey point param\n"); + UADK_ERR("failed to check pkey point param\n"); return UADK_P_FAIL; } @@ -1732,7 +1732,7 @@ static int uadk_prov_get_sm2_param(struct sm2_param *params, BN_CTX *ctx) return UADK_P_SUCCESS; end: - fprintf(stderr, "failed to get bn ctx for sm2 params\n"); + UADK_ERR("failed to get bn ctx for sm2 params\n"); return UADK_P_FAIL; } @@ -1743,13 +1743,13 @@ static int uadk_prov_check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash uint16_t entl; if (!EVP_DigestInit(hash, digest)) { - fprintf(stderr, "error evp lib\n"); + UADK_ERR("error evp lib\n"); return UADK_P_FAIL; } /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */ if (id_len >= (UINT16_MAX >> TRANS_BITS_BYTES_SHIFT)) { - fprintf(stderr, "invalid: id too large\n"); + UADK_ERR("invalid: id too large\n"); return UADK_P_FAIL; } @@ -1758,19 +1758,19 @@ static int uadk_prov_check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash /* Update the most significant (first) byte of 'entl' */ e_byte = GET_MS_BYTE(entl); if (!EVP_DigestUpdate(hash, &e_byte, 1)) { - fprintf(stderr, "failed to do EVP_DigestUpdate for e_byte's first byte\n"); + UADK_ERR("failed to do EVP_DigestUpdate for e_byte's first byte\n"); return UADK_P_FAIL; } /* Update the least significant (second) byte of 'entl' */ e_byte = GET_LS_BYTE(entl); if (!EVP_DigestUpdate(hash, &e_byte, 1)) { - fprintf(stderr, "failed to do EVP_DigestUpdate for e_byte's second byte\n"); + UADK_ERR("failed to do EVP_DigestUpdate for e_byte's second byte\n"); return UADK_P_FAIL; } if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) { - fprintf(stderr, "failed to do EVP_DigestUpdate for id\n"); + UADK_ERR("failed to do EVP_DigestUpdate for id\n"); return UADK_P_FAIL; } @@ -1799,7 +1799,7 @@ static int uadk_prov_sm2_compute_z_digest(uint8_t *out, const EVP_MD *digest, params = OPENSSL_zalloc(sizeof(struct sm2_param)); if (params == NULL) { - fprintf(stderr, "failed to malloc sm2 param\n"); + UADK_ERR("failed to malloc sm2 param\n"); goto free_ctx; } @@ -1810,14 +1810,14 @@ static int uadk_prov_sm2_compute_z_digest(uint8_t *out, const EVP_MD *digest, goto free_params; if (EC_GROUP_get_curve(group, params->p, params->a, params->b, ctx) == 0) { - fprintf(stderr, "failed to EC_GROUP_get_curve\n"); + UADK_ERR("failed to EC_GROUP_get_curve\n"); goto free_params; } p_bytes = BN_num_bytes(params->p); buf = OPENSSL_zalloc(p_bytes); if (buf == NULL) { - fprintf(stderr, "failed to alloc buffer\n"); + UADK_ERR("failed to alloc buffer\n"); goto free_params; } @@ -1853,7 +1853,7 @@ static int sm2_sig_compute_z_digest(PROV_SM2_SIGN_CTX *psm2ctx) z = OPENSSL_zalloc(smctx->sm2_md->mdsize); if (z == NULL) { - fprintf(stderr, "failed to alloc z\n"); + UADK_ERR("failed to alloc z\n"); return UADK_P_FAIL; } @@ -1862,7 +1862,7 @@ static int sm2_sig_compute_z_digest(PROV_SM2_SIGN_CTX *psm2ctx) /* psm2ctx id will be freed in uadk_signature_sm2_freectx, not here */ psm2ctx->id = OPENSSL_memdup(SM2_DEFAULT_USERID, SM2_DEFAULT_USERID_LEN); if (psm2ctx->id == NULL) { - fprintf(stderr, "failed to memdup psm2ctx id\n"); + UADK_ERR("failed to memdup psm2ctx id\n"); goto free_z; } psm2ctx->id_len = SM2_DEFAULT_USERID_LEN; @@ -1872,13 +1872,13 @@ static int sm2_sig_compute_z_digest(PROV_SM2_SIGN_CTX *psm2ctx) ret = uadk_prov_sm2_compute_z_digest(z, smctx->sm2_md->md, psm2ctx->id, psm2ctx->id_len, psm2ctx->key); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to uadk_prov_sm2_compute_z_digest\n"); + UADK_ERR("failed to uadk_prov_sm2_compute_z_digest\n"); goto free_z; } ret = EVP_DigestUpdate(smctx->sm2_md->mdctx, z, smctx->sm2_md->mdsize); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to EVP_DigestUpdate\n"); + UADK_ERR("failed to EVP_DigestUpdate\n"); goto free_z; } OPENSSL_free(z); @@ -1899,13 +1899,13 @@ static int uadk_signature_sm2_digest_sign_update(void *vpsm2ctx, const unsigned int ret; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL in digest sign update\n"); + UADK_ERR("invalid: psm2ctx is NULL in digest sign update\n"); return UADK_P_FAIL; } smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL in compute z digest\n"); + UADK_ERR("invalid: smctx is NULL in compute z digest\n"); return UADK_P_FAIL; } @@ -1915,13 +1915,13 @@ static int uadk_signature_sm2_digest_sign_update(void *vpsm2ctx, const unsigned ret = sm2_sig_compute_z_digest(psm2ctx); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to compute z digest\n"); + UADK_ERR("failed to compute z digest\n"); return ret; } ret = EVP_DigestUpdate(smctx->sm2_md->mdctx, data, datalen); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to EVP_DigestUpdate\n"); + UADK_ERR("failed to EVP_DigestUpdate\n"); return ret; } @@ -1939,13 +1939,13 @@ static int uadk_signature_sm2_digest_sign_final(void *vpsm2ctx, int ret; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL\n"); + UADK_ERR("invalid: psm2ctx is NULL\n"); return UADK_P_FAIL; } smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + UADK_ERR("invalid: smctx is NULL\n"); return UADK_P_FAIL; } @@ -1964,7 +1964,7 @@ static int uadk_signature_sm2_digest_sign_final(void *vpsm2ctx, ret = EVP_DigestFinal_ex(smctx->sm2_md->mdctx, digest, &dlen); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to do EVP_DigestFinal_ex\n"); + UADK_ERR("failed to do EVP_DigestFinal_ex\n"); return ret; } } @@ -1994,13 +1994,13 @@ static int uadk_signature_sm2_digest_verify_final(void *vpsm2ctx, const unsigned int ret, size; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL\n"); + UADK_ERR("invalid: psm2ctx is NULL\n"); return UADK_P_FAIL; } smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + UADK_ERR("invalid: smctx is NULL\n"); return UADK_P_FAIL; } @@ -2010,19 +2010,19 @@ static int uadk_signature_sm2_digest_verify_final(void *vpsm2ctx, const unsigned size = EVP_MD_get_size(smctx->sm2_md->md); if (size > EVP_MAX_MD_SIZE) { - fprintf(stderr, "invalid: md size(%d) > %d\n", size, EVP_MAX_MD_SIZE); + UADK_ERR("invalid: md size(%d) > %d\n", size, EVP_MAX_MD_SIZE); return UADK_P_FAIL; } ret = sm2_sig_compute_z_digest(psm2ctx); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to do sm2_sig_compute_z_digest\n"); + UADK_ERR("failed to do sm2_sig_compute_z_digest\n"); return ret; } ret = EVP_DigestFinal_ex(smctx->sm2_md->mdctx, digest, &dlen); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to do EVP_DigestFinal_ex, dlen = %u\n", dlen); + UADK_ERR("failed to do EVP_DigestFinal_ex, dlen = %u\n", dlen); return ret; } @@ -2035,25 +2035,25 @@ static SM2_PROV_CTX *sm2_copy_src_smctx(SM2_PROV_CTX *src_smctx) int ret; if (src_smctx == NULL || src_smctx->sm2_md == NULL || src_smctx->sm2_pd == NULL) { - fprintf(stderr, "invalid: src_smctx is NULL to dupctx\n"); + UADK_ERR("invalid: src_smctx is NULL to dupctx\n"); return NULL; } dst_smctx = OPENSSL_zalloc(sizeof(SM2_PROV_CTX)); if (dst_smctx == NULL) { - fprintf(stderr, "failed to alloc dst_smctx\n"); + UADK_ERR("failed to alloc dst_smctx\n"); return NULL; } dst_smctx->init_status = src_smctx->init_status; dst_smctx->sm2_md = OPENSSL_zalloc(sizeof(SM2_MD_DATA)); if (dst_smctx->sm2_md == NULL) { - fprintf(stderr, "failed to alloc dst_smctx->sm2_md\n"); + UADK_ERR("failed to alloc dst_smctx->sm2_md\n"); goto free_dst_smctx; } if (src_smctx->sm2_md->md != NULL && !EVP_MD_up_ref(src_smctx->sm2_md->md)) { - fprintf(stderr, "failed to check srcctx md reference\n"); + UADK_ERR("failed to check srcctx md reference\n"); goto free_sm2_md; } dst_smctx->sm2_md->md = src_smctx->sm2_md->md; @@ -2064,14 +2064,14 @@ static SM2_PROV_CTX *sm2_copy_src_smctx(SM2_PROV_CTX *src_smctx) dst_smctx->sm2_md->mdctx = EVP_MD_CTX_new(); if (dst_smctx->sm2_md->mdctx == NULL || EVP_MD_CTX_copy_ex(dst_smctx->sm2_md->mdctx, src_smctx->sm2_md->mdctx) == 0) { - fprintf(stderr, "failed to new dst mdctx or copy src mdctx\n"); + UADK_ERR("failed to new dst mdctx or copy src mdctx\n"); goto free_mdctx; } } dst_smctx->sm2_pd = OPENSSL_zalloc(sizeof(SM2_PKEY_DATA)); if (dst_smctx->sm2_pd == NULL) { - fprintf(stderr, "failed to alloc sm2_pd\n"); + UADK_ERR("failed to alloc sm2_pd\n"); goto free_mdctx; } @@ -2102,13 +2102,13 @@ static void *uadk_signature_sm2_dupctx(void *vpsm2ctx) PROV_SM2_SIGN_CTX *dstctx; if (srcctx == NULL) { - fprintf(stderr, "invalid: src ctx is NULL to dupctx!\n"); + UADK_ERR("invalid: src ctx is NULL to dupctx!\n"); return NULL; } dstctx = OPENSSL_zalloc(sizeof(PROV_SM2_SIGN_CTX)); if (dstctx == NULL) { - fprintf(stderr, "failed to alloc dst ctx\n"); + UADK_ERR("failed to alloc dst ctx\n"); return NULL; } *dstctx = *srcctx; @@ -2118,7 +2118,7 @@ static void *uadk_signature_sm2_dupctx(void *vpsm2ctx) dstctx->propq = NULL; if (srcctx->key != NULL && !EC_KEY_up_ref(srcctx->key)) { - fprintf(stderr, "failed to check srcctx key reference\n"); + UADK_ERR("failed to check srcctx key reference\n"); goto free_ctx; } dstctx->key = srcctx->key; @@ -2136,7 +2136,7 @@ static void *uadk_signature_sm2_dupctx(void *vpsm2ctx) if (srcctx->id != NULL) { dstctx->id = OPENSSL_malloc(srcctx->id_len); if (dstctx->id == NULL) { - fprintf(stderr, "failed to alloc id\n"); + UADK_ERR("failed to alloc id\n"); goto free_ctx; } memcpy(dstctx->id, srcctx->id, srcctx->id_len); @@ -2161,13 +2161,13 @@ static int uadk_prov_sm2_locate_id_digest(PROV_SM2_SIGN_CTX *psm2ctx, const OSS if (p) { /*If the 'z' digest has already been computed, the ID is set too late */ if (psm2ctx->flag_compute_z_digest == 0) { - fprintf(stderr, "invalid: should set ID param before z digest\n"); + UADK_ERR("invalid: should set ID param before z digest\n"); return UADK_P_FAIL; } if (p->data_size != 0 && !OSSL_PARAM_get_octet_string(p, &tmp_id, 0, &tmp_idlen)) { - fprintf(stderr, "failed to OSSL_PARAM_get_octet_string\n"); + UADK_ERR("failed to OSSL_PARAM_get_octet_string\n"); return UADK_P_FAIL; } if (psm2ctx->id != NULL) @@ -2185,20 +2185,20 @@ static int uadk_prov_sm2_locate_id_digest(PROV_SM2_SIGN_CTX *psm2ctx, const OSS p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE); if (p != NULL && (!OSSL_PARAM_get_size_t(p, &mdsize) || mdsize != psm2ctx->sm2_pctx->sm2_md->mdsize)) { - fprintf(stderr, "failed to locate digest size\n"); + UADK_ERR("failed to locate digest size\n"); return UADK_P_FAIL; } p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); if (p) { if (!OSSL_PARAM_get_utf8_string(p, &mdname, 0)) { - fprintf(stderr, "failed to OSSL_PARAM_get_utf8_string\n"); + UADK_ERR("failed to OSSL_PARAM_get_utf8_string\n"); return UADK_P_FAIL; } if (!uadk_prov_sm2_sig_set_mdname(psm2ctx, mdname)) { OPENSSL_free(mdname); - fprintf(stderr, "failed to OSSL_PARAM_get_utf8_string\n"); + UADK_ERR("failed to OSSL_PARAM_get_utf8_string\n"); return UADK_P_FAIL; } @@ -2219,7 +2219,7 @@ static int uadk_signature_sm2_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM pa * so check 'psm2ctx' again here. */ if (psm2ctx == NULL) { - fprintf(stderr, "invalid: sm2 ctx is NULL\n"); + UADK_ERR("invalid: sm2 ctx is NULL\n"); return UADK_P_FAIL; } @@ -2229,7 +2229,7 @@ static int uadk_signature_sm2_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM pa smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + UADK_ERR("invalid: smctx is NULL\n"); return UADK_P_FAIL; } @@ -2242,26 +2242,26 @@ static int uadk_signature_sm2_get_ctx_params(void *vpsm2ctx, OSSL_PARAM *params) OSSL_PARAM *p; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL\n"); + UADK_ERR("invalid: psm2ctx is NULL\n"); return UADK_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); if (p != NULL && !OSSL_PARAM_set_octet_string(p, psm2ctx->aid, psm2ctx->aid_len)) { - fprintf(stderr, "failed to locate algorithm id\n"); + UADK_ERR("failed to locate algorithm id\n"); return UADK_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE); if (p != NULL && !OSSL_PARAM_set_size_t(p, psm2ctx->sm2_pctx->sm2_md->mdsize)) { - fprintf(stderr, "failed to locate digest size\n"); + UADK_ERR("failed to locate digest size\n"); return UADK_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); if (p != NULL && !OSSL_PARAM_set_utf8_string(p, psm2ctx->sm2_pctx->sm2_md->md == NULL ? psm2ctx->mdname : EVP_MD_get0_name(psm2ctx->sm2_pctx->sm2_md->md))) { - fprintf(stderr, "failed to locate digest\n"); + UADK_ERR("failed to locate digest\n"); return UADK_P_FAIL; } @@ -2287,12 +2287,12 @@ static int uadk_signature_sm2_set_ctx_md_params(void *vpsm2ctx, const OSSL_PARAM smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + UADK_ERR("invalid: smctx is NULL\n"); return UADK_P_FAIL; } if (smctx->sm2_md->mdctx == NULL) { - fprintf(stderr, "invalid: mdctx is NULL\n"); + UADK_ERR("invalid: mdctx is NULL\n"); return UADK_P_FAIL; } @@ -2306,12 +2306,12 @@ static int uadk_signature_sm2_get_ctx_md_params(void *vpsm2ctx, OSSL_PARAM *para smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + UADK_ERR("invalid: smctx is NULL\n"); return UADK_P_FAIL; } if (smctx->sm2_md->mdctx == NULL) { - fprintf(stderr, "invalid: mdctx is NULL\n"); + UADK_ERR("invalid: mdctx is NULL\n"); return UADK_P_FAIL; } @@ -2325,12 +2325,12 @@ static const OSSL_PARAM *uadk_signature_sm2_settable_ctx_md_params(void *vpsm2ct smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + UADK_ERR("invalid: smctx is NULL\n"); return UADK_P_FAIL; } if (smctx->sm2_md->md == NULL) { - fprintf(stderr, "invalid: md is NULL\n"); + UADK_ERR("invalid: md is NULL\n"); return UADK_P_FAIL; } @@ -2344,12 +2344,12 @@ static const OSSL_PARAM *uadk_signature_sm2_gettable_ctx_md_params(void *vpsm2ct smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + UADK_ERR("invalid: smctx is NULL\n"); return UADK_P_FAIL; } if (smctx->sm2_md->md == NULL) { - fprintf(stderr, "invalid: md is NULL\n"); + UADK_ERR("invalid: md is NULL\n"); return UADK_P_FAIL; } @@ -2385,7 +2385,7 @@ static UADK_PKEY_ASYM_CIPHER get_default_sm2_asym_cipher(void) EVP_ASYM_CIPHER_free((EVP_ASYM_CIPHER *)asym_cipher); initilazed = 1; } else { - fprintf(stderr, "failed to EVP_ASYM_CIPHER_fetch default SM2 provider\n"); + UADK_ERR("failed to EVP_ASYM_CIPHER_fetch default SM2 provider\n"); } } pthread_mutex_unlock(&asym_mutex); @@ -2399,7 +2399,7 @@ static void *uadk_asym_cipher_sm2_newctx(void *provctx) SM2_PROV_CTX *smctx; if (psm2ctx == NULL) { - fprintf(stderr, "failed to alloc PROV_SM2_ASYM_CTX\n"); + UADK_ERR("failed to alloc PROV_SM2_ASYM_CTX\n"); return NULL; } @@ -2407,13 +2407,13 @@ static void *uadk_asym_cipher_sm2_newctx(void *provctx) smctx = OPENSSL_zalloc(sizeof(SM2_PROV_CTX)); if (smctx == NULL) { - fprintf(stderr, "failed to alloc sm2 prov ctx\n"); + UADK_ERR("failed to alloc sm2 prov ctx\n"); goto free_psm2ctx; } smctx->sm2_md = OPENSSL_zalloc(sizeof(SM2_MD_DATA)); if (smctx->sm2_md == NULL) { - fprintf(stderr, "failed to alloc sm2 md data\n"); + UADK_ERR("failed to alloc sm2 md data\n"); goto free_smctx; } /* Use SM3 in default, other digest can be set with set_ctx_params API. */ @@ -2421,7 +2421,7 @@ static void *uadk_asym_cipher_sm2_newctx(void *provctx) smctx->sm2_pd = OPENSSL_zalloc(sizeof(SM2_PKEY_DATA)); if (smctx->sm2_pd == NULL) { - fprintf(stderr, "failed to alloc sm2 pkey data\n"); + UADK_ERR("failed to alloc sm2 pkey data\n"); goto free_sm2_md; } @@ -2497,7 +2497,7 @@ static int uadk_asym_cipher_sm2_encrypt_init_sw(void *vpsm2ctx, void *vkey, const OSSL_PARAM params[]) { if (uadk_get_sw_offload_state() && get_default_sm2_asym_cipher().encrypt_init) { - fprintf(stderr, "switch to software sm2 encrypt init\n"); + UADK_INFO("switch to software sm2 encrypt init\n"); return get_default_sm2_asym_cipher().encrypt_init(vpsm2ctx, vkey, params); } @@ -2512,18 +2512,18 @@ static int uadk_asym_cipher_sm2_encrypt_init(void *vpsm2ctx, void *vkey, int ret; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL\n"); + UADK_ERR("invalid: psm2ctx is NULL\n"); return UADK_P_FAIL; } smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + UADK_ERR("invalid: smctx is NULL\n"); return UADK_P_FAIL; } if (vkey == NULL || !EC_KEY_up_ref(vkey)) { - fprintf(stderr, "invalid: vkey is NULL\n"); + UADK_ERR("invalid: vkey is NULL\n"); return UADK_P_FAIL; } EC_KEY_free(psm2ctx->key); @@ -2534,20 +2534,20 @@ static int uadk_asym_cipher_sm2_encrypt_init(void *vpsm2ctx, void *vkey, ret = uadk_asym_cipher_sm2_set_ctx_params(psm2ctx, params); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to set_ctx_params\n"); + UADK_ERR("failed to set_ctx_params\n"); goto do_soft; } ret = uadk_prov_asym_cipher_get_support_state(SIGNATURE_SM2); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to get hardware sm2 signature support\n"); + UADK_ERR("failed to get hardware sm2 signature support\n"); goto do_soft; } /* Init with UADK */ ret = uadk_prov_ecc_init("sm2"); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to init sm2\n"); + UADK_ERR("failed to init sm2\n"); goto do_soft; } @@ -2555,7 +2555,7 @@ static int uadk_asym_cipher_sm2_encrypt_init(void *vpsm2ctx, void *vkey, ret = uadk_prov_sm2_update_sess(smctx); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to update sess\n"); + UADK_ERR("failed to update sess\n"); goto do_soft; } @@ -2574,12 +2574,12 @@ static int uadk_prov_sm2_encrypt_check(PROV_SM2_ASYM_CTX *psm2ctx, int c3_size; if (smctx == NULL || smctx->sess == (handle_t)0) { - fprintf(stderr, "smctx or sess NULL\n"); + UADK_ERR("smctx or sess NULL\n"); return UADK_P_FAIL; } if (smctx->init_status != CTX_INIT_SUCC) { - fprintf(stderr, "sm2 ctx init failed\n"); + UADK_ERR("sm2 ctx init failed\n"); return UADK_P_FAIL; } @@ -2590,18 +2590,18 @@ static int uadk_prov_sm2_encrypt_check(PROV_SM2_ASYM_CTX *psm2ctx, */ md = smctx->sm2_md->md; if (md == NULL) { - fprintf(stderr, "failed to get md method\n"); + UADK_ERR("failed to get md method\n"); return UADK_P_FAIL; } c3_size = EVP_MD_size(md); if (c3_size <= 0) { - fprintf(stderr, "c3 size error\n"); + UADK_ERR("c3 size error\n"); return UADK_P_FAIL; } if (inlen > UINT_MAX) { - fprintf(stderr, "invalid: inlen is out of range\n"); + UADK_ERR("invalid: inlen is out of range\n"); return UADK_P_FAIL; } @@ -2617,7 +2617,7 @@ static int uadk_prov_sm2_encrypt_init_iot(handle_t sess, struct wd_ecc_req *req, ecc_out = wd_sm2_new_enc_out(sess, inlen); if (ecc_out == NULL) { - fprintf(stderr, "failed to new enc out\n"); + UADK_ERR("failed to new enc out\n"); return UADK_P_FAIL; } @@ -2625,7 +2625,7 @@ static int uadk_prov_sm2_encrypt_init_iot(handle_t sess, struct wd_ecc_req *req, e.dsize = inlen; ecc_in = wd_sm2_new_enc_in(sess, NULL, &e); if (ecc_in == NULL) { - fprintf(stderr, "failed to new enc in\n"); + UADK_ERR("failed to new enc in\n"); wd_ecc_del_out(sess, ecc_out); return UADK_P_FAIL; } @@ -2645,13 +2645,13 @@ static int uadk_prov_sm2_asym_bin_to_ber(struct wd_ecc_point *c1, x1 = BN_bin2bn((void *)c1->x.data, c1->x.dsize, NULL); if (x1 == NULL) { - fprintf(stderr, "failed to BN_bin2bn x1\n"); + UADK_ERR("failed to BN_bin2bn x1\n"); return UADK_P_FAIL; } y1 = BN_bin2bn((void *)c1->y.data, c1->y.dsize, NULL); if (y1 == NULL) { - fprintf(stderr, "failed to BN_bin2bn y1\n"); + UADK_ERR("failed to BN_bin2bn y1\n"); ret = UADK_P_FAIL; goto free_x1; } @@ -2704,7 +2704,7 @@ static int uadk_prov_sm2_encrypt_sw(PROV_SM2_ASYM_CTX *vpsm2ctx, const unsigned char *in, size_t inlen) { if (uadk_get_sw_offload_state() && get_default_sm2_asym_cipher().encrypt) { - fprintf(stderr, "switch to software sm2 encrypt\n"); + UADK_INFO("switch to software sm2 encrypt\n"); return get_default_sm2_asym_cipher().encrypt(vpsm2ctx, out, outlen, 0, in, inlen); } @@ -2733,7 +2733,7 @@ static int uadk_prov_sm2_encrypt(PROV_SM2_ASYM_CTX *vpsm2ctx, ret = uadk_prov_ecc_crypto(smctx->sess, &req, smctx); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret); + UADK_ERR("failed to uadk_ecc_crypto, ret = %d\n", ret); goto uninit_iot; } @@ -2750,7 +2750,7 @@ static int uadk_prov_sm2_encrypt(PROV_SM2_ASYM_CTX *vpsm2ctx, md = (smctx->sm2_md->md == NULL) ? EVP_sm3() : smctx->sm2_md->md; md_size = EVP_MD_size(md); if (c3->dsize != md_size) { - fprintf(stderr, "invalid: c3 dsize(%u) != hash_size(%d)\n", c3->dsize, md_size); + UADK_ERR("invalid: c3 dsize(%u) != hash_size(%d)\n", c3->dsize, md_size); ret = UADK_P_FAIL; goto uninit_iot; } @@ -2776,12 +2776,12 @@ static size_t uadk_prov_ec_field_size(const EC_GROUP *group) size_t p_bits; if (p == NULL || a == NULL || b == NULL) { - fprintf(stderr, "failed to new bignumber\n"); + UADK_ERR("failed to new bignumber\n"); goto done; } if (!EC_GROUP_get_curve(group, p, a, b, NULL)) { - fprintf(stderr, "failed to get curve from group\n"); + UADK_ERR("failed to get curve from group\n"); goto done; } @@ -2808,7 +2808,7 @@ static int uadk_prov_sm2_ciphertext_size(const EC_KEY *key, return UADK_P_FAIL; if (md_size < 0) { - fprintf(stderr, "invalid md_size: %d\n", md_size); + UADK_ERR("invalid md_size: %d\n", md_size); return UADK_P_FAIL; } @@ -2835,7 +2835,7 @@ static int uadk_asym_cipher_sm2_encrypt(void *vpsm2ctx, unsigned char *out, size int ret; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL\n"); + UADK_ERR("invalid: psm2ctx is NULL\n"); return UADK_P_FAIL; } @@ -2871,12 +2871,12 @@ static int uadk_prov_sm2_decrypt_check(SM2_PROV_CTX *smctx, int hash_size; if (smctx == NULL || smctx->sess == (handle_t)0) { - fprintf(stderr, "smctx or sess NULL\n"); + UADK_ERR("smctx or sess NULL\n"); return UADK_P_FAIL; } if (smctx->init_status != CTX_INIT_SUCC) { - fprintf(stderr, "sm2 ctx init failed\n"); + UADK_ERR("sm2 ctx init failed\n"); return UADK_P_FAIL; } @@ -2887,13 +2887,13 @@ static int uadk_prov_sm2_decrypt_check(SM2_PROV_CTX *smctx, */ md = smctx->sm2_md->md; if (md == NULL) { - fprintf(stderr, "failed to get md method\n"); + UADK_ERR("failed to get md method\n"); return UADK_P_FAIL; } hash_size = EVP_MD_size(md); if (hash_size <= 0) { - fprintf(stderr, "hash size = %d error\n", hash_size); + UADK_ERR("hash size = %d error\n", hash_size); return UADK_P_FAIL; } @@ -2907,7 +2907,7 @@ static int uadk_prov_sm2_asym_ber_to_bin(const EVP_MD *md, struct sm2_ciphertext int c1x_len, c1y_len, md_size; if (md == NULL) { - fprintf(stderr, "invalid: md is NULL\n"); + UADK_ERR("invalid: md is NULL\n"); return UADK_P_FAIL; } @@ -2926,7 +2926,7 @@ static int uadk_prov_sm2_asym_ber_to_bin(const EVP_MD *md, struct sm2_ciphertext c3->dsize = ctext->C3->length; md_size = EVP_MD_size(md); if (c3->dsize != md_size) { - fprintf(stderr, "invalid: c3 dsize(%u) != hash_size(%d)\n", c3->dsize, md_size); + UADK_ERR("invalid: c3 dsize(%u) != hash_size(%d)\n", c3->dsize, md_size); free(c1->x.data); return UADK_P_FAIL; } @@ -2946,13 +2946,13 @@ static int uadk_prov_sm2_decrypt_init_iot(handle_t sess, struct wd_ecc_req *req, ecc_out = wd_sm2_new_dec_out(sess, c2->dsize); if (ecc_out == NULL) { - fprintf(stderr, "failed to new dec out\n"); + UADK_ERR("failed to new dec out\n"); return UADK_P_FAIL; } ecc_in = wd_sm2_new_dec_in(sess, c1, c2, c3); if (ecc_in == NULL) { - fprintf(stderr, "failed to new dec in\n"); + UADK_ERR("failed to new dec in\n"); wd_ecc_del_out(sess, ecc_out); return UADK_P_FAIL; } @@ -2969,12 +2969,12 @@ static int uadk_prov_sm2_get_plaintext(struct wd_ecc_req *req, wd_sm2_get_dec_out_params(req->dst, &ptext); if (ptext == NULL) { - fprintf(stderr, "failed to get ptext\n"); + UADK_ERR("failed to get ptext\n"); return UADK_P_FAIL; } if (*outlen < ptext->dsize) { - fprintf(stderr, "outlen(%zu) < (%u)\n", *outlen, ptext->dsize); + UADK_ERR("outlen(%zu) < (%u)\n", *outlen, ptext->dsize); return UADK_P_FAIL; } @@ -2989,7 +2989,7 @@ static int uadk_prov_sm2_decrypt_sw(PROV_SM2_ASYM_CTX *ctx, const unsigned char *in, size_t inlen) { if (uadk_get_sw_offload_state() && get_default_sm2_asym_cipher().decrypt) { - fprintf(stderr, "switch to software sm2 decrypt\n"); + UADK_INFO("switch to software sm2 decrypt\n"); return get_default_sm2_asym_cipher().decrypt(ctx, out, outlen, 0, in, inlen); } @@ -3032,7 +3032,7 @@ static int uadk_prov_sm2_decrypt(PROV_SM2_ASYM_CTX *ctx, ret = uadk_prov_ecc_crypto(smctx->sess, &req, smctx); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret); + UADK_ERR("failed to uadk_ecc_crypto, ret = %d\n", ret); goto uninit_iot; } @@ -3064,7 +3064,7 @@ static int uadk_prov_sm2_plaintext_size(const unsigned char *ct, size_t ct_size, sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size); if (sm2_ctext == NULL) { - fprintf(stderr, "invalid sm2 encoding\n"); + UADK_ERR("invalid sm2 encoding\n"); return UADK_P_FAIL; } @@ -3083,7 +3083,7 @@ static int uadk_asym_cipher_sm2_decrypt(void *vpsm2ctx, unsigned char *out, size int ret; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL\n"); + UADK_ERR("invalid: psm2ctx is NULL\n"); return UADK_P_FAIL; } @@ -3127,13 +3127,13 @@ static void *uadk_asym_cipher_sm2_dupctx(void *vpsm2ctx) int ret; if (srcctx == NULL) { - fprintf(stderr, "src ctx is NULL\n"); + UADK_ERR("src ctx is NULL\n"); return NULL; } dstctx = OPENSSL_zalloc(sizeof(PROV_SM2_ASYM_CTX)); if (dstctx == NULL) { - fprintf(stderr, "failed to alloc dst ctx\n"); + UADK_ERR("failed to alloc dst ctx\n"); return NULL; } *dstctx = *srcctx; @@ -3146,7 +3146,7 @@ static void *uadk_asym_cipher_sm2_dupctx(void *vpsm2ctx) goto free_ctx; if (srcctx->key != NULL && !EC_KEY_up_ref(srcctx->key)) { - fprintf(stderr, "failed to check dstctx key reference\n"); + UADK_ERR("failed to check dstctx key reference\n"); goto free_ctx; } dstctx->key = srcctx->key; @@ -3171,24 +3171,24 @@ static int uadk_asym_cipher_sm2_get_ctx_params(void *vpsm2ctx, OSSL_PARAM *param EVP_MD *md; if (psm2ctx == NULL) { - fprintf(stderr, "failed to get psm2ctx\n"); + UADK_ERR("failed to get psm2ctx\n"); return UADK_P_FAIL; } smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "failed to get smctx\n"); + UADK_ERR("failed to get smctx\n"); return UADK_P_FAIL; } smd = smctx->sm2_md; if (smd == NULL) { - fprintf(stderr, "failed to get sm2 md\n"); + UADK_ERR("failed to get sm2 md\n"); return UADK_P_FAIL; } if (params == NULL) { - fprintf(stderr, "params is NULL\n"); + UADK_ERR("params is NULL\n"); return UADK_P_FAIL; } @@ -3196,7 +3196,7 @@ static int uadk_asym_cipher_sm2_get_ctx_params(void *vpsm2ctx, OSSL_PARAM *param if (p != NULL) { md = smd->md; if (!OSSL_PARAM_set_utf8_string(p, md == NULL ? "" : EVP_MD_get0_name(md))) { - fprintf(stderr, "failed to set utf8 string\n"); + UADK_ERR("failed to set utf8 string\n"); return UADK_P_FAIL; } smd->md_nid = EVP_MD_type(md); @@ -3217,7 +3217,7 @@ static EVP_MD *uadk_prov_load_digest_from_params(SM2_MD_DATA *smd, const OSSL_PA p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_PROPERTIES); if (p) { if (p->data_type != OSSL_PARAM_UTF8_STRING) { - fprintf(stderr, "data_type != OSSL_PARAM_UTF8_STRING\n"); + UADK_ERR("data_type != OSSL_PARAM_UTF8_STRING\n"); return NULL; } propquery = p->data; @@ -3227,7 +3227,7 @@ static EVP_MD *uadk_prov_load_digest_from_params(SM2_MD_DATA *smd, const OSSL_PA p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_DIGEST); if (p) { if (p->data_type != OSSL_PARAM_UTF8_STRING) { - fprintf(stderr, "data_type != OSSL_PARAM_UTF8_STRING\n"); + UADK_ERR("data_type != OSSL_PARAM_UTF8_STRING\n"); return NULL; } } else { @@ -3239,7 +3239,7 @@ static EVP_MD *uadk_prov_load_digest_from_params(SM2_MD_DATA *smd, const OSSL_PA EVP_MD_free(smd->alloc_md); smd->md = smd->alloc_md = EVP_MD_fetch(ctx, p->data, propquery); if (smd->md == NULL) { - fprintf(stderr, "failed to fetch MD method\n"); + UADK_ERR("failed to fetch MD method\n"); return NULL; } @@ -3249,7 +3249,7 @@ static EVP_MD *uadk_prov_load_digest_from_params(SM2_MD_DATA *smd, const OSSL_PA static int uadk_asym_cipher_sm2_set_ctx_params_sw(void *vpsm2ctx, const OSSL_PARAM params[]) { if (uadk_get_sw_offload_state() && get_default_sm2_asym_cipher().set_ctx_params) { - fprintf(stderr, "switch to software sm2 set ctx params\n"); + UADK_INFO("switch to software sm2 set ctx params\n"); return get_default_sm2_asym_cipher().set_ctx_params(vpsm2ctx, params); } @@ -3264,7 +3264,7 @@ static int uadk_asym_cipher_sm2_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM int ret; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: sm2 ctx is NULL\n"); + UADK_ERR("invalid: sm2 ctx is NULL\n"); return UADK_P_FAIL; } @@ -3274,20 +3274,20 @@ static int uadk_asym_cipher_sm2_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + UADK_ERR("invalid: smctx is NULL\n"); return UADK_P_FAIL; } /* Set digest method */ smd = smctx->sm2_md; if (smd == NULL) { - fprintf(stderr, "invalid: sm2 md is NULL\n"); + UADK_ERR("invalid: sm2 md is NULL\n"); return UADK_P_FAIL; } smd->md = uadk_prov_load_digest_from_params(smctx->sm2_md, params, psm2ctx->libctx); if (smd->md == NULL) { - fprintf(stderr, "failed to set digest with set_ctx_params\n"); + UADK_ERR("failed to set digest with set_ctx_params\n"); return UADK_P_FAIL; } smd->md_nid = EVP_MD_type(smd->md); @@ -3296,7 +3296,7 @@ static int uadk_asym_cipher_sm2_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM if (smctx->init_status == CTX_INIT_SUCC) { ret = uadk_prov_sm2_update_sess(smctx); if (ret == UADK_P_FAIL) { - fprintf(stderr, "failed to update sess\n"); + UADK_ERR("failed to update sess\n"); goto do_soft; } } diff --git a/src/uadk_utils.h b/src/uadk_utils.h index 028eb15..b2593e9 100644 --- a/src/uadk_utils.h +++ b/src/uadk_utils.h @@ -18,6 +18,32 @@ #define UADK_UTILS #include <stdio.h> #include <string.h> +#include <syslog.h> +#include <openssl/opensslv.h> + +#if OPENSSL_VERSION_NUMBER >= 0x30000000 +#define UADK_DEBUG(fmt, args...) \ + do {\ + openlog("uadk-prov-debug", LOG_CONS | LOG_PID, LOG_LOCAL6);\ + syslog(LOG_DEBUG, fmt, ##args);\ + } while (0) + +#define UADK_INFO(fmt, args...) \ + do {\ + openlog("uadk-prov-info", LOG_CONS | LOG_PID, LOG_LOCAL6);\ + syslog(LOG_INFO, fmt, ##args);\ + } while (0) + +#define UADK_ERR(fmt, args...) \ + do {\ + openlog("uadk-prov-err", LOG_CONS | LOG_PID, LOG_LOCAL6);\ + syslog(LOG_ERR, fmt, ##args);\ + } while (0) +#else +#define UADK_DEBUG(fmt, args...) fprintf(stderr, fmt, ##args) +#define UADK_INFO(fmt, args...) fprintf(stderr, fmt, ##args) +#define UADK_ERR(fmt, args...) fprintf(stderr, fmt, ##args) +#endif void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len); #endif -- 2.43.0
From: Zhushuai Yin <yinzhushuai@huawei.com> When determining whether algorithms such as DH/X448 are prohibited, the incorrect use of the strcmp return value led to a failure in prohibition, which needs to be fixed. Additionally, the AES CBC algorithm check is missing AES, and a judgment needs to be added. Signed-off-by: Zhushuai Yin <yinzhushuai@huawei.com> --- src/uadk_prov_init.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c index dcd042f..c057be2 100644 --- a/src/uadk_prov_init.c +++ b/src/uadk_prov_init.c @@ -449,8 +449,10 @@ static OSSL_ALGORITHM *uadk_generate_cipher_array_v3(void) (uadk_prov_alg_en.aes_ctr_en && strstr(name, "AES") && strstr(name, "CTR")) || (uadk_prov_alg_en.aes_xts_en && strstr(name, "XTS")) || - (uadk_prov_alg_en.aes_ofb128_en && strstr(name, "OFB")) || - (uadk_prov_alg_en.aes_cfb128_en && strstr(name, "CFB")) || + (uadk_prov_alg_en.aes_ofb128_en && + strstr(name, "AES") && strstr(name, "OFB")) || + (uadk_prov_alg_en.aes_cfb128_en && + strstr(name, "AES") && strstr(name, "CFB")) || (uadk_prov_alg_en.aes_gcm_en && strstr(name, "GCM")) || (uadk_prov_alg_en.sm4_cbc_en && strstr(name, "SM4-CBC")) || (uadk_prov_alg_en.sm4_ecb_en && strstr(name, "SM4-ECB")) || @@ -629,7 +631,7 @@ static OSSL_ALGORITHM *uadk_generate_keyexch_array_v2(void) for (i = 0; i < size; i++) { name = uadk_prov_keyexch_v2[i].algorithm_names; - if (name == NULL || (uadk_prov_alg_en.dh_en && strcmp(name, "DH"))) + if (name == NULL || (uadk_prov_alg_en.dh_en && !strcmp(name, "DH"))) memcpy(&keyexch_array_v2[index++], &uadk_prov_keyexch_v2[i], sizeof(OSSL_ALGORITHM)); } @@ -653,10 +655,10 @@ static OSSL_ALGORITHM *uadk_generate_keyexch_array_v3(void) for (i = 0; i < size; i++) { name = uadk_prov_keyexch_v3[i].algorithm_names; if (name == NULL || - (uadk_prov_alg_en.dh_en && strcmp(name, "DH")) || - (uadk_prov_alg_en.x448_en && strcmp(name, "X448")) || - (uadk_prov_alg_en.x25519_en && strcmp(name, "X25519")) || - (uadk_prov_alg_en.ecdh_en && strcmp(name, "ECDH"))) + (uadk_prov_alg_en.dh_en && !strcmp(name, "DH")) || + (uadk_prov_alg_en.x448_en && !strcmp(name, "X448")) || + (uadk_prov_alg_en.x25519_en && !strcmp(name, "X25519")) || + (uadk_prov_alg_en.ecdh_en && !strcmp(name, "ECDH"))) memcpy(&keyexch_array_v3[index++], &uadk_prov_keyexch_v3[i], sizeof(OSSL_ALGORITHM)); } -- 2.43.0
From: Zhushuai Yin <yinzhushuai@huawei.com> In the prov scenario, when the cipher soft computing enable switch is disabled, there is a probabilistic segmentation fault because the ctx is not checked for null during padding. Signed-off-by: Zhushuai Yin <yinzhushuai@huawei.com> --- src/uadk_prov_cipher.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c index ad617a1..198e0ac 100644 --- a/src/uadk_prov_cipher.c +++ b/src/uadk_prov_cipher.c @@ -1149,7 +1149,8 @@ static int uadk_prov_cipher_set_ctx_params(void *vctx, const OSSL_PARAM params[] return UADK_P_FAIL; } priv->pad = pad ? 1 : 0; - EVP_CIPHER_CTX_set_padding(priv->sw_ctx, pad); + if (priv->sw_ctx) + EVP_CIPHER_CTX_set_padding(priv->sw_ctx, pad); } p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); -- 2.43.0
From: Zhushuai Yin <yinzhushuai@huawei.com> In the normal no-sva mode of uadk_engine, the V1 interface should be used. However, during the dev judgment, the no-sva scenario is not empty, leading to the invocation of the V2 interface, which results in functional failure. Adding a judgment for the sva scenario can resolve this issue. Signed-off-by: Zhushuai Yin <yinzhushuai@huawei.com> --- src/uadk_aead.c | 2 +- src/uadk_cipher.c | 3 ++- src/uadk_cipher_adapter.c | 3 ++- src/uadk_dh.c | 3 ++- src/uadk_digest.c | 2 +- src/uadk_engine_init.c | 11 ++++++----- src/uadk_pkey.c | 3 ++- src/uadk_prov_cipher.c | 2 +- src/uadk_prov_digest.c | 2 +- src/uadk_prov_pkey.c | 4 ++-- src/uadk_rsa.c | 3 ++- src/uadk_utils.c | 14 ++++++++++++++ src/uadk_utils.h | 1 + 13 files changed, 37 insertions(+), 16 deletions(-) diff --git a/src/uadk_aead.c b/src/uadk_aead.c index 2d99dc3..6920c04 100644 --- a/src/uadk_aead.c +++ b/src/uadk_aead.c @@ -248,7 +248,7 @@ static int uadk_e_init_aead_cipher(void) return UADK_E_SUCCESS; } - dev = wd_get_accel_dev("aead"); + dev = uadk_get_accel_dev("aead"); if (!dev) { pthread_spin_unlock(&g_aead_engine.lock); fprintf(stderr, "failed to get device for aead.\n"); diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c index f7facc9..9029ece 100644 --- a/src/uadk_cipher.c +++ b/src/uadk_cipher.c @@ -26,6 +26,7 @@ #include "uadk.h" #include "uadk_async.h" #include "uadk_cipher_adapter.h" +#include "uadk_utils.h" #define UADK_DO_SOFT (-0xE0) #define CTX_SYNC_ENC 0 @@ -436,7 +437,7 @@ static int uadk_e_init_cipher(void) return 1; } - dev = wd_get_accel_dev("cipher"); + dev = uadk_get_accel_dev("cipher"); if (!dev) { pthread_spin_unlock(&g_cipher_engine.lock); fprintf(stderr, "failed to get device for cipher.\n"); diff --git a/src/uadk_cipher_adapter.c b/src/uadk_cipher_adapter.c index 3146968..f2559ab 100644 --- a/src/uadk_cipher_adapter.c +++ b/src/uadk_cipher_adapter.c @@ -15,6 +15,7 @@ * */ #include "uadk_cipher_adapter.h" +#include "uadk_utils.h" #define HW_SEC_V2 2 #define HW_SEC_V3 3 @@ -182,7 +183,7 @@ int uadk_e_bind_ciphers(ENGINE *e) { struct uacce_dev *dev; - dev = wd_get_accel_dev("cipher"); + dev = uadk_get_accel_dev("cipher"); if (!dev) { fprintf(stderr, "no device available, switch to software!\n"); return 0; diff --git a/src/uadk_dh.c b/src/uadk_dh.c index fcdc5cd..cae7d0a 100644 --- a/src/uadk_dh.c +++ b/src/uadk_dh.c @@ -26,6 +26,7 @@ #include <uadk/wd_sched.h> #include "uadk.h" #include "uadk_async.h" +#include "uadk_utils.h" #define DH768BITS 768 #define DH1024BITS 1024 @@ -386,7 +387,7 @@ static int uadk_e_dh_init(void) if (g_dh_res.status != UADK_UNINIT) goto unlock; - dev = wd_get_accel_dev("dh"); + dev = uadk_get_accel_dev("dh"); if (!dev) { fprintf(stderr, "no device available, switch to software!\n"); goto err_init; diff --git a/src/uadk_digest.c b/src/uadk_digest.c index 2d26268..88e7fc8 100644 --- a/src/uadk_digest.c +++ b/src/uadk_digest.c @@ -512,7 +512,7 @@ static int uadk_e_init_digest(void) return 1; } - dev = wd_get_accel_dev("digest"); + dev = uadk_get_accel_dev("digest"); if (!dev) { pthread_spin_unlock(&g_digest_engine.lock); fprintf(stderr, "failed to get device for digest.\n"); diff --git a/src/uadk_engine_init.c b/src/uadk_engine_init.c index 6fad2d9..48498c3 100644 --- a/src/uadk_engine_init.c +++ b/src/uadk_engine_init.c @@ -28,6 +28,7 @@ #ifdef KAE #include "v1/uadk_v1.h" #endif +#include "uadk_utils.h" #define UADK_CMD_ENABLE_CIPHER_ENV ENGINE_CMD_BASE #define UADK_CMD_ENABLE_AEAD_ENV (ENGINE_CMD_BASE + 1) @@ -342,7 +343,7 @@ static void bind_fn_uadk_alg(ENGINE *e) { struct uacce_dev *dev; - dev = wd_get_accel_dev("cipher"); + dev = uadk_get_accel_dev("cipher"); if (dev) { if (!uadk_e_bind_ciphers(e)) fprintf(stderr, "uadk bind cipher failed\n"); @@ -351,7 +352,7 @@ static void bind_fn_uadk_alg(ENGINE *e) free(dev); } - dev = wd_get_accel_dev("digest"); + dev = uadk_get_accel_dev("digest"); if (dev) { if (!uadk_e_bind_digest(e)) fprintf(stderr, "uadk bind digest failed\n"); @@ -360,7 +361,7 @@ static void bind_fn_uadk_alg(ENGINE *e) free(dev); } - dev = wd_get_accel_dev("rsa"); + dev = uadk_get_accel_dev("rsa"); if (dev) { if (!uadk_e_bind_rsa(e)) fprintf(stderr, "uadk bind rsa failed\n"); @@ -369,7 +370,7 @@ static void bind_fn_uadk_alg(ENGINE *e) free(dev); } - dev = wd_get_accel_dev("dh"); + dev = uadk_get_accel_dev("dh"); if (dev) { if (!uadk_e_bind_dh(e)) fprintf(stderr, "uadk bind dh failed\n"); @@ -379,7 +380,7 @@ static void bind_fn_uadk_alg(ENGINE *e) } /* find an ecc device, no difference for sm2/ecdsa/ecdh/x25519/x448 */ - dev = wd_get_accel_dev("ecdsa"); + dev = uadk_get_accel_dev("ecdsa"); if (dev) { if (!uadk_e_bind_ecc(e)) fprintf(stderr, "uadk bind ecc failed\n"); diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c index b32b658..94a74d9 100644 --- a/src/uadk_pkey.c +++ b/src/uadk_pkey.c @@ -21,6 +21,7 @@ #include "uadk_async.h" #include "uadk.h" #include "uadk_pkey.h" +#include "uadk_utils.h" #define ECC_MAX_DEV_NUM 16 #define CTX_ASYNC 1 @@ -583,7 +584,7 @@ int uadk_init_ecc(void) goto unlock; /* Find an ecc device, no difference for sm2/ecdsa/ecdh/x25519/x448 */ - dev = wd_get_accel_dev("ecdsa"); + dev = uadk_get_accel_dev("ecdsa"); if (!dev) { fprintf(stderr, "no device available, switch to software!\n"); goto err_init; diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c index 198e0ac..e5f1acf 100644 --- a/src/uadk_prov_cipher.c +++ b/src/uadk_prov_cipher.c @@ -1344,7 +1344,7 @@ int uadk_prov_cipher_version(void) struct uacce_dev *dev; int ver; - dev = wd_get_accel_dev("cipher"); + dev = uadk_get_accel_dev("cipher"); if (!dev) { UADK_ERR("no cipher device available!\n"); return 0; diff --git a/src/uadk_prov_digest.c b/src/uadk_prov_digest.c index 6babd4b..001c389 100644 --- a/src/uadk_prov_digest.c +++ b/src/uadk_prov_digest.c @@ -1043,7 +1043,7 @@ int uadk_prov_digest_version(void) { struct uacce_dev *dev; - dev = wd_get_accel_dev("digest"); + dev = uadk_get_accel_dev("digest"); if (!dev) { UADK_ERR("no digest device available!\n"); return UADK_DIGEST_FAIL; diff --git a/src/uadk_prov_pkey.c b/src/uadk_prov_pkey.c index ccfc0e7..57ae3a4 100644 --- a/src/uadk_prov_pkey.c +++ b/src/uadk_prov_pkey.c @@ -947,13 +947,13 @@ int uadk_prov_pkey_version(void) { struct uacce_dev *dev1, *dev2; - dev1 = wd_get_accel_dev("rsa"); + dev1 = uadk_get_accel_dev("rsa"); if (!dev1) { UADK_ERR("no pkey device available!\n"); return HW_PKEY_INVALID; } - dev2 = wd_get_accel_dev("sm2"); + dev2 = uadk_get_accel_dev("sm2"); if (!dev2) { free(dev1); return HW_PKEY_V2; diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index 62118e6..f99b43b 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -23,6 +23,7 @@ #include <uadk/wd_sched.h> #include "uadk_async.h" #include "uadk.h" +#include "uadk_utils.h" #define UN_SET 0 #define IS_SET 1 @@ -837,7 +838,7 @@ static int uadk_e_rsa_init(void) if (g_rsa_res.status != UADK_UNINIT) goto unlock; - dev = wd_get_accel_dev("rsa"); + dev = uadk_get_accel_dev("rsa"); if (!dev) { fprintf(stderr, "no device available, switch to software!\n"); goto err_init; diff --git a/src/uadk_utils.c b/src/uadk_utils.c index 4a50bc4..897b119 100644 --- a/src/uadk_utils.c +++ b/src/uadk_utils.c @@ -15,6 +15,7 @@ * */ #include "uadk_utils.h" +#include <uadk/wd.h> #if defined(__AARCH64_CMODEL_SMALL__) && __AARCH64_CMODEL_SMALL__ @@ -72,3 +73,16 @@ void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len) } #endif + +struct uacce_dev *uadk_get_accel_dev(const char *alg_name) +{ + struct uacce_dev *dev; + + dev = wd_get_accel_dev(alg_name); + if (dev && !(dev->flags & UACCE_DEV_SVA)) { + free(dev); + dev = NULL; + } + + return dev; +} diff --git a/src/uadk_utils.h b/src/uadk_utils.h index b2593e9..337cb29 100644 --- a/src/uadk_utils.h +++ b/src/uadk_utils.h @@ -46,4 +46,5 @@ #endif void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len); +struct uacce_dev *uadk_get_accel_dev(const char *alg_name); #endif -- 2.43.0
participants (1)
-
ZongYu Wu