From: Chenghai Huang huangchenghai2@huawei.com
The OpenSSL enc tool call EVP_CipherInit_ex() twice. The first time is to initialize the encryption/decryption algorithm, and the second time is to input the key and IV parameters. Therefore, an empty key and iv will be passed in the first call.
A flag bit needs to be added to indicate whether the key and IV have been set. Otherwise, the key and IV that are not set will cause a cipher error.
Signed-off-by: Chenghai Huang huangchenghai2@huawei.com --- src/uadk_prov_cipher.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c index 8c17d98..68926bc 100644 --- a/src/uadk_prov_cipher.c +++ b/src/uadk_prov_cipher.c @@ -83,6 +83,8 @@ struct cipher_priv_ctx { size_t switch_threshold; unsigned int enc : 1; unsigned int pad : 1; /* Whether padding should be used or not */ + unsigned int key_set : 1; /* Whether key is copied to priv key buffers */ + unsigned int iv_set : 1; /* Whether key is copied to priv iv buffers */ size_t blksize; size_t keylen; size_t ivlen; @@ -272,8 +274,10 @@ static int uadk_prov_cipher_init(struct cipher_priv_ctx *priv, return UADK_E_FAIL; }
- if (iv) + if (iv) { memcpy(priv->iv, iv, ivlen); + priv->iv_set = 1; + }
for (i = 0; i < cipher_counts; i++) { if (priv->nid == cipher_info_table[i].nid) { @@ -289,8 +293,10 @@ static int uadk_prov_cipher_init(struct cipher_priv_ctx *priv, return UADK_E_FAIL; }
- if (key) + if (key) { memcpy(priv->key, key, keylen); + priv->key_set = 1; + }
if (enable_sw_offload) uadk_prov_cipher_sw_init(priv, key, iv); @@ -420,6 +426,11 @@ static int uadk_prov_cipher_ctx_init(struct cipher_priv_ctx *priv) struct sched_params params = {0}; int ret;
+ if (!priv->key_set || (!priv->iv_set && priv->ivlen)) { + fprintf(stderr, "key or iv is not set yet!\n"); + return UADK_E_FAIL; + } + priv->req.iv_bytes = priv->ivlen; priv->req.iv = priv->iv;