Fixed offload issue for qat hw aes-ccm and sm3 when modules removed

Signed-off-by: Tirupatigopi Ravulapalli <[email protected]>

e_qat.c

@@ -182,9 +182,9 @@ int fallback_to_openssl = 0;
 int qat_openssl3_prf_fallback = 0;
 int qat_openssl3_hkdf_fallback = 0;
 int qat_openssl3_sm2_fallback = 0;
-int qat_openssl3_sm3_fallback = 0;
 int qat_openssl3_sha_fallback = 0;
 #endif
+int qat_openssl3_sm3_fallback = 0;
 int fallback_to_qat_sw = 0; /* QAT HW initialize fail, offload to QAT SW. */
 int qat_hw_offload = 0;
 int qat_sw_offload = 0;
@@ -1379,7 +1379,7 @@ int bind_qat(ENGINE *e, const char *id)
         INFO("QAT_SW SM3 for Provider Enabled\n");
 # endif
 # ifdef ENABLE_QAT_HW_CCM
-        qat_hw_aes_ccm_offload = 1;
+    if (qat_hw_aes_ccm_offload)
         INFO("QAT_HW AES-CCM for Provider Enabled\n");
 # endif
 #endif

e_qat.h

@@ -405,9 +405,9 @@ extern int fallback_to_openssl;
 extern int qat_openssl3_prf_fallback;
 extern int qat_openssl3_hkdf_fallback;
 extern int qat_openssl3_sm2_fallback;
-extern int qat_openssl3_sm3_fallback;
 extern int qat_openssl3_sha_fallback;
 #endif
+extern int qat_openssl3_sm3_fallback;
 extern int fallback_to_qat_sw; /* QAT HW initialization fail, offload to QAT SW. */
 extern int qat_hw_offload;
 extern int qat_sw_offload;

qat_hw_ccm.c

@@ -1599,6 +1599,12 @@ int qat_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         return RET_FAIL;
     }
 
+    if (qat_get_qat_offload_disabled()) {
+	DEBUG("- Switched to software mode\n");
+        fallback = 1;
+	goto end;
+    }
+
     DEBUG("enc = %d - ctx = %p, out = %p, in = %p, len = %zu\n",
           enc, (void *)ctx, (void *)out, (void *)in, len);
 

qat_hw_sm3.c

@@ -468,6 +468,25 @@ int qat_hw_sm3_init(EVP_MD_CTX *ctx)
         return sts;
     }
 # endif
+#else
+    if ((!qat_hw_sm3_offload) || (qat_get_qat_offload_disabled())) {
+        QAT_SM3_CTX *qat_sm3_ctx = (QAT_SM3_CTX *) ctx;
+        qat_sm3_ctx->sw_md_ctx = EVP_MD_CTX_new();
+        if (qat_sm3_ctx->sw_md_ctx == NULL) {
+            WARN("EVP_MD_CTX_new failed.\n");
+        }
+        qat_sm3_ctx->sw_md = EVP_MD_fetch(NULL, "sm3", "provider=default");
+        if (qat_sm3_ctx->sw_md == NULL) {
+            WARN("EVP_MD_fetch failed.\n");
+        }
+        if (!EVP_DigestInit_ex(qat_sm3_ctx->sw_md_ctx,
+                                qat_sm3_ctx->sw_md, NULL)) {
+            WARN("Software calculate failed \n");
+            return 0;
+        }
+        DEBUG("SW Init Finished %p\n", qat_sm3_ctx);
+        return 1;
+    }
 #endif
     return 1;
 }
@@ -514,13 +533,6 @@ int qat_hw_sm3_update(EVP_MD_CTX *ctx, const void *in, size_t len)
         QATerr(QAT_F_QAT_HW_SM3_UPDATE, QAT_R_INVALID_INPUT);
         return 0;
     }
-
-# if defined(QAT_OPENSSL_3) && !defined(QAT_OPENSSL_PROVIDER)
-    if (qat_openssl3_sm3_fallback == 1) {
-        DEBUG("- Switched to software mode\n");
-        goto fallback;
-    }
-# endif
 #ifdef QAT_OPENSSL_PROVIDER
     qat_sm3_ctx = (QAT_SM3_CTX *)ctx;
 #else
@@ -532,6 +544,10 @@ int qat_hw_sm3_update(EVP_MD_CTX *ctx, const void *in, size_t len)
         return 0;
     }
 
+    if ((qat_openssl3_sm3_fallback == 1) || (!qat_hw_sm3_offload) || (qat_get_qat_offload_disabled())) {
+        DEBUG("- Switched to software mode\n");
+        goto fallback;
+    }
     qat_sm3_ctx->rcv_count += len;
     DUMPL("sm3 hw update receive", in, len);
 
@@ -599,12 +615,19 @@ int qat_hw_sm3_update(EVP_MD_CTX *ctx, const void *in, size_t len)
 #endif
     return 1;
 
-# if defined(QAT_OPENSSL_3) && !defined(QAT_OPENSSL_PROVIDER)
 fallback:
+# if defined(QAT_OPENSSL_3) && !defined(QAT_OPENSSL_PROVIDER)
     sw_fn_ptr = EVP_MD_meth_get_update((EVP_MD *)EVP_sm3());
     sts = (*sw_fn_ptr)(ctx, in, len);
     DEBUG("SW Finished %p\n", ctx);
     return sts;
+# else
+    if (!EVP_DigestUpdate(qat_sm3_ctx->sw_md_ctx, in, len)) {
+        WARN("Software calculate failed \n");
+        return 0;
+    }
+    DEBUG("SW Update Finished %p\n", qat_sm3_ctx);
+    return 1;
 # endif
 }
 
@@ -676,14 +699,6 @@ int qat_hw_sm3_final(EVP_MD_CTX *ctx, unsigned char *md)
         QATerr(QAT_F_QAT_HW_SM3_FINAL, QAT_R_INPUT_PARAM_INVALID);
         return 0;
     }
-
-# if defined(QAT_OPENSSL_3) && !defined(QAT_OPENSSL_PROVIDER)
-    if (qat_openssl3_sm3_fallback == 1) {
-        DEBUG("- Switched to software mode\n");
-        goto fallback;
-    }
-# endif
-
 #ifdef QAT_OPENSSL_PROVIDER
     qat_sm3_ctx = (QAT_SM3_CTX *)ctx;
 #else
@@ -694,6 +709,12 @@ int qat_hw_sm3_final(EVP_MD_CTX *ctx, unsigned char *md)
         QATerr(QAT_F_QAT_HW_SM3_FINAL, QAT_R_CTX_NULL);
         return 0;
     }
+
+    if ((qat_openssl3_sm3_fallback == 1) || (!qat_hw_sm3_offload) || (qat_get_qat_offload_disabled())) {
+        DEBUG("- Switched to software mode\n");
+        goto fallback;
+    }
+
 # ifndef ENABLE_QAT_SMALL_PKT_OFFLOAD
     if (qat_sm3_ctx->rcv_count <= CRYPTO_SMALL_PACKET_OFFLOAD_THRESHOLD_HW_SM3) {
         /* Software calculation can start from init, because SPO threshold will
@@ -748,12 +769,19 @@ int qat_hw_sm3_final(EVP_MD_CTX *ctx, unsigned char *md)
 
     return 1;
 
-# if defined(QAT_OPENSSL_3) && !defined(QAT_OPENSSL_PROVIDER)
 fallback:
+# if defined(QAT_OPENSSL_3) && !defined(QAT_OPENSSL_PROVIDER)
     sw_fn_ptr = EVP_MD_meth_get_final((EVP_MD *)EVP_sm3());
     sts = (*sw_fn_ptr)(ctx, md);
     DEBUG("SW Finished %p\n", ctx);
     return sts;
+# else
+    if (!EVP_DigestFinal_ex(qat_sm3_ctx->sw_md_ctx, md, NULL)) {
+        WARN("Software calculate failed \n");
+        return 0;
+    }
+    DEBUG("SW Final Finished %p\n", qat_sm3_ctx);
+    return 1;
 # endif
 }
 

qat_prov_aes_ccm.c

@@ -112,6 +112,37 @@ QAT_EVP_CIPHER get_default_cipher_aes_ccm(int nid)
     return ccm_cipher;
 }
 
+static int qat_aes_ccm_tls_init(QAT_PROV_CCM_CTX *ctx, unsigned char *aad, size_t alen)
+{
+    size_t len;
+
+    if (!qat_prov_is_running() || alen != EVP_AEAD_TLS1_AAD_LEN)
+        return 0;
+
+    /* Save the aad for later use. */
+    memcpy(ctx->buf, aad, alen);
+    ctx->tls_aad_len = alen;
+
+    len = ctx->buf[alen - 2] << 8 | ctx->buf[alen - 1];
+    if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+        return 0;
+
+    /* Correct length for explicit iv. */
+    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+
+    if (!ctx->enc) {
+        if (len < ctx->M)
+            return 0;
+        /* Correct length for tag. */
+        len -= ctx->M;
+    }
+    ctx->buf[alen - 2] = (unsigned char)(len >> 8);
+    ctx->buf[alen - 1] = (unsigned char)(len & 0xff);
+
+    /* Extra padding: tag appended to record. */
+    return ctx->M;
+}
+
 static void *qat_aes_ccm_newctx(void *provctx, size_t keybits, int nid)
 {
     QAT_PROV_AES_CCM_CTX *ctx = NULL;
@@ -139,10 +170,12 @@ size_t qat_aes_ccm_get_ivlen(QAT_PROV_CCM_CTX * ctx)
     return QAT_AES_CCM_OP_VALUE - ctx->L;
 }
 
-int qat_aes_ccm_einit(void *ctx, const unsigned char *inkey, size_t keylen,
-                      const unsigned char *iv, size_t ivlen, int enc)
+int qat_aes_ccm_einit(void *vctx, const unsigned char *inkey, size_t keylen,
+                      const unsigned char *iv, size_t ivlen, const OSSL_PARAM param[])
 {
     int sts = 0;
+    QAT_PROV_CCM_CTX *ctx = (QAT_PROV_CCM_CTX *) vctx;
+    ctx->enc = 1;
 # if !defined(QAT20_OOT) && !defined(QAT_HW_INTREE) \
      && !defined(QAT_HW_FBSD_OOT) && !defined(QAT_HW_FBSD_INTREE)
     QAT_PROV_CCM_CTX *qctx = (QAT_PROV_CCM_CTX *) ctx;
@@ -162,16 +195,23 @@ int qat_aes_ccm_einit(void *ctx, const unsigned char *inkey, size_t keylen,
         return sts;
     }
 # endif
-    if (qat_hw_aes_ccm_offload)
+    if (qat_hw_aes_ccm_offload) {
         sts = qat_aes_ccm_init(ctx, inkey, keylen, iv, ivlen, 1);
+        if (sts != 1) {
+            QATerr(ERR_LIB_PROV, QAT_R_EINIT_OPERATION_FAILED);
+            return sts;
+        }
+    }
 
-    return sts;
+    return qat_aes_ccm_set_ctx_params(ctx, param);
 }
 
-int qat_aes_ccm_dinit(void *ctx, const unsigned char *inkey, size_t keylen,
-                      const unsigned char *iv, size_t ivlen, int enc)
+int qat_aes_ccm_dinit(void *vctx, const unsigned char *inkey, size_t keylen,
+                      const unsigned char *iv, size_t ivlen, const OSSL_PARAM param[])
 {
     int sts = 0;
+    QAT_PROV_CCM_CTX *ctx = (QAT_PROV_CCM_CTX *) vctx;
+    ctx->enc = 0;
 # if !defined(QAT20_OOT) && !defined(QAT_HW_INTREE) \
      && !defined(QAT_HW_FBSD_OOT) && !defined(QAT_HW_FBSD_INTREE)
     QAT_PROV_CCM_CTX *qctx = (QAT_PROV_CCM_CTX *) ctx;
@@ -192,10 +232,15 @@ int qat_aes_ccm_dinit(void *ctx, const unsigned char *inkey, size_t keylen,
         return sts;
     }
 # endif
-    if (qat_hw_aes_ccm_offload)
+    if (qat_hw_aes_ccm_offload) {
         sts = qat_aes_ccm_init(ctx, inkey, keylen, iv, ivlen, 0);
+        if (sts != 1) {
+            QATerr(ERR_LIB_PROV, QAT_R_DINIT_OPERATION_FAILED);
+            return sts;
+        }
+    }
 
-    return sts;
+    return qat_aes_ccm_set_ctx_params(ctx, param);
 }
 
 int qat_aes_ccm_stream_update(void *vctx, unsigned char *out,
@@ -239,7 +284,10 @@ int qat_aes_ccm_stream_update(void *vctx, unsigned char *out,
             return 0;
         }
     }
-
+    else {
+        /* Set *outl to NULL when offload is disabled to avoid garbage values and prevent errors. */
+        *outl = 0;
+    }
     return 1;
 
 }
@@ -269,11 +317,12 @@ int qat_aes_ccm_stream_final(void *vctx, unsigned char *out,
     }
 # endif
 
-    if (qat_hw_aes_ccm_offload)
+    if (qat_hw_aes_ccm_offload) {
         i = qat_aes_ccm_cipher(ctx, out, outl, outsize, NULL, 0);
 
-    if (i <= 0)
-        return 0;
+        if (i <= 0)
+            return 0;
+    }
 
     *outl = 0;
     return 1;
@@ -486,6 +535,8 @@ int qat_aes_ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
         if (qat_hw_aes_ccm_offload)
             sz = qat_aes_ccm_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, p->data_size,
                                   p->data);
+	else
+	    sz = qat_aes_ccm_tls_init(ctx, p->data, p->data_size);
 
         if (sz == 0) {
             QATerr(ERR_LIB_PROV, QAT_R_INVALID_DATA);

qat_prov_aes_ccm.h

@@ -234,9 +234,9 @@ void qat_aes_ccm_init_ctx(void *provctx, QAT_PROV_CCM_CTX * ctx, size_t keybits,
 int qat_aes_ccm_get_ctx_params(void *vctx, OSSL_PARAM params[]);
 int qat_aes_ccm_set_ctx_params(void *vctx, const OSSL_PARAM params[]);
 int qat_aes_ccm_einit(void *ctx, const unsigned char *inkey, size_t keylen,
-                      const unsigned char *iv, size_t ivlen, int enc);
+                      const unsigned char *iv, size_t ivlen, const OSSL_PARAM params[]);
 int qat_aes_ccm_dinit(void *ctx, const unsigned char *inkey, size_t keylen,
-                      const unsigned char *iv, size_t ivlen, int enc);
+                      const unsigned char *iv, size_t ivlen, const OSSL_PARAM params[]);
 int qat_aes_ccm_stream_update(void *ctx, unsigned char *out,
                               size_t *outl, size_t outsize,
                               const unsigned char *in, size_t inl);

qat_prov_sm3.c

@@ -122,19 +122,33 @@ static void *qat_sm3_newctx(void *prov_ctc)
     return ctx;
 }
 
+# ifdef ENABLE_QAT_HW_SM3
+static void qat_sm3_free_sw_md_ctx(QAT_SM3_CTX *ctx)
+{
+    EVP_MD_CTX_free(ctx->sw_md_ctx);
+    EVP_MD_free(ctx->sw_md);
+    ctx->sw_md_ctx = NULL;
+    ctx->sw_md = NULL;
+}
+# endif
+
 static void qat_sm3_freectx(void *vctx)
 {
 # ifdef ENABLE_QAT_HW_SM3
     QAT_SM3_CTX *ctx = (QAT_SM3_CTX *)vctx;
     if (!qat_hw_sm3_cleanup(ctx)){
         WARN("qat sm3 ctx cleanup failed.\n");
     }
+
+    if ((qat_hw_sm3_offload) && (!qat_get_qat_offload_disabled())) {
 #  ifndef ENABLE_QAT_SMALL_PKT_OFFLOAD
-    EVP_MD_CTX_free(ctx->sw_md_ctx);
-    EVP_MD_free(ctx->sw_md);
-    ctx->sw_md_ctx = NULL;
-    ctx->sw_md = NULL;
+        qat_sm3_free_sw_md_ctx(ctx);
 #  endif
+    } else {
+        if (ctx->rcv_count == 0) {
+            qat_sm3_free_sw_md_ctx(ctx);
+	}
+    }
 # endif
 # ifdef ENABLE_QAT_SW_SM3
     QAT_SM3_CTX_mb *ctx = (QAT_SM3_CTX_mb *)vctx;
@@ -155,6 +169,11 @@ static void *qat_sm3_dupctx(void *ctx)
 # endif
     if (ret != NULL)
         *ret = *in;
+# ifdef ENABLE_QAT_HW_SM3
+    if ((!qat_hw_sm3_offload) || (qat_get_qat_offload_disabled())) {
+        ret->rcv_count = 1;
+    }
+# endif
     return ret;
 }