crypto/openssl: replace evp APIs with HMAC APIs

[dpdk.git] / drivers / crypto / openssl / rte_openssl_pmd.c

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index d943d72..ac032ee 100644 (file)
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -39,6 +39,7 @@
 #include <rte_malloc.h>
 #include <rte_cpuflags.h>
 
+#include <openssl/hmac.h>
 #include <openssl/evp.h>
 
 #include "rte_openssl_pmd_private.h"
@@ -47,6 +48,25 @@
 
 static uint8_t cryptodev_driver_id;
 
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+static HMAC_CTX *HMAC_CTX_new(void)
+{
+       HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
+
+       if (ctx != NULL)
+               HMAC_CTX_init(ctx);
+       return ctx;
+}
+
+static void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+       if (ctx != NULL) {
+               HMAC_CTX_cleanup(ctx);
+               OPENSSL_free(ctx);
+       }
+}
+#endif
+
 static int cryptodev_openssl_remove(struct rte_vdev_device *vdev);
 
 /*----------------------------------------------------------------------------*/
@@ -336,7 +356,7 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
                break;
        default:
                sess->cipher.algo = RTE_CRYPTO_CIPHER_NULL;
-               return -EINVAL;
+               return -ENOTSUP;
        }
 
        return 0;
@@ -403,16 +423,20 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
        case RTE_CRYPTO_AUTH_SHA384_HMAC:
        case RTE_CRYPTO_AUTH_SHA512_HMAC:
                sess->auth.mode = OPENSSL_AUTH_AS_HMAC;
-               sess->auth.hmac.ctx = EVP_MD_CTX_create();
+               sess->auth.hmac.ctx = HMAC_CTX_new();
                if (get_auth_algo(xform->auth.algo,
                                &sess->auth.hmac.evp_algo) != 0)
                        return -EINVAL;
-               sess->auth.hmac.pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
-                               xform->auth.key.data, xform->auth.key.length);
+
+               if (HMAC_Init_ex(sess->auth.hmac.ctx,
+                               xform->auth.key.data,
+                               xform->auth.key.length,
+                               sess->auth.hmac.evp_algo, NULL) != 1)
+                       return -EINVAL;
                break;
 
        default:
-               return -EINVAL;
+               return -ENOTSUP;
        }
 
        sess->auth.digest_length = xform->auth.digest_length;
@@ -455,10 +479,10 @@ openssl_set_session_aead_parameters(struct openssl_session *sess,
                sess->chain_order = OPENSSL_CHAIN_COMBINED;
                break;
        default:
-               return -EINVAL;
+               return -ENOTSUP;
        }
 
-       sess->auth.aad_length = xform->aead.add_auth_data_length;
+       sess->auth.aad_length = xform->aead.aad_length;
        sess->auth.digest_length = xform->aead.digest_length;
 
        return 0;
@@ -472,6 +496,7 @@ openssl_set_session_parameters(struct openssl_session *sess,
        const struct rte_crypto_sym_xform *cipher_xform = NULL;
        const struct rte_crypto_sym_xform *auth_xform = NULL;
        const struct rte_crypto_sym_xform *aead_xform = NULL;
+       int ret;
 
        sess->chain_order = openssl_get_chain_order(xform);
        switch (sess->chain_order) {
@@ -501,27 +526,30 @@ openssl_set_session_parameters(struct openssl_session *sess,
 
        /* cipher_xform must be check before auth_xform */
        if (cipher_xform) {
-               if (openssl_set_session_cipher_parameters(
-                               sess, cipher_xform)) {
+               ret = openssl_set_session_cipher_parameters(
+                               sess, cipher_xform);
+               if (ret != 0) {
                        OPENSSL_LOG_ERR(
                                "Invalid/unsupported cipher parameters");
-                       return -EINVAL;
+                       return ret;
                }
        }
 
        if (auth_xform) {
-               if (openssl_set_session_auth_parameters(sess, auth_xform)) {
+               ret = openssl_set_session_auth_parameters(sess, auth_xform);
+               if (ret != 0) {
                        OPENSSL_LOG_ERR(
                                "Invalid/unsupported auth parameters");
-                       return -EINVAL;
+                       return ret;
                }
        }
 
        if (aead_xform) {
-               if (openssl_set_session_aead_parameters(sess, aead_xform)) {
+               ret = openssl_set_session_aead_parameters(sess, aead_xform);
+               if (ret != 0) {
                        OPENSSL_LOG_ERR(
-                               "Invalid/unsupported auth parameters");
-                       return -EINVAL;
+                               "Invalid/unsupported AEAD parameters");
+                       return ret;
                }
        }
 
@@ -543,7 +571,7 @@ openssl_reset_session(struct openssl_session *sess)
                break;
        case OPENSSL_AUTH_AS_HMAC:
                EVP_PKEY_free(sess->auth.hmac.pkey);
-               EVP_MD_CTX_destroy(sess->auth.hmac.ctx);
+               HMAC_CTX_free(sess->auth.hmac.ctx);
                break;
        default:
                break;
@@ -967,10 +995,9 @@ process_auth_err:
 /** Process standard openssl auth algorithms with hmac */
 static int
 process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
-               __rte_unused uint8_t *iv, EVP_PKEY *pkey,
-               int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo)
+               int srclen, HMAC_CTX *ctx)
 {
-       size_t dstlen;
+       unsigned int dstlen;
        struct rte_mbuf *m;
        int l, n = srclen;
        uint8_t *src;
@@ -982,19 +1009,16 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
        if (m == 0)
                goto process_auth_err;
 
-       if (EVP_DigestSignInit(ctx, NULL, algo, NULL, pkey) <= 0)
-               goto process_auth_err;
-
        src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
 
        l = rte_pktmbuf_data_len(m) - offset;
        if (srclen <= l) {
-               if (EVP_DigestSignUpdate(ctx, (char *)src, srclen) <= 0)
+               if (HMAC_Update(ctx, (unsigned char *)src, srclen) != 1)
                        goto process_auth_err;
                goto process_auth_final;
        }
 
-       if (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0)
+       if (HMAC_Update(ctx, (unsigned char *)src, l) != 1)
                goto process_auth_err;
 
        n -= l;
@@ -1002,13 +1026,16 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
        for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
                src = rte_pktmbuf_mtod(m, uint8_t *);
                l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
-               if (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0)
+               if (HMAC_Update(ctx, (unsigned char *)src, l) != 1)
                        goto process_auth_err;
                n -= l;
        }
 
 process_auth_final:
-       if (EVP_DigestSignFinal(ctx, dst, &dstlen) <= 0)
+       if (HMAC_Final(ctx, dst, &dstlen) != 1)
+               goto process_auth_err;
+
+       if (unlikely(HMAC_Init_ex(ctx, NULL, 0, NULL, NULL) != 1))
                goto process_auth_err;
 
        return 0;
@@ -1261,9 +1288,8 @@ process_openssl_auth_op
                break;
        case OPENSSL_AUTH_AS_HMAC:
                status = process_openssl_auth_hmac(mbuf_src, dst,
-                               op->sym->auth.data.offset, NULL,
-                               sess->auth.hmac.pkey, srclen,
-                               sess->auth.hmac.ctx, sess->auth.hmac.evp_algo);
+                               op->sym->auth.data.offset, srclen,
+                               sess->auth.hmac.ctx);
                break;
        default:
                status = -1;