QAT Engine and Provider compatibility issues fix with OpenSSL 3.3 and 3.4

 - Fixed Qatprovider RSA, ECDSA, ECDH, ECX, SM2, DSA & DH issues - Fixed Qatengine SHA3, SM2 issues - Fixed double free error with RSA 8k testapp Signed-off-by: Jaya Naga Venkata Sudhakar <bavirisettyx.jaya.naga.venkata.sudhakar@intel.com> Co-authored-by: Raveesh Vemula <raveeshx.vemula@intel.com>

Author: 2 people

qat_hw_sha3.h

@@ -148,10 +148,15 @@ int qat_sha3_copy(QAT_KECCAK1600_CTX *to, const QAT_KECCAK1600_CTX *from);
 # endif
 typedef struct {
  uint64_t A[5][5];
+#if OPENSSL_VERSION_NUMBER >= 0x30300000
+ unsigned char buf[KECCAK1600_WIDTH / 8 - 32];
+#endif
  size_t block_size; /* SW cached ctx->digest->block_size */
  size_t md_size; /* SW output length, variable in XOF */
  size_t num; /* SW used bytes in below buffer */
+#if OPENSSL_VERSION_NUMBER < 0x30300000
  unsigned char buf[KECCAK1600_WIDTH / 8 - 32];
+#endif
  unsigned char pad;
 } KECCAK1600_CTX;
 

qat_prov_ecx.h

@@ -58,13 +58,17 @@
 typedef struct{
  int id; /* libcrypto internal */
  int name_id;
+# if OPENSSL_VERSION_NUMBER >= 0x30300000
+ /* NID for the legacy alg if there is one */
+ int legacy_alg;
+# endif
  char *type_name;
  const char *description;
  OSSL_PROVIDER *prov;
  CRYPTO_REF_COUNT references;
-#if OPENSSL_VERSION_NUMBER < 0x30200000
+# if OPENSSL_VERSION_NUMBER < 0x30200000
  CRYPTO_RWLOCK *lock;
-#endif
+# endif
  OSSL_FUNC_keymgmt_new_fn *new;
  OSSL_FUNC_keymgmt_free_fn *free;
  OSSL_FUNC_keymgmt_get_params_fn *get_params;
@@ -73,6 +77,10 @@ typedef struct{
  OSSL_FUNC_keymgmt_settable_params_fn *settable_params;
  OSSL_FUNC_keymgmt_gen_init_fn *gen_init;
  OSSL_FUNC_keymgmt_gen_set_template_fn *gen_set_template;
+# if OPENSSL_VERSION_NUMBER >= 0x30400000
+ OSSL_FUNC_keymgmt_gen_get_params_fn *gen_get_params;
+ OSSL_FUNC_keymgmt_gen_gettable_params_fn *gen_gettable_params;
+# endif
  OSSL_FUNC_keymgmt_gen_set_params_fn *gen_set_params;
  OSSL_FUNC_keymgmt_gen_settable_params_fn *gen_settable_params;
  OSSL_FUNC_keymgmt_gen_fn *gen;

qat_prov_kmgmt_dh.c

@@ -65,6 +65,10 @@ typedef struct
 {
  int id; /* libcrypto internal */
  int name_id;
+# if OPENSSL_VERSION_NUMBER >= 0x30300000
+ /* NID for the legacy alg if there is one */
+ int legacy_alg;
+# endif
  char *type_name;
  const char *description;
  OSSL_PROVIDER *prov;
@@ -84,6 +88,10 @@ typedef struct
  /* Generation, a complex constructor */
  OSSL_FUNC_keymgmt_gen_init_fn *gen_init;
  OSSL_FUNC_keymgmt_gen_set_template_fn *gen_set_template;
+# if OPENSSL_VERSION_NUMBER >= 0x30400000
+ OSSL_FUNC_keymgmt_gen_get_params_fn *gen_get_params;
+ OSSL_FUNC_keymgmt_gen_gettable_params_fn *gen_gettable_params;
+# endif
  OSSL_FUNC_keymgmt_gen_set_params_fn *gen_set_params;
  OSSL_FUNC_keymgmt_gen_settable_params_fn *gen_settable_params;
  OSSL_FUNC_keymgmt_gen_fn *gen;
@@ -349,7 +357,12 @@ static void *qat_dh_dup(const void *keydata_from, int selection)
  return NULL;
  return fun(keydata_from, selection);
 }
-
+# if OPENSSL_VERSION_NUMBER >= 0x30400000
+static const char *qat_dh_query_operation_name(int operation_id)
+{
+ return "DH";
+}
+# endif
 const OSSL_DISPATCH qat_dh_keymgmt_functions[] = {
  {OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))qat_dh_newdata},
  {OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))qat_dh_gen_init},
@@ -372,6 +385,10 @@ const OSSL_DISPATCH qat_dh_keymgmt_functions[] = {
  {OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))qat_dh_import_types},
  {OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))qat_dh_export},
  {OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))qat_dh_export_types},
+# if OPENSSL_VERSION_NUMBER >= 0x30400000
+ { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME,
+ (void (*)(void))qat_dh_query_operation_name },
+# endif
  {OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))qat_dh_dup},
  {0, NULL}};
 

qat_prov_kmgmt_dsa.c

@@ -69,6 +69,10 @@ typedef struct
 {
  int id; /* libcrypto internal */
  int name_id;
+# if OPENSSL_VERSION_NUMBER >= 0x30300000
+ /* NID for the legacy alg if there is one */
+ int legacy_alg;
+# endif
  char *type_name;
  const char *description;
  OSSL_PROVIDER *prov;
@@ -88,6 +92,10 @@ typedef struct
  /* Generation, a complex constructor */
  OSSL_FUNC_keymgmt_gen_init_fn *gen_init;
  OSSL_FUNC_keymgmt_gen_set_template_fn *gen_set_template;
+# if OPENSSL_VERSION_NUMBER >= 0x30400000
+ OSSL_FUNC_keymgmt_gen_get_params_fn *gen_get_params;
+ OSSL_FUNC_keymgmt_gen_gettable_params_fn *gen_gettable_params;
+# endif
  OSSL_FUNC_keymgmt_gen_set_params_fn *gen_set_params;
  OSSL_FUNC_keymgmt_gen_settable_params_fn *gen_settable_params;
  OSSL_FUNC_keymgmt_gen_fn *gen;

qat_prov_kmgmt_ec.c

@@ -113,6 +113,10 @@ if (p != NULL) { \
 typedef struct{
  int id; /* libcrypto internal */
  int name_id;
+# if OPENSSL_VERSION_NUMBER >= 0x30300000
+ /* NID for the legacy alg if there is one */
+ int legacy_alg;
+# endif
  char *type_name;
  const char *description;
  OSSL_PROVIDER *prov;
@@ -132,6 +136,10 @@ typedef struct{
  /* Generation, a complex constructor */
  OSSL_FUNC_keymgmt_gen_init_fn *gen_init;
  OSSL_FUNC_keymgmt_gen_set_template_fn *gen_set_template;
+# if OPENSSL_VERSION_NUMBER >= 0x30400000
+ OSSL_FUNC_keymgmt_gen_get_params_fn *gen_get_params;
+ OSSL_FUNC_keymgmt_gen_gettable_params_fn *gen_gettable_params;
+# endif
  OSSL_FUNC_keymgmt_gen_set_params_fn *gen_set_params;
  OSSL_FUNC_keymgmt_gen_settable_params_fn *gen_settable_params;
  OSSL_FUNC_keymgmt_gen_fn *gen;

qat_prov_kmgmt_rsa.c

@@ -58,6 +58,10 @@
 typedef struct{
  int id; /* libcrypto internal */
  int name_id;
+# if OPENSSL_VERSION_NUMBER >= 0x30300000
+ /* NID for the legacy alg if there is one */
+ int legacy_alg;
+# endif
  char *type_name;
  const char *description;
  OSSL_PROVIDER *prov;
@@ -77,6 +81,10 @@ typedef struct{
  /* Generation, a complex constructor */
  OSSL_FUNC_keymgmt_gen_init_fn *gen_init;
  OSSL_FUNC_keymgmt_gen_set_template_fn *gen_set_template;
+# if OPENSSL_VERSION_NUMBER >= 0x30400000
+ OSSL_FUNC_keymgmt_gen_get_params_fn *gen_get_params;
+ OSSL_FUNC_keymgmt_gen_gettable_params_fn *gen_gettable_params;
+# endif
  OSSL_FUNC_keymgmt_gen_set_params_fn *gen_set_params;
  OSSL_FUNC_keymgmt_gen_settable_params_fn *gen_settable_params;
  OSSL_FUNC_keymgmt_gen_fn *gen;

qat_prov_sign_sm2.c

@@ -358,7 +358,9 @@ static int qat_sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname,
  && qat_DER_w_algorithmIdentifier_SM2_with_MD(&pkt, -1, ctx->ec, md_nid)
  && QAT_WPACKET_finish(&pkt)) {
  QAT_WPACKET_get_total_written(&pkt, &ctx->aid_len);
+#if OPENSSL_VERSION_NUMBER < 0x30400000
  ctx->aid = QAT_WPACKET_get_curr(&pkt);
+#endif
  }
  QAT_WPACKET_cleanup(&pkt);
 
@@ -498,12 +500,12 @@ static int qat_sm2sig_get_ctx_params(void *vpsm2ctx, OSSL_PARAM *params)
 
  if (psm2ctx == NULL)
  return 0;
-
+#if OPENSSL_VERSION_NUMBER < 0x30400000
  p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
  if (p != NULL
  && !OSSL_PARAM_set_octet_string(p, psm2ctx->aid, psm2ctx->aid_len))
  return 0;
-
+#endif
  p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE);
  if (p != NULL && !OSSL_PARAM_set_size_t(p, psm2ctx->mdsize))
  return 0;

qat_prov_sign_sm2.h

@@ -73,7 +73,9 @@ typedef struct {
 
  /* The Algorithm Identifier of the combined signature algorithm */
  unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE];
+#if OPENSSL_VERSION_NUMBER < 0x30400000
  unsigned char *aid;
+#endif
  size_t aid_len;
 
  /* main digest */
@@ -84,7 +86,6 @@ typedef struct {
  /* SM2 ID used for calculating the Z value */
  unsigned char *id;
  size_t id_len;
-
  const unsigned char *tbs;
  size_t tbs_len;
 } QAT_PROV_SM2_CTX;

qat_sw_sm2.c

@@ -76,8 +76,18 @@ typedef struct evp_signature_st {
  OSSL_FUNC_signature_newctx_fn *newctx;
  OSSL_FUNC_signature_sign_init_fn *sign_init;
  OSSL_FUNC_signature_sign_fn *sign;
+#if OPENSSL_VERSION_NUMBER >= 0x30400000
+ OSSL_FUNC_signature_sign_message_init_fn *sign_message_init;
+ OSSL_FUNC_signature_sign_message_update_fn *sign_message_update;
+ OSSL_FUNC_signature_sign_message_final_fn *sign_message_final;
+#endif
  OSSL_FUNC_signature_verify_init_fn *verify_init;
  OSSL_FUNC_signature_verify_fn *verify;
+#if OPENSSL_VERSION_NUMBER >= 0x30400000
+ OSSL_FUNC_signature_verify_message_init_fn *verify_message_init;
+ OSSL_FUNC_signature_verify_message_update_fn *verify_message_update;
+ OSSL_FUNC_signature_verify_message_final_fn *verify_message_final;
+#endif
  OSSL_FUNC_signature_verify_recover_init_fn *verify_recover_init;
  OSSL_FUNC_signature_verify_recover_fn *verify_recover;
  OSSL_FUNC_signature_digest_sign_init_fn *digest_sign_init;

test/tests_rsa.c

@@ -3282,7 +3282,8 @@ static int run_rsa(void *args)
  if (ptext)
  OPENSSL_free(ptext);
 #endif
- RSA_free(key);
+ if(size < 8192)
+ RSA_free(key);
  if (sig)
  OPENSSL_free(sig);
  if (verMsg)