1 From 02dd4d275f7544a4027ca3452b60ac5bdd9376fb Mon Sep 17 00:00:00 2001
2 From: Cristian Stoica <cristian.stoica@nxp.com>
3 Date: Mon, 14 Dec 2015 17:49:08 +0200
4 Subject: [PATCH 26/48] cryptodev: remove code duplication in digest operations
6 This patch simplifies code and removes duplication in digest_update and
7 digest_final for cryptodev engine.
9 Note: The current design of eng_cryptodev for digests operations assumes
10 the presence of all the data before processing (this is suboptimal
11 with cryptodev-linux because Linux kernel has support for digest-update
12 operations and there is no need to accumulate the input data).
14 Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
16 crypto/engine/eng_cryptodev.c | 76 ++++++++++++++++---------------------------
17 1 file changed, 28 insertions(+), 48 deletions(-)
19 diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
20 index 16e6fd9..048e050 100644
21 --- a/crypto/engine/eng_cryptodev.c
22 +++ b/crypto/engine/eng_cryptodev.c
23 @@ -1590,24 +1590,25 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
24 static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
27 - struct crypt_op cryp;
28 struct dev_crypto_state *state = ctx->md_data;
29 - struct session_op *sess = &state->d_sess;
31 - if (!data || state->d_fd < 0) {
32 + if (!data || !count) {
33 printf("cryptodev_digest_update: illegal inputs \n");
42 - if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
43 - /* if application doesn't support one buffer */
45 + * Accumulate input data if it is scattered in several buffers. TODO:
46 + * Depending on number of calls and data size, this code can be optimized
47 + * to take advantage of Linux kernel crypto API, balancing between
48 + * cryptodev calls and accumulating small amounts of data
50 + if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
51 + state->mac_data = data;
52 + state->mac_len = count;
55 OPENSSL_realloc(state->mac_data, state->mac_len + count);
57 if (!state->mac_data) {
58 printf("cryptodev_digest_update: realloc failed\n");
60 @@ -1615,23 +1616,9 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
62 memcpy(state->mac_data + state->mac_len, data, count);
63 state->mac_len += count;
68 - memset(&cryp, 0, sizeof(cryp));
70 - cryp.ses = sess->ses;
73 - cryp.src = (caddr_t) data;
75 - cryp.mac = (caddr_t) state->digest_res;
76 - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
77 - printf("cryptodev_digest_update: digest failed\n");
84 static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
85 @@ -1640,33 +1627,25 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
86 struct dev_crypto_state *state = ctx->md_data;
87 struct session_op *sess = &state->d_sess;
91 if (!md || state->d_fd < 0) {
92 printf("cryptodev_digest_final: illegal input\n");
96 - if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
97 - /* if application doesn't support one buffer */
98 - memset(&cryp, 0, sizeof(cryp));
99 - cryp.ses = sess->ses;
101 - cryp.len = state->mac_len;
102 - cryp.src = state->mac_data;
104 - cryp.mac = (caddr_t) md;
105 - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
106 - printf("cryptodev_digest_final: digest failed\n");
109 + memset(&cryp, 0, sizeof(cryp));
113 + cryp.ses = sess->ses;
115 + cryp.len = state->mac_len;
116 + cryp.src = state->mac_data;
119 - memcpy(md, state->digest_res, ctx->digest->md_size);
120 + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
121 + printf("cryptodev_digest_final: digest failed\n");
129 static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
130 @@ -1683,11 +1662,11 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
134 - if (state->mac_data) {
135 + if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
136 OPENSSL_free(state->mac_data);
137 - state->mac_data = NULL;
138 - state->mac_len = 0;
140 + state->mac_data = NULL;
141 + state->mac_len = 0;
143 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
144 printf("cryptodev_digest_cleanup: failed to close session\n");
145 @@ -1695,6 +1674,7 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
150 put_dev_crypto(state->d_fd);