From 6824166cf9feb351790fe199a8c464046d9de17a Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Tue, 28 Mar 2023 12:44:22 -0600 Subject: [PATCH 1/4] Add QAT flags to logic checking for dependencies --- configure.ac | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index acb158563..38afb1f1a 100644 --- a/configure.ac +++ b/configure.ac @@ -6586,10 +6586,11 @@ AS_IF([test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_INTEL_QA_SYNC" = "x AS_IF([test "x$QAT_DIR" = "xyes"],[AC_MSG_ERROR([need a PATH for --with-intelqa$intelqa_opt])]) - AM_CPPFLAGS="$AM_CPPFLAGS -I$QAT_DIR/quickassist/include -I$QAT_DIR/quickassist/include/lac -I$QAT_DIR/quickassist/utilities/osal/include \ + QAT_FLAGS="-I$QAT_DIR/quickassist/include -I$QAT_DIR/quickassist/include/lac -I$QAT_DIR/quickassist/utilities/osal/include \ -I$QAT_DIR/quickassist/utilities/osal/src/linux/user_space/include -I$QAT_DIR/quickassist/lookaside/access_layer/include \ -I$QAT_DIR/quickassist/lookaside/access_layer/src/common/include -I$srcdir/wolfssl -I$srcdir/wolfssl/wolfcrypt/port/intel \ -I$QAT_DIR/quickassist/utilities/libusdm_drv" + AM_CPPFLAGS="$AM_CPPFLAGS $QAT_FLAGS" CPPFLAGS="$AM_CPPFLAGS" LDFLAGS="$LDFLAGS -L$QAT_DIR/build" @@ -8720,6 +8721,10 @@ if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_LINUXKM" = "no" then SAVE_CFLAGS=$CFLAGS CFLAGS="$CFLAGS -I$srcdir" + if test "$ENABLED_INTEL_QA" = "yes" + then + CFLAGS="$CFLAGS $QAT_FLAGS" + fi build_pwd="$(pwd)" cd "$srcdir" openssl_headers=$(echo wolfssl/openssl/*.h) From 65f97482f3a06be98da4b5b6bbb74416a08ad1b2 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Wed, 29 Mar 2023 10:16:29 -0600 Subject: [PATCH 2/4] Missed free's in api.c --- tests/api.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/api.c b/tests/api.c index f29e35983..60dc95823 100644 --- a/tests/api.c +++ b/tests/api.c @@ -61981,6 +61981,7 @@ static int test_openssl_FIPS_drbg(void) AssertIntNE(XMEMCMP(data1, zeroData, dlen), 0); AssertIntNE(XMEMCMP(data1, data2, dlen), 0); AssertIntEQ(FIPS_drbg_uninstantiate(dctx), WOLFSSL_SUCCESS); + wolfSSL_FIPS_drbg_free(dctx); res = TEST_RES_CHECK(1); #endif From 047db19956a0a468c48ffe0e71d2f2aa1b70f0d6 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Wed, 29 Mar 2023 10:17:06 -0600 Subject: [PATCH 3/4] Disable SHA512/224 & SHA512/256 on QAT --- wolfcrypt/src/evp.c | 2 +- wolfssl/wolfcrypt/settings.h | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 1925b23ef..dda040797 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -4954,7 +4954,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* !WOLFSSL_NOSHA512_224 */ -#ifndef WOLFSSL_NOSHA512_224 +#ifndef WOLFSSL_NOSHA512_256 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_256(void) { WOLFSSL_ENTER("EVP_sha512_256"); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 47e5ce6b8..a3c67cee1 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2342,7 +2342,10 @@ extern void uITRON4_free(void *p) ; #ifndef WC_ASYNC_DEV_SIZE #define WC_ASYNC_DEV_SIZE 0 #endif - +#ifdef HAVE_INTEL_QA /* Disable SHA512/224 and SHA512/256 support for QAT */ + #define WOLFSSL_NOSHA512_224 + #define WOLFSSL_NOSHA512_256 +#endif /* leantls checks */ #ifdef WOLFSSL_LEANTLS #ifndef HAVE_ECC From 8e730534d5faf8ca26014596eedc4f3a8a5e42b5 Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Wed, 29 Mar 2023 10:26:59 -0600 Subject: [PATCH 4/4] Free in drbg test when appropriate --- tests/api.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/api.c b/tests/api.c index 60dc95823..4261dec77 100644 --- a/tests/api.c +++ b/tests/api.c @@ -61981,7 +61981,10 @@ static int test_openssl_FIPS_drbg(void) AssertIntNE(XMEMCMP(data1, zeroData, dlen), 0); AssertIntNE(XMEMCMP(data1, data2, dlen), 0); AssertIntEQ(FIPS_drbg_uninstantiate(dctx), WOLFSSL_SUCCESS); +#ifndef HAVE_GLOBAL_RNG + /* gets freed by wolfSSL_Cleanup() when HAVE_GLOBAL_RNG defined */ wolfSSL_FIPS_drbg_free(dctx); +#endif res = TEST_RES_CHECK(1); #endif