Skip to content

Commit 1ac6d2e

Browse files
bjayanaxdaweiq
authored andcommitted
Fix for SM2 speed performance drop
Signed-off-by: Nagha Abirami <naghax.abirami@intel.com>
1 parent 3c1b220 commit 1ac6d2e

File tree

3 files changed

+27
-48
lines changed

3 files changed

+27
-48
lines changed

docs/limitations.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@
5050
calls OPENSSL_cleanup(). Incorrect cleanup can lead to a segmentation fault (segfault).
5151
Also, memory allocated in a thread is freed automatically when the thread exits/terminates,
5252
even if the user does not explicitly free the memory.
53-
* SVM is not supported with BoringSSL library.
53+
* SVM is not supported with BoringSSL library and KPT.
5454
* AES-CCM ciphers are not enabled in OpenSSL by default. Need to enable it manually using the openssl.cnf file.
5555

5656
Example:
@@ -86,7 +86,6 @@
8686
* Known issue in Software fallback with OpenSSL3.0 Engine(only) when disabled via co-existence
8787
algo bitmap for algorithms PRF, HKDF, SM2 & SM3. QAT_HW PRF and QAT_HW HKDF are
8888
not accelerated in OpenSSL 3.0 engine due to the issue [OpenSSL#21622][4]
89-
9089
### Performance
9190
* There is known performance scaling issue (performance drop with threads >32)
9291
with ECDSA Ciphers in the QAT Software acceleration using multithread mode

qat_hw_sm2.c

Lines changed: 6 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -555,7 +555,6 @@ int qat_sm2_sign(EVP_PKEY_CTX *ctx,
555555
CpaCyEcsm2SignOpData *opData = NULL;
556556
CpaStatus status = CPA_STATUS_FAIL;
557557
CpaBoolean bSM2SignStatus = 0;
558-
int sig_sz;
559558
op_done_t op_done;
560559
int qatPerformOpRetries = 0;
561560
useconds_t ulPollInterval = getQatPollInterval();
@@ -565,6 +564,7 @@ int qat_sm2_sign(EVP_PKEY_CTX *ctx,
565564
int qat_svm = QAT_INSTANCE_ANY;
566565

567566
# if defined(QAT_OPENSSL_3) && !defined(QAT_OPENSSL_PROVIDER)
567+
int sig_sz;
568568
unsigned char *dgst = NULL;
569569
BIGNUM *bg = NULL;
570570
EVP_MD *md = NULL;
@@ -593,7 +593,7 @@ int qat_sm2_sign(EVP_PKEY_CTX *ctx,
593593
QATerr(QAT_F_QAT_SM2_SIGN, QAT_R_INPUT_PARAM_INVALID);
594594
return ret;
595595
}
596-
596+
# if defined(QAT_OPENSSL_3) && !defined(QAT_OPENSSL_PROVIDER)
597597
sig_sz = ECDSA_size(eckey);
598598

599599
if (sig_sz <= 0)
@@ -610,7 +610,7 @@ int qat_sm2_sign(EVP_PKEY_CTX *ctx,
610610
QATerr(QAT_F_QAT_SM2_SIGN, QAT_R_INPUT_PARAM_INVALID);
611611
return ret;
612612
}
613-
613+
# endif
614614
group = EC_KEY_get0_group(eckey);
615615
priv_key = EC_KEY_get0_private_key(eckey);
616616
pub_key = EC_KEY_get0_public_key(eckey);
@@ -995,7 +995,7 @@ int qat_sm2_sign(EVP_PKEY_CTX *ctx,
995995
siglen, sigsize);
996996
}
997997
# else
998-
# ifdef QAT_OPENSSL_3 // to be deleted
998+
# ifdef QAT_OPENSSL_3
999999
/* When using OpenSSL 3 legacy engine API */
10001000
sw_ctx = OPENSSL_malloc(sizeof(QAT_PROV_SM2_CTX));
10011001
sw_ctx->mdsize = 0;
@@ -1008,9 +1008,7 @@ int qat_sm2_sign(EVP_PKEY_CTX *ctx,
10081008

10091009
sw_sm2_signature = get_def_signature_sm2();
10101010
if (sw_sm2_signature.sign) {
1011-
ret =
1012-
sw_sm2_signature.sign(sw_ctx, sig, siglen, (size_t)sig_sz, dgst,
1013-
dlen);
1011+
ret = sw_sm2_signature.sign(sw_ctx, sig, siglen, sig_sz, dgst, dlen);
10141012
} else {
10151013
WARN("Failed to obtain sm2 sign func from default provider.\n");
10161014
ret = 0;
@@ -1044,7 +1042,7 @@ int qat_sm2_verify(EVP_PKEY_CTX *ctx,
10441042
# endif
10451043
{
10461044
int ret = 0, i, job_ret = 0, fallback = 0;
1047-
ECDSA_SIG *s;
1045+
ECDSA_SIG *s = NULL;
10481046
const EC_GROUP *group;
10491047
BN_CTX *bctx = NULL;
10501048
const BIGNUM *priv_key, *order;
@@ -1126,15 +1124,6 @@ int qat_sm2_verify(EVP_PKEY_CTX *ctx,
11261124
return ret;
11271125
}
11281126

1129-
sig_r = BN_new();
1130-
sig_s = BN_new();
1131-
1132-
if (ECDSA_SIG_set0(s, (BIGNUM *)sig_r, (BIGNUM *)sig_s) == 0) {
1133-
WARN("Failure to allocate r and s values to assign to the ECDSA_SIG\n");
1134-
QATerr(QAT_F_QAT_SM2_VERIFY, QAT_R_SM2_SIG_SET_R_S_FAILURE);
1135-
goto err;
1136-
}
1137-
11381127
if (d2i_ECDSA_SIG(&s, &p, siglen) == NULL) {
11391128
WARN("Failure to get ECDSA_SIG_SM2\n");
11401129
return ret;

qat_prov_sign_sm2.c

Lines changed: 20 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -130,29 +130,6 @@ typedef struct evp_signature_st {
130130
OSSL_FUNC_signature_settable_ctx_md_params_fn *settable_ctx_md_params;
131131
} QAT_EVP_SIGNATURE /* EVP_SIGNATURE for QAT Provider sm2 */;
132132

133-
# ifdef ENABLE_QAT_HW_SM2
134-
static QAT_EVP_SIGNATURE get_default_signature_sm2()
135-
{
136-
static QAT_EVP_SIGNATURE s_signature;
137-
static int initilazed = 0;
138-
if (!initilazed)
139-
{
140-
QAT_EVP_SIGNATURE *signature = (QAT_EVP_SIGNATURE *)EVP_SIGNATURE_fetch(NULL, "SM2", "provider=default");
141-
if (signature)
142-
{
143-
s_signature = *signature;
144-
EVP_SIGNATURE_free((QAT_EVP_SIGNATURE *)signature);
145-
initilazed = 1;
146-
}
147-
else
148-
{
149-
WARN("EVP_SIGNATURE_fetch from default provider failed");
150-
}
151-
}
152-
return s_signature;
153-
}
154-
# endif
155-
156133
static int qat_sm2sig_set_mdname(QAT_PROV_SM2_CTX *psm2ctx, const char *mdname)
157134
{
158135
if (psm2ctx->md == NULL) /* We need an SM3 md to compare with */
@@ -221,6 +198,7 @@ static int qat_sm2sig_sign(void *vpsm2ctx, unsigned char *sig, size_t *siglen,
221198
{
222199
QAT_PROV_SM2_CTX *ctx = (QAT_PROV_SM2_CTX *)vpsm2ctx;
223200
int ret;
201+
size_t sltmp;
224202
/* SM2 uses ECDSA_size as well */
225203
size_t ecsize = ECDSA_size(ctx->ec);
226204

@@ -239,12 +217,12 @@ static int qat_sm2sig_sign(void *vpsm2ctx, unsigned char *sig, size_t *siglen,
239217
# endif
240218

241219
# ifdef ENABLE_QAT_HW_SM2
242-
ret = qat_sm2_sign(ctx, sig, siglen, sigsize, tbs, tbslen);
220+
ret = qat_sm2_sign(ctx, sig, &sltmp, sigsize, tbs, tbslen);
243221
# endif
244222
if (ret <= 0)
245223
return 0;
246224

247-
*siglen = tbslen;
225+
*siglen = sltmp;
248226
return 1;
249227
}
250228

@@ -315,11 +293,24 @@ int qat_sm2sig_digest_signverify_update(void *vpsm2ctx, const unsigned char *dat
315293
int qat_sm2sig_digest_sign_final(void *vpsm2ctx, unsigned char *sig, size_t *siglen,
316294
size_t sigsize)
317295
{
318-
typedef int (*fun_ptr)(void *, unsigned char *, size_t *, size_t);
319-
fun_ptr fun = get_default_signature_sm2().digest_sign_final;
320-
if (!fun)
296+
QAT_PROV_SM2_CTX *ctx = (QAT_PROV_SM2_CTX *)vpsm2ctx;
297+
unsigned char digest[EVP_MAX_MD_SIZE];
298+
unsigned int dlen = 0;
299+
300+
if (ctx == NULL || ctx->mdctx == NULL)
321301
return 0;
322-
return fun(vpsm2ctx, sig, siglen, sigsize);
302+
303+
/*
304+
* If sig is NULL then we're just finding out the sig size. Other fields
305+
* are ignored. Defer to sm2sig_sign.
306+
*/
307+
if (sig != NULL) {
308+
if (!(qat_sm2sig_compute_z_digest(ctx)
309+
&& EVP_DigestFinal_ex(ctx->mdctx, digest, &dlen)))
310+
return 0;
311+
}
312+
313+
return qat_sm2sig_sign(ctx, sig, siglen, sigsize, digest, (size_t)dlen);
323314
}
324315
# endif
325316

0 commit comments

Comments
 (0)