From 5673ee6c947fb50438717eecfbf4842141d93a05 Mon Sep 17 00:00:00 2001 From: lichaochen_huawei Date: Fri, 29 Aug 2025 09:55:14 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=A1=AC=E4=BB=B6=E7=86=B5?= =?UTF-8?q?=E6=BA=90=E8=B7=A8=E5=B9=B3=E5=8F=B0=E7=BC=96=E8=AF=91=E6=8A=A5?= =?UTF-8?q?=E9=94=99=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: lichaochen_huawei --- plugin/BUILD.gn | 26 +++++++++++---- .../rand/inc/rand_hks_provider.h | 2 +- .../rand/src/rand_hks_provider.c | 32 ++++++++++++++++--- .../crypto_operation/rand/src/rand_openssl.c | 15 ++++++--- test/unittest/BUILD.gn | 8 ++++- 5 files changed, 64 insertions(+), 19 deletions(-) diff --git a/plugin/BUILD.gn b/plugin/BUILD.gn index 99a9242..dbbf96f 100644 --- a/plugin/BUILD.gn +++ b/plugin/BUILD.gn @@ -54,13 +54,25 @@ if (os_level == "standard") { deps = [ "../common:crypto_plugin_common" ] - external_deps = [ - "c_utils:utils", - "hilog:libhilog", - "huks:libhukssdk", - "openssl:libcrypto_shared", - ] - defines = [ "OPENSSL_SUPPRESS_DEPRECATED" ] + if (is_arkui_x) { + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "openssl:libcrypto_shared", + ] + defines = [ + "IS_ARKUI_X_TARGET", + "OPENSSL_SUPPRESS_DEPRECATED", + ] + } else { + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "huks:libhukssdk", + "openssl:libcrypto_shared", + ] + defines = [ "OPENSSL_SUPPRESS_DEPRECATED" ] + } } } else if (os_level == "mini") { ohos_static_library("crypto_mbedtls_plugin_lib") { diff --git a/plugin/openssl_plugin/crypto_operation/rand/inc/rand_hks_provider.h b/plugin/openssl_plugin/crypto_operation/rand/inc/rand_hks_provider.h index 2544c9e..24c9036 100644 --- a/plugin/openssl_plugin/crypto_operation/rand/inc/rand_hks_provider.h +++ b/plugin/openssl_plugin/crypto_operation/rand/inc/rand_hks_provider.h @@ -22,6 +22,6 @@ #define CRYPTO_SEED_PROVIDER "provider=crypto-hw" int32_t HcfCryptoLoadSeedProvider(OSSL_LIB_CTX *libCtx, OSSL_PROVIDER **seedProvider); -void HcfCryptoUnloadSeedProvider(OSSL_PROVIDER *seedProvider); +void HcfCryptoUnloadSeedProvider(OSSL_PROVIDER **seedProvider); #endif \ No newline at end of file diff --git a/plugin/openssl_plugin/crypto_operation/rand/src/rand_hks_provider.c b/plugin/openssl_plugin/crypto_operation/rand/src/rand_hks_provider.c index f7420c8..7edac75 100644 --- a/plugin/openssl_plugin/crypto_operation/rand/src/rand_hks_provider.c +++ b/plugin/openssl_plugin/crypto_operation/rand/src/rand_hks_provider.c @@ -23,7 +23,10 @@ #include #include "log.h" #include "memory.h" + +#ifndef IS_ARKUI_X_TARGET #include "hks_api.h" +#endif #define MAX_REQUESTS 128 #define STRENGTH 1024 @@ -37,12 +40,26 @@ typedef struct { int state; } CryptoProSeedSrc; +#ifdef IS_ARKUI_X_TARGET +struct HksBlob { + uint8_t *data; + size_t size; +}; + +static int32_t HksGenerateRandom(void *provCtx, struct HksBlob *randomBlob) +{ + (void)provCtx; + (void)randomBlob; + return HCF_OPENSSL_FAILURE; +} +#endif + static void *CryptoSeedSrcNew(void *provCtx, void *parent, const OSSL_DISPATCH *parentDispatch) { (void)parentDispatch; if (parent != NULL) { - LOGE("parent is NULL"); + LOGE("parent should be NULL"); return NULL; } @@ -92,6 +109,11 @@ static int CryptoSeedSrcGenerate(void *vSeed, unsigned char *out, size_t outLen, return HCF_OPENSSL_FAILURE; } + if (out == NULL || outLen == 0) { + LOGE("out is NULL or outLen is 0"); + return HCF_OPENSSL_FAILURE; + } + struct HksBlob randomBlob; randomBlob.data = out; randomBlob.size = (uint32_t)outLen; @@ -245,11 +267,11 @@ int32_t HcfCryptoLoadSeedProvider(OSSL_LIB_CTX *libCtx, OSSL_PROVIDER **seedProv return HCF_OPENSSL_SUCCESS; } -void HcfCryptoUnloadSeedProvider(OSSL_PROVIDER *seedProvider) +void HcfCryptoUnloadSeedProvider(OSSL_PROVIDER **seedProvider) { - if (seedProvider == NULL) { + if (seedProvider == NULL || *seedProvider == NULL) { return; } - (void)OSSL_PROVIDER_unload(seedProvider); - seedProvider = NULL; + (void)OSSL_PROVIDER_unload(*seedProvider); + *seedProvider = NULL; } diff --git a/plugin/openssl_plugin/crypto_operation/rand/src/rand_openssl.c b/plugin/openssl_plugin/crypto_operation/rand/src/rand_openssl.c index da26a59..57b26b9 100644 --- a/plugin/openssl_plugin/crypto_operation/rand/src/rand_openssl.c +++ b/plugin/openssl_plugin/crypto_operation/rand/src/rand_openssl.c @@ -103,9 +103,12 @@ static HcfResult EnableHardwareEntropy(HcfRandSpi *self) ret = OpensslRandSetSeedSourceType(impl->libCtx, "HW-SEED-SRC", CRYPTO_SEED_PROVIDER); if (ret != HCF_OPENSSL_SUCCESS) { LOGE("Failed to set seed source type"); + if (impl->seedProvider != NULL) { + HcfCryptoUnloadSeedProvider(&impl->seedProvider); + impl->seedProvider = NULL; + } OSSL_LIB_CTX_free(impl->libCtx); impl->libCtx = NULL; - HcfCryptoUnloadSeedProvider(impl->seedProvider); return HCF_ERR_CRYPTO_OPERATION; } @@ -148,16 +151,18 @@ static void DestroyRandOpenssl(HcfObjectBase *self) LOGE("Class is not match."); return; } - + HcfRandSpiImpl *impl = (HcfRandSpiImpl *)self; + if (impl->seedProvider != NULL) { + HcfCryptoUnloadSeedProvider(&impl->seedProvider); + impl->seedProvider = NULL; + } + if (impl->isHardwareEntropyEnabled && impl->libCtx != NULL) { OSSL_LIB_CTX_free(impl->libCtx); impl->libCtx = NULL; LOGD("Hardware entropy resources cleaned up"); } - if (impl->seedProvider != NULL) { - HcfCryptoUnloadSeedProvider(impl->seedProvider); - } HcfFree(self); } diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index c12d1a0..eeafe0b 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -74,6 +74,7 @@ ohos_unittest("crypto_framework_test") { "src/crypto_md_test.cpp", "src/crypto_openssl_common_test.cpp", "src/crypto_pbkdf2_test.cpp", + "src/crypto_rand_hardware_test.cpp", "src/crypto_rand_test.cpp", "src/crypto_rsa1024_asy_key_generator_by_spec_test.cpp", "src/crypto_rsa2048_asy_key_generator_by_spec_test.cpp", @@ -175,7 +176,12 @@ ohos_unittest("crypto_framework_test") { "bounds_checking_function:libsec_shared", "c_utils:utils", "hilog:libhilog", - "huks:libhukssdk", "openssl:libcrypto_shared", ] + + if (!is_arkui_x) { + external_deps += [ + "huks:libhukssdk", + ] + } } -- Gitee