packages/uadk_engine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:de71296f346db40aed8b57c70118640e0bfb77a5
Branches Tags
packages:main
...
compare: packages:8fe233de7a212fd7de3c26da893273678d1fbb3d
Branches Tags
packages:main

11 Commits
de71296f34 ... 8fe233de7a

Author SHA1 Message Date
openeuler-ci-bot
8fe233de7a
!56 [sync] PR-55: Adding the uadk_provider Library 
From: @openeuler-sync-bot 
Reviewed-by: @hao-fang 
Signed-off-by: @hao-fang
 2024-12-20 08:18:11 +00:00
Eingesch
de8288e8f7 uadk_engine: adding the uadk_provider library 
(cherry picked from commit 66c935685ac0a2f1c37fd09e88d24f793a8c24ba)
 2024-12-20 15:58:28 +08:00
openeuler-ci-bot
362407a9b8
!53 [sync] PR-52: Synchronize pr to NEXT branch 
From: @openeuler-sync-bot 
Reviewed-by: @hao-fang 
Signed-off-by: @hao-fang
 2024-11-28 06:43:49 +00:00
xuqi
186463890d Backport uadk engine patch 
(cherry picked from commit 0594c075e67f43b3cfa58352e9c88c889cd1df17)
 2024-11-27 14:08:15 +08:00
xuqi
280f872afb Backport uadk engine patch 
(cherry picked from commit d9f45e8d050a6ef6b7c9b56295e64eab4794e04a)
 2024-11-27 14:08:15 +08:00
openeuler-ci-bot
c7e31747fa
!44 20240118 
From: @gaozhangfei 
Reviewed-by: @xiao_jiang_shui, @hao-fang 
Signed-off-by: @hao-fang
 2024-02-27 12:01:59 +00:00
Zhangfei Gao
8245bf8b36 uadk_engine: update to 1.3.0 
use openssl 1.1

Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
 2024-02-01 04:30:59 +00:00
openeuler-ci-bot
c703bbad45
!35 Backport uadk engine patch form v1.0.1 to 1.2.0 
From: @xiao_jiang_shui 
Reviewed-by: @hao-fang 
Signed-off-by: @hao-fang
 2023-09-12 06:54:15 +00:00
JiangShui
830a871b72 Backport uadk engine patch form v1.0.1 to 1.2.0 2023-09-11 19:46:41 +08:00
openeuler-ci-bot
6dc1771a0f
!26 fix strip problem 
From: @linwenkai 
Reviewed-by: @hao-fang 
Signed-off-by: @hao-fang
 2023-03-20 03:35:51 +00:00
Wenkai Lin
7c6ec44511 Enable debuginfo for fix strip 
Remove global debug_package.

Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
 2023-03-20 10:11:22 +08:00
79 changed files with 6244 additions and 8822 deletions
Show Stats Expand all files Collapse all files

161
0001-digest-support-digest-multiple-update.patch
View File

@ -1,161 +0,0 @@
From 8cc0e8724565c12f0fa6f099070ec57504cd21fa Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 9 Dec 2021 15:39:32 +0800
Subject: [PATCH 01/18] digest: support digest multiple update
Support digest multiple updating by using the SEC stream mode.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 77 ++++++++++++++++++++++++++++++++++++++---------
1 file changed, 62 insertions(+), 15 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index db33d16..41de449 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -31,6 +31,8 @@
#define CTX_SYNC 0
#define CTX_ASYNC 1
#define CTX_NUM 2
+#define DIGEST_DOING 1
+#define DIGEST_END 0
#define ENV_ENABLED 1
/* The max BD data length is 16M-512B */
@@ -41,6 +43,7 @@
#define SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
#define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024)
#define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
+#define MAX_DIGEST_LENGTH 64
struct digest_threshold_table {
int nid;
@@ -69,12 +72,16 @@ struct evp_md_ctx_st {
int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
};
+#define DIGEST_BLOCK_SIZE 4096
+
struct digest_priv_ctx {
handle_t sess;
struct wd_digest_sess_setup setup;
struct wd_digest_req req;
unsigned char *data;
- long tail;
+ unsigned char out[MAX_DIGEST_LENGTH];
+ size_t tail;
+ size_t last_update_bufflen;
bool copy;
uint32_t e_nid;
EVP_MD_CTX *soft_ctx;
@@ -496,6 +503,13 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
if (unlikely(!priv->sess))
return 0;
+ priv->data = malloc(DIGEST_BLOCK_SIZE);
+ if (priv->data == NULL) {
+ wd_digest_free_sess(priv->sess);
+ return 0;
+ }
+ memset(priv->data, 0, DIGEST_BLOCK_SIZE);
+
priv->switch_threshold = sec_digest_get_sw_threshold(nid);
return 1;
@@ -504,6 +518,45 @@ soft_init:
return digest_soft_init(priv->soft_ctx, priv->e_nid);
}
+static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_len)
+{
+ struct digest_priv_ctx *priv =
+ (struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx);
+ const unsigned char *tmpdata = (const unsigned char *)data;
+ size_t left_len = data_len;
+ int copy_to_bufflen;
+ int ret;
+
+ priv->req.has_next = DIGEST_DOING;
+
+ while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) {
+ copy_to_bufflen = DIGEST_BLOCK_SIZE - priv->last_update_bufflen;
+ memcpy(priv->data + priv->last_update_bufflen, tmpdata, copy_to_bufflen);
+
+ priv->last_update_bufflen = DIGEST_BLOCK_SIZE;
+ priv->req.in_bytes = DIGEST_BLOCK_SIZE;
+ priv->req.in = priv->data;
+ priv->req.out = priv->out;
+ left_len -= copy_to_bufflen;
+ tmpdata += copy_to_bufflen;
+
+ ret = wd_do_digest_sync(priv->sess, &priv->req);
+ if (ret)
+ return 0;
+
+ priv->last_update_bufflen = 0;
+ memset(priv->data, 0, DIGEST_BLOCK_SIZE);
+ if (left_len <= DIGEST_BLOCK_SIZE) {
+ priv->last_update_bufflen = left_len;
+ memcpy(priv->data, tmpdata, priv->last_update_bufflen);
+ break;
+ }
+
+ }
+
+ return 1;
+}
+
static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_len)
{
struct digest_priv_ctx *priv =
@@ -512,20 +565,13 @@ static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_l
if (unlikely(priv->switch_flag == UADK_DO_SOFT))
goto soft_update;
- if ((data_len <= BUF_LEN - priv->tail) && (data_len > 0)) {
- if (!priv->data) {
- priv->data = OPENSSL_malloc(BUF_LEN);
- if (priv->data == NULL)
- return 0;
- }
-
- memcpy(priv->data + priv->tail, data, data_len);
- priv->tail += data_len;
-
+ if (priv->last_update_bufflen + data_len <= DIGEST_BLOCK_SIZE) {
+ memcpy(priv->data + priv->last_update_bufflen, data, data_len);
+ priv->last_update_bufflen += data_len;
return 1;
}
- return 0;
+ return digest_update_inner(ctx, data, data_len);
soft_update:
return digest_soft_update(priv->soft_ctx, priv->e_nid, data, data_len);
@@ -606,10 +652,10 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
(struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
int ret = 1;
struct async_op op;
-
+ priv->req.has_next = DIGEST_END;
priv->req.in = priv->data;
- priv->req.out = digest;
- priv->req.in_bytes = priv->tail;
+ priv->req.out = priv->out;
+ priv->req.in_bytes = priv->last_update_bufflen;
priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
ret = async_setup_async_event_notification(&op);
@@ -634,6 +680,7 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
if (!ret)
goto clear;
}
+ memcpy(digest, priv->req.out, priv->req.out_bytes);
return 1;
--
2.24.4

1118
0001-uadk_provider-add-aead-alg-for-uadk_provider-in-open.patch Normal file
View File

File diff suppressed because it is too large Load Diff

38
0002-uadk_engine-define-the-variable-as-const.patch
View File

@ -1,38 +0,0 @@
From b7bb19a4e5c239035926f952d24c2e95bf813fd8 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Mon, 20 Dec 2021 02:48:54 +0000
Subject: [PATCH 02/18] uadk_engine: define the variable as 'const'
Parameter: 'n' in the function has not been changed,
it should be defined as 'const'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_rsa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index bab3c24..75ae0d1 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -174,7 +174,7 @@ static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
}
static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
- int *n, BIGNUM *rsa_p, BIGNUM *rsa_q,
+ const int *n, BIGNUM *rsa_p, BIGNUM *rsa_q,
BIGNUM *r1, BIGNUM *r2, BN_CTX *ctx,
BN_GENCB *cb)
{
@@ -268,7 +268,7 @@ static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
return UADK_E_SUCCESS;
}
-static int check_prime_useful(int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2,
+static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2,
BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb)
{
unsigned long err;
--
2.24.4

236
0002-uadk_provider-move-functions-to-uadk_prov_pkey.patch Normal file
View File

@ -0,0 +1,236 @@
From eca4ec079ef076296c791cea431f01b04dda412a Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Thu, 19 Dec 2024 15:57:51 +0800
Subject: [PATCH 02/10] uadk_provider: move functions to uadk_prov_pkey
The ecc algorithm initialization and resource release
processes are the same. Therefore, the functions uadk_prov_sm2_init()
and uadk_prov_sm2_uninit() functions are moved from uadk_prov_sm2.c to
uadk_prov_pkey.c and change the functions name.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: JiangShui Yang <yangjiangshui@h-partners.com>
---
src/uadk_prov.h | 2 +-
src/uadk_prov_init.c | 2 +-
src/uadk_prov_pkey.c | 44 ++++++++++++++++++++++++++++++++
src/uadk_prov_pkey.h | 2 +-
src/uadk_prov_sm2.c | 61 ++++++--------------------------------------
5 files changed, 55 insertions(+), 56 deletions(-)
diff --git a/src/uadk_prov.h b/src/uadk_prov.h
index ac82245..e85aff8 100644
--- a/src/uadk_prov.h
+++ b/src/uadk_prov.h
@@ -184,7 +184,7 @@ void uadk_prov_destroy_cipher(void);
void uadk_prov_destroy_aead(void);
void uadk_prov_destroy_rsa(void);
void uadk_prov_destroy_dh(void);
-void uadk_prov_sm2_uninit(void);
+void uadk_prov_ecc_uninit(void);
void uadk_prov_dh_uninit(void);
int uadk_prov_cipher_version(void);
diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c
index 772ddbb..55202ae 100644
--- a/src/uadk_prov_init.c
+++ b/src/uadk_prov_init.c
@@ -240,7 +240,7 @@ static void uadk_teardown(void *provctx)
uadk_prov_destroy_cipher();
uadk_prov_destroy_aead();
uadk_prov_destroy_rsa();
- uadk_prov_sm2_uninit();
+ uadk_prov_ecc_uninit();
uadk_prov_dh_uninit();
OPENSSL_free(ctx);
OSSL_PROVIDER_unload(prov);
diff --git a/src/uadk_prov_pkey.c b/src/uadk_prov_pkey.c
index d1f7afe..6e0612e 100644
--- a/src/uadk_prov_pkey.c
+++ b/src/uadk_prov_pkey.c
@@ -34,6 +34,13 @@ static int p_keymgmt_support_state[KEYMGMT_TYPE];
static int p_signature_support_state[SIGNATURE_TYPE];
static int p_asym_cipher_support_state[ASYM_CIPHER_TYPE];
+struct ecc_prov {
+ int pid;
+};
+
+static struct ecc_prov g_ecc_prov;
+static pthread_mutex_t ecc_mutex = PTHREAD_MUTEX_INITIALIZER;
+
/* Mapping between a flag and a name */
static const OSSL_ITEM encoding_nameid_map[] = {
{ OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
@@ -767,3 +774,40 @@ void uadk_prov_asym_cipher_alg(void)
uadk_prov_asym_cipher_set_support_state(i, PROV_SUPPORT);
}
}
+
+static void uadk_prov_ecc_mutex_infork(void)
+{
+ /* Release the replication lock of the child process */
+ pthread_mutex_unlock(&ecc_mutex);
+}
+
+int uadk_prov_ecc_init(const char *alg_name)
+{
+ int ret;
+
+ pthread_atfork(NULL, NULL, uadk_prov_ecc_mutex_infork);
+ pthread_mutex_lock(&ecc_mutex);
+ if (g_ecc_prov.pid != getpid()) {
+ ret = wd_ecc_init2((char *)alg_name, SCHED_POLICY_RR, TASK_HW);
+ if (unlikely(ret)) {
+ pthread_mutex_unlock(&ecc_mutex);
+ return UADK_P_FAIL;
+ }
+ g_ecc_prov.pid = getpid();
+ async_register_poll_fn(ASYNC_TASK_ECC, uadk_prov_ecc_poll);
+ }
+ pthread_mutex_unlock(&ecc_mutex);
+
+ return UADK_P_SUCCESS;
+}
+
+/* Uninit only when the process exits, will not uninit when thread exits. */
+void uadk_prov_ecc_uninit(void)
+{
+ pthread_mutex_lock(&ecc_mutex);
+ if (g_ecc_prov.pid == getpid()) {
+ wd_ecc_uninit2();
+ g_ecc_prov.pid = 0;
+ }
+ pthread_mutex_unlock(&ecc_mutex);
+}
diff --git a/src/uadk_prov_pkey.h b/src/uadk_prov_pkey.h
index 0e27fcb..3eb9667 100644
--- a/src/uadk_prov_pkey.h
+++ b/src/uadk_prov_pkey.h
@@ -41,7 +41,6 @@
#define UADK_ECC_MAX_KEY_BITS 521
#define UADK_ECC_MAX_KEY_BYTES 66
#define UADK_ECC_CV_PARAM_NUM 6
-#define UADK_P_INTI_SUCCESS 0
#define UADK_P_SUCCESS 1
#define UADK_P_FAIL 0
#define UADK_P_INVALID (-1)
@@ -440,5 +439,6 @@ int uadk_prov_ecc_set_public_key(handle_t sess, const EC_KEY *eckey);
void uadk_prov_signature_alg(void);
void uadk_prov_asym_cipher_alg(void);
int uadk_prov_asym_cipher_get_support_state(int alg_tag);
+int uadk_prov_ecc_init(const char *alg_name);
#endif
diff --git a/src/uadk_prov_sm2.c b/src/uadk_prov_sm2.c
index b6d5d01..e27cccb 100644
--- a/src/uadk_prov_sm2.c
+++ b/src/uadk_prov_sm2.c
@@ -36,8 +36,6 @@ UADK_PKEY_KEYMGMT_DESCR(sm2, SM2);
UADK_PKEY_SIGNATURE_DESCR(sm2, SM2);
UADK_PKEY_ASYM_CIPHER_DESCR(sm2, SM2);
-static pthread_mutex_t sm2_mutex = PTHREAD_MUTEX_INITIALIZER;
-
static const OSSL_PARAM sm2_asym_cipher_known_settable_ctx_params[] = {
OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_PROPERTIES, NULL, 0),
@@ -64,12 +62,6 @@ static const OSSL_PARAM sm2_sig_known_gettable_ctx_params[] = {
OSSL_PARAM_END
};
-struct sm2_prov {
- int pid;
-};
-
-static struct sm2_prov g_sm2_prov;
-
enum {
CTX_INIT_FAIL = -1,
CTX_UNINIT,
@@ -457,43 +449,6 @@ static const OSSL_PARAM *uadk_keymgmt_sm2_gen_settable_params(ossl_unused void *
return get_default_sm2_keymgmt().gen_settable_params(genctx, provctx);
}
-static void uadk_prov_sm2_mutex_infork(void)
-{
- /* Release the replication lock of the child process */
- pthread_mutex_unlock(&sm2_mutex);
-}
-
-int uadk_prov_sm2_init(void)
-{
- int ret;
-
- pthread_atfork(NULL, NULL, uadk_prov_sm2_mutex_infork);
- pthread_mutex_lock(&sm2_mutex);
- if (g_sm2_prov.pid != getpid()) {
- ret = wd_ecc_init2("sm2", SCHED_POLICY_RR, TASK_HW);
- if (unlikely(ret)) {
- pthread_mutex_unlock(&sm2_mutex);
- return ret;
- }
- g_sm2_prov.pid = getpid();
- async_register_poll_fn(ASYNC_TASK_ECC, uadk_prov_ecc_poll);
- }
- pthread_mutex_unlock(&sm2_mutex);
-
- return UADK_P_INTI_SUCCESS;
-}
-
-/* Uninit only when the process exits, will not uninit when thread exits. */
-void uadk_prov_sm2_uninit(void)
-{
- pthread_mutex_lock(&sm2_mutex);
- if (g_sm2_prov.pid == getpid()) {
- wd_ecc_uninit2();
- g_sm2_prov.pid = 0;
- }
- pthread_mutex_unlock(&sm2_mutex);
-}
-
static int uadk_prov_sm2_keygen_init_iot(handle_t sess, struct wd_ecc_req *req)
{
struct wd_ecc_out *ecc_out = wd_sm2_new_kg_out(sess);
@@ -671,8 +626,8 @@ static void *uadk_keymgmt_sm2_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cba
}
/* SM2 hardware init */
- ret = uadk_prov_sm2_init();
- if (ret) {
+ ret = uadk_prov_ecc_init("sm2");
+ if (ret == UADK_P_FAIL) {
fprintf(stderr, "failed to init sm2\n");
goto free_ec_key;
}
@@ -1001,10 +956,10 @@ static int uadk_signature_sm2_sign_init(void *vpsm2ctx, void *ec,
}
/* Init with UADK */
- ret = uadk_prov_sm2_init();
- if (ret) {
+ ret = uadk_prov_ecc_init("sm2");
+ if (ret == UADK_P_FAIL) {
fprintf(stderr, "failed to init sm2\n");
- return UADK_P_FAIL;
+ return ret;
}
psm2ctx->sm2_pctx->init_status = CTX_INIT_SUCC;
@@ -2408,10 +2363,10 @@ static int uadk_asym_cipher_sm2_encrypt_init(void *vpsm2ctx, void *vkey,
}
/* Init with UADK */
- ret = uadk_prov_sm2_init();
- if (ret) {
+ ret = uadk_prov_ecc_init("sm2");
+ if (ret == UADK_P_FAIL) {
fprintf(stderr, "failed to init sm2\n");
- return UADK_P_FAIL;
+ return ret;
}
smctx->init_status = CTX_INIT_SUCC;
--
2.25.1

113
0003-ecc-fix-codecheck-warning.patch
View File

@ -1,113 +0,0 @@
From 1cd8bd255ae0f55742d2dffa7ba09aea28d56c9a Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Wed, 22 Dec 2021 03:37:13 +0000
Subject: [PATCH 03/18] ecc: fix codecheck warning
fix a more than 50 lines function 'uadk_wd_ecc_init'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_pkey.c | 61 +++++++++++++++++++++++++------------------------
1 file changed, 31 insertions(+), 30 deletions(-)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index c20b22b..62362b0 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -178,38 +178,20 @@ static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev)
return async_register_poll_fn(ASYNC_TASK_ECC, uadk_e_ecc_env_poll);
}
-static int uadk_wd_ecc_init(struct ecc_res_config *config)
+static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
+ struct wd_sched *sched)
{
- struct wd_sched *sched = &config->sched.wd_sched;
struct wd_ctx_config *ctx_cfg;
- struct uacce_dev *dev;
int ret, i;
- /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */
- dev = wd_get_accel_dev("ecdsa");
- if (!dev)
- return -ENOMEM;
-
- config->numa_id = dev->numa_id;
-
- ret = uadk_e_is_env_enabled("ecc");
- if (ret == ENV_ENABLED) {
- ret = uadk_e_wd_ecc_env_init(dev);
- goto free_dev;
- }
-
- if (ecc_res.ctx_res) {
- ret = 0;
- goto free_dev;
- }
+ if (ecc_res.ctx_res)
+ return 0;
ctx_cfg = calloc(1, sizeof(struct wd_ctx_config));
- if (!ctx_cfg) {
+ if (!ctx_cfg)
ret = -ENOMEM;
- goto free_dev;
- }
- ecc_res.ctx_res = ctx_cfg;
+ ecc_res.ctx_res = ctx_cfg;
ctx_cfg->ctx_num = CTX_NUM;
ctx_cfg->ctxs = calloc(CTX_NUM, sizeof(struct wd_ctx));
if (!ctx_cfg->ctxs) {
@@ -230,23 +212,42 @@ static int uadk_wd_ecc_init(struct ecc_res_config *config)
if (ret)
goto free_ctx;
- free(dev);
-
return async_register_poll_fn(ASYNC_TASK_ECC, uadk_ecc_poll);
free_ctx:
for (i = 0; i < CTX_NUM; i++) {
- if (ctx_cfg->ctxs[i].ctx) {
+ if (ctx_cfg->ctxs[i].ctx)
wd_release_ctx(ctx_cfg->ctxs[i].ctx);
- ctx_cfg->ctxs[i].ctx = 0;
- }
}
free(ctx_cfg->ctxs);
free_cfg:
free(ctx_cfg);
ecc_res.ctx_res = NULL;
-free_dev:
+
+ return ret;
+}
+
+static int uadk_wd_ecc_init(struct ecc_res_config *config)
+{
+ struct wd_sched *sched = &config->sched.wd_sched;
+ struct uacce_dev *dev;
+ int ret;
+
+ /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */
+ dev = wd_get_accel_dev("ecdsa");
+ if (!dev)
+ return -ENOMEM;
+
+ config->numa_id = dev->numa_id;
+
+ ret = uadk_e_is_env_enabled("ecc");
+ if (ret)
+ ret = uadk_e_wd_ecc_env_init(dev);
+ else
+ ret = uadk_e_wd_ecc_general_init(dev, sched);
+
free(dev);
+
return ret;
}
--
2.24.4

101
0003-uadk_provider-add-query_operation_name-callback-for-.patch Normal file
View File

@ -0,0 +1,101 @@
From 7c975126c71002a87ec91e5e58e84e7009ecd69b Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Thu, 19 Dec 2024 15:57:54 +0800
Subject: [PATCH 03/10] uadk_provider: add query_operation_name callback for
keymgmt
The key generation process may query the name of the algorithm
supported by operation_id. If callback is not implemented, task will fail.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: JiangShui Yang <yangjiangshui@h-partners.com>
---
src/uadk_prov_dh.c | 8 ++++++++
src/uadk_prov_pkey.h | 3 +++
src/uadk_prov_rsa.c | 8 ++++++++
src/uadk_prov_sm2.c | 10 ++++++++++
4 files changed, 29 insertions(+)
diff --git a/src/uadk_prov_dh.c b/src/uadk_prov_dh.c
index e5c956c..8d2c6f6 100644
--- a/src/uadk_prov_dh.c
+++ b/src/uadk_prov_dh.c
@@ -190,6 +190,14 @@ typedef struct {
char *kdf_cekalg;
} PROV_DH_KEYEXCH_CTX;
+static const char *uadk_keymgmt_dh_query_operation_name(int operation_id)
+{
+ if (get_default_dh_keymgmt().query_operation_name == NULL)
+ return NULL;
+
+ return get_default_dh_keymgmt().query_operation_name(operation_id);
+}
+
static void *uadk_keymgmt_dh_new(void *provctx)
{
if (get_default_dh_keymgmt().new_fun == NULL)
diff --git a/src/uadk_prov_pkey.h b/src/uadk_prov_pkey.h
index 3eb9667..c9ddba1 100644
--- a/src/uadk_prov_pkey.h
+++ b/src/uadk_prov_pkey.h
@@ -168,6 +168,7 @@ static OSSL_FUNC_keymgmt_import_types_fn uadk_keymgmt_##nm##_import_types; \
static OSSL_FUNC_keymgmt_export_fn uadk_keymgmt_##nm##_export; \
static OSSL_FUNC_keymgmt_export_types_fn uadk_keymgmt_##nm##_export_types; \
static OSSL_FUNC_keymgmt_dup_fn uadk_keymgmt_##nm##_dup; \
+static OSSL_FUNC_keymgmt_query_operation_name_fn uadk_keymgmt_##nm##_query_operation_name; \
static UADK_PKEY_KEYMGMT get_default_##nm##_keymgmt(void) \
{ \
static UADK_PKEY_KEYMGMT s_keymgmt; \
@@ -215,6 +216,8 @@ const OSSL_DISPATCH uadk_##nm##_keymgmt_functions[] = { \
{ OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))uadk_keymgmt_##nm##_export }, \
{ OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))uadk_keymgmt_##nm##_export_types }, \
{ OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))uadk_keymgmt_##nm##_dup }, \
+ { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, \
+ (void (*)(void))uadk_keymgmt_##nm##_query_operation_name }, \
{ 0, NULL } \
} \
diff --git a/src/uadk_prov_rsa.c b/src/uadk_prov_rsa.c
index 9872b27..d1ec153 100644
--- a/src/uadk_prov_rsa.c
+++ b/src/uadk_prov_rsa.c
@@ -2476,6 +2476,14 @@ static const OSSL_PARAM *uadk_asym_cipher_rsa_settable_ctx_params(void *vprsactx
return get_default_rsa_asym_cipher().settable_ctx_params(vprsactx, provctx);
}
+static const char *uadk_keymgmt_rsa_query_operation_name(int operation_id)
+{
+ if (!get_default_rsa_keymgmt().query_operation_name)
+ return NULL;
+
+ return get_default_rsa_keymgmt().query_operation_name(operation_id);
+}
+
static void *uadk_keymgmt_rsa_new(void *provctx)
{
if (!get_default_rsa_keymgmt().new_fun)
diff --git a/src/uadk_prov_sm2.c b/src/uadk_prov_sm2.c
index e27cccb..df753bd 100644
--- a/src/uadk_prov_sm2.c
+++ b/src/uadk_prov_sm2.c
@@ -191,6 +191,16 @@ ASN1_SEQUENCE(SM2_Ciphertext) = {
IMPLEMENT_ASN1_FUNCTIONS(SM2_Ciphertext)
+static const char *uadk_keymgmt_sm2_query_operation_name(int operation_id)
+{
+ if (!get_default_sm2_keymgmt().query_operation_name) {
+ fprintf(stderr, "failed to get keymgmt query_operation_name function\n");
+ return NULL;
+ }
+
+ return get_default_sm2_keymgmt().query_operation_name(operation_id);
+}
+
/**
* Create an uadk provider side sm2 key object.
*
--
2.25.1

28
0004-rsa-delete-redundant-copy.patch
View File

@ -1,28 +0,0 @@
From 6c916851ae54c9272a96c7af73cba83598ab3c43 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Wed, 22 Dec 2021 03:51:48 +0000
Subject: [PATCH 04/18] rsa: delete redundant copy
'from_buf' and 'req.src' point to the same address space,
redundant copy is not required.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_rsa.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 75ae0d1..1e1e226 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1595,7 +1595,6 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
goto free_buf;
}
- memcpy(rsa_sess->req.src, from_buf, rsa_sess->req.src_bytes);
ret = rsa_do_crypto(rsa_sess);
if (!ret || rsa_sess->req.status) {
ret = UADK_DO_SOFT;
--
2.24.4

902
0004-uadk_provider-support-ec-keymgmt-hardware-accelerati.patch Normal file
View File

@ -0,0 +1,902 @@
From f124acb1af235ecd30249f903573175c1ea624a2 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Thu, 19 Dec 2024 15:57:57 +0800
Subject: [PATCH 04/10] uadk_provider: support ec keymgmt hardware acceleration
Support ECDH key generation.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: JiangShui Yang <yangjiangshui@h-partners.com>
---
src/Makefile.am | 3 +-
src/uadk_prov.h | 2 +
src/uadk_prov_ec_kmgmt.c | 746 +++++++++++++++++++++++++++++++++++++++
src/uadk_prov_init.c | 2 +
src/uadk_prov_pkey.c | 26 +-
src/uadk_prov_pkey.h | 9 +
6 files changed, 785 insertions(+), 3 deletions(-)
create mode 100644 src/uadk_prov_ec_kmgmt.c
diff --git a/src/Makefile.am b/src/Makefile.am
index 921305b..b2e2c06 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -65,7 +65,8 @@ uadk_provider_la_SOURCES=uadk_prov_init.c uadk_async.c uadk_utils.c \
uadk_prov_rsa.c uadk_prov_dh.c \
uadk_prov_bio.c uadk_prov_der_writer.c uadk_prov_packet.c \
uadk_prov_pkey.c uadk_prov_sm2.c \
- uadk_prov_ffc.c uadk_prov_aead.c
+ uadk_prov_ffc.c uadk_prov_aead.c \
+ uadk_prov_ec_kmgmt.c
uadk_provider_la_LDFLAGS=-module -version-number $(VERSION)
uadk_provider_la_LIBADD=$(WD_LIBS) -lpthread
diff --git a/src/uadk_prov.h b/src/uadk_prov.h
index e85aff8..9c310b7 100644
--- a/src/uadk_prov.h
+++ b/src/uadk_prov.h
@@ -179,6 +179,8 @@ extern const OSSL_DISPATCH uadk_sm2_keymgmt_functions[FUNC_MAX_NUM];
extern const OSSL_DISPATCH uadk_sm2_signature_functions[FUNC_MAX_NUM];
extern const OSSL_DISPATCH uadk_sm2_asym_cipher_functions[FUNC_MAX_NUM];
+extern const OSSL_DISPATCH uadk_ec_keymgmt_functions[FUNC_MAX_NUM];
+
void uadk_prov_destroy_digest(void);
void uadk_prov_destroy_cipher(void);
void uadk_prov_destroy_aead(void);
diff --git a/src/uadk_prov_ec_kmgmt.c b/src/uadk_prov_ec_kmgmt.c
new file mode 100644
index 0000000..86182bd
--- /dev/null
+++ b/src/uadk_prov_ec_kmgmt.c
@@ -0,0 +1,746 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+ * Copyright 2024 Huawei Technologies Co.,Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <uadk/wd_ecc.h>
+#include "uadk_async.h"
+#include "uadk_prov.h"
+#include "uadk_prov_pkey.h"
+
+#define UADK_PROV_ECC_PADDING 7
+#define UADK_PROV_RAND_MAX_CNT 1000
+#define UADK_EC_DEFAULT_FLAGS 0
+#define UADK_EC_FLAGS_ERROR (-1)
+
+static const OSSL_ITEM check_group_type_nameid_map[] = {
+ {0, OSSL_PKEY_EC_GROUP_CHECK_DEFAULT},
+ {EC_FLAG_CHECK_NAMED_GROUP, OSSL_PKEY_EC_GROUP_CHECK_NAMED},
+ {EC_FLAG_CHECK_NAMED_GROUP_NIST, OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST},
+};
+
+UADK_PKEY_KEYMGMT_DESCR(ec, EC);
+
+static int ec_param_check(struct ec_gen_ctx *gctx, EC_KEY *ec)
+{
+ const EC_GROUP *group;
+ int type, ret;
+
+ ret = uadk_prov_ecc_genctx_check(gctx, ec);
+ if (!ret) {
+ fprintf(stderr, "failed to check genctx!\n");
+ return ret;
+ }
+
+ group = EC_KEY_get0_group(ec);
+ /* Field GF(2m) is not supported by uadk */
+ type = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
+ if (type != NID_X9_62_prime_field) {
+ fprintf(stderr, "invalid: uadk unsupport Field GF(2m)!\n");
+ return UADK_P_FAIL;
+ }
+
+ return uadk_prov_ecc_bit_check(group);
+}
+
+static int ec_set_public_key(EC_KEY *ec, struct wd_ecc_out *ec_out)
+{
+ int key_size_std, key_size_x, key_size_y;
+ struct wd_ecc_point *pubkey = NULL;
+ int ret = UADK_P_FAIL;
+ const EC_GROUP *group;
+ int x_shift, y_shift;
+ unsigned char *buff;
+ EC_POINT *point;
+ int buff_size;
+
+ wd_ecxdh_get_out_params(ec_out, &pubkey);
+ if (!pubkey) {
+ fprintf(stderr, "failed to get pubkey!\n");
+ return ret;
+ }
+
+ group = EC_KEY_get0_group(ec);
+ point = EC_POINT_new(group);
+ if (!point) {
+ fprintf(stderr, "failed to new ec point!\n");
+ return ret;
+ }
+
+ key_size_std = (unsigned int)(EC_GROUP_get_degree(group) +
+ UADK_PROV_ECC_PADDING) >> TRANS_BITS_BYTES_SHIFT;
+ key_size_x = pubkey->x.dsize;
+ key_size_y = pubkey->y.dsize;
+ if (key_size_x > key_size_std || key_size_y > key_size_std) {
+ fprintf(stderr, "invalid: key size is error!\n");
+ goto free_point;
+ }
+
+ /*
+ * The public key is composed as: tag + point_x + point_y
+ * tag - 1 byte
+ * point_x - [key_size_std] bytes
+ * point_y - [key_size_std] bytes
+ */
+ buff_size = ECC_POINT_SIZE(key_size_std) + 1;
+ x_shift = key_size_std - key_size_x + 1;
+ y_shift = buff_size - key_size_y;
+ buff = (unsigned char *)OPENSSL_zalloc(buff_size);
+ if (!buff) {
+ fprintf(stderr, "failed to alloc buf, buff_size = %d!\n",
+ buff_size);
+ goto free_point;
+ }
+
+ buff[0] = UADK_OCTET_STRING;
+ memcpy(buff + x_shift, pubkey->x.data, key_size_x);
+ memcpy(buff + y_shift, pubkey->y.data, key_size_y);
+
+ ret = EC_POINT_oct2point(group, point, buff, buff_size, NULL);
+ if (!ret) {
+ fprintf(stderr, "failed to do EC_POINT_oct2point!\n");
+ goto free_buf;
+ }
+
+ ret = EC_KEY_set_public_key(ec, point);
+ if (!ret)
+ fprintf(stderr, "failed to do EC_KEY_set_public_key!\n");
+
+free_buf:
+ OPENSSL_free(buff);
+free_point:
+ EC_POINT_free(point);
+
+ return ret;
+}
+
+static handle_t ec_alloc_sess(EC_KEY *ec, struct wd_ecc_out **ec_out)
+{
+ handle_t sess;
+ int ret;
+
+ ret = uadk_prov_keymgmt_get_support_state(KEYMGMT_EC);
+ if (!ret) {
+ fprintf(stderr, "failed to get hardware ecdh keygen support!\n");
+ return ret;
+ }
+
+ ret = uadk_prov_ecc_init("ecdh");
+ if (!ret) {
+ fprintf(stderr, "failed to init ecdh!\n");
+ return ret;
+ }
+
+ sess = uadk_prov_ecc_alloc_sess(ec, "ecdh");
+ if (!sess) {
+ fprintf(stderr, "failed to alloc ec sess!\n");
+ return ret;
+ }
+
+ *ec_out = wd_ecxdh_new_out(sess);
+ if (!(*ec_out)) {
+ fprintf(stderr, "failed to new sign out\n");
+ wd_ecc_free_sess(sess);
+ return UADK_P_FAIL;
+ }
+
+ return sess;
+}
+
+static void ec_free_sess(handle_t sess, struct wd_ecc_out *ec_out)
+{
+ wd_ecc_del_out(sess, ec_out);
+ wd_ecc_free_sess(sess);
+}
+
+static int ec_set_private_key(EC_KEY *ec, BIGNUM *priv_key)
+{
+ BIGNUM *priv_k = priv_key;
+ int ret = UADK_P_FAIL;
+ const EC_GROUP *group;
+ const BIGNUM *order;
+ int cnt = 0;
+
+ if (priv_k)
+ goto set_key;
+
+ priv_k = BN_new();
+ if (!priv_k) {
+ fprintf(stderr, "failed to BN_new priv_k!\n");
+ return UADK_P_FAIL;
+ }
+
+ group = EC_KEY_get0_group(ec);
+ order = EC_GROUP_get0_order(group);
+
+ do {
+ cnt++;
+ if (cnt > UADK_PROV_RAND_MAX_CNT) {
+ fprintf(stderr, "failed to get appropriate prikey, timeout\n");
+ goto free_priv_k;
+ }
+
+ if (!BN_priv_rand_range(priv_k, order)) {
+ fprintf(stderr, "failed to get rand data!\n");
+ goto free_priv_k;
+ }
+ } while (BN_is_zero(priv_k) || BN_is_one(priv_k));
+
+set_key:
+ ret = EC_KEY_set_private_key(ec, priv_k);
+ if (!ret)
+ fprintf(stderr, "failed to set private key!\n");
+
+free_priv_k:
+ if (!priv_key)
+ BN_clear_free(priv_k);
+ return ret;
+}
+
+static int ec_update_private_key(EC_KEY *ec, handle_t sess, BIGNUM *priv_key)
+{
+ int ret;
+
+ ret = ec_set_private_key(ec, priv_key);
+ if (!ret)
+ return ret;
+
+ return uadk_prov_ecc_set_private_key(sess, ec);
+}
+
+static int ec_hw_keygen(EC_KEY *ec, BIGNUM *priv_key)
+{
+ struct wd_ecc_out *ec_out = NULL;
+ struct wd_ecc_req req = {0};
+ handle_t sess;
+ int ret;
+
+ sess = ec_alloc_sess(ec, &ec_out);
+ if (!sess) {
+ fprintf(stderr, "failed to alloc sess!\n");
+ return UADK_P_FAIL;
+ }
+
+ ret = ec_update_private_key(ec, sess, priv_key);
+ if (!ret) {
+ fprintf(stderr, "failed to update private key!\n");
+ goto free_sess;
+ }
+
+ uadk_prov_ecc_fill_req(&req, WD_ECXDH_GEN_KEY, NULL, ec_out);
+ ret = uadk_prov_ecc_crypto(sess, &req, (void *)sess);
+ if (!ret) {
+ fprintf(stderr, "failed to generate key!\n");
+ goto free_sess;
+ }
+
+ ret = ec_set_public_key(ec, ec_out);
+
+free_sess:
+ ec_free_sess(sess, ec_out);
+ return ret;
+}
+
+static int ec_set_cofactor_mode(EC_KEY *ec, int mode)
+{
+ const EC_GROUP *group = EC_KEY_get0_group(ec);
+ const BIGNUM *cofactor;
+ /*
+ * mode can be only 0 for disable, or 1 for enable here.
+ *
+ * This is in contrast with the same parameter on an ECDH EVP_PKEY_CTX that
+ * also supports mode == -1 with the meaning of "reset to the default for
+ * the associated key".
+ */
+ if (mode < COFACTOR_MODE_DISABLED || mode > COFACTOR_MODE_ENABLED)
+ return UADK_P_FAIL;
+
+ cofactor = EC_GROUP_get0_cofactor(group);
+ if (!cofactor)
+ return UADK_P_FAIL;
+
+ /* ECDH cofactor mode has no effect if cofactor is 1 */
+ if (BN_is_one(cofactor))
+ return UADK_P_SUCCESS;
+
+ if (mode == COFACTOR_MODE_ENABLED)
+ EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH);
+ else
+ EC_KEY_clear_flags(ec, EC_FLAG_COFACTOR_ECDH);
+
+ return UADK_P_SUCCESS;
+}
+
+static int ec_check_group_type_name2id(const char *name)
+{
+ size_t size = OSSL_NELEM(check_group_type_nameid_map);
+ size_t i;
+
+ /* Return the default value if there is no name */
+ if (!name)
+ return UADK_EC_DEFAULT_FLAGS;
+
+ for (i = 0; i < size; i++) {
+ if (!OPENSSL_strcasecmp(name, check_group_type_nameid_map[i].ptr))
+ return check_group_type_nameid_map[i].id;
+ }
+
+ return UADK_EC_FLAGS_ERROR;
+}
+
+static int ec_set_check_group_type(EC_KEY *ec, const char *name)
+{
+ int flags;
+
+ flags = ec_check_group_type_name2id(name);
+ if (flags == UADK_EC_FLAGS_ERROR)
+ return UADK_P_FAIL;
+
+ EC_KEY_clear_flags(ec, EC_FLAG_CHECK_NAMED_GROUP_MASK);
+ EC_KEY_set_flags(ec, flags);
+
+ return UADK_P_SUCCESS;
+}
+
+static void *uadk_keymgmt_ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
+{
+ struct ec_gen_ctx *gctx = genctx;
+ EC_KEY *ec;
+ int ret;
+
+ if (!gctx) {
+ fprintf(stderr, "invalid: gctx is NULL to ec gen!\n");
+ return NULL;
+ }
+
+ ec = EC_KEY_new_ex(gctx->libctx, NULL);
+ if (!ec) {
+ fprintf(stderr, "failed to new ec key!\n");
+ return NULL;
+ }
+
+ ret = ec_param_check(genctx, ec);
+ if (!ret) {
+ fprintf(stderr, "failed to check genctx!\n");
+ goto free_ec_key;
+ }
+
+ /* Whether you want it or not, you get a keypair, not just one half */
+ if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
+ ret = ec_hw_keygen(ec, gctx->priv_key);
+ if (!ret) {
+ fprintf(stderr, "failed to gen public key!\n");
+ goto free_ec_key;
+ }
+ }
+
+ if (gctx->ecdh_mode != COFACTOR_MODE_USE_KEY) {
+ ret = ec_set_cofactor_mode(ec, gctx->ecdh_mode);
+ if (!ret)
+ goto free_ec_key;
+ }
+
+ if (gctx->group_check) {
+ ret = ec_set_check_group_type(ec, gctx->group_check);
+ if (!ret)
+ goto free_ec_key;
+ }
+
+ return ec;
+
+free_ec_key:
+ EC_KEY_free(ec);
+ return NULL;
+}
+
+static void uadk_keymgmt_ec_gen_cleanup(void *genctx)
+{
+ struct ec_gen_ctx *gctx = genctx;
+
+ if (!gctx)
+ return;
+
+ EC_GROUP_free(gctx->gen_group);
+ BN_free(gctx->p);
+ BN_free(gctx->a);
+ BN_free(gctx->b);
+ BN_free(gctx->order);
+ BN_free(gctx->cofactor);
+ BN_clear_free(gctx->priv_key);
+ OPENSSL_free(gctx->group_name);
+ OPENSSL_free(gctx->field_type);
+ OPENSSL_free(gctx->pt_format);
+ OPENSSL_free(gctx->encoding);
+ OPENSSL_free(gctx->seed);
+ OPENSSL_free(gctx->gen);
+ OPENSSL_free(gctx);
+}
+
+static void *uadk_keymgmt_ec_gen_init(void *provctx, int selection,
+ const OSSL_PARAM params[])
+{
+ struct ec_gen_ctx *gctx;
+ int ret;
+
+ if (!provctx)
+ return NULL;
+
+ if (!(selection & OSSL_KEYMGMT_SELECT_ALL))
+ return NULL;
+
+ gctx = OPENSSL_zalloc(sizeof(*gctx));
+ if (!gctx)
+ return NULL;
+
+ gctx->libctx = prov_libctx_of(provctx);
+ gctx->selection = selection;
+
+ ret = uadk_keymgmt_ec_gen_set_params(gctx, params);
+ if (!ret) {
+ OPENSSL_free(gctx);
+ return NULL;
+ }
+
+ return gctx;
+}
+
+static int uadk_keymgmt_ec_gen_set_template(void *genctx, void *templ)
+{
+ struct ec_gen_ctx *gctx = genctx;
+ const EC_GROUP *src_group;
+ EC_GROUP *dst_group;
+ EC_KEY *ec = templ;
+
+ if (!gctx || !ec) {
+ fprintf(stderr, "invalid: genctx or templ is NULL!\n");
+ return UADK_P_FAIL;
+ }
+
+ src_group = EC_KEY_get0_group(ec);
+ if (!src_group) {
+ fprintf(stderr, "failed to get source group!\n");
+ return UADK_P_FAIL;
+ }
+
+ dst_group = EC_GROUP_dup(src_group);
+ if (!dst_group) {
+ fprintf(stderr, "failed to copy group!\n");
+ return UADK_P_FAIL;
+ }
+
+ EC_GROUP_free(gctx->gen_group);
+ gctx->gen_group = dst_group;
+
+ return UADK_P_SUCCESS;
+}
+
+static int ec_set_int_param(const char *key, int *val, const OSSL_PARAM params[])
+{
+ const OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate_const(params, key);
+ if (!p)
+ return UADK_P_SUCCESS;
+
+ return OSSL_PARAM_get_int(p, val);
+}
+
+static int ec_set_utf8_param(const char *key, char **val, const OSSL_PARAM params[])
+{
+ const OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate_const(params, key);
+ if (!p)
+ return UADK_P_SUCCESS;
+
+ if (p->data_type != OSSL_PARAM_UTF8_STRING)
+ return UADK_P_FAIL;
+
+ OPENSSL_free(*val);
+ *val = OPENSSL_strdup(p->data);
+ if (!(*val))
+ return UADK_P_FAIL;
+
+ return UADK_P_SUCCESS;
+}
+
+static int ec_set_bn_param(const char *key, BIGNUM **val, const OSSL_PARAM params[])
+{
+ const OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate_const(params, key);
+ if (!p)
+ return UADK_P_SUCCESS;
+
+ if (!(*val))
+ *val = BN_new();
+
+ if (!(*val))
+ return UADK_P_FAIL;
+
+ return OSSL_PARAM_get_BN(p, val);
+}
+
+static int ec_set_octet_param(const char *key, unsigned char **val,
+ size_t *val_len, const OSSL_PARAM params[])
+{
+ const OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate_const(params, key);
+ if (!p)
+ return UADK_P_SUCCESS;
+
+ if (p->data_type != OSSL_PARAM_OCTET_STRING)
+ return UADK_P_FAIL;
+
+ OPENSSL_free(*val);
+ *val = OPENSSL_memdup(p->data, p->data_size);
+ if (!(*val))
+ return UADK_P_FAIL;
+
+ *val_len = p->data_size;
+
+ return UADK_P_SUCCESS;
+}
+
+static int uadk_keymgmt_ec_gen_set_params(void *genctx, const OSSL_PARAM params[])
+{
+ struct ec_gen_ctx *gctx = genctx;
+ int ret;
+
+ if (!gctx) {
+ fprintf(stderr, "invalid: gctx is NULL to set params!\n");
+ return UADK_P_FAIL;
+ }
+
+ ret = ec_set_int_param(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, &gctx->ecdh_mode, params);
+ if (!ret)
+ return ret;
+
+ ret = ec_set_utf8_param(OSSL_PKEY_PARAM_GROUP_NAME, &gctx->group_name, params);
+ if (!ret)
+ return ret;
+
+ ret = ec_set_utf8_param(OSSL_PKEY_PARAM_EC_FIELD_TYPE, &gctx->field_type, params);
+ if (!ret)
+ return ret;
+
+ ret = ec_set_utf8_param(OSSL_PKEY_PARAM_EC_ENCODING, &gctx->encoding, params);
+ if (!ret)
+ return ret;
+
+ ret = ec_set_utf8_param(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+ &gctx->pt_format, params);
+ if (!ret)
+ return ret;
+
+ ret = ec_set_utf8_param(OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE,
+ &gctx->group_check, params);
+ if (!ret)
+ return ret;
+
+ ret = ec_set_bn_param(OSSL_PKEY_PARAM_EC_P, &gctx->p, params);
+ if (!ret)
+ return ret;
+
+ ret = ec_set_bn_param(OSSL_PKEY_PARAM_EC_A, &gctx->a, params);
+ if (!ret)
+ return ret;
+
+ ret = ec_set_bn_param(OSSL_PKEY_PARAM_EC_B, &gctx->b, params);
+ if (!ret)
+ return ret;
+
+ ret = ec_set_bn_param(OSSL_PKEY_PARAM_EC_ORDER, &gctx->order, params);
+ if (!ret)
+ return ret;
+
+ ret = ec_set_bn_param(OSSL_PKEY_PARAM_PRIV_KEY, &gctx->priv_key, params);
+ if (!ret)
+ return ret;
+
+ ret = ec_set_bn_param(OSSL_PKEY_PARAM_EC_COFACTOR, &gctx->cofactor, params);
+ if (!ret)
+ return ret;
+
+ ret = ec_set_octet_param(OSSL_PKEY_PARAM_EC_SEED, &gctx->seed,
+ &gctx->seed_len, params);
+ if (!ret)
+ return ret;
+
+ return ec_set_octet_param(OSSL_PKEY_PARAM_EC_GENERATOR,
+ &gctx->gen, &gctx->gen_len, params);
+}
+
+static const OSSL_PARAM *uadk_keymgmt_ec_gen_settable_params(ossl_unused void *genctx,
+ ossl_unused void *provctx)
+{
+ static OSSL_PARAM settable[] = {
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0),
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+ NULL, 0),
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_FIELD_TYPE, NULL, 0),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_P, NULL, 0),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_A, NULL, 0),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_B, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_GENERATOR, NULL, 0),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_ORDER, NULL, 0),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_COFACTOR, NULL, 0),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0),
+ OSSL_PARAM_END
+ };
+
+ return settable;
+}
+
+static void *uadk_keymgmt_ec_new(void *provctx)
+{
+ if (!get_default_ec_keymgmt().new_fun)
+ return NULL;
+
+ return get_default_ec_keymgmt().new_fun(provctx);
+}
+
+static void uadk_keymgmt_ec_free(void *keydata)
+{
+ if (!get_default_ec_keymgmt().free)
+ return;
+
+ return get_default_ec_keymgmt().free(keydata);
+}
+
+static int uadk_keymgmt_ec_get_params(void *key, OSSL_PARAM params[])
+{
+ if (!get_default_ec_keymgmt().get_params)
+ return UADK_P_FAIL;
+
+ return get_default_ec_keymgmt().get_params(key, params);
+}
+
+static const OSSL_PARAM *uadk_keymgmt_ec_gettable_params(void *provctx)
+{
+ if (!get_default_ec_keymgmt().gettable_params)
+ return NULL;
+
+ return get_default_ec_keymgmt().gettable_params(provctx);
+}
+
+static int uadk_keymgmt_ec_set_params(void *key, const OSSL_PARAM params[])
+{
+ if (!get_default_ec_keymgmt().set_params)
+ return UADK_P_FAIL;
+
+ return get_default_ec_keymgmt().set_params(key, params);
+}
+
+static const OSSL_PARAM *uadk_keymgmt_ec_settable_params(void *provctx)
+{
+ if (!get_default_ec_keymgmt().settable_params)
+ return NULL;
+
+ return get_default_ec_keymgmt().settable_params(provctx);
+}
+
+static void *uadk_keymgmt_ec_load(const void *reference, size_t reference_sz)
+{
+ if (!get_default_ec_keymgmt().load)
+ return NULL;
+
+ return get_default_ec_keymgmt().load(reference, reference_sz);
+}
+
+static int uadk_keymgmt_ec_has(const void *keydata, int selection)
+{
+ if (!get_default_ec_keymgmt().has)
+ return UADK_P_FAIL;
+
+ return get_default_ec_keymgmt().has(keydata, selection);
+}
+
+static int uadk_keymgmt_ec_validate(const void *keydata,
+ int selection, int checktype)
+{
+ if (!get_default_ec_keymgmt().validate)
+ return UADK_P_FAIL;
+
+ return get_default_ec_keymgmt().validate(keydata, selection, checktype);
+}
+
+static int uadk_keymgmt_ec_match(const void *keydata1,
+ const void *keydata2, int selection)
+{
+ if (!get_default_ec_keymgmt().match)
+ return UADK_P_FAIL;
+
+ return get_default_ec_keymgmt().match(keydata1, keydata2, selection);
+}
+
+static int uadk_keymgmt_ec_import(void *keydata, int selection,
+ const OSSL_PARAM params[])
+{
+ if (!get_default_ec_keymgmt().import)
+ return UADK_P_FAIL;
+
+ return get_default_ec_keymgmt().import(keydata, selection, params);
+}
+
+static const OSSL_PARAM *uadk_keymgmt_ec_import_types(int selection)
+{
+ if (!get_default_ec_keymgmt().import_types)
+ return NULL;
+
+ return get_default_ec_keymgmt().import_types(selection);
+}
+
+static int uadk_keymgmt_ec_export(void *keydata, int selection,
+ OSSL_CALLBACK *param_cb, void *cbarg)
+{
+ if (!get_default_ec_keymgmt().export_fun)
+ return UADK_P_FAIL;
+
+ return get_default_ec_keymgmt().export_fun(keydata, selection, param_cb, cbarg);
+}
+
+static const OSSL_PARAM *uadk_keymgmt_ec_export_types(int selection)
+{
+ if (!get_default_ec_keymgmt().export_types)
+ return NULL;
+
+ return get_default_ec_keymgmt().export_types(selection);
+}
+
+static void *uadk_keymgmt_ec_dup(const void *keydata_from, int selection)
+{
+ if (!get_default_ec_keymgmt().dup)
+ return NULL;
+
+ return get_default_ec_keymgmt().dup(keydata_from, selection);
+}
+
+static const char *uadk_keymgmt_ec_query_operation_name(int operation_id)
+{
+ if (!get_default_ec_keymgmt().query_operation_name)
+ return NULL;
+
+ return get_default_ec_keymgmt().query_operation_name(operation_id);
+}
diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c
index 55202ae..b5d3df5 100644
--- a/src/uadk_prov_init.c
+++ b/src/uadk_prov_init.c
@@ -174,6 +174,8 @@ static const OSSL_ALGORITHM uadk_prov_keymgmt[] = {
{ "DH", UADK_DEFAULT_PROPERTIES, uadk_dh_keymgmt_functions },
{ "SM2", UADK_DEFAULT_PROPERTIES,
uadk_sm2_keymgmt_functions, "uadk SM2 Keymgmt implementation." },
+ { "EC", UADK_DEFAULT_PROPERTIES,
+ uadk_ec_keymgmt_functions, "uadk EC Keymgmt implementation."},
{ NULL, NULL, NULL }
};
diff --git a/src/uadk_prov_pkey.c b/src/uadk_prov_pkey.c
index 6e0612e..170c30b 100644
--- a/src/uadk_prov_pkey.c
+++ b/src/uadk_prov_pkey.c
@@ -628,7 +628,7 @@ int uadk_prov_ecc_genctx_check(struct ec_gen_ctx *gctx, EC_KEY *ec)
return UADK_P_SUCCESS;
}
-static bool uadk_prov_support_algorithm(const char *alg)
+bool uadk_prov_support_algorithm(const char *alg)
{
struct uacce_dev_list *list = wd_get_accel_list(alg);
@@ -642,7 +642,7 @@ static bool uadk_prov_support_algorithm(const char *alg)
void uadk_prov_keymgmt_alg(void)
{
- static const char * const keymgmt_alg[] = {"sm2"};
+ static const char * const keymgmt_alg[] = {"sm2", "ecdh"};
__u32 i, size;
bool sp;
@@ -811,3 +811,25 @@ void uadk_prov_ecc_uninit(void)
}
pthread_mutex_unlock(&ecc_mutex);
}
+
+int uadk_prov_ecc_bit_check(const EC_GROUP *group)
+{
+ int bits = EC_GROUP_order_bits(group);
+
+ switch (bits) {
+ case ECC128BITS:
+ case ECC192BITS:
+ case ECC224BITS:
+ case ECC256BITS:
+ case ECC320BITS:
+ case ECC384BITS:
+ case ECC521BITS:
+ return UADK_P_SUCCESS;
+ default:
+ break;
+ }
+
+ fprintf(stderr, "invalid: unsupport key bits %d!\n", bits);
+
+ return UADK_P_FAIL;
+}
diff --git a/src/uadk_prov_pkey.h b/src/uadk_prov_pkey.h
index c9ddba1..1d4911c 100644
--- a/src/uadk_prov_pkey.h
+++ b/src/uadk_prov_pkey.h
@@ -68,6 +68,7 @@
enum {
KEYMGMT_SM2 = 0x0,
+ KEYMGMT_EC = 0x1,
KEYMGMT_MAX = 0x6
};
@@ -76,6 +77,12 @@ enum {
SIGNATURE_MAX = 0x3
};
+enum {
+ COFACTOR_MODE_USE_KEY = -1,
+ COFACTOR_MODE_DISABLED = 0,
+ COFACTOR_MODE_ENABLED = 1,
+};
+
struct curve_param {
/* Prime */
BIGNUM *p;
@@ -102,6 +109,7 @@ struct ec_gen_ctx {
int selection;
int ecdh_mode;
EC_GROUP *gen_group;
+ BIGNUM *priv_key;
};
typedef struct {
@@ -443,5 +451,6 @@ void uadk_prov_signature_alg(void);
void uadk_prov_asym_cipher_alg(void);
int uadk_prov_asym_cipher_get_support_state(int alg_tag);
int uadk_prov_ecc_init(const char *alg_name);
+int uadk_prov_ecc_bit_check(const EC_GROUP *group);
#endif
--
2.25.1

35
0005-rsa-fix-coverity-warning.patch
View File

@ -1,35 +0,0 @@
From f5fac71459234b4e44fe8ff386b19627e88ad680 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Wed, 22 Dec 2021 06:39:46 +0000
Subject: [PATCH 05/18] rsa: fix coverity warning
Parameter: 'n' in the function 'get_prime_once' has not
been changed, it should be defined as 'const'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_rsa.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 1e1e226..cb98159 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -307,10 +307,10 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r
return GET_ERR_FINISH;
}
-static int get_prime_once(int num, const int *bitsr, int *n, BIGNUM *prime,
- BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
- BIGNUM *r2, BIGNUM *e_pub, BN_CTX *ctx,
- BN_GENCB *cb)
+static int get_prime_once(int num, const int *bitsr, const int *n,
+ BIGNUM *prime, BIGNUM *rsa_p, BIGNUM *rsa_q,
+ BIGNUM *r1, BIGNUM *r2, BIGNUM *e_pub,
+ BN_CTX *ctx, BN_GENCB *cb)
{
int ret = -1;
--
2.24.4

1082
0005-uadk_provider-support-ecdh-keyexch-hardware-accelera.patch Normal file
View File

File diff suppressed because it is too large Load Diff

165
0006-ecc-cleanup-duplicate-public-key-allocation.patch
View File

@ -1,165 +0,0 @@
From 941c89ea6fefe3e78255437788c3f274b6c81414 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Wed, 22 Dec 2021 08:27:45 +0000
Subject: [PATCH 06/18] ecc: cleanup duplicate public key allocation
Remove duplicate allocation and copy of public key.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 95 +++++++++++++++++++++++++++------------------------
1 file changed, 51 insertions(+), 44 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index d97436b..9040d3c 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -784,59 +784,78 @@ static int sm2_keygen_init_iot(handle_t sess, struct wd_ecc_req *req)
static int eckey_create_key(EC_KEY *eckey)
{
- const EC_GROUP *group;
- EC_POINT *pub_key;
BIGNUM *priv_key;
+ int ret;
- group = EC_KEY_get0_group(eckey);
- pub_key = (EC_POINT *)EC_KEY_get0_public_key(eckey);
- if (!pub_key) {
- pub_key = EC_POINT_new(group);
- if (!pub_key) {
- fprintf(stderr, "failed to new pub_key\n");
- return -1;
- }
- EC_KEY_set_public_key(eckey, pub_key);
+ priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey);
+ if (priv_key)
+ return 1;
+
+ priv_key = BN_new();
+ if (!priv_key) {
+ fprintf(stderr, "failed to BN_new priv_key\n");
+ return 0;
}
+ ret = EC_KEY_set_private_key(eckey, priv_key);
+ if (!ret)
+ fprintf(stderr, "failed to set private key\n");
+
+ BN_free(priv_key);
+ return ret;
+}
+
+static int ecdh_set_private_key(EC_KEY *eckey, BIGNUM *order)
+{
+ BIGNUM *priv_key;
+ int ret;
+
+ priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey);
+ if (priv_key)
+ return 1;
+
priv_key = BN_new();
if (!priv_key) {
fprintf(stderr, "failed to BN_new priv_key\n");
- return -1;
+ return 0;
}
- EC_KEY_set_private_key(eckey, priv_key);
- return 0;
+ do {
+ if (!BN_rand_range(priv_key, order)) {
+ fprintf(stderr, "failed to generate random value\n");
+ ret = 0;
+ goto free_priv_key;
+ }
+ } while (BN_is_zero(priv_key));
+
+ ret = EC_KEY_set_private_key(eckey, priv_key);
+ if (!ret)
+ fprintf(stderr, "failed to set private key\n");
+
+free_priv_key:
+ BN_free(priv_key);
+ return ret;
}
static int ecdh_create_key(EC_KEY *eckey)
{
- BIGNUM *priv_key, *order;
const EC_GROUP *group;
- EC_POINT *pub_key;
+ BIGNUM *order;
BN_CTX *ctx;
- int ret = 0;
+ int ret;
group = EC_KEY_get0_group(eckey);
- pub_key = (EC_POINT *)EC_KEY_get0_public_key(eckey);
- if (!pub_key) {
- pub_key = EC_POINT_new(group);
- if (!pub_key) {
- fprintf(stderr, "failed to new pub_key\n");
- return ret;
- }
- ret = EC_KEY_set_public_key(eckey, pub_key);
- }
ctx = BN_CTX_new();
if (!ctx) {
fprintf(stderr, "failed to allocate ctx\n");
- return ret;
+ return 0;
}
- order = BN_CTX_get(ctx);
+ order = BN_CTX_get(ctx);
if (!order) {
fprintf(stderr, "failed to allocate order\n");
+ ret = 0;
goto free_ctx;
}
@@ -846,26 +865,14 @@ static int ecdh_create_key(EC_KEY *eckey)
goto free_order;
}
- priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey);
- if (!priv_key) {
- priv_key = BN_new();
- if (!priv_key) {
- fprintf(stderr, "failed to BN_new priv_key\n");
- goto free_order;
- }
- do {
- if (!BN_rand_range(priv_key, order))
- fprintf(stderr, "failed to generate random value\n");
- } while (BN_is_zero(priv_key));
- ret = EC_KEY_set_private_key(eckey, priv_key);
- }
- ret = 1;
+ ret = ecdh_set_private_key(eckey, order);
+ if (!ret)
+ fprintf(stderr, "failed to set private key\n");
free_order:
BN_clear(order);
free_ctx:
BN_CTX_free(ctx);
-
return ret;
}
@@ -880,7 +887,7 @@ static int sm2_generate_key(EC_KEY *eckey)
goto do_soft;
ret = eckey_create_key(eckey);
- if (ret)
+ if (!ret)
return ret;
ret = UADK_DO_SOFT;
--
2.24.4

1506
0006-uadk_provider-support-x448-alg.patch Normal file
View File

File diff suppressed because it is too large Load Diff

349
0007-rsa-cleanup-about-reducing-function-parameters.patch
View File

@ -1,349 +0,0 @@
From 273cf10d03532e73dfcd9f8a1223bfecb64d0f16 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Wed, 22 Dec 2021 10:51:48 +0000
Subject: [PATCH 07/18] rsa: cleanup about reducing function parameters
Reduce the number of parameters of functions
related to prime, and make the name of those
functions clearer.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 155 ++++++++++++++++++++++++++++++-------------------
1 file changed, 95 insertions(+), 60 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index cb98159..c1609ca 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -97,6 +97,14 @@ struct rsa_prikey_param {
int is_crt;
};
+struct rsa_prime_param {
+ BIGNUM *r1;
+ BIGNUM *r2;
+ BIGNUM *rsa_p;
+ BIGNUM *rsa_q;
+ BIGNUM *prime;
+};
+
struct uadk_rsa_sess {
handle_t sess;
struct wd_rsa_sess_setup setup;
@@ -156,15 +164,14 @@ static int rsa_check_bit_useful(const int bits, int flen)
}
}
-static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
- BN_CTX *ctx, BN_GENCB *cb)
+static int rsa_prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
+ BN_CTX *ctx, BN_GENCB *cb)
{
- /* calculate n = p * q */
if (num == 1) {
if (!BN_mul(r1, rsa_p, rsa_q, ctx))
return BN_ERR;
} else {
- /* if num == 0, use number 3 to indicate do nothing */
+ /* If num == 0, use number 3 to indicate do nothing */
if (!BN_GENCB_call(cb, 3, num))
return BN_ERR;
return BN_CONTINUE;
@@ -173,20 +180,21 @@ static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
return BN_VALID;
}
-static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
- const int *n, BIGNUM *rsa_p, BIGNUM *rsa_q,
- BIGNUM *r1, BIGNUM *r2, BN_CTX *ctx,
- BN_GENCB *cb)
+static int check_rsa_prime_sufficient(int *num, const int *bitsr,
+ int *bitse, const int *n,
+ struct rsa_prime_param *param,
+ BN_CTX *ctx, BN_GENCB *cb)
{
static int retries;
BN_ULONG bitst;
int ret;
- ret = prime_mul_res(*num, rsa_p, rsa_q, r1, ctx, cb);
+ ret = rsa_prime_mul_res(*num, param->rsa_p, param->rsa_q,
+ param->r1, ctx, cb);
if (ret)
return ret;
/*
- * if |r1|, product of factors so far, is not as long as expected
+ * If |r1|, product of factors so far, is not as long as expected
* (by checking the first 4 bits are less than 0x9 or greater than
* 0xF). If so, re-generate the last prime.
*
@@ -199,10 +207,10 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
* key by using the modulus in a certificate. This is also covered
* by checking the length should not be less than 0x9.
*/
- if (!BN_rshift(r2, r1, *bitse - 4))
+ if (!BN_rshift(param->r2, param->r1, *bitse - 4))
return BN_ERR;
- bitst = BN_get_word(r2);
+ bitst = BN_get_word(param->r2);
if (bitst < 0x9 || bitst > 0xF) {
/*
* For keys with more than 4 primes, we attempt longer factor to
@@ -216,7 +224,9 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
*bitse -= bitsr[*num];
else
return -1;
- if (!BN_GENCB_call(cb, 2, *n++))
+
+ ret = BN_GENCB_call(cb, 2, *n++);
+ if (!ret)
return -1;
if (retries == 4) {
*num = -1;
@@ -227,14 +237,17 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
retries++;
return BN_REDO;
}
- if (!BN_GENCB_call(cb, 3, *num))
+
+ ret = BN_GENCB_call(cb, 3, *num);
+ if (!ret)
return BN_ERR;
retries = 0;
return BN_VALID;
}
-static void set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM **prime)
+static void rsa_set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
+ BIGNUM **prime)
{
if (num == 0)
*prime = rsa_p;
@@ -244,8 +257,8 @@ static void set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM **prime)
BN_set_flags(*prime, BN_FLG_CONSTTIME);
}
-static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
- BIGNUM *prime)
+static int check_rsa_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
+ BIGNUM *prime)
{
BIGNUM *prev_prime;
int j;
@@ -268,8 +281,8 @@ static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
return UADK_E_SUCCESS;
}
-static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2,
- BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb)
+static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
+ BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb)
{
unsigned long err;
/*
@@ -278,10 +291,10 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r
* BN_value_one() returns a BIGNUM constant of value 1.
* r2 = prime - 1.
*/
- if (!BN_sub(r2, prime, BN_value_one()))
+ if (!BN_sub(param->r2, param->prime, BN_value_one()))
return -1;
ERR_set_mark();
- BN_set_flags(r2, BN_FLG_CONSTTIME);
+ BN_set_flags(param->r2, BN_FLG_CONSTTIME);
/*
* BN_mod_inverse(r,a,n,ctx) used to compute inverse modulo n.
* Precisely, it computes the inverse of "a" modulo "n", and places
@@ -290,7 +303,7 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r
* The expected result: (r2 * r1) % e_pub ==1,
* the inverse of r2 exist, that is r1.
*/
- if (BN_mod_inverse(r1, r2, e_pub, ctx))
+ if (BN_mod_inverse(param->r1, param->r2, e_pub, ctx))
return UADK_E_SUCCESS;
err = ERR_peek_last_error();
@@ -307,10 +320,9 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r
return GET_ERR_FINISH;
}
-static int get_prime_once(int num, const int *bitsr, const int *n,
- BIGNUM *prime, BIGNUM *rsa_p, BIGNUM *rsa_q,
- BIGNUM *r1, BIGNUM *r2, BIGNUM *e_pub,
- BN_CTX *ctx, BN_GENCB *cb)
+static int get_rsa_prime_once(int num, const int *bitsr, const int *n,
+ BIGNUM *e_pub, struct rsa_prime_param *param,
+ BN_CTX *ctx, BN_GENCB *cb)
{
int ret = -1;
@@ -318,12 +330,13 @@ static int get_prime_once(int num, const int *bitsr, const int *n,
return ret;
while (1) {
/* Generate prime with bitsr[num] len. */
- if (!BN_generate_prime_ex(prime, bitsr[num],
+ if (!BN_generate_prime_ex(param->prime, bitsr[num],
0, NULL, NULL, cb))
return BN_ERR;
- if (!check_prime_equal(num, rsa_p, rsa_q, prime))
+ if (!check_rsa_prime_equal(num, param->rsa_p, param->rsa_q,
+ param->prime))
continue;
- ret = check_prime_useful(n, prime, r1, r2, e_pub, ctx, cb);
+ ret = check_rsa_prime_useful(n, param, e_pub, ctx, cb);
if (ret == BN_ERR)
return BN_ERR;
else if (ret == UADK_E_SUCCESS)
@@ -333,8 +346,7 @@ static int get_prime_once(int num, const int *bitsr, const int *n,
return ret;
}
-static void switch_p_q(BIGNUM *rsa_p, BIGNUM *rsa_q,
- BIGNUM *p, BIGNUM *q)
+static void rsa_switch_p_q(BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *p, BIGNUM *q)
{
BIGNUM *tmp;
@@ -373,13 +385,37 @@ static int check_rsa_is_crt(RSA *rsa)
return UN_SET;
}
+static int get_rsa_prime_param(struct rsa_prime_param *param, BN_CTX *ctx)
+{
+ param->r1 = BN_CTX_get(ctx);
+ if (!param->r1)
+ goto end;
+
+ param->r2 = BN_CTX_get(ctx);
+ if (!param->r2)
+ goto end;
+
+ param->rsa_p = BN_CTX_get(ctx);
+ if (!param->rsa_p)
+ goto end;
+
+ param->rsa_q = BN_CTX_get(ctx);
+ if (!param->rsa_q)
+ goto end;
+
+ return UADK_E_SUCCESS;
+
+end:
+ fprintf(stderr, "failed to malloc params\n");
+ return UADK_E_FAIL;
+}
+
static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
BIGNUM *q, BN_GENCB *cb)
{
- BIGNUM *r1, *r2, *rsa_p, *rsa_q;
+ struct rsa_prime_param *param = NULL;
int bitsr[RSA_MAX_PRIME_NUM] = {0};
int flag, quo, rmd, i;
- BIGNUM *prime = NULL;
BN_CTX *ctx;
int bitse = 0;
int ret = 0;
@@ -391,12 +427,15 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
return ret;
BN_CTX_start(ctx);
- r1 = BN_CTX_get(ctx);
- r2 = BN_CTX_get(ctx);
- rsa_p = BN_CTX_get(ctx);
- rsa_q = BN_CTX_get(ctx);
- if (!r1 || !r2 || !rsa_p || !rsa_q)
- goto err;
+ param = OPENSSL_zalloc(sizeof(struct rsa_prime_param));
+ if (!param) {
+ fprintf(stderr, "failed to malloc rsa prime param\n");
+ goto free_ctx;
+ }
+
+ ret = get_rsa_prime_param(param, ctx);
+ if (!ret)
+ goto free_param;
/* Divide bits into 'primes' pieces evenly */
quo = bits / RSA_MAX_PRIME_NUM;
@@ -409,39 +448,37 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
/* flag: whether primes are generated correctely. */
flag = 1;
/* Set flag for primes rsa_p and rsa_q separately. */
- set_primes(i, rsa_p, rsa_q, &prime);
+ rsa_set_primes(i, param->rsa_p, param->rsa_q, &param->prime);
while (flag == 1) {
- if (get_prime_once(i, bitsr, &n, prime, rsa_p, rsa_q,
- r1, r2, e_pub, ctx, cb) == -1)
- goto err;
+ ret = get_rsa_prime_once(i, bitsr, &n, e_pub, param,
+ ctx, cb);
+ if (ret == -1)
+ goto free_param;
bitse += bitsr[i];
- ret = check_prime_sufficient(&i, bitsr, &bitse, &n,
- rsa_p, rsa_q, r1, r2,
- ctx, cb);
+ ret = check_rsa_prime_sufficient(&i, bitsr, &bitse, &n,
+ param, ctx, cb);
if (ret == BN_ERR)
- goto err;
+ goto free_param;
else if (ret == BN_REDO)
continue;
else
flag = 0;
}
}
- switch_p_q(rsa_p, rsa_q, p, q);
+ rsa_switch_p_q(param->rsa_p, param->rsa_q, p, q);
ret = UADK_E_SUCCESS;
-err:
- if (ctx) {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
-
+free_param:
+ OPENSSL_free(param);
+free_ctx:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
return ret;
}
static int add_rsa_pubenc_padding(int flen, const unsigned char *from,
- unsigned char *buf, int num,
- int padding)
+ unsigned char *buf, int num, int padding)
{
int ret;
@@ -852,8 +889,7 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param,
struct uadk_rsa_sess *rsa_sess,
- unsigned char *in_buf,
- unsigned char *to)
+ unsigned char *in_buf, unsigned char *to)
{
struct wd_rsa_pubkey *pubkey = NULL;
struct wd_dtb *wd_e = NULL;
@@ -882,8 +918,7 @@ static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param,
static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,
struct rsa_prikey_param *pri,
- unsigned char *in_buf,
- unsigned char *to)
+ unsigned char *in_buf, unsigned char *to)
{
struct wd_rsa_prikey *prikey;
struct wd_dtb *wd_dq;
--
2.24.4

302
0007-uadk_engine-Clear-some-compilation-warnings-specific.patch Normal file
View File

@ -0,0 +1,302 @@
From e0f1bbc6c981318b2a99f3af85a93767222c2c2b Mon Sep 17 00:00:00 2001
From: lizhi <lizhi206@huawei.com>
Date: Wed, 27 Nov 2024 16:27:05 +0800
Subject: [PATCH 07/10] uadk_engine: Clear some compilation warnings, specific
cleanup is as follows
1. Wformat, solve format dismatch
2. Wdiffarded qualifiers, const pointer lost const qualifier
3. Wmissing prototypes, use static to limit scope of internal function
4. Wunused, unused functions and variables
5. Wswitch, add default branch and break to switch
6. Redundant decls, duplicate declarations in macro definitions
Signed-off-by: lizhi <lizhi206@huawei.com>
Signed-off-by: JiangShui Yang <yangjiangshui@h-partners.com>
---
src/uadk_prov_bio.c | 2 ++
src/uadk_prov_cipher.c | 2 +-
src/uadk_prov_der_writer.c | 2 +-
src/uadk_prov_dh.c | 9 +++++----
src/uadk_prov_ecx.c | 34 +++-------------------------------
src/uadk_prov_ffc.c | 24 ++++++++++++------------
src/uadk_prov_ffc.h | 1 -
src/uadk_prov_pkey.c | 6 +++---
src/uadk_prov_pkey.h | 2 +-
9 files changed, 28 insertions(+), 54 deletions(-)
diff --git a/src/uadk_prov_bio.c b/src/uadk_prov_bio.c
index 5be3e8a..d419a6a 100644
--- a/src/uadk_prov_bio.c
+++ b/src/uadk_prov_bio.c
@@ -71,6 +71,8 @@ void ossl_prov_bio_from_dispatch(const OSSL_DISPATCH *fns)
if (c_bio_vprintf == NULL)
c_bio_vprintf = OSSL_FUNC_BIO_vprintf(fns);
break;
+ default:
+ break;
}
fns++;
}
diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c
index e511b71..f4a182e 100644
--- a/src/uadk_prov_cipher.c
+++ b/src/uadk_prov_cipher.c
@@ -124,7 +124,7 @@ struct cipher_priv_ctx {
unsigned int pad : 1; /* Whether padding should be used or not */
unsigned int cts_mode; /* Use to set the type for CTS modes */
unsigned int key_set : 1; /* Whether key is copied to priv key buffers */
- unsigned int iv_set : 1; /* Whether key is copied to priv iv buffers */
+ unsigned int iv_set : 1; /* Whether iv is copied to priv iv buffers */
size_t blksize;
size_t keylen;
size_t ivlen;
diff --git a/src/uadk_prov_der_writer.c b/src/uadk_prov_der_writer.c
index 3876d49..e7e7e49 100644
--- a/src/uadk_prov_der_writer.c
+++ b/src/uadk_prov_der_writer.c
@@ -139,7 +139,7 @@ int ossl_DER_w_uint32(WPACKET *pkt, int tag, uint32_t v)
return int_der_w_integer(pkt, tag, int_put_bytes_uint32, &v);
}
-BN_ULONG *bn_get_words(const BIGNUM *a)
+static BN_ULONG *bn_get_words(const BIGNUM *a)
{
return a->d;
}
diff --git a/src/uadk_prov_dh.c b/src/uadk_prov_dh.c
index 8d2c6f6..f3724ac 100644
--- a/src/uadk_prov_dh.c
+++ b/src/uadk_prov_dh.c
@@ -1629,7 +1629,7 @@ static int uadk_prov_dh_plain_derive(PROV_DH_KEYEXCH_CTX *pdhctx, unsigned char
else
ret = uadk_dh_compute_key(secret, pubkey, pdhctx->dh);
if (ret <= 0) {
- fprintf(stderr, "failed to do dh compute, pad(%d)\n", pad);
+ fprintf(stderr, "failed to do dh compute, pad(%u)\n", pad);
return ret;
}
@@ -1639,9 +1639,9 @@ static int uadk_prov_dh_plain_derive(PROV_DH_KEYEXCH_CTX *pdhctx, unsigned char
}
/* Key derivation function from X9.63/SECG */
-int ossl_dh_kdf_X9_42_asn1(unsigned char *out, PROV_DH_KEYEXCH_CTX *pdhctx,
- const unsigned char *z, size_t z_len,
- const char *propq)
+static int ossl_dh_kdf_X9_42_asn1(unsigned char *out, PROV_DH_KEYEXCH_CTX *pdhctx,
+ const unsigned char *z, size_t z_len,
+ const char *propq)
{
OSSL_LIB_CTX *libctx = pdhctx->libctx;
const char *cek_alg = pdhctx->kdf_cekalg;
@@ -1749,6 +1749,7 @@ static int uadk_keyexch_dh_derive(void *dhctx, unsigned char *secret,
break;
case PROV_DH_KDF_X9_42_ASN1:
ret = uadk_prov_dh_X9_42_kdf_derive(pdhctx, secret, psecretlen, outlen);
+ break;
default:
fprintf(stderr, "invalid: unsupport kdf type\n");
break;
diff --git a/src/uadk_prov_ecx.c b/src/uadk_prov_ecx.c
index 302dc48..d7954b7 100644
--- a/src/uadk_prov_ecx.c
+++ b/src/uadk_prov_ecx.c
@@ -88,12 +88,6 @@ typedef struct {
handle_t sess;
} PROV_ECX_KEYEXCH_CTX;
-static const OSSL_PARAM ecx_key_types[] = {
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0),
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0),
- OSSL_PARAM_END
-};
-
struct x448_res {
int pid;
} g_x448_prov;
@@ -258,23 +252,6 @@ static int ossl_param_build_set_octet_string(OSSL_PARAM_BLD *bld, OSSL_PARAM *p,
return UADK_P_SUCCESS;
}
-static int ossl_param_build_set_bn_pad(OSSL_PARAM_BLD *bld, OSSL_PARAM *p,
- const char *key, const BIGNUM *bn, size_t sz)
-{
- if (bld != NULL)
- return OSSL_PARAM_BLD_push_BN_pad(bld, key, bn, sz);
-
- p = OSSL_PARAM_locate(p, key);
- if (p != NULL) {
- if (sz > p->data_size)
- return UADK_P_FAIL;
- p->data_size = sz;
- return OSSL_PARAM_set_BN(p, bn);
- }
-
- return UADK_P_SUCCESS;
-}
-
static int uadk_prov_key_to_params(ECX_KEY *key, OSSL_PARAM_BLD *tmpl,
OSSL_PARAM params[], int include_private)
{
@@ -430,9 +407,6 @@ static void uadk_keymgmt_x448_gen_cleanup(void *genctx)
static void *uadk_keymgmt_x448_gen_init(void *provctx, int selection,
const OSSL_PARAM params[])
{
- PROV_ECX_KEYMGMT_CTX *gctx = NULL;
- int ret;
-
if (provctx == NULL) {
fprintf(stderr, "invalid: provctx is NULL\n");
return NULL;
@@ -441,8 +415,8 @@ static void *uadk_keymgmt_x448_gen_init(void *provctx, int selection,
return ossl_ecx_gen_init(provctx, selection, params, ECX_KEY_TYPE_X448);
}
-ECX_KEY *uadk_prov_ecx_key_new(OSSL_LIB_CTX *libctx, ECX_KEY_TYPE type, int haspubkey,
- const char *propq)
+static ECX_KEY *uadk_prov_ecx_key_new(OSSL_LIB_CTX *libctx, ECX_KEY_TYPE type, int haspubkey,
+ const char *propq)
{
ECX_KEY *ecx_key = OPENSSL_zalloc(sizeof(ECX_KEY));
@@ -807,7 +781,6 @@ static UADK_PKEY_KEYEXCH get_default_x448_keyexch(void)
static void *uadk_keyexch_x448_newctx(void *provctx)
{
PROV_ECX_KEYEXCH_CTX *ecxctx = NULL;
- int ret;
ecxctx = OPENSSL_zalloc(sizeof(PROV_ECX_KEYEXCH_CTX));
if (ecxctx == NULL) {
@@ -870,7 +843,6 @@ static int uadk_keyexch_x448_init(void *vecxctx, void *vkey,
{
PROV_ECX_KEYEXCH_CTX *ecxctx = (PROV_ECX_KEYEXCH_CTX *)vecxctx;
ECX_KEY *key = vkey;
- int ret;
if (ecxctx == NULL) {
fprintf(stderr, "invalid: ecxctx is NULL\n");
@@ -894,7 +866,7 @@ static int uadk_keyexch_x448_init(void *vecxctx, void *vkey,
return UADK_P_SUCCESS;
}
-int ossl_ecx_key_up_ref(ECX_KEY *key)
+static int ossl_ecx_key_up_ref(ECX_KEY *key)
{
int i = 0;
diff --git a/src/uadk_prov_ffc.c b/src/uadk_prov_ffc.c
index ed5e037..015c1b9 100644
--- a/src/uadk_prov_ffc.c
+++ b/src/uadk_prov_ffc.c
@@ -937,7 +937,7 @@ err:
return ret;
}
-OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx)
+static OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx)
{
if (ctx == NULL)
return NULL;
@@ -1064,9 +1064,9 @@ static int ffc_validate_LN(size_t L, size_t N, int type, int verify)
}
#endif /* FIPS_MODULE */
-int ossl_ffc_params_set_validate_params(FFC_PARAMS *params,
- const unsigned char *seed,
- size_t seedlen, int counter)
+static int ossl_ffc_params_set_validate_params(FFC_PARAMS *params,
+ const unsigned char *seed,
+ size_t seedlen, int counter)
{
if (!ossl_ffc_params_set_seed(params, seed, seedlen))
return 0;
@@ -1086,10 +1086,10 @@ static const char *default_mdname(size_t N)
}
/* FIPS186-4 A.2.2 Unverifiable partial validation of Generator g */
-int ossl_ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont,
- const BIGNUM *p, const BIGNUM *q,
- const BIGNUM *g, BIGNUM *tmp,
- int *ret)
+static int ossl_ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont,
+ const BIGNUM *p, const BIGNUM *q,
+ const BIGNUM *g, BIGNUM *tmp,
+ int *ret)
{
/*
* A.2.2 Step (1) AND
@@ -1574,10 +1574,10 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont,
* - FFC_PARAM_RET_STATUS_UNVERIFIABLE_G if the validation of G succeeded,
* but G is unverifiable.
*/
-int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx,
- FFC_PARAMS *params, int mode, int type,
- size_t L, size_t N, int *res,
- BN_GENCB *cb)
+static int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx,
+ FFC_PARAMS *params, int mode,
+ int type, size_t L, size_t N,
+ int *res, BN_GENCB *cb)
{
int ok = FFC_PARAM_RET_STATUS_FAILED;
unsigned char *seed = NULL, *seed_tmp = NULL;
diff --git a/src/uadk_prov_ffc.h b/src/uadk_prov_ffc.h
index 92102d3..d63a5ce 100644
--- a/src/uadk_prov_ffc.h
+++ b/src/uadk_prov_ffc.h
@@ -99,7 +99,6 @@
#define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0]))
/* Macro to make a BIGNUM from static data */
#define make_dh_bn(x) \
- extern const BIGNUM ossl_bignum_##x; \
const BIGNUM ossl_bignum_##x = { \
(BN_ULONG *) x, \
OSSL_NELEM(x), \
diff --git a/src/uadk_prov_pkey.c b/src/uadk_prov_pkey.c
index 0615b61..f654dd6 100644
--- a/src/uadk_prov_pkey.c
+++ b/src/uadk_prov_pkey.c
@@ -178,7 +178,7 @@ static void uadk_prov_init_dtb_param(void *dtb, char *start,
}
int uadk_prov_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
- BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
+ BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
{
# if OPENSSL_VERSION_NUMBER > 0x10101000L
if (!EC_POINT_get_affine_coordinates(group, p, x, y, ctx))
@@ -190,7 +190,7 @@ int uadk_prov_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
return UADK_P_SUCCESS;
}
-int uadk_prov_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+static int uadk_prov_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
BIGNUM *b, BN_CTX *ctx)
{
# if OPENSSL_VERSION_NUMBER > 0x10101000L
@@ -293,7 +293,7 @@ free_ctx:
return ret;
}
-handle_t uadk_prov_ecc_alloc_sess(const EC_KEY *eckey, char *alg)
+handle_t uadk_prov_ecc_alloc_sess(const EC_KEY *eckey, const char *alg)
{
char buff[UADK_ECC_MAX_KEY_BYTES * UADK_ECC_CV_PARAM_NUM];
struct sched_params sch_p = {0};
diff --git a/src/uadk_prov_pkey.h b/src/uadk_prov_pkey.h
index e79fc52..f40313d 100644
--- a/src/uadk_prov_pkey.h
+++ b/src/uadk_prov_pkey.h
@@ -439,7 +439,7 @@ const OSSL_DISPATCH uadk_##nm##_keyexch_functions[] = { \
{ 0, NULL } \
} \
-handle_t uadk_prov_ecc_alloc_sess(const EC_KEY *eckey, char *alg);
+handle_t uadk_prov_ecc_alloc_sess(const EC_KEY *eckey, const char *alg);
int uadk_prov_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr);
int uadk_prov_keymgmt_get_support_state(int alg_tag);
int uadk_prov_ecc_get_numa_id(void);
--
2.25.1

355
0008-ecc-cleanup-sm2-compute-digest-function.patch
View File

@ -1,355 +0,0 @@
From b99452edd6ae045e833e3ae01866b8546fd5733a Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Fri, 24 Dec 2021 07:30:22 +0000
Subject: [PATCH 08/18] ecc: cleanup sm2 compute digest function
The operation flow of sm2_compute_z_digest()
is modularized and encapsulated to reduce
the code line of sm2_compute_z_digest() and
make the code easier to understand.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_sm2.c | 277 +++++++++++++++++++++++++++++++++++--------------
1 file changed, 197 insertions(+), 80 deletions(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index d74aa3a..6d5dad0 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -62,6 +62,26 @@ typedef struct sm2_ciphertext {
ASN1_OCTET_STRING *C2;
} SM2_Ciphertext;
+struct sm2_param {
+ /*
+ * p: BIGNUM with the prime number (GFp) or the polynomial
+ * defining the underlying field (GF2m)
+ */
+ BIGNUM *p;
+ /* a: BIGNUM for parameter a of the equation */
+ BIGNUM *a;
+ /* b: BIGNUM for parameter b of the equation */
+ BIGNUM *b;
+ /* xG: BIGNUM for the x-coordinate value of G point */
+ BIGNUM *xG;
+ /* yG: BIGNUM for the y-coordinate value of G point */
+ BIGNUM *yG;
+ /* xA: BIGNUM for the x-coordinate value of PA point */
+ BIGNUM *xA;
+ /* yA: BIGNUM for the y-coordinate value of PA point */
+ BIGNUM *yA;
+};
+
DECLARE_ASN1_FUNCTIONS(SM2_Ciphertext)
ASN1_SEQUENCE(SM2_Ciphertext) = {
@@ -695,8 +715,7 @@ static int sm2_verify_init(EVP_PKEY_CTX *ctx)
}
static int sm2_verify_init_iot(handle_t sess, struct wd_ecc_req *req,
- struct wd_dtb *e,
- struct wd_dtb *r,
+ struct wd_dtb *e, struct wd_dtb *r,
struct wd_dtb *s)
{
struct wd_ecc_in *ecc_in;
@@ -1229,119 +1248,217 @@ static int sm2_ctrl_str(EVP_PKEY_CTX *ctx,
return UADK_E_INVALID;
}
-static int sm2_compute_z_digest(uint8_t *out,
- const EVP_MD *digest,
- const uint8_t *id,
- const size_t id_len,
- const EC_KEY *key)
+static int get_sm2_param(struct sm2_param *sm2_param, BN_CTX *ctx)
{
- const EC_GROUP *group = EC_KEY_get0_group(key);
- EVP_MD_CTX *hash = NULL;
- uint8_t *buf = NULL;
- BN_CTX *ctx = NULL;
- BIGNUM *p = NULL;
- BIGNUM *a = NULL;
- BIGNUM *b = NULL;
- BIGNUM *xG = NULL;
- BIGNUM *yG = NULL;
- BIGNUM *xA = NULL;
- BIGNUM *yA = NULL;
- uint8_t e_byte;
- uint16_t entl;
- int p_bytes;
- int rc = 0;
+ sm2_param->p = BN_CTX_get(ctx);
+ if (!sm2_param->p)
+ goto end;
- hash = EVP_MD_CTX_new();
- ctx = BN_CTX_new();
- if (hash == NULL || ctx == NULL) {
- fprintf(stderr, "failed to EVP_CTX_new\n");
- goto done;
- }
+ sm2_param->a = BN_CTX_get(ctx);
+ if (!sm2_param->a)
+ goto end;
- p = BN_CTX_get(ctx);
- a = BN_CTX_get(ctx);
- b = BN_CTX_get(ctx);
- xG = BN_CTX_get(ctx);
- yG = BN_CTX_get(ctx);
- xA = BN_CTX_get(ctx);
- yA = BN_CTX_get(ctx);
- if (yA == NULL) {
- fprintf(stderr, "failed to malloc\n");
- goto done;
- }
+ sm2_param->b = BN_CTX_get(ctx);
+ if (!sm2_param->b)
+ goto end;
+
+ sm2_param->xG = BN_CTX_get(ctx);
+ if (!sm2_param->xG)
+ goto end;
+
+ sm2_param->yG = BN_CTX_get(ctx);
+ if (!sm2_param->yG)
+ goto end;
+
+ sm2_param->xA = BN_CTX_get(ctx);
+ if (!sm2_param->xA)
+ goto end;
+
+ sm2_param->yA = BN_CTX_get(ctx);
+ if (!sm2_param->yA)
+ goto end;
+
+ return 1;
+
+end:
+ fprintf(stderr, "failed to malloc params\n");
+ return 0;
+}
+
+static int check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash,
+ const size_t id_len, const uint8_t *id)
+{
+ uint8_t e_byte;
+ uint16_t entl;
if (!EVP_DigestInit(hash, digest)) {
fprintf(stderr, "error evp lib\n");
- goto done;
+ return 0;
}
/* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */
if (id_len >= (UINT16_MAX / 8)) {
- /* too large */
fprintf(stderr, "id too large\n");
- goto done;
+ return 0;
}
entl = (uint16_t)(8 * id_len);
e_byte = entl >> 8;
- if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
- fprintf(stderr, "error evp lib\n");
- goto done;
- }
+ if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
+ fprintf(stderr, "error evp lib\n");
+ return 0;
+ }
+
e_byte = entl & 0xFF;
if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
fprintf(stderr, "error evp lib\n");
- goto done;
+ return 0;
}
if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) {
fprintf(stderr, "error evp lib\n");
- goto done;
+ return 0;
}
- if (!EC_GROUP_get_curve(group, p, a, b, ctx)) {
- fprintf(stderr, "error ec lib\n");
- goto done;
+ return 1;
+}
+
+static int check_equation_param(struct sm2_param *param, EVP_MD_CTX *hash,
+ uint8_t *buf, int p_bytes)
+{
+ if (BN_bn2binpad(param->a, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes) ||
+ BN_bn2binpad(param->b, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes)) {
+ fprintf(stderr, "failed to check equation param\n");
+ return 0;
}
- p_bytes = BN_num_bytes(p);
- buf = OPENSSL_zalloc(p_bytes);
- if (buf == NULL) {
- fprintf(stderr, "failed to malloc\n");
- goto done;
+ return 1;
+}
+
+
+static int check_base_point_group_param(struct sm2_param *param, BN_CTX *ctx,
+ const EC_KEY *key)
+{
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+
+ if (!EC_POINT_get_affine_coordinates(group,
+ EC_GROUP_get0_generator(group),
+ param->xG, param->yG, ctx)) {
+ fprintf(stderr, "failed to check base point group param\n");
+ return 0;
}
- if (BN_bn2binpad(a, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || BN_bn2binpad(b, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || !EC_POINT_get_affine_coordinates(group,
- EC_GROUP_get0_generator(group),
- xG, yG, ctx)
- || BN_bn2binpad(xG, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || BN_bn2binpad(yG, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || !EC_POINT_get_affine_coordinates(group,
- EC_KEY_get0_public_key(key),
- xA, yA, ctx)
- || BN_bn2binpad(xA, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || BN_bn2binpad(yA, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || !EVP_DigestFinal(hash, out, NULL)) {
- fprintf(stderr, "internal error\n");
- goto done;
+ return 1;
+}
+
+static int check_base_point_param(struct sm2_param *param, EVP_MD_CTX *hash,
+ uint8_t *buf, int p_bytes)
+{
+ if (BN_bn2binpad(param->xG, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes) ||
+ BN_bn2binpad(param->yG, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes)) {
+ fprintf(stderr, "failed to check base point param\n");
+ return 0;
}
- rc = 1;
+ return 1;
+}
-done:
+static int check_pkey_point_group_param(struct sm2_param *param, BN_CTX *ctx,
+ const EC_KEY *key)
+{
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+
+ if (!EC_POINT_get_affine_coordinates(group,
+ EC_KEY_get0_public_key(key),
+ param->xA, param->yA, ctx)) {
+ fprintf(stderr, "failed to check pkey point group param\n");
+ return 0;
+ }
+ return 1;
+}
+
+static int check_pkey_point_param(struct sm2_param *param, EVP_MD_CTX *hash,
+ uint8_t *buf, int p_bytes, uint8_t *out)
+{
+ if (BN_bn2binpad(param->xA, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes) ||
+ BN_bn2binpad(param->yA, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes) ||
+ !EVP_DigestFinal(hash, out, NULL)) {
+ fprintf(stderr, "failed to check pkey point param\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int sm2_compute_z_digest(uint8_t *out, const EVP_MD *digest,
+ const uint8_t *id, const size_t id_len,
+ const EC_KEY *key)
+{
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+ struct sm2_param *param = NULL;
+ EVP_MD_CTX *hash = NULL;
+ uint8_t *buf = NULL;
+ BN_CTX *ctx = NULL;
+ int p_bytes;
+ int ret = 0;
+
+ hash = EVP_MD_CTX_new();
+ if (!hash)
+ return ret;
+
+ ctx = BN_CTX_new();
+ if (!ctx)
+ goto free_hash;
+
+ param = OPENSSL_zalloc(sizeof(struct sm2_param));
+ if (!param) {
+ fprintf(stderr, "failed to malloc sm2 param\n");
+ goto free_ctx;
+ }
+
+ if (!get_sm2_param(param, ctx))
+ goto free_param;
+
+ if (!check_digest_evp_lib(digest, hash, id_len, id))
+ goto free_param;
+
+ if (!EC_GROUP_get_curve(group, param->p, param->a, param->b, ctx)) {
+ fprintf(stderr, "failed to get curve\n");
+ goto free_param;
+ }
+
+ p_bytes = BN_num_bytes(param->p);
+ buf = OPENSSL_zalloc(p_bytes);
+ if (!buf) {
+ fprintf(stderr, "failed to malloc buf\n");
+ goto free_param;
+ }
+
+ if (!check_equation_param(param, hash, buf, p_bytes) ||
+ !check_base_point_group_param(param, ctx, key) ||
+ !check_base_point_param(param, hash, buf, p_bytes) ||
+ !check_pkey_point_group_param(param, ctx, key) ||
+ !check_pkey_point_param(param, hash, buf, p_bytes, out))
+ goto free_buf;
+
+ ret = 1;
+
+free_buf:
OPENSSL_free(buf);
+free_param:
+ OPENSSL_free(param);
+free_ctx:
BN_CTX_free(ctx);
+free_hash:
EVP_MD_CTX_free(hash);
- return rc;
+ return ret;
}
static int sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
--
2.24.4

931
0008-uadk_provider_rsa-cleanup-variable-definition-and-re.patch Normal file
View File

@ -0,0 +1,931 @@
From ec9e8beb2e1464695412ab424ca43f40998f7be5 Mon Sep 17 00:00:00 2001
From: Qi Tao <taoqi10@huawei.com>
Date: Thu, 19 Dec 2024 15:58:20 +0800
Subject: [PATCH 08/10] uadk_provider_rsa: cleanup variable definition and
return value
Cleanup variable definition and return value, make the function
clearer.
Signed-off-by: Qi Tao <taoqi10@huawei.com>
Signed-off-by: JiangShui Yang <yangjiangshui@h-partners.com>
---
src/uadk_prov_rsa.c | 318 ++++++++++++++++++++++----------------------
1 file changed, 159 insertions(+), 159 deletions(-)
diff --git a/src/uadk_prov_rsa.c b/src/uadk_prov_rsa.c
index d1ec153..eac4e46 100644
--- a/src/uadk_prov_rsa.c
+++ b/src/uadk_prov_rsa.c
@@ -32,17 +32,17 @@
#define UN_SET 0
#define IS_SET 1
+#define RSA_MAX_PRIME_NUM 2
#define BIT_BYTES_SHIFT 3
#define RSA_MIN_MODULUS_BITS 512
-#define RSA_MAX_PRIME_NUM 2
#define RSA1024BITS 1024
#define RSA2048BITS 2048
#define RSA3072BITS 3072
#define RSA4096BITS 4096
#define OPENSSLRSA7680BITS 7680
#define OPENSSLRSA15360BITS 15360
-#define CTX_ASYNC 1
#define CTX_SYNC 0
+#define CTX_ASYNC 1
#define CTX_NUM 2
#define BN_CONTINUE 1
#define BN_VALID 0
@@ -50,11 +50,11 @@
#define BN_REDO (-2)
#define GET_ERR_FINISH 0
#define UNUSED(x) ((void)(x))
-#define UADK_E_SUCCESS 1
#define UADK_E_FAIL 0
+#define UADK_E_SUCCESS 1
#define UADK_DO_SOFT (-0xE0)
-#define UADK_E_POLL_SUCCESS 0
#define UADK_E_POLL_FAIL (-1)
+#define UADK_E_POLL_SUCCESS 0
#define UADK_E_INIT_SUCCESS 0
#define CHECK_PADDING_FAIL (-1)
#define ENV_ENABLED 1
@@ -67,15 +67,6 @@
UADK_PKEY_KEYMGMT_DESCR(rsa, RSA);
UADK_PKEY_SIGNATURE_DESCR(rsa, RSA);
UADK_PKEY_ASYM_CIPHER_DESCR(rsa, RSA);
-
-struct bignum_st {
- BN_ULONG *d;
- int top;
- int dmax;
- int neg;
- int flags;
-};
-
struct rsa_keypair {
struct wd_rsa_pubkey *pubkey;
struct wd_rsa_prikey *prikey;
@@ -87,17 +78,20 @@ struct rsa_keygen_param {
struct wd_dtb *wd_q;
};
+struct bignum_st {
+ BN_ULONG *d;
+ int top;
+ int dmax;
+ int neg;
+ int flags;
+};
+
struct rsa_keygen_param_bn {
BIGNUM *e;
BIGNUM *p;
BIGNUM *q;
};
-struct rsa_pubkey_param {
- const BIGNUM *e;
- const BIGNUM *n;
-};
-
struct rsa_prikey_param {
const BIGNUM *n;
const BIGNUM *e;
@@ -118,6 +112,16 @@ struct rsa_prime_param {
BIGNUM *prime;
};
+struct rsa_pubkey_param {
+ const BIGNUM *e;
+ const BIGNUM *n;
+};
+
+struct rsa_sched {
+ int sched_type;
+ struct wd_sched wd_sched;
+};
+
struct uadk_rsa_sess {
handle_t sess;
struct wd_rsa_sess_setup setup;
@@ -128,11 +132,6 @@ struct uadk_rsa_sess {
int key_size;
};
-struct rsa_sched {
- int sched_type;
- struct wd_sched wd_sched;
-};
-
struct rsa_prov {
int pid;
};
@@ -506,11 +505,10 @@ static void free_tbuf(PROV_RSA_SIG_CTX *ctx)
static int rsa_check_bit_useful(const int bits, int flen)
{
- if (flen > (bits >> BIT_BYTES_SHIFT))
- return UADK_DO_SOFT;
-
if (bits < RSA_MIN_MODULUS_BITS)
return UADK_E_FAIL;
+ if (flen > (bits >> BIT_BYTES_SHIFT))
+ return UADK_DO_SOFT;
switch (bits) {
case RSA1024BITS:
@@ -554,6 +552,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
ret = rsa_prime_mul_res(*num, param, ctx, cb);
if (ret)
return ret;
+
/*
* If |r1|, product of factors so far, is not as long as expected
* (by checking the first 4 bits are less than 0x9 or greater than
@@ -572,10 +571,10 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
return BN_ERR;
bitst = BN_get_word(param->r2);
- if (bitst < 0x9 || bitst > 0xF) {
+ if (bitst > 0xF || bitst < 0x9) {
/*
- * For keys with more than 4 primes, we attempt longer factor to
- * meet length requirement.
+ * For keys with more than 4 primes, we attempt longer factor
+ * to meet length requirement.
* Otherwise, we just re-generate the prime with the same length.
* This strategy has the following goals:
* 1. 1024-bit factors are efficient when using 3072 and 4096-bit key
@@ -586,15 +585,14 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
else
return BN_ERR;
- ret = BN_GENCB_call(cb, GENCB_NEXT, *n);
- (*n)++;
+ ret = BN_GENCB_call(cb, GENCB_NEXT, (*n)++);
if (!ret)
return BN_ERR;
if (retries == PRIME_RETRY_COUNT) {
- *num = -1;
- *bitse = 0;
retries = 0;
+ *bitse = 0;
+ *num = -1;
return BN_CONTINUE;
}
retries++;
@@ -616,6 +614,7 @@ static void rsa_set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
*prime = rsa_p;
else
*prime = rsa_q;
+
/* Set BN_FLG_CONSTTIME to prime exponent */
BN_set_flags(*prime, BN_FLG_CONSTTIME);
}
@@ -624,18 +623,19 @@ static int check_rsa_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
BIGNUM *prime)
{
BIGNUM *prev_prime;
- int j;
+ int k;
- for (j = 0; j < num; j++) {
+ for (k = 0; k < num; k++) {
prev_prime = NULL;
- if (j == 0)
+ if (k == 0)
prev_prime = rsa_p;
else
prev_prime = rsa_q;
+
/*
- * BN_cmp(a,b) returns -1 if a < b;
- * returns 0 if a == b;
- * returns 1 if a > b.
+ * BN_cmp(a,b) return -1 if a < b;
+ * return 0 if a == b;
+ * return 1 if a > b.
*/
if (!BN_cmp(prime, prev_prime))
return UADK_E_FAIL;
@@ -660,10 +660,11 @@ static int check_rsa_prime_useful(int * const n, struct rsa_prime_param *param,
return BN_ERR;
ERR_set_mark();
BN_set_flags(param->r2, BN_FLG_CONSTTIME);
+
/*
* BN_mod_inverse(r, a, n, ctx) used to compute inverse modulo n.
- * Precisely, it computes the inverse of "a" modulo "n", and places
- * the result in "r", which means (a * r) % n == 1.
+ * Precisely, it computes the inverse of a modulo n, and places
+ * the result in r, which means (a * r) % n == 1.
* If r == NULL, error. If r != NULL, success.
* The expected result: (r2 * r1) % e_pub == 1,
* the inverse of r2 exist, that is r1.
@@ -678,8 +679,7 @@ static int check_rsa_prime_useful(int * const n, struct rsa_prime_param *param,
else
return BN_ERR;
- ret = BN_GENCB_call(cb, GENCB_NEXT, *n);
- (*n)++;
+ ret = BN_GENCB_call(cb, GENCB_NEXT, (*n)++);
if (!ret)
return BN_ERR;
@@ -694,6 +694,7 @@ static int get_rsa_prime_once(int num, const int *bitsr, int * const n,
if (num >= RSA_MAX_PRIME_NUM)
return ret;
+
while (1) {
/* Generate prime with bitsr[num] len. */
if (!BN_generate_prime_ex(param->prime, bitsr[num],
@@ -702,6 +703,7 @@ static int get_rsa_prime_once(int num, const int *bitsr, int * const n,
if (!check_rsa_prime_equal(num, param->rsa_p, param->rsa_q,
param->prime))
continue;
+
ret = check_rsa_prime_useful(n, param, e_pub, ctx, cb);
if (ret == BN_ERR)
return BN_ERR;
@@ -722,8 +724,8 @@ static void rsa_switch_p_q(BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *p, BIGNUM *q)
rsa_q = tmp;
}
- BN_copy(q, rsa_q);
BN_copy(p, rsa_p);
+ BN_copy(q, rsa_q);
}
static int check_rsa_is_crt(RSA *rsa)
@@ -755,23 +757,23 @@ static int get_rsa_prime_param(struct rsa_prime_param *param, BN_CTX *ctx)
{
param->r1 = BN_CTX_get(ctx);
if (!param->r1)
- goto end;
+ goto error;
param->r2 = BN_CTX_get(ctx);
if (!param->r2)
- goto end;
-
- param->rsa_p = BN_CTX_get(ctx);
- if (!param->rsa_p)
- goto end;
+ goto error;
param->rsa_q = BN_CTX_get(ctx);
if (!param->rsa_q)
- goto end;
+ goto error;
+
+ param->rsa_p = BN_CTX_get(ctx);
+ if (!param->rsa_p)
+ goto error;
return UADK_E_SUCCESS;
-end:
+error:
fprintf(stderr, "failed to allocate rsa prime params\n");
return -ENOMEM;
}
@@ -781,31 +783,31 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
{
struct rsa_prime_param *param = NULL;
int bitsr[RSA_MAX_PRIME_NUM] = {0};
- int flag, quo, rmd, i;
- BN_CTX *ctx;
+ int flag, quot, rmd, i;
+ BN_CTX *bnctx;
int bitse = 0;
int ret = 0;
/* n: modulo n, a part of public key */
int n = 0;
- ctx = BN_CTX_new();
- if (!ctx)
+ bnctx = BN_CTX_new();
+ if (!bnctx)
return ret;
- BN_CTX_start(ctx);
+ BN_CTX_start(bnctx);
param = OPENSSL_zalloc(sizeof(struct rsa_prime_param));
if (!param)
goto free_ctx;
- ret = get_rsa_prime_param(param, ctx);
+ ret = get_rsa_prime_param(param, bnctx);
if (ret != UADK_E_SUCCESS)
goto free_param;
/* Divide bits into 'primes' pieces evenly */
- quo = bits / RSA_MAX_PRIME_NUM;
+ quot = bits / RSA_MAX_PRIME_NUM;
rmd = bits % RSA_MAX_PRIME_NUM;
for (i = 0; i < RSA_MAX_PRIME_NUM; i++)
- bitsr[i] = (i < rmd) ? quo + 1 : quo;
+ bitsr[i] = (i < rmd) ? quot + 1 : quot;
/* Generate p, q and other primes (if any) */
for (i = 0; i < RSA_MAX_PRIME_NUM; i++) {
@@ -815,12 +817,12 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
rsa_set_primes(i, param->rsa_p, param->rsa_q, &param->prime);
while (flag == 1) {
ret = get_rsa_prime_once(i, bitsr, &n, e_pub, param,
- ctx, cb);
+ bnctx, cb);
if (ret == -1)
goto free_param;
bitse += bitsr[i];
ret = check_rsa_prime_sufficient(&i, bitsr, &bitse, &n,
- param, ctx, cb);
+ param, bnctx, cb);
if (ret == BN_ERR)
goto free_param;
else if (ret == BN_REDO)
@@ -836,8 +838,8 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
free_param:
OPENSSL_free(param);
free_ctx:
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
+ BN_CTX_end(bnctx);
+ BN_CTX_free(bnctx);
return ret;
}
@@ -847,7 +849,7 @@ static int add_rsa_pubenc_padding(int flen, const unsigned char *from,
int ret;
if (!buf || !num) {
- fprintf(stderr, "buf or num is invalid\n");
+ fprintf(stderr, "buf or num is invalid.\n");
return UADK_E_FAIL;
}
@@ -855,12 +857,12 @@ static int add_rsa_pubenc_padding(int flen, const unsigned char *from,
case RSA_PKCS1_PADDING:
ret = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
if (!ret)
- fprintf(stderr, "RSA_PKCS1_PADDING err\n");
+ fprintf(stderr, "RSA_PKCS1_PADDING err.\n");
break;
case RSA_PKCS1_OAEP_PADDING:
ret = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
if (!ret)
- fprintf(stderr, "RSA_PKCS1_OAEP_PADDING err\n");
+ fprintf(stderr, "RSA_PKCS1_OAEP_PADDING err.\n");
break;
default:
ret = UADK_E_FAIL;
@@ -879,13 +881,13 @@ static int check_rsa_pridec_padding(unsigned char *to, int num,
case RSA_PKCS1_PADDING:
ret = RSA_padding_check_PKCS1_type_2(to, num, buf, flen, num);
if (ret == CHECK_PADDING_FAIL)
- fprintf(stderr, "RSA_PKCS1_PADDING err\n");
+ fprintf(stderr, "RSA_PKCS1_PADDING err.\n");
break;
case RSA_PKCS1_OAEP_PADDING:
ret = RSA_padding_check_PKCS1_OAEP(to, num, buf, flen, num,
NULL, 0);
if (ret == CHECK_PADDING_FAIL)
- fprintf(stderr, "RSA_PKCS1_OAEP_PADDING err\n");
+ fprintf(stderr, "RSA_PKCS1_OAEP_PADDING err.\n");
break;
default:
ret = UADK_E_FAIL;
@@ -907,12 +909,12 @@ static int add_rsa_prienc_padding(int flen, const unsigned char *from,
case RSA_PKCS1_PADDING:
ret = RSA_padding_add_PKCS1_type_1(to_buf, tlen, from, flen);
if (!ret)
- fprintf(stderr, "RSA_PKCS1_PADDING err\n");
+ fprintf(stderr, "RSA_PKCS1_PADDING err.\n");
break;
case RSA_X931_PADDING:
ret = RSA_padding_add_X931(to_buf, tlen, from, flen);
if (ret == -1)
- fprintf(stderr, "RSA_X931_PADDING err\n");
+ fprintf(stderr, "RSA_X931_PADDING err.\n");
break;
default:
ret = UADK_E_FAIL;
@@ -933,12 +935,12 @@ static int check_rsa_pubdec_padding(unsigned char *to, int num,
case RSA_PKCS1_PADDING:
ret = RSA_padding_check_PKCS1_type_1(to, num, buf, len, num);
if (ret == CHECK_PADDING_FAIL)
- fprintf(stderr, "RSA_PKCS1_PADDING err\n");
+ fprintf(stderr, "RSA_PKCS1_PADDING err.\n");
break;
case RSA_X931_PADDING:
ret = RSA_padding_check_X931(to, num, buf, len, num);
if (ret == CHECK_PADDING_FAIL)
- fprintf(stderr, "RSA_X931_PADDING err\n");
+ fprintf(stderr, "RSA_X931_PADDING err.\n");
break;
default:
ret = UADK_E_FAIL;
@@ -950,10 +952,15 @@ static int check_rsa_pubdec_padding(unsigned char *to, int num,
return ret;
}
+static BN_ULONG *bn_get_words(const BIGNUM *a)
+{
+ return a->d;
+}
+
static int check_rsa_input_para(const int flen, const unsigned char *from,
unsigned char *to, RSA *rsa)
{
- if (!rsa || !from || !to || flen <= 0) {
+ if (!rsa || !to || !from || flen <= 0) {
fprintf(stderr, "input param invalid\n");
return UADK_E_FAIL;
}
@@ -961,11 +968,6 @@ static int check_rsa_input_para(const int flen, const unsigned char *from,
return rsa_check_bit_useful(uadk_rsa_bits(rsa), flen);
}
-static BN_ULONG *bn_get_words(const BIGNUM *a)
-{
- return a->d;
-}
-
static int rsa_get_sign_res(int padding, BIGNUM *to_bn, const BIGNUM *n,
BIGNUM *ret_bn, BIGNUM **res)
{
@@ -1053,8 +1055,8 @@ static struct uadk_rsa_sess *rsa_new_eng_session(RSA *rsa)
memset(rsa_sess, 0, sizeof(struct uadk_rsa_sess));
rsa_sess->alg = rsa;
- rsa_sess->is_prikey_ready = UN_SET;
rsa_sess->is_pubkey_ready = UN_SET;
+ rsa_sess->is_prikey_ready = UN_SET;
return rsa_sess;
}
@@ -1065,8 +1067,8 @@ static void rsa_free_eng_session(struct uadk_rsa_sess *rsa_sess)
return;
rsa_sess->alg = NULL;
- rsa_sess->is_prikey_ready = UN_SET;
rsa_sess->is_pubkey_ready = UN_SET;
+ rsa_sess->is_prikey_ready = UN_SET;
wd_rsa_free_sess(rsa_sess->sess);
OPENSSL_free(rsa_sess);
@@ -1079,7 +1081,7 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
struct sched_params params = {0};
struct uadk_rsa_sess *rsa_sess;
- rsa_sess = rsa_new_eng_session(rsa);
+ rsa_sess = rsa_new_eng_session(rsa);
if (!rsa_sess)
return NULL;
@@ -1105,8 +1107,8 @@ static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param,
unsigned char *in_buf, unsigned char *to)
{
struct wd_rsa_pubkey *pubkey = NULL;
- struct wd_dtb *wd_e = NULL;
struct wd_dtb *wd_n = NULL;
+ struct wd_dtb *wd_e = NULL;
if (!rsa_sess->is_pubkey_ready) {
wd_rsa_get_pubkey(rsa_sess->sess, &pubkey);
@@ -1114,17 +1116,17 @@ static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param,
return UADK_E_FAIL;
wd_rsa_get_pubkey_params(pubkey, &wd_e, &wd_n);
- if (!wd_e || !wd_n)
+ if (!wd_n || !wd_e)
return UADK_E_FAIL;
- wd_e->dsize = BN_bn2bin(pubkey_param->e,
- (unsigned char *)wd_e->data);
wd_n->dsize = BN_bn2bin(pubkey_param->n,
(unsigned char *)wd_n->data);
- rsa_sess->is_pubkey_ready = IS_SET;
+ wd_e->dsize = BN_bn2bin(pubkey_param->e,
+ (unsigned char *)wd_e->data);
rsa_sess->req.src_bytes = rsa_sess->key_size;
rsa_sess->req.dst_bytes = rsa_sess->key_size;
rsa_sess->req.op_type = WD_RSA_VERIFY;
+ rsa_sess->is_pubkey_ready = IS_SET;
rsa_sess->req.src = in_buf;
rsa_sess->req.dst = to;
@@ -1140,12 +1142,12 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,
{
struct wd_rsa_prikey *prikey = NULL;
struct wd_dtb *wd_qinv = NULL;
- struct wd_dtb *wd_dq = NULL;
struct wd_dtb *wd_dp = NULL;
- struct wd_dtb *wd_q = NULL;
+ struct wd_dtb *wd_dq = NULL;
struct wd_dtb *wd_p = NULL;
- struct wd_dtb *wd_d = NULL;
+ struct wd_dtb *wd_q = NULL;
struct wd_dtb *wd_n = NULL;
+ struct wd_dtb *wd_d = NULL;
if (!(rsa_sess->is_prikey_ready) && (pri->is_crt)) {
wd_rsa_get_prikey(rsa_sess->sess, &prikey);
@@ -1157,14 +1159,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,
if (!wd_dq || !wd_dp || !wd_qinv || !wd_q || !wd_p)
return UADK_E_FAIL;
- wd_dq->dsize = BN_bn2bin(pri->dmq1,
- (unsigned char *)wd_dq->data);
wd_dp->dsize = BN_bn2bin(pri->dmp1,
(unsigned char *)wd_dp->data);
- wd_q->dsize = BN_bn2bin(pri->q,
- (unsigned char *)wd_q->data);
+ wd_dq->dsize = BN_bn2bin(pri->dmq1,
+ (unsigned char *)wd_dq->data);
wd_p->dsize = BN_bn2bin(pri->p,
(unsigned char *)wd_p->data);
+ wd_q->dsize = BN_bn2bin(pri->q,
+ (unsigned char *)wd_q->data);
wd_qinv->dsize = BN_bn2bin(pri->iqmp,
(unsigned char *)wd_qinv->data);
} else if (!(rsa_sess->is_prikey_ready) && !(pri->is_crt)) {
@@ -1176,16 +1178,17 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,
if (!wd_d || !wd_n)
return UADK_E_FAIL;
- wd_d->dsize = BN_bn2bin(pri->d,
- (unsigned char *)wd_d->data);
wd_n->dsize = BN_bn2bin(pri->n,
(unsigned char *)wd_n->data);
+ wd_d->dsize = BN_bn2bin(pri->d,
+ (unsigned char *)wd_d->data);
} else {
return UADK_E_FAIL;
}
+
rsa_sess->is_prikey_ready = IS_SET;
- rsa_sess->req.src_bytes = rsa_sess->key_size;
rsa_sess->req.op_type = WD_RSA_SIGN;
+ rsa_sess->req.src_bytes = rsa_sess->key_size;
rsa_sess->req.dst_bytes = rsa_sess->key_size;
rsa_sess->req.src = in_buf;
rsa_sess->req.dst = to;
@@ -1198,7 +1201,7 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req, handle_t ctx, RSA *rsa,
{
struct wd_rsa_kg_out *out = (struct wd_rsa_kg_out *)req->dst;
struct wd_dtb wd_d, wd_n, wd_qinv, wd_dq, wd_dp;
- BIGNUM *dmp1, *dmq1, *iqmp, *n, *d;
+ BIGNUM *dmp1, *dmq1, *iqmp, *d, *n;
unsigned int key_bits, key_size;
BN_CTX *bn_ctx = *bn_ctx_in;
@@ -1210,14 +1213,14 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req, handle_t ctx, RSA *rsa,
wd_rsa_get_kg_out_params(out, &wd_d, &wd_n);
wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp);
- dmp1 = BN_CTX_get(bn_ctx);
- if (!dmp1)
- return UADK_E_FAIL;
-
dmq1 = BN_CTX_get(bn_ctx);
if (!dmq1)
return UADK_E_FAIL;
+ dmp1 = BN_CTX_get(bn_ctx);
+ if (!dmp1)
+ return UADK_E_FAIL;
+
iqmp = BN_CTX_get(bn_ctx);
if (!iqmp)
return UADK_E_FAIL;
@@ -1230,8 +1233,8 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req, handle_t ctx, RSA *rsa,
if (!d)
return UADK_E_FAIL;
- BN_bin2bn((unsigned char *)wd_d.data, key_size, d);
BN_bin2bn((unsigned char *)wd_n.data, key_size, n);
+ BN_bin2bn((unsigned char *)wd_d.data, key_size, d);
BN_bin2bn((unsigned char *)wd_qinv.data, wd_qinv.dsize, iqmp);
BN_bin2bn((unsigned char *)wd_dq.data, wd_dq.dsize, dmq1);
BN_bin2bn((unsigned char *)wd_dp.data, wd_dp.dsize, dmp1);
@@ -1246,15 +1249,15 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req, handle_t ctx, RSA *rsa,
static void uadk_e_rsa_cb(void *req_t)
{
- struct wd_rsa_req *req_new = (struct wd_rsa_req *)req_t;
+ struct wd_rsa_req *req = (struct wd_rsa_req *)req_t;
struct uadk_e_cb_info *cb_param;
struct wd_rsa_req *req_origin;
struct async_op *op;
- if (!req_new)
+ if (!req)
return;
- cb_param = req_new->cb_param;
+ cb_param = req->cb_param;
if (!cb_param)
return;
@@ -1262,7 +1265,7 @@ static void uadk_e_rsa_cb(void *req_t)
if (!req_origin)
return;
- req_origin->status = req_new->status;
+ req_origin->status = req->status;
op = cb_param->op;
if (op && op->job && !op->done) {
@@ -1345,21 +1348,19 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess,
wd_rsa_get_crt_prikey_params(key_pair->prikey, NULL, NULL, NULL,
&keygen_param->wd_q, &keygen_param->wd_p);
- if (!keygen_param->wd_q || !keygen_param->wd_p)
+ if (!keygen_param->wd_p || !keygen_param->wd_q)
return UADK_E_FAIL;
- keygen_param->wd_q->dsize = BN_bn2bin(bn_param->q,
- (unsigned char *)keygen_param->wd_q->data);
keygen_param->wd_p->dsize = BN_bn2bin(bn_param->p,
(unsigned char *)keygen_param->wd_p->data);
+ keygen_param->wd_q->dsize = BN_bn2bin(bn_param->q,
+ (unsigned char *)keygen_param->wd_q->data);
rsa_sess->req.src_bytes = rsa_sess->key_size;
rsa_sess->req.dst_bytes = rsa_sess->key_size;
rsa_sess->req.op_type = WD_RSA_GENKEY;
- rsa_sess->req.src = wd_rsa_new_kg_in(rsa_sess->sess,
- keygen_param->wd_e,
- keygen_param->wd_p,
- keygen_param->wd_q);
+ rsa_sess->req.src = wd_rsa_new_kg_in(rsa_sess->sess, keygen_param->wd_e,
+ keygen_param->wd_p, keygen_param->wd_q);
if (!rsa_sess->req.src)
return UADK_E_FAIL;
@@ -1377,8 +1378,8 @@ static void rsa_free_keygen_data(struct uadk_rsa_sess *rsa_sess)
if (!rsa_sess)
return;
- wd_rsa_del_kg_in(rsa_sess->sess, rsa_sess->req.src);
wd_rsa_del_kg_out(rsa_sess->sess, rsa_sess->req.dst);
+ wd_rsa_del_kg_in(rsa_sess->sess, rsa_sess->req.src);
}
static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
@@ -1389,7 +1390,7 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
*keygen_param = OPENSSL_malloc(sizeof(struct rsa_keygen_param));
if (!(*keygen_param))
- goto err;
+ goto error;
*keygen_bn_param = (struct rsa_keygen_param_bn *)
OPENSSL_malloc(sizeof(struct rsa_keygen_param_bn));
@@ -1407,10 +1408,6 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
BN_CTX_start(bn_ctx);
*bn_ctx_in = bn_ctx;
- (*keygen_bn_param)->e = BN_CTX_get(bn_ctx);
- if (!(*keygen_bn_param)->e)
- goto free_bn_ctx;
-
(*keygen_bn_param)->p = BN_CTX_get(bn_ctx);
if (!(*keygen_bn_param)->p)
goto free_bn_ctx;
@@ -1419,6 +1416,10 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
if (!(*keygen_bn_param)->q)
goto free_bn_ctx;
+ (*keygen_bn_param)->e = BN_CTX_get(bn_ctx);
+ if (!(*keygen_bn_param)->e)
+ goto free_bn_ctx;
+
return UADK_E_SUCCESS;
free_bn_ctx:
@@ -1430,7 +1431,7 @@ free_keygen_bn_param:
OPENSSL_free(*keygen_bn_param);
free_keygen_param:
OPENSSL_free(*keygen_param);
-err:
+error:
return -ENOMEM;
}
@@ -1440,9 +1441,9 @@ static void rsa_keygen_param_free(struct rsa_keygen_param **keygen_param,
int free_bn_ctx_tag)
{
/*
- * When an abnormal situation occurs, uadk engine needs
- * to switch to software keygen function, so we need to
- * free BN ctx we alloced before. But in normal situation,
+ * When an abnormal situation occurs, uadk engine needs to
+ * switch to software keygen function, so we need to free
+ * BN ctx we alloced before. But in normal situation,
* the BN ctx should be freed by OpenSSL tools or users.
* Therefore, we use a tag to distinguish these cases.
*/
@@ -1451,20 +1452,14 @@ static void rsa_keygen_param_free(struct rsa_keygen_param **keygen_param,
BN_CTX_free(*bn_ctx);
}
- OPENSSL_free(*keygen_bn_param);
- OPENSSL_free(*keygen_param);
OPENSSL_free(*key_pair);
+ OPENSSL_free(*keygen_param);
+ OPENSSL_free(*keygen_bn_param);
}
static int rsa_pkey_param_alloc(struct rsa_pubkey_param **pub,
struct rsa_prikey_param **pri)
{
- if (pub) {
- *pub = OPENSSL_malloc(sizeof(struct rsa_pubkey_param));
- if (!(*pub))
- return -ENOMEM;
- }
-
if (pri) {
*pri = OPENSSL_malloc(sizeof(struct rsa_prikey_param));
if (!(*pri)) {
@@ -1474,23 +1469,29 @@ static int rsa_pkey_param_alloc(struct rsa_pubkey_param **pub,
}
}
+ if (pub) {
+ *pub = OPENSSL_malloc(sizeof(struct rsa_pubkey_param));
+ if (!(*pub))
+ return -ENOMEM;
+ }
+
return UADK_E_SUCCESS;
}
static void rsa_pkey_param_free(struct rsa_pubkey_param **pub,
struct rsa_prikey_param **pri)
{
- if (pub)
- OPENSSL_free(*pub);
if (pri)
OPENSSL_free(*pri);
+ if (pub)
+ OPENSSL_free(*pub);
}
static int rsa_create_pub_bn_ctx(RSA *rsa, struct rsa_pubkey_param *pub,
unsigned char **from_buf, int *num_bytes)
{
uadk_rsa_get0_key(rsa, &pub->n, &pub->e, NULL);
- if (!(pub->n) || !(pub->e))
+ if (!(pub->e) || !(pub->n))
return UADK_E_FAIL;
*num_bytes = BN_num_bytes(pub->n);
@@ -1782,27 +1783,27 @@ static int uadk_prov_rsa_private_sign(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
struct uadk_rsa_sess *rsa_sess = NULL;
- struct rsa_prikey_param *pri = NULL;
+ struct rsa_prikey_param *prik = NULL;
unsigned char *from_buf = NULL;
- int num_bytes, ret;
+ int ret, num_bytes;
ret = check_rsa_input_para(flen, from, to, rsa);
if (ret != UADK_E_SUCCESS)
return ret;
- ret = rsa_pkey_param_alloc(NULL, &pri);
+ ret = rsa_pkey_param_alloc(NULL, &prik);
if (ret == -ENOMEM)
return UADK_E_FAIL;
- pri->is_crt = check_rsa_is_crt(rsa);
+ prik->is_crt = check_rsa_is_crt(rsa);
- rsa_sess = rsa_get_eng_session(rsa, uadk_rsa_bits(rsa), pri->is_crt);
+ rsa_sess = rsa_get_eng_session(rsa, uadk_rsa_bits(rsa), prik->is_crt);
if (!rsa_sess) {
ret = UADK_DO_SOFT;
goto free_pkey;
}
- ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes);
+ ret = rsa_create_pri_bn_ctx(rsa, prik, &from_buf, &num_bytes);
if (ret <= 0 || flen > num_bytes) {
ret = UADK_E_FAIL;
goto free_sess;
@@ -1814,7 +1815,7 @@ static int uadk_prov_rsa_private_sign(int flen, const unsigned char *from,
goto free_buf;
}
- ret = rsa_fill_prikey(rsa, rsa_sess, pri, from_buf, to);
+ ret = rsa_fill_prikey(rsa, rsa_sess, prik, from_buf, to);
if (!ret) {
ret = UADK_E_FAIL;
goto free_buf;
@@ -1826,14 +1827,14 @@ static int uadk_prov_rsa_private_sign(int flen, const unsigned char *from,
goto free_buf;
}
- ret = sign_trans_bn(rsa_sess, from_buf, pri, padding, to, num_bytes);
+ ret = sign_trans_bn(rsa_sess, from_buf, prik, padding, to, num_bytes);
free_buf:
rsa_free_pri_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
free_pkey:
- rsa_pkey_param_free(NULL, &pri);
+ rsa_pkey_param_free(NULL, &prik);
return ret;
}
@@ -1897,23 +1898,23 @@ static int uadk_prov_rsa_public_verify(int flen, const unsigned char *from,
ret = rsa_fill_pubkey(pub, rsa_sess, from_buf, to);
if (!ret) {
ret = UADK_E_FAIL;
- goto free_buf;
+ goto free_buff;
}
memcpy(rsa_sess->req.src, from, rsa_sess->req.src_bytes);
ret = rsa_do_crypto(rsa_sess);
if (!ret || rsa_sess->req.status) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_buff;
}
ret = verify_trans_bn(rsa_sess, from_buf, num_bytes, pub, padding, &len);
if (!ret)
- goto free_buf;
+ goto free_buff;
ret = check_rsa_pubdec_padding(to, num_bytes, from_buf, len, padding);
-free_buf:
+free_buff:
rsa_free_pub_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
@@ -1951,24 +1952,24 @@ static int uadk_rsa_asym_init(void *vprsactx, void *vrsa,
static int uadk_rsa_init(void *vprsactx, void *vrsa,
const OSSL_PARAM params[], int operation)
{
- PROV_RSA_SIG_CTX *priv = (PROV_RSA_SIG_CTX *)vprsactx;
+ PROV_RSA_SIG_CTX *ctx = (PROV_RSA_SIG_CTX *)vprsactx;
- if (priv == NULL || vrsa == NULL)
+ if (ctx == NULL || vrsa == NULL)
return UADK_E_FAIL;
- priv->rsa = vrsa;
- priv->operation = operation;
+ ctx->rsa = vrsa;
+ ctx->operation = operation;
/* Maximum for sign, auto for verify */
- priv->saltlen = RSA_PSS_SALTLEN_AUTO;
- priv->min_saltlen = -1;
+ ctx->saltlen = RSA_PSS_SALTLEN_AUTO;
+ ctx->min_saltlen = -1;
- switch (uadk_rsa_test_flags(priv->rsa, RSA_FLAG_TYPE_MASK)) {
+ switch (uadk_rsa_test_flags(ctx->rsa, RSA_FLAG_TYPE_MASK)) {
case RSA_FLAG_TYPE_RSA:
- priv->pad_mode = RSA_PKCS1_PADDING;
+ ctx->pad_mode = RSA_PKCS1_PADDING;
break;
case RSA_FLAG_TYPE_RSASSAPSS:
- priv->pad_mode = RSA_PKCS1_PSS_PADDING;
+ ctx->pad_mode = RSA_PKCS1_PSS_PADDING;
break;
default:
ERR_raise(ERR_LIB_RSA, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
@@ -1976,7 +1977,7 @@ static int uadk_rsa_init(void *vprsactx, void *vrsa,
}
if (uadk_prov_rsa_init())
- priv->soft = 1;
+ ctx->soft = 1;
return UADK_E_SUCCESS;
}
@@ -2430,7 +2431,6 @@ static int uadk_asym_cipher_rsa_decrypt(void *vprsactx, unsigned char *out,
else
return UADK_E_FAIL;
}
-
*outlen = ret;
return UADK_E_SUCCESS;
--
2.25.1

232
0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch
View File

@ -1,232 +0,0 @@
From 1bb24b3d0769f82e6903ca94fa6b8ad466eb5bbe Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Fri, 24 Dec 2021 08:44:03 +0000
Subject: [PATCH 09/18] ecc: bugfix about ecc init after alloc sess
When executing allocating session operation, it needs
sched_init(), which is supported by init operation
in the engine, so the init operation should be done
before executing allocating session operation.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 93 +++++++++++++++++++++++----------------------------
1 file changed, 42 insertions(+), 51 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 9040d3c..0c8a011 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -426,7 +426,10 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
if (ret)
goto do_soft;
- ret = UADK_DO_SOFT;
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
+
sess = ecc_alloc_sess(eckey, "ecdsa");
if (!sess)
goto do_soft;
@@ -438,33 +441,28 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
if (ret)
goto free_sess;
- ret = uadk_ecc_set_private_key(sess, eckey);
+ ret = uadk_ecc_set_private_key(sess, eckey);
if (ret)
goto uninit_iot;
- ret = uadk_init_ecc();
- if (ret) {
- ret = UADK_DO_SOFT;
- goto uninit_iot;
- }
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1) {
- ret = UADK_DO_SOFT;
+ if (ret != 1)
goto uninit_iot;
- }
sig = create_ecdsa_sig(&req);
+ wd_ecc_del_in(sess, req.src);
+ wd_ecc_del_out(sess, req.dst);
+ wd_ecc_free_sess(sess);
+
+ return sig;
+
uninit_iot:
wd_ecc_del_in(sess, req.src);
wd_ecc_del_out(sess, req.dst);
free_sess:
wd_ecc_free_sess(sess);
do_soft:
- if (ret != UADK_DO_SOFT)
- return sig;
-
fprintf(stderr, "switch to execute openssl software calculation.\n");
return openssl_do_sign(dgst, dlen, in_kinv, in_r, eckey);
}
@@ -617,7 +615,10 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen,
if (ret)
goto do_soft;
- ret = UADK_DO_SOFT;
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
+
sess = ecc_alloc_sess(eckey, "ecdsa");
if (!sess)
goto do_soft;
@@ -633,24 +634,19 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen,
if (ret)
goto uninit_iot;
- ret = uadk_init_ecc();
- if (ret) {
- ret = UADK_DO_SOFT;
- goto uninit_iot;
- }
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
if (ret != 1) {
- printf("failed to uadk_ecc_crypto, ret = %d\n", ret);
- ret = UADK_DO_SOFT;
+ fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
+ goto uninit_iot;
}
+
+ return ret;
+
uninit_iot:
wd_ecc_del_in(sess, req.src);
free_sess:
wd_ecc_free_sess(sess);
do_soft:
- if (ret != UADK_DO_SOFT)
- return ret;
fprintf(stderr, "switch to execute openssl software calculation.\n");
return openssl_do_verify(dgst, dlen, sig, eckey);
}
@@ -888,9 +884,12 @@ static int sm2_generate_key(EC_KEY *eckey)
ret = eckey_create_key(eckey);
if (!ret)
- return ret;
+ goto do_soft;
+
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
- ret = UADK_DO_SOFT;
sess = ecc_alloc_sess(eckey, "sm2");
if (!sess)
goto do_soft;
@@ -900,35 +899,29 @@ static int sm2_generate_key(EC_KEY *eckey)
if (ret)
goto free_sess;
- ret = uadk_init_ecc();
- if (ret) {
- ret = UADK_DO_SOFT;
- goto uninit_iot;
- }
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1) {
- ret = UADK_DO_SOFT;
+ if (ret != 1)
goto uninit_iot;
- }
ret = set_key_to_ec_key(eckey, &req);
if (ret)
goto uninit_iot;
ret = 1;
+ wd_ecc_del_out(sess, req.dst);
+ wd_ecc_free_sess(sess);
+
+ return ret;
+
uninit_iot:
wd_ecc_del_out(sess, req.dst);
free_sess:
wd_ecc_free_sess(sess);
do_soft:
- if (ret != UADK_DO_SOFT)
- return ret;
fprintf(stderr, "switch to execute openssl software calculation.\n");
return openssl_do_generate(eckey);
}
-
static int ecdh_keygen_init_iot(handle_t sess, struct wd_ecc_req *req,
EC_KEY *ecdh)
{
@@ -1108,6 +1101,10 @@ static int ecdh_generate_key(EC_KEY *ecdh)
if (!ret)
goto do_soft;
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
+
sess = ecc_alloc_sess(ecdh, "ecdh");
if (!sess)
goto do_soft;
@@ -1121,10 +1118,6 @@ static int ecdh_generate_key(EC_KEY *ecdh)
if (ret)
goto uninit_iot;
- ret = uadk_init_ecc();
- if (ret)
- goto uninit_iot;
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
if (ret != 1)
goto uninit_iot;
@@ -1202,10 +1195,8 @@ static int ecc_compkey_check(unsigned char **out,
return 1;
}
-static int ecdh_compute_key(unsigned char **out,
- size_t *outlen,
- const EC_POINT *pub_key,
- const EC_KEY *ecdh)
+static int ecdh_compute_key(unsigned char **out, size_t *outlen,
+ const EC_POINT *pub_key, const EC_KEY *ecdh)
{
struct wd_ecc_req req;
handle_t sess;
@@ -1215,6 +1206,10 @@ static int ecdh_compute_key(unsigned char **out,
if (!ret)
goto do_soft;
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
+
sess = ecc_alloc_sess(ecdh, "ecdh");
if (!sess)
goto do_soft;
@@ -1232,10 +1227,6 @@ static int ecdh_compute_key(unsigned char **out,
if (ret)
goto uninit_iot;
- ret = uadk_init_ecc();
- if (ret)
- goto uninit_iot;
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
if (ret != 1)
goto uninit_iot;
--
2.24.4

110
0010-rsa-cleanup-about-prime-generation.patch
View File

@ -1,110 +0,0 @@
From fc023b87189ff488b4e760567d92afeca2635559 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 25 Dec 2021 01:35:03 +0000
Subject: [PATCH 10/18] rsa: cleanup about prime generation
Reduce parameter number of rsa_prime_mul_res(),
and add comments of BN_GENCB_call().
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 28 +++++++++++++++++-----------
1 file changed, 17 insertions(+), 11 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index c1609ca..2526af9 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -164,14 +164,17 @@ static int rsa_check_bit_useful(const int bits, int flen)
}
}
-static int rsa_prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
+static int rsa_prime_mul_res(int num, struct rsa_prime_param *param,
BN_CTX *ctx, BN_GENCB *cb)
{
if (num == 1) {
- if (!BN_mul(r1, rsa_p, rsa_q, ctx))
+ if (!BN_mul(param->r1, param->rsa_p, param->rsa_q, ctx))
return BN_ERR;
} else {
- /* If num == 0, use number 3 to indicate do nothing */
+ /*
+ * Use the number 3 to indicate whether
+ * the generator has been found.
+ */
if (!BN_GENCB_call(cb, 3, num))
return BN_ERR;
return BN_CONTINUE;
@@ -189,8 +192,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
BN_ULONG bitst;
int ret;
- ret = rsa_prime_mul_res(*num, param->rsa_p, param->rsa_q,
- param->r1, ctx, cb);
+ ret = rsa_prime_mul_res(*num, param, ctx, cb);
if (ret)
return ret;
/*
@@ -224,7 +226,10 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
*bitse -= bitsr[*num];
else
return -1;
-
+ /*
+ * Use the number 2 to indicate whether
+ * a prime has been found.
+ */
ret = BN_GENCB_call(cb, 2, *n++);
if (!ret)
return -1;
@@ -237,7 +242,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
retries++;
return BN_REDO;
}
-
+ /* Use the number 3 to indicate whether the generator has been found. */
ret = BN_GENCB_call(cb, 3, *num);
if (!ret)
return BN_ERR;
@@ -314,6 +319,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
else
return BN_ERR;
+ /* Use the number 2 to indicate whether a prime has been found. */
if (!BN_GENCB_call(cb, 2, *n++))
return BN_ERR;
@@ -1094,7 +1100,7 @@ static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
int ret;
if (!default_meth) {
- printf("failed to get soft method.\n");
+ fprintf(stderr, "failed to get soft method.\n");
return UADK_E_FAIL;
}
@@ -1121,7 +1127,7 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess,
return UADK_E_FAIL;
keygen_param->wd_e->dsize = BN_bn2bin(bn_param->e,
- (unsigned char *)keygen_param->wd_e->data);
+ (unsigned char *)keygen_param->wd_e->data);
wd_rsa_get_prikey(rsa_sess->sess, &key_pair->prikey);
if (!key_pair->prikey)
@@ -1133,9 +1139,9 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess,
return UADK_E_FAIL;
keygen_param->wd_q->dsize = BN_bn2bin(bn_param->q,
- (unsigned char *)keygen_param->wd_q->data);
+ (unsigned char *)keygen_param->wd_q->data);
keygen_param->wd_p->dsize = BN_bn2bin(bn_param->p,
- (unsigned char *)keygen_param->wd_p->data);
+ (unsigned char *)keygen_param->wd_p->data);
rsa_sess->req.src_bytes = rsa_sess->key_size;
rsa_sess->req.dst_bytes = rsa_sess->key_size;
--
2.24.4

209
0011-ecc-cleanup-the-form-of-the-return-value.patch
View File

@ -1,209 +0,0 @@
From dbb4ff29da9ed378d8753a6e5d18e86756c1d254 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Mon, 27 Dec 2021 07:04:43 +0000
Subject: [PATCH 11/18] ecc: cleanup the form of the return value
This patch includes:
1. Unified the return value form.
2. Remove redundant goto jumps.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 20 +++++++++++---------
src/uadk_ecx.c | 8 ++++----
src/uadk_pkey.c | 5 ++---
src/uadk_sm2.c | 8 ++++----
4 files changed, 21 insertions(+), 20 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 0c8a011..db69871 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -446,7 +446,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
goto uninit_iot;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
sig = create_ecdsa_sig(&req);
@@ -635,11 +635,14 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen,
goto uninit_iot;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
goto uninit_iot;
}
+ wd_ecc_del_in(sess, req.src);
+ wd_ecc_free_sess(sess);
+
return ret;
uninit_iot:
@@ -701,7 +704,7 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req)
tmp = BN_bin2bn((unsigned char *)privkey->data, privkey->dsize, NULL);
ret = EC_KEY_set_private_key(ec, tmp);
BN_free(tmp);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to EC KEY set private key\n");
return -EINVAL;
}
@@ -725,7 +728,7 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req)
ret = EC_KEY_set_public_key(ec, point);
EC_POINT_free(point);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to EC_KEY_set_public_key\n");
return -EINVAL;
}
@@ -900,18 +903,17 @@ static int sm2_generate_key(EC_KEY *eckey)
goto free_sess;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = set_key_to_ec_key(eckey, &req);
if (ret)
goto uninit_iot;
- ret = 1;
wd_ecc_del_out(sess, req.dst);
wd_ecc_free_sess(sess);
- return ret;
+ return 1;
uninit_iot:
wd_ecc_del_out(sess, req.dst);
@@ -1119,7 +1121,7 @@ static int ecdh_generate_key(EC_KEY *ecdh)
goto uninit_iot;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = ecdh_set_key_to_ec_key(ecdh, &req);
@@ -1228,7 +1230,7 @@ static int ecdh_compute_key(unsigned char **out, size_t *outlen,
goto uninit_iot;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = ecdh_get_shared_key(ecdh, out, outlen, &req);
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 6a9f78c..67f9350 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -399,7 +399,7 @@ static int x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
goto uninit_iot;
ret = uadk_ecc_crypto(keygen_ctx->sess, &req, (void *)keygen_ctx->sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = ecx_keygen_set_pkey(pkey, keygen_ctx, &req, ecx_key);
@@ -457,7 +457,7 @@ static int x448_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
goto uninit_iot;
ret = uadk_ecc_crypto(keygen_ctx->sess, &req, (void *)keygen_ctx->sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = ecx_keygen_set_pkey(pkey, keygen_ctx, &req, ecx_key);
@@ -659,7 +659,7 @@ static int x25519_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
goto uninit_iot;
ret = uadk_ecc_crypto(derive_ctx->sess, &req, (void *)derive_ctx);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
wd_ecxdh_get_out_params(req.dst, &s_key);
@@ -745,7 +745,7 @@ static int x448_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
goto uninit_iot;
ret = uadk_ecc_crypto(derive_ctx->sess, &req, (void *)derive_ctx);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
wd_ecxdh_get_out_params(req.dst, &s_key);
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 62362b0..7ca998b 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -273,8 +273,7 @@ static void uadk_wd_ecc_uninit(void)
ecc_res.pid = 0;
}
-int uadk_ecc_crypto(handle_t sess,
- struct wd_ecc_req *req, void *usr)
+int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr)
{
struct uadk_e_cb_info cb_param;
struct async_op op;
@@ -314,7 +313,7 @@ int uadk_ecc_crypto(handle_t sess,
} else {
ret = wd_do_ecc_sync(sess, req);
if (ret < 0)
- return ret;
+ return 0;
}
return 1;
err:
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 6d5dad0..f602e48 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -359,7 +359,7 @@ static int sign_bin_to_ber(EC_KEY *ec, struct wd_dtb *r, struct wd_dtb *s,
}
ret = ECDSA_SIG_set0(e_sig, br, bs);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to ECDSA_SIG_set0\n");
ret = -EINVAL;
goto free_s;
@@ -686,7 +686,7 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
}
ret = uadk_ecc_crypto(smctx->sess, &req, smctx);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
ret = UADK_DO_SOFT;
goto uninit_iot;
@@ -907,7 +907,7 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx,
}
ret = uadk_ecc_crypto(smctx->sess, &req, smctx);
- if (ret != 1) {
+ if (!ret) {
ret = UADK_DO_SOFT;
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
goto uninit_iot;
@@ -1061,7 +1061,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
}
ret = uadk_ecc_crypto(smctx->sess, &req, smctx);
- if (ret != 1) {
+ if (!ret) {
ret = UADK_DO_SOFT;
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
goto uninit_iot;
--
2.24.4

140
0012-engine-fix-uadk-engine-compatibility-issue.patch
View File

@ -1,140 +0,0 @@
From c212eedcab9135acc0433a125c8fab151674e8c5 Mon Sep 17 00:00:00 2001
From: Wenkai Lin <linwenkai6@hisilicon.com>
Date: Tue, 23 Nov 2021 09:14:31 +0000
Subject: [PATCH 12/18] engine: fix uadk engine compatibility issue
When uadk use no sva mode, it should use wd_get_available_dev_num,
otherwise, it will not find old kernel's device path with attrs.
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
---
src/e_uadk.c | 70 +++++++++++++++---------------------
src/v1/uadk_v1.h | 1 +
src/v1/wdmngr/wd_alg_queue.c | 4 +++
src/v1/wdmngr/wd_alg_queue.h | 2 ++
4 files changed, 36 insertions(+), 41 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 18c2e4e..4e87c86 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -239,54 +239,42 @@ static void engine_init_child_at_fork_handler(void)
#ifdef KAE
static void bind_fn_kae_alg(ENGINE *e)
{
- struct uacce_dev *dev;
+ int dev_num;
- dev = wd_get_accel_dev("cipher");
- if (dev) {
- if (!(dev->flags & UACCE_DEV_SVA)) {
- cipher_module_init();
- if (!ENGINE_set_ciphers(e, sec_engine_ciphers))
- fprintf(stderr, "uadk bind cipher failed\n");
- else
- uadk_cipher_nosva = 1;
- }
- free(dev);
+ dev_num = wd_get_nosva_dev_num("cipher");
+ if (dev_num > 0) {
+ cipher_module_init();
+ if (!ENGINE_set_ciphers(e, sec_engine_ciphers))
+ fprintf(stderr, "uadk bind cipher failed\n");
+ else
+ uadk_cipher_nosva = 1;
}
- dev = wd_get_accel_dev("digest");
- if (dev) {
- if (!(dev->flags & UACCE_DEV_SVA)) {
- digest_module_init();
- if (!ENGINE_set_digests(e, sec_engine_digests))
- fprintf(stderr, "uadk bind digest failed\n");
- else
- uadk_digest_nosva = 1;
- }
- free(dev);
+ dev_num = wd_get_nosva_dev_num("digest");
+ if (dev_num > 0) {
+ digest_module_init();
+ if (!ENGINE_set_digests(e, sec_engine_digests))
+ fprintf(stderr, "uadk bind digest failed\n");
+ else
+ uadk_digest_nosva = 1;
}
- dev = wd_get_accel_dev("rsa");
- if (dev) {
- if (!(dev->flags & UACCE_DEV_SVA)) {
- hpre_module_init();
- if (!ENGINE_set_RSA(e, hpre_get_rsa_methods()))
- fprintf(stderr, "uadk bind rsa failed\n");
- else
- uadk_rsa_nosva = 1;
- }
- free(dev);
+ dev_num = wd_get_nosva_dev_num("rsa");
+ if (dev_num > 0) {
+ hpre_module_init();
+ if (!ENGINE_set_RSA(e, hpre_get_rsa_methods()))
+ fprintf(stderr, "uadk bind rsa failed\n");
+ else
+ uadk_rsa_nosva = 1;
}
- dev = wd_get_accel_dev("dh");
- if (dev) {
- if (!(dev->flags & UACCE_DEV_SVA)) {
- hpre_module_dh_init();
- if (!ENGINE_set_DH(e, hpre_get_dh_methods()))
- fprintf(stderr, "uadk bind dh failed\n");
- else
- uadk_dh_nosva = 1;
- }
- free(dev);
+ dev_num = wd_get_nosva_dev_num("dh");
+ if (dev_num > 0) {
+ hpre_module_dh_init();
+ if (!ENGINE_set_DH(e, hpre_get_dh_methods()))
+ fprintf(stderr, "uadk bind dh failed\n");
+ else
+ uadk_dh_nosva = 1;
}
}
#endif
diff --git a/src/v1/uadk_v1.h b/src/v1/uadk_v1.h
index f5081e3..d921706 100644
--- a/src/v1/uadk_v1.h
+++ b/src/v1/uadk_v1.h
@@ -35,4 +35,5 @@ extern void hpre_dh_destroy(void);
extern int hpre_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
const int **pnids, int nid);
+extern int wd_get_nosva_dev_num(const char *algorithm);
#endif
diff --git a/src/v1/wdmngr/wd_alg_queue.c b/src/v1/wdmngr/wd_alg_queue.c
index 79c9a6d..5cd33ae 100644
--- a/src/v1/wdmngr/wd_alg_queue.c
+++ b/src/v1/wdmngr/wd_alg_queue.c
@@ -74,3 +74,7 @@ void wd_free_queue(struct wd_queue *queue)
}
}
+int wd_get_nosva_dev_num(const char *algorithm)
+{
+ return wd_get_available_dev_num(algorithm);
+}
diff --git a/src/v1/wdmngr/wd_alg_queue.h b/src/v1/wdmngr/wd_alg_queue.h
index 4fd3a9d..955eed5 100644
--- a/src/v1/wdmngr/wd_alg_queue.h
+++ b/src/v1/wdmngr/wd_alg_queue.h
@@ -25,4 +25,6 @@
struct wd_queue *wd_new_queue(int algtype);
void wd_free_queue(struct wd_queue *queue);
+
+int wd_get_nosva_dev_num(const char *algorithm);
#endif
--
2.24.4

31
0013-digest-modify-the-process-of-free-session.patch
View File

@ -1,31 +0,0 @@
From ca59dfa548656d82d6d50a6dad6bfc88b2825473 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 6 Jan 2022 14:49:27 +0800
Subject: [PATCH 13/18] digest: modify the process of free session
Currently, release the session in the cleanup instead of final. so not
should free session in the final. Here is fix it.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 41de449..cbfb539 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -688,10 +688,6 @@ sync_err:
ret = uadk_e_digest_soft_work(priv, priv->tail, digest);
clear:
async_clear_async_event_notification();
- if (priv->sess) {
- wd_digest_free_sess(priv->sess);
- priv->sess = 0;
- }
return ret;
}
--
2.24.4

153
0014-digest-modify-the-process-of-soft-and-hardware-hando.patch
View File

@ -1,153 +0,0 @@
From 7efc5b169d74b84af8108bc736d80eedbe3a8004 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 6 Jan 2022 14:48:13 +0800
Subject: [PATCH 14/18] digest: modify the process of soft and hardware handoff
Due to has added the stream mode for digest. So need to modify the
process of software and hardware handoff.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 60 +++++++++++++++++++++++++++++++++++++----------
1 file changed, 48 insertions(+), 12 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index cbfb539..bf738af 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -44,6 +44,14 @@
#define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024)
#define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
#define MAX_DIGEST_LENGTH 64
+#define DIGEST_BLOCK_SIZE (512 * 1024)
+
+enum sec_digestz_state {
+ SEC_DIGEST_INIT,
+ SEC_DIGEST_FIRST_UPDATING,
+ SEC_DIGEST_DOING,
+ SEC_DIGEST_FINAL
+};
struct digest_threshold_table {
int nid;
@@ -72,21 +80,19 @@ struct evp_md_ctx_st {
int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
};
-#define DIGEST_BLOCK_SIZE 4096
-
struct digest_priv_ctx {
handle_t sess;
struct wd_digest_sess_setup setup;
struct wd_digest_req req;
unsigned char *data;
unsigned char out[MAX_DIGEST_LENGTH];
- size_t tail;
+ EVP_MD_CTX *soft_ctx;
size_t last_update_bufflen;
- bool copy;
uint32_t e_nid;
- EVP_MD_CTX *soft_ctx;
- size_t switch_threshold;
+ uint32_t state;
+ uint32_t switch_threshold;
int switch_flag;
+ bool copy;
};
static int digest_nids[] = {
@@ -150,7 +156,7 @@ static const EVP_MD *uadk_e_digests_soft_md(uint32_t e_nid)
return digest_md;
}
-static int sec_digest_get_sw_threshold(int n_id)
+static uint32_t sec_digest_get_sw_threshold(int n_id)
{
int threshold_table_size = ARRAY_SIZE(digest_pkt_threshold_table);
int i = 0;
@@ -464,6 +470,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
priv->soft_ctx = EVP_MD_CTX_new();
priv->e_nid = nid;
+ priv->state = SEC_DIGEST_INIT;
ret = uadk_e_init_digest();
if (!ret) {
priv->switch_flag = UADK_DO_SOFT;
@@ -504,7 +511,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
return 0;
priv->data = malloc(DIGEST_BLOCK_SIZE);
- if (priv->data == NULL) {
+ if (!priv->data) {
wd_digest_free_sess(priv->sess);
return 0;
}
@@ -540,9 +547,16 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
left_len -= copy_to_bufflen;
tmpdata += copy_to_bufflen;
+ if (priv->state == SEC_DIGEST_INIT)
+ priv->state = SEC_DIGEST_FIRST_UPDATING;
+ else if (priv->state == SEC_DIGEST_FIRST_UPDATING)
+ priv->state = SEC_DIGEST_DOING;
+
ret = wd_do_digest_sync(priv->sess, &priv->req);
- if (ret)
- return 0;
+ if (ret) {
+ fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n");
+ goto do_soft_digest;
+ }
priv->last_update_bufflen = 0;
memset(priv->data, 0, DIGEST_BLOCK_SIZE);
@@ -551,10 +565,26 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
memcpy(priv->data, tmpdata, priv->last_update_bufflen);
break;
}
+ }
+
+ return 1;
+do_soft_digest:
+ if (priv->state == SEC_DIGEST_FIRST_UPDATING
+ && priv->data
+ && priv->last_update_bufflen != 0) {
+ priv->switch_flag = UADK_DO_SOFT;
+ digest_soft_init(priv->soft_ctx, priv->e_nid);
+ ret = digest_soft_update(priv->soft_ctx, priv->e_nid,
+ priv->data, priv->last_update_bufflen);
+ if (ret != 1)
+ return ret;
+ return digest_soft_update(priv->soft_ctx, priv->e_nid,
+ tmpdata, left_len);
}
- return 1;
+ fprintf(stderr, "do soft digest failed during updating!\n");
+ return 0;
}
static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_len)
@@ -681,11 +711,17 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
goto clear;
}
memcpy(digest, priv->req.out, priv->req.out_bytes);
+ priv->last_update_bufflen = 0;
return 1;
sync_err:
- ret = uadk_e_digest_soft_work(priv, priv->tail, digest);
+ if (priv->state == SEC_DIGEST_INIT) {
+ ret = uadk_e_digest_soft_work(priv, priv->req.in_bytes, digest);
+ } else {
+ ret = 0;
+ fprintf(stderr, "do sec digest stream mode failed.\n");
+ }
clear:
async_clear_async_event_notification();
return ret;
--
2.24.4

114
0015-ecc-bugfix-about-sm2-decryption.patch
View File

@ -1,114 +0,0 @@
From 32c58bf68e7f33d0170b3cc9040a11395a68df72 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 8 Jan 2022 07:24:22 +0000
Subject: [PATCH 15/18] ecc: bugfix about sm2 decryption
When doing sm2_decrypt_check(), if the out param is NULL,
it is supposed to use sm2_plaintext_size() function to
get the output plain text length, rather than use
sm2_ciphertext_size().
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_sm2.c | 29 ++++++++++++++++++++++-------
1 file changed, 22 insertions(+), 7 deletions(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index f602e48..b39c418 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -524,7 +524,7 @@ static int cipher_ber_to_bin(unsigned char *ber, size_t ber_len,
len = BN_num_bytes(ctext_struct->C1x);
len1 = BN_num_bytes(ctext_struct->C1y);
c1->x.data = malloc(len + len1 + ctext_struct->C2->length +
- ctext_struct->C3->length);
+ ctext_struct->C3->length);
if (!c1->x.data) {
ret = -ENOMEM;
goto free_ctext;
@@ -547,7 +547,6 @@ free_ctext:
static size_t ec_field_size(const EC_GROUP *group)
{
- /* Is there some simpler way to do this? */
BIGNUM *p = BN_new();
BIGNUM *a = BN_new();
BIGNUM *b = BN_new();
@@ -559,7 +558,7 @@ static size_t ec_field_size(const EC_GROUP *group)
if (!EC_GROUP_get_curve(group, p, a, b, NULL))
goto done;
- /* Pad and convert bits to bytes*/
+ /* Pad and convert bits to bytes */
field_size = (BN_num_bits(p) + 7) / 8;
done:
@@ -570,6 +569,22 @@ done:
return field_size;
}
+static int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size)
+{
+ struct sm2_ciphertext *sm2_ctext;
+
+ sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size);
+ if (!sm2_ctext) {
+ fprintf(stderr, "invalid sm2 encoding\n");
+ return 0;
+ }
+
+ *pt_size = sm2_ctext->C2->length;
+ SM2_Ciphertext_free(sm2_ctext);
+
+ return 1;
+}
+
static int sm2_ciphertext_size(const EC_KEY *key,
const EVP_MD *digest, size_t msg_len,
size_t *ct_size)
@@ -589,6 +604,7 @@ static int sm2_ciphertext_size(const EC_KEY *key,
+ ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING)
+ ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING);
*ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE);
+
return 1;
}
@@ -792,7 +808,7 @@ static int sm2_verify(EVP_PKEY_CTX *ctx,
}
ret = uadk_ecc_crypto(smctx->sess, &req, smctx);
- if (ret != 1) {
+ if (!ret) {
ret = UADK_DO_SOFT;
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
goto uninit_iot;
@@ -941,8 +957,6 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx,
const unsigned char *in, size_t inlen)
{
struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx);
- EVP_PKEY *p_key = EVP_PKEY_CTX_get0_pkey(ctx);
- EC_KEY *ec = EVP_PKEY_get0(p_key);
const EVP_MD *md;
int hash_size;
@@ -959,7 +973,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx,
}
if (!out) {
- if (!sm2_ciphertext_size(ec, md, inlen, outlen))
+ if (!sm2_plaintext_size(in, inlen, outlen))
return -1;
else
return 1;
@@ -1039,6 +1053,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
}
md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
+
ret = cipher_ber_to_bin((void *)in, inlen, &c1, &c2, &c3);
if (ret)
goto do_soft;
--
2.24.4

103
0016-dh-bugfix-about-dh-compute-key.patch
View File

@ -1,103 +0,0 @@
From ff486764bbab601177acad102febb1497262a88c Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 8 Jan 2022 08:42:55 +0000
Subject: [PATCH 16/18] dh: bugfix about dh compute key
This patch includes:
1. Add an UADK_DO_SOFT tag when dh_do_crypto() failed.
2. Do some tiny cleanup.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_dh.c | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 9c2bfbf..989c9ec 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -741,13 +741,12 @@ static int dh_soft_set_pkey(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
return UADK_E_SUCCESS;
}
-/* Main Phase1: Generate public key */
static int uadk_e_dh_generate_key(DH *dh)
{
struct uadk_dh_sess *dh_sess = NULL;
- int bits = DH_bits(dh);
- BIGNUM *pub_key = NULL;
BIGNUM *priv_key = NULL;
+ BIGNUM *pub_key = NULL;
+ int bits = DH_bits(dh);
const BIGNUM *p = NULL;
const BIGNUM *g = NULL;
const BIGNUM *q = NULL;
@@ -771,7 +770,6 @@ static int uadk_e_dh_generate_key(DH *dh)
goto exe_soft;
}
- /* Fill request data */
ret = dh_fill_genkey_req(g, p, priv_key, dh_sess);
if (!ret) {
fprintf(stderr, "failed to fill req\n");
@@ -786,7 +784,6 @@ static int uadk_e_dh_generate_key(DH *dh)
goto free_sess;
}
- /* Get the generated public key from uadk(->hardware) */
ret = dh_get_pubkey(dh_sess, &pub_key);
if (!ret) {
fprintf(stderr, "failed to get public key\n");
@@ -794,7 +791,6 @@ static int uadk_e_dh_generate_key(DH *dh)
goto free_sess;
}
- /* Set the public key and private key */
ret = dh_soft_set_pkey(dh, pub_key, priv_key);
free_sess:
@@ -806,16 +802,15 @@ exe_soft:
return uadk_e_dh_soft_generate_key(dh);
}
-/* Main Phase2: Compute shared key */
static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
DH *dh)
{
struct uadk_dh_sess *dh_sess = NULL;
+ BIGNUM *priv_key = NULL;
int bits = DH_bits(dh);
const BIGNUM *p = NULL;
const BIGNUM *g = NULL;
const BIGNUM *q = NULL;
- BIGNUM *priv_key = NULL;
int ret;
if (!dh || !key || !pub_key || !DH_get0_priv_key(dh))
@@ -845,6 +840,7 @@ static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
ret = dh_do_crypto(dh_sess);
if (!ret) {
fprintf(stderr, "failed to generate DH shared key\n");
+ ret = UADK_DO_SOFT;
goto free_sess;
}
@@ -894,7 +890,6 @@ static void uadk_e_delete_dh_meth(void)
uadk_dh_method = NULL;
}
-
int uadk_e_bind_dh(ENGINE *e)
{
pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE);
@@ -905,7 +900,6 @@ int uadk_e_bind_dh(ENGINE *e)
void uadk_e_destroy_dh(void)
{
pthread_spin_destroy(&g_dh_res.lock);
-
uadk_e_delete_dh_meth();
uadk_e_wd_dh_uninit();
}
--
2.24.4

28
0017-ecc-bugfix-about-ecc-general-init.patch
View File

@ -1,28 +0,0 @@
From 3ff18ada641a8ad6c54a6054b4b8323b0b4389a2 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 8 Jan 2022 09:03:00 +0000
Subject: [PATCH 17/18] ecc: bugfix about ecc general init
When calloc failed, it should return with error code directly.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_pkey.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 7ca998b..14e0b8f 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -189,7 +189,7 @@ static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
ctx_cfg = calloc(1, sizeof(struct wd_ctx_config));
if (!ctx_cfg)
- ret = -ENOMEM;
+ return -ENOMEM;
ecc_res.ctx_res = ctx_cfg;
ctx_cfg->ctx_num = CTX_NUM;
--
2.24.4

113
0018-digest-fix-codecheck-warning.patch
View File

@ -1,113 +0,0 @@
From e26726746340428c58ea1ce2460c0fb669bb7545 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Fri, 7 Jan 2022 09:56:54 +0800
Subject: [PATCH 18/18] digest: fix codecheck warning
fix a more than 50 lines function uadk_e_digest_init.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 57 ++++++++++++++++++++++++++---------------------
1 file changed, 31 insertions(+), 26 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index bf738af..5b843a0 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -95,6 +95,13 @@ struct digest_priv_ctx {
bool copy;
};
+struct digest_info {
+ int nid;
+ enum wd_digest_mode mode;
+ enum wd_digest_type alg;
+ __u32 out_len;
+};
+
static int digest_nids[] = {
NID_md5,
NID_sm3,
@@ -116,6 +123,16 @@ static struct digest_threshold_table digest_pkt_threshold_table[] = {
{ NID_sha512, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
};
+static struct digest_info digest_info_table[] = {
+ {NID_md5, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16},
+ {NID_sm3, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32},
+ {NID_sha1, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20},
+ {NID_sha224, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28},
+ {NID_sha256, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32},
+ {NID_sha384, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48},
+ {NID_sha512, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64},
+};
+
static EVP_MD *uadk_md5;
static EVP_MD *uadk_sm3;
static EVP_MD *uadk_sha1;
@@ -451,8 +468,8 @@ static void digest_priv_ctx_setup(struct digest_priv_ctx *priv,
enum wd_digest_type alg, enum wd_digest_mode mode,
__u32 out_len)
{
- priv->setup.mode = alg;
- priv->setup.alg = mode;
+ priv->setup.alg = alg;
+ priv->setup.mode = mode;
priv->req.out_buf_bytes = out_len;
priv->req.out_bytes = out_len;
}
@@ -461,9 +478,10 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
{
struct digest_priv_ctx *priv =
(struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx);
+ int digest_counts = ARRAY_SIZE(digest_info_table);
int nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
struct sched_params params = {0};
- int ret;
+ int ret, i;
/* Allocate a soft ctx for hardware engine */
if (priv->soft_ctx == NULL)
@@ -478,29 +496,16 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
goto soft_init;
}
- switch (nid) {
- case NID_md5:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16);
- break;
- case NID_sm3:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32);
- break;
- case NID_sha1:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20);
- break;
- case NID_sha224:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28);
- break;
- case NID_sha256:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32);
- break;
- case NID_sha384:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48);
- break;
- case NID_sha512:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64);
- break;
- default:
+ for (i = 0; i < digest_counts; i++) {
+ if (nid == digest_info_table[i].nid) {
+ digest_priv_ctx_setup(priv, digest_info_table[i].alg,
+ digest_info_table[i].mode, digest_info_table[i].out_len);
+ break;
+ }
+ }
+
+ if (i == digest_counts) {
+ fprintf(stderr, "failed to setup the private ctx.\n");
return 0;
}
--
2.24.4

27
0019-cipher-fixup-a-code-check-warning.patch
View File

@ -1,27 +0,0 @@
From e82ec8d48be21d107635e5f1a4874fb8999a27c4 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Wed, 19 Jan 2022 09:41:25 +0800
Subject: [PATCH 19/22] cipher: fixup a code check warning
Do not put two or more continuous blank lines inside function.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 2b8bb9c..3d376bf 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -890,7 +890,6 @@ static int uadk_e_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
struct async_op op;
int ret;
-
priv->req.src = (unsigned char *)in;
priv->req.in_bytes = inlen;
priv->req.dst = out;
--
2.24.4

27
0020-rsa-fixup-a-code-check-warning.patch
View File

@ -1,27 +0,0 @@
From d45c783eb7a7e1e38d5520239c218e7c927b1c00 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Fri, 21 Jan 2022 17:01:15 +0800
Subject: [PATCH 20/22] rsa: fixup a code check warning
Do not add blank lines on the start of a code block defined by braces.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_rsa.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 2526af9..8cad2f7 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1781,7 +1781,6 @@ exe_soft:
static RSA_METHOD *uadk_e_get_rsa_sw_methods(void)
{
-
/* meth: default rsa software method */
const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
--
2.24.4

32
0021-cipher-delete-a-redundant-branch.patch
View File

@ -1,32 +0,0 @@
From 7a757c76d11b80282abc22e614f7126909027ecc Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 25 Jan 2022 14:21:48 +0800
Subject: [PATCH 21/22] cipher: delete a redundant branch
Find a redundant branch by DT-FUZZ, these codes have the same
logic as the following default code.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 3d376bf..6e09a8c 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -373,11 +373,6 @@ static int uadk_e_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
break;
}
- if (i == size) {
- *cipher = NULL;
- return 0;
- }
-
switch (nid) {
case NID_aes_128_cbc:
*cipher = uadk_aes_128_cbc;
--
2.24.4

65
0022-engine-fix-engine-can-t-work-under-hybrid-mode.patch
View File

@ -1,65 +0,0 @@
From 02dbe7743190f334609a86b61bc46ea6e91e82b4 Mon Sep 17 00:00:00 2001
From: Wenkai Lin <linwenkai6@hisilicon.com>
Date: Wed, 16 Feb 2022 16:11:06 +0800
Subject: [PATCH 22/22] engine: fix engine can't work under hybrid mode
If hpre works in no-sva mode, and sec works in sva mode,
it will init hpre device first and return straightly, this
casuse sec not initialized correctly. So uadk engine should
init for both sva and no-sva device.
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
---
src/e_uadk.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 4e87c86..2714d5b 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -319,10 +319,15 @@ static void bind_fn_uadk_alg(ENGINE *e)
free(dev);
}
- if (!uadk_e_bind_ecc(e))
- fprintf(stderr, "uadk bind ecc failed\n");
- else
- uadk_ecc = 1;
+ /* find an ecc device, no difference for sm2/ecdsa/ecdh/x25519/x448 */
+ dev = wd_get_accel_dev("ecdsa");
+ if (dev) {
+ if (!uadk_e_bind_ecc(e))
+ fprintf(stderr, "uadk bind ecc failed\n");
+ else
+ uadk_ecc = 1;
+ free(dev);
+ }
}
/*
@@ -349,17 +354,15 @@ static int bind_fn(ENGINE *e, const char *id)
uadk_dh_nosva) {
async_module_init_v1();
pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler_v1);
- goto set_ctrl_cmd;
}
#endif
- async_module_init();
- pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler);
-
bind_fn_uadk_alg(e);
-#ifdef KAE
-set_ctrl_cmd:
-#endif
+ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) {
+ async_module_init();
+ pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler);
+ }
+
ret = ENGINE_set_ctrl_function(e, uadk_engine_ctrl);
if (ret != 1) {
fprintf(stderr, "failed to set ctrl function\n");
--
2.24.4

62
0023-engine-add-the-kae-log-feature.patch
View File

@ -1,62 +0,0 @@
From 351422390bf42e19a802d0e282f7f85342a1f792 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 22 Feb 2022 11:18:46 +0800
Subject: [PATCH 23/23] engine: add the kae log feature
The original version of the kae engine supports the log system. So
need to be enabled the kae log feature at uadk_engine.
example:
insmod hisi_sec2.ko uacce_mode=2
export KAE_CONF_ENV=/var/log/
cd /var/log/
touch kae.cnf
write:
[LogSection]
debug_level=error
the debug_level can be set to none/error/iofo/warning/debug,
the result is stored in /var/log/kae.log
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/e_uadk.c | 2 ++
src/v1/uadk_v1.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 2714d5b..79ecef8 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -205,6 +205,7 @@ static int uadk_destroy(ENGINE *e)
hpre_destroy();
if (uadk_dh_nosva)
hpre_dh_destroy();
+ kae_debug_close_log();
#endif
if (uadk_cipher)
@@ -348,6 +349,7 @@ static int bind_fn(ENGINE *e, const char *id)
}
#ifdef KAE
+ kae_debug_init_log();
bind_fn_kae_alg(e);
if (uadk_cipher_nosva || uadk_digest_nosva || uadk_rsa_nosva ||
diff --git a/src/v1/uadk_v1.h b/src/v1/uadk_v1.h
index d921706..9ca0a94 100644
--- a/src/v1/uadk_v1.h
+++ b/src/v1/uadk_v1.h
@@ -16,6 +16,7 @@
#define UADK_V1_H
#include "async/async_poll.h"
#include "utils/engine_fork.h"
+#include "utils/engine_log.h"
extern void sec_ciphers_free_ciphers(void);
extern int cipher_module_init(void);
--
2.24.4

32
0024-rsa-fix-interface-name.patch
View File

@ -1,32 +0,0 @@
From 63c9bc75f229057657ff8b09c556bf416a493607 Mon Sep 17 00:00:00 2001
From: Junchong Pan <panjunchong@hisilicon.com>
Date: Wed, 2 Mar 2022 08:30:50 +0000
Subject: [PATCH 24/31] rsa: fix interface name
The name of the function wd_rsa_key_bits()
has been changed to wd_rsa_get_key_bits()
in uadk driver, so it needs to be modified
in engine synchronously.
Signed-off-by: Junchong Pan <panjunchong@hisilicon.com>
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 8cad2f7..90cc535 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -986,7 +986,7 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
struct wd_dtb wd_dq;
struct wd_dtb wd_dp;
- key_bits = wd_rsa_key_bits(ctx);
+ key_bits = wd_rsa_get_key_bits(ctx);
key_size = key_bits >> BIT_BYTES_SHIFT;
wd_rsa_get_kg_out_params(out, &wd_d, &wd_n);
wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp);
--
2.24.4

28
0025-ecc-cleanup-sm2-unreachable-code.patch
View File

@ -1,28 +0,0 @@
From dcceb7e8f77306dda7dea31798ea8ab952fbe8ea Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Thu, 3 Mar 2022 02:00:46 +0000
Subject: [PATCH 25/31] ecc: cleanup sm2 unreachable code
The variable "b_s" should be judged, rather than "b_r".
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_sm2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index b39c418..8c75611 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -422,7 +422,7 @@ static int sig_ber_to_bin(EC_KEY *ec, unsigned char *sig, size_t sig_len,
}
b_s = (void *)ECDSA_SIG_get0_s((const ECDSA_SIG *)e_sig);
- if (!b_r) {
+ if (!b_s) {
fprintf(stderr, "failed to get s\n");
ret = -EINVAL;
goto free_der;
--
2.24.4

68
0026-rsa-cleanup-of-code-style.patch
View File

@ -1,68 +0,0 @@
From 4bcecc067ed99f2323f1568779c34b858b5863a1 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Thu, 3 Mar 2022 02:32:44 +0000
Subject: [PATCH 26/31] rsa: cleanup of code style
Fix the following problems:
1. Macro replacement list should be enclosed in parentheses.
2. Return value judgment should follow the function call.
3. Remove redundant judgment.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 90cc535..f7755e3 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -49,7 +49,7 @@
#define UADK_DO_SOFT (-0xE0)
#define UADK_E_POLL_SUCCESS 0
#define UADK_E_INIT_SUCCESS 0
-#define CHECK_PADDING_FAIL -1
+#define CHECK_PADDING_FAIL (-1)
#define ENV_ENABLED 1
static RSA_METHOD *rsa_hw_meth;
@@ -312,7 +312,6 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
return UADK_E_SUCCESS;
err = ERR_peek_last_error();
-
if (ERR_GET_LIB(err) == ERR_LIB_BN &&
ERR_GET_REASON(err) == BN_R_NO_INVERSE)
ERR_pop_to_mark();
@@ -500,18 +499,13 @@ static int add_rsa_pubenc_padding(int flen, const unsigned char *from,
fprintf(stderr, "RSA_PKCS1_PADDING err\n");
break;
case RSA_PKCS1_OAEP_PADDING:
- ret = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen,
- NULL, 0);
+ ret = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
if (!ret)
fprintf(stderr, "RSA_PKCS1_OAEP_PADDING err\n");
break;
default:
ret = UADK_E_FAIL;
}
- if (ret <= 0)
- ret = UADK_E_FAIL;
- else
- ret = UADK_E_SUCCESS;
return ret;
}
@@ -530,7 +524,7 @@ static int check_rsa_pridec_padding(unsigned char *to, int num,
break;
case RSA_PKCS1_OAEP_PADDING:
ret = RSA_padding_check_PKCS1_OAEP(to, num, buf, len, num,
- NULL, 0);
+ NULL, 0);
if (!ret)
fprintf(stderr, "RSA_PKCS1_OAEP_PADDING err\n");
break;
--
2.24.4

62
0027-v1-fixup-about-uninitialized-variable.patch
View File

@ -1,62 +0,0 @@
From fe44bced638c7d3d3084f4e788478b2faa35ffa4 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Thu, 3 Mar 2022 02:53:01 +0000
Subject: [PATCH 27/31] v1: fixup about uninitialized variable
Fix the compile warning of uninitialized variable.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/v1/alg/pkey/hpre_rsa.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/v1/alg/pkey/hpre_rsa.c b/src/v1/alg/pkey/hpre_rsa.c
index 93ba99a..6c1d96d 100644
--- a/src/v1/alg/pkey/hpre_rsa.c
+++ b/src/v1/alg/pkey/hpre_rsa.c
@@ -316,7 +316,9 @@ static int hpre_rsa_public_encrypt(int flen, const unsigned char *from,
BIGNUM *ret_bn = NULL;
hpre_engine_ctx_t *eng_ctx = NULL;
unsigned char *in_buf = NULL;
- int key_bits, num_bytes;
+ BN_CTX *bn_ctx = NULL;
+ int num_bytes = 0;
+ int key_bits;
int ret;
if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC)
@@ -340,7 +342,7 @@ static int hpre_rsa_public_encrypt(int flen, const unsigned char *from,
GOTOEND_IF(ret != HPRE_CRYPTO_SUCC, "check public key fail",
KAE_F_HPRE_RSA_PUBENC, KAE_R_PUBLIC_KEY_INVALID);
- BN_CTX *bn_ctx = BN_CTX_new();
+ bn_ctx = BN_CTX_new();
GOTOEND_IF(bn_ctx == NULL, "bn_ctx MALLOC FAILED!",
KAE_F_HPRE_RSA_PUBENC, KAE_R_MALLOC_FAILURE);
@@ -403,7 +405,9 @@ static int hpre_rsa_private_encrypt(int flen, const unsigned char *from,
const BIGNUM *dmq1 = (const BIGNUM *)NULL;
const BIGNUM *iqmp = (const BIGNUM *)NULL;
unsigned char *in_buf = (unsigned char *)NULL;
+ int num_bytes = 0;
int key_bits;
+ int version;
if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC)
return HPRE_CRYPTO_FAIL;
@@ -431,10 +435,10 @@ static int hpre_rsa_private_encrypt(int flen, const unsigned char *from,
bn_ret = BN_CTX_get(bn_ctx);
RSA_get0_factors(rsa, &p, &q);
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
- int version = RSA_get_version(rsa);
+ version = RSA_get_version(rsa);
RSA_get0_key(rsa, &n, &e, &d);
- int num_bytes = BN_num_bytes(n);
+ num_bytes = BN_num_bytes(n);
in_buf = (unsigned char *)OPENSSL_malloc(num_bytes);
GOTOEND_IF(bn_ret == NULL || in_buf == NULL, "OpenSSL malloc failure",
--
2.24.4

42
0028-ecc-fix-checking-conditions.patch
View File

@ -1,42 +0,0 @@
From 8ce0ba841358d85eb89bf726d229dfaf4cd13156 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Thu, 3 Mar 2022 02:59:13 +0000
Subject: [PATCH 28/31] ecc: fix checking conditions
When initializing, the process is guaranteed
not to be initialized repeatedly. And when
uninitializing, the resource is released according
to whether the pid is equal or not.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_pkey.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 14e0b8f..ceb7a8f 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -184,9 +184,6 @@ static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
struct wd_ctx_config *ctx_cfg;
int ret, i;
- if (ecc_res.ctx_res)
- return 0;
-
ctx_cfg = calloc(1, sizeof(struct wd_ctx_config));
if (!ctx_cfg)
return -ENOMEM;
@@ -256,7 +253,7 @@ static void uadk_wd_ecc_uninit(void)
struct wd_ctx_config *ctx_cfg = ecc_res.ctx_res;
int i, ret;
- if (!ctx_cfg)
+ if (ecc_res.pid != getpid())
return;
ret = uadk_e_is_env_enabled("ecc");
--
2.24.4

55
0029-ecc-cleanup-print-log.patch
View File

@ -1,55 +0,0 @@
From a19b11343facb6ff073cb01bf3583c8bf6cbb009 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Thu, 3 Mar 2022 03:08:45 +0000
Subject: [PATCH 29/31] ecc: cleanup print log
print with '\n'
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_pkey.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index ceb7a8f..216ccc3 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -572,7 +572,7 @@ static int get_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
case EVP_PKEY_SM2:
ret = uadk_sm2_create_pmeth(&pkey_meth);
if (!ret) {
- fprintf(stderr, "failed to register sm2 pmeth");
+ fprintf(stderr, "failed to register sm2 pmeth.\n");
return 0;
}
*pmeth = pkey_meth.sm2;
@@ -580,7 +580,7 @@ static int get_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
case EVP_PKEY_EC:
ret = uadk_ec_create_pmeth(&pkey_meth);
if (!ret) {
- fprintf(stderr, "failed to register ec pmeth");
+ fprintf(stderr, "failed to register ec pmeth.\n");
return 0;
}
*pmeth = pkey_meth.ec;
@@ -588,7 +588,7 @@ static int get_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
case EVP_PKEY_X448:
ret = uadk_x448_create_pmeth(&pkey_meth);
if (!ret) {
- fprintf(stderr, "failed to register x448 pmeth");
+ fprintf(stderr, "failed to register x448 pmeth.\n");
return 0;
}
*pmeth = pkey_meth.x448;
@@ -596,7 +596,7 @@ static int get_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
case EVP_PKEY_X25519:
ret = uadk_x25519_create_pmeth(&pkey_meth);
if (!ret) {
- fprintf(stderr, "failed to register x25519 pmeth");
+ fprintf(stderr, "failed to register x25519 pmeth.\n");
return 0;
}
*pmeth = pkey_meth.x25519;
--
2.24.4

218
0030-engine-fix-function-return-type.patch
View File

@ -1,218 +0,0 @@
From 26360660c516fe54b48502a3ca9eb1bbf47146d5 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Thu, 3 Mar 2022 03:11:24 +0000
Subject: [PATCH 30/31] engine: fix function return type
The async_register_poll_fn() is an internal
function, and the probability of parameter
error is low. If the parameter is wrong,
a log will be printed, there is no need to
return an error code. And 'MAX_ALG_SIZE' is
chenged to 'ASYNC_TASK_MAX'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_async.c | 13 ++++++-------
src/uadk_async.h | 5 +++--
src/uadk_cipher.c | 9 ++++++---
src/uadk_dh.c | 8 ++++++--
src/uadk_digest.c | 9 ++++++---
src/uadk_pkey.c | 8 ++++++--
src/uadk_rsa.c | 8 ++++++--
7 files changed, 39 insertions(+), 21 deletions(-)
diff --git a/src/uadk_async.c b/src/uadk_async.c
index 5320ae6..c98153b 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -22,11 +22,9 @@
#include "uadk.h"
#include "uadk_async.h"
-#define MAX_ALG_SIZE 6
-
static struct async_poll_queue poll_queue;
-static async_recv_t async_recv_func[MAX_ALG_SIZE];
+static async_recv_t async_recv_func[ASYNC_TASK_MAX];
static void async_fd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
OSSL_ASYNC_FD readfd, void *custom)
@@ -292,13 +290,14 @@ int async_wake_job(ASYNC_JOB *job)
return ret;
}
-int async_register_poll_fn(int type, async_recv_t func)
+void async_register_poll_fn(int type, async_recv_t func)
{
- if (type < 0 || type >= MAX_ALG_SIZE)
- return -1;
+ if (type < 0 || type >= ASYNC_TASK_MAX) {
+ fprintf(stderr, "alg type is error, type= %d.\n", type);
+ return;
+ }
async_recv_func[type] = func;
- return 0;
}
static void *async_poll_process_func(void *args)
diff --git a/src/uadk_async.h b/src/uadk_async.h
index cbb4b62..9836dbb 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -42,7 +42,8 @@ enum task_type {
ASYNC_TASK_DIGEST,
ASYNC_TASK_RSA,
ASYNC_TASK_DH,
- ASYNC_TASK_ECC
+ ASYNC_TASK_ECC,
+ ASYNC_TASK_MAX
};
struct async_poll_task {
@@ -66,7 +67,7 @@ struct async_poll_queue {
extern int async_setup_async_event_notification(struct async_op *op);
extern int async_clear_async_event_notification(void);
extern int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
-extern int async_register_poll_fn(int type, async_recv_t func);
+extern void async_register_poll_fn(int type, async_recv_t func);
extern void async_module_init(void);
extern int async_wake_job(ASYNC_JOB *job);
extern void async_free_poll_task(int id, bool is_cb);
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 6e09a8c..8f8af7e 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -550,8 +550,9 @@ static int uadk_e_wd_cipher_env_init(struct uacce_dev *dev)
if (ret)
return ret;
- return async_register_poll_fn(ASYNC_TASK_CIPHER,
- uadk_e_cipher_env_poll);
+ async_register_poll_fn(ASYNC_TASK_CIPHER, uadk_e_cipher_env_poll);
+
+ return 0;
}
static int uadk_e_wd_cipher_init(struct uacce_dev *dev)
@@ -596,7 +597,9 @@ static int uadk_e_wd_cipher_init(struct uacce_dev *dev)
if (ret)
goto err_freectx;
- return async_register_poll_fn(ASYNC_TASK_CIPHER, uadk_e_cipher_poll);
+ async_register_poll_fn(ASYNC_TASK_CIPHER, uadk_e_cipher_poll);
+
+ return 0;
err_freectx:
for (j = 0; j < i; j++)
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 989c9ec..40fb583 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -296,7 +296,9 @@ static int uadk_e_wd_dh_env_init(struct uacce_dev *dev)
if (ret)
return ret;
- return async_register_poll_fn(ASYNC_TASK_DH, uadk_e_dh_env_poll);
+ async_register_poll_fn(ASYNC_TASK_DH, uadk_e_dh_env_poll);
+
+ return 0;
}
static int uadk_e_wd_dh_init(struct dh_res_config *config, struct uacce_dev *dev)
@@ -335,7 +337,9 @@ static int uadk_e_wd_dh_init(struct dh_res_config *config, struct uacce_dev *dev
if (ret)
goto free_ctx;
- return async_register_poll_fn(ASYNC_TASK_DH, uadk_e_dh_poll);
+ async_register_poll_fn(ASYNC_TASK_DH, uadk_e_dh_poll);
+
+ return 0;
free_ctx:
for (i = 0; i < CTX_NUM; i++) {
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 5b843a0..ad24168 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -374,8 +374,9 @@ static int uadk_e_wd_digest_env_init(struct uacce_dev *dev)
if (ret)
return ret;
- return async_register_poll_fn(ASYNC_TASK_DIGEST,
- uadk_e_digest_env_poll);
+ async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_env_poll);
+
+ return 0;
}
static int uadk_e_wd_digest_init(struct uacce_dev *dev)
@@ -415,7 +416,9 @@ static int uadk_e_wd_digest_init(struct uacce_dev *dev)
if (ret)
goto err_freectx;
- return async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_poll);
+ async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_poll);
+
+ return 0;
err_freectx:
for (j = 0; j < i; j++)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 216ccc3..f27e2f5 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -175,7 +175,9 @@ static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev)
if (ret)
return ret;
- return async_register_poll_fn(ASYNC_TASK_ECC, uadk_e_ecc_env_poll);
+ async_register_poll_fn(ASYNC_TASK_ECC, uadk_e_ecc_env_poll);
+
+ return 0;
}
static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
@@ -209,7 +211,9 @@ static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
if (ret)
goto free_ctx;
- return async_register_poll_fn(ASYNC_TASK_ECC, uadk_ecc_poll);
+ async_register_poll_fn(ASYNC_TASK_ECC, uadk_ecc_poll);
+
+ return 0;
free_ctx:
for (i = 0; i < CTX_NUM; i++) {
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index f7755e3..c5d4dbb 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -713,7 +713,9 @@ static int uadk_e_wd_rsa_env_init(struct uacce_dev *dev)
if (ret)
return ret;
- return async_register_poll_fn(ASYNC_TASK_RSA, uadk_e_rsa_env_poll);
+ async_register_poll_fn(ASYNC_TASK_RSA, uadk_e_rsa_env_poll);
+
+ return 0;
}
static int uadk_e_wd_rsa_init(struct rsa_res_config *config,
@@ -753,7 +755,9 @@ static int uadk_e_wd_rsa_init(struct rsa_res_config *config,
if (ret)
goto free_ctx;
- return async_register_poll_fn(ASYNC_TASK_RSA, uadk_e_rsa_poll);
+ async_register_poll_fn(ASYNC_TASK_RSA, uadk_e_rsa_poll);
+
+ return 0;
free_ctx:
for (i = 0; i < CTX_NUM; i++) {
--
2.24.4

30
0031-rsa-fixup-about-the-wrong-copy.patch
View File

@ -1,30 +0,0 @@
From 2c99863001cbb39838d983d76171ac131930c310 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Thu, 3 Mar 2022 03:25:03 +0000
Subject: [PATCH 31/31] rsa: fixup about the wrong copy
The pointer of 'req.src' is NULL, and the
direct memcpy operation will fail. Therefore,
delete the memcpy and assign a value directly later.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index c5d4dbb..1488b98 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -902,7 +902,6 @@ static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param,
if (!rsa_sess->is_pubkey_ready) {
wd_rsa_get_pubkey(rsa_sess->sess, &pubkey);
wd_rsa_get_pubkey_params(pubkey, &wd_e, &wd_n);
- memcpy(rsa_sess->req.src, in_buf, rsa_sess->req.src_bytes);
wd_e->dsize = BN_bn2bin(pubkey_param->e,
(unsigned char *)wd_e->data);
wd_n->dsize = BN_bn2bin(pubkey_param->n,
--
2.24.4

164
0032-README-modify-the-engine-id-name.patch
View File

@ -1,164 +0,0 @@
From a476a9881ed143f16eb579f3a34446ea24cb20f8 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Fri, 4 Mar 2022 14:44:07 +0800
Subject: [PATCH 32/32] README: modify the engine id name
The new engine id name is 'uadk_engine'. So need to update
the README.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
README | 98 +++++++++++++++++++++++++++++-----------------------------
1 file changed, 49 insertions(+), 49 deletions(-)
diff --git a/README b/README
index e02de8f..562a859 100644
--- a/README
+++ b/README
@@ -67,60 +67,60 @@ Testing
```
1. Cipher
```
-openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl speed -engine uadk -async_jobs 1 -evp aes-128-cbc
-openssl speed -engine uadk -async_jobs 1 -evp sm4-cbc
-openssl speed -engine uadk -async_jobs 1 -evp des-ede3-cbc
+openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl speed -engine uadk_engine -async_jobs 1 -evp aes-128-cbc
+openssl speed -engine uadk_engine -async_jobs 1 -evp sm4-cbc
+openssl speed -engine uadk_engine -async_jobs 1 -evp des-ede3-cbc
```
2. RSA
```
-openssl genrsa -out prikey.pem -engine uadk 2048
-openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk
-openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk
-openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk
-openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk
-openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk
-openssl speed -elapsed -engine uadk rsa2048
-openssl speed -elapsed -engine uadk -async_jobs 10 rsa2048
+openssl genrsa -out prikey.pem -engine uadk_engine 2048
+openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk_engine
+openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk_engine
+openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk_engine
+openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk_engine
+openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk_engine
+openssl speed -elapsed -engine uadk_engine rsa2048
+openssl speed -elapsed -engine uadk_engine -async_jobs 10 rsa2048
```
3. SM3
```
-openssl sm3 -engine uadk data
+openssl sm3 -engine uadk_engine data
```
4. MD5
```
-openssl speed -engine uadk -async_jobs 1 -evp md5
+openssl speed -engine uadk_engine -async_jobs 1 -evp md5
```
5. SHA
```
-openssl sha1 -engine uadk data
-openssl sha256 -engine uadk data
-openssl sha512 -engine uadk data
+openssl sha1 -engine uadk_engine data
+openssl sha256 -engine uadk_engine data
+openssl sha512 -engine uadk_engine data
```
6. DH
@@ -142,9 +142,9 @@ openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine uadk
[step 4] After exchanging public key, each user can derive the shared secret:
```
openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out
-secret1.bin -engine uadk
+secret1.bin -engine uadk_engine
openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out
-secret2.bin -engine uadk
+secret2.bin -engine uadk_engine
```
[step 5] Check secret1.bin and secret2.bin:
```
@@ -156,15 +156,15 @@ secret1.bin and secret2.bin should be the same.
7. SM2
```
-openssl speed -elapsed -engine uadk sm2
-openssl speed -elapsed -engine uadk -async_jobs 1 sm2
+openssl speed -elapsed -engine uadk_engine sm2
+openssl speed -elapsed -engine uadk_engine -async_jobs 1 sm2
openssl ecparam -genkey -name SM2 -out SM2PrivateKey.pem
openssl ec -in SM2PrivateKey.pem -pubout -out SM2PublicKey.pem
```
8. ECDSA
```
-openssl speed -elapsed -engine uadk ecdsap256
-openssl speed -elapsed -engine uadk -async_jobs 1 ecdsap256
+openssl speed -elapsed -engine uadk_engine ecdsap256
+openssl speed -elapsed -engine uadk_engine -async_jobs 1 ecdsap256
```
Environment variable of uadk engine
@@ -184,7 +184,7 @@ openssl_cnf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
-uadk = uadk_section
+uadk_engine = uadk_section
[uadk_section]
UADK_CMD_ENABLE_RSA_ENV = 1
UADK_CMD_ENABLE_DH_ENV = 1
--
2.24.4

226
0033-digest-improve-the-digest-performance.patch
View File

@ -1,226 +0,0 @@
From 3cbf3c85645d7ec43aa149c1bcf346a556bbf30a Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 8 Mar 2022 15:44:00 +0800
Subject: [PATCH 33/36] digest: improve the digest performance
1. The memset function found to be a hotspot function by perf. so should
remove the memset in io path. it can improve three times
performance.
2. add some branch predictor function to improve a little performance.
3. use the uadk_memory_cpy can improve 5% performance.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/Makefile.am | 4 +--
src/uadk.h | 1 +
src/uadk_digest.c | 17 ++++++-------
src/uadk_utils.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++
src/uadk_utils.h | 24 ++++++++++++++++++
5 files changed, 98 insertions(+), 11 deletions(-)
create mode 100644 src/uadk_utils.c
create mode 100644 src/uadk_utils.h
diff --git a/src/Makefile.am b/src/Makefile.am
index 636f559..75595aa 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -7,8 +7,8 @@ UADK_ENGINE_VERSION = -version-number ${MAJOR}:${MINOR}:${REVISION}
lib_LTLIBRARIES=uadk_engine.la
-uadk_engine_la_SOURCES=e_uadk.c uadk_cipher.c uadk_digest.c uadk_async.c uadk_rsa.c \
- uadk_sm2.c uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c
+uadk_engine_la_SOURCES=uadk_utils.c e_uadk.c uadk_cipher.c uadk_digest.c uadk_async.c \
+ uadk_rsa.c uadk_sm2.c uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c
uadk_engine_la_LIBADD=-ldl -lwd -lwd_crypto -lpthread
uadk_engine_la_LDFLAGS=-module $(UADK_ENGINE_VERSION)
diff --git a/src/uadk.h b/src/uadk.h
index 0f9b0be..384e035 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -19,6 +19,7 @@
#include <openssl/engine.h>
#include <uadk/wd.h>
#include <uadk/wd_sched.h>
+#include "uadk_utils.h"
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
#define ENV_STRING_LEN 256
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index ad24168..355917d 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -493,7 +493,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
priv->state = SEC_DIGEST_INIT;
ret = uadk_e_init_digest();
- if (!ret) {
+ if (unlikely(!ret)) {
priv->switch_flag = UADK_DO_SOFT;
fprintf(stderr, "uadk failed to initialize digest.\n");
goto soft_init;
@@ -507,7 +507,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
}
}
- if (i == digest_counts) {
+ if (unlikely(i == digest_counts)) {
fprintf(stderr, "failed to setup the private ctx.\n");
return 0;
}
@@ -519,11 +519,10 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
return 0;
priv->data = malloc(DIGEST_BLOCK_SIZE);
- if (!priv->data) {
+ if (unlikely(!priv->data)) {
wd_digest_free_sess(priv->sess);
return 0;
}
- memset(priv->data, 0, DIGEST_BLOCK_SIZE);
priv->switch_threshold = sec_digest_get_sw_threshold(nid);
@@ -546,7 +545,8 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) {
copy_to_bufflen = DIGEST_BLOCK_SIZE - priv->last_update_bufflen;
- memcpy(priv->data + priv->last_update_bufflen, tmpdata, copy_to_bufflen);
+ uadk_memcpy(priv->data + priv->last_update_bufflen, tmpdata,
+ copy_to_bufflen);
priv->last_update_bufflen = DIGEST_BLOCK_SIZE;
priv->req.in_bytes = DIGEST_BLOCK_SIZE;
@@ -567,10 +567,9 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
}
priv->last_update_bufflen = 0;
- memset(priv->data, 0, DIGEST_BLOCK_SIZE);
if (left_len <= DIGEST_BLOCK_SIZE) {
priv->last_update_bufflen = left_len;
- memcpy(priv->data, tmpdata, priv->last_update_bufflen);
+ uadk_memcpy(priv->data, tmpdata, priv->last_update_bufflen);
break;
}
}
@@ -604,7 +603,7 @@ static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_l
goto soft_update;
if (priv->last_update_bufflen + data_len <= DIGEST_BLOCK_SIZE) {
- memcpy(priv->data + priv->last_update_bufflen, data, data_len);
+ uadk_memcpy(priv->data + priv->last_update_bufflen, data, data_len);
priv->last_update_bufflen += data_len;
return 1;
}
@@ -697,7 +696,7 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
ret = async_setup_async_event_notification(&op);
- if (!ret) {
+ if (unlikely(!ret)) {
fprintf(stderr, "failed to setup async event notification.\n");
return 0;
}
diff --git a/src/uadk_utils.c b/src/uadk_utils.c
new file mode 100644
index 0000000..2b34b3a
--- /dev/null
+++ b/src/uadk_utils.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+#include "uadk_utils.h"
+
+#define UADK_MEM_IMPROVE_THRESHOLD 1024
+
+static void *memcpy_large(void *dstpp, const void *srcpp, size_t len)
+{
+ __asm__ __volatile__(
+ "add x4, %[src], %[count]\n\t"
+ "add x5, %[res], %[count]\n\t"
+ "ldr q0, [%[src]]\n\t"
+ "str q0, [%[res]]\n\t"
+ "sub %[count], %[count], 80\n\t"
+ "and x14, %[src], 15\n\t"
+ "bic %[src], %[src], 15\n\t"
+ "sub x3, %[res], x14\n\t"
+ "add %[count], %[count], x14\n\t"
+
+ "1:\n\t"
+ "ldp q0, q1, [%[src], 16]\n\t"
+ "stp q0, q1, [x3, 16]\n\t"
+ "ldp q0, q1, [%[src], 48]\n\t"
+ "stp q0, q1, [x3, 48]\n\t"
+ "add %[src], %[src], 64\n\t"
+ "add x3, x3, 64\n\t"
+ "subs %[count], %[count], 64\n\t"
+ "b.hi 1b\n\t"
+
+ "ldp q0, q1, [x4, -64]\n\t"
+ "stp q0, q1, [x5, -64]\n\t"
+ "ldp q0, q1, [x4, -32]\n\t"
+ "stp q0, q1, [x5, -32]\n\t"
+
+ : [res] "+r"(dstpp)
+ : [src] "r"(srcpp), [count] "r"(len)
+ : "x3", "x4", "x5", "x14", "q0", "q1"
+ );
+
+ return dstpp;
+}
+
+void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len)
+{
+ if (len >= UADK_MEM_IMPROVE_THRESHOLD)
+ return memcpy_large(dstpp, srcpp, len);
+ else
+ return memcpy(dstpp, srcpp, len);
+}
diff --git a/src/uadk_utils.h b/src/uadk_utils.h
new file mode 100644
index 0000000..a16536b
--- /dev/null
+++ b/src/uadk_utils.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+#ifndef UADK_UTILS
+#define UADK_UTILS
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len);
+#endif
--
2.24.4

90
0034-cipher-support-the-sm4-ecb-alg.patch
View File

@ -1,90 +0,0 @@
From 2dc0aa3a544afd4861656f4e876e287aa3ead9b9 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 8 Mar 2022 16:15:32 +0800
Subject: [PATCH 34/36] cipher: support the sm4-ecb alg
the uadk sdk layer has supported the sm4-ecb alg. Kunpeng 920
supports the sm4-ecb by new chip fs.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 15 ++++++++-------
src/v1/alg/ciphers/sec_ciphers.c | 1 +
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 8f8af7e..e4595be 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -87,6 +87,7 @@ static int cipher_920_nids[] = {
NID_sm4_cbc,
NID_des_ede3_cbc,
NID_des_ede3_ecb,
+ NID_sm4_ecb,
0,
};
@@ -103,7 +104,6 @@ static int cipher_930_nids[] = {
NID_aes_128_xts,
NID_aes_256_xts,
NID_sm4_cbc,
- NID_sm4_ecb,
NID_des_ede3_cbc,
NID_des_ede3_ecb,
NID_aes_128_cfb128,
@@ -984,6 +984,11 @@ static int bind_v2_cipher(void)
sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
uadk_e_do_cipher, uadk_e_cipher_cleanup,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
+ UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 16, EVP_CIPH_ECB_MODE,
+ sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+ uadk_e_do_cipher, uadk_e_cipher_cleanup,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
+
return 0;
}
@@ -1037,10 +1042,6 @@ static int bind_v3_cipher(void)
sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
uadk_e_do_cipher, uadk_e_cipher_cleanup,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
- UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 16, EVP_CIPH_ECB_MODE,
- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
- uadk_e_do_cipher, uadk_e_cipher_cleanup,
- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
return 0;
}
@@ -1088,6 +1089,8 @@ static void destroy_v2_cipher(void)
uadk_des_ede3_cbc = 0;
EVP_CIPHER_meth_free(uadk_des_ede3_ecb);
uadk_des_ede3_ecb = 0;
+ EVP_CIPHER_meth_free(uadk_sm4_ecb);
+ uadk_sm4_ecb = 0;
}
static void destroy_v3_cipher(void)
@@ -1116,8 +1119,6 @@ static void destroy_v3_cipher(void)
uadk_sm4_ofb128 = 0;
EVP_CIPHER_meth_free(uadk_sm4_ctr);
uadk_sm4_ctr = 0;
- EVP_CIPHER_meth_free(uadk_sm4_ecb);
- uadk_sm4_ecb = 0;
}
void uadk_e_destroy_cipher(void)
diff --git a/src/v1/alg/ciphers/sec_ciphers.c b/src/v1/alg/ciphers/sec_ciphers.c
index 2c619be..b4743ed 100644
--- a/src/v1/alg/ciphers/sec_ciphers.c
+++ b/src/v1/alg/ciphers/sec_ciphers.c
@@ -85,6 +85,7 @@ static int g_known_cipher_nids[CIPHERS_COUNT] = {
NID_sm4_ctr,
NID_sm4_cbc,
NID_sm4_ofb128,
+ NID_sm4_ecb,
};
#define SEC_CIPHERS_RETURN_FAIL_IF(cond, mesg, ret) \
--
2.24.4

42
0035-cipher-fix-segmentation-fault-for-uadk_e_ctx_init.patch
View File

@ -1,42 +0,0 @@
From 1ff08b383a59150a193870b3150d5265a03864ed Mon Sep 17 00:00:00 2001
From: Wenkai Lin <linwenkai6@hisilicon.com>
Date: Thu, 10 Mar 2022 20:03:20 +0800
Subject: [PATCH 35/36] cipher: fix segmentation fault for uadk_e_ctx_init
if uadk_e_init_cipher failed, there is no need to
alloc cipher session, and alloc session will meet
a segmentation fault because sched_init is not
set by wd_cipher_init.
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
---
src/uadk_cipher.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index e4595be..d6dd8e8 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -846,15 +846,16 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
struct sched_params params = {0};
int ret;
+ priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx);
+ priv->req.iv = priv->iv;
+
ret = uadk_e_init_cipher();
if (unlikely(!ret)) {
priv->switch_flag = UADK_DO_SOFT;
fprintf(stderr, "uadk failed to init cipher HW!\n");
+ return;
}
- priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx);
- priv->req.iv = priv->iv;
-
/*
* The internal RR scheduler used by environment variables,
* the cipher algorithm does not distinguish between
--
2.24.4

28
0036-cipher-sm4-ecb-algorithm-is-deleted-by-mistake.patch
View File

@ -1,28 +0,0 @@
From cf720869f7637e41ff1094d8bc640180fca55f75 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 15 Mar 2022 17:07:59 +0800
Subject: [PATCH 36/36] cipher: sm4-ecb algorithm is deleted by mistake
Because sm4-ecb alg is deleted by mistake. So this alg
not be found in hardware V3.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index d6dd8e8..5ebad64 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -104,6 +104,7 @@ static int cipher_930_nids[] = {
NID_aes_128_xts,
NID_aes_256_xts,
NID_sm4_cbc,
+ NID_sm4_ecb,
NID_des_ede3_cbc,
NID_des_ede3_ecb,
NID_aes_128_cfb128,
--
2.24.4

694
0037-rsa-bugfix-about-redundant-and-inefficient-operation.patch
View File

@ -1,694 +0,0 @@
From 50692e4bc425c5709a468946cb56ad483be90f7c Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Fri, 18 Mar 2022 23:25:47 +0800
Subject: [PATCH 37/37] rsa: bugfix about redundant and inefficient operations
Includes:
1. Remove redundant judgment conditions.
2. Remove redundant function parameters.
3. Remove the redundant operation in soft RSA keygen method.
4. Use more efficient BN memory allocation method, and add
judgment of the results.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 331 ++++++++++++++++++++++---------------------------
1 file changed, 148 insertions(+), 183 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 1488b98..821cb78 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -143,7 +143,7 @@ enum {
static int rsa_check_bit_useful(const int bits, int flen)
{
- if (!flen && flen > bits)
+ if (flen > bits)
return SOFT;
if (bits < RSA_MIN_MODULUS_BITS)
@@ -411,8 +411,8 @@ static int get_rsa_prime_param(struct rsa_prime_param *param, BN_CTX *ctx)
return UADK_E_SUCCESS;
end:
- fprintf(stderr, "failed to malloc params\n");
- return UADK_E_FAIL;
+ fprintf(stderr, "failed to allocate rsa prime params\n");
+ return -ENOMEM;
}
static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
@@ -433,13 +433,11 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
BN_CTX_start(ctx);
param = OPENSSL_zalloc(sizeof(struct rsa_prime_param));
- if (!param) {
- fprintf(stderr, "failed to malloc rsa prime param\n");
+ if (!param)
goto free_ctx;
- }
ret = get_rsa_prime_param(param, ctx);
- if (!ret)
+ if (ret != UADK_E_SUCCESS)
goto free_param;
/* Divide bits into 'primes' pieces evenly */
@@ -624,9 +622,10 @@ static int rsa_get_sign_res(int padding, BIGNUM *to_bn, const BIGNUM *n,
return UADK_E_SUCCESS;
}
-static int rsa_get_verify_res(int padding, BIGNUM *to_bn, const BIGNUM *n,
- BIGNUM *ret_bn)
+static int rsa_get_verify_res(int padding, const BIGNUM *n, BIGNUM *ret_bn)
{
+ BIGNUM *to_bn = NULL;
+
if ((padding == RSA_X931_PADDING) && ((bn_get_words(ret_bn)[0] & 0xf)
!= 0x0c)) {
if (!BN_sub(to_bn, n, ret_bn))
@@ -840,6 +839,7 @@ static struct uadk_rsa_sess *rsa_new_eng_session(RSA *rsa)
rsa_sess = OPENSSL_malloc(sizeof(struct uadk_rsa_sess));
if (!rsa_sess)
return NULL;
+
memset(rsa_sess, 0, sizeof(struct uadk_rsa_sess));
rsa_sess->alg = rsa;
rsa_sess->is_prikey_ready = UN_SET;
@@ -971,23 +971,44 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
struct rsa_keygen_param_bn *bn_param)
{
struct wd_rsa_kg_out *out = (struct wd_rsa_kg_out *)req->dst;
+ struct wd_dtb wd_d, wd_n, wd_qinv, wd_dq, wd_dp;
+ BIGNUM *dmp1, *dmq1, *iqmp, *n, *d;
unsigned int key_bits, key_size;
- BIGNUM *dmp1 = BN_new();
- BIGNUM *dmq1 = BN_new();
- BIGNUM *iqmp = BN_new();
- BIGNUM *n = BN_new();
- BIGNUM *d = BN_new();
- struct wd_dtb wd_d;
- struct wd_dtb wd_n;
- struct wd_dtb wd_qinv;
- struct wd_dtb wd_dq;
- struct wd_dtb wd_dp;
+ BN_CTX *bn_ctx;
key_bits = wd_rsa_get_key_bits(ctx);
+ if (!key_bits)
+ return UADK_E_FAIL;
+
key_size = key_bits >> BIT_BYTES_SHIFT;
wd_rsa_get_kg_out_params(out, &wd_d, &wd_n);
wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp);
+ bn_ctx = BN_CTX_new();
+ if (!bn_ctx)
+ return UADK_E_FAIL;
+
+ BN_CTX_start(bn_ctx);
+ dmp1 = BN_CTX_get(bn_ctx);
+ if (!dmp1)
+ goto free_bn_ctx;
+
+ dmq1 = BN_CTX_get(bn_ctx);
+ if (!dmq1)
+ goto free_bn_ctx;
+
+ iqmp = BN_CTX_get(bn_ctx);
+ if (!iqmp)
+ goto free_bn_ctx;
+
+ n = BN_CTX_get(bn_ctx);
+ if (!n)
+ goto free_bn_ctx;
+
+ d = BN_CTX_get(bn_ctx);
+ if (!d)
+ goto free_bn_ctx;
+
BN_bin2bn((unsigned char *)wd_d.data, key_size, d);
BN_bin2bn((unsigned char *)wd_n.data, key_size, n);
BN_bin2bn((unsigned char *)wd_qinv.data, wd_qinv.dsize, iqmp);
@@ -997,16 +1018,13 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
if (!(RSA_set0_key(rsa, n, bn_param->e, d) &&
RSA_set0_factors(rsa, bn_param->p, bn_param->q) &&
RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)))
- goto bn_free;
+ goto free_bn_ctx;
return UADK_E_SUCCESS;
-bn_free:
- BN_clear_free(dmp1);
- BN_clear_free(dmq1);
- BN_clear_free(iqmp);
- BN_clear_free(n);
- BN_clear_free(d);
+free_bn_ctx:
+ BN_CTX_end(bn_ctx);
+ BN_CTX_free(bn_ctx);
return UADK_E_FAIL;
}
@@ -1093,20 +1111,11 @@ err:
static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
{
- const RSA_METHOD *default_meth = RSA_PKCS1_OpenSSL();
int ret;
- if (!default_meth) {
- fprintf(stderr, "failed to get soft method.\n");
- return UADK_E_FAIL;
- }
-
UNUSED(cb);
- RSA_set_method(rsa, default_meth);
ret = RSA_generate_key_ex(rsa, bits, e, NULL);
- RSA_set_method(rsa, rsa_hw_meth);
-
return ret;
}
@@ -1131,7 +1140,7 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess,
return UADK_E_FAIL;
wd_rsa_get_crt_prikey_params(key_pair->prikey, NULL, NULL, NULL,
- &keygen_param->wd_q, &keygen_param->wd_p);
+ &keygen_param->wd_q, &keygen_param->wd_p);
if (!keygen_param->wd_q || !keygen_param->wd_p)
return UADK_E_FAIL;
@@ -1170,9 +1179,11 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
struct rsa_keygen_param_bn **keygen_bn_param,
struct rsa_keypair **key_pair)
{
+ BN_CTX *bn_ctx;
+
*keygen_param = OPENSSL_malloc(sizeof(struct rsa_keygen_param));
if (!(*keygen_param))
- return -ENOMEM;
+ goto err;
*keygen_bn_param = (struct rsa_keygen_param_bn *)
OPENSSL_malloc(sizeof(struct rsa_keygen_param_bn));
@@ -1183,16 +1194,35 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
if (!(*key_pair))
goto free_keygen_bn_param;
- (*keygen_bn_param)->e = BN_new();
- (*keygen_bn_param)->p = BN_new();
- (*keygen_bn_param)->q = BN_new();
+ bn_ctx = BN_CTX_new();
+ if (!bn_ctx)
+ goto free_key_pair;
+
+ BN_CTX_start(bn_ctx);
+ (*keygen_bn_param)->e = BN_CTX_get(bn_ctx);
+ if (!(*keygen_bn_param)->e)
+ goto free_bn_ctx;
+
+ (*keygen_bn_param)->p = BN_CTX_get(bn_ctx);
+ if (!(*keygen_bn_param)->p)
+ goto free_bn_ctx;
+
+ (*keygen_bn_param)->q = BN_CTX_get(bn_ctx);
+ if (!(*keygen_bn_param)->q)
+ goto free_bn_ctx;
return UADK_E_SUCCESS;
+free_bn_ctx:
+ BN_CTX_end(bn_ctx);
+ BN_CTX_free(bn_ctx);
+free_key_pair:
+ OPENSSL_free(*key_pair);
free_keygen_bn_param:
OPENSSL_free(*keygen_bn_param);
free_keygen_param:
OPENSSL_free(*keygen_param);
+err:
return -ENOMEM;
}
@@ -1236,81 +1266,56 @@ static void rsa_pkey_param_free(struct rsa_pubkey_param **pub,
}
static int rsa_create_pub_bn_ctx(RSA *rsa, struct rsa_pubkey_param *pub,
- BN_CTX **bn_ctx, unsigned char **from_buf)
+ unsigned char **from_buf, int *num_bytes)
{
- BIGNUM *ret_bn;
- int num_bytes;
-
RSA_get0_key(rsa, &pub->n, &pub->e, NULL);
-
- *bn_ctx = BN_CTX_new();
- if (!(*bn_ctx))
+ if (!(pub->n) || !(pub->e))
return UADK_E_FAIL;
- BN_CTX_start(*bn_ctx);
- ret_bn = BN_CTX_get(*bn_ctx);
- if (!ret_bn)
- goto err;
-
- num_bytes = BN_num_bytes(pub->n);
- if (!num_bytes)
- goto err;
+ *num_bytes = BN_num_bytes(pub->n);
+ if (!(*num_bytes))
+ return UADK_E_FAIL;
- *from_buf = OPENSSL_malloc(num_bytes);
+ *from_buf = OPENSSL_malloc(*num_bytes);
if (!(*from_buf))
- goto err;
+ return -ENOMEM;
return UADK_E_SUCCESS;
-
-err:
- BN_CTX_free(*bn_ctx);
- return UADK_E_FAIL;
}
-static void rsa_free_pub_bn_ctx(BN_CTX **bn_ctx, unsigned char **from_buf)
+static void rsa_free_pub_bn_ctx(unsigned char **from_buf)
{
- BN_CTX_free(*bn_ctx);
-
OPENSSL_free(*from_buf);
}
static int rsa_create_pri_bn_ctx(RSA *rsa, struct rsa_prikey_param *pri,
- BN_CTX **bn_ctx, unsigned char **from_buf)
+ unsigned char **from_buf, int *num_bytes)
{
- BIGNUM *ret_bn;
- int num_bytes;
-
RSA_get0_key(rsa, &pri->n, &pri->e, &pri->d);
- RSA_get0_factors(rsa, &pri->p, &pri->q);
- RSA_get0_crt_params(rsa, &pri->dmp1, &pri->dmq1, &pri->iqmp);
+ if (!(pri->n) || !(pri->e) || !(pri->d))
+ return UADK_E_FAIL;
- *bn_ctx = BN_CTX_new();
- if (!(*bn_ctx))
+ RSA_get0_factors(rsa, &pri->p, &pri->q);
+ if (!(pri->p) || !(pri->q))
return UADK_E_FAIL;
- BN_CTX_start(*bn_ctx);
- ret_bn = BN_CTX_get(*bn_ctx);
- if (!ret_bn)
- goto err;
+ RSA_get0_crt_params(rsa, &pri->dmp1, &pri->dmq1, &pri->iqmp);
+ if (!(pri->dmp1) || !(pri->dmq1) || !(pri->iqmp))
+ return UADK_E_FAIL;
- num_bytes = BN_num_bytes(pri->n);
- if (!num_bytes)
- goto err;
+ *num_bytes = BN_num_bytes(pri->n);
+ if (!(*num_bytes))
+ return UADK_E_FAIL;
- *from_buf = OPENSSL_malloc(num_bytes);
+ *from_buf = OPENSSL_malloc(*num_bytes);
if (!(*from_buf))
- goto err;
+ return -ENOMEM;
return UADK_E_SUCCESS;
-err:
- BN_CTX_free(*bn_ctx);
- return UADK_E_FAIL;
}
-static void rsa_free_pri_bn_ctx(BN_CTX **bn_ctx, unsigned char **from_buf)
+static void rsa_free_pri_bn_ctx(unsigned char **from_buf)
{
- BN_CTX_free(*bn_ctx);
-
OPENSSL_free(*from_buf);
}
@@ -1318,14 +1323,13 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
{
struct rsa_keygen_param *keygen_param = NULL;
struct rsa_keygen_param_bn *bn_param = NULL;
+ struct uadk_rsa_sess *rsa_sess = NULL;
struct rsa_keypair *key_pair = NULL;
- struct uadk_rsa_sess *rsa_sess;
int is_crt = 1;
- int key_size;
int ret;
- key_size = rsa_check_bit_useful(bits, 0);
- if (!key_size || key_size == SOFT)
+ ret = rsa_check_bit_useful(bits, 0);
+ if (!ret || ret == SOFT)
goto exe_soft;
ret = uadk_e_rsa_init();
@@ -1388,14 +1392,11 @@ exe_soft:
static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
+ struct uadk_rsa_sess *rsa_sess = NULL;
struct rsa_pubkey_param *pub = NULL;
- struct uadk_rsa_sess *rsa_sess;
unsigned char *from_buf = NULL;
+ int num_bytes, is_crt, ret;
BIGNUM *ret_bn = NULL;
- BN_CTX *bn_ctx = NULL;
- int num_bytes;
- int is_crt;
- int ret;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret || ret == SOFT)
@@ -1417,18 +1418,12 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
goto free_pkey;
}
- ret = rsa_create_pub_bn_ctx(rsa, pub, &bn_ctx, &from_buf);
- if (!ret) {
+ ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes);
+ if (ret <= 0 || flen > num_bytes) {
ret = UADK_DO_SOFT;
goto free_sess;
}
- num_bytes = BN_num_bytes(pub->n);
- if (flen > num_bytes) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
ret = add_rsa_pubenc_padding(flen, from, from_buf, num_bytes, padding);
if (!ret) {
ret = UADK_DO_SOFT;
@@ -1448,7 +1443,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
}
ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
- rsa_sess->req.dst_bytes, ret_bn);
+ rsa_sess->req.dst_bytes, NULL);
if (!ret_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
@@ -1457,11 +1452,13 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
ret = BN_bn2binpad(ret_bn, to, num_bytes);
if (ret == -1) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
+free_bn:
+ BN_free(ret_bn);
free_buf:
- rsa_free_pub_bn_ctx(&bn_ctx, &from_buf);
+ rsa_free_pub_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
free_pkey:
@@ -1480,11 +1477,8 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
struct rsa_prikey_param *pri = NULL;
unsigned char *from_buf = NULL;
struct uadk_rsa_sess *rsa_sess;
+ int num_bytes, len, ret;
BIGNUM *ret_bn = NULL;
- BN_CTX *bn_ctx = NULL;
- int num_bytes;
- int ret;
- int len;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret || ret == SOFT)
@@ -1506,18 +1500,12 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
goto free_pkey;
}
- ret = rsa_create_pri_bn_ctx(rsa, pri, &bn_ctx, &from_buf);
- if (!ret) {
+ ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes);
+ if (ret <= 0 || flen > num_bytes) {
ret = UADK_DO_SOFT;
goto free_sess;
}
- num_bytes = BN_num_bytes(pri->n);
- if (flen > num_bytes) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
ret = rsa_fill_prikey(rsa, rsa_sess, pri, from_buf, to);
if (!ret) {
ret = UADK_DO_SOFT;
@@ -1533,7 +1521,7 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
}
ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
- rsa_sess->req.dst_bytes, ret_bn);
+ rsa_sess->req.dst_bytes, NULL);
if (!ret_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
@@ -1542,17 +1530,19 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
len = BN_bn2binpad(ret_bn, from_buf, num_bytes);
if (!len) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
ret = check_rsa_pridec_padding(to, num_bytes, from_buf, len, padding);
if (!ret) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
+free_bn:
+ BN_free(ret_bn);
free_buf:
- rsa_free_pri_bn_ctx(&bn_ctx, &from_buf);
+ rsa_free_pri_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
free_pkey:
@@ -1568,14 +1558,13 @@ exe_soft:
static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
+ struct uadk_rsa_sess *rsa_sess = NULL;
struct rsa_prikey_param *pri = NULL;
- struct uadk_rsa_sess *rsa_sess;
unsigned char *from_buf = NULL;
- BIGNUM *to_bn, *ret_bn;
- BN_CTX *bn_ctx = NULL;
+ BIGNUM *ret_bn = NULL;
+ BIGNUM *to_bn = NULL;
BIGNUM *res = NULL;
- int num_bytes;
- int ret;
+ int num_bytes, ret;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret || ret == SOFT)
@@ -1597,36 +1586,18 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
goto free_pkey;
}
- ret = rsa_create_pri_bn_ctx(rsa, pri, &bn_ctx, &from_buf);
- if (!ret) {
+ ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes);
+ if (ret <= 0 || flen > num_bytes) {
ret = UADK_DO_SOFT;
goto free_sess;
}
- to_bn = BN_CTX_get(bn_ctx);
- if (!to_bn) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
- num_bytes = BN_num_bytes(pri->n);
- if (flen > num_bytes) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
ret = add_rsa_prienc_padding(flen, from, from_buf, num_bytes, padding);
if (!ret) {
ret = UADK_DO_SOFT;
goto free_buf;
}
- ret_bn = BN_bin2bn(from_buf, num_bytes, to_bn);
- if (!ret_bn) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
ret = rsa_fill_prikey(rsa, rsa_sess, pri, from_buf, to);
if (!ret) {
ret = UADK_DO_SOFT;
@@ -1639,24 +1610,33 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = NULL;
ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
- rsa_sess->req.dst_bytes, ret_bn);
+ rsa_sess->req.dst_bytes, NULL);
if (!ret_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
+ to_bn = BN_bin2bn(from_buf, num_bytes, NULL);
+ if (!to_bn) {
+ ret = UADK_DO_SOFT;
+ goto free_ret_bn;
+ }
+
ret = rsa_get_sign_res(padding, to_bn, pri->n, ret_bn, &res);
if (!ret) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_to_bn;
}
ret = BN_bn2binpad(res, to, num_bytes);
+free_to_bn:
+ BN_free(to_bn);
+free_ret_bn:
+ BN_free(ret_bn);
free_buf:
- rsa_free_pri_bn_ctx(&bn_ctx, &from_buf);
+ rsa_free_pri_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
free_pkey:
@@ -1672,15 +1652,11 @@ exe_soft:
static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
- struct uadk_rsa_sess *rsa_sess;
+ struct uadk_rsa_sess *rsa_sess = NULL;
+ struct rsa_pubkey_param *pub = NULL;
+ int num_bytes, is_crt, len, ret;
unsigned char *from_buf = NULL;
- struct rsa_pubkey_param *pub;
- BIGNUM *ret_bn, *to_bn;
- BN_CTX *bn_ctx = NULL;
- int num_bytes;
- int is_crt;
- int ret;
- int len;
+ BIGNUM *ret_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret)
@@ -1704,25 +1680,12 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
goto free_pkey;
}
- ret = rsa_create_pub_bn_ctx(rsa, pub, &bn_ctx, &from_buf);
- if (!ret) {
+ ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes);
+ if (ret <= 0 || flen > num_bytes) {
ret = UADK_DO_SOFT;
goto free_sess;
}
- to_bn = BN_CTX_get(bn_ctx);
- if (!to_bn) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
- num_bytes = BN_num_bytes(pub->n);
- ret_bn = BN_bin2bn(from_buf, num_bytes, to_bn);
- if (!ret_bn) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
ret = rsa_fill_pubkey(pub, rsa_sess, from_buf, to);
if (!ret) {
ret = UADK_DO_SOFT;
@@ -1736,34 +1699,35 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = NULL;
ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
- rsa_sess->req.dst_bytes, ret_bn);
+ rsa_sess->req.dst_bytes, NULL);
if (!ret_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
- ret = rsa_get_verify_res(padding, to_bn, pub->n, ret_bn);
+ ret = rsa_get_verify_res(padding, pub->n, ret_bn);
if (!ret) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
len = BN_bn2binpad(ret_bn, from_buf, num_bytes);
if (!len) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
ret = check_rsa_pubdec_padding(to, num_bytes, from_buf, len, padding);
if (!ret) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
+free_bn:
+ BN_free(ret_bn);
free_buf:
- rsa_free_pub_bn_ctx(&bn_ctx, &from_buf);
+ rsa_free_pub_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
free_pkey:
@@ -1786,7 +1750,7 @@ static RSA_METHOD *uadk_e_get_rsa_sw_methods(void)
(void)RSA_meth_set_priv_enc(rsa_sw_meth, RSA_meth_get_priv_enc(meth));
(void)RSA_meth_set_pub_dec(rsa_sw_meth, RSA_meth_get_pub_dec(meth));
(void)RSA_meth_set_priv_dec(rsa_sw_meth, RSA_meth_get_priv_dec(meth));
- (void)RSA_meth_set_keygen(rsa_sw_meth, RSA_meth_get_keygen(meth));
+ (void)RSA_meth_set_keygen(rsa_sw_meth, uadk_e_soft_rsa_keygen);
(void)RSA_meth_set_mod_exp(rsa_sw_meth, RSA_meth_get_mod_exp(meth));
(void)RSA_meth_set_bn_mod_exp(rsa_sw_meth,
RSA_meth_get_bn_mod_exp(meth));
@@ -1798,6 +1762,7 @@ static RSA_METHOD *uadk_e_get_rsa_hw_methods(void)
{
if (rsa_hw_meth)
return rsa_hw_meth;
+
rsa_hw_meth = RSA_meth_new("uadk hardware rsa method", 0);
if (!rsa_hw_meth) {
fprintf(stderr, "failed to allocate rsa hardware method\n");
--
2.24.4

177
0038-uadk-engine-change-Copyright-to-2022.patch
View File

@ -1,177 +0,0 @@
From 1b8b65e31da0c6347575d0d201c8417241e81453 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Mon, 28 Mar 2022 02:31:53 +0000
Subject: [PATCH 38/57] uadk-engine: change Copyright to 2022
Change Copyright to 2022
Add Linaro Copyright as well
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/e_uadk.c | 3 ++-
src/uadk.h | 3 ++-
src/uadk_async.c | 3 ++-
src/uadk_async.h | 3 ++-
src/uadk_cipher.c | 3 ++-
src/uadk_dh.c | 2 +-
src/uadk_digest.c | 3 ++-
src/uadk_ec.c | 2 +-
src/uadk_ecx.c | 2 +-
src/uadk_pkey.c | 2 +-
src/uadk_pkey.h | 2 +-
src/uadk_rsa.c | 2 +-
src/uadk_sm2.c | 2 +-
13 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 79ecef8..4288569 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk.h b/src/uadk.h
index 384e035..ef09274 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_async.c b/src/uadk_async.c
index c98153b..11d624c 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_async.h b/src/uadk_async.h
index 9836dbb..d2a7e16 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 5ebad64..91895cc 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 40fb583..3882306 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 355917d..ecc0ce6 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index db69871..e219bdf 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 67f9350..5d0ff76 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index f27e2f5..d4ec30e 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h
index dfe6fbe..b30c2de 100644
--- a/src/uadk_pkey.h
+++ b/src/uadk_pkey.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 821cb78..a80d203 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 8c75611..a478a94 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
--
2.27.0

197
0039-README-move-test-script-to-sanity_test.sh.patch
View File

@ -1,197 +0,0 @@
From 5dab65ce804d8e7995cef2eecfb375270d55f2ed Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Wed, 30 Mar 2022 07:34:43 +0000
Subject: [PATCH 39/57] README: move test script to sanity_test.sh
Move test script from README to sanity_test.sh
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
README | 103 +-------------------------------------------
test/sanity_test.sh | 39 ++++++++++++++++-
2 files changed, 39 insertions(+), 103 deletions(-)
diff --git a/README b/README
index 562a859..ed49128 100644
--- a/README
+++ b/README
@@ -63,108 +63,7 @@ Build & Install OpenSSL UADK Engine
Testing
-------
```
- sudo test/sanity_test.sh
-```
-1. Cipher
-```
-openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl speed -engine uadk_engine -async_jobs 1 -evp aes-128-cbc
-openssl speed -engine uadk_engine -async_jobs 1 -evp sm4-cbc
-openssl speed -engine uadk_engine -async_jobs 1 -evp des-ede3-cbc
-```
-2. RSA
-```
-openssl genrsa -out prikey.pem -engine uadk_engine 2048
-openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk_engine
-openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk_engine
-openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk_engine
-openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk_engine
-openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk_engine
-openssl speed -elapsed -engine uadk_engine rsa2048
-openssl speed -elapsed -engine uadk_engine -async_jobs 10 rsa2048
-```
-3. SM3
-```
-openssl sm3 -engine uadk_engine data
-```
-4. MD5
-```
-openssl speed -engine uadk_engine -async_jobs 1 -evp md5
-```
-5. SHA
-```
-openssl sha1 -engine uadk_engine data
-openssl sha256 -engine uadk_engine data
-openssl sha512 -engine uadk_engine data
-```
-6. DH
-
-[step 1] Generate global public parameters, and save them in the file
-dhparam.pem:
-```
-openssl dhparam -out dhparam.pem 2048
-```
-[step 2] Generate own private key:
-```
-openssl genpkey -paramfile dhparam.pem -out privatekey1.pem
-openssl genpkey -paramfile dhparam.pem -out privatekey2.pem
-```
-[step 3] Generate public key:
-```
-openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine uadk
-openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine uadk
-```
-[step 4] After exchanging public key, each user can derive the shared secret:
-```
-openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out
-secret1.bin -engine uadk_engine
-openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out
-secret2.bin -engine uadk_engine
-```
-[step 5] Check secret1.bin and secret2.bin:
-```
-cmp secret1.bin secret2.bin
-xxd secret1.bin
-xxd secret2.bin
-```
-secret1.bin and secret2.bin should be the same.
-
-7. SM2
-```
-openssl speed -elapsed -engine uadk_engine sm2
-openssl speed -elapsed -engine uadk_engine -async_jobs 1 sm2
-openssl ecparam -genkey -name SM2 -out SM2PrivateKey.pem
-openssl ec -in SM2PrivateKey.pem -pubout -out SM2PublicKey.pem
-```
-8. ECDSA
-```
-openssl speed -elapsed -engine uadk_engine ecdsap256
-openssl speed -elapsed -engine uadk_engine -async_jobs 1 ecdsap256
+ ./test/sanity_test.sh
```
Environment variable of uadk engine
diff --git a/test/sanity_test.sh b/test/sanity_test.sh
index 4273310..2c0c504 100755
--- a/test/sanity_test.sh
+++ b/test/sanity_test.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-chmod 666 /dev/hisi_*
+sudo chmod 666 /dev/hisi_*
if [ ! -n "$1" ]; then
engine_id=uadk_engine
@@ -24,6 +24,12 @@ if [[ $algs =~ "SM3" ]]; then
openssl speed -engine $engine_id -async_jobs 1 -evp sm3
fi
+if [[ $algs =~ "SM2" ]]; then
+ echo "testing SM2"
+ openssl speed -engine $engine_id -evp sm2
+ openssl speed -engine $engine_id -async_jobs 1 -evp sm2
+fi
+
if [[ $algs =~ "SHA" ]]; then
echo "testing SHA"
openssl speed -engine $engine_id -evp sha1
@@ -58,6 +64,12 @@ if [[ $algs =~ "AES" ]]; then
openssl speed -engine $engine_id -async_jobs 1 -evp aes-128-xts
openssl speed -engine $engine_id -evp aes-256-xts
openssl speed -engine $engine_id -async_jobs 1 -evp aes-256-xts
+ openssl speed -engine $engine_id -evp aes-128-ctr
+ openssl speed -engine $engine_id -async_jobs 1 -evp aes-128-ctr
+ openssl speed -engine $engine_id -evp aes-192-ctr
+ openssl speed -engine $engine_id -async_jobs 1 -evp aes-192-ctr
+ openssl speed -engine $engine_id -evp aes-256-ctr
+ openssl speed -engine $engine_id -async_jobs 1 -evp aes-256-ctr
fi
if [[ $algs =~ "SM4-CBC" ]]; then
@@ -134,3 +146,28 @@ if [[ $algs =~ "id-ecPublicKey" ]]; then
openssl speed -elapsed -engine $engine_id ecdhbrp384r1
openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhbrp384r1
fi
+
+#DH
+if [[ $algs =~ "DH" ]]; then
+ echo "testing DH"
+ #1. Generate global public parameters, and save them in the file dhparam.pem:
+ openssl dhparam -out dhparam.pem 2048
+
+ #2. Generate own private key:
+ openssl genpkey -paramfile dhparam.pem -out privatekey1.pem
+ openssl genpkey -paramfile dhparam.pem -out privatekey2.pem
+
+ #3. Generate public key:
+ openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine $engine_id
+ openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine $engine_id
+
+ #4. After exchanging public key, each user can derive the shared secret:
+ openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out secret1.bin -engine $engine_id
+ openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out secret2.bin -engine $engine_id
+
+ #5. Check secret1.bin and secret2.bin:
+ cmp secret1.bin secret2.bin
+ xxd secret1.bin
+ xxd secret2.bin
+ #secret1.bin and secret2.bin should be same.
+fi
--
2.27.0

38
0040-uadk_engine-fix-string-compare-mode.patch
View File

@ -1,38 +0,0 @@
From 4763c7f374d4ba29a070b06147e2d47504902cf3 Mon Sep 17 00:00:00 2001
From: JunchongPan <panjunchong@hisilicon.com>
Date: Sat, 2 Apr 2022 09:47:08 +0800
Subject: [PATCH 40/57] uadk_engine:fix string compare mode
String compare now use '==' while compare point and string,
changed to strcmp
Signed-off-by: JunchongPan <panjunchong@hisilicon.com>
---
src/e_uadk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 4288569..58a10de 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -116,7 +116,7 @@ int uadk_e_is_env_enabled(const char *alg_name)
int i = 0;
while (i < len) {
- if (uadk_env_enabled[i].alg_name == alg_name)
+ if (strcmp(uadk_env_enabled[i].alg_name, alg_name))
return uadk_env_enabled[i].env_enabled;
i++;
}
@@ -130,7 +130,7 @@ static void uadk_e_set_env_enabled(const char *alg_name, __u8 value)
int i = 0;
while (i < len) {
- if (uadk_env_enabled[i].alg_name == alg_name) {
+ if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) {
uadk_env_enabled[i].env_enabled = value;
return;
}
--
2.27.0

32
0041-cipher-optimize-the-process-of-ctx-initialization.patch
View File

@ -1,32 +0,0 @@
From 17bfd66f31e712ffd9364bfb43c9899e10e84a7d Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Sat, 2 Apr 2022 11:19:16 +0800
Subject: [PATCH 41/57] cipher: optimize the process of ctx initialization
Optimize the process of ctx initialization as switching to soft work.
If the ctx resources of a thread are insufficient at the beginning, the
thread can't apply for resources again. Therefore, an flag checking is
required.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 91895cc..8a2c39d 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -851,6 +851,9 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx);
priv->req.iv = priv->iv;
+ if (priv->switch_flag == UADK_DO_SOFT)
+ return;
+
ret = uadk_e_init_cipher();
if (unlikely(!ret)) {
priv->switch_flag = UADK_DO_SOFT;
--
2.27.0

59
0042-cipher-adding-an-iv-update-to-a-decryption.patch
View File

@ -1,59 +0,0 @@
From 11016568bf6a929aebc216f5e7f5fd28b2e1d2a6 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 12 May 2022 10:31:56 +0800
Subject: [PATCH 42/57] cipher: adding an iv update to a decryption
Adding an iv update to de-crypto method as cbc mode.
the dst address should not be changed. So fix it.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 8a2c39d..49022f7 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -763,10 +763,13 @@ static void uadk_cipher_update_priv_ctx(struct cipher_priv_ctx *priv)
switch (priv->setup.mode) {
case WD_CIPHER_CBC:
- if (priv->req.op_type == WD_CIPHER_ENCRYPTION) {
- priv->req.dst += priv->req.in_bytes;
- memcpy(priv->iv, priv->req.dst - iv_bytes, iv_bytes);
- }
+ if (priv->req.op_type == WD_CIPHER_ENCRYPTION)
+ memcpy(priv->iv, priv->req.dst + priv->req.in_bytes - iv_bytes,
+ iv_bytes);
+ else
+ memcpy(priv->iv, priv->req.src + priv->req.in_bytes - iv_bytes,
+ iv_bytes);
+
break;
case WD_CIPHER_OFB:
for (i = 0; i < IV_LEN; i++) {
@@ -776,13 +779,13 @@ static void uadk_cipher_update_priv_ctx(struct cipher_priv_ctx *priv)
memcpy(priv->iv, K, iv_bytes);
break;
case WD_CIPHER_CFB:
- if (priv->req.op_type == WD_CIPHER_ENCRYPTION) {
- priv->req.dst += priv->req.in_bytes;
- memcpy(priv->iv, priv->req.dst - iv_bytes, iv_bytes);
- } else {
- priv->req.src += priv->req.in_bytes;
- memcpy(priv->iv, priv->req.src - iv_bytes, iv_bytes);
- }
+ if (priv->req.op_type == WD_CIPHER_ENCRYPTION)
+ memcpy(priv->iv, priv->req.dst + priv->req.in_bytes - iv_bytes,
+ iv_bytes);
+ else
+ memcpy(priv->iv, priv->req.src + priv->req.in_bytes - iv_bytes,
+ iv_bytes);
+
break;
case WD_CIPHER_CTR:
ctr_iv_inc(priv->iv, priv->req.in_bytes >> CTR_MODE_LEN_SHIFT);
--
2.27.0

47
0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch
View File

@ -1,47 +0,0 @@
From d6b2f7a4b2486afb3b3a418f32ce9d43783ef8f0 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 12 May 2022 10:31:57 +0800
Subject: [PATCH 43/57] cipher: fix cipher decrypto failed as use jdk
Because the java releases the memory immediately after the
memory is used. So the engine should not use user memory for
storage the key.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 49022f7..7eba992 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -36,6 +36,7 @@
#define BYTE_BITS 8
#define IV_LEN 16
#define ENV_ENABLED 1
+#define MAX_KEY_LEN 64
struct cipher_engine {
struct wd_ctx_config ctx_cfg;
@@ -57,7 +58,7 @@ struct cipher_priv_ctx {
struct wd_cipher_sess_setup setup;
struct wd_cipher_req req;
unsigned char iv[IV_LEN];
- const unsigned char *key;
+ unsigned char key[MAX_KEY_LEN];
int switch_flag;
void *sw_ctx_data;
/* Crypto small packet offload threshold */
@@ -694,7 +695,7 @@ static int uadk_e_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
if (unlikely(ret != 1))
return 0;
- priv->key = key;
+ memcpy(priv->key, key, EVP_CIPHER_CTX_key_length(ctx));
priv->switch_threshold = SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT;
return 1;
--
2.27.0

169
0044-engine-add-receiving-timeout-count.patch
View File

@ -1,169 +0,0 @@
From 4fbef0e061a97e3ead086de7f3f5689e9d53f454 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Mon, 18 Jul 2022 09:41:39 +0800
Subject: [PATCH 44/57] engine: add receiving timeout count
Task fail due to hardware errors, but the process of poll
isn't exit. Increase the count of packet receiving timeout
as doing async jobs. Prevents falling into an infinite loop
in poll ctx.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk.h | 5 +++--
src/uadk_cipher.c | 7 +++++--
src/uadk_dh.c | 7 +++++--
src/uadk_digest.c | 7 +++++--
src/uadk_pkey.c | 7 +++++--
src/uadk_rsa.c | 7 +++++--
6 files changed, 28 insertions(+), 12 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h
index ef09274..e2635d4 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -22,8 +22,9 @@
#include <uadk/wd_sched.h>
#include "uadk_utils.h"
-#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
-#define ENV_STRING_LEN 256
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+#define ENV_STRING_LEN 256
+#define ENGINE_RECV_MAX_CNT 60000000
enum {
KUNPENG920,
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 7eba992..472c0ad 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -504,6 +504,7 @@ static int sched_single_poll_policy(handle_t h_sched_ctx,
static int uadk_e_cipher_poll(void *ctx)
{
struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *) ctx;
+ __u64 rx_cnt = 0;
__u32 recv = 0;
/* Poll one packet currently */
int expt = 1;
@@ -520,9 +521,11 @@ static int uadk_e_cipher_poll(void *ctx)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_cipher_env_poll(void *ctx)
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 3882306..893b0f2 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -204,6 +204,7 @@ static __u32 dh_pick_next_ctx(handle_t sched_ctx,
static int uadk_e_dh_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
int expect = 1;
int idx = 1;
@@ -215,9 +216,11 @@ static int uadk_e_dh_poll(void *ctx)
return UADK_E_POLL_SUCCESS;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static void uadk_e_dh_cb(void *req_t)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index ecc0ce6..2e61e80 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -332,6 +332,7 @@ static int sched_single_poll_policy(handle_t h_sched_ctx,
static int uadk_e_digest_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
int expt = 1;
int ret = 0;
@@ -342,9 +343,11 @@ static int uadk_e_digest_poll(void *ctx)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_digest_env_poll(void *ctx)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index d4ec30e..2616c5e 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -113,6 +113,7 @@ void uadk_ecc_cb(void *req_t)
static int uadk_ecc_poll(void *ctx)
{
unsigned int recv = 0;
+ __u64 rx_cnt = 0;
int expt = 1;
int ret;
@@ -122,9 +123,11 @@ static int uadk_ecc_poll(void *ctx)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
/* make resource configure static */
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index a80d203..29b2521 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -656,6 +656,7 @@ static int rsa_poll_policy(handle_t h_sched_ctx, __u32 expect, __u32 *count)
static int uadk_e_rsa_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
int expt = 1;
int ret;
@@ -666,9 +667,11 @@ static int uadk_e_rsa_poll(void *ctx)
return UADK_E_POLL_SUCCESS;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static struct rsa_res_config rsa_res_config = {
--
2.27.0

49
0045-digest-fix-the-fault-as-using-the-nginx.patch
View File

@ -1,49 +0,0 @@
From 7718ed9e56633bf2781f108a591eefe093ccb18b Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Mon, 18 Jul 2022 14:43:53 +0800
Subject: [PATCH 45/57] digest: fix the fault as using the nginx
Prevent double-free after the private ctx copy is used.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 2e61e80..8127373 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -240,6 +240,10 @@ static void digest_soft_cleanup(struct digest_priv_ctx *md_ctx)
{
EVP_MD_CTX *ctx = md_ctx->soft_ctx;
+ /* Prevent double-free after the copy is used */
+ if (md_ctx->copy)
+ return;
+
if (ctx != NULL) {
if (ctx->md_data) {
OPENSSL_free(ctx->md_data);
@@ -641,7 +645,9 @@ static int do_digest_sync(struct digest_priv_ctx *priv)
{
int ret;
- /* Fix me: not support switch the soft work as input is lower */
+ if (priv->req.in_bytes <= priv->switch_threshold &&
+ priv->state == SEC_DIGEST_INIT)
+ return 0;
ret = wd_do_digest_sync(priv->sess, &priv->req);
if (ret) {
@@ -743,6 +749,7 @@ static int uadk_e_digest_cleanup(EVP_MD_CTX *ctx)
struct digest_priv_ctx *priv =
(struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
+ /* Prevent double-free after the copy is used */
if (!priv || priv->copy)
return 1;
--
2.27.0

121
0046-ecc-cleanup-of-static-code-check.patch
View File

@ -1,121 +0,0 @@
From c8dbfbdd80ea8b8d422a50c634e057dd37ac9aea Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 16:45:03 +0800
Subject: [PATCH 46/57] ecc: cleanup of static code check
1. Use macros instead of specific numbers to represent
the key size.
2. Global variable 'sm2_order' only used in function
'sm2_update_sess' should be declared in function scope.
3. Remove unused structure 'uadk_ecc_sess'.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 22 +++++++++++-----------
src/uadk_pkey.c | 9 ---------
src/uadk_sm2.c | 21 ++++++---------------
3 files changed, 17 insertions(+), 35 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index e219bdf..d78658b 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -129,18 +129,18 @@ err:
static int get_smallest_hw_keybits(int bits)
{
/* ec curve order width */
- if (bits > 384)
- return 521;
- else if (bits > 320)
- return 384;
- else if (bits > 256)
- return 320;
- else if (bits > 192)
- return 256;
- else if (bits > 128)
- return 192;
+ if (bits > ECC384BITS)
+ return ECC521BITS;
+ else if (bits > ECC320BITS)
+ return ECC384BITS;
+ else if (bits > ECC256BITS)
+ return ECC320BITS;
+ else if (bits > ECC192BITS)
+ return ECC256BITS;
+ else if (bits > ECC128BITS)
+ return ECC192BITS;
else
- return 128;
+ return ECC128BITS;
}
static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 2616c5e..a0b74af 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -44,15 +44,6 @@ struct ecc_res_config {
int numa_id;
};
-typedef struct uadk_ecc_sess {
- handle_t sess;
- struct wd_ecc_sess_setup setup;
- struct wd_ecc_req req;
- int is_pubkey_ready;
- int is_privkey_ready;
- int key_size;
-} uadk_ecc_sess_t;
-
/* ecc global hardware resource is saved here */
struct ecc_res {
struct wd_ctx_config *ctx_res;
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index a478a94..fcca9f2 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -46,15 +46,6 @@ struct sm2_ctx {
bool is_init;
};
-typedef struct uadk_ecc_sess {
- handle_t sess;
- struct wd_ecc_sess_setup setup;
- struct wd_ecc_req req;
- int is_pubkey_ready;
- int is_privkey_ready;
- int key_size;
-} uadk_ecc_sess_t;
-
typedef struct sm2_ciphertext {
BIGNUM *C1x;
BIGNUM *C1y;
@@ -115,12 +106,6 @@ typedef int (*PFUNC_DEC)(EVP_PKEY_CTX *ctx,
const unsigned char *in,
size_t inlen);
-const unsigned char sm2_order[] = {
- 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,\
- 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,\
- 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23
-};
-
static int get_hash_type(int nid_hash)
{
switch (nid_hash) {
@@ -166,6 +151,12 @@ static int compute_hash(const char *in, size_t in_len,
static int sm2_update_sess(struct sm2_ctx *smctx)
{
+ const unsigned char sm2_order[] = {
+ 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
+ 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23
+ };
int nid_hash = smctx->ctx.md ? EVP_MD_type(smctx->ctx.md) : NID_sm3;
struct wd_ecc_sess_setup setup;
handle_t sess;
--
2.27.0

260
0047-ecc-bugfix-about-return-value-check.patch
View File

@ -1,260 +0,0 @@
From a8613bb37a229c64ab1846e4da2220912876fbfa Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 16:56:02 +0800
Subject: [PATCH 47/57] ecc: bugfix about return value check
Check the return value of BN_CTX_get(), and add a new
structure to wrap the curve parameters to make the logic
of return value check clearer.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 159 ++++++++++++++++++++++++++++++++++----------------
1 file changed, 108 insertions(+), 51 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index d78658b..37683cd 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -34,6 +34,19 @@
#define ECC384BITS 384
#define ECC521BITS 521
+struct curve_param {
+ /* prime */
+ BIGNUM *p;
+ /* ecc coefficient 'a' */
+ BIGNUM *a;
+ /* ecc coefficient 'b' */
+ BIGNUM *b;
+ /* base point */
+ const EC_POINT *g;
+ /* order of base point */
+ const BIGNUM *order;
+};
+
typedef ECDSA_SIG* (*PFUNC_SIGN_SIG)(const unsigned char *,
int,
const BIGNUM *,
@@ -70,58 +83,92 @@ static void init_dtb_param(void *dtb, char *start,
}
}
+static void fill_ecc_cv_param(struct wd_ecc_curve *pparam,
+ struct curve_param *cv_param,
+ BIGNUM *g_x, BIGNUM *g_y)
+{
+ pparam->p.dsize = BN_bn2bin(cv_param->p, (void *)pparam->p.data);
+ pparam->a.dsize = BN_bn2bin(cv_param->a, (void *)pparam->a.data);
+ if (!pparam->a.dsize) {
+ pparam->a.dsize = 1;
+ pparam->a.data[0] = 0;
+ }
+
+ pparam->b.dsize = BN_bn2bin(cv_param->b, (void *)pparam->b.data);
+ if (!pparam->b.dsize) {
+ pparam->b.dsize = 1;
+ pparam->b.data[0] = 0;
+ }
+
+ pparam->g.x.dsize = BN_bn2bin(g_x, (void *)pparam->g.x.data);
+ pparam->g.y.dsize = BN_bn2bin(g_y, (void *)pparam->g.y.data);
+ pparam->n.dsize = BN_bn2bin(cv_param->order, (void *)pparam->n.data);
+}
+
static int set_sess_setup_cv(const EC_GROUP *group,
struct wd_ecc_curve_cfg *cv)
{
struct wd_ecc_curve *pparam = cv->cfg.pparam;
- BIGNUM *p, *a, *b, *xg, *yg, *order;
- const EC_POINT *g;
+ struct curve_param *cv_param;
+ BIGNUM *g_x, *g_y;
+ int ret = -1;
BN_CTX *ctx;
- int ret;
ctx = BN_CTX_new();
if (!ctx)
- return -ENOMEM;
+ return ret;
BN_CTX_start(ctx);
- p = BN_CTX_get(ctx);
- a = BN_CTX_get(ctx);
- b = BN_CTX_get(ctx);
- xg = BN_CTX_get(ctx);
- yg = BN_CTX_get(ctx);
- ret = uadk_get_curve(group, p, a, b, ctx);
+ cv_param = OPENSSL_malloc(sizeof(struct curve_param));
+ if (!cv_param)
+ goto free_ctx;
+
+ cv_param->p = BN_CTX_get(ctx);
+ if (!cv_param->p)
+ goto free_cv;
+
+ cv_param->a = BN_CTX_get(ctx);
+ if (!cv_param->a)
+ goto free_cv;
+
+ cv_param->b = BN_CTX_get(ctx);
+ if (!cv_param->b)
+ goto free_cv;
+
+ g_x = BN_CTX_get(ctx);
+ if (!g_x)
+ goto free_cv;
+
+ g_y = BN_CTX_get(ctx);
+ if (!g_y)
+ goto free_cv;
+
+ ret = uadk_get_curve(group, cv_param->p, cv_param->a, cv_param->b, ctx);
if (ret)
- goto err;
+ goto free_cv;
- g = EC_GROUP_get0_generator(group);
- ret = uadk_get_affine_coordinates(group, g, xg, yg, ctx);
+ cv_param->g = EC_GROUP_get0_generator(group);
+ if (!cv_param->g)
+ goto free_cv;
+
+ ret = uadk_get_affine_coordinates(group, cv_param->g, g_x, g_y, ctx);
if (ret)
- goto err;
+ goto free_cv;
- order = (BIGNUM *)EC_GROUP_get0_order(group);
- pparam->p.dsize = BN_bn2bin(p, (void *)pparam->p.data);
- pparam->a.dsize = BN_bn2bin(a, (void *)pparam->a.data);
- /* a or b is all zero, but uadk not allow parameter length is zero */
- if (!pparam->a.dsize) {
- pparam->a.dsize = 1;
- pparam->a.data[0] = 0;
- }
- pparam->b.dsize = BN_bn2bin(b, (void *)pparam->b.data);
- if (!pparam->b.dsize) {
- pparam->b.dsize = 1;
- pparam->b.data[0] = 0;
- }
- pparam->g.x.dsize = BN_bn2bin(xg, (void *)pparam->g.x.data);
- pparam->g.y.dsize = BN_bn2bin(yg, (void *)pparam->g.y.data);
- pparam->n.dsize = BN_bn2bin(order, (void *)pparam->n.data);
+ cv_param->order = EC_GROUP_get0_order(group);
+ if (!cv_param->order)
+ goto free_cv;
+
+ fill_ecc_cv_param(pparam, cv_param, g_x, g_y);
cv->type = WD_CV_CFG_PARAM;
ret = 0;
-err:
- if (ctx) {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
+
+free_cv:
+ OPENSSL_free(cv_param);
+free_ctx:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
return ret;
}
@@ -166,12 +213,13 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
sp.cv.cfg.pparam = &param;
group = EC_KEY_get0_group(eckey);
ret = set_sess_setup_cv(group, &sp.cv);
- if (ret) {
- free(dev);
- return (handle_t)0;
- }
+ if (ret)
+ goto free_dev;
order = EC_GROUP_get0_order(group);
+ if (!order)
+ goto free_dev;
+
key_bits = BN_num_bits(order);
sp.alg = alg;
sp.key_bits = get_smallest_hw_keybits(key_bits);
@@ -184,8 +232,11 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
fprintf(stderr, "failed to alloc ecc sess\n");
free(dev);
-
return sess;
+
+free_dev:
+ free(dev);
+ return (handle_t)0;
}
static int check_ecc_bit_useful(const int bits)
@@ -506,6 +557,10 @@ static int ecdsa_do_verify_check(EC_KEY *eckey,
const BIGNUM *order;
int ret;
+ ret = eckey_check(eckey);
+ if (ret)
+ return ret;
+
if (!dgst) {
fprintf(stderr, "dgst is NULL\n");
return -1;
@@ -516,10 +571,6 @@ static int ecdsa_do_verify_check(EC_KEY *eckey,
return -1;
}
- ret = eckey_check(eckey);
- if (ret)
- return ret;
-
pub_key = EC_KEY_get0_public_key(eckey);
if (!pub_key) {
fprintf(stderr, "pub_key is NULL\n");
@@ -957,10 +1008,20 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req,
ctx = BN_CTX_new();
if (!ctx)
return -ENOMEM;
+
+ BN_CTX_start(ctx);
pkey_x = BN_CTX_get(ctx);
+ if (!pkey_x)
+ goto free_ctx;
+
pkey_y = BN_CTX_get(ctx);
+ if (!pkey_y)
+ goto free_ctx;
group = EC_KEY_get0_group(ecdh);
+ if (!group)
+ goto free_ctx;
+
uadk_get_affine_coordinates(group, pubkey, pkey_x, pkey_y, ctx);
in_pkey.x.data = buf_x;
in_pkey.y.data = buf_y;
@@ -986,13 +1047,9 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req,
ret = 1;
free_ctx:
- if (ctx) {
- if (pkey_x)
- BN_clear(pkey_x);
- if (pkey_y)
- BN_clear(pkey_y);
- BN_CTX_free(ctx);
- }
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+
return ret;
}
--
2.27.0

170
0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch
View File

@ -1,170 +0,0 @@
From 7989e5639ab9a2de5d03ecb06942ad556ed41d93 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 16:57:50 +0800
Subject: [PATCH 48/57] ecc: bugfix multiple definition of ecx structure
The structure 'ECX_KEY' is defined in the libcrypto of OpenSSL,
but OpenSSL does not put this definition in the header file in
its 1.1.1x release version, so we can not use this structure
directly. We should define a new structure that provides the
same function to avoid conflict with the definition in OpenSSL
when using static compilation.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ecx.c | 43 +++++++++++++++++++++++--------------------
1 file changed, 23 insertions(+), 20 deletions(-)
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 5d0ff76..df23156 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -31,14 +31,14 @@
#define X448_KEYLEN 56
#define X25519_KEYBITS 256
#define X448_KEYBITS 448
-#define MAX_KEYLEN 57
+#define ECX_MAX_KEYLEN 57
#define UADK_E_SUCCESS 1
#define UADK_E_FAIL 0
-typedef struct {
- unsigned char pubkey[MAX_KEYLEN];
+struct ecx_key {
+ unsigned char pubkey[ECX_MAX_KEYLEN];
unsigned char *privkey;
-} ECX_KEY;
+};
struct ecx_ctx {
handle_t sess;
@@ -224,12 +224,12 @@ static int ecx_get_nid(EVP_PKEY_CTX *ctx)
return nid;
}
-static int ecx_create_privkey(ECX_KEY **ecx_key, int key_size)
+static int ecx_create_privkey(struct ecx_key **ecx_key, int key_size)
{
unsigned char *privkey;
int ret;
- *ecx_key = OPENSSL_zalloc(sizeof(ECX_KEY));
+ *ecx_key = OPENSSL_zalloc(sizeof(struct ecx_key));
if (!(*ecx_key)) {
fprintf(stderr, "failed to alloc ecx_key\n");
return UADK_E_FAIL;
@@ -259,7 +259,8 @@ free_ecx_key:
return UADK_E_FAIL;
}
-static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
+static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx,
+ struct ecx_key *ecx_key)
{
handle_t sess = ecx_ctx->sess;
struct wd_ecc_key *ecc_key;
@@ -280,14 +281,14 @@ static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
}
static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx,
- struct wd_ecc_req *req, ECX_KEY *ecx_key)
+ struct wd_ecc_req *req, struct ecx_key *ecx_key)
{
struct wd_ecc_point *pubkey = NULL;
int key_size = ecx_ctx->key_size;
int ret;
wd_ecxdh_get_out_params(req->dst, &pubkey);
- if (key_size > MAX_KEYLEN) {
+ if (key_size > ECX_MAX_KEYLEN) {
fprintf(stderr, "invalid key size, key_size = %d\n", key_size);
return UADK_E_FAIL;
}
@@ -368,8 +369,8 @@ static int openssl_do_ecx_genkey(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
static int x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
struct ecx_ctx *keygen_ctx = NULL;
+ struct ecx_key *ecx_key = NULL;
struct wd_ecc_req req = {0};
- ECX_KEY *ecx_key = NULL;
int ret;
ret = ecx_genkey_check(ctx, pkey);
@@ -426,8 +427,8 @@ do_soft:
static int x448_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
struct ecx_ctx *keygen_ctx = NULL;
+ struct ecx_key *ecx_key = NULL;
struct wd_ecc_req req = {0};
- ECX_KEY *ecx_key = NULL;
int ret;
ret = ecx_genkey_check(ctx, pkey);
@@ -482,12 +483,13 @@ do_soft:
}
static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req,
- ECX_KEY *peer_ecx_key, ECX_KEY *ecx_key)
+ struct ecx_key *peer_ecx_key,
+ struct ecx_key *ecx_key)
{
int key_size = ecx_ctx->key_size;
+ char buf_y[ECX_MAX_KEYLEN] = {0};
handle_t sess = ecx_ctx->sess;
struct wd_ecc_point in_pubkey;
- char buf_y[MAX_KEYLEN] = {0};
struct wd_ecc_out *ecx_out;
struct wd_ecc_in *ecx_in;
int ret;
@@ -542,7 +544,8 @@ static void ecx_compkey_uninit_iot(handle_t sess, struct wd_ecc_req *req)
wd_ecc_del_in(sess, req->src);
}
-static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
+static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx,
+ struct ecx_key *ecx_key)
{
int key_size = ecx_ctx->key_size;
handle_t sess = ecx_ctx->sess;
@@ -576,8 +579,8 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
return UADK_E_SUCCESS;
}
-static int ecx_get_key(EVP_PKEY_CTX *ctx, ECX_KEY **ecx_key,
- ECX_KEY **peer_ecx_key)
+static int ecx_get_key(EVP_PKEY_CTX *ctx, struct ecx_key **ecx_key,
+ struct ecx_key **peer_ecx_key)
{
EVP_PKEY *pkey, *peer_key;
@@ -623,11 +626,11 @@ static void x25519_pad_out_key(unsigned char *dst_key, unsigned char *src_key,
static int x25519_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
+ struct ecx_key *peer_ecx_key = NULL;
struct wd_ecc_point *s_key = NULL;
struct ecx_ctx *derive_ctx = NULL;
- ECX_KEY *peer_ecx_key = NULL;
+ struct ecx_key *ecx_key = NULL;
struct wd_ecc_req req = {0};
- ECX_KEY *ecx_key = NULL;
int ret;
ret = x25519_init(ctx);
@@ -709,11 +712,11 @@ static void x448_pad_out_key(unsigned char *dst_key, unsigned char *src_key,
static int x448_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
+ struct ecx_key *peer_ecx_key = NULL;
struct wd_ecc_point *s_key = NULL;
struct ecx_ctx *derive_ctx = NULL;
- ECX_KEY *peer_ecx_key = NULL;
+ struct ecx_key *ecx_key = NULL;
struct wd_ecc_req req = {0};
- ECX_KEY *ecx_key = NULL;
int ret;
ret = x448_init(ctx);
--
2.27.0

76
0049-uadk_engine-remove-redundant-extern.patch
View File

@ -1,76 +0,0 @@
From 55edca5dd3c13ff623c078eaea2dfb9a7f444eb7 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:06:29 +0800
Subject: [PATCH 49/57] uadk_engine: remove redundant extern
Remove the "extern" keyword before function declaration in
the header file. Because the function in header file is
'extern' by default, there is no need to specify explicitly.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk.h | 24 ++++++++++++------------
src/uadk_async.h | 16 ++++++++--------
2 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h
index e2635d4..0188f0b 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -32,16 +32,16 @@ enum {
};
extern const char *engine_uadk_id;
-extern int uadk_e_bind_cipher(ENGINE *e);
-extern void uadk_e_destroy_cipher(void);
-extern int uadk_e_bind_digest(ENGINE *e);
-extern void uadk_e_destroy_digest(void);
-extern int uadk_e_bind_rsa(ENGINE *e);
-extern void uadk_e_destroy_rsa(void);
-extern int uadk_e_bind_dh(ENGINE *e);
-extern void uadk_e_destroy_dh(void);
-extern int uadk_e_bind_ecc(ENGINE *e);
-extern void uadk_e_destroy_ecc(void);
-extern int uadk_e_is_env_enabled(const char *alg_name);
-extern int uadk_e_set_env(const char *var_name, int numa_id);
+int uadk_e_bind_cipher(ENGINE *e);
+void uadk_e_destroy_cipher(void);
+int uadk_e_bind_digest(ENGINE *e);
+void uadk_e_destroy_digest(void);
+int uadk_e_bind_rsa(ENGINE *e);
+void uadk_e_destroy_rsa(void);
+int uadk_e_bind_dh(ENGINE *e);
+void uadk_e_destroy_dh(void);
+int uadk_e_bind_ecc(ENGINE *e);
+void uadk_e_destroy_ecc(void);
+int uadk_e_is_env_enabled(const char *alg_name);
+int uadk_e_set_env(const char *var_name, int numa_id);
#endif
diff --git a/src/uadk_async.h b/src/uadk_async.h
index d2a7e16..78f7a21 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -65,12 +65,12 @@ struct async_poll_queue {
pthread_t thread_id;
};
-extern int async_setup_async_event_notification(struct async_op *op);
-extern int async_clear_async_event_notification(void);
-extern int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
-extern void async_register_poll_fn(int type, async_recv_t func);
-extern void async_module_init(void);
-extern int async_wake_job(ASYNC_JOB *job);
-extern void async_free_poll_task(int id, bool is_cb);
-extern int async_get_free_task(int *id);
+int async_setup_async_event_notification(struct async_op *op);
+int async_clear_async_event_notification(void);
+int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
+void async_register_poll_fn(int type, async_recv_t func);
+void async_module_init(void);
+int async_wake_job(ASYNC_JOB *job);
+void async_free_poll_task(int id, bool is_cb);
+int async_get_free_task(int *id);
#endif
--
2.27.0

212
0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch
View File

@ -1,212 +0,0 @@
From ba0a9ede4f72387f065e88c054e35dc6fdb59079 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:10:47 +0800
Subject: [PATCH 50/57] uadk_engine: add timeout protection mechanism in poll
Count the cycle times of poll. When the count times exceed the
maximum number, exit to prevent the task from timeout.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_cipher.c | 13 ++++++++-----
src/uadk_dh.c | 11 +++++++----
src/uadk_digest.c | 11 +++++++----
src/uadk_pkey.c | 13 ++++++++-----
src/uadk_rsa.c | 11 +++++++----
5 files changed, 37 insertions(+), 22 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 472c0ad..54d0a7d 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -517,7 +517,7 @@ static int uadk_e_cipher_poll(void *ctx)
do {
ret = wd_cipher_poll_ctx(idx, expt, &recv);
- if (recv >= expt)
+ if (recv == expt)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -530,18 +530,21 @@ static int uadk_e_cipher_poll(void *ctx)
static int uadk_e_cipher_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
- /* poll one packet currently */
+ /* Poll one packet currently */
int expt = 1;
int ret;
do {
ret = wd_cipher_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_cipher_env_init(struct uacce_dev *dev)
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 893b0f2..cf319e5 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -212,7 +212,7 @@ static int uadk_e_dh_poll(void *ctx)
do {
ret = wd_dh_poll_ctx(idx, expect, &recv);
- if (recv >= expect)
+ if (recv == expect)
return UADK_E_POLL_SUCCESS;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -273,6 +273,7 @@ static struct dh_res_config dh_res_config = {
static int uadk_e_dh_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
/* Poll one packet currently */
int expt = 1;
@@ -280,11 +281,13 @@ static int uadk_e_dh_env_poll(void *ctx)
do {
ret = wd_dh_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_dh_env_init(struct uacce_dev *dev)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 8127373..853aa39 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -343,7 +343,7 @@ static int uadk_e_digest_poll(void *ctx)
do {
ret = wd_digest_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv >= expt)
+ if (recv == expt)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -356,6 +356,7 @@ static int uadk_e_digest_poll(void *ctx)
static int uadk_e_digest_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
/* Poll one packet currently */
int expt = 1;
@@ -363,11 +364,13 @@ static int uadk_e_digest_env_poll(void *ctx)
do {
ret = wd_digest_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_digest_env_init(struct uacce_dev *dev)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index a0b74af..9a3a725 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -110,7 +110,7 @@ static int uadk_ecc_poll(void *ctx)
do {
ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv >= expt)
+ if (recv == expt)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -143,18 +143,21 @@ int uadk_e_ecc_get_numa_id(void)
static int uadk_e_ecc_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
- /* poll one packet currently */
+ /* Poll one packet currently */
int expt = 1;
int ret;
do {
ret = wd_ecc_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 29b2521..a74343f 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -663,7 +663,7 @@ static int uadk_e_rsa_poll(void *ctx)
do {
ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv >= expt)
+ if (recv == expt)
return UADK_E_POLL_SUCCESS;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -689,6 +689,7 @@ static struct rsa_res_config rsa_res_config = {
static int uadk_e_rsa_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
/* Poll one packet currently */
int expt = 1;
@@ -696,11 +697,13 @@ static int uadk_e_rsa_env_poll(void *ctx)
do {
ret = wd_rsa_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_rsa_env_init(struct uacce_dev *dev)
--
2.27.0

272
0051-rsa-cleanup-redundant-BN-operation.patch
View File

@ -1,272 +0,0 @@
From 25b026f401195e0385fc575c51752e1c0c731394 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:13:09 +0800
Subject: [PATCH 51/57] rsa: cleanup redundant BN operation
Remove redundant codes for big number and rsa crt
mode judgment.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 92 ++++++++++++++++++++++----------------------------
1 file changed, 40 insertions(+), 52 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index a74343f..f95632b 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -871,8 +871,8 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
int is_crt)
{
unsigned int key_size = bits >> BIT_BYTES_SHIFT;
- struct uadk_rsa_sess *rsa_sess;
struct sched_params params = {0};
+ struct uadk_rsa_sess *rsa_sess;
rsa_sess = rsa_new_eng_session(rsa);
if (!rsa_sess)
@@ -882,11 +882,7 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
rsa_sess->setup.key_bits = key_size << BIT_BYTES_SHIFT;
params.numa_id = g_rsa_res.numa_id;
rsa_sess->setup.sched_param = &params;
-
- if (is_crt)
- rsa_sess->setup.is_crt = IS_SET;
- else
- rsa_sess->setup.is_crt = UN_SET;
+ rsa_sess->setup.is_crt = is_crt;
rsa_sess->sess = wd_rsa_alloc_sess(&rsa_sess->setup);
if (!rsa_sess->sess) {
@@ -1377,10 +1373,8 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess,
rsa, bn_param);
- if (!ret) {
+ if (!ret)
ret = UADK_DO_SOFT;
- goto free_kg_in_out;
- }
free_kg_in_out:
rsa_free_keygen_data(rsa_sess);
@@ -1398,11 +1392,11 @@ exe_soft:
static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
+ struct rsa_pubkey_param *pub_enc = NULL;
struct uadk_rsa_sess *rsa_sess = NULL;
- struct rsa_pubkey_param *pub = NULL;
unsigned char *from_buf = NULL;
int num_bytes, is_crt, ret;
- BIGNUM *ret_bn = NULL;
+ BIGNUM *enc_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret || ret == SOFT)
@@ -1412,7 +1406,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
if (ret)
goto exe_soft;
- ret = rsa_pkey_param_alloc(&pub, NULL);
+ ret = rsa_pkey_param_alloc(&pub_enc, NULL);
if (ret == -ENOMEM)
goto exe_soft;
@@ -1424,7 +1418,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
goto free_pkey;
}
- ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes);
+ ret = rsa_create_pub_bn_ctx(rsa, pub_enc, &from_buf, &num_bytes);
if (ret <= 0 || flen > num_bytes) {
ret = UADK_DO_SOFT;
goto free_sess;
@@ -1436,7 +1430,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
goto free_buf;
}
- ret = rsa_fill_pubkey(pub, rsa_sess, from_buf, to);
+ ret = rsa_fill_pubkey(pub_enc, rsa_sess, from_buf, to);
if (!ret) {
ret = UADK_DO_SOFT;
goto free_buf;
@@ -1448,27 +1442,25 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
+ enc_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
rsa_sess->req.dst_bytes, NULL);
- if (!ret_bn) {
+ if (!enc_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
- ret = BN_bn2binpad(ret_bn, to, num_bytes);
- if (ret == -1) {
+ ret = BN_bn2binpad(enc_bn, to, num_bytes);
+ if (ret == -1)
ret = UADK_DO_SOFT;
- goto free_bn;
- }
-free_bn:
- BN_free(ret_bn);
+ BN_free(enc_bn);
+
free_buf:
rsa_free_pub_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
free_pkey:
- rsa_pkey_param_free(&pub, NULL);
+ rsa_pkey_param_free(&pub_enc, NULL);
if (ret != UADK_DO_SOFT)
return ret;
exe_soft:
@@ -1484,7 +1476,7 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
unsigned char *from_buf = NULL;
struct uadk_rsa_sess *rsa_sess;
int num_bytes, len, ret;
- BIGNUM *ret_bn = NULL;
+ BIGNUM *dec_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret || ret == SOFT)
@@ -1526,27 +1518,25 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
+ dec_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
rsa_sess->req.dst_bytes, NULL);
- if (!ret_bn) {
+ if (!dec_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
- len = BN_bn2binpad(ret_bn, from_buf, num_bytes);
+ len = BN_bn2binpad(dec_bn, from_buf, num_bytes);
if (!len) {
ret = UADK_DO_SOFT;
- goto free_bn;
+ goto free_dec_bn;
}
ret = check_rsa_pridec_padding(to, num_bytes, from_buf, len, padding);
- if (!ret) {
+ if (!ret)
ret = UADK_DO_SOFT;
- goto free_bn;
- }
-free_bn:
- BN_free(ret_bn);
+free_dec_bn:
+ BN_free(dec_bn);
free_buf:
rsa_free_pri_bn_ctx(&from_buf);
free_sess:
@@ -1567,7 +1557,7 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
struct uadk_rsa_sess *rsa_sess = NULL;
struct rsa_prikey_param *pri = NULL;
unsigned char *from_buf = NULL;
- BIGNUM *ret_bn = NULL;
+ BIGNUM *sign_bn = NULL;
BIGNUM *to_bn = NULL;
BIGNUM *res = NULL;
int num_bytes, ret;
@@ -1616,9 +1606,9 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
+ sign_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
rsa_sess->req.dst_bytes, NULL);
- if (!ret_bn) {
+ if (!sign_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
@@ -1626,10 +1616,10 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
to_bn = BN_bin2bn(from_buf, num_bytes, NULL);
if (!to_bn) {
ret = UADK_DO_SOFT;
- goto free_ret_bn;
+ goto free_sign_bn;
}
- ret = rsa_get_sign_res(padding, to_bn, pri->n, ret_bn, &res);
+ ret = rsa_get_sign_res(padding, to_bn, pri->n, sign_bn, &res);
if (!ret) {
ret = UADK_DO_SOFT;
goto free_to_bn;
@@ -1639,8 +1629,8 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
free_to_bn:
BN_free(to_bn);
-free_ret_bn:
- BN_free(ret_bn);
+free_sign_bn:
+ BN_free(sign_bn);
free_buf:
rsa_free_pri_bn_ctx(&from_buf);
free_sess:
@@ -1662,7 +1652,7 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
struct rsa_pubkey_param *pub = NULL;
int num_bytes, is_crt, len, ret;
unsigned char *from_buf = NULL;
- BIGNUM *ret_bn = NULL;
+ BIGNUM *verify_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret)
@@ -1705,33 +1695,31 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
+ verify_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
rsa_sess->req.dst_bytes, NULL);
- if (!ret_bn) {
+ if (!verify_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
- ret = rsa_get_verify_res(padding, pub->n, ret_bn);
+ ret = rsa_get_verify_res(padding, pub->n, verify_bn);
if (!ret) {
ret = UADK_DO_SOFT;
- goto free_bn;
+ goto free_verify_bn;
}
- len = BN_bn2binpad(ret_bn, from_buf, num_bytes);
+ len = BN_bn2binpad(verify_bn, from_buf, num_bytes);
if (!len) {
ret = UADK_DO_SOFT;
- goto free_bn;
+ goto free_verify_bn;
}
ret = check_rsa_pubdec_padding(to, num_bytes, from_buf, len, padding);
- if (!ret) {
+ if (!ret)
ret = UADK_DO_SOFT;
- goto free_bn;
- }
-free_bn:
- BN_free(ret_bn);
+free_verify_bn:
+ BN_free(verify_bn);
free_buf:
rsa_free_pub_bn_ctx(&from_buf);
free_sess:
--
2.27.0

189
0052-rsa-bugfix-memory-leak-in-genkey-process.patch
View File

@ -1,189 +0,0 @@
From 8d27c38b9bbf0dee3ba17aac4d1bf9529bdafdea Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:15:05 +0800
Subject: [PATCH 52/57] rsa: bugfix memory leak in genkey process
The process of releasing keygen parameter is supplemented:
When an abnormal situation occurs, uadk engine needs to switch
to software keygen function, so we need to free BN ctx we alloced
before. But in normal situation, the BN ctx should be freed by
OpenSSL tools or users, because the OpenSSL tool, for example,
genrsa, has implemented the free operation, we should not free
it again.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/e_uadk.c | 3 +--
src/uadk_rsa.c | 57 ++++++++++++++++++++++++++------------------------
2 files changed, 31 insertions(+), 29 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 58a10de..23fe0f2 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -333,8 +333,7 @@ static void bind_fn_uadk_alg(ENGINE *e)
}
/*
- * This stuff is needed if this ENGINE is being
- * compiled into a self-contained shared-library.
+ * Connect uadk_engine to OpenSSL engine library.
*/
static int bind_fn(ENGINE *e, const char *id)
{
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index f95632b..5b23dab 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -968,15 +968,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,
return UADK_E_SUCCESS;
}
-static int rsa_get_keygen_param(struct wd_rsa_req *req,
- handle_t ctx, RSA *rsa,
- struct rsa_keygen_param_bn *bn_param)
+static int rsa_get_keygen_param(struct wd_rsa_req *req, handle_t ctx, RSA *rsa,
+ struct rsa_keygen_param_bn *bn_param, BN_CTX **bn_ctx_in)
{
struct wd_rsa_kg_out *out = (struct wd_rsa_kg_out *)req->dst;
struct wd_dtb wd_d, wd_n, wd_qinv, wd_dq, wd_dp;
BIGNUM *dmp1, *dmq1, *iqmp, *n, *d;
unsigned int key_bits, key_size;
- BN_CTX *bn_ctx;
+ BN_CTX *bn_ctx = *bn_ctx_in;
key_bits = wd_rsa_get_key_bits(ctx);
if (!key_bits)
@@ -986,30 +985,25 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
wd_rsa_get_kg_out_params(out, &wd_d, &wd_n);
wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp);
- bn_ctx = BN_CTX_new();
- if (!bn_ctx)
- return UADK_E_FAIL;
-
- BN_CTX_start(bn_ctx);
dmp1 = BN_CTX_get(bn_ctx);
if (!dmp1)
- goto free_bn_ctx;
+ return UADK_E_FAIL;
dmq1 = BN_CTX_get(bn_ctx);
if (!dmq1)
- goto free_bn_ctx;
+ return UADK_E_FAIL;
iqmp = BN_CTX_get(bn_ctx);
if (!iqmp)
- goto free_bn_ctx;
+ return UADK_E_FAIL;
n = BN_CTX_get(bn_ctx);
if (!n)
- goto free_bn_ctx;
+ return UADK_E_FAIL;
d = BN_CTX_get(bn_ctx);
if (!d)
- goto free_bn_ctx;
+ return UADK_E_FAIL;
BN_bin2bn((unsigned char *)wd_d.data, key_size, d);
BN_bin2bn((unsigned char *)wd_n.data, key_size, n);
@@ -1020,15 +1014,9 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
if (!(RSA_set0_key(rsa, n, bn_param->e, d) &&
RSA_set0_factors(rsa, bn_param->p, bn_param->q) &&
RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)))
- goto free_bn_ctx;
+ return UADK_E_FAIL;
return UADK_E_SUCCESS;
-
-free_bn_ctx:
- BN_CTX_end(bn_ctx);
- BN_CTX_free(bn_ctx);
-
- return UADK_E_FAIL;
}
static void uadk_e_rsa_cb(void *req_t)
@@ -1179,7 +1167,7 @@ static void rsa_free_keygen_data(struct uadk_rsa_sess *rsa_sess)
static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
struct rsa_keygen_param_bn **keygen_bn_param,
- struct rsa_keypair **key_pair)
+ struct rsa_keypair **key_pair, BN_CTX **bn_ctx_in)
{
BN_CTX *bn_ctx;
@@ -1201,6 +1189,8 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
goto free_key_pair;
BN_CTX_start(bn_ctx);
+ *bn_ctx_in = bn_ctx;
+
(*keygen_bn_param)->e = BN_CTX_get(bn_ctx);
if (!(*keygen_bn_param)->e)
goto free_bn_ctx;
@@ -1230,8 +1220,21 @@ err:
static void rsa_keygen_param_free(struct rsa_keygen_param **keygen_param,
struct rsa_keygen_param_bn **keygen_bn_param,
- struct rsa_keypair **key_pair)
+ struct rsa_keypair **key_pair, BN_CTX **bn_ctx,
+ int free_bn_ctx_tag)
{
+ /*
+ * When an abnormal situation occurs, uadk engine needs
+ * to switch to software keygen function, so we need to
+ * free BN ctx we alloced before. But in normal situation,
+ * the BN ctx should be freed by OpenSSL tools or users.
+ * Therefore, we use a tag to distinguish these cases.
+ */
+ if (free_bn_ctx_tag == UADK_DO_SOFT) {
+ BN_CTX_end(*bn_ctx);
+ BN_CTX_free(*bn_ctx);
+ }
+
OPENSSL_free(*keygen_bn_param);
OPENSSL_free(*keygen_param);
OPENSSL_free(*key_pair);
@@ -1327,6 +1330,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
struct rsa_keygen_param_bn *bn_param = NULL;
struct uadk_rsa_sess *rsa_sess = NULL;
struct rsa_keypair *key_pair = NULL;
+ BN_CTX *bn_ctx = NULL;
int is_crt = 1;
int ret;
@@ -1338,7 +1342,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
if (ret)
goto exe_soft;
- ret = rsa_keygen_param_alloc(&keygen_param, &bn_param, &key_pair);
+ ret = rsa_keygen_param_alloc(&keygen_param, &bn_param, &key_pair, &bn_ctx);
if (ret == -ENOMEM)
goto exe_soft;
@@ -1371,8 +1375,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
goto free_kg_in_out;
}
- ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess,
- rsa, bn_param);
+ ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess, rsa, bn_param, &bn_ctx);
if (!ret)
ret = UADK_DO_SOFT;
@@ -1381,7 +1384,7 @@ free_kg_in_out:
free_sess:
rsa_free_eng_session(rsa_sess);
free_keygen:
- rsa_keygen_param_free(&keygen_param, &bn_param, &key_pair);
+ rsa_keygen_param_free(&keygen_param, &bn_param, &key_pair, &bn_ctx, ret);
if (ret != UADK_DO_SOFT)
return ret;
exe_soft:
--
2.27.0

97
0053-rsa-remove-unused-software-method.patch
View File

@ -1,97 +0,0 @@
From ff703a9aa6a0a2dada51b7bf88cc9e1a8ce2d6cd Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:16:59 +0800
Subject: [PATCH 53/57] rsa: remove unused software method
Switching to software methods in abnormal scenarios has been
implemented in other functions, uadk_e_get_rsa_sw_methods()
is actually unused, so we remove it.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 49 +++++--------------------------------------------
1 file changed, 5 insertions(+), 44 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 5b23dab..7983bc0 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -53,7 +53,6 @@
#define ENV_ENABLED 1
static RSA_METHOD *rsa_hw_meth;
-static RSA_METHOD *rsa_sw_meth;
struct bignum_st {
BN_ULONG *d;
@@ -1737,25 +1736,11 @@ exe_soft:
(flen, from, to, rsa, padding);
}
-static RSA_METHOD *uadk_e_get_rsa_sw_methods(void)
-{
- /* meth: default rsa software method */
- const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
-
- rsa_sw_meth = RSA_meth_new("rsa soft method", 0);
- (void)RSA_meth_set_pub_enc(rsa_sw_meth, RSA_meth_get_pub_enc(meth));
- (void)RSA_meth_set_priv_enc(rsa_sw_meth, RSA_meth_get_priv_enc(meth));
- (void)RSA_meth_set_pub_dec(rsa_sw_meth, RSA_meth_get_pub_dec(meth));
- (void)RSA_meth_set_priv_dec(rsa_sw_meth, RSA_meth_get_priv_dec(meth));
- (void)RSA_meth_set_keygen(rsa_sw_meth, uadk_e_soft_rsa_keygen);
- (void)RSA_meth_set_mod_exp(rsa_sw_meth, RSA_meth_get_mod_exp(meth));
- (void)RSA_meth_set_bn_mod_exp(rsa_sw_meth,
- RSA_meth_get_bn_mod_exp(meth));
-
- return rsa_sw_meth;
-}
-
-static RSA_METHOD *uadk_e_get_rsa_hw_methods(void)
+/**
+ * uadk_get_rsa_method() - Set rsa hardware methods of the RSA implementation which
+ * can be called from ENGINE structure.
+ */
+static RSA_METHOD *uadk_e_get_rsa_methods(void)
{
if (rsa_hw_meth)
return rsa_hw_meth;
@@ -1780,36 +1765,12 @@ static RSA_METHOD *uadk_e_get_rsa_hw_methods(void)
return rsa_hw_meth;
}
-/**
- * uadk_get_rsa_method() - Set rsa methods of the RSA implementation which
- * can be called from ENGINE structure.
- */
-static RSA_METHOD *uadk_e_get_rsa_methods(void)
-{
- struct uacce_dev *dev;
-
- dev = wd_get_accel_dev("rsa");
- if (!dev)
- return uadk_e_get_rsa_sw_methods();
-
- free(dev);
- return uadk_e_get_rsa_hw_methods();
-}
-
static void uadk_e_delete_rsa_meth(void)
{
- if (!rsa_hw_meth && !rsa_sw_meth)
- return;
-
if (rsa_hw_meth) {
RSA_meth_free(rsa_hw_meth);
rsa_hw_meth = NULL;
}
-
- if (rsa_sw_meth) {
- RSA_meth_free(rsa_sw_meth);
- rsa_sw_meth = NULL;
- }
}
/**
--
2.27.0

26
0054-doc-Modify-maintainers.patch
View File

@ -1,26 +0,0 @@
From 9dd29d1cfd3b3038bc8a347c51f1f176c28ec0b5 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Mon, 25 Jul 2022 11:42:11 +0800
Subject: [PATCH 54/57] doc: Modify maintainers
Personnel change, replace a maintainer.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
docs/maintenance.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/maintenance.md b/docs/maintenance.md
index 50ed1fe..1a563ce 100644
--- a/docs/maintenance.md
+++ b/docs/maintenance.md
@@ -28,5 +28,5 @@ sudo test/sanity_test.sh
```
Zhangfei Gao <zhangfei.gao@linaro.org>
Zhou Wang <wangzhou1@hisilicon.com>
-Hui Tang <tanghui20@huawei.com>
+Zhiqi Song <songzhiqi1@huawei.com>
```
--
2.27.0

52
0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch
View File

@ -1,52 +0,0 @@
From 623c8687b64381b0dc454ea2d2c81ee5f6bfdbc7 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Tue, 26 Jul 2022 10:39:01 +0800
Subject: [PATCH 55/57] rsa: modify the default algorithm of keygen soft
algorithm
When the hardware algorithm execution fails, the engine needs to
switch to the soft algorithm execution, and the callback needs to
be modified to the soft algorithm to prevent it from being
re-transferred to the hardware interface.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_rsa.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 7983bc0..03f2ce5 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -140,6 +140,8 @@ enum {
MAX_CODE,
};
+static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+
static int rsa_check_bit_useful(const int bits, int flen)
{
if (flen > bits)
@@ -1100,10 +1102,19 @@ err:
static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
{
+ const RSA_METHOD *default_meth = RSA_PKCS1_OpenSSL();
int ret;
+ if (!default_meth) {
+ fprintf(stderr, "failed to get soft method.\n");
+ return UADK_E_FAIL;
+ }
+
UNUSED(cb);
+ (void)RSA_meth_set_keygen(rsa_hw_meth,
+ RSA_meth_get_keygen(default_meth));
ret = RSA_generate_key_ex(rsa, bits, e, NULL);
+ (void)RSA_meth_set_keygen(rsa_hw_meth, uadk_e_rsa_keygen);
return ret;
}
--
2.27.0

224
0056-engine-initialize-resources-only-once.patch
View File

@ -1,224 +0,0 @@
From 0245d700da510dd54926eab3fb9377bde991024f Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Tue, 26 Jul 2022 10:54:03 +0800
Subject: [PATCH 56/57] engine: initialize resources only once
If multiple threads load the engine repeatedly, the
poll_queue and global locks in the algorithm API are
repeatedly initialized. As a result, tasks of other
threads are abnormal.
Therefore, this patch moves resource initialization
to the function 'uadk_init' and only initialize once.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/e_uadk.c | 37 +++++++++++++++++++++++++++++++++----
src/uadk.h | 5 +++++
src/uadk_cipher.c | 7 +++++--
src/uadk_dh.c | 7 +++++--
src/uadk_digest.c | 7 +++++--
src/uadk_pkey.c | 7 +++++--
src/uadk_rsa.c | 6 ++++--
7 files changed, 62 insertions(+), 14 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 23fe0f2..1b95284 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -43,6 +43,8 @@ static int uadk_digest;
static int uadk_rsa;
static int uadk_dh;
static int uadk_ecc;
+static int uadk_inited;
+static pthread_mutex_t uadk_engine_mutex = PTHREAD_MUTEX_INITIALIZER;
#ifdef KAE
static int uadk_cipher_nosva;
@@ -219,12 +221,41 @@ static int uadk_destroy(ENGINE *e)
uadk_e_destroy_ecc();
if (uadk_dh)
uadk_e_destroy_dh();
+
+ pthread_mutex_lock(&uadk_engine_mutex);
+ uadk_inited = 0;
+ pthread_mutex_unlock(&uadk_engine_mutex);
+
return 1;
}
-
static int uadk_init(ENGINE *e)
{
+ int ret;
+
+ pthread_mutex_lock(&uadk_engine_mutex);
+ if (uadk_inited) {
+ pthread_mutex_unlock(&uadk_engine_mutex);
+ return 1;
+ }
+
+ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc)
+ async_module_init();
+
+ if (uadk_digest)
+ uadk_e_digest_lock_init();
+ if (uadk_cipher)
+ uadk_e_cipher_lock_init();
+ if (uadk_rsa)
+ uadk_e_rsa_lock_init();
+ if (uadk_dh)
+ uadk_e_dh_lock_init();
+ if (uadk_ecc)
+ uadk_e_ecc_lock_init();
+
+ uadk_inited = 1;
+ pthread_mutex_unlock(&uadk_engine_mutex);
+
return 1;
}
@@ -360,10 +391,8 @@ static int bind_fn(ENGINE *e, const char *id)
#endif
bind_fn_uadk_alg(e);
- if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) {
- async_module_init();
+ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc)
pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler);
- }
ret = ENGINE_set_ctrl_function(e, uadk_engine_ctrl);
if (ret != 1) {
diff --git a/src/uadk.h b/src/uadk.h
index 0188f0b..cd3447c 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -44,4 +44,9 @@ int uadk_e_bind_ecc(ENGINE *e);
void uadk_e_destroy_ecc(void);
int uadk_e_is_env_enabled(const char *alg_name);
int uadk_e_set_env(const char *var_name, int numa_id);
+void uadk_e_ecc_lock_init(void);
+void uadk_e_rsa_lock_init(void);
+void uadk_e_dh_lock_init(void);
+void uadk_e_cipher_lock_init(void);
+void uadk_e_digest_lock_init(void);
#endif
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 54d0a7d..c5bc7af 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -1076,8 +1076,6 @@ int uadk_e_bind_cipher(ENGINE *e)
if (platform > KUNPENG920)
bind_v3_cipher();
- pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
-
return ENGINE_set_ciphers(e, uadk_e_engine_ciphers);
}
@@ -1160,3 +1158,8 @@ void uadk_e_destroy_cipher(void)
if (platform > KUNPENG920)
destroy_v3_cipher();
}
+
+void uadk_e_cipher_lock_init(void)
+{
+ pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
+}
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index cf319e5..37f84e9 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -902,8 +902,6 @@ static void uadk_e_delete_dh_meth(void)
int uadk_e_bind_dh(ENGINE *e)
{
- pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE);
-
return ENGINE_set_DH(e, uadk_e_get_dh_methods());
}
@@ -913,3 +911,8 @@ void uadk_e_destroy_dh(void)
uadk_e_delete_dh_meth();
uadk_e_wd_dh_uninit();
}
+
+void uadk_e_dh_lock_init(void)
+{
+ pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE);
+}
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 853aa39..b2646cb 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -804,6 +804,11 @@ do { \
return 0; \
} while (0)
+void uadk_e_digest_lock_init(void)
+{
+ pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
+}
+
int uadk_e_bind_digest(ENGINE *e)
{
UADK_DIGEST_DESCR(md5, md5WithRSAEncryption, MD5_DIGEST_LENGTH,
@@ -849,8 +854,6 @@ int uadk_e_bind_digest(ENGINE *e)
uadk_e_digest_final, uadk_e_digest_cleanup,
uadk_e_digest_copy);
- pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
-
return ENGINE_set_digests(e, uadk_engine_digests);
}
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 9a3a725..211f1cc 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -615,6 +615,11 @@ static int uadk_ecc_bind_pmeth(ENGINE *e)
return ENGINE_set_pkey_meths(e, get_pkey_meths);
}
+void uadk_e_ecc_lock_init(void)
+{
+ pthread_spin_init(&ecc_res.lock, PTHREAD_PROCESS_PRIVATE);
+}
+
int uadk_e_bind_ecc(ENGINE *e)
{
int ret;
@@ -631,8 +636,6 @@ int uadk_e_bind_ecc(ENGINE *e)
return ret;
}
- pthread_spin_init(&ecc_res.lock, PTHREAD_PROCESS_PRIVATE);
-
return ret;
}
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 03f2ce5..ef1739d 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1790,8 +1790,6 @@ static void uadk_e_delete_rsa_meth(void)
*/
int uadk_e_bind_rsa(ENGINE *e)
{
- pthread_spin_init(&g_rsa_res.lock, PTHREAD_PROCESS_PRIVATE);
-
return ENGINE_set_RSA(e, uadk_e_get_rsa_methods());
}
@@ -1802,3 +1800,7 @@ void uadk_e_destroy_rsa(void)
uadk_e_rsa_uninit();
}
+void uadk_e_rsa_lock_init(void)
+{
+ pthread_spin_init(&g_rsa_res.lock, PTHREAD_PROCESS_PRIVATE);
+}
--
2.27.0

105
0057-engine-fix-function-type.patch
View File

@ -1,105 +0,0 @@
From f43d50084550042f053de2dcce03d91d5f8b040a Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Tue, 26 Jul 2022 10:58:56 +0800
Subject: [PATCH 57/57] engine: fix function type
If return type of the function 'async_module_init' is void,
when function executes failed, the app continues to execute tasks.
The process will be abnormal. Change 'async_module_init' type to int.
If function executes failed, 0 is returned.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/e_uadk.c | 16 +++++++++++++---
src/uadk_async.c | 9 +++++----
src/uadk_async.h | 2 +-
3 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 1b95284..77612d7 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -239,8 +239,14 @@ static int uadk_init(ENGINE *e)
return 1;
}
- if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc)
- async_module_init();
+ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) {
+ ret = async_module_init();
+ if (!ret) {
+ pthread_mutex_unlock(&uadk_engine_mutex);
+ fprintf(stderr, "failed to init async module!\n");
+ return 0;
+ }
+ }
if (uadk_digest)
uadk_e_digest_lock_init();
@@ -266,7 +272,11 @@ static int uadk_finish(ENGINE *e)
static void engine_init_child_at_fork_handler(void)
{
- async_module_init();
+ int ret;
+
+ ret = async_module_init();
+ if (!ret)
+ fprintf(stderr, "failed to init child async module!\n");
}
#ifdef KAE
diff --git a/src/uadk_async.c b/src/uadk_async.c
index 11d624c..3f2e1db 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -336,7 +336,7 @@ static void *async_poll_process_func(void *args)
return NULL;
}
-void async_module_init(void)
+int async_module_init(void)
{
pthread_t thread_id;
pthread_attr_t thread_attr;
@@ -344,11 +344,11 @@ void async_module_init(void)
memset(&poll_queue, 0, sizeof(struct async_poll_queue));
if (pthread_mutex_init(&(poll_queue.async_task_mutex), NULL) < 0)
- return;
+ return 0;
poll_queue.head = malloc(sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM);
if (poll_queue.head == NULL)
- return;
+ return 0;
memset(poll_queue.head, 0,
sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM);
@@ -368,8 +368,9 @@ void async_module_init(void)
poll_queue.thread_id = thread_id;
OPENSSL_atexit(async_poll_task_free);
- return;
+ return 1;
err:
async_poll_task_free();
+ return 0;
}
diff --git a/src/uadk_async.h b/src/uadk_async.h
index 78f7a21..9bae3f4 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -69,7 +69,7 @@ int async_setup_async_event_notification(struct async_op *op);
int async_clear_async_event_notification(void);
int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
void async_register_poll_fn(int type, async_recv_t func);
-void async_module_init(void);
+int async_module_init(void);
int async_wake_job(ASYNC_JOB *job);
void async_free_poll_task(int id, bool is_cb);
int async_get_free_task(int *id);
--
2.27.0

74
0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch
View File

@ -1,74 +0,0 @@
From 36ea42a1d9556e937be5ebf47f41f66b51a29cb6 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 16 Aug 2022 09:57:18 +0800
Subject: uadk_digest: fix the full mac buffer length as doing long hash
Sha224 and Sha384 need full length mac buffer as doing long hash.
Depends-on:uadk 802878d71999("digest: fix mac buffer len as long hash")
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index b2646cb..63887e7 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -484,7 +484,7 @@ static void digest_priv_ctx_setup(struct digest_priv_ctx *priv,
{
priv->setup.alg = alg;
priv->setup.mode = mode;
- priv->req.out_buf_bytes = out_len;
+ priv->req.out_buf_bytes = MAX_DIGEST_LENGTH;
priv->req.out_bytes = out_len;
}
@@ -543,15 +543,30 @@ soft_init:
return digest_soft_init(priv->soft_ctx, priv->e_nid);
}
+static void digest_update_out_length(EVP_MD_CTX *ctx)
+{
+ struct digest_priv_ctx *priv =
+ (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
+
+ /* Sha224 and Sha384 need full length mac buffer as doing long hash */
+ if (priv->e_nid == NID_sha224)
+ priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN;
+
+ if (priv->e_nid == NID_sha384)
+ priv->req.out_bytes = WD_DIGEST_SHA384_FULL_LEN;
+}
+
static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_len)
{
struct digest_priv_ctx *priv =
- (struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx);
+ (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
const unsigned char *tmpdata = (const unsigned char *)data;
size_t left_len = data_len;
int copy_to_bufflen;
int ret;
+ digest_update_out_length(ctx);
+
priv->req.has_next = DIGEST_DOING;
while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) {
@@ -708,6 +723,12 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
priv->req.in_bytes = priv->last_update_bufflen;
priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
+ if (priv->e_nid == NID_sha224)
+ priv->req.out_bytes = WD_DIGEST_SHA224_LEN;
+
+ if (priv->e_nid == NID_sha384)
+ priv->req.out_bytes = WD_DIGEST_SHA384_LEN;
+
ret = async_setup_async_event_notification(&op);
if (unlikely(!ret)) {
fprintf(stderr, "failed to setup async event notification.\n");
--
1.8.3.1

59
0059-uadk_utils-fix-x86-local-build.patch
View File

@ -1,59 +0,0 @@
From 06fd1fe00a03bfbc7430ec8e1b1f7356f47da55d Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Tue, 18 Oct 2022 15:39:11 +0800
Subject: uadk_utils: fix x86 local build
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
On x86 local build:
autoreconf -i
./configure --libdir=/usr/local/lib/engines-1.1/
make -j4
uadk_utils.c: In function uadk_memcpy:
uadk_utils.c:23:2: error: unknown register name q1 in asm
__asm__ __volatile__(
^
uadk_utils.c:23:2: error: unknown register name q0 in asm
uadk_utils.c:23:2: error: unknown register name x14 in asm
uadk_utils.c:23:2: error: unknown register name x5 in asm
uadk_utils.c:23:2: error: unknown register name x4 in asm
uadk_utils.c:23:2: error: unknown register name x3 in asm
With this patch, x86 build is OK
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk_utils.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/uadk_utils.c b/src/uadk_utils.c
index 2b34b3a..275a124 100644
--- a/src/uadk_utils.c
+++ b/src/uadk_utils.c
@@ -16,6 +16,8 @@
*/
#include "uadk_utils.h"
+#if defined(__AARCH64_CMODEL_SMALL__) && __AARCH64_CMODEL_SMALL__
+
#define UADK_MEM_IMPROVE_THRESHOLD 1024
static void *memcpy_large(void *dstpp, const void *srcpp, size_t len)
@@ -61,3 +63,12 @@ void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len)
else
return memcpy(dstpp, srcpp, len);
}
+
+#else
+
+void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len)
+{
+ return memcpy(dstpp, srcpp, len);
+}
+
+#endif
--
1.8.3.1

188
0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch
View File

@ -1,188 +0,0 @@
From 8c4f478b1e8965e592467be92d042c8b00c8c426 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:14:03 +0800
Subject: sm2: bugfix about segfault in sm2 ctrl function
When there is no available instance of hpre device, the sm2_init()
in uadk_engine will failed, the setting of sched_init() will failed,
so sched_init() will be NULL. If the sm2_ctrl() function still call
the sm2_update_sess() in this situation, and make wd_ecc_alloc_sess()
to call sched_init(), there will be a segfault.
The solution is to modify the status field of sm2_ctx, make the
variable 'init_status' to indicate the status of init operation:
'CTX_UNINIT' indicates the init operation has not been performed,
'CTX_INIT_SUCC' indicates the init operation has been succeeded,
'CTX_INIT_FAIL' indicates the init operation has been failed.
The sm2_update_sess() will only be called if the 'init_status' is
'CTX_INIT_SUCC'. Then there will be no segfault.
And when there is no available instance, it should switch to openssl
software method, so modify some return values to help finish this
process.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_sm2.c | 44 ++++++++++++++++++++++++++++++++------------
1 file changed, 32 insertions(+), 12 deletions(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index fcca9f2..8a9adca 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -25,6 +25,12 @@
#include "uadk.h"
#include "uadk_pkey.h"
+enum {
+ CTX_INIT_FAIL = -1,
+ CTX_UNINIT,
+ CTX_INIT_SUCC
+};
+
typedef struct {
/* Key and paramgen group */
EC_GROUP *gen_group;
@@ -43,7 +49,7 @@ struct sm2_ctx {
const BIGNUM *prikey;
const EC_POINT *pubkey;
BIGNUM *order;
- bool is_init;
+ int init_status;
};
typedef struct sm2_ciphertext {
@@ -165,6 +171,7 @@ static int sm2_update_sess(struct sm2_ctx *smctx)
memset(&setup, 0, sizeof(setup));
setup.alg = "sm2";
+
if (smctx->ctx.md) {
setup.hash.cb = compute_hash;
setup.hash.usr = (void *)smctx->ctx.md;
@@ -189,6 +196,7 @@ static int sm2_update_sess(struct sm2_ctx *smctx)
if (smctx->sess)
wd_ecc_free_sess(smctx->sess);
+
smctx->sess = sess;
smctx->prikey = NULL;
smctx->pubkey = NULL;
@@ -636,7 +644,7 @@ static int sm2_sign_check(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
if (!smctx || !smctx->sess) {
fprintf(stderr, "smctx or sess NULL\n");
- return -EINVAL;
+ return UADK_DO_SOFT;
}
if (sig_sz <= 0) {
@@ -676,7 +684,7 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
if (ret)
goto do_soft;
- if (!smctx->is_init) {
+ if (smctx->init_status != CTX_INIT_SUCC) {
ret = UADK_DO_SOFT;
goto do_soft;
}
@@ -744,6 +752,13 @@ static int sm2_verify_check(EVP_PKEY_CTX *ctx,
const unsigned char *tbs,
size_t tbslen)
{
+ struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx);
+
+ if (!smctx || !smctx->sess) {
+ fprintf(stderr, "smctx or sess NULL\n");
+ return UADK_DO_SOFT;
+ }
+
if (tbslen > SM2_KEY_BYTES)
return UADK_DO_SOFT;
@@ -772,7 +787,7 @@ static int sm2_verify(EVP_PKEY_CTX *ctx,
if (ret)
goto do_soft;
- if (!smctx->is_init) {
+ if (smctx->init_status != CTX_INIT_SUCC) {
ret = UADK_DO_SOFT;
goto do_soft;
}
@@ -853,7 +868,7 @@ static int sm2_encrypt_check(EVP_PKEY_CTX *ctx,
if (!smctx || !smctx->sess) {
fprintf(stderr, "smctx or sess NULL\n");
- return 0;
+ return UADK_DO_SOFT;
}
md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
@@ -897,7 +912,7 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx,
if (ret)
goto do_soft;
- if (!smctx->is_init) {
+ if (smctx->init_status != CTX_INIT_SUCC) {
ret = UADK_DO_SOFT;
goto do_soft;
}
@@ -953,7 +968,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx,
if (!smctx || !smctx->sess) {
fprintf(stderr, "smctx or sess NULL\n");
- return -EINVAL;
+ return UADK_DO_SOFT;
}
md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
@@ -1038,7 +1053,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
if (ret)
goto do_soft;
- if (!smctx->is_init) {
+ if (smctx->init_status != CTX_INIT_SUCC) {
ret = UADK_DO_SOFT;
goto do_soft;
}
@@ -1124,18 +1139,18 @@ static int sm2_init(EVP_PKEY_CTX *ctx)
ret = uadk_init_ecc();
if (ret) {
fprintf(stderr, "failed to uadk_init_ecc, ret = %d\n", ret);
- smctx->is_init = false;
+ smctx->init_status = CTX_INIT_FAIL;
goto end;
}
ret = sm2_update_sess(smctx);
if (ret) {
fprintf(stderr, "failed to update sess\n");
- smctx->is_init = false;
+ smctx->init_status = CTX_INIT_FAIL;
goto end;
}
- smctx->is_init = true;
+ smctx->init_status = CTX_INIT_SUCC;
end:
EVP_PKEY_CTX_set_data(ctx, smctx);
EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
@@ -1196,8 +1211,13 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
return 1;
case EVP_PKEY_CTRL_MD:
smctx->ctx.md = p2;
- if (sm2_update_sess(smctx))
+ if (smctx->init_status != CTX_INIT_SUCC)
+ return 1;
+
+ if (sm2_update_sess(smctx)) {
+ fprintf(stderr, "failed to set MD\n");
return 0;
+ }
return 1;
case EVP_PKEY_CTRL_GET_MD:
*(const EVP_MD **)p2 = smctx->ctx.md;
--
1.8.3.1

142
0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch
View File

@ -1,142 +0,0 @@
From e34a0bb0cc5c381f45877e05d927fd4bc5dc98f6 Mon Sep 17 00:00:00 2001
From: Hao Fang <fanghao11@huawei.com>
Date: Sat, 22 Oct 2022 15:27:20 +0800
Subject: uadk_engine: use HW_V2/HW_V3 to distinguish different hardware
platforms
Hardware version numbers are used to distinguish different hardware.
Signed-off-by: Hao Fang <fanghao11@huawei.com>
Tested-by: Junchong Pan <panjunchong@hisilicon.com>
---
src/uadk.h | 4 ++--
src/uadk_cipher.c | 22 +++++++++++-----------
test/sanity_test.sh | 8 ++++----
3 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h
index cd3447c..99c65c7 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -27,8 +27,8 @@
#define ENGINE_RECV_MAX_CNT 60000000
enum {
- KUNPENG920,
- KUNPENG930,
+ HW_V2,
+ HW_V3,
};
extern const char *engine_uadk_id;
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index c5bc7af..c6878c3 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -77,7 +77,7 @@ static int platform;
#define SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT 192
-static int cipher_920_nids[] = {
+static int cipher_hw_v2_nids[] = {
NID_aes_128_cbc,
NID_aes_192_cbc,
NID_aes_256_cbc,
@@ -93,7 +93,7 @@ static int cipher_920_nids[] = {
0,
};
-static int cipher_930_nids[] = {
+static int cipher_hw_v3_nids[] = {
NID_aes_128_cbc,
NID_aes_192_cbc,
NID_aes_256_cbc,
@@ -342,9 +342,9 @@ static int uadk_get_accel_platform(char *alg_name)
return 0;
if (!strcmp(dev->api, "hisi_qm_v2"))
- platform = KUNPENG920;
+ platform = HW_V2;
else
- platform = KUNPENG930;
+ platform = HW_V3;
free(dev);
return 1;
@@ -358,12 +358,12 @@ static int uadk_e_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
int size;
int i;
- if (platform == KUNPENG920) {
- size = (sizeof(cipher_920_nids) - 1) / sizeof(int);
- cipher_nids = cipher_920_nids;
+ if (platform == HW_V2) {
+ size = (sizeof(cipher_hw_v2_nids) - 1) / sizeof(int);
+ cipher_nids = cipher_hw_v2_nids;
} else {
- size = (sizeof(cipher_930_nids) - 1) / sizeof(int);
- cipher_nids = cipher_930_nids;
+ size = (sizeof(cipher_hw_v3_nids) - 1) / sizeof(int);
+ cipher_nids = cipher_hw_v3_nids;
}
if (!cipher) {
@@ -1073,7 +1073,7 @@ int uadk_e_bind_cipher(ENGINE *e)
}
bind_v2_cipher();
- if (platform > KUNPENG920)
+ if (platform > HW_V2)
bind_v3_cipher();
return ENGINE_set_ciphers(e, uadk_e_engine_ciphers);
@@ -1155,7 +1155,7 @@ void uadk_e_destroy_cipher(void)
pthread_spin_destroy(&engine.lock);
destroy_v2_cipher();
- if (platform > KUNPENG920)
+ if (platform > HW_V2)
destroy_v3_cipher();
}
diff --git a/test/sanity_test.sh b/test/sanity_test.sh
index 2c0c504..bdedc15 100755
--- a/test/sanity_test.sh
+++ b/test/sanity_test.sh
@@ -103,7 +103,7 @@ if [[ $algs =~ "RSA" ]]; then
openssl speed -elapsed -engine $engine_id -async_jobs 1 rsa4096
fi
-#ecdsa only supported in Kunpeng930 or later
+#ecdsa only supported in HW_V3 or later
if [[ $algs =~ "id-ecPublicKey" ]]; then
echo "testing ECDSA"
openssl speed -elapsed -engine $engine_id ecdsap224
@@ -116,21 +116,21 @@ if [[ $algs =~ "id-ecPublicKey" ]]; then
openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdsap521
fi
-#X25519 only supported in Kunpeng930 or later
+#X25519 only supported in HW_V3 or later
if [[ $algs =~ "X25519" ]]; then
echo "testing X25519"
openssl speed -elapsed -engine $engine_id ecdhx25519
openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhx25519
fi
-#X448 only supported in Kunpeng930 or later
+#X448 only supported in HW_V3 or later
if [[ $algs =~ "X448" ]]; then
echo "testing X448"
openssl speed -elapsed -engine $engine_id ecdhx448
openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhx448
fi
-#ecdh only supported in Kunpeng930 or later
+#ecdh only supported in HW_V3 or later
if [[ $algs =~ "id-ecPublicKey" ]]; then
echo "testing ECDH"
openssl speed -elapsed -engine $engine_id ecdhp192
--
1.8.3.1

73
0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch
View File

@ -1,73 +0,0 @@
From 01580bb856fe7a2206990954b38d8213efd06098 Mon Sep 17 00:00:00 2001
From: Longfang Liu <liulongfang@huawei.com>
Date: Sat, 22 Oct 2022 15:31:24 +0800
Subject: uadk/engine: update the numa parameter of the scheduler
In the scenario where multiple devices are enabled at the
same time through environment variables, fixing a numa id
will make other devices unusable. When using the default
numa parameter, the scheduler will automatically allocate
device resources according to the CPU id of the thread,
so as to realize all devices.
Signed-off-by: Longfang Liu <liulongfang@huawei.com>
---
src/uadk_cipher.c | 4 ++--
src/uadk_digest.c | 3 ++-
src/uadk_rsa.c | 4 +++-
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index c6878c3..8e8c5f3 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -469,7 +469,6 @@ static handle_t sched_single_init(handle_t h_sched_ctx, void *sched_param)
return (handle_t)0;
}
- skey->numa_id = param->numa_id;
skey->type = param->type;
return (handle_t)skey;
@@ -881,7 +880,8 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
if (ret)
params.type = 0;
- params.numa_id = engine.numa_id;
+ /* Use the default numa parameters */
+ params.numa_id = -1;
priv->setup.sched_param = &params;
if (!priv->sess) {
priv->sess = wd_cipher_alloc_sess(&priv->setup);
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 63887e7..8370490 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -523,7 +523,8 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
return 0;
}
- params.numa_id = engine.numa_id;
+ /* Use the default numa parameters */
+ params.numa_id = -1;
priv->setup.sched_param = &params;
priv->sess = wd_digest_alloc_sess(&priv->setup);
if (unlikely(!priv->sess))
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index ef1739d..74852e7 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -881,7 +881,9 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
rsa_sess->key_size = key_size;
rsa_sess->setup.key_bits = key_size << BIT_BYTES_SHIFT;
- params.numa_id = g_rsa_res.numa_id;
+
+ /* Use the default numa parameters */
+ params.numa_id = -1;
rsa_sess->setup.sched_param = &params;
rsa_sess->setup.is_crt = is_crt;
--
1.8.3.1

205
0063-uadk_engine-bugfix-side-effects-of-right-operand.patch
View File

@ -1,205 +0,0 @@
From 5b59c17f84d5a1f6e7c996a499f5a70059d89ee7 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:35:17 +0800
Subject: uadk_engine: bugfix side effects of right operand
The right operand of while condition may contains side effects,
variables change "rx_cnt++". Move 'rx_cnt++' from condition
to statement.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_cipher.c | 13 ++++++++-----
src/uadk_dh.c | 18 +++++++++++-------
src/uadk_digest.c | 13 ++++++++-----
src/uadk_pkey.c | 13 ++++++++-----
src/uadk_rsa.c | 14 +++++++++-----
5 files changed, 44 insertions(+), 27 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 8e8c5f3..9d4f692 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -516,11 +516,13 @@ static int uadk_e_cipher_poll(void *ctx)
do {
ret = wd_cipher_poll_ctx(idx, expt, &recv);
- if (recv == expt)
+ if (!ret && recv == expt)
return 0;
- else if (ret < 0 && ret != -EAGAIN)
- return ret;
- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ else if (ret == -EAGAIN)
+ rx_cnt++;
+ else
+ return -1;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -539,7 +541,8 @@ static int uadk_e_cipher_env_poll(void *ctx)
ret = wd_cipher_poll(expt, &recv);
if (ret < 0 || recv == expt)
return ret;
- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 37f84e9..2af2455 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -48,6 +48,7 @@
#define UADK_E_SUCCESS 1
#define UADK_E_FAIL 0
#define UADK_E_POLL_SUCCESS 0
+#define UADK_E_POLL_FAIL (-1)
#define UADK_E_INIT_SUCCESS 0
#define ENV_ENABLED 1
@@ -206,17 +207,19 @@ static int uadk_e_dh_poll(void *ctx)
{
__u64 rx_cnt = 0;
__u32 recv = 0;
- int expect = 1;
+ int expt = 1;
int idx = 1;
int ret;
do {
- ret = wd_dh_poll_ctx(idx, expect, &recv);
- if (recv == expect)
+ ret = wd_dh_poll_ctx(idx, expt, &recv);
+ if (!ret && recv == expt)
return UADK_E_POLL_SUCCESS;
- else if (ret < 0 && ret != -EAGAIN)
- return ret;
- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ else if (ret == -EAGAIN)
+ rx_cnt++;
+ else
+ return UADK_E_POLL_FAIL;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -283,7 +286,8 @@ static int uadk_e_dh_env_poll(void *ctx)
ret = wd_dh_poll(expt, &recv);
if (ret < 0 || recv == expt)
return ret;
- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 8370490..9568a98 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -343,11 +343,13 @@ static int uadk_e_digest_poll(void *ctx)
do {
ret = wd_digest_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv == expt)
+ if (!ret && recv == expt)
return 0;
- else if (ret < 0 && ret != -EAGAIN)
- return ret;
- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ else if (ret == -EAGAIN)
+ rx_cnt++;
+ else
+ return -1;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -366,7 +368,8 @@ static int uadk_e_digest_env_poll(void *ctx)
ret = wd_digest_poll(expt, &recv);
if (ret < 0 || recv == expt)
return ret;
- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 211f1cc..6920cff 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -110,11 +110,13 @@ static int uadk_ecc_poll(void *ctx)
do {
ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv == expt)
+ if (!ret && recv == expt)
return 0;
- else if (ret < 0 && ret != -EAGAIN)
- return ret;
- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ else if (ret == -EAGAIN)
+ rx_cnt++;
+ else
+ return -1;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -153,7 +155,8 @@ static int uadk_e_ecc_env_poll(void *ctx)
ret = wd_ecc_poll(expt, &recv);
if (ret < 0 || recv == expt)
return ret;
- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 74852e7..bcdd6bc 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -48,6 +48,7 @@
#define UADK_E_FAIL 0
#define UADK_DO_SOFT (-0xE0)
#define UADK_E_POLL_SUCCESS 0
+#define UADK_E_POLL_FAIL (-1)
#define UADK_E_INIT_SUCCESS 0
#define CHECK_PADDING_FAIL (-1)
#define ENV_ENABLED 1
@@ -664,11 +665,13 @@ static int uadk_e_rsa_poll(void *ctx)
do {
ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv == expt)
+ if (!ret && recv == expt)
return UADK_E_POLL_SUCCESS;
- else if (ret < 0 && ret != -EAGAIN)
- return ret;
- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ else if (ret == -EAGAIN)
+ rx_cnt++;
+ else
+ return UADK_E_POLL_FAIL;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -700,7 +703,8 @@ static int uadk_e_rsa_env_poll(void *ctx)
ret = wd_rsa_poll(expt, &recv);
if (ret < 0 || recv == expt)
return ret;
- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
--
1.8.3.1

118
0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch
View File

@ -1,118 +0,0 @@
From f17c89d7d27b3a728232c7e641c2978db238a2f3 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:37:45 +0800
Subject: uadk_engine: cleanup static check warning of clangtidy tool
Cleanup the following warning:
1. Parameters of function should not be used as working
variable.
2. Cleanup uninitialized value.
3. Storage class should be specified after a type.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/e_uadk.c | 6 ++----
src/uadk_cipher.c | 9 +++++----
src/uadk_ec.c | 5 +++--
src/uadk_rsa.c | 16 ++++++++--------
4 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 77612d7..21ceb86 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -89,13 +89,11 @@ static const ENGINE_CMD_DEFN g_uadk_cmd_defns[] = {
}
};
-__attribute__((constructor))
-static void uadk_constructor(void)
+static void __attribute__((constructor)) uadk_constructor(void)
{
}
-__attribute__((destructor))
-static void uadk_destructor(void)
+static void __attribute__((destructor)) uadk_destructor(void)
{
}
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 9d4f692..14e2af2 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -749,17 +749,18 @@ static void ctr_iv_inc(uint8_t *counter, __u32 c)
{
uint32_t n = CTR_128BIT_COUNTER;
uint8_t *counter1 = counter;
+ __u32 c_value = c;
/*
* Since the counter has been increased 1 by the hardware,
* so the c need to decrease 1.
*/
- c = c - 1;
+ c_value -= 1;
do {
--n;
- c += counter1[n];
- counter1[n] = (uint8_t)c;
- c >>= BYTE_BITS;
+ c_value += counter1[n];
+ counter1[n] = (uint8_t)c_value;
+ c_value >>= BYTE_BITS;
} while (n);
}
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 37683cd..247b875 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -72,14 +72,15 @@ static void init_dtb_param(void *dtb, char *start,
__u32 dsz, __u32 bsz, __u32 num)
{
struct wd_dtb *tmp = dtb;
+ char *buff = start;
int i = 0;
while (i++ < num) {
- tmp->data = start;
+ tmp->data = buff;
tmp->dsize = dsz;
tmp->bsize = bsz;
tmp += 1;
- start += bsz;
+ buff += bsz;
}
}
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index bcdd6bc..7d25338 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -932,14 +932,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,
struct rsa_prikey_param *pri,
unsigned char *in_buf, unsigned char *to)
{
- struct wd_rsa_prikey *prikey;
- struct wd_dtb *wd_dq;
- struct wd_dtb *wd_dp;
- struct wd_dtb *wd_q;
- struct wd_dtb *wd_p;
- struct wd_dtb *wd_qinv;
- struct wd_dtb *wd_d;
- struct wd_dtb *wd_n;
+ struct wd_rsa_prikey *prikey = NULL;
+ struct wd_dtb *wd_qinv = NULL;
+ struct wd_dtb *wd_dq = NULL;
+ struct wd_dtb *wd_dp = NULL;
+ struct wd_dtb *wd_q = NULL;
+ struct wd_dtb *wd_p = NULL;
+ struct wd_dtb *wd_d = NULL;
+ struct wd_dtb *wd_n = NULL;
if (!(rsa_sess->is_prikey_ready) && (pri->is_crt)) {
wd_rsa_get_prikey(rsa_sess->sess, &prikey);
--
1.8.3.1

38
0065-uadk_engine-bugfix-enable-environment-variable.patch
View File

@ -1,38 +0,0 @@
From 7ef97aab7a5cd964241fe9879588ceb54a547003 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:53:53 +0800
Subject: uadk_engine: bugfix enable environment variable
When the 'alg_name' set by the user is valid, the 'env_enabled'
field should be set or returned.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/e_uadk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 21ceb86..0a9e3e6 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -116,7 +116,7 @@ int uadk_e_is_env_enabled(const char *alg_name)
int i = 0;
while (i < len) {
- if (strcmp(uadk_env_enabled[i].alg_name, alg_name))
+ if (!strcmp(uadk_env_enabled[i].alg_name, alg_name))
return uadk_env_enabled[i].env_enabled;
i++;
}
@@ -130,7 +130,7 @@ static void uadk_e_set_env_enabled(const char *alg_name, __u8 value)
int i = 0;
while (i < len) {
- if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) {
+ if (!strcmp(uadk_env_enabled[i].alg_name, alg_name)) {
uadk_env_enabled[i].env_enabled = value;
return;
}
--
1.8.3.1

537
0066-uadk_engine-cleanup-magic-number-and-comments.patch
View File

@ -1,537 +0,0 @@
From 20049f2becb9cc339276d4839f6d9f909273f5a5 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:54:51 +0800
Subject: uadk_engine: cleanup magic number and comments
Use macros to replace magic numbers and related operations.
Simplify code comments and unify style.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_cipher.c | 4 +---
src/uadk_dh.c | 5 ++---
src/uadk_digest.c | 2 +-
src/uadk_ec.c | 51 ++++++++++++++++++++++++++-------------------------
src/uadk_ecx.c | 40 +++++++++++++++++++++++-----------------
src/uadk_pkey.c | 9 ++++-----
src/uadk_pkey.h | 6 +++++-
src/uadk_rsa.c | 25 ++++++++++---------------
src/uadk_sm2.c | 23 ++++++++++++-----------
9 files changed, 84 insertions(+), 81 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 14e2af2..de5f078 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -480,13 +480,11 @@ static __u32 sched_single_pick_next_ctx(handle_t sched_ctx,
struct sched_params *key = (struct sched_params *)sched_key;
if (sched_mode) {
- /* async */
if (key->type == WD_CIPHER_ENCRYPTION)
return CTX_ASYNC_ENC;
else
return CTX_ASYNC_DEC;
} else {
- /* sync */
if (key->type == WD_CIPHER_ENCRYPTION)
return CTX_SYNC_ENC;
else
@@ -744,7 +742,7 @@ static void async_cb(struct wd_cipher_req *req, void *data)
}
}
-/* increment counter (128-bit int) by c */
+/* Increment counter (128-bit int) by c */
static void ctr_iv_inc(uint8_t *counter, __u32 c)
{
uint32_t n = CTR_128BIT_COUNTER;
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 2af2455..6356872 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -603,7 +603,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p,
if (!ag_bin)
return UADK_E_FAIL;
- /* malloc a contiguous chunk of memory */
+ /* Malloc a contiguous chunk of memory */
apriv_key_bin = OPENSSL_malloc(key_size * DH_PARAMS_CNT);
if (!apriv_key_bin)
goto free_ag;
@@ -615,7 +615,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p,
memset(ap_bin, 0, key_size);
memset(out_pri, 0, key_size);
- /* construct data block of g */
+ /* Construct data block of g */
ret = dh_set_g(g, key_size, ag_bin, dh_sess);
if (!ret)
goto free_apriv;
@@ -623,7 +623,6 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p,
dh_sess->req.xbytes = BN_bn2bin(priv_key, apriv_key_bin);
dh_sess->req.pbytes = BN_bn2bin(p, ap_bin);
dh_sess->req.x_p = (void *)apriv_key_bin;
- /* the output from uadk */
dh_sess->req.pri = out_pri;
dh_sess->req.pri_bytes = key_size;
dh_sess->req.op_type = WD_DH_PHASE1;
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 9568a98..9d009a9 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -71,7 +71,7 @@ static struct digest_engine engine;
struct evp_md_ctx_st {
const EVP_MD *digest;
- /* functional reference if 'digest' is ENGINE-provided */
+ /* Functional reference if 'digest' is ENGINE-provided */
ENGINE *engine;
unsigned long flags;
void *md_data;
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 247b875..9b48ae7 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -27,23 +27,23 @@
#include "uadk.h"
#define ECC128BITS 128
-#define ECC192BITS 192
-#define ECC224BITS 224
-#define ECC256BITS 256
-#define ECC320BITS 320
-#define ECC384BITS 384
-#define ECC521BITS 521
+#define ECC192BITS 192
+#define ECC224BITS 224
+#define ECC256BITS 256
+#define ECC320BITS 320
+#define ECC384BITS 384
+#define ECC521BITS 521
struct curve_param {
- /* prime */
+ /* Prime */
BIGNUM *p;
- /* ecc coefficient 'a' */
+ /* ECC coefficient 'a' */
BIGNUM *a;
- /* ecc coefficient 'b' */
+ /* ECC coefficient 'b' */
BIGNUM *b;
- /* base point */
+ /* Base point */
const EC_POINT *g;
- /* order of base point */
+ /* Order of base point */
const BIGNUM *order;
};
@@ -176,7 +176,6 @@ free_ctx:
static int get_smallest_hw_keybits(int bits)
{
- /* ec curve order width */
if (bits > ECC384BITS)
return ECC521BITS;
else if (bits > ECC320BITS)
@@ -283,7 +282,7 @@ static int eckey_check(const EC_KEY *eckey)
return -1;
}
- /* field GF(2m) is not supported by uadk */
+ /* Field GF(2m) is not supported by uadk */
if (!uadk_prime_field(group))
return UADK_DO_SOFT;
@@ -336,22 +335,25 @@ static int set_digest(handle_t sess, struct wd_dtb *e,
unsigned int dlen = sdgst->dsize;
BIGNUM *m;
- if (dlen << UADK_BITS_2_BYTES_SHIFT > order_bits) {
+ if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits) {
m = BN_new();
/* Need to truncate digest if it is too long: first truncate
* whole bytes
*/
- dlen = (order_bits + 7) >> UADK_BITS_2_BYTES_SHIFT;
+ dlen = BITS_TO_BYTES(order_bits);
if (!BN_bin2bn(dgst, dlen, m)) {
fprintf(stderr, "failed to BN_bin2bn digest\n");
BN_free(m);
return -1;
}
- /* If still too long, truncate remaining bits with a shift */
- if (dlen << UADK_BITS_2_BYTES_SHIFT > order_bits &&
- !BN_rshift(m, m, 8 - (order_bits & 0x7))) {
+ /* If the length of digest is still longer than the length
+ * of the base point order, truncate remaining bits with a
+ * shift to that length
+ */
+ if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits &&
+ !BN_rshift(m, m, DGST_SHIFT_NUM(order_bits))) {
fprintf(stderr, "failed to truncate input digest\n");
BN_free(m);
return -1;
@@ -743,7 +745,7 @@ err:
static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req)
{
- unsigned char buff[SM2_KEY_BYTES * 2 + 1] = {UADK_OCTET_STRING};
+ unsigned char buff[ECC_POINT_SIZE(SM2_KEY_BYTES) + 1] = {UADK_OCTET_STRING};
struct wd_ecc_point *pubkey = NULL;
struct wd_dtb *privkey = NULL;
const EC_GROUP *group;
@@ -768,8 +770,8 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req)
return -ENOMEM;
}
- memcpy(buff + 1, pubkey->x.data, SM2_KEY_BYTES * 2);
- tmp = BN_bin2bn(buff, SM2_KEY_BYTES * 2 + 1, NULL);
+ memcpy(buff + 1, pubkey->x.data, ECC_POINT_SIZE(SM2_KEY_BYTES));
+ tmp = BN_bin2bn(buff, ECC_POINT_SIZE(SM2_KEY_BYTES) + 1, NULL);
ptr = EC_POINT_bn2point(group, tmp, point, NULL);
BN_free(tmp);
if (!ptr) {
@@ -1029,7 +1031,7 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req,
in_pkey.x.dsize = BN_bn2bin(pkey_x, (unsigned char *)in_pkey.x.data);
in_pkey.y.dsize = BN_bn2bin(pkey_y, (unsigned char *)in_pkey.y.data);
- /* set public key */
+ /* Set public key */
ecdh_in = wd_ecxdh_new_in(sess, &in_pkey);
if (!ecdh_in) {
fprintf(stderr, "failed to new ecxdh in\n");
@@ -1075,7 +1077,7 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req)
}
key_size_std = (unsigned int)(EC_GROUP_get_degree(group) +
- UADK_ECC_PADDING) >> UADK_BITS_2_BYTES_SHIFT;
+ UADK_ECC_PADDING) >> TRANS_BITS_BYTES_SHIFT;
key_size_x = pubkey->x.dsize;
key_size_y = pubkey->y.dsize;
if ((key_size_x > key_size_std) || (key_size_y > key_size_std)) {
@@ -1088,9 +1090,8 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req)
* tag - 1 byte
* point_x - [key_size_std] bytes
* point_y - [key_size_std] bytes
- * so the malloc size is: key_size_std * 2 + 1
*/
- buff_size = key_size_std * 2 + 1;
+ buff_size = ECC_POINT_SIZE(key_size_std) + 1;
x_shift = key_size_std - key_size_x + 1;
y_shift = buff_size - key_size_y;
buff = (unsigned char *)OPENSSL_malloc(buff_size);
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index df23156..67042a3 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -295,33 +295,39 @@ static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx,
memcpy(ecx_key->pubkey, (const unsigned char *)pubkey->x.data,
key_size);
- /* trans public key from big-endian to little-endian */
+ /* Trans public key from big-endian to little-endian */
ret = reverse_bytes(ecx_key->pubkey, key_size);
if (!ret) {
fprintf(stderr, "failed to trans public key\n");
return UADK_E_FAIL;
}
- /* trans private key from big-endian to little-endian */
+ /* Trans private key from big-endian to little-endian */
ret = reverse_bytes(ecx_key->privkey, key_size);
if (!ret) {
fprintf(stderr, "failed to trans private key\n");
return UADK_E_FAIL;
}
/*
- * This is a pretreatment of X25519/X448, as described in RFC 7748:
- * For X25519, in order to decode 32 random bytes as an integer
- * scaler, set the three LSB of the first byte and MSB of the last
- * to zero, set the second MSB of the last byte to 1.
- * For X448, set the two LSB of the first byte to 0, and MSB of the
- * last byte to 1. Decode in little-endian mode.
+ * This is a pretreatment of X25519/X448 described in RFC 7748.
+ * In order to decode the random bytes as an integer scaler, there
+ * are some special data processing. And use little-endian mode for
+ * decoding.
*/
if (ecx_ctx->nid == EVP_PKEY_X25519) {
- ecx_key->privkey[0] &= 248;
- ecx_key->privkey[X25519_KEYLEN - 1] &= 127;
- ecx_key->privkey[X25519_KEYLEN - 1] |= 64;
+ /* Set the three LSB of the first byte to 0 */
+ ecx_key->privkey[0] &= 0xF8;
+
+ /* Set the MSB of the last byte to 0 */
+ ecx_key->privkey[X25519_KEYLEN - 1] &= 0x7F;
+
+ /* Set the second MSB of the last byte to 1 */
+ ecx_key->privkey[X25519_KEYLEN - 1] |= 0x40;
} else if (ecx_ctx->nid == EVP_PKEY_X448) {
- ecx_key->privkey[0] &= 252;
- ecx_key->privkey[X448_KEYLEN - 1] |= 128;
+ /* Set the two LSB of the first byte to 0 */
+ ecx_key->privkey[0] &= 0xFC;
+
+ /* Set the MSB of the last byte to 1 */
+ ecx_key->privkey[X448_KEYLEN - 1] |= 0x80;
}
ret = EVP_PKEY_assign(pkey, ecx_ctx->nid, ecx_key);
@@ -494,7 +500,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req,
struct wd_ecc_in *ecx_in;
int ret;
- /* trans public key from little-endian to big-endian */
+ /* Trans public key from little-endian to big-endian */
ret = reverse_bytes(peer_ecx_key->pubkey, key_size);
if(!ret) {
fprintf(stderr, "failed to trans public key\n");
@@ -521,7 +527,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req,
uadk_ecc_fill_req(req, WD_ECXDH_COMPUTE_KEY, ecx_in, ecx_out);
- /* trans public key from big-endian to little-endian */
+ /* Trans public key from big-endian to little-endian */
ret = reverse_bytes(peer_ecx_key->pubkey, key_size);
if (!ret) {
fprintf(stderr, "failed to trans public key\n");
@@ -553,7 +559,7 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx,
struct wd_dtb prikey;
int ret;
- /* trans private key from little-endian to big-endian */
+ /* Trans private key from little-endian to big-endian */
ret = reverse_bytes(ecx_key->privkey, key_size);
if (!ret) {
fprintf(stderr, "failed to trans private key\n");
@@ -569,7 +575,7 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx,
return UADK_E_FAIL;
}
- /* trans private key from big-endian to little-endian */
+ /* Trans private key from big-endian to little-endian */
ret = reverse_bytes(ecx_key->privkey, key_size);
if (!ret) {
fprintf(stderr, "failed to trans private key\n");
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 6920cff..6b5ae9a 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -44,7 +44,7 @@ struct ecc_res_config {
int numa_id;
};
-/* ecc global hardware resource is saved here */
+/* ECC global hardware resource is saved here */
struct ecc_res {
struct wd_ctx_config *ctx_res;
int pid;
@@ -123,7 +123,7 @@ static int uadk_ecc_poll(void *ctx)
return -ETIMEDOUT;
}
-/* make resource configure static */
+/* Make resource configure static */
struct ecc_res_config ecc_res_config = {
.sched = {
.sched_type = -1,
@@ -234,7 +234,7 @@ static int uadk_wd_ecc_init(struct ecc_res_config *config)
struct uacce_dev *dev;
int ret;
- /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */
+ /* The ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */
dev = wd_get_accel_dev("ecdsa");
if (!dev)
return -ENOMEM;
@@ -396,8 +396,7 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey)
return -EINVAL;
}
- /* pad and convert bits to bytes */
- buflen = (EC_GROUP_get_degree(group) + 7) / 8;
+ buflen = BITS_TO_BYTES(EC_GROUP_get_degree(group));
ecc_key = wd_ecc_get_key(sess);
prikey.data = (void *)bin;
prikey.dsize = BN_bn2binpad(d, bin, buflen);
diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h
index b30c2de..6d1cc77 100644
--- a/src/uadk_pkey.h
+++ b/src/uadk_pkey.h
@@ -26,7 +26,6 @@
#define UADK_ECC_MAX_KEY_BITS 521
#define UADK_ECC_MAX_KEY_BYTES 66
#define UADK_ECC_CV_PARAM_NUM 6
-#define UADK_BITS_2_BYTES_SHIFT 3
#define SM2_KEY_BYTES 32
#define UADK_OCTET_STRING 4
#define UADK_ECC_PUBKEY_PARAM_NUM 2
@@ -34,6 +33,11 @@
#define UADK_ECDH_CV_NUM 8
#define ENV_ENABLED 1
#define UADK_E_INVALID (-2)
+#define TRANS_BITS_BYTES_SHIFT 3
+#define ECC_POINT_SIZE(n) ((n) * 2)
+#define GET_MS_BYTE(n) ((n) >> 8)
+#define GET_LS_BYTE(n) ((n) & 0xFF)
+#define DGST_SHIFT_NUM(n) (8 - ((n) & 0x7))
struct uadk_pkey_meth {
EVP_PKEY_METHOD *sm2;
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 7d25338..e9a2c53 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -52,6 +52,9 @@
#define UADK_E_INIT_SUCCESS 0
#define CHECK_PADDING_FAIL (-1)
#define ENV_ENABLED 1
+#define PRIME_RETRY_COUNT 4
+#define GENCB_NEXT 2
+#define GENCB_RETRY 3
static RSA_METHOD *rsa_hw_meth;
@@ -173,11 +176,7 @@ static int rsa_prime_mul_res(int num, struct rsa_prime_param *param,
if (!BN_mul(param->r1, param->rsa_p, param->rsa_q, ctx))
return BN_ERR;
} else {
- /*
- * Use the number 3 to indicate whether
- * the generator has been found.
- */
- if (!BN_GENCB_call(cb, 3, num))
+ if (!BN_GENCB_call(cb, GENCB_RETRY, num))
return BN_ERR;
return BN_CONTINUE;
}
@@ -228,14 +227,11 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
*bitse -= bitsr[*num];
else
return -1;
- /*
- * Use the number 2 to indicate whether
- * a prime has been found.
- */
- ret = BN_GENCB_call(cb, 2, *n++);
+
+ ret = BN_GENCB_call(cb, GENCB_NEXT, *n++);
if (!ret)
return -1;
- if (retries == 4) {
+ if (retries == PRIME_RETRY_COUNT) {
*num = -1;
*bitse = 0;
retries = 0;
@@ -244,8 +240,8 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
retries++;
return BN_REDO;
}
- /* Use the number 3 to indicate whether the generator has been found. */
- ret = BN_GENCB_call(cb, 3, *num);
+
+ ret = BN_GENCB_call(cb, GENCB_RETRY, *num);
if (!ret)
return BN_ERR;
retries = 0;
@@ -320,8 +316,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
else
return BN_ERR;
- /* Use the number 2 to indicate whether a prime has been found. */
- if (!BN_GENCB_call(cb, 2, *n++))
+ if (!BN_GENCB_call(cb, GENCB_NEXT, *n++))
return BN_ERR;
return GET_ERR_FINISH;
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 8a9adca..578d2d8 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -34,12 +34,12 @@ enum {
typedef struct {
/* Key and paramgen group */
EC_GROUP *gen_group;
- /* message digest */
+ /* Message digest */
const EVP_MD *md;
/* Distinguishing Identifier, ISO/IEC 15946-3 */
uint8_t *id;
size_t id_len;
- /* id_set indicates if the 'id' field is set (1) or not (0) */
+ /* Indicates if the 'id' field is set (1) or not (0) */
int id_set;
} SM2_PKEY_CTX;
@@ -557,8 +557,7 @@ static size_t ec_field_size(const EC_GROUP *group)
if (!EC_GROUP_get_curve(group, p, a, b, NULL))
goto done;
- /* Pad and convert bits to bytes */
- field_size = (BN_num_bits(p) + 7) / 8;
+ field_size = BITS_TO_BYTES(BN_num_bits(p));
done:
BN_free(p);
@@ -1172,7 +1171,7 @@ static int sm2_set_ctx_id(struct sm2_ctx *smctx, int p1, const void *p2)
OPENSSL_free(smctx->ctx.id);
smctx->ctx.id = tmp_id;
} else {
- /* set null-ID */
+ /* Set null-ID */
OPENSSL_free(smctx->ctx.id);
smctx->ctx.id = NULL;
}
@@ -1231,7 +1230,7 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
*(size_t *)p2 = smctx->ctx.id_len;
return 1;
case EVP_PKEY_CTRL_DIGESTINIT:
- /* nothing to be inited, this is to suppress the error... */
+ /* Nothing to be inited, for suppress the error */
return 1;
default:
fprintf(stderr, "sm2 ctrl type = %d error\n", type);
@@ -1323,20 +1322,22 @@ static int check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash,
}
/* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */
- if (id_len >= (UINT16_MAX / 8)) {
+ if (id_len >= (UINT16_MAX >> TRANS_BITS_BYTES_SHIFT)) {
fprintf(stderr, "id too large\n");
return 0;
}
- entl = (uint16_t)(8 * id_len);
+ entl = (uint16_t)(id_len << TRANS_BITS_BYTES_SHIFT);
- e_byte = entl >> 8;
+ /* Update the most significant (first) byte of 'entl' */
+ e_byte = GET_MS_BYTE(entl);
if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
fprintf(stderr, "error evp lib\n");
return 0;
}
- e_byte = entl & 0xFF;
+ /* Update the least significant (second) byte of 'entl' */
+ e_byte = GET_LS_BYTE(entl);
if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
fprintf(stderr, "error evp lib\n");
return 0;
@@ -1516,7 +1517,7 @@ static int sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
return 0;
}
- /* get hashed prefix 'z' of tbs message */
+ /* Get hashed prefix 'z' of tbs message */
if (!sm2_compute_z_digest(z, md, smctx->ctx.id, smctx->ctx.id_len, ec))
return 0;
--
1.8.3.1

250
0067-uadk_engine-cleanup-header-file.patch
View File

@ -1,250 +0,0 @@
From 1dd1503428df2b33f679f81b1541a4314fe0aa11 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:56:54 +0800
Subject: uadk_engine: cleanup header file
Remove redundant header file and modify magic number.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk.h | 3 ---
src/uadk_async.c | 1 +
src/uadk_async.h | 2 +-
src/uadk_cipher.c | 1 +
src/uadk_dh.c | 1 +
src/uadk_digest.c | 2 ++
src/uadk_ec.c | 1 +
src/uadk_ecx.c | 2 +-
src/uadk_pkey.c | 5 ++++-
src/uadk_rsa.c | 6 +++++-
src/uadk_sm2.c | 7 +++++--
11 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h
index 99c65c7..30c099f 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -18,9 +18,6 @@
#ifndef UADK_H
#define UADK_H
#include <openssl/engine.h>
-#include <uadk/wd.h>
-#include <uadk/wd_sched.h>
-#include "uadk_utils.h"
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
#define ENV_STRING_LEN 256
diff --git a/src/uadk_async.c b/src/uadk_async.c
index 3f2e1db..2edd6ea 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -20,6 +20,7 @@
#include <string.h>
#include <sys/eventfd.h>
#include <unistd.h>
+#include <openssl/async.h>
#include "uadk.h"
#include "uadk_async.h"
diff --git a/src/uadk_async.h b/src/uadk_async.h
index 9bae3f4..8a4822e 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -19,8 +19,8 @@
#define UADK_ASYNC_H
#include <stdbool.h>
-#include <openssl/async.h>
#include <semaphore.h>
+#include <openssl/async.h>
#define ASYNC_QUEUE_TASK_NUM 1024
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index de5f078..cc06429 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -22,6 +22,7 @@
#include <dlfcn.h>
#include <openssl/engine.h>
#include <uadk/wd_cipher.h>
+#include <uadk/wd_sched.h>
#include "uadk.h"
#include "uadk_async.h"
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 6356872..680564c 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -23,6 +23,7 @@
#include <openssl/dh.h>
#include <string.h>
#include <uadk/wd_dh.h>
+#include <uadk/wd_sched.h>
#include "uadk.h"
#include "uadk_async.h"
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 9d009a9..26a6272 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -25,8 +25,10 @@
#include <openssl/evp.h>
#include <uadk/wd_cipher.h>
#include <uadk/wd_digest.h>
+#include <uadk/wd_sched.h>
#include "uadk.h"
#include "uadk_async.h"
+#include "uadk_utils.h"
#define UADK_DO_SOFT (-0xE0)
#define CTX_SYNC 0
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 9b48ae7..6106083 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -23,6 +23,7 @@
#include <openssl/err.h>
#include <openssl/ec.h>
#include <uadk/wd_ecc.h>
+#include <uadk/wd_sched.h>
#include "uadk_pkey.h"
#include "uadk.h"
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 67042a3..b62f81d 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -14,7 +14,6 @@
* limitations under the License.
*
*/
-#include <errno.h>
#include <string.h>
#include <openssl/bn.h>
#include <openssl/engine.h>
@@ -24,6 +23,7 @@
#include <openssl/ec.h>
#include <openssl/evp.h>
#include <uadk/wd_ecc.h>
+#include <uadk/wd_sched.h>
#include "uadk_pkey.h"
#include "uadk.h"
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 6b5ae9a..7b7a345 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -17,6 +17,7 @@
#include <openssl/engine.h>
#include <uadk/wd.h>
#include <uadk/wd_ecc.h>
+#include <uadk/wd_sched.h>
#include "uadk_async.h"
#include "uadk.h"
#include "uadk_pkey.h"
@@ -381,6 +382,7 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey)
const EC_GROUP *group;
struct wd_dtb prikey;
const BIGNUM *d;
+ size_t degree;
int buflen;
int ret;
@@ -396,7 +398,8 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey)
return -EINVAL;
}
- buflen = BITS_TO_BYTES(EC_GROUP_get_degree(group));
+ degree = EC_GROUP_get_degree(group);
+ buflen = BITS_TO_BYTES(degree);
ecc_key = wd_ecc_get_key(sess);
prikey.data = (void *)bin;
prikey.dsize = BN_bn2binpad(d, bin, buflen);
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index e9a2c53..96c898f 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -20,6 +20,7 @@
#include <openssl/ossl_typ.h>
#include <openssl/rsa.h>
#include <uadk/wd_rsa.h>
+#include <uadk/wd_sched.h>
#include "uadk_async.h"
#include "uadk.h"
@@ -55,6 +56,7 @@
#define PRIME_RETRY_COUNT 4
#define GENCB_NEXT 2
#define GENCB_RETRY 3
+#define PRIME_CHECK_BIT_NUM 4
static RSA_METHOD *rsa_hw_meth;
@@ -210,7 +212,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
* key by using the modulus in a certificate. This is also covered
* by checking the length should not be less than 0x9.
*/
- if (!BN_rshift(param->r2, param->r1, *bitse - 4))
+ if (!BN_rshift(param->r2, param->r1, *bitse - PRIME_CHECK_BIT_NUM))
return BN_ERR;
bitst = BN_get_word(param->r2);
@@ -231,6 +233,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
ret = BN_GENCB_call(cb, GENCB_NEXT, *n++);
if (!ret)
return -1;
+
if (retries == PRIME_RETRY_COUNT) {
*num = -1;
*bitse = 0;
@@ -288,6 +291,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb)
{
unsigned long err;
+
/*
* BN_sub(r,a,b) substracts b from a and place the result in r,
* r = a-b.
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 578d2d8..b14fbcf 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -22,6 +22,7 @@
#include <openssl/ossl_typ.h>
#include <openssl/err.h>
#include <uadk/wd_ecc.h>
+#include <uadk/wd_sched.h>
#include "uadk.h"
#include "uadk_pkey.h"
@@ -550,6 +551,7 @@ static size_t ec_field_size(const EC_GROUP *group)
BIGNUM *a = BN_new();
BIGNUM *b = BN_new();
size_t field_size = 0;
+ size_t p_bits;
if (p == NULL || a == NULL || b == NULL)
goto done;
@@ -557,7 +559,8 @@ static size_t ec_field_size(const EC_GROUP *group)
if (!EC_GROUP_get_curve(group, p, a, b, NULL))
goto done;
- field_size = BITS_TO_BYTES(BN_num_bits(p));
+ p_bits = BN_num_bits(p);
+ field_size = BITS_TO_BYTES(p_bits);
done:
BN_free(p);
@@ -598,7 +601,7 @@ static int sm2_ciphertext_size(const EC_KEY *key,
* Integer and string are simple type; set constructed = 0, means
* primitive and definite length encoding.
*/
- sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER)
+ sz = ECC_POINT_SIZE(ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER))
+ ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING)
+ ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING);
*ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE);
--
1.8.3.1

BIN
openssl.tar.gz Normal file
View File

Binary file not shown.

BIN
uadk_engine-1.0.0.tar.gz
View File

Binary file not shown.

BIN
uadk_engine-1.5.0.tar.gz Normal file
View File

Binary file not shown.

163
uadk_engine.spec
View File

@ -1,9 +1,8 @@
%global debug_package %{nil}
%define soversion 1
Name: uadk_engine
Summary: UADK Accelerator Engine
Version: 1.0.0
Release: 9
Version: 1.5.0
Release: 1
License: Apache-2.0
Source: %{name}-%{version}.tar.gz
ExclusiveOS: linux
@ -11,133 +10,103 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-root
Prefix: /usr/local/lib/engines-1.1
Conflicts: %{name} < %{version}-%{release}
Provides: %{name} = %{version}-%{release}
BuildRequires: libwd >= 2.3.21
BuildRequires: compat-openssl11-devel sed autoconf automake libtool
BuildRequires: libwd >= 2.6.0
BuildRequires: compat-openssl11-libs openssl-devel sed autoconf automake libtool numactl-devel
ExclusiveArch: aarch64
Patch0001: 0001-digest-support-digest-multiple-update.patch
Patch0002: 0002-uadk_engine-define-the-variable-as-const.patch
Patch0003: 0003-ecc-fix-codecheck-warning.patch
Patch0004: 0004-rsa-delete-redundant-copy.patch
Patch0005: 0005-rsa-fix-coverity-warning.patch
Patch0006: 0006-ecc-cleanup-duplicate-public-key-allocation.patch
Patch0007: 0007-rsa-cleanup-about-reducing-function-parameters.patch
Patch0008: 0008-ecc-cleanup-sm2-compute-digest-function.patch
Patch0009: 0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch
Patch0010: 0010-rsa-cleanup-about-prime-generation.patch
Patch0011: 0011-ecc-cleanup-the-form-of-the-return-value.patch
Patch0012: 0012-engine-fix-uadk-engine-compatibility-issue.patch
Patch0013: 0013-digest-modify-the-process-of-free-session.patch
Patch0014: 0014-digest-modify-the-process-of-soft-and-hardware-hando.patch
Patch0015: 0015-ecc-bugfix-about-sm2-decryption.patch
Patch0016: 0016-dh-bugfix-about-dh-compute-key.patch
Patch0017: 0017-ecc-bugfix-about-ecc-general-init.patch
Patch0018: 0018-digest-fix-codecheck-warning.patch
Patch0019: 0019-cipher-fixup-a-code-check-warning.patch
Patch0020: 0020-rsa-fixup-a-code-check-warning.patch
Patch0021: 0021-cipher-delete-a-redundant-branch.patch
Patch0022: 0022-engine-fix-engine-can-t-work-under-hybrid-mode.patch
Patch0023: 0023-engine-add-the-kae-log-feature.patch
Patch0024: 0024-rsa-fix-interface-name.patch
Patch0025: 0025-ecc-cleanup-sm2-unreachable-code.patch
Patch0026: 0026-rsa-cleanup-of-code-style.patch
Patch0027: 0027-v1-fixup-about-uninitialized-variable.patch
Patch0028: 0028-ecc-fix-checking-conditions.patch
Patch0029: 0029-ecc-cleanup-print-log.patch
Patch0030: 0030-engine-fix-function-return-type.patch
Patch0031: 0031-rsa-fixup-about-the-wrong-copy.patch
Patch0032: 0032-README-modify-the-engine-id-name.patch
Patch0033: 0033-digest-improve-the-digest-performance.patch
Patch0034: 0034-cipher-support-the-sm4-ecb-alg.patch
Patch0035: 0035-cipher-fix-segmentation-fault-for-uadk_e_ctx_init.patch
Patch0036: 0036-cipher-sm4-ecb-algorithm-is-deleted-by-mistake.patch
Patch0037: 0037-rsa-bugfix-about-redundant-and-inefficient-operation.patch
Patch0038: 0038-uadk-engine-change-Copyright-to-2022.patch
Patch0039: 0039-README-move-test-script-to-sanity_test.sh.patch
Patch0040: 0040-uadk_engine-fix-string-compare-mode.patch
Patch0041: 0041-cipher-optimize-the-process-of-ctx-initialization.patch
Patch0042: 0042-cipher-adding-an-iv-update-to-a-decryption.patch
Patch0043: 0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch
Patch0044: 0044-engine-add-receiving-timeout-count.patch
Patch0045: 0045-digest-fix-the-fault-as-using-the-nginx.patch
Patch0046: 0046-ecc-cleanup-of-static-code-check.patch
Patch0047: 0047-ecc-bugfix-about-return-value-check.patch
Patch0048: 0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch
Patch0049: 0049-uadk_engine-remove-redundant-extern.patch
Patch0050: 0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch
Patch0051: 0051-rsa-cleanup-redundant-BN-operation.patch
Patch0052: 0052-rsa-bugfix-memory-leak-in-genkey-process.patch
Patch0053: 0053-rsa-remove-unused-software-method.patch
Patch0054: 0054-doc-Modify-maintainers.patch
Patch0055: 0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch
Patch0056: 0056-engine-initialize-resources-only-once.patch
Patch0057: 0057-engine-fix-function-type.patch
Patch0058: 0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch
Patch0059: 0059-uadk_utils-fix-x86-local-build.patch
Patch0060: 0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch
Patch0061: 0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch
Patch0062: 0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch
Patch0063: 0063-uadk_engine-bugfix-side-effects-of-right-operand.patch
Patch0064: 0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch
Patch0065: 0065-uadk_engine-bugfix-enable-environment-variable.patch
Patch0066: 0066-uadk_engine-cleanup-magic-number-and-comments.patch
Patch0067: 0067-uadk_engine-cleanup-header-file.patch
Patch0001: 0001-uadk_provider-add-aead-alg-for-uadk_provider-in-open.patch
Patch0002: 0002-uadk_provider-move-functions-to-uadk_prov_pkey.patch
Patch0003: 0003-uadk_provider-add-query_operation_name-callback-for-.patch
Patch0004: 0004-uadk_provider-support-ec-keymgmt-hardware-accelerati.patch
Patch0005: 0005-uadk_provider-support-ecdh-keyexch-hardware-accelera.patch
Patch0006: 0006-uadk_provider-support-x448-alg.patch
Patch0007: 0007-uadk_engine-Clear-some-compilation-warnings-specific.patch
Patch0008: 0008-uadk_provider_rsa-cleanup-variable-definition-and-re.patch
%description
This package contains the UADK Accelerator Engine
This package contains the UADK Accelerator Engine.
In this version, uadk_engine.rpm not only supports the engine 1
function of openssl1.1, but also supports the provider function
of openssl3.0.
%global debug_package %{nil}
%prep
%autosetup -n %{name} -p1
%autosetup -n %{name}-%{version} -p1
%build
tar -zxvf %{_sourcedir}/openssl.tar.gz
%define pkg_dir %{_builddir}/%{name}-%{version}/openssl%{_libdir}/pkgconfig
%define openssl_dir %{_builddir}/%{name}-%{version}/openssl/usr
echo "prefix=%{openssl_dir}" | cat - %{pkg_dir}/libcrypto.pc > tmp && mv tmp %{pkg_dir}/libcrypto.pc
export PKG_CONFIG_PATH=%{pkg_dir}
autoreconf -i
chmod +x configure
./configure --enable-kae
make
%install
mkdir -p ${RPM_BUILD_ROOT}/usr/local/lib/engines-1.1
install -b -m755 src/.libs/uadk_engine.so.%{version} ${RPM_BUILD_ROOT}/usr/local/lib/engines-1.1
mkdir -p ${RPM_BUILD_ROOT}%{_libdir}/engines-1.1
install -b -m755 src/.libs/uadk_engine.so.%{version} ${RPM_BUILD_ROOT}%{_libdir}/engines-1.1
for lib in $RPM_BUILD_ROOT%{_libdir}/engines-1.1/*.so.%{version} ; do
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/engines-1.1/`basename ${lib} .%{version}`
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/engines-1.1/`basename ${lib} .%{version}`.%{soversion}
done
make clean
unset PKG_CONFIG_PATH
autoreconf -i
./configure --libdir=/usr/lib64/ossl-modules/
make
mkdir -p ${RPM_BUILD_ROOT}%{_libdir}/ossl-modules/
install -b -m755 src/.libs/uadk_provider.so.%{version} ${RPM_BUILD_ROOT}%{_libdir}/ossl-modules/
for lib in $RPM_BUILD_ROOT%{_libdir}/ossl-modules/*.so.%{version} ; do
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/ossl-modules/`basename ${lib} .%{version}`
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/ossl-modules/`basename ${lib} .%{version}`.%{soversion}
done
%clean
rm -rf ${RPM_BUILD_ROOT}
%files
%defattr(755,root,root)
/usr/local/lib/engines-1.1/uadk_engine.so.%{version}
%pre
if [ "$1" = "2" ] ; then #2: update
rm -rf $RPM_INSTALL_PREFIX/uadk_engine.so > /dev/null 2>&1 || true
rm -rf $RPM_INSTALL_PREFIX/uadk_engine.so.0 > /dev/null 2>&1 || true
fi
%{_libdir}/engines-1.1/*
%{_libdir}/ossl-modules/*
%post
if [[ "$1" = "1" || "$1" = "2" ]] ; then #1: install 2: update
ln -sf $RPM_INSTALL_PREFIX/uadk_engine.so.%{version} $RPM_INSTALL_PREFIX/uadk_engine.so
ln -sf $RPM_INSTALL_PREFIX/uadk_engine.so.%{version} $RPM_INSTALL_PREFIX/uadk_engine.so.0
fi
/sbin/ldconfig
%preun
if [ "$1" = "0" ] ; then #0: uninstall
rm -rf $RPM_INSTALL_PREFIX/uadk_engine.so > /dev/null 2>&1 || true
rm -rf $RPM_INSTALL_PREFIX/uadk_engine.so.0 > /dev/null 2>&1 || true
rm -f /var/log/uadk_engine.log > /dev/null 2>&1 || true
rm -f /var/log/uadk_engine.log.old > /dev/null 2>&1 || true
fi
%postun
/sbin/ldconfig
%changelog
* Wed Dec 11 2024 JiangShui Yang <yangjiangshui@h-partners.com> 1.5.0-1
- uadk_engine: adding the uadk_provider library
* Fri Nov 22 2024 JiangShui Yang <yangjiangshui@h-partners.com> 1.3.0-3
- Backport uadk engine patch
* Thu Nov 21 2024 JiangShui Yang <yangjiangshui@h-partners.com> 1.3.0-2
- Backport uadk engine patch
* Mon Jan 22 2024 Zhangfei Gao <zhangfei.gao@linaro.org> 1.3.0-1
- uadk_eingine: update to 1.3.0
* Tue Aug 22 2023 JiangShui Yang <yangjiangshui@h-partners.com> 1.2.0-1
- Backport uadk engine patch form v1.0.1 to 1.2.0
* Mon Mar 20 2023 linwenkai <linwenkai6@hisilicon.com> 1.0.0-10
- Backport uadk engine build patch
* Thu Feb 9 2023 linwenkai <linwenkai6@hisilicon.com> 1.0.0-9
- Fix uadk engine build compatiable problem
* Fri Dec 16 2022 JiangShui Yang <yangjiangshui@h-partners.com> 1.0.0-8
- Backport uadk engine patch for v1.0.1
* Tus Jul 26 2022 Yang Shen <shenyang39@huawei.com> 1.0.0-7
* Tue Jul 26 2022 Yang Shen <shenyang39@huawei.com> 1.0.0-7
- Backport uadk engine patch from v1.0.0 to v1.0.1
* Mon Mar 21 2022 linwenkai <linwenkai6@hisilicon.com> 1.0.0-6