packages/uadk_engine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!4 [sync] PR-3: 更新uadk engine源码

Browse Source 
Merge pull request !4 from openeuler-sync-bot/sync-pr3-master-to-openEuler-22.03-LTS-Next
This commit is contained in:
openeuler-ci-bot 2022-01-13 07:24:23 +00:00 committed by Gitee
commit 193302eafe
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
21 changed files with 2499 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
0001-digest-delete-some-duplicate-code.patch
View File

@ -1,55 +0,0 @@
From eba09f6a2eb20bf431822718fa752a68b6d682c5 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 9 Dec 2021 11:17:40 +0800
Subject: [PATCH] digest: delete some duplicate code
digest task not need to allocate session twice for one stream.
init->update->final as one stream.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 9fdec91..db33d16 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -607,10 +607,6 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
int ret = 1;
struct async_op op;
- priv->sess = wd_digest_alloc_sess(&priv->setup);
- if (unlikely(!priv->sess))
- return 0;
-
priv->req.in = priv->data;
priv->req.out = digest;
priv->req.in_bytes = priv->tail;
@@ -639,11 +635,6 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
goto clear;
}
- if (priv->sess) {
- wd_digest_free_sess(priv->sess);
- priv->sess = 0;
- }
-
return 1;
sync_err:
@@ -665,6 +656,11 @@ static int uadk_e_digest_cleanup(EVP_MD_CTX *ctx)
if (!priv || priv->copy)
return 1;
+ if (priv->sess) {
+ wd_digest_free_sess(priv->sess);
+ priv->sess = 0;
+ }
+
if (priv && priv->data)
OPENSSL_free(priv->data);
--
2.24.4

161
0001-digest-support-digest-multiple-update.patch Normal file
View File

@ -0,0 +1,161 @@
From 8cc0e8724565c12f0fa6f099070ec57504cd21fa Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 9 Dec 2021 15:39:32 +0800
Subject: [PATCH 01/18] digest: support digest multiple update
Support digest multiple updating by using the SEC stream mode.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 77 ++++++++++++++++++++++++++++++++++++++---------
1 file changed, 62 insertions(+), 15 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index db33d16..41de449 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -31,6 +31,8 @@
#define CTX_SYNC 0
#define CTX_ASYNC 1
#define CTX_NUM 2
+#define DIGEST_DOING 1
+#define DIGEST_END 0
#define ENV_ENABLED 1
/* The max BD data length is 16M-512B */
@@ -41,6 +43,7 @@
#define SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
#define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024)
#define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
+#define MAX_DIGEST_LENGTH 64
struct digest_threshold_table {
int nid;
@@ -69,12 +72,16 @@ struct evp_md_ctx_st {
int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
};
+#define DIGEST_BLOCK_SIZE 4096
+
struct digest_priv_ctx {
handle_t sess;
struct wd_digest_sess_setup setup;
struct wd_digest_req req;
unsigned char *data;
- long tail;
+ unsigned char out[MAX_DIGEST_LENGTH];
+ size_t tail;
+ size_t last_update_bufflen;
bool copy;
uint32_t e_nid;
EVP_MD_CTX *soft_ctx;
@@ -496,6 +503,13 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
if (unlikely(!priv->sess))
return 0;
+ priv->data = malloc(DIGEST_BLOCK_SIZE);
+ if (priv->data == NULL) {
+ wd_digest_free_sess(priv->sess);
+ return 0;
+ }
+ memset(priv->data, 0, DIGEST_BLOCK_SIZE);
+
priv->switch_threshold = sec_digest_get_sw_threshold(nid);
return 1;
@@ -504,6 +518,45 @@ soft_init:
return digest_soft_init(priv->soft_ctx, priv->e_nid);
}
+static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_len)
+{
+ struct digest_priv_ctx *priv =
+ (struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx);
+ const unsigned char *tmpdata = (const unsigned char *)data;
+ size_t left_len = data_len;
+ int copy_to_bufflen;
+ int ret;
+
+ priv->req.has_next = DIGEST_DOING;
+
+ while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) {
+ copy_to_bufflen = DIGEST_BLOCK_SIZE - priv->last_update_bufflen;
+ memcpy(priv->data + priv->last_update_bufflen, tmpdata, copy_to_bufflen);
+
+ priv->last_update_bufflen = DIGEST_BLOCK_SIZE;
+ priv->req.in_bytes = DIGEST_BLOCK_SIZE;
+ priv->req.in = priv->data;
+ priv->req.out = priv->out;
+ left_len -= copy_to_bufflen;
+ tmpdata += copy_to_bufflen;
+
+ ret = wd_do_digest_sync(priv->sess, &priv->req);
+ if (ret)
+ return 0;
+
+ priv->last_update_bufflen = 0;
+ memset(priv->data, 0, DIGEST_BLOCK_SIZE);
+ if (left_len <= DIGEST_BLOCK_SIZE) {
+ priv->last_update_bufflen = left_len;
+ memcpy(priv->data, tmpdata, priv->last_update_bufflen);
+ break;
+ }
+
+ }
+
+ return 1;
+}
+
static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_len)
{
struct digest_priv_ctx *priv =
@@ -512,20 +565,13 @@ static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_l
if (unlikely(priv->switch_flag == UADK_DO_SOFT))
goto soft_update;
- if ((data_len <= BUF_LEN - priv->tail) && (data_len > 0)) {
- if (!priv->data) {
- priv->data = OPENSSL_malloc(BUF_LEN);
- if (priv->data == NULL)
- return 0;
- }
-
- memcpy(priv->data + priv->tail, data, data_len);
- priv->tail += data_len;
-
+ if (priv->last_update_bufflen + data_len <= DIGEST_BLOCK_SIZE) {
+ memcpy(priv->data + priv->last_update_bufflen, data, data_len);
+ priv->last_update_bufflen += data_len;
return 1;
}
- return 0;
+ return digest_update_inner(ctx, data, data_len);
soft_update:
return digest_soft_update(priv->soft_ctx, priv->e_nid, data, data_len);
@@ -606,10 +652,10 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
(struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
int ret = 1;
struct async_op op;
-
+ priv->req.has_next = DIGEST_END;
priv->req.in = priv->data;
- priv->req.out = digest;
- priv->req.in_bytes = priv->tail;
+ priv->req.out = priv->out;
+ priv->req.in_bytes = priv->last_update_bufflen;
priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
ret = async_setup_async_event_notification(&op);
@@ -634,6 +680,7 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
if (!ret)
goto clear;
}
+ memcpy(digest, priv->req.out, priv->req.out_bytes);
return 1;
--
2.24.4

38
0002-uadk_engine-define-the-variable-as-const.patch Normal file
View File

@ -0,0 +1,38 @@
From b7bb19a4e5c239035926f952d24c2e95bf813fd8 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Mon, 20 Dec 2021 02:48:54 +0000
Subject: [PATCH 02/18] uadk_engine: define the variable as 'const'
Parameter: 'n' in the function has not been changed,
it should be defined as 'const'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_rsa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index bab3c24..75ae0d1 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -174,7 +174,7 @@ static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
}
static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
- int *n, BIGNUM *rsa_p, BIGNUM *rsa_q,
+ const int *n, BIGNUM *rsa_p, BIGNUM *rsa_q,
BIGNUM *r1, BIGNUM *r2, BN_CTX *ctx,
BN_GENCB *cb)
{
@@ -268,7 +268,7 @@ static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
return UADK_E_SUCCESS;
}
-static int check_prime_useful(int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2,
+static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2,
BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb)
{
unsigned long err;
--
2.24.4

113
0003-ecc-fix-codecheck-warning.patch Normal file
View File

@ -0,0 +1,113 @@
From 1cd8bd255ae0f55742d2dffa7ba09aea28d56c9a Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Wed, 22 Dec 2021 03:37:13 +0000
Subject: [PATCH 03/18] ecc: fix codecheck warning
fix a more than 50 lines function 'uadk_wd_ecc_init'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_pkey.c | 61 +++++++++++++++++++++++++------------------------
1 file changed, 31 insertions(+), 30 deletions(-)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index c20b22b..62362b0 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -178,38 +178,20 @@ static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev)
return async_register_poll_fn(ASYNC_TASK_ECC, uadk_e_ecc_env_poll);
}
-static int uadk_wd_ecc_init(struct ecc_res_config *config)
+static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
+ struct wd_sched *sched)
{
- struct wd_sched *sched = &config->sched.wd_sched;
struct wd_ctx_config *ctx_cfg;
- struct uacce_dev *dev;
int ret, i;
- /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */
- dev = wd_get_accel_dev("ecdsa");
- if (!dev)
- return -ENOMEM;
-
- config->numa_id = dev->numa_id;
-
- ret = uadk_e_is_env_enabled("ecc");
- if (ret == ENV_ENABLED) {
- ret = uadk_e_wd_ecc_env_init(dev);
- goto free_dev;
- }
-
- if (ecc_res.ctx_res) {
- ret = 0;
- goto free_dev;
- }
+ if (ecc_res.ctx_res)
+ return 0;
ctx_cfg = calloc(1, sizeof(struct wd_ctx_config));
- if (!ctx_cfg) {
+ if (!ctx_cfg)
ret = -ENOMEM;
- goto free_dev;
- }
- ecc_res.ctx_res = ctx_cfg;
+ ecc_res.ctx_res = ctx_cfg;
ctx_cfg->ctx_num = CTX_NUM;
ctx_cfg->ctxs = calloc(CTX_NUM, sizeof(struct wd_ctx));
if (!ctx_cfg->ctxs) {
@@ -230,23 +212,42 @@ static int uadk_wd_ecc_init(struct ecc_res_config *config)
if (ret)
goto free_ctx;
- free(dev);
-
return async_register_poll_fn(ASYNC_TASK_ECC, uadk_ecc_poll);
free_ctx:
for (i = 0; i < CTX_NUM; i++) {
- if (ctx_cfg->ctxs[i].ctx) {
+ if (ctx_cfg->ctxs[i].ctx)
wd_release_ctx(ctx_cfg->ctxs[i].ctx);
- ctx_cfg->ctxs[i].ctx = 0;
- }
}
free(ctx_cfg->ctxs);
free_cfg:
free(ctx_cfg);
ecc_res.ctx_res = NULL;
-free_dev:
+
+ return ret;
+}
+
+static int uadk_wd_ecc_init(struct ecc_res_config *config)
+{
+ struct wd_sched *sched = &config->sched.wd_sched;
+ struct uacce_dev *dev;
+ int ret;
+
+ /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */
+ dev = wd_get_accel_dev("ecdsa");
+ if (!dev)
+ return -ENOMEM;
+
+ config->numa_id = dev->numa_id;
+
+ ret = uadk_e_is_env_enabled("ecc");
+ if (ret)
+ ret = uadk_e_wd_ecc_env_init(dev);
+ else
+ ret = uadk_e_wd_ecc_general_init(dev, sched);
+
free(dev);
+
return ret;
}
--
2.24.4

28
0004-rsa-delete-redundant-copy.patch Normal file
View File

@ -0,0 +1,28 @@
From 6c916851ae54c9272a96c7af73cba83598ab3c43 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Wed, 22 Dec 2021 03:51:48 +0000
Subject: [PATCH 04/18] rsa: delete redundant copy
'from_buf' and 'req.src' point to the same address space,
redundant copy is not required.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_rsa.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 75ae0d1..1e1e226 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1595,7 +1595,6 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
goto free_buf;
}
- memcpy(rsa_sess->req.src, from_buf, rsa_sess->req.src_bytes);
ret = rsa_do_crypto(rsa_sess);
if (!ret || rsa_sess->req.status) {
ret = UADK_DO_SOFT;
--
2.24.4

35
0005-rsa-fix-coverity-warning.patch Normal file
View File

@ -0,0 +1,35 @@
From f5fac71459234b4e44fe8ff386b19627e88ad680 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Wed, 22 Dec 2021 06:39:46 +0000
Subject: [PATCH 05/18] rsa: fix coverity warning
Parameter: 'n' in the function 'get_prime_once' has not
been changed, it should be defined as 'const'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_rsa.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 1e1e226..cb98159 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -307,10 +307,10 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r
return GET_ERR_FINISH;
}
-static int get_prime_once(int num, const int *bitsr, int *n, BIGNUM *prime,
- BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
- BIGNUM *r2, BIGNUM *e_pub, BN_CTX *ctx,
- BN_GENCB *cb)
+static int get_prime_once(int num, const int *bitsr, const int *n,
+ BIGNUM *prime, BIGNUM *rsa_p, BIGNUM *rsa_q,
+ BIGNUM *r1, BIGNUM *r2, BIGNUM *e_pub,
+ BN_CTX *ctx, BN_GENCB *cb)
{
int ret = -1;
--
2.24.4

165
0006-ecc-cleanup-duplicate-public-key-allocation.patch Normal file
View File

@ -0,0 +1,165 @@
From 941c89ea6fefe3e78255437788c3f274b6c81414 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Wed, 22 Dec 2021 08:27:45 +0000
Subject: [PATCH 06/18] ecc: cleanup duplicate public key allocation
Remove duplicate allocation and copy of public key.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 95 +++++++++++++++++++++++++++------------------------
1 file changed, 51 insertions(+), 44 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index d97436b..9040d3c 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -784,59 +784,78 @@ static int sm2_keygen_init_iot(handle_t sess, struct wd_ecc_req *req)
static int eckey_create_key(EC_KEY *eckey)
{
- const EC_GROUP *group;
- EC_POINT *pub_key;
BIGNUM *priv_key;
+ int ret;
- group = EC_KEY_get0_group(eckey);
- pub_key = (EC_POINT *)EC_KEY_get0_public_key(eckey);
- if (!pub_key) {
- pub_key = EC_POINT_new(group);
- if (!pub_key) {
- fprintf(stderr, "failed to new pub_key\n");
- return -1;
- }
- EC_KEY_set_public_key(eckey, pub_key);
+ priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey);
+ if (priv_key)
+ return 1;
+
+ priv_key = BN_new();
+ if (!priv_key) {
+ fprintf(stderr, "failed to BN_new priv_key\n");
+ return 0;
}
+ ret = EC_KEY_set_private_key(eckey, priv_key);
+ if (!ret)
+ fprintf(stderr, "failed to set private key\n");
+
+ BN_free(priv_key);
+ return ret;
+}
+
+static int ecdh_set_private_key(EC_KEY *eckey, BIGNUM *order)
+{
+ BIGNUM *priv_key;
+ int ret;
+
+ priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey);
+ if (priv_key)
+ return 1;
+
priv_key = BN_new();
if (!priv_key) {
fprintf(stderr, "failed to BN_new priv_key\n");
- return -1;
+ return 0;
}
- EC_KEY_set_private_key(eckey, priv_key);
- return 0;
+ do {
+ if (!BN_rand_range(priv_key, order)) {
+ fprintf(stderr, "failed to generate random value\n");
+ ret = 0;
+ goto free_priv_key;
+ }
+ } while (BN_is_zero(priv_key));
+
+ ret = EC_KEY_set_private_key(eckey, priv_key);
+ if (!ret)
+ fprintf(stderr, "failed to set private key\n");
+
+free_priv_key:
+ BN_free(priv_key);
+ return ret;
}
static int ecdh_create_key(EC_KEY *eckey)
{
- BIGNUM *priv_key, *order;
const EC_GROUP *group;
- EC_POINT *pub_key;
+ BIGNUM *order;
BN_CTX *ctx;
- int ret = 0;
+ int ret;
group = EC_KEY_get0_group(eckey);
- pub_key = (EC_POINT *)EC_KEY_get0_public_key(eckey);
- if (!pub_key) {
- pub_key = EC_POINT_new(group);
- if (!pub_key) {
- fprintf(stderr, "failed to new pub_key\n");
- return ret;
- }
- ret = EC_KEY_set_public_key(eckey, pub_key);
- }
ctx = BN_CTX_new();
if (!ctx) {
fprintf(stderr, "failed to allocate ctx\n");
- return ret;
+ return 0;
}
- order = BN_CTX_get(ctx);
+ order = BN_CTX_get(ctx);
if (!order) {
fprintf(stderr, "failed to allocate order\n");
+ ret = 0;
goto free_ctx;
}
@@ -846,26 +865,14 @@ static int ecdh_create_key(EC_KEY *eckey)
goto free_order;
}
- priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey);
- if (!priv_key) {
- priv_key = BN_new();
- if (!priv_key) {
- fprintf(stderr, "failed to BN_new priv_key\n");
- goto free_order;
- }
- do {
- if (!BN_rand_range(priv_key, order))
- fprintf(stderr, "failed to generate random value\n");
- } while (BN_is_zero(priv_key));
- ret = EC_KEY_set_private_key(eckey, priv_key);
- }
- ret = 1;
+ ret = ecdh_set_private_key(eckey, order);
+ if (!ret)
+ fprintf(stderr, "failed to set private key\n");
free_order:
BN_clear(order);
free_ctx:
BN_CTX_free(ctx);
-
return ret;
}
@@ -880,7 +887,7 @@ static int sm2_generate_key(EC_KEY *eckey)
goto do_soft;
ret = eckey_create_key(eckey);
- if (ret)
+ if (!ret)
return ret;
ret = UADK_DO_SOFT;
--
2.24.4

349
0007-rsa-cleanup-about-reducing-function-parameters.patch Normal file
View File

@ -0,0 +1,349 @@
From 273cf10d03532e73dfcd9f8a1223bfecb64d0f16 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Wed, 22 Dec 2021 10:51:48 +0000
Subject: [PATCH 07/18] rsa: cleanup about reducing function parameters
Reduce the number of parameters of functions
related to prime, and make the name of those
functions clearer.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 155 ++++++++++++++++++++++++++++++-------------------
1 file changed, 95 insertions(+), 60 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index cb98159..c1609ca 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -97,6 +97,14 @@ struct rsa_prikey_param {
int is_crt;
};
+struct rsa_prime_param {
+ BIGNUM *r1;
+ BIGNUM *r2;
+ BIGNUM *rsa_p;
+ BIGNUM *rsa_q;
+ BIGNUM *prime;
+};
+
struct uadk_rsa_sess {
handle_t sess;
struct wd_rsa_sess_setup setup;
@@ -156,15 +164,14 @@ static int rsa_check_bit_useful(const int bits, int flen)
}
}
-static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
- BN_CTX *ctx, BN_GENCB *cb)
+static int rsa_prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
+ BN_CTX *ctx, BN_GENCB *cb)
{
- /* calculate n = p * q */
if (num == 1) {
if (!BN_mul(r1, rsa_p, rsa_q, ctx))
return BN_ERR;
} else {
- /* if num == 0, use number 3 to indicate do nothing */
+ /* If num == 0, use number 3 to indicate do nothing */
if (!BN_GENCB_call(cb, 3, num))
return BN_ERR;
return BN_CONTINUE;
@@ -173,20 +180,21 @@ static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
return BN_VALID;
}
-static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
- const int *n, BIGNUM *rsa_p, BIGNUM *rsa_q,
- BIGNUM *r1, BIGNUM *r2, BN_CTX *ctx,
- BN_GENCB *cb)
+static int check_rsa_prime_sufficient(int *num, const int *bitsr,
+ int *bitse, const int *n,
+ struct rsa_prime_param *param,
+ BN_CTX *ctx, BN_GENCB *cb)
{
static int retries;
BN_ULONG bitst;
int ret;
- ret = prime_mul_res(*num, rsa_p, rsa_q, r1, ctx, cb);
+ ret = rsa_prime_mul_res(*num, param->rsa_p, param->rsa_q,
+ param->r1, ctx, cb);
if (ret)
return ret;
/*
- * if |r1|, product of factors so far, is not as long as expected
+ * If |r1|, product of factors so far, is not as long as expected
* (by checking the first 4 bits are less than 0x9 or greater than
* 0xF). If so, re-generate the last prime.
*
@@ -199,10 +207,10 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
* key by using the modulus in a certificate. This is also covered
* by checking the length should not be less than 0x9.
*/
- if (!BN_rshift(r2, r1, *bitse - 4))
+ if (!BN_rshift(param->r2, param->r1, *bitse - 4))
return BN_ERR;
- bitst = BN_get_word(r2);
+ bitst = BN_get_word(param->r2);
if (bitst < 0x9 || bitst > 0xF) {
/*
* For keys with more than 4 primes, we attempt longer factor to
@@ -216,7 +224,9 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
*bitse -= bitsr[*num];
else
return -1;
- if (!BN_GENCB_call(cb, 2, *n++))
+
+ ret = BN_GENCB_call(cb, 2, *n++);
+ if (!ret)
return -1;
if (retries == 4) {
*num = -1;
@@ -227,14 +237,17 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
retries++;
return BN_REDO;
}
- if (!BN_GENCB_call(cb, 3, *num))
+
+ ret = BN_GENCB_call(cb, 3, *num);
+ if (!ret)
return BN_ERR;
retries = 0;
return BN_VALID;
}
-static void set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM **prime)
+static void rsa_set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
+ BIGNUM **prime)
{
if (num == 0)
*prime = rsa_p;
@@ -244,8 +257,8 @@ static void set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM **prime)
BN_set_flags(*prime, BN_FLG_CONSTTIME);
}
-static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
- BIGNUM *prime)
+static int check_rsa_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
+ BIGNUM *prime)
{
BIGNUM *prev_prime;
int j;
@@ -268,8 +281,8 @@ static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
return UADK_E_SUCCESS;
}
-static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2,
- BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb)
+static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
+ BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb)
{
unsigned long err;
/*
@@ -278,10 +291,10 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r
* BN_value_one() returns a BIGNUM constant of value 1.
* r2 = prime - 1.
*/
- if (!BN_sub(r2, prime, BN_value_one()))
+ if (!BN_sub(param->r2, param->prime, BN_value_one()))
return -1;
ERR_set_mark();
- BN_set_flags(r2, BN_FLG_CONSTTIME);
+ BN_set_flags(param->r2, BN_FLG_CONSTTIME);
/*
* BN_mod_inverse(r,a,n,ctx) used to compute inverse modulo n.
* Precisely, it computes the inverse of "a" modulo "n", and places
@@ -290,7 +303,7 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r
* The expected result: (r2 * r1) % e_pub ==1,
* the inverse of r2 exist, that is r1.
*/
- if (BN_mod_inverse(r1, r2, e_pub, ctx))
+ if (BN_mod_inverse(param->r1, param->r2, e_pub, ctx))
return UADK_E_SUCCESS;
err = ERR_peek_last_error();
@@ -307,10 +320,9 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r
return GET_ERR_FINISH;
}
-static int get_prime_once(int num, const int *bitsr, const int *n,
- BIGNUM *prime, BIGNUM *rsa_p, BIGNUM *rsa_q,
- BIGNUM *r1, BIGNUM *r2, BIGNUM *e_pub,
- BN_CTX *ctx, BN_GENCB *cb)
+static int get_rsa_prime_once(int num, const int *bitsr, const int *n,
+ BIGNUM *e_pub, struct rsa_prime_param *param,
+ BN_CTX *ctx, BN_GENCB *cb)
{
int ret = -1;
@@ -318,12 +330,13 @@ static int get_prime_once(int num, const int *bitsr, const int *n,
return ret;
while (1) {
/* Generate prime with bitsr[num] len. */
- if (!BN_generate_prime_ex(prime, bitsr[num],
+ if (!BN_generate_prime_ex(param->prime, bitsr[num],
0, NULL, NULL, cb))
return BN_ERR;
- if (!check_prime_equal(num, rsa_p, rsa_q, prime))
+ if (!check_rsa_prime_equal(num, param->rsa_p, param->rsa_q,
+ param->prime))
continue;
- ret = check_prime_useful(n, prime, r1, r2, e_pub, ctx, cb);
+ ret = check_rsa_prime_useful(n, param, e_pub, ctx, cb);
if (ret == BN_ERR)
return BN_ERR;
else if (ret == UADK_E_SUCCESS)
@@ -333,8 +346,7 @@ static int get_prime_once(int num, const int *bitsr, const int *n,
return ret;
}
-static void switch_p_q(BIGNUM *rsa_p, BIGNUM *rsa_q,
- BIGNUM *p, BIGNUM *q)
+static void rsa_switch_p_q(BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *p, BIGNUM *q)
{
BIGNUM *tmp;
@@ -373,13 +385,37 @@ static int check_rsa_is_crt(RSA *rsa)
return UN_SET;
}
+static int get_rsa_prime_param(struct rsa_prime_param *param, BN_CTX *ctx)
+{
+ param->r1 = BN_CTX_get(ctx);
+ if (!param->r1)
+ goto end;
+
+ param->r2 = BN_CTX_get(ctx);
+ if (!param->r2)
+ goto end;
+
+ param->rsa_p = BN_CTX_get(ctx);
+ if (!param->rsa_p)
+ goto end;
+
+ param->rsa_q = BN_CTX_get(ctx);
+ if (!param->rsa_q)
+ goto end;
+
+ return UADK_E_SUCCESS;
+
+end:
+ fprintf(stderr, "failed to malloc params\n");
+ return UADK_E_FAIL;
+}
+
static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
BIGNUM *q, BN_GENCB *cb)
{
- BIGNUM *r1, *r2, *rsa_p, *rsa_q;
+ struct rsa_prime_param *param = NULL;
int bitsr[RSA_MAX_PRIME_NUM] = {0};
int flag, quo, rmd, i;
- BIGNUM *prime = NULL;
BN_CTX *ctx;
int bitse = 0;
int ret = 0;
@@ -391,12 +427,15 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
return ret;
BN_CTX_start(ctx);
- r1 = BN_CTX_get(ctx);
- r2 = BN_CTX_get(ctx);
- rsa_p = BN_CTX_get(ctx);
- rsa_q = BN_CTX_get(ctx);
- if (!r1 || !r2 || !rsa_p || !rsa_q)
- goto err;
+ param = OPENSSL_zalloc(sizeof(struct rsa_prime_param));
+ if (!param) {
+ fprintf(stderr, "failed to malloc rsa prime param\n");
+ goto free_ctx;
+ }
+
+ ret = get_rsa_prime_param(param, ctx);
+ if (!ret)
+ goto free_param;
/* Divide bits into 'primes' pieces evenly */
quo = bits / RSA_MAX_PRIME_NUM;
@@ -409,39 +448,37 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
/* flag: whether primes are generated correctely. */
flag = 1;
/* Set flag for primes rsa_p and rsa_q separately. */
- set_primes(i, rsa_p, rsa_q, &prime);
+ rsa_set_primes(i, param->rsa_p, param->rsa_q, &param->prime);
while (flag == 1) {
- if (get_prime_once(i, bitsr, &n, prime, rsa_p, rsa_q,
- r1, r2, e_pub, ctx, cb) == -1)
- goto err;
+ ret = get_rsa_prime_once(i, bitsr, &n, e_pub, param,
+ ctx, cb);
+ if (ret == -1)
+ goto free_param;
bitse += bitsr[i];
- ret = check_prime_sufficient(&i, bitsr, &bitse, &n,
- rsa_p, rsa_q, r1, r2,
- ctx, cb);
+ ret = check_rsa_prime_sufficient(&i, bitsr, &bitse, &n,
+ param, ctx, cb);
if (ret == BN_ERR)
- goto err;
+ goto free_param;
else if (ret == BN_REDO)
continue;
else
flag = 0;
}
}
- switch_p_q(rsa_p, rsa_q, p, q);
+ rsa_switch_p_q(param->rsa_p, param->rsa_q, p, q);
ret = UADK_E_SUCCESS;
-err:
- if (ctx) {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
-
+free_param:
+ OPENSSL_free(param);
+free_ctx:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
return ret;
}
static int add_rsa_pubenc_padding(int flen, const unsigned char *from,
- unsigned char *buf, int num,
- int padding)
+ unsigned char *buf, int num, int padding)
{
int ret;
@@ -852,8 +889,7 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param,
struct uadk_rsa_sess *rsa_sess,
- unsigned char *in_buf,
- unsigned char *to)
+ unsigned char *in_buf, unsigned char *to)
{
struct wd_rsa_pubkey *pubkey = NULL;
struct wd_dtb *wd_e = NULL;
@@ -882,8 +918,7 @@ static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param,
static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,
struct rsa_prikey_param *pri,
- unsigned char *in_buf,
- unsigned char *to)
+ unsigned char *in_buf, unsigned char *to)
{
struct wd_rsa_prikey *prikey;
struct wd_dtb *wd_dq;
--
2.24.4

355
0008-ecc-cleanup-sm2-compute-digest-function.patch Normal file
View File

@ -0,0 +1,355 @@
From b99452edd6ae045e833e3ae01866b8546fd5733a Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Fri, 24 Dec 2021 07:30:22 +0000
Subject: [PATCH 08/18] ecc: cleanup sm2 compute digest function
The operation flow of sm2_compute_z_digest()
is modularized and encapsulated to reduce
the code line of sm2_compute_z_digest() and
make the code easier to understand.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_sm2.c | 277 +++++++++++++++++++++++++++++++++++--------------
1 file changed, 197 insertions(+), 80 deletions(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index d74aa3a..6d5dad0 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -62,6 +62,26 @@ typedef struct sm2_ciphertext {
ASN1_OCTET_STRING *C2;
} SM2_Ciphertext;
+struct sm2_param {
+ /*
+ * p: BIGNUM with the prime number (GFp) or the polynomial
+ * defining the underlying field (GF2m)
+ */
+ BIGNUM *p;
+ /* a: BIGNUM for parameter a of the equation */
+ BIGNUM *a;
+ /* b: BIGNUM for parameter b of the equation */
+ BIGNUM *b;
+ /* xG: BIGNUM for the x-coordinate value of G point */
+ BIGNUM *xG;
+ /* yG: BIGNUM for the y-coordinate value of G point */
+ BIGNUM *yG;
+ /* xA: BIGNUM for the x-coordinate value of PA point */
+ BIGNUM *xA;
+ /* yA: BIGNUM for the y-coordinate value of PA point */
+ BIGNUM *yA;
+};
+
DECLARE_ASN1_FUNCTIONS(SM2_Ciphertext)
ASN1_SEQUENCE(SM2_Ciphertext) = {
@@ -695,8 +715,7 @@ static int sm2_verify_init(EVP_PKEY_CTX *ctx)
}
static int sm2_verify_init_iot(handle_t sess, struct wd_ecc_req *req,
- struct wd_dtb *e,
- struct wd_dtb *r,
+ struct wd_dtb *e, struct wd_dtb *r,
struct wd_dtb *s)
{
struct wd_ecc_in *ecc_in;
@@ -1229,119 +1248,217 @@ static int sm2_ctrl_str(EVP_PKEY_CTX *ctx,
return UADK_E_INVALID;
}
-static int sm2_compute_z_digest(uint8_t *out,
- const EVP_MD *digest,
- const uint8_t *id,
- const size_t id_len,
- const EC_KEY *key)
+static int get_sm2_param(struct sm2_param *sm2_param, BN_CTX *ctx)
{
- const EC_GROUP *group = EC_KEY_get0_group(key);
- EVP_MD_CTX *hash = NULL;
- uint8_t *buf = NULL;
- BN_CTX *ctx = NULL;
- BIGNUM *p = NULL;
- BIGNUM *a = NULL;
- BIGNUM *b = NULL;
- BIGNUM *xG = NULL;
- BIGNUM *yG = NULL;
- BIGNUM *xA = NULL;
- BIGNUM *yA = NULL;
- uint8_t e_byte;
- uint16_t entl;
- int p_bytes;
- int rc = 0;
+ sm2_param->p = BN_CTX_get(ctx);
+ if (!sm2_param->p)
+ goto end;
- hash = EVP_MD_CTX_new();
- ctx = BN_CTX_new();
- if (hash == NULL || ctx == NULL) {
- fprintf(stderr, "failed to EVP_CTX_new\n");
- goto done;
- }
+ sm2_param->a = BN_CTX_get(ctx);
+ if (!sm2_param->a)
+ goto end;
- p = BN_CTX_get(ctx);
- a = BN_CTX_get(ctx);
- b = BN_CTX_get(ctx);
- xG = BN_CTX_get(ctx);
- yG = BN_CTX_get(ctx);
- xA = BN_CTX_get(ctx);
- yA = BN_CTX_get(ctx);
- if (yA == NULL) {
- fprintf(stderr, "failed to malloc\n");
- goto done;
- }
+ sm2_param->b = BN_CTX_get(ctx);
+ if (!sm2_param->b)
+ goto end;
+
+ sm2_param->xG = BN_CTX_get(ctx);
+ if (!sm2_param->xG)
+ goto end;
+
+ sm2_param->yG = BN_CTX_get(ctx);
+ if (!sm2_param->yG)
+ goto end;
+
+ sm2_param->xA = BN_CTX_get(ctx);
+ if (!sm2_param->xA)
+ goto end;
+
+ sm2_param->yA = BN_CTX_get(ctx);
+ if (!sm2_param->yA)
+ goto end;
+
+ return 1;
+
+end:
+ fprintf(stderr, "failed to malloc params\n");
+ return 0;
+}
+
+static int check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash,
+ const size_t id_len, const uint8_t *id)
+{
+ uint8_t e_byte;
+ uint16_t entl;
if (!EVP_DigestInit(hash, digest)) {
fprintf(stderr, "error evp lib\n");
- goto done;
+ return 0;
}
/* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */
if (id_len >= (UINT16_MAX / 8)) {
- /* too large */
fprintf(stderr, "id too large\n");
- goto done;
+ return 0;
}
entl = (uint16_t)(8 * id_len);
e_byte = entl >> 8;
- if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
- fprintf(stderr, "error evp lib\n");
- goto done;
- }
+ if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
+ fprintf(stderr, "error evp lib\n");
+ return 0;
+ }
+
e_byte = entl & 0xFF;
if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
fprintf(stderr, "error evp lib\n");
- goto done;
+ return 0;
}
if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) {
fprintf(stderr, "error evp lib\n");
- goto done;
+ return 0;
}
- if (!EC_GROUP_get_curve(group, p, a, b, ctx)) {
- fprintf(stderr, "error ec lib\n");
- goto done;
+ return 1;
+}
+
+static int check_equation_param(struct sm2_param *param, EVP_MD_CTX *hash,
+ uint8_t *buf, int p_bytes)
+{
+ if (BN_bn2binpad(param->a, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes) ||
+ BN_bn2binpad(param->b, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes)) {
+ fprintf(stderr, "failed to check equation param\n");
+ return 0;
}
- p_bytes = BN_num_bytes(p);
- buf = OPENSSL_zalloc(p_bytes);
- if (buf == NULL) {
- fprintf(stderr, "failed to malloc\n");
- goto done;
+ return 1;
+}
+
+
+static int check_base_point_group_param(struct sm2_param *param, BN_CTX *ctx,
+ const EC_KEY *key)
+{
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+
+ if (!EC_POINT_get_affine_coordinates(group,
+ EC_GROUP_get0_generator(group),
+ param->xG, param->yG, ctx)) {
+ fprintf(stderr, "failed to check base point group param\n");
+ return 0;
}
- if (BN_bn2binpad(a, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || BN_bn2binpad(b, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || !EC_POINT_get_affine_coordinates(group,
- EC_GROUP_get0_generator(group),
- xG, yG, ctx)
- || BN_bn2binpad(xG, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || BN_bn2binpad(yG, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || !EC_POINT_get_affine_coordinates(group,
- EC_KEY_get0_public_key(key),
- xA, yA, ctx)
- || BN_bn2binpad(xA, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || BN_bn2binpad(yA, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || !EVP_DigestFinal(hash, out, NULL)) {
- fprintf(stderr, "internal error\n");
- goto done;
+ return 1;
+}
+
+static int check_base_point_param(struct sm2_param *param, EVP_MD_CTX *hash,
+ uint8_t *buf, int p_bytes)
+{
+ if (BN_bn2binpad(param->xG, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes) ||
+ BN_bn2binpad(param->yG, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes)) {
+ fprintf(stderr, "failed to check base point param\n");
+ return 0;
}
- rc = 1;
+ return 1;
+}
-done:
+static int check_pkey_point_group_param(struct sm2_param *param, BN_CTX *ctx,
+ const EC_KEY *key)
+{
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+
+ if (!EC_POINT_get_affine_coordinates(group,
+ EC_KEY_get0_public_key(key),
+ param->xA, param->yA, ctx)) {
+ fprintf(stderr, "failed to check pkey point group param\n");
+ return 0;
+ }
+ return 1;
+}
+
+static int check_pkey_point_param(struct sm2_param *param, EVP_MD_CTX *hash,
+ uint8_t *buf, int p_bytes, uint8_t *out)
+{
+ if (BN_bn2binpad(param->xA, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes) ||
+ BN_bn2binpad(param->yA, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes) ||
+ !EVP_DigestFinal(hash, out, NULL)) {
+ fprintf(stderr, "failed to check pkey point param\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int sm2_compute_z_digest(uint8_t *out, const EVP_MD *digest,
+ const uint8_t *id, const size_t id_len,
+ const EC_KEY *key)
+{
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+ struct sm2_param *param = NULL;
+ EVP_MD_CTX *hash = NULL;
+ uint8_t *buf = NULL;
+ BN_CTX *ctx = NULL;
+ int p_bytes;
+ int ret = 0;
+
+ hash = EVP_MD_CTX_new();
+ if (!hash)
+ return ret;
+
+ ctx = BN_CTX_new();
+ if (!ctx)
+ goto free_hash;
+
+ param = OPENSSL_zalloc(sizeof(struct sm2_param));
+ if (!param) {
+ fprintf(stderr, "failed to malloc sm2 param\n");
+ goto free_ctx;
+ }
+
+ if (!get_sm2_param(param, ctx))
+ goto free_param;
+
+ if (!check_digest_evp_lib(digest, hash, id_len, id))
+ goto free_param;
+
+ if (!EC_GROUP_get_curve(group, param->p, param->a, param->b, ctx)) {
+ fprintf(stderr, "failed to get curve\n");
+ goto free_param;
+ }
+
+ p_bytes = BN_num_bytes(param->p);
+ buf = OPENSSL_zalloc(p_bytes);
+ if (!buf) {
+ fprintf(stderr, "failed to malloc buf\n");
+ goto free_param;
+ }
+
+ if (!check_equation_param(param, hash, buf, p_bytes) ||
+ !check_base_point_group_param(param, ctx, key) ||
+ !check_base_point_param(param, hash, buf, p_bytes) ||
+ !check_pkey_point_group_param(param, ctx, key) ||
+ !check_pkey_point_param(param, hash, buf, p_bytes, out))
+ goto free_buf;
+
+ ret = 1;
+
+free_buf:
OPENSSL_free(buf);
+free_param:
+ OPENSSL_free(param);
+free_ctx:
BN_CTX_free(ctx);
+free_hash:
EVP_MD_CTX_free(hash);
- return rc;
+ return ret;
}
static int sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
--
2.24.4

232
0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch Normal file
View File

@ -0,0 +1,232 @@
From 1bb24b3d0769f82e6903ca94fa6b8ad466eb5bbe Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Fri, 24 Dec 2021 08:44:03 +0000
Subject: [PATCH 09/18] ecc: bugfix about ecc init after alloc sess
When executing allocating session operation, it needs
sched_init(), which is supported by init operation
in the engine, so the init operation should be done
before executing allocating session operation.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 93 +++++++++++++++++++++++----------------------------
1 file changed, 42 insertions(+), 51 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 9040d3c..0c8a011 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -426,7 +426,10 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
if (ret)
goto do_soft;
- ret = UADK_DO_SOFT;
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
+
sess = ecc_alloc_sess(eckey, "ecdsa");
if (!sess)
goto do_soft;
@@ -438,33 +441,28 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
if (ret)
goto free_sess;
- ret = uadk_ecc_set_private_key(sess, eckey);
+ ret = uadk_ecc_set_private_key(sess, eckey);
if (ret)
goto uninit_iot;
- ret = uadk_init_ecc();
- if (ret) {
- ret = UADK_DO_SOFT;
- goto uninit_iot;
- }
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1) {
- ret = UADK_DO_SOFT;
+ if (ret != 1)
goto uninit_iot;
- }
sig = create_ecdsa_sig(&req);
+ wd_ecc_del_in(sess, req.src);
+ wd_ecc_del_out(sess, req.dst);
+ wd_ecc_free_sess(sess);
+
+ return sig;
+
uninit_iot:
wd_ecc_del_in(sess, req.src);
wd_ecc_del_out(sess, req.dst);
free_sess:
wd_ecc_free_sess(sess);
do_soft:
- if (ret != UADK_DO_SOFT)
- return sig;
-
fprintf(stderr, "switch to execute openssl software calculation.\n");
return openssl_do_sign(dgst, dlen, in_kinv, in_r, eckey);
}
@@ -617,7 +615,10 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen,
if (ret)
goto do_soft;
- ret = UADK_DO_SOFT;
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
+
sess = ecc_alloc_sess(eckey, "ecdsa");
if (!sess)
goto do_soft;
@@ -633,24 +634,19 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen,
if (ret)
goto uninit_iot;
- ret = uadk_init_ecc();
- if (ret) {
- ret = UADK_DO_SOFT;
- goto uninit_iot;
- }
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
if (ret != 1) {
- printf("failed to uadk_ecc_crypto, ret = %d\n", ret);
- ret = UADK_DO_SOFT;
+ fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
+ goto uninit_iot;
}
+
+ return ret;
+
uninit_iot:
wd_ecc_del_in(sess, req.src);
free_sess:
wd_ecc_free_sess(sess);
do_soft:
- if (ret != UADK_DO_SOFT)
- return ret;
fprintf(stderr, "switch to execute openssl software calculation.\n");
return openssl_do_verify(dgst, dlen, sig, eckey);
}
@@ -888,9 +884,12 @@ static int sm2_generate_key(EC_KEY *eckey)
ret = eckey_create_key(eckey);
if (!ret)
- return ret;
+ goto do_soft;
+
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
- ret = UADK_DO_SOFT;
sess = ecc_alloc_sess(eckey, "sm2");
if (!sess)
goto do_soft;
@@ -900,35 +899,29 @@ static int sm2_generate_key(EC_KEY *eckey)
if (ret)
goto free_sess;
- ret = uadk_init_ecc();
- if (ret) {
- ret = UADK_DO_SOFT;
- goto uninit_iot;
- }
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1) {
- ret = UADK_DO_SOFT;
+ if (ret != 1)
goto uninit_iot;
- }
ret = set_key_to_ec_key(eckey, &req);
if (ret)
goto uninit_iot;
ret = 1;
+ wd_ecc_del_out(sess, req.dst);
+ wd_ecc_free_sess(sess);
+
+ return ret;
+
uninit_iot:
wd_ecc_del_out(sess, req.dst);
free_sess:
wd_ecc_free_sess(sess);
do_soft:
- if (ret != UADK_DO_SOFT)
- return ret;
fprintf(stderr, "switch to execute openssl software calculation.\n");
return openssl_do_generate(eckey);
}
-
static int ecdh_keygen_init_iot(handle_t sess, struct wd_ecc_req *req,
EC_KEY *ecdh)
{
@@ -1108,6 +1101,10 @@ static int ecdh_generate_key(EC_KEY *ecdh)
if (!ret)
goto do_soft;
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
+
sess = ecc_alloc_sess(ecdh, "ecdh");
if (!sess)
goto do_soft;
@@ -1121,10 +1118,6 @@ static int ecdh_generate_key(EC_KEY *ecdh)
if (ret)
goto uninit_iot;
- ret = uadk_init_ecc();
- if (ret)
- goto uninit_iot;
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
if (ret != 1)
goto uninit_iot;
@@ -1202,10 +1195,8 @@ static int ecc_compkey_check(unsigned char **out,
return 1;
}
-static int ecdh_compute_key(unsigned char **out,
- size_t *outlen,
- const EC_POINT *pub_key,
- const EC_KEY *ecdh)
+static int ecdh_compute_key(unsigned char **out, size_t *outlen,
+ const EC_POINT *pub_key, const EC_KEY *ecdh)
{
struct wd_ecc_req req;
handle_t sess;
@@ -1215,6 +1206,10 @@ static int ecdh_compute_key(unsigned char **out,
if (!ret)
goto do_soft;
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
+
sess = ecc_alloc_sess(ecdh, "ecdh");
if (!sess)
goto do_soft;
@@ -1232,10 +1227,6 @@ static int ecdh_compute_key(unsigned char **out,
if (ret)
goto uninit_iot;
- ret = uadk_init_ecc();
- if (ret)
- goto uninit_iot;
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
if (ret != 1)
goto uninit_iot;
--
2.24.4

110
0010-rsa-cleanup-about-prime-generation.patch Normal file
View File

@ -0,0 +1,110 @@
From fc023b87189ff488b4e760567d92afeca2635559 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 25 Dec 2021 01:35:03 +0000
Subject: [PATCH 10/18] rsa: cleanup about prime generation
Reduce parameter number of rsa_prime_mul_res(),
and add comments of BN_GENCB_call().
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 28 +++++++++++++++++-----------
1 file changed, 17 insertions(+), 11 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index c1609ca..2526af9 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -164,14 +164,17 @@ static int rsa_check_bit_useful(const int bits, int flen)
}
}
-static int rsa_prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
+static int rsa_prime_mul_res(int num, struct rsa_prime_param *param,
BN_CTX *ctx, BN_GENCB *cb)
{
if (num == 1) {
- if (!BN_mul(r1, rsa_p, rsa_q, ctx))
+ if (!BN_mul(param->r1, param->rsa_p, param->rsa_q, ctx))
return BN_ERR;
} else {
- /* If num == 0, use number 3 to indicate do nothing */
+ /*
+ * Use the number 3 to indicate whether
+ * the generator has been found.
+ */
if (!BN_GENCB_call(cb, 3, num))
return BN_ERR;
return BN_CONTINUE;
@@ -189,8 +192,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
BN_ULONG bitst;
int ret;
- ret = rsa_prime_mul_res(*num, param->rsa_p, param->rsa_q,
- param->r1, ctx, cb);
+ ret = rsa_prime_mul_res(*num, param, ctx, cb);
if (ret)
return ret;
/*
@@ -224,7 +226,10 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
*bitse -= bitsr[*num];
else
return -1;
-
+ /*
+ * Use the number 2 to indicate whether
+ * a prime has been found.
+ */
ret = BN_GENCB_call(cb, 2, *n++);
if (!ret)
return -1;
@@ -237,7 +242,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
retries++;
return BN_REDO;
}
-
+ /* Use the number 3 to indicate whether the generator has been found. */
ret = BN_GENCB_call(cb, 3, *num);
if (!ret)
return BN_ERR;
@@ -314,6 +319,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
else
return BN_ERR;
+ /* Use the number 2 to indicate whether a prime has been found. */
if (!BN_GENCB_call(cb, 2, *n++))
return BN_ERR;
@@ -1094,7 +1100,7 @@ static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
int ret;
if (!default_meth) {
- printf("failed to get soft method.\n");
+ fprintf(stderr, "failed to get soft method.\n");
return UADK_E_FAIL;
}
@@ -1121,7 +1127,7 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess,
return UADK_E_FAIL;
keygen_param->wd_e->dsize = BN_bn2bin(bn_param->e,
- (unsigned char *)keygen_param->wd_e->data);
+ (unsigned char *)keygen_param->wd_e->data);
wd_rsa_get_prikey(rsa_sess->sess, &key_pair->prikey);
if (!key_pair->prikey)
@@ -1133,9 +1139,9 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess,
return UADK_E_FAIL;
keygen_param->wd_q->dsize = BN_bn2bin(bn_param->q,
- (unsigned char *)keygen_param->wd_q->data);
+ (unsigned char *)keygen_param->wd_q->data);
keygen_param->wd_p->dsize = BN_bn2bin(bn_param->p,
- (unsigned char *)keygen_param->wd_p->data);
+ (unsigned char *)keygen_param->wd_p->data);
rsa_sess->req.src_bytes = rsa_sess->key_size;
rsa_sess->req.dst_bytes = rsa_sess->key_size;
--
2.24.4

209
0011-ecc-cleanup-the-form-of-the-return-value.patch Normal file
View File

@ -0,0 +1,209 @@
From dbb4ff29da9ed378d8753a6e5d18e86756c1d254 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Mon, 27 Dec 2021 07:04:43 +0000
Subject: [PATCH 11/18] ecc: cleanup the form of the return value
This patch includes:
1. Unified the return value form.
2. Remove redundant goto jumps.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 20 +++++++++++---------
src/uadk_ecx.c | 8 ++++----
src/uadk_pkey.c | 5 ++---
src/uadk_sm2.c | 8 ++++----
4 files changed, 21 insertions(+), 20 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 0c8a011..db69871 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -446,7 +446,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
goto uninit_iot;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
sig = create_ecdsa_sig(&req);
@@ -635,11 +635,14 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen,
goto uninit_iot;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
goto uninit_iot;
}
+ wd_ecc_del_in(sess, req.src);
+ wd_ecc_free_sess(sess);
+
return ret;
uninit_iot:
@@ -701,7 +704,7 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req)
tmp = BN_bin2bn((unsigned char *)privkey->data, privkey->dsize, NULL);
ret = EC_KEY_set_private_key(ec, tmp);
BN_free(tmp);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to EC KEY set private key\n");
return -EINVAL;
}
@@ -725,7 +728,7 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req)
ret = EC_KEY_set_public_key(ec, point);
EC_POINT_free(point);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to EC_KEY_set_public_key\n");
return -EINVAL;
}
@@ -900,18 +903,17 @@ static int sm2_generate_key(EC_KEY *eckey)
goto free_sess;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = set_key_to_ec_key(eckey, &req);
if (ret)
goto uninit_iot;
- ret = 1;
wd_ecc_del_out(sess, req.dst);
wd_ecc_free_sess(sess);
- return ret;
+ return 1;
uninit_iot:
wd_ecc_del_out(sess, req.dst);
@@ -1119,7 +1121,7 @@ static int ecdh_generate_key(EC_KEY *ecdh)
goto uninit_iot;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = ecdh_set_key_to_ec_key(ecdh, &req);
@@ -1228,7 +1230,7 @@ static int ecdh_compute_key(unsigned char **out, size_t *outlen,
goto uninit_iot;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = ecdh_get_shared_key(ecdh, out, outlen, &req);
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 6a9f78c..67f9350 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -399,7 +399,7 @@ static int x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
goto uninit_iot;
ret = uadk_ecc_crypto(keygen_ctx->sess, &req, (void *)keygen_ctx->sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = ecx_keygen_set_pkey(pkey, keygen_ctx, &req, ecx_key);
@@ -457,7 +457,7 @@ static int x448_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
goto uninit_iot;
ret = uadk_ecc_crypto(keygen_ctx->sess, &req, (void *)keygen_ctx->sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = ecx_keygen_set_pkey(pkey, keygen_ctx, &req, ecx_key);
@@ -659,7 +659,7 @@ static int x25519_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
goto uninit_iot;
ret = uadk_ecc_crypto(derive_ctx->sess, &req, (void *)derive_ctx);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
wd_ecxdh_get_out_params(req.dst, &s_key);
@@ -745,7 +745,7 @@ static int x448_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
goto uninit_iot;
ret = uadk_ecc_crypto(derive_ctx->sess, &req, (void *)derive_ctx);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
wd_ecxdh_get_out_params(req.dst, &s_key);
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 62362b0..7ca998b 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -273,8 +273,7 @@ static void uadk_wd_ecc_uninit(void)
ecc_res.pid = 0;
}
-int uadk_ecc_crypto(handle_t sess,
- struct wd_ecc_req *req, void *usr)
+int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr)
{
struct uadk_e_cb_info cb_param;
struct async_op op;
@@ -314,7 +313,7 @@ int uadk_ecc_crypto(handle_t sess,
} else {
ret = wd_do_ecc_sync(sess, req);
if (ret < 0)
- return ret;
+ return 0;
}
return 1;
err:
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 6d5dad0..f602e48 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -359,7 +359,7 @@ static int sign_bin_to_ber(EC_KEY *ec, struct wd_dtb *r, struct wd_dtb *s,
}
ret = ECDSA_SIG_set0(e_sig, br, bs);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to ECDSA_SIG_set0\n");
ret = -EINVAL;
goto free_s;
@@ -686,7 +686,7 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
}
ret = uadk_ecc_crypto(smctx->sess, &req, smctx);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
ret = UADK_DO_SOFT;
goto uninit_iot;
@@ -907,7 +907,7 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx,
}
ret = uadk_ecc_crypto(smctx->sess, &req, smctx);
- if (ret != 1) {
+ if (!ret) {
ret = UADK_DO_SOFT;
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
goto uninit_iot;
@@ -1061,7 +1061,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
}
ret = uadk_ecc_crypto(smctx->sess, &req, smctx);
- if (ret != 1) {
+ if (!ret) {
ret = UADK_DO_SOFT;
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
goto uninit_iot;
--
2.24.4

140
0012-engine-fix-uadk-engine-compatibility-issue.patch Normal file
View File

@ -0,0 +1,140 @@
From c212eedcab9135acc0433a125c8fab151674e8c5 Mon Sep 17 00:00:00 2001
From: Wenkai Lin <linwenkai6@hisilicon.com>
Date: Tue, 23 Nov 2021 09:14:31 +0000
Subject: [PATCH 12/18] engine: fix uadk engine compatibility issue
When uadk use no sva mode, it should use wd_get_available_dev_num,
otherwise, it will not find old kernel's device path with attrs.
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
---
src/e_uadk.c | 70 +++++++++++++++---------------------
src/v1/uadk_v1.h | 1 +
src/v1/wdmngr/wd_alg_queue.c | 4 +++
src/v1/wdmngr/wd_alg_queue.h | 2 ++
4 files changed, 36 insertions(+), 41 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 18c2e4e..4e87c86 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -239,54 +239,42 @@ static void engine_init_child_at_fork_handler(void)
#ifdef KAE
static void bind_fn_kae_alg(ENGINE *e)
{
- struct uacce_dev *dev;
+ int dev_num;
- dev = wd_get_accel_dev("cipher");
- if (dev) {
- if (!(dev->flags & UACCE_DEV_SVA)) {
- cipher_module_init();
- if (!ENGINE_set_ciphers(e, sec_engine_ciphers))
- fprintf(stderr, "uadk bind cipher failed\n");
- else
- uadk_cipher_nosva = 1;
- }
- free(dev);
+ dev_num = wd_get_nosva_dev_num("cipher");
+ if (dev_num > 0) {
+ cipher_module_init();
+ if (!ENGINE_set_ciphers(e, sec_engine_ciphers))
+ fprintf(stderr, "uadk bind cipher failed\n");
+ else
+ uadk_cipher_nosva = 1;
}
- dev = wd_get_accel_dev("digest");
- if (dev) {
- if (!(dev->flags & UACCE_DEV_SVA)) {
- digest_module_init();
- if (!ENGINE_set_digests(e, sec_engine_digests))
- fprintf(stderr, "uadk bind digest failed\n");
- else
- uadk_digest_nosva = 1;
- }
- free(dev);
+ dev_num = wd_get_nosva_dev_num("digest");
+ if (dev_num > 0) {
+ digest_module_init();
+ if (!ENGINE_set_digests(e, sec_engine_digests))
+ fprintf(stderr, "uadk bind digest failed\n");
+ else
+ uadk_digest_nosva = 1;
}
- dev = wd_get_accel_dev("rsa");
- if (dev) {
- if (!(dev->flags & UACCE_DEV_SVA)) {
- hpre_module_init();
- if (!ENGINE_set_RSA(e, hpre_get_rsa_methods()))
- fprintf(stderr, "uadk bind rsa failed\n");
- else
- uadk_rsa_nosva = 1;
- }
- free(dev);
+ dev_num = wd_get_nosva_dev_num("rsa");
+ if (dev_num > 0) {
+ hpre_module_init();
+ if (!ENGINE_set_RSA(e, hpre_get_rsa_methods()))
+ fprintf(stderr, "uadk bind rsa failed\n");
+ else
+ uadk_rsa_nosva = 1;
}
- dev = wd_get_accel_dev("dh");
- if (dev) {
- if (!(dev->flags & UACCE_DEV_SVA)) {
- hpre_module_dh_init();
- if (!ENGINE_set_DH(e, hpre_get_dh_methods()))
- fprintf(stderr, "uadk bind dh failed\n");
- else
- uadk_dh_nosva = 1;
- }
- free(dev);
+ dev_num = wd_get_nosva_dev_num("dh");
+ if (dev_num > 0) {
+ hpre_module_dh_init();
+ if (!ENGINE_set_DH(e, hpre_get_dh_methods()))
+ fprintf(stderr, "uadk bind dh failed\n");
+ else
+ uadk_dh_nosva = 1;
}
}
#endif
diff --git a/src/v1/uadk_v1.h b/src/v1/uadk_v1.h
index f5081e3..d921706 100644
--- a/src/v1/uadk_v1.h
+++ b/src/v1/uadk_v1.h
@@ -35,4 +35,5 @@ extern void hpre_dh_destroy(void);
extern int hpre_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
const int **pnids, int nid);
+extern int wd_get_nosva_dev_num(const char *algorithm);
#endif
diff --git a/src/v1/wdmngr/wd_alg_queue.c b/src/v1/wdmngr/wd_alg_queue.c
index 79c9a6d..5cd33ae 100644
--- a/src/v1/wdmngr/wd_alg_queue.c
+++ b/src/v1/wdmngr/wd_alg_queue.c
@@ -74,3 +74,7 @@ void wd_free_queue(struct wd_queue *queue)
}
}
+int wd_get_nosva_dev_num(const char *algorithm)
+{
+ return wd_get_available_dev_num(algorithm);
+}
diff --git a/src/v1/wdmngr/wd_alg_queue.h b/src/v1/wdmngr/wd_alg_queue.h
index 4fd3a9d..955eed5 100644
--- a/src/v1/wdmngr/wd_alg_queue.h
+++ b/src/v1/wdmngr/wd_alg_queue.h
@@ -25,4 +25,6 @@
struct wd_queue *wd_new_queue(int algtype);
void wd_free_queue(struct wd_queue *queue);
+
+int wd_get_nosva_dev_num(const char *algorithm);
#endif
--
2.24.4

31
0013-digest-modify-the-process-of-free-session.patch Normal file
View File

@ -0,0 +1,31 @@
From ca59dfa548656d82d6d50a6dad6bfc88b2825473 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 6 Jan 2022 14:49:27 +0800
Subject: [PATCH 13/18] digest: modify the process of free session
Currently, release the session in the cleanup instead of final. so not
should free session in the final. Here is fix it.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 41de449..cbfb539 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -688,10 +688,6 @@ sync_err:
ret = uadk_e_digest_soft_work(priv, priv->tail, digest);
clear:
async_clear_async_event_notification();
- if (priv->sess) {
- wd_digest_free_sess(priv->sess);
- priv->sess = 0;
- }
return ret;
}
--
2.24.4

153
0014-digest-modify-the-process-of-soft-and-hardware-hando.patch Normal file
View File

@ -0,0 +1,153 @@
From 7efc5b169d74b84af8108bc736d80eedbe3a8004 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 6 Jan 2022 14:48:13 +0800
Subject: [PATCH 14/18] digest: modify the process of soft and hardware handoff
Due to has added the stream mode for digest. So need to modify the
process of software and hardware handoff.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 60 +++++++++++++++++++++++++++++++++++++----------
1 file changed, 48 insertions(+), 12 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index cbfb539..bf738af 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -44,6 +44,14 @@
#define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024)
#define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
#define MAX_DIGEST_LENGTH 64
+#define DIGEST_BLOCK_SIZE (512 * 1024)
+
+enum sec_digestz_state {
+ SEC_DIGEST_INIT,
+ SEC_DIGEST_FIRST_UPDATING,
+ SEC_DIGEST_DOING,
+ SEC_DIGEST_FINAL
+};
struct digest_threshold_table {
int nid;
@@ -72,21 +80,19 @@ struct evp_md_ctx_st {
int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
};
-#define DIGEST_BLOCK_SIZE 4096
-
struct digest_priv_ctx {
handle_t sess;
struct wd_digest_sess_setup setup;
struct wd_digest_req req;
unsigned char *data;
unsigned char out[MAX_DIGEST_LENGTH];
- size_t tail;
+ EVP_MD_CTX *soft_ctx;
size_t last_update_bufflen;
- bool copy;
uint32_t e_nid;
- EVP_MD_CTX *soft_ctx;
- size_t switch_threshold;
+ uint32_t state;
+ uint32_t switch_threshold;
int switch_flag;
+ bool copy;
};
static int digest_nids[] = {
@@ -150,7 +156,7 @@ static const EVP_MD *uadk_e_digests_soft_md(uint32_t e_nid)
return digest_md;
}
-static int sec_digest_get_sw_threshold(int n_id)
+static uint32_t sec_digest_get_sw_threshold(int n_id)
{
int threshold_table_size = ARRAY_SIZE(digest_pkt_threshold_table);
int i = 0;
@@ -464,6 +470,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
priv->soft_ctx = EVP_MD_CTX_new();
priv->e_nid = nid;
+ priv->state = SEC_DIGEST_INIT;
ret = uadk_e_init_digest();
if (!ret) {
priv->switch_flag = UADK_DO_SOFT;
@@ -504,7 +511,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
return 0;
priv->data = malloc(DIGEST_BLOCK_SIZE);
- if (priv->data == NULL) {
+ if (!priv->data) {
wd_digest_free_sess(priv->sess);
return 0;
}
@@ -540,9 +547,16 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
left_len -= copy_to_bufflen;
tmpdata += copy_to_bufflen;
+ if (priv->state == SEC_DIGEST_INIT)
+ priv->state = SEC_DIGEST_FIRST_UPDATING;
+ else if (priv->state == SEC_DIGEST_FIRST_UPDATING)
+ priv->state = SEC_DIGEST_DOING;
+
ret = wd_do_digest_sync(priv->sess, &priv->req);
- if (ret)
- return 0;
+ if (ret) {
+ fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n");
+ goto do_soft_digest;
+ }
priv->last_update_bufflen = 0;
memset(priv->data, 0, DIGEST_BLOCK_SIZE);
@@ -551,10 +565,26 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
memcpy(priv->data, tmpdata, priv->last_update_bufflen);
break;
}
+ }
+
+ return 1;
+do_soft_digest:
+ if (priv->state == SEC_DIGEST_FIRST_UPDATING
+ && priv->data
+ && priv->last_update_bufflen != 0) {
+ priv->switch_flag = UADK_DO_SOFT;
+ digest_soft_init(priv->soft_ctx, priv->e_nid);
+ ret = digest_soft_update(priv->soft_ctx, priv->e_nid,
+ priv->data, priv->last_update_bufflen);
+ if (ret != 1)
+ return ret;
+ return digest_soft_update(priv->soft_ctx, priv->e_nid,
+ tmpdata, left_len);
}
- return 1;
+ fprintf(stderr, "do soft digest failed during updating!\n");
+ return 0;
}
static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_len)
@@ -681,11 +711,17 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
goto clear;
}
memcpy(digest, priv->req.out, priv->req.out_bytes);
+ priv->last_update_bufflen = 0;
return 1;
sync_err:
- ret = uadk_e_digest_soft_work(priv, priv->tail, digest);
+ if (priv->state == SEC_DIGEST_INIT) {
+ ret = uadk_e_digest_soft_work(priv, priv->req.in_bytes, digest);
+ } else {
+ ret = 0;
+ fprintf(stderr, "do sec digest stream mode failed.\n");
+ }
clear:
async_clear_async_event_notification();
return ret;
--
2.24.4

114
0015-ecc-bugfix-about-sm2-decryption.patch Normal file
View File

@ -0,0 +1,114 @@
From 32c58bf68e7f33d0170b3cc9040a11395a68df72 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 8 Jan 2022 07:24:22 +0000
Subject: [PATCH 15/18] ecc: bugfix about sm2 decryption
When doing sm2_decrypt_check(), if the out param is NULL,
it is supposed to use sm2_plaintext_size() function to
get the output plain text length, rather than use
sm2_ciphertext_size().
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_sm2.c | 29 ++++++++++++++++++++++-------
1 file changed, 22 insertions(+), 7 deletions(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index f602e48..b39c418 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -524,7 +524,7 @@ static int cipher_ber_to_bin(unsigned char *ber, size_t ber_len,
len = BN_num_bytes(ctext_struct->C1x);
len1 = BN_num_bytes(ctext_struct->C1y);
c1->x.data = malloc(len + len1 + ctext_struct->C2->length +
- ctext_struct->C3->length);
+ ctext_struct->C3->length);
if (!c1->x.data) {
ret = -ENOMEM;
goto free_ctext;
@@ -547,7 +547,6 @@ free_ctext:
static size_t ec_field_size(const EC_GROUP *group)
{
- /* Is there some simpler way to do this? */
BIGNUM *p = BN_new();
BIGNUM *a = BN_new();
BIGNUM *b = BN_new();
@@ -559,7 +558,7 @@ static size_t ec_field_size(const EC_GROUP *group)
if (!EC_GROUP_get_curve(group, p, a, b, NULL))
goto done;
- /* Pad and convert bits to bytes*/
+ /* Pad and convert bits to bytes */
field_size = (BN_num_bits(p) + 7) / 8;
done:
@@ -570,6 +569,22 @@ done:
return field_size;
}
+static int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size)
+{
+ struct sm2_ciphertext *sm2_ctext;
+
+ sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size);
+ if (!sm2_ctext) {
+ fprintf(stderr, "invalid sm2 encoding\n");
+ return 0;
+ }
+
+ *pt_size = sm2_ctext->C2->length;
+ SM2_Ciphertext_free(sm2_ctext);
+
+ return 1;
+}
+
static int sm2_ciphertext_size(const EC_KEY *key,
const EVP_MD *digest, size_t msg_len,
size_t *ct_size)
@@ -589,6 +604,7 @@ static int sm2_ciphertext_size(const EC_KEY *key,
+ ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING)
+ ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING);
*ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE);
+
return 1;
}
@@ -792,7 +808,7 @@ static int sm2_verify(EVP_PKEY_CTX *ctx,
}
ret = uadk_ecc_crypto(smctx->sess, &req, smctx);
- if (ret != 1) {
+ if (!ret) {
ret = UADK_DO_SOFT;
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
goto uninit_iot;
@@ -941,8 +957,6 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx,
const unsigned char *in, size_t inlen)
{
struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx);
- EVP_PKEY *p_key = EVP_PKEY_CTX_get0_pkey(ctx);
- EC_KEY *ec = EVP_PKEY_get0(p_key);
const EVP_MD *md;
int hash_size;
@@ -959,7 +973,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx,
}
if (!out) {
- if (!sm2_ciphertext_size(ec, md, inlen, outlen))
+ if (!sm2_plaintext_size(in, inlen, outlen))
return -1;
else
return 1;
@@ -1039,6 +1053,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
}
md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
+
ret = cipher_ber_to_bin((void *)in, inlen, &c1, &c2, &c3);
if (ret)
goto do_soft;
--
2.24.4

103
0016-dh-bugfix-about-dh-compute-key.patch Normal file
View File

@ -0,0 +1,103 @@
From ff486764bbab601177acad102febb1497262a88c Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 8 Jan 2022 08:42:55 +0000
Subject: [PATCH 16/18] dh: bugfix about dh compute key
This patch includes:
1. Add an UADK_DO_SOFT tag when dh_do_crypto() failed.
2. Do some tiny cleanup.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_dh.c | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 9c2bfbf..989c9ec 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -741,13 +741,12 @@ static int dh_soft_set_pkey(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
return UADK_E_SUCCESS;
}
-/* Main Phase1: Generate public key */
static int uadk_e_dh_generate_key(DH *dh)
{
struct uadk_dh_sess *dh_sess = NULL;
- int bits = DH_bits(dh);
- BIGNUM *pub_key = NULL;
BIGNUM *priv_key = NULL;
+ BIGNUM *pub_key = NULL;
+ int bits = DH_bits(dh);
const BIGNUM *p = NULL;
const BIGNUM *g = NULL;
const BIGNUM *q = NULL;
@@ -771,7 +770,6 @@ static int uadk_e_dh_generate_key(DH *dh)
goto exe_soft;
}
- /* Fill request data */
ret = dh_fill_genkey_req(g, p, priv_key, dh_sess);
if (!ret) {
fprintf(stderr, "failed to fill req\n");
@@ -786,7 +784,6 @@ static int uadk_e_dh_generate_key(DH *dh)
goto free_sess;
}
- /* Get the generated public key from uadk(->hardware) */
ret = dh_get_pubkey(dh_sess, &pub_key);
if (!ret) {
fprintf(stderr, "failed to get public key\n");
@@ -794,7 +791,6 @@ static int uadk_e_dh_generate_key(DH *dh)
goto free_sess;
}
- /* Set the public key and private key */
ret = dh_soft_set_pkey(dh, pub_key, priv_key);
free_sess:
@@ -806,16 +802,15 @@ exe_soft:
return uadk_e_dh_soft_generate_key(dh);
}
-/* Main Phase2: Compute shared key */
static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
DH *dh)
{
struct uadk_dh_sess *dh_sess = NULL;
+ BIGNUM *priv_key = NULL;
int bits = DH_bits(dh);
const BIGNUM *p = NULL;
const BIGNUM *g = NULL;
const BIGNUM *q = NULL;
- BIGNUM *priv_key = NULL;
int ret;
if (!dh || !key || !pub_key || !DH_get0_priv_key(dh))
@@ -845,6 +840,7 @@ static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
ret = dh_do_crypto(dh_sess);
if (!ret) {
fprintf(stderr, "failed to generate DH shared key\n");
+ ret = UADK_DO_SOFT;
goto free_sess;
}
@@ -894,7 +890,6 @@ static void uadk_e_delete_dh_meth(void)
uadk_dh_method = NULL;
}
-
int uadk_e_bind_dh(ENGINE *e)
{
pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE);
@@ -905,7 +900,6 @@ int uadk_e_bind_dh(ENGINE *e)
void uadk_e_destroy_dh(void)
{
pthread_spin_destroy(&g_dh_res.lock);
-
uadk_e_delete_dh_meth();
uadk_e_wd_dh_uninit();
}
--
2.24.4

28
0017-ecc-bugfix-about-ecc-general-init.patch Normal file
View File

@ -0,0 +1,28 @@
From 3ff18ada641a8ad6c54a6054b4b8323b0b4389a2 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 8 Jan 2022 09:03:00 +0000
Subject: [PATCH 17/18] ecc: bugfix about ecc general init
When calloc failed, it should return with error code directly.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_pkey.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 7ca998b..14e0b8f 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -189,7 +189,7 @@ static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
ctx_cfg = calloc(1, sizeof(struct wd_ctx_config));
if (!ctx_cfg)
- ret = -ENOMEM;
+ return -ENOMEM;
ecc_res.ctx_res = ctx_cfg;
ctx_cfg->ctx_num = CTX_NUM;
--
2.24.4

113
0018-digest-fix-codecheck-warning.patch Normal file
View File

@ -0,0 +1,113 @@
From e26726746340428c58ea1ce2460c0fb669bb7545 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Fri, 7 Jan 2022 09:56:54 +0800
Subject: [PATCH 18/18] digest: fix codecheck warning
fix a more than 50 lines function uadk_e_digest_init.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 57 ++++++++++++++++++++++++++---------------------
1 file changed, 31 insertions(+), 26 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index bf738af..5b843a0 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -95,6 +95,13 @@ struct digest_priv_ctx {
bool copy;
};
+struct digest_info {
+ int nid;
+ enum wd_digest_mode mode;
+ enum wd_digest_type alg;
+ __u32 out_len;
+};
+
static int digest_nids[] = {
NID_md5,
NID_sm3,
@@ -116,6 +123,16 @@ static struct digest_threshold_table digest_pkt_threshold_table[] = {
{ NID_sha512, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
};
+static struct digest_info digest_info_table[] = {
+ {NID_md5, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16},
+ {NID_sm3, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32},
+ {NID_sha1, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20},
+ {NID_sha224, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28},
+ {NID_sha256, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32},
+ {NID_sha384, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48},
+ {NID_sha512, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64},
+};
+
static EVP_MD *uadk_md5;
static EVP_MD *uadk_sm3;
static EVP_MD *uadk_sha1;
@@ -451,8 +468,8 @@ static void digest_priv_ctx_setup(struct digest_priv_ctx *priv,
enum wd_digest_type alg, enum wd_digest_mode mode,
__u32 out_len)
{
- priv->setup.mode = alg;
- priv->setup.alg = mode;
+ priv->setup.alg = alg;
+ priv->setup.mode = mode;
priv->req.out_buf_bytes = out_len;
priv->req.out_bytes = out_len;
}
@@ -461,9 +478,10 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
{
struct digest_priv_ctx *priv =
(struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx);
+ int digest_counts = ARRAY_SIZE(digest_info_table);
int nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
struct sched_params params = {0};
- int ret;
+ int ret, i;
/* Allocate a soft ctx for hardware engine */
if (priv->soft_ctx == NULL)
@@ -478,29 +496,16 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
goto soft_init;
}
- switch (nid) {
- case NID_md5:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16);
- break;
- case NID_sm3:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32);
- break;
- case NID_sha1:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20);
- break;
- case NID_sha224:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28);
- break;
- case NID_sha256:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32);
- break;
- case NID_sha384:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48);
- break;
- case NID_sha512:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64);
- break;
- default:
+ for (i = 0; i < digest_counts; i++) {
+ if (nid == digest_info_table[i].nid) {
+ digest_priv_ctx_setup(priv, digest_info_table[i].alg,
+ digest_info_table[i].mode, digest_info_table[i].out_len);
+ break;
+ }
+ }
+
+ if (i == digest_counts) {
+ fprintf(stderr, "failed to setup the private ctx.\n");
return 0;
}
--
2.24.4

BIN
uadk_engine-1.0.0.tar.gz
View File

Binary file not shown.

24
uadk_engine.spec
View File

@ -3,7 +3,7 @@
Name: uadk_engine Name: uadk_engine
Summary: UADK Accelerator Engine Summary: UADK Accelerator Engine
Version: 1.0.0 Version: 1.0.0
Release: 2 Release: 3
License: Apache-2.0 License: Apache-2.0
Source: %{name}-%{version}.tar.gz Source: %{name}-%{version}.tar.gz
ExclusiveOS: linux ExclusiveOS: linux
@ -16,7 +16,24 @@ BuildRequires: openssl-devel sed autoconf automake libtool
Requires: openssl Requires: openssl
ExclusiveArch: aarch64 ExclusiveArch: aarch64
Patch0001: 0001-digest-delete-some-duplicate-code.patch Patch0001: 0001-digest-support-digest-multiple-update.patch
Patch0002: 0002-uadk_engine-define-the-variable-as-const.patch
Patch0003: 0003-ecc-fix-codecheck-warning.patch
Patch0004: 0004-rsa-delete-redundant-copy.patch
Patch0005: 0005-rsa-fix-coverity-warning.patch
Patch0006: 0006-ecc-cleanup-duplicate-public-key-allocation.patch
Patch0007: 0007-rsa-cleanup-about-reducing-function-parameters.patch
Patch0008: 0008-ecc-cleanup-sm2-compute-digest-function.patch
Patch0009: 0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch
Patch0010: 0010-rsa-cleanup-about-prime-generation.patch
Patch0011: 0011-ecc-cleanup-the-form-of-the-return-value.patch
Patch0012: 0012-engine-fix-uadk-engine-compatibility-issue.patch
Patch0013: 0013-digest-modify-the-process-of-free-session.patch
Patch0014: 0014-digest-modify-the-process-of-soft-and-hardware-hando.patch
Patch0015: 0015-ecc-bugfix-about-sm2-decryption.patch
Patch0016: 0016-dh-bugfix-about-dh-compute-key.patch
Patch0017: 0017-ecc-bugfix-about-ecc-general-init.patch
Patch0018: 0018-digest-fix-codecheck-warning.patch
%description %description
This package contains the UADK Accelerator Engine This package contains the UADK Accelerator Engine
@ -66,6 +83,9 @@ fi
/sbin/ldconfig /sbin/ldconfig
%changelog %changelog
* Wed Jan 12 2022 linwenkai <linwenkai6@hisilicon.com> 1.0.0-3
- Backport uadk engine patch
* Fri Dec 10 2021 linwenkai <linwenkai6@hisilicon.com> 1.0.0-2 * Fri Dec 10 2021 linwenkai <linwenkai6@hisilicon.com> 1.0.0-2
- Delete digest duplicate code - Delete digest duplicate code