packages/uadk_engine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!34 Backport uadk engine patch form v1.0.1 to 1.2.0

Browse Source 
From: @xiao_jiang_shui 
Reviewed-by: @hao-fang 
Signed-off-by: @hao-fang
This commit is contained in:
openeuler-ci-bot 2023-09-04 07:12:36 +00:00 committed by Gitee
commit bbe7c31d17
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
80 changed files with 1790 additions and 8795 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
0001-digest-support-digest-multiple-update.patch
View File

@ -1,161 +0,0 @@
From 8cc0e8724565c12f0fa6f099070ec57504cd21fa Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 9 Dec 2021 15:39:32 +0800
Subject: [PATCH 01/18] digest: support digest multiple update
Support digest multiple updating by using the SEC stream mode.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 77 ++++++++++++++++++++++++++++++++++++++---------
1 file changed, 62 insertions(+), 15 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index db33d16..41de449 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -31,6 +31,8 @@
#define CTX_SYNC 0
#define CTX_ASYNC 1
#define CTX_NUM 2
+#define DIGEST_DOING 1
+#define DIGEST_END 0
#define ENV_ENABLED 1
/* The max BD data length is 16M-512B */
@@ -41,6 +43,7 @@
#define SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
#define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024)
#define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
+#define MAX_DIGEST_LENGTH 64
struct digest_threshold_table {
int nid;
@@ -69,12 +72,16 @@ struct evp_md_ctx_st {
int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
};
+#define DIGEST_BLOCK_SIZE 4096
+
struct digest_priv_ctx {
handle_t sess;
struct wd_digest_sess_setup setup;
struct wd_digest_req req;
unsigned char *data;
- long tail;
+ unsigned char out[MAX_DIGEST_LENGTH];
+ size_t tail;
+ size_t last_update_bufflen;
bool copy;
uint32_t e_nid;
EVP_MD_CTX *soft_ctx;
@@ -496,6 +503,13 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
if (unlikely(!priv->sess))
return 0;
+ priv->data = malloc(DIGEST_BLOCK_SIZE);
+ if (priv->data == NULL) {
+ wd_digest_free_sess(priv->sess);
+ return 0;
+ }
+ memset(priv->data, 0, DIGEST_BLOCK_SIZE);
+
priv->switch_threshold = sec_digest_get_sw_threshold(nid);
return 1;
@@ -504,6 +518,45 @@ soft_init:
return digest_soft_init(priv->soft_ctx, priv->e_nid);
}
+static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_len)
+{
+ struct digest_priv_ctx *priv =
+ (struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx);
+ const unsigned char *tmpdata = (const unsigned char *)data;
+ size_t left_len = data_len;
+ int copy_to_bufflen;
+ int ret;
+
+ priv->req.has_next = DIGEST_DOING;
+
+ while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) {
+ copy_to_bufflen = DIGEST_BLOCK_SIZE - priv->last_update_bufflen;
+ memcpy(priv->data + priv->last_update_bufflen, tmpdata, copy_to_bufflen);
+
+ priv->last_update_bufflen = DIGEST_BLOCK_SIZE;
+ priv->req.in_bytes = DIGEST_BLOCK_SIZE;
+ priv->req.in = priv->data;
+ priv->req.out = priv->out;
+ left_len -= copy_to_bufflen;
+ tmpdata += copy_to_bufflen;
+
+ ret = wd_do_digest_sync(priv->sess, &priv->req);
+ if (ret)
+ return 0;
+
+ priv->last_update_bufflen = 0;
+ memset(priv->data, 0, DIGEST_BLOCK_SIZE);
+ if (left_len <= DIGEST_BLOCK_SIZE) {
+ priv->last_update_bufflen = left_len;
+ memcpy(priv->data, tmpdata, priv->last_update_bufflen);
+ break;
+ }
+
+ }
+
+ return 1;
+}
+
static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_len)
{
struct digest_priv_ctx *priv =
@@ -512,20 +565,13 @@ static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_l
if (unlikely(priv->switch_flag == UADK_DO_SOFT))
goto soft_update;
- if ((data_len <= BUF_LEN - priv->tail) && (data_len > 0)) {
- if (!priv->data) {
- priv->data = OPENSSL_malloc(BUF_LEN);
- if (priv->data == NULL)
- return 0;
- }
-
- memcpy(priv->data + priv->tail, data, data_len);
- priv->tail += data_len;
-
+ if (priv->last_update_bufflen + data_len <= DIGEST_BLOCK_SIZE) {
+ memcpy(priv->data + priv->last_update_bufflen, data, data_len);
+ priv->last_update_bufflen += data_len;
return 1;
}
- return 0;
+ return digest_update_inner(ctx, data, data_len);
soft_update:
return digest_soft_update(priv->soft_ctx, priv->e_nid, data, data_len);
@@ -606,10 +652,10 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
(struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
int ret = 1;
struct async_op op;
-
+ priv->req.has_next = DIGEST_END;
priv->req.in = priv->data;
- priv->req.out = digest;
- priv->req.in_bytes = priv->tail;
+ priv->req.out = priv->out;
+ priv->req.in_bytes = priv->last_update_bufflen;
priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
ret = async_setup_async_event_notification(&op);
@@ -634,6 +680,7 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
if (!ret)
goto clear;
}
+ memcpy(digest, priv->req.out, priv->req.out_bytes);
return 1;
--
2.24.4

85
0001-readme-export-PKG_CONFIG_PATH-on-openEuler.patch Normal file
View File

@ -0,0 +1,85 @@
From 2f129935991cb3d8e3fdb8b85f5c8e500390ab01 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Tue, 6 Jun 2023 03:44:14 +0000
Subject: [PATCH 1/7] readme: export PKG_CONFIG_PATH on openEuler
openEuler requires setting PKG_CONFIG_PATH though /usr/local/lib/pkgconfig
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
README.md | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/README.md b/README.md
index 2fe165a..ac721e3 100644
--- a/README.md
+++ b/README.md
@@ -21,21 +21,32 @@ Installation Instruction
========================
Build and install OpenSSL
------------------------
+------------------------
```
git clone https://github.com/openssl/openssl.git
cd openssl
git checkout -b OpenSSL_1_1_1f OpenSSL_1_1_1f
- ./config -Wl,-rpath=/usr/local/lib
+ ./config
make
- make test
sudo make install
openssl version
```
+Run pkg-config to ensure env is setup correctly
+-----------------------------------------------
+
+```
+ $ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/
+ $ pkg-config libcrypto --libs
+ -L/usr/local/lib -lcrypto
+```
+
+* export ``PKG_CONFIG_PATH`` is required on openEuler,
+ where /usr/local/lib is not set as the default pkgconfig search path.
+
Build and install UADK
---------------------
+----------------------
```
git clone https://github.com/Linaro/uadk.git
@@ -46,16 +57,17 @@ Build and install UADK
make
sudo make install
```
+
* If get error:"cannot find -lnuma", please install the libnuma-dev
* If get error:"fatal error: zlib.h: No such file or directory", please install zlib.
Build and install UADK Engine
------------------------------------
+-----------------------------
```
git clone https://github.com/Linaro/uadk_engine.git
cd uadk_engine
autoreconf -i
- ./configure --libdir=/usr/local/lib/engines-1.1/ --enable-kae
+ ./configure --libdir=/usr/local/lib/engines-1.1/ [--enable-kae]
make
sudo make install
@@ -93,7 +105,7 @@ Install libraries to the temp folder
-L/tmp/build/lib -lwd
$ cd uadk_engine
- $ autoreconf
+ $ autoreconf -i
$ ./configure --prefix=/tmp/build
$ make; make install
--
2.25.1

38
0002-uadk_engine-define-the-variable-as-const.patch
View File

@ -1,38 +0,0 @@
From b7bb19a4e5c239035926f952d24c2e95bf813fd8 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Mon, 20 Dec 2021 02:48:54 +0000
Subject: [PATCH 02/18] uadk_engine: define the variable as 'const'
Parameter: 'n' in the function has not been changed,
it should be defined as 'const'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_rsa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index bab3c24..75ae0d1 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -174,7 +174,7 @@ static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
}
static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
- int *n, BIGNUM *rsa_p, BIGNUM *rsa_q,
+ const int *n, BIGNUM *rsa_p, BIGNUM *rsa_q,
BIGNUM *r1, BIGNUM *r2, BN_CTX *ctx,
BN_GENCB *cb)
{
@@ -268,7 +268,7 @@ static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
return UADK_E_SUCCESS;
}
-static int check_prime_useful(int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2,
+static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2,
BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb)
{
unsigned long err;
--
2.24.4

222
0002-uadk_engine-use-calloc-to-replace-malloc-memset.patch Normal file
View File

@ -0,0 +1,222 @@
From e6dcaa276f295a5baa6ea5109a943d2299ade757 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Tue, 6 Jun 2023 05:06:32 +0000
Subject: [PATCH 2/7] uadk_engine: use calloc to replace malloc+memset
malloc + memset(0) can be replaced by calloc
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk_async.c | 5 +----
src/uadk_ecx.c | 6 ++----
src/uadk_sm2.c | 4 +---
src/v1/alg/dh/hpre_dh_wd.c | 3 +--
src/v1/async/async_task_queue.c | 4 +---
src/v1/utils/engine_log.c | 6 ++----
src/v1/wdmngr/wd_alg_queue.c | 6 ++----
src/v1/wdmngr/wd_queue_memory.c | 11 ++++-------
8 files changed, 14 insertions(+), 31 deletions(-)
diff --git a/src/uadk_async.c b/src/uadk_async.c
index f21eabb..86aa9e5 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -362,13 +362,10 @@ int async_module_init(void)
if (pthread_mutex_init(&(poll_queue.async_task_mutex), NULL) < 0)
return 0;
- poll_queue.head = malloc(sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM);
+ poll_queue.head = calloc(ASYNC_QUEUE_TASK_NUM, sizeof(struct async_poll_task));
if (poll_queue.head == NULL)
return 0;
- memset(poll_queue.head, 0,
- sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM);
-
if (sem_init(&poll_queue.empty_sem, 0, ASYNC_QUEUE_TASK_NUM) != 0)
goto err;
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 2824a0d..0537890 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -89,12 +89,11 @@ static int x25519_init(EVP_PKEY_CTX *ctx)
return UADK_E_FAIL;
}
- x25519_ctx = malloc(sizeof(struct ecx_ctx));
+ x25519_ctx = calloc(1, sizeof(struct ecx_ctx));
if (!x25519_ctx) {
fprintf(stderr, "failed to alloc x25519 ctx\n");
return UADK_E_FAIL;
}
- memset(x25519_ctx, 0, sizeof(struct ecx_ctx));
setup.alg = "x25519";
setup.key_bits = X25519_KEYBITS;
@@ -146,13 +145,12 @@ static int x448_init(EVP_PKEY_CTX *ctx)
return UADK_E_FAIL;
}
- x448_ctx = malloc(sizeof(struct ecx_ctx));
+ x448_ctx = calloc(1, sizeof(struct ecx_ctx));
if (!x448_ctx) {
fprintf(stderr, "failed to alloc x448 ctx\n");
return UADK_E_FAIL;
}
- memset(x448_ctx, 0, sizeof(struct ecx_ctx));
setup.alg = "x448";
setup.key_bits = X448_KEYBITS;
params.numa_id = uadk_e_ecc_get_numa_id();
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 01186ef..63d4fdf 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -1157,14 +1157,12 @@ static int sm2_init(EVP_PKEY_CTX *ctx)
struct sm2_ctx *smctx;
int ret;
- smctx = malloc(sizeof(*smctx));
+ smctx = calloc(1, sizeof(*smctx));
if (!smctx) {
fprintf(stderr, "failed to alloc sm2 ctx\n");
return 0;
}
- memset(smctx, 0, sizeof(*smctx));
-
ret = uadk_e_ecc_get_support_state(SM2_SUPPORT);
if (!ret) {
fprintf(stderr, "sm2 is not supported\n");
diff --git a/src/v1/alg/dh/hpre_dh_wd.c b/src/v1/alg/dh/hpre_dh_wd.c
index 38a3d09..8dbb9b4 100644
--- a/src/v1/alg/dh/hpre_dh_wd.c
+++ b/src/v1/alg/dh/hpre_dh_wd.c
@@ -265,12 +265,11 @@ static hpre_dh_engine_ctx_t *hpre_dh_new_eng_ctx(DH *alg)
{
hpre_dh_engine_ctx_t *eng_ctx = NULL;
- eng_ctx = (hpre_dh_engine_ctx_t *)OPENSSL_malloc(sizeof(hpre_dh_engine_ctx_t));
+ eng_ctx = (hpre_dh_engine_ctx_t *)OPENSSL_calloc(1, sizeof(hpre_dh_engine_ctx_t));
if (eng_ctx == NULL) {
US_ERR("hpre engine_ctx malloc fail");
return NULL;
}
- kae_memset(eng_ctx, 0, sizeof(hpre_dh_engine_ctx_t));
eng_ctx->priv_ctx.ssl_alg = alg;
eng_ctx->qlist = kae_get_node_from_pool(g_hpre_dh_qnode_pool);
diff --git a/src/v1/async/async_task_queue.c b/src/v1/async/async_task_queue.c
index 2feea7e..0ef1e84 100644
--- a/src/v1/async/async_task_queue.c
+++ b/src/v1/async/async_task_queue.c
@@ -60,13 +60,11 @@ int async_poll_task_init_v1(void)
kae_memset(&g_async_poll_queue, 0, sizeof(g_async_poll_queue));
g_async_poll_queue.async_poll_task_queue_head =
- (async_poll_task *)malloc(sizeof(async_poll_task) * ASYNC_POLL_TASK_NUM);
+ (async_poll_task *)calloc(ASYNC_POLL_TASK_NUM, sizeof(async_poll_task));
if (g_async_poll_queue.async_poll_task_queue_head == NULL) {
US_ERR("no enough memory for task queue, errno=%d", errno); //lint !e666
return 0;
}
- kae_memset(g_async_poll_queue.async_poll_task_queue_head, 0,
- sizeof(async_poll_task) * ASYNC_POLL_TASK_NUM);
g_async_poll_queue.left_task = ASYNC_POLL_TASK_NUM;
ret = sem_init(&g_async_poll_queue.empty_sem, 0, (unsigned int)g_async_poll_queue.left_task);
diff --git a/src/v1/utils/engine_log.c b/src/v1/utils/engine_log.c
index 6e32b97..ef009e5 100644
--- a/src/v1/utils/engine_log.c
+++ b/src/v1/utils/engine_log.c
@@ -60,12 +60,10 @@ static void kae_set_conf_debuglevel(void)
if (conf_path == NULL || strlen(conf_path) > MAX_CONFIG_LEN)
goto err;
- file_path = (char *)kae_malloc(strlen(conf_path) + strlen(filename) + 1);
- debuglev = (char *)kae_malloc(MAX_LEVEL_LEN);
+ file_path = (char *)kae_calloc(1, strlen(conf_path) + strlen(filename) + 1);
+ debuglev = (char *)kae_calloc(1, MAX_LEVEL_LEN);
if (!file_path || !debuglev)
goto err;
- memset(debuglev, 0, MAX_LEVEL_LEN);
- memset(file_path, 0, sizeof(conf_path) + sizeof(filename) + 1);
strcat(file_path, conf_path);
strcat(file_path, filename);
ret = kae_drv_get_item(file_path, "LogSection", "debug_level", debuglev);
diff --git a/src/v1/wdmngr/wd_alg_queue.c b/src/v1/wdmngr/wd_alg_queue.c
index 5cd33ae..098231f 100644
--- a/src/v1/wdmngr/wd_alg_queue.c
+++ b/src/v1/wdmngr/wd_alg_queue.c
@@ -21,16 +21,14 @@
struct wd_queue *wd_new_queue(int algtype)
{
- struct wd_queue *queue = (struct wd_queue *)kae_malloc(sizeof(struct wd_queue));
int ret;
-
+ struct wd_queue *queue = (struct wd_queue *)kae_calloc(1,
+ sizeof(struct wd_queue));
if (queue == NULL) {
US_ERR("malloc failed");
return NULL;
}
- kae_memset(queue, 0, sizeof(struct wd_queue));
-
switch (algtype) {
case WCRYPTO_RSA:
queue->capa.alg = "rsa";
diff --git a/src/v1/wdmngr/wd_queue_memory.c b/src/v1/wdmngr/wd_queue_memory.c
index e6e7a2c..5f28357 100644
--- a/src/v1/wdmngr/wd_queue_memory.c
+++ b/src/v1/wdmngr/wd_queue_memory.c
@@ -62,13 +62,12 @@ struct wd_queue_mempool *wd_queue_mempool_create(struct wd_queue *q, unsigned in
kae_memset(addr, 0, rsv_mm_sz);
bitmap_sz = (block_num / BLOCKS_PER_BITMAP + 1) * sizeof(unsigned int);
- pool =
- (struct wd_queue_mempool *)kae_malloc(sizeof(struct wd_queue_mempool) + bitmap_sz);
+ pool = (struct wd_queue_mempool *)kae_calloc(1,
+ sizeof(struct wd_queue_mempool) + bitmap_sz);
if (pool == NULL) {
US_ERR("Alloc pool handle fail!");
return NULL;
}
- kae_memset(pool, 0, sizeof(struct wd_queue_mempool) + bitmap_sz);
pool->base = addr;
sem_init(&pool->mempool_sem, 0, 1);
@@ -190,13 +189,12 @@ KAE_QUEUE_POOL_HEAD_S *kae_init_queue_pool(int algtype)
/* malloc a pool */
kae_pool->kae_queue_pool = (KAE_QUEUE_POOL_NODE_S *)
- kae_malloc(KAE_QUEUE_POOL_MAX_SIZE * sizeof(KAE_QUEUE_POOL_NODE_S));
+ kae_calloc(KAE_QUEUE_POOL_MAX_SIZE, sizeof(KAE_QUEUE_POOL_NODE_S));
if (kae_pool->kae_queue_pool == NULL) {
US_ERR("malloc failed");
kae_free(kae_pool);
return NULL;
}
- kae_memset(kae_pool->kae_queue_pool, 0, KAE_QUEUE_POOL_MAX_SIZE * sizeof(KAE_QUEUE_POOL_NODE_S));
pthread_mutex_init(&kae_pool->kae_queue_mutex, NULL);
pthread_mutex_init(&kae_pool->destroy_mutex, NULL);
@@ -271,12 +269,11 @@ static KAE_QUEUE_DATA_NODE_S *kae_new_wd_queue_memory(int algtype)
{
KAE_QUEUE_DATA_NODE_S *queue_node = NULL;
- queue_node = (KAE_QUEUE_DATA_NODE_S *)kae_malloc(sizeof(KAE_QUEUE_DATA_NODE_S));
+ queue_node = (KAE_QUEUE_DATA_NODE_S *)kae_calloc(1, sizeof(KAE_QUEUE_DATA_NODE_S));
if (queue_node == NULL) {
US_ERR("malloc failed");
return NULL;
}
- kae_memset(queue_node, 0, sizeof(KAE_QUEUE_DATA_NODE_S));
queue_node->kae_wd_queue = wd_new_queue(algtype);
if (queue_node->kae_wd_queue == NULL) {
--
2.25.1

113
0003-ecc-fix-codecheck-warning.patch
View File

@ -1,113 +0,0 @@
From 1cd8bd255ae0f55742d2dffa7ba09aea28d56c9a Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Wed, 22 Dec 2021 03:37:13 +0000
Subject: [PATCH 03/18] ecc: fix codecheck warning
fix a more than 50 lines function 'uadk_wd_ecc_init'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_pkey.c | 61 +++++++++++++++++++++++++------------------------
1 file changed, 31 insertions(+), 30 deletions(-)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index c20b22b..62362b0 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -178,38 +178,20 @@ static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev)
return async_register_poll_fn(ASYNC_TASK_ECC, uadk_e_ecc_env_poll);
}
-static int uadk_wd_ecc_init(struct ecc_res_config *config)
+static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
+ struct wd_sched *sched)
{
- struct wd_sched *sched = &config->sched.wd_sched;
struct wd_ctx_config *ctx_cfg;
- struct uacce_dev *dev;
int ret, i;
- /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */
- dev = wd_get_accel_dev("ecdsa");
- if (!dev)
- return -ENOMEM;
-
- config->numa_id = dev->numa_id;
-
- ret = uadk_e_is_env_enabled("ecc");
- if (ret == ENV_ENABLED) {
- ret = uadk_e_wd_ecc_env_init(dev);
- goto free_dev;
- }
-
- if (ecc_res.ctx_res) {
- ret = 0;
- goto free_dev;
- }
+ if (ecc_res.ctx_res)
+ return 0;
ctx_cfg = calloc(1, sizeof(struct wd_ctx_config));
- if (!ctx_cfg) {
+ if (!ctx_cfg)
ret = -ENOMEM;
- goto free_dev;
- }
- ecc_res.ctx_res = ctx_cfg;
+ ecc_res.ctx_res = ctx_cfg;
ctx_cfg->ctx_num = CTX_NUM;
ctx_cfg->ctxs = calloc(CTX_NUM, sizeof(struct wd_ctx));
if (!ctx_cfg->ctxs) {
@@ -230,23 +212,42 @@ static int uadk_wd_ecc_init(struct ecc_res_config *config)
if (ret)
goto free_ctx;
- free(dev);
-
return async_register_poll_fn(ASYNC_TASK_ECC, uadk_ecc_poll);
free_ctx:
for (i = 0; i < CTX_NUM; i++) {
- if (ctx_cfg->ctxs[i].ctx) {
+ if (ctx_cfg->ctxs[i].ctx)
wd_release_ctx(ctx_cfg->ctxs[i].ctx);
- ctx_cfg->ctxs[i].ctx = 0;
- }
}
free(ctx_cfg->ctxs);
free_cfg:
free(ctx_cfg);
ecc_res.ctx_res = NULL;
-free_dev:
+
+ return ret;
+}
+
+static int uadk_wd_ecc_init(struct ecc_res_config *config)
+{
+ struct wd_sched *sched = &config->sched.wd_sched;
+ struct uacce_dev *dev;
+ int ret;
+
+ /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */
+ dev = wd_get_accel_dev("ecdsa");
+ if (!dev)
+ return -ENOMEM;
+
+ config->numa_id = dev->numa_id;
+
+ ret = uadk_e_is_env_enabled("ecc");
+ if (ret)
+ ret = uadk_e_wd_ecc_env_init(dev);
+ else
+ ret = uadk_e_wd_ecc_general_init(dev, sched);
+
free(dev);
+
return ret;
}
--
2.24.4

125
0003-v1-some-code-clean.patch Normal file
View File

@ -0,0 +1,125 @@
From e6dae9e2197dad6173f9ec7fbc55373adcfbb29e Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Tue, 6 Jun 2023 06:12:23 +0000
Subject: [PATCH 3/7] v1: some code clean
remove #if 0, print address, etc
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/v1/alg/ciphers/sec_ciphers_soft.c | 15 ++++-----------
src/v1/alg/pkey/hpre_rsa.c | 20 +-------------------
src/v1/alg/pkey/hpre_rsa_utils.c | 5 ++---
3 files changed, 7 insertions(+), 33 deletions(-)
diff --git a/src/v1/alg/ciphers/sec_ciphers_soft.c b/src/v1/alg/ciphers/sec_ciphers_soft.c
index 71fbb33..9c597b5 100644
--- a/src/v1/alg/ciphers/sec_ciphers_soft.c
+++ b/src/v1/alg/ciphers/sec_ciphers_soft.c
@@ -110,11 +110,11 @@ int sec_ciphers_sw_impl_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
/* allowed iv to be empty. */
if (unlikely(key == NULL)) {
- US_ERR("kae sw init parameter is NULL. key=%p", key);
+ US_ERR("kae sw init parameter is NULL");
return KAE_FAIL;
}
if (unlikely(ctx == NULL)) {
- US_ERR("kae sw init parameter is NULL. ctx=%p", ctx);
+ US_ERR("kae sw init parameter is NULL");
return KAE_FAIL;
}
@@ -155,11 +155,10 @@ int sec_ciphers_sw_impl_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
ret = EVP_CIPHER_meth_get_init(sw_cipher)(ctx, key, iv, enc);
EVP_CIPHER_CTX_set_cipher_data(ctx, priv_ctx);
if (ret != OPENSSL_SUCCESS) {
- US_ERR("OPENSSL init key failed. ctx=%p", ctx);
+ US_ERR("OPENSSL init key failed.");
kae_free(priv_ctx->sw_ctx_data);
return KAE_FAIL;
}
- US_DEBUG("kae sw init impl success. ctx=%p", ctx);
return KAE_SUCCESS;
}
@@ -185,18 +184,14 @@ int sec_ciphers_sw_impl_cleanup(EVP_CIPHER_CTX *ctx)
kae_free(priv_ctx->sw_ctx_data);
- US_DEBUG("kae sw cleanup impl success, ctx=%p", ctx);
-
return KAE_SUCCESS;
}
static int sec_ciphers_sw_impl_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
- if (unlikely((ctx == NULL) || (out == NULL) || (in == NULL))) {
- US_ERR("kae sw cipher parameter is null.ctx=%p, in=%p, out=%p, inl=%d", ctx, out, in, (int)inl);
+ if (unlikely((ctx == NULL) || (out == NULL) || (in == NULL)))
return KAE_FAIL;
- }
cipher_priv_ctx_t *priv_ctx = (cipher_priv_ctx_t *)EVP_CIPHER_CTX_get_cipher_data(ctx);
@@ -277,8 +272,6 @@ int sec_ciphers_sw_hw_ctx_sync(EVP_CIPHER_CTX *ctx, sec_cipher_priv_ctx_syncto_t
}
}
- US_DEBUG("state sync success, direct=%d[1:SW_TO_HW, 2:HW_TO_SW], offset=%d", direction, num);
-
return KAE_SUCCESS;
}
diff --git a/src/v1/alg/pkey/hpre_rsa.c b/src/v1/alg/pkey/hpre_rsa.c
index 6c1d96d..4e21dde 100644
--- a/src/v1/alg/pkey/hpre_rsa.c
+++ b/src/v1/alg/pkey/hpre_rsa.c
@@ -67,25 +67,7 @@ RSA_METHOD *hpre_get_rsa_methods(void)
return g_hpre_rsa_method;
if (g_soft_rsa_method != NULL)
return g_soft_rsa_method;
-#if 0
- if (!kae_get_device(g_hpre_device)) {
- const RSA_METHOD *default_soft_method = RSA_PKCS1_OpenSSL();
-
- g_soft_rsa_method = RSA_meth_new("SOFT RSA METHOD", 0);
- ret &= RSA_meth_set_pub_enc(g_soft_rsa_method, RSA_meth_get_pub_enc(default_soft_method));
- ret &= RSA_meth_set_priv_enc(g_soft_rsa_method, RSA_meth_get_priv_enc(default_soft_method));
- ret &= RSA_meth_set_pub_dec(g_soft_rsa_method, RSA_meth_get_pub_dec(default_soft_method));
- ret &= RSA_meth_set_priv_dec(g_soft_rsa_method, RSA_meth_get_priv_dec(default_soft_method));
- ret &= RSA_meth_set_keygen(g_soft_rsa_method, hpre_rsa_soft_genkey);
- ret &= RSA_meth_set_mod_exp(g_soft_rsa_method, RSA_meth_get_mod_exp(default_soft_method));
- ret &= RSA_meth_set_bn_mod_exp(g_soft_rsa_method, RSA_meth_get_bn_mod_exp(default_soft_method));
- if (ret == 0) {
- US_ERR("Failed to set SOFT RSA methods");
- return NULL;
- }
- return g_soft_rsa_method;
- }
-#endif
+
g_hpre_rsa_method = RSA_meth_new("HPRE RSA method", 0);
if (g_hpre_rsa_method == NULL) {
KAEerr(KAE_F_HPRE_GET_RSA_METHODS, KAE_R_MALLOC_FAILURE);
diff --git a/src/v1/alg/pkey/hpre_rsa_utils.c b/src/v1/alg/pkey/hpre_rsa_utils.c
index 0630b28..317a5a0 100644
--- a/src/v1/alg/pkey/hpre_rsa_utils.c
+++ b/src/v1/alg/pkey/hpre_rsa_utils.c
@@ -44,10 +44,9 @@ void hpre_free_bn_ctx_buf(BN_CTX *bn_ctx, unsigned char *in_buf, int num)
int hpre_rsa_check_para(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa)
{
- if ((rsa == NULL || from == NULL || to == NULL || flen <= 0)) {
- US_ERR("RSA key %p, input %p or output %p are NULL, or flen invalid length.\n", rsa, from, to);
+ if ((rsa == NULL || from == NULL || to == NULL || flen <= 0))
return HPRE_CRYPTO_FAIL;
- }
+
return HPRE_CRYPTO_SUCC;
}
--
2.25.1

28
0004-rsa-delete-redundant-copy.patch
View File

@ -1,28 +0,0 @@
From 6c916851ae54c9272a96c7af73cba83598ab3c43 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Wed, 22 Dec 2021 03:51:48 +0000
Subject: [PATCH 04/18] rsa: delete redundant copy
'from_buf' and 'req.src' point to the same address space,
redundant copy is not required.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_rsa.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 75ae0d1..1e1e226 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1595,7 +1595,6 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
goto free_buf;
}
- memcpy(rsa_sess->req.src, from_buf, rsa_sess->req.src_bytes);
ret = rsa_do_crypto(rsa_sess);
if (!ret || rsa_sess->req.status) {
ret = UADK_DO_SOFT;
--
2.24.4

41
0004-v1-fix-implicit-declaration-of-function-OPENSSL_call.patch Normal file
View File

@ -0,0 +1,41 @@
From 1d05480962b3110b8da9f467cc3dbd9047f04589 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Fri, 16 Jun 2023 02:09:00 +0000
Subject: [PATCH 4/7] =?UTF-8?q?v1:=20fix=20implicit=20declaration=20of=20f?=
=?UTF-8?q?unction=20=E2=80=98OPENSSL=5Fcalloc=E2=80=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fix implicit declaration of function OPENSSL_calloc with calloc
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/v1/alg/dh/hpre_dh_wd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/v1/alg/dh/hpre_dh_wd.c b/src/v1/alg/dh/hpre_dh_wd.c
index 8dbb9b4..b8ca9a1 100644
--- a/src/v1/alg/dh/hpre_dh_wd.c
+++ b/src/v1/alg/dh/hpre_dh_wd.c
@@ -199,7 +199,7 @@ void hpre_dh_free_eng_ctx(hpre_dh_engine_ctx_t *eng_ctx)
eng_ctx->opdata.pri = NULL;
eng_ctx->opdata.x_p = NULL;
eng_ctx->opdata.pv = NULL;
- OPENSSL_free(eng_ctx);
+ free(eng_ctx);
eng_ctx = NULL;
}
@@ -265,7 +265,7 @@ static hpre_dh_engine_ctx_t *hpre_dh_new_eng_ctx(DH *alg)
{
hpre_dh_engine_ctx_t *eng_ctx = NULL;
- eng_ctx = (hpre_dh_engine_ctx_t *)OPENSSL_calloc(1, sizeof(hpre_dh_engine_ctx_t));
+ eng_ctx = (hpre_dh_engine_ctx_t *)calloc(1, sizeof(hpre_dh_engine_ctx_t));
if (eng_ctx == NULL) {
US_ERR("hpre engine_ctx malloc fail");
return NULL;
--
2.25.1

35
0005-rsa-fix-coverity-warning.patch
View File

@ -1,35 +0,0 @@
From f5fac71459234b4e44fe8ff386b19627e88ad680 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Wed, 22 Dec 2021 06:39:46 +0000
Subject: [PATCH 05/18] rsa: fix coverity warning
Parameter: 'n' in the function 'get_prime_once' has not
been changed, it should be defined as 'const'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_rsa.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 1e1e226..cb98159 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -307,10 +307,10 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r
return GET_ERR_FINISH;
}
-static int get_prime_once(int num, const int *bitsr, int *n, BIGNUM *prime,
- BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
- BIGNUM *r2, BIGNUM *e_pub, BN_CTX *ctx,
- BN_GENCB *cb)
+static int get_prime_once(int num, const int *bitsr, const int *n,
+ BIGNUM *prime, BIGNUM *rsa_p, BIGNUM *rsa_q,
+ BIGNUM *r1, BIGNUM *r2, BIGNUM *e_pub,
+ BN_CTX *ctx, BN_GENCB *cb)
{
int ret = -1;
--
2.24.4

93
0005-uadk-build-uadk_engine-only-if-openssl-1.1.patch Normal file
View File

@ -0,0 +1,93 @@
From aa06f50efb5725a99f5ff93cca04c968ec981635 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Fri, 9 Jun 2023 04:52:30 +0000
Subject: [PATCH 5/7] uadk: build uadk_engine only if openssl 1.1
Rename e_uadk.c to uadk_engine_init.c
Build uadk_engine only if openssl 1.1
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
Makefile.am | 2 --
configure.ac | 7 ++++---
src/Makefile.am | 11 ++++++++---
src/{e_uadk.c => uadk_engine_init.c} | 0
4 files changed, 12 insertions(+), 8 deletions(-)
rename src/{e_uadk.c => uadk_engine_init.c} (100%)
diff --git a/Makefile.am b/Makefile.am
index 55fd400..1ade214 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,7 +1,5 @@
ACLOCAL_AMFLAGS = -I m4
-if HAVE_CRYPTO
if HAVE_WD
SUBDIRS = src
endif
-endif
diff --git a/configure.ac b/configure.ac
index fb03a5b..0fc14ed 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,5 @@
AC_PREREQ([2.69])
AC_INIT([uadk_engine], [1.2])
-AC_CONFIG_SRCDIR([src/e_uadk.c])
AM_INIT_AUTOMAKE([1.10 no-define])
AC_CONFIG_MACRO_DIR([m4])
@@ -15,8 +14,6 @@ AC_ARG_ENABLE(kae,
AC_SUBST(enable_kae)
AM_CONDITIONAL([WD_KAE], [test "$enable_kae" = "yes"])
-AC_CHECK_HEADERS([openssl/engine.h])
-
PKG_CHECK_MODULES(WD, libwd libwd_crypto, [with_wd=yes], [with_wd=no])
AM_CONDITIONAL(HAVE_WD, [test "$with_wd" != "no"])
@@ -24,6 +21,10 @@ PKG_CHECK_MODULES(libcrypto, libcrypto < 3.0 libcrypto >= 1.1,
[with_crypto=yes], [with_crypto=no])
AM_CONDITIONAL(HAVE_CRYPTO, test "$with_crypto" != "no")
+PKG_CHECK_MODULES(libcrypto, libcrypto >= 3.0,
+ [with_crypto3=yes], [with_crypto3=no])
+AM_CONDITIONAL(HAVE_CRYPTO3, test "$with_crypto3" != "no")
+
AC_CONFIG_FILES([
Makefile
src/Makefile])
diff --git a/src/Makefile.am b/src/Makefile.am
index 8ced0e8..65afe1d 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,13 +1,18 @@
VERSION = 1:2
ACLOCAL_AMFLAGS = -I m4
+if HAVE_CRYPTO
lib_LTLIBRARIES=uadk_engine.la
+endif #HAVE_CRYPTO
+
+uadk_engine_la_SOURCES=uadk_utils.c uadk_engine_init.c uadk_cipher.c \
+ uadk_digest.c uadk_async.c uadk_rsa.c uadk_sm2.c \
+ uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c
-uadk_engine_la_SOURCES=uadk_utils.c e_uadk.c uadk_cipher.c uadk_digest.c uadk_async.c \
- uadk_rsa.c uadk_sm2.c uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c
uadk_engine_la_LIBADD=-ldl $(WD_LIBS) -lpthread
uadk_engine_la_LDFLAGS=-module -version-number $(VERSION)
-uadk_engine_la_CFLAGS=$(WD_CFLAGS)
+uadk_engine_la_CFLAGS=$(WD_CFLAGS) $(libcrypto_CFLAGS)
+uadk_engine_la_CFLAGS+=-DCRYPTO
AUTOMAKE_OPTIONS = subdir-objects
diff --git a/src/e_uadk.c b/src/uadk_engine_init.c
similarity index 100%
rename from src/e_uadk.c
rename to src/uadk_engine_init.c
--
2.25.1

165
0006-ecc-cleanup-duplicate-public-key-allocation.patch
View File

@ -1,165 +0,0 @@
From 941c89ea6fefe3e78255437788c3f274b6c81414 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Wed, 22 Dec 2021 08:27:45 +0000
Subject: [PATCH 06/18] ecc: cleanup duplicate public key allocation
Remove duplicate allocation and copy of public key.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 95 +++++++++++++++++++++++++++------------------------
1 file changed, 51 insertions(+), 44 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index d97436b..9040d3c 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -784,59 +784,78 @@ static int sm2_keygen_init_iot(handle_t sess, struct wd_ecc_req *req)
static int eckey_create_key(EC_KEY *eckey)
{
- const EC_GROUP *group;
- EC_POINT *pub_key;
BIGNUM *priv_key;
+ int ret;
- group = EC_KEY_get0_group(eckey);
- pub_key = (EC_POINT *)EC_KEY_get0_public_key(eckey);
- if (!pub_key) {
- pub_key = EC_POINT_new(group);
- if (!pub_key) {
- fprintf(stderr, "failed to new pub_key\n");
- return -1;
- }
- EC_KEY_set_public_key(eckey, pub_key);
+ priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey);
+ if (priv_key)
+ return 1;
+
+ priv_key = BN_new();
+ if (!priv_key) {
+ fprintf(stderr, "failed to BN_new priv_key\n");
+ return 0;
}
+ ret = EC_KEY_set_private_key(eckey, priv_key);
+ if (!ret)
+ fprintf(stderr, "failed to set private key\n");
+
+ BN_free(priv_key);
+ return ret;
+}
+
+static int ecdh_set_private_key(EC_KEY *eckey, BIGNUM *order)
+{
+ BIGNUM *priv_key;
+ int ret;
+
+ priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey);
+ if (priv_key)
+ return 1;
+
priv_key = BN_new();
if (!priv_key) {
fprintf(stderr, "failed to BN_new priv_key\n");
- return -1;
+ return 0;
}
- EC_KEY_set_private_key(eckey, priv_key);
- return 0;
+ do {
+ if (!BN_rand_range(priv_key, order)) {
+ fprintf(stderr, "failed to generate random value\n");
+ ret = 0;
+ goto free_priv_key;
+ }
+ } while (BN_is_zero(priv_key));
+
+ ret = EC_KEY_set_private_key(eckey, priv_key);
+ if (!ret)
+ fprintf(stderr, "failed to set private key\n");
+
+free_priv_key:
+ BN_free(priv_key);
+ return ret;
}
static int ecdh_create_key(EC_KEY *eckey)
{
- BIGNUM *priv_key, *order;
const EC_GROUP *group;
- EC_POINT *pub_key;
+ BIGNUM *order;
BN_CTX *ctx;
- int ret = 0;
+ int ret;
group = EC_KEY_get0_group(eckey);
- pub_key = (EC_POINT *)EC_KEY_get0_public_key(eckey);
- if (!pub_key) {
- pub_key = EC_POINT_new(group);
- if (!pub_key) {
- fprintf(stderr, "failed to new pub_key\n");
- return ret;
- }
- ret = EC_KEY_set_public_key(eckey, pub_key);
- }
ctx = BN_CTX_new();
if (!ctx) {
fprintf(stderr, "failed to allocate ctx\n");
- return ret;
+ return 0;
}
- order = BN_CTX_get(ctx);
+ order = BN_CTX_get(ctx);
if (!order) {
fprintf(stderr, "failed to allocate order\n");
+ ret = 0;
goto free_ctx;
}
@@ -846,26 +865,14 @@ static int ecdh_create_key(EC_KEY *eckey)
goto free_order;
}
- priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey);
- if (!priv_key) {
- priv_key = BN_new();
- if (!priv_key) {
- fprintf(stderr, "failed to BN_new priv_key\n");
- goto free_order;
- }
- do {
- if (!BN_rand_range(priv_key, order))
- fprintf(stderr, "failed to generate random value\n");
- } while (BN_is_zero(priv_key));
- ret = EC_KEY_set_private_key(eckey, priv_key);
- }
- ret = 1;
+ ret = ecdh_set_private_key(eckey, order);
+ if (!ret)
+ fprintf(stderr, "failed to set private key\n");
free_order:
BN_clear(order);
free_ctx:
BN_CTX_free(ctx);
-
return ret;
}
@@ -880,7 +887,7 @@ static int sm2_generate_key(EC_KEY *eckey)
goto do_soft;
ret = eckey_create_key(eckey);
- if (ret)
+ if (!ret)
return ret;
ret = UADK_DO_SOFT;
--
2.24.4

915
0006-uadk-support-openssl-3.0.patch Normal file
View File

@ -0,0 +1,915 @@
From c6aab5dadf83fad2716b1687366d040303b1301c Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Fri, 9 Jun 2023 09:04:30 +0000
Subject: [PATCH 6/7] uadk: support openssl 3.0
Openssl3.0 provoder will be built when libcrypto >= 3.0
First step to support digest
Test with
openssl speed -provider xx/uadk_provider.so -provider default -evp md5
openssl speed -provider xx/uadk_provider.so -provider default -evp sm3
openssl speed -provider xx/uadk_provider.so -provider default -evp sha1
openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-224
openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-256
openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-384
openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-512
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/Makefile.am | 11 +
src/uadk_prov.h | 30 ++
src/uadk_prov_digest.c | 699 +++++++++++++++++++++++++++++++++++++++++
src/uadk_prov_init.c | 110 +++++++
4 files changed, 850 insertions(+)
create mode 100644 src/uadk_prov.h
create mode 100644 src/uadk_prov_digest.c
create mode 100644 src/uadk_prov_init.c
diff --git a/src/Makefile.am b/src/Makefile.am
index 65afe1d..bfaeb78 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -5,6 +5,10 @@ if HAVE_CRYPTO
lib_LTLIBRARIES=uadk_engine.la
endif #HAVE_CRYPTO
+if HAVE_CRYPTO3
+lib_LTLIBRARIES=uadk_provider.la
+endif #HAVE_CRYPTO3
+
uadk_engine_la_SOURCES=uadk_utils.c uadk_engine_init.c uadk_cipher.c \
uadk_digest.c uadk_async.c uadk_rsa.c uadk_sm2.c \
uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c
@@ -45,3 +49,10 @@ uadk_engine_la_SOURCES+=v1/alg/ciphers/sec_ciphers.c \
v1/async/async_poll.c \
v1/async/async_task_queue.c
endif #WD_KAE
+
+uadk_provider_la_SOURCES=uadk_prov_init.c uadk_prov_digest.c uadk_async.c uadk_utils.c
+
+uadk_provider_la_LDFLAGS=-module -version-number $(VERSION)
+uadk_provider_la_LIBADD=$(WD_LIBS) -lpthread
+uadk_provider_la_CFLAGS=$(WD_CFLAGS) $(libcrypto_CFLAGS)
+uadk_provider_la_CFLAGS+=-DCRYPTO3
diff --git a/src/uadk_prov.h b/src/uadk_prov.h
new file mode 100644
index 0000000..c63c3fe
--- /dev/null
+++ b/src/uadk_prov.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2023-2024 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2023-2024 Linaro ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+#ifndef UADK_PROV_H
+#define UADK_PROV_H
+
+extern const OSSL_DISPATCH uadk_md5_functions[];
+extern const OSSL_DISPATCH uadk_sm3_functions[];
+extern const OSSL_DISPATCH uadk_sha1_functions[];
+extern const OSSL_DISPATCH uadk_sha224_functions[];
+extern const OSSL_DISPATCH uadk_sha256_functions[];
+extern const OSSL_DISPATCH uadk_sha384_functions[];
+extern const OSSL_DISPATCH uadk_sha512_functions[];
+
+void uadk_prov_destroy_digest(void);
+#endif
diff --git a/src/uadk_prov_digest.c b/src/uadk_prov_digest.c
new file mode 100644
index 0000000..fd05753
--- /dev/null
+++ b/src/uadk_prov_digest.c
@@ -0,0 +1,699 @@
+/*
+ * Copyright 2023-2024 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2023-2024 Linaro ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdio.h>
+#include <stdbool.h>
+#include <string.h>
+#include <dlfcn.h>
+#include <openssl/md5.h>
+#include <openssl/evp.h>
+#include <openssl/core_names.h>
+#include <openssl/proverr.h>
+#include <uadk/wd_cipher.h>
+#include <uadk/wd_digest.h>
+#include <uadk/wd_sched.h>
+#include "uadk.h"
+#include "uadk_async.h"
+#include "uadk_utils.h"
+
+#define UADK_DO_SOFT (-0xE0)
+#define CTX_SYNC 0
+#define CTX_ASYNC 1
+#define CTX_NUM 2
+#define DIGEST_DOING 1
+#define DIGEST_END 0
+
+/* The max BD data length is 16M-512B */
+#define BUF_LEN 0xFFFE00
+
+#define SM3_DIGEST_LENGTH 32
+#define SM3_CBLOCK 64
+#define SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
+#define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024)
+#define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
+#define MAX_DIGEST_LENGTH 64
+#define DIGEST_BLOCK_SIZE (512 * 1024)
+#define ALG_NAME_SIZE 128
+
+enum sec_digest_state {
+ SEC_DIGEST_INIT,
+ SEC_DIGEST_FIRST_UPDATING,
+ SEC_DIGEST_DOING,
+ SEC_DIGEST_FINAL
+};
+
+struct digest_threshold_table {
+ int nid;
+ int threshold;
+};
+
+struct digest_prov {
+ int pid;
+};
+
+static struct digest_prov prov;
+static pthread_mutex_t digest_mutex = PTHREAD_MUTEX_INITIALIZER;
+
+struct evp_md_ctx_st {
+ const EVP_MD *digest;
+ /* Functional reference if 'digest' is ENGINE-provided */
+ ENGINE *engine;
+ unsigned long flags;
+ void *md_data;
+ /* Public key context for sign/verify */
+ EVP_PKEY_CTX *pctx;
+ /* Update function: usually copied from EVP_MD */
+ int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
+};
+
+struct digest_priv_ctx {
+ handle_t sess;
+ struct wd_digest_sess_setup setup;
+ struct wd_digest_req req;
+ unsigned char *data;
+ unsigned char out[MAX_DIGEST_LENGTH];
+ EVP_MD_CTX *soft_ctx;
+ EVP_MD *soft_md;
+ size_t last_update_bufflen;
+ uint32_t e_nid;
+ uint32_t state;
+ uint32_t switch_threshold;
+ int switch_flag;
+ size_t md_size;
+ size_t blk_size;
+ char alg_name[ALG_NAME_SIZE];
+};
+
+struct digest_info {
+ int nid;
+ enum wd_digest_mode mode;
+ enum wd_digest_type alg;
+ __u32 out_len;
+};
+
+static struct digest_threshold_table digest_pkt_threshold_table[] = {
+ { NID_sm3, SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_md5, MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_sha1, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_sha224, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_sha256, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_sha384, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_sha512, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+};
+
+static struct digest_info digest_info_table[] = {
+ {NID_md5, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16},
+ {NID_sm3, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32},
+ {NID_sha1, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20},
+ {NID_sha224, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28},
+ {NID_sha256, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32},
+ {NID_sha384, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48},
+ {NID_sha512, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64},
+};
+
+static int uadk_e_digests_soft_md(struct digest_priv_ctx *priv)
+{
+ if (priv->soft_md)
+ return 1;
+
+ switch (priv->e_nid) {
+ case NID_sm3:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SM3, "provider=default");
+ break;
+ case NID_md5:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_MD5, "provider=default");
+ break;
+ case NID_sha1:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA1, "provider=default");
+ break;
+ case NID_sha224:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_224, "provider=default");
+ break;
+ case NID_sha256:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_256, "provider=default");
+ break;
+ case NID_sha384:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_384, "provider=default");
+ break;
+ case NID_sha512:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_512, "provider=default");
+ break;
+ default:
+ break;
+ }
+
+ if (unlikely(priv->soft_md == NULL))
+ return 0;
+
+ return 1;
+}
+
+static uint32_t sec_digest_get_sw_threshold(int n_id)
+{
+ int threshold_table_size = ARRAY_SIZE(digest_pkt_threshold_table);
+ int i = 0;
+
+ do {
+ if (digest_pkt_threshold_table[i].nid == n_id)
+ return digest_pkt_threshold_table[i].threshold;
+ } while (++i < threshold_table_size);
+
+ fprintf(stderr, "nid %d not found in digest threshold table", n_id);
+ return 0;
+}
+
+static int digest_soft_init(struct digest_priv_ctx *priv)
+{
+ return EVP_DigestInit(priv->soft_ctx, priv->soft_md);
+}
+
+static int digest_soft_update(EVP_MD_CTX *ctx, const void *data, size_t len)
+{
+ return EVP_DigestUpdate(ctx, data, len);
+}
+
+static int digest_soft_final(struct digest_priv_ctx *priv, unsigned char *digest)
+{
+ unsigned int digest_length = EVP_MD_get_size(priv->soft_md);
+
+ return EVP_DigestFinal(priv->soft_ctx, digest, &digest_length);
+}
+
+static void digest_soft_cleanup(struct digest_priv_ctx *priv)
+{
+ EVP_MD_CTX *ctx = priv->soft_ctx;
+
+ if (ctx != NULL) {
+ if (ctx->md_data) {
+ OPENSSL_free(ctx->md_data);
+ ctx->md_data = NULL;
+ }
+ EVP_MD_CTX_free(ctx);
+ ctx = NULL;
+ }
+
+ if (priv->soft_md) {
+ EVP_MD_free(priv->soft_md);
+ priv->soft_md = NULL;
+ }
+}
+
+static int uadk_e_digest_soft_work(struct digest_priv_ctx *priv, int len,
+ unsigned char *digest)
+{
+ digest_soft_init(priv);
+
+ if (len != 0)
+ digest_soft_update(priv->soft_ctx, priv->data, len);
+
+ digest_soft_final(priv, digest);
+ digest_soft_cleanup(priv);
+
+ return 1;
+}
+
+static int uadk_e_digest_env_poll(void *ctx)
+{
+ __u64 rx_cnt = 0;
+ __u32 recv = 0;
+ /* Poll one packet currently */
+ int expt = 1;
+ int ret;
+
+ do {
+ ret = wd_digest_poll(expt, &recv);
+ if (ret < 0 || recv == expt)
+ return ret;
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
+
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
+}
+
+static int uadk_digest_init(struct digest_priv_ctx *priv)
+{
+ int digest_counts = ARRAY_SIZE(digest_info_table);
+ struct sched_params params = {0};
+ int nid = priv->e_nid;
+ int ret, i;
+
+ pthread_mutex_lock(&digest_mutex);
+ if (prov.pid != getpid()) {
+ ret = wd_digest_init2(priv->alg_name, 0, 0);
+ if (unlikely(ret)) {
+ priv->switch_flag = UADK_DO_SOFT;
+ goto soft_init;
+ }
+ prov.pid = getpid();
+ async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_env_poll);
+ }
+ pthread_mutex_unlock(&digest_mutex);
+
+ for (i = 0; i < digest_counts; i++) {
+ if (nid == digest_info_table[i].nid) {
+ priv->setup.alg = digest_info_table[i].alg;
+ priv->setup.mode = digest_info_table[i].mode;
+ priv->req.out_buf_bytes = MAX_DIGEST_LENGTH;
+ priv->req.out_bytes = digest_info_table[i].out_len;
+ break;
+ }
+ }
+
+ if (unlikely(i == digest_counts)) {
+ fprintf(stderr, "failed to setup the private ctx.\n");
+ return 0;
+ }
+
+ /* Use the default numa parameters */
+ params.numa_id = -1;
+ priv->setup.sched_param = &params;
+ priv->sess = wd_digest_alloc_sess(&priv->setup);
+ if (unlikely(!priv->sess))
+ return 0;
+
+ priv->data = malloc(DIGEST_BLOCK_SIZE);
+ if (unlikely(!priv->data)) {
+ wd_digest_free_sess(priv->sess);
+ return 0;
+ }
+
+ if (uadk_e_digests_soft_md(priv))
+ priv->switch_threshold = sec_digest_get_sw_threshold(nid);
+
+ return 1;
+
+soft_init:
+ pthread_mutex_unlock(&digest_mutex);
+ fprintf(stderr, "uadk failed to initialize digest.\n");
+ return digest_soft_init(priv);
+}
+
+static void digest_update_out_length(struct digest_priv_ctx *priv)
+{
+ /* Sha224 and Sha384 need full length mac buffer as doing long hash */
+ if (priv->e_nid == NID_sha224)
+ priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN;
+
+ if (priv->e_nid == NID_sha384)
+ priv->req.out_bytes = WD_DIGEST_SHA384_FULL_LEN;
+}
+
+static int digest_update_inner(struct digest_priv_ctx *priv, const void *data, size_t data_len)
+{
+ const unsigned char *tmpdata = (const unsigned char *)data;
+ size_t left_len = data_len;
+ int copy_to_bufflen;
+ int ret;
+
+ digest_update_out_length(priv);
+
+ priv->req.has_next = DIGEST_DOING;
+
+ while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) {
+ copy_to_bufflen = DIGEST_BLOCK_SIZE - priv->last_update_bufflen;
+ uadk_memcpy(priv->data + priv->last_update_bufflen, tmpdata,
+ copy_to_bufflen);
+
+ priv->last_update_bufflen = DIGEST_BLOCK_SIZE;
+ priv->req.in_bytes = DIGEST_BLOCK_SIZE;
+ priv->req.in = priv->data;
+ priv->req.out = priv->out;
+ left_len -= copy_to_bufflen;
+ tmpdata += copy_to_bufflen;
+ if (priv->state == SEC_DIGEST_INIT)
+ priv->state = SEC_DIGEST_FIRST_UPDATING;
+ else if (priv->state == SEC_DIGEST_FIRST_UPDATING)
+ priv->state = SEC_DIGEST_DOING;
+
+ ret = wd_do_digest_sync(priv->sess, &priv->req);
+ if (ret) {
+ fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n");
+ goto do_soft_digest;
+ }
+
+ priv->last_update_bufflen = 0;
+ if (left_len <= DIGEST_BLOCK_SIZE) {
+ priv->last_update_bufflen = left_len;
+ uadk_memcpy(priv->data, tmpdata, priv->last_update_bufflen);
+ break;
+ }
+ }
+
+ return 1;
+
+do_soft_digest:
+ if (priv->state == SEC_DIGEST_FIRST_UPDATING
+ && priv->data
+ && priv->last_update_bufflen != 0) {
+ priv->switch_flag = UADK_DO_SOFT;
+ digest_soft_init(priv);
+ ret = digest_soft_update(priv->soft_ctx,
+ priv->data, priv->last_update_bufflen);
+ if (ret != 1)
+ return ret;
+
+ return digest_soft_update(priv->soft_ctx,
+ tmpdata, left_len);
+ }
+
+ fprintf(stderr, "do soft digest failed during updating!\n");
+ return 0;
+}
+
+static int uadk_digest_update(struct digest_priv_ctx *priv, const void *data, size_t data_len)
+{
+ if (unlikely(priv->switch_flag == UADK_DO_SOFT))
+ goto soft_update;
+
+ if (priv->last_update_bufflen + data_len <= DIGEST_BLOCK_SIZE) {
+ uadk_memcpy(priv->data + priv->last_update_bufflen, data, data_len);
+ priv->last_update_bufflen += data_len;
+ return 1;
+ }
+
+ return digest_update_inner(priv, data, data_len);
+
+soft_update:
+ return digest_soft_update(priv->soft_ctx, data, data_len);
+}
+
+static void async_cb(struct wd_digest_req *req, void *data)
+{
+ struct uadk_e_cb_info *cb_param;
+ struct async_op *op;
+
+ if (!req)
+ return;
+
+ cb_param = req->cb_param;
+ if (!cb_param)
+ return;
+ op = cb_param->op;
+ if (op && op->job && !op->done) {
+ op->done = 1;
+ async_free_poll_task(op->idx, 1);
+ async_wake_job(op->job);
+ }
+}
+
+static int do_digest_sync(struct digest_priv_ctx *priv)
+{
+ int ret;
+
+ if (priv->req.in_bytes <= priv->switch_threshold &&
+ priv->state == SEC_DIGEST_INIT)
+ return 0;
+
+ ret = wd_do_digest_sync(priv->sess, &priv->req);
+ if (ret) {
+ fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n");
+ return 0;
+ }
+ return 1;
+}
+
+static int do_digest_async(struct digest_priv_ctx *priv, struct async_op *op)
+{
+ struct uadk_e_cb_info cb_param;
+ int idx, ret;
+
+ if (unlikely(priv->switch_flag == UADK_DO_SOFT)) {
+ fprintf(stderr, "async cipher init failed.\n");
+ return 0;
+ }
+
+ cb_param.op = op;
+ cb_param.priv = priv;
+ priv->req.cb = (void *)async_cb;
+ priv->req.cb_param = &cb_param;
+
+ ret = async_get_free_task(&idx);
+ if (!ret)
+ return 0;
+
+ op->idx = idx;
+
+ do {
+ ret = wd_do_digest_async(priv->sess, &priv->req);
+ if (ret < 0 && ret != -EBUSY) {
+ fprintf(stderr, "do sec digest async failed.\n");
+ async_free_poll_task(op->idx, 0);
+ return 0;
+ }
+ } while (ret == -EBUSY);
+
+ ret = async_pause_job(priv, op, ASYNC_TASK_DIGEST, idx);
+ if (!ret)
+ return 0;
+ return 1;
+}
+
+static int uadk_digest_final(struct digest_priv_ctx *priv, unsigned char *digest)
+{
+ struct async_op op;
+ int ret;
+
+ priv->req.has_next = DIGEST_END;
+ priv->req.in = priv->data;
+ priv->req.out = priv->out;
+ priv->req.in_bytes = priv->last_update_bufflen;
+
+ if (priv->e_nid == NID_sha224)
+ priv->req.out_bytes = WD_DIGEST_SHA224_LEN;
+
+ if (priv->e_nid == NID_sha384)
+ priv->req.out_bytes = WD_DIGEST_SHA384_LEN;
+
+ ret = async_setup_async_event_notification(&op);
+ if (unlikely(!ret)) {
+ fprintf(stderr, "failed to setup async event notification.\n");
+ return 0;
+ }
+
+ if (op.job == NULL) {
+ /* Synchronous, only the synchronous mode supports soft computing */
+ if (unlikely(priv->switch_flag == UADK_DO_SOFT)) {
+ ret = digest_soft_final(priv, digest);
+ digest_soft_cleanup(priv);
+ goto clear;
+ }
+
+ ret = do_digest_sync(priv);
+ if (!ret)
+ goto sync_err;
+ } else {
+ ret = do_digest_async(priv, &op);
+ if (!ret)
+ goto clear;
+ }
+ memcpy(digest, priv->req.out, priv->req.out_bytes);
+
+ return 1;
+
+sync_err:
+ if (priv->state == SEC_DIGEST_INIT) {
+ ret = uadk_e_digest_soft_work(priv, priv->req.in_bytes, digest);
+ } else {
+ ret = 0;
+ fprintf(stderr, "do sec digest stream mode failed.\n");
+ }
+clear:
+ async_clear_async_event_notification();
+ return ret;
+}
+
+static int uadk_digest_cleanup(struct digest_priv_ctx *priv)
+{
+ if (priv->sess) {
+ wd_digest_free_sess(priv->sess);
+ priv->sess = 0;
+ }
+
+ if (priv->data)
+ OPENSSL_free(priv->data);
+
+ return 1;
+}
+
+/* some params related code is copied from OpenSSL v3.0 prov/digestcommon.h */
+static const OSSL_PARAM uadk_digest_default_known_gettable_params[] = {
+ OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, NULL),
+ OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_SIZE, NULL),
+ OSSL_PARAM_int(OSSL_DIGEST_PARAM_XOF, NULL),
+ OSSL_PARAM_int(OSSL_DIGEST_PARAM_ALGID_ABSENT, NULL),
+ OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *uadk_prov_gettable_params(void *provctx)
+{
+ return uadk_digest_default_known_gettable_params;
+}
+
+static int uadk_digest_default_get_params(OSSL_PARAM params[], size_t blksz,
+ size_t paramsz)
+{
+ OSSL_PARAM *p = NULL;
+
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_BLOCK_SIZE);
+ if (p != NULL && !OSSL_PARAM_set_size_t(p, blksz)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE);
+ if (p != NULL && !OSSL_PARAM_set_size_t(p, paramsz)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_XOF);
+ if (p != NULL
+ && !OSSL_PARAM_set_int(p, 0)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_ALGID_ABSENT);
+ if (p != NULL
+ && !OSSL_PARAM_set_int(p, 0)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+
+ return 1;
+}
+
+static void uadk_prov_freectx(void *dctx)
+{
+ struct digest_priv_ctx *priv = (struct digest_priv_ctx *)dctx;
+
+ uadk_digest_cleanup(priv);
+ OPENSSL_clear_free(priv, sizeof(*priv));
+}
+
+static void *uadk_prov_dupctx(void *dctx)
+{
+ struct digest_priv_ctx *in;
+ struct digest_priv_ctx *ret;
+
+ in = (struct digest_priv_ctx *)dctx;
+ ret = OPENSSL_zalloc(sizeof(struct digest_priv_ctx *));
+
+ if (ret != NULL)
+ *ret = *in;
+ return ret;
+}
+
+static int uadk_prov_init(void *dctx, const OSSL_PARAM params[])
+{
+ struct digest_priv_ctx *priv =
+ (struct digest_priv_ctx *) dctx;
+
+ return uadk_digest_init(priv);
+}
+
+static int uadk_prov_update(void *dctx, const unsigned char *in, size_t inl)
+{
+ return uadk_digest_update((struct digest_priv_ctx *)dctx, in, inl);
+}
+
+/*
+ * Note:
+ * The I<dctx> parameter contains a pointer to the provider side context.
+ * The digest should be written to I<*out> and the length of the digest to I<*outl>.
+ * The digest should not exceed I<outsz> bytes.
+ */
+static int uadk_prov_final(void *dctx, unsigned char *out,
+ size_t *outl, size_t outsz)
+{
+ struct digest_priv_ctx *priv =
+ (struct digest_priv_ctx *) dctx;
+ int ret;
+
+ if (outsz > 0) {
+ ret = uadk_digest_final(priv, out);
+ if (!ret)
+ return ret;
+ }
+
+ if (unlikely(outl != NULL))
+ *outl = priv->md_size;
+
+ return 1;
+}
+
+void uadk_prov_destroy_digest(void)
+{
+ pthread_mutex_lock(&digest_mutex);
+ if (prov.pid == getpid()) {
+ wd_digest_uninit2();
+ prov.pid = 0;
+ }
+ pthread_mutex_unlock(&digest_mutex);
+}
+
+static OSSL_FUNC_digest_freectx_fn uadk_prov_freectx;
+static OSSL_FUNC_digest_dupctx_fn uadk_prov_dupctx;
+static OSSL_FUNC_digest_init_fn uadk_prov_init;
+static OSSL_FUNC_digest_update_fn uadk_prov_update;
+static OSSL_FUNC_digest_final_fn uadk_prov_final;
+static OSSL_FUNC_digest_gettable_params_fn
+ uadk_prov_gettable_params;
+
+#define UADK_PROVIDER_IMPLEMENTATION(name, nid, mdsize, blksize) \
+static OSSL_FUNC_digest_newctx_fn uadk_##name##_newctx; \
+static void *uadk_##name##_newctx(void *provctx) \
+{ \
+ struct digest_priv_ctx *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
+ \
+ if (ctx == NULL) \
+ return NULL; \
+ ctx->blk_size = blksize; \
+ ctx->md_size = mdsize; \
+ ctx->e_nid = nid; \
+ ctx->soft_ctx = EVP_MD_CTX_new(); \
+ if (ctx->soft_ctx == NULL) \
+ fprintf(stderr, "EVP_MD_CTX_new failed.\n"); \
+ strncpy(ctx->alg_name, #name, ALG_NAME_SIZE - 1); \
+ return ctx; \
+} \
+static OSSL_FUNC_digest_get_params_fn uadk_##name##_get_params; \
+static int uadk_##name##_get_params(OSSL_PARAM params[]) \
+{ \
+ return uadk_digest_default_get_params(params, blksize, mdsize); \
+} \
+const OSSL_DISPATCH uadk_##name##_functions[] = { \
+ { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))uadk_##name##_newctx }, \
+ { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))uadk_prov_freectx }, \
+ { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))uadk_prov_dupctx }, \
+ { OSSL_FUNC_DIGEST_INIT, (void (*)(void))uadk_prov_init }, \
+ { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))uadk_prov_update }, \
+ { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))uadk_prov_final }, \
+ { OSSL_FUNC_DIGEST_GET_PARAMS, \
+ (void (*)(void))uadk_##name##_get_params }, \
+ { OSSL_FUNC_DIGEST_GETTABLE_PARAMS, \
+ (void (*)(void))uadk_prov_gettable_params }, \
+ { 0, NULL } \
+}
+
+UADK_PROVIDER_IMPLEMENTATION(md5, NID_md5, MD5_DIGEST_LENGTH, MD5_CBLOCK);
+UADK_PROVIDER_IMPLEMENTATION(sm3, NID_sm3, SM3_DIGEST_LENGTH, SM3_CBLOCK);
+UADK_PROVIDER_IMPLEMENTATION(sha1, NID_sha1, 20, 64);
+UADK_PROVIDER_IMPLEMENTATION(sha224, NID_sha224, 28, 64);
+UADK_PROVIDER_IMPLEMENTATION(sha256, NID_sha256, 32, 64);
+UADK_PROVIDER_IMPLEMENTATION(sha384, NID_sha384, 48, 128);
+UADK_PROVIDER_IMPLEMENTATION(sha512, NID_sha512, 64, 128);
diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c
new file mode 100644
index 0000000..e363584
--- /dev/null
+++ b/src/uadk_prov_init.c
@@ -0,0 +1,110 @@
+/*
+ * Copyright 2023-2024 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2023-2024 Linaro ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/core_dispatch.h>
+#include <openssl/core_names.h>
+#include <openssl/crypto.h>
+
+#include "uadk_async.h"
+#include "uadk_prov.h"
+
+struct p_uadk_ctx {
+ const OSSL_CORE_HANDLE *handle;
+ OSSL_LIB_CTX *libctx;
+};
+
+const char *engine_uadk_id = "uadk_provider";
+static const char UADK_DEFAULT_PROPERTIES[] = "provider=uadk";
+
+const OSSL_ALGORITHM uadk_prov_digests[] = {
+ { OSSL_DIGEST_NAME_MD5, UADK_DEFAULT_PROPERTIES,
+ uadk_md5_functions, "uadk_provider md5" },
+ { OSSL_DIGEST_NAME_SM3, UADK_DEFAULT_PROPERTIES,
+ uadk_sm3_functions, "uadk_provider sm3" },
+ { OSSL_DIGEST_NAME_SHA1, UADK_DEFAULT_PROPERTIES,
+ uadk_sha1_functions, "uadk_provider sha1" },
+ { OSSL_DIGEST_NAME_SHA2_224, UADK_DEFAULT_PROPERTIES,
+ uadk_sha224_functions, "uadk_provider sha2-224" },
+ { OSSL_DIGEST_NAME_SHA2_256, UADK_DEFAULT_PROPERTIES,
+ uadk_sha256_functions, "uadk_provider sha2-256" },
+ { OSSL_DIGEST_NAME_SHA2_384, UADK_DEFAULT_PROPERTIES,
+ uadk_sha384_functions, "uadk_provider sha2-384" },
+ { OSSL_DIGEST_NAME_SHA2_512, UADK_DEFAULT_PROPERTIES,
+ uadk_sha512_functions, "uadk_provider sha2-512" },
+ { NULL, NULL, NULL }
+};
+
+static const OSSL_ALGORITHM *p_prov_query(void *provctx, int operation_id,
+ int *no_cache)
+{
+ *no_cache = 0;
+
+ switch (operation_id) {
+ case OSSL_OP_DIGEST:
+ return uadk_prov_digests;
+ }
+ return NULL;
+}
+
+static void p_teardown(void *provctx)
+{
+ struct p_uadk_ctx *ctx = (struct p_uadk_ctx *)provctx;
+
+ uadk_prov_destroy_digest();
+ OPENSSL_free(ctx);
+}
+
+static const OSSL_DISPATCH p_test_table[] = {
+ { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_prov_query },
+ { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown },
+ { 0, NULL }
+};
+
+static void provider_init_child_at_fork_handler(void)
+{
+ int ret;
+
+ ret = async_module_init();
+ if (!ret)
+ fprintf(stderr, "async_module_init fail!\n");
+}
+
+int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
+ const OSSL_DISPATCH *oin,
+ const OSSL_DISPATCH **out,
+ void **provctx)
+{
+ struct p_uadk_ctx *ctx;
+ int ret;
+
+ ctx = OPENSSL_zalloc(sizeof(*ctx));
+ if (ctx == NULL)
+ return 0;
+
+ ret = async_module_init();
+ if (!ret)
+ fprintf(stderr, "async_module_init fail!\n");
+ pthread_atfork(NULL, NULL, provider_init_child_at_fork_handler);
+
+ *provctx = (void *)ctx;
+ *out = p_test_table;
+ return 1;
+}
--
2.25.1

173
0007-README-update-openssl-3.0.patch Normal file
View File

@ -0,0 +1,173 @@
From bbf050d5f1eb525e881c7d581f913f2df27d2637 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Tue, 13 Jun 2023 09:24:19 +0000
Subject: [PATCH 7/7] README: update openssl 3.0
Update build steps for openssl 3.0
Also update sanity_test.sh
If ./configure --libdir=/usr/local/lib/ossl-modules/
$ ./test/sanity_test.sh
If ./configure --prefix=/tmp/build
$ ./test/sanity_test.sh /tmp/build/lib/uadk_provider.so
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
README.md | 34 ++++++++++++++++++++++++++------
test/sanity_test.sh | 48 +++++++++++++++++++++++++++++++++++++++------
2 files changed, 70 insertions(+), 12 deletions(-)
diff --git a/README.md b/README.md
index ac721e3..86676db 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ OpenSSL engine for uadk
Prerequisites
=============
* CPU: aarch64
-* OpenSSL: 1.1.1f
+* OpenSSL: 1.1.1f or 3.0
* libnuma
* zlib
@@ -26,24 +26,26 @@ Build and install OpenSSL
```
git clone https://github.com/openssl/openssl.git
cd openssl
- git checkout -b OpenSSL_1_1_1f OpenSSL_1_1_1f
+ // For openssl1.1.1f
+ git checkout -b opensssl1.1 OpenSSL_1_1_1f
+ // for openssl 3.0
+ git checkout -b openssl3.0 openssl-3.0.0
./config
make
sudo make install
openssl version
```
-Run pkg-config to ensure env is setup correctly
+Setup env on-demand
-----------------------------------------------
```
$ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/
$ pkg-config libcrypto --libs
-L/usr/local/lib -lcrypto
-```
-* export ``PKG_CONFIG_PATH`` is required on openEuler,
- where /usr/local/lib is not set as the default pkgconfig search path.
+ $ export LD_LIBRARY_PATH=/usr/local/lib
+```
Build and install UADK
----------------------
@@ -63,6 +65,7 @@ Build and install UADK
Build and install UADK Engine
-----------------------------
+For openssl 1.1
```
git clone https://github.com/Linaro/uadk_engine.git
cd uadk_engine
@@ -74,6 +77,20 @@ Build and install UADK Engine
Option --enable-kae can be chosen to enable KAE for non-sva version
```
+For openssl 3.0
+```
+ git clone https://github.com/Linaro/uadk_engine.git
+ cd uadk_engine
+ autoreconf -i
+ // openEuler
+ ./configure --libdir=/usr/local/lib/engines-3/
+ // ubuntu
+ ./configure --libdir=/usr/local/lib/ossl-modules/
+ make
+ sudo make install
+
+```
+
Testing
-------
```
@@ -109,9 +126,14 @@ Install libraries to the temp folder
$ ./configure --prefix=/tmp/build
$ make; make install
+ // For openssl 1.1
$ openssl engine -c /tmp/build/lib/uadk_engine.so
$ ./test/sanity_test.sh /tmp/build/lib/uadk_engine.so
+ // For openssl 3.0
+ $ openssl speed -provider /tmp/build/lib/uadk_provider.so -provider default -evp md5
+ $ ./test/sanity_test.sh /tmp/build/lib/uadk_provider.so
+
```
Environment variable of uadk engine
diff --git a/test/sanity_test.sh b/test/sanity_test.sh
index bdedc15..899d02c 100755
--- a/test/sanity_test.sh
+++ b/test/sanity_test.sh
@@ -2,14 +2,50 @@
sudo chmod 666 /dev/hisi_*
-if [ ! -n "$1" ]; then
- engine_id=uadk_engine
-else
- engine_id=$1
+
+version=$(openssl version)
+echo $version
+if [[ $version =~ "3.0" ]]; then
+ echo "openssl 3.0"
+ if [ ! -n "$1" ]; then
+ engine_id=uadk_provider
+ else
+ engine_id=$1
+ fi
+
+ digest_algs=$(openssl list -provider $engine_id -digest-algorithms)
+fi
+
+if [[ $digest_algs =~ "uadk_provider" ]]; then
+ echo "uadk_provider testing digest"
+ openssl speed -provider $engine_id -provider default -evp md5
+ openssl speed -provider $engine_id -provider default -evp sm3
+ openssl speed -provider $engine_id -provider default -evp sha1
+ openssl speed -provider $engine_id -provider default -evp sha2-224
+ openssl speed -provider $engine_id -provider default -evp sha2-256
+ openssl speed -provider $engine_id -provider default -evp sha2-384
+ openssl speed -provider $engine_id -provider default -evp sha2-512
+
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp md5
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sm3
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha1
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-224
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-256
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-384
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-512
fi
-algs=$(openssl engine -c $engine_id)
-echo $algs
+if [[ $version =~ "1.1.1" ]]; then
+ echo "openssl 1.1.1"
+ if [ ! -n "$1" ]; then
+ engine_id=uadk_engine
+ else
+ engine_id=$1
+ fi
+
+ algs=$(openssl engine -c $engine_id)
+ echo $algs
+fi
#digest
if [[ $algs =~ "MD5" ]]; then
--
2.25.1

349
0007-rsa-cleanup-about-reducing-function-parameters.patch
View File

@ -1,349 +0,0 @@
From 273cf10d03532e73dfcd9f8a1223bfecb64d0f16 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Wed, 22 Dec 2021 10:51:48 +0000
Subject: [PATCH 07/18] rsa: cleanup about reducing function parameters
Reduce the number of parameters of functions
related to prime, and make the name of those
functions clearer.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 155 ++++++++++++++++++++++++++++++-------------------
1 file changed, 95 insertions(+), 60 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index cb98159..c1609ca 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -97,6 +97,14 @@ struct rsa_prikey_param {
int is_crt;
};
+struct rsa_prime_param {
+ BIGNUM *r1;
+ BIGNUM *r2;
+ BIGNUM *rsa_p;
+ BIGNUM *rsa_q;
+ BIGNUM *prime;
+};
+
struct uadk_rsa_sess {
handle_t sess;
struct wd_rsa_sess_setup setup;
@@ -156,15 +164,14 @@ static int rsa_check_bit_useful(const int bits, int flen)
}
}
-static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
- BN_CTX *ctx, BN_GENCB *cb)
+static int rsa_prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
+ BN_CTX *ctx, BN_GENCB *cb)
{
- /* calculate n = p * q */
if (num == 1) {
if (!BN_mul(r1, rsa_p, rsa_q, ctx))
return BN_ERR;
} else {
- /* if num == 0, use number 3 to indicate do nothing */
+ /* If num == 0, use number 3 to indicate do nothing */
if (!BN_GENCB_call(cb, 3, num))
return BN_ERR;
return BN_CONTINUE;
@@ -173,20 +180,21 @@ static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
return BN_VALID;
}
-static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
- const int *n, BIGNUM *rsa_p, BIGNUM *rsa_q,
- BIGNUM *r1, BIGNUM *r2, BN_CTX *ctx,
- BN_GENCB *cb)
+static int check_rsa_prime_sufficient(int *num, const int *bitsr,
+ int *bitse, const int *n,
+ struct rsa_prime_param *param,
+ BN_CTX *ctx, BN_GENCB *cb)
{
static int retries;
BN_ULONG bitst;
int ret;
- ret = prime_mul_res(*num, rsa_p, rsa_q, r1, ctx, cb);
+ ret = rsa_prime_mul_res(*num, param->rsa_p, param->rsa_q,
+ param->r1, ctx, cb);
if (ret)
return ret;
/*
- * if |r1|, product of factors so far, is not as long as expected
+ * If |r1|, product of factors so far, is not as long as expected
* (by checking the first 4 bits are less than 0x9 or greater than
* 0xF). If so, re-generate the last prime.
*
@@ -199,10 +207,10 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
* key by using the modulus in a certificate. This is also covered
* by checking the length should not be less than 0x9.
*/
- if (!BN_rshift(r2, r1, *bitse - 4))
+ if (!BN_rshift(param->r2, param->r1, *bitse - 4))
return BN_ERR;
- bitst = BN_get_word(r2);
+ bitst = BN_get_word(param->r2);
if (bitst < 0x9 || bitst > 0xF) {
/*
* For keys with more than 4 primes, we attempt longer factor to
@@ -216,7 +224,9 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
*bitse -= bitsr[*num];
else
return -1;
- if (!BN_GENCB_call(cb, 2, *n++))
+
+ ret = BN_GENCB_call(cb, 2, *n++);
+ if (!ret)
return -1;
if (retries == 4) {
*num = -1;
@@ -227,14 +237,17 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
retries++;
return BN_REDO;
}
- if (!BN_GENCB_call(cb, 3, *num))
+
+ ret = BN_GENCB_call(cb, 3, *num);
+ if (!ret)
return BN_ERR;
retries = 0;
return BN_VALID;
}
-static void set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM **prime)
+static void rsa_set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
+ BIGNUM **prime)
{
if (num == 0)
*prime = rsa_p;
@@ -244,8 +257,8 @@ static void set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM **prime)
BN_set_flags(*prime, BN_FLG_CONSTTIME);
}
-static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
- BIGNUM *prime)
+static int check_rsa_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
+ BIGNUM *prime)
{
BIGNUM *prev_prime;
int j;
@@ -268,8 +281,8 @@ static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
return UADK_E_SUCCESS;
}
-static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2,
- BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb)
+static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
+ BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb)
{
unsigned long err;
/*
@@ -278,10 +291,10 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r
* BN_value_one() returns a BIGNUM constant of value 1.
* r2 = prime - 1.
*/
- if (!BN_sub(r2, prime, BN_value_one()))
+ if (!BN_sub(param->r2, param->prime, BN_value_one()))
return -1;
ERR_set_mark();
- BN_set_flags(r2, BN_FLG_CONSTTIME);
+ BN_set_flags(param->r2, BN_FLG_CONSTTIME);
/*
* BN_mod_inverse(r,a,n,ctx) used to compute inverse modulo n.
* Precisely, it computes the inverse of "a" modulo "n", and places
@@ -290,7 +303,7 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r
* The expected result: (r2 * r1) % e_pub ==1,
* the inverse of r2 exist, that is r1.
*/
- if (BN_mod_inverse(r1, r2, e_pub, ctx))
+ if (BN_mod_inverse(param->r1, param->r2, e_pub, ctx))
return UADK_E_SUCCESS;
err = ERR_peek_last_error();
@@ -307,10 +320,9 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r
return GET_ERR_FINISH;
}
-static int get_prime_once(int num, const int *bitsr, const int *n,
- BIGNUM *prime, BIGNUM *rsa_p, BIGNUM *rsa_q,
- BIGNUM *r1, BIGNUM *r2, BIGNUM *e_pub,
- BN_CTX *ctx, BN_GENCB *cb)
+static int get_rsa_prime_once(int num, const int *bitsr, const int *n,
+ BIGNUM *e_pub, struct rsa_prime_param *param,
+ BN_CTX *ctx, BN_GENCB *cb)
{
int ret = -1;
@@ -318,12 +330,13 @@ static int get_prime_once(int num, const int *bitsr, const int *n,
return ret;
while (1) {
/* Generate prime with bitsr[num] len. */
- if (!BN_generate_prime_ex(prime, bitsr[num],
+ if (!BN_generate_prime_ex(param->prime, bitsr[num],
0, NULL, NULL, cb))
return BN_ERR;
- if (!check_prime_equal(num, rsa_p, rsa_q, prime))
+ if (!check_rsa_prime_equal(num, param->rsa_p, param->rsa_q,
+ param->prime))
continue;
- ret = check_prime_useful(n, prime, r1, r2, e_pub, ctx, cb);
+ ret = check_rsa_prime_useful(n, param, e_pub, ctx, cb);
if (ret == BN_ERR)
return BN_ERR;
else if (ret == UADK_E_SUCCESS)
@@ -333,8 +346,7 @@ static int get_prime_once(int num, const int *bitsr, const int *n,
return ret;
}
-static void switch_p_q(BIGNUM *rsa_p, BIGNUM *rsa_q,
- BIGNUM *p, BIGNUM *q)
+static void rsa_switch_p_q(BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *p, BIGNUM *q)
{
BIGNUM *tmp;
@@ -373,13 +385,37 @@ static int check_rsa_is_crt(RSA *rsa)
return UN_SET;
}
+static int get_rsa_prime_param(struct rsa_prime_param *param, BN_CTX *ctx)
+{
+ param->r1 = BN_CTX_get(ctx);
+ if (!param->r1)
+ goto end;
+
+ param->r2 = BN_CTX_get(ctx);
+ if (!param->r2)
+ goto end;
+
+ param->rsa_p = BN_CTX_get(ctx);
+ if (!param->rsa_p)
+ goto end;
+
+ param->rsa_q = BN_CTX_get(ctx);
+ if (!param->rsa_q)
+ goto end;
+
+ return UADK_E_SUCCESS;
+
+end:
+ fprintf(stderr, "failed to malloc params\n");
+ return UADK_E_FAIL;
+}
+
static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
BIGNUM *q, BN_GENCB *cb)
{
- BIGNUM *r1, *r2, *rsa_p, *rsa_q;
+ struct rsa_prime_param *param = NULL;
int bitsr[RSA_MAX_PRIME_NUM] = {0};
int flag, quo, rmd, i;
- BIGNUM *prime = NULL;
BN_CTX *ctx;
int bitse = 0;
int ret = 0;
@@ -391,12 +427,15 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
return ret;
BN_CTX_start(ctx);
- r1 = BN_CTX_get(ctx);
- r2 = BN_CTX_get(ctx);
- rsa_p = BN_CTX_get(ctx);
- rsa_q = BN_CTX_get(ctx);
- if (!r1 || !r2 || !rsa_p || !rsa_q)
- goto err;
+ param = OPENSSL_zalloc(sizeof(struct rsa_prime_param));
+ if (!param) {
+ fprintf(stderr, "failed to malloc rsa prime param\n");
+ goto free_ctx;
+ }
+
+ ret = get_rsa_prime_param(param, ctx);
+ if (!ret)
+ goto free_param;
/* Divide bits into 'primes' pieces evenly */
quo = bits / RSA_MAX_PRIME_NUM;
@@ -409,39 +448,37 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
/* flag: whether primes are generated correctely. */
flag = 1;
/* Set flag for primes rsa_p and rsa_q separately. */
- set_primes(i, rsa_p, rsa_q, &prime);
+ rsa_set_primes(i, param->rsa_p, param->rsa_q, &param->prime);
while (flag == 1) {
- if (get_prime_once(i, bitsr, &n, prime, rsa_p, rsa_q,
- r1, r2, e_pub, ctx, cb) == -1)
- goto err;
+ ret = get_rsa_prime_once(i, bitsr, &n, e_pub, param,
+ ctx, cb);
+ if (ret == -1)
+ goto free_param;
bitse += bitsr[i];
- ret = check_prime_sufficient(&i, bitsr, &bitse, &n,
- rsa_p, rsa_q, r1, r2,
- ctx, cb);
+ ret = check_rsa_prime_sufficient(&i, bitsr, &bitse, &n,
+ param, ctx, cb);
if (ret == BN_ERR)
- goto err;
+ goto free_param;
else if (ret == BN_REDO)
continue;
else
flag = 0;
}
}
- switch_p_q(rsa_p, rsa_q, p, q);
+ rsa_switch_p_q(param->rsa_p, param->rsa_q, p, q);
ret = UADK_E_SUCCESS;
-err:
- if (ctx) {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
-
+free_param:
+ OPENSSL_free(param);
+free_ctx:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
return ret;
}
static int add_rsa_pubenc_padding(int flen, const unsigned char *from,
- unsigned char *buf, int num,
- int padding)
+ unsigned char *buf, int num, int padding)
{
int ret;
@@ -852,8 +889,7 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param,
struct uadk_rsa_sess *rsa_sess,
- unsigned char *in_buf,
- unsigned char *to)
+ unsigned char *in_buf, unsigned char *to)
{
struct wd_rsa_pubkey *pubkey = NULL;
struct wd_dtb *wd_e = NULL;
@@ -882,8 +918,7 @@ static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param,
static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,
struct rsa_prikey_param *pri,
- unsigned char *in_buf,
- unsigned char *to)
+ unsigned char *in_buf, unsigned char *to)
{
struct wd_rsa_prikey *prikey;
struct wd_dtb *wd_dq;
--
2.24.4

29
0008-cipher-fix-double-free-error.patch Normal file
View File

@ -0,0 +1,29 @@
From 516c9a1c8f77e8d1d91c78478425b4df585ec485 Mon Sep 17 00:00:00 2001
From: taoqi <taoqi10@huawei.com>
Date: Tue, 20 Jun 2023 22:38:01 +0800
Subject: [PATCH 08/10] cipher: fix double free error
When wd_cipher_set_key() failed, after the handle
is released, the handle should be set to 0 to avoid
reusing.
Signed-off-by: taoqi <taoqi10@huawei.com>
---
src/uadk_cipher.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index c7be21a..1905e47 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -878,6 +878,7 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
ret = wd_cipher_set_key(priv->sess, priv->key, EVP_CIPHER_CTX_key_length(ctx));
if (ret) {
wd_cipher_free_sess(priv->sess);
+ priv->sess = 0;
fprintf(stderr, "uadk failed to set key!\n");
}
}
--
2.25.1

355
0008-ecc-cleanup-sm2-compute-digest-function.patch
View File

@ -1,355 +0,0 @@
From b99452edd6ae045e833e3ae01866b8546fd5733a Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Fri, 24 Dec 2021 07:30:22 +0000
Subject: [PATCH 08/18] ecc: cleanup sm2 compute digest function
The operation flow of sm2_compute_z_digest()
is modularized and encapsulated to reduce
the code line of sm2_compute_z_digest() and
make the code easier to understand.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_sm2.c | 277 +++++++++++++++++++++++++++++++++++--------------
1 file changed, 197 insertions(+), 80 deletions(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index d74aa3a..6d5dad0 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -62,6 +62,26 @@ typedef struct sm2_ciphertext {
ASN1_OCTET_STRING *C2;
} SM2_Ciphertext;
+struct sm2_param {
+ /*
+ * p: BIGNUM with the prime number (GFp) or the polynomial
+ * defining the underlying field (GF2m)
+ */
+ BIGNUM *p;
+ /* a: BIGNUM for parameter a of the equation */
+ BIGNUM *a;
+ /* b: BIGNUM for parameter b of the equation */
+ BIGNUM *b;
+ /* xG: BIGNUM for the x-coordinate value of G point */
+ BIGNUM *xG;
+ /* yG: BIGNUM for the y-coordinate value of G point */
+ BIGNUM *yG;
+ /* xA: BIGNUM for the x-coordinate value of PA point */
+ BIGNUM *xA;
+ /* yA: BIGNUM for the y-coordinate value of PA point */
+ BIGNUM *yA;
+};
+
DECLARE_ASN1_FUNCTIONS(SM2_Ciphertext)
ASN1_SEQUENCE(SM2_Ciphertext) = {
@@ -695,8 +715,7 @@ static int sm2_verify_init(EVP_PKEY_CTX *ctx)
}
static int sm2_verify_init_iot(handle_t sess, struct wd_ecc_req *req,
- struct wd_dtb *e,
- struct wd_dtb *r,
+ struct wd_dtb *e, struct wd_dtb *r,
struct wd_dtb *s)
{
struct wd_ecc_in *ecc_in;
@@ -1229,119 +1248,217 @@ static int sm2_ctrl_str(EVP_PKEY_CTX *ctx,
return UADK_E_INVALID;
}
-static int sm2_compute_z_digest(uint8_t *out,
- const EVP_MD *digest,
- const uint8_t *id,
- const size_t id_len,
- const EC_KEY *key)
+static int get_sm2_param(struct sm2_param *sm2_param, BN_CTX *ctx)
{
- const EC_GROUP *group = EC_KEY_get0_group(key);
- EVP_MD_CTX *hash = NULL;
- uint8_t *buf = NULL;
- BN_CTX *ctx = NULL;
- BIGNUM *p = NULL;
- BIGNUM *a = NULL;
- BIGNUM *b = NULL;
- BIGNUM *xG = NULL;
- BIGNUM *yG = NULL;
- BIGNUM *xA = NULL;
- BIGNUM *yA = NULL;
- uint8_t e_byte;
- uint16_t entl;
- int p_bytes;
- int rc = 0;
+ sm2_param->p = BN_CTX_get(ctx);
+ if (!sm2_param->p)
+ goto end;
- hash = EVP_MD_CTX_new();
- ctx = BN_CTX_new();
- if (hash == NULL || ctx == NULL) {
- fprintf(stderr, "failed to EVP_CTX_new\n");
- goto done;
- }
+ sm2_param->a = BN_CTX_get(ctx);
+ if (!sm2_param->a)
+ goto end;
- p = BN_CTX_get(ctx);
- a = BN_CTX_get(ctx);
- b = BN_CTX_get(ctx);
- xG = BN_CTX_get(ctx);
- yG = BN_CTX_get(ctx);
- xA = BN_CTX_get(ctx);
- yA = BN_CTX_get(ctx);
- if (yA == NULL) {
- fprintf(stderr, "failed to malloc\n");
- goto done;
- }
+ sm2_param->b = BN_CTX_get(ctx);
+ if (!sm2_param->b)
+ goto end;
+
+ sm2_param->xG = BN_CTX_get(ctx);
+ if (!sm2_param->xG)
+ goto end;
+
+ sm2_param->yG = BN_CTX_get(ctx);
+ if (!sm2_param->yG)
+ goto end;
+
+ sm2_param->xA = BN_CTX_get(ctx);
+ if (!sm2_param->xA)
+ goto end;
+
+ sm2_param->yA = BN_CTX_get(ctx);
+ if (!sm2_param->yA)
+ goto end;
+
+ return 1;
+
+end:
+ fprintf(stderr, "failed to malloc params\n");
+ return 0;
+}
+
+static int check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash,
+ const size_t id_len, const uint8_t *id)
+{
+ uint8_t e_byte;
+ uint16_t entl;
if (!EVP_DigestInit(hash, digest)) {
fprintf(stderr, "error evp lib\n");
- goto done;
+ return 0;
}
/* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */
if (id_len >= (UINT16_MAX / 8)) {
- /* too large */
fprintf(stderr, "id too large\n");
- goto done;
+ return 0;
}
entl = (uint16_t)(8 * id_len);
e_byte = entl >> 8;
- if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
- fprintf(stderr, "error evp lib\n");
- goto done;
- }
+ if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
+ fprintf(stderr, "error evp lib\n");
+ return 0;
+ }
+
e_byte = entl & 0xFF;
if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
fprintf(stderr, "error evp lib\n");
- goto done;
+ return 0;
}
if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) {
fprintf(stderr, "error evp lib\n");
- goto done;
+ return 0;
}
- if (!EC_GROUP_get_curve(group, p, a, b, ctx)) {
- fprintf(stderr, "error ec lib\n");
- goto done;
+ return 1;
+}
+
+static int check_equation_param(struct sm2_param *param, EVP_MD_CTX *hash,
+ uint8_t *buf, int p_bytes)
+{
+ if (BN_bn2binpad(param->a, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes) ||
+ BN_bn2binpad(param->b, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes)) {
+ fprintf(stderr, "failed to check equation param\n");
+ return 0;
}
- p_bytes = BN_num_bytes(p);
- buf = OPENSSL_zalloc(p_bytes);
- if (buf == NULL) {
- fprintf(stderr, "failed to malloc\n");
- goto done;
+ return 1;
+}
+
+
+static int check_base_point_group_param(struct sm2_param *param, BN_CTX *ctx,
+ const EC_KEY *key)
+{
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+
+ if (!EC_POINT_get_affine_coordinates(group,
+ EC_GROUP_get0_generator(group),
+ param->xG, param->yG, ctx)) {
+ fprintf(stderr, "failed to check base point group param\n");
+ return 0;
}
- if (BN_bn2binpad(a, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || BN_bn2binpad(b, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || !EC_POINT_get_affine_coordinates(group,
- EC_GROUP_get0_generator(group),
- xG, yG, ctx)
- || BN_bn2binpad(xG, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || BN_bn2binpad(yG, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || !EC_POINT_get_affine_coordinates(group,
- EC_KEY_get0_public_key(key),
- xA, yA, ctx)
- || BN_bn2binpad(xA, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || BN_bn2binpad(yA, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || !EVP_DigestFinal(hash, out, NULL)) {
- fprintf(stderr, "internal error\n");
- goto done;
+ return 1;
+}
+
+static int check_base_point_param(struct sm2_param *param, EVP_MD_CTX *hash,
+ uint8_t *buf, int p_bytes)
+{
+ if (BN_bn2binpad(param->xG, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes) ||
+ BN_bn2binpad(param->yG, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes)) {
+ fprintf(stderr, "failed to check base point param\n");
+ return 0;
}
- rc = 1;
+ return 1;
+}
-done:
+static int check_pkey_point_group_param(struct sm2_param *param, BN_CTX *ctx,
+ const EC_KEY *key)
+{
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+
+ if (!EC_POINT_get_affine_coordinates(group,
+ EC_KEY_get0_public_key(key),
+ param->xA, param->yA, ctx)) {
+ fprintf(stderr, "failed to check pkey point group param\n");
+ return 0;
+ }
+ return 1;
+}
+
+static int check_pkey_point_param(struct sm2_param *param, EVP_MD_CTX *hash,
+ uint8_t *buf, int p_bytes, uint8_t *out)
+{
+ if (BN_bn2binpad(param->xA, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes) ||
+ BN_bn2binpad(param->yA, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes) ||
+ !EVP_DigestFinal(hash, out, NULL)) {
+ fprintf(stderr, "failed to check pkey point param\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int sm2_compute_z_digest(uint8_t *out, const EVP_MD *digest,
+ const uint8_t *id, const size_t id_len,
+ const EC_KEY *key)
+{
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+ struct sm2_param *param = NULL;
+ EVP_MD_CTX *hash = NULL;
+ uint8_t *buf = NULL;
+ BN_CTX *ctx = NULL;
+ int p_bytes;
+ int ret = 0;
+
+ hash = EVP_MD_CTX_new();
+ if (!hash)
+ return ret;
+
+ ctx = BN_CTX_new();
+ if (!ctx)
+ goto free_hash;
+
+ param = OPENSSL_zalloc(sizeof(struct sm2_param));
+ if (!param) {
+ fprintf(stderr, "failed to malloc sm2 param\n");
+ goto free_ctx;
+ }
+
+ if (!get_sm2_param(param, ctx))
+ goto free_param;
+
+ if (!check_digest_evp_lib(digest, hash, id_len, id))
+ goto free_param;
+
+ if (!EC_GROUP_get_curve(group, param->p, param->a, param->b, ctx)) {
+ fprintf(stderr, "failed to get curve\n");
+ goto free_param;
+ }
+
+ p_bytes = BN_num_bytes(param->p);
+ buf = OPENSSL_zalloc(p_bytes);
+ if (!buf) {
+ fprintf(stderr, "failed to malloc buf\n");
+ goto free_param;
+ }
+
+ if (!check_equation_param(param, hash, buf, p_bytes) ||
+ !check_base_point_group_param(param, ctx, key) ||
+ !check_base_point_param(param, hash, buf, p_bytes) ||
+ !check_pkey_point_group_param(param, ctx, key) ||
+ !check_pkey_point_param(param, hash, buf, p_bytes, out))
+ goto free_buf;
+
+ ret = 1;
+
+free_buf:
OPENSSL_free(buf);
+free_param:
+ OPENSSL_free(param);
+free_ctx:
BN_CTX_free(ctx);
+free_hash:
EVP_MD_CTX_free(hash);
- return rc;
+ return ret;
}
static int sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
--
2.24.4

56
0009-cipher-fix-set-key-error.patch Normal file
View File

@ -0,0 +1,56 @@
From c8f3d1d021f028a9ca500d079c4158038e1b22c9 Mon Sep 17 00:00:00 2001
From: taoqi <taoqi10@huawei.com>
Date: Tue, 20 Jun 2023 23:05:06 +0800
Subject: [PATCH 09/10] cipher: fix set key error
Initialize the algorithm type again to prevent
the algorithm type from being changed.
Signed-off-by: taoqi <taoqi10@huawei.com>
---
src/uadk_cipher.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 1905e47..cc13823 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -840,8 +840,10 @@ static int do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *op)
static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
{
+ __u32 cipher_counts = ARRAY_SIZE(cipher_info_table);
struct sched_params params = {0};
- int ret;
+ int nid, ret;
+ __u32 i;
priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx);
priv->req.iv = priv->iv;
@@ -869,7 +871,23 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
/* Use the default numa parameters */
params.numa_id = -1;
priv->setup.sched_param = &params;
+
if (!priv->sess) {
+ nid = EVP_CIPHER_CTX_nid(ctx);
+
+ for (i = 0; i < cipher_counts; i++) {
+ if (nid == cipher_info_table[i].nid) {
+ cipher_priv_ctx_setup(priv, cipher_info_table[i].alg,
+ cipher_info_table[i].mode, cipher_info_table[i].out_bytes);
+ break;
+ }
+ }
+
+ if (i == cipher_counts) {
+ fprintf(stderr, "failed to setup the private ctx.\n");
+ return;
+ }
+
priv->sess = wd_cipher_alloc_sess(&priv->setup);
if (!priv->sess)
fprintf(stderr, "uadk failed to alloc session!\n");
--
2.25.1

232
0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch
View File

@ -1,232 +0,0 @@
From 1bb24b3d0769f82e6903ca94fa6b8ad466eb5bbe Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Fri, 24 Dec 2021 08:44:03 +0000
Subject: [PATCH 09/18] ecc: bugfix about ecc init after alloc sess
When executing allocating session operation, it needs
sched_init(), which is supported by init operation
in the engine, so the init operation should be done
before executing allocating session operation.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 93 +++++++++++++++++++++++----------------------------
1 file changed, 42 insertions(+), 51 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 9040d3c..0c8a011 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -426,7 +426,10 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
if (ret)
goto do_soft;
- ret = UADK_DO_SOFT;
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
+
sess = ecc_alloc_sess(eckey, "ecdsa");
if (!sess)
goto do_soft;
@@ -438,33 +441,28 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
if (ret)
goto free_sess;
- ret = uadk_ecc_set_private_key(sess, eckey);
+ ret = uadk_ecc_set_private_key(sess, eckey);
if (ret)
goto uninit_iot;
- ret = uadk_init_ecc();
- if (ret) {
- ret = UADK_DO_SOFT;
- goto uninit_iot;
- }
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1) {
- ret = UADK_DO_SOFT;
+ if (ret != 1)
goto uninit_iot;
- }
sig = create_ecdsa_sig(&req);
+ wd_ecc_del_in(sess, req.src);
+ wd_ecc_del_out(sess, req.dst);
+ wd_ecc_free_sess(sess);
+
+ return sig;
+
uninit_iot:
wd_ecc_del_in(sess, req.src);
wd_ecc_del_out(sess, req.dst);
free_sess:
wd_ecc_free_sess(sess);
do_soft:
- if (ret != UADK_DO_SOFT)
- return sig;
-
fprintf(stderr, "switch to execute openssl software calculation.\n");
return openssl_do_sign(dgst, dlen, in_kinv, in_r, eckey);
}
@@ -617,7 +615,10 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen,
if (ret)
goto do_soft;
- ret = UADK_DO_SOFT;
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
+
sess = ecc_alloc_sess(eckey, "ecdsa");
if (!sess)
goto do_soft;
@@ -633,24 +634,19 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen,
if (ret)
goto uninit_iot;
- ret = uadk_init_ecc();
- if (ret) {
- ret = UADK_DO_SOFT;
- goto uninit_iot;
- }
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
if (ret != 1) {
- printf("failed to uadk_ecc_crypto, ret = %d\n", ret);
- ret = UADK_DO_SOFT;
+ fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
+ goto uninit_iot;
}
+
+ return ret;
+
uninit_iot:
wd_ecc_del_in(sess, req.src);
free_sess:
wd_ecc_free_sess(sess);
do_soft:
- if (ret != UADK_DO_SOFT)
- return ret;
fprintf(stderr, "switch to execute openssl software calculation.\n");
return openssl_do_verify(dgst, dlen, sig, eckey);
}
@@ -888,9 +884,12 @@ static int sm2_generate_key(EC_KEY *eckey)
ret = eckey_create_key(eckey);
if (!ret)
- return ret;
+ goto do_soft;
+
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
- ret = UADK_DO_SOFT;
sess = ecc_alloc_sess(eckey, "sm2");
if (!sess)
goto do_soft;
@@ -900,35 +899,29 @@ static int sm2_generate_key(EC_KEY *eckey)
if (ret)
goto free_sess;
- ret = uadk_init_ecc();
- if (ret) {
- ret = UADK_DO_SOFT;
- goto uninit_iot;
- }
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1) {
- ret = UADK_DO_SOFT;
+ if (ret != 1)
goto uninit_iot;
- }
ret = set_key_to_ec_key(eckey, &req);
if (ret)
goto uninit_iot;
ret = 1;
+ wd_ecc_del_out(sess, req.dst);
+ wd_ecc_free_sess(sess);
+
+ return ret;
+
uninit_iot:
wd_ecc_del_out(sess, req.dst);
free_sess:
wd_ecc_free_sess(sess);
do_soft:
- if (ret != UADK_DO_SOFT)
- return ret;
fprintf(stderr, "switch to execute openssl software calculation.\n");
return openssl_do_generate(eckey);
}
-
static int ecdh_keygen_init_iot(handle_t sess, struct wd_ecc_req *req,
EC_KEY *ecdh)
{
@@ -1108,6 +1101,10 @@ static int ecdh_generate_key(EC_KEY *ecdh)
if (!ret)
goto do_soft;
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
+
sess = ecc_alloc_sess(ecdh, "ecdh");
if (!sess)
goto do_soft;
@@ -1121,10 +1118,6 @@ static int ecdh_generate_key(EC_KEY *ecdh)
if (ret)
goto uninit_iot;
- ret = uadk_init_ecc();
- if (ret)
- goto uninit_iot;
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
if (ret != 1)
goto uninit_iot;
@@ -1202,10 +1195,8 @@ static int ecc_compkey_check(unsigned char **out,
return 1;
}
-static int ecdh_compute_key(unsigned char **out,
- size_t *outlen,
- const EC_POINT *pub_key,
- const EC_KEY *ecdh)
+static int ecdh_compute_key(unsigned char **out, size_t *outlen,
+ const EC_POINT *pub_key, const EC_KEY *ecdh)
{
struct wd_ecc_req req;
handle_t sess;
@@ -1215,6 +1206,10 @@ static int ecdh_compute_key(unsigned char **out,
if (!ret)
goto do_soft;
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
+
sess = ecc_alloc_sess(ecdh, "ecdh");
if (!sess)
goto do_soft;
@@ -1232,10 +1227,6 @@ static int ecdh_compute_key(unsigned char **out,
if (ret)
goto uninit_iot;
- ret = uadk_init_ecc();
- if (ret)
- goto uninit_iot;
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
if (ret != 1)
goto uninit_iot;
--
2.24.4

36
0010-cipher-fix-async-hardware-computing-error.patch Normal file
View File

@ -0,0 +1,36 @@
From 9fa67d9748d0e8b710bc8a0cdd3f289e3a1b2f8f Mon Sep 17 00:00:00 2001
From: taoqi <taoqi10@huawei.com>
Date: Tue, 20 Jun 2023 23:07:31 +0800
Subject: [PATCH 10/10] cipher: fix async hardware computing error
If the length of the input data does not reach to
hardware computing threshold, directly switch to
soft cipher.
Signed-off-by: taoqi <taoqi10@huawei.com>
---
src/uadk_cipher.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index cc13823..940c26c 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -927,6 +927,14 @@ static int uadk_e_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (!ret)
goto sync_err;
} else {
+ /*
+ * If the length of the input data
+ * does not reach to hardware computing threshold,
+ * directly switch to soft cipher.
+ */
+ if (priv->req.in_bytes <= priv->switch_threshold)
+ goto sync_err;
+
ret = do_cipher_async(priv, &op);
if (!ret)
goto out_notify;
--
2.25.1

110
0010-rsa-cleanup-about-prime-generation.patch
View File

@ -1,110 +0,0 @@
From fc023b87189ff488b4e760567d92afeca2635559 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 25 Dec 2021 01:35:03 +0000
Subject: [PATCH 10/18] rsa: cleanup about prime generation
Reduce parameter number of rsa_prime_mul_res(),
and add comments of BN_GENCB_call().
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 28 +++++++++++++++++-----------
1 file changed, 17 insertions(+), 11 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index c1609ca..2526af9 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -164,14 +164,17 @@ static int rsa_check_bit_useful(const int bits, int flen)
}
}
-static int rsa_prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
+static int rsa_prime_mul_res(int num, struct rsa_prime_param *param,
BN_CTX *ctx, BN_GENCB *cb)
{
if (num == 1) {
- if (!BN_mul(r1, rsa_p, rsa_q, ctx))
+ if (!BN_mul(param->r1, param->rsa_p, param->rsa_q, ctx))
return BN_ERR;
} else {
- /* If num == 0, use number 3 to indicate do nothing */
+ /*
+ * Use the number 3 to indicate whether
+ * the generator has been found.
+ */
if (!BN_GENCB_call(cb, 3, num))
return BN_ERR;
return BN_CONTINUE;
@@ -189,8 +192,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
BN_ULONG bitst;
int ret;
- ret = rsa_prime_mul_res(*num, param->rsa_p, param->rsa_q,
- param->r1, ctx, cb);
+ ret = rsa_prime_mul_res(*num, param, ctx, cb);
if (ret)
return ret;
/*
@@ -224,7 +226,10 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
*bitse -= bitsr[*num];
else
return -1;
-
+ /*
+ * Use the number 2 to indicate whether
+ * a prime has been found.
+ */
ret = BN_GENCB_call(cb, 2, *n++);
if (!ret)
return -1;
@@ -237,7 +242,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
retries++;
return BN_REDO;
}
-
+ /* Use the number 3 to indicate whether the generator has been found. */
ret = BN_GENCB_call(cb, 3, *num);
if (!ret)
return BN_ERR;
@@ -314,6 +319,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
else
return BN_ERR;
+ /* Use the number 2 to indicate whether a prime has been found. */
if (!BN_GENCB_call(cb, 2, *n++))
return BN_ERR;
@@ -1094,7 +1100,7 @@ static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
int ret;
if (!default_meth) {
- printf("failed to get soft method.\n");
+ fprintf(stderr, "failed to get soft method.\n");
return UADK_E_FAIL;
}
@@ -1121,7 +1127,7 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess,
return UADK_E_FAIL;
keygen_param->wd_e->dsize = BN_bn2bin(bn_param->e,
- (unsigned char *)keygen_param->wd_e->data);
+ (unsigned char *)keygen_param->wd_e->data);
wd_rsa_get_prikey(rsa_sess->sess, &key_pair->prikey);
if (!key_pair->prikey)
@@ -1133,9 +1139,9 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess,
return UADK_E_FAIL;
keygen_param->wd_q->dsize = BN_bn2bin(bn_param->q,
- (unsigned char *)keygen_param->wd_q->data);
+ (unsigned char *)keygen_param->wd_q->data);
keygen_param->wd_p->dsize = BN_bn2bin(bn_param->p,
- (unsigned char *)keygen_param->wd_p->data);
+ (unsigned char *)keygen_param->wd_p->data);
rsa_sess->req.src_bytes = rsa_sess->key_size;
rsa_sess->req.dst_bytes = rsa_sess->key_size;
--
2.24.4

209
0011-ecc-cleanup-the-form-of-the-return-value.patch
View File

@ -1,209 +0,0 @@
From dbb4ff29da9ed378d8753a6e5d18e86756c1d254 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Mon, 27 Dec 2021 07:04:43 +0000
Subject: [PATCH 11/18] ecc: cleanup the form of the return value
This patch includes:
1. Unified the return value form.
2. Remove redundant goto jumps.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 20 +++++++++++---------
src/uadk_ecx.c | 8 ++++----
src/uadk_pkey.c | 5 ++---
src/uadk_sm2.c | 8 ++++----
4 files changed, 21 insertions(+), 20 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 0c8a011..db69871 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -446,7 +446,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
goto uninit_iot;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
sig = create_ecdsa_sig(&req);
@@ -635,11 +635,14 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen,
goto uninit_iot;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
goto uninit_iot;
}
+ wd_ecc_del_in(sess, req.src);
+ wd_ecc_free_sess(sess);
+
return ret;
uninit_iot:
@@ -701,7 +704,7 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req)
tmp = BN_bin2bn((unsigned char *)privkey->data, privkey->dsize, NULL);
ret = EC_KEY_set_private_key(ec, tmp);
BN_free(tmp);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to EC KEY set private key\n");
return -EINVAL;
}
@@ -725,7 +728,7 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req)
ret = EC_KEY_set_public_key(ec, point);
EC_POINT_free(point);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to EC_KEY_set_public_key\n");
return -EINVAL;
}
@@ -900,18 +903,17 @@ static int sm2_generate_key(EC_KEY *eckey)
goto free_sess;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = set_key_to_ec_key(eckey, &req);
if (ret)
goto uninit_iot;
- ret = 1;
wd_ecc_del_out(sess, req.dst);
wd_ecc_free_sess(sess);
- return ret;
+ return 1;
uninit_iot:
wd_ecc_del_out(sess, req.dst);
@@ -1119,7 +1121,7 @@ static int ecdh_generate_key(EC_KEY *ecdh)
goto uninit_iot;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = ecdh_set_key_to_ec_key(ecdh, &req);
@@ -1228,7 +1230,7 @@ static int ecdh_compute_key(unsigned char **out, size_t *outlen,
goto uninit_iot;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = ecdh_get_shared_key(ecdh, out, outlen, &req);
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 6a9f78c..67f9350 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -399,7 +399,7 @@ static int x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
goto uninit_iot;
ret = uadk_ecc_crypto(keygen_ctx->sess, &req, (void *)keygen_ctx->sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = ecx_keygen_set_pkey(pkey, keygen_ctx, &req, ecx_key);
@@ -457,7 +457,7 @@ static int x448_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
goto uninit_iot;
ret = uadk_ecc_crypto(keygen_ctx->sess, &req, (void *)keygen_ctx->sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = ecx_keygen_set_pkey(pkey, keygen_ctx, &req, ecx_key);
@@ -659,7 +659,7 @@ static int x25519_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
goto uninit_iot;
ret = uadk_ecc_crypto(derive_ctx->sess, &req, (void *)derive_ctx);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
wd_ecxdh_get_out_params(req.dst, &s_key);
@@ -745,7 +745,7 @@ static int x448_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
goto uninit_iot;
ret = uadk_ecc_crypto(derive_ctx->sess, &req, (void *)derive_ctx);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
wd_ecxdh_get_out_params(req.dst, &s_key);
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 62362b0..7ca998b 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -273,8 +273,7 @@ static void uadk_wd_ecc_uninit(void)
ecc_res.pid = 0;
}
-int uadk_ecc_crypto(handle_t sess,
- struct wd_ecc_req *req, void *usr)
+int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr)
{
struct uadk_e_cb_info cb_param;
struct async_op op;
@@ -314,7 +313,7 @@ int uadk_ecc_crypto(handle_t sess,
} else {
ret = wd_do_ecc_sync(sess, req);
if (ret < 0)
- return ret;
+ return 0;
}
return 1;
err:
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 6d5dad0..f602e48 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -359,7 +359,7 @@ static int sign_bin_to_ber(EC_KEY *ec, struct wd_dtb *r, struct wd_dtb *s,
}
ret = ECDSA_SIG_set0(e_sig, br, bs);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to ECDSA_SIG_set0\n");
ret = -EINVAL;
goto free_s;
@@ -686,7 +686,7 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
}
ret = uadk_ecc_crypto(smctx->sess, &req, smctx);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
ret = UADK_DO_SOFT;
goto uninit_iot;
@@ -907,7 +907,7 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx,
}
ret = uadk_ecc_crypto(smctx->sess, &req, smctx);
- if (ret != 1) {
+ if (!ret) {
ret = UADK_DO_SOFT;
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
goto uninit_iot;
@@ -1061,7 +1061,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
}
ret = uadk_ecc_crypto(smctx->sess, &req, smctx);
- if (ret != 1) {
+ if (!ret) {
ret = UADK_DO_SOFT;
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
goto uninit_iot;
--
2.24.4

140
0012-engine-fix-uadk-engine-compatibility-issue.patch
View File

@ -1,140 +0,0 @@
From c212eedcab9135acc0433a125c8fab151674e8c5 Mon Sep 17 00:00:00 2001
From: Wenkai Lin <linwenkai6@hisilicon.com>
Date: Tue, 23 Nov 2021 09:14:31 +0000
Subject: [PATCH 12/18] engine: fix uadk engine compatibility issue
When uadk use no sva mode, it should use wd_get_available_dev_num,
otherwise, it will not find old kernel's device path with attrs.
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
---
src/e_uadk.c | 70 +++++++++++++++---------------------
src/v1/uadk_v1.h | 1 +
src/v1/wdmngr/wd_alg_queue.c | 4 +++
src/v1/wdmngr/wd_alg_queue.h | 2 ++
4 files changed, 36 insertions(+), 41 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 18c2e4e..4e87c86 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -239,54 +239,42 @@ static void engine_init_child_at_fork_handler(void)
#ifdef KAE
static void bind_fn_kae_alg(ENGINE *e)
{
- struct uacce_dev *dev;
+ int dev_num;
- dev = wd_get_accel_dev("cipher");
- if (dev) {
- if (!(dev->flags & UACCE_DEV_SVA)) {
- cipher_module_init();
- if (!ENGINE_set_ciphers(e, sec_engine_ciphers))
- fprintf(stderr, "uadk bind cipher failed\n");
- else
- uadk_cipher_nosva = 1;
- }
- free(dev);
+ dev_num = wd_get_nosva_dev_num("cipher");
+ if (dev_num > 0) {
+ cipher_module_init();
+ if (!ENGINE_set_ciphers(e, sec_engine_ciphers))
+ fprintf(stderr, "uadk bind cipher failed\n");
+ else
+ uadk_cipher_nosva = 1;
}
- dev = wd_get_accel_dev("digest");
- if (dev) {
- if (!(dev->flags & UACCE_DEV_SVA)) {
- digest_module_init();
- if (!ENGINE_set_digests(e, sec_engine_digests))
- fprintf(stderr, "uadk bind digest failed\n");
- else
- uadk_digest_nosva = 1;
- }
- free(dev);
+ dev_num = wd_get_nosva_dev_num("digest");
+ if (dev_num > 0) {
+ digest_module_init();
+ if (!ENGINE_set_digests(e, sec_engine_digests))
+ fprintf(stderr, "uadk bind digest failed\n");
+ else
+ uadk_digest_nosva = 1;
}
- dev = wd_get_accel_dev("rsa");
- if (dev) {
- if (!(dev->flags & UACCE_DEV_SVA)) {
- hpre_module_init();
- if (!ENGINE_set_RSA(e, hpre_get_rsa_methods()))
- fprintf(stderr, "uadk bind rsa failed\n");
- else
- uadk_rsa_nosva = 1;
- }
- free(dev);
+ dev_num = wd_get_nosva_dev_num("rsa");
+ if (dev_num > 0) {
+ hpre_module_init();
+ if (!ENGINE_set_RSA(e, hpre_get_rsa_methods()))
+ fprintf(stderr, "uadk bind rsa failed\n");
+ else
+ uadk_rsa_nosva = 1;
}
- dev = wd_get_accel_dev("dh");
- if (dev) {
- if (!(dev->flags & UACCE_DEV_SVA)) {
- hpre_module_dh_init();
- if (!ENGINE_set_DH(e, hpre_get_dh_methods()))
- fprintf(stderr, "uadk bind dh failed\n");
- else
- uadk_dh_nosva = 1;
- }
- free(dev);
+ dev_num = wd_get_nosva_dev_num("dh");
+ if (dev_num > 0) {
+ hpre_module_dh_init();
+ if (!ENGINE_set_DH(e, hpre_get_dh_methods()))
+ fprintf(stderr, "uadk bind dh failed\n");
+ else
+ uadk_dh_nosva = 1;
}
}
#endif
diff --git a/src/v1/uadk_v1.h b/src/v1/uadk_v1.h
index f5081e3..d921706 100644
--- a/src/v1/uadk_v1.h
+++ b/src/v1/uadk_v1.h
@@ -35,4 +35,5 @@ extern void hpre_dh_destroy(void);
extern int hpre_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
const int **pnids, int nid);
+extern int wd_get_nosva_dev_num(const char *algorithm);
#endif
diff --git a/src/v1/wdmngr/wd_alg_queue.c b/src/v1/wdmngr/wd_alg_queue.c
index 79c9a6d..5cd33ae 100644
--- a/src/v1/wdmngr/wd_alg_queue.c
+++ b/src/v1/wdmngr/wd_alg_queue.c
@@ -74,3 +74,7 @@ void wd_free_queue(struct wd_queue *queue)
}
}
+int wd_get_nosva_dev_num(const char *algorithm)
+{
+ return wd_get_available_dev_num(algorithm);
+}
diff --git a/src/v1/wdmngr/wd_alg_queue.h b/src/v1/wdmngr/wd_alg_queue.h
index 4fd3a9d..955eed5 100644
--- a/src/v1/wdmngr/wd_alg_queue.h
+++ b/src/v1/wdmngr/wd_alg_queue.h
@@ -25,4 +25,6 @@
struct wd_queue *wd_new_queue(int algtype);
void wd_free_queue(struct wd_queue *queue);
+
+int wd_get_nosva_dev_num(const char *algorithm);
#endif
--
2.24.4

31
0013-digest-modify-the-process-of-free-session.patch
View File

@ -1,31 +0,0 @@
From ca59dfa548656d82d6d50a6dad6bfc88b2825473 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 6 Jan 2022 14:49:27 +0800
Subject: [PATCH 13/18] digest: modify the process of free session
Currently, release the session in the cleanup instead of final. so not
should free session in the final. Here is fix it.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 41de449..cbfb539 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -688,10 +688,6 @@ sync_err:
ret = uadk_e_digest_soft_work(priv, priv->tail, digest);
clear:
async_clear_async_event_notification();
- if (priv->sess) {
- wd_digest_free_sess(priv->sess);
- priv->sess = 0;
- }
return ret;
}
--
2.24.4

153
0014-digest-modify-the-process-of-soft-and-hardware-hando.patch
View File

@ -1,153 +0,0 @@
From 7efc5b169d74b84af8108bc736d80eedbe3a8004 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 6 Jan 2022 14:48:13 +0800
Subject: [PATCH 14/18] digest: modify the process of soft and hardware handoff
Due to has added the stream mode for digest. So need to modify the
process of software and hardware handoff.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 60 +++++++++++++++++++++++++++++++++++++----------
1 file changed, 48 insertions(+), 12 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index cbfb539..bf738af 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -44,6 +44,14 @@
#define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024)
#define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
#define MAX_DIGEST_LENGTH 64
+#define DIGEST_BLOCK_SIZE (512 * 1024)
+
+enum sec_digestz_state {
+ SEC_DIGEST_INIT,
+ SEC_DIGEST_FIRST_UPDATING,
+ SEC_DIGEST_DOING,
+ SEC_DIGEST_FINAL
+};
struct digest_threshold_table {
int nid;
@@ -72,21 +80,19 @@ struct evp_md_ctx_st {
int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
};
-#define DIGEST_BLOCK_SIZE 4096
-
struct digest_priv_ctx {
handle_t sess;
struct wd_digest_sess_setup setup;
struct wd_digest_req req;
unsigned char *data;
unsigned char out[MAX_DIGEST_LENGTH];
- size_t tail;
+ EVP_MD_CTX *soft_ctx;
size_t last_update_bufflen;
- bool copy;
uint32_t e_nid;
- EVP_MD_CTX *soft_ctx;
- size_t switch_threshold;
+ uint32_t state;
+ uint32_t switch_threshold;
int switch_flag;
+ bool copy;
};
static int digest_nids[] = {
@@ -150,7 +156,7 @@ static const EVP_MD *uadk_e_digests_soft_md(uint32_t e_nid)
return digest_md;
}
-static int sec_digest_get_sw_threshold(int n_id)
+static uint32_t sec_digest_get_sw_threshold(int n_id)
{
int threshold_table_size = ARRAY_SIZE(digest_pkt_threshold_table);
int i = 0;
@@ -464,6 +470,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
priv->soft_ctx = EVP_MD_CTX_new();
priv->e_nid = nid;
+ priv->state = SEC_DIGEST_INIT;
ret = uadk_e_init_digest();
if (!ret) {
priv->switch_flag = UADK_DO_SOFT;
@@ -504,7 +511,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
return 0;
priv->data = malloc(DIGEST_BLOCK_SIZE);
- if (priv->data == NULL) {
+ if (!priv->data) {
wd_digest_free_sess(priv->sess);
return 0;
}
@@ -540,9 +547,16 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
left_len -= copy_to_bufflen;
tmpdata += copy_to_bufflen;
+ if (priv->state == SEC_DIGEST_INIT)
+ priv->state = SEC_DIGEST_FIRST_UPDATING;
+ else if (priv->state == SEC_DIGEST_FIRST_UPDATING)
+ priv->state = SEC_DIGEST_DOING;
+
ret = wd_do_digest_sync(priv->sess, &priv->req);
- if (ret)
- return 0;
+ if (ret) {
+ fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n");
+ goto do_soft_digest;
+ }
priv->last_update_bufflen = 0;
memset(priv->data, 0, DIGEST_BLOCK_SIZE);
@@ -551,10 +565,26 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
memcpy(priv->data, tmpdata, priv->last_update_bufflen);
break;
}
+ }
+
+ return 1;
+do_soft_digest:
+ if (priv->state == SEC_DIGEST_FIRST_UPDATING
+ && priv->data
+ && priv->last_update_bufflen != 0) {
+ priv->switch_flag = UADK_DO_SOFT;
+ digest_soft_init(priv->soft_ctx, priv->e_nid);
+ ret = digest_soft_update(priv->soft_ctx, priv->e_nid,
+ priv->data, priv->last_update_bufflen);
+ if (ret != 1)
+ return ret;
+ return digest_soft_update(priv->soft_ctx, priv->e_nid,
+ tmpdata, left_len);
}
- return 1;
+ fprintf(stderr, "do soft digest failed during updating!\n");
+ return 0;
}
static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_len)
@@ -681,11 +711,17 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
goto clear;
}
memcpy(digest, priv->req.out, priv->req.out_bytes);
+ priv->last_update_bufflen = 0;
return 1;
sync_err:
- ret = uadk_e_digest_soft_work(priv, priv->tail, digest);
+ if (priv->state == SEC_DIGEST_INIT) {
+ ret = uadk_e_digest_soft_work(priv, priv->req.in_bytes, digest);
+ } else {
+ ret = 0;
+ fprintf(stderr, "do sec digest stream mode failed.\n");
+ }
clear:
async_clear_async_event_notification();
return ret;
--
2.24.4

114
0015-ecc-bugfix-about-sm2-decryption.patch
View File

@ -1,114 +0,0 @@
From 32c58bf68e7f33d0170b3cc9040a11395a68df72 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 8 Jan 2022 07:24:22 +0000
Subject: [PATCH 15/18] ecc: bugfix about sm2 decryption
When doing sm2_decrypt_check(), if the out param is NULL,
it is supposed to use sm2_plaintext_size() function to
get the output plain text length, rather than use
sm2_ciphertext_size().
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_sm2.c | 29 ++++++++++++++++++++++-------
1 file changed, 22 insertions(+), 7 deletions(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index f602e48..b39c418 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -524,7 +524,7 @@ static int cipher_ber_to_bin(unsigned char *ber, size_t ber_len,
len = BN_num_bytes(ctext_struct->C1x);
len1 = BN_num_bytes(ctext_struct->C1y);
c1->x.data = malloc(len + len1 + ctext_struct->C2->length +
- ctext_struct->C3->length);
+ ctext_struct->C3->length);
if (!c1->x.data) {
ret = -ENOMEM;
goto free_ctext;
@@ -547,7 +547,6 @@ free_ctext:
static size_t ec_field_size(const EC_GROUP *group)
{
- /* Is there some simpler way to do this? */
BIGNUM *p = BN_new();
BIGNUM *a = BN_new();
BIGNUM *b = BN_new();
@@ -559,7 +558,7 @@ static size_t ec_field_size(const EC_GROUP *group)
if (!EC_GROUP_get_curve(group, p, a, b, NULL))
goto done;
- /* Pad and convert bits to bytes*/
+ /* Pad and convert bits to bytes */
field_size = (BN_num_bits(p) + 7) / 8;
done:
@@ -570,6 +569,22 @@ done:
return field_size;
}
+static int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size)
+{
+ struct sm2_ciphertext *sm2_ctext;
+
+ sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size);
+ if (!sm2_ctext) {
+ fprintf(stderr, "invalid sm2 encoding\n");
+ return 0;
+ }
+
+ *pt_size = sm2_ctext->C2->length;
+ SM2_Ciphertext_free(sm2_ctext);
+
+ return 1;
+}
+
static int sm2_ciphertext_size(const EC_KEY *key,
const EVP_MD *digest, size_t msg_len,
size_t *ct_size)
@@ -589,6 +604,7 @@ static int sm2_ciphertext_size(const EC_KEY *key,
+ ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING)
+ ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING);
*ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE);
+
return 1;
}
@@ -792,7 +808,7 @@ static int sm2_verify(EVP_PKEY_CTX *ctx,
}
ret = uadk_ecc_crypto(smctx->sess, &req, smctx);
- if (ret != 1) {
+ if (!ret) {
ret = UADK_DO_SOFT;
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
goto uninit_iot;
@@ -941,8 +957,6 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx,
const unsigned char *in, size_t inlen)
{
struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx);
- EVP_PKEY *p_key = EVP_PKEY_CTX_get0_pkey(ctx);
- EC_KEY *ec = EVP_PKEY_get0(p_key);
const EVP_MD *md;
int hash_size;
@@ -959,7 +973,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx,
}
if (!out) {
- if (!sm2_ciphertext_size(ec, md, inlen, outlen))
+ if (!sm2_plaintext_size(in, inlen, outlen))
return -1;
else
return 1;
@@ -1039,6 +1053,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
}
md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
+
ret = cipher_ber_to_bin((void *)in, inlen, &c1, &c2, &c3);
if (ret)
goto do_soft;
--
2.24.4

103
0016-dh-bugfix-about-dh-compute-key.patch
View File

@ -1,103 +0,0 @@
From ff486764bbab601177acad102febb1497262a88c Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 8 Jan 2022 08:42:55 +0000
Subject: [PATCH 16/18] dh: bugfix about dh compute key
This patch includes:
1. Add an UADK_DO_SOFT tag when dh_do_crypto() failed.
2. Do some tiny cleanup.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_dh.c | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 9c2bfbf..989c9ec 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -741,13 +741,12 @@ static int dh_soft_set_pkey(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
return UADK_E_SUCCESS;
}
-/* Main Phase1: Generate public key */
static int uadk_e_dh_generate_key(DH *dh)
{
struct uadk_dh_sess *dh_sess = NULL;
- int bits = DH_bits(dh);
- BIGNUM *pub_key = NULL;
BIGNUM *priv_key = NULL;
+ BIGNUM *pub_key = NULL;
+ int bits = DH_bits(dh);
const BIGNUM *p = NULL;
const BIGNUM *g = NULL;
const BIGNUM *q = NULL;
@@ -771,7 +770,6 @@ static int uadk_e_dh_generate_key(DH *dh)
goto exe_soft;
}
- /* Fill request data */
ret = dh_fill_genkey_req(g, p, priv_key, dh_sess);
if (!ret) {
fprintf(stderr, "failed to fill req\n");
@@ -786,7 +784,6 @@ static int uadk_e_dh_generate_key(DH *dh)
goto free_sess;
}
- /* Get the generated public key from uadk(->hardware) */
ret = dh_get_pubkey(dh_sess, &pub_key);
if (!ret) {
fprintf(stderr, "failed to get public key\n");
@@ -794,7 +791,6 @@ static int uadk_e_dh_generate_key(DH *dh)
goto free_sess;
}
- /* Set the public key and private key */
ret = dh_soft_set_pkey(dh, pub_key, priv_key);
free_sess:
@@ -806,16 +802,15 @@ exe_soft:
return uadk_e_dh_soft_generate_key(dh);
}
-/* Main Phase2: Compute shared key */
static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
DH *dh)
{
struct uadk_dh_sess *dh_sess = NULL;
+ BIGNUM *priv_key = NULL;
int bits = DH_bits(dh);
const BIGNUM *p = NULL;
const BIGNUM *g = NULL;
const BIGNUM *q = NULL;
- BIGNUM *priv_key = NULL;
int ret;
if (!dh || !key || !pub_key || !DH_get0_priv_key(dh))
@@ -845,6 +840,7 @@ static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
ret = dh_do_crypto(dh_sess);
if (!ret) {
fprintf(stderr, "failed to generate DH shared key\n");
+ ret = UADK_DO_SOFT;
goto free_sess;
}
@@ -894,7 +890,6 @@ static void uadk_e_delete_dh_meth(void)
uadk_dh_method = NULL;
}
-
int uadk_e_bind_dh(ENGINE *e)
{
pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE);
@@ -905,7 +900,6 @@ int uadk_e_bind_dh(ENGINE *e)
void uadk_e_destroy_dh(void)
{
pthread_spin_destroy(&g_dh_res.lock);
-
uadk_e_delete_dh_meth();
uadk_e_wd_dh_uninit();
}
--
2.24.4

28
0017-ecc-bugfix-about-ecc-general-init.patch
View File

@ -1,28 +0,0 @@
From 3ff18ada641a8ad6c54a6054b4b8323b0b4389a2 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 8 Jan 2022 09:03:00 +0000
Subject: [PATCH 17/18] ecc: bugfix about ecc general init
When calloc failed, it should return with error code directly.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_pkey.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 7ca998b..14e0b8f 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -189,7 +189,7 @@ static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
ctx_cfg = calloc(1, sizeof(struct wd_ctx_config));
if (!ctx_cfg)
- ret = -ENOMEM;
+ return -ENOMEM;
ecc_res.ctx_res = ctx_cfg;
ctx_cfg->ctx_num = CTX_NUM;
--
2.24.4

113
0018-digest-fix-codecheck-warning.patch
View File

@ -1,113 +0,0 @@
From e26726746340428c58ea1ce2460c0fb669bb7545 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Fri, 7 Jan 2022 09:56:54 +0800
Subject: [PATCH 18/18] digest: fix codecheck warning
fix a more than 50 lines function uadk_e_digest_init.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 57 ++++++++++++++++++++++++++---------------------
1 file changed, 31 insertions(+), 26 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index bf738af..5b843a0 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -95,6 +95,13 @@ struct digest_priv_ctx {
bool copy;
};
+struct digest_info {
+ int nid;
+ enum wd_digest_mode mode;
+ enum wd_digest_type alg;
+ __u32 out_len;
+};
+
static int digest_nids[] = {
NID_md5,
NID_sm3,
@@ -116,6 +123,16 @@ static struct digest_threshold_table digest_pkt_threshold_table[] = {
{ NID_sha512, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
};
+static struct digest_info digest_info_table[] = {
+ {NID_md5, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16},
+ {NID_sm3, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32},
+ {NID_sha1, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20},
+ {NID_sha224, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28},
+ {NID_sha256, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32},
+ {NID_sha384, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48},
+ {NID_sha512, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64},
+};
+
static EVP_MD *uadk_md5;
static EVP_MD *uadk_sm3;
static EVP_MD *uadk_sha1;
@@ -451,8 +468,8 @@ static void digest_priv_ctx_setup(struct digest_priv_ctx *priv,
enum wd_digest_type alg, enum wd_digest_mode mode,
__u32 out_len)
{
- priv->setup.mode = alg;
- priv->setup.alg = mode;
+ priv->setup.alg = alg;
+ priv->setup.mode = mode;
priv->req.out_buf_bytes = out_len;
priv->req.out_bytes = out_len;
}
@@ -461,9 +478,10 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
{
struct digest_priv_ctx *priv =
(struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx);
+ int digest_counts = ARRAY_SIZE(digest_info_table);
int nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
struct sched_params params = {0};
- int ret;
+ int ret, i;
/* Allocate a soft ctx for hardware engine */
if (priv->soft_ctx == NULL)
@@ -478,29 +496,16 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
goto soft_init;
}
- switch (nid) {
- case NID_md5:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16);
- break;
- case NID_sm3:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32);
- break;
- case NID_sha1:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20);
- break;
- case NID_sha224:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28);
- break;
- case NID_sha256:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32);
- break;
- case NID_sha384:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48);
- break;
- case NID_sha512:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64);
- break;
- default:
+ for (i = 0; i < digest_counts; i++) {
+ if (nid == digest_info_table[i].nid) {
+ digest_priv_ctx_setup(priv, digest_info_table[i].alg,
+ digest_info_table[i].mode, digest_info_table[i].out_len);
+ break;
+ }
+ }
+
+ if (i == digest_counts) {
+ fprintf(stderr, "failed to setup the private ctx.\n");
return 0;
}
--
2.24.4

27
0019-cipher-fixup-a-code-check-warning.patch
View File

@ -1,27 +0,0 @@
From e82ec8d48be21d107635e5f1a4874fb8999a27c4 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Wed, 19 Jan 2022 09:41:25 +0800
Subject: [PATCH 19/22] cipher: fixup a code check warning
Do not put two or more continuous blank lines inside function.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 2b8bb9c..3d376bf 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -890,7 +890,6 @@ static int uadk_e_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
struct async_op op;
int ret;
-
priv->req.src = (unsigned char *)in;
priv->req.in_bytes = inlen;
priv->req.dst = out;
--
2.24.4

27
0020-rsa-fixup-a-code-check-warning.patch
View File

@ -1,27 +0,0 @@
From d45c783eb7a7e1e38d5520239c218e7c927b1c00 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Fri, 21 Jan 2022 17:01:15 +0800
Subject: [PATCH 20/22] rsa: fixup a code check warning
Do not add blank lines on the start of a code block defined by braces.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_rsa.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 2526af9..8cad2f7 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1781,7 +1781,6 @@ exe_soft:
static RSA_METHOD *uadk_e_get_rsa_sw_methods(void)
{
-
/* meth: default rsa software method */
const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
--
2.24.4

32
0021-cipher-delete-a-redundant-branch.patch
View File

@ -1,32 +0,0 @@
From 7a757c76d11b80282abc22e614f7126909027ecc Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 25 Jan 2022 14:21:48 +0800
Subject: [PATCH 21/22] cipher: delete a redundant branch
Find a redundant branch by DT-FUZZ, these codes have the same
logic as the following default code.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 3d376bf..6e09a8c 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -373,11 +373,6 @@ static int uadk_e_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
break;
}
- if (i == size) {
- *cipher = NULL;
- return 0;
- }
-
switch (nid) {
case NID_aes_128_cbc:
*cipher = uadk_aes_128_cbc;
--
2.24.4

65
0022-engine-fix-engine-can-t-work-under-hybrid-mode.patch
View File

@ -1,65 +0,0 @@
From 02dbe7743190f334609a86b61bc46ea6e91e82b4 Mon Sep 17 00:00:00 2001
From: Wenkai Lin <linwenkai6@hisilicon.com>
Date: Wed, 16 Feb 2022 16:11:06 +0800
Subject: [PATCH 22/22] engine: fix engine can't work under hybrid mode
If hpre works in no-sva mode, and sec works in sva mode,
it will init hpre device first and return straightly, this
casuse sec not initialized correctly. So uadk engine should
init for both sva and no-sva device.
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
---
src/e_uadk.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 4e87c86..2714d5b 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -319,10 +319,15 @@ static void bind_fn_uadk_alg(ENGINE *e)
free(dev);
}
- if (!uadk_e_bind_ecc(e))
- fprintf(stderr, "uadk bind ecc failed\n");
- else
- uadk_ecc = 1;
+ /* find an ecc device, no difference for sm2/ecdsa/ecdh/x25519/x448 */
+ dev = wd_get_accel_dev("ecdsa");
+ if (dev) {
+ if (!uadk_e_bind_ecc(e))
+ fprintf(stderr, "uadk bind ecc failed\n");
+ else
+ uadk_ecc = 1;
+ free(dev);
+ }
}
/*
@@ -349,17 +354,15 @@ static int bind_fn(ENGINE *e, const char *id)
uadk_dh_nosva) {
async_module_init_v1();
pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler_v1);
- goto set_ctrl_cmd;
}
#endif
- async_module_init();
- pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler);
-
bind_fn_uadk_alg(e);
-#ifdef KAE
-set_ctrl_cmd:
-#endif
+ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) {
+ async_module_init();
+ pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler);
+ }
+
ret = ENGINE_set_ctrl_function(e, uadk_engine_ctrl);
if (ret != 1) {
fprintf(stderr, "failed to set ctrl function\n");
--
2.24.4

62
0023-engine-add-the-kae-log-feature.patch
View File

@ -1,62 +0,0 @@
From 351422390bf42e19a802d0e282f7f85342a1f792 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 22 Feb 2022 11:18:46 +0800
Subject: [PATCH 23/23] engine: add the kae log feature
The original version of the kae engine supports the log system. So
need to be enabled the kae log feature at uadk_engine.
example:
insmod hisi_sec2.ko uacce_mode=2
export KAE_CONF_ENV=/var/log/
cd /var/log/
touch kae.cnf
write:
[LogSection]
debug_level=error
the debug_level can be set to none/error/iofo/warning/debug,
the result is stored in /var/log/kae.log
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/e_uadk.c | 2 ++
src/v1/uadk_v1.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 2714d5b..79ecef8 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -205,6 +205,7 @@ static int uadk_destroy(ENGINE *e)
hpre_destroy();
if (uadk_dh_nosva)
hpre_dh_destroy();
+ kae_debug_close_log();
#endif
if (uadk_cipher)
@@ -348,6 +349,7 @@ static int bind_fn(ENGINE *e, const char *id)
}
#ifdef KAE
+ kae_debug_init_log();
bind_fn_kae_alg(e);
if (uadk_cipher_nosva || uadk_digest_nosva || uadk_rsa_nosva ||
diff --git a/src/v1/uadk_v1.h b/src/v1/uadk_v1.h
index d921706..9ca0a94 100644
--- a/src/v1/uadk_v1.h
+++ b/src/v1/uadk_v1.h
@@ -16,6 +16,7 @@
#define UADK_V1_H
#include "async/async_poll.h"
#include "utils/engine_fork.h"
+#include "utils/engine_log.h"
extern void sec_ciphers_free_ciphers(void);
extern int cipher_module_init(void);
--
2.24.4

32
0024-rsa-fix-interface-name.patch
View File

@ -1,32 +0,0 @@
From 63c9bc75f229057657ff8b09c556bf416a493607 Mon Sep 17 00:00:00 2001
From: Junchong Pan <panjunchong@hisilicon.com>
Date: Wed, 2 Mar 2022 08:30:50 +0000
Subject: [PATCH 24/31] rsa: fix interface name
The name of the function wd_rsa_key_bits()
has been changed to wd_rsa_get_key_bits()
in uadk driver, so it needs to be modified
in engine synchronously.
Signed-off-by: Junchong Pan <panjunchong@hisilicon.com>
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 8cad2f7..90cc535 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -986,7 +986,7 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
struct wd_dtb wd_dq;
struct wd_dtb wd_dp;
- key_bits = wd_rsa_key_bits(ctx);
+ key_bits = wd_rsa_get_key_bits(ctx);
key_size = key_bits >> BIT_BYTES_SHIFT;
wd_rsa_get_kg_out_params(out, &wd_d, &wd_n);
wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp);
--
2.24.4

28
0025-ecc-cleanup-sm2-unreachable-code.patch
View File

@ -1,28 +0,0 @@
From dcceb7e8f77306dda7dea31798ea8ab952fbe8ea Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Thu, 3 Mar 2022 02:00:46 +0000
Subject: [PATCH 25/31] ecc: cleanup sm2 unreachable code
The variable "b_s" should be judged, rather than "b_r".
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_sm2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index b39c418..8c75611 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -422,7 +422,7 @@ static int sig_ber_to_bin(EC_KEY *ec, unsigned char *sig, size_t sig_len,
}
b_s = (void *)ECDSA_SIG_get0_s((const ECDSA_SIG *)e_sig);
- if (!b_r) {
+ if (!b_s) {
fprintf(stderr, "failed to get s\n");
ret = -EINVAL;
goto free_der;
--
2.24.4

68
0026-rsa-cleanup-of-code-style.patch
View File

@ -1,68 +0,0 @@
From 4bcecc067ed99f2323f1568779c34b858b5863a1 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Thu, 3 Mar 2022 02:32:44 +0000
Subject: [PATCH 26/31] rsa: cleanup of code style
Fix the following problems:
1. Macro replacement list should be enclosed in parentheses.
2. Return value judgment should follow the function call.
3. Remove redundant judgment.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 90cc535..f7755e3 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -49,7 +49,7 @@
#define UADK_DO_SOFT (-0xE0)
#define UADK_E_POLL_SUCCESS 0
#define UADK_E_INIT_SUCCESS 0
-#define CHECK_PADDING_FAIL -1
+#define CHECK_PADDING_FAIL (-1)
#define ENV_ENABLED 1
static RSA_METHOD *rsa_hw_meth;
@@ -312,7 +312,6 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
return UADK_E_SUCCESS;
err = ERR_peek_last_error();
-
if (ERR_GET_LIB(err) == ERR_LIB_BN &&
ERR_GET_REASON(err) == BN_R_NO_INVERSE)
ERR_pop_to_mark();
@@ -500,18 +499,13 @@ static int add_rsa_pubenc_padding(int flen, const unsigned char *from,
fprintf(stderr, "RSA_PKCS1_PADDING err\n");
break;
case RSA_PKCS1_OAEP_PADDING:
- ret = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen,
- NULL, 0);
+ ret = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
if (!ret)
fprintf(stderr, "RSA_PKCS1_OAEP_PADDING err\n");
break;
default:
ret = UADK_E_FAIL;
}
- if (ret <= 0)
- ret = UADK_E_FAIL;
- else
- ret = UADK_E_SUCCESS;
return ret;
}
@@ -530,7 +524,7 @@ static int check_rsa_pridec_padding(unsigned char *to, int num,
break;
case RSA_PKCS1_OAEP_PADDING:
ret = RSA_padding_check_PKCS1_OAEP(to, num, buf, len, num,
- NULL, 0);
+ NULL, 0);
if (!ret)
fprintf(stderr, "RSA_PKCS1_OAEP_PADDING err\n");
break;
--
2.24.4

62
0027-v1-fixup-about-uninitialized-variable.patch
View File

@ -1,62 +0,0 @@
From fe44bced638c7d3d3084f4e788478b2faa35ffa4 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Thu, 3 Mar 2022 02:53:01 +0000
Subject: [PATCH 27/31] v1: fixup about uninitialized variable
Fix the compile warning of uninitialized variable.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/v1/alg/pkey/hpre_rsa.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/v1/alg/pkey/hpre_rsa.c b/src/v1/alg/pkey/hpre_rsa.c
index 93ba99a..6c1d96d 100644
--- a/src/v1/alg/pkey/hpre_rsa.c
+++ b/src/v1/alg/pkey/hpre_rsa.c
@@ -316,7 +316,9 @@ static int hpre_rsa_public_encrypt(int flen, const unsigned char *from,
BIGNUM *ret_bn = NULL;
hpre_engine_ctx_t *eng_ctx = NULL;
unsigned char *in_buf = NULL;
- int key_bits, num_bytes;
+ BN_CTX *bn_ctx = NULL;
+ int num_bytes = 0;
+ int key_bits;
int ret;
if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC)
@@ -340,7 +342,7 @@ static int hpre_rsa_public_encrypt(int flen, const unsigned char *from,
GOTOEND_IF(ret != HPRE_CRYPTO_SUCC, "check public key fail",
KAE_F_HPRE_RSA_PUBENC, KAE_R_PUBLIC_KEY_INVALID);
- BN_CTX *bn_ctx = BN_CTX_new();
+ bn_ctx = BN_CTX_new();
GOTOEND_IF(bn_ctx == NULL, "bn_ctx MALLOC FAILED!",
KAE_F_HPRE_RSA_PUBENC, KAE_R_MALLOC_FAILURE);
@@ -403,7 +405,9 @@ static int hpre_rsa_private_encrypt(int flen, const unsigned char *from,
const BIGNUM *dmq1 = (const BIGNUM *)NULL;
const BIGNUM *iqmp = (const BIGNUM *)NULL;
unsigned char *in_buf = (unsigned char *)NULL;
+ int num_bytes = 0;
int key_bits;
+ int version;
if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC)
return HPRE_CRYPTO_FAIL;
@@ -431,10 +435,10 @@ static int hpre_rsa_private_encrypt(int flen, const unsigned char *from,
bn_ret = BN_CTX_get(bn_ctx);
RSA_get0_factors(rsa, &p, &q);
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
- int version = RSA_get_version(rsa);
+ version = RSA_get_version(rsa);
RSA_get0_key(rsa, &n, &e, &d);
- int num_bytes = BN_num_bytes(n);
+ num_bytes = BN_num_bytes(n);
in_buf = (unsigned char *)OPENSSL_malloc(num_bytes);
GOTOEND_IF(bn_ret == NULL || in_buf == NULL, "OpenSSL malloc failure",
--
2.24.4

42
0028-ecc-fix-checking-conditions.patch
View File

@ -1,42 +0,0 @@
From 8ce0ba841358d85eb89bf726d229dfaf4cd13156 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Thu, 3 Mar 2022 02:59:13 +0000
Subject: [PATCH 28/31] ecc: fix checking conditions
When initializing, the process is guaranteed
not to be initialized repeatedly. And when
uninitializing, the resource is released according
to whether the pid is equal or not.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_pkey.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 14e0b8f..ceb7a8f 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -184,9 +184,6 @@ static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
struct wd_ctx_config *ctx_cfg;
int ret, i;
- if (ecc_res.ctx_res)
- return 0;
-
ctx_cfg = calloc(1, sizeof(struct wd_ctx_config));
if (!ctx_cfg)
return -ENOMEM;
@@ -256,7 +253,7 @@ static void uadk_wd_ecc_uninit(void)
struct wd_ctx_config *ctx_cfg = ecc_res.ctx_res;
int i, ret;
- if (!ctx_cfg)
+ if (ecc_res.pid != getpid())
return;
ret = uadk_e_is_env_enabled("ecc");
--
2.24.4

55
0029-ecc-cleanup-print-log.patch
View File

@ -1,55 +0,0 @@
From a19b11343facb6ff073cb01bf3583c8bf6cbb009 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Thu, 3 Mar 2022 03:08:45 +0000
Subject: [PATCH 29/31] ecc: cleanup print log
print with '\n'
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_pkey.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index ceb7a8f..216ccc3 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -572,7 +572,7 @@ static int get_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
case EVP_PKEY_SM2:
ret = uadk_sm2_create_pmeth(&pkey_meth);
if (!ret) {
- fprintf(stderr, "failed to register sm2 pmeth");
+ fprintf(stderr, "failed to register sm2 pmeth.\n");
return 0;
}
*pmeth = pkey_meth.sm2;
@@ -580,7 +580,7 @@ static int get_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
case EVP_PKEY_EC:
ret = uadk_ec_create_pmeth(&pkey_meth);
if (!ret) {
- fprintf(stderr, "failed to register ec pmeth");
+ fprintf(stderr, "failed to register ec pmeth.\n");
return 0;
}
*pmeth = pkey_meth.ec;
@@ -588,7 +588,7 @@ static int get_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
case EVP_PKEY_X448:
ret = uadk_x448_create_pmeth(&pkey_meth);
if (!ret) {
- fprintf(stderr, "failed to register x448 pmeth");
+ fprintf(stderr, "failed to register x448 pmeth.\n");
return 0;
}
*pmeth = pkey_meth.x448;
@@ -596,7 +596,7 @@ static int get_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
case EVP_PKEY_X25519:
ret = uadk_x25519_create_pmeth(&pkey_meth);
if (!ret) {
- fprintf(stderr, "failed to register x25519 pmeth");
+ fprintf(stderr, "failed to register x25519 pmeth.\n");
return 0;
}
*pmeth = pkey_meth.x25519;
--
2.24.4

218
0030-engine-fix-function-return-type.patch
View File

@ -1,218 +0,0 @@
From 26360660c516fe54b48502a3ca9eb1bbf47146d5 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Thu, 3 Mar 2022 03:11:24 +0000
Subject: [PATCH 30/31] engine: fix function return type
The async_register_poll_fn() is an internal
function, and the probability of parameter
error is low. If the parameter is wrong,
a log will be printed, there is no need to
return an error code. And 'MAX_ALG_SIZE' is
chenged to 'ASYNC_TASK_MAX'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_async.c | 13 ++++++-------
src/uadk_async.h | 5 +++--
src/uadk_cipher.c | 9 ++++++---
src/uadk_dh.c | 8 ++++++--
src/uadk_digest.c | 9 ++++++---
src/uadk_pkey.c | 8 ++++++--
src/uadk_rsa.c | 8 ++++++--
7 files changed, 39 insertions(+), 21 deletions(-)
diff --git a/src/uadk_async.c b/src/uadk_async.c
index 5320ae6..c98153b 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -22,11 +22,9 @@
#include "uadk.h"
#include "uadk_async.h"
-#define MAX_ALG_SIZE 6
-
static struct async_poll_queue poll_queue;
-static async_recv_t async_recv_func[MAX_ALG_SIZE];
+static async_recv_t async_recv_func[ASYNC_TASK_MAX];
static void async_fd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
OSSL_ASYNC_FD readfd, void *custom)
@@ -292,13 +290,14 @@ int async_wake_job(ASYNC_JOB *job)
return ret;
}
-int async_register_poll_fn(int type, async_recv_t func)
+void async_register_poll_fn(int type, async_recv_t func)
{
- if (type < 0 || type >= MAX_ALG_SIZE)
- return -1;
+ if (type < 0 || type >= ASYNC_TASK_MAX) {
+ fprintf(stderr, "alg type is error, type= %d.\n", type);
+ return;
+ }
async_recv_func[type] = func;
- return 0;
}
static void *async_poll_process_func(void *args)
diff --git a/src/uadk_async.h b/src/uadk_async.h
index cbb4b62..9836dbb 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -42,7 +42,8 @@ enum task_type {
ASYNC_TASK_DIGEST,
ASYNC_TASK_RSA,
ASYNC_TASK_DH,
- ASYNC_TASK_ECC
+ ASYNC_TASK_ECC,
+ ASYNC_TASK_MAX
};
struct async_poll_task {
@@ -66,7 +67,7 @@ struct async_poll_queue {
extern int async_setup_async_event_notification(struct async_op *op);
extern int async_clear_async_event_notification(void);
extern int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
-extern int async_register_poll_fn(int type, async_recv_t func);
+extern void async_register_poll_fn(int type, async_recv_t func);
extern void async_module_init(void);
extern int async_wake_job(ASYNC_JOB *job);
extern void async_free_poll_task(int id, bool is_cb);
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 6e09a8c..8f8af7e 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -550,8 +550,9 @@ static int uadk_e_wd_cipher_env_init(struct uacce_dev *dev)
if (ret)
return ret;
- return async_register_poll_fn(ASYNC_TASK_CIPHER,
- uadk_e_cipher_env_poll);
+ async_register_poll_fn(ASYNC_TASK_CIPHER, uadk_e_cipher_env_poll);
+
+ return 0;
}
static int uadk_e_wd_cipher_init(struct uacce_dev *dev)
@@ -596,7 +597,9 @@ static int uadk_e_wd_cipher_init(struct uacce_dev *dev)
if (ret)
goto err_freectx;
- return async_register_poll_fn(ASYNC_TASK_CIPHER, uadk_e_cipher_poll);
+ async_register_poll_fn(ASYNC_TASK_CIPHER, uadk_e_cipher_poll);
+
+ return 0;
err_freectx:
for (j = 0; j < i; j++)
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 989c9ec..40fb583 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -296,7 +296,9 @@ static int uadk_e_wd_dh_env_init(struct uacce_dev *dev)
if (ret)
return ret;
- return async_register_poll_fn(ASYNC_TASK_DH, uadk_e_dh_env_poll);
+ async_register_poll_fn(ASYNC_TASK_DH, uadk_e_dh_env_poll);
+
+ return 0;
}
static int uadk_e_wd_dh_init(struct dh_res_config *config, struct uacce_dev *dev)
@@ -335,7 +337,9 @@ static int uadk_e_wd_dh_init(struct dh_res_config *config, struct uacce_dev *dev
if (ret)
goto free_ctx;
- return async_register_poll_fn(ASYNC_TASK_DH, uadk_e_dh_poll);
+ async_register_poll_fn(ASYNC_TASK_DH, uadk_e_dh_poll);
+
+ return 0;
free_ctx:
for (i = 0; i < CTX_NUM; i++) {
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 5b843a0..ad24168 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -374,8 +374,9 @@ static int uadk_e_wd_digest_env_init(struct uacce_dev *dev)
if (ret)
return ret;
- return async_register_poll_fn(ASYNC_TASK_DIGEST,
- uadk_e_digest_env_poll);
+ async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_env_poll);
+
+ return 0;
}
static int uadk_e_wd_digest_init(struct uacce_dev *dev)
@@ -415,7 +416,9 @@ static int uadk_e_wd_digest_init(struct uacce_dev *dev)
if (ret)
goto err_freectx;
- return async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_poll);
+ async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_poll);
+
+ return 0;
err_freectx:
for (j = 0; j < i; j++)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 216ccc3..f27e2f5 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -175,7 +175,9 @@ static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev)
if (ret)
return ret;
- return async_register_poll_fn(ASYNC_TASK_ECC, uadk_e_ecc_env_poll);
+ async_register_poll_fn(ASYNC_TASK_ECC, uadk_e_ecc_env_poll);
+
+ return 0;
}
static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
@@ -209,7 +211,9 @@ static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
if (ret)
goto free_ctx;
- return async_register_poll_fn(ASYNC_TASK_ECC, uadk_ecc_poll);
+ async_register_poll_fn(ASYNC_TASK_ECC, uadk_ecc_poll);
+
+ return 0;
free_ctx:
for (i = 0; i < CTX_NUM; i++) {
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index f7755e3..c5d4dbb 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -713,7 +713,9 @@ static int uadk_e_wd_rsa_env_init(struct uacce_dev *dev)
if (ret)
return ret;
- return async_register_poll_fn(ASYNC_TASK_RSA, uadk_e_rsa_env_poll);
+ async_register_poll_fn(ASYNC_TASK_RSA, uadk_e_rsa_env_poll);
+
+ return 0;
}
static int uadk_e_wd_rsa_init(struct rsa_res_config *config,
@@ -753,7 +755,9 @@ static int uadk_e_wd_rsa_init(struct rsa_res_config *config,
if (ret)
goto free_ctx;
- return async_register_poll_fn(ASYNC_TASK_RSA, uadk_e_rsa_poll);
+ async_register_poll_fn(ASYNC_TASK_RSA, uadk_e_rsa_poll);
+
+ return 0;
free_ctx:
for (i = 0; i < CTX_NUM; i++) {
--
2.24.4

30
0031-rsa-fixup-about-the-wrong-copy.patch
View File

@ -1,30 +0,0 @@
From 2c99863001cbb39838d983d76171ac131930c310 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Thu, 3 Mar 2022 03:25:03 +0000
Subject: [PATCH 31/31] rsa: fixup about the wrong copy
The pointer of 'req.src' is NULL, and the
direct memcpy operation will fail. Therefore,
delete the memcpy and assign a value directly later.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index c5d4dbb..1488b98 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -902,7 +902,6 @@ static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param,
if (!rsa_sess->is_pubkey_ready) {
wd_rsa_get_pubkey(rsa_sess->sess, &pubkey);
wd_rsa_get_pubkey_params(pubkey, &wd_e, &wd_n);
- memcpy(rsa_sess->req.src, in_buf, rsa_sess->req.src_bytes);
wd_e->dsize = BN_bn2bin(pubkey_param->e,
(unsigned char *)wd_e->data);
wd_n->dsize = BN_bn2bin(pubkey_param->n,
--
2.24.4

164
0032-README-modify-the-engine-id-name.patch
View File

@ -1,164 +0,0 @@
From a476a9881ed143f16eb579f3a34446ea24cb20f8 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Fri, 4 Mar 2022 14:44:07 +0800
Subject: [PATCH 32/32] README: modify the engine id name
The new engine id name is 'uadk_engine'. So need to update
the README.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
README | 98 +++++++++++++++++++++++++++++-----------------------------
1 file changed, 49 insertions(+), 49 deletions(-)
diff --git a/README b/README
index e02de8f..562a859 100644
--- a/README
+++ b/README
@@ -67,60 +67,60 @@ Testing
```
1. Cipher
```
-openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl speed -engine uadk -async_jobs 1 -evp aes-128-cbc
-openssl speed -engine uadk -async_jobs 1 -evp sm4-cbc
-openssl speed -engine uadk -async_jobs 1 -evp des-ede3-cbc
+openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl speed -engine uadk_engine -async_jobs 1 -evp aes-128-cbc
+openssl speed -engine uadk_engine -async_jobs 1 -evp sm4-cbc
+openssl speed -engine uadk_engine -async_jobs 1 -evp des-ede3-cbc
```
2. RSA
```
-openssl genrsa -out prikey.pem -engine uadk 2048
-openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk
-openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk
-openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk
-openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk
-openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk
-openssl speed -elapsed -engine uadk rsa2048
-openssl speed -elapsed -engine uadk -async_jobs 10 rsa2048
+openssl genrsa -out prikey.pem -engine uadk_engine 2048
+openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk_engine
+openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk_engine
+openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk_engine
+openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk_engine
+openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk_engine
+openssl speed -elapsed -engine uadk_engine rsa2048
+openssl speed -elapsed -engine uadk_engine -async_jobs 10 rsa2048
```
3. SM3
```
-openssl sm3 -engine uadk data
+openssl sm3 -engine uadk_engine data
```
4. MD5
```
-openssl speed -engine uadk -async_jobs 1 -evp md5
+openssl speed -engine uadk_engine -async_jobs 1 -evp md5
```
5. SHA
```
-openssl sha1 -engine uadk data
-openssl sha256 -engine uadk data
-openssl sha512 -engine uadk data
+openssl sha1 -engine uadk_engine data
+openssl sha256 -engine uadk_engine data
+openssl sha512 -engine uadk_engine data
```
6. DH
@@ -142,9 +142,9 @@ openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine uadk
[step 4] After exchanging public key, each user can derive the shared secret:
```
openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out
-secret1.bin -engine uadk
+secret1.bin -engine uadk_engine
openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out
-secret2.bin -engine uadk
+secret2.bin -engine uadk_engine
```
[step 5] Check secret1.bin and secret2.bin:
```
@@ -156,15 +156,15 @@ secret1.bin and secret2.bin should be the same.
7. SM2
```
-openssl speed -elapsed -engine uadk sm2
-openssl speed -elapsed -engine uadk -async_jobs 1 sm2
+openssl speed -elapsed -engine uadk_engine sm2
+openssl speed -elapsed -engine uadk_engine -async_jobs 1 sm2
openssl ecparam -genkey -name SM2 -out SM2PrivateKey.pem
openssl ec -in SM2PrivateKey.pem -pubout -out SM2PublicKey.pem
```
8. ECDSA
```
-openssl speed -elapsed -engine uadk ecdsap256
-openssl speed -elapsed -engine uadk -async_jobs 1 ecdsap256
+openssl speed -elapsed -engine uadk_engine ecdsap256
+openssl speed -elapsed -engine uadk_engine -async_jobs 1 ecdsap256
```
Environment variable of uadk engine
@@ -184,7 +184,7 @@ openssl_cnf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
-uadk = uadk_section
+uadk_engine = uadk_section
[uadk_section]
UADK_CMD_ENABLE_RSA_ENV = 1
UADK_CMD_ENABLE_DH_ENV = 1
--
2.24.4

226
0033-digest-improve-the-digest-performance.patch
View File

@ -1,226 +0,0 @@
From 3cbf3c85645d7ec43aa149c1bcf346a556bbf30a Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 8 Mar 2022 15:44:00 +0800
Subject: [PATCH 33/36] digest: improve the digest performance
1. The memset function found to be a hotspot function by perf. so should
remove the memset in io path. it can improve three times
performance.
2. add some branch predictor function to improve a little performance.
3. use the uadk_memory_cpy can improve 5% performance.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/Makefile.am | 4 +--
src/uadk.h | 1 +
src/uadk_digest.c | 17 ++++++-------
src/uadk_utils.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++
src/uadk_utils.h | 24 ++++++++++++++++++
5 files changed, 98 insertions(+), 11 deletions(-)
create mode 100644 src/uadk_utils.c
create mode 100644 src/uadk_utils.h
diff --git a/src/Makefile.am b/src/Makefile.am
index 636f559..75595aa 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -7,8 +7,8 @@ UADK_ENGINE_VERSION = -version-number ${MAJOR}:${MINOR}:${REVISION}
lib_LTLIBRARIES=uadk_engine.la
-uadk_engine_la_SOURCES=e_uadk.c uadk_cipher.c uadk_digest.c uadk_async.c uadk_rsa.c \
- uadk_sm2.c uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c
+uadk_engine_la_SOURCES=uadk_utils.c e_uadk.c uadk_cipher.c uadk_digest.c uadk_async.c \
+ uadk_rsa.c uadk_sm2.c uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c
uadk_engine_la_LIBADD=-ldl -lwd -lwd_crypto -lpthread
uadk_engine_la_LDFLAGS=-module $(UADK_ENGINE_VERSION)
diff --git a/src/uadk.h b/src/uadk.h
index 0f9b0be..384e035 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -19,6 +19,7 @@
#include <openssl/engine.h>
#include <uadk/wd.h>
#include <uadk/wd_sched.h>
+#include "uadk_utils.h"
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
#define ENV_STRING_LEN 256
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index ad24168..355917d 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -493,7 +493,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
priv->state = SEC_DIGEST_INIT;
ret = uadk_e_init_digest();
- if (!ret) {
+ if (unlikely(!ret)) {
priv->switch_flag = UADK_DO_SOFT;
fprintf(stderr, "uadk failed to initialize digest.\n");
goto soft_init;
@@ -507,7 +507,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
}
}
- if (i == digest_counts) {
+ if (unlikely(i == digest_counts)) {
fprintf(stderr, "failed to setup the private ctx.\n");
return 0;
}
@@ -519,11 +519,10 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
return 0;
priv->data = malloc(DIGEST_BLOCK_SIZE);
- if (!priv->data) {
+ if (unlikely(!priv->data)) {
wd_digest_free_sess(priv->sess);
return 0;
}
- memset(priv->data, 0, DIGEST_BLOCK_SIZE);
priv->switch_threshold = sec_digest_get_sw_threshold(nid);
@@ -546,7 +545,8 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) {
copy_to_bufflen = DIGEST_BLOCK_SIZE - priv->last_update_bufflen;
- memcpy(priv->data + priv->last_update_bufflen, tmpdata, copy_to_bufflen);
+ uadk_memcpy(priv->data + priv->last_update_bufflen, tmpdata,
+ copy_to_bufflen);
priv->last_update_bufflen = DIGEST_BLOCK_SIZE;
priv->req.in_bytes = DIGEST_BLOCK_SIZE;
@@ -567,10 +567,9 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
}
priv->last_update_bufflen = 0;
- memset(priv->data, 0, DIGEST_BLOCK_SIZE);
if (left_len <= DIGEST_BLOCK_SIZE) {
priv->last_update_bufflen = left_len;
- memcpy(priv->data, tmpdata, priv->last_update_bufflen);
+ uadk_memcpy(priv->data, tmpdata, priv->last_update_bufflen);
break;
}
}
@@ -604,7 +603,7 @@ static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_l
goto soft_update;
if (priv->last_update_bufflen + data_len <= DIGEST_BLOCK_SIZE) {
- memcpy(priv->data + priv->last_update_bufflen, data, data_len);
+ uadk_memcpy(priv->data + priv->last_update_bufflen, data, data_len);
priv->last_update_bufflen += data_len;
return 1;
}
@@ -697,7 +696,7 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
ret = async_setup_async_event_notification(&op);
- if (!ret) {
+ if (unlikely(!ret)) {
fprintf(stderr, "failed to setup async event notification.\n");
return 0;
}
diff --git a/src/uadk_utils.c b/src/uadk_utils.c
new file mode 100644
index 0000000..2b34b3a
--- /dev/null
+++ b/src/uadk_utils.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+#include "uadk_utils.h"
+
+#define UADK_MEM_IMPROVE_THRESHOLD 1024
+
+static void *memcpy_large(void *dstpp, const void *srcpp, size_t len)
+{
+ __asm__ __volatile__(
+ "add x4, %[src], %[count]\n\t"
+ "add x5, %[res], %[count]\n\t"
+ "ldr q0, [%[src]]\n\t"
+ "str q0, [%[res]]\n\t"
+ "sub %[count], %[count], 80\n\t"
+ "and x14, %[src], 15\n\t"
+ "bic %[src], %[src], 15\n\t"
+ "sub x3, %[res], x14\n\t"
+ "add %[count], %[count], x14\n\t"
+
+ "1:\n\t"
+ "ldp q0, q1, [%[src], 16]\n\t"
+ "stp q0, q1, [x3, 16]\n\t"
+ "ldp q0, q1, [%[src], 48]\n\t"
+ "stp q0, q1, [x3, 48]\n\t"
+ "add %[src], %[src], 64\n\t"
+ "add x3, x3, 64\n\t"
+ "subs %[count], %[count], 64\n\t"
+ "b.hi 1b\n\t"
+
+ "ldp q0, q1, [x4, -64]\n\t"
+ "stp q0, q1, [x5, -64]\n\t"
+ "ldp q0, q1, [x4, -32]\n\t"
+ "stp q0, q1, [x5, -32]\n\t"
+
+ : [res] "+r"(dstpp)
+ : [src] "r"(srcpp), [count] "r"(len)
+ : "x3", "x4", "x5", "x14", "q0", "q1"
+ );
+
+ return dstpp;
+}
+
+void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len)
+{
+ if (len >= UADK_MEM_IMPROVE_THRESHOLD)
+ return memcpy_large(dstpp, srcpp, len);
+ else
+ return memcpy(dstpp, srcpp, len);
+}
diff --git a/src/uadk_utils.h b/src/uadk_utils.h
new file mode 100644
index 0000000..a16536b
--- /dev/null
+++ b/src/uadk_utils.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+#ifndef UADK_UTILS
+#define UADK_UTILS
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len);
+#endif
--
2.24.4

90
0034-cipher-support-the-sm4-ecb-alg.patch
View File

@ -1,90 +0,0 @@
From 2dc0aa3a544afd4861656f4e876e287aa3ead9b9 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 8 Mar 2022 16:15:32 +0800
Subject: [PATCH 34/36] cipher: support the sm4-ecb alg
the uadk sdk layer has supported the sm4-ecb alg. Kunpeng 920
supports the sm4-ecb by new chip fs.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 15 ++++++++-------
src/v1/alg/ciphers/sec_ciphers.c | 1 +
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 8f8af7e..e4595be 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -87,6 +87,7 @@ static int cipher_920_nids[] = {
NID_sm4_cbc,
NID_des_ede3_cbc,
NID_des_ede3_ecb,
+ NID_sm4_ecb,
0,
};
@@ -103,7 +104,6 @@ static int cipher_930_nids[] = {
NID_aes_128_xts,
NID_aes_256_xts,
NID_sm4_cbc,
- NID_sm4_ecb,
NID_des_ede3_cbc,
NID_des_ede3_ecb,
NID_aes_128_cfb128,
@@ -984,6 +984,11 @@ static int bind_v2_cipher(void)
sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
uadk_e_do_cipher, uadk_e_cipher_cleanup,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
+ UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 16, EVP_CIPH_ECB_MODE,
+ sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+ uadk_e_do_cipher, uadk_e_cipher_cleanup,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
+
return 0;
}
@@ -1037,10 +1042,6 @@ static int bind_v3_cipher(void)
sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
uadk_e_do_cipher, uadk_e_cipher_cleanup,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
- UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 16, EVP_CIPH_ECB_MODE,
- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
- uadk_e_do_cipher, uadk_e_cipher_cleanup,
- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
return 0;
}
@@ -1088,6 +1089,8 @@ static void destroy_v2_cipher(void)
uadk_des_ede3_cbc = 0;
EVP_CIPHER_meth_free(uadk_des_ede3_ecb);
uadk_des_ede3_ecb = 0;
+ EVP_CIPHER_meth_free(uadk_sm4_ecb);
+ uadk_sm4_ecb = 0;
}
static void destroy_v3_cipher(void)
@@ -1116,8 +1119,6 @@ static void destroy_v3_cipher(void)
uadk_sm4_ofb128 = 0;
EVP_CIPHER_meth_free(uadk_sm4_ctr);
uadk_sm4_ctr = 0;
- EVP_CIPHER_meth_free(uadk_sm4_ecb);
- uadk_sm4_ecb = 0;
}
void uadk_e_destroy_cipher(void)
diff --git a/src/v1/alg/ciphers/sec_ciphers.c b/src/v1/alg/ciphers/sec_ciphers.c
index 2c619be..b4743ed 100644
--- a/src/v1/alg/ciphers/sec_ciphers.c
+++ b/src/v1/alg/ciphers/sec_ciphers.c
@@ -85,6 +85,7 @@ static int g_known_cipher_nids[CIPHERS_COUNT] = {
NID_sm4_ctr,
NID_sm4_cbc,
NID_sm4_ofb128,
+ NID_sm4_ecb,
};
#define SEC_CIPHERS_RETURN_FAIL_IF(cond, mesg, ret) \
--
2.24.4

42
0035-cipher-fix-segmentation-fault-for-uadk_e_ctx_init.patch
View File

@ -1,42 +0,0 @@
From 1ff08b383a59150a193870b3150d5265a03864ed Mon Sep 17 00:00:00 2001
From: Wenkai Lin <linwenkai6@hisilicon.com>
Date: Thu, 10 Mar 2022 20:03:20 +0800
Subject: [PATCH 35/36] cipher: fix segmentation fault for uadk_e_ctx_init
if uadk_e_init_cipher failed, there is no need to
alloc cipher session, and alloc session will meet
a segmentation fault because sched_init is not
set by wd_cipher_init.
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
---
src/uadk_cipher.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index e4595be..d6dd8e8 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -846,15 +846,16 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
struct sched_params params = {0};
int ret;
+ priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx);
+ priv->req.iv = priv->iv;
+
ret = uadk_e_init_cipher();
if (unlikely(!ret)) {
priv->switch_flag = UADK_DO_SOFT;
fprintf(stderr, "uadk failed to init cipher HW!\n");
+ return;
}
- priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx);
- priv->req.iv = priv->iv;
-
/*
* The internal RR scheduler used by environment variables,
* the cipher algorithm does not distinguish between
--
2.24.4

28
0036-cipher-sm4-ecb-algorithm-is-deleted-by-mistake.patch
View File

@ -1,28 +0,0 @@
From cf720869f7637e41ff1094d8bc640180fca55f75 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 15 Mar 2022 17:07:59 +0800
Subject: [PATCH 36/36] cipher: sm4-ecb algorithm is deleted by mistake
Because sm4-ecb alg is deleted by mistake. So this alg
not be found in hardware V3.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index d6dd8e8..5ebad64 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -104,6 +104,7 @@ static int cipher_930_nids[] = {
NID_aes_128_xts,
NID_aes_256_xts,
NID_sm4_cbc,
+ NID_sm4_ecb,
NID_des_ede3_cbc,
NID_des_ede3_ecb,
NID_aes_128_cfb128,
--
2.24.4

694
0037-rsa-bugfix-about-redundant-and-inefficient-operation.patch
View File

@ -1,694 +0,0 @@
From 50692e4bc425c5709a468946cb56ad483be90f7c Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Fri, 18 Mar 2022 23:25:47 +0800
Subject: [PATCH 37/37] rsa: bugfix about redundant and inefficient operations
Includes:
1. Remove redundant judgment conditions.
2. Remove redundant function parameters.
3. Remove the redundant operation in soft RSA keygen method.
4. Use more efficient BN memory allocation method, and add
judgment of the results.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 331 ++++++++++++++++++++++---------------------------
1 file changed, 148 insertions(+), 183 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 1488b98..821cb78 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -143,7 +143,7 @@ enum {
static int rsa_check_bit_useful(const int bits, int flen)
{
- if (!flen && flen > bits)
+ if (flen > bits)
return SOFT;
if (bits < RSA_MIN_MODULUS_BITS)
@@ -411,8 +411,8 @@ static int get_rsa_prime_param(struct rsa_prime_param *param, BN_CTX *ctx)
return UADK_E_SUCCESS;
end:
- fprintf(stderr, "failed to malloc params\n");
- return UADK_E_FAIL;
+ fprintf(stderr, "failed to allocate rsa prime params\n");
+ return -ENOMEM;
}
static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
@@ -433,13 +433,11 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
BN_CTX_start(ctx);
param = OPENSSL_zalloc(sizeof(struct rsa_prime_param));
- if (!param) {
- fprintf(stderr, "failed to malloc rsa prime param\n");
+ if (!param)
goto free_ctx;
- }
ret = get_rsa_prime_param(param, ctx);
- if (!ret)
+ if (ret != UADK_E_SUCCESS)
goto free_param;
/* Divide bits into 'primes' pieces evenly */
@@ -624,9 +622,10 @@ static int rsa_get_sign_res(int padding, BIGNUM *to_bn, const BIGNUM *n,
return UADK_E_SUCCESS;
}
-static int rsa_get_verify_res(int padding, BIGNUM *to_bn, const BIGNUM *n,
- BIGNUM *ret_bn)
+static int rsa_get_verify_res(int padding, const BIGNUM *n, BIGNUM *ret_bn)
{
+ BIGNUM *to_bn = NULL;
+
if ((padding == RSA_X931_PADDING) && ((bn_get_words(ret_bn)[0] & 0xf)
!= 0x0c)) {
if (!BN_sub(to_bn, n, ret_bn))
@@ -840,6 +839,7 @@ static struct uadk_rsa_sess *rsa_new_eng_session(RSA *rsa)
rsa_sess = OPENSSL_malloc(sizeof(struct uadk_rsa_sess));
if (!rsa_sess)
return NULL;
+
memset(rsa_sess, 0, sizeof(struct uadk_rsa_sess));
rsa_sess->alg = rsa;
rsa_sess->is_prikey_ready = UN_SET;
@@ -971,23 +971,44 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
struct rsa_keygen_param_bn *bn_param)
{
struct wd_rsa_kg_out *out = (struct wd_rsa_kg_out *)req->dst;
+ struct wd_dtb wd_d, wd_n, wd_qinv, wd_dq, wd_dp;
+ BIGNUM *dmp1, *dmq1, *iqmp, *n, *d;
unsigned int key_bits, key_size;
- BIGNUM *dmp1 = BN_new();
- BIGNUM *dmq1 = BN_new();
- BIGNUM *iqmp = BN_new();
- BIGNUM *n = BN_new();
- BIGNUM *d = BN_new();
- struct wd_dtb wd_d;
- struct wd_dtb wd_n;
- struct wd_dtb wd_qinv;
- struct wd_dtb wd_dq;
- struct wd_dtb wd_dp;
+ BN_CTX *bn_ctx;
key_bits = wd_rsa_get_key_bits(ctx);
+ if (!key_bits)
+ return UADK_E_FAIL;
+
key_size = key_bits >> BIT_BYTES_SHIFT;
wd_rsa_get_kg_out_params(out, &wd_d, &wd_n);
wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp);
+ bn_ctx = BN_CTX_new();
+ if (!bn_ctx)
+ return UADK_E_FAIL;
+
+ BN_CTX_start(bn_ctx);
+ dmp1 = BN_CTX_get(bn_ctx);
+ if (!dmp1)
+ goto free_bn_ctx;
+
+ dmq1 = BN_CTX_get(bn_ctx);
+ if (!dmq1)
+ goto free_bn_ctx;
+
+ iqmp = BN_CTX_get(bn_ctx);
+ if (!iqmp)
+ goto free_bn_ctx;
+
+ n = BN_CTX_get(bn_ctx);
+ if (!n)
+ goto free_bn_ctx;
+
+ d = BN_CTX_get(bn_ctx);
+ if (!d)
+ goto free_bn_ctx;
+
BN_bin2bn((unsigned char *)wd_d.data, key_size, d);
BN_bin2bn((unsigned char *)wd_n.data, key_size, n);
BN_bin2bn((unsigned char *)wd_qinv.data, wd_qinv.dsize, iqmp);
@@ -997,16 +1018,13 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
if (!(RSA_set0_key(rsa, n, bn_param->e, d) &&
RSA_set0_factors(rsa, bn_param->p, bn_param->q) &&
RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)))
- goto bn_free;
+ goto free_bn_ctx;
return UADK_E_SUCCESS;
-bn_free:
- BN_clear_free(dmp1);
- BN_clear_free(dmq1);
- BN_clear_free(iqmp);
- BN_clear_free(n);
- BN_clear_free(d);
+free_bn_ctx:
+ BN_CTX_end(bn_ctx);
+ BN_CTX_free(bn_ctx);
return UADK_E_FAIL;
}
@@ -1093,20 +1111,11 @@ err:
static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
{
- const RSA_METHOD *default_meth = RSA_PKCS1_OpenSSL();
int ret;
- if (!default_meth) {
- fprintf(stderr, "failed to get soft method.\n");
- return UADK_E_FAIL;
- }
-
UNUSED(cb);
- RSA_set_method(rsa, default_meth);
ret = RSA_generate_key_ex(rsa, bits, e, NULL);
- RSA_set_method(rsa, rsa_hw_meth);
-
return ret;
}
@@ -1131,7 +1140,7 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess,
return UADK_E_FAIL;
wd_rsa_get_crt_prikey_params(key_pair->prikey, NULL, NULL, NULL,
- &keygen_param->wd_q, &keygen_param->wd_p);
+ &keygen_param->wd_q, &keygen_param->wd_p);
if (!keygen_param->wd_q || !keygen_param->wd_p)
return UADK_E_FAIL;
@@ -1170,9 +1179,11 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
struct rsa_keygen_param_bn **keygen_bn_param,
struct rsa_keypair **key_pair)
{
+ BN_CTX *bn_ctx;
+
*keygen_param = OPENSSL_malloc(sizeof(struct rsa_keygen_param));
if (!(*keygen_param))
- return -ENOMEM;
+ goto err;
*keygen_bn_param = (struct rsa_keygen_param_bn *)
OPENSSL_malloc(sizeof(struct rsa_keygen_param_bn));
@@ -1183,16 +1194,35 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
if (!(*key_pair))
goto free_keygen_bn_param;
- (*keygen_bn_param)->e = BN_new();
- (*keygen_bn_param)->p = BN_new();
- (*keygen_bn_param)->q = BN_new();
+ bn_ctx = BN_CTX_new();
+ if (!bn_ctx)
+ goto free_key_pair;
+
+ BN_CTX_start(bn_ctx);
+ (*keygen_bn_param)->e = BN_CTX_get(bn_ctx);
+ if (!(*keygen_bn_param)->e)
+ goto free_bn_ctx;
+
+ (*keygen_bn_param)->p = BN_CTX_get(bn_ctx);
+ if (!(*keygen_bn_param)->p)
+ goto free_bn_ctx;
+
+ (*keygen_bn_param)->q = BN_CTX_get(bn_ctx);
+ if (!(*keygen_bn_param)->q)
+ goto free_bn_ctx;
return UADK_E_SUCCESS;
+free_bn_ctx:
+ BN_CTX_end(bn_ctx);
+ BN_CTX_free(bn_ctx);
+free_key_pair:
+ OPENSSL_free(*key_pair);
free_keygen_bn_param:
OPENSSL_free(*keygen_bn_param);
free_keygen_param:
OPENSSL_free(*keygen_param);
+err:
return -ENOMEM;
}
@@ -1236,81 +1266,56 @@ static void rsa_pkey_param_free(struct rsa_pubkey_param **pub,
}
static int rsa_create_pub_bn_ctx(RSA *rsa, struct rsa_pubkey_param *pub,
- BN_CTX **bn_ctx, unsigned char **from_buf)
+ unsigned char **from_buf, int *num_bytes)
{
- BIGNUM *ret_bn;
- int num_bytes;
-
RSA_get0_key(rsa, &pub->n, &pub->e, NULL);
-
- *bn_ctx = BN_CTX_new();
- if (!(*bn_ctx))
+ if (!(pub->n) || !(pub->e))
return UADK_E_FAIL;
- BN_CTX_start(*bn_ctx);
- ret_bn = BN_CTX_get(*bn_ctx);
- if (!ret_bn)
- goto err;
-
- num_bytes = BN_num_bytes(pub->n);
- if (!num_bytes)
- goto err;
+ *num_bytes = BN_num_bytes(pub->n);
+ if (!(*num_bytes))
+ return UADK_E_FAIL;
- *from_buf = OPENSSL_malloc(num_bytes);
+ *from_buf = OPENSSL_malloc(*num_bytes);
if (!(*from_buf))
- goto err;
+ return -ENOMEM;
return UADK_E_SUCCESS;
-
-err:
- BN_CTX_free(*bn_ctx);
- return UADK_E_FAIL;
}
-static void rsa_free_pub_bn_ctx(BN_CTX **bn_ctx, unsigned char **from_buf)
+static void rsa_free_pub_bn_ctx(unsigned char **from_buf)
{
- BN_CTX_free(*bn_ctx);
-
OPENSSL_free(*from_buf);
}
static int rsa_create_pri_bn_ctx(RSA *rsa, struct rsa_prikey_param *pri,
- BN_CTX **bn_ctx, unsigned char **from_buf)
+ unsigned char **from_buf, int *num_bytes)
{
- BIGNUM *ret_bn;
- int num_bytes;
-
RSA_get0_key(rsa, &pri->n, &pri->e, &pri->d);
- RSA_get0_factors(rsa, &pri->p, &pri->q);
- RSA_get0_crt_params(rsa, &pri->dmp1, &pri->dmq1, &pri->iqmp);
+ if (!(pri->n) || !(pri->e) || !(pri->d))
+ return UADK_E_FAIL;
- *bn_ctx = BN_CTX_new();
- if (!(*bn_ctx))
+ RSA_get0_factors(rsa, &pri->p, &pri->q);
+ if (!(pri->p) || !(pri->q))
return UADK_E_FAIL;
- BN_CTX_start(*bn_ctx);
- ret_bn = BN_CTX_get(*bn_ctx);
- if (!ret_bn)
- goto err;
+ RSA_get0_crt_params(rsa, &pri->dmp1, &pri->dmq1, &pri->iqmp);
+ if (!(pri->dmp1) || !(pri->dmq1) || !(pri->iqmp))
+ return UADK_E_FAIL;
- num_bytes = BN_num_bytes(pri->n);
- if (!num_bytes)
- goto err;
+ *num_bytes = BN_num_bytes(pri->n);
+ if (!(*num_bytes))
+ return UADK_E_FAIL;
- *from_buf = OPENSSL_malloc(num_bytes);
+ *from_buf = OPENSSL_malloc(*num_bytes);
if (!(*from_buf))
- goto err;
+ return -ENOMEM;
return UADK_E_SUCCESS;
-err:
- BN_CTX_free(*bn_ctx);
- return UADK_E_FAIL;
}
-static void rsa_free_pri_bn_ctx(BN_CTX **bn_ctx, unsigned char **from_buf)
+static void rsa_free_pri_bn_ctx(unsigned char **from_buf)
{
- BN_CTX_free(*bn_ctx);
-
OPENSSL_free(*from_buf);
}
@@ -1318,14 +1323,13 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
{
struct rsa_keygen_param *keygen_param = NULL;
struct rsa_keygen_param_bn *bn_param = NULL;
+ struct uadk_rsa_sess *rsa_sess = NULL;
struct rsa_keypair *key_pair = NULL;
- struct uadk_rsa_sess *rsa_sess;
int is_crt = 1;
- int key_size;
int ret;
- key_size = rsa_check_bit_useful(bits, 0);
- if (!key_size || key_size == SOFT)
+ ret = rsa_check_bit_useful(bits, 0);
+ if (!ret || ret == SOFT)
goto exe_soft;
ret = uadk_e_rsa_init();
@@ -1388,14 +1392,11 @@ exe_soft:
static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
+ struct uadk_rsa_sess *rsa_sess = NULL;
struct rsa_pubkey_param *pub = NULL;
- struct uadk_rsa_sess *rsa_sess;
unsigned char *from_buf = NULL;
+ int num_bytes, is_crt, ret;
BIGNUM *ret_bn = NULL;
- BN_CTX *bn_ctx = NULL;
- int num_bytes;
- int is_crt;
- int ret;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret || ret == SOFT)
@@ -1417,18 +1418,12 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
goto free_pkey;
}
- ret = rsa_create_pub_bn_ctx(rsa, pub, &bn_ctx, &from_buf);
- if (!ret) {
+ ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes);
+ if (ret <= 0 || flen > num_bytes) {
ret = UADK_DO_SOFT;
goto free_sess;
}
- num_bytes = BN_num_bytes(pub->n);
- if (flen > num_bytes) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
ret = add_rsa_pubenc_padding(flen, from, from_buf, num_bytes, padding);
if (!ret) {
ret = UADK_DO_SOFT;
@@ -1448,7 +1443,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
}
ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
- rsa_sess->req.dst_bytes, ret_bn);
+ rsa_sess->req.dst_bytes, NULL);
if (!ret_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
@@ -1457,11 +1452,13 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
ret = BN_bn2binpad(ret_bn, to, num_bytes);
if (ret == -1) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
+free_bn:
+ BN_free(ret_bn);
free_buf:
- rsa_free_pub_bn_ctx(&bn_ctx, &from_buf);
+ rsa_free_pub_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
free_pkey:
@@ -1480,11 +1477,8 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
struct rsa_prikey_param *pri = NULL;
unsigned char *from_buf = NULL;
struct uadk_rsa_sess *rsa_sess;
+ int num_bytes, len, ret;
BIGNUM *ret_bn = NULL;
- BN_CTX *bn_ctx = NULL;
- int num_bytes;
- int ret;
- int len;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret || ret == SOFT)
@@ -1506,18 +1500,12 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
goto free_pkey;
}
- ret = rsa_create_pri_bn_ctx(rsa, pri, &bn_ctx, &from_buf);
- if (!ret) {
+ ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes);
+ if (ret <= 0 || flen > num_bytes) {
ret = UADK_DO_SOFT;
goto free_sess;
}
- num_bytes = BN_num_bytes(pri->n);
- if (flen > num_bytes) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
ret = rsa_fill_prikey(rsa, rsa_sess, pri, from_buf, to);
if (!ret) {
ret = UADK_DO_SOFT;
@@ -1533,7 +1521,7 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
}
ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
- rsa_sess->req.dst_bytes, ret_bn);
+ rsa_sess->req.dst_bytes, NULL);
if (!ret_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
@@ -1542,17 +1530,19 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
len = BN_bn2binpad(ret_bn, from_buf, num_bytes);
if (!len) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
ret = check_rsa_pridec_padding(to, num_bytes, from_buf, len, padding);
if (!ret) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
+free_bn:
+ BN_free(ret_bn);
free_buf:
- rsa_free_pri_bn_ctx(&bn_ctx, &from_buf);
+ rsa_free_pri_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
free_pkey:
@@ -1568,14 +1558,13 @@ exe_soft:
static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
+ struct uadk_rsa_sess *rsa_sess = NULL;
struct rsa_prikey_param *pri = NULL;
- struct uadk_rsa_sess *rsa_sess;
unsigned char *from_buf = NULL;
- BIGNUM *to_bn, *ret_bn;
- BN_CTX *bn_ctx = NULL;
+ BIGNUM *ret_bn = NULL;
+ BIGNUM *to_bn = NULL;
BIGNUM *res = NULL;
- int num_bytes;
- int ret;
+ int num_bytes, ret;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret || ret == SOFT)
@@ -1597,36 +1586,18 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
goto free_pkey;
}
- ret = rsa_create_pri_bn_ctx(rsa, pri, &bn_ctx, &from_buf);
- if (!ret) {
+ ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes);
+ if (ret <= 0 || flen > num_bytes) {
ret = UADK_DO_SOFT;
goto free_sess;
}
- to_bn = BN_CTX_get(bn_ctx);
- if (!to_bn) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
- num_bytes = BN_num_bytes(pri->n);
- if (flen > num_bytes) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
ret = add_rsa_prienc_padding(flen, from, from_buf, num_bytes, padding);
if (!ret) {
ret = UADK_DO_SOFT;
goto free_buf;
}
- ret_bn = BN_bin2bn(from_buf, num_bytes, to_bn);
- if (!ret_bn) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
ret = rsa_fill_prikey(rsa, rsa_sess, pri, from_buf, to);
if (!ret) {
ret = UADK_DO_SOFT;
@@ -1639,24 +1610,33 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = NULL;
ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
- rsa_sess->req.dst_bytes, ret_bn);
+ rsa_sess->req.dst_bytes, NULL);
if (!ret_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
+ to_bn = BN_bin2bn(from_buf, num_bytes, NULL);
+ if (!to_bn) {
+ ret = UADK_DO_SOFT;
+ goto free_ret_bn;
+ }
+
ret = rsa_get_sign_res(padding, to_bn, pri->n, ret_bn, &res);
if (!ret) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_to_bn;
}
ret = BN_bn2binpad(res, to, num_bytes);
+free_to_bn:
+ BN_free(to_bn);
+free_ret_bn:
+ BN_free(ret_bn);
free_buf:
- rsa_free_pri_bn_ctx(&bn_ctx, &from_buf);
+ rsa_free_pri_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
free_pkey:
@@ -1672,15 +1652,11 @@ exe_soft:
static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
- struct uadk_rsa_sess *rsa_sess;
+ struct uadk_rsa_sess *rsa_sess = NULL;
+ struct rsa_pubkey_param *pub = NULL;
+ int num_bytes, is_crt, len, ret;
unsigned char *from_buf = NULL;
- struct rsa_pubkey_param *pub;
- BIGNUM *ret_bn, *to_bn;
- BN_CTX *bn_ctx = NULL;
- int num_bytes;
- int is_crt;
- int ret;
- int len;
+ BIGNUM *ret_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret)
@@ -1704,25 +1680,12 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
goto free_pkey;
}
- ret = rsa_create_pub_bn_ctx(rsa, pub, &bn_ctx, &from_buf);
- if (!ret) {
+ ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes);
+ if (ret <= 0 || flen > num_bytes) {
ret = UADK_DO_SOFT;
goto free_sess;
}
- to_bn = BN_CTX_get(bn_ctx);
- if (!to_bn) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
- num_bytes = BN_num_bytes(pub->n);
- ret_bn = BN_bin2bn(from_buf, num_bytes, to_bn);
- if (!ret_bn) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
ret = rsa_fill_pubkey(pub, rsa_sess, from_buf, to);
if (!ret) {
ret = UADK_DO_SOFT;
@@ -1736,34 +1699,35 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = NULL;
ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
- rsa_sess->req.dst_bytes, ret_bn);
+ rsa_sess->req.dst_bytes, NULL);
if (!ret_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
- ret = rsa_get_verify_res(padding, to_bn, pub->n, ret_bn);
+ ret = rsa_get_verify_res(padding, pub->n, ret_bn);
if (!ret) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
len = BN_bn2binpad(ret_bn, from_buf, num_bytes);
if (!len) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
ret = check_rsa_pubdec_padding(to, num_bytes, from_buf, len, padding);
if (!ret) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
+free_bn:
+ BN_free(ret_bn);
free_buf:
- rsa_free_pub_bn_ctx(&bn_ctx, &from_buf);
+ rsa_free_pub_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
free_pkey:
@@ -1786,7 +1750,7 @@ static RSA_METHOD *uadk_e_get_rsa_sw_methods(void)
(void)RSA_meth_set_priv_enc(rsa_sw_meth, RSA_meth_get_priv_enc(meth));
(void)RSA_meth_set_pub_dec(rsa_sw_meth, RSA_meth_get_pub_dec(meth));
(void)RSA_meth_set_priv_dec(rsa_sw_meth, RSA_meth_get_priv_dec(meth));
- (void)RSA_meth_set_keygen(rsa_sw_meth, RSA_meth_get_keygen(meth));
+ (void)RSA_meth_set_keygen(rsa_sw_meth, uadk_e_soft_rsa_keygen);
(void)RSA_meth_set_mod_exp(rsa_sw_meth, RSA_meth_get_mod_exp(meth));
(void)RSA_meth_set_bn_mod_exp(rsa_sw_meth,
RSA_meth_get_bn_mod_exp(meth));
@@ -1798,6 +1762,7 @@ static RSA_METHOD *uadk_e_get_rsa_hw_methods(void)
{
if (rsa_hw_meth)
return rsa_hw_meth;
+
rsa_hw_meth = RSA_meth_new("uadk hardware rsa method", 0);
if (!rsa_hw_meth) {
fprintf(stderr, "failed to allocate rsa hardware method\n");
--
2.24.4

177
0038-uadk-engine-change-Copyright-to-2022.patch
View File

@ -1,177 +0,0 @@
From 1b8b65e31da0c6347575d0d201c8417241e81453 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Mon, 28 Mar 2022 02:31:53 +0000
Subject: [PATCH 38/57] uadk-engine: change Copyright to 2022
Change Copyright to 2022
Add Linaro Copyright as well
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/e_uadk.c | 3 ++-
src/uadk.h | 3 ++-
src/uadk_async.c | 3 ++-
src/uadk_async.h | 3 ++-
src/uadk_cipher.c | 3 ++-
src/uadk_dh.c | 2 +-
src/uadk_digest.c | 3 ++-
src/uadk_ec.c | 2 +-
src/uadk_ecx.c | 2 +-
src/uadk_pkey.c | 2 +-
src/uadk_pkey.h | 2 +-
src/uadk_rsa.c | 2 +-
src/uadk_sm2.c | 2 +-
13 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 79ecef8..4288569 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk.h b/src/uadk.h
index 384e035..ef09274 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_async.c b/src/uadk_async.c
index c98153b..11d624c 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_async.h b/src/uadk_async.h
index 9836dbb..d2a7e16 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 5ebad64..91895cc 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 40fb583..3882306 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 355917d..ecc0ce6 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index db69871..e219bdf 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 67f9350..5d0ff76 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index f27e2f5..d4ec30e 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h
index dfe6fbe..b30c2de 100644
--- a/src/uadk_pkey.h
+++ b/src/uadk_pkey.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 821cb78..a80d203 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 8c75611..a478a94 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
--
2.27.0

197
0039-README-move-test-script-to-sanity_test.sh.patch
View File

@ -1,197 +0,0 @@
From 5dab65ce804d8e7995cef2eecfb375270d55f2ed Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Wed, 30 Mar 2022 07:34:43 +0000
Subject: [PATCH 39/57] README: move test script to sanity_test.sh
Move test script from README to sanity_test.sh
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
README | 103 +-------------------------------------------
test/sanity_test.sh | 39 ++++++++++++++++-
2 files changed, 39 insertions(+), 103 deletions(-)
diff --git a/README b/README
index 562a859..ed49128 100644
--- a/README
+++ b/README
@@ -63,108 +63,7 @@ Build & Install OpenSSL UADK Engine
Testing
-------
```
- sudo test/sanity_test.sh
-```
-1. Cipher
-```
-openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl speed -engine uadk_engine -async_jobs 1 -evp aes-128-cbc
-openssl speed -engine uadk_engine -async_jobs 1 -evp sm4-cbc
-openssl speed -engine uadk_engine -async_jobs 1 -evp des-ede3-cbc
-```
-2. RSA
-```
-openssl genrsa -out prikey.pem -engine uadk_engine 2048
-openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk_engine
-openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk_engine
-openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk_engine
-openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk_engine
-openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk_engine
-openssl speed -elapsed -engine uadk_engine rsa2048
-openssl speed -elapsed -engine uadk_engine -async_jobs 10 rsa2048
-```
-3. SM3
-```
-openssl sm3 -engine uadk_engine data
-```
-4. MD5
-```
-openssl speed -engine uadk_engine -async_jobs 1 -evp md5
-```
-5. SHA
-```
-openssl sha1 -engine uadk_engine data
-openssl sha256 -engine uadk_engine data
-openssl sha512 -engine uadk_engine data
-```
-6. DH
-
-[step 1] Generate global public parameters, and save them in the file
-dhparam.pem:
-```
-openssl dhparam -out dhparam.pem 2048
-```
-[step 2] Generate own private key:
-```
-openssl genpkey -paramfile dhparam.pem -out privatekey1.pem
-openssl genpkey -paramfile dhparam.pem -out privatekey2.pem
-```
-[step 3] Generate public key:
-```
-openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine uadk
-openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine uadk
-```
-[step 4] After exchanging public key, each user can derive the shared secret:
-```
-openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out
-secret1.bin -engine uadk_engine
-openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out
-secret2.bin -engine uadk_engine
-```
-[step 5] Check secret1.bin and secret2.bin:
-```
-cmp secret1.bin secret2.bin
-xxd secret1.bin
-xxd secret2.bin
-```
-secret1.bin and secret2.bin should be the same.
-
-7. SM2
-```
-openssl speed -elapsed -engine uadk_engine sm2
-openssl speed -elapsed -engine uadk_engine -async_jobs 1 sm2
-openssl ecparam -genkey -name SM2 -out SM2PrivateKey.pem
-openssl ec -in SM2PrivateKey.pem -pubout -out SM2PublicKey.pem
-```
-8. ECDSA
-```
-openssl speed -elapsed -engine uadk_engine ecdsap256
-openssl speed -elapsed -engine uadk_engine -async_jobs 1 ecdsap256
+ ./test/sanity_test.sh
```
Environment variable of uadk engine
diff --git a/test/sanity_test.sh b/test/sanity_test.sh
index 4273310..2c0c504 100755
--- a/test/sanity_test.sh
+++ b/test/sanity_test.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-chmod 666 /dev/hisi_*
+sudo chmod 666 /dev/hisi_*
if [ ! -n "$1" ]; then
engine_id=uadk_engine
@@ -24,6 +24,12 @@ if [[ $algs =~ "SM3" ]]; then
openssl speed -engine $engine_id -async_jobs 1 -evp sm3
fi
+if [[ $algs =~ "SM2" ]]; then
+ echo "testing SM2"
+ openssl speed -engine $engine_id -evp sm2
+ openssl speed -engine $engine_id -async_jobs 1 -evp sm2
+fi
+
if [[ $algs =~ "SHA" ]]; then
echo "testing SHA"
openssl speed -engine $engine_id -evp sha1
@@ -58,6 +64,12 @@ if [[ $algs =~ "AES" ]]; then
openssl speed -engine $engine_id -async_jobs 1 -evp aes-128-xts
openssl speed -engine $engine_id -evp aes-256-xts
openssl speed -engine $engine_id -async_jobs 1 -evp aes-256-xts
+ openssl speed -engine $engine_id -evp aes-128-ctr
+ openssl speed -engine $engine_id -async_jobs 1 -evp aes-128-ctr
+ openssl speed -engine $engine_id -evp aes-192-ctr
+ openssl speed -engine $engine_id -async_jobs 1 -evp aes-192-ctr
+ openssl speed -engine $engine_id -evp aes-256-ctr
+ openssl speed -engine $engine_id -async_jobs 1 -evp aes-256-ctr
fi
if [[ $algs =~ "SM4-CBC" ]]; then
@@ -134,3 +146,28 @@ if [[ $algs =~ "id-ecPublicKey" ]]; then
openssl speed -elapsed -engine $engine_id ecdhbrp384r1
openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhbrp384r1
fi
+
+#DH
+if [[ $algs =~ "DH" ]]; then
+ echo "testing DH"
+ #1. Generate global public parameters, and save them in the file dhparam.pem:
+ openssl dhparam -out dhparam.pem 2048
+
+ #2. Generate own private key:
+ openssl genpkey -paramfile dhparam.pem -out privatekey1.pem
+ openssl genpkey -paramfile dhparam.pem -out privatekey2.pem
+
+ #3. Generate public key:
+ openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine $engine_id
+ openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine $engine_id
+
+ #4. After exchanging public key, each user can derive the shared secret:
+ openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out secret1.bin -engine $engine_id
+ openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out secret2.bin -engine $engine_id
+
+ #5. Check secret1.bin and secret2.bin:
+ cmp secret1.bin secret2.bin
+ xxd secret1.bin
+ xxd secret2.bin
+ #secret1.bin and secret2.bin should be same.
+fi
--
2.27.0

38
0040-uadk_engine-fix-string-compare-mode.patch
View File

@ -1,38 +0,0 @@
From 4763c7f374d4ba29a070b06147e2d47504902cf3 Mon Sep 17 00:00:00 2001
From: JunchongPan <panjunchong@hisilicon.com>
Date: Sat, 2 Apr 2022 09:47:08 +0800
Subject: [PATCH 40/57] uadk_engine:fix string compare mode
String compare now use '==' while compare point and string,
changed to strcmp
Signed-off-by: JunchongPan <panjunchong@hisilicon.com>
---
src/e_uadk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 4288569..58a10de 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -116,7 +116,7 @@ int uadk_e_is_env_enabled(const char *alg_name)
int i = 0;
while (i < len) {
- if (uadk_env_enabled[i].alg_name == alg_name)
+ if (strcmp(uadk_env_enabled[i].alg_name, alg_name))
return uadk_env_enabled[i].env_enabled;
i++;
}
@@ -130,7 +130,7 @@ static void uadk_e_set_env_enabled(const char *alg_name, __u8 value)
int i = 0;
while (i < len) {
- if (uadk_env_enabled[i].alg_name == alg_name) {
+ if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) {
uadk_env_enabled[i].env_enabled = value;
return;
}
--
2.27.0

32
0041-cipher-optimize-the-process-of-ctx-initialization.patch
View File

@ -1,32 +0,0 @@
From 17bfd66f31e712ffd9364bfb43c9899e10e84a7d Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Sat, 2 Apr 2022 11:19:16 +0800
Subject: [PATCH 41/57] cipher: optimize the process of ctx initialization
Optimize the process of ctx initialization as switching to soft work.
If the ctx resources of a thread are insufficient at the beginning, the
thread can't apply for resources again. Therefore, an flag checking is
required.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 91895cc..8a2c39d 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -851,6 +851,9 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx);
priv->req.iv = priv->iv;
+ if (priv->switch_flag == UADK_DO_SOFT)
+ return;
+
ret = uadk_e_init_cipher();
if (unlikely(!ret)) {
priv->switch_flag = UADK_DO_SOFT;
--
2.27.0

59
0042-cipher-adding-an-iv-update-to-a-decryption.patch
View File

@ -1,59 +0,0 @@
From 11016568bf6a929aebc216f5e7f5fd28b2e1d2a6 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 12 May 2022 10:31:56 +0800
Subject: [PATCH 42/57] cipher: adding an iv update to a decryption
Adding an iv update to de-crypto method as cbc mode.
the dst address should not be changed. So fix it.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 8a2c39d..49022f7 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -763,10 +763,13 @@ static void uadk_cipher_update_priv_ctx(struct cipher_priv_ctx *priv)
switch (priv->setup.mode) {
case WD_CIPHER_CBC:
- if (priv->req.op_type == WD_CIPHER_ENCRYPTION) {
- priv->req.dst += priv->req.in_bytes;
- memcpy(priv->iv, priv->req.dst - iv_bytes, iv_bytes);
- }
+ if (priv->req.op_type == WD_CIPHER_ENCRYPTION)
+ memcpy(priv->iv, priv->req.dst + priv->req.in_bytes - iv_bytes,
+ iv_bytes);
+ else
+ memcpy(priv->iv, priv->req.src + priv->req.in_bytes - iv_bytes,
+ iv_bytes);
+
break;
case WD_CIPHER_OFB:
for (i = 0; i < IV_LEN; i++) {
@@ -776,13 +779,13 @@ static void uadk_cipher_update_priv_ctx(struct cipher_priv_ctx *priv)
memcpy(priv->iv, K, iv_bytes);
break;
case WD_CIPHER_CFB:
- if (priv->req.op_type == WD_CIPHER_ENCRYPTION) {
- priv->req.dst += priv->req.in_bytes;
- memcpy(priv->iv, priv->req.dst - iv_bytes, iv_bytes);
- } else {
- priv->req.src += priv->req.in_bytes;
- memcpy(priv->iv, priv->req.src - iv_bytes, iv_bytes);
- }
+ if (priv->req.op_type == WD_CIPHER_ENCRYPTION)
+ memcpy(priv->iv, priv->req.dst + priv->req.in_bytes - iv_bytes,
+ iv_bytes);
+ else
+ memcpy(priv->iv, priv->req.src + priv->req.in_bytes - iv_bytes,
+ iv_bytes);
+
break;
case WD_CIPHER_CTR:
ctr_iv_inc(priv->iv, priv->req.in_bytes >> CTR_MODE_LEN_SHIFT);
--
2.27.0

47
0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch
View File

@ -1,47 +0,0 @@
From d6b2f7a4b2486afb3b3a418f32ce9d43783ef8f0 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 12 May 2022 10:31:57 +0800
Subject: [PATCH 43/57] cipher: fix cipher decrypto failed as use jdk
Because the java releases the memory immediately after the
memory is used. So the engine should not use user memory for
storage the key.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 49022f7..7eba992 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -36,6 +36,7 @@
#define BYTE_BITS 8
#define IV_LEN 16
#define ENV_ENABLED 1
+#define MAX_KEY_LEN 64
struct cipher_engine {
struct wd_ctx_config ctx_cfg;
@@ -57,7 +58,7 @@ struct cipher_priv_ctx {
struct wd_cipher_sess_setup setup;
struct wd_cipher_req req;
unsigned char iv[IV_LEN];
- const unsigned char *key;
+ unsigned char key[MAX_KEY_LEN];
int switch_flag;
void *sw_ctx_data;
/* Crypto small packet offload threshold */
@@ -694,7 +695,7 @@ static int uadk_e_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
if (unlikely(ret != 1))
return 0;
- priv->key = key;
+ memcpy(priv->key, key, EVP_CIPHER_CTX_key_length(ctx));
priv->switch_threshold = SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT;
return 1;
--
2.27.0

169
0044-engine-add-receiving-timeout-count.patch
View File

@ -1,169 +0,0 @@
From 4fbef0e061a97e3ead086de7f3f5689e9d53f454 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Mon, 18 Jul 2022 09:41:39 +0800
Subject: [PATCH 44/57] engine: add receiving timeout count
Task fail due to hardware errors, but the process of poll
isn't exit. Increase the count of packet receiving timeout
as doing async jobs. Prevents falling into an infinite loop
in poll ctx.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk.h | 5 +++--
src/uadk_cipher.c | 7 +++++--
src/uadk_dh.c | 7 +++++--
src/uadk_digest.c | 7 +++++--
src/uadk_pkey.c | 7 +++++--
src/uadk_rsa.c | 7 +++++--
6 files changed, 28 insertions(+), 12 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h
index ef09274..e2635d4 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -22,8 +22,9 @@
#include <uadk/wd_sched.h>
#include "uadk_utils.h"
-#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
-#define ENV_STRING_LEN 256
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+#define ENV_STRING_LEN 256
+#define ENGINE_RECV_MAX_CNT 60000000
enum {
KUNPENG920,
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 7eba992..472c0ad 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -504,6 +504,7 @@ static int sched_single_poll_policy(handle_t h_sched_ctx,
static int uadk_e_cipher_poll(void *ctx)
{
struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *) ctx;
+ __u64 rx_cnt = 0;
__u32 recv = 0;
/* Poll one packet currently */
int expt = 1;
@@ -520,9 +521,11 @@ static int uadk_e_cipher_poll(void *ctx)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_cipher_env_poll(void *ctx)
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 3882306..893b0f2 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -204,6 +204,7 @@ static __u32 dh_pick_next_ctx(handle_t sched_ctx,
static int uadk_e_dh_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
int expect = 1;
int idx = 1;
@@ -215,9 +216,11 @@ static int uadk_e_dh_poll(void *ctx)
return UADK_E_POLL_SUCCESS;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static void uadk_e_dh_cb(void *req_t)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index ecc0ce6..2e61e80 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -332,6 +332,7 @@ static int sched_single_poll_policy(handle_t h_sched_ctx,
static int uadk_e_digest_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
int expt = 1;
int ret = 0;
@@ -342,9 +343,11 @@ static int uadk_e_digest_poll(void *ctx)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_digest_env_poll(void *ctx)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index d4ec30e..2616c5e 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -113,6 +113,7 @@ void uadk_ecc_cb(void *req_t)
static int uadk_ecc_poll(void *ctx)
{
unsigned int recv = 0;
+ __u64 rx_cnt = 0;
int expt = 1;
int ret;
@@ -122,9 +123,11 @@ static int uadk_ecc_poll(void *ctx)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
/* make resource configure static */
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index a80d203..29b2521 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -656,6 +656,7 @@ static int rsa_poll_policy(handle_t h_sched_ctx, __u32 expect, __u32 *count)
static int uadk_e_rsa_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
int expt = 1;
int ret;
@@ -666,9 +667,11 @@ static int uadk_e_rsa_poll(void *ctx)
return UADK_E_POLL_SUCCESS;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static struct rsa_res_config rsa_res_config = {
--
2.27.0

49
0045-digest-fix-the-fault-as-using-the-nginx.patch
View File

@ -1,49 +0,0 @@
From 7718ed9e56633bf2781f108a591eefe093ccb18b Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Mon, 18 Jul 2022 14:43:53 +0800
Subject: [PATCH 45/57] digest: fix the fault as using the nginx
Prevent double-free after the private ctx copy is used.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 2e61e80..8127373 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -240,6 +240,10 @@ static void digest_soft_cleanup(struct digest_priv_ctx *md_ctx)
{
EVP_MD_CTX *ctx = md_ctx->soft_ctx;
+ /* Prevent double-free after the copy is used */
+ if (md_ctx->copy)
+ return;
+
if (ctx != NULL) {
if (ctx->md_data) {
OPENSSL_free(ctx->md_data);
@@ -641,7 +645,9 @@ static int do_digest_sync(struct digest_priv_ctx *priv)
{
int ret;
- /* Fix me: not support switch the soft work as input is lower */
+ if (priv->req.in_bytes <= priv->switch_threshold &&
+ priv->state == SEC_DIGEST_INIT)
+ return 0;
ret = wd_do_digest_sync(priv->sess, &priv->req);
if (ret) {
@@ -743,6 +749,7 @@ static int uadk_e_digest_cleanup(EVP_MD_CTX *ctx)
struct digest_priv_ctx *priv =
(struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
+ /* Prevent double-free after the copy is used */
if (!priv || priv->copy)
return 1;
--
2.27.0

121
0046-ecc-cleanup-of-static-code-check.patch
View File

@ -1,121 +0,0 @@
From c8dbfbdd80ea8b8d422a50c634e057dd37ac9aea Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 16:45:03 +0800
Subject: [PATCH 46/57] ecc: cleanup of static code check
1. Use macros instead of specific numbers to represent
the key size.
2. Global variable 'sm2_order' only used in function
'sm2_update_sess' should be declared in function scope.
3. Remove unused structure 'uadk_ecc_sess'.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 22 +++++++++++-----------
src/uadk_pkey.c | 9 ---------
src/uadk_sm2.c | 21 ++++++---------------
3 files changed, 17 insertions(+), 35 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index e219bdf..d78658b 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -129,18 +129,18 @@ err:
static int get_smallest_hw_keybits(int bits)
{
/* ec curve order width */
- if (bits > 384)
- return 521;
- else if (bits > 320)
- return 384;
- else if (bits > 256)
- return 320;
- else if (bits > 192)
- return 256;
- else if (bits > 128)
- return 192;
+ if (bits > ECC384BITS)
+ return ECC521BITS;
+ else if (bits > ECC320BITS)
+ return ECC384BITS;
+ else if (bits > ECC256BITS)
+ return ECC320BITS;
+ else if (bits > ECC192BITS)
+ return ECC256BITS;
+ else if (bits > ECC128BITS)
+ return ECC192BITS;
else
- return 128;
+ return ECC128BITS;
}
static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 2616c5e..a0b74af 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -44,15 +44,6 @@ struct ecc_res_config {
int numa_id;
};
-typedef struct uadk_ecc_sess {
- handle_t sess;
- struct wd_ecc_sess_setup setup;
- struct wd_ecc_req req;
- int is_pubkey_ready;
- int is_privkey_ready;
- int key_size;
-} uadk_ecc_sess_t;
-
/* ecc global hardware resource is saved here */
struct ecc_res {
struct wd_ctx_config *ctx_res;
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index a478a94..fcca9f2 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -46,15 +46,6 @@ struct sm2_ctx {
bool is_init;
};
-typedef struct uadk_ecc_sess {
- handle_t sess;
- struct wd_ecc_sess_setup setup;
- struct wd_ecc_req req;
- int is_pubkey_ready;
- int is_privkey_ready;
- int key_size;
-} uadk_ecc_sess_t;
-
typedef struct sm2_ciphertext {
BIGNUM *C1x;
BIGNUM *C1y;
@@ -115,12 +106,6 @@ typedef int (*PFUNC_DEC)(EVP_PKEY_CTX *ctx,
const unsigned char *in,
size_t inlen);
-const unsigned char sm2_order[] = {
- 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,\
- 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,\
- 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23
-};
-
static int get_hash_type(int nid_hash)
{
switch (nid_hash) {
@@ -166,6 +151,12 @@ static int compute_hash(const char *in, size_t in_len,
static int sm2_update_sess(struct sm2_ctx *smctx)
{
+ const unsigned char sm2_order[] = {
+ 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
+ 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23
+ };
int nid_hash = smctx->ctx.md ? EVP_MD_type(smctx->ctx.md) : NID_sm3;
struct wd_ecc_sess_setup setup;
handle_t sess;
--
2.27.0

260
0047-ecc-bugfix-about-return-value-check.patch
View File

@ -1,260 +0,0 @@
From a8613bb37a229c64ab1846e4da2220912876fbfa Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 16:56:02 +0800
Subject: [PATCH 47/57] ecc: bugfix about return value check
Check the return value of BN_CTX_get(), and add a new
structure to wrap the curve parameters to make the logic
of return value check clearer.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 159 ++++++++++++++++++++++++++++++++++----------------
1 file changed, 108 insertions(+), 51 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index d78658b..37683cd 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -34,6 +34,19 @@
#define ECC384BITS 384
#define ECC521BITS 521
+struct curve_param {
+ /* prime */
+ BIGNUM *p;
+ /* ecc coefficient 'a' */
+ BIGNUM *a;
+ /* ecc coefficient 'b' */
+ BIGNUM *b;
+ /* base point */
+ const EC_POINT *g;
+ /* order of base point */
+ const BIGNUM *order;
+};
+
typedef ECDSA_SIG* (*PFUNC_SIGN_SIG)(const unsigned char *,
int,
const BIGNUM *,
@@ -70,58 +83,92 @@ static void init_dtb_param(void *dtb, char *start,
}
}
+static void fill_ecc_cv_param(struct wd_ecc_curve *pparam,
+ struct curve_param *cv_param,
+ BIGNUM *g_x, BIGNUM *g_y)
+{
+ pparam->p.dsize = BN_bn2bin(cv_param->p, (void *)pparam->p.data);
+ pparam->a.dsize = BN_bn2bin(cv_param->a, (void *)pparam->a.data);
+ if (!pparam->a.dsize) {
+ pparam->a.dsize = 1;
+ pparam->a.data[0] = 0;
+ }
+
+ pparam->b.dsize = BN_bn2bin(cv_param->b, (void *)pparam->b.data);
+ if (!pparam->b.dsize) {
+ pparam->b.dsize = 1;
+ pparam->b.data[0] = 0;
+ }
+
+ pparam->g.x.dsize = BN_bn2bin(g_x, (void *)pparam->g.x.data);
+ pparam->g.y.dsize = BN_bn2bin(g_y, (void *)pparam->g.y.data);
+ pparam->n.dsize = BN_bn2bin(cv_param->order, (void *)pparam->n.data);
+}
+
static int set_sess_setup_cv(const EC_GROUP *group,
struct wd_ecc_curve_cfg *cv)
{
struct wd_ecc_curve *pparam = cv->cfg.pparam;
- BIGNUM *p, *a, *b, *xg, *yg, *order;
- const EC_POINT *g;
+ struct curve_param *cv_param;
+ BIGNUM *g_x, *g_y;
+ int ret = -1;
BN_CTX *ctx;
- int ret;
ctx = BN_CTX_new();
if (!ctx)
- return -ENOMEM;
+ return ret;
BN_CTX_start(ctx);
- p = BN_CTX_get(ctx);
- a = BN_CTX_get(ctx);
- b = BN_CTX_get(ctx);
- xg = BN_CTX_get(ctx);
- yg = BN_CTX_get(ctx);
- ret = uadk_get_curve(group, p, a, b, ctx);
+ cv_param = OPENSSL_malloc(sizeof(struct curve_param));
+ if (!cv_param)
+ goto free_ctx;
+
+ cv_param->p = BN_CTX_get(ctx);
+ if (!cv_param->p)
+ goto free_cv;
+
+ cv_param->a = BN_CTX_get(ctx);
+ if (!cv_param->a)
+ goto free_cv;
+
+ cv_param->b = BN_CTX_get(ctx);
+ if (!cv_param->b)
+ goto free_cv;
+
+ g_x = BN_CTX_get(ctx);
+ if (!g_x)
+ goto free_cv;
+
+ g_y = BN_CTX_get(ctx);
+ if (!g_y)
+ goto free_cv;
+
+ ret = uadk_get_curve(group, cv_param->p, cv_param->a, cv_param->b, ctx);
if (ret)
- goto err;
+ goto free_cv;
- g = EC_GROUP_get0_generator(group);
- ret = uadk_get_affine_coordinates(group, g, xg, yg, ctx);
+ cv_param->g = EC_GROUP_get0_generator(group);
+ if (!cv_param->g)
+ goto free_cv;
+
+ ret = uadk_get_affine_coordinates(group, cv_param->g, g_x, g_y, ctx);
if (ret)
- goto err;
+ goto free_cv;
- order = (BIGNUM *)EC_GROUP_get0_order(group);
- pparam->p.dsize = BN_bn2bin(p, (void *)pparam->p.data);
- pparam->a.dsize = BN_bn2bin(a, (void *)pparam->a.data);
- /* a or b is all zero, but uadk not allow parameter length is zero */
- if (!pparam->a.dsize) {
- pparam->a.dsize = 1;
- pparam->a.data[0] = 0;
- }
- pparam->b.dsize = BN_bn2bin(b, (void *)pparam->b.data);
- if (!pparam->b.dsize) {
- pparam->b.dsize = 1;
- pparam->b.data[0] = 0;
- }
- pparam->g.x.dsize = BN_bn2bin(xg, (void *)pparam->g.x.data);
- pparam->g.y.dsize = BN_bn2bin(yg, (void *)pparam->g.y.data);
- pparam->n.dsize = BN_bn2bin(order, (void *)pparam->n.data);
+ cv_param->order = EC_GROUP_get0_order(group);
+ if (!cv_param->order)
+ goto free_cv;
+
+ fill_ecc_cv_param(pparam, cv_param, g_x, g_y);
cv->type = WD_CV_CFG_PARAM;
ret = 0;
-err:
- if (ctx) {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
+
+free_cv:
+ OPENSSL_free(cv_param);
+free_ctx:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
return ret;
}
@@ -166,12 +213,13 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
sp.cv.cfg.pparam = &param;
group = EC_KEY_get0_group(eckey);
ret = set_sess_setup_cv(group, &sp.cv);
- if (ret) {
- free(dev);
- return (handle_t)0;
- }
+ if (ret)
+ goto free_dev;
order = EC_GROUP_get0_order(group);
+ if (!order)
+ goto free_dev;
+
key_bits = BN_num_bits(order);
sp.alg = alg;
sp.key_bits = get_smallest_hw_keybits(key_bits);
@@ -184,8 +232,11 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
fprintf(stderr, "failed to alloc ecc sess\n");
free(dev);
-
return sess;
+
+free_dev:
+ free(dev);
+ return (handle_t)0;
}
static int check_ecc_bit_useful(const int bits)
@@ -506,6 +557,10 @@ static int ecdsa_do_verify_check(EC_KEY *eckey,
const BIGNUM *order;
int ret;
+ ret = eckey_check(eckey);
+ if (ret)
+ return ret;
+
if (!dgst) {
fprintf(stderr, "dgst is NULL\n");
return -1;
@@ -516,10 +571,6 @@ static int ecdsa_do_verify_check(EC_KEY *eckey,
return -1;
}
- ret = eckey_check(eckey);
- if (ret)
- return ret;
-
pub_key = EC_KEY_get0_public_key(eckey);
if (!pub_key) {
fprintf(stderr, "pub_key is NULL\n");
@@ -957,10 +1008,20 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req,
ctx = BN_CTX_new();
if (!ctx)
return -ENOMEM;
+
+ BN_CTX_start(ctx);
pkey_x = BN_CTX_get(ctx);
+ if (!pkey_x)
+ goto free_ctx;
+
pkey_y = BN_CTX_get(ctx);
+ if (!pkey_y)
+ goto free_ctx;
group = EC_KEY_get0_group(ecdh);
+ if (!group)
+ goto free_ctx;
+
uadk_get_affine_coordinates(group, pubkey, pkey_x, pkey_y, ctx);
in_pkey.x.data = buf_x;
in_pkey.y.data = buf_y;
@@ -986,13 +1047,9 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req,
ret = 1;
free_ctx:
- if (ctx) {
- if (pkey_x)
- BN_clear(pkey_x);
- if (pkey_y)
- BN_clear(pkey_y);
- BN_CTX_free(ctx);
- }
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+
return ret;
}
--
2.27.0

170
0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch
View File

@ -1,170 +0,0 @@
From 7989e5639ab9a2de5d03ecb06942ad556ed41d93 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 16:57:50 +0800
Subject: [PATCH 48/57] ecc: bugfix multiple definition of ecx structure
The structure 'ECX_KEY' is defined in the libcrypto of OpenSSL,
but OpenSSL does not put this definition in the header file in
its 1.1.1x release version, so we can not use this structure
directly. We should define a new structure that provides the
same function to avoid conflict with the definition in OpenSSL
when using static compilation.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ecx.c | 43 +++++++++++++++++++++++--------------------
1 file changed, 23 insertions(+), 20 deletions(-)
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 5d0ff76..df23156 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -31,14 +31,14 @@
#define X448_KEYLEN 56
#define X25519_KEYBITS 256
#define X448_KEYBITS 448
-#define MAX_KEYLEN 57
+#define ECX_MAX_KEYLEN 57
#define UADK_E_SUCCESS 1
#define UADK_E_FAIL 0
-typedef struct {
- unsigned char pubkey[MAX_KEYLEN];
+struct ecx_key {
+ unsigned char pubkey[ECX_MAX_KEYLEN];
unsigned char *privkey;
-} ECX_KEY;
+};
struct ecx_ctx {
handle_t sess;
@@ -224,12 +224,12 @@ static int ecx_get_nid(EVP_PKEY_CTX *ctx)
return nid;
}
-static int ecx_create_privkey(ECX_KEY **ecx_key, int key_size)
+static int ecx_create_privkey(struct ecx_key **ecx_key, int key_size)
{
unsigned char *privkey;
int ret;
- *ecx_key = OPENSSL_zalloc(sizeof(ECX_KEY));
+ *ecx_key = OPENSSL_zalloc(sizeof(struct ecx_key));
if (!(*ecx_key)) {
fprintf(stderr, "failed to alloc ecx_key\n");
return UADK_E_FAIL;
@@ -259,7 +259,8 @@ free_ecx_key:
return UADK_E_FAIL;
}
-static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
+static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx,
+ struct ecx_key *ecx_key)
{
handle_t sess = ecx_ctx->sess;
struct wd_ecc_key *ecc_key;
@@ -280,14 +281,14 @@ static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
}
static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx,
- struct wd_ecc_req *req, ECX_KEY *ecx_key)
+ struct wd_ecc_req *req, struct ecx_key *ecx_key)
{
struct wd_ecc_point *pubkey = NULL;
int key_size = ecx_ctx->key_size;
int ret;
wd_ecxdh_get_out_params(req->dst, &pubkey);
- if (key_size > MAX_KEYLEN) {
+ if (key_size > ECX_MAX_KEYLEN) {
fprintf(stderr, "invalid key size, key_size = %d\n", key_size);
return UADK_E_FAIL;
}
@@ -368,8 +369,8 @@ static int openssl_do_ecx_genkey(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
static int x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
struct ecx_ctx *keygen_ctx = NULL;
+ struct ecx_key *ecx_key = NULL;
struct wd_ecc_req req = {0};
- ECX_KEY *ecx_key = NULL;
int ret;
ret = ecx_genkey_check(ctx, pkey);
@@ -426,8 +427,8 @@ do_soft:
static int x448_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
struct ecx_ctx *keygen_ctx = NULL;
+ struct ecx_key *ecx_key = NULL;
struct wd_ecc_req req = {0};
- ECX_KEY *ecx_key = NULL;
int ret;
ret = ecx_genkey_check(ctx, pkey);
@@ -482,12 +483,13 @@ do_soft:
}
static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req,
- ECX_KEY *peer_ecx_key, ECX_KEY *ecx_key)
+ struct ecx_key *peer_ecx_key,
+ struct ecx_key *ecx_key)
{
int key_size = ecx_ctx->key_size;
+ char buf_y[ECX_MAX_KEYLEN] = {0};
handle_t sess = ecx_ctx->sess;
struct wd_ecc_point in_pubkey;
- char buf_y[MAX_KEYLEN] = {0};
struct wd_ecc_out *ecx_out;
struct wd_ecc_in *ecx_in;
int ret;
@@ -542,7 +544,8 @@ static void ecx_compkey_uninit_iot(handle_t sess, struct wd_ecc_req *req)
wd_ecc_del_in(sess, req->src);
}
-static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
+static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx,
+ struct ecx_key *ecx_key)
{
int key_size = ecx_ctx->key_size;
handle_t sess = ecx_ctx->sess;
@@ -576,8 +579,8 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
return UADK_E_SUCCESS;
}
-static int ecx_get_key(EVP_PKEY_CTX *ctx, ECX_KEY **ecx_key,
- ECX_KEY **peer_ecx_key)
+static int ecx_get_key(EVP_PKEY_CTX *ctx, struct ecx_key **ecx_key,
+ struct ecx_key **peer_ecx_key)
{
EVP_PKEY *pkey, *peer_key;
@@ -623,11 +626,11 @@ static void x25519_pad_out_key(unsigned char *dst_key, unsigned char *src_key,
static int x25519_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
+ struct ecx_key *peer_ecx_key = NULL;
struct wd_ecc_point *s_key = NULL;
struct ecx_ctx *derive_ctx = NULL;
- ECX_KEY *peer_ecx_key = NULL;
+ struct ecx_key *ecx_key = NULL;
struct wd_ecc_req req = {0};
- ECX_KEY *ecx_key = NULL;
int ret;
ret = x25519_init(ctx);
@@ -709,11 +712,11 @@ static void x448_pad_out_key(unsigned char *dst_key, unsigned char *src_key,
static int x448_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
+ struct ecx_key *peer_ecx_key = NULL;
struct wd_ecc_point *s_key = NULL;
struct ecx_ctx *derive_ctx = NULL;
- ECX_KEY *peer_ecx_key = NULL;
+ struct ecx_key *ecx_key = NULL;
struct wd_ecc_req req = {0};
- ECX_KEY *ecx_key = NULL;
int ret;
ret = x448_init(ctx);
--
2.27.0

76
0049-uadk_engine-remove-redundant-extern.patch
View File

@ -1,76 +0,0 @@
From 55edca5dd3c13ff623c078eaea2dfb9a7f444eb7 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:06:29 +0800
Subject: [PATCH 49/57] uadk_engine: remove redundant extern
Remove the "extern" keyword before function declaration in
the header file. Because the function in header file is
'extern' by default, there is no need to specify explicitly.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk.h | 24 ++++++++++++------------
src/uadk_async.h | 16 ++++++++--------
2 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h
index e2635d4..0188f0b 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -32,16 +32,16 @@ enum {
};
extern const char *engine_uadk_id;
-extern int uadk_e_bind_cipher(ENGINE *e);
-extern void uadk_e_destroy_cipher(void);
-extern int uadk_e_bind_digest(ENGINE *e);
-extern void uadk_e_destroy_digest(void);
-extern int uadk_e_bind_rsa(ENGINE *e);
-extern void uadk_e_destroy_rsa(void);
-extern int uadk_e_bind_dh(ENGINE *e);
-extern void uadk_e_destroy_dh(void);
-extern int uadk_e_bind_ecc(ENGINE *e);
-extern void uadk_e_destroy_ecc(void);
-extern int uadk_e_is_env_enabled(const char *alg_name);
-extern int uadk_e_set_env(const char *var_name, int numa_id);
+int uadk_e_bind_cipher(ENGINE *e);
+void uadk_e_destroy_cipher(void);
+int uadk_e_bind_digest(ENGINE *e);
+void uadk_e_destroy_digest(void);
+int uadk_e_bind_rsa(ENGINE *e);
+void uadk_e_destroy_rsa(void);
+int uadk_e_bind_dh(ENGINE *e);
+void uadk_e_destroy_dh(void);
+int uadk_e_bind_ecc(ENGINE *e);
+void uadk_e_destroy_ecc(void);
+int uadk_e_is_env_enabled(const char *alg_name);
+int uadk_e_set_env(const char *var_name, int numa_id);
#endif
diff --git a/src/uadk_async.h b/src/uadk_async.h
index d2a7e16..78f7a21 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -65,12 +65,12 @@ struct async_poll_queue {
pthread_t thread_id;
};
-extern int async_setup_async_event_notification(struct async_op *op);
-extern int async_clear_async_event_notification(void);
-extern int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
-extern void async_register_poll_fn(int type, async_recv_t func);
-extern void async_module_init(void);
-extern int async_wake_job(ASYNC_JOB *job);
-extern void async_free_poll_task(int id, bool is_cb);
-extern int async_get_free_task(int *id);
+int async_setup_async_event_notification(struct async_op *op);
+int async_clear_async_event_notification(void);
+int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
+void async_register_poll_fn(int type, async_recv_t func);
+void async_module_init(void);
+int async_wake_job(ASYNC_JOB *job);
+void async_free_poll_task(int id, bool is_cb);
+int async_get_free_task(int *id);
#endif
--
2.27.0

212
0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch
View File

@ -1,212 +0,0 @@
From ba0a9ede4f72387f065e88c054e35dc6fdb59079 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:10:47 +0800
Subject: [PATCH 50/57] uadk_engine: add timeout protection mechanism in poll
Count the cycle times of poll. When the count times exceed the
maximum number, exit to prevent the task from timeout.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_cipher.c | 13 ++++++++-----
src/uadk_dh.c | 11 +++++++----
src/uadk_digest.c | 11 +++++++----
src/uadk_pkey.c | 13 ++++++++-----
src/uadk_rsa.c | 11 +++++++----
5 files changed, 37 insertions(+), 22 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 472c0ad..54d0a7d 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -517,7 +517,7 @@ static int uadk_e_cipher_poll(void *ctx)
do {
ret = wd_cipher_poll_ctx(idx, expt, &recv);
- if (recv >= expt)
+ if (recv == expt)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -530,18 +530,21 @@ static int uadk_e_cipher_poll(void *ctx)
static int uadk_e_cipher_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
- /* poll one packet currently */
+ /* Poll one packet currently */
int expt = 1;
int ret;
do {
ret = wd_cipher_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_cipher_env_init(struct uacce_dev *dev)
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 893b0f2..cf319e5 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -212,7 +212,7 @@ static int uadk_e_dh_poll(void *ctx)
do {
ret = wd_dh_poll_ctx(idx, expect, &recv);
- if (recv >= expect)
+ if (recv == expect)
return UADK_E_POLL_SUCCESS;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -273,6 +273,7 @@ static struct dh_res_config dh_res_config = {
static int uadk_e_dh_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
/* Poll one packet currently */
int expt = 1;
@@ -280,11 +281,13 @@ static int uadk_e_dh_env_poll(void *ctx)
do {
ret = wd_dh_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_dh_env_init(struct uacce_dev *dev)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 8127373..853aa39 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -343,7 +343,7 @@ static int uadk_e_digest_poll(void *ctx)
do {
ret = wd_digest_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv >= expt)
+ if (recv == expt)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -356,6 +356,7 @@ static int uadk_e_digest_poll(void *ctx)
static int uadk_e_digest_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
/* Poll one packet currently */
int expt = 1;
@@ -363,11 +364,13 @@ static int uadk_e_digest_env_poll(void *ctx)
do {
ret = wd_digest_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_digest_env_init(struct uacce_dev *dev)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index a0b74af..9a3a725 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -110,7 +110,7 @@ static int uadk_ecc_poll(void *ctx)
do {
ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv >= expt)
+ if (recv == expt)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -143,18 +143,21 @@ int uadk_e_ecc_get_numa_id(void)
static int uadk_e_ecc_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
- /* poll one packet currently */
+ /* Poll one packet currently */
int expt = 1;
int ret;
do {
ret = wd_ecc_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 29b2521..a74343f 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -663,7 +663,7 @@ static int uadk_e_rsa_poll(void *ctx)
do {
ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv >= expt)
+ if (recv == expt)
return UADK_E_POLL_SUCCESS;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -689,6 +689,7 @@ static struct rsa_res_config rsa_res_config = {
static int uadk_e_rsa_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
/* Poll one packet currently */
int expt = 1;
@@ -696,11 +697,13 @@ static int uadk_e_rsa_env_poll(void *ctx)
do {
ret = wd_rsa_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_rsa_env_init(struct uacce_dev *dev)
--
2.27.0

272
0051-rsa-cleanup-redundant-BN-operation.patch
View File

@ -1,272 +0,0 @@
From 25b026f401195e0385fc575c51752e1c0c731394 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:13:09 +0800
Subject: [PATCH 51/57] rsa: cleanup redundant BN operation
Remove redundant codes for big number and rsa crt
mode judgment.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 92 ++++++++++++++++++++++----------------------------
1 file changed, 40 insertions(+), 52 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index a74343f..f95632b 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -871,8 +871,8 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
int is_crt)
{
unsigned int key_size = bits >> BIT_BYTES_SHIFT;
- struct uadk_rsa_sess *rsa_sess;
struct sched_params params = {0};
+ struct uadk_rsa_sess *rsa_sess;
rsa_sess = rsa_new_eng_session(rsa);
if (!rsa_sess)
@@ -882,11 +882,7 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
rsa_sess->setup.key_bits = key_size << BIT_BYTES_SHIFT;
params.numa_id = g_rsa_res.numa_id;
rsa_sess->setup.sched_param = &params;
-
- if (is_crt)
- rsa_sess->setup.is_crt = IS_SET;
- else
- rsa_sess->setup.is_crt = UN_SET;
+ rsa_sess->setup.is_crt = is_crt;
rsa_sess->sess = wd_rsa_alloc_sess(&rsa_sess->setup);
if (!rsa_sess->sess) {
@@ -1377,10 +1373,8 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess,
rsa, bn_param);
- if (!ret) {
+ if (!ret)
ret = UADK_DO_SOFT;
- goto free_kg_in_out;
- }
free_kg_in_out:
rsa_free_keygen_data(rsa_sess);
@@ -1398,11 +1392,11 @@ exe_soft:
static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
+ struct rsa_pubkey_param *pub_enc = NULL;
struct uadk_rsa_sess *rsa_sess = NULL;
- struct rsa_pubkey_param *pub = NULL;
unsigned char *from_buf = NULL;
int num_bytes, is_crt, ret;
- BIGNUM *ret_bn = NULL;
+ BIGNUM *enc_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret || ret == SOFT)
@@ -1412,7 +1406,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
if (ret)
goto exe_soft;
- ret = rsa_pkey_param_alloc(&pub, NULL);
+ ret = rsa_pkey_param_alloc(&pub_enc, NULL);
if (ret == -ENOMEM)
goto exe_soft;
@@ -1424,7 +1418,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
goto free_pkey;
}
- ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes);
+ ret = rsa_create_pub_bn_ctx(rsa, pub_enc, &from_buf, &num_bytes);
if (ret <= 0 || flen > num_bytes) {
ret = UADK_DO_SOFT;
goto free_sess;
@@ -1436,7 +1430,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
goto free_buf;
}
- ret = rsa_fill_pubkey(pub, rsa_sess, from_buf, to);
+ ret = rsa_fill_pubkey(pub_enc, rsa_sess, from_buf, to);
if (!ret) {
ret = UADK_DO_SOFT;
goto free_buf;
@@ -1448,27 +1442,25 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
+ enc_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
rsa_sess->req.dst_bytes, NULL);
- if (!ret_bn) {
+ if (!enc_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
- ret = BN_bn2binpad(ret_bn, to, num_bytes);
- if (ret == -1) {
+ ret = BN_bn2binpad(enc_bn, to, num_bytes);
+ if (ret == -1)
ret = UADK_DO_SOFT;
- goto free_bn;
- }
-free_bn:
- BN_free(ret_bn);
+ BN_free(enc_bn);
+
free_buf:
rsa_free_pub_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
free_pkey:
- rsa_pkey_param_free(&pub, NULL);
+ rsa_pkey_param_free(&pub_enc, NULL);
if (ret != UADK_DO_SOFT)
return ret;
exe_soft:
@@ -1484,7 +1476,7 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
unsigned char *from_buf = NULL;
struct uadk_rsa_sess *rsa_sess;
int num_bytes, len, ret;
- BIGNUM *ret_bn = NULL;
+ BIGNUM *dec_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret || ret == SOFT)
@@ -1526,27 +1518,25 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
+ dec_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
rsa_sess->req.dst_bytes, NULL);
- if (!ret_bn) {
+ if (!dec_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
- len = BN_bn2binpad(ret_bn, from_buf, num_bytes);
+ len = BN_bn2binpad(dec_bn, from_buf, num_bytes);
if (!len) {
ret = UADK_DO_SOFT;
- goto free_bn;
+ goto free_dec_bn;
}
ret = check_rsa_pridec_padding(to, num_bytes, from_buf, len, padding);
- if (!ret) {
+ if (!ret)
ret = UADK_DO_SOFT;
- goto free_bn;
- }
-free_bn:
- BN_free(ret_bn);
+free_dec_bn:
+ BN_free(dec_bn);
free_buf:
rsa_free_pri_bn_ctx(&from_buf);
free_sess:
@@ -1567,7 +1557,7 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
struct uadk_rsa_sess *rsa_sess = NULL;
struct rsa_prikey_param *pri = NULL;
unsigned char *from_buf = NULL;
- BIGNUM *ret_bn = NULL;
+ BIGNUM *sign_bn = NULL;
BIGNUM *to_bn = NULL;
BIGNUM *res = NULL;
int num_bytes, ret;
@@ -1616,9 +1606,9 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
+ sign_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
rsa_sess->req.dst_bytes, NULL);
- if (!ret_bn) {
+ if (!sign_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
@@ -1626,10 +1616,10 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
to_bn = BN_bin2bn(from_buf, num_bytes, NULL);
if (!to_bn) {
ret = UADK_DO_SOFT;
- goto free_ret_bn;
+ goto free_sign_bn;
}
- ret = rsa_get_sign_res(padding, to_bn, pri->n, ret_bn, &res);
+ ret = rsa_get_sign_res(padding, to_bn, pri->n, sign_bn, &res);
if (!ret) {
ret = UADK_DO_SOFT;
goto free_to_bn;
@@ -1639,8 +1629,8 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
free_to_bn:
BN_free(to_bn);
-free_ret_bn:
- BN_free(ret_bn);
+free_sign_bn:
+ BN_free(sign_bn);
free_buf:
rsa_free_pri_bn_ctx(&from_buf);
free_sess:
@@ -1662,7 +1652,7 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
struct rsa_pubkey_param *pub = NULL;
int num_bytes, is_crt, len, ret;
unsigned char *from_buf = NULL;
- BIGNUM *ret_bn = NULL;
+ BIGNUM *verify_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret)
@@ -1705,33 +1695,31 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
+ verify_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
rsa_sess->req.dst_bytes, NULL);
- if (!ret_bn) {
+ if (!verify_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
- ret = rsa_get_verify_res(padding, pub->n, ret_bn);
+ ret = rsa_get_verify_res(padding, pub->n, verify_bn);
if (!ret) {
ret = UADK_DO_SOFT;
- goto free_bn;
+ goto free_verify_bn;
}
- len = BN_bn2binpad(ret_bn, from_buf, num_bytes);
+ len = BN_bn2binpad(verify_bn, from_buf, num_bytes);
if (!len) {
ret = UADK_DO_SOFT;
- goto free_bn;
+ goto free_verify_bn;
}
ret = check_rsa_pubdec_padding(to, num_bytes, from_buf, len, padding);
- if (!ret) {
+ if (!ret)
ret = UADK_DO_SOFT;
- goto free_bn;
- }
-free_bn:
- BN_free(ret_bn);
+free_verify_bn:
+ BN_free(verify_bn);
free_buf:
rsa_free_pub_bn_ctx(&from_buf);
free_sess:
--
2.27.0

189
0052-rsa-bugfix-memory-leak-in-genkey-process.patch
View File

@ -1,189 +0,0 @@
From 8d27c38b9bbf0dee3ba17aac4d1bf9529bdafdea Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:15:05 +0800
Subject: [PATCH 52/57] rsa: bugfix memory leak in genkey process
The process of releasing keygen parameter is supplemented:
When an abnormal situation occurs, uadk engine needs to switch
to software keygen function, so we need to free BN ctx we alloced
before. But in normal situation, the BN ctx should be freed by
OpenSSL tools or users, because the OpenSSL tool, for example,
genrsa, has implemented the free operation, we should not free
it again.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/e_uadk.c | 3 +--
src/uadk_rsa.c | 57 ++++++++++++++++++++++++++------------------------
2 files changed, 31 insertions(+), 29 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 58a10de..23fe0f2 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -333,8 +333,7 @@ static void bind_fn_uadk_alg(ENGINE *e)
}
/*
- * This stuff is needed if this ENGINE is being
- * compiled into a self-contained shared-library.
+ * Connect uadk_engine to OpenSSL engine library.
*/
static int bind_fn(ENGINE *e, const char *id)
{
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index f95632b..5b23dab 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -968,15 +968,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,
return UADK_E_SUCCESS;
}
-static int rsa_get_keygen_param(struct wd_rsa_req *req,
- handle_t ctx, RSA *rsa,
- struct rsa_keygen_param_bn *bn_param)
+static int rsa_get_keygen_param(struct wd_rsa_req *req, handle_t ctx, RSA *rsa,
+ struct rsa_keygen_param_bn *bn_param, BN_CTX **bn_ctx_in)
{
struct wd_rsa_kg_out *out = (struct wd_rsa_kg_out *)req->dst;
struct wd_dtb wd_d, wd_n, wd_qinv, wd_dq, wd_dp;
BIGNUM *dmp1, *dmq1, *iqmp, *n, *d;
unsigned int key_bits, key_size;
- BN_CTX *bn_ctx;
+ BN_CTX *bn_ctx = *bn_ctx_in;
key_bits = wd_rsa_get_key_bits(ctx);
if (!key_bits)
@@ -986,30 +985,25 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
wd_rsa_get_kg_out_params(out, &wd_d, &wd_n);
wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp);
- bn_ctx = BN_CTX_new();
- if (!bn_ctx)
- return UADK_E_FAIL;
-
- BN_CTX_start(bn_ctx);
dmp1 = BN_CTX_get(bn_ctx);
if (!dmp1)
- goto free_bn_ctx;
+ return UADK_E_FAIL;
dmq1 = BN_CTX_get(bn_ctx);
if (!dmq1)
- goto free_bn_ctx;
+ return UADK_E_FAIL;
iqmp = BN_CTX_get(bn_ctx);
if (!iqmp)
- goto free_bn_ctx;
+ return UADK_E_FAIL;
n = BN_CTX_get(bn_ctx);
if (!n)
- goto free_bn_ctx;
+ return UADK_E_FAIL;
d = BN_CTX_get(bn_ctx);
if (!d)
- goto free_bn_ctx;
+ return UADK_E_FAIL;
BN_bin2bn((unsigned char *)wd_d.data, key_size, d);
BN_bin2bn((unsigned char *)wd_n.data, key_size, n);
@@ -1020,15 +1014,9 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
if (!(RSA_set0_key(rsa, n, bn_param->e, d) &&
RSA_set0_factors(rsa, bn_param->p, bn_param->q) &&
RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)))
- goto free_bn_ctx;
+ return UADK_E_FAIL;
return UADK_E_SUCCESS;
-
-free_bn_ctx:
- BN_CTX_end(bn_ctx);
- BN_CTX_free(bn_ctx);
-
- return UADK_E_FAIL;
}
static void uadk_e_rsa_cb(void *req_t)
@@ -1179,7 +1167,7 @@ static void rsa_free_keygen_data(struct uadk_rsa_sess *rsa_sess)
static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
struct rsa_keygen_param_bn **keygen_bn_param,
- struct rsa_keypair **key_pair)
+ struct rsa_keypair **key_pair, BN_CTX **bn_ctx_in)
{
BN_CTX *bn_ctx;
@@ -1201,6 +1189,8 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
goto free_key_pair;
BN_CTX_start(bn_ctx);
+ *bn_ctx_in = bn_ctx;
+
(*keygen_bn_param)->e = BN_CTX_get(bn_ctx);
if (!(*keygen_bn_param)->e)
goto free_bn_ctx;
@@ -1230,8 +1220,21 @@ err:
static void rsa_keygen_param_free(struct rsa_keygen_param **keygen_param,
struct rsa_keygen_param_bn **keygen_bn_param,
- struct rsa_keypair **key_pair)
+ struct rsa_keypair **key_pair, BN_CTX **bn_ctx,
+ int free_bn_ctx_tag)
{
+ /*
+ * When an abnormal situation occurs, uadk engine needs
+ * to switch to software keygen function, so we need to
+ * free BN ctx we alloced before. But in normal situation,
+ * the BN ctx should be freed by OpenSSL tools or users.
+ * Therefore, we use a tag to distinguish these cases.
+ */
+ if (free_bn_ctx_tag == UADK_DO_SOFT) {
+ BN_CTX_end(*bn_ctx);
+ BN_CTX_free(*bn_ctx);
+ }
+
OPENSSL_free(*keygen_bn_param);
OPENSSL_free(*keygen_param);
OPENSSL_free(*key_pair);
@@ -1327,6 +1330,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
struct rsa_keygen_param_bn *bn_param = NULL;
struct uadk_rsa_sess *rsa_sess = NULL;
struct rsa_keypair *key_pair = NULL;
+ BN_CTX *bn_ctx = NULL;
int is_crt = 1;
int ret;
@@ -1338,7 +1342,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
if (ret)
goto exe_soft;
- ret = rsa_keygen_param_alloc(&keygen_param, &bn_param, &key_pair);
+ ret = rsa_keygen_param_alloc(&keygen_param, &bn_param, &key_pair, &bn_ctx);
if (ret == -ENOMEM)
goto exe_soft;
@@ -1371,8 +1375,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
goto free_kg_in_out;
}
- ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess,
- rsa, bn_param);
+ ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess, rsa, bn_param, &bn_ctx);
if (!ret)
ret = UADK_DO_SOFT;
@@ -1381,7 +1384,7 @@ free_kg_in_out:
free_sess:
rsa_free_eng_session(rsa_sess);
free_keygen:
- rsa_keygen_param_free(&keygen_param, &bn_param, &key_pair);
+ rsa_keygen_param_free(&keygen_param, &bn_param, &key_pair, &bn_ctx, ret);
if (ret != UADK_DO_SOFT)
return ret;
exe_soft:
--
2.27.0

97
0053-rsa-remove-unused-software-method.patch
View File

@ -1,97 +0,0 @@
From ff703a9aa6a0a2dada51b7bf88cc9e1a8ce2d6cd Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:16:59 +0800
Subject: [PATCH 53/57] rsa: remove unused software method
Switching to software methods in abnormal scenarios has been
implemented in other functions, uadk_e_get_rsa_sw_methods()
is actually unused, so we remove it.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 49 +++++--------------------------------------------
1 file changed, 5 insertions(+), 44 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 5b23dab..7983bc0 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -53,7 +53,6 @@
#define ENV_ENABLED 1
static RSA_METHOD *rsa_hw_meth;
-static RSA_METHOD *rsa_sw_meth;
struct bignum_st {
BN_ULONG *d;
@@ -1737,25 +1736,11 @@ exe_soft:
(flen, from, to, rsa, padding);
}
-static RSA_METHOD *uadk_e_get_rsa_sw_methods(void)
-{
- /* meth: default rsa software method */
- const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
-
- rsa_sw_meth = RSA_meth_new("rsa soft method", 0);
- (void)RSA_meth_set_pub_enc(rsa_sw_meth, RSA_meth_get_pub_enc(meth));
- (void)RSA_meth_set_priv_enc(rsa_sw_meth, RSA_meth_get_priv_enc(meth));
- (void)RSA_meth_set_pub_dec(rsa_sw_meth, RSA_meth_get_pub_dec(meth));
- (void)RSA_meth_set_priv_dec(rsa_sw_meth, RSA_meth_get_priv_dec(meth));
- (void)RSA_meth_set_keygen(rsa_sw_meth, uadk_e_soft_rsa_keygen);
- (void)RSA_meth_set_mod_exp(rsa_sw_meth, RSA_meth_get_mod_exp(meth));
- (void)RSA_meth_set_bn_mod_exp(rsa_sw_meth,
- RSA_meth_get_bn_mod_exp(meth));
-
- return rsa_sw_meth;
-}
-
-static RSA_METHOD *uadk_e_get_rsa_hw_methods(void)
+/**
+ * uadk_get_rsa_method() - Set rsa hardware methods of the RSA implementation which
+ * can be called from ENGINE structure.
+ */
+static RSA_METHOD *uadk_e_get_rsa_methods(void)
{
if (rsa_hw_meth)
return rsa_hw_meth;
@@ -1780,36 +1765,12 @@ static RSA_METHOD *uadk_e_get_rsa_hw_methods(void)
return rsa_hw_meth;
}
-/**
- * uadk_get_rsa_method() - Set rsa methods of the RSA implementation which
- * can be called from ENGINE structure.
- */
-static RSA_METHOD *uadk_e_get_rsa_methods(void)
-{
- struct uacce_dev *dev;
-
- dev = wd_get_accel_dev("rsa");
- if (!dev)
- return uadk_e_get_rsa_sw_methods();
-
- free(dev);
- return uadk_e_get_rsa_hw_methods();
-}
-
static void uadk_e_delete_rsa_meth(void)
{
- if (!rsa_hw_meth && !rsa_sw_meth)
- return;
-
if (rsa_hw_meth) {
RSA_meth_free(rsa_hw_meth);
rsa_hw_meth = NULL;
}
-
- if (rsa_sw_meth) {
- RSA_meth_free(rsa_sw_meth);
- rsa_sw_meth = NULL;
- }
}
/**
--
2.27.0

26
0054-doc-Modify-maintainers.patch
View File

@ -1,26 +0,0 @@
From 9dd29d1cfd3b3038bc8a347c51f1f176c28ec0b5 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Mon, 25 Jul 2022 11:42:11 +0800
Subject: [PATCH 54/57] doc: Modify maintainers
Personnel change, replace a maintainer.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
docs/maintenance.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/maintenance.md b/docs/maintenance.md
index 50ed1fe..1a563ce 100644
--- a/docs/maintenance.md
+++ b/docs/maintenance.md
@@ -28,5 +28,5 @@ sudo test/sanity_test.sh
```
Zhangfei Gao <zhangfei.gao@linaro.org>
Zhou Wang <wangzhou1@hisilicon.com>
-Hui Tang <tanghui20@huawei.com>
+Zhiqi Song <songzhiqi1@huawei.com>
```
--
2.27.0

52
0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch
View File

@ -1,52 +0,0 @@
From 623c8687b64381b0dc454ea2d2c81ee5f6bfdbc7 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Tue, 26 Jul 2022 10:39:01 +0800
Subject: [PATCH 55/57] rsa: modify the default algorithm of keygen soft
algorithm
When the hardware algorithm execution fails, the engine needs to
switch to the soft algorithm execution, and the callback needs to
be modified to the soft algorithm to prevent it from being
re-transferred to the hardware interface.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_rsa.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 7983bc0..03f2ce5 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -140,6 +140,8 @@ enum {
MAX_CODE,
};
+static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+
static int rsa_check_bit_useful(const int bits, int flen)
{
if (flen > bits)
@@ -1100,10 +1102,19 @@ err:
static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
{
+ const RSA_METHOD *default_meth = RSA_PKCS1_OpenSSL();
int ret;
+ if (!default_meth) {
+ fprintf(stderr, "failed to get soft method.\n");
+ return UADK_E_FAIL;
+ }
+
UNUSED(cb);
+ (void)RSA_meth_set_keygen(rsa_hw_meth,
+ RSA_meth_get_keygen(default_meth));
ret = RSA_generate_key_ex(rsa, bits, e, NULL);
+ (void)RSA_meth_set_keygen(rsa_hw_meth, uadk_e_rsa_keygen);
return ret;
}
--
2.27.0

224
0056-engine-initialize-resources-only-once.patch
View File

@ -1,224 +0,0 @@
From 0245d700da510dd54926eab3fb9377bde991024f Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Tue, 26 Jul 2022 10:54:03 +0800
Subject: [PATCH 56/57] engine: initialize resources only once
If multiple threads load the engine repeatedly, the
poll_queue and global locks in the algorithm API are
repeatedly initialized. As a result, tasks of other
threads are abnormal.
Therefore, this patch moves resource initialization
to the function 'uadk_init' and only initialize once.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/e_uadk.c | 37 +++++++++++++++++++++++++++++++++----
src/uadk.h | 5 +++++
src/uadk_cipher.c | 7 +++++--
src/uadk_dh.c | 7 +++++--
src/uadk_digest.c | 7 +++++--
src/uadk_pkey.c | 7 +++++--
src/uadk_rsa.c | 6 ++++--
7 files changed, 62 insertions(+), 14 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 23fe0f2..1b95284 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -43,6 +43,8 @@ static int uadk_digest;
static int uadk_rsa;
static int uadk_dh;
static int uadk_ecc;
+static int uadk_inited;
+static pthread_mutex_t uadk_engine_mutex = PTHREAD_MUTEX_INITIALIZER;
#ifdef KAE
static int uadk_cipher_nosva;
@@ -219,12 +221,41 @@ static int uadk_destroy(ENGINE *e)
uadk_e_destroy_ecc();
if (uadk_dh)
uadk_e_destroy_dh();
+
+ pthread_mutex_lock(&uadk_engine_mutex);
+ uadk_inited = 0;
+ pthread_mutex_unlock(&uadk_engine_mutex);
+
return 1;
}
-
static int uadk_init(ENGINE *e)
{
+ int ret;
+
+ pthread_mutex_lock(&uadk_engine_mutex);
+ if (uadk_inited) {
+ pthread_mutex_unlock(&uadk_engine_mutex);
+ return 1;
+ }
+
+ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc)
+ async_module_init();
+
+ if (uadk_digest)
+ uadk_e_digest_lock_init();
+ if (uadk_cipher)
+ uadk_e_cipher_lock_init();
+ if (uadk_rsa)
+ uadk_e_rsa_lock_init();
+ if (uadk_dh)
+ uadk_e_dh_lock_init();
+ if (uadk_ecc)
+ uadk_e_ecc_lock_init();
+
+ uadk_inited = 1;
+ pthread_mutex_unlock(&uadk_engine_mutex);
+
return 1;
}
@@ -360,10 +391,8 @@ static int bind_fn(ENGINE *e, const char *id)
#endif
bind_fn_uadk_alg(e);
- if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) {
- async_module_init();
+ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc)
pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler);
- }
ret = ENGINE_set_ctrl_function(e, uadk_engine_ctrl);
if (ret != 1) {
diff --git a/src/uadk.h b/src/uadk.h
index 0188f0b..cd3447c 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -44,4 +44,9 @@ int uadk_e_bind_ecc(ENGINE *e);
void uadk_e_destroy_ecc(void);
int uadk_e_is_env_enabled(const char *alg_name);
int uadk_e_set_env(const char *var_name, int numa_id);
+void uadk_e_ecc_lock_init(void);
+void uadk_e_rsa_lock_init(void);
+void uadk_e_dh_lock_init(void);
+void uadk_e_cipher_lock_init(void);
+void uadk_e_digest_lock_init(void);
#endif
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 54d0a7d..c5bc7af 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -1076,8 +1076,6 @@ int uadk_e_bind_cipher(ENGINE *e)
if (platform > KUNPENG920)
bind_v3_cipher();
- pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
-
return ENGINE_set_ciphers(e, uadk_e_engine_ciphers);
}
@@ -1160,3 +1158,8 @@ void uadk_e_destroy_cipher(void)
if (platform > KUNPENG920)
destroy_v3_cipher();
}
+
+void uadk_e_cipher_lock_init(void)
+{
+ pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
+}
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index cf319e5..37f84e9 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -902,8 +902,6 @@ static void uadk_e_delete_dh_meth(void)
int uadk_e_bind_dh(ENGINE *e)
{
- pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE);
-
return ENGINE_set_DH(e, uadk_e_get_dh_methods());
}
@@ -913,3 +911,8 @@ void uadk_e_destroy_dh(void)
uadk_e_delete_dh_meth();
uadk_e_wd_dh_uninit();
}
+
+void uadk_e_dh_lock_init(void)
+{
+ pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE);
+}
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 853aa39..b2646cb 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -804,6 +804,11 @@ do { \
return 0; \
} while (0)
+void uadk_e_digest_lock_init(void)
+{
+ pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
+}
+
int uadk_e_bind_digest(ENGINE *e)
{
UADK_DIGEST_DESCR(md5, md5WithRSAEncryption, MD5_DIGEST_LENGTH,
@@ -849,8 +854,6 @@ int uadk_e_bind_digest(ENGINE *e)
uadk_e_digest_final, uadk_e_digest_cleanup,
uadk_e_digest_copy);
- pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
-
return ENGINE_set_digests(e, uadk_engine_digests);
}
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 9a3a725..211f1cc 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -615,6 +615,11 @@ static int uadk_ecc_bind_pmeth(ENGINE *e)
return ENGINE_set_pkey_meths(e, get_pkey_meths);
}
+void uadk_e_ecc_lock_init(void)
+{
+ pthread_spin_init(&ecc_res.lock, PTHREAD_PROCESS_PRIVATE);
+}
+
int uadk_e_bind_ecc(ENGINE *e)
{
int ret;
@@ -631,8 +636,6 @@ int uadk_e_bind_ecc(ENGINE *e)
return ret;
}
- pthread_spin_init(&ecc_res.lock, PTHREAD_PROCESS_PRIVATE);
-
return ret;
}
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 03f2ce5..ef1739d 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1790,8 +1790,6 @@ static void uadk_e_delete_rsa_meth(void)
*/
int uadk_e_bind_rsa(ENGINE *e)
{
- pthread_spin_init(&g_rsa_res.lock, PTHREAD_PROCESS_PRIVATE);
-
return ENGINE_set_RSA(e, uadk_e_get_rsa_methods());
}
@@ -1802,3 +1800,7 @@ void uadk_e_destroy_rsa(void)
uadk_e_rsa_uninit();
}
+void uadk_e_rsa_lock_init(void)
+{
+ pthread_spin_init(&g_rsa_res.lock, PTHREAD_PROCESS_PRIVATE);
+}
--
2.27.0

105
0057-engine-fix-function-type.patch
View File

@ -1,105 +0,0 @@
From f43d50084550042f053de2dcce03d91d5f8b040a Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Tue, 26 Jul 2022 10:58:56 +0800
Subject: [PATCH 57/57] engine: fix function type
If return type of the function 'async_module_init' is void,
when function executes failed, the app continues to execute tasks.
The process will be abnormal. Change 'async_module_init' type to int.
If function executes failed, 0 is returned.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/e_uadk.c | 16 +++++++++++++---
src/uadk_async.c | 9 +++++----
src/uadk_async.h | 2 +-
3 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 1b95284..77612d7 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -239,8 +239,14 @@ static int uadk_init(ENGINE *e)
return 1;
}
- if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc)
- async_module_init();
+ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) {
+ ret = async_module_init();
+ if (!ret) {
+ pthread_mutex_unlock(&uadk_engine_mutex);
+ fprintf(stderr, "failed to init async module!\n");
+ return 0;
+ }
+ }
if (uadk_digest)
uadk_e_digest_lock_init();
@@ -266,7 +272,11 @@ static int uadk_finish(ENGINE *e)
static void engine_init_child_at_fork_handler(void)
{
- async_module_init();
+ int ret;
+
+ ret = async_module_init();
+ if (!ret)
+ fprintf(stderr, "failed to init child async module!\n");
}
#ifdef KAE
diff --git a/src/uadk_async.c b/src/uadk_async.c
index 11d624c..3f2e1db 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -336,7 +336,7 @@ static void *async_poll_process_func(void *args)
return NULL;
}
-void async_module_init(void)
+int async_module_init(void)
{
pthread_t thread_id;
pthread_attr_t thread_attr;
@@ -344,11 +344,11 @@ void async_module_init(void)
memset(&poll_queue, 0, sizeof(struct async_poll_queue));
if (pthread_mutex_init(&(poll_queue.async_task_mutex), NULL) < 0)
- return;
+ return 0;
poll_queue.head = malloc(sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM);
if (poll_queue.head == NULL)
- return;
+ return 0;
memset(poll_queue.head, 0,
sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM);
@@ -368,8 +368,9 @@ void async_module_init(void)
poll_queue.thread_id = thread_id;
OPENSSL_atexit(async_poll_task_free);
- return;
+ return 1;
err:
async_poll_task_free();
+ return 0;
}
diff --git a/src/uadk_async.h b/src/uadk_async.h
index 78f7a21..9bae3f4 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -69,7 +69,7 @@ int async_setup_async_event_notification(struct async_op *op);
int async_clear_async_event_notification(void);
int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
void async_register_poll_fn(int type, async_recv_t func);
-void async_module_init(void);
+int async_module_init(void);
int async_wake_job(ASYNC_JOB *job);
void async_free_poll_task(int id, bool is_cb);
int async_get_free_task(int *id);
--
2.27.0

74
0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch
View File

@ -1,74 +0,0 @@
From 36ea42a1d9556e937be5ebf47f41f66b51a29cb6 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 16 Aug 2022 09:57:18 +0800
Subject: uadk_digest: fix the full mac buffer length as doing long hash
Sha224 and Sha384 need full length mac buffer as doing long hash.
Depends-on:uadk 802878d71999("digest: fix mac buffer len as long hash")
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index b2646cb..63887e7 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -484,7 +484,7 @@ static void digest_priv_ctx_setup(struct digest_priv_ctx *priv,
{
priv->setup.alg = alg;
priv->setup.mode = mode;
- priv->req.out_buf_bytes = out_len;
+ priv->req.out_buf_bytes = MAX_DIGEST_LENGTH;
priv->req.out_bytes = out_len;
}
@@ -543,15 +543,30 @@ soft_init:
return digest_soft_init(priv->soft_ctx, priv->e_nid);
}
+static void digest_update_out_length(EVP_MD_CTX *ctx)
+{
+ struct digest_priv_ctx *priv =
+ (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
+
+ /* Sha224 and Sha384 need full length mac buffer as doing long hash */
+ if (priv->e_nid == NID_sha224)
+ priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN;
+
+ if (priv->e_nid == NID_sha384)
+ priv->req.out_bytes = WD_DIGEST_SHA384_FULL_LEN;
+}
+
static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_len)
{
struct digest_priv_ctx *priv =
- (struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx);
+ (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
const unsigned char *tmpdata = (const unsigned char *)data;
size_t left_len = data_len;
int copy_to_bufflen;
int ret;
+ digest_update_out_length(ctx);
+
priv->req.has_next = DIGEST_DOING;
while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) {
@@ -708,6 +723,12 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
priv->req.in_bytes = priv->last_update_bufflen;
priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
+ if (priv->e_nid == NID_sha224)
+ priv->req.out_bytes = WD_DIGEST_SHA224_LEN;
+
+ if (priv->e_nid == NID_sha384)
+ priv->req.out_bytes = WD_DIGEST_SHA384_LEN;
+
ret = async_setup_async_event_notification(&op);
if (unlikely(!ret)) {
fprintf(stderr, "failed to setup async event notification.\n");
--
1.8.3.1

59
0059-uadk_utils-fix-x86-local-build.patch
View File

@ -1,59 +0,0 @@
From 06fd1fe00a03bfbc7430ec8e1b1f7356f47da55d Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Tue, 18 Oct 2022 15:39:11 +0800
Subject: uadk_utils: fix x86 local build
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
On x86 local build:
autoreconf -i
./configure --libdir=/usr/local/lib/engines-1.1/
make -j4
uadk_utils.c: In function uadk_memcpy:
uadk_utils.c:23:2: error: unknown register name q1 in asm
__asm__ __volatile__(
^
uadk_utils.c:23:2: error: unknown register name q0 in asm
uadk_utils.c:23:2: error: unknown register name x14 in asm
uadk_utils.c:23:2: error: unknown register name x5 in asm
uadk_utils.c:23:2: error: unknown register name x4 in asm
uadk_utils.c:23:2: error: unknown register name x3 in asm
With this patch, x86 build is OK
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk_utils.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/uadk_utils.c b/src/uadk_utils.c
index 2b34b3a..275a124 100644
--- a/src/uadk_utils.c
+++ b/src/uadk_utils.c
@@ -16,6 +16,8 @@
*/
#include "uadk_utils.h"
+#if defined(__AARCH64_CMODEL_SMALL__) && __AARCH64_CMODEL_SMALL__
+
#define UADK_MEM_IMPROVE_THRESHOLD 1024
static void *memcpy_large(void *dstpp, const void *srcpp, size_t len)
@@ -61,3 +63,12 @@ void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len)
else
return memcpy(dstpp, srcpp, len);
}
+
+#else
+
+void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len)
+{
+ return memcpy(dstpp, srcpp, len);
+}
+
+#endif
--
1.8.3.1

188
0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch
View File

@ -1,188 +0,0 @@
From 8c4f478b1e8965e592467be92d042c8b00c8c426 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:14:03 +0800
Subject: sm2: bugfix about segfault in sm2 ctrl function
When there is no available instance of hpre device, the sm2_init()
in uadk_engine will failed, the setting of sched_init() will failed,
so sched_init() will be NULL. If the sm2_ctrl() function still call
the sm2_update_sess() in this situation, and make wd_ecc_alloc_sess()
to call sched_init(), there will be a segfault.
The solution is to modify the status field of sm2_ctx, make the
variable 'init_status' to indicate the status of init operation:
'CTX_UNINIT' indicates the init operation has not been performed,
'CTX_INIT_SUCC' indicates the init operation has been succeeded,
'CTX_INIT_FAIL' indicates the init operation has been failed.
The sm2_update_sess() will only be called if the 'init_status' is
'CTX_INIT_SUCC'. Then there will be no segfault.
And when there is no available instance, it should switch to openssl
software method, so modify some return values to help finish this
process.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_sm2.c | 44 ++++++++++++++++++++++++++++++++------------
1 file changed, 32 insertions(+), 12 deletions(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index fcca9f2..8a9adca 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -25,6 +25,12 @@
#include "uadk.h"
#include "uadk_pkey.h"
+enum {
+ CTX_INIT_FAIL = -1,
+ CTX_UNINIT,
+ CTX_INIT_SUCC
+};
+
typedef struct {
/* Key and paramgen group */
EC_GROUP *gen_group;
@@ -43,7 +49,7 @@ struct sm2_ctx {
const BIGNUM *prikey;
const EC_POINT *pubkey;
BIGNUM *order;
- bool is_init;
+ int init_status;
};
typedef struct sm2_ciphertext {
@@ -165,6 +171,7 @@ static int sm2_update_sess(struct sm2_ctx *smctx)
memset(&setup, 0, sizeof(setup));
setup.alg = "sm2";
+
if (smctx->ctx.md) {
setup.hash.cb = compute_hash;
setup.hash.usr = (void *)smctx->ctx.md;
@@ -189,6 +196,7 @@ static int sm2_update_sess(struct sm2_ctx *smctx)
if (smctx->sess)
wd_ecc_free_sess(smctx->sess);
+
smctx->sess = sess;
smctx->prikey = NULL;
smctx->pubkey = NULL;
@@ -636,7 +644,7 @@ static int sm2_sign_check(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
if (!smctx || !smctx->sess) {
fprintf(stderr, "smctx or sess NULL\n");
- return -EINVAL;
+ return UADK_DO_SOFT;
}
if (sig_sz <= 0) {
@@ -676,7 +684,7 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
if (ret)
goto do_soft;
- if (!smctx->is_init) {
+ if (smctx->init_status != CTX_INIT_SUCC) {
ret = UADK_DO_SOFT;
goto do_soft;
}
@@ -744,6 +752,13 @@ static int sm2_verify_check(EVP_PKEY_CTX *ctx,
const unsigned char *tbs,
size_t tbslen)
{
+ struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx);
+
+ if (!smctx || !smctx->sess) {
+ fprintf(stderr, "smctx or sess NULL\n");
+ return UADK_DO_SOFT;
+ }
+
if (tbslen > SM2_KEY_BYTES)
return UADK_DO_SOFT;
@@ -772,7 +787,7 @@ static int sm2_verify(EVP_PKEY_CTX *ctx,
if (ret)
goto do_soft;
- if (!smctx->is_init) {
+ if (smctx->init_status != CTX_INIT_SUCC) {
ret = UADK_DO_SOFT;
goto do_soft;
}
@@ -853,7 +868,7 @@ static int sm2_encrypt_check(EVP_PKEY_CTX *ctx,
if (!smctx || !smctx->sess) {
fprintf(stderr, "smctx or sess NULL\n");
- return 0;
+ return UADK_DO_SOFT;
}
md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
@@ -897,7 +912,7 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx,
if (ret)
goto do_soft;
- if (!smctx->is_init) {
+ if (smctx->init_status != CTX_INIT_SUCC) {
ret = UADK_DO_SOFT;
goto do_soft;
}
@@ -953,7 +968,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx,
if (!smctx || !smctx->sess) {
fprintf(stderr, "smctx or sess NULL\n");
- return -EINVAL;
+ return UADK_DO_SOFT;
}
md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
@@ -1038,7 +1053,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
if (ret)
goto do_soft;
- if (!smctx->is_init) {
+ if (smctx->init_status != CTX_INIT_SUCC) {
ret = UADK_DO_SOFT;
goto do_soft;
}
@@ -1124,18 +1139,18 @@ static int sm2_init(EVP_PKEY_CTX *ctx)
ret = uadk_init_ecc();
if (ret) {
fprintf(stderr, "failed to uadk_init_ecc, ret = %d\n", ret);
- smctx->is_init = false;
+ smctx->init_status = CTX_INIT_FAIL;
goto end;
}
ret = sm2_update_sess(smctx);
if (ret) {
fprintf(stderr, "failed to update sess\n");
- smctx->is_init = false;
+ smctx->init_status = CTX_INIT_FAIL;
goto end;
}
- smctx->is_init = true;
+ smctx->init_status = CTX_INIT_SUCC;
end:
EVP_PKEY_CTX_set_data(ctx, smctx);
EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
@@ -1196,8 +1211,13 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
return 1;
case EVP_PKEY_CTRL_MD:
smctx->ctx.md = p2;
- if (sm2_update_sess(smctx))
+ if (smctx->init_status != CTX_INIT_SUCC)
+ return 1;
+
+ if (sm2_update_sess(smctx)) {
+ fprintf(stderr, "failed to set MD\n");
return 0;
+ }
return 1;
case EVP_PKEY_CTRL_GET_MD:
*(const EVP_MD **)p2 = smctx->ctx.md;
--
1.8.3.1

142
0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch
View File

@ -1,142 +0,0 @@
From e34a0bb0cc5c381f45877e05d927fd4bc5dc98f6 Mon Sep 17 00:00:00 2001
From: Hao Fang <fanghao11@huawei.com>
Date: Sat, 22 Oct 2022 15:27:20 +0800
Subject: uadk_engine: use HW_V2/HW_V3 to distinguish different hardware
platforms
Hardware version numbers are used to distinguish different hardware.
Signed-off-by: Hao Fang <fanghao11@huawei.com>
Tested-by: Junchong Pan <panjunchong@hisilicon.com>
---
src/uadk.h | 4 ++--
src/uadk_cipher.c | 22 +++++++++++-----------
test/sanity_test.sh | 8 ++++----
3 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h
index cd3447c..99c65c7 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -27,8 +27,8 @@
#define ENGINE_RECV_MAX_CNT 60000000
enum {
- KUNPENG920,
- KUNPENG930,
+ HW_V2,
+ HW_V3,
};
extern const char *engine_uadk_id;
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index c5bc7af..c6878c3 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -77,7 +77,7 @@ static int platform;
#define SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT 192
-static int cipher_920_nids[] = {
+static int cipher_hw_v2_nids[] = {
NID_aes_128_cbc,
NID_aes_192_cbc,
NID_aes_256_cbc,
@@ -93,7 +93,7 @@ static int cipher_920_nids[] = {
0,
};
-static int cipher_930_nids[] = {
+static int cipher_hw_v3_nids[] = {
NID_aes_128_cbc,
NID_aes_192_cbc,
NID_aes_256_cbc,
@@ -342,9 +342,9 @@ static int uadk_get_accel_platform(char *alg_name)
return 0;
if (!strcmp(dev->api, "hisi_qm_v2"))
- platform = KUNPENG920;
+ platform = HW_V2;
else
- platform = KUNPENG930;
+ platform = HW_V3;
free(dev);
return 1;
@@ -358,12 +358,12 @@ static int uadk_e_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
int size;
int i;
- if (platform == KUNPENG920) {
- size = (sizeof(cipher_920_nids) - 1) / sizeof(int);
- cipher_nids = cipher_920_nids;
+ if (platform == HW_V2) {
+ size = (sizeof(cipher_hw_v2_nids) - 1) / sizeof(int);
+ cipher_nids = cipher_hw_v2_nids;
} else {
- size = (sizeof(cipher_930_nids) - 1) / sizeof(int);
- cipher_nids = cipher_930_nids;
+ size = (sizeof(cipher_hw_v3_nids) - 1) / sizeof(int);
+ cipher_nids = cipher_hw_v3_nids;
}
if (!cipher) {
@@ -1073,7 +1073,7 @@ int uadk_e_bind_cipher(ENGINE *e)
}
bind_v2_cipher();
- if (platform > KUNPENG920)
+ if (platform > HW_V2)
bind_v3_cipher();
return ENGINE_set_ciphers(e, uadk_e_engine_ciphers);
@@ -1155,7 +1155,7 @@ void uadk_e_destroy_cipher(void)
pthread_spin_destroy(&engine.lock);
destroy_v2_cipher();
- if (platform > KUNPENG920)
+ if (platform > HW_V2)
destroy_v3_cipher();
}
diff --git a/test/sanity_test.sh b/test/sanity_test.sh
index 2c0c504..bdedc15 100755
--- a/test/sanity_test.sh
+++ b/test/sanity_test.sh
@@ -103,7 +103,7 @@ if [[ $algs =~ "RSA" ]]; then
openssl speed -elapsed -engine $engine_id -async_jobs 1 rsa4096
fi
-#ecdsa only supported in Kunpeng930 or later
+#ecdsa only supported in HW_V3 or later
if [[ $algs =~ "id-ecPublicKey" ]]; then
echo "testing ECDSA"
openssl speed -elapsed -engine $engine_id ecdsap224
@@ -116,21 +116,21 @@ if [[ $algs =~ "id-ecPublicKey" ]]; then
openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdsap521
fi
-#X25519 only supported in Kunpeng930 or later
+#X25519 only supported in HW_V3 or later
if [[ $algs =~ "X25519" ]]; then
echo "testing X25519"
openssl speed -elapsed -engine $engine_id ecdhx25519
openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhx25519
fi
-#X448 only supported in Kunpeng930 or later
+#X448 only supported in HW_V3 or later
if [[ $algs =~ "X448" ]]; then
echo "testing X448"
openssl speed -elapsed -engine $engine_id ecdhx448
openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhx448
fi
-#ecdh only supported in Kunpeng930 or later
+#ecdh only supported in HW_V3 or later
if [[ $algs =~ "id-ecPublicKey" ]]; then
echo "testing ECDH"
openssl speed -elapsed -engine $engine_id ecdhp192
--
1.8.3.1

73
0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch
View File

@ -1,73 +0,0 @@
From 01580bb856fe7a2206990954b38d8213efd06098 Mon Sep 17 00:00:00 2001
From: Longfang Liu <liulongfang@huawei.com>
Date: Sat, 22 Oct 2022 15:31:24 +0800
Subject: uadk/engine: update the numa parameter of the scheduler
In the scenario where multiple devices are enabled at the
same time through environment variables, fixing a numa id
will make other devices unusable. When using the default
numa parameter, the scheduler will automatically allocate
device resources according to the CPU id of the thread,
so as to realize all devices.
Signed-off-by: Longfang Liu <liulongfang@huawei.com>
---
src/uadk_cipher.c | 4 ++--
src/uadk_digest.c | 3 ++-
src/uadk_rsa.c | 4 +++-
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index c6878c3..8e8c5f3 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -469,7 +469,6 @@ static handle_t sched_single_init(handle_t h_sched_ctx, void *sched_param)
return (handle_t)0;
}
- skey->numa_id = param->numa_id;
skey->type = param->type;
return (handle_t)skey;
@@ -881,7 +880,8 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
if (ret)
params.type = 0;
- params.numa_id = engine.numa_id;
+ /* Use the default numa parameters */
+ params.numa_id = -1;
priv->setup.sched_param = &params;
if (!priv->sess) {
priv->sess = wd_cipher_alloc_sess(&priv->setup);
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 63887e7..8370490 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -523,7 +523,8 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
return 0;
}
- params.numa_id = engine.numa_id;
+ /* Use the default numa parameters */
+ params.numa_id = -1;
priv->setup.sched_param = &params;
priv->sess = wd_digest_alloc_sess(&priv->setup);
if (unlikely(!priv->sess))
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index ef1739d..74852e7 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -881,7 +881,9 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
rsa_sess->key_size = key_size;
rsa_sess->setup.key_bits = key_size << BIT_BYTES_SHIFT;
- params.numa_id = g_rsa_res.numa_id;
+
+ /* Use the default numa parameters */
+ params.numa_id = -1;
rsa_sess->setup.sched_param = &params;
rsa_sess->setup.is_crt = is_crt;
--
1.8.3.1

205
0063-uadk_engine-bugfix-side-effects-of-right-operand.patch
View File

@ -1,205 +0,0 @@
From 5b59c17f84d5a1f6e7c996a499f5a70059d89ee7 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:35:17 +0800
Subject: uadk_engine: bugfix side effects of right operand
The right operand of while condition may contains side effects,
variables change "rx_cnt++". Move 'rx_cnt++' from condition
to statement.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_cipher.c | 13 ++++++++-----
src/uadk_dh.c | 18 +++++++++++-------
src/uadk_digest.c | 13 ++++++++-----
src/uadk_pkey.c | 13 ++++++++-----
src/uadk_rsa.c | 14 +++++++++-----
5 files changed, 44 insertions(+), 27 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 8e8c5f3..9d4f692 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -516,11 +516,13 @@ static int uadk_e_cipher_poll(void *ctx)
do {
ret = wd_cipher_poll_ctx(idx, expt, &recv);
- if (recv == expt)
+ if (!ret && recv == expt)
return 0;
- else if (ret < 0 && ret != -EAGAIN)
- return ret;
- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ else if (ret == -EAGAIN)
+ rx_cnt++;
+ else
+ return -1;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -539,7 +541,8 @@ static int uadk_e_cipher_env_poll(void *ctx)
ret = wd_cipher_poll(expt, &recv);
if (ret < 0 || recv == expt)
return ret;
- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 37f84e9..2af2455 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -48,6 +48,7 @@
#define UADK_E_SUCCESS 1
#define UADK_E_FAIL 0
#define UADK_E_POLL_SUCCESS 0
+#define UADK_E_POLL_FAIL (-1)
#define UADK_E_INIT_SUCCESS 0
#define ENV_ENABLED 1
@@ -206,17 +207,19 @@ static int uadk_e_dh_poll(void *ctx)
{
__u64 rx_cnt = 0;
__u32 recv = 0;
- int expect = 1;
+ int expt = 1;
int idx = 1;
int ret;
do {
- ret = wd_dh_poll_ctx(idx, expect, &recv);
- if (recv == expect)
+ ret = wd_dh_poll_ctx(idx, expt, &recv);
+ if (!ret && recv == expt)
return UADK_E_POLL_SUCCESS;
- else if (ret < 0 && ret != -EAGAIN)
- return ret;
- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ else if (ret == -EAGAIN)
+ rx_cnt++;
+ else
+ return UADK_E_POLL_FAIL;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -283,7 +286,8 @@ static int uadk_e_dh_env_poll(void *ctx)
ret = wd_dh_poll(expt, &recv);
if (ret < 0 || recv == expt)
return ret;
- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 8370490..9568a98 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -343,11 +343,13 @@ static int uadk_e_digest_poll(void *ctx)
do {
ret = wd_digest_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv == expt)
+ if (!ret && recv == expt)
return 0;
- else if (ret < 0 && ret != -EAGAIN)
- return ret;
- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ else if (ret == -EAGAIN)
+ rx_cnt++;
+ else
+ return -1;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -366,7 +368,8 @@ static int uadk_e_digest_env_poll(void *ctx)
ret = wd_digest_poll(expt, &recv);
if (ret < 0 || recv == expt)
return ret;
- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 211f1cc..6920cff 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -110,11 +110,13 @@ static int uadk_ecc_poll(void *ctx)
do {
ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv == expt)
+ if (!ret && recv == expt)
return 0;
- else if (ret < 0 && ret != -EAGAIN)
- return ret;
- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ else if (ret == -EAGAIN)
+ rx_cnt++;
+ else
+ return -1;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -153,7 +155,8 @@ static int uadk_e_ecc_env_poll(void *ctx)
ret = wd_ecc_poll(expt, &recv);
if (ret < 0 || recv == expt)
return ret;
- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 74852e7..bcdd6bc 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -48,6 +48,7 @@
#define UADK_E_FAIL 0
#define UADK_DO_SOFT (-0xE0)
#define UADK_E_POLL_SUCCESS 0
+#define UADK_E_POLL_FAIL (-1)
#define UADK_E_INIT_SUCCESS 0
#define CHECK_PADDING_FAIL (-1)
#define ENV_ENABLED 1
@@ -664,11 +665,13 @@ static int uadk_e_rsa_poll(void *ctx)
do {
ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv == expt)
+ if (!ret && recv == expt)
return UADK_E_POLL_SUCCESS;
- else if (ret < 0 && ret != -EAGAIN)
- return ret;
- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ else if (ret == -EAGAIN)
+ rx_cnt++;
+ else
+ return UADK_E_POLL_FAIL;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -700,7 +703,8 @@ static int uadk_e_rsa_env_poll(void *ctx)
ret = wd_rsa_poll(expt, &recv);
if (ret < 0 || recv == expt)
return ret;
- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
--
1.8.3.1

118
0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch
View File

@ -1,118 +0,0 @@
From f17c89d7d27b3a728232c7e641c2978db238a2f3 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:37:45 +0800
Subject: uadk_engine: cleanup static check warning of clangtidy tool
Cleanup the following warning:
1. Parameters of function should not be used as working
variable.
2. Cleanup uninitialized value.
3. Storage class should be specified after a type.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/e_uadk.c | 6 ++----
src/uadk_cipher.c | 9 +++++----
src/uadk_ec.c | 5 +++--
src/uadk_rsa.c | 16 ++++++++--------
4 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 77612d7..21ceb86 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -89,13 +89,11 @@ static const ENGINE_CMD_DEFN g_uadk_cmd_defns[] = {
}
};
-__attribute__((constructor))
-static void uadk_constructor(void)
+static void __attribute__((constructor)) uadk_constructor(void)
{
}
-__attribute__((destructor))
-static void uadk_destructor(void)
+static void __attribute__((destructor)) uadk_destructor(void)
{
}
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 9d4f692..14e2af2 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -749,17 +749,18 @@ static void ctr_iv_inc(uint8_t *counter, __u32 c)
{
uint32_t n = CTR_128BIT_COUNTER;
uint8_t *counter1 = counter;
+ __u32 c_value = c;
/*
* Since the counter has been increased 1 by the hardware,
* so the c need to decrease 1.
*/
- c = c - 1;
+ c_value -= 1;
do {
--n;
- c += counter1[n];
- counter1[n] = (uint8_t)c;
- c >>= BYTE_BITS;
+ c_value += counter1[n];
+ counter1[n] = (uint8_t)c_value;
+ c_value >>= BYTE_BITS;
} while (n);
}
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 37683cd..247b875 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -72,14 +72,15 @@ static void init_dtb_param(void *dtb, char *start,
__u32 dsz, __u32 bsz, __u32 num)
{
struct wd_dtb *tmp = dtb;
+ char *buff = start;
int i = 0;
while (i++ < num) {
- tmp->data = start;
+ tmp->data = buff;
tmp->dsize = dsz;
tmp->bsize = bsz;
tmp += 1;
- start += bsz;
+ buff += bsz;
}
}
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index bcdd6bc..7d25338 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -932,14 +932,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,
struct rsa_prikey_param *pri,
unsigned char *in_buf, unsigned char *to)
{
- struct wd_rsa_prikey *prikey;
- struct wd_dtb *wd_dq;
- struct wd_dtb *wd_dp;
- struct wd_dtb *wd_q;
- struct wd_dtb *wd_p;
- struct wd_dtb *wd_qinv;
- struct wd_dtb *wd_d;
- struct wd_dtb *wd_n;
+ struct wd_rsa_prikey *prikey = NULL;
+ struct wd_dtb *wd_qinv = NULL;
+ struct wd_dtb *wd_dq = NULL;
+ struct wd_dtb *wd_dp = NULL;
+ struct wd_dtb *wd_q = NULL;
+ struct wd_dtb *wd_p = NULL;
+ struct wd_dtb *wd_d = NULL;
+ struct wd_dtb *wd_n = NULL;
if (!(rsa_sess->is_prikey_ready) && (pri->is_crt)) {
wd_rsa_get_prikey(rsa_sess->sess, &prikey);
--
1.8.3.1

38
0065-uadk_engine-bugfix-enable-environment-variable.patch
View File

@ -1,38 +0,0 @@
From 7ef97aab7a5cd964241fe9879588ceb54a547003 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:53:53 +0800
Subject: uadk_engine: bugfix enable environment variable
When the 'alg_name' set by the user is valid, the 'env_enabled'
field should be set or returned.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/e_uadk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 21ceb86..0a9e3e6 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -116,7 +116,7 @@ int uadk_e_is_env_enabled(const char *alg_name)
int i = 0;
while (i < len) {
- if (strcmp(uadk_env_enabled[i].alg_name, alg_name))
+ if (!strcmp(uadk_env_enabled[i].alg_name, alg_name))
return uadk_env_enabled[i].env_enabled;
i++;
}
@@ -130,7 +130,7 @@ static void uadk_e_set_env_enabled(const char *alg_name, __u8 value)
int i = 0;
while (i < len) {
- if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) {
+ if (!strcmp(uadk_env_enabled[i].alg_name, alg_name)) {
uadk_env_enabled[i].env_enabled = value;
return;
}
--
1.8.3.1

537
0066-uadk_engine-cleanup-magic-number-and-comments.patch
View File

@ -1,537 +0,0 @@
From 20049f2becb9cc339276d4839f6d9f909273f5a5 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:54:51 +0800
Subject: uadk_engine: cleanup magic number and comments
Use macros to replace magic numbers and related operations.
Simplify code comments and unify style.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_cipher.c | 4 +---
src/uadk_dh.c | 5 ++---
src/uadk_digest.c | 2 +-
src/uadk_ec.c | 51 ++++++++++++++++++++++++++-------------------------
src/uadk_ecx.c | 40 +++++++++++++++++++++++-----------------
src/uadk_pkey.c | 9 ++++-----
src/uadk_pkey.h | 6 +++++-
src/uadk_rsa.c | 25 ++++++++++---------------
src/uadk_sm2.c | 23 ++++++++++++-----------
9 files changed, 84 insertions(+), 81 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 14e2af2..de5f078 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -480,13 +480,11 @@ static __u32 sched_single_pick_next_ctx(handle_t sched_ctx,
struct sched_params *key = (struct sched_params *)sched_key;
if (sched_mode) {
- /* async */
if (key->type == WD_CIPHER_ENCRYPTION)
return CTX_ASYNC_ENC;
else
return CTX_ASYNC_DEC;
} else {
- /* sync */
if (key->type == WD_CIPHER_ENCRYPTION)
return CTX_SYNC_ENC;
else
@@ -744,7 +742,7 @@ static void async_cb(struct wd_cipher_req *req, void *data)
}
}
-/* increment counter (128-bit int) by c */
+/* Increment counter (128-bit int) by c */
static void ctr_iv_inc(uint8_t *counter, __u32 c)
{
uint32_t n = CTR_128BIT_COUNTER;
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 2af2455..6356872 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -603,7 +603,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p,
if (!ag_bin)
return UADK_E_FAIL;
- /* malloc a contiguous chunk of memory */
+ /* Malloc a contiguous chunk of memory */
apriv_key_bin = OPENSSL_malloc(key_size * DH_PARAMS_CNT);
if (!apriv_key_bin)
goto free_ag;
@@ -615,7 +615,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p,
memset(ap_bin, 0, key_size);
memset(out_pri, 0, key_size);
- /* construct data block of g */
+ /* Construct data block of g */
ret = dh_set_g(g, key_size, ag_bin, dh_sess);
if (!ret)
goto free_apriv;
@@ -623,7 +623,6 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p,
dh_sess->req.xbytes = BN_bn2bin(priv_key, apriv_key_bin);
dh_sess->req.pbytes = BN_bn2bin(p, ap_bin);
dh_sess->req.x_p = (void *)apriv_key_bin;
- /* the output from uadk */
dh_sess->req.pri = out_pri;
dh_sess->req.pri_bytes = key_size;
dh_sess->req.op_type = WD_DH_PHASE1;
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 9568a98..9d009a9 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -71,7 +71,7 @@ static struct digest_engine engine;
struct evp_md_ctx_st {
const EVP_MD *digest;
- /* functional reference if 'digest' is ENGINE-provided */
+ /* Functional reference if 'digest' is ENGINE-provided */
ENGINE *engine;
unsigned long flags;
void *md_data;
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 247b875..9b48ae7 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -27,23 +27,23 @@
#include "uadk.h"
#define ECC128BITS 128
-#define ECC192BITS 192
-#define ECC224BITS 224
-#define ECC256BITS 256
-#define ECC320BITS 320
-#define ECC384BITS 384
-#define ECC521BITS 521
+#define ECC192BITS 192
+#define ECC224BITS 224
+#define ECC256BITS 256
+#define ECC320BITS 320
+#define ECC384BITS 384
+#define ECC521BITS 521
struct curve_param {
- /* prime */
+ /* Prime */
BIGNUM *p;
- /* ecc coefficient 'a' */
+ /* ECC coefficient 'a' */
BIGNUM *a;
- /* ecc coefficient 'b' */
+ /* ECC coefficient 'b' */
BIGNUM *b;
- /* base point */
+ /* Base point */
const EC_POINT *g;
- /* order of base point */
+ /* Order of base point */
const BIGNUM *order;
};
@@ -176,7 +176,6 @@ free_ctx:
static int get_smallest_hw_keybits(int bits)
{
- /* ec curve order width */
if (bits > ECC384BITS)
return ECC521BITS;
else if (bits > ECC320BITS)
@@ -283,7 +282,7 @@ static int eckey_check(const EC_KEY *eckey)
return -1;
}
- /* field GF(2m) is not supported by uadk */
+ /* Field GF(2m) is not supported by uadk */
if (!uadk_prime_field(group))
return UADK_DO_SOFT;
@@ -336,22 +335,25 @@ static int set_digest(handle_t sess, struct wd_dtb *e,
unsigned int dlen = sdgst->dsize;
BIGNUM *m;
- if (dlen << UADK_BITS_2_BYTES_SHIFT > order_bits) {
+ if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits) {
m = BN_new();
/* Need to truncate digest if it is too long: first truncate
* whole bytes
*/
- dlen = (order_bits + 7) >> UADK_BITS_2_BYTES_SHIFT;
+ dlen = BITS_TO_BYTES(order_bits);
if (!BN_bin2bn(dgst, dlen, m)) {
fprintf(stderr, "failed to BN_bin2bn digest\n");
BN_free(m);
return -1;
}
- /* If still too long, truncate remaining bits with a shift */
- if (dlen << UADK_BITS_2_BYTES_SHIFT > order_bits &&
- !BN_rshift(m, m, 8 - (order_bits & 0x7))) {
+ /* If the length of digest is still longer than the length
+ * of the base point order, truncate remaining bits with a
+ * shift to that length
+ */
+ if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits &&
+ !BN_rshift(m, m, DGST_SHIFT_NUM(order_bits))) {
fprintf(stderr, "failed to truncate input digest\n");
BN_free(m);
return -1;
@@ -743,7 +745,7 @@ err:
static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req)
{
- unsigned char buff[SM2_KEY_BYTES * 2 + 1] = {UADK_OCTET_STRING};
+ unsigned char buff[ECC_POINT_SIZE(SM2_KEY_BYTES) + 1] = {UADK_OCTET_STRING};
struct wd_ecc_point *pubkey = NULL;
struct wd_dtb *privkey = NULL;
const EC_GROUP *group;
@@ -768,8 +770,8 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req)
return -ENOMEM;
}
- memcpy(buff + 1, pubkey->x.data, SM2_KEY_BYTES * 2);
- tmp = BN_bin2bn(buff, SM2_KEY_BYTES * 2 + 1, NULL);
+ memcpy(buff + 1, pubkey->x.data, ECC_POINT_SIZE(SM2_KEY_BYTES));
+ tmp = BN_bin2bn(buff, ECC_POINT_SIZE(SM2_KEY_BYTES) + 1, NULL);
ptr = EC_POINT_bn2point(group, tmp, point, NULL);
BN_free(tmp);
if (!ptr) {
@@ -1029,7 +1031,7 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req,
in_pkey.x.dsize = BN_bn2bin(pkey_x, (unsigned char *)in_pkey.x.data);
in_pkey.y.dsize = BN_bn2bin(pkey_y, (unsigned char *)in_pkey.y.data);
- /* set public key */
+ /* Set public key */
ecdh_in = wd_ecxdh_new_in(sess, &in_pkey);
if (!ecdh_in) {
fprintf(stderr, "failed to new ecxdh in\n");
@@ -1075,7 +1077,7 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req)
}
key_size_std = (unsigned int)(EC_GROUP_get_degree(group) +
- UADK_ECC_PADDING) >> UADK_BITS_2_BYTES_SHIFT;
+ UADK_ECC_PADDING) >> TRANS_BITS_BYTES_SHIFT;
key_size_x = pubkey->x.dsize;
key_size_y = pubkey->y.dsize;
if ((key_size_x > key_size_std) || (key_size_y > key_size_std)) {
@@ -1088,9 +1090,8 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req)
* tag - 1 byte
* point_x - [key_size_std] bytes
* point_y - [key_size_std] bytes
- * so the malloc size is: key_size_std * 2 + 1
*/
- buff_size = key_size_std * 2 + 1;
+ buff_size = ECC_POINT_SIZE(key_size_std) + 1;
x_shift = key_size_std - key_size_x + 1;
y_shift = buff_size - key_size_y;
buff = (unsigned char *)OPENSSL_malloc(buff_size);
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index df23156..67042a3 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -295,33 +295,39 @@ static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx,
memcpy(ecx_key->pubkey, (const unsigned char *)pubkey->x.data,
key_size);
- /* trans public key from big-endian to little-endian */
+ /* Trans public key from big-endian to little-endian */
ret = reverse_bytes(ecx_key->pubkey, key_size);
if (!ret) {
fprintf(stderr, "failed to trans public key\n");
return UADK_E_FAIL;
}
- /* trans private key from big-endian to little-endian */
+ /* Trans private key from big-endian to little-endian */
ret = reverse_bytes(ecx_key->privkey, key_size);
if (!ret) {
fprintf(stderr, "failed to trans private key\n");
return UADK_E_FAIL;
}
/*
- * This is a pretreatment of X25519/X448, as described in RFC 7748:
- * For X25519, in order to decode 32 random bytes as an integer
- * scaler, set the three LSB of the first byte and MSB of the last
- * to zero, set the second MSB of the last byte to 1.
- * For X448, set the two LSB of the first byte to 0, and MSB of the
- * last byte to 1. Decode in little-endian mode.
+ * This is a pretreatment of X25519/X448 described in RFC 7748.
+ * In order to decode the random bytes as an integer scaler, there
+ * are some special data processing. And use little-endian mode for
+ * decoding.
*/
if (ecx_ctx->nid == EVP_PKEY_X25519) {
- ecx_key->privkey[0] &= 248;
- ecx_key->privkey[X25519_KEYLEN - 1] &= 127;
- ecx_key->privkey[X25519_KEYLEN - 1] |= 64;
+ /* Set the three LSB of the first byte to 0 */
+ ecx_key->privkey[0] &= 0xF8;
+
+ /* Set the MSB of the last byte to 0 */
+ ecx_key->privkey[X25519_KEYLEN - 1] &= 0x7F;
+
+ /* Set the second MSB of the last byte to 1 */
+ ecx_key->privkey[X25519_KEYLEN - 1] |= 0x40;
} else if (ecx_ctx->nid == EVP_PKEY_X448) {
- ecx_key->privkey[0] &= 252;
- ecx_key->privkey[X448_KEYLEN - 1] |= 128;
+ /* Set the two LSB of the first byte to 0 */
+ ecx_key->privkey[0] &= 0xFC;
+
+ /* Set the MSB of the last byte to 1 */
+ ecx_key->privkey[X448_KEYLEN - 1] |= 0x80;
}
ret = EVP_PKEY_assign(pkey, ecx_ctx->nid, ecx_key);
@@ -494,7 +500,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req,
struct wd_ecc_in *ecx_in;
int ret;
- /* trans public key from little-endian to big-endian */
+ /* Trans public key from little-endian to big-endian */
ret = reverse_bytes(peer_ecx_key->pubkey, key_size);
if(!ret) {
fprintf(stderr, "failed to trans public key\n");
@@ -521,7 +527,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req,
uadk_ecc_fill_req(req, WD_ECXDH_COMPUTE_KEY, ecx_in, ecx_out);
- /* trans public key from big-endian to little-endian */
+ /* Trans public key from big-endian to little-endian */
ret = reverse_bytes(peer_ecx_key->pubkey, key_size);
if (!ret) {
fprintf(stderr, "failed to trans public key\n");
@@ -553,7 +559,7 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx,
struct wd_dtb prikey;
int ret;
- /* trans private key from little-endian to big-endian */
+ /* Trans private key from little-endian to big-endian */
ret = reverse_bytes(ecx_key->privkey, key_size);
if (!ret) {
fprintf(stderr, "failed to trans private key\n");
@@ -569,7 +575,7 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx,
return UADK_E_FAIL;
}
- /* trans private key from big-endian to little-endian */
+ /* Trans private key from big-endian to little-endian */
ret = reverse_bytes(ecx_key->privkey, key_size);
if (!ret) {
fprintf(stderr, "failed to trans private key\n");
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 6920cff..6b5ae9a 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -44,7 +44,7 @@ struct ecc_res_config {
int numa_id;
};
-/* ecc global hardware resource is saved here */
+/* ECC global hardware resource is saved here */
struct ecc_res {
struct wd_ctx_config *ctx_res;
int pid;
@@ -123,7 +123,7 @@ static int uadk_ecc_poll(void *ctx)
return -ETIMEDOUT;
}
-/* make resource configure static */
+/* Make resource configure static */
struct ecc_res_config ecc_res_config = {
.sched = {
.sched_type = -1,
@@ -234,7 +234,7 @@ static int uadk_wd_ecc_init(struct ecc_res_config *config)
struct uacce_dev *dev;
int ret;
- /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */
+ /* The ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */
dev = wd_get_accel_dev("ecdsa");
if (!dev)
return -ENOMEM;
@@ -396,8 +396,7 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey)
return -EINVAL;
}
- /* pad and convert bits to bytes */
- buflen = (EC_GROUP_get_degree(group) + 7) / 8;
+ buflen = BITS_TO_BYTES(EC_GROUP_get_degree(group));
ecc_key = wd_ecc_get_key(sess);
prikey.data = (void *)bin;
prikey.dsize = BN_bn2binpad(d, bin, buflen);
diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h
index b30c2de..6d1cc77 100644
--- a/src/uadk_pkey.h
+++ b/src/uadk_pkey.h
@@ -26,7 +26,6 @@
#define UADK_ECC_MAX_KEY_BITS 521
#define UADK_ECC_MAX_KEY_BYTES 66
#define UADK_ECC_CV_PARAM_NUM 6
-#define UADK_BITS_2_BYTES_SHIFT 3
#define SM2_KEY_BYTES 32
#define UADK_OCTET_STRING 4
#define UADK_ECC_PUBKEY_PARAM_NUM 2
@@ -34,6 +33,11 @@
#define UADK_ECDH_CV_NUM 8
#define ENV_ENABLED 1
#define UADK_E_INVALID (-2)
+#define TRANS_BITS_BYTES_SHIFT 3
+#define ECC_POINT_SIZE(n) ((n) * 2)
+#define GET_MS_BYTE(n) ((n) >> 8)
+#define GET_LS_BYTE(n) ((n) & 0xFF)
+#define DGST_SHIFT_NUM(n) (8 - ((n) & 0x7))
struct uadk_pkey_meth {
EVP_PKEY_METHOD *sm2;
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 7d25338..e9a2c53 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -52,6 +52,9 @@
#define UADK_E_INIT_SUCCESS 0
#define CHECK_PADDING_FAIL (-1)
#define ENV_ENABLED 1
+#define PRIME_RETRY_COUNT 4
+#define GENCB_NEXT 2
+#define GENCB_RETRY 3
static RSA_METHOD *rsa_hw_meth;
@@ -173,11 +176,7 @@ static int rsa_prime_mul_res(int num, struct rsa_prime_param *param,
if (!BN_mul(param->r1, param->rsa_p, param->rsa_q, ctx))
return BN_ERR;
} else {
- /*
- * Use the number 3 to indicate whether
- * the generator has been found.
- */
- if (!BN_GENCB_call(cb, 3, num))
+ if (!BN_GENCB_call(cb, GENCB_RETRY, num))
return BN_ERR;
return BN_CONTINUE;
}
@@ -228,14 +227,11 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
*bitse -= bitsr[*num];
else
return -1;
- /*
- * Use the number 2 to indicate whether
- * a prime has been found.
- */
- ret = BN_GENCB_call(cb, 2, *n++);
+
+ ret = BN_GENCB_call(cb, GENCB_NEXT, *n++);
if (!ret)
return -1;
- if (retries == 4) {
+ if (retries == PRIME_RETRY_COUNT) {
*num = -1;
*bitse = 0;
retries = 0;
@@ -244,8 +240,8 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
retries++;
return BN_REDO;
}
- /* Use the number 3 to indicate whether the generator has been found. */
- ret = BN_GENCB_call(cb, 3, *num);
+
+ ret = BN_GENCB_call(cb, GENCB_RETRY, *num);
if (!ret)
return BN_ERR;
retries = 0;
@@ -320,8 +316,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
else
return BN_ERR;
- /* Use the number 2 to indicate whether a prime has been found. */
- if (!BN_GENCB_call(cb, 2, *n++))
+ if (!BN_GENCB_call(cb, GENCB_NEXT, *n++))
return BN_ERR;
return GET_ERR_FINISH;
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 8a9adca..578d2d8 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -34,12 +34,12 @@ enum {
typedef struct {
/* Key and paramgen group */
EC_GROUP *gen_group;
- /* message digest */
+ /* Message digest */
const EVP_MD *md;
/* Distinguishing Identifier, ISO/IEC 15946-3 */
uint8_t *id;
size_t id_len;
- /* id_set indicates if the 'id' field is set (1) or not (0) */
+ /* Indicates if the 'id' field is set (1) or not (0) */
int id_set;
} SM2_PKEY_CTX;
@@ -557,8 +557,7 @@ static size_t ec_field_size(const EC_GROUP *group)
if (!EC_GROUP_get_curve(group, p, a, b, NULL))
goto done;
- /* Pad and convert bits to bytes */
- field_size = (BN_num_bits(p) + 7) / 8;
+ field_size = BITS_TO_BYTES(BN_num_bits(p));
done:
BN_free(p);
@@ -1172,7 +1171,7 @@ static int sm2_set_ctx_id(struct sm2_ctx *smctx, int p1, const void *p2)
OPENSSL_free(smctx->ctx.id);
smctx->ctx.id = tmp_id;
} else {
- /* set null-ID */
+ /* Set null-ID */
OPENSSL_free(smctx->ctx.id);
smctx->ctx.id = NULL;
}
@@ -1231,7 +1230,7 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
*(size_t *)p2 = smctx->ctx.id_len;
return 1;
case EVP_PKEY_CTRL_DIGESTINIT:
- /* nothing to be inited, this is to suppress the error... */
+ /* Nothing to be inited, for suppress the error */
return 1;
default:
fprintf(stderr, "sm2 ctrl type = %d error\n", type);
@@ -1323,20 +1322,22 @@ static int check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash,
}
/* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */
- if (id_len >= (UINT16_MAX / 8)) {
+ if (id_len >= (UINT16_MAX >> TRANS_BITS_BYTES_SHIFT)) {
fprintf(stderr, "id too large\n");
return 0;
}
- entl = (uint16_t)(8 * id_len);
+ entl = (uint16_t)(id_len << TRANS_BITS_BYTES_SHIFT);
- e_byte = entl >> 8;
+ /* Update the most significant (first) byte of 'entl' */
+ e_byte = GET_MS_BYTE(entl);
if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
fprintf(stderr, "error evp lib\n");
return 0;
}
- e_byte = entl & 0xFF;
+ /* Update the least significant (second) byte of 'entl' */
+ e_byte = GET_LS_BYTE(entl);
if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
fprintf(stderr, "error evp lib\n");
return 0;
@@ -1516,7 +1517,7 @@ static int sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
return 0;
}
- /* get hashed prefix 'z' of tbs message */
+ /* Get hashed prefix 'z' of tbs message */
if (!sm2_compute_z_digest(z, md, smctx->ctx.id, smctx->ctx.id_len, ec))
return 0;
--
1.8.3.1

250
0067-uadk_engine-cleanup-header-file.patch
View File

@ -1,250 +0,0 @@
From 1dd1503428df2b33f679f81b1541a4314fe0aa11 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:56:54 +0800
Subject: uadk_engine: cleanup header file
Remove redundant header file and modify magic number.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk.h | 3 ---
src/uadk_async.c | 1 +
src/uadk_async.h | 2 +-
src/uadk_cipher.c | 1 +
src/uadk_dh.c | 1 +
src/uadk_digest.c | 2 ++
src/uadk_ec.c | 1 +
src/uadk_ecx.c | 2 +-
src/uadk_pkey.c | 5 ++++-
src/uadk_rsa.c | 6 +++++-
src/uadk_sm2.c | 7 +++++--
11 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h
index 99c65c7..30c099f 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -18,9 +18,6 @@
#ifndef UADK_H
#define UADK_H
#include <openssl/engine.h>
-#include <uadk/wd.h>
-#include <uadk/wd_sched.h>
-#include "uadk_utils.h"
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
#define ENV_STRING_LEN 256
diff --git a/src/uadk_async.c b/src/uadk_async.c
index 3f2e1db..2edd6ea 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -20,6 +20,7 @@
#include <string.h>
#include <sys/eventfd.h>
#include <unistd.h>
+#include <openssl/async.h>
#include "uadk.h"
#include "uadk_async.h"
diff --git a/src/uadk_async.h b/src/uadk_async.h
index 9bae3f4..8a4822e 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -19,8 +19,8 @@
#define UADK_ASYNC_H
#include <stdbool.h>
-#include <openssl/async.h>
#include <semaphore.h>
+#include <openssl/async.h>
#define ASYNC_QUEUE_TASK_NUM 1024
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index de5f078..cc06429 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -22,6 +22,7 @@
#include <dlfcn.h>
#include <openssl/engine.h>
#include <uadk/wd_cipher.h>
+#include <uadk/wd_sched.h>
#include "uadk.h"
#include "uadk_async.h"
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 6356872..680564c 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -23,6 +23,7 @@
#include <openssl/dh.h>
#include <string.h>
#include <uadk/wd_dh.h>
+#include <uadk/wd_sched.h>
#include "uadk.h"
#include "uadk_async.h"
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 9d009a9..26a6272 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -25,8 +25,10 @@
#include <openssl/evp.h>
#include <uadk/wd_cipher.h>
#include <uadk/wd_digest.h>
+#include <uadk/wd_sched.h>
#include "uadk.h"
#include "uadk_async.h"
+#include "uadk_utils.h"
#define UADK_DO_SOFT (-0xE0)
#define CTX_SYNC 0
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 9b48ae7..6106083 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -23,6 +23,7 @@
#include <openssl/err.h>
#include <openssl/ec.h>
#include <uadk/wd_ecc.h>
+#include <uadk/wd_sched.h>
#include "uadk_pkey.h"
#include "uadk.h"
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 67042a3..b62f81d 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -14,7 +14,6 @@
* limitations under the License.
*
*/
-#include <errno.h>
#include <string.h>
#include <openssl/bn.h>
#include <openssl/engine.h>
@@ -24,6 +23,7 @@
#include <openssl/ec.h>
#include <openssl/evp.h>
#include <uadk/wd_ecc.h>
+#include <uadk/wd_sched.h>
#include "uadk_pkey.h"
#include "uadk.h"
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 6b5ae9a..7b7a345 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -17,6 +17,7 @@
#include <openssl/engine.h>
#include <uadk/wd.h>
#include <uadk/wd_ecc.h>
+#include <uadk/wd_sched.h>
#include "uadk_async.h"
#include "uadk.h"
#include "uadk_pkey.h"
@@ -381,6 +382,7 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey)
const EC_GROUP *group;
struct wd_dtb prikey;
const BIGNUM *d;
+ size_t degree;
int buflen;
int ret;
@@ -396,7 +398,8 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey)
return -EINVAL;
}
- buflen = BITS_TO_BYTES(EC_GROUP_get_degree(group));
+ degree = EC_GROUP_get_degree(group);
+ buflen = BITS_TO_BYTES(degree);
ecc_key = wd_ecc_get_key(sess);
prikey.data = (void *)bin;
prikey.dsize = BN_bn2binpad(d, bin, buflen);
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index e9a2c53..96c898f 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -20,6 +20,7 @@
#include <openssl/ossl_typ.h>
#include <openssl/rsa.h>
#include <uadk/wd_rsa.h>
+#include <uadk/wd_sched.h>
#include "uadk_async.h"
#include "uadk.h"
@@ -55,6 +56,7 @@
#define PRIME_RETRY_COUNT 4
#define GENCB_NEXT 2
#define GENCB_RETRY 3
+#define PRIME_CHECK_BIT_NUM 4
static RSA_METHOD *rsa_hw_meth;
@@ -210,7 +212,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
* key by using the modulus in a certificate. This is also covered
* by checking the length should not be less than 0x9.
*/
- if (!BN_rshift(param->r2, param->r1, *bitse - 4))
+ if (!BN_rshift(param->r2, param->r1, *bitse - PRIME_CHECK_BIT_NUM))
return BN_ERR;
bitst = BN_get_word(param->r2);
@@ -231,6 +233,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
ret = BN_GENCB_call(cb, GENCB_NEXT, *n++);
if (!ret)
return -1;
+
if (retries == PRIME_RETRY_COUNT) {
*num = -1;
*bitse = 0;
@@ -288,6 +291,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb)
{
unsigned long err;
+
/*
* BN_sub(r,a,b) substracts b from a and place the result in r,
* r = a-b.
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 578d2d8..b14fbcf 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -22,6 +22,7 @@
#include <openssl/ossl_typ.h>
#include <openssl/err.h>
#include <uadk/wd_ecc.h>
+#include <uadk/wd_sched.h>
#include "uadk.h"
#include "uadk_pkey.h"
@@ -550,6 +551,7 @@ static size_t ec_field_size(const EC_GROUP *group)
BIGNUM *a = BN_new();
BIGNUM *b = BN_new();
size_t field_size = 0;
+ size_t p_bits;
if (p == NULL || a == NULL || b == NULL)
goto done;
@@ -557,7 +559,8 @@ static size_t ec_field_size(const EC_GROUP *group)
if (!EC_GROUP_get_curve(group, p, a, b, NULL))
goto done;
- field_size = BITS_TO_BYTES(BN_num_bits(p));
+ p_bits = BN_num_bits(p);
+ field_size = BITS_TO_BYTES(p_bits);
done:
BN_free(p);
@@ -598,7 +601,7 @@ static int sm2_ciphertext_size(const EC_KEY *key,
* Integer and string are simple type; set constructed = 0, means
* primitive and definite length encoding.
*/
- sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER)
+ sz = ECC_POINT_SIZE(ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER))
+ ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING)
+ ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING);
*ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE);
--
1.8.3.1

BIN
uadk_engine-1.0.0.tar.gz
View File

Binary file not shown.

BIN
uadk_engine-1.2.0.tar.gz Normal file
View File

Binary file not shown.

85
uadk_engine.spec
View File

@ -1,7 +1,7 @@
Name: uadk_engine Name: uadk_engine
Summary: UADK Accelerator Engine Summary: UADK Accelerator Engine
Version: 1.0.0 Version: 1.2.0
Release: 9 Release: 1
License: Apache-2.0 License: Apache-2.0
Source: %{name}-%{version}.tar.gz Source: %{name}-%{version}.tar.gz
ExclusiveOS: linux ExclusiveOS: linux
@ -11,76 +11,18 @@ Conflicts: %{name} < %{version}-%{release}
Provides: %{name} = %{version}-%{release} Provides: %{name} = %{version}-%{release}
BuildRequires: libwd >= 2.3.21 BuildRequires: libwd >= 2.3.21
BuildRequires: openssl-devel sed autoconf automake libtool BuildRequires: openssl-devel sed autoconf automake libtool
Requires: openssl
ExclusiveArch: aarch64 ExclusiveArch: aarch64
Patch0001: 0001-digest-support-digest-multiple-update.patch Patch0001: 0001-readme-export-PKG_CONFIG_PATH-on-openEuler.patch
Patch0002: 0002-uadk_engine-define-the-variable-as-const.patch Patch0002: 0002-uadk_engine-use-calloc-to-replace-malloc-memset.patch
Patch0003: 0003-ecc-fix-codecheck-warning.patch Patch0003: 0003-v1-some-code-clean.patch
Patch0004: 0004-rsa-delete-redundant-copy.patch Patch0004: 0004-v1-fix-implicit-declaration-of-function-OPENSSL_call.patch
Patch0005: 0005-rsa-fix-coverity-warning.patch Patch0005: 0005-uadk-build-uadk_engine-only-if-openssl-1.1.patch
Patch0006: 0006-ecc-cleanup-duplicate-public-key-allocation.patch Patch0006: 0006-uadk-support-openssl-3.0.patch
Patch0007: 0007-rsa-cleanup-about-reducing-function-parameters.patch Patch0007: 0007-README-update-openssl-3.0.patch
Patch0008: 0008-ecc-cleanup-sm2-compute-digest-function.patch Patch0008: 0008-cipher-fix-double-free-error.patch
Patch0009: 0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch Patch0009: 0009-cipher-fix-set-key-error.patch
Patch0010: 0010-rsa-cleanup-about-prime-generation.patch Patch0010: 0010-cipher-fix-async-hardware-computing-error.patch
Patch0011: 0011-ecc-cleanup-the-form-of-the-return-value.patch
Patch0012: 0012-engine-fix-uadk-engine-compatibility-issue.patch
Patch0013: 0013-digest-modify-the-process-of-free-session.patch
Patch0014: 0014-digest-modify-the-process-of-soft-and-hardware-hando.patch
Patch0015: 0015-ecc-bugfix-about-sm2-decryption.patch
Patch0016: 0016-dh-bugfix-about-dh-compute-key.patch
Patch0017: 0017-ecc-bugfix-about-ecc-general-init.patch
Patch0018: 0018-digest-fix-codecheck-warning.patch
Patch0019: 0019-cipher-fixup-a-code-check-warning.patch
Patch0020: 0020-rsa-fixup-a-code-check-warning.patch
Patch0021: 0021-cipher-delete-a-redundant-branch.patch
Patch0022: 0022-engine-fix-engine-can-t-work-under-hybrid-mode.patch
Patch0023: 0023-engine-add-the-kae-log-feature.patch
Patch0024: 0024-rsa-fix-interface-name.patch
Patch0025: 0025-ecc-cleanup-sm2-unreachable-code.patch
Patch0026: 0026-rsa-cleanup-of-code-style.patch
Patch0027: 0027-v1-fixup-about-uninitialized-variable.patch
Patch0028: 0028-ecc-fix-checking-conditions.patch
Patch0029: 0029-ecc-cleanup-print-log.patch
Patch0030: 0030-engine-fix-function-return-type.patch
Patch0031: 0031-rsa-fixup-about-the-wrong-copy.patch
Patch0032: 0032-README-modify-the-engine-id-name.patch
Patch0033: 0033-digest-improve-the-digest-performance.patch
Patch0034: 0034-cipher-support-the-sm4-ecb-alg.patch
Patch0035: 0035-cipher-fix-segmentation-fault-for-uadk_e_ctx_init.patch
Patch0036: 0036-cipher-sm4-ecb-algorithm-is-deleted-by-mistake.patch
Patch0037: 0037-rsa-bugfix-about-redundant-and-inefficient-operation.patch
Patch0038: 0038-uadk-engine-change-Copyright-to-2022.patch
Patch0039: 0039-README-move-test-script-to-sanity_test.sh.patch
Patch0040: 0040-uadk_engine-fix-string-compare-mode.patch
Patch0041: 0041-cipher-optimize-the-process-of-ctx-initialization.patch
Patch0042: 0042-cipher-adding-an-iv-update-to-a-decryption.patch
Patch0043: 0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch
Patch0044: 0044-engine-add-receiving-timeout-count.patch
Patch0045: 0045-digest-fix-the-fault-as-using-the-nginx.patch
Patch0046: 0046-ecc-cleanup-of-static-code-check.patch
Patch0047: 0047-ecc-bugfix-about-return-value-check.patch
Patch0048: 0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch
Patch0049: 0049-uadk_engine-remove-redundant-extern.patch
Patch0050: 0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch
Patch0051: 0051-rsa-cleanup-redundant-BN-operation.patch
Patch0052: 0052-rsa-bugfix-memory-leak-in-genkey-process.patch
Patch0053: 0053-rsa-remove-unused-software-method.patch
Patch0054: 0054-doc-Modify-maintainers.patch
Patch0055: 0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch
Patch0056: 0056-engine-initialize-resources-only-once.patch
Patch0057: 0057-engine-fix-function-type.patch
Patch0058: 0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch
Patch0059: 0059-uadk_utils-fix-x86-local-build.patch
Patch0060: 0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch
Patch0061: 0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch
Patch0062: 0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch
Patch0063: 0063-uadk_engine-bugfix-side-effects-of-right-operand.patch
Patch0064: 0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch
Patch0065: 0065-uadk_engine-bugfix-enable-environment-variable.patch
Patch0066: 0066-uadk_engine-cleanup-magic-number-and-comments.patch
Patch0067: 0067-uadk_engine-cleanup-header-file.patch
%description %description
This package contains the UADK Accelerator Engine This package contains the UADK Accelerator Engine
@ -130,6 +72,9 @@ fi
/sbin/ldconfig /sbin/ldconfig
%changelog %changelog
* Tue Aug 22 2023 JiangShui Yang <yangjiangshui@h-partners.com> 1.2.0-1
- Backport uadk engine patch form v1.0.1 to 1.2.0
* Fri Aug 19 2023 JiangShui Yang <yangjiangshui@h-partners.com> 1.0.0-9 * Fri Aug 19 2023 JiangShui Yang <yangjiangshui@h-partners.com> 1.0.0-9
- Backport uadk engine patch for v1.0.1 - Backport uadk engine patch for v1.0.1