packages/uadk_engine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!18 [sync] PR-17: uadk_engine - update uadk engine source

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @hao-fang 
Signed-off-by: @hao-fang
This commit is contained in:
openeuler-ci-bot 2022-10-08 02:15:15 +00:00 committed by Gitee
commit c0f513d022
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
21 changed files with 2633 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

177
0038-uadk-engine-change-Copyright-to-2022.patch Normal file
View File

@ -0,0 +1,177 @@
From 1b8b65e31da0c6347575d0d201c8417241e81453 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Mon, 28 Mar 2022 02:31:53 +0000
Subject: [PATCH 38/57] uadk-engine: change Copyright to 2022
Change Copyright to 2022
Add Linaro Copyright as well
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/e_uadk.c | 3 ++-
src/uadk.h | 3 ++-
src/uadk_async.c | 3 ++-
src/uadk_async.h | 3 ++-
src/uadk_cipher.c | 3 ++-
src/uadk_dh.c | 2 +-
src/uadk_digest.c | 3 ++-
src/uadk_ec.c | 2 +-
src/uadk_ecx.c | 2 +-
src/uadk_pkey.c | 2 +-
src/uadk_pkey.h | 2 +-
src/uadk_rsa.c | 2 +-
src/uadk_sm2.c | 2 +-
13 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 79ecef8..4288569 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk.h b/src/uadk.h
index 384e035..ef09274 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_async.c b/src/uadk_async.c
index c98153b..11d624c 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_async.h b/src/uadk_async.h
index 9836dbb..d2a7e16 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 5ebad64..91895cc 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 40fb583..3882306 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 355917d..ecc0ce6 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index db69871..e219bdf 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 67f9350..5d0ff76 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index f27e2f5..d4ec30e 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h
index dfe6fbe..b30c2de 100644
--- a/src/uadk_pkey.h
+++ b/src/uadk_pkey.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 821cb78..a80d203 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 8c75611..a478a94 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
--
2.27.0

197
0039-README-move-test-script-to-sanity_test.sh.patch Normal file
View File

@ -0,0 +1,197 @@
From 5dab65ce804d8e7995cef2eecfb375270d55f2ed Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Wed, 30 Mar 2022 07:34:43 +0000
Subject: [PATCH 39/57] README: move test script to sanity_test.sh
Move test script from README to sanity_test.sh
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
README | 103 +-------------------------------------------
test/sanity_test.sh | 39 ++++++++++++++++-
2 files changed, 39 insertions(+), 103 deletions(-)
diff --git a/README b/README
index 562a859..ed49128 100644
--- a/README
+++ b/README
@@ -63,108 +63,7 @@ Build & Install OpenSSL UADK Engine
Testing
-------
```
- sudo test/sanity_test.sh
-```
-1. Cipher
-```
-openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl speed -engine uadk_engine -async_jobs 1 -evp aes-128-cbc
-openssl speed -engine uadk_engine -async_jobs 1 -evp sm4-cbc
-openssl speed -engine uadk_engine -async_jobs 1 -evp des-ede3-cbc
-```
-2. RSA
-```
-openssl genrsa -out prikey.pem -engine uadk_engine 2048
-openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk_engine
-openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk_engine
-openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk_engine
-openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk_engine
-openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk_engine
-openssl speed -elapsed -engine uadk_engine rsa2048
-openssl speed -elapsed -engine uadk_engine -async_jobs 10 rsa2048
-```
-3. SM3
-```
-openssl sm3 -engine uadk_engine data
-```
-4. MD5
-```
-openssl speed -engine uadk_engine -async_jobs 1 -evp md5
-```
-5. SHA
-```
-openssl sha1 -engine uadk_engine data
-openssl sha256 -engine uadk_engine data
-openssl sha512 -engine uadk_engine data
-```
-6. DH
-
-[step 1] Generate global public parameters, and save them in the file
-dhparam.pem:
-```
-openssl dhparam -out dhparam.pem 2048
-```
-[step 2] Generate own private key:
-```
-openssl genpkey -paramfile dhparam.pem -out privatekey1.pem
-openssl genpkey -paramfile dhparam.pem -out privatekey2.pem
-```
-[step 3] Generate public key:
-```
-openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine uadk
-openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine uadk
-```
-[step 4] After exchanging public key, each user can derive the shared secret:
-```
-openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out
-secret1.bin -engine uadk_engine
-openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out
-secret2.bin -engine uadk_engine
-```
-[step 5] Check secret1.bin and secret2.bin:
-```
-cmp secret1.bin secret2.bin
-xxd secret1.bin
-xxd secret2.bin
-```
-secret1.bin and secret2.bin should be the same.
-
-7. SM2
-```
-openssl speed -elapsed -engine uadk_engine sm2
-openssl speed -elapsed -engine uadk_engine -async_jobs 1 sm2
-openssl ecparam -genkey -name SM2 -out SM2PrivateKey.pem
-openssl ec -in SM2PrivateKey.pem -pubout -out SM2PublicKey.pem
-```
-8. ECDSA
-```
-openssl speed -elapsed -engine uadk_engine ecdsap256
-openssl speed -elapsed -engine uadk_engine -async_jobs 1 ecdsap256
+ ./test/sanity_test.sh
```
Environment variable of uadk engine
diff --git a/test/sanity_test.sh b/test/sanity_test.sh
index 4273310..2c0c504 100755
--- a/test/sanity_test.sh
+++ b/test/sanity_test.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-chmod 666 /dev/hisi_*
+sudo chmod 666 /dev/hisi_*
if [ ! -n "$1" ]; then
engine_id=uadk_engine
@@ -24,6 +24,12 @@ if [[ $algs =~ "SM3" ]]; then
openssl speed -engine $engine_id -async_jobs 1 -evp sm3
fi
+if [[ $algs =~ "SM2" ]]; then
+ echo "testing SM2"
+ openssl speed -engine $engine_id -evp sm2
+ openssl speed -engine $engine_id -async_jobs 1 -evp sm2
+fi
+
if [[ $algs =~ "SHA" ]]; then
echo "testing SHA"
openssl speed -engine $engine_id -evp sha1
@@ -58,6 +64,12 @@ if [[ $algs =~ "AES" ]]; then
openssl speed -engine $engine_id -async_jobs 1 -evp aes-128-xts
openssl speed -engine $engine_id -evp aes-256-xts
openssl speed -engine $engine_id -async_jobs 1 -evp aes-256-xts
+ openssl speed -engine $engine_id -evp aes-128-ctr
+ openssl speed -engine $engine_id -async_jobs 1 -evp aes-128-ctr
+ openssl speed -engine $engine_id -evp aes-192-ctr
+ openssl speed -engine $engine_id -async_jobs 1 -evp aes-192-ctr
+ openssl speed -engine $engine_id -evp aes-256-ctr
+ openssl speed -engine $engine_id -async_jobs 1 -evp aes-256-ctr
fi
if [[ $algs =~ "SM4-CBC" ]]; then
@@ -134,3 +146,28 @@ if [[ $algs =~ "id-ecPublicKey" ]]; then
openssl speed -elapsed -engine $engine_id ecdhbrp384r1
openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhbrp384r1
fi
+
+#DH
+if [[ $algs =~ "DH" ]]; then
+ echo "testing DH"
+ #1. Generate global public parameters, and save them in the file dhparam.pem:
+ openssl dhparam -out dhparam.pem 2048
+
+ #2. Generate own private key:
+ openssl genpkey -paramfile dhparam.pem -out privatekey1.pem
+ openssl genpkey -paramfile dhparam.pem -out privatekey2.pem
+
+ #3. Generate public key:
+ openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine $engine_id
+ openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine $engine_id
+
+ #4. After exchanging public key, each user can derive the shared secret:
+ openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out secret1.bin -engine $engine_id
+ openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out secret2.bin -engine $engine_id
+
+ #5. Check secret1.bin and secret2.bin:
+ cmp secret1.bin secret2.bin
+ xxd secret1.bin
+ xxd secret2.bin
+ #secret1.bin and secret2.bin should be same.
+fi
--
2.27.0

38
0040-uadk_engine-fix-string-compare-mode.patch Normal file
View File

@ -0,0 +1,38 @@
From 4763c7f374d4ba29a070b06147e2d47504902cf3 Mon Sep 17 00:00:00 2001
From: JunchongPan <panjunchong@hisilicon.com>
Date: Sat, 2 Apr 2022 09:47:08 +0800
Subject: [PATCH 40/57] uadk_engine:fix string compare mode
String compare now use '==' while compare point and string,
changed to strcmp
Signed-off-by: JunchongPan <panjunchong@hisilicon.com>
---
src/e_uadk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 4288569..58a10de 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -116,7 +116,7 @@ int uadk_e_is_env_enabled(const char *alg_name)
int i = 0;
while (i < len) {
- if (uadk_env_enabled[i].alg_name == alg_name)
+ if (strcmp(uadk_env_enabled[i].alg_name, alg_name))
return uadk_env_enabled[i].env_enabled;
i++;
}
@@ -130,7 +130,7 @@ static void uadk_e_set_env_enabled(const char *alg_name, __u8 value)
int i = 0;
while (i < len) {
- if (uadk_env_enabled[i].alg_name == alg_name) {
+ if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) {
uadk_env_enabled[i].env_enabled = value;
return;
}
--
2.27.0

32
0041-cipher-optimize-the-process-of-ctx-initialization.patch Normal file
View File

@ -0,0 +1,32 @@
From 17bfd66f31e712ffd9364bfb43c9899e10e84a7d Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Sat, 2 Apr 2022 11:19:16 +0800
Subject: [PATCH 41/57] cipher: optimize the process of ctx initialization
Optimize the process of ctx initialization as switching to soft work.
If the ctx resources of a thread are insufficient at the beginning, the
thread can't apply for resources again. Therefore, an flag checking is
required.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 91895cc..8a2c39d 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -851,6 +851,9 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx);
priv->req.iv = priv->iv;
+ if (priv->switch_flag == UADK_DO_SOFT)
+ return;
+
ret = uadk_e_init_cipher();
if (unlikely(!ret)) {
priv->switch_flag = UADK_DO_SOFT;
--
2.27.0

59
0042-cipher-adding-an-iv-update-to-a-decryption.patch Normal file
View File

@ -0,0 +1,59 @@
From 11016568bf6a929aebc216f5e7f5fd28b2e1d2a6 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 12 May 2022 10:31:56 +0800
Subject: [PATCH 42/57] cipher: adding an iv update to a decryption
Adding an iv update to de-crypto method as cbc mode.
the dst address should not be changed. So fix it.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 8a2c39d..49022f7 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -763,10 +763,13 @@ static void uadk_cipher_update_priv_ctx(struct cipher_priv_ctx *priv)
switch (priv->setup.mode) {
case WD_CIPHER_CBC:
- if (priv->req.op_type == WD_CIPHER_ENCRYPTION) {
- priv->req.dst += priv->req.in_bytes;
- memcpy(priv->iv, priv->req.dst - iv_bytes, iv_bytes);
- }
+ if (priv->req.op_type == WD_CIPHER_ENCRYPTION)
+ memcpy(priv->iv, priv->req.dst + priv->req.in_bytes - iv_bytes,
+ iv_bytes);
+ else
+ memcpy(priv->iv, priv->req.src + priv->req.in_bytes - iv_bytes,
+ iv_bytes);
+
break;
case WD_CIPHER_OFB:
for (i = 0; i < IV_LEN; i++) {
@@ -776,13 +779,13 @@ static void uadk_cipher_update_priv_ctx(struct cipher_priv_ctx *priv)
memcpy(priv->iv, K, iv_bytes);
break;
case WD_CIPHER_CFB:
- if (priv->req.op_type == WD_CIPHER_ENCRYPTION) {
- priv->req.dst += priv->req.in_bytes;
- memcpy(priv->iv, priv->req.dst - iv_bytes, iv_bytes);
- } else {
- priv->req.src += priv->req.in_bytes;
- memcpy(priv->iv, priv->req.src - iv_bytes, iv_bytes);
- }
+ if (priv->req.op_type == WD_CIPHER_ENCRYPTION)
+ memcpy(priv->iv, priv->req.dst + priv->req.in_bytes - iv_bytes,
+ iv_bytes);
+ else
+ memcpy(priv->iv, priv->req.src + priv->req.in_bytes - iv_bytes,
+ iv_bytes);
+
break;
case WD_CIPHER_CTR:
ctr_iv_inc(priv->iv, priv->req.in_bytes >> CTR_MODE_LEN_SHIFT);
--
2.27.0

47
0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch Normal file
View File

@ -0,0 +1,47 @@
From d6b2f7a4b2486afb3b3a418f32ce9d43783ef8f0 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 12 May 2022 10:31:57 +0800
Subject: [PATCH 43/57] cipher: fix cipher decrypto failed as use jdk
Because the java releases the memory immediately after the
memory is used. So the engine should not use user memory for
storage the key.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 49022f7..7eba992 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -36,6 +36,7 @@
#define BYTE_BITS 8
#define IV_LEN 16
#define ENV_ENABLED 1
+#define MAX_KEY_LEN 64
struct cipher_engine {
struct wd_ctx_config ctx_cfg;
@@ -57,7 +58,7 @@ struct cipher_priv_ctx {
struct wd_cipher_sess_setup setup;
struct wd_cipher_req req;
unsigned char iv[IV_LEN];
- const unsigned char *key;
+ unsigned char key[MAX_KEY_LEN];
int switch_flag;
void *sw_ctx_data;
/* Crypto small packet offload threshold */
@@ -694,7 +695,7 @@ static int uadk_e_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
if (unlikely(ret != 1))
return 0;
- priv->key = key;
+ memcpy(priv->key, key, EVP_CIPHER_CTX_key_length(ctx));
priv->switch_threshold = SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT;
return 1;
--
2.27.0

169
0044-engine-add-receiving-timeout-count.patch Normal file
View File

@ -0,0 +1,169 @@
From 4fbef0e061a97e3ead086de7f3f5689e9d53f454 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Mon, 18 Jul 2022 09:41:39 +0800
Subject: [PATCH 44/57] engine: add receiving timeout count
Task fail due to hardware errors, but the process of poll
isn't exit. Increase the count of packet receiving timeout
as doing async jobs. Prevents falling into an infinite loop
in poll ctx.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk.h | 5 +++--
src/uadk_cipher.c | 7 +++++--
src/uadk_dh.c | 7 +++++--
src/uadk_digest.c | 7 +++++--
src/uadk_pkey.c | 7 +++++--
src/uadk_rsa.c | 7 +++++--
6 files changed, 28 insertions(+), 12 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h
index ef09274..e2635d4 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -22,8 +22,9 @@
#include <uadk/wd_sched.h>
#include "uadk_utils.h"
-#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
-#define ENV_STRING_LEN 256
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+#define ENV_STRING_LEN 256
+#define ENGINE_RECV_MAX_CNT 60000000
enum {
KUNPENG920,
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 7eba992..472c0ad 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -504,6 +504,7 @@ static int sched_single_poll_policy(handle_t h_sched_ctx,
static int uadk_e_cipher_poll(void *ctx)
{
struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *) ctx;
+ __u64 rx_cnt = 0;
__u32 recv = 0;
/* Poll one packet currently */
int expt = 1;
@@ -520,9 +521,11 @@ static int uadk_e_cipher_poll(void *ctx)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_cipher_env_poll(void *ctx)
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 3882306..893b0f2 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -204,6 +204,7 @@ static __u32 dh_pick_next_ctx(handle_t sched_ctx,
static int uadk_e_dh_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
int expect = 1;
int idx = 1;
@@ -215,9 +216,11 @@ static int uadk_e_dh_poll(void *ctx)
return UADK_E_POLL_SUCCESS;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static void uadk_e_dh_cb(void *req_t)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index ecc0ce6..2e61e80 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -332,6 +332,7 @@ static int sched_single_poll_policy(handle_t h_sched_ctx,
static int uadk_e_digest_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
int expt = 1;
int ret = 0;
@@ -342,9 +343,11 @@ static int uadk_e_digest_poll(void *ctx)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_digest_env_poll(void *ctx)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index d4ec30e..2616c5e 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -113,6 +113,7 @@ void uadk_ecc_cb(void *req_t)
static int uadk_ecc_poll(void *ctx)
{
unsigned int recv = 0;
+ __u64 rx_cnt = 0;
int expt = 1;
int ret;
@@ -122,9 +123,11 @@ static int uadk_ecc_poll(void *ctx)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
/* make resource configure static */
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index a80d203..29b2521 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -656,6 +656,7 @@ static int rsa_poll_policy(handle_t h_sched_ctx, __u32 expect, __u32 *count)
static int uadk_e_rsa_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
int expt = 1;
int ret;
@@ -666,9 +667,11 @@ static int uadk_e_rsa_poll(void *ctx)
return UADK_E_POLL_SUCCESS;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static struct rsa_res_config rsa_res_config = {
--
2.27.0

49
0045-digest-fix-the-fault-as-using-the-nginx.patch Normal file
View File

@ -0,0 +1,49 @@
From 7718ed9e56633bf2781f108a591eefe093ccb18b Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Mon, 18 Jul 2022 14:43:53 +0800
Subject: [PATCH 45/57] digest: fix the fault as using the nginx
Prevent double-free after the private ctx copy is used.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 2e61e80..8127373 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -240,6 +240,10 @@ static void digest_soft_cleanup(struct digest_priv_ctx *md_ctx)
{
EVP_MD_CTX *ctx = md_ctx->soft_ctx;
+ /* Prevent double-free after the copy is used */
+ if (md_ctx->copy)
+ return;
+
if (ctx != NULL) {
if (ctx->md_data) {
OPENSSL_free(ctx->md_data);
@@ -641,7 +645,9 @@ static int do_digest_sync(struct digest_priv_ctx *priv)
{
int ret;
- /* Fix me: not support switch the soft work as input is lower */
+ if (priv->req.in_bytes <= priv->switch_threshold &&
+ priv->state == SEC_DIGEST_INIT)
+ return 0;
ret = wd_do_digest_sync(priv->sess, &priv->req);
if (ret) {
@@ -743,6 +749,7 @@ static int uadk_e_digest_cleanup(EVP_MD_CTX *ctx)
struct digest_priv_ctx *priv =
(struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
+ /* Prevent double-free after the copy is used */
if (!priv || priv->copy)
return 1;
--
2.27.0

121
0046-ecc-cleanup-of-static-code-check.patch Normal file
View File

@ -0,0 +1,121 @@
From c8dbfbdd80ea8b8d422a50c634e057dd37ac9aea Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 16:45:03 +0800
Subject: [PATCH 46/57] ecc: cleanup of static code check
1. Use macros instead of specific numbers to represent
the key size.
2. Global variable 'sm2_order' only used in function
'sm2_update_sess' should be declared in function scope.
3. Remove unused structure 'uadk_ecc_sess'.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 22 +++++++++++-----------
src/uadk_pkey.c | 9 ---------
src/uadk_sm2.c | 21 ++++++---------------
3 files changed, 17 insertions(+), 35 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index e219bdf..d78658b 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -129,18 +129,18 @@ err:
static int get_smallest_hw_keybits(int bits)
{
/* ec curve order width */
- if (bits > 384)
- return 521;
- else if (bits > 320)
- return 384;
- else if (bits > 256)
- return 320;
- else if (bits > 192)
- return 256;
- else if (bits > 128)
- return 192;
+ if (bits > ECC384BITS)
+ return ECC521BITS;
+ else if (bits > ECC320BITS)
+ return ECC384BITS;
+ else if (bits > ECC256BITS)
+ return ECC320BITS;
+ else if (bits > ECC192BITS)
+ return ECC256BITS;
+ else if (bits > ECC128BITS)
+ return ECC192BITS;
else
- return 128;
+ return ECC128BITS;
}
static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 2616c5e..a0b74af 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -44,15 +44,6 @@ struct ecc_res_config {
int numa_id;
};
-typedef struct uadk_ecc_sess {
- handle_t sess;
- struct wd_ecc_sess_setup setup;
- struct wd_ecc_req req;
- int is_pubkey_ready;
- int is_privkey_ready;
- int key_size;
-} uadk_ecc_sess_t;
-
/* ecc global hardware resource is saved here */
struct ecc_res {
struct wd_ctx_config *ctx_res;
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index a478a94..fcca9f2 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -46,15 +46,6 @@ struct sm2_ctx {
bool is_init;
};
-typedef struct uadk_ecc_sess {
- handle_t sess;
- struct wd_ecc_sess_setup setup;
- struct wd_ecc_req req;
- int is_pubkey_ready;
- int is_privkey_ready;
- int key_size;
-} uadk_ecc_sess_t;
-
typedef struct sm2_ciphertext {
BIGNUM *C1x;
BIGNUM *C1y;
@@ -115,12 +106,6 @@ typedef int (*PFUNC_DEC)(EVP_PKEY_CTX *ctx,
const unsigned char *in,
size_t inlen);
-const unsigned char sm2_order[] = {
- 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,\
- 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,\
- 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23
-};
-
static int get_hash_type(int nid_hash)
{
switch (nid_hash) {
@@ -166,6 +151,12 @@ static int compute_hash(const char *in, size_t in_len,
static int sm2_update_sess(struct sm2_ctx *smctx)
{
+ const unsigned char sm2_order[] = {
+ 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
+ 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23
+ };
int nid_hash = smctx->ctx.md ? EVP_MD_type(smctx->ctx.md) : NID_sm3;
struct wd_ecc_sess_setup setup;
handle_t sess;
--
2.27.0

260
0047-ecc-bugfix-about-return-value-check.patch Normal file
View File

@ -0,0 +1,260 @@
From a8613bb37a229c64ab1846e4da2220912876fbfa Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 16:56:02 +0800
Subject: [PATCH 47/57] ecc: bugfix about return value check
Check the return value of BN_CTX_get(), and add a new
structure to wrap the curve parameters to make the logic
of return value check clearer.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 159 ++++++++++++++++++++++++++++++++++----------------
1 file changed, 108 insertions(+), 51 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index d78658b..37683cd 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -34,6 +34,19 @@
#define ECC384BITS 384
#define ECC521BITS 521
+struct curve_param {
+ /* prime */
+ BIGNUM *p;
+ /* ecc coefficient 'a' */
+ BIGNUM *a;
+ /* ecc coefficient 'b' */
+ BIGNUM *b;
+ /* base point */
+ const EC_POINT *g;
+ /* order of base point */
+ const BIGNUM *order;
+};
+
typedef ECDSA_SIG* (*PFUNC_SIGN_SIG)(const unsigned char *,
int,
const BIGNUM *,
@@ -70,58 +83,92 @@ static void init_dtb_param(void *dtb, char *start,
}
}
+static void fill_ecc_cv_param(struct wd_ecc_curve *pparam,
+ struct curve_param *cv_param,
+ BIGNUM *g_x, BIGNUM *g_y)
+{
+ pparam->p.dsize = BN_bn2bin(cv_param->p, (void *)pparam->p.data);
+ pparam->a.dsize = BN_bn2bin(cv_param->a, (void *)pparam->a.data);
+ if (!pparam->a.dsize) {
+ pparam->a.dsize = 1;
+ pparam->a.data[0] = 0;
+ }
+
+ pparam->b.dsize = BN_bn2bin(cv_param->b, (void *)pparam->b.data);
+ if (!pparam->b.dsize) {
+ pparam->b.dsize = 1;
+ pparam->b.data[0] = 0;
+ }
+
+ pparam->g.x.dsize = BN_bn2bin(g_x, (void *)pparam->g.x.data);
+ pparam->g.y.dsize = BN_bn2bin(g_y, (void *)pparam->g.y.data);
+ pparam->n.dsize = BN_bn2bin(cv_param->order, (void *)pparam->n.data);
+}
+
static int set_sess_setup_cv(const EC_GROUP *group,
struct wd_ecc_curve_cfg *cv)
{
struct wd_ecc_curve *pparam = cv->cfg.pparam;
- BIGNUM *p, *a, *b, *xg, *yg, *order;
- const EC_POINT *g;
+ struct curve_param *cv_param;
+ BIGNUM *g_x, *g_y;
+ int ret = -1;
BN_CTX *ctx;
- int ret;
ctx = BN_CTX_new();
if (!ctx)
- return -ENOMEM;
+ return ret;
BN_CTX_start(ctx);
- p = BN_CTX_get(ctx);
- a = BN_CTX_get(ctx);
- b = BN_CTX_get(ctx);
- xg = BN_CTX_get(ctx);
- yg = BN_CTX_get(ctx);
- ret = uadk_get_curve(group, p, a, b, ctx);
+ cv_param = OPENSSL_malloc(sizeof(struct curve_param));
+ if (!cv_param)
+ goto free_ctx;
+
+ cv_param->p = BN_CTX_get(ctx);
+ if (!cv_param->p)
+ goto free_cv;
+
+ cv_param->a = BN_CTX_get(ctx);
+ if (!cv_param->a)
+ goto free_cv;
+
+ cv_param->b = BN_CTX_get(ctx);
+ if (!cv_param->b)
+ goto free_cv;
+
+ g_x = BN_CTX_get(ctx);
+ if (!g_x)
+ goto free_cv;
+
+ g_y = BN_CTX_get(ctx);
+ if (!g_y)
+ goto free_cv;
+
+ ret = uadk_get_curve(group, cv_param->p, cv_param->a, cv_param->b, ctx);
if (ret)
- goto err;
+ goto free_cv;
- g = EC_GROUP_get0_generator(group);
- ret = uadk_get_affine_coordinates(group, g, xg, yg, ctx);
+ cv_param->g = EC_GROUP_get0_generator(group);
+ if (!cv_param->g)
+ goto free_cv;
+
+ ret = uadk_get_affine_coordinates(group, cv_param->g, g_x, g_y, ctx);
if (ret)
- goto err;
+ goto free_cv;
- order = (BIGNUM *)EC_GROUP_get0_order(group);
- pparam->p.dsize = BN_bn2bin(p, (void *)pparam->p.data);
- pparam->a.dsize = BN_bn2bin(a, (void *)pparam->a.data);
- /* a or b is all zero, but uadk not allow parameter length is zero */
- if (!pparam->a.dsize) {
- pparam->a.dsize = 1;
- pparam->a.data[0] = 0;
- }
- pparam->b.dsize = BN_bn2bin(b, (void *)pparam->b.data);
- if (!pparam->b.dsize) {
- pparam->b.dsize = 1;
- pparam->b.data[0] = 0;
- }
- pparam->g.x.dsize = BN_bn2bin(xg, (void *)pparam->g.x.data);
- pparam->g.y.dsize = BN_bn2bin(yg, (void *)pparam->g.y.data);
- pparam->n.dsize = BN_bn2bin(order, (void *)pparam->n.data);
+ cv_param->order = EC_GROUP_get0_order(group);
+ if (!cv_param->order)
+ goto free_cv;
+
+ fill_ecc_cv_param(pparam, cv_param, g_x, g_y);
cv->type = WD_CV_CFG_PARAM;
ret = 0;
-err:
- if (ctx) {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
+
+free_cv:
+ OPENSSL_free(cv_param);
+free_ctx:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
return ret;
}
@@ -166,12 +213,13 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
sp.cv.cfg.pparam = &param;
group = EC_KEY_get0_group(eckey);
ret = set_sess_setup_cv(group, &sp.cv);
- if (ret) {
- free(dev);
- return (handle_t)0;
- }
+ if (ret)
+ goto free_dev;
order = EC_GROUP_get0_order(group);
+ if (!order)
+ goto free_dev;
+
key_bits = BN_num_bits(order);
sp.alg = alg;
sp.key_bits = get_smallest_hw_keybits(key_bits);
@@ -184,8 +232,11 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
fprintf(stderr, "failed to alloc ecc sess\n");
free(dev);
-
return sess;
+
+free_dev:
+ free(dev);
+ return (handle_t)0;
}
static int check_ecc_bit_useful(const int bits)
@@ -506,6 +557,10 @@ static int ecdsa_do_verify_check(EC_KEY *eckey,
const BIGNUM *order;
int ret;
+ ret = eckey_check(eckey);
+ if (ret)
+ return ret;
+
if (!dgst) {
fprintf(stderr, "dgst is NULL\n");
return -1;
@@ -516,10 +571,6 @@ static int ecdsa_do_verify_check(EC_KEY *eckey,
return -1;
}
- ret = eckey_check(eckey);
- if (ret)
- return ret;
-
pub_key = EC_KEY_get0_public_key(eckey);
if (!pub_key) {
fprintf(stderr, "pub_key is NULL\n");
@@ -957,10 +1008,20 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req,
ctx = BN_CTX_new();
if (!ctx)
return -ENOMEM;
+
+ BN_CTX_start(ctx);
pkey_x = BN_CTX_get(ctx);
+ if (!pkey_x)
+ goto free_ctx;
+
pkey_y = BN_CTX_get(ctx);
+ if (!pkey_y)
+ goto free_ctx;
group = EC_KEY_get0_group(ecdh);
+ if (!group)
+ goto free_ctx;
+
uadk_get_affine_coordinates(group, pubkey, pkey_x, pkey_y, ctx);
in_pkey.x.data = buf_x;
in_pkey.y.data = buf_y;
@@ -986,13 +1047,9 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req,
ret = 1;
free_ctx:
- if (ctx) {
- if (pkey_x)
- BN_clear(pkey_x);
- if (pkey_y)
- BN_clear(pkey_y);
- BN_CTX_free(ctx);
- }
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+
return ret;
}
--
2.27.0

170
0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch Normal file
View File

@ -0,0 +1,170 @@
From 7989e5639ab9a2de5d03ecb06942ad556ed41d93 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 16:57:50 +0800
Subject: [PATCH 48/57] ecc: bugfix multiple definition of ecx structure
The structure 'ECX_KEY' is defined in the libcrypto of OpenSSL,
but OpenSSL does not put this definition in the header file in
its 1.1.1x release version, so we can not use this structure
directly. We should define a new structure that provides the
same function to avoid conflict with the definition in OpenSSL
when using static compilation.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ecx.c | 43 +++++++++++++++++++++++--------------------
1 file changed, 23 insertions(+), 20 deletions(-)
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 5d0ff76..df23156 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -31,14 +31,14 @@
#define X448_KEYLEN 56
#define X25519_KEYBITS 256
#define X448_KEYBITS 448
-#define MAX_KEYLEN 57
+#define ECX_MAX_KEYLEN 57
#define UADK_E_SUCCESS 1
#define UADK_E_FAIL 0
-typedef struct {
- unsigned char pubkey[MAX_KEYLEN];
+struct ecx_key {
+ unsigned char pubkey[ECX_MAX_KEYLEN];
unsigned char *privkey;
-} ECX_KEY;
+};
struct ecx_ctx {
handle_t sess;
@@ -224,12 +224,12 @@ static int ecx_get_nid(EVP_PKEY_CTX *ctx)
return nid;
}
-static int ecx_create_privkey(ECX_KEY **ecx_key, int key_size)
+static int ecx_create_privkey(struct ecx_key **ecx_key, int key_size)
{
unsigned char *privkey;
int ret;
- *ecx_key = OPENSSL_zalloc(sizeof(ECX_KEY));
+ *ecx_key = OPENSSL_zalloc(sizeof(struct ecx_key));
if (!(*ecx_key)) {
fprintf(stderr, "failed to alloc ecx_key\n");
return UADK_E_FAIL;
@@ -259,7 +259,8 @@ free_ecx_key:
return UADK_E_FAIL;
}
-static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
+static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx,
+ struct ecx_key *ecx_key)
{
handle_t sess = ecx_ctx->sess;
struct wd_ecc_key *ecc_key;
@@ -280,14 +281,14 @@ static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
}
static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx,
- struct wd_ecc_req *req, ECX_KEY *ecx_key)
+ struct wd_ecc_req *req, struct ecx_key *ecx_key)
{
struct wd_ecc_point *pubkey = NULL;
int key_size = ecx_ctx->key_size;
int ret;
wd_ecxdh_get_out_params(req->dst, &pubkey);
- if (key_size > MAX_KEYLEN) {
+ if (key_size > ECX_MAX_KEYLEN) {
fprintf(stderr, "invalid key size, key_size = %d\n", key_size);
return UADK_E_FAIL;
}
@@ -368,8 +369,8 @@ static int openssl_do_ecx_genkey(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
static int x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
struct ecx_ctx *keygen_ctx = NULL;
+ struct ecx_key *ecx_key = NULL;
struct wd_ecc_req req = {0};
- ECX_KEY *ecx_key = NULL;
int ret;
ret = ecx_genkey_check(ctx, pkey);
@@ -426,8 +427,8 @@ do_soft:
static int x448_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
struct ecx_ctx *keygen_ctx = NULL;
+ struct ecx_key *ecx_key = NULL;
struct wd_ecc_req req = {0};
- ECX_KEY *ecx_key = NULL;
int ret;
ret = ecx_genkey_check(ctx, pkey);
@@ -482,12 +483,13 @@ do_soft:
}
static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req,
- ECX_KEY *peer_ecx_key, ECX_KEY *ecx_key)
+ struct ecx_key *peer_ecx_key,
+ struct ecx_key *ecx_key)
{
int key_size = ecx_ctx->key_size;
+ char buf_y[ECX_MAX_KEYLEN] = {0};
handle_t sess = ecx_ctx->sess;
struct wd_ecc_point in_pubkey;
- char buf_y[MAX_KEYLEN] = {0};
struct wd_ecc_out *ecx_out;
struct wd_ecc_in *ecx_in;
int ret;
@@ -542,7 +544,8 @@ static void ecx_compkey_uninit_iot(handle_t sess, struct wd_ecc_req *req)
wd_ecc_del_in(sess, req->src);
}
-static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
+static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx,
+ struct ecx_key *ecx_key)
{
int key_size = ecx_ctx->key_size;
handle_t sess = ecx_ctx->sess;
@@ -576,8 +579,8 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
return UADK_E_SUCCESS;
}
-static int ecx_get_key(EVP_PKEY_CTX *ctx, ECX_KEY **ecx_key,
- ECX_KEY **peer_ecx_key)
+static int ecx_get_key(EVP_PKEY_CTX *ctx, struct ecx_key **ecx_key,
+ struct ecx_key **peer_ecx_key)
{
EVP_PKEY *pkey, *peer_key;
@@ -623,11 +626,11 @@ static void x25519_pad_out_key(unsigned char *dst_key, unsigned char *src_key,
static int x25519_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
+ struct ecx_key *peer_ecx_key = NULL;
struct wd_ecc_point *s_key = NULL;
struct ecx_ctx *derive_ctx = NULL;
- ECX_KEY *peer_ecx_key = NULL;
+ struct ecx_key *ecx_key = NULL;
struct wd_ecc_req req = {0};
- ECX_KEY *ecx_key = NULL;
int ret;
ret = x25519_init(ctx);
@@ -709,11 +712,11 @@ static void x448_pad_out_key(unsigned char *dst_key, unsigned char *src_key,
static int x448_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
+ struct ecx_key *peer_ecx_key = NULL;
struct wd_ecc_point *s_key = NULL;
struct ecx_ctx *derive_ctx = NULL;
- ECX_KEY *peer_ecx_key = NULL;
+ struct ecx_key *ecx_key = NULL;
struct wd_ecc_req req = {0};
- ECX_KEY *ecx_key = NULL;
int ret;
ret = x448_init(ctx);
--
2.27.0

76
0049-uadk_engine-remove-redundant-extern.patch Normal file
View File

@ -0,0 +1,76 @@
From 55edca5dd3c13ff623c078eaea2dfb9a7f444eb7 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:06:29 +0800
Subject: [PATCH 49/57] uadk_engine: remove redundant extern
Remove the "extern" keyword before function declaration in
the header file. Because the function in header file is
'extern' by default, there is no need to specify explicitly.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk.h | 24 ++++++++++++------------
src/uadk_async.h | 16 ++++++++--------
2 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h
index e2635d4..0188f0b 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -32,16 +32,16 @@ enum {
};
extern const char *engine_uadk_id;
-extern int uadk_e_bind_cipher(ENGINE *e);
-extern void uadk_e_destroy_cipher(void);
-extern int uadk_e_bind_digest(ENGINE *e);
-extern void uadk_e_destroy_digest(void);
-extern int uadk_e_bind_rsa(ENGINE *e);
-extern void uadk_e_destroy_rsa(void);
-extern int uadk_e_bind_dh(ENGINE *e);
-extern void uadk_e_destroy_dh(void);
-extern int uadk_e_bind_ecc(ENGINE *e);
-extern void uadk_e_destroy_ecc(void);
-extern int uadk_e_is_env_enabled(const char *alg_name);
-extern int uadk_e_set_env(const char *var_name, int numa_id);
+int uadk_e_bind_cipher(ENGINE *e);
+void uadk_e_destroy_cipher(void);
+int uadk_e_bind_digest(ENGINE *e);
+void uadk_e_destroy_digest(void);
+int uadk_e_bind_rsa(ENGINE *e);
+void uadk_e_destroy_rsa(void);
+int uadk_e_bind_dh(ENGINE *e);
+void uadk_e_destroy_dh(void);
+int uadk_e_bind_ecc(ENGINE *e);
+void uadk_e_destroy_ecc(void);
+int uadk_e_is_env_enabled(const char *alg_name);
+int uadk_e_set_env(const char *var_name, int numa_id);
#endif
diff --git a/src/uadk_async.h b/src/uadk_async.h
index d2a7e16..78f7a21 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -65,12 +65,12 @@ struct async_poll_queue {
pthread_t thread_id;
};
-extern int async_setup_async_event_notification(struct async_op *op);
-extern int async_clear_async_event_notification(void);
-extern int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
-extern void async_register_poll_fn(int type, async_recv_t func);
-extern void async_module_init(void);
-extern int async_wake_job(ASYNC_JOB *job);
-extern void async_free_poll_task(int id, bool is_cb);
-extern int async_get_free_task(int *id);
+int async_setup_async_event_notification(struct async_op *op);
+int async_clear_async_event_notification(void);
+int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
+void async_register_poll_fn(int type, async_recv_t func);
+void async_module_init(void);
+int async_wake_job(ASYNC_JOB *job);
+void async_free_poll_task(int id, bool is_cb);
+int async_get_free_task(int *id);
#endif
--
2.27.0

212
0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch Normal file
View File

@ -0,0 +1,212 @@
From ba0a9ede4f72387f065e88c054e35dc6fdb59079 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:10:47 +0800
Subject: [PATCH 50/57] uadk_engine: add timeout protection mechanism in poll
Count the cycle times of poll. When the count times exceed the
maximum number, exit to prevent the task from timeout.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_cipher.c | 13 ++++++++-----
src/uadk_dh.c | 11 +++++++----
src/uadk_digest.c | 11 +++++++----
src/uadk_pkey.c | 13 ++++++++-----
src/uadk_rsa.c | 11 +++++++----
5 files changed, 37 insertions(+), 22 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 472c0ad..54d0a7d 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -517,7 +517,7 @@ static int uadk_e_cipher_poll(void *ctx)
do {
ret = wd_cipher_poll_ctx(idx, expt, &recv);
- if (recv >= expt)
+ if (recv == expt)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -530,18 +530,21 @@ static int uadk_e_cipher_poll(void *ctx)
static int uadk_e_cipher_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
- /* poll one packet currently */
+ /* Poll one packet currently */
int expt = 1;
int ret;
do {
ret = wd_cipher_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_cipher_env_init(struct uacce_dev *dev)
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 893b0f2..cf319e5 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -212,7 +212,7 @@ static int uadk_e_dh_poll(void *ctx)
do {
ret = wd_dh_poll_ctx(idx, expect, &recv);
- if (recv >= expect)
+ if (recv == expect)
return UADK_E_POLL_SUCCESS;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -273,6 +273,7 @@ static struct dh_res_config dh_res_config = {
static int uadk_e_dh_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
/* Poll one packet currently */
int expt = 1;
@@ -280,11 +281,13 @@ static int uadk_e_dh_env_poll(void *ctx)
do {
ret = wd_dh_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_dh_env_init(struct uacce_dev *dev)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 8127373..853aa39 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -343,7 +343,7 @@ static int uadk_e_digest_poll(void *ctx)
do {
ret = wd_digest_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv >= expt)
+ if (recv == expt)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -356,6 +356,7 @@ static int uadk_e_digest_poll(void *ctx)
static int uadk_e_digest_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
/* Poll one packet currently */
int expt = 1;
@@ -363,11 +364,13 @@ static int uadk_e_digest_env_poll(void *ctx)
do {
ret = wd_digest_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_digest_env_init(struct uacce_dev *dev)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index a0b74af..9a3a725 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -110,7 +110,7 @@ static int uadk_ecc_poll(void *ctx)
do {
ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv >= expt)
+ if (recv == expt)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -143,18 +143,21 @@ int uadk_e_ecc_get_numa_id(void)
static int uadk_e_ecc_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
- /* poll one packet currently */
+ /* Poll one packet currently */
int expt = 1;
int ret;
do {
ret = wd_ecc_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 29b2521..a74343f 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -663,7 +663,7 @@ static int uadk_e_rsa_poll(void *ctx)
do {
ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv >= expt)
+ if (recv == expt)
return UADK_E_POLL_SUCCESS;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -689,6 +689,7 @@ static struct rsa_res_config rsa_res_config = {
static int uadk_e_rsa_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
/* Poll one packet currently */
int expt = 1;
@@ -696,11 +697,13 @@ static int uadk_e_rsa_env_poll(void *ctx)
do {
ret = wd_rsa_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_rsa_env_init(struct uacce_dev *dev)
--
2.27.0

272
0051-rsa-cleanup-redundant-BN-operation.patch Normal file
View File

@ -0,0 +1,272 @@
From 25b026f401195e0385fc575c51752e1c0c731394 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:13:09 +0800
Subject: [PATCH 51/57] rsa: cleanup redundant BN operation
Remove redundant codes for big number and rsa crt
mode judgment.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 92 ++++++++++++++++++++++----------------------------
1 file changed, 40 insertions(+), 52 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index a74343f..f95632b 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -871,8 +871,8 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
int is_crt)
{
unsigned int key_size = bits >> BIT_BYTES_SHIFT;
- struct uadk_rsa_sess *rsa_sess;
struct sched_params params = {0};
+ struct uadk_rsa_sess *rsa_sess;
rsa_sess = rsa_new_eng_session(rsa);
if (!rsa_sess)
@@ -882,11 +882,7 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
rsa_sess->setup.key_bits = key_size << BIT_BYTES_SHIFT;
params.numa_id = g_rsa_res.numa_id;
rsa_sess->setup.sched_param = &params;
-
- if (is_crt)
- rsa_sess->setup.is_crt = IS_SET;
- else
- rsa_sess->setup.is_crt = UN_SET;
+ rsa_sess->setup.is_crt = is_crt;
rsa_sess->sess = wd_rsa_alloc_sess(&rsa_sess->setup);
if (!rsa_sess->sess) {
@@ -1377,10 +1373,8 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess,
rsa, bn_param);
- if (!ret) {
+ if (!ret)
ret = UADK_DO_SOFT;
- goto free_kg_in_out;
- }
free_kg_in_out:
rsa_free_keygen_data(rsa_sess);
@@ -1398,11 +1392,11 @@ exe_soft:
static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
+ struct rsa_pubkey_param *pub_enc = NULL;
struct uadk_rsa_sess *rsa_sess = NULL;
- struct rsa_pubkey_param *pub = NULL;
unsigned char *from_buf = NULL;
int num_bytes, is_crt, ret;
- BIGNUM *ret_bn = NULL;
+ BIGNUM *enc_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret || ret == SOFT)
@@ -1412,7 +1406,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
if (ret)
goto exe_soft;
- ret = rsa_pkey_param_alloc(&pub, NULL);
+ ret = rsa_pkey_param_alloc(&pub_enc, NULL);
if (ret == -ENOMEM)
goto exe_soft;
@@ -1424,7 +1418,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
goto free_pkey;
}
- ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes);
+ ret = rsa_create_pub_bn_ctx(rsa, pub_enc, &from_buf, &num_bytes);
if (ret <= 0 || flen > num_bytes) {
ret = UADK_DO_SOFT;
goto free_sess;
@@ -1436,7 +1430,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
goto free_buf;
}
- ret = rsa_fill_pubkey(pub, rsa_sess, from_buf, to);
+ ret = rsa_fill_pubkey(pub_enc, rsa_sess, from_buf, to);
if (!ret) {
ret = UADK_DO_SOFT;
goto free_buf;
@@ -1448,27 +1442,25 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
+ enc_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
rsa_sess->req.dst_bytes, NULL);
- if (!ret_bn) {
+ if (!enc_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
- ret = BN_bn2binpad(ret_bn, to, num_bytes);
- if (ret == -1) {
+ ret = BN_bn2binpad(enc_bn, to, num_bytes);
+ if (ret == -1)
ret = UADK_DO_SOFT;
- goto free_bn;
- }
-free_bn:
- BN_free(ret_bn);
+ BN_free(enc_bn);
+
free_buf:
rsa_free_pub_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
free_pkey:
- rsa_pkey_param_free(&pub, NULL);
+ rsa_pkey_param_free(&pub_enc, NULL);
if (ret != UADK_DO_SOFT)
return ret;
exe_soft:
@@ -1484,7 +1476,7 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
unsigned char *from_buf = NULL;
struct uadk_rsa_sess *rsa_sess;
int num_bytes, len, ret;
- BIGNUM *ret_bn = NULL;
+ BIGNUM *dec_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret || ret == SOFT)
@@ -1526,27 +1518,25 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
+ dec_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
rsa_sess->req.dst_bytes, NULL);
- if (!ret_bn) {
+ if (!dec_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
- len = BN_bn2binpad(ret_bn, from_buf, num_bytes);
+ len = BN_bn2binpad(dec_bn, from_buf, num_bytes);
if (!len) {
ret = UADK_DO_SOFT;
- goto free_bn;
+ goto free_dec_bn;
}
ret = check_rsa_pridec_padding(to, num_bytes, from_buf, len, padding);
- if (!ret) {
+ if (!ret)
ret = UADK_DO_SOFT;
- goto free_bn;
- }
-free_bn:
- BN_free(ret_bn);
+free_dec_bn:
+ BN_free(dec_bn);
free_buf:
rsa_free_pri_bn_ctx(&from_buf);
free_sess:
@@ -1567,7 +1557,7 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
struct uadk_rsa_sess *rsa_sess = NULL;
struct rsa_prikey_param *pri = NULL;
unsigned char *from_buf = NULL;
- BIGNUM *ret_bn = NULL;
+ BIGNUM *sign_bn = NULL;
BIGNUM *to_bn = NULL;
BIGNUM *res = NULL;
int num_bytes, ret;
@@ -1616,9 +1606,9 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
+ sign_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
rsa_sess->req.dst_bytes, NULL);
- if (!ret_bn) {
+ if (!sign_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
@@ -1626,10 +1616,10 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
to_bn = BN_bin2bn(from_buf, num_bytes, NULL);
if (!to_bn) {
ret = UADK_DO_SOFT;
- goto free_ret_bn;
+ goto free_sign_bn;
}
- ret = rsa_get_sign_res(padding, to_bn, pri->n, ret_bn, &res);
+ ret = rsa_get_sign_res(padding, to_bn, pri->n, sign_bn, &res);
if (!ret) {
ret = UADK_DO_SOFT;
goto free_to_bn;
@@ -1639,8 +1629,8 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
free_to_bn:
BN_free(to_bn);
-free_ret_bn:
- BN_free(ret_bn);
+free_sign_bn:
+ BN_free(sign_bn);
free_buf:
rsa_free_pri_bn_ctx(&from_buf);
free_sess:
@@ -1662,7 +1652,7 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
struct rsa_pubkey_param *pub = NULL;
int num_bytes, is_crt, len, ret;
unsigned char *from_buf = NULL;
- BIGNUM *ret_bn = NULL;
+ BIGNUM *verify_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret)
@@ -1705,33 +1695,31 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
+ verify_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
rsa_sess->req.dst_bytes, NULL);
- if (!ret_bn) {
+ if (!verify_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
- ret = rsa_get_verify_res(padding, pub->n, ret_bn);
+ ret = rsa_get_verify_res(padding, pub->n, verify_bn);
if (!ret) {
ret = UADK_DO_SOFT;
- goto free_bn;
+ goto free_verify_bn;
}
- len = BN_bn2binpad(ret_bn, from_buf, num_bytes);
+ len = BN_bn2binpad(verify_bn, from_buf, num_bytes);
if (!len) {
ret = UADK_DO_SOFT;
- goto free_bn;
+ goto free_verify_bn;
}
ret = check_rsa_pubdec_padding(to, num_bytes, from_buf, len, padding);
- if (!ret) {
+ if (!ret)
ret = UADK_DO_SOFT;
- goto free_bn;
- }
-free_bn:
- BN_free(ret_bn);
+free_verify_bn:
+ BN_free(verify_bn);
free_buf:
rsa_free_pub_bn_ctx(&from_buf);
free_sess:
--
2.27.0

189
0052-rsa-bugfix-memory-leak-in-genkey-process.patch Normal file
View File

@ -0,0 +1,189 @@
From 8d27c38b9bbf0dee3ba17aac4d1bf9529bdafdea Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:15:05 +0800
Subject: [PATCH 52/57] rsa: bugfix memory leak in genkey process
The process of releasing keygen parameter is supplemented:
When an abnormal situation occurs, uadk engine needs to switch
to software keygen function, so we need to free BN ctx we alloced
before. But in normal situation, the BN ctx should be freed by
OpenSSL tools or users, because the OpenSSL tool, for example,
genrsa, has implemented the free operation, we should not free
it again.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/e_uadk.c | 3 +--
src/uadk_rsa.c | 57 ++++++++++++++++++++++++++------------------------
2 files changed, 31 insertions(+), 29 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 58a10de..23fe0f2 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -333,8 +333,7 @@ static void bind_fn_uadk_alg(ENGINE *e)
}
/*
- * This stuff is needed if this ENGINE is being
- * compiled into a self-contained shared-library.
+ * Connect uadk_engine to OpenSSL engine library.
*/
static int bind_fn(ENGINE *e, const char *id)
{
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index f95632b..5b23dab 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -968,15 +968,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,
return UADK_E_SUCCESS;
}
-static int rsa_get_keygen_param(struct wd_rsa_req *req,
- handle_t ctx, RSA *rsa,
- struct rsa_keygen_param_bn *bn_param)
+static int rsa_get_keygen_param(struct wd_rsa_req *req, handle_t ctx, RSA *rsa,
+ struct rsa_keygen_param_bn *bn_param, BN_CTX **bn_ctx_in)
{
struct wd_rsa_kg_out *out = (struct wd_rsa_kg_out *)req->dst;
struct wd_dtb wd_d, wd_n, wd_qinv, wd_dq, wd_dp;
BIGNUM *dmp1, *dmq1, *iqmp, *n, *d;
unsigned int key_bits, key_size;
- BN_CTX *bn_ctx;
+ BN_CTX *bn_ctx = *bn_ctx_in;
key_bits = wd_rsa_get_key_bits(ctx);
if (!key_bits)
@@ -986,30 +985,25 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
wd_rsa_get_kg_out_params(out, &wd_d, &wd_n);
wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp);
- bn_ctx = BN_CTX_new();
- if (!bn_ctx)
- return UADK_E_FAIL;
-
- BN_CTX_start(bn_ctx);
dmp1 = BN_CTX_get(bn_ctx);
if (!dmp1)
- goto free_bn_ctx;
+ return UADK_E_FAIL;
dmq1 = BN_CTX_get(bn_ctx);
if (!dmq1)
- goto free_bn_ctx;
+ return UADK_E_FAIL;
iqmp = BN_CTX_get(bn_ctx);
if (!iqmp)
- goto free_bn_ctx;
+ return UADK_E_FAIL;
n = BN_CTX_get(bn_ctx);
if (!n)
- goto free_bn_ctx;
+ return UADK_E_FAIL;
d = BN_CTX_get(bn_ctx);
if (!d)
- goto free_bn_ctx;
+ return UADK_E_FAIL;
BN_bin2bn((unsigned char *)wd_d.data, key_size, d);
BN_bin2bn((unsigned char *)wd_n.data, key_size, n);
@@ -1020,15 +1014,9 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
if (!(RSA_set0_key(rsa, n, bn_param->e, d) &&
RSA_set0_factors(rsa, bn_param->p, bn_param->q) &&
RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)))
- goto free_bn_ctx;
+ return UADK_E_FAIL;
return UADK_E_SUCCESS;
-
-free_bn_ctx:
- BN_CTX_end(bn_ctx);
- BN_CTX_free(bn_ctx);
-
- return UADK_E_FAIL;
}
static void uadk_e_rsa_cb(void *req_t)
@@ -1179,7 +1167,7 @@ static void rsa_free_keygen_data(struct uadk_rsa_sess *rsa_sess)
static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
struct rsa_keygen_param_bn **keygen_bn_param,
- struct rsa_keypair **key_pair)
+ struct rsa_keypair **key_pair, BN_CTX **bn_ctx_in)
{
BN_CTX *bn_ctx;
@@ -1201,6 +1189,8 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
goto free_key_pair;
BN_CTX_start(bn_ctx);
+ *bn_ctx_in = bn_ctx;
+
(*keygen_bn_param)->e = BN_CTX_get(bn_ctx);
if (!(*keygen_bn_param)->e)
goto free_bn_ctx;
@@ -1230,8 +1220,21 @@ err:
static void rsa_keygen_param_free(struct rsa_keygen_param **keygen_param,
struct rsa_keygen_param_bn **keygen_bn_param,
- struct rsa_keypair **key_pair)
+ struct rsa_keypair **key_pair, BN_CTX **bn_ctx,
+ int free_bn_ctx_tag)
{
+ /*
+ * When an abnormal situation occurs, uadk engine needs
+ * to switch to software keygen function, so we need to
+ * free BN ctx we alloced before. But in normal situation,
+ * the BN ctx should be freed by OpenSSL tools or users.
+ * Therefore, we use a tag to distinguish these cases.
+ */
+ if (free_bn_ctx_tag == UADK_DO_SOFT) {
+ BN_CTX_end(*bn_ctx);
+ BN_CTX_free(*bn_ctx);
+ }
+
OPENSSL_free(*keygen_bn_param);
OPENSSL_free(*keygen_param);
OPENSSL_free(*key_pair);
@@ -1327,6 +1330,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
struct rsa_keygen_param_bn *bn_param = NULL;
struct uadk_rsa_sess *rsa_sess = NULL;
struct rsa_keypair *key_pair = NULL;
+ BN_CTX *bn_ctx = NULL;
int is_crt = 1;
int ret;
@@ -1338,7 +1342,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
if (ret)
goto exe_soft;
- ret = rsa_keygen_param_alloc(&keygen_param, &bn_param, &key_pair);
+ ret = rsa_keygen_param_alloc(&keygen_param, &bn_param, &key_pair, &bn_ctx);
if (ret == -ENOMEM)
goto exe_soft;
@@ -1371,8 +1375,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
goto free_kg_in_out;
}
- ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess,
- rsa, bn_param);
+ ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess, rsa, bn_param, &bn_ctx);
if (!ret)
ret = UADK_DO_SOFT;
@@ -1381,7 +1384,7 @@ free_kg_in_out:
free_sess:
rsa_free_eng_session(rsa_sess);
free_keygen:
- rsa_keygen_param_free(&keygen_param, &bn_param, &key_pair);
+ rsa_keygen_param_free(&keygen_param, &bn_param, &key_pair, &bn_ctx, ret);
if (ret != UADK_DO_SOFT)
return ret;
exe_soft:
--
2.27.0

97
0053-rsa-remove-unused-software-method.patch Normal file
View File

@ -0,0 +1,97 @@
From ff703a9aa6a0a2dada51b7bf88cc9e1a8ce2d6cd Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:16:59 +0800
Subject: [PATCH 53/57] rsa: remove unused software method
Switching to software methods in abnormal scenarios has been
implemented in other functions, uadk_e_get_rsa_sw_methods()
is actually unused, so we remove it.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 49 +++++--------------------------------------------
1 file changed, 5 insertions(+), 44 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 5b23dab..7983bc0 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -53,7 +53,6 @@
#define ENV_ENABLED 1
static RSA_METHOD *rsa_hw_meth;
-static RSA_METHOD *rsa_sw_meth;
struct bignum_st {
BN_ULONG *d;
@@ -1737,25 +1736,11 @@ exe_soft:
(flen, from, to, rsa, padding);
}
-static RSA_METHOD *uadk_e_get_rsa_sw_methods(void)
-{
- /* meth: default rsa software method */
- const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
-
- rsa_sw_meth = RSA_meth_new("rsa soft method", 0);
- (void)RSA_meth_set_pub_enc(rsa_sw_meth, RSA_meth_get_pub_enc(meth));
- (void)RSA_meth_set_priv_enc(rsa_sw_meth, RSA_meth_get_priv_enc(meth));
- (void)RSA_meth_set_pub_dec(rsa_sw_meth, RSA_meth_get_pub_dec(meth));
- (void)RSA_meth_set_priv_dec(rsa_sw_meth, RSA_meth_get_priv_dec(meth));
- (void)RSA_meth_set_keygen(rsa_sw_meth, uadk_e_soft_rsa_keygen);
- (void)RSA_meth_set_mod_exp(rsa_sw_meth, RSA_meth_get_mod_exp(meth));
- (void)RSA_meth_set_bn_mod_exp(rsa_sw_meth,
- RSA_meth_get_bn_mod_exp(meth));
-
- return rsa_sw_meth;
-}
-
-static RSA_METHOD *uadk_e_get_rsa_hw_methods(void)
+/**
+ * uadk_get_rsa_method() - Set rsa hardware methods of the RSA implementation which
+ * can be called from ENGINE structure.
+ */
+static RSA_METHOD *uadk_e_get_rsa_methods(void)
{
if (rsa_hw_meth)
return rsa_hw_meth;
@@ -1780,36 +1765,12 @@ static RSA_METHOD *uadk_e_get_rsa_hw_methods(void)
return rsa_hw_meth;
}
-/**
- * uadk_get_rsa_method() - Set rsa methods of the RSA implementation which
- * can be called from ENGINE structure.
- */
-static RSA_METHOD *uadk_e_get_rsa_methods(void)
-{
- struct uacce_dev *dev;
-
- dev = wd_get_accel_dev("rsa");
- if (!dev)
- return uadk_e_get_rsa_sw_methods();
-
- free(dev);
- return uadk_e_get_rsa_hw_methods();
-}
-
static void uadk_e_delete_rsa_meth(void)
{
- if (!rsa_hw_meth && !rsa_sw_meth)
- return;
-
if (rsa_hw_meth) {
RSA_meth_free(rsa_hw_meth);
rsa_hw_meth = NULL;
}
-
- if (rsa_sw_meth) {
- RSA_meth_free(rsa_sw_meth);
- rsa_sw_meth = NULL;
- }
}
/**
--
2.27.0

26
0054-doc-Modify-maintainers.patch Normal file
View File

@ -0,0 +1,26 @@
From 9dd29d1cfd3b3038bc8a347c51f1f176c28ec0b5 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Mon, 25 Jul 2022 11:42:11 +0800
Subject: [PATCH 54/57] doc: Modify maintainers
Personnel change, replace a maintainer.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
docs/maintenance.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/maintenance.md b/docs/maintenance.md
index 50ed1fe..1a563ce 100644
--- a/docs/maintenance.md
+++ b/docs/maintenance.md
@@ -28,5 +28,5 @@ sudo test/sanity_test.sh
```
Zhangfei Gao <zhangfei.gao@linaro.org>
Zhou Wang <wangzhou1@hisilicon.com>
-Hui Tang <tanghui20@huawei.com>
+Zhiqi Song <songzhiqi1@huawei.com>
```
--
2.27.0

52
0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch Normal file
View File

@ -0,0 +1,52 @@
From 623c8687b64381b0dc454ea2d2c81ee5f6bfdbc7 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Tue, 26 Jul 2022 10:39:01 +0800
Subject: [PATCH 55/57] rsa: modify the default algorithm of keygen soft
algorithm
When the hardware algorithm execution fails, the engine needs to
switch to the soft algorithm execution, and the callback needs to
be modified to the soft algorithm to prevent it from being
re-transferred to the hardware interface.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_rsa.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 7983bc0..03f2ce5 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -140,6 +140,8 @@ enum {
MAX_CODE,
};
+static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+
static int rsa_check_bit_useful(const int bits, int flen)
{
if (flen > bits)
@@ -1100,10 +1102,19 @@ err:
static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
{
+ const RSA_METHOD *default_meth = RSA_PKCS1_OpenSSL();
int ret;
+ if (!default_meth) {
+ fprintf(stderr, "failed to get soft method.\n");
+ return UADK_E_FAIL;
+ }
+
UNUSED(cb);
+ (void)RSA_meth_set_keygen(rsa_hw_meth,
+ RSA_meth_get_keygen(default_meth));
ret = RSA_generate_key_ex(rsa, bits, e, NULL);
+ (void)RSA_meth_set_keygen(rsa_hw_meth, uadk_e_rsa_keygen);
return ret;
}
--
2.27.0

224
0056-engine-initialize-resources-only-once.patch Normal file
View File

@ -0,0 +1,224 @@
From 0245d700da510dd54926eab3fb9377bde991024f Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Tue, 26 Jul 2022 10:54:03 +0800
Subject: [PATCH 56/57] engine: initialize resources only once
If multiple threads load the engine repeatedly, the
poll_queue and global locks in the algorithm API are
repeatedly initialized. As a result, tasks of other
threads are abnormal.
Therefore, this patch moves resource initialization
to the function 'uadk_init' and only initialize once.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/e_uadk.c | 37 +++++++++++++++++++++++++++++++++----
src/uadk.h | 5 +++++
src/uadk_cipher.c | 7 +++++--
src/uadk_dh.c | 7 +++++--
src/uadk_digest.c | 7 +++++--
src/uadk_pkey.c | 7 +++++--
src/uadk_rsa.c | 6 ++++--
7 files changed, 62 insertions(+), 14 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 23fe0f2..1b95284 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -43,6 +43,8 @@ static int uadk_digest;
static int uadk_rsa;
static int uadk_dh;
static int uadk_ecc;
+static int uadk_inited;
+static pthread_mutex_t uadk_engine_mutex = PTHREAD_MUTEX_INITIALIZER;
#ifdef KAE
static int uadk_cipher_nosva;
@@ -219,12 +221,41 @@ static int uadk_destroy(ENGINE *e)
uadk_e_destroy_ecc();
if (uadk_dh)
uadk_e_destroy_dh();
+
+ pthread_mutex_lock(&uadk_engine_mutex);
+ uadk_inited = 0;
+ pthread_mutex_unlock(&uadk_engine_mutex);
+
return 1;
}
-
static int uadk_init(ENGINE *e)
{
+ int ret;
+
+ pthread_mutex_lock(&uadk_engine_mutex);
+ if (uadk_inited) {
+ pthread_mutex_unlock(&uadk_engine_mutex);
+ return 1;
+ }
+
+ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc)
+ async_module_init();
+
+ if (uadk_digest)
+ uadk_e_digest_lock_init();
+ if (uadk_cipher)
+ uadk_e_cipher_lock_init();
+ if (uadk_rsa)
+ uadk_e_rsa_lock_init();
+ if (uadk_dh)
+ uadk_e_dh_lock_init();
+ if (uadk_ecc)
+ uadk_e_ecc_lock_init();
+
+ uadk_inited = 1;
+ pthread_mutex_unlock(&uadk_engine_mutex);
+
return 1;
}
@@ -360,10 +391,8 @@ static int bind_fn(ENGINE *e, const char *id)
#endif
bind_fn_uadk_alg(e);
- if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) {
- async_module_init();
+ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc)
pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler);
- }
ret = ENGINE_set_ctrl_function(e, uadk_engine_ctrl);
if (ret != 1) {
diff --git a/src/uadk.h b/src/uadk.h
index 0188f0b..cd3447c 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -44,4 +44,9 @@ int uadk_e_bind_ecc(ENGINE *e);
void uadk_e_destroy_ecc(void);
int uadk_e_is_env_enabled(const char *alg_name);
int uadk_e_set_env(const char *var_name, int numa_id);
+void uadk_e_ecc_lock_init(void);
+void uadk_e_rsa_lock_init(void);
+void uadk_e_dh_lock_init(void);
+void uadk_e_cipher_lock_init(void);
+void uadk_e_digest_lock_init(void);
#endif
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 54d0a7d..c5bc7af 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -1076,8 +1076,6 @@ int uadk_e_bind_cipher(ENGINE *e)
if (platform > KUNPENG920)
bind_v3_cipher();
- pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
-
return ENGINE_set_ciphers(e, uadk_e_engine_ciphers);
}
@@ -1160,3 +1158,8 @@ void uadk_e_destroy_cipher(void)
if (platform > KUNPENG920)
destroy_v3_cipher();
}
+
+void uadk_e_cipher_lock_init(void)
+{
+ pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
+}
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index cf319e5..37f84e9 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -902,8 +902,6 @@ static void uadk_e_delete_dh_meth(void)
int uadk_e_bind_dh(ENGINE *e)
{
- pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE);
-
return ENGINE_set_DH(e, uadk_e_get_dh_methods());
}
@@ -913,3 +911,8 @@ void uadk_e_destroy_dh(void)
uadk_e_delete_dh_meth();
uadk_e_wd_dh_uninit();
}
+
+void uadk_e_dh_lock_init(void)
+{
+ pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE);
+}
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 853aa39..b2646cb 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -804,6 +804,11 @@ do { \
return 0; \
} while (0)
+void uadk_e_digest_lock_init(void)
+{
+ pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
+}
+
int uadk_e_bind_digest(ENGINE *e)
{
UADK_DIGEST_DESCR(md5, md5WithRSAEncryption, MD5_DIGEST_LENGTH,
@@ -849,8 +854,6 @@ int uadk_e_bind_digest(ENGINE *e)
uadk_e_digest_final, uadk_e_digest_cleanup,
uadk_e_digest_copy);
- pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
-
return ENGINE_set_digests(e, uadk_engine_digests);
}
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 9a3a725..211f1cc 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -615,6 +615,11 @@ static int uadk_ecc_bind_pmeth(ENGINE *e)
return ENGINE_set_pkey_meths(e, get_pkey_meths);
}
+void uadk_e_ecc_lock_init(void)
+{
+ pthread_spin_init(&ecc_res.lock, PTHREAD_PROCESS_PRIVATE);
+}
+
int uadk_e_bind_ecc(ENGINE *e)
{
int ret;
@@ -631,8 +636,6 @@ int uadk_e_bind_ecc(ENGINE *e)
return ret;
}
- pthread_spin_init(&ecc_res.lock, PTHREAD_PROCESS_PRIVATE);
-
return ret;
}
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 03f2ce5..ef1739d 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1790,8 +1790,6 @@ static void uadk_e_delete_rsa_meth(void)
*/
int uadk_e_bind_rsa(ENGINE *e)
{
- pthread_spin_init(&g_rsa_res.lock, PTHREAD_PROCESS_PRIVATE);
-
return ENGINE_set_RSA(e, uadk_e_get_rsa_methods());
}
@@ -1802,3 +1800,7 @@ void uadk_e_destroy_rsa(void)
uadk_e_rsa_uninit();
}
+void uadk_e_rsa_lock_init(void)
+{
+ pthread_spin_init(&g_rsa_res.lock, PTHREAD_PROCESS_PRIVATE);
+}
--
2.27.0

105
0057-engine-fix-function-type.patch Normal file
View File

@ -0,0 +1,105 @@
From f43d50084550042f053de2dcce03d91d5f8b040a Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Tue, 26 Jul 2022 10:58:56 +0800
Subject: [PATCH 57/57] engine: fix function type
If return type of the function 'async_module_init' is void,
when function executes failed, the app continues to execute tasks.
The process will be abnormal. Change 'async_module_init' type to int.
If function executes failed, 0 is returned.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/e_uadk.c | 16 +++++++++++++---
src/uadk_async.c | 9 +++++----
src/uadk_async.h | 2 +-
3 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 1b95284..77612d7 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -239,8 +239,14 @@ static int uadk_init(ENGINE *e)
return 1;
}
- if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc)
- async_module_init();
+ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) {
+ ret = async_module_init();
+ if (!ret) {
+ pthread_mutex_unlock(&uadk_engine_mutex);
+ fprintf(stderr, "failed to init async module!\n");
+ return 0;
+ }
+ }
if (uadk_digest)
uadk_e_digest_lock_init();
@@ -266,7 +272,11 @@ static int uadk_finish(ENGINE *e)
static void engine_init_child_at_fork_handler(void)
{
- async_module_init();
+ int ret;
+
+ ret = async_module_init();
+ if (!ret)
+ fprintf(stderr, "failed to init child async module!\n");
}
#ifdef KAE
diff --git a/src/uadk_async.c b/src/uadk_async.c
index 11d624c..3f2e1db 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -336,7 +336,7 @@ static void *async_poll_process_func(void *args)
return NULL;
}
-void async_module_init(void)
+int async_module_init(void)
{
pthread_t thread_id;
pthread_attr_t thread_attr;
@@ -344,11 +344,11 @@ void async_module_init(void)
memset(&poll_queue, 0, sizeof(struct async_poll_queue));
if (pthread_mutex_init(&(poll_queue.async_task_mutex), NULL) < 0)
- return;
+ return 0;
poll_queue.head = malloc(sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM);
if (poll_queue.head == NULL)
- return;
+ return 0;
memset(poll_queue.head, 0,
sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM);
@@ -368,8 +368,9 @@ void async_module_init(void)
poll_queue.thread_id = thread_id;
OPENSSL_atexit(async_poll_task_free);
- return;
+ return 1;
err:
async_poll_task_free();
+ return 0;
}
diff --git a/src/uadk_async.h b/src/uadk_async.h
index 78f7a21..9bae3f4 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -69,7 +69,7 @@ int async_setup_async_event_notification(struct async_op *op);
int async_clear_async_event_notification(void);
int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
void async_register_poll_fn(int type, async_recv_t func);
-void async_module_init(void);
+int async_module_init(void);
int async_wake_job(ASYNC_JOB *job);
void async_free_poll_task(int id, bool is_cb);
int async_get_free_task(int *id);
--
2.27.0

99
uadk_engine.spec
View File

@ -3,7 +3,7 @@
Name: uadk_engine Name: uadk_engine
Summary: UADK Accelerator Engine Summary: UADK Accelerator Engine
Version: 1.0.0 Version: 1.0.0
Release: 6 Release: 7
License: Apache-2.0 License: Apache-2.0
Source: %{name}-%{version}.tar.gz Source: %{name}-%{version}.tar.gz
ExclusiveOS: linux ExclusiveOS: linux
@ -16,43 +16,63 @@ BuildRequires: openssl-devel sed autoconf automake libtool
Requires: openssl Requires: openssl
ExclusiveArch: aarch64 ExclusiveArch: aarch64
Patch0001: 0001-digest-support-digest-multiple-update.patch Patch0001: 0001-digest-support-digest-multiple-update.patch
Patch0002: 0002-uadk_engine-define-the-variable-as-const.patch Patch0002: 0002-uadk_engine-define-the-variable-as-const.patch
Patch0003: 0003-ecc-fix-codecheck-warning.patch Patch0003: 0003-ecc-fix-codecheck-warning.patch
Patch0004: 0004-rsa-delete-redundant-copy.patch Patch0004: 0004-rsa-delete-redundant-copy.patch
Patch0005: 0005-rsa-fix-coverity-warning.patch Patch0005: 0005-rsa-fix-coverity-warning.patch
Patch0006: 0006-ecc-cleanup-duplicate-public-key-allocation.patch Patch0006: 0006-ecc-cleanup-duplicate-public-key-allocation.patch
Patch0007: 0007-rsa-cleanup-about-reducing-function-parameters.patch Patch0007: 0007-rsa-cleanup-about-reducing-function-parameters.patch
Patch0008: 0008-ecc-cleanup-sm2-compute-digest-function.patch Patch0008: 0008-ecc-cleanup-sm2-compute-digest-function.patch
Patch0009: 0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch Patch0009: 0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch
Patch0010: 0010-rsa-cleanup-about-prime-generation.patch Patch0010: 0010-rsa-cleanup-about-prime-generation.patch
Patch0011: 0011-ecc-cleanup-the-form-of-the-return-value.patch Patch0011: 0011-ecc-cleanup-the-form-of-the-return-value.patch
Patch0012: 0012-engine-fix-uadk-engine-compatibility-issue.patch Patch0012: 0012-engine-fix-uadk-engine-compatibility-issue.patch
Patch0013: 0013-digest-modify-the-process-of-free-session.patch Patch0013: 0013-digest-modify-the-process-of-free-session.patch
Patch0014: 0014-digest-modify-the-process-of-soft-and-hardware-hando.patch Patch0014: 0014-digest-modify-the-process-of-soft-and-hardware-hando.patch
Patch0015: 0015-ecc-bugfix-about-sm2-decryption.patch Patch0015: 0015-ecc-bugfix-about-sm2-decryption.patch
Patch0016: 0016-dh-bugfix-about-dh-compute-key.patch Patch0016: 0016-dh-bugfix-about-dh-compute-key.patch
Patch0017: 0017-ecc-bugfix-about-ecc-general-init.patch Patch0017: 0017-ecc-bugfix-about-ecc-general-init.patch
Patch0018: 0018-digest-fix-codecheck-warning.patch Patch0018: 0018-digest-fix-codecheck-warning.patch
Patch0019: 0019-cipher-fixup-a-code-check-warning.patch Patch0019: 0019-cipher-fixup-a-code-check-warning.patch
Patch0020: 0020-rsa-fixup-a-code-check-warning.patch Patch0020: 0020-rsa-fixup-a-code-check-warning.patch
Patch0021: 0021-cipher-delete-a-redundant-branch.patch Patch0021: 0021-cipher-delete-a-redundant-branch.patch
Patch0022: 0022-engine-fix-engine-can-t-work-under-hybrid-mode.patch Patch0022: 0022-engine-fix-engine-can-t-work-under-hybrid-mode.patch
Patch0023: 0023-engine-add-the-kae-log-feature.patch Patch0023: 0023-engine-add-the-kae-log-feature.patch
Patch0024: 0024-rsa-fix-interface-name.patch Patch0024: 0024-rsa-fix-interface-name.patch
Patch0025: 0025-ecc-cleanup-sm2-unreachable-code.patch Patch0025: 0025-ecc-cleanup-sm2-unreachable-code.patch
Patch0026: 0026-rsa-cleanup-of-code-style.patch Patch0026: 0026-rsa-cleanup-of-code-style.patch
Patch0027: 0027-v1-fixup-about-uninitialized-variable.patch Patch0027: 0027-v1-fixup-about-uninitialized-variable.patch
Patch0028: 0028-ecc-fix-checking-conditions.patch Patch0028: 0028-ecc-fix-checking-conditions.patch
Patch0029: 0029-ecc-cleanup-print-log.patch Patch0029: 0029-ecc-cleanup-print-log.patch
Patch0030: 0030-engine-fix-function-return-type.patch Patch0030: 0030-engine-fix-function-return-type.patch
Patch0031: 0031-rsa-fixup-about-the-wrong-copy.patch Patch0031: 0031-rsa-fixup-about-the-wrong-copy.patch
Patch0032: 0032-README-modify-the-engine-id-name.patch Patch0032: 0032-README-modify-the-engine-id-name.patch
Patch0033: 0033-digest-improve-the-digest-performance.patch Patch0033: 0033-digest-improve-the-digest-performance.patch
Patch0034: 0034-cipher-support-the-sm4-ecb-alg.patch Patch0034: 0034-cipher-support-the-sm4-ecb-alg.patch
Patch0035: 0035-cipher-fix-segmentation-fault-for-uadk_e_ctx_init.patch Patch0035: 0035-cipher-fix-segmentation-fault-for-uadk_e_ctx_init.patch
Patch0036: 0036-cipher-sm4-ecb-algorithm-is-deleted-by-mistake.patch Patch0036: 0036-cipher-sm4-ecb-algorithm-is-deleted-by-mistake.patch
Patch0037: 0037-rsa-bugfix-about-redundant-and-inefficient-operation.patch Patch0037: 0037-rsa-bugfix-about-redundant-and-inefficient-operation.patch
Patch0038: 0038-uadk-engine-change-Copyright-to-2022.patch
Patch0039: 0039-README-move-test-script-to-sanity_test.sh.patch
Patch0040: 0040-uadk_engine-fix-string-compare-mode.patch
Patch0041: 0041-cipher-optimize-the-process-of-ctx-initialization.patch
Patch0042: 0042-cipher-adding-an-iv-update-to-a-decryption.patch
Patch0043: 0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch
Patch0044: 0044-engine-add-receiving-timeout-count.patch
Patch0045: 0045-digest-fix-the-fault-as-using-the-nginx.patch
Patch0046: 0046-ecc-cleanup-of-static-code-check.patch
Patch0047: 0047-ecc-bugfix-about-return-value-check.patch
Patch0048: 0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch
Patch0049: 0049-uadk_engine-remove-redundant-extern.patch
Patch0050: 0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch
Patch0051: 0051-rsa-cleanup-redundant-BN-operation.patch
Patch0052: 0052-rsa-bugfix-memory-leak-in-genkey-process.patch
Patch0053: 0053-rsa-remove-unused-software-method.patch
Patch0054: 0054-doc-Modify-maintainers.patch
Patch0055: 0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch
Patch0056: 0056-engine-initialize-resources-only-once.patch
Patch0057: 0057-engine-fix-function-type.patch
%description %description
This package contains the UADK Accelerator Engine This package contains the UADK Accelerator Engine
@ -102,6 +122,9 @@ fi
/sbin/ldconfig /sbin/ldconfig
%changelog %changelog
* Tue Jul 26 2022 Yang Shen <shenyang39@huawei.com> 1.0.0-7
- Backport uadk engine patch from v1.0.0 to v1.0.1
* Mon Mar 21 2022 linwenkai <linwenkai6@hisilicon.com> 1.0.0-6 * Mon Mar 21 2022 linwenkai <linwenkai6@hisilicon.com> 1.0.0-6
- Backport uadk engine patch for v1.0.0 - Backport uadk engine patch for v1.0.0