diff --git a/0001-Backport-uadk-engine-patch-for-v1.0.1.patch b/0001-Backport-uadk-engine-patch-for-v1.0.1.patch new file mode 100644 index 0000000..c1fb9f3 --- /dev/null +++ b/0001-Backport-uadk-engine-patch-for-v1.0.1.patch @@ -0,0 +1,1807 @@ +From 39c35271759ee04a3509c058bc587ecce2d2db50 Mon Sep 17 00:00:00 2001 +From: JiangShui <1175135535@qq.com> +Date: Fri, 4 Aug 2023 10:51:48 +0800 +Subject: [PATCH] Backport uadk engine patch for v1.0.1 + +--- + ...the-full-mac-buffer-length-as-doing-.patch | 74 +++ + 0059-uadk_utils-fix-x86-local-build.patch | 59 ++ + ...-about-segfault-in-sm2-ctrl-function.patch | 188 ++++++ + ...HW_V2-HW_V3-to-distinguish-different.patch | 142 +++++ + ...te-the-numa-parameter-of-the-schedul.patch | 73 +++ + ...bugfix-side-effects-of-right-operand.patch | 205 +++++++ + ...nup-static-check-warning-of-clangtid.patch | 118 ++++ + ...e-bugfix-enable-environment-variable.patch | 38 ++ + ...ne-cleanup-magic-number-and-comments.patch | 537 ++++++++++++++++++ + 0067-uadk_engine-cleanup-header-file.patch | 250 ++++++++ + uadk_engine.spec | 13 + + 11 files changed, 1697 insertions(+) + create mode 100644 0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch + create mode 100644 0059-uadk_utils-fix-x86-local-build.patch + create mode 100644 0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch + create mode 100644 0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch + create mode 100644 0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch + create mode 100644 0063-uadk_engine-bugfix-side-effects-of-right-operand.patch + create mode 100644 0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch + create mode 100644 0065-uadk_engine-bugfix-enable-environment-variable.patch + create mode 100644 0066-uadk_engine-cleanup-magic-number-and-comments.patch + create mode 100644 0067-uadk_engine-cleanup-header-file.patch + +diff --git a/0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch b/0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch +new file mode 100644 +index 0000000..b19486b +--- /dev/null ++++ b/0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch +@@ -0,0 +1,74 @@ ++From 36ea42a1d9556e937be5ebf47f41f66b51a29cb6 Mon Sep 17 00:00:00 2001 ++From: Kai Ye ++Date: Tue, 16 Aug 2022 09:57:18 +0800 ++Subject: uadk_digest: fix the full mac buffer length as doing long hash ++ ++Sha224 and Sha384 need full length mac buffer as doing long hash. ++ ++Depends-on:uadk 802878d71999("digest: fix mac buffer len as long hash") ++Signed-off-by: Kai Ye ++--- ++ src/uadk_digest.c | 25 +++++++++++++++++++++++-- ++ 1 file changed, 23 insertions(+), 2 deletions(-) ++ ++diff --git a/src/uadk_digest.c b/src/uadk_digest.c ++index b2646cb..63887e7 100644 ++--- a/src/uadk_digest.c +++++ b/src/uadk_digest.c ++@@ -484,7 +484,7 @@ static void digest_priv_ctx_setup(struct digest_priv_ctx *priv, ++ { ++ priv->setup.alg = alg; ++ priv->setup.mode = mode; ++- priv->req.out_buf_bytes = out_len; +++ priv->req.out_buf_bytes = MAX_DIGEST_LENGTH; ++ priv->req.out_bytes = out_len; ++ } ++ ++@@ -543,15 +543,30 @@ soft_init: ++ return digest_soft_init(priv->soft_ctx, priv->e_nid); ++ } ++ +++static void digest_update_out_length(EVP_MD_CTX *ctx) +++{ +++ struct digest_priv_ctx *priv = +++ (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx); +++ +++ /* Sha224 and Sha384 need full length mac buffer as doing long hash */ +++ if (priv->e_nid == NID_sha224) +++ priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN; +++ +++ if (priv->e_nid == NID_sha384) +++ priv->req.out_bytes = WD_DIGEST_SHA384_FULL_LEN; +++} +++ ++ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_len) ++ { ++ struct digest_priv_ctx *priv = ++- (struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx); +++ (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx); ++ const unsigned char *tmpdata = (const unsigned char *)data; ++ size_t left_len = data_len; ++ int copy_to_bufflen; ++ int ret; ++ +++ digest_update_out_length(ctx); +++ ++ priv->req.has_next = DIGEST_DOING; ++ ++ while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) { ++@@ -708,6 +723,12 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) ++ priv->req.in_bytes = priv->last_update_bufflen; ++ priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx)); ++ +++ if (priv->e_nid == NID_sha224) +++ priv->req.out_bytes = WD_DIGEST_SHA224_LEN; +++ +++ if (priv->e_nid == NID_sha384) +++ priv->req.out_bytes = WD_DIGEST_SHA384_LEN; +++ ++ ret = async_setup_async_event_notification(&op); ++ if (unlikely(!ret)) { ++ fprintf(stderr, "failed to setup async event notification.\n"); ++-- ++1.8.3.1 ++ +diff --git a/0059-uadk_utils-fix-x86-local-build.patch b/0059-uadk_utils-fix-x86-local-build.patch +new file mode 100644 +index 0000000..e8673e6 +--- /dev/null ++++ b/0059-uadk_utils-fix-x86-local-build.patch +@@ -0,0 +1,59 @@ ++From 06fd1fe00a03bfbc7430ec8e1b1f7356f47da55d Mon Sep 17 00:00:00 2001 ++From: Zhangfei Gao ++Date: Tue, 18 Oct 2022 15:39:11 +0800 ++Subject: uadk_utils: fix x86 local build ++MIME-Version: 1.0 ++Content-Type: text/plain; charset=UTF-8 ++Content-Transfer-Encoding: 8bit ++ ++On x86 local build: ++autoreconf -i ++./configure --libdir=/usr/local/lib/engines-1.1/ ++make -j4 ++ ++uadk_utils.c: In function ‘uadk_memcpy’: ++uadk_utils.c:23:2: error: unknown register name ‘q1’ in ‘asm’ ++ __asm__ __volatile__( ++ ^ ++uadk_utils.c:23:2: error: unknown register name ‘q0’ in ‘asm’ ++uadk_utils.c:23:2: error: unknown register name ‘x14’ in ‘asm’ ++uadk_utils.c:23:2: error: unknown register name ‘x5’ in ‘asm’ ++uadk_utils.c:23:2: error: unknown register name ‘x4’ in ‘asm’ ++uadk_utils.c:23:2: error: unknown register name ‘x3’ in ‘asm’ ++ ++With this patch, x86 build is OK ++ ++Signed-off-by: Zhangfei Gao ++--- ++ src/uadk_utils.c | 11 +++++++++++ ++ 1 file changed, 11 insertions(+) ++ ++diff --git a/src/uadk_utils.c b/src/uadk_utils.c ++index 2b34b3a..275a124 100644 ++--- a/src/uadk_utils.c +++++ b/src/uadk_utils.c ++@@ -16,6 +16,8 @@ ++ */ ++ #include "uadk_utils.h" ++ +++#if defined(__AARCH64_CMODEL_SMALL__) && __AARCH64_CMODEL_SMALL__ +++ ++ #define UADK_MEM_IMPROVE_THRESHOLD 1024 ++ ++ static void *memcpy_large(void *dstpp, const void *srcpp, size_t len) ++@@ -61,3 +63,12 @@ void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len) ++ else ++ return memcpy(dstpp, srcpp, len); ++ } +++ +++#else +++ +++void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len) +++{ +++ return memcpy(dstpp, srcpp, len); +++} +++ +++#endif ++-- ++1.8.3.1 ++ +diff --git a/0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch b/0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch +new file mode 100644 +index 0000000..8e0b7e3 +--- /dev/null ++++ b/0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch +@@ -0,0 +1,188 @@ ++From 8c4f478b1e8965e592467be92d042c8b00c8c426 Mon Sep 17 00:00:00 2001 ++From: Zhiqi Song ++Date: Sat, 22 Oct 2022 15:14:03 +0800 ++Subject: sm2: bugfix about segfault in sm2 ctrl function ++ ++When there is no available instance of hpre device, the sm2_init() ++in uadk_engine will failed, the setting of sched_init() will failed, ++so sched_init() will be NULL. If the sm2_ctrl() function still call ++the sm2_update_sess() in this situation, and make wd_ecc_alloc_sess() ++to call sched_init(), there will be a segfault. ++ ++The solution is to modify the status field of sm2_ctx, make the ++variable 'init_status' to indicate the status of init operation: ++'CTX_UNINIT' indicates the init operation has not been performed, ++'CTX_INIT_SUCC' indicates the init operation has been succeeded, ++'CTX_INIT_FAIL' indicates the init operation has been failed. ++ ++The sm2_update_sess() will only be called if the 'init_status' is ++'CTX_INIT_SUCC'. Then there will be no segfault. ++ ++And when there is no available instance, it should switch to openssl ++software method, so modify some return values to help finish this ++process. ++ ++Signed-off-by: Zhiqi Song ++--- ++ src/uadk_sm2.c | 44 ++++++++++++++++++++++++++++++++------------ ++ 1 file changed, 32 insertions(+), 12 deletions(-) ++ ++diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c ++index fcca9f2..8a9adca 100644 ++--- a/src/uadk_sm2.c +++++ b/src/uadk_sm2.c ++@@ -25,6 +25,12 @@ ++ #include "uadk.h" ++ #include "uadk_pkey.h" ++ +++enum { +++ CTX_INIT_FAIL = -1, +++ CTX_UNINIT, +++ CTX_INIT_SUCC +++}; +++ ++ typedef struct { ++ /* Key and paramgen group */ ++ EC_GROUP *gen_group; ++@@ -43,7 +49,7 @@ struct sm2_ctx { ++ const BIGNUM *prikey; ++ const EC_POINT *pubkey; ++ BIGNUM *order; ++- bool is_init; +++ int init_status; ++ }; ++ ++ typedef struct sm2_ciphertext { ++@@ -165,6 +171,7 @@ static int sm2_update_sess(struct sm2_ctx *smctx) ++ ++ memset(&setup, 0, sizeof(setup)); ++ setup.alg = "sm2"; +++ ++ if (smctx->ctx.md) { ++ setup.hash.cb = compute_hash; ++ setup.hash.usr = (void *)smctx->ctx.md; ++@@ -189,6 +196,7 @@ static int sm2_update_sess(struct sm2_ctx *smctx) ++ ++ if (smctx->sess) ++ wd_ecc_free_sess(smctx->sess); +++ ++ smctx->sess = sess; ++ smctx->prikey = NULL; ++ smctx->pubkey = NULL; ++@@ -636,7 +644,7 @@ static int sm2_sign_check(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, ++ ++ if (!smctx || !smctx->sess) { ++ fprintf(stderr, "smctx or sess NULL\n"); ++- return -EINVAL; +++ return UADK_DO_SOFT; ++ } ++ ++ if (sig_sz <= 0) { ++@@ -676,7 +684,7 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, ++ if (ret) ++ goto do_soft; ++ ++- if (!smctx->is_init) { +++ if (smctx->init_status != CTX_INIT_SUCC) { ++ ret = UADK_DO_SOFT; ++ goto do_soft; ++ } ++@@ -744,6 +752,13 @@ static int sm2_verify_check(EVP_PKEY_CTX *ctx, ++ const unsigned char *tbs, ++ size_t tbslen) ++ { +++ struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx); +++ +++ if (!smctx || !smctx->sess) { +++ fprintf(stderr, "smctx or sess NULL\n"); +++ return UADK_DO_SOFT; +++ } +++ ++ if (tbslen > SM2_KEY_BYTES) ++ return UADK_DO_SOFT; ++ ++@@ -772,7 +787,7 @@ static int sm2_verify(EVP_PKEY_CTX *ctx, ++ if (ret) ++ goto do_soft; ++ ++- if (!smctx->is_init) { +++ if (smctx->init_status != CTX_INIT_SUCC) { ++ ret = UADK_DO_SOFT; ++ goto do_soft; ++ } ++@@ -853,7 +868,7 @@ static int sm2_encrypt_check(EVP_PKEY_CTX *ctx, ++ ++ if (!smctx || !smctx->sess) { ++ fprintf(stderr, "smctx or sess NULL\n"); ++- return 0; +++ return UADK_DO_SOFT; ++ } ++ ++ md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md; ++@@ -897,7 +912,7 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx, ++ if (ret) ++ goto do_soft; ++ ++- if (!smctx->is_init) { +++ if (smctx->init_status != CTX_INIT_SUCC) { ++ ret = UADK_DO_SOFT; ++ goto do_soft; ++ } ++@@ -953,7 +968,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx, ++ ++ if (!smctx || !smctx->sess) { ++ fprintf(stderr, "smctx or sess NULL\n"); ++- return -EINVAL; +++ return UADK_DO_SOFT; ++ } ++ ++ md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md; ++@@ -1038,7 +1053,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx, ++ if (ret) ++ goto do_soft; ++ ++- if (!smctx->is_init) { +++ if (smctx->init_status != CTX_INIT_SUCC) { ++ ret = UADK_DO_SOFT; ++ goto do_soft; ++ } ++@@ -1124,18 +1139,18 @@ static int sm2_init(EVP_PKEY_CTX *ctx) ++ ret = uadk_init_ecc(); ++ if (ret) { ++ fprintf(stderr, "failed to uadk_init_ecc, ret = %d\n", ret); ++- smctx->is_init = false; +++ smctx->init_status = CTX_INIT_FAIL; ++ goto end; ++ } ++ ++ ret = sm2_update_sess(smctx); ++ if (ret) { ++ fprintf(stderr, "failed to update sess\n"); ++- smctx->is_init = false; +++ smctx->init_status = CTX_INIT_FAIL; ++ goto end; ++ } ++ ++- smctx->is_init = true; +++ smctx->init_status = CTX_INIT_SUCC; ++ end: ++ EVP_PKEY_CTX_set_data(ctx, smctx); ++ EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0); ++@@ -1196,8 +1211,13 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) ++ return 1; ++ case EVP_PKEY_CTRL_MD: ++ smctx->ctx.md = p2; ++- if (sm2_update_sess(smctx)) +++ if (smctx->init_status != CTX_INIT_SUCC) +++ return 1; +++ +++ if (sm2_update_sess(smctx)) { +++ fprintf(stderr, "failed to set MD\n"); ++ return 0; +++ } ++ return 1; ++ case EVP_PKEY_CTRL_GET_MD: ++ *(const EVP_MD **)p2 = smctx->ctx.md; ++-- ++1.8.3.1 ++ +diff --git a/0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch b/0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch +new file mode 100644 +index 0000000..55ab785 +--- /dev/null ++++ b/0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch +@@ -0,0 +1,142 @@ ++From e34a0bb0cc5c381f45877e05d927fd4bc5dc98f6 Mon Sep 17 00:00:00 2001 ++From: Hao Fang ++Date: Sat, 22 Oct 2022 15:27:20 +0800 ++Subject: uadk_engine: use HW_V2/HW_V3 to distinguish different hardware ++ platforms ++ ++Hardware version numbers are used to distinguish different hardware. ++ ++Signed-off-by: Hao Fang ++Tested-by: Junchong Pan ++--- ++ src/uadk.h | 4 ++-- ++ src/uadk_cipher.c | 22 +++++++++++----------- ++ test/sanity_test.sh | 8 ++++---- ++ 3 files changed, 17 insertions(+), 17 deletions(-) ++ ++diff --git a/src/uadk.h b/src/uadk.h ++index cd3447c..99c65c7 100644 ++--- a/src/uadk.h +++++ b/src/uadk.h ++@@ -27,8 +27,8 @@ ++ #define ENGINE_RECV_MAX_CNT 60000000 ++ ++ enum { ++- KUNPENG920, ++- KUNPENG930, +++ HW_V2, +++ HW_V3, ++ }; ++ ++ extern const char *engine_uadk_id; ++diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c ++index c5bc7af..c6878c3 100644 ++--- a/src/uadk_cipher.c +++++ b/src/uadk_cipher.c ++@@ -77,7 +77,7 @@ static int platform; ++ ++ #define SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT 192 ++ ++-static int cipher_920_nids[] = { +++static int cipher_hw_v2_nids[] = { ++ NID_aes_128_cbc, ++ NID_aes_192_cbc, ++ NID_aes_256_cbc, ++@@ -93,7 +93,7 @@ static int cipher_920_nids[] = { ++ 0, ++ }; ++ ++-static int cipher_930_nids[] = { +++static int cipher_hw_v3_nids[] = { ++ NID_aes_128_cbc, ++ NID_aes_192_cbc, ++ NID_aes_256_cbc, ++@@ -342,9 +342,9 @@ static int uadk_get_accel_platform(char *alg_name) ++ return 0; ++ ++ if (!strcmp(dev->api, "hisi_qm_v2")) ++- platform = KUNPENG920; +++ platform = HW_V2; ++ else ++- platform = KUNPENG930; +++ platform = HW_V3; ++ free(dev); ++ ++ return 1; ++@@ -358,12 +358,12 @@ static int uadk_e_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, ++ int size; ++ int i; ++ ++- if (platform == KUNPENG920) { ++- size = (sizeof(cipher_920_nids) - 1) / sizeof(int); ++- cipher_nids = cipher_920_nids; +++ if (platform == HW_V2) { +++ size = (sizeof(cipher_hw_v2_nids) - 1) / sizeof(int); +++ cipher_nids = cipher_hw_v2_nids; ++ } else { ++- size = (sizeof(cipher_930_nids) - 1) / sizeof(int); ++- cipher_nids = cipher_930_nids; +++ size = (sizeof(cipher_hw_v3_nids) - 1) / sizeof(int); +++ cipher_nids = cipher_hw_v3_nids; ++ } ++ ++ if (!cipher) { ++@@ -1073,7 +1073,7 @@ int uadk_e_bind_cipher(ENGINE *e) ++ } ++ ++ bind_v2_cipher(); ++- if (platform > KUNPENG920) +++ if (platform > HW_V2) ++ bind_v3_cipher(); ++ ++ return ENGINE_set_ciphers(e, uadk_e_engine_ciphers); ++@@ -1155,7 +1155,7 @@ void uadk_e_destroy_cipher(void) ++ pthread_spin_destroy(&engine.lock); ++ ++ destroy_v2_cipher(); ++- if (platform > KUNPENG920) +++ if (platform > HW_V2) ++ destroy_v3_cipher(); ++ } ++ ++diff --git a/test/sanity_test.sh b/test/sanity_test.sh ++index 2c0c504..bdedc15 100755 ++--- a/test/sanity_test.sh +++++ b/test/sanity_test.sh ++@@ -103,7 +103,7 @@ if [[ $algs =~ "RSA" ]]; then ++ openssl speed -elapsed -engine $engine_id -async_jobs 1 rsa4096 ++ fi ++ ++-#ecdsa only supported in Kunpeng930 or later +++#ecdsa only supported in HW_V3 or later ++ if [[ $algs =~ "id-ecPublicKey" ]]; then ++ echo "testing ECDSA" ++ openssl speed -elapsed -engine $engine_id ecdsap224 ++@@ -116,21 +116,21 @@ if [[ $algs =~ "id-ecPublicKey" ]]; then ++ openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdsap521 ++ fi ++ ++-#X25519 only supported in Kunpeng930 or later +++#X25519 only supported in HW_V3 or later ++ if [[ $algs =~ "X25519" ]]; then ++ echo "testing X25519" ++ openssl speed -elapsed -engine $engine_id ecdhx25519 ++ openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhx25519 ++ fi ++ ++-#X448 only supported in Kunpeng930 or later +++#X448 only supported in HW_V3 or later ++ if [[ $algs =~ "X448" ]]; then ++ echo "testing X448" ++ openssl speed -elapsed -engine $engine_id ecdhx448 ++ openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhx448 ++ fi ++ ++-#ecdh only supported in Kunpeng930 or later +++#ecdh only supported in HW_V3 or later ++ if [[ $algs =~ "id-ecPublicKey" ]]; then ++ echo "testing ECDH" ++ openssl speed -elapsed -engine $engine_id ecdhp192 ++-- ++1.8.3.1 ++ +diff --git a/0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch b/0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch +new file mode 100644 +index 0000000..1c5a5d9 +--- /dev/null ++++ b/0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch +@@ -0,0 +1,73 @@ ++From 01580bb856fe7a2206990954b38d8213efd06098 Mon Sep 17 00:00:00 2001 ++From: Longfang Liu ++Date: Sat, 22 Oct 2022 15:31:24 +0800 ++Subject: uadk/engine: update the numa parameter of the scheduler ++ ++In the scenario where multiple devices are enabled at the ++same time through environment variables, fixing a numa id ++will make other devices unusable. When using the default ++numa parameter, the scheduler will automatically allocate ++device resources according to the CPU id of the thread, ++so as to realize all devices. ++ ++Signed-off-by: Longfang Liu ++--- ++ src/uadk_cipher.c | 4 ++-- ++ src/uadk_digest.c | 3 ++- ++ src/uadk_rsa.c | 4 +++- ++ 3 files changed, 7 insertions(+), 4 deletions(-) ++ ++diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c ++index c6878c3..8e8c5f3 100644 ++--- a/src/uadk_cipher.c +++++ b/src/uadk_cipher.c ++@@ -469,7 +469,6 @@ static handle_t sched_single_init(handle_t h_sched_ctx, void *sched_param) ++ return (handle_t)0; ++ } ++ ++- skey->numa_id = param->numa_id; ++ skey->type = param->type; ++ ++ return (handle_t)skey; ++@@ -881,7 +880,8 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv) ++ if (ret) ++ params.type = 0; ++ ++- params.numa_id = engine.numa_id; +++ /* Use the default numa parameters */ +++ params.numa_id = -1; ++ priv->setup.sched_param = ¶ms; ++ if (!priv->sess) { ++ priv->sess = wd_cipher_alloc_sess(&priv->setup); ++diff --git a/src/uadk_digest.c b/src/uadk_digest.c ++index 63887e7..8370490 100644 ++--- a/src/uadk_digest.c +++++ b/src/uadk_digest.c ++@@ -523,7 +523,8 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) ++ return 0; ++ } ++ ++- params.numa_id = engine.numa_id; +++ /* Use the default numa parameters */ +++ params.numa_id = -1; ++ priv->setup.sched_param = ¶ms; ++ priv->sess = wd_digest_alloc_sess(&priv->setup); ++ if (unlikely(!priv->sess)) ++diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c ++index ef1739d..74852e7 100644 ++--- a/src/uadk_rsa.c +++++ b/src/uadk_rsa.c ++@@ -881,7 +881,9 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits, ++ ++ rsa_sess->key_size = key_size; ++ rsa_sess->setup.key_bits = key_size << BIT_BYTES_SHIFT; ++- params.numa_id = g_rsa_res.numa_id; +++ +++ /* Use the default numa parameters */ +++ params.numa_id = -1; ++ rsa_sess->setup.sched_param = ¶ms; ++ rsa_sess->setup.is_crt = is_crt; ++ ++-- ++1.8.3.1 ++ +diff --git a/0063-uadk_engine-bugfix-side-effects-of-right-operand.patch b/0063-uadk_engine-bugfix-side-effects-of-right-operand.patch +new file mode 100644 +index 0000000..838d1e7 +--- /dev/null ++++ b/0063-uadk_engine-bugfix-side-effects-of-right-operand.patch +@@ -0,0 +1,205 @@ ++From 5b59c17f84d5a1f6e7c996a499f5a70059d89ee7 Mon Sep 17 00:00:00 2001 ++From: Zhiqi Song ++Date: Sat, 22 Oct 2022 15:35:17 +0800 ++Subject: uadk_engine: bugfix side effects of right operand ++ ++The right operand of while condition may contains side effects, ++variables change "rx_cnt++". Move 'rx_cnt++' from condition ++to statement. ++ ++Signed-off-by: Zhiqi Song ++--- ++ src/uadk_cipher.c | 13 ++++++++----- ++ src/uadk_dh.c | 18 +++++++++++------- ++ src/uadk_digest.c | 13 ++++++++----- ++ src/uadk_pkey.c | 13 ++++++++----- ++ src/uadk_rsa.c | 14 +++++++++----- ++ 5 files changed, 44 insertions(+), 27 deletions(-) ++ ++diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c ++index 8e8c5f3..9d4f692 100644 ++--- a/src/uadk_cipher.c +++++ b/src/uadk_cipher.c ++@@ -516,11 +516,13 @@ static int uadk_e_cipher_poll(void *ctx) ++ ++ do { ++ ret = wd_cipher_poll_ctx(idx, expt, &recv); ++- if (recv == expt) +++ if (!ret && recv == expt) ++ return 0; ++- else if (ret < 0 && ret != -EAGAIN) ++- return ret; ++- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); +++ else if (ret == -EAGAIN) +++ rx_cnt++; +++ else +++ return -1; +++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); ++ ++ fprintf(stderr, "failed to recv msg: timeout!\n"); ++ ++@@ -539,7 +541,8 @@ static int uadk_e_cipher_env_poll(void *ctx) ++ ret = wd_cipher_poll(expt, &recv); ++ if (ret < 0 || recv == expt) ++ return ret; ++- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); +++ rx_cnt++; +++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); ++ ++ fprintf(stderr, "failed to poll msg: timeout!\n"); ++ ++diff --git a/src/uadk_dh.c b/src/uadk_dh.c ++index 37f84e9..2af2455 100644 ++--- a/src/uadk_dh.c +++++ b/src/uadk_dh.c ++@@ -48,6 +48,7 @@ ++ #define UADK_E_SUCCESS 1 ++ #define UADK_E_FAIL 0 ++ #define UADK_E_POLL_SUCCESS 0 +++#define UADK_E_POLL_FAIL (-1) ++ #define UADK_E_INIT_SUCCESS 0 ++ #define ENV_ENABLED 1 ++ ++@@ -206,17 +207,19 @@ static int uadk_e_dh_poll(void *ctx) ++ { ++ __u64 rx_cnt = 0; ++ __u32 recv = 0; ++- int expect = 1; +++ int expt = 1; ++ int idx = 1; ++ int ret; ++ ++ do { ++- ret = wd_dh_poll_ctx(idx, expect, &recv); ++- if (recv == expect) +++ ret = wd_dh_poll_ctx(idx, expt, &recv); +++ if (!ret && recv == expt) ++ return UADK_E_POLL_SUCCESS; ++- else if (ret < 0 && ret != -EAGAIN) ++- return ret; ++- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); +++ else if (ret == -EAGAIN) +++ rx_cnt++; +++ else +++ return UADK_E_POLL_FAIL; +++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); ++ ++ fprintf(stderr, "failed to recv msg: timeout!\n"); ++ ++@@ -283,7 +286,8 @@ static int uadk_e_dh_env_poll(void *ctx) ++ ret = wd_dh_poll(expt, &recv); ++ if (ret < 0 || recv == expt) ++ return ret; ++- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); +++ rx_cnt++; +++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); ++ ++ fprintf(stderr, "failed to poll msg: timeout!\n"); ++ ++diff --git a/src/uadk_digest.c b/src/uadk_digest.c ++index 8370490..9568a98 100644 ++--- a/src/uadk_digest.c +++++ b/src/uadk_digest.c ++@@ -343,11 +343,13 @@ static int uadk_e_digest_poll(void *ctx) ++ ++ do { ++ ret = wd_digest_poll_ctx(CTX_ASYNC, expt, &recv); ++- if (recv == expt) +++ if (!ret && recv == expt) ++ return 0; ++- else if (ret < 0 && ret != -EAGAIN) ++- return ret; ++- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); +++ else if (ret == -EAGAIN) +++ rx_cnt++; +++ else +++ return -1; +++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); ++ ++ fprintf(stderr, "failed to recv msg: timeout!\n"); ++ ++@@ -366,7 +368,8 @@ static int uadk_e_digest_env_poll(void *ctx) ++ ret = wd_digest_poll(expt, &recv); ++ if (ret < 0 || recv == expt) ++ return ret; ++- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); +++ rx_cnt++; +++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); ++ ++ fprintf(stderr, "failed to poll msg: timeout!\n"); ++ ++diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c ++index 211f1cc..6920cff 100644 ++--- a/src/uadk_pkey.c +++++ b/src/uadk_pkey.c ++@@ -110,11 +110,13 @@ static int uadk_ecc_poll(void *ctx) ++ ++ do { ++ ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv); ++- if (recv == expt) +++ if (!ret && recv == expt) ++ return 0; ++- else if (ret < 0 && ret != -EAGAIN) ++- return ret; ++- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); +++ else if (ret == -EAGAIN) +++ rx_cnt++; +++ else +++ return -1; +++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); ++ ++ fprintf(stderr, "failed to recv msg: timeout!\n"); ++ ++@@ -153,7 +155,8 @@ static int uadk_e_ecc_env_poll(void *ctx) ++ ret = wd_ecc_poll(expt, &recv); ++ if (ret < 0 || recv == expt) ++ return ret; ++- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); +++ rx_cnt++; +++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); ++ ++ fprintf(stderr, "failed to poll msg: timeout!\n"); ++ ++diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c ++index 74852e7..bcdd6bc 100644 ++--- a/src/uadk_rsa.c +++++ b/src/uadk_rsa.c ++@@ -48,6 +48,7 @@ ++ #define UADK_E_FAIL 0 ++ #define UADK_DO_SOFT (-0xE0) ++ #define UADK_E_POLL_SUCCESS 0 +++#define UADK_E_POLL_FAIL (-1) ++ #define UADK_E_INIT_SUCCESS 0 ++ #define CHECK_PADDING_FAIL (-1) ++ #define ENV_ENABLED 1 ++@@ -664,11 +665,13 @@ static int uadk_e_rsa_poll(void *ctx) ++ ++ do { ++ ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv); ++- if (recv == expt) +++ if (!ret && recv == expt) ++ return UADK_E_POLL_SUCCESS; ++- else if (ret < 0 && ret != -EAGAIN) ++- return ret; ++- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); +++ else if (ret == -EAGAIN) +++ rx_cnt++; +++ else +++ return UADK_E_POLL_FAIL; +++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); ++ ++ fprintf(stderr, "failed to recv msg: timeout!\n"); ++ ++@@ -700,7 +703,8 @@ static int uadk_e_rsa_env_poll(void *ctx) ++ ret = wd_rsa_poll(expt, &recv); ++ if (ret < 0 || recv == expt) ++ return ret; ++- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); +++ rx_cnt++; +++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); ++ ++ fprintf(stderr, "failed to poll msg: timeout!\n"); ++ ++-- ++1.8.3.1 ++ +diff --git a/0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch b/0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch +new file mode 100644 +index 0000000..9107679 +--- /dev/null ++++ b/0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch +@@ -0,0 +1,118 @@ ++From f17c89d7d27b3a728232c7e641c2978db238a2f3 Mon Sep 17 00:00:00 2001 ++From: Zhiqi Song ++Date: Sat, 22 Oct 2022 15:37:45 +0800 ++Subject: uadk_engine: cleanup static check warning of clangtidy tool ++ ++Cleanup the following warning: ++1. Parameters of function should not be used as working ++variable. ++2. Cleanup uninitialized value. ++3. Storage class should be specified after a type. ++ ++Signed-off-by: Zhiqi Song ++--- ++ src/e_uadk.c | 6 ++---- ++ src/uadk_cipher.c | 9 +++++---- ++ src/uadk_ec.c | 5 +++-- ++ src/uadk_rsa.c | 16 ++++++++-------- ++ 4 files changed, 18 insertions(+), 18 deletions(-) ++ ++diff --git a/src/e_uadk.c b/src/e_uadk.c ++index 77612d7..21ceb86 100644 ++--- a/src/e_uadk.c +++++ b/src/e_uadk.c ++@@ -89,13 +89,11 @@ static const ENGINE_CMD_DEFN g_uadk_cmd_defns[] = { ++ } ++ }; ++ ++-__attribute__((constructor)) ++-static void uadk_constructor(void) +++static void __attribute__((constructor)) uadk_constructor(void) ++ { ++ } ++ ++-__attribute__((destructor)) ++-static void uadk_destructor(void) +++static void __attribute__((destructor)) uadk_destructor(void) ++ { ++ } ++ ++diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c ++index 9d4f692..14e2af2 100644 ++--- a/src/uadk_cipher.c +++++ b/src/uadk_cipher.c ++@@ -749,17 +749,18 @@ static void ctr_iv_inc(uint8_t *counter, __u32 c) ++ { ++ uint32_t n = CTR_128BIT_COUNTER; ++ uint8_t *counter1 = counter; +++ __u32 c_value = c; ++ ++ /* ++ * Since the counter has been increased 1 by the hardware, ++ * so the c need to decrease 1. ++ */ ++- c = c - 1; +++ c_value -= 1; ++ do { ++ --n; ++- c += counter1[n]; ++- counter1[n] = (uint8_t)c; ++- c >>= BYTE_BITS; +++ c_value += counter1[n]; +++ counter1[n] = (uint8_t)c_value; +++ c_value >>= BYTE_BITS; ++ } while (n); ++ } ++ ++diff --git a/src/uadk_ec.c b/src/uadk_ec.c ++index 37683cd..247b875 100644 ++--- a/src/uadk_ec.c +++++ b/src/uadk_ec.c ++@@ -72,14 +72,15 @@ static void init_dtb_param(void *dtb, char *start, ++ __u32 dsz, __u32 bsz, __u32 num) ++ { ++ struct wd_dtb *tmp = dtb; +++ char *buff = start; ++ int i = 0; ++ ++ while (i++ < num) { ++- tmp->data = start; +++ tmp->data = buff; ++ tmp->dsize = dsz; ++ tmp->bsize = bsz; ++ tmp += 1; ++- start += bsz; +++ buff += bsz; ++ } ++ } ++ ++diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c ++index bcdd6bc..7d25338 100644 ++--- a/src/uadk_rsa.c +++++ b/src/uadk_rsa.c ++@@ -932,14 +932,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess, ++ struct rsa_prikey_param *pri, ++ unsigned char *in_buf, unsigned char *to) ++ { ++- struct wd_rsa_prikey *prikey; ++- struct wd_dtb *wd_dq; ++- struct wd_dtb *wd_dp; ++- struct wd_dtb *wd_q; ++- struct wd_dtb *wd_p; ++- struct wd_dtb *wd_qinv; ++- struct wd_dtb *wd_d; ++- struct wd_dtb *wd_n; +++ struct wd_rsa_prikey *prikey = NULL; +++ struct wd_dtb *wd_qinv = NULL; +++ struct wd_dtb *wd_dq = NULL; +++ struct wd_dtb *wd_dp = NULL; +++ struct wd_dtb *wd_q = NULL; +++ struct wd_dtb *wd_p = NULL; +++ struct wd_dtb *wd_d = NULL; +++ struct wd_dtb *wd_n = NULL; ++ ++ if (!(rsa_sess->is_prikey_ready) && (pri->is_crt)) { ++ wd_rsa_get_prikey(rsa_sess->sess, &prikey); ++-- ++1.8.3.1 ++ +diff --git a/0065-uadk_engine-bugfix-enable-environment-variable.patch b/0065-uadk_engine-bugfix-enable-environment-variable.patch +new file mode 100644 +index 0000000..2fab708 +--- /dev/null ++++ b/0065-uadk_engine-bugfix-enable-environment-variable.patch +@@ -0,0 +1,38 @@ ++From 7ef97aab7a5cd964241fe9879588ceb54a547003 Mon Sep 17 00:00:00 2001 ++From: Zhiqi Song ++Date: Sat, 22 Oct 2022 15:53:53 +0800 ++Subject: uadk_engine: bugfix enable environment variable ++ ++When the 'alg_name' set by the user is valid, the 'env_enabled' ++field should be set or returned. ++ ++Signed-off-by: Zhiqi Song ++--- ++ src/e_uadk.c | 4 ++-- ++ 1 file changed, 2 insertions(+), 2 deletions(-) ++ ++diff --git a/src/e_uadk.c b/src/e_uadk.c ++index 21ceb86..0a9e3e6 100644 ++--- a/src/e_uadk.c +++++ b/src/e_uadk.c ++@@ -116,7 +116,7 @@ int uadk_e_is_env_enabled(const char *alg_name) ++ int i = 0; ++ ++ while (i < len) { ++- if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) +++ if (!strcmp(uadk_env_enabled[i].alg_name, alg_name)) ++ return uadk_env_enabled[i].env_enabled; ++ i++; ++ } ++@@ -130,7 +130,7 @@ static void uadk_e_set_env_enabled(const char *alg_name, __u8 value) ++ int i = 0; ++ ++ while (i < len) { ++- if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) { +++ if (!strcmp(uadk_env_enabled[i].alg_name, alg_name)) { ++ uadk_env_enabled[i].env_enabled = value; ++ return; ++ } ++-- ++1.8.3.1 ++ +diff --git a/0066-uadk_engine-cleanup-magic-number-and-comments.patch b/0066-uadk_engine-cleanup-magic-number-and-comments.patch +new file mode 100644 +index 0000000..b9a5379 +--- /dev/null ++++ b/0066-uadk_engine-cleanup-magic-number-and-comments.patch +@@ -0,0 +1,537 @@ ++From 20049f2becb9cc339276d4839f6d9f909273f5a5 Mon Sep 17 00:00:00 2001 ++From: Zhiqi Song ++Date: Sat, 22 Oct 2022 15:54:51 +0800 ++Subject: uadk_engine: cleanup magic number and comments ++ ++Use macros to replace magic numbers and related operations. ++Simplify code comments and unify style. ++ ++Signed-off-by: Zhiqi Song ++--- ++ src/uadk_cipher.c | 4 +--- ++ src/uadk_dh.c | 5 ++--- ++ src/uadk_digest.c | 2 +- ++ src/uadk_ec.c | 51 ++++++++++++++++++++++++++------------------------- ++ src/uadk_ecx.c | 40 +++++++++++++++++++++++----------------- ++ src/uadk_pkey.c | 9 ++++----- ++ src/uadk_pkey.h | 6 +++++- ++ src/uadk_rsa.c | 25 ++++++++++--------------- ++ src/uadk_sm2.c | 23 ++++++++++++----------- ++ 9 files changed, 84 insertions(+), 81 deletions(-) ++ ++diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c ++index 14e2af2..de5f078 100644 ++--- a/src/uadk_cipher.c +++++ b/src/uadk_cipher.c ++@@ -480,13 +480,11 @@ static __u32 sched_single_pick_next_ctx(handle_t sched_ctx, ++ struct sched_params *key = (struct sched_params *)sched_key; ++ ++ if (sched_mode) { ++- /* async */ ++ if (key->type == WD_CIPHER_ENCRYPTION) ++ return CTX_ASYNC_ENC; ++ else ++ return CTX_ASYNC_DEC; ++ } else { ++- /* sync */ ++ if (key->type == WD_CIPHER_ENCRYPTION) ++ return CTX_SYNC_ENC; ++ else ++@@ -744,7 +742,7 @@ static void async_cb(struct wd_cipher_req *req, void *data) ++ } ++ } ++ ++-/* increment counter (128-bit int) by c */ +++/* Increment counter (128-bit int) by c */ ++ static void ctr_iv_inc(uint8_t *counter, __u32 c) ++ { ++ uint32_t n = CTR_128BIT_COUNTER; ++diff --git a/src/uadk_dh.c b/src/uadk_dh.c ++index 2af2455..6356872 100644 ++--- a/src/uadk_dh.c +++++ b/src/uadk_dh.c ++@@ -603,7 +603,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p, ++ if (!ag_bin) ++ return UADK_E_FAIL; ++ ++- /* malloc a contiguous chunk of memory */ +++ /* Malloc a contiguous chunk of memory */ ++ apriv_key_bin = OPENSSL_malloc(key_size * DH_PARAMS_CNT); ++ if (!apriv_key_bin) ++ goto free_ag; ++@@ -615,7 +615,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p, ++ memset(ap_bin, 0, key_size); ++ memset(out_pri, 0, key_size); ++ ++- /* construct data block of g */ +++ /* Construct data block of g */ ++ ret = dh_set_g(g, key_size, ag_bin, dh_sess); ++ if (!ret) ++ goto free_apriv; ++@@ -623,7 +623,6 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p, ++ dh_sess->req.xbytes = BN_bn2bin(priv_key, apriv_key_bin); ++ dh_sess->req.pbytes = BN_bn2bin(p, ap_bin); ++ dh_sess->req.x_p = (void *)apriv_key_bin; ++- /* the output from uadk */ ++ dh_sess->req.pri = out_pri; ++ dh_sess->req.pri_bytes = key_size; ++ dh_sess->req.op_type = WD_DH_PHASE1; ++diff --git a/src/uadk_digest.c b/src/uadk_digest.c ++index 9568a98..9d009a9 100644 ++--- a/src/uadk_digest.c +++++ b/src/uadk_digest.c ++@@ -71,7 +71,7 @@ static struct digest_engine engine; ++ ++ struct evp_md_ctx_st { ++ const EVP_MD *digest; ++- /* functional reference if 'digest' is ENGINE-provided */ +++ /* Functional reference if 'digest' is ENGINE-provided */ ++ ENGINE *engine; ++ unsigned long flags; ++ void *md_data; ++diff --git a/src/uadk_ec.c b/src/uadk_ec.c ++index 247b875..9b48ae7 100644 ++--- a/src/uadk_ec.c +++++ b/src/uadk_ec.c ++@@ -27,23 +27,23 @@ ++ #include "uadk.h" ++ ++ #define ECC128BITS 128 ++-#define ECC192BITS 192 ++-#define ECC224BITS 224 ++-#define ECC256BITS 256 ++-#define ECC320BITS 320 ++-#define ECC384BITS 384 ++-#define ECC521BITS 521 +++#define ECC192BITS 192 +++#define ECC224BITS 224 +++#define ECC256BITS 256 +++#define ECC320BITS 320 +++#define ECC384BITS 384 +++#define ECC521BITS 521 ++ ++ struct curve_param { ++- /* prime */ +++ /* Prime */ ++ BIGNUM *p; ++- /* ecc coefficient 'a' */ +++ /* ECC coefficient 'a' */ ++ BIGNUM *a; ++- /* ecc coefficient 'b' */ +++ /* ECC coefficient 'b' */ ++ BIGNUM *b; ++- /* base point */ +++ /* Base point */ ++ const EC_POINT *g; ++- /* order of base point */ +++ /* Order of base point */ ++ const BIGNUM *order; ++ }; ++ ++@@ -176,7 +176,6 @@ free_ctx: ++ ++ static int get_smallest_hw_keybits(int bits) ++ { ++- /* ec curve order width */ ++ if (bits > ECC384BITS) ++ return ECC521BITS; ++ else if (bits > ECC320BITS) ++@@ -283,7 +282,7 @@ static int eckey_check(const EC_KEY *eckey) ++ return -1; ++ } ++ ++- /* field GF(2m) is not supported by uadk */ +++ /* Field GF(2m) is not supported by uadk */ ++ if (!uadk_prime_field(group)) ++ return UADK_DO_SOFT; ++ ++@@ -336,22 +335,25 @@ static int set_digest(handle_t sess, struct wd_dtb *e, ++ unsigned int dlen = sdgst->dsize; ++ BIGNUM *m; ++ ++- if (dlen << UADK_BITS_2_BYTES_SHIFT > order_bits) { +++ if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits) { ++ m = BN_new(); ++ ++ /* Need to truncate digest if it is too long: first truncate ++ * whole bytes ++ */ ++- dlen = (order_bits + 7) >> UADK_BITS_2_BYTES_SHIFT; +++ dlen = BITS_TO_BYTES(order_bits); ++ if (!BN_bin2bn(dgst, dlen, m)) { ++ fprintf(stderr, "failed to BN_bin2bn digest\n"); ++ BN_free(m); ++ return -1; ++ } ++ ++- /* If still too long, truncate remaining bits with a shift */ ++- if (dlen << UADK_BITS_2_BYTES_SHIFT > order_bits && ++- !BN_rshift(m, m, 8 - (order_bits & 0x7))) { +++ /* If the length of digest is still longer than the length +++ * of the base point order, truncate remaining bits with a +++ * shift to that length +++ */ +++ if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits && +++ !BN_rshift(m, m, DGST_SHIFT_NUM(order_bits))) { ++ fprintf(stderr, "failed to truncate input digest\n"); ++ BN_free(m); ++ return -1; ++@@ -743,7 +745,7 @@ err: ++ ++ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) ++ { ++- unsigned char buff[SM2_KEY_BYTES * 2 + 1] = {UADK_OCTET_STRING}; +++ unsigned char buff[ECC_POINT_SIZE(SM2_KEY_BYTES) + 1] = {UADK_OCTET_STRING}; ++ struct wd_ecc_point *pubkey = NULL; ++ struct wd_dtb *privkey = NULL; ++ const EC_GROUP *group; ++@@ -768,8 +770,8 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) ++ return -ENOMEM; ++ } ++ ++- memcpy(buff + 1, pubkey->x.data, SM2_KEY_BYTES * 2); ++- tmp = BN_bin2bn(buff, SM2_KEY_BYTES * 2 + 1, NULL); +++ memcpy(buff + 1, pubkey->x.data, ECC_POINT_SIZE(SM2_KEY_BYTES)); +++ tmp = BN_bin2bn(buff, ECC_POINT_SIZE(SM2_KEY_BYTES) + 1, NULL); ++ ptr = EC_POINT_bn2point(group, tmp, point, NULL); ++ BN_free(tmp); ++ if (!ptr) { ++@@ -1029,7 +1031,7 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req, ++ in_pkey.x.dsize = BN_bn2bin(pkey_x, (unsigned char *)in_pkey.x.data); ++ in_pkey.y.dsize = BN_bn2bin(pkey_y, (unsigned char *)in_pkey.y.data); ++ ++- /* set public key */ +++ /* Set public key */ ++ ecdh_in = wd_ecxdh_new_in(sess, &in_pkey); ++ if (!ecdh_in) { ++ fprintf(stderr, "failed to new ecxdh in\n"); ++@@ -1075,7 +1077,7 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req) ++ } ++ ++ key_size_std = (unsigned int)(EC_GROUP_get_degree(group) + ++- UADK_ECC_PADDING) >> UADK_BITS_2_BYTES_SHIFT; +++ UADK_ECC_PADDING) >> TRANS_BITS_BYTES_SHIFT; ++ key_size_x = pubkey->x.dsize; ++ key_size_y = pubkey->y.dsize; ++ if ((key_size_x > key_size_std) || (key_size_y > key_size_std)) { ++@@ -1088,9 +1090,8 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req) ++ * tag - 1 byte ++ * point_x - [key_size_std] bytes ++ * point_y - [key_size_std] bytes ++- * so the malloc size is: key_size_std * 2 + 1 ++ */ ++- buff_size = key_size_std * 2 + 1; +++ buff_size = ECC_POINT_SIZE(key_size_std) + 1; ++ x_shift = key_size_std - key_size_x + 1; ++ y_shift = buff_size - key_size_y; ++ buff = (unsigned char *)OPENSSL_malloc(buff_size); ++diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c ++index df23156..67042a3 100644 ++--- a/src/uadk_ecx.c +++++ b/src/uadk_ecx.c ++@@ -295,33 +295,39 @@ static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx, ++ ++ memcpy(ecx_key->pubkey, (const unsigned char *)pubkey->x.data, ++ key_size); ++- /* trans public key from big-endian to little-endian */ +++ /* Trans public key from big-endian to little-endian */ ++ ret = reverse_bytes(ecx_key->pubkey, key_size); ++ if (!ret) { ++ fprintf(stderr, "failed to trans public key\n"); ++ return UADK_E_FAIL; ++ } ++- /* trans private key from big-endian to little-endian */ +++ /* Trans private key from big-endian to little-endian */ ++ ret = reverse_bytes(ecx_key->privkey, key_size); ++ if (!ret) { ++ fprintf(stderr, "failed to trans private key\n"); ++ return UADK_E_FAIL; ++ } ++ /* ++- * This is a pretreatment of X25519/X448, as described in RFC 7748: ++- * For X25519, in order to decode 32 random bytes as an integer ++- * scaler, set the three LSB of the first byte and MSB of the last ++- * to zero, set the second MSB of the last byte to 1. ++- * For X448, set the two LSB of the first byte to 0, and MSB of the ++- * last byte to 1. Decode in little-endian mode. +++ * This is a pretreatment of X25519/X448 described in RFC 7748. +++ * In order to decode the random bytes as an integer scaler, there +++ * are some special data processing. And use little-endian mode for +++ * decoding. ++ */ ++ if (ecx_ctx->nid == EVP_PKEY_X25519) { ++- ecx_key->privkey[0] &= 248; ++- ecx_key->privkey[X25519_KEYLEN - 1] &= 127; ++- ecx_key->privkey[X25519_KEYLEN - 1] |= 64; +++ /* Set the three LSB of the first byte to 0 */ +++ ecx_key->privkey[0] &= 0xF8; +++ +++ /* Set the MSB of the last byte to 0 */ +++ ecx_key->privkey[X25519_KEYLEN - 1] &= 0x7F; +++ +++ /* Set the second MSB of the last byte to 1 */ +++ ecx_key->privkey[X25519_KEYLEN - 1] |= 0x40; ++ } else if (ecx_ctx->nid == EVP_PKEY_X448) { ++- ecx_key->privkey[0] &= 252; ++- ecx_key->privkey[X448_KEYLEN - 1] |= 128; +++ /* Set the two LSB of the first byte to 0 */ +++ ecx_key->privkey[0] &= 0xFC; +++ +++ /* Set the MSB of the last byte to 1 */ +++ ecx_key->privkey[X448_KEYLEN - 1] |= 0x80; ++ } ++ ++ ret = EVP_PKEY_assign(pkey, ecx_ctx->nid, ecx_key); ++@@ -494,7 +500,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req, ++ struct wd_ecc_in *ecx_in; ++ int ret; ++ ++- /* trans public key from little-endian to big-endian */ +++ /* Trans public key from little-endian to big-endian */ ++ ret = reverse_bytes(peer_ecx_key->pubkey, key_size); ++ if(!ret) { ++ fprintf(stderr, "failed to trans public key\n"); ++@@ -521,7 +527,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req, ++ ++ uadk_ecc_fill_req(req, WD_ECXDH_COMPUTE_KEY, ecx_in, ecx_out); ++ ++- /* trans public key from big-endian to little-endian */ +++ /* Trans public key from big-endian to little-endian */ ++ ret = reverse_bytes(peer_ecx_key->pubkey, key_size); ++ if (!ret) { ++ fprintf(stderr, "failed to trans public key\n"); ++@@ -553,7 +559,7 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ++ struct wd_dtb prikey; ++ int ret; ++ ++- /* trans private key from little-endian to big-endian */ +++ /* Trans private key from little-endian to big-endian */ ++ ret = reverse_bytes(ecx_key->privkey, key_size); ++ if (!ret) { ++ fprintf(stderr, "failed to trans private key\n"); ++@@ -569,7 +575,7 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ++ return UADK_E_FAIL; ++ } ++ ++- /* trans private key from big-endian to little-endian */ +++ /* Trans private key from big-endian to little-endian */ ++ ret = reverse_bytes(ecx_key->privkey, key_size); ++ if (!ret) { ++ fprintf(stderr, "failed to trans private key\n"); ++diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c ++index 6920cff..6b5ae9a 100644 ++--- a/src/uadk_pkey.c +++++ b/src/uadk_pkey.c ++@@ -44,7 +44,7 @@ struct ecc_res_config { ++ int numa_id; ++ }; ++ ++-/* ecc global hardware resource is saved here */ +++/* ECC global hardware resource is saved here */ ++ struct ecc_res { ++ struct wd_ctx_config *ctx_res; ++ int pid; ++@@ -123,7 +123,7 @@ static int uadk_ecc_poll(void *ctx) ++ return -ETIMEDOUT; ++ } ++ ++-/* make resource configure static */ +++/* Make resource configure static */ ++ struct ecc_res_config ecc_res_config = { ++ .sched = { ++ .sched_type = -1, ++@@ -234,7 +234,7 @@ static int uadk_wd_ecc_init(struct ecc_res_config *config) ++ struct uacce_dev *dev; ++ int ret; ++ ++- /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */ +++ /* The ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */ ++ dev = wd_get_accel_dev("ecdsa"); ++ if (!dev) ++ return -ENOMEM; ++@@ -396,8 +396,7 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey) ++ return -EINVAL; ++ } ++ ++- /* pad and convert bits to bytes */ ++- buflen = (EC_GROUP_get_degree(group) + 7) / 8; +++ buflen = BITS_TO_BYTES(EC_GROUP_get_degree(group)); ++ ecc_key = wd_ecc_get_key(sess); ++ prikey.data = (void *)bin; ++ prikey.dsize = BN_bn2binpad(d, bin, buflen); ++diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h ++index b30c2de..6d1cc77 100644 ++--- a/src/uadk_pkey.h +++++ b/src/uadk_pkey.h ++@@ -26,7 +26,6 @@ ++ #define UADK_ECC_MAX_KEY_BITS 521 ++ #define UADK_ECC_MAX_KEY_BYTES 66 ++ #define UADK_ECC_CV_PARAM_NUM 6 ++-#define UADK_BITS_2_BYTES_SHIFT 3 ++ #define SM2_KEY_BYTES 32 ++ #define UADK_OCTET_STRING 4 ++ #define UADK_ECC_PUBKEY_PARAM_NUM 2 ++@@ -34,6 +33,11 @@ ++ #define UADK_ECDH_CV_NUM 8 ++ #define ENV_ENABLED 1 ++ #define UADK_E_INVALID (-2) +++#define TRANS_BITS_BYTES_SHIFT 3 +++#define ECC_POINT_SIZE(n) ((n) * 2) +++#define GET_MS_BYTE(n) ((n) >> 8) +++#define GET_LS_BYTE(n) ((n) & 0xFF) +++#define DGST_SHIFT_NUM(n) (8 - ((n) & 0x7)) ++ ++ struct uadk_pkey_meth { ++ EVP_PKEY_METHOD *sm2; ++diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c ++index 7d25338..e9a2c53 100644 ++--- a/src/uadk_rsa.c +++++ b/src/uadk_rsa.c ++@@ -52,6 +52,9 @@ ++ #define UADK_E_INIT_SUCCESS 0 ++ #define CHECK_PADDING_FAIL (-1) ++ #define ENV_ENABLED 1 +++#define PRIME_RETRY_COUNT 4 +++#define GENCB_NEXT 2 +++#define GENCB_RETRY 3 ++ ++ static RSA_METHOD *rsa_hw_meth; ++ ++@@ -173,11 +176,7 @@ static int rsa_prime_mul_res(int num, struct rsa_prime_param *param, ++ if (!BN_mul(param->r1, param->rsa_p, param->rsa_q, ctx)) ++ return BN_ERR; ++ } else { ++- /* ++- * Use the number 3 to indicate whether ++- * the generator has been found. ++- */ ++- if (!BN_GENCB_call(cb, 3, num)) +++ if (!BN_GENCB_call(cb, GENCB_RETRY, num)) ++ return BN_ERR; ++ return BN_CONTINUE; ++ } ++@@ -228,14 +227,11 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, ++ *bitse -= bitsr[*num]; ++ else ++ return -1; ++- /* ++- * Use the number 2 to indicate whether ++- * a prime has been found. ++- */ ++- ret = BN_GENCB_call(cb, 2, *n++); +++ +++ ret = BN_GENCB_call(cb, GENCB_NEXT, *n++); ++ if (!ret) ++ return -1; ++- if (retries == 4) { +++ if (retries == PRIME_RETRY_COUNT) { ++ *num = -1; ++ *bitse = 0; ++ retries = 0; ++@@ -244,8 +240,8 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, ++ retries++; ++ return BN_REDO; ++ } ++- /* Use the number 3 to indicate whether the generator has been found. */ ++- ret = BN_GENCB_call(cb, 3, *num); +++ +++ ret = BN_GENCB_call(cb, GENCB_RETRY, *num); ++ if (!ret) ++ return BN_ERR; ++ retries = 0; ++@@ -320,8 +316,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param, ++ else ++ return BN_ERR; ++ ++- /* Use the number 2 to indicate whether a prime has been found. */ ++- if (!BN_GENCB_call(cb, 2, *n++)) +++ if (!BN_GENCB_call(cb, GENCB_NEXT, *n++)) ++ return BN_ERR; ++ ++ return GET_ERR_FINISH; ++diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c ++index 8a9adca..578d2d8 100644 ++--- a/src/uadk_sm2.c +++++ b/src/uadk_sm2.c ++@@ -34,12 +34,12 @@ enum { ++ typedef struct { ++ /* Key and paramgen group */ ++ EC_GROUP *gen_group; ++- /* message digest */ +++ /* Message digest */ ++ const EVP_MD *md; ++ /* Distinguishing Identifier, ISO/IEC 15946-3 */ ++ uint8_t *id; ++ size_t id_len; ++- /* id_set indicates if the 'id' field is set (1) or not (0) */ +++ /* Indicates if the 'id' field is set (1) or not (0) */ ++ int id_set; ++ } SM2_PKEY_CTX; ++ ++@@ -557,8 +557,7 @@ static size_t ec_field_size(const EC_GROUP *group) ++ if (!EC_GROUP_get_curve(group, p, a, b, NULL)) ++ goto done; ++ ++- /* Pad and convert bits to bytes */ ++- field_size = (BN_num_bits(p) + 7) / 8; +++ field_size = BITS_TO_BYTES(BN_num_bits(p)); ++ ++ done: ++ BN_free(p); ++@@ -1172,7 +1171,7 @@ static int sm2_set_ctx_id(struct sm2_ctx *smctx, int p1, const void *p2) ++ OPENSSL_free(smctx->ctx.id); ++ smctx->ctx.id = tmp_id; ++ } else { ++- /* set null-ID */ +++ /* Set null-ID */ ++ OPENSSL_free(smctx->ctx.id); ++ smctx->ctx.id = NULL; ++ } ++@@ -1231,7 +1230,7 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) ++ *(size_t *)p2 = smctx->ctx.id_len; ++ return 1; ++ case EVP_PKEY_CTRL_DIGESTINIT: ++- /* nothing to be inited, this is to suppress the error... */ +++ /* Nothing to be inited, for suppress the error */ ++ return 1; ++ default: ++ fprintf(stderr, "sm2 ctrl type = %d error\n", type); ++@@ -1323,20 +1322,22 @@ static int check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash, ++ } ++ ++ /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */ ++- if (id_len >= (UINT16_MAX / 8)) { +++ if (id_len >= (UINT16_MAX >> TRANS_BITS_BYTES_SHIFT)) { ++ fprintf(stderr, "id too large\n"); ++ return 0; ++ } ++ ++- entl = (uint16_t)(8 * id_len); +++ entl = (uint16_t)(id_len << TRANS_BITS_BYTES_SHIFT); ++ ++- e_byte = entl >> 8; +++ /* Update the most significant (first) byte of 'entl' */ +++ e_byte = GET_MS_BYTE(entl); ++ if (!EVP_DigestUpdate(hash, &e_byte, 1)) { ++ fprintf(stderr, "error evp lib\n"); ++ return 0; ++ } ++ ++- e_byte = entl & 0xFF; +++ /* Update the least significant (second) byte of 'entl' */ +++ e_byte = GET_LS_BYTE(entl); ++ if (!EVP_DigestUpdate(hash, &e_byte, 1)) { ++ fprintf(stderr, "error evp lib\n"); ++ return 0; ++@@ -1516,7 +1517,7 @@ static int sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) ++ return 0; ++ } ++ ++- /* get hashed prefix 'z' of tbs message */ +++ /* Get hashed prefix 'z' of tbs message */ ++ if (!sm2_compute_z_digest(z, md, smctx->ctx.id, smctx->ctx.id_len, ec)) ++ return 0; ++ ++-- ++1.8.3.1 ++ +diff --git a/0067-uadk_engine-cleanup-header-file.patch b/0067-uadk_engine-cleanup-header-file.patch +new file mode 100644 +index 0000000..b6f7fbc +--- /dev/null ++++ b/0067-uadk_engine-cleanup-header-file.patch +@@ -0,0 +1,250 @@ ++From 1dd1503428df2b33f679f81b1541a4314fe0aa11 Mon Sep 17 00:00:00 2001 ++From: Zhiqi Song ++Date: Sat, 22 Oct 2022 15:56:54 +0800 ++Subject: uadk_engine: cleanup header file ++ ++Remove redundant header file and modify magic number. ++ ++Signed-off-by: Zhiqi Song ++--- ++ src/uadk.h | 3 --- ++ src/uadk_async.c | 1 + ++ src/uadk_async.h | 2 +- ++ src/uadk_cipher.c | 1 + ++ src/uadk_dh.c | 1 + ++ src/uadk_digest.c | 2 ++ ++ src/uadk_ec.c | 1 + ++ src/uadk_ecx.c | 2 +- ++ src/uadk_pkey.c | 5 ++++- ++ src/uadk_rsa.c | 6 +++++- ++ src/uadk_sm2.c | 7 +++++-- ++ 11 files changed, 22 insertions(+), 9 deletions(-) ++ ++diff --git a/src/uadk.h b/src/uadk.h ++index 99c65c7..30c099f 100644 ++--- a/src/uadk.h +++++ b/src/uadk.h ++@@ -18,9 +18,6 @@ ++ #ifndef UADK_H ++ #define UADK_H ++ #include ++-#include ++-#include ++-#include "uadk_utils.h" ++ ++ #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) ++ #define ENV_STRING_LEN 256 ++diff --git a/src/uadk_async.c b/src/uadk_async.c ++index 3f2e1db..2edd6ea 100644 ++--- a/src/uadk_async.c +++++ b/src/uadk_async.c ++@@ -20,6 +20,7 @@ ++ #include ++ #include ++ #include +++#include ++ #include "uadk.h" ++ #include "uadk_async.h" ++ ++diff --git a/src/uadk_async.h b/src/uadk_async.h ++index 9bae3f4..8a4822e 100644 ++--- a/src/uadk_async.h +++++ b/src/uadk_async.h ++@@ -19,8 +19,8 @@ ++ #define UADK_ASYNC_H ++ ++ #include ++-#include ++ #include +++#include ++ ++ #define ASYNC_QUEUE_TASK_NUM 1024 ++ ++diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c ++index de5f078..cc06429 100644 ++--- a/src/uadk_cipher.c +++++ b/src/uadk_cipher.c ++@@ -22,6 +22,7 @@ ++ #include ++ #include ++ #include +++#include ++ #include "uadk.h" ++ #include "uadk_async.h" ++ ++diff --git a/src/uadk_dh.c b/src/uadk_dh.c ++index 6356872..680564c 100644 ++--- a/src/uadk_dh.c +++++ b/src/uadk_dh.c ++@@ -23,6 +23,7 @@ ++ #include ++ #include ++ #include +++#include ++ #include "uadk.h" ++ #include "uadk_async.h" ++ ++diff --git a/src/uadk_digest.c b/src/uadk_digest.c ++index 9d009a9..26a6272 100644 ++--- a/src/uadk_digest.c +++++ b/src/uadk_digest.c ++@@ -25,8 +25,10 @@ ++ #include ++ #include ++ #include +++#include ++ #include "uadk.h" ++ #include "uadk_async.h" +++#include "uadk_utils.h" ++ ++ #define UADK_DO_SOFT (-0xE0) ++ #define CTX_SYNC 0 ++diff --git a/src/uadk_ec.c b/src/uadk_ec.c ++index 9b48ae7..6106083 100644 ++--- a/src/uadk_ec.c +++++ b/src/uadk_ec.c ++@@ -23,6 +23,7 @@ ++ #include ++ #include ++ #include +++#include ++ #include "uadk_pkey.h" ++ #include "uadk.h" ++ ++diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c ++index 67042a3..b62f81d 100644 ++--- a/src/uadk_ecx.c +++++ b/src/uadk_ecx.c ++@@ -14,7 +14,6 @@ ++ * limitations under the License. ++ * ++ */ ++-#include ++ #include ++ #include ++ #include ++@@ -24,6 +23,7 @@ ++ #include ++ #include ++ #include +++#include ++ #include "uadk_pkey.h" ++ #include "uadk.h" ++ ++diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c ++index 6b5ae9a..7b7a345 100644 ++--- a/src/uadk_pkey.c +++++ b/src/uadk_pkey.c ++@@ -17,6 +17,7 @@ ++ #include ++ #include ++ #include +++#include ++ #include "uadk_async.h" ++ #include "uadk.h" ++ #include "uadk_pkey.h" ++@@ -381,6 +382,7 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey) ++ const EC_GROUP *group; ++ struct wd_dtb prikey; ++ const BIGNUM *d; +++ size_t degree; ++ int buflen; ++ int ret; ++ ++@@ -396,7 +398,8 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey) ++ return -EINVAL; ++ } ++ ++- buflen = BITS_TO_BYTES(EC_GROUP_get_degree(group)); +++ degree = EC_GROUP_get_degree(group); +++ buflen = BITS_TO_BYTES(degree); ++ ecc_key = wd_ecc_get_key(sess); ++ prikey.data = (void *)bin; ++ prikey.dsize = BN_bn2binpad(d, bin, buflen); ++diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c ++index e9a2c53..96c898f 100644 ++--- a/src/uadk_rsa.c +++++ b/src/uadk_rsa.c ++@@ -20,6 +20,7 @@ ++ #include ++ #include ++ #include +++#include ++ #include "uadk_async.h" ++ #include "uadk.h" ++ ++@@ -55,6 +56,7 @@ ++ #define PRIME_RETRY_COUNT 4 ++ #define GENCB_NEXT 2 ++ #define GENCB_RETRY 3 +++#define PRIME_CHECK_BIT_NUM 4 ++ ++ static RSA_METHOD *rsa_hw_meth; ++ ++@@ -210,7 +212,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, ++ * key by using the modulus in a certificate. This is also covered ++ * by checking the length should not be less than 0x9. ++ */ ++- if (!BN_rshift(param->r2, param->r1, *bitse - 4)) +++ if (!BN_rshift(param->r2, param->r1, *bitse - PRIME_CHECK_BIT_NUM)) ++ return BN_ERR; ++ ++ bitst = BN_get_word(param->r2); ++@@ -231,6 +233,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, ++ ret = BN_GENCB_call(cb, GENCB_NEXT, *n++); ++ if (!ret) ++ return -1; +++ ++ if (retries == PRIME_RETRY_COUNT) { ++ *num = -1; ++ *bitse = 0; ++@@ -288,6 +291,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param, ++ BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb) ++ { ++ unsigned long err; +++ ++ /* ++ * BN_sub(r,a,b) substracts b from a and place the result in r, ++ * r = a-b. ++diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c ++index 578d2d8..b14fbcf 100644 ++--- a/src/uadk_sm2.c +++++ b/src/uadk_sm2.c ++@@ -22,6 +22,7 @@ ++ #include ++ #include ++ #include +++#include ++ #include "uadk.h" ++ #include "uadk_pkey.h" ++ ++@@ -550,6 +551,7 @@ static size_t ec_field_size(const EC_GROUP *group) ++ BIGNUM *a = BN_new(); ++ BIGNUM *b = BN_new(); ++ size_t field_size = 0; +++ size_t p_bits; ++ ++ if (p == NULL || a == NULL || b == NULL) ++ goto done; ++@@ -557,7 +559,8 @@ static size_t ec_field_size(const EC_GROUP *group) ++ if (!EC_GROUP_get_curve(group, p, a, b, NULL)) ++ goto done; ++ ++- field_size = BITS_TO_BYTES(BN_num_bits(p)); +++ p_bits = BN_num_bits(p); +++ field_size = BITS_TO_BYTES(p_bits); ++ ++ done: ++ BN_free(p); ++@@ -598,7 +601,7 @@ static int sm2_ciphertext_size(const EC_KEY *key, ++ * Integer and string are simple type; set constructed = 0, means ++ * primitive and definite length encoding. ++ */ ++- sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER) +++ sz = ECC_POINT_SIZE(ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER)) ++ + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING) ++ + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING); ++ *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE); ++-- ++1.8.3.1 ++ +diff --git a/uadk_engine.spec b/uadk_engine.spec +index 4e32f87..b2cd083 100644 +--- a/uadk_engine.spec ++++ b/uadk_engine.spec +@@ -71,6 +71,16 @@ Patch0054: 0054-doc-Modify-maintainers.patch + Patch0055: 0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch + Patch0056: 0056-engine-initialize-resources-only-once.patch + Patch0057: 0057-engine-fix-function-type.patch ++Patch0058: 0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch ++Patch0059: 0059-uadk_utils-fix-x86-local-build.patch ++Patch0060: 0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch ++Patch0061: 0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch ++Patch0062: 0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch ++Patch0063: 0063-uadk_engine-bugfix-side-effects-of-right-operand.patch ++Patch0064: 0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch ++Patch0065: 0065-uadk_engine-bugfix-enable-environment-variable.patch ++Patch0066: 0066-uadk_engine-cleanup-magic-number-and-comments.patch ++Patch0067: 0067-uadk_engine-cleanup-header-file.patch + + %description + This package contains the UADK Accelerator Engine +@@ -120,6 +130,9 @@ fi + /sbin/ldconfig + + %changelog ++* Fri Aug 19 2023 JiangShui Yang 1.0.0-9 ++- Backport uadk engine patch for v1.0.1 ++ + * Fri Aug 19 2023 JiangShui Yang 1.0.0-8 + - Eable debuginfo for fix strip + +-- +2.25.1 + diff --git a/0064-configure-use-LT_INIT-to-replace-obsolete-AC_PROG_LI.patch b/0064-configure-use-LT_INIT-to-replace-obsolete-AC_PROG_LI.patch new file mode 100644 index 0000000..cbbf06e --- /dev/null +++ b/0064-configure-use-LT_INIT-to-replace-obsolete-AC_PROG_LI.patch @@ -0,0 +1,31 @@ +From c0a9cc207853c2231713991c780d95c21f821c72 Mon Sep 17 00:00:00 2001 +From: Zhangfei Gao +Date: Mon, 13 Nov 2023 09:10:52 +0000 +Subject: [PATCH 64/82] configure: use LT_INIT to replace obsolete + AC_PROG_LIBTOOL + +resolve configure warning +configure.ac:9: warning: The macro `AC_PROG_LIBTOOL' is obsolete. + +Signed-off-by: Zhangfei Gao +--- + configure.ac | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 0fc14ed..a3fee58 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -6,8 +6,7 @@ AC_CONFIG_MACRO_DIR([m4]) + AC_CONFIG_HEADERS([config.h]) + + AC_PROG_CC +-AC_PROG_LIBTOOL +-AM_PROG_LIBTOOL ++LT_INIT + + AC_ARG_ENABLE(kae, + AS_HELP_STRING([--enable-kae],[Enable kae support])) +-- +2.25.1 + diff --git a/0065-uadk_prov-Set-enable_sw_offload-from-uadk_provider.c.patch b/0065-uadk_prov-Set-enable_sw_offload-from-uadk_provider.c.patch new file mode 100644 index 0000000..ad11e34 --- /dev/null +++ b/0065-uadk_prov-Set-enable_sw_offload-from-uadk_provider.c.patch @@ -0,0 +1,265 @@ +From bd2488f4f418e3a3cb4bee1aaedab25e7737fc99 Mon Sep 17 00:00:00 2001 +From: Zhangfei Gao +Date: Tue, 14 Nov 2023 09:10:12 +0000 +Subject: [PATCH 65/82] uadk_prov: Set enable_sw_offload from uadk_provider.cnf + +Add para enable_sw_offload to offload small packets to sw. +This can be configured from uadk_provider.cnf with default 0. +Only offload when enable_sw_offload != 0 + +Other paras can be added accordingly later + +For example: +vi uadk_provider.cnf +enable_sw_offload = 1 + +OPENSSL_CONF=uadk_provider.cnf openssl speed -evp md5 + +Signed-off-by: Zhangfei Gao +--- + src/uadk_prov.h | 3 +++ + src/uadk_prov_cipher.c | 41 ++++++++++++++++++++++----------- + src/uadk_prov_digest.c | 7 ++++-- + src/uadk_prov_init.c | 52 ++++++++++++++++++++++++++++++++++++++++++ + uadk_provider.cnf | 1 + + 5 files changed, 89 insertions(+), 15 deletions(-) + +diff --git a/src/uadk_prov.h b/src/uadk_prov.h +index 718e78c..b4871b3 100644 +--- a/src/uadk_prov.h ++++ b/src/uadk_prov.h +@@ -124,4 +124,7 @@ void uadk_prov_destroy_digest(void); + void uadk_prov_destroy_cipher(void); + void uadk_prov_destroy_rsa(void); + void uadk_prov_destroy_dh(void); ++ ++/* offload small packets to sw */ ++extern int enable_sw_offload; + #endif +diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c +index 9b0e9fe..5cb91f6 100644 +--- a/src/uadk_prov_cipher.c ++++ b/src/uadk_prov_cipher.c +@@ -27,6 +27,7 @@ + #include + #include "uadk.h" + #include "uadk_async.h" ++#include "uadk_prov.h" + + #define UADK_DO_SOFT (-0xE0) + #define UADK_DO_HW (-0xF0) +@@ -283,7 +284,8 @@ static int uadk_prov_cipher_init(struct cipher_priv_ctx *priv, + if (key) + memcpy(priv->key, key, keylen); + +- uadk_prov_cipher_sw_init(priv, key, iv); ++ if (enable_sw_offload) ++ uadk_prov_cipher_sw_init(priv, key, iv); + return 1; + } + +@@ -446,7 +448,8 @@ static void uadk_prov_cipher_ctx_init(struct cipher_priv_ctx *priv) + free(ctx_set_num); + + if (unlikely(ret)) { +- priv->switch_flag = UADK_DO_SOFT; ++ if (priv->sw_cipher) ++ priv->switch_flag = UADK_DO_SOFT; + pthread_mutex_unlock(&cipher_mutex); + return; + } +@@ -634,10 +637,16 @@ static int uadk_prov_do_cipher(struct cipher_priv_ctx *priv, unsigned char *out, + int outlint = 0; + int ret; + +- if (priv->switch_flag == UADK_DO_SOFT || +- (priv->sw_cipher && priv->switch_flag != UADK_DO_HW && +- inlen <= priv->switch_threshold)) { +- /* have issue if both using hw and soft partly */ ++ if (priv->sw_cipher && ++ (priv->switch_flag == UADK_DO_SOFT || ++ (priv->switch_flag != UADK_DO_HW && ++ inlen <= priv->switch_threshold))) { ++ /* ++ * Using soft only if enable_sw_offload, which is set in conf file, ++ * then sw_cipher is initialzied ++ * 1. small packets ++ * 2. already choose DO_SOFT, can be hw fail case or following sw case ++ */ + ret = uadk_prov_cipher_soft_work(priv, out, &outlint, in, inlen); + if (ret) { + *outl = outlint; +@@ -746,7 +755,8 @@ static int uadk_prov_cipher_block_final(void *vctx, unsigned char *out, + int sw_final_len = 0; + int ret; + +- if (priv->switch_flag == UADK_DO_SOFT) { ++ if (priv->sw_cipher && ++ priv->switch_flag == UADK_DO_SOFT) { + if (!EVP_CipherFinal_ex(priv->sw_ctx, out, &sw_final_len)) { + fprintf(stderr, "EVP_CipherFinal_ex sw_ctx failed.\n"); + return 0; +@@ -854,9 +864,10 @@ static int uadk_prov_cipher_stream_update(void *vctx, unsigned char *out, + return 0; + } + +- if (priv->switch_flag == UADK_DO_SOFT || +- (priv->sw_cipher && priv->switch_flag != UADK_DO_HW && +- inl <= priv->switch_threshold)) { ++ if (priv->sw_cipher && ++ (priv->switch_flag == UADK_DO_SOFT || ++ (priv->switch_flag != UADK_DO_HW && ++ inl <= priv->switch_threshold))) { + int len = 0; + + /* have isseu if both using hw and soft partly */ +@@ -883,7 +894,8 @@ static int uadk_prov_cipher_stream_final(void *vctx, unsigned char *out, + struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)vctx; + int sw_final_len = 0; + +- if (priv->switch_flag == UADK_DO_SOFT) { ++ if (priv->sw_cipher && ++ priv->switch_flag == UADK_DO_SOFT) { + if (!EVP_CipherFinal_ex(priv->sw_ctx, out, &sw_final_len)) { + fprintf(stderr, "EVP_CipherFinal_ex sw_ctx failed.\n"); + return 0; +@@ -1083,8 +1095,11 @@ static void uadk_prov_cipher_freectx(void *ctx) + { + struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)ctx; + +- EVP_CIPHER_free(priv->sw_cipher); +- EVP_CIPHER_CTX_free(priv->sw_ctx); ++ if (priv->sw_cipher) ++ EVP_CIPHER_free(priv->sw_cipher); ++ ++ if (priv->sw_ctx) ++ EVP_CIPHER_CTX_free(priv->sw_ctx); + + if (priv->sess) { + wd_cipher_free_sess(priv->sess); +diff --git a/src/uadk_prov_digest.c b/src/uadk_prov_digest.c +index 8d6bf06..378bcbc 100644 +--- a/src/uadk_prov_digest.c ++++ b/src/uadk_prov_digest.c +@@ -29,6 +29,7 @@ + #include + #include "uadk.h" + #include "uadk_async.h" ++#include "uadk_prov.h" + #include "uadk_utils.h" + + #define UADK_DO_SOFT (-0xE0) +@@ -288,7 +289,8 @@ static int uadk_digest_init(struct digest_priv_ctx *priv) + return 0; + } + +- uadk_digests_soft_md(priv); ++ if (enable_sw_offload) ++ uadk_digests_soft_md(priv); + + return 1; + +@@ -403,7 +405,8 @@ static int uadk_do_digest_sync(struct digest_priv_ctx *priv) + { + int ret; + +- if (priv->req.in_bytes <= priv->switch_threshold && ++ if (priv->soft_md && ++ priv->req.in_bytes <= priv->switch_threshold && + priv->state == SEC_DIGEST_INIT) + return 0; + +diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c +index c3d4a63..9cea8b9 100644 +--- a/src/uadk_prov_init.c ++++ b/src/uadk_prov_init.c +@@ -31,6 +31,17 @@ + static const char UADK_DEFAULT_PROPERTIES[] = "provider=uadk_provider"; + static OSSL_PROVIDER *prov; + ++/* Functions provided by the core */ ++static OSSL_FUNC_core_get_params_fn *c_get_params; ++static OSSL_FUNC_core_get_libctx_fn *c_get_libctx; ++ ++struct uadk_provider_params { ++ char *enable_sw_offload; ++} uadk_params; ++ ++/* offload small packets to sw */ ++int enable_sw_offload; ++ + const OSSL_ALGORITHM uadk_prov_digests[] = { + { OSSL_DIGEST_NAME_MD5, UADK_DEFAULT_PROPERTIES, + uadk_md5_functions, "uadk_provider md5" }, +@@ -153,6 +164,28 @@ static const OSSL_DISPATCH uadk_dispatch_table[] = { + { 0, NULL } + }; + ++int uadk_get_params_from_core(const OSSL_CORE_HANDLE *handle) ++{ ++ OSSL_PARAM core_params[2], *p = core_params; ++ ++ *p++ = OSSL_PARAM_construct_utf8_ptr( ++ "enable_sw_offload", ++ (char **)&uadk_params.enable_sw_offload, ++ 0); ++ ++ *p = OSSL_PARAM_construct_end(); ++ ++ if (!c_get_params(handle, core_params)) { ++ fprintf(stderr, "WARN: UADK get parameters from core is failed.\n"); ++ return 0; ++ } ++ ++ if (uadk_params.enable_sw_offload) ++ enable_sw_offload = atoi(uadk_params.enable_sw_offload); ++ ++ return 1; ++} ++ + static void provider_init_child_at_fork_handler(void) + { + int ret; +@@ -170,11 +203,30 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, + struct uadk_prov_ctx *ctx; + int ret; + ++ for (; oin->function_id != 0; oin++) { ++ switch (oin->function_id) { ++ case OSSL_FUNC_CORE_GET_PARAMS: ++ c_get_params = OSSL_FUNC_core_get_params(oin); ++ break; ++ case OSSL_FUNC_CORE_GET_LIBCTX: ++ c_get_libctx = OSSL_FUNC_core_get_libctx(oin); ++ break; ++ default: ++ /* Just ignore anything we don't understand */ ++ break; ++ } ++ } ++ ++ /* get parameters from uadk_provider.cnf */ ++ if (!uadk_get_params_from_core(handle)) ++ return 0; ++ + ctx = OPENSSL_zalloc(sizeof(*ctx)); + if (ctx == NULL) + return 0; + + ctx->handle = handle; ++ ctx->libctx = (OSSL_LIB_CTX *)c_get_libctx(handle); + ret = async_module_init(); + if (!ret) + fprintf(stderr, "async_module_init fail!\n"); +diff --git a/uadk_provider.cnf b/uadk_provider.cnf +index c9d1596..7b277ac 100644 +--- a/uadk_provider.cnf ++++ b/uadk_provider.cnf +@@ -13,3 +13,4 @@ uadk_provider = uadk_sect + + [uadk_sect] + activate = 1 ++enable_sw_offload = 0 +-- +2.25.1 + diff --git a/0066-ecc-optimize-sm2-sign-check-function.patch b/0066-ecc-optimize-sm2-sign-check-function.patch new file mode 100644 index 0000000..b9f2add --- /dev/null +++ b/0066-ecc-optimize-sm2-sign-check-function.patch @@ -0,0 +1,62 @@ +From f4f8c9a20fa60b2b8c97a3b2a5b0edef1fc896b7 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 25 Nov 2023 16:13:17 +0800 +Subject: [PATCH 66/82] ecc: optimize sm2 sign check function + +Enable users to pass NULL sign parameter to obtain the +length of the signature result. If users want to do actual +signature task, they need to call the signature function a +second time. + +Signed-off-by: Zhiqi Song +--- + src/uadk_sm2.c | 19 +++++++++++++------ + 1 file changed, 13 insertions(+), 6 deletions(-) + +diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c +index f393641..df760fe 100644 +--- a/src/uadk_sm2.c ++++ b/src/uadk_sm2.c +@@ -26,6 +26,8 @@ + #include "uadk.h" + #include "uadk_pkey.h" + ++#define GET_SIGNLEN 1 ++ + enum { + CTX_INIT_FAIL = -1, + CTX_UNINIT, +@@ -673,6 +675,17 @@ static int sm2_sign_check(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EC_KEY *ec = EVP_PKEY_get0(p_key); + const int sig_sz = ECDSA_size(ec); + ++ /* ++ * If 'sig' is NULL, users can use sm2_decrypt API to obtain the valid 'siglen' first, ++ * then users use the value of 'signlen' to alloc the memory of 'sig' and call the ++ * sm2_decrypt API a second time to do the decryption task. ++ */ ++ if (!sig) { ++ fprintf(stderr, "sig is NULL, get valid siglen\n"); ++ *siglen = (size_t)sig_sz; ++ return GET_SIGNLEN; ++ } ++ + if (!smctx || !smctx->sess) { + fprintf(stderr, "smctx or sess NULL\n"); + return UADK_DO_SOFT; +@@ -693,12 +706,6 @@ static int sm2_sign_check(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + return -EINVAL; + } + +- if (!sig) { +- fprintf(stderr, "invalid: sig is NULL\n"); +- *siglen = (size_t)sig_sz; +- return -EINVAL; +- } +- + if (tbslen > SM2_KEY_BYTES) + return UADK_DO_SOFT; + +-- +2.25.1 + diff --git a/0067-digest-fix-the-address-of-async-op.patch b/0067-digest-fix-the-address-of-async-op.patch new file mode 100644 index 0000000..0fca15e --- /dev/null +++ b/0067-digest-fix-the-address-of-async-op.patch @@ -0,0 +1,104 @@ +From e88c3c63a1f71048854c83aaa45710d8eaf702af Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 25 Nov 2023 16:13:18 +0800 +Subject: [PATCH 67/82] digest: fix the address of async op + +When call uadk_engine by gmssl: + gmssl speed -elapsed -engine uadk_engine -async_jobs 16 + +There is a core dump, the call stack is: + | read + | async_pause_job + | do_digest_async + | uadk_e_digest_final + | EVP_DigestFinal_ex + | rand_bytes + | rand_nopseudo_bytes + | RAND_bytes + | bnrand + | BN_pseudo_rand + | bn_rand_range + | BN_priv_rand_range + | uadk_ecc_get_rand + | generate_random + | new_sign_in + | wd_sm2_new_sign_in + | sm2_sign_init_iot +After finishing uadk_e_digest_final(), EVP_DigestFinal_ex() will continue +calling cleanup() function, the address of async job will be changed. As +the address is on stack, if the async thread happens to use this async job, +the core dump will occur: + | ASYNC_WAIT_CTX_get_fd + | async_wake_job + | async_cb + | wd_digest_poll_ctx + | uadk_e_digest_poll + | async_poll_process_func +So the address of op should be on heap to save the async job, or it will +be released by digest cleaup process, and affects the following async task. + +Signed-off-by: Zhiqi Song +--- + src/uadk_digest.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index fa96e57..0aa90f3 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -767,7 +767,7 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) + { + struct digest_priv_ctx *priv = + (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx); +- struct async_op op; ++ struct async_op *op; + int ret = 1; + + digest_set_msg_state(priv, true); +@@ -782,13 +782,18 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) + if (priv->e_nid == NID_sha384) + priv->req.out_bytes = WD_DIGEST_SHA384_LEN; + +- ret = async_setup_async_event_notification(&op); ++ op = malloc(sizeof(struct async_op)); ++ if (!op) ++ return 0; ++ ++ ret = async_setup_async_event_notification(op); + if (unlikely(!ret)) { + fprintf(stderr, "failed to setup async event notification.\n"); ++ free(op); + return 0; + } + +- if (op.job == NULL) { ++ if (!op->job) { + /* Synchronous, only the synchronous mode supports soft computing */ + if (unlikely(priv->switch_flag == UADK_DO_SOFT)) { + ret = digest_soft_final(priv, digest); +@@ -800,12 +805,13 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) + if (!ret) + goto sync_err; + } else { +- ret = do_digest_async(priv, &op); ++ ret = do_digest_async(priv, op); + if (!ret) + goto clear; + } + memcpy(digest, priv->req.out, priv->req.out_bytes); + ++ free(op); + return 1; + + sync_err: +@@ -817,6 +823,7 @@ sync_err: + } + clear: + async_clear_async_event_notification(); ++ free(op); + return ret; + } + +-- +2.25.1 + diff --git a/0068-uadk_engine-add-device-initialization-status.patch b/0068-uadk_engine-add-device-initialization-status.patch new file mode 100644 index 0000000..411156f --- /dev/null +++ b/0068-uadk_engine-add-device-initialization-status.patch @@ -0,0 +1,1123 @@ +From ea76570d9ba3547dc1b3cc8c9b68d4bdf8ea9106 Mon Sep 17 00:00:00 2001 +From: Weili Qian +Date: Sat, 25 Nov 2023 16:13:19 +0800 +Subject: [PATCH 68/82] uadk_engine: add device initialization status + +The process needs to initialize the device only once. The process pid is +used to intercept repeated initialization, but the getpid() takes a +long time. Therefore, the device status is added, and the system does +not attempt to initialize the device after the device initialization +fails. When the device is reset, update status to UADK_DEVICE_ERROR, +and tasks are not sent to the hardware. + +Signed-off-by: Weili Qian +--- + src/uadk.h | 4 ++ + src/uadk_dh.c | 139 +++++++++++++++++++++++-------------- + src/uadk_ec.c | 60 ++++++++-------- + src/uadk_ecx.c | 8 +-- + src/uadk_pkey.c | 100 ++++++++++++++++---------- + src/uadk_rsa.c | 181 +++++++++++++++++++++++++++++------------------- + src/uadk_sm2.c | 3 +- + 7 files changed, 300 insertions(+), 195 deletions(-) + +diff --git a/src/uadk.h b/src/uadk.h +index 3dbaba1..c5ebf32 100644 +--- a/src/uadk.h ++++ b/src/uadk.h +@@ -22,6 +22,10 @@ + #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) + #define ENV_STRING_LEN 256 + #define ENGINE_RECV_MAX_CNT 60000000 ++#define UADK_UNINIT 0 ++#define UADK_INIT_SUCCESS 1 ++#define UADK_INIT_FAIL 2 ++#define UADK_DEVICE_ERROR 3 + + enum { + HW_V2, +diff --git a/src/uadk_dh.c b/src/uadk_dh.c +index 418747e..62c75fe 100644 +--- a/src/uadk_dh.c ++++ b/src/uadk_dh.c +@@ -75,8 +75,8 @@ struct uadk_dh_sess { + + struct dh_res { + struct wd_ctx_config *ctx_res; +- int pid; + int numa_id; ++ int status; + pthread_spinlock_t lock; + } g_dh_res; + +@@ -200,6 +200,13 @@ static __u32 dh_pick_next_ctx(handle_t sched_ctx, + return CTX_SYNC; + } + ++static void uadk_e_dh_set_status(void) ++{ ++ pthread_spin_lock(&g_dh_res.lock); ++ g_dh_res.status = UADK_DEVICE_ERROR; ++ pthread_spin_unlock(&g_dh_res.lock); ++} ++ + static int uadk_e_dh_poll(void *ctx) + { + __u64 rx_cnt = 0; +@@ -210,12 +217,15 @@ static int uadk_e_dh_poll(void *ctx) + + do { + ret = wd_dh_poll_ctx(idx, expt, &recv); +- if (!ret && recv == expt) ++ if (!ret && recv == expt) { + return UADK_E_POLL_SUCCESS; +- else if (ret == -EAGAIN) ++ } else if (ret == -EAGAIN) { + rx_cnt++; +- else ++ } else { ++ if (ret == -WD_HW_EACCESS) ++ uadk_e_dh_set_status(); + return UADK_E_POLL_FAIL; ++ } + } while (rx_cnt < ENGINE_RECV_MAX_CNT); + + fprintf(stderr, "failed to recv msg: timeout!\n"); +@@ -281,8 +291,11 @@ static int uadk_e_dh_env_poll(void *ctx) + + do { + ret = wd_dh_poll(expt, &recv); +- if (ret < 0 || recv == expt) ++ if (ret < 0 || recv == expt) { ++ if (ret == -WD_HW_EACCESS) ++ uadk_e_dh_set_status(); + return ret; ++ } + rx_cnt++; + } while (rx_cnt < ENGINE_RECV_MAX_CNT); + +@@ -363,41 +376,42 @@ free_cfg: + + static int uadk_e_dh_init(void) + { +- struct uacce_dev *dev; ++ struct uacce_dev *dev = NULL; + int ret; + +- if (g_dh_res.pid != getpid()) { +- pthread_spin_lock(&g_dh_res.lock); +- if (g_dh_res.pid == getpid()) { +- pthread_spin_unlock(&g_dh_res.lock); +- return UADK_E_INIT_SUCCESS; +- } +- +- dev = wd_get_accel_dev("dh"); +- if (!dev) { +- pthread_spin_unlock(&g_dh_res.lock); +- fprintf(stderr, "failed to get device for dh\n"); +- return -ENOMEM; +- } ++ if (g_dh_res.status != UADK_UNINIT) ++ return g_dh_res.status; + +- ret = uadk_e_wd_dh_init(&dh_res_config, dev); +- if (ret) +- goto err_unlock; ++ pthread_spin_lock(&g_dh_res.lock); ++ if (g_dh_res.status != UADK_UNINIT) ++ goto unlock; + +- g_dh_res.numa_id = dev->numa_id; +- g_dh_res.pid = getpid(); +- pthread_spin_unlock(&g_dh_res.lock); +- free(dev); ++ dev = wd_get_accel_dev("dh"); ++ if (!dev) { ++ fprintf(stderr, "no device available, switch to software!\n"); ++ goto err_init; + } + +- return UADK_E_INIT_SUCCESS; ++ ret = uadk_e_wd_dh_init(&dh_res_config, dev); ++ if (ret) { ++ fprintf(stderr, "device unavailable(%d), switch to software!\n", ret); ++ goto err_init; ++ } + +-err_unlock: ++ g_dh_res.numa_id = dev->numa_id; ++ g_dh_res.status = UADK_INIT_SUCCESS; + pthread_spin_unlock(&g_dh_res.lock); + free(dev); +- fprintf(stderr, "failed to init dh(%d)\n", ret); + +- return ret; ++ return g_dh_res.status; ++ ++err_init: ++ g_dh_res.status = UADK_INIT_FAIL; ++unlock: ++ pthread_spin_unlock(&g_dh_res.lock); ++ if (dev) ++ free(dev); ++ return g_dh_res.status; + } + + static void uadk_e_wd_dh_uninit(void) +@@ -406,20 +420,26 @@ static void uadk_e_wd_dh_uninit(void) + __u32 i; + int ret; + +- if (g_dh_res.pid == getpid()) { +- ret = uadk_e_is_env_enabled("dh"); +- if (ret == ENV_ENABLED) { +- wd_dh_env_uninit(); +- } else { +- wd_dh_uninit(); +- for (i = 0; i < ctx_cfg->ctx_num; i++) +- wd_release_ctx(ctx_cfg->ctxs[i].ctx); ++ if (g_dh_res.status == UADK_UNINIT) ++ return; + +- free(ctx_cfg->ctxs); +- free(ctx_cfg); +- } +- g_dh_res.pid = 0; ++ if (g_dh_res.status == UADK_INIT_FAIL) ++ goto clear_status; ++ ++ ret = uadk_e_is_env_enabled("dh"); ++ if (ret == ENV_ENABLED) { ++ wd_dh_env_uninit(); ++ } else { ++ wd_dh_uninit(); ++ for (i = 0; i < ctx_cfg->ctx_num; i++) ++ wd_release_ctx(ctx_cfg->ctxs[i].ctx); ++ ++ free(ctx_cfg->ctxs); ++ free(ctx_cfg); + } ++ ++clear_status: ++ g_dh_res.status = UADK_UNINIT; + } + + static struct uadk_dh_sess *dh_new_eng_session(DH *dh_alg) +@@ -706,8 +726,11 @@ static int dh_do_crypto(struct uadk_dh_sess *dh_sess) + + if (!op.job) { + ret = wd_do_dh_sync(dh_sess->sess, &dh_sess->req); +- if (ret) ++ if (ret) { ++ if (ret == -WD_HW_EACCESS) ++ uadk_e_dh_set_status(); + return UADK_E_FAIL; ++ } + } else { + cb_param.op = &op; + cb_param.priv = &dh_sess->req; +@@ -723,6 +746,8 @@ static int dh_do_crypto(struct uadk_dh_sess *dh_sess) + do { + ret = wd_do_dh_async(dh_sess->sess, &dh_sess->req); + if (ret < 0 && ret != -EBUSY) { ++ if (ret == -WD_HW_EACCESS) ++ uadk_e_dh_set_status(); + async_free_poll_task(op.idx, 0); + goto err; + } +@@ -770,21 +795,21 @@ static int uadk_e_dh_generate_key(DH *dh) + int ret; + + if (!dh) +- goto exe_soft; ++ return UADK_E_FAIL; + + ret = uadk_e_dh_init(); +- if (ret) ++ if (ret != UADK_INIT_SUCCESS) + goto exe_soft; + + DH_get0_pqg(dh, &p, &q, &g); + if (!p || !g || q) +- goto exe_soft; ++ return UADK_E_FAIL; + + /* Get session and prepare private key */ + ret = dh_prepare_data(g, dh, &dh_sess, &priv_key); + if (!ret) { + fprintf(stderr, "prepare dh data failed\n"); +- goto exe_soft; ++ goto soft_log; + } + + ret = dh_fill_genkey_req(g, p, priv_key, dh_sess); +@@ -814,8 +839,9 @@ free_data: + if (dh_sess->key_flag == KEY_GEN_BY_ENGINE) + BN_free(priv_key); + dh_free_eng_session(dh_sess); +-exe_soft: ++soft_log: + fprintf(stderr, "switch to execute openssl software calculation.\n"); ++exe_soft: + return uadk_e_dh_soft_generate_key(dh); + } + +@@ -830,20 +856,20 @@ static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, + int ret; + + if (!dh || !key || !pub_key || !DH_get0_priv_key(dh)) +- goto exe_soft; ++ return UADK_E_FAIL; + + ret = uadk_e_dh_init(); +- if (ret) ++ if (ret != UADK_INIT_SUCCESS) + goto exe_soft; + + DH_get0_pqg(dh, &p, &q, &g); + if (!p || !g) +- goto exe_soft; ++ return UADK_E_FAIL; + + ret = dh_prepare_data(g, dh, &dh_sess, &priv_key); + if (!ret) { + fprintf(stderr, "failed to prepare dh data\n"); +- goto exe_soft; ++ goto soft_log; + } + + ret = dh_fill_compkey_req(g, p, priv_key, pub_key, dh_sess); +@@ -868,8 +894,9 @@ free_data: + if (dh_sess->key_flag == KEY_GEN_BY_ENGINE) + BN_free(priv_key); + dh_free_eng_session(dh_sess); +-exe_soft: ++soft_log: + fprintf(stderr, "switch to execute openssl software calculation.\n"); ++exe_soft: + return uadk_e_dh_soft_compute_key(key, pub_key, dh); + } + +@@ -919,7 +946,13 @@ void uadk_e_destroy_dh(void) + uadk_e_wd_dh_uninit(); + } + ++static void uadk_e_dh_clear_status(void) ++{ ++ g_dh_res.status = UADK_UNINIT; ++} ++ + void uadk_e_dh_lock_init(void) + { ++ pthread_atfork(NULL, NULL, uadk_e_dh_clear_status); + pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE); + } +diff --git a/src/uadk_ec.c b/src/uadk_ec.c +index 5852d04..78c403f 100644 +--- a/src/uadk_ec.c ++++ b/src/uadk_ec.c +@@ -479,19 +479,19 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, + + ret = ecdsa_do_sign_check(eckey, dgst, dlen, in_kinv, in_r); + if (ret) +- goto do_soft; ++ goto soft_log; + + ret = uadk_e_ecc_get_support_state(ECDSA_SUPPORT); + if (!ret) +- goto do_soft; ++ goto soft_log; + + ret = uadk_init_ecc(); +- if (ret) ++ if (ret != UADK_INIT_SUCCESS) + goto do_soft; + + sess = ecc_alloc_sess(eckey, "ecdsa"); + if (!sess) +- goto do_soft; ++ goto soft_log; + + memset(&req, 0, sizeof(req)); + tdgst.data = (void *)dgst; +@@ -521,8 +521,9 @@ uninit_iot: + wd_ecc_del_out(sess, req.dst); + free_sess: + wd_ecc_free_sess(sess); +-do_soft: ++soft_log: + fprintf(stderr, "switch to execute openssl software calculation.\n"); ++do_soft: + return openssl_do_sign(dgst, dlen, in_kinv, in_r, eckey); + } + +@@ -677,19 +678,19 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen, + + ret = ecdsa_do_verify_check(eckey, dgst, dlen, sig); + if (ret) +- goto do_soft; ++ goto soft_log; + + ret = uadk_e_ecc_get_support_state(ECDSA_SUPPORT); + if (!ret) +- goto do_soft; ++ goto soft_log; + + ret = uadk_init_ecc(); +- if (ret) ++ if (ret != UADK_INIT_SUCCESS) + goto do_soft; + + sess = ecc_alloc_sess(eckey, "ecdsa"); + if (!sess) +- goto do_soft; ++ goto soft_log; + + memset(&req, 0, sizeof(req)); + tdgst.data = (void *)dgst; +@@ -717,8 +718,9 @@ uninit_iot: + wd_ecc_del_in(sess, req.src); + free_sess: + wd_ecc_free_sess(sess); +-do_soft: ++soft_log: + fprintf(stderr, "switch to execute openssl software calculation.\n"); ++do_soft: + return openssl_do_verify(dgst, dlen, sig, eckey); + } + +@@ -970,23 +972,23 @@ static int sm2_generate_key(EC_KEY *eckey) + + ret = ecc_genkey_check(eckey); + if (ret) +- goto do_soft; ++ goto soft_log; + + ret = eckey_create_key(eckey); + if (!ret) +- goto do_soft; ++ goto soft_log; + + ret = uadk_e_ecc_get_support_state(SM2_SUPPORT); + if (!ret) +- goto do_soft; ++ goto soft_log; + + ret = uadk_init_ecc(); +- if (ret) ++ if (ret != UADK_INIT_SUCCESS) + goto do_soft; + + sess = ecc_alloc_sess(eckey, "sm2"); + if (!sess) +- goto do_soft; ++ goto soft_log; + + memset(&req, 0, sizeof(req)); + ret = sm2_keygen_init_iot(sess, &req); +@@ -1010,8 +1012,9 @@ uninit_iot: + wd_ecc_del_out(sess, req.dst); + free_sess: + wd_ecc_free_sess(sess); +-do_soft: ++soft_log: + fprintf(stderr, "switch to execute openssl software calculation.\n"); ++do_soft: + return openssl_do_generate(eckey); + } + +@@ -1031,7 +1034,6 @@ static int ecdh_keygen_init_iot(handle_t sess, struct wd_ecc_req *req, + return 1; + } + +- + static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req, + const EC_POINT *pubkey, const EC_KEY *ecdh) + { +@@ -1201,23 +1203,23 @@ static int ecdh_generate_key(EC_KEY *ecdh) + + ret = ecc_genkey_check(ecdh); + if (ret) +- goto do_soft; ++ goto soft_log; + + ret = ecdh_create_key(ecdh); + if (!ret) +- goto do_soft; ++ goto soft_log; + + ret = uadk_e_ecc_get_support_state(ECDH_SUPPORT); + if (!ret) +- goto do_soft; ++ goto soft_log; + + ret = uadk_init_ecc(); +- if (ret) ++ if (ret != UADK_INIT_SUCCESS) + goto do_soft; + + sess = ecc_alloc_sess(ecdh, "ecdh"); + if (!sess) +- goto do_soft; ++ goto soft_log; + + memset(&req, 0, sizeof(req)); + ret = ecdh_keygen_init_iot(sess, &req, ecdh); +@@ -1245,8 +1247,9 @@ uninit_iot: + wd_ecc_del_out(sess, req.dst); + free_sess: + wd_ecc_free_sess(sess); +-do_soft: ++soft_log: + fprintf(stderr, "switch to execute openssl software calculation.\n"); ++do_soft: + return openssl_do_generate(ecdh); + } + +@@ -1319,19 +1322,19 @@ static int ecdh_compute_key(unsigned char **out, size_t *outlen, + + ret = ecc_compkey_check(out, outlen, pub_key, ecdh); + if (!ret) +- goto do_soft; ++ goto soft_log; + + ret = uadk_e_ecc_get_support_state(ECDH_SUPPORT); + if (!ret) +- goto do_soft; ++ goto soft_log; + + ret = uadk_init_ecc(); +- if (ret) ++ if (ret != UADK_INIT_SUCCESS) + goto do_soft; + + sess = ecc_alloc_sess(ecdh, "ecdh"); + if (!sess) +- goto do_soft; ++ goto soft_log; + + memset(&req, 0, sizeof(req)); + ret = ecdh_compkey_init_iot(sess, &req, pub_key, ecdh); +@@ -1365,8 +1368,9 @@ uninit_iot: + wd_ecc_del_out(sess, req.dst); + free_sess: + wd_ecc_free_sess(sess); +-do_soft: ++soft_log: + fprintf(stderr, "switch to execute openssl software calculation.\n"); ++do_soft: + return openssl_do_compute(out, outlen, pub_key, ecdh); + } + +diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c +index 3eafdfb..c8d7205 100644 +--- a/src/uadk_ecx.c ++++ b/src/uadk_ecx.c +@@ -85,10 +85,8 @@ static int x25519_init(EVP_PKEY_CTX *ctx) + } + + ret = uadk_init_ecc(); +- if (ret) { +- fprintf(stderr, "failed to uadk_init_ecc, ret = %d\n", ret); ++ if (ret != UADK_INIT_SUCCESS) + return UADK_E_FAIL; +- } + + x25519_ctx = calloc(1, sizeof(struct ecx_ctx)); + if (!x25519_ctx) { +@@ -141,10 +139,8 @@ static int x448_init(EVP_PKEY_CTX *ctx) + } + + ret = uadk_init_ecc(); +- if (ret) { +- fprintf(stderr, "failed to do uadk_init_ecc, ret = %d\n", ret); ++ if (ret != UADK_INIT_SUCCESS) + return UADK_E_FAIL; +- } + + x448_ctx = calloc(1, sizeof(struct ecx_ctx)); + if (!x448_ctx) { +diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c +index b071d8b..a950f6d 100644 +--- a/src/uadk_pkey.c ++++ b/src/uadk_pkey.c +@@ -50,7 +50,7 @@ struct ecc_res_config { + /* ECC global hardware resource is saved here */ + struct ecc_res { + struct wd_ctx_config *ctx_res; +- int pid; ++ int status; + int numa_id; + pthread_spinlock_t lock; + } ecc_res; +@@ -105,6 +105,13 @@ void uadk_e_ecc_cb(void *req_t) + } + } + ++static void uadk_e_ecc_set_status(void) ++{ ++ pthread_spin_lock(&ecc_res.lock); ++ ecc_res.status = UADK_DEVICE_ERROR; ++ pthread_spin_unlock(&ecc_res.lock); ++} ++ + static int uadk_ecc_poll(void *ctx) + { + unsigned int recv = 0; +@@ -114,12 +121,15 @@ static int uadk_ecc_poll(void *ctx) + + do { + ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv); +- if (!ret && recv == expt) ++ if (!ret && recv == expt) { + return 0; +- else if (ret == -EAGAIN) ++ } else if (ret == -EAGAIN) { + rx_cnt++; +- else ++ } else { ++ if (ret == -WD_HW_EACCESS) ++ uadk_e_ecc_set_status(); + return -1; ++ } + } while (rx_cnt < ENGINE_RECV_MAX_CNT); + + fprintf(stderr, "failed to recv msg: timeout!\n"); +@@ -166,8 +176,11 @@ static int uadk_e_ecc_env_poll(void *ctx) + + do { + ret = wd_ecc_poll(expt, &recv); +- if (ret < 0 || recv == expt) ++ if (ret < 0 || recv == expt) { ++ if (ret == -WD_HW_EACCESS) ++ uadk_e_ecc_set_status(); + return ret; ++ } + rx_cnt++; + } while (rx_cnt < ENGINE_RECV_MAX_CNT); + +@@ -262,9 +275,12 @@ static void uadk_wd_ecc_uninit(void) + __u32 i; + int ret; + +- if (ecc_res.pid != getpid()) ++ if (ecc_res.status == UADK_UNINIT) + return; + ++ if (ecc_res.status == UADK_INIT_FAIL) ++ goto clear_status; ++ + ret = uadk_e_is_env_enabled("ecc"); + if (ret == ENV_ENABLED) { + wd_ecc_env_uninit(); +@@ -276,8 +292,10 @@ static void uadk_wd_ecc_uninit(void) + free(ctx_cfg); + ecc_res.ctx_res = NULL; + } +- ecc_res.pid = 0; + ecc_res.numa_id = 0; ++ ++clear_status: ++ ecc_res.status = UADK_UNINIT; + } + + int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr) +@@ -307,6 +325,8 @@ int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr) + do { + ret = wd_do_ecc_async(sess, req); + if (ret < 0 && ret != -EBUSY) { ++ if (ret == -WD_HW_EACCESS) ++ uadk_e_ecc_set_status(); + async_free_poll_task(op.idx, 0); + goto err; + } +@@ -319,8 +339,11 @@ int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr) + return 0; + } else { + ret = wd_do_ecc_sync(sess, req); +- if (ret < 0) ++ if (ret < 0) { ++ if (ret == -WD_HW_EACCESS) ++ uadk_e_ecc_set_status(); + return 0; ++ } + } + return 1; + err: +@@ -513,42 +536,43 @@ bool uadk_support_algorithm(const char *alg) + + int uadk_init_ecc(void) + { +- struct uacce_dev *dev; ++ struct uacce_dev *dev = NULL; + int ret; + +- if (ecc_res.pid != getpid()) { +- pthread_spin_lock(&ecc_res.lock); +- if (ecc_res.pid == getpid()) { +- pthread_spin_unlock(&ecc_res.lock); +- return 0; +- } ++ if (ecc_res.status != UADK_UNINIT) ++ return ecc_res.status; + +- /* Find an ecc device, no difference for sm2/ecdsa/ecdh/x25519/x448 */ +- dev = wd_get_accel_dev("ecdsa"); +- if (!dev) { +- pthread_spin_unlock(&ecc_res.lock); +- fprintf(stderr, "failed to get device for ecc\n"); +- return -ENOMEM; +- } ++ pthread_spin_lock(&ecc_res.lock); ++ if (ecc_res.status != UADK_UNINIT) ++ goto unlock; + +- ret = uadk_wd_ecc_init(&ecc_res_config, dev); +- if (ret) { +- fprintf(stderr, "failed to init ec(%d).\n", ret); +- goto err_unlock; +- } +- +- ecc_res.numa_id = dev->numa_id; +- ecc_res.pid = getpid(); +- pthread_spin_unlock(&ecc_res.lock); +- free(dev); ++ /* Find an ecc device, no difference for sm2/ecdsa/ecdh/x25519/x448 */ ++ dev = wd_get_accel_dev("ecdsa"); ++ if (!dev) { ++ fprintf(stderr, "no device available, switch to software!\n"); ++ goto err_init; + } + +- return 0; ++ ret = uadk_wd_ecc_init(&ecc_res_config, dev); ++ if (ret) { ++ fprintf(stderr, "device unavailable(%d), switch to software!\n", ret); ++ goto err_init; ++ } + +-err_unlock: ++ ecc_res.numa_id = dev->numa_id; ++ ecc_res.status = UADK_INIT_SUCCESS; + pthread_spin_unlock(&ecc_res.lock); + free(dev); +- return ret; ++ ++ return ecc_res.status; ++ ++err_init: ++ ecc_res.status = UADK_INIT_FAIL; ++unlock: ++ pthread_spin_unlock(&ecc_res.lock); ++ if (dev) ++ free(dev); ++ return ecc_res.status; + } + + static void uadk_uninit_ecc(void) +@@ -630,8 +654,14 @@ static int uadk_ecc_bind_pmeth(ENGINE *e) + return ENGINE_set_pkey_meths(e, get_pkey_meths); + } + ++static void uadk_e_ecc_clear_status(void) ++{ ++ ecc_res.status = UADK_UNINIT; ++} ++ + void uadk_e_ecc_lock_init(void) + { ++ pthread_atfork(NULL, NULL, uadk_e_ecc_clear_status); + pthread_spin_init(&ecc_res.lock, PTHREAD_PROCESS_PRIVATE); + } + +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index ca05ef7..fa4d354 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -132,8 +132,8 @@ struct rsa_res_config { + /* Save rsa global hardware resource */ + struct rsa_res { + struct wd_ctx_config *ctx_res; +- int pid; + int numa_id; ++ int status; + pthread_spinlock_t lock; + } g_rsa_res; + +@@ -659,6 +659,13 @@ static int rsa_poll_policy(handle_t h_sched_ctx, __u32 expect, __u32 *count) + return UADK_E_POLL_SUCCESS; + } + ++static void uadk_e_rsa_set_status(void) ++{ ++ pthread_spin_lock(&g_rsa_res.lock); ++ g_rsa_res.status = UADK_DEVICE_ERROR; ++ pthread_spin_unlock(&g_rsa_res.lock); ++} ++ + static int uadk_e_rsa_poll(void *ctx) + { + __u64 rx_cnt = 0; +@@ -668,12 +675,15 @@ static int uadk_e_rsa_poll(void *ctx) + + do { + ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv); +- if (!ret && recv == expt) ++ if (!ret && recv == expt) { + return UADK_E_POLL_SUCCESS; +- else if (ret == -EAGAIN) ++ } else if (ret == -EAGAIN) { + rx_cnt++; +- else ++ } else { ++ if (ret == -WD_HW_EACCESS) ++ uadk_e_rsa_set_status(); + return UADK_E_POLL_FAIL; ++ } + } while (rx_cnt < ENGINE_RECV_MAX_CNT); + + fprintf(stderr, "failed to recv msg: timeout!\n"); +@@ -704,8 +714,11 @@ static int uadk_e_rsa_env_poll(void *ctx) + + do { + ret = wd_rsa_poll(expt, &recv); +- if (ret < 0 || recv == expt) ++ if (ret < 0 || recv == expt) { ++ if (ret == -WD_HW_EACCESS) ++ uadk_e_rsa_set_status(); + return ret; ++ } + rx_cnt++; + } while (rx_cnt < ENGINE_RECV_MAX_CNT); + +@@ -788,42 +801,42 @@ free_cfg: + + static int uadk_e_rsa_init(void) + { +- struct uacce_dev *dev; ++ struct uacce_dev *dev = NULL; + int ret; + +- if (g_rsa_res.pid != getpid()) { +- pthread_spin_lock(&g_rsa_res.lock); +- if (g_rsa_res.pid == getpid()) { +- pthread_spin_unlock(&g_rsa_res.lock); +- return UADK_E_INIT_SUCCESS; +- } ++ if (g_rsa_res.status != UADK_UNINIT) ++ return g_rsa_res.status; + +- dev = wd_get_accel_dev("rsa"); +- if (!dev) { +- pthread_spin_unlock(&g_rsa_res.lock); +- fprintf(stderr, "failed to get device for rsa\n"); +- return -ENOMEM; +- } +- +- ret = uadk_e_wd_rsa_init(&rsa_res_config, dev); +- if (ret) +- goto err_unlock; ++ pthread_spin_lock(&g_rsa_res.lock); ++ if (g_rsa_res.status != UADK_UNINIT) ++ goto unlock; + +- g_rsa_res.numa_id = dev->numa_id; +- g_rsa_res.pid = getpid(); +- pthread_spin_unlock(&g_rsa_res.lock); +- free(dev); ++ dev = wd_get_accel_dev("rsa"); ++ if (!dev) { ++ fprintf(stderr, "no device available, switch to software!\n"); ++ goto err_init; + } + +- return UADK_E_INIT_SUCCESS; ++ ret = uadk_e_wd_rsa_init(&rsa_res_config, dev); ++ if (ret) { ++ fprintf(stderr, "device unavailable(%d), switch to software!\n", ret); ++ goto err_init; ++ } + +-err_unlock: +- g_rsa_res.ctx_res = NULL; ++ g_rsa_res.numa_id = dev->numa_id; ++ g_rsa_res.status = UADK_INIT_SUCCESS; + pthread_spin_unlock(&g_rsa_res.lock); + free(dev); +- (void)fprintf(stderr, "failed to init rsa(%d)\n", ret); + +- return ret; ++ return g_rsa_res.status; ++ ++err_init: ++ g_rsa_res.status = UADK_INIT_FAIL; ++unlock: ++ pthread_spin_unlock(&g_rsa_res.lock); ++ if (dev) ++ free(dev); ++ return g_rsa_res.status; + } + + static void uadk_e_rsa_uninit(void) +@@ -832,23 +845,25 @@ static void uadk_e_rsa_uninit(void) + __u32 i; + int ret; + +- if (!ctx_cfg) ++ if (g_rsa_res.status == UADK_UNINIT) + return; + +- if (g_rsa_res.pid == getpid()) { +- ret = uadk_e_is_env_enabled("rsa"); +- if (ret == ENV_ENABLED) { +- wd_rsa_env_uninit(); +- } else { +- wd_rsa_uninit(); +- for (i = 0; i < ctx_cfg->ctx_num; i++) +- wd_release_ctx(ctx_cfg->ctxs[i].ctx); +- free(ctx_cfg->ctxs); +- free(ctx_cfg); +- } ++ if (g_rsa_res.status == UADK_INIT_FAIL) ++ goto clear_status; + +- g_rsa_res.pid = 0; ++ ret = uadk_e_is_env_enabled("rsa"); ++ if (ret == ENV_ENABLED) { ++ wd_rsa_env_uninit(); ++ } else { ++ wd_rsa_uninit(); ++ for (i = 0; i < ctx_cfg->ctx_num; i++) ++ wd_release_ctx(ctx_cfg->ctxs[i].ctx); ++ free(ctx_cfg->ctxs); ++ free(ctx_cfg); + } ++ ++clear_status: ++ g_rsa_res.status = UADK_UNINIT; + } + + static struct uadk_rsa_sess *rsa_new_eng_session(RSA *rsa) +@@ -1094,10 +1109,13 @@ static int rsa_do_crypto(struct uadk_rsa_sess *rsa_sess) + + if (!op.job) { + ret = wd_do_rsa_sync(rsa_sess->sess, &(rsa_sess->req)); +- if (!ret) +- return UADK_E_SUCCESS; +- else ++ if (ret) { ++ if (ret == -WD_HW_EACCESS) ++ uadk_e_rsa_set_status(); + goto err; ++ } else { ++ return UADK_E_SUCCESS; ++ } + } + cb_param.op = &op; + cb_param.priv = &(rsa_sess->req); +@@ -1113,6 +1131,8 @@ static int rsa_do_crypto(struct uadk_rsa_sess *rsa_sess) + do { + ret = wd_do_rsa_async(rsa_sess->sess, &(rsa_sess->req)); + if (ret < 0 && ret != -EBUSY) { ++ if (ret == -WD_HW_EACCESS) ++ uadk_e_rsa_set_status(); + async_free_poll_task(op.idx, 0); + goto err; + } +@@ -1379,16 +1399,18 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) + int ret; + + ret = rsa_check_bit_useful(bits, 0); +- if (!ret || ret == SOFT) +- goto exe_soft; ++ if (!ret) ++ return UADK_E_FAIL; ++ else if (ret == SOFT) ++ goto soft_log; + + ret = uadk_e_rsa_init(); +- if (ret) ++ if (ret != UADK_INIT_SUCCESS) + goto exe_soft; + + ret = rsa_keygen_param_alloc(&keygen_param, &bn_param, &key_pair, &bn_ctx); + if (ret == -ENOMEM) +- goto exe_soft; ++ return ret; + + rsa_sess = rsa_get_eng_session(rsa, bits, is_crt); + if (!rsa_sess) { +@@ -1431,8 +1453,9 @@ free_keygen: + rsa_keygen_param_free(&keygen_param, &bn_param, &key_pair, &bn_ctx, ret); + if (ret != UADK_DO_SOFT) + return ret; +-exe_soft: ++soft_log: + fprintf(stderr, "switch to execute openssl software calculation.\n"); ++exe_soft: + return uadk_e_soft_rsa_keygen(rsa, bits, e, cb); + } + +@@ -1446,16 +1469,18 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, + BIGNUM *enc_bn = NULL; + + ret = check_rsa_input_para(flen, from, to, rsa); +- if (!ret || ret == SOFT) +- goto exe_soft; ++ if (!ret) ++ return UADK_E_FAIL; ++ else if (ret == SOFT) ++ goto soft_log; + + ret = uadk_e_rsa_init(); +- if (ret) ++ if (ret != UADK_INIT_SUCCESS) + goto exe_soft; + + ret = rsa_pkey_param_alloc(&pub_enc, NULL); + if (ret == -ENOMEM) +- goto exe_soft; ++ return ret; + + is_crt = check_rsa_is_crt(rsa); + +@@ -1510,8 +1535,9 @@ free_pkey: + rsa_pkey_param_free(&pub_enc, NULL); + if (ret != UADK_DO_SOFT) + return ret; +-exe_soft: ++soft_log: + fprintf(stderr, "switch to execute openssl software calculation.\n"); ++exe_soft: + return RSA_meth_get_pub_enc(RSA_PKCS1_OpenSSL()) + (flen, from, to, rsa, padding); + } +@@ -1526,16 +1552,18 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, + BIGNUM *dec_bn = NULL; + + ret = check_rsa_input_para(flen, from, to, rsa); +- if (!ret || ret == SOFT) +- goto exe_soft; ++ if (!ret) ++ return UADK_E_FAIL; ++ else if (ret == SOFT) ++ goto soft_log; + + ret = uadk_e_rsa_init(); +- if (ret) ++ if (ret != UADK_INIT_SUCCESS) + goto exe_soft; + + ret = rsa_pkey_param_alloc(NULL, &pri); + if (ret == -ENOMEM) +- goto exe_soft; ++ return ret; + + pri->is_crt = check_rsa_is_crt(rsa); + +@@ -1592,8 +1620,9 @@ free_pkey: + rsa_pkey_param_free(NULL, &pri); + if (ret != UADK_DO_SOFT) + return ret; +-exe_soft: ++soft_log: + fprintf(stderr, "switch to execute openssl software calculation.\n"); ++exe_soft: + return RSA_meth_get_priv_dec(RSA_PKCS1_OpenSSL()) + (flen, from, to, rsa, padding); + } +@@ -1610,16 +1639,18 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, + int num_bytes, ret; + + ret = check_rsa_input_para(flen, from, to, rsa); +- if (!ret || ret == SOFT) +- goto exe_soft; ++ if (!ret) ++ return UADK_E_FAIL; ++ else if (ret == SOFT) ++ goto soft_log; + + ret = uadk_e_rsa_init(); +- if (ret) ++ if (ret != UADK_INIT_SUCCESS) + goto exe_soft; + + ret = rsa_pkey_param_alloc(NULL, &pri); + if (ret == -ENOMEM) +- goto exe_soft; ++ return ret; + + pri->is_crt = check_rsa_is_crt(rsa); + +@@ -1686,8 +1717,9 @@ free_pkey: + rsa_pkey_param_free(NULL, &pri); + if (ret != UADK_DO_SOFT) + return ret; +-exe_soft: ++soft_log: + fprintf(stderr, "switch to execute openssl software calculation.\n"); ++exe_soft: + return RSA_meth_get_priv_enc(RSA_PKCS1_OpenSSL()) + (flen, from, to, rsa, padding); + } +@@ -1705,15 +1737,15 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from, + if (!ret) + return UADK_E_FAIL; + else if (ret == SOFT) +- goto exe_soft; ++ goto soft_log; + + ret = uadk_e_rsa_init(); +- if (ret) ++ if (ret != UADK_INIT_SUCCESS) + goto exe_soft; + + ret = rsa_pkey_param_alloc(&pub, NULL); + if (ret == -ENOMEM) +- goto exe_soft; ++ return ret; + + is_crt = check_rsa_is_crt(rsa); + +@@ -1775,8 +1807,9 @@ free_pkey: + rsa_pkey_param_free(&pub, NULL); + if (ret != UADK_DO_SOFT) + return ret; +-exe_soft: ++soft_log: + fprintf(stderr, "switch to execute openssl software calculation.\n"); ++exe_soft: + return RSA_meth_get_pub_dec(RSA_PKCS1_OpenSSL()) + (flen, from, to, rsa, padding); + } +@@ -1834,7 +1867,13 @@ void uadk_e_destroy_rsa(void) + uadk_e_rsa_uninit(); + } + ++static void uadk_e_rsa_clear_status(void) ++{ ++ g_rsa_res.status = UADK_UNINIT; ++} ++ + void uadk_e_rsa_lock_init(void) + { ++ pthread_atfork(NULL, NULL, uadk_e_rsa_clear_status); + pthread_spin_init(&g_rsa_res.lock, PTHREAD_PROCESS_PRIVATE); + } +diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c +index df760fe..1db6e3a 100644 +--- a/src/uadk_sm2.c ++++ b/src/uadk_sm2.c +@@ -1204,8 +1204,7 @@ static int sm2_init(EVP_PKEY_CTX *ctx) + } + + ret = uadk_init_ecc(); +- if (ret) { +- fprintf(stderr, "failed to uadk_init_ecc, ret = %d\n", ret); ++ if (ret != UADK_INIT_SUCCESS) { + smctx->init_status = CTX_INIT_FAIL; + goto end; + } +-- +2.25.1 + diff --git a/0069-uadk_engine-fixup-resource-management-issues.patch b/0069-uadk_engine-fixup-resource-management-issues.patch new file mode 100644 index 0000000..331dc5d --- /dev/null +++ b/0069-uadk_engine-fixup-resource-management-issues.patch @@ -0,0 +1,84 @@ +From 580477d52699b0fbce8ca8f9fa8ac1fe4caa9ac7 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 25 Nov 2023 16:13:20 +0800 +Subject: [PATCH 69/82] uadk_engine: fixup resource management issues + +1. Modify return value. +2. Use matching resource application and release + functions. +3. Fix memory leak in abonormal scenarios. +4. Add null pointer check for ctrl param p2 of sm2 alg. + +Signed-off-by: Zhiqi Song +--- + src/uadk_async.c | 6 ++++-- + src/uadk_sm2.c | 7 +++++-- + 2 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/src/uadk_async.c b/src/uadk_async.c +index 870065d..342db2a 100644 +--- a/src/uadk_async.c ++++ b/src/uadk_async.c +@@ -302,8 +302,10 @@ int async_wake_job(ASYNC_JOB *job) + + ret = ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom); + if (ret > 0) { +- if (write(efd, &buf, sizeof(uint64_t)) == -1) ++ if (write(efd, &buf, sizeof(uint64_t)) == -1) { + fprintf(stderr, "failed to write to fd: %d - error: %d\n", efd, errno); ++ return errno; ++ } + } + + return ret; +@@ -364,7 +366,7 @@ int async_module_init(void) + if (pthread_mutex_init(&(poll_queue.async_task_mutex), NULL) < 0) + return 0; + +- poll_queue.head = calloc(ASYNC_QUEUE_TASK_NUM, sizeof(struct async_poll_task)); ++ poll_queue.head = OPENSSL_malloc(ASYNC_QUEUE_TASK_NUM * sizeof(struct async_poll_task)); + if (poll_queue.head == NULL) + return 0; + +diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c +index 1db6e3a..84bda98 100644 +--- a/src/uadk_sm2.c ++++ b/src/uadk_sm2.c +@@ -149,7 +149,7 @@ static int get_hash_type(int nid_hash) + } + + static int compute_hash(const char *in, size_t in_len, +- char *out, size_t out_len, void *usr) ++ char *out, size_t out_len, void *usr) + { + const EVP_MD *digest = (const EVP_MD *)usr; + EVP_MD_CTX *hash = EVP_MD_CTX_new(); +@@ -377,7 +377,7 @@ static int sign_bin_to_ber(EC_KEY *ec, struct wd_dtb *r, struct wd_dtb *s, + e_sig = ECDSA_SIG_new(); + if (!e_sig) { + fprintf(stderr, "failed to ECDSA_SIG_new\n"); +- return -EINVAL; ++ return -ENOMEM; + } + + br = BN_bin2bn((void *)r->data, r->dsize, NULL); +@@ -1200,6 +1200,7 @@ static int sm2_init(EVP_PKEY_CTX *ctx) + ret = uadk_e_ecc_get_support_state(SM2_SUPPORT); + if (!ret) { + fprintf(stderr, "sm2 is not supported\n"); ++ free(smctx); + return 0; + } + +@@ -1284,6 +1285,8 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + } + goto set_data; + case EVP_PKEY_CTRL_GET_MD: ++ if (!p2) ++ return 0; + *(const EVP_MD **)p2 = smctx->ctx.md; + return 1; + case EVP_PKEY_CTRL_SET1_ID: +-- +2.25.1 + diff --git a/0070-sm2-fixup-switching-soft-sm2-decrypt-problem.patch b/0070-sm2-fixup-switching-soft-sm2-decrypt-problem.patch new file mode 100644 index 0000000..6ff3906 --- /dev/null +++ b/0070-sm2-fixup-switching-soft-sm2-decrypt-problem.patch @@ -0,0 +1,71 @@ +From 9fd7d907e9c087c92a76da137c8e557edbb7f07f Mon Sep 17 00:00:00 2001 +From: Weili Qian +Date: Sat, 25 Nov 2023 16:13:21 +0800 +Subject: [PATCH 70/82] sm2: fixup switching soft sm2 decrypt problem + +The openssl API d2i_SM2_Ciphertext() will change the 'in' address and +clean the data. If still use 'in' when switching to soft computing, input +data errors may occur. So pre-store the address to 'in_soft' and use it +in software computing. + +Signed-off-by: Weili Qian +Signed-off-by: Zhiqi Song +--- + src/uadk_sm2.c | 13 ++++++------- + 1 file changed, 6 insertions(+), 7 deletions(-) + +diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c +index 84bda98..8421931 100644 +--- a/src/uadk_sm2.c ++++ b/src/uadk_sm2.c +@@ -922,7 +922,7 @@ static int sm2_encrypt_check(EVP_PKEY_CTX *ctx, + c3_size = EVP_MD_size(md); + if (c3_size <= 0) { + fprintf(stderr, "c3 size error\n"); +- return 0; ++ return UADK_E_INVALID; + } + + if (!out) { +@@ -1033,7 +1033,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx, + hash_size = EVP_MD_size(md); + if (hash_size <= 0) { + fprintf(stderr, "hash size = %d error\n", hash_size); +- return 0; ++ return UADK_E_INVALID; + } + + if (!out) { +@@ -1107,6 +1107,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx, + { + struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx); + struct sm2_ciphertext *ctext_struct; ++ const unsigned char *in_soft = in; + struct wd_ecc_req req = {0}; + struct wd_ecc_point c1; + struct wd_dtb c2, c3; +@@ -1120,10 +1121,8 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx, + md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md; + + ctext_struct = d2i_SM2_Ciphertext(NULL, &in, inlen); +- if (!ctext_struct) { +- ret = UADK_DO_SOFT; +- goto do_soft; +- } ++ if (!ctext_struct) ++ return 0; + + ret = cipher_ber_to_bin(md, ctext_struct, &c1, &c2, &c3); + if (ret) { +@@ -1165,7 +1164,7 @@ do_soft: + return ret; + + fprintf(stderr, "switch to execute openssl software calculation.\n"); +- return openssl_decrypt(ctx, out, outlen, in, inlen); ++ return openssl_decrypt(ctx, out, outlen, in_soft, inlen); + } + + static void sm2_cleanup(EVP_PKEY_CTX *ctx) +-- +2.25.1 + diff --git a/0071-uadk_engine-cipher-digest-fixes-for-priv-address-che.patch b/0071-uadk_engine-cipher-digest-fixes-for-priv-address-che.patch new file mode 100644 index 0000000..89fc05b --- /dev/null +++ b/0071-uadk_engine-cipher-digest-fixes-for-priv-address-che.patch @@ -0,0 +1,158 @@ +From ffdacf318e16c0d666aa171d46c7bd75d128a32a Mon Sep 17 00:00:00 2001 +From: Hao Fang +Date: Sat, 25 Nov 2023 16:13:22 +0800 +Subject: [PATCH 71/82] uadk_engine: cipher/digest: fixes for priv address + check + +1.Add priv address check return by EVP_CIPHER_CTX_get_cipher_data(). +2.Add priv address check return by EVP_MD_CTX_md_data(). + +Signed-off-by: Hao Fang +--- + src/uadk_cipher.c | 18 ++++++++++++++---- + src/uadk_digest.c | 30 ++++++++++++++++++++++++++++++ + 2 files changed, 44 insertions(+), 4 deletions(-) + +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index 12830b7..472c47c 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -185,7 +185,7 @@ static int uadk_e_cipher_sw_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + + priv = (struct cipher_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + if (unlikely(priv == NULL)) { +- fprintf(stderr, "uadk engine state is NULL.\n"); ++ fprintf(stderr, "priv get from cipher ctx is NULL.\n"); + return 0; + } + +@@ -235,7 +235,7 @@ static int uadk_e_cipher_soft_work(EVP_CIPHER_CTX *ctx, unsigned char *out, + + priv = (struct cipher_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + if (unlikely(priv == NULL)) { +- fprintf(stderr, "uadk engine state is NULL.\n"); ++ fprintf(stderr, "priv get from cipher ctx is NULL.\n"); + return 0; + } + +@@ -277,7 +277,7 @@ static void uadk_e_cipher_sw_cleanup(EVP_CIPHER_CTX *ctx) + struct cipher_priv_ctx *priv = + (struct cipher_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + +- if (priv->sw_ctx_data) { ++ if (priv && priv->sw_ctx_data) { + OPENSSL_free(priv->sw_ctx_data); + priv->sw_ctx_data = NULL; + } +@@ -500,6 +500,11 @@ static int uadk_e_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + int nid, ret; + __u32 i; + ++ if (unlikely(!priv)) { ++ fprintf(stderr, "priv get from cipher ctx is NULL.\n"); ++ return 0; ++ } ++ + if (unlikely(!key)) { + fprintf(stderr, "ctx init parameter key is NULL.\n"); + return 0; +@@ -541,7 +546,7 @@ static int uadk_e_cipher_cleanup(EVP_CIPHER_CTX *ctx) + + uadk_e_cipher_sw_cleanup(ctx); + +- if (priv->sess) { ++ if (priv && priv->sess) { + wd_cipher_free_sess(priv->sess); + priv->sess = 0; + } +@@ -752,6 +757,11 @@ static int uadk_e_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + struct async_op op; + int ret; + ++ if (unlikely(!priv)) { ++ fprintf(stderr, "priv get from cipher ctx is NULL.\n"); ++ return 0; ++ } ++ + priv->req.src = (unsigned char *)in; + priv->req.in_bytes = inlen; + priv->req.dst = out; +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index 0aa90f3..06851f1 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -535,6 +535,11 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) + __u32 i; + int ret; + ++ if (unlikely(!priv)) { ++ fprintf(stderr, "priv get from digest ctx is NULL.\n"); ++ return 0; ++ } ++ + priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx)); + + digest_priv_ctx_reset(priv); +@@ -587,6 +592,11 @@ static void digest_update_out_length(EVP_MD_CTX *ctx) + struct digest_priv_ctx *priv = + (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx); + ++ if (unlikely(!priv)) { ++ fprintf(stderr, "priv get from digest ctx is NULL.\n"); ++ return; ++ } ++ + /* Sha224 and Sha384 need full length mac buffer as doing long hash */ + if (priv->e_nid == NID_sha224) + priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN; +@@ -614,6 +624,11 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le + int copy_to_bufflen; + int ret; + ++ if (unlikely(!priv)) { ++ fprintf(stderr, "priv get from digest ctx is NULL.\n"); ++ return 0; ++ } ++ + digest_update_out_length(ctx); + digest_set_msg_state(priv, false); + +@@ -671,6 +686,11 @@ static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_l + struct digest_priv_ctx *priv = + (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx); + ++ if (unlikely(!priv)) { ++ fprintf(stderr, "priv get from digest ctx is NULL.\n"); ++ return 0; ++ } ++ + if (unlikely(priv->switch_flag == UADK_DO_SOFT)) + goto soft_update; + +@@ -770,6 +790,11 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) + struct async_op *op; + int ret = 1; + ++ if (unlikely(!priv)) { ++ fprintf(stderr, "priv get from digest ctx is NULL.\n"); ++ return 0; ++ } ++ + digest_set_msg_state(priv, true); + priv->req.in = priv->data; + priv->req.out = priv->out; +@@ -863,6 +888,11 @@ static int uadk_e_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) + if (!t) + return 1; + ++ if (!f) { ++ fprintf(stderr, "priv get from digest ctx is NULL.\n"); ++ return 0; ++ } ++ + if (t->sess) { + params.numa_id = -1; + t->setup.sched_param = ¶ms; +-- +2.25.1 + diff --git a/0072-uadk_engine-ec-add-BN_new-memory-check.patch b/0072-uadk_engine-ec-add-BN_new-memory-check.patch new file mode 100644 index 0000000..af33f29 --- /dev/null +++ b/0072-uadk_engine-ec-add-BN_new-memory-check.patch @@ -0,0 +1,28 @@ +From 9def3ae661a45238de72b608dc2698afa45ce34b Mon Sep 17 00:00:00 2001 +From: Hao Fang +Date: Sat, 25 Nov 2023 16:13:23 +0800 +Subject: [PATCH 72/82] uadk_engine: ec: add BN_new memory check + +Signed-off-by: Hao Fang +--- + src/uadk_ec.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/uadk_ec.c b/src/uadk_ec.c +index 78c403f..400040e 100644 +--- a/src/uadk_ec.c ++++ b/src/uadk_ec.c +@@ -328,6 +328,10 @@ static int set_digest(handle_t sess, struct wd_dtb *e, + + if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits) { + m = BN_new(); ++ if (!m) { ++ fprintf(stderr, "failed to BN_new BIGNUM m\n"); ++ return -1; ++ } + + /* Need to truncate digest if it is too long: first truncate + * whole bytes +-- +2.25.1 + diff --git a/0073-uadk_engine-rsa-fix-mem-leak-for-from_buf.patch b/0073-uadk_engine-rsa-fix-mem-leak-for-from_buf.patch new file mode 100644 index 0000000..849a431 --- /dev/null +++ b/0073-uadk_engine-rsa-fix-mem-leak-for-from_buf.patch @@ -0,0 +1,55 @@ +From ae30da69956973e2c1c478078aea76ba3b09ad8c Mon Sep 17 00:00:00 2001 +From: Hao Fang +Date: Sat, 25 Nov 2023 16:13:24 +0800 +Subject: [PATCH 73/82] uadk_engine: rsa: fix mem leak for from_buf + +If flen > num_bytes, need to free from_buf. + +Signed-off-by: Hao Fang +--- + src/uadk_rsa.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index fa4d354..1289fd3 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -1491,11 +1491,16 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, + } + + ret = rsa_create_pub_bn_ctx(rsa, pub_enc, &from_buf, &num_bytes); +- if (ret <= 0 || flen > num_bytes) { ++ if (ret <= 0) { + ret = UADK_DO_SOFT; + goto free_sess; + } + ++ if (flen > num_bytes) { ++ ret = UADK_DO_SOFT; ++ goto free_buf; ++ } ++ + ret = add_rsa_pubenc_padding(flen, from, from_buf, num_bytes, padding); + if (!ret) { + ret = UADK_DO_SOFT; +@@ -1756,11 +1761,16 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from, + } + + ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes); +- if (ret <= 0 || flen > num_bytes) { ++ if (ret <= 0) { + ret = UADK_DO_SOFT; + goto free_sess; + } + ++ if (flen > num_bytes) { ++ ret = UADK_DO_SOFT; ++ goto free_buf; ++ } ++ + ret = rsa_fill_pubkey(pub, rsa_sess, from_buf, to); + if (!ret) { + ret = UADK_DO_SOFT; +-- +2.25.1 + diff --git a/0074-ecc-add-check-of-siglen.patch b/0074-ecc-add-check-of-siglen.patch new file mode 100644 index 0000000..1d3e28b --- /dev/null +++ b/0074-ecc-add-check-of-siglen.patch @@ -0,0 +1,32 @@ +From 7c1a870b448ad5bd269ed6cb496ee098a223b0ae Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 25 Nov 2023 16:13:25 +0800 +Subject: [PATCH 74/82] ecc: add check of siglen + +Add null pointer check of 'siglen' parameter. + +Signed-off-by: Zhiqi Song +--- + src/uadk_ec.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/uadk_ec.c b/src/uadk_ec.c +index 400040e..b1dbdfe 100644 +--- a/src/uadk_ec.c ++++ b/src/uadk_ec.c +@@ -548,8 +548,11 @@ static int ecdsa_sign(int type, const unsigned char *dgst, int dlen, + goto err; + } + +- *siglen = i2d_ECDSA_SIG(s, &sig); ++ if (siglen) ++ *siglen = i2d_ECDSA_SIG(s, &sig); ++ + ECDSA_SIG_free(s); ++ + return 1; + + err: +-- +2.25.1 + diff --git a/0075-v1-pkey-add-check-of-qlist.patch b/0075-v1-pkey-add-check-of-qlist.patch new file mode 100644 index 0000000..04547c7 --- /dev/null +++ b/0075-v1-pkey-add-check-of-qlist.patch @@ -0,0 +1,36 @@ +From 9cb01d217d9963c1e3a7a56f91528e3dbe6e28c7 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 25 Nov 2023 16:13:26 +0800 +Subject: [PATCH 75/82] v1/pkey: add check of qlist + +Add null pointer check of 'eng_ctx->qlist'. + +Signed-off-by: Zhiqi Song +--- + src/v1/alg/pkey/hpre_wd.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/v1/alg/pkey/hpre_wd.c b/src/v1/alg/pkey/hpre_wd.c +index 971f7b2..855d47c 100644 +--- a/src/v1/alg/pkey/hpre_wd.c ++++ b/src/v1/alg/pkey/hpre_wd.c +@@ -157,10 +157,13 @@ void hpre_free_eng_ctx(hpre_engine_ctx_t *eng_ctx) + } + + if (eng_ctx->opdata.op_type != WCRYPTO_RSA_GENKEY) { +- if (eng_ctx->opdata.in) +- eng_ctx->rsa_setup.br.free(eng_ctx->qlist->kae_queue_mem_pool, eng_ctx->opdata.in); ++ if (eng_ctx->opdata.in) { ++ if (eng_ctx->qlist) ++ eng_ctx->rsa_setup.br.free(eng_ctx->qlist->kae_queue_mem_pool, eng_ctx->opdata.in); ++ } ++ + if (eng_ctx->opdata.out) { +- if (eng_ctx->qlist != NULL) ++ if (eng_ctx->qlist) + eng_ctx->rsa_setup.br.free(eng_ctx->qlist->kae_queue_mem_pool, eng_ctx->opdata.out); + } + } else { +-- +2.25.1 + diff --git a/0076-uadk_engine-uadk_rsa-fix-to-free-from_buffer.patch b/0076-uadk_engine-uadk_rsa-fix-to-free-from_buffer.patch new file mode 100644 index 0000000..0a1b820 --- /dev/null +++ b/0076-uadk_engine-uadk_rsa-fix-to-free-from_buffer.patch @@ -0,0 +1,61 @@ +From 97ae256181ad35d7d637bd85b969222969f74495 Mon Sep 17 00:00:00 2001 +From: Hao Fang +Date: Sat, 25 Nov 2023 16:13:27 +0800 +Subject: [PATCH 76/82] uadk_engine: uadk_rsa: fix to free from_buffer + +If flen > num_bytes, need to free from_buffer. +The reasonable operation is put the size check before the memory malloc. + +Signed-off-by: Hao Fang +--- + src/uadk_rsa.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index 1289fd3..c9e2b34 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -1358,7 +1358,7 @@ static void rsa_free_pub_bn_ctx(unsigned char **from_buf) + } + + static int rsa_create_pri_bn_ctx(RSA *rsa, struct rsa_prikey_param *pri, +- unsigned char **from_buf, int *num_bytes) ++ unsigned char **from_buf, int *num_bytes, int flen) + { + RSA_get0_key(rsa, &pri->n, &pri->e, &pri->d); + if (!(pri->n) || !(pri->e) || !(pri->d)) +@@ -1376,6 +1376,9 @@ static int rsa_create_pri_bn_ctx(RSA *rsa, struct rsa_prikey_param *pri, + if (!(*num_bytes)) + return UADK_E_FAIL; + ++ if (flen > *num_bytes) ++ return UADK_E_FAIL; ++ + *from_buf = OPENSSL_malloc(*num_bytes); + if (!(*from_buf)) + return -ENOMEM; +@@ -1578,8 +1581,8 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, + goto free_pkey; + } + +- ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes); +- if (ret <= 0 || flen > num_bytes) { ++ ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes, flen); ++ if (ret <= 0) { + ret = UADK_DO_SOFT; + goto free_sess; + } +@@ -1665,8 +1668,8 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, + goto free_pkey; + } + +- ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes); +- if (ret <= 0 || flen > num_bytes) { ++ ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes, flen); ++ if (ret <= 0) { + ret = UADK_DO_SOFT; + goto free_sess; + } +-- +2.25.1 + diff --git a/0077-uadk_engine-uask_async-fix-thread_attr-res-leak.patch b/0077-uadk_engine-uask_async-fix-thread_attr-res-leak.patch new file mode 100644 index 0000000..321ab7a --- /dev/null +++ b/0077-uadk_engine-uask_async-fix-thread_attr-res-leak.patch @@ -0,0 +1,62 @@ +From aaac36df78ea259008a2c3c11f9e766580d06367 Mon Sep 17 00:00:00 2001 +From: Hao Fang +Date: Sat, 25 Nov 2023 16:13:28 +0800 +Subject: [PATCH 77/82] uadk_engine: uask_async: fix thread_attr res leak + +When the pthread exit also need to call async_poll_task_free() +to unint thread_attr. + +Signed-off-by: Hao Fang +--- + src/uadk_async.c | 8 ++++---- + src/uadk_async.h | 1 + + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/uadk_async.c b/src/uadk_async.c +index 342db2a..726ee09 100644 +--- a/src/uadk_async.c ++++ b/src/uadk_async.c +@@ -132,6 +132,7 @@ void async_poll_task_free(void) + poll_queue.head = NULL; + + pthread_mutex_unlock(&poll_queue.async_task_mutex); ++ pthread_attr_destroy(&poll_queue.thread_attr); + sem_destroy(&poll_queue.empty_sem); + sem_destroy(&poll_queue.full_sem); + pthread_mutex_destroy(&poll_queue.async_task_mutex); +@@ -359,7 +360,6 @@ static void *async_poll_process_func(void *args) + int async_module_init(void) + { + pthread_t thread_id; +- pthread_attr_t thread_attr; + + memset(&poll_queue, 0, sizeof(struct async_poll_queue)); + +@@ -378,9 +378,9 @@ int async_module_init(void) + + uadk_e_set_async_poll_state(ENABLE_ASYNC_POLLING); + +- pthread_attr_init(&thread_attr); +- pthread_attr_setdetachstate(&thread_attr, PTHREAD_CREATE_DETACHED); +- if (pthread_create(&thread_id, &thread_attr, async_poll_process_func, NULL)) ++ pthread_attr_init(&poll_queue.thread_attr); ++ pthread_attr_setdetachstate(&poll_queue.thread_attr, PTHREAD_CREATE_DETACHED); ++ if (pthread_create(&thread_id, &poll_queue.thread_attr, async_poll_process_func, NULL)) + goto err; + + poll_queue.thread_id = thread_id; +diff --git a/src/uadk_async.h b/src/uadk_async.h +index 678e392..6857927 100644 +--- a/src/uadk_async.h ++++ b/src/uadk_async.h +@@ -69,6 +69,7 @@ struct async_poll_queue { + sem_t full_sem; + pthread_mutex_t async_task_mutex; + pthread_t thread_id; ++ pthread_attr_t thread_attr; + }; + + int async_setup_async_event_notification(struct async_op *op); +-- +2.25.1 + diff --git a/0078-uadk_engine-async-fix-add-async-send-timeout.patch b/0078-uadk_engine-async-fix-add-async-send-timeout.patch new file mode 100644 index 0000000..d95559f --- /dev/null +++ b/0078-uadk_engine-async-fix-add-async-send-timeout.patch @@ -0,0 +1,275 @@ +From 12deb741e44def7839ae99caac8858be52a9ec74 Mon Sep 17 00:00:00 2001 +From: Hao Fang +Date: Sat, 25 Nov 2023 16:13:29 +0800 +Subject: [PATCH 78/82] uadk_engine: async: fix add async send timeout + +The system does not keep busy in normal, only add +a timeout mechanism to exit the while loop. + +Signed-off-by: Hao Fang +--- + src/uadk.h | 1 + + src/uadk_aead.c | 39 ++++++++++++++++++++++++++------------- + src/uadk_cipher.c | 13 ++++++++++--- + src/uadk_dh.c | 13 +++++++++---- + src/uadk_digest.c | 14 ++++++++++---- + src/uadk_pkey.c | 13 +++++++++---- + src/uadk_rsa.c | 12 +++++++++--- + 7 files changed, 74 insertions(+), 31 deletions(-) + +diff --git a/src/uadk.h b/src/uadk.h +index c5ebf32..1945ba2 100644 +--- a/src/uadk.h ++++ b/src/uadk.h +@@ -21,6 +21,7 @@ + + #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) + #define ENV_STRING_LEN 256 ++#define ENGINE_SEND_MAX_CNT 90000000 + #define ENGINE_RECV_MAX_CNT 60000000 + #define UADK_UNINIT 0 + #define UADK_INIT_SUCCESS 1 +diff --git a/src/uadk_aead.c b/src/uadk_aead.c +index c2646f1..40a35e3 100644 +--- a/src/uadk_aead.c ++++ b/src/uadk_aead.c +@@ -27,7 +27,7 @@ + #include "uadk_async.h" + #include "uadk_utils.h" + +-#define RET_FAIL -1 ++#define RET_FAIL (-1) + #define STATE_FAIL 0xFFFF + #define CTX_SYNC_ENC 0 + #define CTX_SYNC_DEC 1 +@@ -521,17 +521,9 @@ static void *uadk_e_aead_cb(struct wd_aead_req *req, void *data) + return NULL; + } + +-static int do_aead_async(struct aead_priv_ctx *priv, struct async_op *op, +- unsigned char *out, const unsigned char *in, size_t inlen) ++static void do_aead_async_prepare(struct aead_priv_ctx *priv, unsigned char *out, ++ const unsigned char *in, size_t inlen) + { +- struct uadk_e_cb_info *cb_param; +- int ret; +- +- if (unlikely(priv->req.assoc_bytes + inlen > AEAD_BLOCK_SIZE)) { +- fprintf(stderr, "aead input data length is too long!\n"); +- return 0; +- } +- + priv->req.in_bytes = inlen; + /* AAD data is input or output together with plaintext or ciphertext. */ + if (priv->req.assoc_bytes) { +@@ -542,6 +534,21 @@ static int do_aead_async(struct aead_priv_ctx *priv, struct async_op *op, + priv->req.src = (unsigned char *)in; + priv->req.dst = out; + } ++} ++ ++static int do_aead_async(struct aead_priv_ctx *priv, struct async_op *op, ++ unsigned char *out, const unsigned char *in, size_t inlen) ++{ ++ struct uadk_e_cb_info *cb_param; ++ int cnt = 0; ++ int ret; ++ ++ if (unlikely(priv->req.assoc_bytes + inlen > AEAD_BLOCK_SIZE)) { ++ fprintf(stderr, "aead input data length is too long!\n"); ++ return 0; ++ } ++ ++ do_aead_async_prepare(priv, out, in, inlen); + + cb_param = malloc(sizeof(struct uadk_e_cb_info)); + if (unlikely(!cb_param)) { +@@ -562,8 +569,14 @@ static int do_aead_async(struct aead_priv_ctx *priv, struct async_op *op, + + do { + ret = wd_do_aead_async(priv->sess, &priv->req); +- if (unlikely(ret < 0 && ret != -EBUSY)) { +- fprintf(stderr, "do aead async operation failed.\n"); ++ if (unlikely(ret < 0)) { ++ if (unlikely(ret != -EBUSY)) ++ fprintf(stderr, "do aead async operation failed.\n"); ++ else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT)) ++ fprintf(stderr, "do aead async operation timeout.\n"); ++ else ++ continue; ++ + async_free_poll_task(op->idx, 0); + ret = 0; + goto free_cb_param; +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index 472c47c..007eca3 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -652,7 +652,7 @@ static int do_cipher_sync(struct cipher_priv_ctx *priv) + static int do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *op) + { + struct uadk_e_cb_info cb_param; +- int idx, ret; ++ int idx, ret, cnt; + + if (unlikely(priv->switch_flag == UADK_DO_SOFT)) { + fprintf(stderr, "switch to soft cipher.\n"); +@@ -668,11 +668,18 @@ static int do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *op) + if (!ret) + return 0; + ++ cnt = 0; + op->idx = idx; + do { + ret = wd_do_cipher_async(priv->sess, &priv->req); +- if (ret < 0 && ret != -EBUSY) { +- fprintf(stderr, "do sec cipher failed, switch to soft cipher.\n"); ++ if (unlikely(ret < 0)) { ++ if (unlikely(ret != -EBUSY)) ++ fprintf(stderr, "do cipher async operation failed.\n"); ++ else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT)) ++ fprintf(stderr, "do cipher async operation timeout.\n"); ++ else ++ continue; ++ + async_free_poll_task(op->idx, 0); + return 0; + } +diff --git a/src/uadk_dh.c b/src/uadk_dh.c +index 62c75fe..328bb80 100644 +--- a/src/uadk_dh.c ++++ b/src/uadk_dh.c +@@ -716,7 +716,7 @@ static int dh_do_crypto(struct uadk_dh_sess *dh_sess) + { + struct uadk_e_cb_info cb_param; + struct async_op op; +- int idx, ret; ++ int idx, ret, cnt; + + ret = async_setup_async_event_notification(&op); + if (!ret) { +@@ -742,12 +742,17 @@ static int dh_do_crypto(struct uadk_dh_sess *dh_sess) + goto err; + + op.idx = idx; +- ++ cnt = 0; + do { + ret = wd_do_dh_async(dh_sess->sess, &dh_sess->req); +- if (ret < 0 && ret != -EBUSY) { +- if (ret == -WD_HW_EACCESS) ++ if (unlikely(ret < 0)) { ++ if (unlikely(ret == -WD_HW_EACCESS)) + uadk_e_dh_set_status(); ++ else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT)) ++ fprintf(stderr, "do dh async operation timeout.\n"); ++ else ++ continue; ++ + async_free_poll_task(op.idx, 0); + goto err; + } +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index 06851f1..cbcae1f 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -750,7 +750,7 @@ static int do_digest_sync(struct digest_priv_ctx *priv) + static int do_digest_async(struct digest_priv_ctx *priv, struct async_op *op) + { + struct uadk_e_cb_info cb_param; +- int idx, ret; ++ int idx, ret, cnt; + + if (unlikely(priv->switch_flag == UADK_DO_SOFT)) { + fprintf(stderr, "async cipher init failed.\n"); +@@ -767,11 +767,17 @@ static int do_digest_async(struct digest_priv_ctx *priv, struct async_op *op) + return 0; + + op->idx = idx; +- ++ cnt = 0; + do { + ret = wd_do_digest_async(priv->sess, &priv->req); +- if (ret < 0 && ret != -EBUSY) { +- fprintf(stderr, "do sec digest async failed.\n"); ++ if (unlikely(ret < 0)) { ++ if (unlikely(ret != -EBUSY)) ++ fprintf(stderr, "do digest async operation failed.\n"); ++ else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT)) ++ fprintf(stderr, "do digest async operation timeout.\n"); ++ else ++ continue; ++ + async_free_poll_task(op->idx, 0); + return 0; + } +diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c +index a950f6d..986851f 100644 +--- a/src/uadk_pkey.c ++++ b/src/uadk_pkey.c +@@ -302,7 +302,7 @@ int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr) + { + struct uadk_e_cb_info cb_param; + struct async_op op; +- int idx, ret; ++ int idx, ret, cnt; + + ret = async_setup_async_event_notification(&op); + if (!ret) { +@@ -321,12 +321,17 @@ int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr) + goto err; + + op.idx = idx; +- ++ cnt = 0; + do { + ret = wd_do_ecc_async(sess, req); +- if (ret < 0 && ret != -EBUSY) { +- if (ret == -WD_HW_EACCESS) ++ if (unlikely(ret < 0)) { ++ if (unlikely(ret == -WD_HW_EACCESS)) + uadk_e_ecc_set_status(); ++ else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT)) ++ fprintf(stderr, "do ecc async operation timeout.\n"); ++ else ++ continue; ++ + async_free_poll_task(op.idx, 0); + goto err; + } +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index c9e2b34..24dd7b9 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -1099,7 +1099,7 @@ static int rsa_do_crypto(struct uadk_rsa_sess *rsa_sess) + { + struct uadk_e_cb_info cb_param; + struct async_op op; +- int idx, ret; ++ int idx, ret, cnt; + + ret = async_setup_async_event_notification(&op); + if (!ret) { +@@ -1128,11 +1128,17 @@ static int rsa_do_crypto(struct uadk_rsa_sess *rsa_sess) + goto err; + + op.idx = idx; ++ cnt = 0; + do { + ret = wd_do_rsa_async(rsa_sess->sess, &(rsa_sess->req)); +- if (ret < 0 && ret != -EBUSY) { +- if (ret == -WD_HW_EACCESS) ++ if (unlikely(ret < 0)) { ++ if (unlikely(ret == -WD_HW_EACCESS)) + uadk_e_rsa_set_status(); ++ else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT)) ++ fprintf(stderr, "do rsa async operation timeout.\n"); ++ else ++ continue; ++ + async_free_poll_task(op.idx, 0); + goto err; + } +-- +2.25.1 + diff --git a/0079-cipher-uadk_e_bind_ciphers-function-is-optimized.patch b/0079-cipher-uadk_e_bind_ciphers-function-is-optimized.patch new file mode 100644 index 0000000..e66e87e --- /dev/null +++ b/0079-cipher-uadk_e_bind_ciphers-function-is-optimized.patch @@ -0,0 +1,89 @@ +From a3dffc15df2212ca8fa3161f82393048c3e9cbc5 Mon Sep 17 00:00:00 2001 +From: Qi Tao +Date: Sat, 25 Nov 2023 16:13:30 +0800 +Subject: [PATCH 79/82] cipher: uadk_e_bind_ciphers function is optimized + +The uadk_e_bind_ciphers function is executed only once, +however, the uadk_e_ciphers may be executed multiple times, +it is better to check whether the hardware is available +at the beginning of uadk_e_bind_ciphers. + +Signed-off-by: Qi Tao +--- + src/uadk_cipher_adapter.c | 38 ++++++++++++++++++-------------------- + 1 file changed, 18 insertions(+), 20 deletions(-) + +diff --git a/src/uadk_cipher_adapter.c b/src/uadk_cipher_adapter.c +index 065575b..caf8af3 100644 +--- a/src/uadk_cipher_adapter.c ++++ b/src/uadk_cipher_adapter.c +@@ -16,11 +16,10 @@ + */ + #include "uadk_cipher_adapter.h" + +-#define HW_UNINIT -1 +-#define HW_SEC_V2 0 +-#define HW_SEC_V3 1 ++#define HW_SEC_V2 2 ++#define HW_SEC_V3 3 + +-static int g_platform = HW_UNINIT; ++static int g_platform; + + static int cipher_hw_v2_nids[] = { + NID_aes_128_cbc, +@@ -143,7 +142,6 @@ static void uadk_e_create_ciphers(int index) + + int uadk_e_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid) + { +- struct uacce_dev *dev; + __u32 i; + + if (!e) +@@ -155,21 +153,6 @@ int uadk_e_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int n + return 0; + } + +- if (g_platform == HW_UNINIT) { +- dev = wd_get_accel_dev("cipher"); +- if (!dev) { +- fprintf(stderr, "no device available, switch to software!\n"); +- return 0; +- } +- +- if (!strcmp(dev->api, "hisi_qm_v2")) +- g_platform = HW_SEC_V2; +- else +- g_platform = HW_SEC_V3; +- +- free(dev); +- } +- + if (cipher == NULL) { + if (g_platform == HW_SEC_V2) { + *nids = cipher_hw_v2_nids; +@@ -198,6 +181,21 @@ int uadk_e_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int n + + int uadk_e_bind_ciphers(ENGINE *e) + { ++ struct uacce_dev *dev; ++ ++ dev = wd_get_accel_dev("cipher"); ++ if (!dev) { ++ fprintf(stderr, "no device available, switch to software!\n"); ++ return 0; ++ } ++ ++ if (!strcmp(dev->api, "hisi_qm_v2")) ++ g_platform = HW_SEC_V2; ++ else ++ g_platform = HW_SEC_V3; ++ ++ free(dev); ++ + return ENGINE_set_ciphers(e, uadk_e_ciphers); + } + +-- +2.25.1 + diff --git a/0080-cipher-UADK_CIPHER_DESCR-is-optimized.patch b/0080-cipher-UADK_CIPHER_DESCR-is-optimized.patch new file mode 100644 index 0000000..5fdba4a --- /dev/null +++ b/0080-cipher-UADK_CIPHER_DESCR-is-optimized.patch @@ -0,0 +1,244 @@ +From cebde688ce0924cb739d1a588fbb5b41bf41864d Mon Sep 17 00:00:00 2001 +From: Qi Tao +Date: Sat, 25 Nov 2023 16:13:31 +0800 +Subject: [PATCH 80/82] cipher: UADK_CIPHER_DESCR is optimized + +The common input parameter UADK_CIPHER_DESCR is deleted. + +Signed-off-by: Qi Tao +--- + src/uadk_cipher.c | 139 +++++++++++----------------------------------- + 1 file changed, 33 insertions(+), 106 deletions(-) + +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index 007eca3..180b566 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -811,19 +811,18 @@ out_notify: + return ret; + } + +-#define UADK_CIPHER_DESCR(name, block_size, key_size, iv_len, flags, ctx_size, \ +- init, cipher, cleanup, set_params, get_params) \ ++#define UADK_CIPHER_DESCR(name, block_size, key_size, iv_len, flags) \ + do { \ + uadk_##name = EVP_CIPHER_meth_new(NID_##name, block_size, key_size); \ + if (uadk_##name == 0 || \ +- !EVP_CIPHER_meth_set_iv_length(uadk_##name, iv_len) || \ +- !EVP_CIPHER_meth_set_flags(uadk_##name, flags) || \ +- !EVP_CIPHER_meth_set_impl_ctx_size(uadk_##name, ctx_size) || \ +- !EVP_CIPHER_meth_set_init(uadk_##name, init) || \ +- !EVP_CIPHER_meth_set_do_cipher(uadk_##name, cipher) || \ +- !EVP_CIPHER_meth_set_cleanup(uadk_##name, cleanup) || \ +- !EVP_CIPHER_meth_set_set_asn1_params(uadk_##name, set_params) || \ +- !EVP_CIPHER_meth_set_get_asn1_params(uadk_##name, get_params)) \ ++ !EVP_CIPHER_meth_set_iv_length(uadk_##name, iv_len) || \ ++ !EVP_CIPHER_meth_set_flags(uadk_##name, flags) || \ ++ !EVP_CIPHER_meth_set_impl_ctx_size(uadk_##name, sizeof(struct cipher_priv_ctx)) || \ ++ !EVP_CIPHER_meth_set_init(uadk_##name, uadk_e_cipher_init) || \ ++ !EVP_CIPHER_meth_set_do_cipher(uadk_##name, uadk_e_do_cipher) || \ ++ !EVP_CIPHER_meth_set_cleanup(uadk_##name, uadk_e_cipher_cleanup) || \ ++ !EVP_CIPHER_meth_set_set_asn1_params(uadk_##name, EVP_CIPHER_set_asn1_iv) || \ ++ !EVP_CIPHER_meth_set_get_asn1_params(uadk_##name, EVP_CIPHER_get_asn1_iv)) \ + return 0; \ + } while (0) + +@@ -833,171 +832,99 @@ EVP_CIPHER *uadk_create_cipher_meth(int nid) + + switch (nid) { + case NID_aes_128_cbc: +- UADK_CIPHER_DESCR(aes_128_cbc, 16, 16, 16, EVP_CIPH_CBC_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_128_cbc, 16, 16, 16, EVP_CIPH_CBC_MODE); + cipher = uadk_aes_128_cbc; + break; + case NID_aes_192_cbc: +- UADK_CIPHER_DESCR(aes_192_cbc, 16, 24, 16, EVP_CIPH_CBC_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_192_cbc, 16, 24, 16, EVP_CIPH_CBC_MODE); + cipher = uadk_aes_192_cbc; + break; + case NID_aes_256_cbc: +- UADK_CIPHER_DESCR(aes_256_cbc, 16, 32, 16, EVP_CIPH_CBC_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_256_cbc, 16, 32, 16, EVP_CIPH_CBC_MODE); + cipher = uadk_aes_256_cbc; + break; + case NID_aes_128_ecb: +- UADK_CIPHER_DESCR(aes_128_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_128_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE); + cipher = uadk_aes_128_ecb; + break; + case NID_aes_192_ecb: +- UADK_CIPHER_DESCR(aes_192_ecb, 16, 24, 0, EVP_CIPH_ECB_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_192_ecb, 16, 24, 0, EVP_CIPH_ECB_MODE); + cipher = uadk_aes_192_ecb; + break; + case NID_aes_256_ecb: +- UADK_CIPHER_DESCR(aes_256_ecb, 16, 32, 0, EVP_CIPH_ECB_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_256_ecb, 16, 32, 0, EVP_CIPH_ECB_MODE); + cipher = uadk_aes_256_ecb; + break; + case NID_aes_128_xts: +- UADK_CIPHER_DESCR(aes_128_xts, 1, 32, 16, EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_128_xts, 1, 32, 16, EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV); + cipher = uadk_aes_128_xts; + break; + case NID_aes_256_xts: +- UADK_CIPHER_DESCR(aes_256_xts, 1, 64, 16, EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_256_xts, 1, 64, 16, EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV); + cipher = uadk_aes_256_xts; + break; + case NID_sm4_cbc: +- UADK_CIPHER_DESCR(sm4_cbc, 16, 16, 16, EVP_CIPH_CBC_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(sm4_cbc, 16, 16, 16, EVP_CIPH_CBC_MODE); + cipher = uadk_sm4_cbc; + break; + case NID_sm4_ecb: +- UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE); + cipher = uadk_sm4_ecb; + break; + case NID_des_ede3_cbc: +- UADK_CIPHER_DESCR(des_ede3_cbc, 8, 24, 8, EVP_CIPH_CBC_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(des_ede3_cbc, 8, 24, 8, EVP_CIPH_CBC_MODE); + cipher = uadk_des_ede3_cbc; + break; + case NID_des_ede3_ecb: +- UADK_CIPHER_DESCR(des_ede3_ecb, 8, 24, 0, EVP_CIPH_ECB_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(des_ede3_ecb, 8, 24, 0, EVP_CIPH_ECB_MODE); + cipher = uadk_des_ede3_ecb; + break; + case NID_aes_128_ctr: +- UADK_CIPHER_DESCR(aes_128_ctr, 1, 16, 16, EVP_CIPH_CTR_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_128_ctr, 1, 16, 16, EVP_CIPH_CTR_MODE); + cipher = uadk_aes_128_ctr; + break; + case NID_aes_192_ctr: +- UADK_CIPHER_DESCR(aes_192_ctr, 1, 24, 16, EVP_CIPH_CTR_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_192_ctr, 1, 24, 16, EVP_CIPH_CTR_MODE); + cipher = uadk_aes_192_ctr; + break; + case NID_aes_256_ctr: +- UADK_CIPHER_DESCR(aes_256_ctr, 1, 32, 16, EVP_CIPH_CTR_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_256_ctr, 1, 32, 16, EVP_CIPH_CTR_MODE); + cipher = uadk_aes_256_ctr; + break; + case NID_aes_128_ofb128: +- UADK_CIPHER_DESCR(aes_128_ofb128, 1, 16, 16, EVP_CIPH_OFB_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_128_ofb128, 1, 16, 16, EVP_CIPH_OFB_MODE); + cipher = uadk_aes_128_ofb128; + break; + case NID_aes_192_ofb128: +- UADK_CIPHER_DESCR(aes_192_ofb128, 1, 24, 16, EVP_CIPH_OFB_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_192_ofb128, 1, 24, 16, EVP_CIPH_OFB_MODE); + cipher = uadk_aes_192_ofb128; + break; + case NID_aes_256_ofb128: +- UADK_CIPHER_DESCR(aes_256_ofb128, 1, 32, 16, EVP_CIPH_OFB_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_256_ofb128, 1, 32, 16, EVP_CIPH_OFB_MODE); + cipher = uadk_aes_256_ofb128; + break; + case NID_aes_128_cfb128: +- UADK_CIPHER_DESCR(aes_128_cfb128, 1, 16, 16, EVP_CIPH_CFB_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_128_cfb128, 1, 16, 16, EVP_CIPH_CFB_MODE); + cipher = uadk_aes_128_cfb128; + break; + case NID_aes_192_cfb128: +- UADK_CIPHER_DESCR(aes_192_cfb128, 1, 24, 16, EVP_CIPH_CFB_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_192_cfb128, 1, 24, 16, EVP_CIPH_CFB_MODE); + cipher = uadk_aes_192_cfb128; + break; + case NID_aes_256_cfb128: +- UADK_CIPHER_DESCR(aes_256_cfb128, 1, 32, 16, EVP_CIPH_CFB_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(aes_256_cfb128, 1, 32, 16, EVP_CIPH_CFB_MODE); + cipher = uadk_aes_256_cfb128; + break; + case NID_sm4_ofb128: +- UADK_CIPHER_DESCR(sm4_ofb128, 1, 16, 16, EVP_CIPH_OFB_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(sm4_ofb128, 1, 16, 16, EVP_CIPH_OFB_MODE); + cipher = uadk_sm4_ofb128; + break; + case NID_sm4_cfb128: +- UADK_CIPHER_DESCR(sm4_cfb128, 1, 16, 16, EVP_CIPH_OFB_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(sm4_cfb128, 1, 16, 16, EVP_CIPH_OFB_MODE); + cipher = uadk_sm4_cfb128; + break; + case NID_sm4_ctr: +- UADK_CIPHER_DESCR(sm4_ctr, 1, 16, 16, EVP_CIPH_CTR_MODE, +- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, +- uadk_e_do_cipher, uadk_e_cipher_cleanup, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); ++ UADK_CIPHER_DESCR(sm4_ctr, 1, 16, 16, EVP_CIPH_CTR_MODE); + cipher = uadk_sm4_ctr; + break; + default: +-- +2.25.1 + diff --git a/0081-v1-pkey-fix-uninitialized-variable.patch b/0081-v1-pkey-fix-uninitialized-variable.patch new file mode 100644 index 0000000..9808cdc --- /dev/null +++ b/0081-v1-pkey-fix-uninitialized-variable.patch @@ -0,0 +1,74 @@ +From 391351d4ed470bfb6c7aab3b8c06ad3dd7b65ecf Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 25 Nov 2023 16:13:32 +0800 +Subject: [PATCH 81/82] v1/pkey: fix uninitialized variable + +Fix uninitialized variable 'ret'. + +Signed-off-by: Zhiqi Song +--- + src/v1/alg/pkey/hpre_rsa.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/src/v1/alg/pkey/hpre_rsa.c b/src/v1/alg/pkey/hpre_rsa.c +index 4e21dde..2086e0c 100644 +--- a/src/v1/alg/pkey/hpre_rsa.c ++++ b/src/v1/alg/pkey/hpre_rsa.c +@@ -298,13 +298,13 @@ static int hpre_rsa_public_encrypt(int flen, const unsigned char *from, + BIGNUM *ret_bn = NULL; + hpre_engine_ctx_t *eng_ctx = NULL; + unsigned char *in_buf = NULL; ++ int ret = HPRE_CRYPTO_FAIL; + BN_CTX *bn_ctx = NULL; + int num_bytes = 0; + int key_bits; +- int ret; + + if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC) +- return HPRE_CRYPTO_FAIL; ++ return ret; + + key_bits = RSA_bits(rsa); + if (!check_bit_useful(key_bits)) { +@@ -392,7 +392,7 @@ static int hpre_rsa_private_encrypt(int flen, const unsigned char *from, + int version; + + if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC) +- return HPRE_CRYPTO_FAIL; ++ return ret; + + key_bits = RSA_bits(rsa); + if (!check_bit_useful(key_bits)) { +@@ -479,6 +479,7 @@ static int hpre_rsa_public_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + hpre_engine_ctx_t *eng_ctx = NULL; ++ int ret = HPRE_CRYPTO_FAIL; + BIGNUM *bn_ret = NULL; + BIGNUM *f = NULL; + BN_CTX *bn_ctx = NULL; +@@ -488,10 +489,10 @@ static int hpre_rsa_public_decrypt(int flen, const unsigned char *from, + int num_bytes = 0; + int rsa_soft_mark = 0; + unsigned char *buf = NULL; +- int ret, len; ++ int len; + + if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC) +- return HPRE_CRYPTO_FAIL; ++ return ret; + + RSA_get0_key(rsa, &n, &e, &d); + ret = hpre_rsa_check(flen, n, e, &num_bytes, rsa); +@@ -578,7 +579,7 @@ static int hpre_rsa_private_decrypt(int flen, const unsigned char *from, + BN_CTX *bn_ctx = NULL; + + if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC) +- return HPRE_CRYPTO_FAIL; ++ return ret; + + RSA_get0_key(rsa, &n, &e, &d); + num_bytes = BN_num_bytes(n); +-- +2.25.1 + diff --git a/0082-uadk_engine-v1-fix-g_sec_ciphers_info-error.patch b/0082-uadk_engine-v1-fix-g_sec_ciphers_info-error.patch new file mode 100644 index 0000000..2e15b29 --- /dev/null +++ b/0082-uadk_engine-v1-fix-g_sec_ciphers_info-error.patch @@ -0,0 +1,28 @@ +From e3f0530082dce872c1a845e1b2313169b9d7c380 Mon Sep 17 00:00:00 2001 +From: Qi Tao +Date: Sat, 25 Nov 2023 16:13:33 +0800 +Subject: [PATCH 82/82] uadk_engine/v1: fix g_sec_ciphers_info[] error + +The flags of sm4_ecb algorithm is EVP_CIPH_ECB_MODE. + +Signed-off-by: Qi Tao +--- + src/v1/alg/ciphers/sec_ciphers.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/v1/alg/ciphers/sec_ciphers.c b/src/v1/alg/ciphers/sec_ciphers.c +index b4743ed..f2c5e7e 100644 +--- a/src/v1/alg/ciphers/sec_ciphers.c ++++ b/src/v1/alg/ciphers/sec_ciphers.c +@@ -64,7 +64,7 @@ static cipher_info_t g_sec_ciphers_info[] = { + {NID_sm4_ctr, 1, 16, 16, EVP_CIPH_CTR_MODE, 1, NULL}, + {NID_sm4_cbc, 16, 16, 16, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1, 1, NULL}, + {NID_sm4_ofb128, 1, 16, 16, EVP_CIPH_OFB_MODE, 1, NULL}, +- {NID_sm4_ecb, 16, 16, 0, EVP_CIPH_CTR_MODE, 1, NULL}, ++ {NID_sm4_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE, 1, NULL}, + }; + + #define CIPHERS_COUNT (BLOCKSIZES_OF(g_sec_ciphers_info)) +-- +2.25.1 + diff --git a/uadk_engine.spec b/uadk_engine.spec index cc0b761..ca3da9f 100644 --- a/uadk_engine.spec +++ b/uadk_engine.spec @@ -1,7 +1,7 @@ Name: uadk_engine Summary: UADK Accelerator Engine Version: 1.2.0 -Release: 3 +Release: 4 License: Apache-2.0 Source: %{name}-%{version}.tar.gz ExclusiveOS: linux @@ -76,6 +76,25 @@ Patch0060: 0060-aead-fix-tag-length-check.patch Patch0061: 0061-aead-fix-for-aes-gcm-update-process.patch Patch0062: 0062-cipher-add-sm4-ecb-mode.patch Patch0063: 0063-uadk-fix-EVP_CTRL_GET_IVLEN-not-find.patch +Patch0064: 0064-configure-use-LT_INIT-to-replace-obsolete-AC_PROG_LI.patch +Patch0065: 0065-uadk_prov-Set-enable_sw_offload-from-uadk_provider.c.patch +Patch0066: 0066-ecc-optimize-sm2-sign-check-function.patch +Patch0067: 0067-digest-fix-the-address-of-async-op.patch +Patch0068: 0068-uadk_engine-add-device-initialization-status.patch +Patch0069: 0069-uadk_engine-fixup-resource-management-issues.patch +Patch0070: 0070-sm2-fixup-switching-soft-sm2-decrypt-problem.patch +Patch0071: 0071-uadk_engine-cipher-digest-fixes-for-priv-address-che.patch +Patch0072: 0072-uadk_engine-ec-add-BN_new-memory-check.patch +Patch0073: 0073-uadk_engine-rsa-fix-mem-leak-for-from_buf.patch +Patch0074: 0074-ecc-add-check-of-siglen.patch +Patch0075: 0075-v1-pkey-add-check-of-qlist.patch +Patch0076: 0076-uadk_engine-uadk_rsa-fix-to-free-from_buffer.patch +Patch0077: 0077-uadk_engine-uask_async-fix-thread_attr-res-leak.patch +Patch0078: 0078-uadk_engine-async-fix-add-async-send-timeout.patch +Patch0079: 0079-cipher-uadk_e_bind_ciphers-function-is-optimized.patch +Patch0080: 0080-cipher-UADK_CIPHER_DESCR-is-optimized.patch +Patch0081: 0081-v1-pkey-fix-uninitialized-variable.patch +Patch0082: 0082-uadk_engine-v1-fix-g_sec_ciphers_info-error.patch %description This package contains the UADK Accelerator Engine @@ -125,6 +144,9 @@ fi /sbin/ldconfig %changelog +* Wed Nov 29 2023 JiangShui Yang 1.2.0-4 +- Backport uadk engine build patch + * Tue Nov 21 2023 JiangShui Yang 1.2.0-3 - Backport uadk engine build patch