packages/uadk_engine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:982f1ed10a4da064804920bec7fe74e347306c6e
Branches Tags
packages:main
...
compare: packages:0300dc37ec34e408eb68aee7552389f43df711c1
Branches Tags
packages:main

11 Commits
982f1ed10a ... 0300dc37ec

Author SHA1 Message Date
openeuler-ci-bot
0300dc37ec
!48 Temporary workaround for the lack of numa.h during uadk_engine build 
From: @xiao_jiang_shui 
Reviewed-by: @hao-fang 
Signed-off-by: @hao-fang
 2024-05-24 02:37:34 +00:00
JiangShui
546d2b67f5 Temporary workaround for the lack of numa.h during uadk_engine build 2024-05-24 10:01:41 +08:00
openeuler-ci-bot
d7835a436b
!41 Backport uadk engine build patch 
From: @xiao_jiang_shui 
Reviewed-by: @hao-fang 
Signed-off-by: @hao-fang
 2023-12-05 08:55:57 +00:00
JiangShui
4c7a2772de Backport uadk engine build patch 2023-11-29 16:35:32 +08:00
openeuler-ci-bot
30a03686f3
!38 uadk_engine support aead aes-gcm and sm4 ecb mode 
From: @xiao_jiang_shui 
Reviewed-by: @hao-fang 
Signed-off-by: @hao-fang
 2023-11-24 03:17:04 +00:00
JiangShui
766dabe45f Backport uadk engine build patch 2023-11-21 11:24:33 +08:00
openeuler-ci-bot
af60a1fbed
!37 Backport uadk engine build patch 
From: @xiao_jiang_shui 
Reviewed-by: @hao-fang 
Signed-off-by: @hao-fang
 2023-11-03 01:58:52 +00:00
JiangShui
cdd997ce99 Backport uadk engine build patch 2023-10-31 16:41:46 +08:00
openeuler-ci-bot
bbe7c31d17
!34 Backport uadk engine patch form v1.0.1 to 1.2.0 
From: @xiao_jiang_shui 
Reviewed-by: @hao-fang 
Signed-off-by: @hao-fang
 2023-09-04 07:12:36 +00:00
JiangShui
afbf93f058 Backport uadk engine patch form v1.0.1 to 1.2.0 2023-08-22 19:23:08 +08:00
openeuler-ci-bot
06d2e0726d
!33 Backport uadk engine patch for v1.0.1 
From: @xiao_jiang_shui 
Reviewed-by: @hao-fang 
Signed-off-by: @hao-fang
 2023-08-07 08:19:24 +00:00
153 changed files with 20774 additions and 8796 deletions
Show Stats Expand all files Collapse all files

1807
0001-Backport-uadk-engine-patch-for-v1.0.1.patch Normal file
View File

File diff suppressed because it is too large Load Diff

161
0001-digest-support-digest-multiple-update.patch
View File

@ -1,161 +0,0 @@
From 8cc0e8724565c12f0fa6f099070ec57504cd21fa Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 9 Dec 2021 15:39:32 +0800
Subject: [PATCH 01/18] digest: support digest multiple update
Support digest multiple updating by using the SEC stream mode.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 77 ++++++++++++++++++++++++++++++++++++++---------
1 file changed, 62 insertions(+), 15 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index db33d16..41de449 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -31,6 +31,8 @@
#define CTX_SYNC 0
#define CTX_ASYNC 1
#define CTX_NUM 2
+#define DIGEST_DOING 1
+#define DIGEST_END 0
#define ENV_ENABLED 1
/* The max BD data length is 16M-512B */
@@ -41,6 +43,7 @@
#define SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
#define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024)
#define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
+#define MAX_DIGEST_LENGTH 64
struct digest_threshold_table {
int nid;
@@ -69,12 +72,16 @@ struct evp_md_ctx_st {
int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
};
+#define DIGEST_BLOCK_SIZE 4096
+
struct digest_priv_ctx {
handle_t sess;
struct wd_digest_sess_setup setup;
struct wd_digest_req req;
unsigned char *data;
- long tail;
+ unsigned char out[MAX_DIGEST_LENGTH];
+ size_t tail;
+ size_t last_update_bufflen;
bool copy;
uint32_t e_nid;
EVP_MD_CTX *soft_ctx;
@@ -496,6 +503,13 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
if (unlikely(!priv->sess))
return 0;
+ priv->data = malloc(DIGEST_BLOCK_SIZE);
+ if (priv->data == NULL) {
+ wd_digest_free_sess(priv->sess);
+ return 0;
+ }
+ memset(priv->data, 0, DIGEST_BLOCK_SIZE);
+
priv->switch_threshold = sec_digest_get_sw_threshold(nid);
return 1;
@@ -504,6 +518,45 @@ soft_init:
return digest_soft_init(priv->soft_ctx, priv->e_nid);
}
+static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_len)
+{
+ struct digest_priv_ctx *priv =
+ (struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx);
+ const unsigned char *tmpdata = (const unsigned char *)data;
+ size_t left_len = data_len;
+ int copy_to_bufflen;
+ int ret;
+
+ priv->req.has_next = DIGEST_DOING;
+
+ while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) {
+ copy_to_bufflen = DIGEST_BLOCK_SIZE - priv->last_update_bufflen;
+ memcpy(priv->data + priv->last_update_bufflen, tmpdata, copy_to_bufflen);
+
+ priv->last_update_bufflen = DIGEST_BLOCK_SIZE;
+ priv->req.in_bytes = DIGEST_BLOCK_SIZE;
+ priv->req.in = priv->data;
+ priv->req.out = priv->out;
+ left_len -= copy_to_bufflen;
+ tmpdata += copy_to_bufflen;
+
+ ret = wd_do_digest_sync(priv->sess, &priv->req);
+ if (ret)
+ return 0;
+
+ priv->last_update_bufflen = 0;
+ memset(priv->data, 0, DIGEST_BLOCK_SIZE);
+ if (left_len <= DIGEST_BLOCK_SIZE) {
+ priv->last_update_bufflen = left_len;
+ memcpy(priv->data, tmpdata, priv->last_update_bufflen);
+ break;
+ }
+
+ }
+
+ return 1;
+}
+
static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_len)
{
struct digest_priv_ctx *priv =
@@ -512,20 +565,13 @@ static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_l
if (unlikely(priv->switch_flag == UADK_DO_SOFT))
goto soft_update;
- if ((data_len <= BUF_LEN - priv->tail) && (data_len > 0)) {
- if (!priv->data) {
- priv->data = OPENSSL_malloc(BUF_LEN);
- if (priv->data == NULL)
- return 0;
- }
-
- memcpy(priv->data + priv->tail, data, data_len);
- priv->tail += data_len;
-
+ if (priv->last_update_bufflen + data_len <= DIGEST_BLOCK_SIZE) {
+ memcpy(priv->data + priv->last_update_bufflen, data, data_len);
+ priv->last_update_bufflen += data_len;
return 1;
}
- return 0;
+ return digest_update_inner(ctx, data, data_len);
soft_update:
return digest_soft_update(priv->soft_ctx, priv->e_nid, data, data_len);
@@ -606,10 +652,10 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
(struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
int ret = 1;
struct async_op op;
-
+ priv->req.has_next = DIGEST_END;
priv->req.in = priv->data;
- priv->req.out = digest;
- priv->req.in_bytes = priv->tail;
+ priv->req.out = priv->out;
+ priv->req.in_bytes = priv->last_update_bufflen;
priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
ret = async_setup_async_event_notification(&op);
@@ -634,6 +680,7 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
if (!ret)
goto clear;
}
+ memcpy(digest, priv->req.out, priv->req.out_bytes);
return 1;
--
2.24.4

85
0001-readme-export-PKG_CONFIG_PATH-on-openEuler.patch Normal file
View File

@ -0,0 +1,85 @@
From 2f129935991cb3d8e3fdb8b85f5c8e500390ab01 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Tue, 6 Jun 2023 03:44:14 +0000
Subject: [PATCH 1/7] readme: export PKG_CONFIG_PATH on openEuler
openEuler requires setting PKG_CONFIG_PATH though /usr/local/lib/pkgconfig
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
README.md | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/README.md b/README.md
index 2fe165a..ac721e3 100644
--- a/README.md
+++ b/README.md
@@ -21,21 +21,32 @@ Installation Instruction
========================
Build and install OpenSSL
------------------------
+------------------------
```
git clone https://github.com/openssl/openssl.git
cd openssl
git checkout -b OpenSSL_1_1_1f OpenSSL_1_1_1f
- ./config -Wl,-rpath=/usr/local/lib
+ ./config
make
- make test
sudo make install
openssl version
```
+Run pkg-config to ensure env is setup correctly
+-----------------------------------------------
+
+```
+ $ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/
+ $ pkg-config libcrypto --libs
+ -L/usr/local/lib -lcrypto
+```
+
+* export ``PKG_CONFIG_PATH`` is required on openEuler,
+ where /usr/local/lib is not set as the default pkgconfig search path.
+
Build and install UADK
---------------------
+----------------------
```
git clone https://github.com/Linaro/uadk.git
@@ -46,16 +57,17 @@ Build and install UADK
make
sudo make install
```
+
* If get error:"cannot find -lnuma", please install the libnuma-dev
* If get error:"fatal error: zlib.h: No such file or directory", please install zlib.
Build and install UADK Engine
------------------------------------
+-----------------------------
```
git clone https://github.com/Linaro/uadk_engine.git
cd uadk_engine
autoreconf -i
- ./configure --libdir=/usr/local/lib/engines-1.1/ --enable-kae
+ ./configure --libdir=/usr/local/lib/engines-1.1/ [--enable-kae]
make
sudo make install
@@ -93,7 +105,7 @@ Install libraries to the temp folder
-L/tmp/build/lib -lwd
$ cd uadk_engine
- $ autoreconf
+ $ autoreconf -i
$ ./configure --prefix=/tmp/build
$ make; make install
--
2.25.1

38
0002-uadk_engine-define-the-variable-as-const.patch
View File

@ -1,38 +0,0 @@
From b7bb19a4e5c239035926f952d24c2e95bf813fd8 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Mon, 20 Dec 2021 02:48:54 +0000
Subject: [PATCH 02/18] uadk_engine: define the variable as 'const'
Parameter: 'n' in the function has not been changed,
it should be defined as 'const'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_rsa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index bab3c24..75ae0d1 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -174,7 +174,7 @@ static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
}
static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
- int *n, BIGNUM *rsa_p, BIGNUM *rsa_q,
+ const int *n, BIGNUM *rsa_p, BIGNUM *rsa_q,
BIGNUM *r1, BIGNUM *r2, BN_CTX *ctx,
BN_GENCB *cb)
{
@@ -268,7 +268,7 @@ static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
return UADK_E_SUCCESS;
}
-static int check_prime_useful(int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2,
+static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2,
BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb)
{
unsigned long err;
--
2.24.4

222
0002-uadk_engine-use-calloc-to-replace-malloc-memset.patch Normal file
View File

@ -0,0 +1,222 @@
From e6dcaa276f295a5baa6ea5109a943d2299ade757 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Tue, 6 Jun 2023 05:06:32 +0000
Subject: [PATCH 2/7] uadk_engine: use calloc to replace malloc+memset
malloc + memset(0) can be replaced by calloc
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk_async.c | 5 +----
src/uadk_ecx.c | 6 ++----
src/uadk_sm2.c | 4 +---
src/v1/alg/dh/hpre_dh_wd.c | 3 +--
src/v1/async/async_task_queue.c | 4 +---
src/v1/utils/engine_log.c | 6 ++----
src/v1/wdmngr/wd_alg_queue.c | 6 ++----
src/v1/wdmngr/wd_queue_memory.c | 11 ++++-------
8 files changed, 14 insertions(+), 31 deletions(-)
diff --git a/src/uadk_async.c b/src/uadk_async.c
index f21eabb..86aa9e5 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -362,13 +362,10 @@ int async_module_init(void)
if (pthread_mutex_init(&(poll_queue.async_task_mutex), NULL) < 0)
return 0;
- poll_queue.head = malloc(sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM);
+ poll_queue.head = calloc(ASYNC_QUEUE_TASK_NUM, sizeof(struct async_poll_task));
if (poll_queue.head == NULL)
return 0;
- memset(poll_queue.head, 0,
- sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM);
-
if (sem_init(&poll_queue.empty_sem, 0, ASYNC_QUEUE_TASK_NUM) != 0)
goto err;
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 2824a0d..0537890 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -89,12 +89,11 @@ static int x25519_init(EVP_PKEY_CTX *ctx)
return UADK_E_FAIL;
}
- x25519_ctx = malloc(sizeof(struct ecx_ctx));
+ x25519_ctx = calloc(1, sizeof(struct ecx_ctx));
if (!x25519_ctx) {
fprintf(stderr, "failed to alloc x25519 ctx\n");
return UADK_E_FAIL;
}
- memset(x25519_ctx, 0, sizeof(struct ecx_ctx));
setup.alg = "x25519";
setup.key_bits = X25519_KEYBITS;
@@ -146,13 +145,12 @@ static int x448_init(EVP_PKEY_CTX *ctx)
return UADK_E_FAIL;
}
- x448_ctx = malloc(sizeof(struct ecx_ctx));
+ x448_ctx = calloc(1, sizeof(struct ecx_ctx));
if (!x448_ctx) {
fprintf(stderr, "failed to alloc x448 ctx\n");
return UADK_E_FAIL;
}
- memset(x448_ctx, 0, sizeof(struct ecx_ctx));
setup.alg = "x448";
setup.key_bits = X448_KEYBITS;
params.numa_id = uadk_e_ecc_get_numa_id();
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 01186ef..63d4fdf 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -1157,14 +1157,12 @@ static int sm2_init(EVP_PKEY_CTX *ctx)
struct sm2_ctx *smctx;
int ret;
- smctx = malloc(sizeof(*smctx));
+ smctx = calloc(1, sizeof(*smctx));
if (!smctx) {
fprintf(stderr, "failed to alloc sm2 ctx\n");
return 0;
}
- memset(smctx, 0, sizeof(*smctx));
-
ret = uadk_e_ecc_get_support_state(SM2_SUPPORT);
if (!ret) {
fprintf(stderr, "sm2 is not supported\n");
diff --git a/src/v1/alg/dh/hpre_dh_wd.c b/src/v1/alg/dh/hpre_dh_wd.c
index 38a3d09..8dbb9b4 100644
--- a/src/v1/alg/dh/hpre_dh_wd.c
+++ b/src/v1/alg/dh/hpre_dh_wd.c
@@ -265,12 +265,11 @@ static hpre_dh_engine_ctx_t *hpre_dh_new_eng_ctx(DH *alg)
{
hpre_dh_engine_ctx_t *eng_ctx = NULL;
- eng_ctx = (hpre_dh_engine_ctx_t *)OPENSSL_malloc(sizeof(hpre_dh_engine_ctx_t));
+ eng_ctx = (hpre_dh_engine_ctx_t *)OPENSSL_calloc(1, sizeof(hpre_dh_engine_ctx_t));
if (eng_ctx == NULL) {
US_ERR("hpre engine_ctx malloc fail");
return NULL;
}
- kae_memset(eng_ctx, 0, sizeof(hpre_dh_engine_ctx_t));
eng_ctx->priv_ctx.ssl_alg = alg;
eng_ctx->qlist = kae_get_node_from_pool(g_hpre_dh_qnode_pool);
diff --git a/src/v1/async/async_task_queue.c b/src/v1/async/async_task_queue.c
index 2feea7e..0ef1e84 100644
--- a/src/v1/async/async_task_queue.c
+++ b/src/v1/async/async_task_queue.c
@@ -60,13 +60,11 @@ int async_poll_task_init_v1(void)
kae_memset(&g_async_poll_queue, 0, sizeof(g_async_poll_queue));
g_async_poll_queue.async_poll_task_queue_head =
- (async_poll_task *)malloc(sizeof(async_poll_task) * ASYNC_POLL_TASK_NUM);
+ (async_poll_task *)calloc(ASYNC_POLL_TASK_NUM, sizeof(async_poll_task));
if (g_async_poll_queue.async_poll_task_queue_head == NULL) {
US_ERR("no enough memory for task queue, errno=%d", errno); //lint !e666
return 0;
}
- kae_memset(g_async_poll_queue.async_poll_task_queue_head, 0,
- sizeof(async_poll_task) * ASYNC_POLL_TASK_NUM);
g_async_poll_queue.left_task = ASYNC_POLL_TASK_NUM;
ret = sem_init(&g_async_poll_queue.empty_sem, 0, (unsigned int)g_async_poll_queue.left_task);
diff --git a/src/v1/utils/engine_log.c b/src/v1/utils/engine_log.c
index 6e32b97..ef009e5 100644
--- a/src/v1/utils/engine_log.c
+++ b/src/v1/utils/engine_log.c
@@ -60,12 +60,10 @@ static void kae_set_conf_debuglevel(void)
if (conf_path == NULL || strlen(conf_path) > MAX_CONFIG_LEN)
goto err;
- file_path = (char *)kae_malloc(strlen(conf_path) + strlen(filename) + 1);
- debuglev = (char *)kae_malloc(MAX_LEVEL_LEN);
+ file_path = (char *)kae_calloc(1, strlen(conf_path) + strlen(filename) + 1);
+ debuglev = (char *)kae_calloc(1, MAX_LEVEL_LEN);
if (!file_path || !debuglev)
goto err;
- memset(debuglev, 0, MAX_LEVEL_LEN);
- memset(file_path, 0, sizeof(conf_path) + sizeof(filename) + 1);
strcat(file_path, conf_path);
strcat(file_path, filename);
ret = kae_drv_get_item(file_path, "LogSection", "debug_level", debuglev);
diff --git a/src/v1/wdmngr/wd_alg_queue.c b/src/v1/wdmngr/wd_alg_queue.c
index 5cd33ae..098231f 100644
--- a/src/v1/wdmngr/wd_alg_queue.c
+++ b/src/v1/wdmngr/wd_alg_queue.c
@@ -21,16 +21,14 @@
struct wd_queue *wd_new_queue(int algtype)
{
- struct wd_queue *queue = (struct wd_queue *)kae_malloc(sizeof(struct wd_queue));
int ret;
-
+ struct wd_queue *queue = (struct wd_queue *)kae_calloc(1,
+ sizeof(struct wd_queue));
if (queue == NULL) {
US_ERR("malloc failed");
return NULL;
}
- kae_memset(queue, 0, sizeof(struct wd_queue));
-
switch (algtype) {
case WCRYPTO_RSA:
queue->capa.alg = "rsa";
diff --git a/src/v1/wdmngr/wd_queue_memory.c b/src/v1/wdmngr/wd_queue_memory.c
index e6e7a2c..5f28357 100644
--- a/src/v1/wdmngr/wd_queue_memory.c
+++ b/src/v1/wdmngr/wd_queue_memory.c
@@ -62,13 +62,12 @@ struct wd_queue_mempool *wd_queue_mempool_create(struct wd_queue *q, unsigned in
kae_memset(addr, 0, rsv_mm_sz);
bitmap_sz = (block_num / BLOCKS_PER_BITMAP + 1) * sizeof(unsigned int);
- pool =
- (struct wd_queue_mempool *)kae_malloc(sizeof(struct wd_queue_mempool) + bitmap_sz);
+ pool = (struct wd_queue_mempool *)kae_calloc(1,
+ sizeof(struct wd_queue_mempool) + bitmap_sz);
if (pool == NULL) {
US_ERR("Alloc pool handle fail!");
return NULL;
}
- kae_memset(pool, 0, sizeof(struct wd_queue_mempool) + bitmap_sz);
pool->base = addr;
sem_init(&pool->mempool_sem, 0, 1);
@@ -190,13 +189,12 @@ KAE_QUEUE_POOL_HEAD_S *kae_init_queue_pool(int algtype)
/* malloc a pool */
kae_pool->kae_queue_pool = (KAE_QUEUE_POOL_NODE_S *)
- kae_malloc(KAE_QUEUE_POOL_MAX_SIZE * sizeof(KAE_QUEUE_POOL_NODE_S));
+ kae_calloc(KAE_QUEUE_POOL_MAX_SIZE, sizeof(KAE_QUEUE_POOL_NODE_S));
if (kae_pool->kae_queue_pool == NULL) {
US_ERR("malloc failed");
kae_free(kae_pool);
return NULL;
}
- kae_memset(kae_pool->kae_queue_pool, 0, KAE_QUEUE_POOL_MAX_SIZE * sizeof(KAE_QUEUE_POOL_NODE_S));
pthread_mutex_init(&kae_pool->kae_queue_mutex, NULL);
pthread_mutex_init(&kae_pool->destroy_mutex, NULL);
@@ -271,12 +269,11 @@ static KAE_QUEUE_DATA_NODE_S *kae_new_wd_queue_memory(int algtype)
{
KAE_QUEUE_DATA_NODE_S *queue_node = NULL;
- queue_node = (KAE_QUEUE_DATA_NODE_S *)kae_malloc(sizeof(KAE_QUEUE_DATA_NODE_S));
+ queue_node = (KAE_QUEUE_DATA_NODE_S *)kae_calloc(1, sizeof(KAE_QUEUE_DATA_NODE_S));
if (queue_node == NULL) {
US_ERR("malloc failed");
return NULL;
}
- kae_memset(queue_node, 0, sizeof(KAE_QUEUE_DATA_NODE_S));
queue_node->kae_wd_queue = wd_new_queue(algtype);
if (queue_node->kae_wd_queue == NULL) {
--
2.25.1

113
0003-ecc-fix-codecheck-warning.patch
View File

@ -1,113 +0,0 @@
From 1cd8bd255ae0f55742d2dffa7ba09aea28d56c9a Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Wed, 22 Dec 2021 03:37:13 +0000
Subject: [PATCH 03/18] ecc: fix codecheck warning
fix a more than 50 lines function 'uadk_wd_ecc_init'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_pkey.c | 61 +++++++++++++++++++++++++------------------------
1 file changed, 31 insertions(+), 30 deletions(-)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index c20b22b..62362b0 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -178,38 +178,20 @@ static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev)
return async_register_poll_fn(ASYNC_TASK_ECC, uadk_e_ecc_env_poll);
}
-static int uadk_wd_ecc_init(struct ecc_res_config *config)
+static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
+ struct wd_sched *sched)
{
- struct wd_sched *sched = &config->sched.wd_sched;
struct wd_ctx_config *ctx_cfg;
- struct uacce_dev *dev;
int ret, i;
- /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */
- dev = wd_get_accel_dev("ecdsa");
- if (!dev)
- return -ENOMEM;
-
- config->numa_id = dev->numa_id;
-
- ret = uadk_e_is_env_enabled("ecc");
- if (ret == ENV_ENABLED) {
- ret = uadk_e_wd_ecc_env_init(dev);
- goto free_dev;
- }
-
- if (ecc_res.ctx_res) {
- ret = 0;
- goto free_dev;
- }
+ if (ecc_res.ctx_res)
+ return 0;
ctx_cfg = calloc(1, sizeof(struct wd_ctx_config));
- if (!ctx_cfg) {
+ if (!ctx_cfg)
ret = -ENOMEM;
- goto free_dev;
- }
- ecc_res.ctx_res = ctx_cfg;
+ ecc_res.ctx_res = ctx_cfg;
ctx_cfg->ctx_num = CTX_NUM;
ctx_cfg->ctxs = calloc(CTX_NUM, sizeof(struct wd_ctx));
if (!ctx_cfg->ctxs) {
@@ -230,23 +212,42 @@ static int uadk_wd_ecc_init(struct ecc_res_config *config)
if (ret)
goto free_ctx;
- free(dev);
-
return async_register_poll_fn(ASYNC_TASK_ECC, uadk_ecc_poll);
free_ctx:
for (i = 0; i < CTX_NUM; i++) {
- if (ctx_cfg->ctxs[i].ctx) {
+ if (ctx_cfg->ctxs[i].ctx)
wd_release_ctx(ctx_cfg->ctxs[i].ctx);
- ctx_cfg->ctxs[i].ctx = 0;
- }
}
free(ctx_cfg->ctxs);
free_cfg:
free(ctx_cfg);
ecc_res.ctx_res = NULL;
-free_dev:
+
+ return ret;
+}
+
+static int uadk_wd_ecc_init(struct ecc_res_config *config)
+{
+ struct wd_sched *sched = &config->sched.wd_sched;
+ struct uacce_dev *dev;
+ int ret;
+
+ /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */
+ dev = wd_get_accel_dev("ecdsa");
+ if (!dev)
+ return -ENOMEM;
+
+ config->numa_id = dev->numa_id;
+
+ ret = uadk_e_is_env_enabled("ecc");
+ if (ret)
+ ret = uadk_e_wd_ecc_env_init(dev);
+ else
+ ret = uadk_e_wd_ecc_general_init(dev, sched);
+
free(dev);
+
return ret;
}
--
2.24.4

125
0003-v1-some-code-clean.patch Normal file
View File

@ -0,0 +1,125 @@
From e6dae9e2197dad6173f9ec7fbc55373adcfbb29e Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Tue, 6 Jun 2023 06:12:23 +0000
Subject: [PATCH 3/7] v1: some code clean
remove #if 0, print address, etc
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/v1/alg/ciphers/sec_ciphers_soft.c | 15 ++++-----------
src/v1/alg/pkey/hpre_rsa.c | 20 +-------------------
src/v1/alg/pkey/hpre_rsa_utils.c | 5 ++---
3 files changed, 7 insertions(+), 33 deletions(-)
diff --git a/src/v1/alg/ciphers/sec_ciphers_soft.c b/src/v1/alg/ciphers/sec_ciphers_soft.c
index 71fbb33..9c597b5 100644
--- a/src/v1/alg/ciphers/sec_ciphers_soft.c
+++ b/src/v1/alg/ciphers/sec_ciphers_soft.c
@@ -110,11 +110,11 @@ int sec_ciphers_sw_impl_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
/* allowed iv to be empty. */
if (unlikely(key == NULL)) {
- US_ERR("kae sw init parameter is NULL. key=%p", key);
+ US_ERR("kae sw init parameter is NULL");
return KAE_FAIL;
}
if (unlikely(ctx == NULL)) {
- US_ERR("kae sw init parameter is NULL. ctx=%p", ctx);
+ US_ERR("kae sw init parameter is NULL");
return KAE_FAIL;
}
@@ -155,11 +155,10 @@ int sec_ciphers_sw_impl_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
ret = EVP_CIPHER_meth_get_init(sw_cipher)(ctx, key, iv, enc);
EVP_CIPHER_CTX_set_cipher_data(ctx, priv_ctx);
if (ret != OPENSSL_SUCCESS) {
- US_ERR("OPENSSL init key failed. ctx=%p", ctx);
+ US_ERR("OPENSSL init key failed.");
kae_free(priv_ctx->sw_ctx_data);
return KAE_FAIL;
}
- US_DEBUG("kae sw init impl success. ctx=%p", ctx);
return KAE_SUCCESS;
}
@@ -185,18 +184,14 @@ int sec_ciphers_sw_impl_cleanup(EVP_CIPHER_CTX *ctx)
kae_free(priv_ctx->sw_ctx_data);
- US_DEBUG("kae sw cleanup impl success, ctx=%p", ctx);
-
return KAE_SUCCESS;
}
static int sec_ciphers_sw_impl_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
{
- if (unlikely((ctx == NULL) || (out == NULL) || (in == NULL))) {
- US_ERR("kae sw cipher parameter is null.ctx=%p, in=%p, out=%p, inl=%d", ctx, out, in, (int)inl);
+ if (unlikely((ctx == NULL) || (out == NULL) || (in == NULL)))
return KAE_FAIL;
- }
cipher_priv_ctx_t *priv_ctx = (cipher_priv_ctx_t *)EVP_CIPHER_CTX_get_cipher_data(ctx);
@@ -277,8 +272,6 @@ int sec_ciphers_sw_hw_ctx_sync(EVP_CIPHER_CTX *ctx, sec_cipher_priv_ctx_syncto_t
}
}
- US_DEBUG("state sync success, direct=%d[1:SW_TO_HW, 2:HW_TO_SW], offset=%d", direction, num);
-
return KAE_SUCCESS;
}
diff --git a/src/v1/alg/pkey/hpre_rsa.c b/src/v1/alg/pkey/hpre_rsa.c
index 6c1d96d..4e21dde 100644
--- a/src/v1/alg/pkey/hpre_rsa.c
+++ b/src/v1/alg/pkey/hpre_rsa.c
@@ -67,25 +67,7 @@ RSA_METHOD *hpre_get_rsa_methods(void)
return g_hpre_rsa_method;
if (g_soft_rsa_method != NULL)
return g_soft_rsa_method;
-#if 0
- if (!kae_get_device(g_hpre_device)) {
- const RSA_METHOD *default_soft_method = RSA_PKCS1_OpenSSL();
-
- g_soft_rsa_method = RSA_meth_new("SOFT RSA METHOD", 0);
- ret &= RSA_meth_set_pub_enc(g_soft_rsa_method, RSA_meth_get_pub_enc(default_soft_method));
- ret &= RSA_meth_set_priv_enc(g_soft_rsa_method, RSA_meth_get_priv_enc(default_soft_method));
- ret &= RSA_meth_set_pub_dec(g_soft_rsa_method, RSA_meth_get_pub_dec(default_soft_method));
- ret &= RSA_meth_set_priv_dec(g_soft_rsa_method, RSA_meth_get_priv_dec(default_soft_method));
- ret &= RSA_meth_set_keygen(g_soft_rsa_method, hpre_rsa_soft_genkey);
- ret &= RSA_meth_set_mod_exp(g_soft_rsa_method, RSA_meth_get_mod_exp(default_soft_method));
- ret &= RSA_meth_set_bn_mod_exp(g_soft_rsa_method, RSA_meth_get_bn_mod_exp(default_soft_method));
- if (ret == 0) {
- US_ERR("Failed to set SOFT RSA methods");
- return NULL;
- }
- return g_soft_rsa_method;
- }
-#endif
+
g_hpre_rsa_method = RSA_meth_new("HPRE RSA method", 0);
if (g_hpre_rsa_method == NULL) {
KAEerr(KAE_F_HPRE_GET_RSA_METHODS, KAE_R_MALLOC_FAILURE);
diff --git a/src/v1/alg/pkey/hpre_rsa_utils.c b/src/v1/alg/pkey/hpre_rsa_utils.c
index 0630b28..317a5a0 100644
--- a/src/v1/alg/pkey/hpre_rsa_utils.c
+++ b/src/v1/alg/pkey/hpre_rsa_utils.c
@@ -44,10 +44,9 @@ void hpre_free_bn_ctx_buf(BN_CTX *bn_ctx, unsigned char *in_buf, int num)
int hpre_rsa_check_para(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa)
{
- if ((rsa == NULL || from == NULL || to == NULL || flen <= 0)) {
- US_ERR("RSA key %p, input %p or output %p are NULL, or flen invalid length.\n", rsa, from, to);
+ if ((rsa == NULL || from == NULL || to == NULL || flen <= 0))
return HPRE_CRYPTO_FAIL;
- }
+
return HPRE_CRYPTO_SUCC;
}
--
2.25.1

28
0004-rsa-delete-redundant-copy.patch
View File

@ -1,28 +0,0 @@
From 6c916851ae54c9272a96c7af73cba83598ab3c43 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Wed, 22 Dec 2021 03:51:48 +0000
Subject: [PATCH 04/18] rsa: delete redundant copy
'from_buf' and 'req.src' point to the same address space,
redundant copy is not required.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_rsa.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 75ae0d1..1e1e226 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1595,7 +1595,6 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
goto free_buf;
}
- memcpy(rsa_sess->req.src, from_buf, rsa_sess->req.src_bytes);
ret = rsa_do_crypto(rsa_sess);
if (!ret || rsa_sess->req.status) {
ret = UADK_DO_SOFT;
--
2.24.4

41
0004-v1-fix-implicit-declaration-of-function-OPENSSL_call.patch Normal file
View File

@ -0,0 +1,41 @@
From 1d05480962b3110b8da9f467cc3dbd9047f04589 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Fri, 16 Jun 2023 02:09:00 +0000
Subject: [PATCH 4/7] =?UTF-8?q?v1:=20fix=20implicit=20declaration=20of=20f?=
=?UTF-8?q?unction=20=E2=80=98OPENSSL=5Fcalloc=E2=80=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fix implicit declaration of function OPENSSL_calloc with calloc
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/v1/alg/dh/hpre_dh_wd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/v1/alg/dh/hpre_dh_wd.c b/src/v1/alg/dh/hpre_dh_wd.c
index 8dbb9b4..b8ca9a1 100644
--- a/src/v1/alg/dh/hpre_dh_wd.c
+++ b/src/v1/alg/dh/hpre_dh_wd.c
@@ -199,7 +199,7 @@ void hpre_dh_free_eng_ctx(hpre_dh_engine_ctx_t *eng_ctx)
eng_ctx->opdata.pri = NULL;
eng_ctx->opdata.x_p = NULL;
eng_ctx->opdata.pv = NULL;
- OPENSSL_free(eng_ctx);
+ free(eng_ctx);
eng_ctx = NULL;
}
@@ -265,7 +265,7 @@ static hpre_dh_engine_ctx_t *hpre_dh_new_eng_ctx(DH *alg)
{
hpre_dh_engine_ctx_t *eng_ctx = NULL;
- eng_ctx = (hpre_dh_engine_ctx_t *)OPENSSL_calloc(1, sizeof(hpre_dh_engine_ctx_t));
+ eng_ctx = (hpre_dh_engine_ctx_t *)calloc(1, sizeof(hpre_dh_engine_ctx_t));
if (eng_ctx == NULL) {
US_ERR("hpre engine_ctx malloc fail");
return NULL;
--
2.25.1

35
0005-rsa-fix-coverity-warning.patch
View File

@ -1,35 +0,0 @@
From f5fac71459234b4e44fe8ff386b19627e88ad680 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Wed, 22 Dec 2021 06:39:46 +0000
Subject: [PATCH 05/18] rsa: fix coverity warning
Parameter: 'n' in the function 'get_prime_once' has not
been changed, it should be defined as 'const'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_rsa.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 1e1e226..cb98159 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -307,10 +307,10 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r
return GET_ERR_FINISH;
}
-static int get_prime_once(int num, const int *bitsr, int *n, BIGNUM *prime,
- BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
- BIGNUM *r2, BIGNUM *e_pub, BN_CTX *ctx,
- BN_GENCB *cb)
+static int get_prime_once(int num, const int *bitsr, const int *n,
+ BIGNUM *prime, BIGNUM *rsa_p, BIGNUM *rsa_q,
+ BIGNUM *r1, BIGNUM *r2, BIGNUM *e_pub,
+ BN_CTX *ctx, BN_GENCB *cb)
{
int ret = -1;
--
2.24.4

93
0005-uadk-build-uadk_engine-only-if-openssl-1.1.patch Normal file
View File

@ -0,0 +1,93 @@
From aa06f50efb5725a99f5ff93cca04c968ec981635 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Fri, 9 Jun 2023 04:52:30 +0000
Subject: [PATCH 5/7] uadk: build uadk_engine only if openssl 1.1
Rename e_uadk.c to uadk_engine_init.c
Build uadk_engine only if openssl 1.1
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
Makefile.am | 2 --
configure.ac | 7 ++++---
src/Makefile.am | 11 ++++++++---
src/{e_uadk.c => uadk_engine_init.c} | 0
4 files changed, 12 insertions(+), 8 deletions(-)
rename src/{e_uadk.c => uadk_engine_init.c} (100%)
diff --git a/Makefile.am b/Makefile.am
index 55fd400..1ade214 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,7 +1,5 @@
ACLOCAL_AMFLAGS = -I m4
-if HAVE_CRYPTO
if HAVE_WD
SUBDIRS = src
endif
-endif
diff --git a/configure.ac b/configure.ac
index fb03a5b..0fc14ed 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,5 @@
AC_PREREQ([2.69])
AC_INIT([uadk_engine], [1.2])
-AC_CONFIG_SRCDIR([src/e_uadk.c])
AM_INIT_AUTOMAKE([1.10 no-define])
AC_CONFIG_MACRO_DIR([m4])
@@ -15,8 +14,6 @@ AC_ARG_ENABLE(kae,
AC_SUBST(enable_kae)
AM_CONDITIONAL([WD_KAE], [test "$enable_kae" = "yes"])
-AC_CHECK_HEADERS([openssl/engine.h])
-
PKG_CHECK_MODULES(WD, libwd libwd_crypto, [with_wd=yes], [with_wd=no])
AM_CONDITIONAL(HAVE_WD, [test "$with_wd" != "no"])
@@ -24,6 +21,10 @@ PKG_CHECK_MODULES(libcrypto, libcrypto < 3.0 libcrypto >= 1.1,
[with_crypto=yes], [with_crypto=no])
AM_CONDITIONAL(HAVE_CRYPTO, test "$with_crypto" != "no")
+PKG_CHECK_MODULES(libcrypto, libcrypto >= 3.0,
+ [with_crypto3=yes], [with_crypto3=no])
+AM_CONDITIONAL(HAVE_CRYPTO3, test "$with_crypto3" != "no")
+
AC_CONFIG_FILES([
Makefile
src/Makefile])
diff --git a/src/Makefile.am b/src/Makefile.am
index 8ced0e8..65afe1d 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,13 +1,18 @@
VERSION = 1:2
ACLOCAL_AMFLAGS = -I m4
+if HAVE_CRYPTO
lib_LTLIBRARIES=uadk_engine.la
+endif #HAVE_CRYPTO
+
+uadk_engine_la_SOURCES=uadk_utils.c uadk_engine_init.c uadk_cipher.c \
+ uadk_digest.c uadk_async.c uadk_rsa.c uadk_sm2.c \
+ uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c
-uadk_engine_la_SOURCES=uadk_utils.c e_uadk.c uadk_cipher.c uadk_digest.c uadk_async.c \
- uadk_rsa.c uadk_sm2.c uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c
uadk_engine_la_LIBADD=-ldl $(WD_LIBS) -lpthread
uadk_engine_la_LDFLAGS=-module -version-number $(VERSION)
-uadk_engine_la_CFLAGS=$(WD_CFLAGS)
+uadk_engine_la_CFLAGS=$(WD_CFLAGS) $(libcrypto_CFLAGS)
+uadk_engine_la_CFLAGS+=-DCRYPTO
AUTOMAKE_OPTIONS = subdir-objects
diff --git a/src/e_uadk.c b/src/uadk_engine_init.c
similarity index 100%
rename from src/e_uadk.c
rename to src/uadk_engine_init.c
--
2.25.1

165
0006-ecc-cleanup-duplicate-public-key-allocation.patch
View File

@ -1,165 +0,0 @@
From 941c89ea6fefe3e78255437788c3f274b6c81414 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Wed, 22 Dec 2021 08:27:45 +0000
Subject: [PATCH 06/18] ecc: cleanup duplicate public key allocation
Remove duplicate allocation and copy of public key.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 95 +++++++++++++++++++++++++++------------------------
1 file changed, 51 insertions(+), 44 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index d97436b..9040d3c 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -784,59 +784,78 @@ static int sm2_keygen_init_iot(handle_t sess, struct wd_ecc_req *req)
static int eckey_create_key(EC_KEY *eckey)
{
- const EC_GROUP *group;
- EC_POINT *pub_key;
BIGNUM *priv_key;
+ int ret;
- group = EC_KEY_get0_group(eckey);
- pub_key = (EC_POINT *)EC_KEY_get0_public_key(eckey);
- if (!pub_key) {
- pub_key = EC_POINT_new(group);
- if (!pub_key) {
- fprintf(stderr, "failed to new pub_key\n");
- return -1;
- }
- EC_KEY_set_public_key(eckey, pub_key);
+ priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey);
+ if (priv_key)
+ return 1;
+
+ priv_key = BN_new();
+ if (!priv_key) {
+ fprintf(stderr, "failed to BN_new priv_key\n");
+ return 0;
}
+ ret = EC_KEY_set_private_key(eckey, priv_key);
+ if (!ret)
+ fprintf(stderr, "failed to set private key\n");
+
+ BN_free(priv_key);
+ return ret;
+}
+
+static int ecdh_set_private_key(EC_KEY *eckey, BIGNUM *order)
+{
+ BIGNUM *priv_key;
+ int ret;
+
+ priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey);
+ if (priv_key)
+ return 1;
+
priv_key = BN_new();
if (!priv_key) {
fprintf(stderr, "failed to BN_new priv_key\n");
- return -1;
+ return 0;
}
- EC_KEY_set_private_key(eckey, priv_key);
- return 0;
+ do {
+ if (!BN_rand_range(priv_key, order)) {
+ fprintf(stderr, "failed to generate random value\n");
+ ret = 0;
+ goto free_priv_key;
+ }
+ } while (BN_is_zero(priv_key));
+
+ ret = EC_KEY_set_private_key(eckey, priv_key);
+ if (!ret)
+ fprintf(stderr, "failed to set private key\n");
+
+free_priv_key:
+ BN_free(priv_key);
+ return ret;
}
static int ecdh_create_key(EC_KEY *eckey)
{
- BIGNUM *priv_key, *order;
const EC_GROUP *group;
- EC_POINT *pub_key;
+ BIGNUM *order;
BN_CTX *ctx;
- int ret = 0;
+ int ret;
group = EC_KEY_get0_group(eckey);
- pub_key = (EC_POINT *)EC_KEY_get0_public_key(eckey);
- if (!pub_key) {
- pub_key = EC_POINT_new(group);
- if (!pub_key) {
- fprintf(stderr, "failed to new pub_key\n");
- return ret;
- }
- ret = EC_KEY_set_public_key(eckey, pub_key);
- }
ctx = BN_CTX_new();
if (!ctx) {
fprintf(stderr, "failed to allocate ctx\n");
- return ret;
+ return 0;
}
- order = BN_CTX_get(ctx);
+ order = BN_CTX_get(ctx);
if (!order) {
fprintf(stderr, "failed to allocate order\n");
+ ret = 0;
goto free_ctx;
}
@@ -846,26 +865,14 @@ static int ecdh_create_key(EC_KEY *eckey)
goto free_order;
}
- priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey);
- if (!priv_key) {
- priv_key = BN_new();
- if (!priv_key) {
- fprintf(stderr, "failed to BN_new priv_key\n");
- goto free_order;
- }
- do {
- if (!BN_rand_range(priv_key, order))
- fprintf(stderr, "failed to generate random value\n");
- } while (BN_is_zero(priv_key));
- ret = EC_KEY_set_private_key(eckey, priv_key);
- }
- ret = 1;
+ ret = ecdh_set_private_key(eckey, order);
+ if (!ret)
+ fprintf(stderr, "failed to set private key\n");
free_order:
BN_clear(order);
free_ctx:
BN_CTX_free(ctx);
-
return ret;
}
@@ -880,7 +887,7 @@ static int sm2_generate_key(EC_KEY *eckey)
goto do_soft;
ret = eckey_create_key(eckey);
- if (ret)
+ if (!ret)
return ret;
ret = UADK_DO_SOFT;
--
2.24.4

915
0006-uadk-support-openssl-3.0.patch Normal file
View File

@ -0,0 +1,915 @@
From c6aab5dadf83fad2716b1687366d040303b1301c Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Fri, 9 Jun 2023 09:04:30 +0000
Subject: [PATCH 6/7] uadk: support openssl 3.0
Openssl3.0 provoder will be built when libcrypto >= 3.0
First step to support digest
Test with
openssl speed -provider xx/uadk_provider.so -provider default -evp md5
openssl speed -provider xx/uadk_provider.so -provider default -evp sm3
openssl speed -provider xx/uadk_provider.so -provider default -evp sha1
openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-224
openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-256
openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-384
openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-512
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/Makefile.am | 11 +
src/uadk_prov.h | 30 ++
src/uadk_prov_digest.c | 699 +++++++++++++++++++++++++++++++++++++++++
src/uadk_prov_init.c | 110 +++++++
4 files changed, 850 insertions(+)
create mode 100644 src/uadk_prov.h
create mode 100644 src/uadk_prov_digest.c
create mode 100644 src/uadk_prov_init.c
diff --git a/src/Makefile.am b/src/Makefile.am
index 65afe1d..bfaeb78 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -5,6 +5,10 @@ if HAVE_CRYPTO
lib_LTLIBRARIES=uadk_engine.la
endif #HAVE_CRYPTO
+if HAVE_CRYPTO3
+lib_LTLIBRARIES=uadk_provider.la
+endif #HAVE_CRYPTO3
+
uadk_engine_la_SOURCES=uadk_utils.c uadk_engine_init.c uadk_cipher.c \
uadk_digest.c uadk_async.c uadk_rsa.c uadk_sm2.c \
uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c
@@ -45,3 +49,10 @@ uadk_engine_la_SOURCES+=v1/alg/ciphers/sec_ciphers.c \
v1/async/async_poll.c \
v1/async/async_task_queue.c
endif #WD_KAE
+
+uadk_provider_la_SOURCES=uadk_prov_init.c uadk_prov_digest.c uadk_async.c uadk_utils.c
+
+uadk_provider_la_LDFLAGS=-module -version-number $(VERSION)
+uadk_provider_la_LIBADD=$(WD_LIBS) -lpthread
+uadk_provider_la_CFLAGS=$(WD_CFLAGS) $(libcrypto_CFLAGS)
+uadk_provider_la_CFLAGS+=-DCRYPTO3
diff --git a/src/uadk_prov.h b/src/uadk_prov.h
new file mode 100644
index 0000000..c63c3fe
--- /dev/null
+++ b/src/uadk_prov.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2023-2024 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2023-2024 Linaro ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+#ifndef UADK_PROV_H
+#define UADK_PROV_H
+
+extern const OSSL_DISPATCH uadk_md5_functions[];
+extern const OSSL_DISPATCH uadk_sm3_functions[];
+extern const OSSL_DISPATCH uadk_sha1_functions[];
+extern const OSSL_DISPATCH uadk_sha224_functions[];
+extern const OSSL_DISPATCH uadk_sha256_functions[];
+extern const OSSL_DISPATCH uadk_sha384_functions[];
+extern const OSSL_DISPATCH uadk_sha512_functions[];
+
+void uadk_prov_destroy_digest(void);
+#endif
diff --git a/src/uadk_prov_digest.c b/src/uadk_prov_digest.c
new file mode 100644
index 0000000..fd05753
--- /dev/null
+++ b/src/uadk_prov_digest.c
@@ -0,0 +1,699 @@
+/*
+ * Copyright 2023-2024 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2023-2024 Linaro ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdio.h>
+#include <stdbool.h>
+#include <string.h>
+#include <dlfcn.h>
+#include <openssl/md5.h>
+#include <openssl/evp.h>
+#include <openssl/core_names.h>
+#include <openssl/proverr.h>
+#include <uadk/wd_cipher.h>
+#include <uadk/wd_digest.h>
+#include <uadk/wd_sched.h>
+#include "uadk.h"
+#include "uadk_async.h"
+#include "uadk_utils.h"
+
+#define UADK_DO_SOFT (-0xE0)
+#define CTX_SYNC 0
+#define CTX_ASYNC 1
+#define CTX_NUM 2
+#define DIGEST_DOING 1
+#define DIGEST_END 0
+
+/* The max BD data length is 16M-512B */
+#define BUF_LEN 0xFFFE00
+
+#define SM3_DIGEST_LENGTH 32
+#define SM3_CBLOCK 64
+#define SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
+#define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024)
+#define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
+#define MAX_DIGEST_LENGTH 64
+#define DIGEST_BLOCK_SIZE (512 * 1024)
+#define ALG_NAME_SIZE 128
+
+enum sec_digest_state {
+ SEC_DIGEST_INIT,
+ SEC_DIGEST_FIRST_UPDATING,
+ SEC_DIGEST_DOING,
+ SEC_DIGEST_FINAL
+};
+
+struct digest_threshold_table {
+ int nid;
+ int threshold;
+};
+
+struct digest_prov {
+ int pid;
+};
+
+static struct digest_prov prov;
+static pthread_mutex_t digest_mutex = PTHREAD_MUTEX_INITIALIZER;
+
+struct evp_md_ctx_st {
+ const EVP_MD *digest;
+ /* Functional reference if 'digest' is ENGINE-provided */
+ ENGINE *engine;
+ unsigned long flags;
+ void *md_data;
+ /* Public key context for sign/verify */
+ EVP_PKEY_CTX *pctx;
+ /* Update function: usually copied from EVP_MD */
+ int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
+};
+
+struct digest_priv_ctx {
+ handle_t sess;
+ struct wd_digest_sess_setup setup;
+ struct wd_digest_req req;
+ unsigned char *data;
+ unsigned char out[MAX_DIGEST_LENGTH];
+ EVP_MD_CTX *soft_ctx;
+ EVP_MD *soft_md;
+ size_t last_update_bufflen;
+ uint32_t e_nid;
+ uint32_t state;
+ uint32_t switch_threshold;
+ int switch_flag;
+ size_t md_size;
+ size_t blk_size;
+ char alg_name[ALG_NAME_SIZE];
+};
+
+struct digest_info {
+ int nid;
+ enum wd_digest_mode mode;
+ enum wd_digest_type alg;
+ __u32 out_len;
+};
+
+static struct digest_threshold_table digest_pkt_threshold_table[] = {
+ { NID_sm3, SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_md5, MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_sha1, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_sha224, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_sha256, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_sha384, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ { NID_sha512, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+};
+
+static struct digest_info digest_info_table[] = {
+ {NID_md5, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16},
+ {NID_sm3, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32},
+ {NID_sha1, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20},
+ {NID_sha224, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28},
+ {NID_sha256, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32},
+ {NID_sha384, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48},
+ {NID_sha512, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64},
+};
+
+static int uadk_e_digests_soft_md(struct digest_priv_ctx *priv)
+{
+ if (priv->soft_md)
+ return 1;
+
+ switch (priv->e_nid) {
+ case NID_sm3:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SM3, "provider=default");
+ break;
+ case NID_md5:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_MD5, "provider=default");
+ break;
+ case NID_sha1:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA1, "provider=default");
+ break;
+ case NID_sha224:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_224, "provider=default");
+ break;
+ case NID_sha256:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_256, "provider=default");
+ break;
+ case NID_sha384:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_384, "provider=default");
+ break;
+ case NID_sha512:
+ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_512, "provider=default");
+ break;
+ default:
+ break;
+ }
+
+ if (unlikely(priv->soft_md == NULL))
+ return 0;
+
+ return 1;
+}
+
+static uint32_t sec_digest_get_sw_threshold(int n_id)
+{
+ int threshold_table_size = ARRAY_SIZE(digest_pkt_threshold_table);
+ int i = 0;
+
+ do {
+ if (digest_pkt_threshold_table[i].nid == n_id)
+ return digest_pkt_threshold_table[i].threshold;
+ } while (++i < threshold_table_size);
+
+ fprintf(stderr, "nid %d not found in digest threshold table", n_id);
+ return 0;
+}
+
+static int digest_soft_init(struct digest_priv_ctx *priv)
+{
+ return EVP_DigestInit(priv->soft_ctx, priv->soft_md);
+}
+
+static int digest_soft_update(EVP_MD_CTX *ctx, const void *data, size_t len)
+{
+ return EVP_DigestUpdate(ctx, data, len);
+}
+
+static int digest_soft_final(struct digest_priv_ctx *priv, unsigned char *digest)
+{
+ unsigned int digest_length = EVP_MD_get_size(priv->soft_md);
+
+ return EVP_DigestFinal(priv->soft_ctx, digest, &digest_length);
+}
+
+static void digest_soft_cleanup(struct digest_priv_ctx *priv)
+{
+ EVP_MD_CTX *ctx = priv->soft_ctx;
+
+ if (ctx != NULL) {
+ if (ctx->md_data) {
+ OPENSSL_free(ctx->md_data);
+ ctx->md_data = NULL;
+ }
+ EVP_MD_CTX_free(ctx);
+ ctx = NULL;
+ }
+
+ if (priv->soft_md) {
+ EVP_MD_free(priv->soft_md);
+ priv->soft_md = NULL;
+ }
+}
+
+static int uadk_e_digest_soft_work(struct digest_priv_ctx *priv, int len,
+ unsigned char *digest)
+{
+ digest_soft_init(priv);
+
+ if (len != 0)
+ digest_soft_update(priv->soft_ctx, priv->data, len);
+
+ digest_soft_final(priv, digest);
+ digest_soft_cleanup(priv);
+
+ return 1;
+}
+
+static int uadk_e_digest_env_poll(void *ctx)
+{
+ __u64 rx_cnt = 0;
+ __u32 recv = 0;
+ /* Poll one packet currently */
+ int expt = 1;
+ int ret;
+
+ do {
+ ret = wd_digest_poll(expt, &recv);
+ if (ret < 0 || recv == expt)
+ return ret;
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
+
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
+}
+
+static int uadk_digest_init(struct digest_priv_ctx *priv)
+{
+ int digest_counts = ARRAY_SIZE(digest_info_table);
+ struct sched_params params = {0};
+ int nid = priv->e_nid;
+ int ret, i;
+
+ pthread_mutex_lock(&digest_mutex);
+ if (prov.pid != getpid()) {
+ ret = wd_digest_init2(priv->alg_name, 0, 0);
+ if (unlikely(ret)) {
+ priv->switch_flag = UADK_DO_SOFT;
+ goto soft_init;
+ }
+ prov.pid = getpid();
+ async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_env_poll);
+ }
+ pthread_mutex_unlock(&digest_mutex);
+
+ for (i = 0; i < digest_counts; i++) {
+ if (nid == digest_info_table[i].nid) {
+ priv->setup.alg = digest_info_table[i].alg;
+ priv->setup.mode = digest_info_table[i].mode;
+ priv->req.out_buf_bytes = MAX_DIGEST_LENGTH;
+ priv->req.out_bytes = digest_info_table[i].out_len;
+ break;
+ }
+ }
+
+ if (unlikely(i == digest_counts)) {
+ fprintf(stderr, "failed to setup the private ctx.\n");
+ return 0;
+ }
+
+ /* Use the default numa parameters */
+ params.numa_id = -1;
+ priv->setup.sched_param = &params;
+ priv->sess = wd_digest_alloc_sess(&priv->setup);
+ if (unlikely(!priv->sess))
+ return 0;
+
+ priv->data = malloc(DIGEST_BLOCK_SIZE);
+ if (unlikely(!priv->data)) {
+ wd_digest_free_sess(priv->sess);
+ return 0;
+ }
+
+ if (uadk_e_digests_soft_md(priv))
+ priv->switch_threshold = sec_digest_get_sw_threshold(nid);
+
+ return 1;
+
+soft_init:
+ pthread_mutex_unlock(&digest_mutex);
+ fprintf(stderr, "uadk failed to initialize digest.\n");
+ return digest_soft_init(priv);
+}
+
+static void digest_update_out_length(struct digest_priv_ctx *priv)
+{
+ /* Sha224 and Sha384 need full length mac buffer as doing long hash */
+ if (priv->e_nid == NID_sha224)
+ priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN;
+
+ if (priv->e_nid == NID_sha384)
+ priv->req.out_bytes = WD_DIGEST_SHA384_FULL_LEN;
+}
+
+static int digest_update_inner(struct digest_priv_ctx *priv, const void *data, size_t data_len)
+{
+ const unsigned char *tmpdata = (const unsigned char *)data;
+ size_t left_len = data_len;
+ int copy_to_bufflen;
+ int ret;
+
+ digest_update_out_length(priv);
+
+ priv->req.has_next = DIGEST_DOING;
+
+ while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) {
+ copy_to_bufflen = DIGEST_BLOCK_SIZE - priv->last_update_bufflen;
+ uadk_memcpy(priv->data + priv->last_update_bufflen, tmpdata,
+ copy_to_bufflen);
+
+ priv->last_update_bufflen = DIGEST_BLOCK_SIZE;
+ priv->req.in_bytes = DIGEST_BLOCK_SIZE;
+ priv->req.in = priv->data;
+ priv->req.out = priv->out;
+ left_len -= copy_to_bufflen;
+ tmpdata += copy_to_bufflen;
+ if (priv->state == SEC_DIGEST_INIT)
+ priv->state = SEC_DIGEST_FIRST_UPDATING;
+ else if (priv->state == SEC_DIGEST_FIRST_UPDATING)
+ priv->state = SEC_DIGEST_DOING;
+
+ ret = wd_do_digest_sync(priv->sess, &priv->req);
+ if (ret) {
+ fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n");
+ goto do_soft_digest;
+ }
+
+ priv->last_update_bufflen = 0;
+ if (left_len <= DIGEST_BLOCK_SIZE) {
+ priv->last_update_bufflen = left_len;
+ uadk_memcpy(priv->data, tmpdata, priv->last_update_bufflen);
+ break;
+ }
+ }
+
+ return 1;
+
+do_soft_digest:
+ if (priv->state == SEC_DIGEST_FIRST_UPDATING
+ && priv->data
+ && priv->last_update_bufflen != 0) {
+ priv->switch_flag = UADK_DO_SOFT;
+ digest_soft_init(priv);
+ ret = digest_soft_update(priv->soft_ctx,
+ priv->data, priv->last_update_bufflen);
+ if (ret != 1)
+ return ret;
+
+ return digest_soft_update(priv->soft_ctx,
+ tmpdata, left_len);
+ }
+
+ fprintf(stderr, "do soft digest failed during updating!\n");
+ return 0;
+}
+
+static int uadk_digest_update(struct digest_priv_ctx *priv, const void *data, size_t data_len)
+{
+ if (unlikely(priv->switch_flag == UADK_DO_SOFT))
+ goto soft_update;
+
+ if (priv->last_update_bufflen + data_len <= DIGEST_BLOCK_SIZE) {
+ uadk_memcpy(priv->data + priv->last_update_bufflen, data, data_len);
+ priv->last_update_bufflen += data_len;
+ return 1;
+ }
+
+ return digest_update_inner(priv, data, data_len);
+
+soft_update:
+ return digest_soft_update(priv->soft_ctx, data, data_len);
+}
+
+static void async_cb(struct wd_digest_req *req, void *data)
+{
+ struct uadk_e_cb_info *cb_param;
+ struct async_op *op;
+
+ if (!req)
+ return;
+
+ cb_param = req->cb_param;
+ if (!cb_param)
+ return;
+ op = cb_param->op;
+ if (op && op->job && !op->done) {
+ op->done = 1;
+ async_free_poll_task(op->idx, 1);
+ async_wake_job(op->job);
+ }
+}
+
+static int do_digest_sync(struct digest_priv_ctx *priv)
+{
+ int ret;
+
+ if (priv->req.in_bytes <= priv->switch_threshold &&
+ priv->state == SEC_DIGEST_INIT)
+ return 0;
+
+ ret = wd_do_digest_sync(priv->sess, &priv->req);
+ if (ret) {
+ fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n");
+ return 0;
+ }
+ return 1;
+}
+
+static int do_digest_async(struct digest_priv_ctx *priv, struct async_op *op)
+{
+ struct uadk_e_cb_info cb_param;
+ int idx, ret;
+
+ if (unlikely(priv->switch_flag == UADK_DO_SOFT)) {
+ fprintf(stderr, "async cipher init failed.\n");
+ return 0;
+ }
+
+ cb_param.op = op;
+ cb_param.priv = priv;
+ priv->req.cb = (void *)async_cb;
+ priv->req.cb_param = &cb_param;
+
+ ret = async_get_free_task(&idx);
+ if (!ret)
+ return 0;
+
+ op->idx = idx;
+
+ do {
+ ret = wd_do_digest_async(priv->sess, &priv->req);
+ if (ret < 0 && ret != -EBUSY) {
+ fprintf(stderr, "do sec digest async failed.\n");
+ async_free_poll_task(op->idx, 0);
+ return 0;
+ }
+ } while (ret == -EBUSY);
+
+ ret = async_pause_job(priv, op, ASYNC_TASK_DIGEST, idx);
+ if (!ret)
+ return 0;
+ return 1;
+}
+
+static int uadk_digest_final(struct digest_priv_ctx *priv, unsigned char *digest)
+{
+ struct async_op op;
+ int ret;
+
+ priv->req.has_next = DIGEST_END;
+ priv->req.in = priv->data;
+ priv->req.out = priv->out;
+ priv->req.in_bytes = priv->last_update_bufflen;
+
+ if (priv->e_nid == NID_sha224)
+ priv->req.out_bytes = WD_DIGEST_SHA224_LEN;
+
+ if (priv->e_nid == NID_sha384)
+ priv->req.out_bytes = WD_DIGEST_SHA384_LEN;
+
+ ret = async_setup_async_event_notification(&op);
+ if (unlikely(!ret)) {
+ fprintf(stderr, "failed to setup async event notification.\n");
+ return 0;
+ }
+
+ if (op.job == NULL) {
+ /* Synchronous, only the synchronous mode supports soft computing */
+ if (unlikely(priv->switch_flag == UADK_DO_SOFT)) {
+ ret = digest_soft_final(priv, digest);
+ digest_soft_cleanup(priv);
+ goto clear;
+ }
+
+ ret = do_digest_sync(priv);
+ if (!ret)
+ goto sync_err;
+ } else {
+ ret = do_digest_async(priv, &op);
+ if (!ret)
+ goto clear;
+ }
+ memcpy(digest, priv->req.out, priv->req.out_bytes);
+
+ return 1;
+
+sync_err:
+ if (priv->state == SEC_DIGEST_INIT) {
+ ret = uadk_e_digest_soft_work(priv, priv->req.in_bytes, digest);
+ } else {
+ ret = 0;
+ fprintf(stderr, "do sec digest stream mode failed.\n");
+ }
+clear:
+ async_clear_async_event_notification();
+ return ret;
+}
+
+static int uadk_digest_cleanup(struct digest_priv_ctx *priv)
+{
+ if (priv->sess) {
+ wd_digest_free_sess(priv->sess);
+ priv->sess = 0;
+ }
+
+ if (priv->data)
+ OPENSSL_free(priv->data);
+
+ return 1;
+}
+
+/* some params related code is copied from OpenSSL v3.0 prov/digestcommon.h */
+static const OSSL_PARAM uadk_digest_default_known_gettable_params[] = {
+ OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, NULL),
+ OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_SIZE, NULL),
+ OSSL_PARAM_int(OSSL_DIGEST_PARAM_XOF, NULL),
+ OSSL_PARAM_int(OSSL_DIGEST_PARAM_ALGID_ABSENT, NULL),
+ OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *uadk_prov_gettable_params(void *provctx)
+{
+ return uadk_digest_default_known_gettable_params;
+}
+
+static int uadk_digest_default_get_params(OSSL_PARAM params[], size_t blksz,
+ size_t paramsz)
+{
+ OSSL_PARAM *p = NULL;
+
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_BLOCK_SIZE);
+ if (p != NULL && !OSSL_PARAM_set_size_t(p, blksz)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE);
+ if (p != NULL && !OSSL_PARAM_set_size_t(p, paramsz)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_XOF);
+ if (p != NULL
+ && !OSSL_PARAM_set_int(p, 0)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_ALGID_ABSENT);
+ if (p != NULL
+ && !OSSL_PARAM_set_int(p, 0)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+
+ return 1;
+}
+
+static void uadk_prov_freectx(void *dctx)
+{
+ struct digest_priv_ctx *priv = (struct digest_priv_ctx *)dctx;
+
+ uadk_digest_cleanup(priv);
+ OPENSSL_clear_free(priv, sizeof(*priv));
+}
+
+static void *uadk_prov_dupctx(void *dctx)
+{
+ struct digest_priv_ctx *in;
+ struct digest_priv_ctx *ret;
+
+ in = (struct digest_priv_ctx *)dctx;
+ ret = OPENSSL_zalloc(sizeof(struct digest_priv_ctx *));
+
+ if (ret != NULL)
+ *ret = *in;
+ return ret;
+}
+
+static int uadk_prov_init(void *dctx, const OSSL_PARAM params[])
+{
+ struct digest_priv_ctx *priv =
+ (struct digest_priv_ctx *) dctx;
+
+ return uadk_digest_init(priv);
+}
+
+static int uadk_prov_update(void *dctx, const unsigned char *in, size_t inl)
+{
+ return uadk_digest_update((struct digest_priv_ctx *)dctx, in, inl);
+}
+
+/*
+ * Note:
+ * The I<dctx> parameter contains a pointer to the provider side context.
+ * The digest should be written to I<*out> and the length of the digest to I<*outl>.
+ * The digest should not exceed I<outsz> bytes.
+ */
+static int uadk_prov_final(void *dctx, unsigned char *out,
+ size_t *outl, size_t outsz)
+{
+ struct digest_priv_ctx *priv =
+ (struct digest_priv_ctx *) dctx;
+ int ret;
+
+ if (outsz > 0) {
+ ret = uadk_digest_final(priv, out);
+ if (!ret)
+ return ret;
+ }
+
+ if (unlikely(outl != NULL))
+ *outl = priv->md_size;
+
+ return 1;
+}
+
+void uadk_prov_destroy_digest(void)
+{
+ pthread_mutex_lock(&digest_mutex);
+ if (prov.pid == getpid()) {
+ wd_digest_uninit2();
+ prov.pid = 0;
+ }
+ pthread_mutex_unlock(&digest_mutex);
+}
+
+static OSSL_FUNC_digest_freectx_fn uadk_prov_freectx;
+static OSSL_FUNC_digest_dupctx_fn uadk_prov_dupctx;
+static OSSL_FUNC_digest_init_fn uadk_prov_init;
+static OSSL_FUNC_digest_update_fn uadk_prov_update;
+static OSSL_FUNC_digest_final_fn uadk_prov_final;
+static OSSL_FUNC_digest_gettable_params_fn
+ uadk_prov_gettable_params;
+
+#define UADK_PROVIDER_IMPLEMENTATION(name, nid, mdsize, blksize) \
+static OSSL_FUNC_digest_newctx_fn uadk_##name##_newctx; \
+static void *uadk_##name##_newctx(void *provctx) \
+{ \
+ struct digest_priv_ctx *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
+ \
+ if (ctx == NULL) \
+ return NULL; \
+ ctx->blk_size = blksize; \
+ ctx->md_size = mdsize; \
+ ctx->e_nid = nid; \
+ ctx->soft_ctx = EVP_MD_CTX_new(); \
+ if (ctx->soft_ctx == NULL) \
+ fprintf(stderr, "EVP_MD_CTX_new failed.\n"); \
+ strncpy(ctx->alg_name, #name, ALG_NAME_SIZE - 1); \
+ return ctx; \
+} \
+static OSSL_FUNC_digest_get_params_fn uadk_##name##_get_params; \
+static int uadk_##name##_get_params(OSSL_PARAM params[]) \
+{ \
+ return uadk_digest_default_get_params(params, blksize, mdsize); \
+} \
+const OSSL_DISPATCH uadk_##name##_functions[] = { \
+ { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))uadk_##name##_newctx }, \
+ { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))uadk_prov_freectx }, \
+ { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))uadk_prov_dupctx }, \
+ { OSSL_FUNC_DIGEST_INIT, (void (*)(void))uadk_prov_init }, \
+ { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))uadk_prov_update }, \
+ { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))uadk_prov_final }, \
+ { OSSL_FUNC_DIGEST_GET_PARAMS, \
+ (void (*)(void))uadk_##name##_get_params }, \
+ { OSSL_FUNC_DIGEST_GETTABLE_PARAMS, \
+ (void (*)(void))uadk_prov_gettable_params }, \
+ { 0, NULL } \
+}
+
+UADK_PROVIDER_IMPLEMENTATION(md5, NID_md5, MD5_DIGEST_LENGTH, MD5_CBLOCK);
+UADK_PROVIDER_IMPLEMENTATION(sm3, NID_sm3, SM3_DIGEST_LENGTH, SM3_CBLOCK);
+UADK_PROVIDER_IMPLEMENTATION(sha1, NID_sha1, 20, 64);
+UADK_PROVIDER_IMPLEMENTATION(sha224, NID_sha224, 28, 64);
+UADK_PROVIDER_IMPLEMENTATION(sha256, NID_sha256, 32, 64);
+UADK_PROVIDER_IMPLEMENTATION(sha384, NID_sha384, 48, 128);
+UADK_PROVIDER_IMPLEMENTATION(sha512, NID_sha512, 64, 128);
diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c
new file mode 100644
index 0000000..e363584
--- /dev/null
+++ b/src/uadk_prov_init.c
@@ -0,0 +1,110 @@
+/*
+ * Copyright 2023-2024 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2023-2024 Linaro ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/core_dispatch.h>
+#include <openssl/core_names.h>
+#include <openssl/crypto.h>
+
+#include "uadk_async.h"
+#include "uadk_prov.h"
+
+struct p_uadk_ctx {
+ const OSSL_CORE_HANDLE *handle;
+ OSSL_LIB_CTX *libctx;
+};
+
+const char *engine_uadk_id = "uadk_provider";
+static const char UADK_DEFAULT_PROPERTIES[] = "provider=uadk";
+
+const OSSL_ALGORITHM uadk_prov_digests[] = {
+ { OSSL_DIGEST_NAME_MD5, UADK_DEFAULT_PROPERTIES,
+ uadk_md5_functions, "uadk_provider md5" },
+ { OSSL_DIGEST_NAME_SM3, UADK_DEFAULT_PROPERTIES,
+ uadk_sm3_functions, "uadk_provider sm3" },
+ { OSSL_DIGEST_NAME_SHA1, UADK_DEFAULT_PROPERTIES,
+ uadk_sha1_functions, "uadk_provider sha1" },
+ { OSSL_DIGEST_NAME_SHA2_224, UADK_DEFAULT_PROPERTIES,
+ uadk_sha224_functions, "uadk_provider sha2-224" },
+ { OSSL_DIGEST_NAME_SHA2_256, UADK_DEFAULT_PROPERTIES,
+ uadk_sha256_functions, "uadk_provider sha2-256" },
+ { OSSL_DIGEST_NAME_SHA2_384, UADK_DEFAULT_PROPERTIES,
+ uadk_sha384_functions, "uadk_provider sha2-384" },
+ { OSSL_DIGEST_NAME_SHA2_512, UADK_DEFAULT_PROPERTIES,
+ uadk_sha512_functions, "uadk_provider sha2-512" },
+ { NULL, NULL, NULL }
+};
+
+static const OSSL_ALGORITHM *p_prov_query(void *provctx, int operation_id,
+ int *no_cache)
+{
+ *no_cache = 0;
+
+ switch (operation_id) {
+ case OSSL_OP_DIGEST:
+ return uadk_prov_digests;
+ }
+ return NULL;
+}
+
+static void p_teardown(void *provctx)
+{
+ struct p_uadk_ctx *ctx = (struct p_uadk_ctx *)provctx;
+
+ uadk_prov_destroy_digest();
+ OPENSSL_free(ctx);
+}
+
+static const OSSL_DISPATCH p_test_table[] = {
+ { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_prov_query },
+ { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown },
+ { 0, NULL }
+};
+
+static void provider_init_child_at_fork_handler(void)
+{
+ int ret;
+
+ ret = async_module_init();
+ if (!ret)
+ fprintf(stderr, "async_module_init fail!\n");
+}
+
+int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
+ const OSSL_DISPATCH *oin,
+ const OSSL_DISPATCH **out,
+ void **provctx)
+{
+ struct p_uadk_ctx *ctx;
+ int ret;
+
+ ctx = OPENSSL_zalloc(sizeof(*ctx));
+ if (ctx == NULL)
+ return 0;
+
+ ret = async_module_init();
+ if (!ret)
+ fprintf(stderr, "async_module_init fail!\n");
+ pthread_atfork(NULL, NULL, provider_init_child_at_fork_handler);
+
+ *provctx = (void *)ctx;
+ *out = p_test_table;
+ return 1;
+}
--
2.25.1

173
0007-README-update-openssl-3.0.patch Normal file
View File

@ -0,0 +1,173 @@
From bbf050d5f1eb525e881c7d581f913f2df27d2637 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Tue, 13 Jun 2023 09:24:19 +0000
Subject: [PATCH 7/7] README: update openssl 3.0
Update build steps for openssl 3.0
Also update sanity_test.sh
If ./configure --libdir=/usr/local/lib/ossl-modules/
$ ./test/sanity_test.sh
If ./configure --prefix=/tmp/build
$ ./test/sanity_test.sh /tmp/build/lib/uadk_provider.so
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
README.md | 34 ++++++++++++++++++++++++++------
test/sanity_test.sh | 48 +++++++++++++++++++++++++++++++++++++++------
2 files changed, 70 insertions(+), 12 deletions(-)
diff --git a/README.md b/README.md
index ac721e3..86676db 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ OpenSSL engine for uadk
Prerequisites
=============
* CPU: aarch64
-* OpenSSL: 1.1.1f
+* OpenSSL: 1.1.1f or 3.0
* libnuma
* zlib
@@ -26,24 +26,26 @@ Build and install OpenSSL
```
git clone https://github.com/openssl/openssl.git
cd openssl
- git checkout -b OpenSSL_1_1_1f OpenSSL_1_1_1f
+ // For openssl1.1.1f
+ git checkout -b opensssl1.1 OpenSSL_1_1_1f
+ // for openssl 3.0
+ git checkout -b openssl3.0 openssl-3.0.0
./config
make
sudo make install
openssl version
```
-Run pkg-config to ensure env is setup correctly
+Setup env on-demand
-----------------------------------------------
```
$ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/
$ pkg-config libcrypto --libs
-L/usr/local/lib -lcrypto
-```
-* export ``PKG_CONFIG_PATH`` is required on openEuler,
- where /usr/local/lib is not set as the default pkgconfig search path.
+ $ export LD_LIBRARY_PATH=/usr/local/lib
+```
Build and install UADK
----------------------
@@ -63,6 +65,7 @@ Build and install UADK
Build and install UADK Engine
-----------------------------
+For openssl 1.1
```
git clone https://github.com/Linaro/uadk_engine.git
cd uadk_engine
@@ -74,6 +77,20 @@ Build and install UADK Engine
Option --enable-kae can be chosen to enable KAE for non-sva version
```
+For openssl 3.0
+```
+ git clone https://github.com/Linaro/uadk_engine.git
+ cd uadk_engine
+ autoreconf -i
+ // openEuler
+ ./configure --libdir=/usr/local/lib/engines-3/
+ // ubuntu
+ ./configure --libdir=/usr/local/lib/ossl-modules/
+ make
+ sudo make install
+
+```
+
Testing
-------
```
@@ -109,9 +126,14 @@ Install libraries to the temp folder
$ ./configure --prefix=/tmp/build
$ make; make install
+ // For openssl 1.1
$ openssl engine -c /tmp/build/lib/uadk_engine.so
$ ./test/sanity_test.sh /tmp/build/lib/uadk_engine.so
+ // For openssl 3.0
+ $ openssl speed -provider /tmp/build/lib/uadk_provider.so -provider default -evp md5
+ $ ./test/sanity_test.sh /tmp/build/lib/uadk_provider.so
+
```
Environment variable of uadk engine
diff --git a/test/sanity_test.sh b/test/sanity_test.sh
index bdedc15..899d02c 100755
--- a/test/sanity_test.sh
+++ b/test/sanity_test.sh
@@ -2,14 +2,50 @@
sudo chmod 666 /dev/hisi_*
-if [ ! -n "$1" ]; then
- engine_id=uadk_engine
-else
- engine_id=$1
+
+version=$(openssl version)
+echo $version
+if [[ $version =~ "3.0" ]]; then
+ echo "openssl 3.0"
+ if [ ! -n "$1" ]; then
+ engine_id=uadk_provider
+ else
+ engine_id=$1
+ fi
+
+ digest_algs=$(openssl list -provider $engine_id -digest-algorithms)
+fi
+
+if [[ $digest_algs =~ "uadk_provider" ]]; then
+ echo "uadk_provider testing digest"
+ openssl speed -provider $engine_id -provider default -evp md5
+ openssl speed -provider $engine_id -provider default -evp sm3
+ openssl speed -provider $engine_id -provider default -evp sha1
+ openssl speed -provider $engine_id -provider default -evp sha2-224
+ openssl speed -provider $engine_id -provider default -evp sha2-256
+ openssl speed -provider $engine_id -provider default -evp sha2-384
+ openssl speed -provider $engine_id -provider default -evp sha2-512
+
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp md5
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sm3
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha1
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-224
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-256
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-384
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-512
fi
-algs=$(openssl engine -c $engine_id)
-echo $algs
+if [[ $version =~ "1.1.1" ]]; then
+ echo "openssl 1.1.1"
+ if [ ! -n "$1" ]; then
+ engine_id=uadk_engine
+ else
+ engine_id=$1
+ fi
+
+ algs=$(openssl engine -c $engine_id)
+ echo $algs
+fi
#digest
if [[ $algs =~ "MD5" ]]; then
--
2.25.1

349
0007-rsa-cleanup-about-reducing-function-parameters.patch
View File

@ -1,349 +0,0 @@
From 273cf10d03532e73dfcd9f8a1223bfecb64d0f16 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Wed, 22 Dec 2021 10:51:48 +0000
Subject: [PATCH 07/18] rsa: cleanup about reducing function parameters
Reduce the number of parameters of functions
related to prime, and make the name of those
functions clearer.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 155 ++++++++++++++++++++++++++++++-------------------
1 file changed, 95 insertions(+), 60 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index cb98159..c1609ca 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -97,6 +97,14 @@ struct rsa_prikey_param {
int is_crt;
};
+struct rsa_prime_param {
+ BIGNUM *r1;
+ BIGNUM *r2;
+ BIGNUM *rsa_p;
+ BIGNUM *rsa_q;
+ BIGNUM *prime;
+};
+
struct uadk_rsa_sess {
handle_t sess;
struct wd_rsa_sess_setup setup;
@@ -156,15 +164,14 @@ static int rsa_check_bit_useful(const int bits, int flen)
}
}
-static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
- BN_CTX *ctx, BN_GENCB *cb)
+static int rsa_prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
+ BN_CTX *ctx, BN_GENCB *cb)
{
- /* calculate n = p * q */
if (num == 1) {
if (!BN_mul(r1, rsa_p, rsa_q, ctx))
return BN_ERR;
} else {
- /* if num == 0, use number 3 to indicate do nothing */
+ /* If num == 0, use number 3 to indicate do nothing */
if (!BN_GENCB_call(cb, 3, num))
return BN_ERR;
return BN_CONTINUE;
@@ -173,20 +180,21 @@ static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
return BN_VALID;
}
-static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
- const int *n, BIGNUM *rsa_p, BIGNUM *rsa_q,
- BIGNUM *r1, BIGNUM *r2, BN_CTX *ctx,
- BN_GENCB *cb)
+static int check_rsa_prime_sufficient(int *num, const int *bitsr,
+ int *bitse, const int *n,
+ struct rsa_prime_param *param,
+ BN_CTX *ctx, BN_GENCB *cb)
{
static int retries;
BN_ULONG bitst;
int ret;
- ret = prime_mul_res(*num, rsa_p, rsa_q, r1, ctx, cb);
+ ret = rsa_prime_mul_res(*num, param->rsa_p, param->rsa_q,
+ param->r1, ctx, cb);
if (ret)
return ret;
/*
- * if |r1|, product of factors so far, is not as long as expected
+ * If |r1|, product of factors so far, is not as long as expected
* (by checking the first 4 bits are less than 0x9 or greater than
* 0xF). If so, re-generate the last prime.
*
@@ -199,10 +207,10 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
* key by using the modulus in a certificate. This is also covered
* by checking the length should not be less than 0x9.
*/
- if (!BN_rshift(r2, r1, *bitse - 4))
+ if (!BN_rshift(param->r2, param->r1, *bitse - 4))
return BN_ERR;
- bitst = BN_get_word(r2);
+ bitst = BN_get_word(param->r2);
if (bitst < 0x9 || bitst > 0xF) {
/*
* For keys with more than 4 primes, we attempt longer factor to
@@ -216,7 +224,9 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
*bitse -= bitsr[*num];
else
return -1;
- if (!BN_GENCB_call(cb, 2, *n++))
+
+ ret = BN_GENCB_call(cb, 2, *n++);
+ if (!ret)
return -1;
if (retries == 4) {
*num = -1;
@@ -227,14 +237,17 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse,
retries++;
return BN_REDO;
}
- if (!BN_GENCB_call(cb, 3, *num))
+
+ ret = BN_GENCB_call(cb, 3, *num);
+ if (!ret)
return BN_ERR;
retries = 0;
return BN_VALID;
}
-static void set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM **prime)
+static void rsa_set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
+ BIGNUM **prime)
{
if (num == 0)
*prime = rsa_p;
@@ -244,8 +257,8 @@ static void set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM **prime)
BN_set_flags(*prime, BN_FLG_CONSTTIME);
}
-static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
- BIGNUM *prime)
+static int check_rsa_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
+ BIGNUM *prime)
{
BIGNUM *prev_prime;
int j;
@@ -268,8 +281,8 @@ static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q,
return UADK_E_SUCCESS;
}
-static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2,
- BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb)
+static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
+ BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb)
{
unsigned long err;
/*
@@ -278,10 +291,10 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r
* BN_value_one() returns a BIGNUM constant of value 1.
* r2 = prime - 1.
*/
- if (!BN_sub(r2, prime, BN_value_one()))
+ if (!BN_sub(param->r2, param->prime, BN_value_one()))
return -1;
ERR_set_mark();
- BN_set_flags(r2, BN_FLG_CONSTTIME);
+ BN_set_flags(param->r2, BN_FLG_CONSTTIME);
/*
* BN_mod_inverse(r,a,n,ctx) used to compute inverse modulo n.
* Precisely, it computes the inverse of "a" modulo "n", and places
@@ -290,7 +303,7 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r
* The expected result: (r2 * r1) % e_pub ==1,
* the inverse of r2 exist, that is r1.
*/
- if (BN_mod_inverse(r1, r2, e_pub, ctx))
+ if (BN_mod_inverse(param->r1, param->r2, e_pub, ctx))
return UADK_E_SUCCESS;
err = ERR_peek_last_error();
@@ -307,10 +320,9 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r
return GET_ERR_FINISH;
}
-static int get_prime_once(int num, const int *bitsr, const int *n,
- BIGNUM *prime, BIGNUM *rsa_p, BIGNUM *rsa_q,
- BIGNUM *r1, BIGNUM *r2, BIGNUM *e_pub,
- BN_CTX *ctx, BN_GENCB *cb)
+static int get_rsa_prime_once(int num, const int *bitsr, const int *n,
+ BIGNUM *e_pub, struct rsa_prime_param *param,
+ BN_CTX *ctx, BN_GENCB *cb)
{
int ret = -1;
@@ -318,12 +330,13 @@ static int get_prime_once(int num, const int *bitsr, const int *n,
return ret;
while (1) {
/* Generate prime with bitsr[num] len. */
- if (!BN_generate_prime_ex(prime, bitsr[num],
+ if (!BN_generate_prime_ex(param->prime, bitsr[num],
0, NULL, NULL, cb))
return BN_ERR;
- if (!check_prime_equal(num, rsa_p, rsa_q, prime))
+ if (!check_rsa_prime_equal(num, param->rsa_p, param->rsa_q,
+ param->prime))
continue;
- ret = check_prime_useful(n, prime, r1, r2, e_pub, ctx, cb);
+ ret = check_rsa_prime_useful(n, param, e_pub, ctx, cb);
if (ret == BN_ERR)
return BN_ERR;
else if (ret == UADK_E_SUCCESS)
@@ -333,8 +346,7 @@ static int get_prime_once(int num, const int *bitsr, const int *n,
return ret;
}
-static void switch_p_q(BIGNUM *rsa_p, BIGNUM *rsa_q,
- BIGNUM *p, BIGNUM *q)
+static void rsa_switch_p_q(BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *p, BIGNUM *q)
{
BIGNUM *tmp;
@@ -373,13 +385,37 @@ static int check_rsa_is_crt(RSA *rsa)
return UN_SET;
}
+static int get_rsa_prime_param(struct rsa_prime_param *param, BN_CTX *ctx)
+{
+ param->r1 = BN_CTX_get(ctx);
+ if (!param->r1)
+ goto end;
+
+ param->r2 = BN_CTX_get(ctx);
+ if (!param->r2)
+ goto end;
+
+ param->rsa_p = BN_CTX_get(ctx);
+ if (!param->rsa_p)
+ goto end;
+
+ param->rsa_q = BN_CTX_get(ctx);
+ if (!param->rsa_q)
+ goto end;
+
+ return UADK_E_SUCCESS;
+
+end:
+ fprintf(stderr, "failed to malloc params\n");
+ return UADK_E_FAIL;
+}
+
static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
BIGNUM *q, BN_GENCB *cb)
{
- BIGNUM *r1, *r2, *rsa_p, *rsa_q;
+ struct rsa_prime_param *param = NULL;
int bitsr[RSA_MAX_PRIME_NUM] = {0};
int flag, quo, rmd, i;
- BIGNUM *prime = NULL;
BN_CTX *ctx;
int bitse = 0;
int ret = 0;
@@ -391,12 +427,15 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
return ret;
BN_CTX_start(ctx);
- r1 = BN_CTX_get(ctx);
- r2 = BN_CTX_get(ctx);
- rsa_p = BN_CTX_get(ctx);
- rsa_q = BN_CTX_get(ctx);
- if (!r1 || !r2 || !rsa_p || !rsa_q)
- goto err;
+ param = OPENSSL_zalloc(sizeof(struct rsa_prime_param));
+ if (!param) {
+ fprintf(stderr, "failed to malloc rsa prime param\n");
+ goto free_ctx;
+ }
+
+ ret = get_rsa_prime_param(param, ctx);
+ if (!ret)
+ goto free_param;
/* Divide bits into 'primes' pieces evenly */
quo = bits / RSA_MAX_PRIME_NUM;
@@ -409,39 +448,37 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
/* flag: whether primes are generated correctely. */
flag = 1;
/* Set flag for primes rsa_p and rsa_q separately. */
- set_primes(i, rsa_p, rsa_q, &prime);
+ rsa_set_primes(i, param->rsa_p, param->rsa_q, &param->prime);
while (flag == 1) {
- if (get_prime_once(i, bitsr, &n, prime, rsa_p, rsa_q,
- r1, r2, e_pub, ctx, cb) == -1)
- goto err;
+ ret = get_rsa_prime_once(i, bitsr, &n, e_pub, param,
+ ctx, cb);
+ if (ret == -1)
+ goto free_param;
bitse += bitsr[i];
- ret = check_prime_sufficient(&i, bitsr, &bitse, &n,
- rsa_p, rsa_q, r1, r2,
- ctx, cb);
+ ret = check_rsa_prime_sufficient(&i, bitsr, &bitse, &n,
+ param, ctx, cb);
if (ret == BN_ERR)
- goto err;
+ goto free_param;
else if (ret == BN_REDO)
continue;
else
flag = 0;
}
}
- switch_p_q(rsa_p, rsa_q, p, q);
+ rsa_switch_p_q(param->rsa_p, param->rsa_q, p, q);
ret = UADK_E_SUCCESS;
-err:
- if (ctx) {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
-
+free_param:
+ OPENSSL_free(param);
+free_ctx:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
return ret;
}
static int add_rsa_pubenc_padding(int flen, const unsigned char *from,
- unsigned char *buf, int num,
- int padding)
+ unsigned char *buf, int num, int padding)
{
int ret;
@@ -852,8 +889,7 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param,
struct uadk_rsa_sess *rsa_sess,
- unsigned char *in_buf,
- unsigned char *to)
+ unsigned char *in_buf, unsigned char *to)
{
struct wd_rsa_pubkey *pubkey = NULL;
struct wd_dtb *wd_e = NULL;
@@ -882,8 +918,7 @@ static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param,
static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,
struct rsa_prikey_param *pri,
- unsigned char *in_buf,
- unsigned char *to)
+ unsigned char *in_buf, unsigned char *to)
{
struct wd_rsa_prikey *prikey;
struct wd_dtb *wd_dq;
--
2.24.4

29
0008-cipher-fix-double-free-error.patch Normal file
View File

@ -0,0 +1,29 @@
From 516c9a1c8f77e8d1d91c78478425b4df585ec485 Mon Sep 17 00:00:00 2001
From: taoqi <taoqi10@huawei.com>
Date: Tue, 20 Jun 2023 22:38:01 +0800
Subject: [PATCH 08/10] cipher: fix double free error
When wd_cipher_set_key() failed, after the handle
is released, the handle should be set to 0 to avoid
reusing.
Signed-off-by: taoqi <taoqi10@huawei.com>
---
src/uadk_cipher.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index c7be21a..1905e47 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -878,6 +878,7 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
ret = wd_cipher_set_key(priv->sess, priv->key, EVP_CIPHER_CTX_key_length(ctx));
if (ret) {
wd_cipher_free_sess(priv->sess);
+ priv->sess = 0;
fprintf(stderr, "uadk failed to set key!\n");
}
}
--
2.25.1

355
0008-ecc-cleanup-sm2-compute-digest-function.patch
View File

@ -1,355 +0,0 @@
From b99452edd6ae045e833e3ae01866b8546fd5733a Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Fri, 24 Dec 2021 07:30:22 +0000
Subject: [PATCH 08/18] ecc: cleanup sm2 compute digest function
The operation flow of sm2_compute_z_digest()
is modularized and encapsulated to reduce
the code line of sm2_compute_z_digest() and
make the code easier to understand.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_sm2.c | 277 +++++++++++++++++++++++++++++++++++--------------
1 file changed, 197 insertions(+), 80 deletions(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index d74aa3a..6d5dad0 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -62,6 +62,26 @@ typedef struct sm2_ciphertext {
ASN1_OCTET_STRING *C2;
} SM2_Ciphertext;
+struct sm2_param {
+ /*
+ * p: BIGNUM with the prime number (GFp) or the polynomial
+ * defining the underlying field (GF2m)
+ */
+ BIGNUM *p;
+ /* a: BIGNUM for parameter a of the equation */
+ BIGNUM *a;
+ /* b: BIGNUM for parameter b of the equation */
+ BIGNUM *b;
+ /* xG: BIGNUM for the x-coordinate value of G point */
+ BIGNUM *xG;
+ /* yG: BIGNUM for the y-coordinate value of G point */
+ BIGNUM *yG;
+ /* xA: BIGNUM for the x-coordinate value of PA point */
+ BIGNUM *xA;
+ /* yA: BIGNUM for the y-coordinate value of PA point */
+ BIGNUM *yA;
+};
+
DECLARE_ASN1_FUNCTIONS(SM2_Ciphertext)
ASN1_SEQUENCE(SM2_Ciphertext) = {
@@ -695,8 +715,7 @@ static int sm2_verify_init(EVP_PKEY_CTX *ctx)
}
static int sm2_verify_init_iot(handle_t sess, struct wd_ecc_req *req,
- struct wd_dtb *e,
- struct wd_dtb *r,
+ struct wd_dtb *e, struct wd_dtb *r,
struct wd_dtb *s)
{
struct wd_ecc_in *ecc_in;
@@ -1229,119 +1248,217 @@ static int sm2_ctrl_str(EVP_PKEY_CTX *ctx,
return UADK_E_INVALID;
}
-static int sm2_compute_z_digest(uint8_t *out,
- const EVP_MD *digest,
- const uint8_t *id,
- const size_t id_len,
- const EC_KEY *key)
+static int get_sm2_param(struct sm2_param *sm2_param, BN_CTX *ctx)
{
- const EC_GROUP *group = EC_KEY_get0_group(key);
- EVP_MD_CTX *hash = NULL;
- uint8_t *buf = NULL;
- BN_CTX *ctx = NULL;
- BIGNUM *p = NULL;
- BIGNUM *a = NULL;
- BIGNUM *b = NULL;
- BIGNUM *xG = NULL;
- BIGNUM *yG = NULL;
- BIGNUM *xA = NULL;
- BIGNUM *yA = NULL;
- uint8_t e_byte;
- uint16_t entl;
- int p_bytes;
- int rc = 0;
+ sm2_param->p = BN_CTX_get(ctx);
+ if (!sm2_param->p)
+ goto end;
- hash = EVP_MD_CTX_new();
- ctx = BN_CTX_new();
- if (hash == NULL || ctx == NULL) {
- fprintf(stderr, "failed to EVP_CTX_new\n");
- goto done;
- }
+ sm2_param->a = BN_CTX_get(ctx);
+ if (!sm2_param->a)
+ goto end;
- p = BN_CTX_get(ctx);
- a = BN_CTX_get(ctx);
- b = BN_CTX_get(ctx);
- xG = BN_CTX_get(ctx);
- yG = BN_CTX_get(ctx);
- xA = BN_CTX_get(ctx);
- yA = BN_CTX_get(ctx);
- if (yA == NULL) {
- fprintf(stderr, "failed to malloc\n");
- goto done;
- }
+ sm2_param->b = BN_CTX_get(ctx);
+ if (!sm2_param->b)
+ goto end;
+
+ sm2_param->xG = BN_CTX_get(ctx);
+ if (!sm2_param->xG)
+ goto end;
+
+ sm2_param->yG = BN_CTX_get(ctx);
+ if (!sm2_param->yG)
+ goto end;
+
+ sm2_param->xA = BN_CTX_get(ctx);
+ if (!sm2_param->xA)
+ goto end;
+
+ sm2_param->yA = BN_CTX_get(ctx);
+ if (!sm2_param->yA)
+ goto end;
+
+ return 1;
+
+end:
+ fprintf(stderr, "failed to malloc params\n");
+ return 0;
+}
+
+static int check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash,
+ const size_t id_len, const uint8_t *id)
+{
+ uint8_t e_byte;
+ uint16_t entl;
if (!EVP_DigestInit(hash, digest)) {
fprintf(stderr, "error evp lib\n");
- goto done;
+ return 0;
}
/* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */
if (id_len >= (UINT16_MAX / 8)) {
- /* too large */
fprintf(stderr, "id too large\n");
- goto done;
+ return 0;
}
entl = (uint16_t)(8 * id_len);
e_byte = entl >> 8;
- if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
- fprintf(stderr, "error evp lib\n");
- goto done;
- }
+ if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
+ fprintf(stderr, "error evp lib\n");
+ return 0;
+ }
+
e_byte = entl & 0xFF;
if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
fprintf(stderr, "error evp lib\n");
- goto done;
+ return 0;
}
if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) {
fprintf(stderr, "error evp lib\n");
- goto done;
+ return 0;
}
- if (!EC_GROUP_get_curve(group, p, a, b, ctx)) {
- fprintf(stderr, "error ec lib\n");
- goto done;
+ return 1;
+}
+
+static int check_equation_param(struct sm2_param *param, EVP_MD_CTX *hash,
+ uint8_t *buf, int p_bytes)
+{
+ if (BN_bn2binpad(param->a, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes) ||
+ BN_bn2binpad(param->b, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes)) {
+ fprintf(stderr, "failed to check equation param\n");
+ return 0;
}
- p_bytes = BN_num_bytes(p);
- buf = OPENSSL_zalloc(p_bytes);
- if (buf == NULL) {
- fprintf(stderr, "failed to malloc\n");
- goto done;
+ return 1;
+}
+
+
+static int check_base_point_group_param(struct sm2_param *param, BN_CTX *ctx,
+ const EC_KEY *key)
+{
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+
+ if (!EC_POINT_get_affine_coordinates(group,
+ EC_GROUP_get0_generator(group),
+ param->xG, param->yG, ctx)) {
+ fprintf(stderr, "failed to check base point group param\n");
+ return 0;
}
- if (BN_bn2binpad(a, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || BN_bn2binpad(b, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || !EC_POINT_get_affine_coordinates(group,
- EC_GROUP_get0_generator(group),
- xG, yG, ctx)
- || BN_bn2binpad(xG, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || BN_bn2binpad(yG, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || !EC_POINT_get_affine_coordinates(group,
- EC_KEY_get0_public_key(key),
- xA, yA, ctx)
- || BN_bn2binpad(xA, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || BN_bn2binpad(yA, buf, p_bytes) < 0
- || !EVP_DigestUpdate(hash, buf, p_bytes)
- || !EVP_DigestFinal(hash, out, NULL)) {
- fprintf(stderr, "internal error\n");
- goto done;
+ return 1;
+}
+
+static int check_base_point_param(struct sm2_param *param, EVP_MD_CTX *hash,
+ uint8_t *buf, int p_bytes)
+{
+ if (BN_bn2binpad(param->xG, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes) ||
+ BN_bn2binpad(param->yG, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes)) {
+ fprintf(stderr, "failed to check base point param\n");
+ return 0;
}
- rc = 1;
+ return 1;
+}
-done:
+static int check_pkey_point_group_param(struct sm2_param *param, BN_CTX *ctx,
+ const EC_KEY *key)
+{
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+
+ if (!EC_POINT_get_affine_coordinates(group,
+ EC_KEY_get0_public_key(key),
+ param->xA, param->yA, ctx)) {
+ fprintf(stderr, "failed to check pkey point group param\n");
+ return 0;
+ }
+ return 1;
+}
+
+static int check_pkey_point_param(struct sm2_param *param, EVP_MD_CTX *hash,
+ uint8_t *buf, int p_bytes, uint8_t *out)
+{
+ if (BN_bn2binpad(param->xA, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes) ||
+ BN_bn2binpad(param->yA, buf, p_bytes) < 0 ||
+ !EVP_DigestUpdate(hash, buf, p_bytes) ||
+ !EVP_DigestFinal(hash, out, NULL)) {
+ fprintf(stderr, "failed to check pkey point param\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int sm2_compute_z_digest(uint8_t *out, const EVP_MD *digest,
+ const uint8_t *id, const size_t id_len,
+ const EC_KEY *key)
+{
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+ struct sm2_param *param = NULL;
+ EVP_MD_CTX *hash = NULL;
+ uint8_t *buf = NULL;
+ BN_CTX *ctx = NULL;
+ int p_bytes;
+ int ret = 0;
+
+ hash = EVP_MD_CTX_new();
+ if (!hash)
+ return ret;
+
+ ctx = BN_CTX_new();
+ if (!ctx)
+ goto free_hash;
+
+ param = OPENSSL_zalloc(sizeof(struct sm2_param));
+ if (!param) {
+ fprintf(stderr, "failed to malloc sm2 param\n");
+ goto free_ctx;
+ }
+
+ if (!get_sm2_param(param, ctx))
+ goto free_param;
+
+ if (!check_digest_evp_lib(digest, hash, id_len, id))
+ goto free_param;
+
+ if (!EC_GROUP_get_curve(group, param->p, param->a, param->b, ctx)) {
+ fprintf(stderr, "failed to get curve\n");
+ goto free_param;
+ }
+
+ p_bytes = BN_num_bytes(param->p);
+ buf = OPENSSL_zalloc(p_bytes);
+ if (!buf) {
+ fprintf(stderr, "failed to malloc buf\n");
+ goto free_param;
+ }
+
+ if (!check_equation_param(param, hash, buf, p_bytes) ||
+ !check_base_point_group_param(param, ctx, key) ||
+ !check_base_point_param(param, hash, buf, p_bytes) ||
+ !check_pkey_point_group_param(param, ctx, key) ||
+ !check_pkey_point_param(param, hash, buf, p_bytes, out))
+ goto free_buf;
+
+ ret = 1;
+
+free_buf:
OPENSSL_free(buf);
+free_param:
+ OPENSSL_free(param);
+free_ctx:
BN_CTX_free(ctx);
+free_hash:
EVP_MD_CTX_free(hash);
- return rc;
+ return ret;
}
static int sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
--
2.24.4

56
0009-cipher-fix-set-key-error.patch Normal file
View File

@ -0,0 +1,56 @@
From c8f3d1d021f028a9ca500d079c4158038e1b22c9 Mon Sep 17 00:00:00 2001
From: taoqi <taoqi10@huawei.com>
Date: Tue, 20 Jun 2023 23:05:06 +0800
Subject: [PATCH 09/10] cipher: fix set key error
Initialize the algorithm type again to prevent
the algorithm type from being changed.
Signed-off-by: taoqi <taoqi10@huawei.com>
---
src/uadk_cipher.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 1905e47..cc13823 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -840,8 +840,10 @@ static int do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *op)
static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
{
+ __u32 cipher_counts = ARRAY_SIZE(cipher_info_table);
struct sched_params params = {0};
- int ret;
+ int nid, ret;
+ __u32 i;
priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx);
priv->req.iv = priv->iv;
@@ -869,7 +871,23 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
/* Use the default numa parameters */
params.numa_id = -1;
priv->setup.sched_param = &params;
+
if (!priv->sess) {
+ nid = EVP_CIPHER_CTX_nid(ctx);
+
+ for (i = 0; i < cipher_counts; i++) {
+ if (nid == cipher_info_table[i].nid) {
+ cipher_priv_ctx_setup(priv, cipher_info_table[i].alg,
+ cipher_info_table[i].mode, cipher_info_table[i].out_bytes);
+ break;
+ }
+ }
+
+ if (i == cipher_counts) {
+ fprintf(stderr, "failed to setup the private ctx.\n");
+ return;
+ }
+
priv->sess = wd_cipher_alloc_sess(&priv->setup);
if (!priv->sess)
fprintf(stderr, "uadk failed to alloc session!\n");
--
2.25.1

232
0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch
View File

@ -1,232 +0,0 @@
From 1bb24b3d0769f82e6903ca94fa6b8ad466eb5bbe Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Fri, 24 Dec 2021 08:44:03 +0000
Subject: [PATCH 09/18] ecc: bugfix about ecc init after alloc sess
When executing allocating session operation, it needs
sched_init(), which is supported by init operation
in the engine, so the init operation should be done
before executing allocating session operation.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 93 +++++++++++++++++++++++----------------------------
1 file changed, 42 insertions(+), 51 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 9040d3c..0c8a011 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -426,7 +426,10 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
if (ret)
goto do_soft;
- ret = UADK_DO_SOFT;
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
+
sess = ecc_alloc_sess(eckey, "ecdsa");
if (!sess)
goto do_soft;
@@ -438,33 +441,28 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
if (ret)
goto free_sess;
- ret = uadk_ecc_set_private_key(sess, eckey);
+ ret = uadk_ecc_set_private_key(sess, eckey);
if (ret)
goto uninit_iot;
- ret = uadk_init_ecc();
- if (ret) {
- ret = UADK_DO_SOFT;
- goto uninit_iot;
- }
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1) {
- ret = UADK_DO_SOFT;
+ if (ret != 1)
goto uninit_iot;
- }
sig = create_ecdsa_sig(&req);
+ wd_ecc_del_in(sess, req.src);
+ wd_ecc_del_out(sess, req.dst);
+ wd_ecc_free_sess(sess);
+
+ return sig;
+
uninit_iot:
wd_ecc_del_in(sess, req.src);
wd_ecc_del_out(sess, req.dst);
free_sess:
wd_ecc_free_sess(sess);
do_soft:
- if (ret != UADK_DO_SOFT)
- return sig;
-
fprintf(stderr, "switch to execute openssl software calculation.\n");
return openssl_do_sign(dgst, dlen, in_kinv, in_r, eckey);
}
@@ -617,7 +615,10 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen,
if (ret)
goto do_soft;
- ret = UADK_DO_SOFT;
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
+
sess = ecc_alloc_sess(eckey, "ecdsa");
if (!sess)
goto do_soft;
@@ -633,24 +634,19 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen,
if (ret)
goto uninit_iot;
- ret = uadk_init_ecc();
- if (ret) {
- ret = UADK_DO_SOFT;
- goto uninit_iot;
- }
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
if (ret != 1) {
- printf("failed to uadk_ecc_crypto, ret = %d\n", ret);
- ret = UADK_DO_SOFT;
+ fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
+ goto uninit_iot;
}
+
+ return ret;
+
uninit_iot:
wd_ecc_del_in(sess, req.src);
free_sess:
wd_ecc_free_sess(sess);
do_soft:
- if (ret != UADK_DO_SOFT)
- return ret;
fprintf(stderr, "switch to execute openssl software calculation.\n");
return openssl_do_verify(dgst, dlen, sig, eckey);
}
@@ -888,9 +884,12 @@ static int sm2_generate_key(EC_KEY *eckey)
ret = eckey_create_key(eckey);
if (!ret)
- return ret;
+ goto do_soft;
+
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
- ret = UADK_DO_SOFT;
sess = ecc_alloc_sess(eckey, "sm2");
if (!sess)
goto do_soft;
@@ -900,35 +899,29 @@ static int sm2_generate_key(EC_KEY *eckey)
if (ret)
goto free_sess;
- ret = uadk_init_ecc();
- if (ret) {
- ret = UADK_DO_SOFT;
- goto uninit_iot;
- }
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1) {
- ret = UADK_DO_SOFT;
+ if (ret != 1)
goto uninit_iot;
- }
ret = set_key_to_ec_key(eckey, &req);
if (ret)
goto uninit_iot;
ret = 1;
+ wd_ecc_del_out(sess, req.dst);
+ wd_ecc_free_sess(sess);
+
+ return ret;
+
uninit_iot:
wd_ecc_del_out(sess, req.dst);
free_sess:
wd_ecc_free_sess(sess);
do_soft:
- if (ret != UADK_DO_SOFT)
- return ret;
fprintf(stderr, "switch to execute openssl software calculation.\n");
return openssl_do_generate(eckey);
}
-
static int ecdh_keygen_init_iot(handle_t sess, struct wd_ecc_req *req,
EC_KEY *ecdh)
{
@@ -1108,6 +1101,10 @@ static int ecdh_generate_key(EC_KEY *ecdh)
if (!ret)
goto do_soft;
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
+
sess = ecc_alloc_sess(ecdh, "ecdh");
if (!sess)
goto do_soft;
@@ -1121,10 +1118,6 @@ static int ecdh_generate_key(EC_KEY *ecdh)
if (ret)
goto uninit_iot;
- ret = uadk_init_ecc();
- if (ret)
- goto uninit_iot;
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
if (ret != 1)
goto uninit_iot;
@@ -1202,10 +1195,8 @@ static int ecc_compkey_check(unsigned char **out,
return 1;
}
-static int ecdh_compute_key(unsigned char **out,
- size_t *outlen,
- const EC_POINT *pub_key,
- const EC_KEY *ecdh)
+static int ecdh_compute_key(unsigned char **out, size_t *outlen,
+ const EC_POINT *pub_key, const EC_KEY *ecdh)
{
struct wd_ecc_req req;
handle_t sess;
@@ -1215,6 +1206,10 @@ static int ecdh_compute_key(unsigned char **out,
if (!ret)
goto do_soft;
+ ret = uadk_init_ecc();
+ if (ret)
+ goto do_soft;
+
sess = ecc_alloc_sess(ecdh, "ecdh");
if (!sess)
goto do_soft;
@@ -1232,10 +1227,6 @@ static int ecdh_compute_key(unsigned char **out,
if (ret)
goto uninit_iot;
- ret = uadk_init_ecc();
- if (ret)
- goto uninit_iot;
-
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
if (ret != 1)
goto uninit_iot;
--
2.24.4

36
0010-cipher-fix-async-hardware-computing-error.patch Normal file
View File

@ -0,0 +1,36 @@
From 9fa67d9748d0e8b710bc8a0cdd3f289e3a1b2f8f Mon Sep 17 00:00:00 2001
From: taoqi <taoqi10@huawei.com>
Date: Tue, 20 Jun 2023 23:07:31 +0800
Subject: [PATCH 10/10] cipher: fix async hardware computing error
If the length of the input data does not reach to
hardware computing threshold, directly switch to
soft cipher.
Signed-off-by: taoqi <taoqi10@huawei.com>
---
src/uadk_cipher.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index cc13823..940c26c 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -927,6 +927,14 @@ static int uadk_e_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (!ret)
goto sync_err;
} else {
+ /*
+ * If the length of the input data
+ * does not reach to hardware computing threshold,
+ * directly switch to soft cipher.
+ */
+ if (priv->req.in_bytes <= priv->switch_threshold)
+ goto sync_err;
+
ret = do_cipher_async(priv, &op);
if (!ret)
goto out_notify;
--
2.25.1

110
0010-rsa-cleanup-about-prime-generation.patch
View File

@ -1,110 +0,0 @@
From fc023b87189ff488b4e760567d92afeca2635559 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 25 Dec 2021 01:35:03 +0000
Subject: [PATCH 10/18] rsa: cleanup about prime generation
Reduce parameter number of rsa_prime_mul_res(),
and add comments of BN_GENCB_call().
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 28 +++++++++++++++++-----------
1 file changed, 17 insertions(+), 11 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index c1609ca..2526af9 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -164,14 +164,17 @@ static int rsa_check_bit_useful(const int bits, int flen)
}
}
-static int rsa_prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1,
+static int rsa_prime_mul_res(int num, struct rsa_prime_param *param,
BN_CTX *ctx, BN_GENCB *cb)
{
if (num == 1) {
- if (!BN_mul(r1, rsa_p, rsa_q, ctx))
+ if (!BN_mul(param->r1, param->rsa_p, param->rsa_q, ctx))
return BN_ERR;
} else {
- /* If num == 0, use number 3 to indicate do nothing */
+ /*
+ * Use the number 3 to indicate whether
+ * the generator has been found.
+ */
if (!BN_GENCB_call(cb, 3, num))
return BN_ERR;
return BN_CONTINUE;
@@ -189,8 +192,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
BN_ULONG bitst;
int ret;
- ret = rsa_prime_mul_res(*num, param->rsa_p, param->rsa_q,
- param->r1, ctx, cb);
+ ret = rsa_prime_mul_res(*num, param, ctx, cb);
if (ret)
return ret;
/*
@@ -224,7 +226,10 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
*bitse -= bitsr[*num];
else
return -1;
-
+ /*
+ * Use the number 2 to indicate whether
+ * a prime has been found.
+ */
ret = BN_GENCB_call(cb, 2, *n++);
if (!ret)
return -1;
@@ -237,7 +242,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
retries++;
return BN_REDO;
}
-
+ /* Use the number 3 to indicate whether the generator has been found. */
ret = BN_GENCB_call(cb, 3, *num);
if (!ret)
return BN_ERR;
@@ -314,6 +319,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
else
return BN_ERR;
+ /* Use the number 2 to indicate whether a prime has been found. */
if (!BN_GENCB_call(cb, 2, *n++))
return BN_ERR;
@@ -1094,7 +1100,7 @@ static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
int ret;
if (!default_meth) {
- printf("failed to get soft method.\n");
+ fprintf(stderr, "failed to get soft method.\n");
return UADK_E_FAIL;
}
@@ -1121,7 +1127,7 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess,
return UADK_E_FAIL;
keygen_param->wd_e->dsize = BN_bn2bin(bn_param->e,
- (unsigned char *)keygen_param->wd_e->data);
+ (unsigned char *)keygen_param->wd_e->data);
wd_rsa_get_prikey(rsa_sess->sess, &key_pair->prikey);
if (!key_pair->prikey)
@@ -1133,9 +1139,9 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess,
return UADK_E_FAIL;
keygen_param->wd_q->dsize = BN_bn2bin(bn_param->q,
- (unsigned char *)keygen_param->wd_q->data);
+ (unsigned char *)keygen_param->wd_q->data);
keygen_param->wd_p->dsize = BN_bn2bin(bn_param->p,
- (unsigned char *)keygen_param->wd_p->data);
+ (unsigned char *)keygen_param->wd_p->data);
rsa_sess->req.src_bytes = rsa_sess->key_size;
rsa_sess->req.dst_bytes = rsa_sess->key_size;
--
2.24.4

209
0011-ecc-cleanup-the-form-of-the-return-value.patch
View File

@ -1,209 +0,0 @@
From dbb4ff29da9ed378d8753a6e5d18e86756c1d254 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Mon, 27 Dec 2021 07:04:43 +0000
Subject: [PATCH 11/18] ecc: cleanup the form of the return value
This patch includes:
1. Unified the return value form.
2. Remove redundant goto jumps.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 20 +++++++++++---------
src/uadk_ecx.c | 8 ++++----
src/uadk_pkey.c | 5 ++---
src/uadk_sm2.c | 8 ++++----
4 files changed, 21 insertions(+), 20 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 0c8a011..db69871 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -446,7 +446,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
goto uninit_iot;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
sig = create_ecdsa_sig(&req);
@@ -635,11 +635,14 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen,
goto uninit_iot;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
goto uninit_iot;
}
+ wd_ecc_del_in(sess, req.src);
+ wd_ecc_free_sess(sess);
+
return ret;
uninit_iot:
@@ -701,7 +704,7 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req)
tmp = BN_bin2bn((unsigned char *)privkey->data, privkey->dsize, NULL);
ret = EC_KEY_set_private_key(ec, tmp);
BN_free(tmp);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to EC KEY set private key\n");
return -EINVAL;
}
@@ -725,7 +728,7 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req)
ret = EC_KEY_set_public_key(ec, point);
EC_POINT_free(point);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to EC_KEY_set_public_key\n");
return -EINVAL;
}
@@ -900,18 +903,17 @@ static int sm2_generate_key(EC_KEY *eckey)
goto free_sess;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = set_key_to_ec_key(eckey, &req);
if (ret)
goto uninit_iot;
- ret = 1;
wd_ecc_del_out(sess, req.dst);
wd_ecc_free_sess(sess);
- return ret;
+ return 1;
uninit_iot:
wd_ecc_del_out(sess, req.dst);
@@ -1119,7 +1121,7 @@ static int ecdh_generate_key(EC_KEY *ecdh)
goto uninit_iot;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = ecdh_set_key_to_ec_key(ecdh, &req);
@@ -1228,7 +1230,7 @@ static int ecdh_compute_key(unsigned char **out, size_t *outlen,
goto uninit_iot;
ret = uadk_ecc_crypto(sess, &req, (void *)sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = ecdh_get_shared_key(ecdh, out, outlen, &req);
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 6a9f78c..67f9350 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -399,7 +399,7 @@ static int x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
goto uninit_iot;
ret = uadk_ecc_crypto(keygen_ctx->sess, &req, (void *)keygen_ctx->sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = ecx_keygen_set_pkey(pkey, keygen_ctx, &req, ecx_key);
@@ -457,7 +457,7 @@ static int x448_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
goto uninit_iot;
ret = uadk_ecc_crypto(keygen_ctx->sess, &req, (void *)keygen_ctx->sess);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
ret = ecx_keygen_set_pkey(pkey, keygen_ctx, &req, ecx_key);
@@ -659,7 +659,7 @@ static int x25519_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
goto uninit_iot;
ret = uadk_ecc_crypto(derive_ctx->sess, &req, (void *)derive_ctx);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
wd_ecxdh_get_out_params(req.dst, &s_key);
@@ -745,7 +745,7 @@ static int x448_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
goto uninit_iot;
ret = uadk_ecc_crypto(derive_ctx->sess, &req, (void *)derive_ctx);
- if (ret != 1)
+ if (!ret)
goto uninit_iot;
wd_ecxdh_get_out_params(req.dst, &s_key);
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 62362b0..7ca998b 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -273,8 +273,7 @@ static void uadk_wd_ecc_uninit(void)
ecc_res.pid = 0;
}
-int uadk_ecc_crypto(handle_t sess,
- struct wd_ecc_req *req, void *usr)
+int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr)
{
struct uadk_e_cb_info cb_param;
struct async_op op;
@@ -314,7 +313,7 @@ int uadk_ecc_crypto(handle_t sess,
} else {
ret = wd_do_ecc_sync(sess, req);
if (ret < 0)
- return ret;
+ return 0;
}
return 1;
err:
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 6d5dad0..f602e48 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -359,7 +359,7 @@ static int sign_bin_to_ber(EC_KEY *ec, struct wd_dtb *r, struct wd_dtb *s,
}
ret = ECDSA_SIG_set0(e_sig, br, bs);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to ECDSA_SIG_set0\n");
ret = -EINVAL;
goto free_s;
@@ -686,7 +686,7 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
}
ret = uadk_ecc_crypto(smctx->sess, &req, smctx);
- if (ret != 1) {
+ if (!ret) {
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
ret = UADK_DO_SOFT;
goto uninit_iot;
@@ -907,7 +907,7 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx,
}
ret = uadk_ecc_crypto(smctx->sess, &req, smctx);
- if (ret != 1) {
+ if (!ret) {
ret = UADK_DO_SOFT;
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
goto uninit_iot;
@@ -1061,7 +1061,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
}
ret = uadk_ecc_crypto(smctx->sess, &req, smctx);
- if (ret != 1) {
+ if (!ret) {
ret = UADK_DO_SOFT;
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
goto uninit_iot;
--
2.24.4

293
0011-uadk_prov_digest-merge-threshold-table.patch Normal file
View File

@ -0,0 +1,293 @@
From 9ac731a7ab33306712c101f0c6c6d75dc97c2b87 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Wed, 21 Jun 2023 03:13:20 +0000
Subject: [PATCH 11/48] uadk_prov_digest: merge threshold table
Merge digest_pkt_threshold_table to digest_info_table
for simplicity.
Modify func name with uadk_ prefix.
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk_prov_digest.c | 120 ++++++++++++++++-------------------------
1 file changed, 47 insertions(+), 73 deletions(-)
diff --git a/src/uadk_prov_digest.c b/src/uadk_prov_digest.c
index fd05753..5456d2d 100644
--- a/src/uadk_prov_digest.c
+++ b/src/uadk_prov_digest.c
@@ -57,11 +57,6 @@ enum sec_digest_state {
SEC_DIGEST_FINAL
};
-struct digest_threshold_table {
- int nid;
- int threshold;
-};
-
struct digest_prov {
int pid;
};
@@ -104,29 +99,27 @@ struct digest_info {
enum wd_digest_mode mode;
enum wd_digest_type alg;
__u32 out_len;
-};
-
-static struct digest_threshold_table digest_pkt_threshold_table[] = {
- { NID_sm3, SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
- { NID_md5, MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
- { NID_sha1, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
- { NID_sha224, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
- { NID_sha256, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
- { NID_sha384, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
- { NID_sha512, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
+ __u32 threshold;
};
static struct digest_info digest_info_table[] = {
- {NID_md5, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16},
- {NID_sm3, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32},
- {NID_sha1, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20},
- {NID_sha224, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28},
- {NID_sha256, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32},
- {NID_sha384, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48},
- {NID_sha512, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64},
+ {NID_md5, WD_DIGEST_NORMAL, WD_DIGEST_MD5,
+ 16, MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT},
+ {NID_sm3, WD_DIGEST_NORMAL, WD_DIGEST_SM3,
+ 32, SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT},
+ {NID_sha1, WD_DIGEST_NORMAL, WD_DIGEST_SHA1,
+ 20, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT},
+ {NID_sha224, WD_DIGEST_NORMAL, WD_DIGEST_SHA224,
+ 28, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT},
+ {NID_sha256, WD_DIGEST_NORMAL, WD_DIGEST_SHA256,
+ 32, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT},
+ {NID_sha384, WD_DIGEST_NORMAL, WD_DIGEST_SHA384,
+ 48, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT},
+ {NID_sha512, WD_DIGEST_NORMAL, WD_DIGEST_SHA512,
+ 64, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT},
};
-static int uadk_e_digests_soft_md(struct digest_priv_ctx *priv)
+static int uadk_digests_soft_md(struct digest_priv_ctx *priv)
{
if (priv->soft_md)
return 1;
@@ -163,31 +156,17 @@ static int uadk_e_digests_soft_md(struct digest_priv_ctx *priv)
return 1;
}
-static uint32_t sec_digest_get_sw_threshold(int n_id)
-{
- int threshold_table_size = ARRAY_SIZE(digest_pkt_threshold_table);
- int i = 0;
-
- do {
- if (digest_pkt_threshold_table[i].nid == n_id)
- return digest_pkt_threshold_table[i].threshold;
- } while (++i < threshold_table_size);
-
- fprintf(stderr, "nid %d not found in digest threshold table", n_id);
- return 0;
-}
-
-static int digest_soft_init(struct digest_priv_ctx *priv)
+static int uadk_digest_soft_init(struct digest_priv_ctx *priv)
{
return EVP_DigestInit(priv->soft_ctx, priv->soft_md);
}
-static int digest_soft_update(EVP_MD_CTX *ctx, const void *data, size_t len)
+static int uadk_digest_soft_update(EVP_MD_CTX *ctx, const void *data, size_t len)
{
return EVP_DigestUpdate(ctx, data, len);
}
-static int digest_soft_final(struct digest_priv_ctx *priv, unsigned char *digest)
+static int uadk_digest_soft_final(struct digest_priv_ctx *priv, unsigned char *digest)
{
unsigned int digest_length = EVP_MD_get_size(priv->soft_md);
@@ -213,21 +192,21 @@ static void digest_soft_cleanup(struct digest_priv_ctx *priv)
}
}
-static int uadk_e_digest_soft_work(struct digest_priv_ctx *priv, int len,
+static int uadk_digest_soft_work(struct digest_priv_ctx *priv, int len,
unsigned char *digest)
{
- digest_soft_init(priv);
+ uadk_digest_soft_init(priv);
if (len != 0)
- digest_soft_update(priv->soft_ctx, priv->data, len);
+ uadk_digest_soft_update(priv->soft_ctx, priv->data, len);
- digest_soft_final(priv, digest);
+ uadk_digest_soft_final(priv, digest);
digest_soft_cleanup(priv);
return 1;
}
-static int uadk_e_digest_env_poll(void *ctx)
+static int uadk_digest_env_poll(void *ctx)
{
__u64 rx_cnt = 0;
__u32 recv = 0;
@@ -262,7 +241,7 @@ static int uadk_digest_init(struct digest_priv_ctx *priv)
goto soft_init;
}
prov.pid = getpid();
- async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_env_poll);
+ async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_digest_env_poll);
}
pthread_mutex_unlock(&digest_mutex);
@@ -272,6 +251,7 @@ static int uadk_digest_init(struct digest_priv_ctx *priv)
priv->setup.mode = digest_info_table[i].mode;
priv->req.out_buf_bytes = MAX_DIGEST_LENGTH;
priv->req.out_bytes = digest_info_table[i].out_len;
+ priv->switch_threshold = digest_info_table[i].threshold;
break;
}
}
@@ -294,35 +274,29 @@ static int uadk_digest_init(struct digest_priv_ctx *priv)
return 0;
}
- if (uadk_e_digests_soft_md(priv))
- priv->switch_threshold = sec_digest_get_sw_threshold(nid);
+ uadk_digests_soft_md(priv);
return 1;
soft_init:
pthread_mutex_unlock(&digest_mutex);
fprintf(stderr, "uadk failed to initialize digest.\n");
- return digest_soft_init(priv);
+ return uadk_digest_soft_init(priv);
}
-static void digest_update_out_length(struct digest_priv_ctx *priv)
+static int uadk_digest_update_inner(struct digest_priv_ctx *priv, const void *data, size_t data_len)
{
+ const unsigned char *tmpdata = (const unsigned char *)data;
+ size_t left_len = data_len;
+ int copy_to_bufflen;
+ int ret;
+
/* Sha224 and Sha384 need full length mac buffer as doing long hash */
if (priv->e_nid == NID_sha224)
priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN;
if (priv->e_nid == NID_sha384)
priv->req.out_bytes = WD_DIGEST_SHA384_FULL_LEN;
-}
-
-static int digest_update_inner(struct digest_priv_ctx *priv, const void *data, size_t data_len)
-{
- const unsigned char *tmpdata = (const unsigned char *)data;
- size_t left_len = data_len;
- int copy_to_bufflen;
- int ret;
-
- digest_update_out_length(priv);
priv->req.has_next = DIGEST_DOING;
@@ -363,13 +337,13 @@ do_soft_digest:
&& priv->data
&& priv->last_update_bufflen != 0) {
priv->switch_flag = UADK_DO_SOFT;
- digest_soft_init(priv);
- ret = digest_soft_update(priv->soft_ctx,
+ uadk_digest_soft_init(priv);
+ ret = uadk_digest_soft_update(priv->soft_ctx,
priv->data, priv->last_update_bufflen);
if (ret != 1)
return ret;
- return digest_soft_update(priv->soft_ctx,
+ return uadk_digest_soft_update(priv->soft_ctx,
tmpdata, left_len);
}
@@ -388,13 +362,13 @@ static int uadk_digest_update(struct digest_priv_ctx *priv, const void *data, si
return 1;
}
- return digest_update_inner(priv, data, data_len);
+ return uadk_digest_update_inner(priv, data, data_len);
soft_update:
- return digest_soft_update(priv->soft_ctx, data, data_len);
+ return uadk_digest_soft_update(priv->soft_ctx, data, data_len);
}
-static void async_cb(struct wd_digest_req *req, void *data)
+static void uadk_async_cb(struct wd_digest_req *req, void *data)
{
struct uadk_e_cb_info *cb_param;
struct async_op *op;
@@ -413,7 +387,7 @@ static void async_cb(struct wd_digest_req *req, void *data)
}
}
-static int do_digest_sync(struct digest_priv_ctx *priv)
+static int uadk_do_digest_sync(struct digest_priv_ctx *priv)
{
int ret;
@@ -429,7 +403,7 @@ static int do_digest_sync(struct digest_priv_ctx *priv)
return 1;
}
-static int do_digest_async(struct digest_priv_ctx *priv, struct async_op *op)
+static int uadk_do_digest_async(struct digest_priv_ctx *priv, struct async_op *op)
{
struct uadk_e_cb_info cb_param;
int idx, ret;
@@ -441,7 +415,7 @@ static int do_digest_async(struct digest_priv_ctx *priv, struct async_op *op)
cb_param.op = op;
cb_param.priv = priv;
- priv->req.cb = (void *)async_cb;
+ priv->req.cb = (void *)uadk_async_cb;
priv->req.cb_param = &cb_param;
ret = async_get_free_task(&idx);
@@ -490,16 +464,16 @@ static int uadk_digest_final(struct digest_priv_ctx *priv, unsigned char *digest
if (op.job == NULL) {
/* Synchronous, only the synchronous mode supports soft computing */
if (unlikely(priv->switch_flag == UADK_DO_SOFT)) {
- ret = digest_soft_final(priv, digest);
+ ret = uadk_digest_soft_final(priv, digest);
digest_soft_cleanup(priv);
goto clear;
}
- ret = do_digest_sync(priv);
+ ret = uadk_do_digest_sync(priv);
if (!ret)
goto sync_err;
} else {
- ret = do_digest_async(priv, &op);
+ ret = uadk_do_digest_async(priv, &op);
if (!ret)
goto clear;
}
@@ -509,7 +483,7 @@ static int uadk_digest_final(struct digest_priv_ctx *priv, unsigned char *digest
sync_err:
if (priv->state == SEC_DIGEST_INIT) {
- ret = uadk_e_digest_soft_work(priv, priv->req.in_bytes, digest);
+ ret = uadk_digest_soft_work(priv, priv->req.in_bytes, digest);
} else {
ret = 0;
fprintf(stderr, "do sec digest stream mode failed.\n");
--
2.25.1

140
0012-engine-fix-uadk-engine-compatibility-issue.patch
View File

@ -1,140 +0,0 @@
From c212eedcab9135acc0433a125c8fab151674e8c5 Mon Sep 17 00:00:00 2001
From: Wenkai Lin <linwenkai6@hisilicon.com>
Date: Tue, 23 Nov 2021 09:14:31 +0000
Subject: [PATCH 12/18] engine: fix uadk engine compatibility issue
When uadk use no sva mode, it should use wd_get_available_dev_num,
otherwise, it will not find old kernel's device path with attrs.
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
---
src/e_uadk.c | 70 +++++++++++++++---------------------
src/v1/uadk_v1.h | 1 +
src/v1/wdmngr/wd_alg_queue.c | 4 +++
src/v1/wdmngr/wd_alg_queue.h | 2 ++
4 files changed, 36 insertions(+), 41 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 18c2e4e..4e87c86 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -239,54 +239,42 @@ static void engine_init_child_at_fork_handler(void)
#ifdef KAE
static void bind_fn_kae_alg(ENGINE *e)
{
- struct uacce_dev *dev;
+ int dev_num;
- dev = wd_get_accel_dev("cipher");
- if (dev) {
- if (!(dev->flags & UACCE_DEV_SVA)) {
- cipher_module_init();
- if (!ENGINE_set_ciphers(e, sec_engine_ciphers))
- fprintf(stderr, "uadk bind cipher failed\n");
- else
- uadk_cipher_nosva = 1;
- }
- free(dev);
+ dev_num = wd_get_nosva_dev_num("cipher");
+ if (dev_num > 0) {
+ cipher_module_init();
+ if (!ENGINE_set_ciphers(e, sec_engine_ciphers))
+ fprintf(stderr, "uadk bind cipher failed\n");
+ else
+ uadk_cipher_nosva = 1;
}
- dev = wd_get_accel_dev("digest");
- if (dev) {
- if (!(dev->flags & UACCE_DEV_SVA)) {
- digest_module_init();
- if (!ENGINE_set_digests(e, sec_engine_digests))
- fprintf(stderr, "uadk bind digest failed\n");
- else
- uadk_digest_nosva = 1;
- }
- free(dev);
+ dev_num = wd_get_nosva_dev_num("digest");
+ if (dev_num > 0) {
+ digest_module_init();
+ if (!ENGINE_set_digests(e, sec_engine_digests))
+ fprintf(stderr, "uadk bind digest failed\n");
+ else
+ uadk_digest_nosva = 1;
}
- dev = wd_get_accel_dev("rsa");
- if (dev) {
- if (!(dev->flags & UACCE_DEV_SVA)) {
- hpre_module_init();
- if (!ENGINE_set_RSA(e, hpre_get_rsa_methods()))
- fprintf(stderr, "uadk bind rsa failed\n");
- else
- uadk_rsa_nosva = 1;
- }
- free(dev);
+ dev_num = wd_get_nosva_dev_num("rsa");
+ if (dev_num > 0) {
+ hpre_module_init();
+ if (!ENGINE_set_RSA(e, hpre_get_rsa_methods()))
+ fprintf(stderr, "uadk bind rsa failed\n");
+ else
+ uadk_rsa_nosva = 1;
}
- dev = wd_get_accel_dev("dh");
- if (dev) {
- if (!(dev->flags & UACCE_DEV_SVA)) {
- hpre_module_dh_init();
- if (!ENGINE_set_DH(e, hpre_get_dh_methods()))
- fprintf(stderr, "uadk bind dh failed\n");
- else
- uadk_dh_nosva = 1;
- }
- free(dev);
+ dev_num = wd_get_nosva_dev_num("dh");
+ if (dev_num > 0) {
+ hpre_module_dh_init();
+ if (!ENGINE_set_DH(e, hpre_get_dh_methods()))
+ fprintf(stderr, "uadk bind dh failed\n");
+ else
+ uadk_dh_nosva = 1;
}
}
#endif
diff --git a/src/v1/uadk_v1.h b/src/v1/uadk_v1.h
index f5081e3..d921706 100644
--- a/src/v1/uadk_v1.h
+++ b/src/v1/uadk_v1.h
@@ -35,4 +35,5 @@ extern void hpre_dh_destroy(void);
extern int hpre_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
const int **pnids, int nid);
+extern int wd_get_nosva_dev_num(const char *algorithm);
#endif
diff --git a/src/v1/wdmngr/wd_alg_queue.c b/src/v1/wdmngr/wd_alg_queue.c
index 79c9a6d..5cd33ae 100644
--- a/src/v1/wdmngr/wd_alg_queue.c
+++ b/src/v1/wdmngr/wd_alg_queue.c
@@ -74,3 +74,7 @@ void wd_free_queue(struct wd_queue *queue)
}
}
+int wd_get_nosva_dev_num(const char *algorithm)
+{
+ return wd_get_available_dev_num(algorithm);
+}
diff --git a/src/v1/wdmngr/wd_alg_queue.h b/src/v1/wdmngr/wd_alg_queue.h
index 4fd3a9d..955eed5 100644
--- a/src/v1/wdmngr/wd_alg_queue.h
+++ b/src/v1/wdmngr/wd_alg_queue.h
@@ -25,4 +25,6 @@
struct wd_queue *wd_new_queue(int algtype);
void wd_free_queue(struct wd_queue *queue);
+
+int wd_get_nosva_dev_num(const char *algorithm);
#endif
--
2.24.4

944
0012-uadk-add-uadk_prov_cipher.patch Normal file
View File

@ -0,0 +1,944 @@
From 67f7a6d5e934e64abab69fc0cbd7ef4b09bb045e Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Mon, 3 Jul 2023 07:05:17 +0000
Subject: [PATCH 12/48] uadk: add uadk_prov_cipher
Test:
openssl list -provider uadk_provider -cipher-algorithms
openssl speed -provider uadk_provider -provider default -evp sm4-ecb
openssl speed -provider uadk_provider -provider default -evp sm4-cbc
openssl speed -provider uadk_provider -provider default -evp aes-128-cbc
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/Makefile.am | 3 +-
src/uadk_prov.h | 14 +
src/uadk_prov_cipher.c | 820 +++++++++++++++++++++++++++++++++++++++++
src/uadk_prov_init.c | 31 ++
4 files changed, 867 insertions(+), 1 deletion(-)
create mode 100644 src/uadk_prov_cipher.c
diff --git a/src/Makefile.am b/src/Makefile.am
index bfaeb78..af16d85 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -50,7 +50,8 @@ uadk_engine_la_SOURCES+=v1/alg/ciphers/sec_ciphers.c \
v1/async/async_task_queue.c
endif #WD_KAE
-uadk_provider_la_SOURCES=uadk_prov_init.c uadk_prov_digest.c uadk_async.c uadk_utils.c
+uadk_provider_la_SOURCES=uadk_prov_init.c uadk_async.c uadk_utils.c \
+ uadk_prov_digest.c uadk_prov_cipher.c
uadk_provider_la_LDFLAGS=-module -version-number $(VERSION)
uadk_provider_la_LIBADD=$(WD_LIBS) -lpthread
diff --git a/src/uadk_prov.h b/src/uadk_prov.h
index c63c3fe..35f1789 100644
--- a/src/uadk_prov.h
+++ b/src/uadk_prov.h
@@ -26,5 +26,19 @@ extern const OSSL_DISPATCH uadk_sha256_functions[];
extern const OSSL_DISPATCH uadk_sha384_functions[];
extern const OSSL_DISPATCH uadk_sha512_functions[];
+extern const OSSL_DISPATCH uadk_aes_128_cbc_functions[];
+extern const OSSL_DISPATCH uadk_aes_192_cbc_functions[];
+extern const OSSL_DISPATCH uadk_aes_256_cbc_functions[];
+extern const OSSL_DISPATCH uadk_aes_128_ecb_functions[];
+extern const OSSL_DISPATCH uadk_aes_192_ecb_functions[];
+extern const OSSL_DISPATCH uadk_aes_256_ecb_functions[];
+extern const OSSL_DISPATCH uadk_aes_128_xts_functions[];
+extern const OSSL_DISPATCH uadk_aes_256_xts_functions[];
+extern const OSSL_DISPATCH uadk_sm4_cbc_functions[];
+extern const OSSL_DISPATCH uadk_sm4_ecb_functions[];
+extern const OSSL_DISPATCH uadk_des_ede3_cbc_functions[];
+extern const OSSL_DISPATCH uadk_des_ede3_ecb_functions[];
+
void uadk_prov_destroy_digest(void);
+void uadk_prov_destroy_cipher(void);
#endif
diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c
new file mode 100644
index 0000000..af0fa02
--- /dev/null
+++ b/src/uadk_prov_cipher.c
@@ -0,0 +1,820 @@
+/*
+ * Copyright 2023-2024 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2023-2024 Linaro ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdio.h>
+#include <stdbool.h>
+#include <string.h>
+#include <dlfcn.h>
+#include <openssl/core_names.h>
+#include <openssl/proverr.h>
+#include <uadk/wd_cipher.h>
+#include <uadk/wd_sched.h>
+#include "uadk.h"
+#include "uadk_async.h"
+
+#define UADK_DO_SOFT (-0xE0)
+#define CTX_SYNC_ENC 0
+#define CTX_SYNC_DEC 1
+#define CTX_ASYNC_ENC 2
+#define CTX_ASYNC_DEC 3
+#define CTX_NUM 4
+#define CTR_128BIT_COUNTER 16
+#define CTR_MODE_LEN_SHIFT 4
+#define BYTE_BITS 8
+#define IV_LEN 16
+#define ENV_ENABLED 1
+#define MAX_KEY_LEN 64
+#define ALG_NAME_SIZE 128
+
+/* Internal flags that can be queried */
+#define PROV_CIPHER_FLAG_AEAD 0x0001
+#define PROV_CIPHER_FLAG_CUSTOM_IV 0x0002
+#define PROV_CIPHER_FLAG_CTS 0x0004
+#define PROV_CIPHER_FLAG_TLS1_MULTIBLOCK 0x0008
+#define PROV_CIPHER_FLAG_RAND_KEY 0x0010
+
+/* Internal flags that are only used within the provider */
+#define PROV_CIPHER_FLAG_VARIABLE_LENGTH 0x0100
+#define PROV_CIPHER_FLAG_INVERSE_CIPHER 0x0200
+
+#define SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT 192
+
+struct cipher_prov {
+ int pid;
+};
+static struct cipher_prov prov;
+static pthread_mutex_t cipher_mutex = PTHREAD_MUTEX_INITIALIZER;
+
+struct cipher_priv_ctx {
+ int nid;
+ handle_t sess;
+ struct wd_cipher_sess_setup setup;
+ struct wd_cipher_req req;
+ unsigned char iv[IV_LEN];
+ unsigned char key[MAX_KEY_LEN];
+ int switch_flag;
+ EVP_CIPHER_CTX *sw_ctx;
+ EVP_CIPHER *sw_cipher;
+ /* Crypto small packet offload threshold */
+ size_t switch_threshold;
+ unsigned int enc : 1;
+ size_t blksize;
+ size_t keylen;
+ size_t ivlen;
+ char alg_name[ALG_NAME_SIZE];
+};
+
+struct cipher_info {
+ int nid;
+ enum wd_cipher_alg alg;
+ enum wd_cipher_mode mode;
+ __u32 out_bytes;
+};
+
+static struct cipher_info cipher_info_table[] = {
+ { NID_aes_128_ecb, WD_CIPHER_AES, WD_CIPHER_ECB, 16},
+ { NID_aes_192_ecb, WD_CIPHER_AES, WD_CIPHER_ECB, 16},
+ { NID_aes_256_ecb, WD_CIPHER_AES, WD_CIPHER_ECB, 16},
+ { NID_aes_128_cbc, WD_CIPHER_AES, WD_CIPHER_CBC, 16},
+ { NID_aes_192_cbc, WD_CIPHER_AES, WD_CIPHER_CBC, 64},
+ { NID_aes_256_cbc, WD_CIPHER_AES, WD_CIPHER_CBC, 64},
+ { NID_aes_128_xts, WD_CIPHER_AES, WD_CIPHER_XTS, 32},
+ { NID_aes_256_xts, WD_CIPHER_AES, WD_CIPHER_XTS, 512},
+ { NID_sm4_cbc, WD_CIPHER_SM4, WD_CIPHER_CBC, 16},
+ { NID_des_ede3_cbc, WD_CIPHER_3DES, WD_CIPHER_CBC, 16},
+ { NID_des_ede3_ecb, WD_CIPHER_3DES, WD_CIPHER_ECB, 16},
+ { NID_aes_128_ctr, WD_CIPHER_AES, WD_CIPHER_CTR, 64},
+ { NID_aes_192_ctr, WD_CIPHER_AES, WD_CIPHER_CTR, 64},
+ { NID_aes_256_ctr, WD_CIPHER_AES, WD_CIPHER_CTR, 64},
+ { NID_aes_128_ofb128, WD_CIPHER_AES, WD_CIPHER_OFB, 16},
+ { NID_aes_192_ofb128, WD_CIPHER_AES, WD_CIPHER_OFB, 16},
+ { NID_aes_256_ofb128, WD_CIPHER_AES, WD_CIPHER_OFB, 16},
+ { NID_aes_128_cfb128, WD_CIPHER_AES, WD_CIPHER_CFB, 16},
+ { NID_aes_192_cfb128, WD_CIPHER_AES, WD_CIPHER_CFB, 16},
+ { NID_aes_256_cfb128, WD_CIPHER_AES, WD_CIPHER_CFB, 16},
+ { NID_sm4_ofb128, WD_CIPHER_SM4, WD_CIPHER_OFB, 16},
+ { NID_sm4_cfb128, WD_CIPHER_SM4, WD_CIPHER_CFB, 16},
+ { NID_sm4_ecb, WD_CIPHER_SM4, WD_CIPHER_ECB, 16},
+ { NID_sm4_ctr, WD_CIPHER_SM4, WD_CIPHER_CTR, 16},
+};
+
+static int uadk_fetch_sw_cipher(struct cipher_priv_ctx *priv)
+{
+ if (priv->sw_cipher)
+ return 1;
+
+ switch (priv->nid) {
+ case NID_aes_128_cbc:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-128-CBC", "provider=default");
+ case NID_aes_192_cbc:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-192-CBC", "provider=default");
+ case NID_aes_256_cbc:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-256-CBC", "provider=default");
+ case NID_aes_128_ecb:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-128-ECB", "provider=default");
+ case NID_aes_192_ecb:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-192-ECB", "provider=default");
+ case NID_aes_256_ecb:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-256-ECB", "provider=default");
+ case NID_aes_128_xts:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-128-XTS", "provider=default");
+ case NID_aes_256_xts:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-256-XTS", "provider=default");
+ case NID_sm4_cbc:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "SM4-CBC", "provider=default");
+ case NID_sm4_ecb:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "SM4-ECB", "provider=default");
+ case NID_des_ede3_cbc:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "DES-EDE3-CBC", "provider=default");
+ case NID_des_ede3_ecb:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "DES-EDE3-ECB", "provider=default");
+ case NID_aes_128_ctr:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-128-CTR", "provider=default");
+ case NID_aes_192_ctr:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-192-CTR", "provider=default");
+ case NID_aes_256_ctr:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-256-CTR", "provider=default");
+ case NID_aes_128_ofb128:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-128-OFB", "provider=default");
+ case NID_aes_192_ofb128:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-192-OFB", "provider=default");
+ case NID_aes_256_ofb128:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-256-OFB", "provider=default");
+ case NID_aes_128_cfb128:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-128-CFB", "provider=default");
+ case NID_aes_192_cfb128:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-192-CFB", "provider=default");
+ case NID_aes_256_cfb128:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-256-CFB", "provider=default");
+ case NID_sm4_ofb128:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "SM4-OFB", "provider=default");
+ case NID_sm4_cfb128:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "SM4-CFB", "provider=default");
+ case NID_sm4_ctr:
+ priv->sw_cipher = EVP_CIPHER_fetch(NULL, "SM4-CTR", "provider=default");
+ default:
+ break;
+ }
+
+ if (unlikely(priv->sw_cipher == NULL)) {
+ fprintf(stderr, "fail to fetch sw_cipher\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int uadk_prov_cipher_sw_init(struct cipher_priv_ctx *priv,
+ const unsigned char *key,
+ const unsigned char *iv)
+{
+ if (!uadk_fetch_sw_cipher(priv))
+ return 0;
+
+ if (!EVP_CipherInit_ex2(priv->sw_ctx, priv->sw_cipher, key, iv,
+ priv->enc, NULL)) {
+ fprintf(stderr, "SW cipher init error!\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int uadk_prov_cipher_soft_work(struct cipher_priv_ctx *priv, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ int sw_final_len = 0;
+ int outlen = 0;
+
+ if (priv->sw_cipher == NULL)
+ return 0;
+
+ if (!EVP_CipherUpdate(priv->sw_ctx, out, &outlen, in, len)) {
+ fprintf(stderr, "EVP_CipherUpdate sw_ctx failed.\n");
+ return 0;
+ }
+
+ if (!EVP_CipherFinal_ex(priv->sw_ctx, out + outlen, &sw_final_len)) {
+ fprintf(stderr, "EVP_CipherFinal_ex sw_ctx failed.\n");
+ return 0;
+ }
+
+ return 1;
+}
+
+static int uadk_cipher_env_poll(void *ctx)
+{
+ __u64 rx_cnt = 0;
+ __u32 recv = 0;
+ /* Poll one packet currently */
+ int expt = 1;
+ int ret;
+
+ do {
+ ret = wd_cipher_poll(expt, &recv);
+ if (ret < 0 || recv == expt)
+ return ret;
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
+
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
+}
+
+static int uadk_prov_cipher_init(struct cipher_priv_ctx *priv,
+ const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen)
+{
+ int cipher_counts = ARRAY_SIZE(cipher_info_table);
+ int ret, i;
+
+ if (iv)
+ memcpy(priv->iv, iv, ivlen);
+
+ for (i = 0; i < cipher_counts; i++) {
+ if (priv->nid == cipher_info_table[i].nid) {
+ priv->setup.alg = cipher_info_table[i].alg;
+ priv->setup.mode = cipher_info_table[i].mode;
+ priv->req.out_bytes = cipher_info_table[i].out_bytes;
+ break;
+ }
+ }
+
+ if (i == cipher_counts) {
+ fprintf(stderr, "failed to setup the private ctx.\n");
+ return 0;
+ }
+
+ if (key) {
+ memcpy(priv->key, key, keylen);
+ ret = uadk_prov_cipher_sw_init(priv, key, iv);
+ if (unlikely(ret != 1))
+ return 0;
+ }
+
+ priv->switch_threshold = SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT;
+
+ return 1;
+}
+
+static void async_cb(struct wd_cipher_req *req, void *data)
+{
+ struct uadk_e_cb_info *cb_param;
+ struct async_op *op;
+
+ if (!req)
+ return;
+
+ cb_param = req->cb_param;
+ if (!cb_param)
+ return;
+
+ op = cb_param->op;
+ if (op && op->job && !op->done) {
+ op->done = 1;
+ async_free_poll_task(op->idx, 1);
+ async_wake_job(op->job);
+ }
+}
+
+/* Increment counter (128-bit int) by c */
+static void ctr_iv_inc(uint8_t *counter, __u32 c)
+{
+ uint32_t n = CTR_128BIT_COUNTER;
+ uint8_t *counter1 = counter;
+ __u32 c_value = c;
+
+ /*
+ * Since the counter has been increased 1 by the hardware,
+ * so the c need to decrease 1.
+ */
+ c_value -= 1;
+ do {
+ --n;
+ c_value += counter1[n];
+ counter1[n] = (uint8_t)c_value;
+ c_value >>= BYTE_BITS;
+ } while (n);
+}
+
+static void uadk_cipher_update_priv_ctx(struct cipher_priv_ctx *priv)
+{
+ __u16 iv_bytes = priv->req.iv_bytes;
+ int offset = priv->req.in_bytes - iv_bytes;
+ unsigned char K[IV_LEN] = {0};
+ int i;
+
+ switch (priv->setup.mode) {
+ case WD_CIPHER_CFB:
+ case WD_CIPHER_CBC:
+ if (priv->req.op_type == WD_CIPHER_ENCRYPTION)
+ memcpy(priv->iv, priv->req.dst + offset, iv_bytes);
+ else
+ memcpy(priv->iv, priv->req.src + offset, iv_bytes);
+
+ break;
+ case WD_CIPHER_OFB:
+ for (i = 0; i < IV_LEN; i++) {
+ K[i] = *((unsigned char *)priv->req.src + offset + i) ^
+ *((unsigned char *)priv->req.dst + offset + i);
+ }
+ memcpy(priv->iv, K, iv_bytes);
+ break;
+ case WD_CIPHER_CTR:
+ ctr_iv_inc(priv->iv, priv->req.in_bytes >> CTR_MODE_LEN_SHIFT);
+ break;
+ default:
+ break;
+ }
+}
+
+static int uadk_do_cipher_sync(struct cipher_priv_ctx *priv)
+{
+ int ret;
+
+ if (unlikely(priv->switch_flag == UADK_DO_SOFT))
+ return 0;
+
+ if (priv->switch_threshold >= priv->req.in_bytes)
+ return 0;
+
+ ret = wd_do_cipher_sync(priv->sess, &priv->req);
+ if (ret)
+ return 0;
+ return 1;
+}
+
+static int uadk_do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *op)
+{
+ struct uadk_e_cb_info cb_param;
+ int idx, ret;
+
+ if (unlikely(priv->switch_flag == UADK_DO_SOFT)) {
+ fprintf(stderr, "async cipher init failed.\n");
+ return 0;
+ }
+
+ cb_param.op = op;
+ cb_param.priv = priv;
+ priv->req.cb = (void *)async_cb;
+ priv->req.cb_param = &cb_param;
+ ret = async_get_free_task(&idx);
+ if (!ret)
+ return 0;
+
+ op->idx = idx;
+ do {
+ ret = wd_do_cipher_async(priv->sess, &priv->req);
+ if (ret < 0 && ret != -EBUSY) {
+ fprintf(stderr, "do sec cipher failed, switch to soft cipher.\n");
+ async_free_poll_task(op->idx, 0);
+ return 0;
+ }
+ } while (ret == -EBUSY);
+
+ ret = async_pause_job(priv, op, ASYNC_TASK_CIPHER, idx);
+ if (!ret)
+ return 0;
+ return 1;
+}
+
+static void uadk_prov_cipher_ctx_init(struct cipher_priv_ctx *priv)
+{
+ struct sched_params params = {0};
+ int ret;
+
+ priv->req.iv_bytes = priv->ivlen;
+ priv->req.iv = priv->iv;
+
+ if (priv->switch_flag == UADK_DO_SOFT)
+ return;
+
+ pthread_mutex_lock(&cipher_mutex);
+ if (prov.pid != getpid()) {
+ ret = wd_cipher_init2(priv->alg_name, 0, 0);
+ if (unlikely(ret)) {
+ priv->switch_flag = UADK_DO_SOFT;
+ pthread_mutex_unlock(&cipher_mutex);
+ fprintf(stderr, "uadk failed to init cipher HW!\n");
+ return;
+ }
+ prov.pid = getpid();
+ async_register_poll_fn(ASYNC_TASK_CIPHER, uadk_cipher_env_poll);
+ }
+ pthread_mutex_unlock(&cipher_mutex);
+
+ params.type = priv->req.op_type;
+ /* Use the default numa parameters */
+ params.numa_id = -1;
+ priv->setup.sched_param = &params;
+
+ if (!priv->sess) {
+ priv->sess = wd_cipher_alloc_sess(&priv->setup);
+ if (!priv->sess)
+ fprintf(stderr, "uadk failed to alloc session!\n");
+ }
+
+ ret = wd_cipher_set_key(priv->sess, priv->key, priv->keylen);
+ if (ret) {
+ wd_cipher_free_sess(priv->sess);
+ priv->sess = 0;
+ fprintf(stderr, "uadk failed to set key!\n");
+ }
+}
+
+static int uadk_prov_do_cipher(struct cipher_priv_ctx *priv, unsigned char *out,
+ const unsigned char *in, size_t inlen)
+{
+ struct async_op op;
+ int ret;
+
+ priv->req.src = (unsigned char *)in;
+ priv->req.in_bytes = inlen;
+ priv->req.dst = out;
+ priv->req.out_buf_bytes = inlen;
+
+ uadk_prov_cipher_ctx_init(priv);
+ ret = async_setup_async_event_notification(&op);
+ if (!ret) {
+ fprintf(stderr, "failed to setup async event notification.\n");
+ return 0;
+ }
+
+ if (op.job == NULL) {
+ /* Synchronous, only the synchronous mode supports soft computing */
+ ret = uadk_do_cipher_sync(priv);
+ if (!ret)
+ goto sync_err;
+ } else {
+ /*
+ * If the length of the input data
+ * does not reach to hardware computing threshold,
+ * directly switch to soft cipher.
+ */
+ if (priv->req.in_bytes <= priv->switch_threshold)
+ goto sync_err;
+
+ ret = uadk_do_cipher_async(priv, &op);
+ if (!ret)
+ goto out_notify;
+ }
+ uadk_cipher_update_priv_ctx(priv);
+
+ return 1;
+sync_err:
+ ret = uadk_prov_cipher_soft_work(priv, out, in, inlen);
+ if (ret != 1)
+ fprintf(stderr, "do soft ciphers failed.\n");
+out_notify:
+ async_clear_async_event_notification();
+ return ret;
+}
+
+void uadk_prov_destroy_cipher(void)
+{
+ pthread_mutex_lock(&cipher_mutex);
+ if (prov.pid == getpid()) {
+ wd_cipher_uninit2();
+ prov.pid = 0;
+ }
+ pthread_mutex_unlock(&cipher_mutex);
+}
+
+static OSSL_FUNC_cipher_encrypt_init_fn uadk_prov_cipher_einit;
+static OSSL_FUNC_cipher_decrypt_init_fn uadk_prov_cipher_dinit;
+static OSSL_FUNC_cipher_freectx_fn uadk_prov_cipher_freectx;
+static OSSL_FUNC_cipher_get_ctx_params_fn uadk_prov_cipher_get_ctx_params;
+static OSSL_FUNC_cipher_gettable_ctx_params_fn uadk_prov_cipher_gettable_ctx_params;
+static OSSL_FUNC_cipher_set_ctx_params_fn uadk_prov_cipher_set_ctx_params;
+static OSSL_FUNC_cipher_settable_ctx_params_fn uadk_prov_cipher_settable_ctx_params;
+
+static int uadk_prov_cipher_cipher(void *vctx, unsigned char *out, size_t *outl,
+ size_t outsize, const unsigned char *in,
+ size_t inl)
+{
+ struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)vctx;
+ int ret;
+
+ if (inl == 0) {
+ *outl = 0;
+ return 1;
+ }
+
+ if (outsize < inl) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ ret = uadk_prov_do_cipher(priv, out, in, inl);
+ if (ret != 1)
+ return ret;
+
+ *outl = inl;
+ return 1;
+
+}
+
+static int uadk_prov_cipher_final(void *vctx, unsigned char *out,
+ size_t *outl, size_t outsize)
+{
+ *outl = 0;
+ return 1;
+}
+
+static int uadk_prov_cipher_update(void *vctx, unsigned char *out,
+ size_t *outl, size_t outsize,
+ const unsigned char *in, size_t inl)
+{
+ struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)vctx;
+ int ret;
+
+ if (inl == 0) {
+ *outl = 0;
+ return 1;
+ }
+
+ if (outsize < inl) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ ret = uadk_prov_do_cipher(priv, out, in, inl);
+ if (ret != 1)
+ return ret;
+
+ *outl = inl;
+ return 1;
+}
+
+static int uadk_prov_cipher_einit(void *vctx, const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen,
+ const OSSL_PARAM params[])
+{
+ struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)vctx;
+ int ret;
+
+ priv->req.op_type = WD_CIPHER_ENCRYPTION;
+ priv->enc = 1;
+
+ ret = uadk_prov_cipher_init(priv, key, keylen, iv, ivlen);
+ if (unlikely(ret != 1))
+ return 0;
+
+ return 1;
+}
+
+static int uadk_prov_cipher_dinit(void *vctx, const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen,
+ const OSSL_PARAM params[])
+{
+ struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)vctx;
+ int ret;
+
+ priv->req.op_type = WD_CIPHER_DECRYPTION;
+ priv->enc = 0;
+
+ ret = uadk_prov_cipher_init(priv, key, keylen, iv, ivlen);
+ if (unlikely(ret != 1))
+ return 0;
+
+ return 1;
+}
+
+static const OSSL_PARAM uadk_prov_settable_ctx_params[] = {
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+ OSSL_PARAM_END
+};
+
+const OSSL_PARAM *uadk_prov_cipher_settable_ctx_params(ossl_unused void *cctx,
+ ossl_unused void *provctx)
+{
+ return uadk_prov_settable_ctx_params;
+}
+
+static int uadk_prov_cipher_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+{
+ struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)vctx;
+ const OSSL_PARAM *p;
+ int ret = 1;
+
+ if (params == NULL)
+ return 1;
+
+ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
+ if (p != NULL) {
+ size_t keylen;
+
+ if (!OSSL_PARAM_get_size_t(p, &keylen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+ if (priv->keylen != keylen) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
+ }
+
+ return ret;
+}
+
+static int uadk_prov_cipher_get_ctx_params(void *vctx, OSSL_PARAM params[])
+{
+ struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)vctx;
+ OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
+ if (p != NULL && !OSSL_PARAM_set_size_t(p, priv->keylen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
+ if (p != NULL && !OSSL_PARAM_set_size_t(p, priv->ivlen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
+ if (p != NULL && !OSSL_PARAM_set_octet_string(p, priv->iv, priv->ivlen)
+ && !OSSL_PARAM_set_octet_ptr(p, &priv->iv, priv->ivlen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
+ if (p != NULL && !OSSL_PARAM_set_octet_string(p, priv->iv, priv->ivlen)
+ && !OSSL_PARAM_set_octet_ptr(p, &priv->iv, priv->ivlen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ return 1;
+}
+
+static const OSSL_PARAM uadk_prov_default_ctx_params[] = {
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, NULL, 0),
+ OSSL_PARAM_END
+};
+
+const OSSL_PARAM *uadk_prov_cipher_gettable_ctx_params(ossl_unused void *cctx,
+ ossl_unused void *provctx)
+{
+ return uadk_prov_default_ctx_params;
+}
+
+static const OSSL_PARAM cipher_known_gettable_params[] = {
+ OSSL_PARAM_uint(OSSL_CIPHER_PARAM_MODE, NULL),
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL),
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_AEAD, NULL),
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_CUSTOM_IV, NULL),
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_CTS, NULL),
+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_HAS_RAND_KEY, NULL),
+ OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *uadk_prov_cipher_gettable_params(ossl_unused void *provctx)
+{
+ return cipher_known_gettable_params;
+}
+
+static int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md,
+ uint64_t flags, size_t kbits,
+ size_t blkbits, size_t ivbits)
+{
+ OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE);
+ if (p != NULL && !OSSL_PARAM_set_uint(p, md)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CUSTOM_IV);
+ if (p != NULL && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_CUSTOM_IV) != 0)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
+ if (p != NULL && !OSSL_PARAM_set_size_t(p, kbits)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE);
+ if (p != NULL && !OSSL_PARAM_set_size_t(p, blkbits)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
+ if (p != NULL && !OSSL_PARAM_set_size_t(p, ivbits)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ return 1;
+}
+
+static void uadk_prov_cipher_freectx(void *ctx)
+{
+ struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)ctx;
+
+ EVP_CIPHER_free(priv->sw_cipher);
+ EVP_CIPHER_CTX_free(priv->sw_ctx);
+
+ if (priv->sess) {
+ wd_cipher_free_sess(priv->sess);
+ priv->sess = 0;
+ }
+ OPENSSL_clear_free(priv, sizeof(*priv));
+}
+
+#define UADK_CIPHER_DESCR(nm, blk_size, key_len, iv_len, \
+ flags, e_nid, algnm, mode) \
+static OSSL_FUNC_cipher_newctx_fn uadk_##nm##_newctx; \
+static void *uadk_##nm##_newctx(void *provctx) \
+{ \
+ struct cipher_priv_ctx *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
+ \
+ if (ctx == NULL) \
+ return NULL; \
+ ctx->blksize = blk_size; \
+ ctx->keylen = key_len; \
+ ctx->ivlen = iv_len; \
+ ctx->nid = e_nid; \
+ ctx->sw_ctx = EVP_CIPHER_CTX_new(); \
+ if (ctx->sw_ctx == NULL) \
+ fprintf(stderr, "EVP_CIPHER_CTX_new failed.\n"); \
+ strncpy(ctx->alg_name, #algnm, ALG_NAME_SIZE - 1); \
+ return ctx; \
+} \
+static OSSL_FUNC_cipher_get_params_fn uadk_##nm##_get_params; \
+static int uadk_##nm##_get_params(OSSL_PARAM params[]) \
+{ \
+ return ossl_cipher_generic_get_params(params, mode, flags, \
+ key_len, blk_size, iv_len); \
+} \
+const OSSL_DISPATCH uadk_##nm##_functions[] = { \
+ { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))uadk_##nm##_newctx }, \
+ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))uadk_prov_cipher_freectx }, \
+ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, \
+ (void (*)(void))uadk_prov_cipher_einit }, \
+ { OSSL_FUNC_CIPHER_DECRYPT_INIT, \
+ (void (*)(void))uadk_prov_cipher_dinit }, \
+ { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))uadk_prov_cipher_update }, \
+ { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))uadk_prov_cipher_final }, \
+ { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))uadk_prov_cipher_cipher }, \
+ { OSSL_FUNC_CIPHER_GET_PARAMS, \
+ (void (*)(void))uadk_##nm##_get_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
+ (void (*)(void))uadk_prov_cipher_gettable_params }, \
+ { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
+ (void (*)(void))uadk_prov_cipher_get_ctx_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
+ (void (*)(void))uadk_prov_cipher_gettable_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
+ (void (*)(void))uadk_prov_cipher_set_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
+ (void (*)(void))uadk_prov_cipher_settable_ctx_params }, \
+ { 0, NULL } \
+}
+
+UADK_CIPHER_DESCR(aes_128_cbc, 16, 16, 16, 0, NID_aes_128_cbc, cbc(aes), EVP_CIPH_CBC_MODE);
+UADK_CIPHER_DESCR(aes_192_cbc, 16, 24, 16, 0, NID_aes_192_cbc, cbc(aes), EVP_CIPH_CBC_MODE);
+UADK_CIPHER_DESCR(aes_256_cbc, 16, 32, 16, 0, NID_aes_256_cbc, cbc(aes), EVP_CIPH_CBC_MODE);
+UADK_CIPHER_DESCR(aes_128_ecb, 16, 16, 0, 0, NID_aes_128_ecb, ecb(aes), EVP_CIPH_ECB_MODE);
+UADK_CIPHER_DESCR(aes_192_ecb, 16, 24, 0, 0, NID_aes_192_ecb, ecb(aes), EVP_CIPH_ECB_MODE);
+UADK_CIPHER_DESCR(aes_256_ecb, 16, 32, 0, 0, NID_aes_256_ecb, ecb(aes), EVP_CIPH_ECB_MODE);
+UADK_CIPHER_DESCR(aes_128_xts, 1, 32, 16, 0, NID_aes_128_xts, xts(aes), EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV);
+UADK_CIPHER_DESCR(aes_256_xts, 1, 64, 16, 0, NID_aes_256_xts, xts(aes), EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV);
+UADK_CIPHER_DESCR(sm4_cbc, 16, 16, 16, 0, NID_sm4_cbc, cbc(sm4), EVP_CIPH_CBC_MODE);
+UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 16, 0, NID_sm4_ecb, ecb(sm4), EVP_CIPH_ECB_MODE);
+UADK_CIPHER_DESCR(des_ede3_cbc, 8, 24, 8, 0, NID_des_ede3_cbc, cbc(des), EVP_CIPH_CBC_MODE);
+UADK_CIPHER_DESCR(des_ede3_ecb, 8, 24, 0, 0, NID_des_ede3_ecb, ecb(des), EVP_CIPH_ECB_MODE);
+
+/* v3 */
+UADK_CIPHER_DESCR(aes_128_ctr, 1, 16, 16, 0, NID_aes_128_ctr, ctr(aes), EVP_CIPH_CTR_MODE);
+UADK_CIPHER_DESCR(aes_192_ctr, 1, 24, 16, 0, NID_aes_192_ctr, ctr(aes), EVP_CIPH_CTR_MODE);
+UADK_CIPHER_DESCR(aes_256_ctr, 1, 32, 16, 0, NID_aes_256_ctr, ctr(aes), EVP_CIPH_CTR_MODE);
+UADK_CIPHER_DESCR(aes_128_ofb128, 1, 16, 16, 0, NID_aes_128_ofb128, ofb(aes), EVP_CIPH_OFB_MODE);
+UADK_CIPHER_DESCR(aes_192_ofb128, 1, 24, 16, 0, NID_aes_192_ofb128, ofb(aes), EVP_CIPH_OFB_MODE);
+UADK_CIPHER_DESCR(aes_256_ofb128, 1, 32, 16, 0, NID_aes_256_ofb128, ofb(aes), EVP_CIPH_OFB_MODE);
+UADK_CIPHER_DESCR(aes_128_cfb128, 1, 16, 16, 0, NID_aes_128_cfb128, cfb(aes), EVP_CIPH_CFB_MODE);
+UADK_CIPHER_DESCR(aes_192_cfb128, 1, 24, 16, 0, NID_aes_192_cfb128, cfb(aes), EVP_CIPH_CFB_MODE);
+UADK_CIPHER_DESCR(aes_256_cfb128, 1, 32, 16, 0, NID_aes_256_cfb128, cfb(aes), EVP_CIPH_CFB_MODE);
+UADK_CIPHER_DESCR(sm4_ofb128, 1, 16, 16, 0, NID_sm4_ofb128, ofb(sm4), EVP_CIPH_OFB_MODE);
+UADK_CIPHER_DESCR(sm4_cfb128, 1, 16, 16, 0, NID_sm4_cfb128, cfb(sm4), EVP_CIPH_CFB_MODE);
+UADK_CIPHER_DESCR(sm4_ctr, 1, 16, 16, 0, NID_sm4_ctr, ctr(sm4), EVP_CIPH_CTR_MODE);
diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c
index e363584..b59a4e8 100644
--- a/src/uadk_prov_init.c
+++ b/src/uadk_prov_init.c
@@ -52,6 +52,34 @@ const OSSL_ALGORITHM uadk_prov_digests[] = {
{ NULL, NULL, NULL }
};
+const OSSL_ALGORITHM uadk_prov_ciphers[] = {
+ { "AES-128-CBC", UADK_DEFAULT_PROPERTIES,
+ uadk_aes_128_cbc_functions, "uadk_provider aes-128-cbc" },
+ { "AES-192-CBC", UADK_DEFAULT_PROPERTIES,
+ uadk_aes_192_cbc_functions, "uadk_provider aes-192-cbc" },
+ { "AES-256-CBC", UADK_DEFAULT_PROPERTIES,
+ uadk_aes_256_cbc_functions, "uadk_provider aes-256-cbc" },
+ { "AES-128-ECB", UADK_DEFAULT_PROPERTIES,
+ uadk_aes_128_ecb_functions, "uadk_provider aes-128-ecb" },
+ { "AES-192-ECB", UADK_DEFAULT_PROPERTIES,
+ uadk_aes_192_ecb_functions, "uadk_provider aes-192-ecb" },
+ { "AES-256-ECB", UADK_DEFAULT_PROPERTIES,
+ uadk_aes_256_ecb_functions, "uadk_provider aes-256-ecb" },
+ { "AES-128-XTS", UADK_DEFAULT_PROPERTIES,
+ uadk_aes_128_xts_functions, "uadk_provider aes-128-xts" },
+ { "AES-256-XTS", UADK_DEFAULT_PROPERTIES,
+ uadk_aes_256_xts_functions, "uadk_provider aes-256-xts" },
+ { "SM4-CBC:SM4", UADK_DEFAULT_PROPERTIES,
+ uadk_sm4_cbc_functions, "uadk_provider sm4-cbc" },
+ { "SM4-ECB", UADK_DEFAULT_PROPERTIES,
+ uadk_sm4_ecb_functions, "uadk_provider sm4-ecb" },
+ { "DES-EDE3-CBC", UADK_DEFAULT_PROPERTIES,
+ uadk_des_ede3_cbc_functions, "uadk_provider des-ede3-cbc" },
+ { "DES-EDE3-ECB", UADK_DEFAULT_PROPERTIES,
+ uadk_des_ede3_ecb_functions, "uadk_provider des-ede3-ecb" },
+ { NULL, NULL, NULL }
+};
+
static const OSSL_ALGORITHM *p_prov_query(void *provctx, int operation_id,
int *no_cache)
{
@@ -60,6 +88,8 @@ static const OSSL_ALGORITHM *p_prov_query(void *provctx, int operation_id,
switch (operation_id) {
case OSSL_OP_DIGEST:
return uadk_prov_digests;
+ case OSSL_OP_CIPHER:
+ return uadk_prov_ciphers;
}
return NULL;
}
@@ -69,6 +99,7 @@ static void p_teardown(void *provctx)
struct p_uadk_ctx *ctx = (struct p_uadk_ctx *)provctx;
uadk_prov_destroy_digest();
+ uadk_prov_destroy_cipher();
OPENSSL_free(ctx);
}
--
2.25.1

31
0013-digest-modify-the-process-of-free-session.patch
View File

@ -1,31 +0,0 @@
From ca59dfa548656d82d6d50a6dad6bfc88b2825473 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 6 Jan 2022 14:49:27 +0800
Subject: [PATCH 13/18] digest: modify the process of free session
Currently, release the session in the cleanup instead of final. so not
should free session in the final. Here is fix it.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 41de449..cbfb539 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -688,10 +688,6 @@ sync_err:
ret = uadk_e_digest_soft_work(priv, priv->tail, digest);
clear:
async_clear_async_event_notification();
- if (priv->sess) {
- wd_digest_free_sess(priv->sess);
- priv->sess = 0;
- }
return ret;
}
--
2.24.4

63
0013-sanity_test-add-prov_cipher-for-openssl-3.0.patch Normal file
View File

@ -0,0 +1,63 @@
From 398c8b00dac8bd71e00d1d48c726a7402552ea15 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Wed, 5 Jul 2023 03:19:35 +0000
Subject: [PATCH 13/48] sanity_test: add prov_cipher for openssl 3.0
Add sanity test of cipher in openssl 3.0
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
test/sanity_test.sh | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/test/sanity_test.sh b/test/sanity_test.sh
index 899d02c..d46c570 100755
--- a/test/sanity_test.sh
+++ b/test/sanity_test.sh
@@ -14,6 +14,7 @@ if [[ $version =~ "3.0" ]]; then
fi
digest_algs=$(openssl list -provider $engine_id -digest-algorithms)
+ cipher_algs=$(openssl list -provider $engine_id -digest-algorithms)
fi
if [[ $digest_algs =~ "uadk_provider" ]]; then
@@ -35,6 +36,35 @@ if [[ $digest_algs =~ "uadk_provider" ]]; then
openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-512
fi
+if [[ $cipher_algs =~ "uadk_provider" ]]; then
+ echo "uadk_provider testing cipher"
+ openssl speed -provider $engine_id -provider default -evp aes-128-cbc
+ openssl speed -provider $engine_id -provider default -evp aes-192-cbc
+ openssl speed -provider $engine_id -provider default -evp aes-256-cbc
+ openssl speed -provider $engine_id -provider default -evp aes-128-ecb
+ openssl speed -provider $engine_id -provider default -evp aes-192-ecb
+ openssl speed -provider $engine_id -provider default -evp aes-256-ecb
+ openssl speed -provider $engine_id -provider default -evp aes-128-xts
+ openssl speed -provider $engine_id -provider default -evp aes-256-xts
+ openssl speed -provider $engine_id -provider default -evp sm4-cbc
+ openssl speed -provider $engine_id -provider default -evp sm4-ecb
+ openssl speed -provider $engine_id -provider default -evp des-ede3-cbc
+ openssl speed -provider $engine_id -provider default -evp des-ede3-ecb
+
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp aes-128-cbc
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp aes-192-cbc
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp aes-256-cbc
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp aes-128-ecb
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp aes-192-ecb
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp aes-256-ecb
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp aes-128-xts
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp aes-256-xts
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sm4-cbc
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sm4-ecb
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp des-ede3-cbc
+ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp des-ede3-ecb
+fi
+
if [[ $version =~ "1.1.1" ]]; then
echo "openssl 1.1.1"
if [ ! -n "$1" ]; then
--
2.25.1

153
0014-digest-modify-the-process-of-soft-and-hardware-hando.patch
View File

@ -1,153 +0,0 @@
From 7efc5b169d74b84af8108bc736d80eedbe3a8004 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 6 Jan 2022 14:48:13 +0800
Subject: [PATCH 14/18] digest: modify the process of soft and hardware handoff
Due to has added the stream mode for digest. So need to modify the
process of software and hardware handoff.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 60 +++++++++++++++++++++++++++++++++++++----------
1 file changed, 48 insertions(+), 12 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index cbfb539..bf738af 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -44,6 +44,14 @@
#define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024)
#define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512)
#define MAX_DIGEST_LENGTH 64
+#define DIGEST_BLOCK_SIZE (512 * 1024)
+
+enum sec_digestz_state {
+ SEC_DIGEST_INIT,
+ SEC_DIGEST_FIRST_UPDATING,
+ SEC_DIGEST_DOING,
+ SEC_DIGEST_FINAL
+};
struct digest_threshold_table {
int nid;
@@ -72,21 +80,19 @@ struct evp_md_ctx_st {
int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count);
};
-#define DIGEST_BLOCK_SIZE 4096
-
struct digest_priv_ctx {
handle_t sess;
struct wd_digest_sess_setup setup;
struct wd_digest_req req;
unsigned char *data;
unsigned char out[MAX_DIGEST_LENGTH];
- size_t tail;
+ EVP_MD_CTX *soft_ctx;
size_t last_update_bufflen;
- bool copy;
uint32_t e_nid;
- EVP_MD_CTX *soft_ctx;
- size_t switch_threshold;
+ uint32_t state;
+ uint32_t switch_threshold;
int switch_flag;
+ bool copy;
};
static int digest_nids[] = {
@@ -150,7 +156,7 @@ static const EVP_MD *uadk_e_digests_soft_md(uint32_t e_nid)
return digest_md;
}
-static int sec_digest_get_sw_threshold(int n_id)
+static uint32_t sec_digest_get_sw_threshold(int n_id)
{
int threshold_table_size = ARRAY_SIZE(digest_pkt_threshold_table);
int i = 0;
@@ -464,6 +470,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
priv->soft_ctx = EVP_MD_CTX_new();
priv->e_nid = nid;
+ priv->state = SEC_DIGEST_INIT;
ret = uadk_e_init_digest();
if (!ret) {
priv->switch_flag = UADK_DO_SOFT;
@@ -504,7 +511,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
return 0;
priv->data = malloc(DIGEST_BLOCK_SIZE);
- if (priv->data == NULL) {
+ if (!priv->data) {
wd_digest_free_sess(priv->sess);
return 0;
}
@@ -540,9 +547,16 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
left_len -= copy_to_bufflen;
tmpdata += copy_to_bufflen;
+ if (priv->state == SEC_DIGEST_INIT)
+ priv->state = SEC_DIGEST_FIRST_UPDATING;
+ else if (priv->state == SEC_DIGEST_FIRST_UPDATING)
+ priv->state = SEC_DIGEST_DOING;
+
ret = wd_do_digest_sync(priv->sess, &priv->req);
- if (ret)
- return 0;
+ if (ret) {
+ fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n");
+ goto do_soft_digest;
+ }
priv->last_update_bufflen = 0;
memset(priv->data, 0, DIGEST_BLOCK_SIZE);
@@ -551,10 +565,26 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
memcpy(priv->data, tmpdata, priv->last_update_bufflen);
break;
}
+ }
+
+ return 1;
+do_soft_digest:
+ if (priv->state == SEC_DIGEST_FIRST_UPDATING
+ && priv->data
+ && priv->last_update_bufflen != 0) {
+ priv->switch_flag = UADK_DO_SOFT;
+ digest_soft_init(priv->soft_ctx, priv->e_nid);
+ ret = digest_soft_update(priv->soft_ctx, priv->e_nid,
+ priv->data, priv->last_update_bufflen);
+ if (ret != 1)
+ return ret;
+ return digest_soft_update(priv->soft_ctx, priv->e_nid,
+ tmpdata, left_len);
}
- return 1;
+ fprintf(stderr, "do soft digest failed during updating!\n");
+ return 0;
}
static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_len)
@@ -681,11 +711,17 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
goto clear;
}
memcpy(digest, priv->req.out, priv->req.out_bytes);
+ priv->last_update_bufflen = 0;
return 1;
sync_err:
- ret = uadk_e_digest_soft_work(priv, priv->tail, digest);
+ if (priv->state == SEC_DIGEST_INIT) {
+ ret = uadk_e_digest_soft_work(priv, priv->req.in_bytes, digest);
+ } else {
+ ret = 0;
+ fprintf(stderr, "do sec digest stream mode failed.\n");
+ }
clear:
async_clear_async_event_notification();
return ret;
--
2.24.4

431
0014-uadk_engine-fixup-signed-unsigned-mix-with-relationa.patch Normal file
View File

@ -0,0 +1,431 @@
From a0f9f17748a12f86385a39100177da5c6b7c1619 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Thu, 15 Jun 2023 19:31:57 +0800
Subject: [PATCH 14/48] uadk_engine: fixup signed-unsigned mix with relational
Fixup the following variable type issues:
1. Perform type conversion, using the same type in expressions.
2. Fixup subscript may be negative and signed-unsigned mix with
relational problems.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_cipher.c | 19 ++++++++++---------
src/uadk_dh.c | 38 +++++++++++++++++++++++---------------
src/uadk_digest.c | 11 +++++++----
src/uadk_ec.c | 2 +-
src/uadk_ecx.c | 18 +++++++++---------
src/uadk_pkey.c | 13 ++++++++-----
src/uadk_rsa.c | 3 ++-
src/uadk_utils.h | 1 -
8 files changed, 60 insertions(+), 45 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 940c26c..05223ae 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -203,8 +203,8 @@ static struct cipher_info cipher_info_table[] = {
static const EVP_CIPHER *sec_ciphers_get_cipher_sw_impl(int n_id)
{
- int sec_cipher_sw_table_size = ARRAY_SIZE(sec_ciphers_sw_table);
- int i;
+ __u32 sec_cipher_sw_table_size = ARRAY_SIZE(sec_ciphers_sw_table);
+ __u32 i;
for (i = 0; i < sec_cipher_sw_table_size; i++) {
if (n_id == sec_ciphers_sw_table[i].nid)
@@ -348,10 +348,9 @@ static int uadk_get_accel_platform(char *alg_name)
static int uadk_e_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
const int **nids, int nid)
{
- int ret = 1;
int *cipher_nids;
- int size;
- int i;
+ __u32 size, i;
+ int ret = 1;
if (platform == HW_V2) {
size = (sizeof(cipher_hw_v2_nids) - 1) / sizeof(int);
@@ -665,8 +664,9 @@ static int uadk_e_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
{
struct cipher_priv_ctx *priv =
(struct cipher_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
- int cipher_counts = ARRAY_SIZE(cipher_info_table);
- int nid, ret, i;
+ __u32 cipher_counts = ARRAY_SIZE(cipher_info_table);
+ int nid, ret;
+ __u32 i;
if (unlikely(!key)) {
fprintf(stderr, "ctx init parameter key is NULL.\n");
@@ -762,7 +762,7 @@ static void uadk_cipher_update_priv_ctx(struct cipher_priv_ctx *priv)
__u16 iv_bytes = priv->req.iv_bytes;
int offset = priv->req.in_bytes - iv_bytes;
unsigned char K[IV_LEN] = {0};
- int i;
+ __u32 i;
switch (priv->setup.mode) {
case WD_CIPHER_CFB:
@@ -1150,7 +1150,8 @@ static void destroy_v3_cipher(void)
void uadk_e_destroy_cipher(void)
{
- int i, ret;
+ __u32 i;
+ int ret;
if (engine.pid == getpid()) {
ret = uadk_e_is_env_enabled("cipher");
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 89157d2..c5ef813 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -67,7 +67,7 @@ struct uadk_dh_sess {
struct wd_dh_sess_setup setup;
struct wd_dh_req req;
DH *alg;
- uint32_t key_size;
+ __u16 key_size;
};
struct dh_res {
@@ -316,7 +316,7 @@ static int uadk_e_wd_dh_init(struct dh_res_config *config, struct uacce_dev *dev
struct wd_sched *sched = &config->sched.wd_sched;
struct wd_ctx_config *ctx_cfg;
int ret = 0;
- int i;
+ __u32 i;
ret = uadk_e_is_env_enabled("dh");
if (ret == ENV_ENABLED)
@@ -406,7 +406,8 @@ err_unlock:
static void uadk_e_wd_dh_uninit(void)
{
struct wd_ctx_config *ctx_cfg = g_dh_res.ctx_res;
- int i, ret;
+ __u32 i;
+ int ret;
if (g_dh_res.pid == getpid()) {
ret = uadk_e_is_env_enabled("dh");
@@ -440,9 +441,9 @@ static struct uadk_dh_sess *dh_new_eng_session(DH *dh_alg)
}
static int dh_init_eng_session(struct uadk_dh_sess *dh_sess,
- int bits, bool is_g2)
+ __u16 bits, bool is_g2)
{
- uint32_t key_size = (uint32_t)bits >> CHAR_BIT_SIZE;
+ __u16 key_size = bits >> CHAR_BIT_SIZE;
struct sched_params params = {0};
if (dh_sess->sess && dh_sess->req.x_p) {
@@ -453,7 +454,7 @@ static int dh_init_eng_session(struct uadk_dh_sess *dh_sess,
if (!dh_sess->sess) {
dh_sess->key_size = key_size;
- dh_sess->setup.key_bits = dh_sess->key_size << CHAR_BIT_SIZE;
+ dh_sess->setup.key_bits = bits;
dh_sess->setup.is_g2 = is_g2;
params.numa_id = g_dh_res.numa_id;
dh_sess->setup.sched_param = &params;
@@ -482,7 +483,7 @@ static void dh_free_eng_session(struct uadk_dh_sess *dh_sess)
OPENSSL_free(dh_sess);
}
-static struct uadk_dh_sess *dh_get_eng_session(DH *dh, int bits,
+static struct uadk_dh_sess *dh_get_eng_session(DH *dh, __u16 bits,
bool is_g2)
{
struct uadk_dh_sess *dh_sess = dh_new_eng_session(dh);
@@ -500,9 +501,10 @@ static struct uadk_dh_sess *dh_get_eng_session(DH *dh, int bits,
return dh_sess;
}
-static int check_dh_bit_useful(const int bits)
+static int check_dh_bit_useful(const __u16 bits)
{
- /* Check whether bits exceeds the limit.
+ /*
+ * Check whether bits exceeds the limit.
* The max module bits of openssl soft alg is
* OPENSSL_DH_MAX_MODULUS_BITS, 10000 bits.
* OpenSSL speed tool supports 2048/3072/4096/6144/8192 bits.
@@ -524,7 +526,7 @@ static int check_dh_bit_useful(const int bits)
return UADK_E_FAIL;
}
-static int dh_prepare_data(const int bits, const BIGNUM *g, DH *dh,
+static int dh_prepare_data(const __u16 bits, const BIGNUM *g, DH *dh,
struct uadk_dh_sess **dh_sess,
BIGNUM **priv_key)
{
@@ -552,7 +554,7 @@ static int dh_prepare_data(const int bits, const BIGNUM *g, DH *dh,
return ret;
}
-static int dh_set_g(const BIGNUM *g, const int key_size,
+static int dh_set_g(const BIGNUM *g, const __u16 key_size,
unsigned char *ag_bin, struct uadk_dh_sess *dh_sess)
{
struct wd_dtb g_dtb;
@@ -592,7 +594,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p,
const BIGNUM *priv_key,
struct uadk_dh_sess *dh_sess)
{
- int key_size = dh_sess->key_size;
+ __u16 key_size = dh_sess->key_size;
unsigned char *apriv_key_bin;
unsigned char *ag_bin;
unsigned char *ap_bin;
@@ -642,7 +644,7 @@ static int dh_fill_compkey_req(const BIGNUM *g, const BIGNUM *p,
const BIGNUM *priv_key, const BIGNUM *pub_key,
struct uadk_dh_sess *dh_sess)
{
- int key_size = dh_sess->key_size;
+ __u16 key_size = dh_sess->key_size;
unsigned char *apriv_key_bin;
unsigned char *ap_bin;
unsigned char *ag_bin;
@@ -759,10 +761,10 @@ static int uadk_e_dh_generate_key(DH *dh)
struct uadk_dh_sess *dh_sess = NULL;
BIGNUM *priv_key = NULL;
BIGNUM *pub_key = NULL;
- int bits = DH_bits(dh);
const BIGNUM *p = NULL;
const BIGNUM *g = NULL;
const BIGNUM *q = NULL;
+ __u16 bits;
int ret;
if (!dh)
@@ -776,6 +778,12 @@ static int uadk_e_dh_generate_key(DH *dh)
if (!p || !g || q)
goto exe_soft;
+ /*
+ * The max module bits of DH is
+ * OPENSSL_DH_MAX_MODULUS_BITS, 10000 bits.
+ */
+ bits = (__u16)DH_bits(dh);
+
/* Get session and prepare private key */
ret = dh_prepare_data(bits, g, dh, &dh_sess, &priv_key);
if (!ret) {
@@ -819,8 +827,8 @@ static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
DH *dh)
{
struct uadk_dh_sess *dh_sess = NULL;
+ __u16 bits = (__u16)DH_bits(dh);
BIGNUM *priv_key = NULL;
- int bits = DH_bits(dh);
const BIGNUM *p = NULL;
const BIGNUM *g = NULL;
const BIGNUM *q = NULL;
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index b7718e6..94b2636 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -418,7 +418,8 @@ static int uadk_e_wd_digest_env_init(struct uacce_dev *dev)
static int uadk_e_wd_digest_init(struct uacce_dev *dev)
{
- int ret, i, j;
+ __u32 i, j;
+ int ret;
engine.numa_id = dev->numa_id;
@@ -527,10 +528,11 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
{
struct digest_priv_ctx *priv =
(struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx);
- int digest_counts = ARRAY_SIZE(digest_info_table);
+ __u32 digest_counts = ARRAY_SIZE(digest_info_table);
int nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
struct sched_params params = {0};
- int ret, i;
+ __u32 i;
+ int ret;
priv->e_nid = nid;
@@ -911,7 +913,8 @@ int uadk_e_bind_digest(ENGINE *e)
void uadk_e_destroy_digest(void)
{
- int i, ret;
+ __u32 i;
+ int ret;
if (engine.pid == getpid()) {
ret = uadk_e_is_env_enabled("digest");
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 69ad4e8..d7ad815 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -74,7 +74,7 @@ static void init_dtb_param(void *dtb, char *start,
{
struct wd_dtb *tmp = dtb;
char *buff = start;
- int i = 0;
+ __u32 i = 0;
while (i++ < num) {
tmp->data = buff;
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 0537890..e45fa5e 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -42,13 +42,13 @@ struct ecx_key {
struct ecx_ctx {
handle_t sess;
- int key_size;
+ __u32 key_size;
int nid;
};
-static int reverse_bytes(unsigned char *to_buf, unsigned int size)
+static int reverse_bytes(unsigned char *to_buf, __u32 size)
{
- unsigned char *tmp_buf = to_buf + size - 1;
+ unsigned char *tmp_buf;
unsigned char tmp;
if (!size) {
@@ -61,6 +61,7 @@ static int reverse_bytes(unsigned char *to_buf, unsigned int size)
return UADK_E_FAIL;
}
+ tmp_buf = to_buf + size - 1;
while (to_buf < tmp_buf) {
tmp = *tmp_buf;
*tmp_buf-- = *to_buf;
@@ -234,7 +235,7 @@ static int ecx_get_nid(EVP_PKEY_CTX *ctx)
return nid;
}
-static int ecx_create_privkey(struct ecx_key **ecx_key, int key_size)
+static int ecx_create_privkey(struct ecx_key **ecx_key, __u32 key_size)
{
unsigned char *privkey;
int ret;
@@ -293,12 +294,12 @@ static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx,
static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx,
struct wd_ecc_req *req, struct ecx_key *ecx_key)
{
+ __u32 key_size = ecx_ctx->key_size;
struct wd_ecc_point *pubkey = NULL;
- int key_size = ecx_ctx->key_size;
int ret;
if (key_size > ECX_MAX_KEYLEN) {
- fprintf(stderr, "invalid key size, key_size = %d\n", key_size);
+ fprintf(stderr, "invalid key size, key_size = %u\n", key_size);
return UADK_E_FAIL;
}
@@ -308,8 +309,7 @@ static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx,
return UADK_E_FAIL;
}
- memcpy(ecx_key->pubkey, (const unsigned char *)pubkey->x.data,
- key_size);
+ memcpy(ecx_key->pubkey, (const unsigned char *)pubkey->x.data, key_size);
/* Trans public key from big-endian to little-endian */
ret = reverse_bytes(ecx_key->pubkey, key_size);
if (!ret) {
@@ -507,7 +507,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req,
struct ecx_key *peer_ecx_key,
struct ecx_key *ecx_key)
{
- int key_size = ecx_ctx->key_size;
+ __u32 key_size = ecx_ctx->key_size;
char buf_y[ECX_MAX_KEYLEN] = {0};
handle_t sess = ecx_ctx->sess;
struct wd_ecc_point in_pubkey;
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index ba33b7d..b24c196 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -197,7 +197,8 @@ static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
struct wd_sched *sched)
{
struct wd_ctx_config *ctx_cfg;
- int ret, i;
+ __u32 i;
+ int ret;
ctx_cfg = calloc(1, sizeof(struct wd_ctx_config));
if (!ctx_cfg)
@@ -258,7 +259,8 @@ static int uadk_wd_ecc_init(struct ecc_res_config *config, struct uacce_dev *dev
static void uadk_wd_ecc_uninit(void)
{
struct wd_ctx_config *ctx_cfg = ecc_res.ctx_res;
- int i, ret;
+ __u32 i;
+ int ret;
if (ecc_res.pid != getpid())
return;
@@ -328,7 +330,7 @@ err:
bool uadk_is_all_zero(const unsigned char *data, size_t dlen)
{
- int i;
+ size_t i;
for (i = 0; i < dlen; i++) {
if (data[i])
@@ -559,7 +561,7 @@ const EVP_PKEY_METHOD *get_openssl_pkey_meth(int nid)
size_t count = EVP_PKEY_meth_get_count();
const EVP_PKEY_METHOD *pmeth;
int pkey_id = -1;
- int i;
+ size_t i;
for (i = 0; i < count; i++) {
pmeth = EVP_PKEY_meth_get0(i);
@@ -636,7 +638,8 @@ void uadk_e_ecc_lock_init(void)
int uadk_e_bind_ecc(ENGINE *e)
{
static const char * const ecc_alg[] = {"sm2", "ecdsa", "ecdh", "x25519", "x448"};
- int i, size, ret;
+ __u32 i, size;
+ int ret;
bool sp;
/* Enumerate ecc algs to check whether it is supported and set tags */
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 8af0844..23deb3c 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -828,7 +828,8 @@ err_unlock:
static void uadk_e_rsa_uninit(void)
{
struct wd_ctx_config *ctx_cfg = g_rsa_res.ctx_res;
- int i, ret;
+ __u32 i;
+ int ret;
if (g_rsa_res.pid == getpid()) {
ret = uadk_e_is_env_enabled("rsa");
diff --git a/src/uadk_utils.h b/src/uadk_utils.h
index a16536b..028eb15 100644
--- a/src/uadk_utils.h
+++ b/src/uadk_utils.h
@@ -17,7 +17,6 @@
#ifndef UADK_UTILS
#define UADK_UTILS
#include <stdio.h>
-#include <stdlib.h>
#include <string.h>
void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len);
--
2.25.1

114
0015-ecc-bugfix-about-sm2-decryption.patch
View File

@ -1,114 +0,0 @@
From 32c58bf68e7f33d0170b3cc9040a11395a68df72 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 8 Jan 2022 07:24:22 +0000
Subject: [PATCH 15/18] ecc: bugfix about sm2 decryption
When doing sm2_decrypt_check(), if the out param is NULL,
it is supposed to use sm2_plaintext_size() function to
get the output plain text length, rather than use
sm2_ciphertext_size().
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_sm2.c | 29 ++++++++++++++++++++++-------
1 file changed, 22 insertions(+), 7 deletions(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index f602e48..b39c418 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -524,7 +524,7 @@ static int cipher_ber_to_bin(unsigned char *ber, size_t ber_len,
len = BN_num_bytes(ctext_struct->C1x);
len1 = BN_num_bytes(ctext_struct->C1y);
c1->x.data = malloc(len + len1 + ctext_struct->C2->length +
- ctext_struct->C3->length);
+ ctext_struct->C3->length);
if (!c1->x.data) {
ret = -ENOMEM;
goto free_ctext;
@@ -547,7 +547,6 @@ free_ctext:
static size_t ec_field_size(const EC_GROUP *group)
{
- /* Is there some simpler way to do this? */
BIGNUM *p = BN_new();
BIGNUM *a = BN_new();
BIGNUM *b = BN_new();
@@ -559,7 +558,7 @@ static size_t ec_field_size(const EC_GROUP *group)
if (!EC_GROUP_get_curve(group, p, a, b, NULL))
goto done;
- /* Pad and convert bits to bytes*/
+ /* Pad and convert bits to bytes */
field_size = (BN_num_bits(p) + 7) / 8;
done:
@@ -570,6 +569,22 @@ done:
return field_size;
}
+static int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size)
+{
+ struct sm2_ciphertext *sm2_ctext;
+
+ sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size);
+ if (!sm2_ctext) {
+ fprintf(stderr, "invalid sm2 encoding\n");
+ return 0;
+ }
+
+ *pt_size = sm2_ctext->C2->length;
+ SM2_Ciphertext_free(sm2_ctext);
+
+ return 1;
+}
+
static int sm2_ciphertext_size(const EC_KEY *key,
const EVP_MD *digest, size_t msg_len,
size_t *ct_size)
@@ -589,6 +604,7 @@ static int sm2_ciphertext_size(const EC_KEY *key,
+ ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING)
+ ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING);
*ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE);
+
return 1;
}
@@ -792,7 +808,7 @@ static int sm2_verify(EVP_PKEY_CTX *ctx,
}
ret = uadk_ecc_crypto(smctx->sess, &req, smctx);
- if (ret != 1) {
+ if (!ret) {
ret = UADK_DO_SOFT;
fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret);
goto uninit_iot;
@@ -941,8 +957,6 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx,
const unsigned char *in, size_t inlen)
{
struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx);
- EVP_PKEY *p_key = EVP_PKEY_CTX_get0_pkey(ctx);
- EC_KEY *ec = EVP_PKEY_get0(p_key);
const EVP_MD *md;
int hash_size;
@@ -959,7 +973,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx,
}
if (!out) {
- if (!sm2_ciphertext_size(ec, md, inlen, outlen))
+ if (!sm2_plaintext_size(in, inlen, outlen))
return -1;
else
return 1;
@@ -1039,6 +1053,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
}
md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
+
ret = cipher_ber_to_bin((void *)in, inlen, &c1, &c2, &c3);
if (ret)
goto do_soft;
--
2.24.4

334
0015-uadk_engine-fixup-variable-naming-conflicts.patch Normal file
View File

@ -0,0 +1,334 @@
From 77a9e5523fad8473438c55ce5601bf0fabbb7279 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 17 Jun 2023 20:27:32 +0800
Subject: [PATCH 15/48] uadk_engine: fixup variable naming conflicts
Use different global variable name in cipher and
digest algs.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_cipher.c | 80 +++++++++++++++++++++++------------------------
src/uadk_digest.c | 64 ++++++++++++++++++-------------------
2 files changed, 72 insertions(+), 72 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 05223ae..76680dd 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -47,7 +47,7 @@ struct cipher_engine {
pthread_spinlock_t lock;
};
-static struct cipher_engine engine;
+static struct cipher_engine g_cipher_engine;
struct sw_cipher_t {
int nid;
@@ -562,41 +562,41 @@ static int uadk_e_wd_cipher_init(struct uacce_dev *dev)
{
int ret, i, j;
- engine.numa_id = dev->numa_id;
+ g_cipher_engine.numa_id = dev->numa_id;
ret = uadk_e_is_env_enabled("cipher");
if (ret == ENV_ENABLED)
return uadk_e_wd_cipher_env_init(dev);
- memset(&engine.ctx_cfg, 0, sizeof(struct wd_ctx_config));
- engine.ctx_cfg.ctx_num = CTX_NUM;
- engine.ctx_cfg.ctxs = calloc(CTX_NUM, sizeof(struct wd_ctx));
- if (!engine.ctx_cfg.ctxs)
+ memset(&g_cipher_engine.ctx_cfg, 0, sizeof(struct wd_ctx_config));
+ g_cipher_engine.ctx_cfg.ctx_num = CTX_NUM;
+ g_cipher_engine.ctx_cfg.ctxs = calloc(CTX_NUM, sizeof(struct wd_ctx));
+ if (!g_cipher_engine.ctx_cfg.ctxs)
return -ENOMEM;
for (i = 0; i < CTX_NUM; i++) {
- engine.ctx_cfg.ctxs[i].ctx = wd_request_ctx(dev);
- if (!engine.ctx_cfg.ctxs[i].ctx) {
+ g_cipher_engine.ctx_cfg.ctxs[i].ctx = wd_request_ctx(dev);
+ if (!g_cipher_engine.ctx_cfg.ctxs[i].ctx) {
ret = -ENOMEM;
goto err_freectx;
}
}
- engine.ctx_cfg.ctxs[CTX_SYNC_ENC].op_type = CTX_TYPE_ENCRYPT;
- engine.ctx_cfg.ctxs[CTX_SYNC_DEC].op_type = CTX_TYPE_DECRYPT;
- engine.ctx_cfg.ctxs[CTX_ASYNC_ENC].op_type = CTX_TYPE_ENCRYPT;
- engine.ctx_cfg.ctxs[CTX_ASYNC_DEC].op_type = CTX_TYPE_DECRYPT;
- engine.ctx_cfg.ctxs[CTX_SYNC_ENC].ctx_mode = CTX_MODE_SYNC;
- engine.ctx_cfg.ctxs[CTX_SYNC_DEC].ctx_mode = CTX_MODE_SYNC;
- engine.ctx_cfg.ctxs[CTX_ASYNC_ENC].ctx_mode = CTX_MODE_ASYNC;
- engine.ctx_cfg.ctxs[CTX_ASYNC_DEC].ctx_mode = CTX_MODE_ASYNC;
-
- engine.sched.name = "sched_single";
- engine.sched.pick_next_ctx = sched_single_pick_next_ctx;
- engine.sched.poll_policy = sched_single_poll_policy;
- engine.sched.sched_init = sched_single_init;
-
- ret = wd_cipher_init(&engine.ctx_cfg, &engine.sched);
+ g_cipher_engine.ctx_cfg.ctxs[CTX_SYNC_ENC].op_type = CTX_TYPE_ENCRYPT;
+ g_cipher_engine.ctx_cfg.ctxs[CTX_SYNC_DEC].op_type = CTX_TYPE_DECRYPT;
+ g_cipher_engine.ctx_cfg.ctxs[CTX_ASYNC_ENC].op_type = CTX_TYPE_ENCRYPT;
+ g_cipher_engine.ctx_cfg.ctxs[CTX_ASYNC_DEC].op_type = CTX_TYPE_DECRYPT;
+ g_cipher_engine.ctx_cfg.ctxs[CTX_SYNC_ENC].ctx_mode = CTX_MODE_SYNC;
+ g_cipher_engine.ctx_cfg.ctxs[CTX_SYNC_DEC].ctx_mode = CTX_MODE_SYNC;
+ g_cipher_engine.ctx_cfg.ctxs[CTX_ASYNC_ENC].ctx_mode = CTX_MODE_ASYNC;
+ g_cipher_engine.ctx_cfg.ctxs[CTX_ASYNC_DEC].ctx_mode = CTX_MODE_ASYNC;
+
+ g_cipher_engine.sched.name = "sched_single";
+ g_cipher_engine.sched.pick_next_ctx = sched_single_pick_next_ctx;
+ g_cipher_engine.sched.poll_policy = sched_single_poll_policy;
+ g_cipher_engine.sched.sched_init = sched_single_init;
+
+ ret = wd_cipher_init(&g_cipher_engine.ctx_cfg, &g_cipher_engine.sched);
if (ret)
goto err_freectx;
@@ -606,9 +606,9 @@ static int uadk_e_wd_cipher_init(struct uacce_dev *dev)
err_freectx:
for (j = 0; j < i; j++)
- wd_release_ctx(engine.ctx_cfg.ctxs[j].ctx);
+ wd_release_ctx(g_cipher_engine.ctx_cfg.ctxs[j].ctx);
- free(engine.ctx_cfg.ctxs);
+ free(g_cipher_engine.ctx_cfg.ctxs);
return ret;
}
@@ -618,16 +618,16 @@ static int uadk_e_init_cipher(void)
struct uacce_dev *dev;
int ret;
- if (engine.pid != getpid()) {
- pthread_spin_lock(&engine.lock);
- if (engine.pid == getpid()) {
- pthread_spin_unlock(&engine.lock);
+ if (g_cipher_engine.pid != getpid()) {
+ pthread_spin_lock(&g_cipher_engine.lock);
+ if (g_cipher_engine.pid == getpid()) {
+ pthread_spin_unlock(&g_cipher_engine.lock);
return 1;
}
dev = wd_get_accel_dev("cipher");
if (!dev) {
- pthread_spin_unlock(&engine.lock);
+ pthread_spin_unlock(&g_cipher_engine.lock);
fprintf(stderr, "failed to get device for cipher.\n");
return 0;
}
@@ -636,15 +636,15 @@ static int uadk_e_init_cipher(void)
if (ret)
goto err_unlock;
- engine.pid = getpid();
- pthread_spin_unlock(&engine.lock);
+ g_cipher_engine.pid = getpid();
+ pthread_spin_unlock(&g_cipher_engine.lock);
free(dev);
}
return 1;
err_unlock:
- pthread_spin_unlock(&engine.lock);
+ pthread_spin_unlock(&g_cipher_engine.lock);
free(dev);
fprintf(stderr, "failed to init cipher(%d).\n", ret);
@@ -1153,20 +1153,20 @@ void uadk_e_destroy_cipher(void)
__u32 i;
int ret;
- if (engine.pid == getpid()) {
+ if (g_cipher_engine.pid == getpid()) {
ret = uadk_e_is_env_enabled("cipher");
if (ret == ENV_ENABLED) {
wd_cipher_env_uninit();
} else {
wd_cipher_uninit();
- for (i = 0; i < engine.ctx_cfg.ctx_num; i++)
- wd_release_ctx(engine.ctx_cfg.ctxs[i].ctx);
- free(engine.ctx_cfg.ctxs);
+ for (i = 0; i < g_cipher_engine.ctx_cfg.ctx_num; i++)
+ wd_release_ctx(g_cipher_engine.ctx_cfg.ctxs[i].ctx);
+ free(g_cipher_engine.ctx_cfg.ctxs);
}
- engine.pid = 0;
+ g_cipher_engine.pid = 0;
}
- pthread_spin_destroy(&engine.lock);
+ pthread_spin_destroy(&g_cipher_engine.lock);
destroy_v2_cipher();
if (platform > HW_V2)
@@ -1175,5 +1175,5 @@ void uadk_e_destroy_cipher(void)
void uadk_e_cipher_lock_init(void)
{
- pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
+ pthread_spin_init(&g_cipher_engine.lock, PTHREAD_PROCESS_PRIVATE);
}
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 94b2636..984127e 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -73,7 +73,7 @@ struct digest_engine {
pthread_spinlock_t lock;
};
-static struct digest_engine engine;
+static struct digest_engine g_digest_engine;
struct evp_md_ctx_st {
const EVP_MD *digest;
@@ -421,36 +421,36 @@ static int uadk_e_wd_digest_init(struct uacce_dev *dev)
__u32 i, j;
int ret;
- engine.numa_id = dev->numa_id;
+ g_digest_engine.numa_id = dev->numa_id;
ret = uadk_e_is_env_enabled("digest");
if (ret == ENV_ENABLED)
return uadk_e_wd_digest_env_init(dev);
- memset(&engine.ctx_cfg, 0, sizeof(struct wd_ctx_config));
- engine.ctx_cfg.ctx_num = CTX_NUM;
- engine.ctx_cfg.ctxs = calloc(CTX_NUM, sizeof(struct wd_ctx));
- if (!engine.ctx_cfg.ctxs)
+ memset(&g_digest_engine.ctx_cfg, 0, sizeof(struct wd_ctx_config));
+ g_digest_engine.ctx_cfg.ctx_num = CTX_NUM;
+ g_digest_engine.ctx_cfg.ctxs = calloc(CTX_NUM, sizeof(struct wd_ctx));
+ if (!g_digest_engine.ctx_cfg.ctxs)
return -ENOMEM;
for (i = 0; i < CTX_NUM; i++) {
- engine.ctx_cfg.ctxs[i].ctx = wd_request_ctx(dev);
- if (!engine.ctx_cfg.ctxs[i].ctx) {
+ g_digest_engine.ctx_cfg.ctxs[i].ctx = wd_request_ctx(dev);
+ if (!g_digest_engine.ctx_cfg.ctxs[i].ctx) {
ret = -ENOMEM;
goto err_freectx;
}
- engine.ctx_cfg.ctxs[i].op_type = CTX_TYPE_ENCRYPT;
- engine.ctx_cfg.ctxs[i].ctx_mode =
+ g_digest_engine.ctx_cfg.ctxs[i].op_type = CTX_TYPE_ENCRYPT;
+ g_digest_engine.ctx_cfg.ctxs[i].ctx_mode =
(i == 0) ? CTX_MODE_SYNC : CTX_MODE_ASYNC;
}
- engine.sched.name = "sched_single";
- engine.sched.pick_next_ctx = sched_single_pick_next_ctx;
- engine.sched.poll_policy = sched_single_poll_policy;
- engine.sched.sched_init = sched_single_init;
+ g_digest_engine.sched.name = "sched_single";
+ g_digest_engine.sched.pick_next_ctx = sched_single_pick_next_ctx;
+ g_digest_engine.sched.poll_policy = sched_single_poll_policy;
+ g_digest_engine.sched.sched_init = sched_single_init;
- ret = wd_digest_init(&engine.ctx_cfg, &engine.sched);
+ ret = wd_digest_init(&g_digest_engine.ctx_cfg, &g_digest_engine.sched);
if (ret)
goto err_freectx;
@@ -460,9 +460,9 @@ static int uadk_e_wd_digest_init(struct uacce_dev *dev)
err_freectx:
for (j = 0; j < i; j++)
- wd_release_ctx(engine.ctx_cfg.ctxs[j].ctx);
+ wd_release_ctx(g_digest_engine.ctx_cfg.ctxs[j].ctx);
- free(engine.ctx_cfg.ctxs);
+ free(g_digest_engine.ctx_cfg.ctxs);
return ret;
}
@@ -472,16 +472,16 @@ static int uadk_e_init_digest(void)
struct uacce_dev *dev;
int ret;
- if (engine.pid != getpid()) {
- pthread_spin_lock(&engine.lock);
- if (engine.pid == getpid()) {
- pthread_spin_unlock(&engine.lock);
+ if (g_digest_engine.pid != getpid()) {
+ pthread_spin_lock(&g_digest_engine.lock);
+ if (g_digest_engine.pid == getpid()) {
+ pthread_spin_unlock(&g_digest_engine.lock);
return 1;
}
dev = wd_get_accel_dev("digest");
if (!dev) {
- pthread_spin_unlock(&engine.lock);
+ pthread_spin_unlock(&g_digest_engine.lock);
fprintf(stderr, "failed to get device for digest.\n");
return 0;
}
@@ -490,15 +490,15 @@ static int uadk_e_init_digest(void)
if (ret)
goto err_unlock;
- engine.pid = getpid();
- pthread_spin_unlock(&engine.lock);
+ g_digest_engine.pid = getpid();
+ pthread_spin_unlock(&g_digest_engine.lock);
free(dev);
}
return 1;
err_unlock:
- pthread_spin_unlock(&engine.lock);
+ pthread_spin_unlock(&g_digest_engine.lock);
free(dev);
fprintf(stderr, "failed to init digest(%d).\n", ret);
@@ -860,7 +860,7 @@ do { \
void uadk_e_digest_lock_init(void)
{
- pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
+ pthread_spin_init(&g_digest_engine.lock, PTHREAD_PROCESS_PRIVATE);
}
int uadk_e_bind_digest(ENGINE *e)
@@ -916,20 +916,20 @@ void uadk_e_destroy_digest(void)
__u32 i;
int ret;
- if (engine.pid == getpid()) {
+ if (g_digest_engine.pid == getpid()) {
ret = uadk_e_is_env_enabled("digest");
if (ret == ENV_ENABLED) {
wd_digest_env_uninit();
} else {
wd_digest_uninit();
- for (i = 0; i < engine.ctx_cfg.ctx_num; i++)
- wd_release_ctx(engine.ctx_cfg.ctxs[i].ctx);
- free(engine.ctx_cfg.ctxs);
+ for (i = 0; i < g_digest_engine.ctx_cfg.ctx_num; i++)
+ wd_release_ctx(g_digest_engine.ctx_cfg.ctxs[i].ctx);
+ free(g_digest_engine.ctx_cfg.ctxs);
}
- engine.pid = 0;
+ g_digest_engine.pid = 0;
}
- pthread_spin_destroy(&engine.lock);
+ pthread_spin_destroy(&g_digest_engine.lock);
EVP_MD_meth_free(uadk_md5);
uadk_md5 = 0;
--
2.25.1

103
0016-dh-bugfix-about-dh-compute-key.patch
View File

@ -1,103 +0,0 @@
From ff486764bbab601177acad102febb1497262a88c Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 8 Jan 2022 08:42:55 +0000
Subject: [PATCH 16/18] dh: bugfix about dh compute key
This patch includes:
1. Add an UADK_DO_SOFT tag when dh_do_crypto() failed.
2. Do some tiny cleanup.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_dh.c | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 9c2bfbf..989c9ec 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -741,13 +741,12 @@ static int dh_soft_set_pkey(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
return UADK_E_SUCCESS;
}
-/* Main Phase1: Generate public key */
static int uadk_e_dh_generate_key(DH *dh)
{
struct uadk_dh_sess *dh_sess = NULL;
- int bits = DH_bits(dh);
- BIGNUM *pub_key = NULL;
BIGNUM *priv_key = NULL;
+ BIGNUM *pub_key = NULL;
+ int bits = DH_bits(dh);
const BIGNUM *p = NULL;
const BIGNUM *g = NULL;
const BIGNUM *q = NULL;
@@ -771,7 +770,6 @@ static int uadk_e_dh_generate_key(DH *dh)
goto exe_soft;
}
- /* Fill request data */
ret = dh_fill_genkey_req(g, p, priv_key, dh_sess);
if (!ret) {
fprintf(stderr, "failed to fill req\n");
@@ -786,7 +784,6 @@ static int uadk_e_dh_generate_key(DH *dh)
goto free_sess;
}
- /* Get the generated public key from uadk(->hardware) */
ret = dh_get_pubkey(dh_sess, &pub_key);
if (!ret) {
fprintf(stderr, "failed to get public key\n");
@@ -794,7 +791,6 @@ static int uadk_e_dh_generate_key(DH *dh)
goto free_sess;
}
- /* Set the public key and private key */
ret = dh_soft_set_pkey(dh, pub_key, priv_key);
free_sess:
@@ -806,16 +802,15 @@ exe_soft:
return uadk_e_dh_soft_generate_key(dh);
}
-/* Main Phase2: Compute shared key */
static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
DH *dh)
{
struct uadk_dh_sess *dh_sess = NULL;
+ BIGNUM *priv_key = NULL;
int bits = DH_bits(dh);
const BIGNUM *p = NULL;
const BIGNUM *g = NULL;
const BIGNUM *q = NULL;
- BIGNUM *priv_key = NULL;
int ret;
if (!dh || !key || !pub_key || !DH_get0_priv_key(dh))
@@ -845,6 +840,7 @@ static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
ret = dh_do_crypto(dh_sess);
if (!ret) {
fprintf(stderr, "failed to generate DH shared key\n");
+ ret = UADK_DO_SOFT;
goto free_sess;
}
@@ -894,7 +890,6 @@ static void uadk_e_delete_dh_meth(void)
uadk_dh_method = NULL;
}
-
int uadk_e_bind_dh(ENGINE *e)
{
pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE);
@@ -905,7 +900,6 @@ int uadk_e_bind_dh(ENGINE *e)
void uadk_e_destroy_dh(void)
{
pthread_spin_destroy(&g_dh_res.lock);
-
uadk_e_delete_dh_meth();
uadk_e_wd_dh_uninit();
}
--
2.24.4

30
0016-digest-fixup-free-source-method.patch Normal file
View File

@ -0,0 +1,30 @@
From 1d402a0166a432073f065a8dc66252b13560b81b Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 17 Jun 2023 20:29:38 +0800
Subject: [PATCH 16/48] digest: fixup free source method
Fix the issue of inconsistent interfaces used for
resource application and release in init and cleanp
process.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_digest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 984127e..590a888 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -816,7 +816,7 @@ static int uadk_e_digest_cleanup(EVP_MD_CTX *ctx)
}
if (priv && priv->data)
- OPENSSL_free(priv->data);
+ free(priv->data);
return 1;
}
--
2.25.1

28
0017-ecc-bugfix-about-ecc-general-init.patch
View File

@ -1,28 +0,0 @@
From 3ff18ada641a8ad6c54a6054b4b8323b0b4389a2 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 8 Jan 2022 09:03:00 +0000
Subject: [PATCH 17/18] ecc: bugfix about ecc general init
When calloc failed, it should return with error code directly.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_pkey.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 7ca998b..14e0b8f 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -189,7 +189,7 @@ static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
ctx_cfg = calloc(1, sizeof(struct wd_ctx_config));
if (!ctx_cfg)
- ret = -ENOMEM;
+ return -ENOMEM;
ecc_res.ctx_res = ctx_cfg;
ctx_cfg->ctx_num = CTX_NUM;
--
2.24.4

30
0017-ecc-fixup-free-source-method-inconsistent.patch Normal file
View File

@ -0,0 +1,30 @@
From 4f2cf55360921292716e68a44a4111126e1849b4 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 17 Jun 2023 20:31:29 +0800
Subject: [PATCH 17/48] ecc: fixup free source method inconsistent
EC_POINT_point2buf() use OPENSSL_malloc() to allocate
memory for 'point_bin', we should use OPENSSL_free()
to release it, rather than free().
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_pkey.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index b24c196..35a2696 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -375,7 +375,7 @@ int uadk_ecc_set_public_key(handle_t sess, const EC_KEY *eckey)
ret = UADK_DO_SOFT;
}
- free(point_bin);
+ OPENSSL_free(point_bin);
return ret;
}
--
2.25.1

79
0018-cipher-fixup-error-handling-in-ctx-init.patch Normal file
View File

@ -0,0 +1,79 @@
From 89deb2fdea506068f0819cfd039b109e47ddc86b Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Thu, 13 Jul 2023 20:00:14 +0800
Subject: [PATCH 18/48] cipher: fixup error handling in ctx init
When wd_cipher_alloc_sess() failed, it should return in
error handling branch. Fixed this problem and make related
operation clearer.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_cipher.c | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 76680dd..d4ad33c 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -717,7 +717,7 @@ static int uadk_e_cipher_cleanup(EVP_CIPHER_CTX *ctx)
return 1;
}
-static void async_cb(struct wd_cipher_req *req, void *data)
+static void uadk_e_cipher_cb(struct wd_cipher_req *req, void *data)
{
struct uadk_e_cb_info *cb_param;
struct async_op *op;
@@ -792,10 +792,16 @@ static int do_cipher_sync(struct cipher_priv_ctx *priv)
{
int ret;
- if (unlikely(priv->switch_flag == UADK_DO_SOFT))
+ if (unlikely(priv->switch_flag == UADK_DO_SOFT)) {
+ fprintf(stderr, "switch to soft cipher.\n");
return 0;
+ }
- if (priv->switch_threshold >= priv->req.in_bytes)
+ /*
+ * If the length of the input data does not reach to hardware computing threshold,
+ * directly switch to soft cipher.
+ */
+ if (priv->req.in_bytes <= priv->switch_threshold)
return 0;
ret = wd_do_cipher_sync(priv->sess, &priv->req);
@@ -810,14 +816,15 @@ static int do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *op)
int idx, ret;
if (unlikely(priv->switch_flag == UADK_DO_SOFT)) {
- fprintf(stderr, "async cipher init failed.\n");
+ fprintf(stderr, "switch to soft cipher.\n");
return 0;
}
cb_param.op = op;
cb_param.priv = priv;
- priv->req.cb = (void *)async_cb;
+ priv->req.cb = (void *)uadk_e_cipher_cb;
priv->req.cb_param = &cb_param;
+
ret = async_get_free_task(&idx);
if (!ret)
return 0;
@@ -889,8 +896,10 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
}
priv->sess = wd_cipher_alloc_sess(&priv->setup);
- if (!priv->sess)
+ if (!priv->sess) {
fprintf(stderr, "uadk failed to alloc session!\n");
+ return;
+ }
}
ret = wd_cipher_set_key(priv->sess, priv->key, EVP_CIPHER_CTX_key_length(ctx));
--
2.25.1

113
0018-digest-fix-codecheck-warning.patch
View File

@ -1,113 +0,0 @@
From e26726746340428c58ea1ce2460c0fb669bb7545 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Fri, 7 Jan 2022 09:56:54 +0800
Subject: [PATCH 18/18] digest: fix codecheck warning
fix a more than 50 lines function uadk_e_digest_init.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 57 ++++++++++++++++++++++++++---------------------
1 file changed, 31 insertions(+), 26 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index bf738af..5b843a0 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -95,6 +95,13 @@ struct digest_priv_ctx {
bool copy;
};
+struct digest_info {
+ int nid;
+ enum wd_digest_mode mode;
+ enum wd_digest_type alg;
+ __u32 out_len;
+};
+
static int digest_nids[] = {
NID_md5,
NID_sm3,
@@ -116,6 +123,16 @@ static struct digest_threshold_table digest_pkt_threshold_table[] = {
{ NID_sha512, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT },
};
+static struct digest_info digest_info_table[] = {
+ {NID_md5, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16},
+ {NID_sm3, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32},
+ {NID_sha1, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20},
+ {NID_sha224, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28},
+ {NID_sha256, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32},
+ {NID_sha384, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48},
+ {NID_sha512, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64},
+};
+
static EVP_MD *uadk_md5;
static EVP_MD *uadk_sm3;
static EVP_MD *uadk_sha1;
@@ -451,8 +468,8 @@ static void digest_priv_ctx_setup(struct digest_priv_ctx *priv,
enum wd_digest_type alg, enum wd_digest_mode mode,
__u32 out_len)
{
- priv->setup.mode = alg;
- priv->setup.alg = mode;
+ priv->setup.alg = alg;
+ priv->setup.mode = mode;
priv->req.out_buf_bytes = out_len;
priv->req.out_bytes = out_len;
}
@@ -461,9 +478,10 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
{
struct digest_priv_ctx *priv =
(struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx);
+ int digest_counts = ARRAY_SIZE(digest_info_table);
int nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
struct sched_params params = {0};
- int ret;
+ int ret, i;
/* Allocate a soft ctx for hardware engine */
if (priv->soft_ctx == NULL)
@@ -478,29 +496,16 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
goto soft_init;
}
- switch (nid) {
- case NID_md5:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16);
- break;
- case NID_sm3:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32);
- break;
- case NID_sha1:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20);
- break;
- case NID_sha224:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28);
- break;
- case NID_sha256:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32);
- break;
- case NID_sha384:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48);
- break;
- case NID_sha512:
- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64);
- break;
- default:
+ for (i = 0; i < digest_counts; i++) {
+ if (nid == digest_info_table[i].nid) {
+ digest_priv_ctx_setup(priv, digest_info_table[i].alg,
+ digest_info_table[i].mode, digest_info_table[i].out_len);
+ break;
+ }
+ }
+
+ if (i == digest_counts) {
+ fprintf(stderr, "failed to setup the private ctx.\n");
return 0;
}
--
2.24.4

27
0019-cipher-fixup-a-code-check-warning.patch
View File

@ -1,27 +0,0 @@
From e82ec8d48be21d107635e5f1a4874fb8999a27c4 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Wed, 19 Jan 2022 09:41:25 +0800
Subject: [PATCH 19/22] cipher: fixup a code check warning
Do not put two or more continuous blank lines inside function.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 2b8bb9c..3d376bf 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -890,7 +890,6 @@ static int uadk_e_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
struct async_op op;
int ret;
-
priv->req.src = (unsigned char *)in;
priv->req.in_bytes = inlen;
priv->req.dst = out;
--
2.24.4

40
0019-uadk_engine-modify-setting-async-poll-state-process.patch Normal file
View File

@ -0,0 +1,40 @@
From ccb3f9c8c0294bd466c1bf1b053f966cb12f9476 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 17 Jun 2023 20:35:46 +0800
Subject: [PATCH 19/48] uadk_engine: modify setting async poll state process
To avoid accessing async task conflict in obtaining and
releasing async task process, disable async poll state
before free the async task.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_async.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/uadk_async.c b/src/uadk_async.c
index 86aa9e5..dfac1cb 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -117,6 +117,9 @@ static void async_poll_task_free(void)
int error;
struct async_poll_task *task;
+ /* Disable async poll state first */
+ uadk_e_set_async_poll_state(DISABLE_ASYNC_POLLING);
+
error = pthread_mutex_lock(&poll_queue.async_task_mutex);
if (error != 0)
return;
@@ -127,8 +130,6 @@ static void async_poll_task_free(void)
poll_queue.head = NULL;
- uadk_e_set_async_poll_state(DISABLE_ASYNC_POLLING);
-
pthread_mutex_unlock(&poll_queue.async_task_mutex);
sem_destroy(&poll_queue.empty_sem);
sem_destroy(&poll_queue.full_sem);
--
2.25.1

223
0020-dh-fixup-release-source-of-private-key.patch Normal file
View File

@ -0,0 +1,223 @@
From d07d9f91151efe4103143022721cc1e9de86b546 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 17 Jun 2023 20:38:56 +0800
Subject: [PATCH 20/48] dh: fixup release source of private key
The private key that allocated in dh_prepare_data() should
be released in error handling branch. Fixed this problem
and cleanup the related functions.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_dh.c | 82 ++++++++++++++++++++++++---------------------------
1 file changed, 39 insertions(+), 43 deletions(-)
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index c5ef813..fc91609 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -51,6 +51,7 @@
#define UADK_E_POLL_FAIL (-1)
#define UADK_E_INIT_SUCCESS 0
#define ENV_ENABLED 1
+#define KEY_GEN_BY_ENGINE 1
static DH_METHOD *uadk_dh_method;
@@ -68,6 +69,8 @@ struct uadk_dh_sess {
struct wd_dh_req req;
DH *alg;
__u16 key_size;
+ /* key_flag: 0 - key is defined by user, 1 - key is generated by engine */
+ int key_flag;
};
struct dh_res {
@@ -162,30 +165,24 @@ static int dh_generate_new_priv_key(const DH *dh, BIGNUM *new_priv_key)
return UADK_E_SUCCESS;
}
-static int dh_try_get_priv_key(const DH *dh, BIGNUM **priv_key)
+static int dh_try_get_priv_key(struct uadk_dh_sess *dh_sess, const DH *dh, BIGNUM **priv_key)
{
- int generate_new_key = 0;
- BIGNUM *new_priv_key;
-
*priv_key = (BIGNUM *)DH_get0_priv_key(dh);
if (!(*priv_key)) {
- new_priv_key = BN_secure_new();
- if (!new_priv_key)
- goto err;
- generate_new_key = 1;
- }
+ *priv_key = BN_secure_new();
+ if (!(*priv_key))
+ return UADK_E_FAIL;
- if (generate_new_key) {
- if (!dh_generate_new_priv_key(dh, new_priv_key))
+ if (!dh_generate_new_priv_key(dh, *priv_key))
goto err;
- else
- *priv_key = new_priv_key;
+
+ dh_sess->key_flag = KEY_GEN_BY_ENGINE;
}
return UADK_E_SUCCESS;
err:
- BN_free(new_priv_key);
+ BN_free(*priv_key);
return UADK_E_FAIL;
}
@@ -526,13 +523,19 @@ static int check_dh_bit_useful(const __u16 bits)
return UADK_E_FAIL;
}
-static int dh_prepare_data(const __u16 bits, const BIGNUM *g, DH *dh,
+static int dh_prepare_data(const BIGNUM *g, DH *dh,
struct uadk_dh_sess **dh_sess,
BIGNUM **priv_key)
{
bool is_g2 = BN_is_word(g, DH_GENERATOR_2);
+ __u16 bits;
int ret;
+ /*
+ * The max module bits of DH is
+ * OPENSSL_DH_MAX_MODULUS_BITS, 10000 bits.
+ */
+ bits = (__u16)DH_bits(dh);
ret = check_dh_bit_useful(bits);
if (!ret) {
fprintf(stderr, "op size is not supported by uadk engine\n");
@@ -545,8 +548,8 @@ static int dh_prepare_data(const __u16 bits, const BIGNUM *g, DH *dh,
return UADK_E_FAIL;
}
- ret = dh_try_get_priv_key(dh, priv_key);
- if (!ret || !(*priv_key)) {
+ ret = dh_try_get_priv_key(*dh_sess, dh, priv_key);
+ if (!ret) {
dh_free_eng_session(*dh_sess);
return UADK_E_FAIL;
}
@@ -764,7 +767,6 @@ static int uadk_e_dh_generate_key(DH *dh)
const BIGNUM *p = NULL;
const BIGNUM *g = NULL;
const BIGNUM *q = NULL;
- __u16 bits;
int ret;
if (!dh)
@@ -778,14 +780,8 @@ static int uadk_e_dh_generate_key(DH *dh)
if (!p || !g || q)
goto exe_soft;
- /*
- * The max module bits of DH is
- * OPENSSL_DH_MAX_MODULUS_BITS, 10000 bits.
- */
- bits = (__u16)DH_bits(dh);
-
/* Get session and prepare private key */
- ret = dh_prepare_data(bits, g, dh, &dh_sess, &priv_key);
+ ret = dh_prepare_data(g, dh, &dh_sess, &priv_key);
if (!ret) {
fprintf(stderr, "prepare dh data failed\n");
goto exe_soft;
@@ -794,30 +790,30 @@ static int uadk_e_dh_generate_key(DH *dh)
ret = dh_fill_genkey_req(g, p, priv_key, dh_sess);
if (!ret) {
fprintf(stderr, "failed to fill req\n");
- ret = UADK_DO_SOFT;
- goto free_sess;
+ goto free_data;
}
ret = dh_do_crypto(dh_sess);
if (!ret) {
fprintf(stderr, "failed to generate DH key\n");
- ret = UADK_DO_SOFT;
- goto free_sess;
+ goto free_data;
}
ret = dh_get_pubkey(dh_sess, &pub_key);
if (!ret) {
fprintf(stderr, "failed to get public key\n");
- ret = UADK_DO_SOFT;
- goto free_sess;
+ goto free_data;
}
ret = dh_soft_set_pkey(dh, pub_key, priv_key);
+ dh_free_eng_session(dh_sess);
-free_sess:
+ return ret;
+
+free_data:
+ if (dh_sess->key_flag == KEY_GEN_BY_ENGINE)
+ BN_free(priv_key);
dh_free_eng_session(dh_sess);
- if (ret != UADK_DO_SOFT)
- return ret;
exe_soft:
fprintf(stderr, "switch to execute openssl software calculation.\n");
return uadk_e_dh_soft_generate_key(dh);
@@ -827,7 +823,6 @@ static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
DH *dh)
{
struct uadk_dh_sess *dh_sess = NULL;
- __u16 bits = (__u16)DH_bits(dh);
BIGNUM *priv_key = NULL;
const BIGNUM *p = NULL;
const BIGNUM *g = NULL;
@@ -845,7 +840,7 @@ static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
if (!p || !g)
goto exe_soft;
- ret = dh_prepare_data(bits, g, dh, &dh_sess, &priv_key);
+ ret = dh_prepare_data(g, dh, &dh_sess, &priv_key);
if (!ret) {
fprintf(stderr, "failed to prepare dh data\n");
goto exe_soft;
@@ -854,24 +849,25 @@ static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
ret = dh_fill_compkey_req(g, p, priv_key, pub_key, dh_sess);
if (!ret) {
fprintf(stderr, "failed to fill req\n");
- ret = UADK_DO_SOFT;
- goto free_sess;
+ goto free_data;
}
ret = dh_do_crypto(dh_sess);
if (!ret) {
fprintf(stderr, "failed to generate DH shared key\n");
- ret = UADK_DO_SOFT;
- goto free_sess;
+ goto free_data;
}
memcpy(key, dh_sess->req.pri, dh_sess->req.pri_bytes);
ret = dh_sess->req.pri_bytes;
+ dh_free_eng_session(dh_sess);
-free_sess:
+ return ret;
+
+free_data:
+ if (dh_sess->key_flag == KEY_GEN_BY_ENGINE)
+ BN_free(priv_key);
dh_free_eng_session(dh_sess);
- if (ret != UADK_DO_SOFT)
- return ret;
exe_soft:
fprintf(stderr, "switch to execute openssl software calculation.\n");
return uadk_e_dh_soft_compute_key(key, pub_key, dh);
--
2.25.1

27
0020-rsa-fixup-a-code-check-warning.patch
View File

@ -1,27 +0,0 @@
From d45c783eb7a7e1e38d5520239c218e7c927b1c00 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Fri, 21 Jan 2022 17:01:15 +0800
Subject: [PATCH 20/22] rsa: fixup a code check warning
Do not add blank lines on the start of a code block defined by braces.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_rsa.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 2526af9..8cad2f7 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1781,7 +1781,6 @@ exe_soft:
static RSA_METHOD *uadk_e_get_rsa_sw_methods(void)
{
-
/* meth: default rsa software method */
const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
--
2.24.4

32
0021-cipher-delete-a-redundant-branch.patch
View File

@ -1,32 +0,0 @@
From 7a757c76d11b80282abc22e614f7126909027ecc Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 25 Jan 2022 14:21:48 +0800
Subject: [PATCH 21/22] cipher: delete a redundant branch
Find a redundant branch by DT-FUZZ, these codes have the same
logic as the following default code.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 3d376bf..6e09a8c 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -373,11 +373,6 @@ static int uadk_e_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
break;
}
- if (i == size) {
- *cipher = NULL;
- return 0;
- }
-
switch (nid) {
case NID_aes_128_cbc:
*cipher = uadk_aes_128_cbc;
--
2.24.4

125
0021-ecc-Add-pkey-method-null-pointer-judgment.patch Normal file
View File

@ -0,0 +1,125 @@
From 5eaaad42f162a6cc998c9de232a83ed3f609ddae Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 17 Jun 2023 20:42:06 +0800
Subject: [PATCH 21/48] ecc: Add pkey method null pointer judgment
Add pkey method null pointer judgement for function
get_openssl_pkey_meth(), avoid accessing null pointer
in abnormal cases.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 5 +++++
src/uadk_ecx.c | 8 ++++++++
src/uadk_sm2.c | 25 +++++++++++++++++++++++++
3 files changed, 38 insertions(+)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index d7ad815..781e7f1 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -1418,6 +1418,11 @@ int uadk_ec_create_pmeth(struct uadk_pkey_meth *pkey_meth)
}
openssl_meth = get_openssl_pkey_meth(EVP_PKEY_EC);
+ if (!openssl_meth) {
+ fprintf(stderr, "failed to get ec pkey methods\n");
+ return 0;
+ }
+
EVP_PKEY_meth_copy(meth, openssl_meth);
pkey_meth->ec = meth;
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index e45fa5e..aebd808 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -811,6 +811,10 @@ int uadk_x25519_create_pmeth(struct uadk_pkey_meth *pkey_meth)
}
openssl_meth = get_openssl_pkey_meth(EVP_PKEY_X25519);
+ if (!openssl_meth) {
+ fprintf(stderr, "failed to get x25519 pkey methods\n");
+ return UADK_E_FAIL;
+ }
EVP_PKEY_meth_copy(meth, openssl_meth);
@@ -852,6 +856,10 @@ int uadk_x448_create_pmeth(struct uadk_pkey_meth *pkey_meth)
}
openssl_meth = get_openssl_pkey_meth(EVP_PKEY_X448);
+ if (!openssl_meth) {
+ fprintf(stderr, "failed to get x448 pkey methods\n");
+ return UADK_E_FAIL;
+ }
EVP_PKEY_meth_copy(meth, openssl_meth);
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 63d4fdf..1f678ed 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -279,6 +279,11 @@ static int openssl_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
PFUNC_SIGN sign_pfunc = NULL;
openssl_meth = get_openssl_pkey_meth(EVP_PKEY_SM2);
+ if (!openssl_meth) {
+ fprintf(stderr, "failed to get sm2 pkey methods\n");
+ return -1;
+ }
+
EVP_PKEY_meth_get_sign(openssl_meth, NULL, &sign_pfunc);
if (!sign_pfunc) {
fprintf(stderr, "sign_pfunc is NULL\n");
@@ -296,6 +301,11 @@ static int openssl_verify(EVP_PKEY_CTX *ctx,
PFUNC_VERIFY verify_pfunc = NULL;
openssl_meth = get_openssl_pkey_meth(EVP_PKEY_SM2);
+ if (!openssl_meth) {
+ fprintf(stderr, "failed to get sm2 pkey methods\n");
+ return -1;
+ }
+
EVP_PKEY_meth_get_verify(openssl_meth, NULL, &verify_pfunc);
if (!verify_pfunc) {
fprintf(stderr, "verify_pfunc is NULL\n");
@@ -313,6 +323,11 @@ static int openssl_encrypt(EVP_PKEY_CTX *ctx,
PFUNC_DEC enc_pfunc = NULL;
openssl_meth = get_openssl_pkey_meth(EVP_PKEY_SM2);
+ if (!openssl_meth) {
+ fprintf(stderr, "failed to get sm2 pkey methods\n");
+ return -1;
+ }
+
EVP_PKEY_meth_get_encrypt(openssl_meth, NULL, &enc_pfunc);
if (!enc_pfunc) {
fprintf(stderr, "enc_pfunc is NULL\n");
@@ -330,6 +345,11 @@ static int openssl_decrypt(EVP_PKEY_CTX *ctx,
PFUNC_ENC dec_pfunc = NULL;
openssl_meth = get_openssl_pkey_meth(EVP_PKEY_SM2);
+ if (!openssl_meth) {
+ fprintf(stderr, "failed to get sm2 pkey methods\n");
+ return -1;
+ }
+
EVP_PKEY_meth_get_decrypt(openssl_meth, NULL, &dec_pfunc);
if (!dec_pfunc) {
fprintf(stderr, "dec_pfunc is NULL\n");
@@ -1614,6 +1634,11 @@ int uadk_sm2_create_pmeth(struct uadk_pkey_meth *pkey_meth)
}
openssl_meth = get_openssl_pkey_meth(EVP_PKEY_SM2);
+ if (!openssl_meth) {
+ fprintf(stderr, "failed to get sm2 pkey methods\n");
+ return -1;
+ }
+
EVP_PKEY_meth_copy(meth, openssl_meth);
if (!uadk_e_ecc_get_support_state(SM2_SUPPORT)) {
--
2.25.1

65
0022-engine-fix-engine-can-t-work-under-hybrid-mode.patch
View File

@ -1,65 +0,0 @@
From 02dbe7743190f334609a86b61bc46ea6e91e82b4 Mon Sep 17 00:00:00 2001
From: Wenkai Lin <linwenkai6@hisilicon.com>
Date: Wed, 16 Feb 2022 16:11:06 +0800
Subject: [PATCH 22/22] engine: fix engine can't work under hybrid mode
If hpre works in no-sva mode, and sec works in sva mode,
it will init hpre device first and return straightly, this
casuse sec not initialized correctly. So uadk engine should
init for both sva and no-sva device.
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
---
src/e_uadk.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 4e87c86..2714d5b 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -319,10 +319,15 @@ static void bind_fn_uadk_alg(ENGINE *e)
free(dev);
}
- if (!uadk_e_bind_ecc(e))
- fprintf(stderr, "uadk bind ecc failed\n");
- else
- uadk_ecc = 1;
+ /* find an ecc device, no difference for sm2/ecdsa/ecdh/x25519/x448 */
+ dev = wd_get_accel_dev("ecdsa");
+ if (dev) {
+ if (!uadk_e_bind_ecc(e))
+ fprintf(stderr, "uadk bind ecc failed\n");
+ else
+ uadk_ecc = 1;
+ free(dev);
+ }
}
/*
@@ -349,17 +354,15 @@ static int bind_fn(ENGINE *e, const char *id)
uadk_dh_nosva) {
async_module_init_v1();
pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler_v1);
- goto set_ctrl_cmd;
}
#endif
- async_module_init();
- pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler);
-
bind_fn_uadk_alg(e);
-#ifdef KAE
-set_ctrl_cmd:
-#endif
+ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) {
+ async_module_init();
+ pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler);
+ }
+
ret = ENGINE_set_ctrl_function(e, uadk_engine_ctrl);
if (ret != 1) {
fprintf(stderr, "failed to set ctrl function\n");
--
2.24.4

31
0022-rsa-release-source-when-new-kg-out-failed.patch Normal file
View File

@ -0,0 +1,31 @@
From b9aac679244764bf876b5fcfbdae088bfd01234a Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 17 Jun 2023 20:44:04 +0800
Subject: [PATCH 22/48] rsa: release source when new kg out failed
Release req.src when wd_rsa_new_kg_out() failed.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 23deb3c..8669455 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1188,8 +1188,10 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess,
return UADK_E_FAIL;
rsa_sess->req.dst = wd_rsa_new_kg_out(rsa_sess->sess);
- if (!rsa_sess->req.dst)
+ if (!rsa_sess->req.dst) {
+ wd_rsa_del_kg_in(rsa_sess->sess, rsa_sess->req.src);
return UADK_E_FAIL;
+ }
return UADK_E_SUCCESS;
}
--
2.25.1

62
0023-engine-add-the-kae-log-feature.patch
View File

@ -1,62 +0,0 @@
From 351422390bf42e19a802d0e282f7f85342a1f792 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 22 Feb 2022 11:18:46 +0800
Subject: [PATCH 23/23] engine: add the kae log feature
The original version of the kae engine supports the log system. So
need to be enabled the kae log feature at uadk_engine.
example:
insmod hisi_sec2.ko uacce_mode=2
export KAE_CONF_ENV=/var/log/
cd /var/log/
touch kae.cnf
write:
[LogSection]
debug_level=error
the debug_level can be set to none/error/iofo/warning/debug,
the result is stored in /var/log/kae.log
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/e_uadk.c | 2 ++
src/v1/uadk_v1.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 2714d5b..79ecef8 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -205,6 +205,7 @@ static int uadk_destroy(ENGINE *e)
hpre_destroy();
if (uadk_dh_nosva)
hpre_dh_destroy();
+ kae_debug_close_log();
#endif
if (uadk_cipher)
@@ -348,6 +349,7 @@ static int bind_fn(ENGINE *e, const char *id)
}
#ifdef KAE
+ kae_debug_init_log();
bind_fn_kae_alg(e);
if (uadk_cipher_nosva || uadk_digest_nosva || uadk_rsa_nosva ||
diff --git a/src/v1/uadk_v1.h b/src/v1/uadk_v1.h
index d921706..9ca0a94 100644
--- a/src/v1/uadk_v1.h
+++ b/src/v1/uadk_v1.h
@@ -16,6 +16,7 @@
#define UADK_V1_H
#include "async/async_poll.h"
#include "utils/engine_fork.h"
+#include "utils/engine_log.h"
extern void sec_ciphers_free_ciphers(void);
extern int cipher_module_init(void);
--
2.24.4

39
0023-rsa-bugfix-repeated-source-release.patch Normal file
View File

@ -0,0 +1,39 @@
From 045807cc13f60a14f0a6ee8de69d54e600491740 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 17 Jun 2023 20:46:46 +0800
Subject: [PATCH 23/48] rsa: bugfix repeated source release
Set 'g_rsa_res.ctx_res' to NULL when init failed.
This can avoid repeated source release in uninit
in abnormal cases.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 8669455..bc51e7d 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -818,6 +818,7 @@ static int uadk_e_rsa_init(void)
return UADK_E_INIT_SUCCESS;
err_unlock:
+ g_rsa_res.ctx_res = NULL;
pthread_spin_unlock(&g_rsa_res.lock);
free(dev);
(void)fprintf(stderr, "failed to init rsa(%d)\n", ret);
@@ -831,6 +832,9 @@ static void uadk_e_rsa_uninit(void)
__u32 i;
int ret;
+ if (!ctx_cfg)
+ return;
+
if (g_rsa_res.pid == getpid()) {
ret = uadk_e_is_env_enabled("rsa");
if (ret == ENV_ENABLED) {
--
2.25.1

32
0024-rsa-fix-interface-name.patch
View File

@ -1,32 +0,0 @@
From 63c9bc75f229057657ff8b09c556bf416a493607 Mon Sep 17 00:00:00 2001
From: Junchong Pan <panjunchong@hisilicon.com>
Date: Wed, 2 Mar 2022 08:30:50 +0000
Subject: [PATCH 24/31] rsa: fix interface name
The name of the function wd_rsa_key_bits()
has been changed to wd_rsa_get_key_bits()
in uadk driver, so it needs to be modified
in engine synchronously.
Signed-off-by: Junchong Pan <panjunchong@hisilicon.com>
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 8cad2f7..90cc535 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -986,7 +986,7 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
struct wd_dtb wd_dq;
struct wd_dtb wd_dp;
- key_bits = wd_rsa_key_bits(ctx);
+ key_bits = wd_rsa_get_key_bits(ctx);
key_size = key_bits >> BIT_BYTES_SHIFT;
wd_rsa_get_kg_out_params(out, &wd_d, &wd_n);
wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp);
--
2.24.4

368
0024-sm2-fixup-unreleased-source-in-data-conversion.patch Normal file
View File

@ -0,0 +1,368 @@
From 4c3a412586a5718b84fe582c84f13135cf080283 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 17 Jun 2023 20:49:05 +0800
Subject: [PATCH 24/48] sm2: fixup unreleased source in data conversion
Release the memory that allocated for data conversion
between ber format and bin format in abnormal branch.
Otherwise, resource leakage will happen in abnormal
cases. And cleanup some code related to this issue,
make the related code logic clearer.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_sm2.c | 155 ++++++++++++++++++++++++++-----------------------
1 file changed, 81 insertions(+), 74 deletions(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 1f678ed..ba90f68 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -478,7 +478,7 @@ free_sig:
return ret;
}
-static int cipher_bin_to_ber(const EVP_MD *md, struct wd_ecc_point *c1,
+static int cipher_bin_to_ber(struct wd_ecc_point *c1,
struct wd_dtb *c2, struct wd_dtb *c3,
unsigned char *ber, size_t *ber_len)
{
@@ -507,29 +507,33 @@ static int cipher_bin_to_ber(const EVP_MD *md, struct wd_ecc_point *c1,
goto free_y1;
}
+ ret = ASN1_OCTET_STRING_set(ctext_struct.C3, (void *)c3->data, c3->dsize);
+ if (!ret)
+ goto free_c3;
+
ctext_struct.C2 = ASN1_OCTET_STRING_new();
if (!ctext_struct.C2) {
ret = -ENOMEM;
- goto free_y1;
+ goto free_c3;
}
- if (!ASN1_OCTET_STRING_set(ctext_struct.C3, (void *)c3->data, c3->dsize)
- || !ASN1_OCTET_STRING_set(ctext_struct.C2,
- (void *)c2->data, c2->dsize)) {
- fprintf(stderr, "failed to ASN1_OCTET_STRING_set\n");
- ret = -EINVAL;
- goto free_y1;
- }
+ ret = ASN1_OCTET_STRING_set(ctext_struct.C2, (void *)c2->data, c2->dsize);
+ if (!ret)
+ goto free_c2;
- ciphertext_leni = i2d_SM2_Ciphertext(&ctext_struct,
- (unsigned char **)&ber);
+ ciphertext_leni = i2d_SM2_Ciphertext(&ctext_struct, &ber);
/* Ensure cast to size_t is safe */
if (ciphertext_leni < 0) {
ret = -EINVAL;
- goto free_y1;
+ goto free_c2;
}
*ber_len = (size_t)ciphertext_leni;
ret = 0;
+
+free_c2:
+ ASN1_OCTET_STRING_free(ctext_struct.C2);
+free_c3:
+ ASN1_OCTET_STRING_free(ctext_struct.C3);
free_y1:
BN_free(y1);
free_x1:
@@ -538,29 +542,18 @@ free_x1:
return ret;
}
-static int cipher_ber_to_bin(unsigned char *ber, size_t ber_len,
- struct wd_ecc_point *c1,
- struct wd_dtb *c2,
- struct wd_dtb *c3)
+static int cipher_ber_to_bin(const EVP_MD *md, struct sm2_ciphertext *ctext_struct,
+ struct wd_ecc_point *c1, struct wd_dtb *c2, struct wd_dtb *c3)
{
- struct sm2_ciphertext *ctext_struct;
- int ret, len, len1;
-
- ctext_struct = d2i_SM2_Ciphertext(NULL, (const unsigned char **)&ber,
- ber_len);
- if (!ctext_struct) {
- fprintf(stderr, "failed to d2i_SM2_Ciphertext\n");
- return -ENOMEM;
- }
+ int len, len1, md_size;
len = BN_num_bytes(ctext_struct->C1x);
len1 = BN_num_bytes(ctext_struct->C1y);
c1->x.data = malloc(len + len1 + ctext_struct->C2->length +
ctext_struct->C3->length);
- if (!c1->x.data) {
- ret = -ENOMEM;
- goto free_ctext;
- }
+ if (!c1->x.data)
+ return -ENOMEM;
+
c1->y.data = c1->x.data + len;
c3->data = c1->y.data + len1;
c2->data = c3->data + ctext_struct->C3->length;
@@ -568,13 +561,17 @@ static int cipher_ber_to_bin(unsigned char *ber, size_t ber_len,
memcpy(c3->data, ctext_struct->C3->data, ctext_struct->C3->length);
c2->dsize = ctext_struct->C2->length;
c3->dsize = ctext_struct->C3->length;
+ md_size = EVP_MD_size(md);
+ if (c3->dsize != md_size) {
+ fprintf(stderr, "invalid: c3 dsize(%u) != hash_size(%d)\n", c3->dsize, md_size);
+ free(c1->x.data);
+ return -EINVAL;
+ }
+
c1->x.dsize = BN_bn2bin(ctext_struct->C1x, (void *)c1->x.data);
c1->y.dsize = BN_bn2bin(ctext_struct->C1y, (void *)c1->y.data);
return 0;
-free_ctext:
- SM2_Ciphertext_free(ctext_struct);
- return ret;
}
static size_t ec_field_size(const EC_GROUP *group)
@@ -681,21 +678,27 @@ static int sm2_sign_check(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
return UADK_DO_SOFT;
}
+ if (smctx->init_status != CTX_INIT_SUCC) {
+ fprintf(stderr, "sm2 ctx init failed\n");
+ return UADK_DO_SOFT;
+ }
+
if (sig_sz <= 0) {
fprintf(stderr, "sig_sz error\n");
return -EINVAL;
}
- if (sig == NULL) {
- *siglen = (size_t)sig_sz;
- return 1;
- }
-
if (*siglen < (size_t)sig_sz) {
fprintf(stderr, "siglen(%lu) < sig_sz(%lu)\n", *siglen, (size_t)sig_sz);
return -EINVAL;
}
+ if (!sig) {
+ fprintf(stderr, "invalid: sig is NULL\n");
+ *siglen = (size_t)sig_sz;
+ return -EINVAL;
+ }
+
if (tbslen > SM2_KEY_BYTES)
return UADK_DO_SOFT;
@@ -709,21 +712,15 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
const unsigned char *tbs, size_t tbslen)
{
struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx);
+ struct wd_ecc_req req = {0};
struct wd_dtb *r = NULL;
struct wd_dtb *s = NULL;
- struct wd_ecc_req req;
int ret;
ret = sm2_sign_check(ctx, sig, siglen, tbs, tbslen);
if (ret)
goto do_soft;
- if (smctx->init_status != CTX_INIT_SUCC) {
- ret = UADK_DO_SOFT;
- goto do_soft;
- }
-
- memset(&req, 0, sizeof(req));
ret = sm2_sign_init_iot(smctx->sess, &req, (void *)tbs, tbslen);
if (ret)
goto do_soft;
@@ -798,6 +795,11 @@ static int sm2_verify_check(EVP_PKEY_CTX *ctx,
return UADK_DO_SOFT;
}
+ if (smctx->init_status != CTX_INIT_SUCC) {
+ fprintf(stderr, "sm2 ctx init failed\n");
+ return UADK_DO_SOFT;
+ }
+
if (tbslen > SM2_KEY_BYTES)
return UADK_DO_SOFT;
@@ -816,21 +818,16 @@ static int sm2_verify(EVP_PKEY_CTX *ctx,
unsigned char buf_s[UADK_ECC_MAX_KEY_BYTES] = {0};
EVP_PKEY *p_key = EVP_PKEY_CTX_get0_pkey(ctx);
EC_KEY *ec = EVP_PKEY_get0(p_key);
+ struct wd_ecc_req req = {0};
struct wd_dtb e = {0};
struct wd_dtb r = {0};
struct wd_dtb s = {0};
- struct wd_ecc_req req;
int ret;
ret = sm2_verify_check(ctx, sig, siglen, tbs, tbslen);
if (ret)
goto do_soft;
- if (smctx->init_status != CTX_INIT_SUCC) {
- ret = UADK_DO_SOFT;
- goto do_soft;
- }
-
r.data = (void *)buf_r;
s.data = (void *)buf_s;
r.bsize = UADK_ECC_MAX_KEY_BYTES;
@@ -841,7 +838,6 @@ static int sm2_verify(EVP_PKEY_CTX *ctx,
e.data = (void *)tbs;
e.dsize = tbslen;
- memset(&req, 0, sizeof(req));
ret = sm2_verify_init_iot(smctx->sess, &req, &e, &r, &s);
if (ret)
goto do_soft;
@@ -910,6 +906,11 @@ static int sm2_encrypt_check(EVP_PKEY_CTX *ctx,
return UADK_DO_SOFT;
}
+ if (smctx->init_status != CTX_INIT_SUCC) {
+ fprintf(stderr, "sm2 ctx init failed\n");
+ return UADK_DO_SOFT;
+ }
+
md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
c3_size = EVP_MD_size(md);
if (c3_size <= 0) {
@@ -941,22 +942,16 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx,
{
struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx);
struct wd_ecc_point *c1 = NULL;
+ struct wd_ecc_req req = {0};
struct wd_dtb *c2 = NULL;
struct wd_dtb *c3 = NULL;
- struct wd_ecc_req req;
const EVP_MD *md;
- int ret;
+ int md_size, ret;
ret = sm2_encrypt_check(ctx, out, outlen, in, inlen);
if (ret)
goto do_soft;
- if (smctx->init_status != CTX_INIT_SUCC) {
- ret = UADK_DO_SOFT;
- goto do_soft;
- }
-
- memset(&req, 0, sizeof(req));
ret = sm2_encrypt_init_iot(smctx->sess, &req, (void *)in, inlen);
if (ret)
goto do_soft;
@@ -974,18 +969,25 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx,
goto uninit_iot;
}
- md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
wd_sm2_get_enc_out_params(req.dst, &c1, &c2, &c3);
if (!c1 || !c2 || !c3) {
ret = UADK_DO_SOFT;
goto uninit_iot;
}
- ret = cipher_bin_to_ber(md, c1, c2, c3, out, outlen);
+ ret = cipher_bin_to_ber(c1, c2, c3, out, outlen);
if (ret)
goto uninit_iot;
+ md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
+ md_size = EVP_MD_size(md);
+ if (c3->dsize != md_size) {
+ fprintf(stderr, "invalid: c3 dsize(%u) != hash_size(%d)\n", c3->dsize, md_size);
+ goto uninit_iot;
+ }
+
ret = 1;
+
uninit_iot:
wd_ecc_del_in(smctx->sess, req.src);
wd_ecc_del_out(smctx->sess, req.dst);
@@ -1015,6 +1017,11 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx,
return UADK_DO_SOFT;
}
+ if (smctx->init_status != CTX_INIT_SUCC) {
+ fprintf(stderr, "sm2 ctx init failed\n");
+ return UADK_DO_SOFT;
+ }
+
md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
hash_size = EVP_MD_size(md);
if (hash_size <= 0) {
@@ -1092,8 +1099,9 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
const unsigned char *in, size_t inlen)
{
struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx);
+ struct sm2_ciphertext *ctext_struct;
+ struct wd_ecc_req req = {0};
struct wd_ecc_point c1;
- struct wd_ecc_req req;
struct wd_dtb c2, c3;
const EVP_MD *md;
int ret;
@@ -1102,24 +1110,20 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
if (ret)
goto do_soft;
- if (smctx->init_status != CTX_INIT_SUCC) {
- ret = UADK_DO_SOFT;
- goto do_soft;
- }
-
md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
- ret = cipher_ber_to_bin((void *)in, inlen, &c1, &c2, &c3);
- if (ret)
+ ctext_struct = d2i_SM2_Ciphertext(NULL, &in, inlen);
+ if (!ctext_struct) {
+ ret = UADK_DO_SOFT;
goto do_soft;
+ }
- if (c3.dsize != EVP_MD_size(md)) {
- fprintf(stderr, "c3 dsize != hash_size\n");
- ret = -EINVAL;
- goto free_c1;
+ ret = cipher_ber_to_bin(md, ctext_struct, &c1, &c2, &c3);
+ if (ret) {
+ ret = UADK_DO_SOFT;
+ goto free_ctext;
}
- memset(&req, 0, sizeof(req));
ret = sm2_decrypt_init_iot(smctx->sess, &req, &c1, &c2, &c3);
if (ret)
goto free_c1;
@@ -1142,10 +1146,13 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
goto uninit_iot;
ret = 1;
+
uninit_iot:
sm2_decrypt_uninit_iot(smctx->sess, &req);
free_c1:
free(c1.x.data);
+free_ctext:
+ SM2_Ciphertext_free(ctext_struct);
do_soft:
if (ret != UADK_DO_SOFT)
return ret;
--
2.25.1

111
0025-ecc-add-openssl-method-null-pointer-judgement.patch Normal file
View File

@ -0,0 +1,111 @@
From 6ba22cd5ac33d740580dcbe8dae84d41cff26e47 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 17 Jun 2023 20:51:24 +0800
Subject: [PATCH 25/48] ecc: add openssl method null pointer judgement
Add openssl method null pointer judgement of ecc
algs to avoid null pointer access in abnornal cases.
And release the pkey method in error handling branch.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 21 +++++++++++++++++++++
src/uadk_ecx.c | 2 ++
src/uadk_sm2.c | 1 +
3 files changed, 24 insertions(+)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 781e7f1..5852d04 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -405,6 +405,11 @@ static ECDSA_SIG *openssl_do_sign(const unsigned char *dgst, int dlen,
EC_KEY_METHOD *openssl_meth;
openssl_meth = (EC_KEY_METHOD *)EC_KEY_OpenSSL();
+ if (!openssl_meth) {
+ fprintf(stderr, "failed to get OpenSSL method\n");
+ return NULL;
+ }
+
EC_KEY_METHOD_get_sign(openssl_meth, NULL, NULL,
&sign_sig_pfunc);
if (!sign_sig_pfunc) {
@@ -647,6 +652,11 @@ static int openssl_do_verify(const unsigned char *dgst, int dlen,
EC_KEY_METHOD *openssl_meth;
openssl_meth = (EC_KEY_METHOD *)EC_KEY_OpenSSL();
+ if (!openssl_meth) {
+ fprintf(stderr, "failed to get OpenSSL method\n");
+ return -1;
+ }
+
EC_KEY_METHOD_get_verify(openssl_meth, NULL,
&verify_sig_pfunc);
if (!verify_sig_pfunc) {
@@ -814,6 +824,11 @@ static int openssl_do_generate(EC_KEY *eckey)
EC_KEY_METHOD *openssl_meth;
openssl_meth = (EC_KEY_METHOD *)EC_KEY_OpenSSL();
+ if (!openssl_meth) {
+ fprintf(stderr, "failed to get OpenSSL method\n");
+ return -1;
+ }
+
EC_KEY_METHOD_get_keygen(openssl_meth, &gen_key_pfunc);
if (!gen_key_pfunc) {
fprintf(stderr, "gen_key_pfunc is NULL\n");
@@ -1255,6 +1270,11 @@ static int openssl_do_compute(unsigned char **pout,
EC_KEY_METHOD *openssl_meth;
openssl_meth = (EC_KEY_METHOD *)EC_KEY_OpenSSL();
+ if (!openssl_meth) {
+ fprintf(stderr, "failed to get OpenSSL method\n");
+ return -1;
+ }
+
EC_KEY_METHOD_get_compute_key(openssl_meth, &comp_key_pfunc);
if (!comp_key_pfunc) {
fprintf(stderr, "comp_key_pfunc is NULL\n");
@@ -1420,6 +1440,7 @@ int uadk_ec_create_pmeth(struct uadk_pkey_meth *pkey_meth)
openssl_meth = get_openssl_pkey_meth(EVP_PKEY_EC);
if (!openssl_meth) {
fprintf(stderr, "failed to get ec pkey methods\n");
+ EVP_PKEY_meth_free(meth);
return 0;
}
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index aebd808..3eafdfb 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -813,6 +813,7 @@ int uadk_x25519_create_pmeth(struct uadk_pkey_meth *pkey_meth)
openssl_meth = get_openssl_pkey_meth(EVP_PKEY_X25519);
if (!openssl_meth) {
fprintf(stderr, "failed to get x25519 pkey methods\n");
+ EVP_PKEY_meth_free(meth);
return UADK_E_FAIL;
}
@@ -858,6 +859,7 @@ int uadk_x448_create_pmeth(struct uadk_pkey_meth *pkey_meth)
openssl_meth = get_openssl_pkey_meth(EVP_PKEY_X448);
if (!openssl_meth) {
fprintf(stderr, "failed to get x448 pkey methods\n");
+ EVP_PKEY_meth_free(meth);
return UADK_E_FAIL;
}
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index ba90f68..f393641 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -1643,6 +1643,7 @@ int uadk_sm2_create_pmeth(struct uadk_pkey_meth *pkey_meth)
openssl_meth = get_openssl_pkey_meth(EVP_PKEY_SM2);
if (!openssl_meth) {
fprintf(stderr, "failed to get sm2 pkey methods\n");
+ EVP_PKEY_meth_free(meth);
return -1;
}
--
2.25.1

28
0025-ecc-cleanup-sm2-unreachable-code.patch
View File

@ -1,28 +0,0 @@
From dcceb7e8f77306dda7dea31798ea8ab952fbe8ea Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Thu, 3 Mar 2022 02:00:46 +0000
Subject: [PATCH 25/31] ecc: cleanup sm2 unreachable code
The variable "b_s" should be judged, rather than "b_r".
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_sm2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index b39c418..8c75611 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -422,7 +422,7 @@ static int sig_ber_to_bin(EC_KEY *ec, unsigned char *sig, size_t sig_len,
}
b_s = (void *)ECDSA_SIG_get0_s((const ECDSA_SIG *)e_sig);
- if (!b_r) {
+ if (!b_s) {
fprintf(stderr, "failed to get s\n");
ret = -EINVAL;
goto free_der;
--
2.24.4

68
0026-rsa-cleanup-of-code-style.patch
View File

@ -1,68 +0,0 @@
From 4bcecc067ed99f2323f1568779c34b858b5863a1 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Thu, 3 Mar 2022 02:32:44 +0000
Subject: [PATCH 26/31] rsa: cleanup of code style
Fix the following problems:
1. Macro replacement list should be enclosed in parentheses.
2. Return value judgment should follow the function call.
3. Remove redundant judgment.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 90cc535..f7755e3 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -49,7 +49,7 @@
#define UADK_DO_SOFT (-0xE0)
#define UADK_E_POLL_SUCCESS 0
#define UADK_E_INIT_SUCCESS 0
-#define CHECK_PADDING_FAIL -1
+#define CHECK_PADDING_FAIL (-1)
#define ENV_ENABLED 1
static RSA_METHOD *rsa_hw_meth;
@@ -312,7 +312,6 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
return UADK_E_SUCCESS;
err = ERR_peek_last_error();
-
if (ERR_GET_LIB(err) == ERR_LIB_BN &&
ERR_GET_REASON(err) == BN_R_NO_INVERSE)
ERR_pop_to_mark();
@@ -500,18 +499,13 @@ static int add_rsa_pubenc_padding(int flen, const unsigned char *from,
fprintf(stderr, "RSA_PKCS1_PADDING err\n");
break;
case RSA_PKCS1_OAEP_PADDING:
- ret = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen,
- NULL, 0);
+ ret = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
if (!ret)
fprintf(stderr, "RSA_PKCS1_OAEP_PADDING err\n");
break;
default:
ret = UADK_E_FAIL;
}
- if (ret <= 0)
- ret = UADK_E_FAIL;
- else
- ret = UADK_E_SUCCESS;
return ret;
}
@@ -530,7 +524,7 @@ static int check_rsa_pridec_padding(unsigned char *to, int num,
break;
case RSA_PKCS1_OAEP_PADDING:
ret = RSA_padding_check_PKCS1_OAEP(to, num, buf, len, num,
- NULL, 0);
+ NULL, 0);
if (!ret)
fprintf(stderr, "RSA_PKCS1_OAEP_PADDING err\n");
break;
--
2.24.4

169
0026-uadk_engine-cleanup-call-form-of-callback-func.patch Normal file
View File

@ -0,0 +1,169 @@
From 27049955574b083e870d8308d38ccca7ac6b37ea Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 17 Jun 2023 20:57:01 +0800
Subject: [PATCH 26/48] uadk_engine: cleanup call form of callback func
Modify the call form of callback function in async
mode, matching the definition in uadk.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_cipher.c | 10 ++++++----
src/uadk_dh.c | 2 +-
src/uadk_digest.c | 12 ++++++++----
src/uadk_pkey.c | 4 ++--
src/uadk_pkey.h | 2 +-
src/uadk_rsa.c | 2 +-
6 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index d4ad33c..c87c7ee 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -717,17 +717,17 @@ static int uadk_e_cipher_cleanup(EVP_CIPHER_CTX *ctx)
return 1;
}
-static void uadk_e_cipher_cb(struct wd_cipher_req *req, void *data)
+static void *uadk_e_cipher_cb(struct wd_cipher_req *req, void *data)
{
struct uadk_e_cb_info *cb_param;
struct async_op *op;
if (!req)
- return;
+ return NULL;
cb_param = req->cb_param;
if (!cb_param)
- return;
+ return NULL;
op = cb_param->op;
if (op && op->job && !op->done) {
@@ -735,6 +735,8 @@ static void uadk_e_cipher_cb(struct wd_cipher_req *req, void *data)
async_free_poll_task(op->idx, 1);
async_wake_job(op->job);
}
+
+ return NULL;
}
/* Increment counter (128-bit int) by c */
@@ -822,7 +824,7 @@ static int do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *op)
cb_param.op = op;
cb_param.priv = priv;
- priv->req.cb = (void *)uadk_e_cipher_cb;
+ priv->req.cb = uadk_e_cipher_cb;
priv->req.cb_param = &cb_param;
ret = async_get_free_task(&idx);
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index fc91609..acb5b8a 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -711,7 +711,7 @@ static int dh_do_crypto(struct uadk_dh_sess *dh_sess)
} else {
cb_param.op = &op;
cb_param.priv = &dh_sess->req;
- dh_sess->req.cb = (void *)uadk_e_dh_cb;
+ dh_sess->req.cb = uadk_e_dh_cb;
dh_sess->req.cb_param = &cb_param;
dh_sess->req.status = -1;
ret = async_get_free_task(&idx);
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 590a888..b75c408 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -674,23 +674,27 @@ soft_update:
return digest_soft_update(priv, data, data_len);
}
-static void async_cb(struct wd_digest_req *req, void *data)
+static void *uadk_e_digest_cb(void *data)
{
+ struct wd_digest_req *req = (struct wd_digest_req *)data;
struct uadk_e_cb_info *cb_param;
struct async_op *op;
if (!req)
- return;
+ return NULL;
cb_param = req->cb_param;
if (!cb_param)
- return;
+ return NULL;
+
op = cb_param->op;
if (op && op->job && !op->done) {
op->done = 1;
async_free_poll_task(op->idx, 1);
async_wake_job(op->job);
}
+
+ return NULL;
}
static int do_digest_sync(struct digest_priv_ctx *priv)
@@ -721,7 +725,7 @@ static int do_digest_async(struct digest_priv_ctx *priv, struct async_op *op)
cb_param.op = op;
cb_param.priv = priv;
- priv->req.cb = (void *)async_cb;
+ priv->req.cb = uadk_e_digest_cb;
priv->req.cb_param = &cb_param;
ret = async_get_free_task(&idx);
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 35a2696..60e3238 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -76,7 +76,7 @@ static int ecc_poll_policy(handle_t h_sched_ctx, __u32 expect, __u32 *count)
return 0;
}
-void uadk_ecc_cb(void *req_t)
+void uadk_e_ecc_cb(void *req_t)
{
struct wd_ecc_req *req_new = (struct wd_ecc_req *)req_t;
struct uadk_e_cb_info *cb_param;
@@ -296,7 +296,7 @@ int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr)
cb_param.op = &op;
cb_param.priv = req;
req->cb_param = &cb_param;
- req->cb = (void *)uadk_ecc_cb;
+ req->cb = uadk_e_ecc_cb;
req->status = -1;
ret = async_get_free_task(&idx);
if (!ret)
diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h
index b80e425..3168474 100644
--- a/src/uadk_pkey.h
+++ b/src/uadk_pkey.h
@@ -58,7 +58,7 @@ struct uadk_pkey_meth {
bool uadk_is_all_zero(const unsigned char *data, size_t dlen);
bool uadk_support_algorithm(const char *alg);
int uadk_ecc_get_rand(char *out, size_t out_len, void *usr);
-void uadk_ecc_cb(void *req_t);
+void uadk_e_ecc_cb(void *req_t);
void uadk_ecc_fill_req(struct wd_ecc_req *req,
unsigned int op, void *in, void *out);
int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey);
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index bc51e7d..d0780a7 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1101,7 +1101,7 @@ static int rsa_do_crypto(struct uadk_rsa_sess *rsa_sess)
}
cb_param.op = &op;
cb_param.priv = &(rsa_sess->req);
- rsa_sess->req.cb = (void *)uadk_e_rsa_cb;
+ rsa_sess->req.cb = uadk_e_rsa_cb;
rsa_sess->req.cb_param = &cb_param;
rsa_sess->req.status = -1;
--
2.25.1

36
0027-uadk_engine-cleanup-empty-body-warning-in-v1.patch Normal file
View File

@ -0,0 +1,36 @@
From 98352587af77f492bf54bdbc1282b324c2c1e984 Mon Sep 17 00:00:00 2001
From: Hao Fang <fanghao11@huawei.com>
Date: Sat, 17 Jun 2023 20:59:00 +0800
Subject: [PATCH 27/48] uadk_engine: cleanup empty-body warning in v1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fix the warning:
[-Wempty-body] suggest braces around empty body
in an if statement.
Just simplify the code.
Signed-off-by: Hao Fang <fanghao11@huawei.com>
---
src/v1/utils/engine_log.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/v1/utils/engine_log.c b/src/v1/utils/engine_log.c
index ef009e5..330defb 100644
--- a/src/v1/utils/engine_log.c
+++ b/src/v1/utils/engine_log.c
@@ -158,8 +158,7 @@ void ENGINE_LOG_LIMIT(int level, int times, int limit, const char *fmt, ...)
fprintf(g_kae_debug_log_file, "\n");
if (ftell(g_kae_debug_log_file) > KAE_LOG_MAX_SIZE) {
kae_save_log(g_kae_debug_log_file);
- if (ftruncate(g_kae_debug_log_file->_fileno, 0))
- ;
+ ftruncate(g_kae_debug_log_file->_fileno, 0);
fseek(g_kae_debug_log_file, 0, SEEK_SET);
}
pthread_mutex_unlock(&g_debug_file_mutex);
--
2.25.1

62
0027-v1-fixup-about-uninitialized-variable.patch
View File

@ -1,62 +0,0 @@
From fe44bced638c7d3d3084f4e788478b2faa35ffa4 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Thu, 3 Mar 2022 02:53:01 +0000
Subject: [PATCH 27/31] v1: fixup about uninitialized variable
Fix the compile warning of uninitialized variable.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/v1/alg/pkey/hpre_rsa.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/v1/alg/pkey/hpre_rsa.c b/src/v1/alg/pkey/hpre_rsa.c
index 93ba99a..6c1d96d 100644
--- a/src/v1/alg/pkey/hpre_rsa.c
+++ b/src/v1/alg/pkey/hpre_rsa.c
@@ -316,7 +316,9 @@ static int hpre_rsa_public_encrypt(int flen, const unsigned char *from,
BIGNUM *ret_bn = NULL;
hpre_engine_ctx_t *eng_ctx = NULL;
unsigned char *in_buf = NULL;
- int key_bits, num_bytes;
+ BN_CTX *bn_ctx = NULL;
+ int num_bytes = 0;
+ int key_bits;
int ret;
if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC)
@@ -340,7 +342,7 @@ static int hpre_rsa_public_encrypt(int flen, const unsigned char *from,
GOTOEND_IF(ret != HPRE_CRYPTO_SUCC, "check public key fail",
KAE_F_HPRE_RSA_PUBENC, KAE_R_PUBLIC_KEY_INVALID);
- BN_CTX *bn_ctx = BN_CTX_new();
+ bn_ctx = BN_CTX_new();
GOTOEND_IF(bn_ctx == NULL, "bn_ctx MALLOC FAILED!",
KAE_F_HPRE_RSA_PUBENC, KAE_R_MALLOC_FAILURE);
@@ -403,7 +405,9 @@ static int hpre_rsa_private_encrypt(int flen, const unsigned char *from,
const BIGNUM *dmq1 = (const BIGNUM *)NULL;
const BIGNUM *iqmp = (const BIGNUM *)NULL;
unsigned char *in_buf = (unsigned char *)NULL;
+ int num_bytes = 0;
int key_bits;
+ int version;
if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC)
return HPRE_CRYPTO_FAIL;
@@ -431,10 +435,10 @@ static int hpre_rsa_private_encrypt(int flen, const unsigned char *from,
bn_ret = BN_CTX_get(bn_ctx);
RSA_get0_factors(rsa, &p, &q);
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
- int version = RSA_get_version(rsa);
+ version = RSA_get_version(rsa);
RSA_get0_key(rsa, &n, &e, &d);
- int num_bytes = BN_num_bytes(n);
+ num_bytes = BN_num_bytes(n);
in_buf = (unsigned char *)OPENSSL_malloc(num_bytes);
GOTOEND_IF(bn_ret == NULL || in_buf == NULL, "OpenSSL malloc failure",
--
2.24.4

42
0028-ecc-fix-checking-conditions.patch
View File

@ -1,42 +0,0 @@
From 8ce0ba841358d85eb89bf726d229dfaf4cd13156 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Thu, 3 Mar 2022 02:59:13 +0000
Subject: [PATCH 28/31] ecc: fix checking conditions
When initializing, the process is guaranteed
not to be initialized repeatedly. And when
uninitializing, the resource is released according
to whether the pid is equal or not.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_pkey.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 14e0b8f..ceb7a8f 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -184,9 +184,6 @@ static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
struct wd_ctx_config *ctx_cfg;
int ret, i;
- if (ecc_res.ctx_res)
- return 0;
-
ctx_cfg = calloc(1, sizeof(struct wd_ctx_config));
if (!ctx_cfg)
return -ENOMEM;
@@ -256,7 +253,7 @@ static void uadk_wd_ecc_uninit(void)
struct wd_ctx_config *ctx_cfg = ecc_res.ctx_res;
int i, ret;
- if (!ctx_cfg)
+ if (ecc_res.pid != getpid())
return;
ret = uadk_e_is_env_enabled("ecc");
--
2.24.4

43
0028-sanity_test.sh-check-version-for-openssl-version-3.0.patch Normal file
View File

@ -0,0 +1,43 @@
From 98d2ed1649935a3b6f5325b3c07e2819b88c498a Mon Sep 17 00:00:00 2001
From: Guodong Xu <guodong.xu@linaro.org>
Date: Thu, 27 Jul 2023 09:56:29 +0800
Subject: [PATCH 28/48] sanity_test.sh: check version for openssl version 3.0
and later
Such as openssl 3.0 and 3.2
Previously openssl 3.2 doesn't work.
Signed-off-by: Guodong Xu <guodong.xu@linaro.org>
---
test/sanity_test.sh | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/test/sanity_test.sh b/test/sanity_test.sh
index d46c570..0fe4472 100755
--- a/test/sanity_test.sh
+++ b/test/sanity_test.sh
@@ -5,14 +5,18 @@ sudo chmod 666 /dev/hisi_*
version=$(openssl version)
echo $version
-if [[ $version =~ "3.0" ]]; then
- echo "openssl 3.0"
+
+# Extract the major version number (e.g., "3") from the version string
+major_version=$(echo $version | awk -F'[ .]' '{print $2}')
+echo "OpenSSL major version is "$major_version
+
+# Check if the major version is equal to or greater than 3
+if ((major_version >= 3)); then
if [ ! -n "$1" ]; then
engine_id=uadk_provider
else
engine_id=$1
fi
-
digest_algs=$(openssl list -provider $engine_id -digest-algorithms)
cipher_algs=$(openssl list -provider $engine_id -digest-algorithms)
fi
--
2.25.1

29
0029-README-fix-openEuler-build-libdir.patch Normal file
View File

@ -0,0 +1,29 @@
From f1c812781059e3d11378f1663057d854f6cce5ca Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Thu, 27 Jul 2023 06:48:37 +0000
Subject: [PATCH 29/48] README: fix openEuler build libdir
openEuler also use --libdir=/usr/local/lib/ossl-modules/
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
README.md | 3 ---
1 file changed, 3 deletions(-)
diff --git a/README.md b/README.md
index 86676db..ae586e2 100644
--- a/README.md
+++ b/README.md
@@ -82,9 +82,6 @@ For openssl 3.0
git clone https://github.com/Linaro/uadk_engine.git
cd uadk_engine
autoreconf -i
- // openEuler
- ./configure --libdir=/usr/local/lib/engines-3/
- // ubuntu
./configure --libdir=/usr/local/lib/ossl-modules/
make
sudo make install
--
2.25.1

55
0029-ecc-cleanup-print-log.patch
View File

@ -1,55 +0,0 @@
From a19b11343facb6ff073cb01bf3583c8bf6cbb009 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Thu, 3 Mar 2022 03:08:45 +0000
Subject: [PATCH 29/31] ecc: cleanup print log
print with '\n'
Signed-off-by: Weili Qian <qianweili@huawei.com>
---
src/uadk_pkey.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index ceb7a8f..216ccc3 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -572,7 +572,7 @@ static int get_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
case EVP_PKEY_SM2:
ret = uadk_sm2_create_pmeth(&pkey_meth);
if (!ret) {
- fprintf(stderr, "failed to register sm2 pmeth");
+ fprintf(stderr, "failed to register sm2 pmeth.\n");
return 0;
}
*pmeth = pkey_meth.sm2;
@@ -580,7 +580,7 @@ static int get_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
case EVP_PKEY_EC:
ret = uadk_ec_create_pmeth(&pkey_meth);
if (!ret) {
- fprintf(stderr, "failed to register ec pmeth");
+ fprintf(stderr, "failed to register ec pmeth.\n");
return 0;
}
*pmeth = pkey_meth.ec;
@@ -588,7 +588,7 @@ static int get_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
case EVP_PKEY_X448:
ret = uadk_x448_create_pmeth(&pkey_meth);
if (!ret) {
- fprintf(stderr, "failed to register x448 pmeth");
+ fprintf(stderr, "failed to register x448 pmeth.\n");
return 0;
}
*pmeth = pkey_meth.x448;
@@ -596,7 +596,7 @@ static int get_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
case EVP_PKEY_X25519:
ret = uadk_x25519_create_pmeth(&pkey_meth);
if (!ret) {
- fprintf(stderr, "failed to register x25519 pmeth");
+ fprintf(stderr, "failed to register x25519 pmeth.\n");
return 0;
}
*pmeth = pkey_meth.x25519;
--
2.24.4

218
0030-engine-fix-function-return-type.patch
View File

@ -1,218 +0,0 @@
From 26360660c516fe54b48502a3ca9eb1bbf47146d5 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Thu, 3 Mar 2022 03:11:24 +0000
Subject: [PATCH 30/31] engine: fix function return type
The async_register_poll_fn() is an internal
function, and the probability of parameter
error is low. If the parameter is wrong,
a log will be printed, there is no need to
return an error code. And 'MAX_ALG_SIZE' is
chenged to 'ASYNC_TASK_MAX'.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_async.c | 13 ++++++-------
src/uadk_async.h | 5 +++--
src/uadk_cipher.c | 9 ++++++---
src/uadk_dh.c | 8 ++++++--
src/uadk_digest.c | 9 ++++++---
src/uadk_pkey.c | 8 ++++++--
src/uadk_rsa.c | 8 ++++++--
7 files changed, 39 insertions(+), 21 deletions(-)
diff --git a/src/uadk_async.c b/src/uadk_async.c
index 5320ae6..c98153b 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -22,11 +22,9 @@
#include "uadk.h"
#include "uadk_async.h"
-#define MAX_ALG_SIZE 6
-
static struct async_poll_queue poll_queue;
-static async_recv_t async_recv_func[MAX_ALG_SIZE];
+static async_recv_t async_recv_func[ASYNC_TASK_MAX];
static void async_fd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
OSSL_ASYNC_FD readfd, void *custom)
@@ -292,13 +290,14 @@ int async_wake_job(ASYNC_JOB *job)
return ret;
}
-int async_register_poll_fn(int type, async_recv_t func)
+void async_register_poll_fn(int type, async_recv_t func)
{
- if (type < 0 || type >= MAX_ALG_SIZE)
- return -1;
+ if (type < 0 || type >= ASYNC_TASK_MAX) {
+ fprintf(stderr, "alg type is error, type= %d.\n", type);
+ return;
+ }
async_recv_func[type] = func;
- return 0;
}
static void *async_poll_process_func(void *args)
diff --git a/src/uadk_async.h b/src/uadk_async.h
index cbb4b62..9836dbb 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -42,7 +42,8 @@ enum task_type {
ASYNC_TASK_DIGEST,
ASYNC_TASK_RSA,
ASYNC_TASK_DH,
- ASYNC_TASK_ECC
+ ASYNC_TASK_ECC,
+ ASYNC_TASK_MAX
};
struct async_poll_task {
@@ -66,7 +67,7 @@ struct async_poll_queue {
extern int async_setup_async_event_notification(struct async_op *op);
extern int async_clear_async_event_notification(void);
extern int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
-extern int async_register_poll_fn(int type, async_recv_t func);
+extern void async_register_poll_fn(int type, async_recv_t func);
extern void async_module_init(void);
extern int async_wake_job(ASYNC_JOB *job);
extern void async_free_poll_task(int id, bool is_cb);
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 6e09a8c..8f8af7e 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -550,8 +550,9 @@ static int uadk_e_wd_cipher_env_init(struct uacce_dev *dev)
if (ret)
return ret;
- return async_register_poll_fn(ASYNC_TASK_CIPHER,
- uadk_e_cipher_env_poll);
+ async_register_poll_fn(ASYNC_TASK_CIPHER, uadk_e_cipher_env_poll);
+
+ return 0;
}
static int uadk_e_wd_cipher_init(struct uacce_dev *dev)
@@ -596,7 +597,9 @@ static int uadk_e_wd_cipher_init(struct uacce_dev *dev)
if (ret)
goto err_freectx;
- return async_register_poll_fn(ASYNC_TASK_CIPHER, uadk_e_cipher_poll);
+ async_register_poll_fn(ASYNC_TASK_CIPHER, uadk_e_cipher_poll);
+
+ return 0;
err_freectx:
for (j = 0; j < i; j++)
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 989c9ec..40fb583 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -296,7 +296,9 @@ static int uadk_e_wd_dh_env_init(struct uacce_dev *dev)
if (ret)
return ret;
- return async_register_poll_fn(ASYNC_TASK_DH, uadk_e_dh_env_poll);
+ async_register_poll_fn(ASYNC_TASK_DH, uadk_e_dh_env_poll);
+
+ return 0;
}
static int uadk_e_wd_dh_init(struct dh_res_config *config, struct uacce_dev *dev)
@@ -335,7 +337,9 @@ static int uadk_e_wd_dh_init(struct dh_res_config *config, struct uacce_dev *dev
if (ret)
goto free_ctx;
- return async_register_poll_fn(ASYNC_TASK_DH, uadk_e_dh_poll);
+ async_register_poll_fn(ASYNC_TASK_DH, uadk_e_dh_poll);
+
+ return 0;
free_ctx:
for (i = 0; i < CTX_NUM; i++) {
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 5b843a0..ad24168 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -374,8 +374,9 @@ static int uadk_e_wd_digest_env_init(struct uacce_dev *dev)
if (ret)
return ret;
- return async_register_poll_fn(ASYNC_TASK_DIGEST,
- uadk_e_digest_env_poll);
+ async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_env_poll);
+
+ return 0;
}
static int uadk_e_wd_digest_init(struct uacce_dev *dev)
@@ -415,7 +416,9 @@ static int uadk_e_wd_digest_init(struct uacce_dev *dev)
if (ret)
goto err_freectx;
- return async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_poll);
+ async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_poll);
+
+ return 0;
err_freectx:
for (j = 0; j < i; j++)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 216ccc3..f27e2f5 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -175,7 +175,9 @@ static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev)
if (ret)
return ret;
- return async_register_poll_fn(ASYNC_TASK_ECC, uadk_e_ecc_env_poll);
+ async_register_poll_fn(ASYNC_TASK_ECC, uadk_e_ecc_env_poll);
+
+ return 0;
}
static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
@@ -209,7 +211,9 @@ static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev,
if (ret)
goto free_ctx;
- return async_register_poll_fn(ASYNC_TASK_ECC, uadk_ecc_poll);
+ async_register_poll_fn(ASYNC_TASK_ECC, uadk_ecc_poll);
+
+ return 0;
free_ctx:
for (i = 0; i < CTX_NUM; i++) {
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index f7755e3..c5d4dbb 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -713,7 +713,9 @@ static int uadk_e_wd_rsa_env_init(struct uacce_dev *dev)
if (ret)
return ret;
- return async_register_poll_fn(ASYNC_TASK_RSA, uadk_e_rsa_env_poll);
+ async_register_poll_fn(ASYNC_TASK_RSA, uadk_e_rsa_env_poll);
+
+ return 0;
}
static int uadk_e_wd_rsa_init(struct rsa_res_config *config,
@@ -753,7 +755,9 @@ static int uadk_e_wd_rsa_init(struct rsa_res_config *config,
if (ret)
goto free_ctx;
- return async_register_poll_fn(ASYNC_TASK_RSA, uadk_e_rsa_poll);
+ async_register_poll_fn(ASYNC_TASK_RSA, uadk_e_rsa_poll);
+
+ return 0;
free_ctx:
for (i = 0; i < CTX_NUM; i++) {
--
2.24.4

95
0030-uadk_prov_digest-provider-default-may-not-exist.patch Normal file
View File

@ -0,0 +1,95 @@
From c56df72b255482f6bdc928f08fbfc2304deb526d Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Mon, 28 Aug 2023 17:38:44 +0800
Subject: [PATCH 30/48] uadk_prov_digest: provider default may not exist
When provider default is not provided, priv->soft_md is NULL
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk_prov_digest.c | 34 +++++++++++++++++++++++-----------
1 file changed, 23 insertions(+), 11 deletions(-)
diff --git a/src/uadk_prov_digest.c b/src/uadk_prov_digest.c
index 5456d2d..ecb8d23 100644
--- a/src/uadk_prov_digest.c
+++ b/src/uadk_prov_digest.c
@@ -158,19 +158,30 @@ static int uadk_digests_soft_md(struct digest_priv_ctx *priv)
static int uadk_digest_soft_init(struct digest_priv_ctx *priv)
{
- return EVP_DigestInit(priv->soft_ctx, priv->soft_md);
+ if (priv->soft_md)
+ return EVP_DigestInit_ex(priv->soft_ctx, priv->soft_md, NULL);
+
+ return 0;
}
-static int uadk_digest_soft_update(EVP_MD_CTX *ctx, const void *data, size_t len)
+static int uadk_digest_soft_update(struct digest_priv_ctx *priv,
+ const void *data, size_t len)
{
- return EVP_DigestUpdate(ctx, data, len);
+ if (priv->soft_md)
+ return EVP_DigestUpdate(priv->soft_ctx, data, len);
+
+ return 0;
}
static int uadk_digest_soft_final(struct digest_priv_ctx *priv, unsigned char *digest)
{
- unsigned int digest_length = EVP_MD_get_size(priv->soft_md);
+ if (priv->soft_md) {
+ unsigned int digest_length;
+
+ return EVP_DigestFinal_ex(priv->soft_ctx, digest, &digest_length);
+ }
- return EVP_DigestFinal(priv->soft_ctx, digest, &digest_length);
+ return 0;
}
static void digest_soft_cleanup(struct digest_priv_ctx *priv)
@@ -195,10 +206,13 @@ static void digest_soft_cleanup(struct digest_priv_ctx *priv)
static int uadk_digest_soft_work(struct digest_priv_ctx *priv, int len,
unsigned char *digest)
{
+ if (!priv->soft_md)
+ return 0;
+
uadk_digest_soft_init(priv);
if (len != 0)
- uadk_digest_soft_update(priv->soft_ctx, priv->data, len);
+ uadk_digest_soft_update(priv, priv->data, len);
uadk_digest_soft_final(priv, digest);
digest_soft_cleanup(priv);
@@ -338,13 +352,11 @@ do_soft_digest:
&& priv->last_update_bufflen != 0) {
priv->switch_flag = UADK_DO_SOFT;
uadk_digest_soft_init(priv);
- ret = uadk_digest_soft_update(priv->soft_ctx,
- priv->data, priv->last_update_bufflen);
+ ret = uadk_digest_soft_update(priv, priv->data, priv->last_update_bufflen);
if (ret != 1)
return ret;
- return uadk_digest_soft_update(priv->soft_ctx,
- tmpdata, left_len);
+ return uadk_digest_soft_update(priv, tmpdata, left_len);
}
fprintf(stderr, "do soft digest failed during updating!\n");
@@ -365,7 +377,7 @@ static int uadk_digest_update(struct digest_priv_ctx *priv, const void *data, si
return uadk_digest_update_inner(priv, data, data_len);
soft_update:
- return uadk_digest_soft_update(priv->soft_ctx, data, data_len);
+ return uadk_digest_soft_update(priv, data, data_len);
}
static void uadk_async_cb(struct wd_digest_req *req, void *data)
--
2.25.1

30
0031-rsa-fixup-about-the-wrong-copy.patch
View File

@ -1,30 +0,0 @@
From 2c99863001cbb39838d983d76171ac131930c310 Mon Sep 17 00:00:00 2001
From: Weili Qian <qianweili@huawei.com>
Date: Thu, 3 Mar 2022 03:25:03 +0000
Subject: [PATCH 31/31] rsa: fixup about the wrong copy
The pointer of 'req.src' is NULL, and the
direct memcpy operation will fail. Therefore,
delete the memcpy and assign a value directly later.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index c5d4dbb..1488b98 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -902,7 +902,6 @@ static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param,
if (!rsa_sess->is_pubkey_ready) {
wd_rsa_get_pubkey(rsa_sess->sess, &pubkey);
wd_rsa_get_pubkey_params(pubkey, &wd_e, &wd_n);
- memcpy(rsa_sess->req.src, in_buf, rsa_sess->req.src_bytes);
wd_e->dsize = BN_bn2bin(pubkey_param->e,
(unsigned char *)wd_e->data);
wd_n->dsize = BN_bn2bin(pubkey_param->n,
--
2.24.4

32
0031-uadk_provider-iv_len-in-SM4_ECB-mode-must-be-0.patch Normal file
View File

@ -0,0 +1,32 @@
From 162c06fb92f301b3d7396aa703825e64eb3512b0 Mon Sep 17 00:00:00 2001
From: Guodong Xu <guodong.xu@linaro.org>
Date: Sun, 3 Sep 2023 06:36:37 +0800
Subject: [PATCH 31/48] uadk_provider: iv_len in SM4_ECB mode must be 0
iv_len of ECB mode must be 0. Without this, openssl's evp_test
will fail at:
[openssl.git]/test/evp_test.c, cipher_test_run():
if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher)) {
Signed-off-by: Guodong Xu <guodong.xu@linaro.org>
---
src/uadk_prov_cipher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c
index af0fa02..c0c52a3 100644
--- a/src/uadk_prov_cipher.c
+++ b/src/uadk_prov_cipher.c
@@ -801,7 +801,7 @@ UADK_CIPHER_DESCR(aes_256_ecb, 16, 32, 0, 0, NID_aes_256_ecb, ecb(aes), EVP_CIPH
UADK_CIPHER_DESCR(aes_128_xts, 1, 32, 16, 0, NID_aes_128_xts, xts(aes), EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV);
UADK_CIPHER_DESCR(aes_256_xts, 1, 64, 16, 0, NID_aes_256_xts, xts(aes), EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV);
UADK_CIPHER_DESCR(sm4_cbc, 16, 16, 16, 0, NID_sm4_cbc, cbc(sm4), EVP_CIPH_CBC_MODE);
-UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 16, 0, NID_sm4_ecb, ecb(sm4), EVP_CIPH_ECB_MODE);
+UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 0, 0, NID_sm4_ecb, ecb(sm4), EVP_CIPH_ECB_MODE);
UADK_CIPHER_DESCR(des_ede3_cbc, 8, 24, 8, 0, NID_des_ede3_cbc, cbc(des), EVP_CIPH_CBC_MODE);
UADK_CIPHER_DESCR(des_ede3_ecb, 8, 24, 0, 0, NID_des_ede3_ecb, ecb(des), EVP_CIPH_ECB_MODE);
--
2.25.1

164
0032-README-modify-the-engine-id-name.patch
View File

@ -1,164 +0,0 @@
From a476a9881ed143f16eb579f3a34446ea24cb20f8 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Fri, 4 Mar 2022 14:44:07 +0800
Subject: [PATCH 32/32] README: modify the engine id name
The new engine id name is 'uadk_engine'. So need to update
the README.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
README | 98 +++++++++++++++++++++++++++++-----------------------------
1 file changed, 49 insertions(+), 49 deletions(-)
diff --git a/README b/README
index e02de8f..562a859 100644
--- a/README
+++ b/README
@@ -67,60 +67,60 @@ Testing
```
1. Cipher
```
-openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
-openssl speed -engine uadk -async_jobs 1 -evp aes-128-cbc
-openssl speed -engine uadk -async_jobs 1 -evp sm4-cbc
-openssl speed -engine uadk -async_jobs 1 -evp des-ede3-cbc
+openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
+openssl speed -engine uadk_engine -async_jobs 1 -evp aes-128-cbc
+openssl speed -engine uadk_engine -async_jobs 1 -evp sm4-cbc
+openssl speed -engine uadk_engine -async_jobs 1 -evp des-ede3-cbc
```
2. RSA
```
-openssl genrsa -out prikey.pem -engine uadk 2048
-openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk
-openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk
-openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk
-openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk
-openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk
-openssl speed -elapsed -engine uadk rsa2048
-openssl speed -elapsed -engine uadk -async_jobs 10 rsa2048
+openssl genrsa -out prikey.pem -engine uadk_engine 2048
+openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk_engine
+openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk_engine
+openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk_engine
+openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk_engine
+openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk_engine
+openssl speed -elapsed -engine uadk_engine rsa2048
+openssl speed -elapsed -engine uadk_engine -async_jobs 10 rsa2048
```
3. SM3
```
-openssl sm3 -engine uadk data
+openssl sm3 -engine uadk_engine data
```
4. MD5
```
-openssl speed -engine uadk -async_jobs 1 -evp md5
+openssl speed -engine uadk_engine -async_jobs 1 -evp md5
```
5. SHA
```
-openssl sha1 -engine uadk data
-openssl sha256 -engine uadk data
-openssl sha512 -engine uadk data
+openssl sha1 -engine uadk_engine data
+openssl sha256 -engine uadk_engine data
+openssl sha512 -engine uadk_engine data
```
6. DH
@@ -142,9 +142,9 @@ openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine uadk
[step 4] After exchanging public key, each user can derive the shared secret:
```
openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out
-secret1.bin -engine uadk
+secret1.bin -engine uadk_engine
openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out
-secret2.bin -engine uadk
+secret2.bin -engine uadk_engine
```
[step 5] Check secret1.bin and secret2.bin:
```
@@ -156,15 +156,15 @@ secret1.bin and secret2.bin should be the same.
7. SM2
```
-openssl speed -elapsed -engine uadk sm2
-openssl speed -elapsed -engine uadk -async_jobs 1 sm2
+openssl speed -elapsed -engine uadk_engine sm2
+openssl speed -elapsed -engine uadk_engine -async_jobs 1 sm2
openssl ecparam -genkey -name SM2 -out SM2PrivateKey.pem
openssl ec -in SM2PrivateKey.pem -pubout -out SM2PublicKey.pem
```
8. ECDSA
```
-openssl speed -elapsed -engine uadk ecdsap256
-openssl speed -elapsed -engine uadk -async_jobs 1 ecdsap256
+openssl speed -elapsed -engine uadk_engine ecdsap256
+openssl speed -elapsed -engine uadk_engine -async_jobs 1 ecdsap256
```
Environment variable of uadk engine
@@ -184,7 +184,7 @@ openssl_cnf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
-uadk = uadk_section
+uadk_engine = uadk_section
[uadk_section]
UADK_CMD_ENABLE_RSA_ENV = 1
UADK_CMD_ENABLE_DH_ENV = 1
--
2.24.4

71
0032-uadk_provider-load-default-provider-into-Global-libr.patch Normal file
View File

@ -0,0 +1,71 @@
From 3c01ab789093fcc27a68029642b64eaf9d114e74 Mon Sep 17 00:00:00 2001
From: Guodong Xu <guodong.xu@linaro.org>
Date: Mon, 4 Sep 2023 09:45:05 +0800
Subject: [PATCH 32/48] uadk_provider: load default provider into Global
library context
Implementations in default provider are required in some cases.
For example when the package size is small.
In current design, we load default provider into Global library context,
aka. NULL.
Signed-off-by: Guodong Xu <guodong.xu@linaro.org>
---
src/uadk_prov_init.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c
index b59a4e8..57910ac 100644
--- a/src/uadk_prov_init.c
+++ b/src/uadk_prov_init.c
@@ -22,6 +22,8 @@
#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/provider.h>
#include "uadk_async.h"
#include "uadk_prov.h"
@@ -32,7 +34,8 @@ struct p_uadk_ctx {
};
const char *engine_uadk_id = "uadk_provider";
-static const char UADK_DEFAULT_PROPERTIES[] = "provider=uadk";
+static const char UADK_DEFAULT_PROPERTIES[] = "provider=uadk_provider";
+static OSSL_PROVIDER *prov;
const OSSL_ALGORITHM uadk_prov_digests[] = {
{ OSSL_DIGEST_NAME_MD5, UADK_DEFAULT_PROPERTIES,
@@ -83,8 +86,18 @@ const OSSL_ALGORITHM uadk_prov_ciphers[] = {
static const OSSL_ALGORITHM *p_prov_query(void *provctx, int operation_id,
int *no_cache)
{
- *no_cache = 0;
+ static int prov_init;
+
+ prov = OSSL_PROVIDER_load(NULL, "default");
+ if (!prov_init) {
+ prov_init = 1;
+ /* uadk_provider takes the highest priority
+ * and overwrite the openssl.cnf property.
+ */
+ EVP_set_default_properties(NULL, "?provider=uadk_provider");
+ }
+ *no_cache = 0;
switch (operation_id) {
case OSSL_OP_DIGEST:
return uadk_prov_digests;
@@ -101,6 +114,7 @@ static void p_teardown(void *provctx)
uadk_prov_destroy_digest();
uadk_prov_destroy_cipher();
OPENSSL_free(ctx);
+ OSSL_PROVIDER_unload(prov);
}
static const OSSL_DISPATCH p_test_table[] = {
--
2.25.1

226
0033-digest-improve-the-digest-performance.patch
View File

@ -1,226 +0,0 @@
From 3cbf3c85645d7ec43aa149c1bcf346a556bbf30a Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 8 Mar 2022 15:44:00 +0800
Subject: [PATCH 33/36] digest: improve the digest performance
1. The memset function found to be a hotspot function by perf. so should
remove the memset in io path. it can improve three times
performance.
2. add some branch predictor function to improve a little performance.
3. use the uadk_memory_cpy can improve 5% performance.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/Makefile.am | 4 +--
src/uadk.h | 1 +
src/uadk_digest.c | 17 ++++++-------
src/uadk_utils.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++
src/uadk_utils.h | 24 ++++++++++++++++++
5 files changed, 98 insertions(+), 11 deletions(-)
create mode 100644 src/uadk_utils.c
create mode 100644 src/uadk_utils.h
diff --git a/src/Makefile.am b/src/Makefile.am
index 636f559..75595aa 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -7,8 +7,8 @@ UADK_ENGINE_VERSION = -version-number ${MAJOR}:${MINOR}:${REVISION}
lib_LTLIBRARIES=uadk_engine.la
-uadk_engine_la_SOURCES=e_uadk.c uadk_cipher.c uadk_digest.c uadk_async.c uadk_rsa.c \
- uadk_sm2.c uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c
+uadk_engine_la_SOURCES=uadk_utils.c e_uadk.c uadk_cipher.c uadk_digest.c uadk_async.c \
+ uadk_rsa.c uadk_sm2.c uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c
uadk_engine_la_LIBADD=-ldl -lwd -lwd_crypto -lpthread
uadk_engine_la_LDFLAGS=-module $(UADK_ENGINE_VERSION)
diff --git a/src/uadk.h b/src/uadk.h
index 0f9b0be..384e035 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -19,6 +19,7 @@
#include <openssl/engine.h>
#include <uadk/wd.h>
#include <uadk/wd_sched.h>
+#include "uadk_utils.h"
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
#define ENV_STRING_LEN 256
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index ad24168..355917d 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -493,7 +493,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
priv->state = SEC_DIGEST_INIT;
ret = uadk_e_init_digest();
- if (!ret) {
+ if (unlikely(!ret)) {
priv->switch_flag = UADK_DO_SOFT;
fprintf(stderr, "uadk failed to initialize digest.\n");
goto soft_init;
@@ -507,7 +507,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
}
}
- if (i == digest_counts) {
+ if (unlikely(i == digest_counts)) {
fprintf(stderr, "failed to setup the private ctx.\n");
return 0;
}
@@ -519,11 +519,10 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
return 0;
priv->data = malloc(DIGEST_BLOCK_SIZE);
- if (!priv->data) {
+ if (unlikely(!priv->data)) {
wd_digest_free_sess(priv->sess);
return 0;
}
- memset(priv->data, 0, DIGEST_BLOCK_SIZE);
priv->switch_threshold = sec_digest_get_sw_threshold(nid);
@@ -546,7 +545,8 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) {
copy_to_bufflen = DIGEST_BLOCK_SIZE - priv->last_update_bufflen;
- memcpy(priv->data + priv->last_update_bufflen, tmpdata, copy_to_bufflen);
+ uadk_memcpy(priv->data + priv->last_update_bufflen, tmpdata,
+ copy_to_bufflen);
priv->last_update_bufflen = DIGEST_BLOCK_SIZE;
priv->req.in_bytes = DIGEST_BLOCK_SIZE;
@@ -567,10 +567,9 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
}
priv->last_update_bufflen = 0;
- memset(priv->data, 0, DIGEST_BLOCK_SIZE);
if (left_len <= DIGEST_BLOCK_SIZE) {
priv->last_update_bufflen = left_len;
- memcpy(priv->data, tmpdata, priv->last_update_bufflen);
+ uadk_memcpy(priv->data, tmpdata, priv->last_update_bufflen);
break;
}
}
@@ -604,7 +603,7 @@ static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_l
goto soft_update;
if (priv->last_update_bufflen + data_len <= DIGEST_BLOCK_SIZE) {
- memcpy(priv->data + priv->last_update_bufflen, data, data_len);
+ uadk_memcpy(priv->data + priv->last_update_bufflen, data, data_len);
priv->last_update_bufflen += data_len;
return 1;
}
@@ -697,7 +696,7 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
ret = async_setup_async_event_notification(&op);
- if (!ret) {
+ if (unlikely(!ret)) {
fprintf(stderr, "failed to setup async event notification.\n");
return 0;
}
diff --git a/src/uadk_utils.c b/src/uadk_utils.c
new file mode 100644
index 0000000..2b34b3a
--- /dev/null
+++ b/src/uadk_utils.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+#include "uadk_utils.h"
+
+#define UADK_MEM_IMPROVE_THRESHOLD 1024
+
+static void *memcpy_large(void *dstpp, const void *srcpp, size_t len)
+{
+ __asm__ __volatile__(
+ "add x4, %[src], %[count]\n\t"
+ "add x5, %[res], %[count]\n\t"
+ "ldr q0, [%[src]]\n\t"
+ "str q0, [%[res]]\n\t"
+ "sub %[count], %[count], 80\n\t"
+ "and x14, %[src], 15\n\t"
+ "bic %[src], %[src], 15\n\t"
+ "sub x3, %[res], x14\n\t"
+ "add %[count], %[count], x14\n\t"
+
+ "1:\n\t"
+ "ldp q0, q1, [%[src], 16]\n\t"
+ "stp q0, q1, [x3, 16]\n\t"
+ "ldp q0, q1, [%[src], 48]\n\t"
+ "stp q0, q1, [x3, 48]\n\t"
+ "add %[src], %[src], 64\n\t"
+ "add x3, x3, 64\n\t"
+ "subs %[count], %[count], 64\n\t"
+ "b.hi 1b\n\t"
+
+ "ldp q0, q1, [x4, -64]\n\t"
+ "stp q0, q1, [x5, -64]\n\t"
+ "ldp q0, q1, [x4, -32]\n\t"
+ "stp q0, q1, [x5, -32]\n\t"
+
+ : [res] "+r"(dstpp)
+ : [src] "r"(srcpp), [count] "r"(len)
+ : "x3", "x4", "x5", "x14", "q0", "q1"
+ );
+
+ return dstpp;
+}
+
+void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len)
+{
+ if (len >= UADK_MEM_IMPROVE_THRESHOLD)
+ return memcpy_large(dstpp, srcpp, len);
+ else
+ return memcpy(dstpp, srcpp, len);
+}
diff --git a/src/uadk_utils.h b/src/uadk_utils.h
new file mode 100644
index 0000000..a16536b
--- /dev/null
+++ b/src/uadk_utils.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+#ifndef UADK_UTILS
+#define UADK_UTILS
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len);
+#endif
--
2.24.4

84
0033-uadk_provider-handle-the-async_poll_task_free-in-pro.patch Normal file
View File

@ -0,0 +1,84 @@
From fb3715e15d70b089e6be7735ebae9aa764dc40d3 Mon Sep 17 00:00:00 2001
From: Guodong Xu <guodong.xu@linaro.org>
Date: Wed, 6 Sep 2023 17:53:39 +0800
Subject: [PATCH 33/48] uadk_provider: handle the async_poll_task_free in
provider teardown
Previously, async_poll_task_free() is registered as part of OPENSSL_atexit.
However, in the dynamic loading scenario, after uadk_provider is unloaded,
the function entry of async_poll_task_free() is not valid any more. Calling
it as part of OPENSSL_cleanup() (who calls all _atexit handlers) generates
a Segmentation Fault.
Since this async_poll_task_free() is about uadk_provider's resources free,
so move the call of this functiion into provider teardown. This ensures
this function is called before uadk_provider module's destruction.
Signed-off-by: Guodong Xu <guodong.xu@linaro.org>
---
src/uadk_async.c | 4 +---
src/uadk_async.h | 1 +
src/uadk_engine_init.c | 2 ++
src/uadk_prov_init.c | 1 +
4 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/uadk_async.c b/src/uadk_async.c
index dfac1cb..c46976c 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -112,7 +112,7 @@ int async_clear_async_event_notification(void)
return 1;
}
-static void async_poll_task_free(void)
+void async_poll_task_free(void)
{
int error;
struct async_poll_task *task;
@@ -381,8 +381,6 @@ int async_module_init(void)
goto err;
poll_queue.thread_id = thread_id;
- OPENSSL_atexit(async_poll_task_free);
-
return 1;
err:
diff --git a/src/uadk_async.h b/src/uadk_async.h
index d7a8bb5..9160c98 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -78,4 +78,5 @@ int async_module_init(void);
int async_wake_job(ASYNC_JOB *job);
void async_free_poll_task(int id, bool is_cb);
int async_get_free_task(int *id);
+void async_poll_task_free(void);
#endif
diff --git a/src/uadk_engine_init.c b/src/uadk_engine_init.c
index 0a9e3e6..e2aa392 100644
--- a/src/uadk_engine_init.c
+++ b/src/uadk_engine_init.c
@@ -220,6 +220,8 @@ static int uadk_destroy(ENGINE *e)
if (uadk_dh)
uadk_e_destroy_dh();
+ async_poll_task_free();
+
pthread_mutex_lock(&uadk_engine_mutex);
uadk_inited = 0;
pthread_mutex_unlock(&uadk_engine_mutex);
diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c
index 57910ac..af22dfa 100644
--- a/src/uadk_prov_init.c
+++ b/src/uadk_prov_init.c
@@ -115,6 +115,7 @@ static void p_teardown(void *provctx)
uadk_prov_destroy_cipher();
OPENSSL_free(ctx);
OSSL_PROVIDER_unload(prov);
+ async_poll_task_free();
}
static const OSSL_DISPATCH p_test_table[] = {
--
2.25.1

90
0034-cipher-support-the-sm4-ecb-alg.patch
View File

@ -1,90 +0,0 @@
From 2dc0aa3a544afd4861656f4e876e287aa3ead9b9 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 8 Mar 2022 16:15:32 +0800
Subject: [PATCH 34/36] cipher: support the sm4-ecb alg
the uadk sdk layer has supported the sm4-ecb alg. Kunpeng 920
supports the sm4-ecb by new chip fs.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 15 ++++++++-------
src/v1/alg/ciphers/sec_ciphers.c | 1 +
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 8f8af7e..e4595be 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -87,6 +87,7 @@ static int cipher_920_nids[] = {
NID_sm4_cbc,
NID_des_ede3_cbc,
NID_des_ede3_ecb,
+ NID_sm4_ecb,
0,
};
@@ -103,7 +104,6 @@ static int cipher_930_nids[] = {
NID_aes_128_xts,
NID_aes_256_xts,
NID_sm4_cbc,
- NID_sm4_ecb,
NID_des_ede3_cbc,
NID_des_ede3_ecb,
NID_aes_128_cfb128,
@@ -984,6 +984,11 @@ static int bind_v2_cipher(void)
sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
uadk_e_do_cipher, uadk_e_cipher_cleanup,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
+ UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 16, EVP_CIPH_ECB_MODE,
+ sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+ uadk_e_do_cipher, uadk_e_cipher_cleanup,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
+
return 0;
}
@@ -1037,10 +1042,6 @@ static int bind_v3_cipher(void)
sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
uadk_e_do_cipher, uadk_e_cipher_cleanup,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
- UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 16, EVP_CIPH_ECB_MODE,
- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
- uadk_e_do_cipher, uadk_e_cipher_cleanup,
- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
return 0;
}
@@ -1088,6 +1089,8 @@ static void destroy_v2_cipher(void)
uadk_des_ede3_cbc = 0;
EVP_CIPHER_meth_free(uadk_des_ede3_ecb);
uadk_des_ede3_ecb = 0;
+ EVP_CIPHER_meth_free(uadk_sm4_ecb);
+ uadk_sm4_ecb = 0;
}
static void destroy_v3_cipher(void)
@@ -1116,8 +1119,6 @@ static void destroy_v3_cipher(void)
uadk_sm4_ofb128 = 0;
EVP_CIPHER_meth_free(uadk_sm4_ctr);
uadk_sm4_ctr = 0;
- EVP_CIPHER_meth_free(uadk_sm4_ecb);
- uadk_sm4_ecb = 0;
}
void uadk_e_destroy_cipher(void)
diff --git a/src/v1/alg/ciphers/sec_ciphers.c b/src/v1/alg/ciphers/sec_ciphers.c
index 2c619be..b4743ed 100644
--- a/src/v1/alg/ciphers/sec_ciphers.c
+++ b/src/v1/alg/ciphers/sec_ciphers.c
@@ -85,6 +85,7 @@ static int g_known_cipher_nids[CIPHERS_COUNT] = {
NID_sm4_ctr,
NID_sm4_cbc,
NID_sm4_ofb128,
+ NID_sm4_ecb,
};
#define SEC_CIPHERS_RETURN_FAIL_IF(cond, mesg, ret) \
--
2.24.4

28
0034-uadk_cipher-iv_len-in-SM4_ECB-mode-must-be-0.patch Normal file
View File

@ -0,0 +1,28 @@
From 1b13c2c933eb544020ab17aaec1f28b21f228dec Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Wed, 6 Sep 2023 22:00:03 +0800
Subject: [PATCH 34/48] uadk_cipher: iv_len in SM4_ECB mode must be 0
The iv_len of ECB mode must be 0.
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk_cipher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index c87c7ee..901c29e 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -1024,7 +1024,7 @@ static int bind_v2_cipher(void)
sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
uadk_e_do_cipher, uadk_e_cipher_cleanup,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
- UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 16, EVP_CIPH_ECB_MODE,
+ UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE,
sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
uadk_e_do_cipher, uadk_e_cipher_cleanup,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
--
2.25.1

42
0035-cipher-fix-segmentation-fault-for-uadk_e_ctx_init.patch
View File

@ -1,42 +0,0 @@
From 1ff08b383a59150a193870b3150d5265a03864ed Mon Sep 17 00:00:00 2001
From: Wenkai Lin <linwenkai6@hisilicon.com>
Date: Thu, 10 Mar 2022 20:03:20 +0800
Subject: [PATCH 35/36] cipher: fix segmentation fault for uadk_e_ctx_init
if uadk_e_init_cipher failed, there is no need to
alloc cipher session, and alloc session will meet
a segmentation fault because sched_init is not
set by wd_cipher_init.
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
---
src/uadk_cipher.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index e4595be..d6dd8e8 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -846,15 +846,16 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
struct sched_params params = {0};
int ret;
+ priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx);
+ priv->req.iv = priv->iv;
+
ret = uadk_e_init_cipher();
if (unlikely(!ret)) {
priv->switch_flag = UADK_DO_SOFT;
fprintf(stderr, "uadk failed to init cipher HW!\n");
+ return;
}
- priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx);
- priv->req.iv = priv->iv;
-
/*
* The internal RR scheduler used by environment variables,
* the cipher algorithm does not distinguish between
--
2.24.4

38
0035-uadk_prov_cipher-add-handling-of-param-padding.patch Normal file
View File

@ -0,0 +1,38 @@
From 3e70bfc8641d7d292341958a21df6365a70b2efc Mon Sep 17 00:00:00 2001
From: Guodong Xu <guodong.xu@linaro.org>
Date: Tue, 5 Sep 2023 15:47:43 +0800
Subject: [PATCH 35/48] uadk_prov_cipher: add handling of param padding
Add handling of OSSL_CIPHER_PARAM_PADDING. Without this,
openssl ./test/evp_test fails.
Signed-off-by: Guodong Xu <guodong.xu@linaro.org>
---
src/uadk_prov_cipher.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c
index c0c52a3..1e4c40d 100644
--- a/src/uadk_prov_cipher.c
+++ b/src/uadk_prov_cipher.c
@@ -616,6 +616,17 @@ static int uadk_prov_cipher_set_ctx_params(void *vctx, const OSSL_PARAM params[]
if (params == NULL)
return 1;
+ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING);
+ if (p != NULL) {
+ unsigned int pad;
+
+ if (!OSSL_PARAM_get_uint(p, &pad)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+ EVP_CIPHER_CTX_set_padding(priv->sw_ctx, pad);
+ }
+
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
if (p != NULL) {
size_t keylen;
--
2.25.1

28
0036-cipher-sm4-ecb-algorithm-is-deleted-by-mistake.patch
View File

@ -1,28 +0,0 @@
From cf720869f7637e41ff1094d8bc640180fca55f75 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 15 Mar 2022 17:07:59 +0800
Subject: [PATCH 36/36] cipher: sm4-ecb algorithm is deleted by mistake
Because sm4-ecb alg is deleted by mistake. So this alg
not be found in hardware V3.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index d6dd8e8..5ebad64 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -104,6 +104,7 @@ static int cipher_930_nids[] = {
NID_aes_128_xts,
NID_aes_256_xts,
NID_sm4_cbc,
+ NID_sm4_ecb,
NID_des_ede3_cbc,
NID_des_ede3_ecb,
NID_aes_128_cfb128,
--
2.24.4

605
0036-uadk_prov_cipher-fix-padding.patch Normal file
View File

@ -0,0 +1,605 @@
From 40769962ee162ba9b27d88d54d53b5c406a41886 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Thu, 31 Aug 2023 11:26:04 +0800
Subject: [PATCH 36/48] uadk_prov_cipher: fix padding
Unlike openssl 1.1, openssl 3.0 requires "It is the responsibility
of the cipher implementation to handle input lengths that are no
multiples of the block length" [1]
Add padding handling via referring
providers/implementations/ciphers/ciphercommon.c
Additionally, the patch finds that using software and hardware
ciphers does not work properly if alternating between the two.
If using hardware, it is necessary to keep using hardware, and vice versa.
[1] https://www.openssl.org/docs/manmaster/man7/provider-cipher.html
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk_prov_cipher.c | 382 ++++++++++++++++++++++++++++++++++-------
1 file changed, 324 insertions(+), 58 deletions(-)
diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c
index 1e4c40d..87beb76 100644
--- a/src/uadk_prov_cipher.c
+++ b/src/uadk_prov_cipher.c
@@ -20,6 +20,7 @@
#include <stdbool.h>
#include <string.h>
#include <dlfcn.h>
+#include <numa.h>
#include <openssl/core_names.h>
#include <openssl/proverr.h>
#include <uadk/wd_cipher.h>
@@ -27,7 +28,8 @@
#include "uadk.h"
#include "uadk_async.h"
-#define UADK_DO_SOFT (-0xE0)
+#define UADK_DO_SOFT (-0xE0)
+#define UADK_DO_HW (-0xF0)
#define CTX_SYNC_ENC 0
#define CTX_SYNC_DEC 1
#define CTX_ASYNC_ENC 2
@@ -40,6 +42,7 @@
#define ENV_ENABLED 1
#define MAX_KEY_LEN 64
#define ALG_NAME_SIZE 128
+#define GENERIC_BLOCK_SIZE 16
/* Internal flags that can be queried */
#define PROV_CIPHER_FLAG_AEAD 0x0001
@@ -66,6 +69,8 @@ struct cipher_priv_ctx {
struct wd_cipher_sess_setup setup;
struct wd_cipher_req req;
unsigned char iv[IV_LEN];
+ /* Buffer of partial blocks processed via update calls */
+ unsigned char buf[GENERIC_BLOCK_SIZE];
unsigned char key[MAX_KEY_LEN];
int switch_flag;
EVP_CIPHER_CTX *sw_ctx;
@@ -76,6 +81,7 @@ struct cipher_priv_ctx {
size_t blksize;
size_t keylen;
size_t ivlen;
+ size_t bufsz; /* Number of bytes in buf */
char alg_name[ALG_NAME_SIZE];
};
@@ -121,60 +127,82 @@ static int uadk_fetch_sw_cipher(struct cipher_priv_ctx *priv)
switch (priv->nid) {
case NID_aes_128_cbc:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-128-CBC", "provider=default");
+ break;
case NID_aes_192_cbc:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-192-CBC", "provider=default");
+ break;
case NID_aes_256_cbc:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-256-CBC", "provider=default");
+ break;
case NID_aes_128_ecb:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-128-ECB", "provider=default");
+ break;
case NID_aes_192_ecb:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-192-ECB", "provider=default");
+ break;
case NID_aes_256_ecb:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-256-ECB", "provider=default");
+ break;
case NID_aes_128_xts:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-128-XTS", "provider=default");
+ break;
case NID_aes_256_xts:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-256-XTS", "provider=default");
+ break;
case NID_sm4_cbc:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "SM4-CBC", "provider=default");
+ break;
case NID_sm4_ecb:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "SM4-ECB", "provider=default");
+ break;
case NID_des_ede3_cbc:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "DES-EDE3-CBC", "provider=default");
+ break;
case NID_des_ede3_ecb:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "DES-EDE3-ECB", "provider=default");
+ break;
case NID_aes_128_ctr:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-128-CTR", "provider=default");
+ break;
case NID_aes_192_ctr:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-192-CTR", "provider=default");
+ break;
case NID_aes_256_ctr:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-256-CTR", "provider=default");
+ break;
case NID_aes_128_ofb128:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-128-OFB", "provider=default");
+ break;
case NID_aes_192_ofb128:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-192-OFB", "provider=default");
+ break;
case NID_aes_256_ofb128:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-256-OFB", "provider=default");
+ break;
case NID_aes_128_cfb128:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-128-CFB", "provider=default");
+ break;
case NID_aes_192_cfb128:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-192-CFB", "provider=default");
+ break;
case NID_aes_256_cfb128:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-256-CFB", "provider=default");
+ break;
case NID_sm4_ofb128:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "SM4-OFB", "provider=default");
+ break;
case NID_sm4_cfb128:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "SM4-CFB", "provider=default");
+ break;
case NID_sm4_ctr:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "SM4-CTR", "provider=default");
+ break;
default:
break;
}
- if (unlikely(priv->sw_cipher == NULL)) {
- fprintf(stderr, "fail to fetch sw_cipher\n");
+ if (unlikely(priv->sw_cipher == NULL))
return 0;
- }
return 1;
}
@@ -192,27 +220,25 @@ static int uadk_prov_cipher_sw_init(struct cipher_priv_ctx *priv,
return 0;
}
+ priv->switch_threshold = SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT;
+
return 1;
}
static int uadk_prov_cipher_soft_work(struct cipher_priv_ctx *priv, unsigned char *out,
- const unsigned char *in, size_t len)
+ int *outl, const unsigned char *in, size_t len)
{
int sw_final_len = 0;
- int outlen = 0;
if (priv->sw_cipher == NULL)
return 0;
- if (!EVP_CipherUpdate(priv->sw_ctx, out, &outlen, in, len)) {
+ if (!EVP_CipherUpdate(priv->sw_ctx, out, outl, in, len)) {
fprintf(stderr, "EVP_CipherUpdate sw_ctx failed.\n");
return 0;
}
- if (!EVP_CipherFinal_ex(priv->sw_ctx, out + outlen, &sw_final_len)) {
- fprintf(stderr, "EVP_CipherFinal_ex sw_ctx failed.\n");
- return 0;
- }
+ priv->switch_flag = UADK_DO_SOFT;
return 1;
}
@@ -261,15 +287,10 @@ static int uadk_prov_cipher_init(struct cipher_priv_ctx *priv,
return 0;
}
- if (key) {
+ if (key)
memcpy(priv->key, key, keylen);
- ret = uadk_prov_cipher_sw_init(priv, key, iv);
- if (unlikely(ret != 1))
- return 0;
- }
-
- priv->switch_threshold = SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT;
+ uadk_prov_cipher_sw_init(priv, key, iv);
return 1;
}
@@ -348,12 +369,6 @@ static int uadk_do_cipher_sync(struct cipher_priv_ctx *priv)
{
int ret;
- if (unlikely(priv->switch_flag == UADK_DO_SOFT))
- return 0;
-
- if (priv->switch_threshold >= priv->req.in_bytes)
- return 0;
-
ret = wd_do_cipher_sync(priv->sess, &priv->req);
if (ret)
return 0;
@@ -407,11 +422,39 @@ static void uadk_prov_cipher_ctx_init(struct cipher_priv_ctx *priv)
pthread_mutex_lock(&cipher_mutex);
if (prov.pid != getpid()) {
- ret = wd_cipher_init2(priv->alg_name, 0, 0);
+ struct wd_ctx_nums *ctx_set_num;
+ struct wd_ctx_params cparams = {0};
+
+ /* 0: enc, 1: dec */
+ ctx_set_num = calloc(2, sizeof(*ctx_set_num));
+ if (!ctx_set_num) {
+ fprintf(stderr, "failed to alloc ctx_set_size!\n");
+ return;
+ }
+
+ cparams.op_type_num = 2;
+ cparams.ctx_set_num = ctx_set_num;
+ cparams.bmp = numa_allocate_nodemask();
+ if (!cparams.bmp) {
+ fprintf(stderr, "failed to create nodemask!\n");
+ free(ctx_set_num);
+ return;
+ }
+
+ numa_bitmask_setall(cparams.bmp);
+
+ ctx_set_num[0].sync_ctx_num = 2;
+ ctx_set_num[0].async_ctx_num = 2;
+ ctx_set_num[1].sync_ctx_num = 2;
+ ctx_set_num[1].async_ctx_num = 2;
+
+ ret = wd_cipher_init2_(priv->alg_name, 0, 0, &cparams);
+ numa_free_nodemask(cparams.bmp);
+ free(ctx_set_num);
+
if (unlikely(ret)) {
priv->switch_flag = UADK_DO_SOFT;
pthread_mutex_unlock(&cipher_mutex);
- fprintf(stderr, "uadk failed to init cipher HW!\n");
return;
}
prov.pid = getpid();
@@ -438,52 +481,225 @@ static void uadk_prov_cipher_ctx_init(struct cipher_priv_ctx *priv)
}
}
-static int uadk_prov_do_cipher(struct cipher_priv_ctx *priv, unsigned char *out,
+/*
+ * Fills a single block of buffered data from the input, and returns the amount
+ * of data remaining in the input that is a multiple of the blocksize. The buffer
+ * is only filled if it already has some data in it, isn't full already or we
+ * don't have at least one block in the input.
+ *
+ * buf: a buffer of blocksize bytes
+ * buflen: contains the amount of data already in buf on entry. Updated with the
+ * amount of data in buf at the end. On entry *buflen must always be
+ * less than the blocksize
+ * blocksize: size of a block. Must be greater than 0 and a power of 2
+ * in: pointer to a pointer containing the input data
+ * inlen: amount of input data available
+ *
+ * On return buf is filled with as much data as possible up to a full block,
+ * *buflen is updated containing the amount of data in buf. *in is updated to
+ * the new location where input data should be read from, *inlen is updated with
+ * the remaining amount of data in *in. Returns the largest value <= *inlen
+ * which is a multiple of the blocksize.
+ */
+static size_t ossl_cipher_fillblock(unsigned char *buf, size_t *buflen,
+ size_t blocksize,
+ const unsigned char **in, size_t *inlen)
+{
+ size_t blockmask = ~(blocksize - 1);
+ size_t bufremain = blocksize - *buflen;
+
+ if (*inlen < bufremain)
+ bufremain = *inlen;
+ memcpy(buf + *buflen, *in, bufremain);
+ *in += bufremain;
+ *inlen -= bufremain;
+ *buflen += bufremain;
+
+ return *inlen & blockmask;
+}
+
+/*
+ * Fills the buffer with trailing data from an encryption/decryption that didn't
+ * fit into a full block.
+ */
+int ossl_cipher_trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize,
+ const unsigned char **in, size_t *inlen)
+{
+ if (*inlen == 0)
+ return 1;
+
+ if (*buflen + *inlen > blocksize) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ memcpy(buf + *buflen, *in, *inlen);
+ *buflen += *inlen;
+ *inlen = 0;
+
+ return 1;
+}
+
+/* Pad the final block for encryption */
+static void ossl_cipher_padblock(unsigned char *buf, size_t *buflen, size_t blocksize)
+{
+ size_t i;
+ unsigned char pad = (unsigned char)(blocksize - *buflen);
+
+ for (i = *buflen; i < blocksize; i++)
+ buf[i] = pad;
+}
+
+static int ossl_cipher_unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize)
+{
+ size_t pad, i;
+ size_t len = *buflen;
+
+ if (len != blocksize) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ /*
+ * The following assumes that the ciphertext has been authenticated.
+ * Otherwise it provides a padding oracle.
+ */
+ pad = buf[blocksize - 1];
+ if (pad == 0 || pad > blocksize) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_BAD_DECRYPT);
+ return 0;
+ }
+ for (i = 0; i < pad; i++) {
+ if (buf[--len] != pad) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_BAD_DECRYPT);
+ return 0;
+ }
+ }
+ *buflen = len;
+ return 1;
+}
+
+static int uadk_prov_hw_cipher(struct cipher_priv_ctx *priv, unsigned char *out,
+ size_t *outl, size_t outsize,
const unsigned char *in, size_t inlen)
{
+ size_t blksz = priv->blksize;
struct async_op op;
int ret;
+ if (outsize < blksz) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ priv->switch_flag = UADK_DO_HW;
priv->req.src = (unsigned char *)in;
priv->req.in_bytes = inlen;
priv->req.dst = out;
priv->req.out_buf_bytes = inlen;
uadk_prov_cipher_ctx_init(priv);
- ret = async_setup_async_event_notification(&op);
- if (!ret) {
- fprintf(stderr, "failed to setup async event notification.\n");
- return 0;
- }
- if (op.job == NULL) {
- /* Synchronous, only the synchronous mode supports soft computing */
+ if (inlen <= blksz) {
+ /* small packet directly using sync? */
ret = uadk_do_cipher_sync(priv);
if (!ret)
- goto sync_err;
+ return 0;
} else {
- /*
- * If the length of the input data
- * does not reach to hardware computing threshold,
- * directly switch to soft cipher.
- */
- if (priv->req.in_bytes <= priv->switch_threshold)
- goto sync_err;
-
- ret = uadk_do_cipher_async(priv, &op);
- if (!ret)
- goto out_notify;
+ ret = async_setup_async_event_notification(&op);
+ if (!ret) {
+ fprintf(stderr, "failed to setup async event notification.\n");
+ return 0;
+ }
+
+ if (op.job == NULL) {
+ /* Synchronous, only the synchronous mode supports soft computing */
+ ret = uadk_do_cipher_sync(priv);
+ if (!ret) {
+ async_clear_async_event_notification();
+ return 0;
+ }
+ } else {
+ ret = uadk_do_cipher_async(priv, &op);
+ if (!ret) {
+ async_clear_async_event_notification();
+ return 0;
+ }
+ }
}
- uadk_cipher_update_priv_ctx(priv);
+ uadk_cipher_update_priv_ctx(priv);
return 1;
-sync_err:
- ret = uadk_prov_cipher_soft_work(priv, out, in, inlen);
- if (ret != 1)
+}
+
+static int uadk_prov_do_cipher(struct cipher_priv_ctx *priv, unsigned char *out,
+ size_t *outl, size_t outsize,
+ const unsigned char *in, size_t inlen)
+{
+ size_t blksz = priv->blksize;
+ size_t nextblocks;
+ int outlint = 0;
+ int ret;
+
+ if (priv->switch_flag == UADK_DO_SOFT ||
+ (priv->sw_cipher && priv->switch_flag != UADK_DO_HW &&
+ inlen <= priv->switch_threshold)) {
+ /* have issue if both using hw and soft partly */
+ ret = uadk_prov_cipher_soft_work(priv, out, &outlint, in, inlen);
+ if (ret) {
+ *outl = outlint;
+ return 1;
+ }
+
fprintf(stderr, "do soft ciphers failed.\n");
-out_notify:
- async_clear_async_event_notification();
- return ret;
+ }
+
+ if (priv->bufsz != 0)
+ nextblocks = ossl_cipher_fillblock(priv->buf, &priv->bufsz,
+ blksz, &in, &inlen);
+ else
+ nextblocks = inlen & ~(blksz-1);
+
+ /*
+ * If we're decrypting and we end an update on a block boundary we hold
+ * the last block back in case this is the last update call and the last
+ * block is padded.
+ */
+ if (priv->bufsz == blksz && inlen > 0) {
+ ret = uadk_prov_hw_cipher(priv, out, outl, outsize, priv->buf, blksz);
+ if (ret != 1) {
+ fprintf(stderr, "do hw ciphers failed.\n");
+ return ret;
+ }
+
+ priv->bufsz = 0;
+ outlint = blksz;
+ out += blksz;
+ }
+
+ if (nextblocks == 0)
+ goto out;
+
+ if (!priv->enc && nextblocks == inlen)
+ nextblocks -= blksz;
+
+ ret = uadk_prov_hw_cipher(priv, out, outl, outsize, in, nextblocks);
+ if (ret != 1) {
+ fprintf(stderr, "do hw ciphers failed.\n");
+ return ret;
+ }
+
+ outlint += nextblocks;
+ in += nextblocks;
+ inlen -= nextblocks;
+
+ if (inlen != 0
+ && !ossl_cipher_trailingdata(priv->buf, &priv->bufsz,
+ blksz, &in, &inlen))
+ return 0;
+out:
+ *outl = outlint;
+ return inlen == 0;
}
void uadk_prov_destroy_cipher(void)
@@ -521,19 +737,70 @@ static int uadk_prov_cipher_cipher(void *vctx, unsigned char *out, size_t *outl,
return 0;
}
- ret = uadk_prov_do_cipher(priv, out, in, inl);
+ ret = uadk_prov_do_cipher(priv, out, outl, outsize, in, inl);
if (ret != 1)
return ret;
*outl = inl;
return 1;
-
}
static int uadk_prov_cipher_final(void *vctx, unsigned char *out,
size_t *outl, size_t outsize)
{
- *outl = 0;
+ struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)vctx;
+ size_t blksz = priv->blksize;
+ int sw_final_len = 0;
+ int ret;
+
+ if (priv->switch_flag == UADK_DO_SOFT) {
+ if (!EVP_CipherFinal_ex(priv->sw_ctx, out, &sw_final_len)) {
+ fprintf(stderr, "EVP_CipherFinal_ex sw_ctx failed.\n");
+ return 0;
+ }
+ *outl = sw_final_len;
+ return 1;
+ }
+
+ if (priv->enc) {
+ if (priv->bufsz <= blksz) {
+ ossl_cipher_padblock(priv->buf, &priv->bufsz, blksz);
+ ret = uadk_prov_hw_cipher(priv, out, outl, outsize, priv->buf, blksz);
+ if (ret != 1) {
+ fprintf(stderr, "do hw ciphers failed.\n");
+ return ret;
+ }
+ *outl = blksz;
+ return 1;
+ }
+ *outl = sw_final_len;
+ return 1;
+ }
+
+ /* dec should handle last blk since pad */
+ if (priv->bufsz != blksz) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
+ return 0;
+ }
+
+ ret = uadk_prov_hw_cipher(priv, priv->buf, outl, outsize, priv->buf, blksz);
+ if (ret != 1) {
+ fprintf(stderr, "do hw ciphers failed.\n");
+ return ret;
+ }
+ if (!ossl_cipher_unpadblock(priv->buf, &priv->bufsz, blksz)) {
+ /* ERR_raise already called */
+ return 0;
+ }
+
+ if (outsize < priv->bufsz) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ return 0;
+ }
+ memcpy(out, priv->buf, priv->bufsz);
+ *outl = priv->bufsz;
+ priv->bufsz = 0;
+
return 1;
}
@@ -554,11 +821,10 @@ static int uadk_prov_cipher_update(void *vctx, unsigned char *out,
return 0;
}
- ret = uadk_prov_do_cipher(priv, out, in, inl);
+ ret = uadk_prov_do_cipher(priv, out, outl, outsize, in, inl);
if (ret != 1)
return ret;
- *outl = inl;
return 1;
}
--
2.25.1

694
0037-rsa-bugfix-about-redundant-and-inefficient-operation.patch
View File

@ -1,694 +0,0 @@
From 50692e4bc425c5709a468946cb56ad483be90f7c Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Fri, 18 Mar 2022 23:25:47 +0800
Subject: [PATCH 37/37] rsa: bugfix about redundant and inefficient operations
Includes:
1. Remove redundant judgment conditions.
2. Remove redundant function parameters.
3. Remove the redundant operation in soft RSA keygen method.
4. Use more efficient BN memory allocation method, and add
judgment of the results.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_rsa.c | 331 ++++++++++++++++++++++---------------------------
1 file changed, 148 insertions(+), 183 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 1488b98..821cb78 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -143,7 +143,7 @@ enum {
static int rsa_check_bit_useful(const int bits, int flen)
{
- if (!flen && flen > bits)
+ if (flen > bits)
return SOFT;
if (bits < RSA_MIN_MODULUS_BITS)
@@ -411,8 +411,8 @@ static int get_rsa_prime_param(struct rsa_prime_param *param, BN_CTX *ctx)
return UADK_E_SUCCESS;
end:
- fprintf(stderr, "failed to malloc params\n");
- return UADK_E_FAIL;
+ fprintf(stderr, "failed to allocate rsa prime params\n");
+ return -ENOMEM;
}
static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
@@ -433,13 +433,11 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p,
BN_CTX_start(ctx);
param = OPENSSL_zalloc(sizeof(struct rsa_prime_param));
- if (!param) {
- fprintf(stderr, "failed to malloc rsa prime param\n");
+ if (!param)
goto free_ctx;
- }
ret = get_rsa_prime_param(param, ctx);
- if (!ret)
+ if (ret != UADK_E_SUCCESS)
goto free_param;
/* Divide bits into 'primes' pieces evenly */
@@ -624,9 +622,10 @@ static int rsa_get_sign_res(int padding, BIGNUM *to_bn, const BIGNUM *n,
return UADK_E_SUCCESS;
}
-static int rsa_get_verify_res(int padding, BIGNUM *to_bn, const BIGNUM *n,
- BIGNUM *ret_bn)
+static int rsa_get_verify_res(int padding, const BIGNUM *n, BIGNUM *ret_bn)
{
+ BIGNUM *to_bn = NULL;
+
if ((padding == RSA_X931_PADDING) && ((bn_get_words(ret_bn)[0] & 0xf)
!= 0x0c)) {
if (!BN_sub(to_bn, n, ret_bn))
@@ -840,6 +839,7 @@ static struct uadk_rsa_sess *rsa_new_eng_session(RSA *rsa)
rsa_sess = OPENSSL_malloc(sizeof(struct uadk_rsa_sess));
if (!rsa_sess)
return NULL;
+
memset(rsa_sess, 0, sizeof(struct uadk_rsa_sess));
rsa_sess->alg = rsa;
rsa_sess->is_prikey_ready = UN_SET;
@@ -971,23 +971,44 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
struct rsa_keygen_param_bn *bn_param)
{
struct wd_rsa_kg_out *out = (struct wd_rsa_kg_out *)req->dst;
+ struct wd_dtb wd_d, wd_n, wd_qinv, wd_dq, wd_dp;
+ BIGNUM *dmp1, *dmq1, *iqmp, *n, *d;
unsigned int key_bits, key_size;
- BIGNUM *dmp1 = BN_new();
- BIGNUM *dmq1 = BN_new();
- BIGNUM *iqmp = BN_new();
- BIGNUM *n = BN_new();
- BIGNUM *d = BN_new();
- struct wd_dtb wd_d;
- struct wd_dtb wd_n;
- struct wd_dtb wd_qinv;
- struct wd_dtb wd_dq;
- struct wd_dtb wd_dp;
+ BN_CTX *bn_ctx;
key_bits = wd_rsa_get_key_bits(ctx);
+ if (!key_bits)
+ return UADK_E_FAIL;
+
key_size = key_bits >> BIT_BYTES_SHIFT;
wd_rsa_get_kg_out_params(out, &wd_d, &wd_n);
wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp);
+ bn_ctx = BN_CTX_new();
+ if (!bn_ctx)
+ return UADK_E_FAIL;
+
+ BN_CTX_start(bn_ctx);
+ dmp1 = BN_CTX_get(bn_ctx);
+ if (!dmp1)
+ goto free_bn_ctx;
+
+ dmq1 = BN_CTX_get(bn_ctx);
+ if (!dmq1)
+ goto free_bn_ctx;
+
+ iqmp = BN_CTX_get(bn_ctx);
+ if (!iqmp)
+ goto free_bn_ctx;
+
+ n = BN_CTX_get(bn_ctx);
+ if (!n)
+ goto free_bn_ctx;
+
+ d = BN_CTX_get(bn_ctx);
+ if (!d)
+ goto free_bn_ctx;
+
BN_bin2bn((unsigned char *)wd_d.data, key_size, d);
BN_bin2bn((unsigned char *)wd_n.data, key_size, n);
BN_bin2bn((unsigned char *)wd_qinv.data, wd_qinv.dsize, iqmp);
@@ -997,16 +1018,13 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
if (!(RSA_set0_key(rsa, n, bn_param->e, d) &&
RSA_set0_factors(rsa, bn_param->p, bn_param->q) &&
RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)))
- goto bn_free;
+ goto free_bn_ctx;
return UADK_E_SUCCESS;
-bn_free:
- BN_clear_free(dmp1);
- BN_clear_free(dmq1);
- BN_clear_free(iqmp);
- BN_clear_free(n);
- BN_clear_free(d);
+free_bn_ctx:
+ BN_CTX_end(bn_ctx);
+ BN_CTX_free(bn_ctx);
return UADK_E_FAIL;
}
@@ -1093,20 +1111,11 @@ err:
static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
{
- const RSA_METHOD *default_meth = RSA_PKCS1_OpenSSL();
int ret;
- if (!default_meth) {
- fprintf(stderr, "failed to get soft method.\n");
- return UADK_E_FAIL;
- }
-
UNUSED(cb);
- RSA_set_method(rsa, default_meth);
ret = RSA_generate_key_ex(rsa, bits, e, NULL);
- RSA_set_method(rsa, rsa_hw_meth);
-
return ret;
}
@@ -1131,7 +1140,7 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess,
return UADK_E_FAIL;
wd_rsa_get_crt_prikey_params(key_pair->prikey, NULL, NULL, NULL,
- &keygen_param->wd_q, &keygen_param->wd_p);
+ &keygen_param->wd_q, &keygen_param->wd_p);
if (!keygen_param->wd_q || !keygen_param->wd_p)
return UADK_E_FAIL;
@@ -1170,9 +1179,11 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
struct rsa_keygen_param_bn **keygen_bn_param,
struct rsa_keypair **key_pair)
{
+ BN_CTX *bn_ctx;
+
*keygen_param = OPENSSL_malloc(sizeof(struct rsa_keygen_param));
if (!(*keygen_param))
- return -ENOMEM;
+ goto err;
*keygen_bn_param = (struct rsa_keygen_param_bn *)
OPENSSL_malloc(sizeof(struct rsa_keygen_param_bn));
@@ -1183,16 +1194,35 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
if (!(*key_pair))
goto free_keygen_bn_param;
- (*keygen_bn_param)->e = BN_new();
- (*keygen_bn_param)->p = BN_new();
- (*keygen_bn_param)->q = BN_new();
+ bn_ctx = BN_CTX_new();
+ if (!bn_ctx)
+ goto free_key_pair;
+
+ BN_CTX_start(bn_ctx);
+ (*keygen_bn_param)->e = BN_CTX_get(bn_ctx);
+ if (!(*keygen_bn_param)->e)
+ goto free_bn_ctx;
+
+ (*keygen_bn_param)->p = BN_CTX_get(bn_ctx);
+ if (!(*keygen_bn_param)->p)
+ goto free_bn_ctx;
+
+ (*keygen_bn_param)->q = BN_CTX_get(bn_ctx);
+ if (!(*keygen_bn_param)->q)
+ goto free_bn_ctx;
return UADK_E_SUCCESS;
+free_bn_ctx:
+ BN_CTX_end(bn_ctx);
+ BN_CTX_free(bn_ctx);
+free_key_pair:
+ OPENSSL_free(*key_pair);
free_keygen_bn_param:
OPENSSL_free(*keygen_bn_param);
free_keygen_param:
OPENSSL_free(*keygen_param);
+err:
return -ENOMEM;
}
@@ -1236,81 +1266,56 @@ static void rsa_pkey_param_free(struct rsa_pubkey_param **pub,
}
static int rsa_create_pub_bn_ctx(RSA *rsa, struct rsa_pubkey_param *pub,
- BN_CTX **bn_ctx, unsigned char **from_buf)
+ unsigned char **from_buf, int *num_bytes)
{
- BIGNUM *ret_bn;
- int num_bytes;
-
RSA_get0_key(rsa, &pub->n, &pub->e, NULL);
-
- *bn_ctx = BN_CTX_new();
- if (!(*bn_ctx))
+ if (!(pub->n) || !(pub->e))
return UADK_E_FAIL;
- BN_CTX_start(*bn_ctx);
- ret_bn = BN_CTX_get(*bn_ctx);
- if (!ret_bn)
- goto err;
-
- num_bytes = BN_num_bytes(pub->n);
- if (!num_bytes)
- goto err;
+ *num_bytes = BN_num_bytes(pub->n);
+ if (!(*num_bytes))
+ return UADK_E_FAIL;
- *from_buf = OPENSSL_malloc(num_bytes);
+ *from_buf = OPENSSL_malloc(*num_bytes);
if (!(*from_buf))
- goto err;
+ return -ENOMEM;
return UADK_E_SUCCESS;
-
-err:
- BN_CTX_free(*bn_ctx);
- return UADK_E_FAIL;
}
-static void rsa_free_pub_bn_ctx(BN_CTX **bn_ctx, unsigned char **from_buf)
+static void rsa_free_pub_bn_ctx(unsigned char **from_buf)
{
- BN_CTX_free(*bn_ctx);
-
OPENSSL_free(*from_buf);
}
static int rsa_create_pri_bn_ctx(RSA *rsa, struct rsa_prikey_param *pri,
- BN_CTX **bn_ctx, unsigned char **from_buf)
+ unsigned char **from_buf, int *num_bytes)
{
- BIGNUM *ret_bn;
- int num_bytes;
-
RSA_get0_key(rsa, &pri->n, &pri->e, &pri->d);
- RSA_get0_factors(rsa, &pri->p, &pri->q);
- RSA_get0_crt_params(rsa, &pri->dmp1, &pri->dmq1, &pri->iqmp);
+ if (!(pri->n) || !(pri->e) || !(pri->d))
+ return UADK_E_FAIL;
- *bn_ctx = BN_CTX_new();
- if (!(*bn_ctx))
+ RSA_get0_factors(rsa, &pri->p, &pri->q);
+ if (!(pri->p) || !(pri->q))
return UADK_E_FAIL;
- BN_CTX_start(*bn_ctx);
- ret_bn = BN_CTX_get(*bn_ctx);
- if (!ret_bn)
- goto err;
+ RSA_get0_crt_params(rsa, &pri->dmp1, &pri->dmq1, &pri->iqmp);
+ if (!(pri->dmp1) || !(pri->dmq1) || !(pri->iqmp))
+ return UADK_E_FAIL;
- num_bytes = BN_num_bytes(pri->n);
- if (!num_bytes)
- goto err;
+ *num_bytes = BN_num_bytes(pri->n);
+ if (!(*num_bytes))
+ return UADK_E_FAIL;
- *from_buf = OPENSSL_malloc(num_bytes);
+ *from_buf = OPENSSL_malloc(*num_bytes);
if (!(*from_buf))
- goto err;
+ return -ENOMEM;
return UADK_E_SUCCESS;
-err:
- BN_CTX_free(*bn_ctx);
- return UADK_E_FAIL;
}
-static void rsa_free_pri_bn_ctx(BN_CTX **bn_ctx, unsigned char **from_buf)
+static void rsa_free_pri_bn_ctx(unsigned char **from_buf)
{
- BN_CTX_free(*bn_ctx);
-
OPENSSL_free(*from_buf);
}
@@ -1318,14 +1323,13 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
{
struct rsa_keygen_param *keygen_param = NULL;
struct rsa_keygen_param_bn *bn_param = NULL;
+ struct uadk_rsa_sess *rsa_sess = NULL;
struct rsa_keypair *key_pair = NULL;
- struct uadk_rsa_sess *rsa_sess;
int is_crt = 1;
- int key_size;
int ret;
- key_size = rsa_check_bit_useful(bits, 0);
- if (!key_size || key_size == SOFT)
+ ret = rsa_check_bit_useful(bits, 0);
+ if (!ret || ret == SOFT)
goto exe_soft;
ret = uadk_e_rsa_init();
@@ -1388,14 +1392,11 @@ exe_soft:
static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
+ struct uadk_rsa_sess *rsa_sess = NULL;
struct rsa_pubkey_param *pub = NULL;
- struct uadk_rsa_sess *rsa_sess;
unsigned char *from_buf = NULL;
+ int num_bytes, is_crt, ret;
BIGNUM *ret_bn = NULL;
- BN_CTX *bn_ctx = NULL;
- int num_bytes;
- int is_crt;
- int ret;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret || ret == SOFT)
@@ -1417,18 +1418,12 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
goto free_pkey;
}
- ret = rsa_create_pub_bn_ctx(rsa, pub, &bn_ctx, &from_buf);
- if (!ret) {
+ ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes);
+ if (ret <= 0 || flen > num_bytes) {
ret = UADK_DO_SOFT;
goto free_sess;
}
- num_bytes = BN_num_bytes(pub->n);
- if (flen > num_bytes) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
ret = add_rsa_pubenc_padding(flen, from, from_buf, num_bytes, padding);
if (!ret) {
ret = UADK_DO_SOFT;
@@ -1448,7 +1443,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
}
ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
- rsa_sess->req.dst_bytes, ret_bn);
+ rsa_sess->req.dst_bytes, NULL);
if (!ret_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
@@ -1457,11 +1452,13 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
ret = BN_bn2binpad(ret_bn, to, num_bytes);
if (ret == -1) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
+free_bn:
+ BN_free(ret_bn);
free_buf:
- rsa_free_pub_bn_ctx(&bn_ctx, &from_buf);
+ rsa_free_pub_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
free_pkey:
@@ -1480,11 +1477,8 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
struct rsa_prikey_param *pri = NULL;
unsigned char *from_buf = NULL;
struct uadk_rsa_sess *rsa_sess;
+ int num_bytes, len, ret;
BIGNUM *ret_bn = NULL;
- BN_CTX *bn_ctx = NULL;
- int num_bytes;
- int ret;
- int len;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret || ret == SOFT)
@@ -1506,18 +1500,12 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
goto free_pkey;
}
- ret = rsa_create_pri_bn_ctx(rsa, pri, &bn_ctx, &from_buf);
- if (!ret) {
+ ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes);
+ if (ret <= 0 || flen > num_bytes) {
ret = UADK_DO_SOFT;
goto free_sess;
}
- num_bytes = BN_num_bytes(pri->n);
- if (flen > num_bytes) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
ret = rsa_fill_prikey(rsa, rsa_sess, pri, from_buf, to);
if (!ret) {
ret = UADK_DO_SOFT;
@@ -1533,7 +1521,7 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
}
ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
- rsa_sess->req.dst_bytes, ret_bn);
+ rsa_sess->req.dst_bytes, NULL);
if (!ret_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
@@ -1542,17 +1530,19 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
len = BN_bn2binpad(ret_bn, from_buf, num_bytes);
if (!len) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
ret = check_rsa_pridec_padding(to, num_bytes, from_buf, len, padding);
if (!ret) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
+free_bn:
+ BN_free(ret_bn);
free_buf:
- rsa_free_pri_bn_ctx(&bn_ctx, &from_buf);
+ rsa_free_pri_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
free_pkey:
@@ -1568,14 +1558,13 @@ exe_soft:
static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
+ struct uadk_rsa_sess *rsa_sess = NULL;
struct rsa_prikey_param *pri = NULL;
- struct uadk_rsa_sess *rsa_sess;
unsigned char *from_buf = NULL;
- BIGNUM *to_bn, *ret_bn;
- BN_CTX *bn_ctx = NULL;
+ BIGNUM *ret_bn = NULL;
+ BIGNUM *to_bn = NULL;
BIGNUM *res = NULL;
- int num_bytes;
- int ret;
+ int num_bytes, ret;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret || ret == SOFT)
@@ -1597,36 +1586,18 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
goto free_pkey;
}
- ret = rsa_create_pri_bn_ctx(rsa, pri, &bn_ctx, &from_buf);
- if (!ret) {
+ ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes);
+ if (ret <= 0 || flen > num_bytes) {
ret = UADK_DO_SOFT;
goto free_sess;
}
- to_bn = BN_CTX_get(bn_ctx);
- if (!to_bn) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
- num_bytes = BN_num_bytes(pri->n);
- if (flen > num_bytes) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
ret = add_rsa_prienc_padding(flen, from, from_buf, num_bytes, padding);
if (!ret) {
ret = UADK_DO_SOFT;
goto free_buf;
}
- ret_bn = BN_bin2bn(from_buf, num_bytes, to_bn);
- if (!ret_bn) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
ret = rsa_fill_prikey(rsa, rsa_sess, pri, from_buf, to);
if (!ret) {
ret = UADK_DO_SOFT;
@@ -1639,24 +1610,33 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = NULL;
ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
- rsa_sess->req.dst_bytes, ret_bn);
+ rsa_sess->req.dst_bytes, NULL);
if (!ret_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
+ to_bn = BN_bin2bn(from_buf, num_bytes, NULL);
+ if (!to_bn) {
+ ret = UADK_DO_SOFT;
+ goto free_ret_bn;
+ }
+
ret = rsa_get_sign_res(padding, to_bn, pri->n, ret_bn, &res);
if (!ret) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_to_bn;
}
ret = BN_bn2binpad(res, to, num_bytes);
+free_to_bn:
+ BN_free(to_bn);
+free_ret_bn:
+ BN_free(ret_bn);
free_buf:
- rsa_free_pri_bn_ctx(&bn_ctx, &from_buf);
+ rsa_free_pri_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
free_pkey:
@@ -1672,15 +1652,11 @@ exe_soft:
static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
- struct uadk_rsa_sess *rsa_sess;
+ struct uadk_rsa_sess *rsa_sess = NULL;
+ struct rsa_pubkey_param *pub = NULL;
+ int num_bytes, is_crt, len, ret;
unsigned char *from_buf = NULL;
- struct rsa_pubkey_param *pub;
- BIGNUM *ret_bn, *to_bn;
- BN_CTX *bn_ctx = NULL;
- int num_bytes;
- int is_crt;
- int ret;
- int len;
+ BIGNUM *ret_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa);
if (!ret)
@@ -1704,25 +1680,12 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
goto free_pkey;
}
- ret = rsa_create_pub_bn_ctx(rsa, pub, &bn_ctx, &from_buf);
- if (!ret) {
+ ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes);
+ if (ret <= 0 || flen > num_bytes) {
ret = UADK_DO_SOFT;
goto free_sess;
}
- to_bn = BN_CTX_get(bn_ctx);
- if (!to_bn) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
- num_bytes = BN_num_bytes(pub->n);
- ret_bn = BN_bin2bn(from_buf, num_bytes, to_bn);
- if (!ret_bn) {
- ret = UADK_DO_SOFT;
- goto free_buf;
- }
-
ret = rsa_fill_pubkey(pub, rsa_sess, from_buf, to);
if (!ret) {
ret = UADK_DO_SOFT;
@@ -1736,34 +1699,35 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
goto free_buf;
}
- ret_bn = NULL;
ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
- rsa_sess->req.dst_bytes, ret_bn);
+ rsa_sess->req.dst_bytes, NULL);
if (!ret_bn) {
ret = UADK_DO_SOFT;
goto free_buf;
}
- ret = rsa_get_verify_res(padding, to_bn, pub->n, ret_bn);
+ ret = rsa_get_verify_res(padding, pub->n, ret_bn);
if (!ret) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
len = BN_bn2binpad(ret_bn, from_buf, num_bytes);
if (!len) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
ret = check_rsa_pubdec_padding(to, num_bytes, from_buf, len, padding);
if (!ret) {
ret = UADK_DO_SOFT;
- goto free_buf;
+ goto free_bn;
}
+free_bn:
+ BN_free(ret_bn);
free_buf:
- rsa_free_pub_bn_ctx(&bn_ctx, &from_buf);
+ rsa_free_pub_bn_ctx(&from_buf);
free_sess:
rsa_free_eng_session(rsa_sess);
free_pkey:
@@ -1786,7 +1750,7 @@ static RSA_METHOD *uadk_e_get_rsa_sw_methods(void)
(void)RSA_meth_set_priv_enc(rsa_sw_meth, RSA_meth_get_priv_enc(meth));
(void)RSA_meth_set_pub_dec(rsa_sw_meth, RSA_meth_get_pub_dec(meth));
(void)RSA_meth_set_priv_dec(rsa_sw_meth, RSA_meth_get_priv_dec(meth));
- (void)RSA_meth_set_keygen(rsa_sw_meth, RSA_meth_get_keygen(meth));
+ (void)RSA_meth_set_keygen(rsa_sw_meth, uadk_e_soft_rsa_keygen);
(void)RSA_meth_set_mod_exp(rsa_sw_meth, RSA_meth_get_mod_exp(meth));
(void)RSA_meth_set_bn_mod_exp(rsa_sw_meth,
RSA_meth_get_bn_mod_exp(meth));
@@ -1798,6 +1762,7 @@ static RSA_METHOD *uadk_e_get_rsa_hw_methods(void)
{
if (rsa_hw_meth)
return rsa_hw_meth;
+
rsa_hw_meth = RSA_meth_new("uadk hardware rsa method", 0);
if (!rsa_hw_meth) {
fprintf(stderr, "failed to allocate rsa hardware method\n");
--
2.24.4

189
0037-uadk_prov_cipher-add-stream-mode.patch Normal file
View File

@ -0,0 +1,189 @@
From ee4e7949e3a94fc37d8cf9499991c3159c7cbba7 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Mon, 4 Sep 2023 17:36:08 +0800
Subject: [PATCH 37/48] uadk_prov_cipher: add stream mode
In stream mode, the incoming data can be of any length and may not
be aligned with the specified block size.
The stream mode allows for direct processing of the data without the
need to handle padding or alignment.
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk_prov_cipher.c | 125 ++++++++++++++++++++++++++++++-----------
1 file changed, 93 insertions(+), 32 deletions(-)
diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c
index 87beb76..7a359f6 100644
--- a/src/uadk_prov_cipher.c
+++ b/src/uadk_prov_cipher.c
@@ -745,8 +745,8 @@ static int uadk_prov_cipher_cipher(void *vctx, unsigned char *out, size_t *outl,
return 1;
}
-static int uadk_prov_cipher_final(void *vctx, unsigned char *out,
- size_t *outl, size_t outsize)
+static int uadk_prov_cipher_block_final(void *vctx, unsigned char *out,
+ size_t *outl, size_t outsize)
{
struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)vctx;
size_t blksz = priv->blksize;
@@ -804,9 +804,9 @@ static int uadk_prov_cipher_final(void *vctx, unsigned char *out,
return 1;
}
-static int uadk_prov_cipher_update(void *vctx, unsigned char *out,
- size_t *outl, size_t outsize,
- const unsigned char *in, size_t inl)
+static int uadk_prov_cipher_block_update(void *vctx, unsigned char *out,
+ size_t *outl, size_t outsize,
+ const unsigned char *in, size_t inl)
{
struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)vctx;
int ret;
@@ -828,6 +828,65 @@ static int uadk_prov_cipher_update(void *vctx, unsigned char *out,
return 1;
}
+static int uadk_prov_cipher_stream_update(void *vctx, unsigned char *out,
+ size_t *outl, size_t outsize,
+ const unsigned char *in, size_t inl)
+{
+ struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)vctx;
+ int ret;
+
+ if (inl == 0) {
+ *outl = 0;
+ return 1;
+ }
+
+ if (outsize < inl) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ if (priv->switch_flag == UADK_DO_SOFT ||
+ (priv->sw_cipher && priv->switch_flag != UADK_DO_HW &&
+ inl <= priv->switch_threshold)) {
+ int len = 0;
+
+ /* have isseu if both using hw and soft partly */
+ ret = uadk_prov_cipher_soft_work(priv, out, &len, in, inl);
+ if (ret) {
+ *outl = len;
+ return 1;
+ }
+
+ fprintf(stderr, "do soft ciphers failed.\n");
+ }
+
+ ret = uadk_prov_hw_cipher(priv, out, outl, outsize, in, inl);
+ if (ret != 1)
+ return ret;
+
+ *outl = inl;
+ return 1;
+}
+
+static int uadk_prov_cipher_stream_final(void *vctx, unsigned char *out,
+ size_t *outl, size_t outsize)
+{
+ struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)vctx;
+ int sw_final_len = 0;
+
+ if (priv->switch_flag == UADK_DO_SOFT) {
+ if (!EVP_CipherFinal_ex(priv->sw_ctx, out, &sw_final_len)) {
+ fprintf(stderr, "EVP_CipherFinal_ex sw_ctx failed.\n");
+ return 0;
+ }
+ *outl = sw_final_len;
+ return 1;
+ }
+
+ *outl = 0;
+ return 1;
+}
+
static int uadk_prov_cipher_einit(void *vctx, const unsigned char *key, size_t keylen,
const unsigned char *iv, size_t ivlen,
const OSSL_PARAM params[])
@@ -1020,7 +1079,7 @@ static void uadk_prov_cipher_freectx(void *ctx)
}
#define UADK_CIPHER_DESCR(nm, blk_size, key_len, iv_len, \
- flags, e_nid, algnm, mode) \
+ flags, e_nid, algnm, mode, typ) \
static OSSL_FUNC_cipher_newctx_fn uadk_##nm##_newctx; \
static void *uadk_##nm##_newctx(void *provctx) \
{ \
@@ -1051,8 +1110,10 @@ const OSSL_DISPATCH uadk_##nm##_functions[] = { \
(void (*)(void))uadk_prov_cipher_einit }, \
{ OSSL_FUNC_CIPHER_DECRYPT_INIT, \
(void (*)(void))uadk_prov_cipher_dinit }, \
- { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))uadk_prov_cipher_update }, \
- { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))uadk_prov_cipher_final }, \
+ { OSSL_FUNC_CIPHER_UPDATE, \
+ (void (*)(void))uadk_prov_cipher_##typ##_update }, \
+ { OSSL_FUNC_CIPHER_FINAL, \
+ (void (*)(void))uadk_prov_cipher_##typ##_final }, \
{ OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))uadk_prov_cipher_cipher }, \
{ OSSL_FUNC_CIPHER_GET_PARAMS, \
(void (*)(void))uadk_##nm##_get_params }, \
@@ -1069,29 +1130,29 @@ const OSSL_DISPATCH uadk_##nm##_functions[] = { \
{ 0, NULL } \
}
-UADK_CIPHER_DESCR(aes_128_cbc, 16, 16, 16, 0, NID_aes_128_cbc, cbc(aes), EVP_CIPH_CBC_MODE);
-UADK_CIPHER_DESCR(aes_192_cbc, 16, 24, 16, 0, NID_aes_192_cbc, cbc(aes), EVP_CIPH_CBC_MODE);
-UADK_CIPHER_DESCR(aes_256_cbc, 16, 32, 16, 0, NID_aes_256_cbc, cbc(aes), EVP_CIPH_CBC_MODE);
-UADK_CIPHER_DESCR(aes_128_ecb, 16, 16, 0, 0, NID_aes_128_ecb, ecb(aes), EVP_CIPH_ECB_MODE);
-UADK_CIPHER_DESCR(aes_192_ecb, 16, 24, 0, 0, NID_aes_192_ecb, ecb(aes), EVP_CIPH_ECB_MODE);
-UADK_CIPHER_DESCR(aes_256_ecb, 16, 32, 0, 0, NID_aes_256_ecb, ecb(aes), EVP_CIPH_ECB_MODE);
-UADK_CIPHER_DESCR(aes_128_xts, 1, 32, 16, 0, NID_aes_128_xts, xts(aes), EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV);
-UADK_CIPHER_DESCR(aes_256_xts, 1, 64, 16, 0, NID_aes_256_xts, xts(aes), EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV);
-UADK_CIPHER_DESCR(sm4_cbc, 16, 16, 16, 0, NID_sm4_cbc, cbc(sm4), EVP_CIPH_CBC_MODE);
-UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 0, 0, NID_sm4_ecb, ecb(sm4), EVP_CIPH_ECB_MODE);
-UADK_CIPHER_DESCR(des_ede3_cbc, 8, 24, 8, 0, NID_des_ede3_cbc, cbc(des), EVP_CIPH_CBC_MODE);
-UADK_CIPHER_DESCR(des_ede3_ecb, 8, 24, 0, 0, NID_des_ede3_ecb, ecb(des), EVP_CIPH_ECB_MODE);
+UADK_CIPHER_DESCR(aes_128_cbc, 16, 16, 16, 0, NID_aes_128_cbc, cbc(aes), EVP_CIPH_CBC_MODE, block);
+UADK_CIPHER_DESCR(aes_192_cbc, 16, 24, 16, 0, NID_aes_192_cbc, cbc(aes), EVP_CIPH_CBC_MODE, block);
+UADK_CIPHER_DESCR(aes_256_cbc, 16, 32, 16, 0, NID_aes_256_cbc, cbc(aes), EVP_CIPH_CBC_MODE, block);
+UADK_CIPHER_DESCR(aes_128_ecb, 16, 16, 0, 0, NID_aes_128_ecb, ecb(aes), EVP_CIPH_ECB_MODE, block);
+UADK_CIPHER_DESCR(aes_192_ecb, 16, 24, 0, 0, NID_aes_192_ecb, ecb(aes), EVP_CIPH_ECB_MODE, block);
+UADK_CIPHER_DESCR(aes_256_ecb, 16, 32, 0, 0, NID_aes_256_ecb, ecb(aes), EVP_CIPH_ECB_MODE, block);
+UADK_CIPHER_DESCR(aes_128_xts, 1, 32, 16, PROV_CIPHER_FLAG_CUSTOM_IV, NID_aes_128_xts, xts(aes), EVP_CIPH_XTS_MODE, stream);
+UADK_CIPHER_DESCR(aes_256_xts, 1, 64, 16, PROV_CIPHER_FLAG_CUSTOM_IV, NID_aes_256_xts, xts(aes), EVP_CIPH_XTS_MODE, stream);
+UADK_CIPHER_DESCR(sm4_cbc, 16, 16, 16, 0, NID_sm4_cbc, cbc(sm4), EVP_CIPH_CBC_MODE, block);
+UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 0, 0, NID_sm4_ecb, ecb(sm4), EVP_CIPH_ECB_MODE, block);
+UADK_CIPHER_DESCR(des_ede3_cbc, 8, 24, 8, 0, NID_des_ede3_cbc, cbc(des), EVP_CIPH_CBC_MODE, block);
+UADK_CIPHER_DESCR(des_ede3_ecb, 8, 24, 0, 0, NID_des_ede3_ecb, ecb(des), EVP_CIPH_ECB_MODE, block);
/* v3 */
-UADK_CIPHER_DESCR(aes_128_ctr, 1, 16, 16, 0, NID_aes_128_ctr, ctr(aes), EVP_CIPH_CTR_MODE);
-UADK_CIPHER_DESCR(aes_192_ctr, 1, 24, 16, 0, NID_aes_192_ctr, ctr(aes), EVP_CIPH_CTR_MODE);
-UADK_CIPHER_DESCR(aes_256_ctr, 1, 32, 16, 0, NID_aes_256_ctr, ctr(aes), EVP_CIPH_CTR_MODE);
-UADK_CIPHER_DESCR(aes_128_ofb128, 1, 16, 16, 0, NID_aes_128_ofb128, ofb(aes), EVP_CIPH_OFB_MODE);
-UADK_CIPHER_DESCR(aes_192_ofb128, 1, 24, 16, 0, NID_aes_192_ofb128, ofb(aes), EVP_CIPH_OFB_MODE);
-UADK_CIPHER_DESCR(aes_256_ofb128, 1, 32, 16, 0, NID_aes_256_ofb128, ofb(aes), EVP_CIPH_OFB_MODE);
-UADK_CIPHER_DESCR(aes_128_cfb128, 1, 16, 16, 0, NID_aes_128_cfb128, cfb(aes), EVP_CIPH_CFB_MODE);
-UADK_CIPHER_DESCR(aes_192_cfb128, 1, 24, 16, 0, NID_aes_192_cfb128, cfb(aes), EVP_CIPH_CFB_MODE);
-UADK_CIPHER_DESCR(aes_256_cfb128, 1, 32, 16, 0, NID_aes_256_cfb128, cfb(aes), EVP_CIPH_CFB_MODE);
-UADK_CIPHER_DESCR(sm4_ofb128, 1, 16, 16, 0, NID_sm4_ofb128, ofb(sm4), EVP_CIPH_OFB_MODE);
-UADK_CIPHER_DESCR(sm4_cfb128, 1, 16, 16, 0, NID_sm4_cfb128, cfb(sm4), EVP_CIPH_CFB_MODE);
-UADK_CIPHER_DESCR(sm4_ctr, 1, 16, 16, 0, NID_sm4_ctr, ctr(sm4), EVP_CIPH_CTR_MODE);
+UADK_CIPHER_DESCR(aes_128_ctr, 1, 16, 16, 0, NID_aes_128_ctr, ctr(aes), EVP_CIPH_CTR_MODE, stream);
+UADK_CIPHER_DESCR(aes_192_ctr, 1, 24, 16, 0, NID_aes_192_ctr, ctr(aes), EVP_CIPH_CTR_MODE, stream);
+UADK_CIPHER_DESCR(aes_256_ctr, 1, 32, 16, 0, NID_aes_256_ctr, ctr(aes), EVP_CIPH_CTR_MODE, stream);
+UADK_CIPHER_DESCR(aes_128_ofb128, 1, 16, 16, 0, NID_aes_128_ofb128, ofb(aes), EVP_CIPH_OFB_MODE, stream);
+UADK_CIPHER_DESCR(aes_192_ofb128, 1, 24, 16, 0, NID_aes_192_ofb128, ofb(aes), EVP_CIPH_OFB_MODE, stream);
+UADK_CIPHER_DESCR(aes_256_ofb128, 1, 32, 16, 0, NID_aes_256_ofb128, ofb(aes), EVP_CIPH_OFB_MODE, stream);
+UADK_CIPHER_DESCR(aes_128_cfb128, 1, 16, 16, 0, NID_aes_128_cfb128, cfb(aes), EVP_CIPH_CFB_MODE, stream);
+UADK_CIPHER_DESCR(aes_192_cfb128, 1, 24, 16, 0, NID_aes_192_cfb128, cfb(aes), EVP_CIPH_CFB_MODE, stream);
+UADK_CIPHER_DESCR(aes_256_cfb128, 1, 32, 16, 0, NID_aes_256_cfb128, cfb(aes), EVP_CIPH_CFB_MODE, stream);
+UADK_CIPHER_DESCR(sm4_ofb128, 1, 16, 16, 0, NID_sm4_ofb128, ofb(sm4), EVP_CIPH_OFB_MODE, stream);
+UADK_CIPHER_DESCR(sm4_cfb128, 1, 16, 16, 0, NID_sm4_cfb128, cfb(sm4), EVP_CIPH_CFB_MODE, stream);
+UADK_CIPHER_DESCR(sm4_ctr, 1, 16, 16, 0, NID_sm4_ctr, ctr(sm4), EVP_CIPH_CTR_MODE, stream);
--
2.25.1

177
0038-uadk-engine-change-Copyright-to-2022.patch
View File

@ -1,177 +0,0 @@
From 1b8b65e31da0c6347575d0d201c8417241e81453 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Mon, 28 Mar 2022 02:31:53 +0000
Subject: [PATCH 38/57] uadk-engine: change Copyright to 2022
Change Copyright to 2022
Add Linaro Copyright as well
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/e_uadk.c | 3 ++-
src/uadk.h | 3 ++-
src/uadk_async.c | 3 ++-
src/uadk_async.h | 3 ++-
src/uadk_cipher.c | 3 ++-
src/uadk_dh.c | 2 +-
src/uadk_digest.c | 3 ++-
src/uadk_ec.c | 2 +-
src/uadk_ecx.c | 2 +-
src/uadk_pkey.c | 2 +-
src/uadk_pkey.h | 2 +-
src/uadk_rsa.c | 2 +-
src/uadk_sm2.c | 2 +-
13 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 79ecef8..4288569 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk.h b/src/uadk.h
index 384e035..ef09274 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_async.c b/src/uadk_async.c
index c98153b..11d624c 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_async.h b/src/uadk_async.h
index 9836dbb..d2a7e16 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 5ebad64..91895cc 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 40fb583..3882306 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 355917d..ecc0ce6 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -1,5 +1,6 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Linaro ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index db69871..e219bdf 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 67f9350..5d0ff76 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index f27e2f5..d4ec30e 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h
index dfe6fbe..b30c2de 100644
--- a/src/uadk_pkey.h
+++ b/src/uadk_pkey.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 821cb78..a80d203 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 8c75611..a478a94 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
--
2.27.0

44
0038-uadk_prov_cipher-xts-mode-does-not-use-default-provi.patch Normal file
View File

@ -0,0 +1,44 @@
From 2036c60489df2d6b8c6ee4925f9c9826d44de69a Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Thu, 7 Sep 2023 17:19:27 +0800
Subject: [PATCH 38/48] uadk_prov_cipher: xts mode does not use default
provider
Now uadk_provider chooses the default provider for small packets,
when inlen < threshold (192), but xts mode fails in speed test.
Temporarily solving the problem by disabling default for xfs mode.
Fail: openssl speed -provider uadk_provider -evp aes-128-xts -bytes 16
Success: openssl speed -provider default -evp aes-128-xts -bytes 16
The speed will call EVP_CipherInit_ex2 twice, without iv the second
time, and EVP_CIPHER_CTX_reset clears iv_set = 0 causing error. The default
provider does not call EVP_CIPHER_CTX_reset, so iv_set = 1 without problem.
A bit tricky, simply not using the default pvovider for xts mode.
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk_prov_cipher.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c
index 7a359f6..64058ee 100644
--- a/src/uadk_prov_cipher.c
+++ b/src/uadk_prov_cipher.c
@@ -143,12 +143,6 @@ static int uadk_fetch_sw_cipher(struct cipher_priv_ctx *priv)
case NID_aes_256_ecb:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-256-ECB", "provider=default");
break;
- case NID_aes_128_xts:
- priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-128-XTS", "provider=default");
- break;
- case NID_aes_256_xts:
- priv->sw_cipher = EVP_CIPHER_fetch(NULL, "AES-256-XTS", "provider=default");
- break;
case NID_sm4_cbc:
priv->sw_cipher = EVP_CIPHER_fetch(NULL, "SM4-CBC", "provider=default");
break;
--
2.25.1

197
0039-README-move-test-script-to-sanity_test.sh.patch
View File

@ -1,197 +0,0 @@
From 5dab65ce804d8e7995cef2eecfb375270d55f2ed Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Wed, 30 Mar 2022 07:34:43 +0000
Subject: [PATCH 39/57] README: move test script to sanity_test.sh
Move test script from README to sanity_test.sh
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
README | 103 +-------------------------------------------
test/sanity_test.sh | 39 ++++++++++++++++-
2 files changed, 39 insertions(+), 103 deletions(-)
diff --git a/README b/README
index 562a859..ed49128 100644
--- a/README
+++ b/README
@@ -63,108 +63,7 @@ Build & Install OpenSSL UADK Engine
Testing
-------
```
- sudo test/sanity_test.sh
-```
-1. Cipher
-```
-openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p
-openssl speed -engine uadk_engine -async_jobs 1 -evp aes-128-cbc
-openssl speed -engine uadk_engine -async_jobs 1 -evp sm4-cbc
-openssl speed -engine uadk_engine -async_jobs 1 -evp des-ede3-cbc
-```
-2. RSA
-```
-openssl genrsa -out prikey.pem -engine uadk_engine 2048
-openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk_engine
-openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk_engine
-openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk_engine
-openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk_engine
-openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk_engine
-openssl speed -elapsed -engine uadk_engine rsa2048
-openssl speed -elapsed -engine uadk_engine -async_jobs 10 rsa2048
-```
-3. SM3
-```
-openssl sm3 -engine uadk_engine data
-```
-4. MD5
-```
-openssl speed -engine uadk_engine -async_jobs 1 -evp md5
-```
-5. SHA
-```
-openssl sha1 -engine uadk_engine data
-openssl sha256 -engine uadk_engine data
-openssl sha512 -engine uadk_engine data
-```
-6. DH
-
-[step 1] Generate global public parameters, and save them in the file
-dhparam.pem:
-```
-openssl dhparam -out dhparam.pem 2048
-```
-[step 2] Generate own private key:
-```
-openssl genpkey -paramfile dhparam.pem -out privatekey1.pem
-openssl genpkey -paramfile dhparam.pem -out privatekey2.pem
-```
-[step 3] Generate public key:
-```
-openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine uadk
-openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine uadk
-```
-[step 4] After exchanging public key, each user can derive the shared secret:
-```
-openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out
-secret1.bin -engine uadk_engine
-openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out
-secret2.bin -engine uadk_engine
-```
-[step 5] Check secret1.bin and secret2.bin:
-```
-cmp secret1.bin secret2.bin
-xxd secret1.bin
-xxd secret2.bin
-```
-secret1.bin and secret2.bin should be the same.
-
-7. SM2
-```
-openssl speed -elapsed -engine uadk_engine sm2
-openssl speed -elapsed -engine uadk_engine -async_jobs 1 sm2
-openssl ecparam -genkey -name SM2 -out SM2PrivateKey.pem
-openssl ec -in SM2PrivateKey.pem -pubout -out SM2PublicKey.pem
-```
-8. ECDSA
-```
-openssl speed -elapsed -engine uadk_engine ecdsap256
-openssl speed -elapsed -engine uadk_engine -async_jobs 1 ecdsap256
+ ./test/sanity_test.sh
```
Environment variable of uadk engine
diff --git a/test/sanity_test.sh b/test/sanity_test.sh
index 4273310..2c0c504 100755
--- a/test/sanity_test.sh
+++ b/test/sanity_test.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-chmod 666 /dev/hisi_*
+sudo chmod 666 /dev/hisi_*
if [ ! -n "$1" ]; then
engine_id=uadk_engine
@@ -24,6 +24,12 @@ if [[ $algs =~ "SM3" ]]; then
openssl speed -engine $engine_id -async_jobs 1 -evp sm3
fi
+if [[ $algs =~ "SM2" ]]; then
+ echo "testing SM2"
+ openssl speed -engine $engine_id -evp sm2
+ openssl speed -engine $engine_id -async_jobs 1 -evp sm2
+fi
+
if [[ $algs =~ "SHA" ]]; then
echo "testing SHA"
openssl speed -engine $engine_id -evp sha1
@@ -58,6 +64,12 @@ if [[ $algs =~ "AES" ]]; then
openssl speed -engine $engine_id -async_jobs 1 -evp aes-128-xts
openssl speed -engine $engine_id -evp aes-256-xts
openssl speed -engine $engine_id -async_jobs 1 -evp aes-256-xts
+ openssl speed -engine $engine_id -evp aes-128-ctr
+ openssl speed -engine $engine_id -async_jobs 1 -evp aes-128-ctr
+ openssl speed -engine $engine_id -evp aes-192-ctr
+ openssl speed -engine $engine_id -async_jobs 1 -evp aes-192-ctr
+ openssl speed -engine $engine_id -evp aes-256-ctr
+ openssl speed -engine $engine_id -async_jobs 1 -evp aes-256-ctr
fi
if [[ $algs =~ "SM4-CBC" ]]; then
@@ -134,3 +146,28 @@ if [[ $algs =~ "id-ecPublicKey" ]]; then
openssl speed -elapsed -engine $engine_id ecdhbrp384r1
openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhbrp384r1
fi
+
+#DH
+if [[ $algs =~ "DH" ]]; then
+ echo "testing DH"
+ #1. Generate global public parameters, and save them in the file dhparam.pem:
+ openssl dhparam -out dhparam.pem 2048
+
+ #2. Generate own private key:
+ openssl genpkey -paramfile dhparam.pem -out privatekey1.pem
+ openssl genpkey -paramfile dhparam.pem -out privatekey2.pem
+
+ #3. Generate public key:
+ openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine $engine_id
+ openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine $engine_id
+
+ #4. After exchanging public key, each user can derive the shared secret:
+ openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out secret1.bin -engine $engine_id
+ openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out secret2.bin -engine $engine_id
+
+ #5. Check secret1.bin and secret2.bin:
+ cmp secret1.bin secret2.bin
+ xxd secret1.bin
+ xxd secret2.bin
+ #secret1.bin and secret2.bin should be same.
+fi
--
2.27.0

129
0039-uadk_prov_cipher-handle-no-padding-case.patch Normal file
View File

@ -0,0 +1,129 @@
From 351967a019a91d53916cacb84b2cf4fd2a70443d Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Fri, 8 Sep 2023 20:42:40 +0800
Subject: [PATCH 39/48] uadk_prov_cipher: handle no padding case
The padding can be disabled via set_ctx_params
Add handling of no padding case
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk_prov_cipher.c | 45 +++++++++++++++++++++++++++++++-----------
1 file changed, 34 insertions(+), 11 deletions(-)
diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c
index 64058ee..5f9ed45 100644
--- a/src/uadk_prov_cipher.c
+++ b/src/uadk_prov_cipher.c
@@ -78,6 +78,7 @@ struct cipher_priv_ctx {
/* Crypto small packet offload threshold */
size_t switch_threshold;
unsigned int enc : 1;
+ unsigned int pad : 1; /* Whether padding should be used or not */
size_t blksize;
size_t keylen;
size_t ivlen;
@@ -659,7 +660,7 @@ static int uadk_prov_do_cipher(struct cipher_priv_ctx *priv, unsigned char *out,
* the last block back in case this is the last update call and the last
* block is padded.
*/
- if (priv->bufsz == blksz && inlen > 0) {
+ if (priv->bufsz == blksz && (priv->enc || inlen > 0 || !priv->pad)) {
ret = uadk_prov_hw_cipher(priv, out, outl, outsize, priv->buf, blksz);
if (ret != 1) {
fprintf(stderr, "do hw ciphers failed.\n");
@@ -674,7 +675,7 @@ static int uadk_prov_do_cipher(struct cipher_priv_ctx *priv, unsigned char *out,
if (nextblocks == 0)
goto out;
- if (!priv->enc && nextblocks == inlen)
+ if (!priv->enc && priv->pad && nextblocks == inlen)
nextblocks -= blksz;
ret = uadk_prov_hw_cipher(priv, out, outl, outsize, in, nextblocks);
@@ -757,22 +758,36 @@ static int uadk_prov_cipher_block_final(void *vctx, unsigned char *out,
}
if (priv->enc) {
- if (priv->bufsz <= blksz) {
+ if (priv->pad) {
ossl_cipher_padblock(priv->buf, &priv->bufsz, blksz);
- ret = uadk_prov_hw_cipher(priv, out, outl, outsize, priv->buf, blksz);
- if (ret != 1) {
- fprintf(stderr, "do hw ciphers failed.\n");
- return ret;
- }
- *outl = blksz;
+ } else if (priv->bufsz == 0) {
+ *outl = 0;
return 1;
+ } else if (priv->bufsz != blksz) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
+ return 0;
}
- *outl = sw_final_len;
+
+ if (outsize < blksz) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ ret = uadk_prov_hw_cipher(priv, out, outl, outsize, priv->buf, blksz);
+ if (ret != 1) {
+ fprintf(stderr, "do hw ciphers failed.\n");
+ return ret;
+ }
+ *outl = blksz;
return 1;
}
/* dec should handle last blk since pad */
if (priv->bufsz != blksz) {
+ if (priv->bufsz == 0 && !priv->pad) {
+ *outl = 0;
+ return 1;
+ }
ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
return 0;
}
@@ -782,7 +797,8 @@ static int uadk_prov_cipher_block_final(void *vctx, unsigned char *out,
fprintf(stderr, "do hw ciphers failed.\n");
return ret;
}
- if (!ossl_cipher_unpadblock(priv->buf, &priv->bufsz, blksz)) {
+
+ if (priv->pad && !ossl_cipher_unpadblock(priv->buf, &priv->bufsz, blksz)) {
/* ERR_raise already called */
return 0;
}
@@ -791,6 +807,7 @@ static int uadk_prov_cipher_block_final(void *vctx, unsigned char *out,
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}
+
memcpy(out, priv->buf, priv->bufsz);
*outl = priv->bufsz;
priv->bufsz = 0;
@@ -943,6 +960,7 @@ static int uadk_prov_cipher_set_ctx_params(void *vctx, const OSSL_PARAM params[]
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
return 0;
}
+ priv->pad = pad ? 1 : 0;
EVP_CIPHER_CTX_set_padding(priv->sw_ctx, pad);
}
@@ -978,6 +996,11 @@ static int uadk_prov_cipher_get_ctx_params(void *vctx, OSSL_PARAM params[])
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
+ if (p != NULL && !OSSL_PARAM_set_uint(p, priv->pad)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
if (p != NULL && !OSSL_PARAM_set_octet_string(p, priv->iv, priv->ivlen)
&& !OSSL_PARAM_set_octet_ptr(p, &priv->iv, priv->ivlen)) {
--
2.25.1

63
0040-sanity_test.sh-change-provider-name-to-its-full-path.patch Normal file
View File

@ -0,0 +1,63 @@
From 651c2a2b95252c89833bb57e959ad2f24fbcfbe7 Mon Sep 17 00:00:00 2001
From: Guodong Xu <guodong.xu@linaro.org>
Date: Sun, 3 Sep 2023 06:45:03 +0800
Subject: [PATCH 40/48] sanity_test.sh: change provider name to its full
pathname
By using the full pathname, avoid the configuration
burden. Test script can always run against the expected (just-built)
udak_provider.so
Signed-off-by: Guodong Xu <guodong.xu@linaro.org>
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
test/sanity_test.sh | 17 +++++------------
1 file changed, 5 insertions(+), 12 deletions(-)
diff --git a/test/sanity_test.sh b/test/sanity_test.sh
index 0fe4472..10aa149 100755
--- a/test/sanity_test.sh
+++ b/test/sanity_test.sh
@@ -1,7 +1,9 @@
#!/bin/bash
+set -x
sudo chmod 666 /dev/hisi_*
+TEST_SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
version=$(openssl version)
echo $version
@@ -12,13 +14,9 @@ echo "OpenSSL major version is "$major_version
# Check if the major version is equal to or greater than 3
if ((major_version >= 3)); then
- if [ ! -n "$1" ]; then
- engine_id=uadk_provider
- else
- engine_id=$1
- fi
+ engine_id="$TEST_SCRIPT_DIR/../src/.libs/uadk_provider.so"
digest_algs=$(openssl list -provider $engine_id -digest-algorithms)
- cipher_algs=$(openssl list -provider $engine_id -digest-algorithms)
+ cipher_algs=$(openssl list -provider $engine_id -cipher-algorithms)
fi
if [[ $digest_algs =~ "uadk_provider" ]]; then
@@ -71,12 +69,7 @@ fi
if [[ $version =~ "1.1.1" ]]; then
echo "openssl 1.1.1"
- if [ ! -n "$1" ]; then
- engine_id=uadk_engine
- else
- engine_id=$1
- fi
-
+ engine_id="$TEST_SCRIPT_DIR/../src/.libs/uadk_engine.so"
algs=$(openssl engine -c $engine_id)
echo $algs
fi
--
2.25.1

38
0040-uadk_engine-fix-string-compare-mode.patch
View File

@ -1,38 +0,0 @@
From 4763c7f374d4ba29a070b06147e2d47504902cf3 Mon Sep 17 00:00:00 2001
From: JunchongPan <panjunchong@hisilicon.com>
Date: Sat, 2 Apr 2022 09:47:08 +0800
Subject: [PATCH 40/57] uadk_engine:fix string compare mode
String compare now use '==' while compare point and string,
changed to strcmp
Signed-off-by: JunchongPan <panjunchong@hisilicon.com>
---
src/e_uadk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 4288569..58a10de 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -116,7 +116,7 @@ int uadk_e_is_env_enabled(const char *alg_name)
int i = 0;
while (i < len) {
- if (uadk_env_enabled[i].alg_name == alg_name)
+ if (strcmp(uadk_env_enabled[i].alg_name, alg_name))
return uadk_env_enabled[i].env_enabled;
i++;
}
@@ -130,7 +130,7 @@ static void uadk_e_set_env_enabled(const char *alg_name, __u8 value)
int i = 0;
while (i < len) {
- if (uadk_env_enabled[i].alg_name == alg_name) {
+ if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) {
uadk_env_enabled[i].env_enabled = value;
return;
}
--
2.27.0

32
0041-cipher-optimize-the-process-of-ctx-initialization.patch
View File

@ -1,32 +0,0 @@
From 17bfd66f31e712ffd9364bfb43c9899e10e84a7d Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Sat, 2 Apr 2022 11:19:16 +0800
Subject: [PATCH 41/57] cipher: optimize the process of ctx initialization
Optimize the process of ctx initialization as switching to soft work.
If the ctx resources of a thread are insufficient at the beginning, the
thread can't apply for resources again. Therefore, an flag checking is
required.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 91895cc..8a2c39d 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -851,6 +851,9 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx);
priv->req.iv = priv->iv;
+ if (priv->switch_flag == UADK_DO_SOFT)
+ return;
+
ret = uadk_e_init_cipher();
if (unlikely(!ret)) {
priv->switch_flag = UADK_DO_SOFT;
--
2.27.0

110
0041-sanity_test-remove-default-provider.patch Normal file
View File

@ -0,0 +1,110 @@
From f1e1fdba87a02d56911b40076e1d0bbb9416a2a8 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Wed, 13 Sep 2023 11:11:27 +0800
Subject: [PATCH 41/48] sanity_test: remove default provider
Remove the default provider, which is not required now
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
test/sanity_test.sh | 80 ++++++++++++++++++++++-----------------------
1 file changed, 40 insertions(+), 40 deletions(-)
diff --git a/test/sanity_test.sh b/test/sanity_test.sh
index 10aa149..1e9983b 100755
--- a/test/sanity_test.sh
+++ b/test/sanity_test.sh
@@ -21,50 +21,50 @@ fi
if [[ $digest_algs =~ "uadk_provider" ]]; then
echo "uadk_provider testing digest"
- openssl speed -provider $engine_id -provider default -evp md5
- openssl speed -provider $engine_id -provider default -evp sm3
- openssl speed -provider $engine_id -provider default -evp sha1
- openssl speed -provider $engine_id -provider default -evp sha2-224
- openssl speed -provider $engine_id -provider default -evp sha2-256
- openssl speed -provider $engine_id -provider default -evp sha2-384
- openssl speed -provider $engine_id -provider default -evp sha2-512
-
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp md5
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sm3
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha1
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-224
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-256
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-384
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-512
+ openssl speed -provider $engine_id -evp md5
+ openssl speed -provider $engine_id -evp sm3
+ openssl speed -provider $engine_id -evp sha1
+ openssl speed -provider $engine_id -evp sha2-224
+ openssl speed -provider $engine_id -evp sha2-256
+ openssl speed -provider $engine_id -evp sha2-384
+ openssl speed -provider $engine_id -evp sha2-512
+
+ openssl speed -provider $engine_id -async_jobs 1 -evp md5
+ openssl speed -provider $engine_id -async_jobs 1 -evp sm3
+ openssl speed -provider $engine_id -async_jobs 1 -evp sha1
+ openssl speed -provider $engine_id -async_jobs 1 -evp sha2-224
+ openssl speed -provider $engine_id -async_jobs 1 -evp sha2-256
+ openssl speed -provider $engine_id -async_jobs 1 -evp sha2-384
+ openssl speed -provider $engine_id -async_jobs 1 -evp sha2-512
fi
if [[ $cipher_algs =~ "uadk_provider" ]]; then
echo "uadk_provider testing cipher"
- openssl speed -provider $engine_id -provider default -evp aes-128-cbc
- openssl speed -provider $engine_id -provider default -evp aes-192-cbc
- openssl speed -provider $engine_id -provider default -evp aes-256-cbc
- openssl speed -provider $engine_id -provider default -evp aes-128-ecb
- openssl speed -provider $engine_id -provider default -evp aes-192-ecb
- openssl speed -provider $engine_id -provider default -evp aes-256-ecb
- openssl speed -provider $engine_id -provider default -evp aes-128-xts
- openssl speed -provider $engine_id -provider default -evp aes-256-xts
- openssl speed -provider $engine_id -provider default -evp sm4-cbc
- openssl speed -provider $engine_id -provider default -evp sm4-ecb
- openssl speed -provider $engine_id -provider default -evp des-ede3-cbc
- openssl speed -provider $engine_id -provider default -evp des-ede3-ecb
-
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp aes-128-cbc
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp aes-192-cbc
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp aes-256-cbc
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp aes-128-ecb
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp aes-192-ecb
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp aes-256-ecb
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp aes-128-xts
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp aes-256-xts
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sm4-cbc
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sm4-ecb
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp des-ede3-cbc
- openssl speed -provider $engine_id -provider default -async_jobs 1 -evp des-ede3-ecb
+ openssl speed -provider $engine_id -evp aes-128-cbc
+ openssl speed -provider $engine_id -evp aes-192-cbc
+ openssl speed -provider $engine_id -evp aes-256-cbc
+ openssl speed -provider $engine_id -evp aes-128-ecb
+ openssl speed -provider $engine_id -evp aes-192-ecb
+ openssl speed -provider $engine_id -evp aes-256-ecb
+ openssl speed -provider $engine_id -evp aes-128-xts
+ openssl speed -provider $engine_id -evp aes-256-xts
+ openssl speed -provider $engine_id -evp sm4-cbc
+ openssl speed -provider $engine_id -evp sm4-ecb
+ openssl speed -provider $engine_id -evp des-ede3-cbc
+ openssl speed -provider $engine_id -evp des-ede3-ecb
+
+ openssl speed -provider $engine_id -async_jobs 1 -evp aes-128-cbc
+ openssl speed -provider $engine_id -async_jobs 1 -evp aes-192-cbc
+ openssl speed -provider $engine_id -async_jobs 1 -evp aes-256-cbc
+ openssl speed -provider $engine_id -async_jobs 1 -evp aes-128-ecb
+ openssl speed -provider $engine_id -async_jobs 1 -evp aes-192-ecb
+ openssl speed -provider $engine_id -async_jobs 1 -evp aes-256-ecb
+ openssl speed -provider $engine_id -async_jobs 1 -evp aes-128-xts
+ openssl speed -provider $engine_id -async_jobs 1 -evp aes-256-xts
+ openssl speed -provider $engine_id -async_jobs 1 -evp sm4-cbc
+ openssl speed -provider $engine_id -async_jobs 1 -evp sm4-ecb
+ openssl speed -provider $engine_id -async_jobs 1 -evp des-ede3-cbc
+ openssl speed -provider $engine_id -async_jobs 1 -evp des-ede3-ecb
fi
if [[ $version =~ "1.1.1" ]]; then
--
2.25.1

59
0042-cipher-adding-an-iv-update-to-a-decryption.patch
View File

@ -1,59 +0,0 @@
From 11016568bf6a929aebc216f5e7f5fd28b2e1d2a6 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 12 May 2022 10:31:56 +0800
Subject: [PATCH 42/57] cipher: adding an iv update to a decryption
Adding an iv update to de-crypto method as cbc mode.
the dst address should not be changed. So fix it.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 8a2c39d..49022f7 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -763,10 +763,13 @@ static void uadk_cipher_update_priv_ctx(struct cipher_priv_ctx *priv)
switch (priv->setup.mode) {
case WD_CIPHER_CBC:
- if (priv->req.op_type == WD_CIPHER_ENCRYPTION) {
- priv->req.dst += priv->req.in_bytes;
- memcpy(priv->iv, priv->req.dst - iv_bytes, iv_bytes);
- }
+ if (priv->req.op_type == WD_CIPHER_ENCRYPTION)
+ memcpy(priv->iv, priv->req.dst + priv->req.in_bytes - iv_bytes,
+ iv_bytes);
+ else
+ memcpy(priv->iv, priv->req.src + priv->req.in_bytes - iv_bytes,
+ iv_bytes);
+
break;
case WD_CIPHER_OFB:
for (i = 0; i < IV_LEN; i++) {
@@ -776,13 +779,13 @@ static void uadk_cipher_update_priv_ctx(struct cipher_priv_ctx *priv)
memcpy(priv->iv, K, iv_bytes);
break;
case WD_CIPHER_CFB:
- if (priv->req.op_type == WD_CIPHER_ENCRYPTION) {
- priv->req.dst += priv->req.in_bytes;
- memcpy(priv->iv, priv->req.dst - iv_bytes, iv_bytes);
- } else {
- priv->req.src += priv->req.in_bytes;
- memcpy(priv->iv, priv->req.src - iv_bytes, iv_bytes);
- }
+ if (priv->req.op_type == WD_CIPHER_ENCRYPTION)
+ memcpy(priv->iv, priv->req.dst + priv->req.in_bytes - iv_bytes,
+ iv_bytes);
+ else
+ memcpy(priv->iv, priv->req.src + priv->req.in_bytes - iv_bytes,
+ iv_bytes);
+
break;
case WD_CIPHER_CTR:
ctr_iv_inc(priv->iv, priv->req.in_bytes >> CTR_MODE_LEN_SHIFT);
--
2.27.0

29
0042-uadk_prov_cipher-add-static-descriptor-to-uadk_prov_.patch Normal file
View File

@ -0,0 +1,29 @@
From de8448dd775231f5fcd3f050fafceb2ed013f34a Mon Sep 17 00:00:00 2001
From: Guodong Xu <guodong.xu@linaro.org>
Date: Tue, 12 Sep 2023 08:55:28 +0800
Subject: [PATCH 42/48] uadk_prov_cipher: add static descriptor to
uadk_prov_cipher_gettable_ctx_params()
Signed-off-by: Guodong Xu <guodong.xu@linaro.org>
---
src/uadk_prov_cipher.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c
index 5f9ed45..9a2c27b 100644
--- a/src/uadk_prov_cipher.c
+++ b/src/uadk_prov_cipher.c
@@ -1024,8 +1024,8 @@ static const OSSL_PARAM uadk_prov_default_ctx_params[] = {
OSSL_PARAM_END
};
-const OSSL_PARAM *uadk_prov_cipher_gettable_ctx_params(ossl_unused void *cctx,
- ossl_unused void *provctx)
+static const OSSL_PARAM *uadk_prov_cipher_gettable_ctx_params(ossl_unused void *cctx,
+ ossl_unused void *provctx)
{
return uadk_prov_default_ctx_params;
}
--
2.25.1

47
0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch
View File

@ -1,47 +0,0 @@
From d6b2f7a4b2486afb3b3a418f32ce9d43783ef8f0 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 12 May 2022 10:31:57 +0800
Subject: [PATCH 43/57] cipher: fix cipher decrypto failed as use jdk
Because the java releases the memory immediately after the
memory is used. So the engine should not use user memory for
storage the key.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_cipher.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 49022f7..7eba992 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -36,6 +36,7 @@
#define BYTE_BITS 8
#define IV_LEN 16
#define ENV_ENABLED 1
+#define MAX_KEY_LEN 64
struct cipher_engine {
struct wd_ctx_config ctx_cfg;
@@ -57,7 +58,7 @@ struct cipher_priv_ctx {
struct wd_cipher_sess_setup setup;
struct wd_cipher_req req;
unsigned char iv[IV_LEN];
- const unsigned char *key;
+ unsigned char key[MAX_KEY_LEN];
int switch_flag;
void *sw_ctx_data;
/* Crypto small packet offload threshold */
@@ -694,7 +695,7 @@ static int uadk_e_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
if (unlikely(ret != 1))
return 0;
- priv->key = key;
+ memcpy(priv->key, key, EVP_CIPHER_CTX_key_length(ctx));
priv->switch_threshold = SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT;
return 1;
--
2.27.0

25
0043-tentative-ctx-handle-handle.patch Normal file
View File

@ -0,0 +1,25 @@
From 657cda03fd4adde660b617ccc61a9e534da08950 Mon Sep 17 00:00:00 2001
From: Guodong Xu <guodong.xu@linaro.org>
Date: Tue, 12 Sep 2023 08:51:42 +0800
Subject: [PATCH 43/48] tentative: ctx->handle=handle
Signed-off-by: Guodong Xu <guodong.xu@linaro.org>
---
src/uadk_prov_init.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c
index af22dfa..965092d 100644
--- a/src/uadk_prov_init.c
+++ b/src/uadk_prov_init.c
@@ -145,6 +145,7 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
if (ctx == NULL)
return 0;
+ ctx->handle = handle;
ret = async_module_init();
if (!ret)
fprintf(stderr, "async_module_init fail!\n");
--
2.25.1

169
0044-engine-add-receiving-timeout-count.patch
View File

@ -1,169 +0,0 @@
From 4fbef0e061a97e3ead086de7f3f5689e9d53f454 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Mon, 18 Jul 2022 09:41:39 +0800
Subject: [PATCH 44/57] engine: add receiving timeout count
Task fail due to hardware errors, but the process of poll
isn't exit. Increase the count of packet receiving timeout
as doing async jobs. Prevents falling into an infinite loop
in poll ctx.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk.h | 5 +++--
src/uadk_cipher.c | 7 +++++--
src/uadk_dh.c | 7 +++++--
src/uadk_digest.c | 7 +++++--
src/uadk_pkey.c | 7 +++++--
src/uadk_rsa.c | 7 +++++--
6 files changed, 28 insertions(+), 12 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h
index ef09274..e2635d4 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -22,8 +22,9 @@
#include <uadk/wd_sched.h>
#include "uadk_utils.h"
-#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
-#define ENV_STRING_LEN 256
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+#define ENV_STRING_LEN 256
+#define ENGINE_RECV_MAX_CNT 60000000
enum {
KUNPENG920,
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 7eba992..472c0ad 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -504,6 +504,7 @@ static int sched_single_poll_policy(handle_t h_sched_ctx,
static int uadk_e_cipher_poll(void *ctx)
{
struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *) ctx;
+ __u64 rx_cnt = 0;
__u32 recv = 0;
/* Poll one packet currently */
int expt = 1;
@@ -520,9 +521,11 @@ static int uadk_e_cipher_poll(void *ctx)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_cipher_env_poll(void *ctx)
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 3882306..893b0f2 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -204,6 +204,7 @@ static __u32 dh_pick_next_ctx(handle_t sched_ctx,
static int uadk_e_dh_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
int expect = 1;
int idx = 1;
@@ -215,9 +216,11 @@ static int uadk_e_dh_poll(void *ctx)
return UADK_E_POLL_SUCCESS;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static void uadk_e_dh_cb(void *req_t)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index ecc0ce6..2e61e80 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -332,6 +332,7 @@ static int sched_single_poll_policy(handle_t h_sched_ctx,
static int uadk_e_digest_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
int expt = 1;
int ret = 0;
@@ -342,9 +343,11 @@ static int uadk_e_digest_poll(void *ctx)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_digest_env_poll(void *ctx)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index d4ec30e..2616c5e 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -113,6 +113,7 @@ void uadk_ecc_cb(void *req_t)
static int uadk_ecc_poll(void *ctx)
{
unsigned int recv = 0;
+ __u64 rx_cnt = 0;
int expt = 1;
int ret;
@@ -122,9 +123,11 @@ static int uadk_ecc_poll(void *ctx)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
/* make resource configure static */
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index a80d203..29b2521 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -656,6 +656,7 @@ static int rsa_poll_policy(handle_t h_sched_ctx, __u32 expect, __u32 *count)
static int uadk_e_rsa_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
int expt = 1;
int ret;
@@ -666,9 +667,11 @@ static int uadk_e_rsa_poll(void *ctx)
return UADK_E_POLL_SUCCESS;
else if (ret < 0 && ret != -EAGAIN)
return ret;
- } while (ret == -EAGAIN);
+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
- return ret;
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static struct rsa_res_config rsa_res_config = {
--
2.27.0

3157
0044-uadk-add-uadk_prov_rsa-for-openssl-3.0.patch Normal file
View File

File diff suppressed because it is too large Load Diff

49
0045-digest-fix-the-fault-as-using-the-nginx.patch
View File

@ -1,49 +0,0 @@
From 7718ed9e56633bf2781f108a591eefe093ccb18b Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Mon, 18 Jul 2022 14:43:53 +0800
Subject: [PATCH 45/57] digest: fix the fault as using the nginx
Prevent double-free after the private ctx copy is used.
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 2e61e80..8127373 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -240,6 +240,10 @@ static void digest_soft_cleanup(struct digest_priv_ctx *md_ctx)
{
EVP_MD_CTX *ctx = md_ctx->soft_ctx;
+ /* Prevent double-free after the copy is used */
+ if (md_ctx->copy)
+ return;
+
if (ctx != NULL) {
if (ctx->md_data) {
OPENSSL_free(ctx->md_data);
@@ -641,7 +645,9 @@ static int do_digest_sync(struct digest_priv_ctx *priv)
{
int ret;
- /* Fix me: not support switch the soft work as input is lower */
+ if (priv->req.in_bytes <= priv->switch_threshold &&
+ priv->state == SEC_DIGEST_INIT)
+ return 0;
ret = wd_do_digest_sync(priv->sess, &priv->req);
if (ret) {
@@ -743,6 +749,7 @@ static int uadk_e_digest_cleanup(EVP_MD_CTX *ctx)
struct digest_priv_ctx *priv =
(struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
+ /* Prevent double-free after the copy is used */
if (!priv || priv->copy)
return 1;
--
2.27.0

36
0045-uadk_provider-add-DOPENSSL_SUPPRESS_DEPRECATED.patch Normal file
View File

@ -0,0 +1,36 @@
From 2ae4dceb9cd43a0a05b793efb155e4bca145f16c Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Mon, 11 Sep 2023 15:42:11 +0800
Subject: [PATCH 45/48] uadk_provider: add -DOPENSSL_SUPPRESS_DEPRECATED
uadk_prov_rsa reported a warning of deprecation,
Unfortunately, can not solve the warning at the moment.
Suppress the deprecated warning temporarily
warning: 'RSA_padding_add_PKCS1_type_2' is deprecated: Since OpenSSL 3.0
warning: 'RSA_padding_add_PKCS1_OAEP' is deprecated: Since OpenSSL 3.0
warning: 'RSA_padding_check_PKCS1_type_2' is deprecated: Since OpenSSL 3.0
warning: 'RSA_padding_check_PKCS1_OAEP' is deprecated: Since OpenSSL 3.0
warning: 'RSA_padding_add_PKCS1_type_1' is deprecated: Since OpenSSL 3.0
warning: 'RSA_padding_add_X931' is deprecated: Since OpenSSL 3.0
warning: 'RSA_padding_check_PKCS1_type_1' is deprecated: Since OpenSSL 3.0
warning: 'RSA_padding_check_X931' is deprecated: Since OpenSSL 3.0
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 6fdee47..9d5102a 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -57,4 +57,4 @@ uadk_provider_la_SOURCES=uadk_prov_init.c uadk_async.c uadk_utils.c \
uadk_provider_la_LDFLAGS=-module -version-number $(VERSION)
uadk_provider_la_LIBADD=$(WD_LIBS) -lpthread
uadk_provider_la_CFLAGS=$(WD_CFLAGS) $(libcrypto_CFLAGS)
-uadk_provider_la_CFLAGS+=-DCRYPTO3
+uadk_provider_la_CFLAGS+=-DOPENSSL_SUPPRESS_DEPRECATED
--
2.25.1

121
0046-ecc-cleanup-of-static-code-check.patch
View File

@ -1,121 +0,0 @@
From c8dbfbdd80ea8b8d422a50c634e057dd37ac9aea Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 16:45:03 +0800
Subject: [PATCH 46/57] ecc: cleanup of static code check
1. Use macros instead of specific numbers to represent
the key size.
2. Global variable 'sm2_order' only used in function
'sm2_update_sess' should be declared in function scope.
3. Remove unused structure 'uadk_ecc_sess'.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 22 +++++++++++-----------
src/uadk_pkey.c | 9 ---------
src/uadk_sm2.c | 21 ++++++---------------
3 files changed, 17 insertions(+), 35 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index e219bdf..d78658b 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -129,18 +129,18 @@ err:
static int get_smallest_hw_keybits(int bits)
{
/* ec curve order width */
- if (bits > 384)
- return 521;
- else if (bits > 320)
- return 384;
- else if (bits > 256)
- return 320;
- else if (bits > 192)
- return 256;
- else if (bits > 128)
- return 192;
+ if (bits > ECC384BITS)
+ return ECC521BITS;
+ else if (bits > ECC320BITS)
+ return ECC384BITS;
+ else if (bits > ECC256BITS)
+ return ECC320BITS;
+ else if (bits > ECC192BITS)
+ return ECC256BITS;
+ else if (bits > ECC128BITS)
+ return ECC192BITS;
else
- return 128;
+ return ECC128BITS;
}
static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 2616c5e..a0b74af 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -44,15 +44,6 @@ struct ecc_res_config {
int numa_id;
};
-typedef struct uadk_ecc_sess {
- handle_t sess;
- struct wd_ecc_sess_setup setup;
- struct wd_ecc_req req;
- int is_pubkey_ready;
- int is_privkey_ready;
- int key_size;
-} uadk_ecc_sess_t;
-
/* ecc global hardware resource is saved here */
struct ecc_res {
struct wd_ctx_config *ctx_res;
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index a478a94..fcca9f2 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -46,15 +46,6 @@ struct sm2_ctx {
bool is_init;
};
-typedef struct uadk_ecc_sess {
- handle_t sess;
- struct wd_ecc_sess_setup setup;
- struct wd_ecc_req req;
- int is_pubkey_ready;
- int is_privkey_ready;
- int key_size;
-} uadk_ecc_sess_t;
-
typedef struct sm2_ciphertext {
BIGNUM *C1x;
BIGNUM *C1y;
@@ -115,12 +106,6 @@ typedef int (*PFUNC_DEC)(EVP_PKEY_CTX *ctx,
const unsigned char *in,
size_t inlen);
-const unsigned char sm2_order[] = {
- 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,\
- 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,\
- 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23
-};
-
static int get_hash_type(int nid_hash)
{
switch (nid_hash) {
@@ -166,6 +151,12 @@ static int compute_hash(const char *in, size_t in_len,
static int sm2_update_sess(struct sm2_ctx *smctx)
{
+ const unsigned char sm2_order[] = {
+ 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
+ 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23
+ };
int nid_hash = smctx->ctx.md ? EVP_MD_type(smctx->ctx.md) : NID_sm3;
struct wd_ecc_sess_setup setup;
handle_t sess;
--
2.27.0

46
0046-uadk_prov_cipher-fix-build-warning.patch Normal file
View File

@ -0,0 +1,46 @@
From ad0aa5e29072d9258ff223dfef629c43869f7d4d Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Tue, 10 Oct 2023 04:59:26 +0000
Subject: [PATCH 46/48] uadk_prov_cipher: fix build warning
With CFLAGS=-Wall, build reports warning
uadk_prov_cipher.c: In function 'uadk_prov_cipher_soft_work':
uadk_prov_cipher.c:226:6: warning: unused variable 'sw_final_len' [-Wunused-variable]
226 | int sw_final_len = 0;
| ^~~~~~~~~~~~
uadk_prov_cipher.c: In function 'uadk_prov_cipher_init':
uadk_prov_cipher.c:266:6: warning: unused variable 'ret' [-Wunused-variable]
266 | int ret, i;
| ^~~
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk_prov_cipher.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c
index 9a2c27b..21bf0a2 100644
--- a/src/uadk_prov_cipher.c
+++ b/src/uadk_prov_cipher.c
@@ -223,8 +223,6 @@ static int uadk_prov_cipher_sw_init(struct cipher_priv_ctx *priv,
static int uadk_prov_cipher_soft_work(struct cipher_priv_ctx *priv, unsigned char *out,
int *outl, const unsigned char *in, size_t len)
{
- int sw_final_len = 0;
-
if (priv->sw_cipher == NULL)
return 0;
@@ -263,7 +261,7 @@ static int uadk_prov_cipher_init(struct cipher_priv_ctx *priv,
const unsigned char *iv, size_t ivlen)
{
int cipher_counts = ARRAY_SIZE(cipher_info_table);
- int ret, i;
+ int i;
if (iv)
memcpy(priv->iv, iv, ivlen);
--
2.25.1

260
0047-ecc-bugfix-about-return-value-check.patch
View File

@ -1,260 +0,0 @@
From a8613bb37a229c64ab1846e4da2220912876fbfa Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 16:56:02 +0800
Subject: [PATCH 47/57] ecc: bugfix about return value check
Check the return value of BN_CTX_get(), and add a new
structure to wrap the curve parameters to make the logic
of return value check clearer.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ec.c | 159 ++++++++++++++++++++++++++++++++++----------------
1 file changed, 108 insertions(+), 51 deletions(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index d78658b..37683cd 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -34,6 +34,19 @@
#define ECC384BITS 384
#define ECC521BITS 521
+struct curve_param {
+ /* prime */
+ BIGNUM *p;
+ /* ecc coefficient 'a' */
+ BIGNUM *a;
+ /* ecc coefficient 'b' */
+ BIGNUM *b;
+ /* base point */
+ const EC_POINT *g;
+ /* order of base point */
+ const BIGNUM *order;
+};
+
typedef ECDSA_SIG* (*PFUNC_SIGN_SIG)(const unsigned char *,
int,
const BIGNUM *,
@@ -70,58 +83,92 @@ static void init_dtb_param(void *dtb, char *start,
}
}
+static void fill_ecc_cv_param(struct wd_ecc_curve *pparam,
+ struct curve_param *cv_param,
+ BIGNUM *g_x, BIGNUM *g_y)
+{
+ pparam->p.dsize = BN_bn2bin(cv_param->p, (void *)pparam->p.data);
+ pparam->a.dsize = BN_bn2bin(cv_param->a, (void *)pparam->a.data);
+ if (!pparam->a.dsize) {
+ pparam->a.dsize = 1;
+ pparam->a.data[0] = 0;
+ }
+
+ pparam->b.dsize = BN_bn2bin(cv_param->b, (void *)pparam->b.data);
+ if (!pparam->b.dsize) {
+ pparam->b.dsize = 1;
+ pparam->b.data[0] = 0;
+ }
+
+ pparam->g.x.dsize = BN_bn2bin(g_x, (void *)pparam->g.x.data);
+ pparam->g.y.dsize = BN_bn2bin(g_y, (void *)pparam->g.y.data);
+ pparam->n.dsize = BN_bn2bin(cv_param->order, (void *)pparam->n.data);
+}
+
static int set_sess_setup_cv(const EC_GROUP *group,
struct wd_ecc_curve_cfg *cv)
{
struct wd_ecc_curve *pparam = cv->cfg.pparam;
- BIGNUM *p, *a, *b, *xg, *yg, *order;
- const EC_POINT *g;
+ struct curve_param *cv_param;
+ BIGNUM *g_x, *g_y;
+ int ret = -1;
BN_CTX *ctx;
- int ret;
ctx = BN_CTX_new();
if (!ctx)
- return -ENOMEM;
+ return ret;
BN_CTX_start(ctx);
- p = BN_CTX_get(ctx);
- a = BN_CTX_get(ctx);
- b = BN_CTX_get(ctx);
- xg = BN_CTX_get(ctx);
- yg = BN_CTX_get(ctx);
- ret = uadk_get_curve(group, p, a, b, ctx);
+ cv_param = OPENSSL_malloc(sizeof(struct curve_param));
+ if (!cv_param)
+ goto free_ctx;
+
+ cv_param->p = BN_CTX_get(ctx);
+ if (!cv_param->p)
+ goto free_cv;
+
+ cv_param->a = BN_CTX_get(ctx);
+ if (!cv_param->a)
+ goto free_cv;
+
+ cv_param->b = BN_CTX_get(ctx);
+ if (!cv_param->b)
+ goto free_cv;
+
+ g_x = BN_CTX_get(ctx);
+ if (!g_x)
+ goto free_cv;
+
+ g_y = BN_CTX_get(ctx);
+ if (!g_y)
+ goto free_cv;
+
+ ret = uadk_get_curve(group, cv_param->p, cv_param->a, cv_param->b, ctx);
if (ret)
- goto err;
+ goto free_cv;
- g = EC_GROUP_get0_generator(group);
- ret = uadk_get_affine_coordinates(group, g, xg, yg, ctx);
+ cv_param->g = EC_GROUP_get0_generator(group);
+ if (!cv_param->g)
+ goto free_cv;
+
+ ret = uadk_get_affine_coordinates(group, cv_param->g, g_x, g_y, ctx);
if (ret)
- goto err;
+ goto free_cv;
- order = (BIGNUM *)EC_GROUP_get0_order(group);
- pparam->p.dsize = BN_bn2bin(p, (void *)pparam->p.data);
- pparam->a.dsize = BN_bn2bin(a, (void *)pparam->a.data);
- /* a or b is all zero, but uadk not allow parameter length is zero */
- if (!pparam->a.dsize) {
- pparam->a.dsize = 1;
- pparam->a.data[0] = 0;
- }
- pparam->b.dsize = BN_bn2bin(b, (void *)pparam->b.data);
- if (!pparam->b.dsize) {
- pparam->b.dsize = 1;
- pparam->b.data[0] = 0;
- }
- pparam->g.x.dsize = BN_bn2bin(xg, (void *)pparam->g.x.data);
- pparam->g.y.dsize = BN_bn2bin(yg, (void *)pparam->g.y.data);
- pparam->n.dsize = BN_bn2bin(order, (void *)pparam->n.data);
+ cv_param->order = EC_GROUP_get0_order(group);
+ if (!cv_param->order)
+ goto free_cv;
+
+ fill_ecc_cv_param(pparam, cv_param, g_x, g_y);
cv->type = WD_CV_CFG_PARAM;
ret = 0;
-err:
- if (ctx) {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
+
+free_cv:
+ OPENSSL_free(cv_param);
+free_ctx:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
return ret;
}
@@ -166,12 +213,13 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
sp.cv.cfg.pparam = &param;
group = EC_KEY_get0_group(eckey);
ret = set_sess_setup_cv(group, &sp.cv);
- if (ret) {
- free(dev);
- return (handle_t)0;
- }
+ if (ret)
+ goto free_dev;
order = EC_GROUP_get0_order(group);
+ if (!order)
+ goto free_dev;
+
key_bits = BN_num_bits(order);
sp.alg = alg;
sp.key_bits = get_smallest_hw_keybits(key_bits);
@@ -184,8 +232,11 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
fprintf(stderr, "failed to alloc ecc sess\n");
free(dev);
-
return sess;
+
+free_dev:
+ free(dev);
+ return (handle_t)0;
}
static int check_ecc_bit_useful(const int bits)
@@ -506,6 +557,10 @@ static int ecdsa_do_verify_check(EC_KEY *eckey,
const BIGNUM *order;
int ret;
+ ret = eckey_check(eckey);
+ if (ret)
+ return ret;
+
if (!dgst) {
fprintf(stderr, "dgst is NULL\n");
return -1;
@@ -516,10 +571,6 @@ static int ecdsa_do_verify_check(EC_KEY *eckey,
return -1;
}
- ret = eckey_check(eckey);
- if (ret)
- return ret;
-
pub_key = EC_KEY_get0_public_key(eckey);
if (!pub_key) {
fprintf(stderr, "pub_key is NULL\n");
@@ -957,10 +1008,20 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req,
ctx = BN_CTX_new();
if (!ctx)
return -ENOMEM;
+
+ BN_CTX_start(ctx);
pkey_x = BN_CTX_get(ctx);
+ if (!pkey_x)
+ goto free_ctx;
+
pkey_y = BN_CTX_get(ctx);
+ if (!pkey_y)
+ goto free_ctx;
group = EC_KEY_get0_group(ecdh);
+ if (!group)
+ goto free_ctx;
+
uadk_get_affine_coordinates(group, pubkey, pkey_x, pkey_y, ctx);
in_pkey.x.data = buf_x;
in_pkey.y.data = buf_y;
@@ -986,13 +1047,9 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req,
ret = 1;
free_ctx:
- if (ctx) {
- if (pkey_x)
- BN_clear(pkey_x);
- if (pkey_y)
- BN_clear(pkey_y);
- BN_CTX_free(ctx);
- }
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+
return ret;
}
--
2.27.0

92
0047-uadk_prov_init-change-name-more-informative.patch Normal file
View File

@ -0,0 +1,92 @@
From 04b50bae1c84427ea25c64ed82bdfd875dbb8e39 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Wed, 11 Oct 2023 06:38:59 +0000
Subject: [PATCH 47/48] uadk_prov_init: change name more informative
Use a more informative name uadk_xxx instead of p_xxx
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk_prov.h | 4 ++--
src/uadk_prov_init.c | 18 +++++++++---------
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/uadk_prov.h b/src/uadk_prov.h
index f8a3cd7..efb29ee 100644
--- a/src/uadk_prov.h
+++ b/src/uadk_prov.h
@@ -18,12 +18,12 @@
#ifndef UADK_PROV_H
#define UADK_PROV_H
-struct p_uadk_ctx {
+struct uadk_prov_ctx {
const OSSL_CORE_HANDLE *handle;
OSSL_LIB_CTX *libctx;
};
-static inline OSSL_LIB_CTX *prov_libctx_of(struct p_uadk_ctx *ctx)
+static inline OSSL_LIB_CTX *prov_libctx_of(struct uadk_prov_ctx *ctx)
{
if (ctx == NULL)
return NULL;
diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c
index b28ce69..2bde080 100644
--- a/src/uadk_prov_init.c
+++ b/src/uadk_prov_init.c
@@ -95,8 +95,8 @@ static const OSSL_ALGORITHM uadk_prov_asym_cipher[] = {
{ NULL, NULL, NULL }
};
-static const OSSL_ALGORITHM *p_prov_query(void *provctx, int operation_id,
- int *no_cache)
+static const OSSL_ALGORITHM *uadk_query(void *provctx, int operation_id,
+ int *no_cache)
{
static int prov_init;
@@ -125,9 +125,9 @@ static const OSSL_ALGORITHM *p_prov_query(void *provctx, int operation_id,
return NULL;
}
-static void p_teardown(void *provctx)
+static void uadk_teardown(void *provctx)
{
- struct p_uadk_ctx *ctx = (struct p_uadk_ctx *)provctx;
+ struct uadk_prov_ctx *ctx = (struct uadk_prov_ctx *)provctx;
uadk_prov_destroy_digest();
uadk_prov_destroy_cipher();
@@ -137,9 +137,9 @@ static void p_teardown(void *provctx)
async_poll_task_free();
}
-static const OSSL_DISPATCH p_test_table[] = {
- { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_prov_query },
- { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown },
+static const OSSL_DISPATCH uadk_dispatch_table[] = {
+ { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))uadk_query },
+ { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))uadk_teardown },
{ 0, NULL }
};
@@ -157,7 +157,7 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
const OSSL_DISPATCH **out,
void **provctx)
{
- struct p_uadk_ctx *ctx;
+ struct uadk_prov_ctx *ctx;
int ret;
ctx = OPENSSL_zalloc(sizeof(*ctx));
@@ -171,6 +171,6 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
pthread_atfork(NULL, NULL, provider_init_child_at_fork_handler);
*provctx = (void *)ctx;
- *out = p_test_table;
+ *out = uadk_dispatch_table;
return 1;
}
--
2.25.1

316
0048-digest-alloc-session-and-data-when-copy-evp-context.patch Normal file
View File

@ -0,0 +1,316 @@
From ce4625a39433d7d9b263263a6fbdb0c1c4ef1572 Mon Sep 17 00:00:00 2001
From: Wenkai Lin <linwenkai6@hisilicon.com>
Date: Tue, 17 Oct 2023 16:10:51 +0800
Subject: [PATCH 48/48] digest: alloc session and data when copy evp context
There is a problem caused by shared session that session status
will be modified and another data flow will use the wrong status,
so we need let each context get different session when we copy context,
and the table is no longer needed.
Since the new session does not have any stream information, the engine
need to send a message with total length and message status to uadk,
so that uadk can correctly configure the session.
Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
---
src/uadk_digest.c | 144 ++++++++++++++++++++++++++++++++--------------
1 file changed, 102 insertions(+), 42 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index b75c408..beb9f51 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -35,8 +35,6 @@
#define CTX_SYNC 0
#define CTX_ASYNC 1
#define CTX_NUM 2
-#define DIGEST_DOING 1
-#define DIGEST_END 0
#define ENV_ENABLED 1
/* The max BD data length is 16M-512B */
@@ -99,7 +97,9 @@ struct digest_priv_ctx {
uint32_t state;
uint32_t switch_threshold;
int switch_flag;
- bool copy;
+ uint32_t app_datasize;
+ bool is_stream_copy;
+ size_t total_data_len;
};
struct digest_info {
@@ -199,7 +199,7 @@ static int digest_soft_init(struct digest_priv_ctx *md_ctx)
uint32_t e_nid = md_ctx->e_nid;
const EVP_MD *digest_md = NULL;
EVP_MD_CTX *ctx = NULL;
- int ctx_len;
+ int app_datasize;
/* Allocate a soft ctx for hardware engine */
if (md_ctx->soft_ctx == NULL)
@@ -213,13 +213,15 @@ static int digest_soft_init(struct digest_priv_ctx *md_ctx)
return 0;
}
- ctx_len = EVP_MD_meth_get_app_datasize(digest_md);
+ app_datasize = EVP_MD_meth_get_app_datasize(digest_md);
if (ctx->md_data == NULL) {
- ctx->md_data = OPENSSL_malloc(ctx_len);
+ ctx->md_data = OPENSSL_malloc(app_datasize);
if (ctx->md_data == NULL)
return 0;
}
+ md_ctx->app_datasize = app_datasize;
+
return EVP_MD_meth_get_init(digest_md)(ctx);
}
@@ -267,17 +269,14 @@ static void digest_soft_cleanup(struct digest_priv_ctx *md_ctx)
{
EVP_MD_CTX *ctx = md_ctx->soft_ctx;
- /* Prevent double-free after the copy is used */
- if (md_ctx->copy)
- return;
-
if (ctx != NULL) {
if (ctx->md_data) {
OPENSSL_free(ctx->md_data);
ctx->md_data = NULL;
}
EVP_MD_CTX_free(ctx);
- ctx = NULL;
+ md_ctx->soft_ctx = NULL;
+ md_ctx->app_datasize = 0;
}
}
@@ -515,13 +514,16 @@ static void digest_priv_ctx_setup(struct digest_priv_ctx *priv,
priv->req.out_bytes = out_len;
}
-static void digest_priv_ctx_cleanup(struct digest_priv_ctx *priv)
+static void digest_priv_ctx_reset(struct digest_priv_ctx *priv)
{
/* Ensure that private variable values are initialized */
priv->state = SEC_DIGEST_INIT;
priv->last_update_bufflen = 0;
priv->switch_threshold = 0;
priv->switch_flag = 0;
+ priv->total_data_len = 0;
+ priv->app_datasize = 0;
+ priv->is_stream_copy = false;
}
static int uadk_e_digest_init(EVP_MD_CTX *ctx)
@@ -529,24 +531,23 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
struct digest_priv_ctx *priv =
(struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx);
__u32 digest_counts = ARRAY_SIZE(digest_info_table);
- int nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
struct sched_params params = {0};
__u32 i;
int ret;
- priv->e_nid = nid;
+ priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
- digest_priv_ctx_cleanup(priv);
+ digest_priv_ctx_reset(priv);
ret = uadk_e_init_digest();
if (unlikely(!ret)) {
priv->switch_flag = UADK_DO_SOFT;
fprintf(stderr, "uadk failed to initialize digest.\n");
- goto soft_init;
+ return digest_soft_init(priv);
}
for (i = 0; i < digest_counts; i++) {
- if (nid == digest_info_table[i].nid) {
+ if (priv->e_nid == digest_info_table[i].nid) {
digest_priv_ctx_setup(priv, digest_info_table[i].alg,
digest_info_table[i].mode, digest_info_table[i].out_len);
break;
@@ -561,22 +562,24 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
/* Use the default numa parameters */
params.numa_id = -1;
priv->setup.sched_param = &params;
- priv->sess = wd_digest_alloc_sess(&priv->setup);
- if (unlikely(!priv->sess))
- return 0;
+ if (!priv->sess) {
+ priv->sess = wd_digest_alloc_sess(&priv->setup);
+ if (unlikely(!priv->sess))
+ return 0;
- priv->data = malloc(DIGEST_BLOCK_SIZE);
- if (unlikely(!priv->data)) {
- wd_digest_free_sess(priv->sess);
- return 0;
+ priv->data = malloc(DIGEST_BLOCK_SIZE);
+ if (unlikely(!priv->data))
+ goto out;
}
- priv->switch_threshold = sec_digest_get_sw_threshold(nid);
+ priv->switch_threshold = sec_digest_get_sw_threshold(priv->e_nid);
return 1;
-soft_init:
- return digest_soft_init(priv);
+out:
+ wd_digest_free_sess(priv->sess);
+ priv->sess = 0;
+ return 0;
}
static void digest_update_out_length(EVP_MD_CTX *ctx)
@@ -592,6 +595,16 @@ static void digest_update_out_length(EVP_MD_CTX *ctx)
priv->req.out_bytes = WD_DIGEST_SHA384_FULL_LEN;
}
+static void digest_set_msg_state(struct digest_priv_ctx *priv, bool is_end)
+{
+ if (unlikely(priv->is_stream_copy)) {
+ priv->req.has_next = is_end ? WD_DIGEST_STREAM_END : WD_DIGEST_STREAM_DOING;
+ priv->is_stream_copy = false;
+ } else {
+ priv->req.has_next = is_end ? WD_DIGEST_END : WD_DIGEST_DOING;
+ }
+}
+
static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_len)
{
struct digest_priv_ctx *priv =
@@ -602,8 +615,7 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
int ret;
digest_update_out_length(ctx);
-
- priv->req.has_next = DIGEST_DOING;
+ digest_set_msg_state(priv, false);
while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) {
copy_to_bufflen = DIGEST_BLOCK_SIZE - priv->last_update_bufflen;
@@ -662,6 +674,8 @@ static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_l
if (unlikely(priv->switch_flag == UADK_DO_SOFT))
goto soft_update;
+ priv->total_data_len += data_len;
+
if (priv->last_update_bufflen + data_len <= DIGEST_BLOCK_SIZE) {
uadk_memcpy(priv->data + priv->last_update_bufflen, data, data_len);
priv->last_update_bufflen += data_len;
@@ -753,9 +767,10 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
{
struct digest_priv_ctx *priv =
(struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
- int ret = 1;
struct async_op op;
- priv->req.has_next = DIGEST_END;
+ int ret = 1;
+
+ digest_set_msg_state(priv, true);
priv->req.in = priv->data;
priv->req.out = priv->out;
priv->req.in_bytes = priv->last_update_bufflen;
@@ -810,17 +825,21 @@ static int uadk_e_digest_cleanup(EVP_MD_CTX *ctx)
struct digest_priv_ctx *priv =
(struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
- /* Prevent double-free after the copy is used */
- if (!priv || priv->copy)
+ if (!priv)
return 1;
+ if (priv->data) {
+ free(priv->data);
+ priv->data = NULL;
+ }
+
if (priv->sess) {
wd_digest_free_sess(priv->sess);
priv->sess = 0;
}
- if (priv && priv->data)
- free(priv->data);
+ if (priv->soft_ctx)
+ digest_soft_cleanup(priv);
return 1;
}
@@ -831,17 +850,58 @@ static int uadk_e_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
(struct digest_priv_ctx *)EVP_MD_CTX_md_data(from);
struct digest_priv_ctx *t =
(struct digest_priv_ctx *)EVP_MD_CTX_md_data(to);
+ struct sched_params params = {0};
+ int ret;
+
+ if (!t)
+ return 1;
+
+ if (t->sess) {
+ params.numa_id = -1;
+ t->setup.sched_param = &params;
+ t->sess = wd_digest_alloc_sess(&t->setup);
+ if (!t->sess) {
+ fprintf(stderr, "failed to alloc session for digest ctx copy.\n");
+ return 0;
+ }
+
+ t->data = malloc(DIGEST_BLOCK_SIZE);
+ if (!t->data)
+ goto free_sess;
- /*
- * EVP_MD_CTX_copy will copy from->priv to to->priv,
- * including data pointer. Instead of coping data contents,
- * add a flag to prevent double-free.
- */
+ if (t->state != SEC_DIGEST_INIT) {
+ t->is_stream_copy = true;
+ /* Length that the hardware has processed should be equal to
+ * total input data length minus software cache data length.
+ */
+ t->req.long_data_len = t->total_data_len - t->last_update_bufflen;
+ }
+
+ memcpy(t->data, f->data, f->last_update_bufflen);
+ }
+
+ if (t->soft_ctx) {
+ t->soft_ctx = NULL;
+ ret = digest_soft_init(t);
+ if (!ret)
+ goto free_data;
- if (f && f->data)
- t->copy = true;
+ memcpy(t->soft_ctx->md_data, f->soft_ctx->md_data, t->app_datasize);
+ }
return 1;
+
+free_data:
+ if (t->data) {
+ free(t->data);
+ t->data = NULL;
+ }
+free_sess:
+ if (t->sess) {
+ wd_digest_free_sess(t->sess);
+ t->sess = 0;
+ }
+ return 0;
}
--
2.25.1

170
0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch
View File

@ -1,170 +0,0 @@
From 7989e5639ab9a2de5d03ecb06942ad556ed41d93 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 16:57:50 +0800
Subject: [PATCH 48/57] ecc: bugfix multiple definition of ecx structure
The structure 'ECX_KEY' is defined in the libcrypto of OpenSSL,
but OpenSSL does not put this definition in the header file in
its 1.1.1x release version, so we can not use this structure
directly. We should define a new structure that provides the
same function to avoid conflict with the definition in OpenSSL
when using static compilation.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_ecx.c | 43 +++++++++++++++++++++++--------------------
1 file changed, 23 insertions(+), 20 deletions(-)
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 5d0ff76..df23156 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -31,14 +31,14 @@
#define X448_KEYLEN 56
#define X25519_KEYBITS 256
#define X448_KEYBITS 448
-#define MAX_KEYLEN 57
+#define ECX_MAX_KEYLEN 57
#define UADK_E_SUCCESS 1
#define UADK_E_FAIL 0
-typedef struct {
- unsigned char pubkey[MAX_KEYLEN];
+struct ecx_key {
+ unsigned char pubkey[ECX_MAX_KEYLEN];
unsigned char *privkey;
-} ECX_KEY;
+};
struct ecx_ctx {
handle_t sess;
@@ -224,12 +224,12 @@ static int ecx_get_nid(EVP_PKEY_CTX *ctx)
return nid;
}
-static int ecx_create_privkey(ECX_KEY **ecx_key, int key_size)
+static int ecx_create_privkey(struct ecx_key **ecx_key, int key_size)
{
unsigned char *privkey;
int ret;
- *ecx_key = OPENSSL_zalloc(sizeof(ECX_KEY));
+ *ecx_key = OPENSSL_zalloc(sizeof(struct ecx_key));
if (!(*ecx_key)) {
fprintf(stderr, "failed to alloc ecx_key\n");
return UADK_E_FAIL;
@@ -259,7 +259,8 @@ free_ecx_key:
return UADK_E_FAIL;
}
-static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
+static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx,
+ struct ecx_key *ecx_key)
{
handle_t sess = ecx_ctx->sess;
struct wd_ecc_key *ecc_key;
@@ -280,14 +281,14 @@ static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
}
static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx,
- struct wd_ecc_req *req, ECX_KEY *ecx_key)
+ struct wd_ecc_req *req, struct ecx_key *ecx_key)
{
struct wd_ecc_point *pubkey = NULL;
int key_size = ecx_ctx->key_size;
int ret;
wd_ecxdh_get_out_params(req->dst, &pubkey);
- if (key_size > MAX_KEYLEN) {
+ if (key_size > ECX_MAX_KEYLEN) {
fprintf(stderr, "invalid key size, key_size = %d\n", key_size);
return UADK_E_FAIL;
}
@@ -368,8 +369,8 @@ static int openssl_do_ecx_genkey(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
static int x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
struct ecx_ctx *keygen_ctx = NULL;
+ struct ecx_key *ecx_key = NULL;
struct wd_ecc_req req = {0};
- ECX_KEY *ecx_key = NULL;
int ret;
ret = ecx_genkey_check(ctx, pkey);
@@ -426,8 +427,8 @@ do_soft:
static int x448_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
struct ecx_ctx *keygen_ctx = NULL;
+ struct ecx_key *ecx_key = NULL;
struct wd_ecc_req req = {0};
- ECX_KEY *ecx_key = NULL;
int ret;
ret = ecx_genkey_check(ctx, pkey);
@@ -482,12 +483,13 @@ do_soft:
}
static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req,
- ECX_KEY *peer_ecx_key, ECX_KEY *ecx_key)
+ struct ecx_key *peer_ecx_key,
+ struct ecx_key *ecx_key)
{
int key_size = ecx_ctx->key_size;
+ char buf_y[ECX_MAX_KEYLEN] = {0};
handle_t sess = ecx_ctx->sess;
struct wd_ecc_point in_pubkey;
- char buf_y[MAX_KEYLEN] = {0};
struct wd_ecc_out *ecx_out;
struct wd_ecc_in *ecx_in;
int ret;
@@ -542,7 +544,8 @@ static void ecx_compkey_uninit_iot(handle_t sess, struct wd_ecc_req *req)
wd_ecc_del_in(sess, req->src);
}
-static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
+static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx,
+ struct ecx_key *ecx_key)
{
int key_size = ecx_ctx->key_size;
handle_t sess = ecx_ctx->sess;
@@ -576,8 +579,8 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
return UADK_E_SUCCESS;
}
-static int ecx_get_key(EVP_PKEY_CTX *ctx, ECX_KEY **ecx_key,
- ECX_KEY **peer_ecx_key)
+static int ecx_get_key(EVP_PKEY_CTX *ctx, struct ecx_key **ecx_key,
+ struct ecx_key **peer_ecx_key)
{
EVP_PKEY *pkey, *peer_key;
@@ -623,11 +626,11 @@ static void x25519_pad_out_key(unsigned char *dst_key, unsigned char *src_key,
static int x25519_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
+ struct ecx_key *peer_ecx_key = NULL;
struct wd_ecc_point *s_key = NULL;
struct ecx_ctx *derive_ctx = NULL;
- ECX_KEY *peer_ecx_key = NULL;
+ struct ecx_key *ecx_key = NULL;
struct wd_ecc_req req = {0};
- ECX_KEY *ecx_key = NULL;
int ret;
ret = x25519_init(ctx);
@@ -709,11 +712,11 @@ static void x448_pad_out_key(unsigned char *dst_key, unsigned char *src_key,
static int x448_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
+ struct ecx_key *peer_ecx_key = NULL;
struct wd_ecc_point *s_key = NULL;
struct ecx_ctx *derive_ctx = NULL;
- ECX_KEY *peer_ecx_key = NULL;
+ struct ecx_key *ecx_key = NULL;
struct wd_ecc_req req = {0};
- ECX_KEY *ecx_key = NULL;
int ret;
ret = x448_init(ctx);
--
2.27.0

76
0049-uadk_engine-remove-redundant-extern.patch
View File

@ -1,76 +0,0 @@
From 55edca5dd3c13ff623c078eaea2dfb9a7f444eb7 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:06:29 +0800
Subject: [PATCH 49/57] uadk_engine: remove redundant extern
Remove the "extern" keyword before function declaration in
the header file. Because the function in header file is
'extern' by default, there is no need to specify explicitly.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk.h | 24 ++++++++++++------------
src/uadk_async.h | 16 ++++++++--------
2 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h
index e2635d4..0188f0b 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -32,16 +32,16 @@ enum {
};
extern const char *engine_uadk_id;
-extern int uadk_e_bind_cipher(ENGINE *e);
-extern void uadk_e_destroy_cipher(void);
-extern int uadk_e_bind_digest(ENGINE *e);
-extern void uadk_e_destroy_digest(void);
-extern int uadk_e_bind_rsa(ENGINE *e);
-extern void uadk_e_destroy_rsa(void);
-extern int uadk_e_bind_dh(ENGINE *e);
-extern void uadk_e_destroy_dh(void);
-extern int uadk_e_bind_ecc(ENGINE *e);
-extern void uadk_e_destroy_ecc(void);
-extern int uadk_e_is_env_enabled(const char *alg_name);
-extern int uadk_e_set_env(const char *var_name, int numa_id);
+int uadk_e_bind_cipher(ENGINE *e);
+void uadk_e_destroy_cipher(void);
+int uadk_e_bind_digest(ENGINE *e);
+void uadk_e_destroy_digest(void);
+int uadk_e_bind_rsa(ENGINE *e);
+void uadk_e_destroy_rsa(void);
+int uadk_e_bind_dh(ENGINE *e);
+void uadk_e_destroy_dh(void);
+int uadk_e_bind_ecc(ENGINE *e);
+void uadk_e_destroy_ecc(void);
+int uadk_e_is_env_enabled(const char *alg_name);
+int uadk_e_set_env(const char *var_name, int numa_id);
#endif
diff --git a/src/uadk_async.h b/src/uadk_async.h
index d2a7e16..78f7a21 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -65,12 +65,12 @@ struct async_poll_queue {
pthread_t thread_id;
};
-extern int async_setup_async_event_notification(struct async_op *op);
-extern int async_clear_async_event_notification(void);
-extern int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
-extern void async_register_poll_fn(int type, async_recv_t func);
-extern void async_module_init(void);
-extern int async_wake_job(ASYNC_JOB *job);
-extern void async_free_poll_task(int id, bool is_cb);
-extern int async_get_free_task(int *id);
+int async_setup_async_event_notification(struct async_op *op);
+int async_clear_async_event_notification(void);
+int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
+void async_register_poll_fn(int type, async_recv_t func);
+void async_module_init(void);
+int async_wake_job(ASYNC_JOB *job);
+void async_free_poll_task(int id, bool is_cb);
+int async_get_free_task(int *id);
#endif
--
2.27.0

198
0049-uadk_prov_init-remove-engine_uadk_id.patch Normal file
View File

@ -0,0 +1,198 @@
From 82144d6f4802aae3a562fbdb1e51c4d35e2b32b2 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Fri, 20 Oct 2023 07:53:45 +0000
Subject: [PATCH 49/63] uadk_prov_init: remove engine_uadk_id.
It looks strange to define engine_uadk_id in uadk_prov_init.c
ASYNC_WAIT_CTX_set_wait_fd and ASYNC_WAIT_CTX_get_fd does not need to
use engine_uadk_id as the key, only if the key is the same.
So define uadk_async_key in the file itself.
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk.h | 1 -
src/uadk_async.c | 17 +++++++++--------
src/uadk_engine_init.c | 2 +-
src/uadk_prov_init.c | 1 -
src/v1/async/async_event.c | 19 ++++++++++---------
5 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h
index 30c099f..5a98feb 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -28,7 +28,6 @@ enum {
HW_V3,
};
-extern const char *engine_uadk_id;
int uadk_e_bind_cipher(ENGINE *e);
void uadk_e_destroy_cipher(void);
int uadk_e_bind_digest(ENGINE *e);
diff --git a/src/uadk_async.c b/src/uadk_async.c
index c46976c..45f3918 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -24,6 +24,7 @@
#include "uadk.h"
#include "uadk_async.h"
+static const char *uadk_async_key = "uadk_async_key";
static struct async_poll_queue poll_queue;
static int g_uadk_e_keep_polling;
@@ -61,15 +62,15 @@ int async_setup_async_event_notification(struct async_op *op)
if (waitctx == NULL)
return 0;
- if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_uadk_id,
+ if (ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key,
&efd, &custom) == 0) {
efd = eventfd(0, EFD_NONBLOCK);
if (efd == -1)
return 0;
- if (ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_uadk_id, efd,
+ if (ASYNC_WAIT_CTX_set_wait_fd(waitctx, uadk_async_key, efd,
custom, async_fd_cleanup) == 0) {
- async_fd_cleanup(waitctx, engine_uadk_id, efd, NULL);
+ async_fd_cleanup(waitctx, uadk_async_key, efd, NULL);
return 0;
}
}
@@ -99,13 +100,13 @@ int async_clear_async_event_notification(void)
return 0;
if (num_add_fds > 0) {
- if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_uadk_id,
+ if (ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key,
&efd, &custom) == 0)
return 0;
- async_fd_cleanup(waitctx, engine_uadk_id, efd, NULL);
+ async_fd_cleanup(waitctx, uadk_async_key, efd, NULL);
- if (ASYNC_WAIT_CTX_clear_fd(waitctx, engine_uadk_id) == 0)
+ if (ASYNC_WAIT_CTX_clear_fd(waitctx, uadk_async_key) == 0)
return 0;
}
@@ -272,7 +273,7 @@ int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id)
if (ASYNC_pause_job() == 0)
return 0;
- ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_uadk_id, &efd, &custom);
+ ret = ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom);
if (ret <= 0)
continue;
@@ -299,7 +300,7 @@ int async_wake_job(ASYNC_JOB *job)
if (waitctx == NULL)
return 0;
- ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_uadk_id, &efd, &custom);
+ ret = ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom);
if (ret > 0) {
if (write(efd, &buf, sizeof(uint64_t)) == -1)
fprintf(stderr, "failed to write to fd: %d - error: %d\n", efd, errno);
diff --git a/src/uadk_engine_init.c b/src/uadk_engine_init.c
index e2aa392..cf54360 100644
--- a/src/uadk_engine_init.c
+++ b/src/uadk_engine_init.c
@@ -35,7 +35,7 @@
#define UADK_CMD_ENABLE_ECC_ENV (ENGINE_CMD_BASE + 4)
/* Constants used when creating the ENGINE */
-const char *engine_uadk_id = "uadk_engine";
+static const char *engine_uadk_id = "uadk_engine";
static const char *engine_uadk_name = "uadk hardware engine support";
static int uadk_cipher;
diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c
index 2bde080..9b2c190 100644
--- a/src/uadk_prov_init.c
+++ b/src/uadk_prov_init.c
@@ -28,7 +28,6 @@
#include "uadk_async.h"
#include "uadk_prov.h"
-const char *engine_uadk_id = "uadk_provider";
static const char UADK_DEFAULT_PROPERTIES[] = "provider=uadk_provider";
static OSSL_PROVIDER *prov;
diff --git a/src/v1/async/async_event.c b/src/v1/async/async_event.c
index 245c269..c843bcf 100644
--- a/src/v1/async/async_event.c
+++ b/src/v1/async/async_event.c
@@ -35,7 +35,8 @@
#include "async_event.h"
#include "../utils/engine_log.h"
-#include "../../uadk.h"
+
+static const char *uadk_async_key = "uadk_async_key";
static void async_fd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD readfd, void *custom)
{
@@ -66,7 +67,7 @@ int async_setup_async_event_notification_v1(int jobStatus)
return 0;
}
- if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_uadk_id, &efd,
+ if (ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd,
&custom) == 0) {
efd = eventfd(0, EFD_NONBLOCK);
if (efd == -1) {
@@ -74,10 +75,10 @@ int async_setup_async_event_notification_v1(int jobStatus)
return 0;
}
- if (ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_uadk_id, efd,
+ if (ASYNC_WAIT_CTX_set_wait_fd(waitctx, uadk_async_key, efd,
custom, async_fd_cleanup) == 0) {
US_ERR("set wait fd error.");
- async_fd_cleanup(waitctx, engine_uadk_id, efd, NULL);
+ async_fd_cleanup(waitctx, uadk_async_key, efd, NULL);
return 0;
}
}
@@ -111,14 +112,14 @@ int async_clear_async_event_notification_v1(void)
}
if (num_add_fds > 0) {
- if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_uadk_id, &efd, &custom) == 0) {
+ if (ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom) == 0) {
US_ERR("no fd.");
return 0;
}
- async_fd_cleanup(waitctx, engine_uadk_id, efd, NULL);
+ async_fd_cleanup(waitctx, uadk_async_key, efd, NULL);
- if (ASYNC_WAIT_CTX_clear_fd(waitctx, engine_uadk_id) == 0) {
+ if (ASYNC_WAIT_CTX_clear_fd(waitctx, uadk_async_key) == 0) {
US_ERR("clear fd error.");
return 0;
}
@@ -148,7 +149,7 @@ int async_pause_job_v1(volatile ASYNC_JOB *job, int jobStatus)
return ret;
}
- ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_uadk_id, &efd, &custom);
+ ret = ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom);
if (ret > 0) {
if (read(efd, &buf, sizeof(uint64_t)) == -1) {
if (errno != EAGAIN)
@@ -178,7 +179,7 @@ int async_wake_job_v1(volatile ASYNC_JOB *job, int jobStatus)
return ret;
}
- ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_uadk_id, &efd, &custom);
+ ret = ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom);
if (ret > 0) {
if (write(efd, &buf, sizeof(uint64_t)) == -1)
US_ERR("Failed to write to fd: %d - error: %d\n", efd, errno);
--
2.25.1

212
0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch
View File

@ -1,212 +0,0 @@
From ba0a9ede4f72387f065e88c054e35dc6fdb59079 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 23 Jul 2022 17:10:47 +0800
Subject: [PATCH 50/57] uadk_engine: add timeout protection mechanism in poll
Count the cycle times of poll. When the count times exceed the
maximum number, exit to prevent the task from timeout.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_cipher.c | 13 ++++++++-----
src/uadk_dh.c | 11 +++++++----
src/uadk_digest.c | 11 +++++++----
src/uadk_pkey.c | 13 ++++++++-----
src/uadk_rsa.c | 11 +++++++----
5 files changed, 37 insertions(+), 22 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 472c0ad..54d0a7d 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -517,7 +517,7 @@ static int uadk_e_cipher_poll(void *ctx)
do {
ret = wd_cipher_poll_ctx(idx, expt, &recv);
- if (recv >= expt)
+ if (recv == expt)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -530,18 +530,21 @@ static int uadk_e_cipher_poll(void *ctx)
static int uadk_e_cipher_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
- /* poll one packet currently */
+ /* Poll one packet currently */
int expt = 1;
int ret;
do {
ret = wd_cipher_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_cipher_env_init(struct uacce_dev *dev)
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 893b0f2..cf319e5 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -212,7 +212,7 @@ static int uadk_e_dh_poll(void *ctx)
do {
ret = wd_dh_poll_ctx(idx, expect, &recv);
- if (recv >= expect)
+ if (recv == expect)
return UADK_E_POLL_SUCCESS;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -273,6 +273,7 @@ static struct dh_res_config dh_res_config = {
static int uadk_e_dh_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
/* Poll one packet currently */
int expt = 1;
@@ -280,11 +281,13 @@ static int uadk_e_dh_env_poll(void *ctx)
do {
ret = wd_dh_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_dh_env_init(struct uacce_dev *dev)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 8127373..853aa39 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -343,7 +343,7 @@ static int uadk_e_digest_poll(void *ctx)
do {
ret = wd_digest_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv >= expt)
+ if (recv == expt)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -356,6 +356,7 @@ static int uadk_e_digest_poll(void *ctx)
static int uadk_e_digest_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
/* Poll one packet currently */
int expt = 1;
@@ -363,11 +364,13 @@ static int uadk_e_digest_env_poll(void *ctx)
do {
ret = wd_digest_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_digest_env_init(struct uacce_dev *dev)
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index a0b74af..9a3a725 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -110,7 +110,7 @@ static int uadk_ecc_poll(void *ctx)
do {
ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv >= expt)
+ if (recv == expt)
return 0;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -143,18 +143,21 @@ int uadk_e_ecc_get_numa_id(void)
static int uadk_e_ecc_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
- /* poll one packet currently */
+ /* Poll one packet currently */
int expt = 1;
int ret;
do {
ret = wd_ecc_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 29b2521..a74343f 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -663,7 +663,7 @@ static int uadk_e_rsa_poll(void *ctx)
do {
ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv >= expt)
+ if (recv == expt)
return UADK_E_POLL_SUCCESS;
else if (ret < 0 && ret != -EAGAIN)
return ret;
@@ -689,6 +689,7 @@ static struct rsa_res_config rsa_res_config = {
static int uadk_e_rsa_env_poll(void *ctx)
{
+ __u64 rx_cnt = 0;
__u32 recv = 0;
/* Poll one packet currently */
int expt = 1;
@@ -696,11 +697,13 @@ static int uadk_e_rsa_env_poll(void *ctx)
do {
ret = wd_rsa_poll(expt, &recv);
- if (ret < 0)
+ if (ret < 0 || recv == expt)
return ret;
- } while (recv < expt);
+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret;
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+ return -ETIMEDOUT;
}
static int uadk_e_wd_rsa_env_init(struct uacce_dev *dev)
--
2.27.0

Some files were not shown because too many files have changed in this diff Show More