dccd1cb407
Update some patch for uadk_engine from mainline. Signed-off-by: Yang Shen <shenyang39@huawei.com> (cherry picked from commit 6ae4d8c0999343eddb153c4e4e879a6b66ef528f)
261 lines
6.1 KiB
Diff
261 lines
6.1 KiB
Diff
From a8613bb37a229c64ab1846e4da2220912876fbfa Mon Sep 17 00:00:00 2001
|
|
From: Zhiqi Song <songzhiqi1@huawei.com>
|
|
Date: Sat, 23 Jul 2022 16:56:02 +0800
|
|
Subject: [PATCH 47/57] ecc: bugfix about return value check
|
|
|
|
Check the return value of BN_CTX_get(), and add a new
|
|
structure to wrap the curve parameters to make the logic
|
|
of return value check clearer.
|
|
|
|
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
|
|
---
|
|
src/uadk_ec.c | 159 ++++++++++++++++++++++++++++++++++----------------
|
|
1 file changed, 108 insertions(+), 51 deletions(-)
|
|
|
|
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
|
|
index d78658b..37683cd 100644
|
|
--- a/src/uadk_ec.c
|
|
+++ b/src/uadk_ec.c
|
|
@@ -34,6 +34,19 @@
|
|
#define ECC384BITS 384
|
|
#define ECC521BITS 521
|
|
|
|
+struct curve_param {
|
|
+ /* prime */
|
|
+ BIGNUM *p;
|
|
+ /* ecc coefficient 'a' */
|
|
+ BIGNUM *a;
|
|
+ /* ecc coefficient 'b' */
|
|
+ BIGNUM *b;
|
|
+ /* base point */
|
|
+ const EC_POINT *g;
|
|
+ /* order of base point */
|
|
+ const BIGNUM *order;
|
|
+};
|
|
+
|
|
typedef ECDSA_SIG* (*PFUNC_SIGN_SIG)(const unsigned char *,
|
|
int,
|
|
const BIGNUM *,
|
|
@@ -70,58 +83,92 @@ static void init_dtb_param(void *dtb, char *start,
|
|
}
|
|
}
|
|
|
|
+static void fill_ecc_cv_param(struct wd_ecc_curve *pparam,
|
|
+ struct curve_param *cv_param,
|
|
+ BIGNUM *g_x, BIGNUM *g_y)
|
|
+{
|
|
+ pparam->p.dsize = BN_bn2bin(cv_param->p, (void *)pparam->p.data);
|
|
+ pparam->a.dsize = BN_bn2bin(cv_param->a, (void *)pparam->a.data);
|
|
+ if (!pparam->a.dsize) {
|
|
+ pparam->a.dsize = 1;
|
|
+ pparam->a.data[0] = 0;
|
|
+ }
|
|
+
|
|
+ pparam->b.dsize = BN_bn2bin(cv_param->b, (void *)pparam->b.data);
|
|
+ if (!pparam->b.dsize) {
|
|
+ pparam->b.dsize = 1;
|
|
+ pparam->b.data[0] = 0;
|
|
+ }
|
|
+
|
|
+ pparam->g.x.dsize = BN_bn2bin(g_x, (void *)pparam->g.x.data);
|
|
+ pparam->g.y.dsize = BN_bn2bin(g_y, (void *)pparam->g.y.data);
|
|
+ pparam->n.dsize = BN_bn2bin(cv_param->order, (void *)pparam->n.data);
|
|
+}
|
|
+
|
|
static int set_sess_setup_cv(const EC_GROUP *group,
|
|
struct wd_ecc_curve_cfg *cv)
|
|
{
|
|
struct wd_ecc_curve *pparam = cv->cfg.pparam;
|
|
- BIGNUM *p, *a, *b, *xg, *yg, *order;
|
|
- const EC_POINT *g;
|
|
+ struct curve_param *cv_param;
|
|
+ BIGNUM *g_x, *g_y;
|
|
+ int ret = -1;
|
|
BN_CTX *ctx;
|
|
- int ret;
|
|
|
|
ctx = BN_CTX_new();
|
|
if (!ctx)
|
|
- return -ENOMEM;
|
|
+ return ret;
|
|
|
|
BN_CTX_start(ctx);
|
|
- p = BN_CTX_get(ctx);
|
|
- a = BN_CTX_get(ctx);
|
|
- b = BN_CTX_get(ctx);
|
|
- xg = BN_CTX_get(ctx);
|
|
- yg = BN_CTX_get(ctx);
|
|
|
|
- ret = uadk_get_curve(group, p, a, b, ctx);
|
|
+ cv_param = OPENSSL_malloc(sizeof(struct curve_param));
|
|
+ if (!cv_param)
|
|
+ goto free_ctx;
|
|
+
|
|
+ cv_param->p = BN_CTX_get(ctx);
|
|
+ if (!cv_param->p)
|
|
+ goto free_cv;
|
|
+
|
|
+ cv_param->a = BN_CTX_get(ctx);
|
|
+ if (!cv_param->a)
|
|
+ goto free_cv;
|
|
+
|
|
+ cv_param->b = BN_CTX_get(ctx);
|
|
+ if (!cv_param->b)
|
|
+ goto free_cv;
|
|
+
|
|
+ g_x = BN_CTX_get(ctx);
|
|
+ if (!g_x)
|
|
+ goto free_cv;
|
|
+
|
|
+ g_y = BN_CTX_get(ctx);
|
|
+ if (!g_y)
|
|
+ goto free_cv;
|
|
+
|
|
+ ret = uadk_get_curve(group, cv_param->p, cv_param->a, cv_param->b, ctx);
|
|
if (ret)
|
|
- goto err;
|
|
+ goto free_cv;
|
|
|
|
- g = EC_GROUP_get0_generator(group);
|
|
- ret = uadk_get_affine_coordinates(group, g, xg, yg, ctx);
|
|
+ cv_param->g = EC_GROUP_get0_generator(group);
|
|
+ if (!cv_param->g)
|
|
+ goto free_cv;
|
|
+
|
|
+ ret = uadk_get_affine_coordinates(group, cv_param->g, g_x, g_y, ctx);
|
|
if (ret)
|
|
- goto err;
|
|
+ goto free_cv;
|
|
|
|
- order = (BIGNUM *)EC_GROUP_get0_order(group);
|
|
- pparam->p.dsize = BN_bn2bin(p, (void *)pparam->p.data);
|
|
- pparam->a.dsize = BN_bn2bin(a, (void *)pparam->a.data);
|
|
- /* a or b is all zero, but uadk not allow parameter length is zero */
|
|
- if (!pparam->a.dsize) {
|
|
- pparam->a.dsize = 1;
|
|
- pparam->a.data[0] = 0;
|
|
- }
|
|
- pparam->b.dsize = BN_bn2bin(b, (void *)pparam->b.data);
|
|
- if (!pparam->b.dsize) {
|
|
- pparam->b.dsize = 1;
|
|
- pparam->b.data[0] = 0;
|
|
- }
|
|
- pparam->g.x.dsize = BN_bn2bin(xg, (void *)pparam->g.x.data);
|
|
- pparam->g.y.dsize = BN_bn2bin(yg, (void *)pparam->g.y.data);
|
|
- pparam->n.dsize = BN_bn2bin(order, (void *)pparam->n.data);
|
|
+ cv_param->order = EC_GROUP_get0_order(group);
|
|
+ if (!cv_param->order)
|
|
+ goto free_cv;
|
|
+
|
|
+ fill_ecc_cv_param(pparam, cv_param, g_x, g_y);
|
|
cv->type = WD_CV_CFG_PARAM;
|
|
ret = 0;
|
|
-err:
|
|
- if (ctx) {
|
|
- BN_CTX_end(ctx);
|
|
- BN_CTX_free(ctx);
|
|
- }
|
|
+
|
|
+free_cv:
|
|
+ OPENSSL_free(cv_param);
|
|
+free_ctx:
|
|
+ BN_CTX_end(ctx);
|
|
+ BN_CTX_free(ctx);
|
|
|
|
return ret;
|
|
}
|
|
@@ -166,12 +213,13 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
|
|
sp.cv.cfg.pparam = ¶m;
|
|
group = EC_KEY_get0_group(eckey);
|
|
ret = set_sess_setup_cv(group, &sp.cv);
|
|
- if (ret) {
|
|
- free(dev);
|
|
- return (handle_t)0;
|
|
- }
|
|
+ if (ret)
|
|
+ goto free_dev;
|
|
|
|
order = EC_GROUP_get0_order(group);
|
|
+ if (!order)
|
|
+ goto free_dev;
|
|
+
|
|
key_bits = BN_num_bits(order);
|
|
sp.alg = alg;
|
|
sp.key_bits = get_smallest_hw_keybits(key_bits);
|
|
@@ -184,8 +232,11 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
|
|
fprintf(stderr, "failed to alloc ecc sess\n");
|
|
|
|
free(dev);
|
|
-
|
|
return sess;
|
|
+
|
|
+free_dev:
|
|
+ free(dev);
|
|
+ return (handle_t)0;
|
|
}
|
|
|
|
static int check_ecc_bit_useful(const int bits)
|
|
@@ -506,6 +557,10 @@ static int ecdsa_do_verify_check(EC_KEY *eckey,
|
|
const BIGNUM *order;
|
|
int ret;
|
|
|
|
+ ret = eckey_check(eckey);
|
|
+ if (ret)
|
|
+ return ret;
|
|
+
|
|
if (!dgst) {
|
|
fprintf(stderr, "dgst is NULL\n");
|
|
return -1;
|
|
@@ -516,10 +571,6 @@ static int ecdsa_do_verify_check(EC_KEY *eckey,
|
|
return -1;
|
|
}
|
|
|
|
- ret = eckey_check(eckey);
|
|
- if (ret)
|
|
- return ret;
|
|
-
|
|
pub_key = EC_KEY_get0_public_key(eckey);
|
|
if (!pub_key) {
|
|
fprintf(stderr, "pub_key is NULL\n");
|
|
@@ -957,10 +1008,20 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req,
|
|
ctx = BN_CTX_new();
|
|
if (!ctx)
|
|
return -ENOMEM;
|
|
+
|
|
+ BN_CTX_start(ctx);
|
|
pkey_x = BN_CTX_get(ctx);
|
|
+ if (!pkey_x)
|
|
+ goto free_ctx;
|
|
+
|
|
pkey_y = BN_CTX_get(ctx);
|
|
+ if (!pkey_y)
|
|
+ goto free_ctx;
|
|
|
|
group = EC_KEY_get0_group(ecdh);
|
|
+ if (!group)
|
|
+ goto free_ctx;
|
|
+
|
|
uadk_get_affine_coordinates(group, pubkey, pkey_x, pkey_y, ctx);
|
|
in_pkey.x.data = buf_x;
|
|
in_pkey.y.data = buf_y;
|
|
@@ -986,13 +1047,9 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req,
|
|
ret = 1;
|
|
|
|
free_ctx:
|
|
- if (ctx) {
|
|
- if (pkey_x)
|
|
- BN_clear(pkey_x);
|
|
- if (pkey_y)
|
|
- BN_clear(pkey_y);
|
|
- BN_CTX_free(ctx);
|
|
- }
|
|
+ BN_CTX_end(ctx);
|
|
+ BN_CTX_free(ctx);
|
|
+
|
|
return ret;
|
|
}
|
|
|
|
--
|
|
2.27.0
|
|
|