From 6ae4d8c0999343eddb153c4e4e879a6b66ef528f Mon Sep 17 00:00:00 2001 From: Yang Shen Date: Tue, 26 Jul 2022 15:09:46 +0800 Subject: [PATCH] uadk_engine - update uadk engine source Update some patch for uadk_engine from mainline. Signed-off-by: Yang Shen --- ...uadk-engine-change-Copyright-to-2022.patch | 177 ++++++++++++ ...E-move-test-script-to-sanity_test.sh.patch | 197 +++++++++++++ ...-uadk_engine-fix-string-compare-mode.patch | 38 +++ ...ze-the-process-of-ctx-initialization.patch | 32 +++ ...-adding-an-iv-update-to-a-decryption.patch | 59 ++++ ...ix-cipher-decrypto-failed-as-use-jdk.patch | 47 +++ 0044-engine-add-receiving-timeout-count.patch | 169 +++++++++++ ...est-fix-the-fault-as-using-the-nginx.patch | 49 ++++ 0046-ecc-cleanup-of-static-code-check.patch | 121 ++++++++ ...-ecc-bugfix-about-return-value-check.patch | 260 +++++++++++++++++ ...multiple-definition-of-ecx-structure.patch | 170 +++++++++++ ...-uadk_engine-remove-redundant-extern.patch | 76 +++++ ...timeout-protection-mechanism-in-poll.patch | 212 ++++++++++++++ 0051-rsa-cleanup-redundant-BN-operation.patch | 272 ++++++++++++++++++ ...bugfix-memory-leak-in-genkey-process.patch | 189 ++++++++++++ 0053-rsa-remove-unused-software-method.patch | 97 +++++++ 0054-doc-Modify-maintainers.patch | 26 ++ ...efault-algorithm-of-keygen-soft-algo.patch | 52 ++++ ...ngine-initialize-resources-only-once.patch | 224 +++++++++++++++ 0057-engine-fix-function-type.patch | 105 +++++++ uadk_engine.spec | 99 ++++--- 21 files changed, 2633 insertions(+), 38 deletions(-) create mode 100644 0038-uadk-engine-change-Copyright-to-2022.patch create mode 100644 0039-README-move-test-script-to-sanity_test.sh.patch create mode 100644 0040-uadk_engine-fix-string-compare-mode.patch create mode 100644 0041-cipher-optimize-the-process-of-ctx-initialization.patch create mode 100644 0042-cipher-adding-an-iv-update-to-a-decryption.patch create mode 100644 0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch create mode 100644 0044-engine-add-receiving-timeout-count.patch create mode 100644 0045-digest-fix-the-fault-as-using-the-nginx.patch create mode 100644 0046-ecc-cleanup-of-static-code-check.patch create mode 100644 0047-ecc-bugfix-about-return-value-check.patch create mode 100644 0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch create mode 100644 0049-uadk_engine-remove-redundant-extern.patch create mode 100644 0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch create mode 100644 0051-rsa-cleanup-redundant-BN-operation.patch create mode 100644 0052-rsa-bugfix-memory-leak-in-genkey-process.patch create mode 100644 0053-rsa-remove-unused-software-method.patch create mode 100644 0054-doc-Modify-maintainers.patch create mode 100644 0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch create mode 100644 0056-engine-initialize-resources-only-once.patch create mode 100644 0057-engine-fix-function-type.patch diff --git a/0038-uadk-engine-change-Copyright-to-2022.patch b/0038-uadk-engine-change-Copyright-to-2022.patch new file mode 100644 index 0000000..2b07c14 --- /dev/null +++ b/0038-uadk-engine-change-Copyright-to-2022.patch @@ -0,0 +1,177 @@ +From 1b8b65e31da0c6347575d0d201c8417241e81453 Mon Sep 17 00:00:00 2001 +From: Zhangfei Gao +Date: Mon, 28 Mar 2022 02:31:53 +0000 +Subject: [PATCH 38/57] uadk-engine: change Copyright to 2022 + +Change Copyright to 2022 +Add Linaro Copyright as well + +Signed-off-by: Zhangfei Gao +--- + src/e_uadk.c | 3 ++- + src/uadk.h | 3 ++- + src/uadk_async.c | 3 ++- + src/uadk_async.h | 3 ++- + src/uadk_cipher.c | 3 ++- + src/uadk_dh.c | 2 +- + src/uadk_digest.c | 3 ++- + src/uadk_ec.c | 2 +- + src/uadk_ecx.c | 2 +- + src/uadk_pkey.c | 2 +- + src/uadk_pkey.h | 2 +- + src/uadk_rsa.c | 2 +- + src/uadk_sm2.c | 2 +- + 13 files changed, 19 insertions(+), 13 deletions(-) + +diff --git a/src/e_uadk.c b/src/e_uadk.c +index 79ecef8..4288569 100644 +--- a/src/e_uadk.c ++++ b/src/e_uadk.c +@@ -1,5 +1,6 @@ + /* +- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Linaro ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +diff --git a/src/uadk.h b/src/uadk.h +index 384e035..ef09274 100644 +--- a/src/uadk.h ++++ b/src/uadk.h +@@ -1,5 +1,6 @@ + /* +- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Linaro ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +diff --git a/src/uadk_async.c b/src/uadk_async.c +index c98153b..11d624c 100644 +--- a/src/uadk_async.c ++++ b/src/uadk_async.c +@@ -1,5 +1,6 @@ + /* +- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Linaro ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +diff --git a/src/uadk_async.h b/src/uadk_async.h +index 9836dbb..d2a7e16 100644 +--- a/src/uadk_async.h ++++ b/src/uadk_async.h +@@ -1,5 +1,6 @@ + /* +- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Linaro ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index 5ebad64..91895cc 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -1,5 +1,6 @@ + /* +- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Linaro ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +diff --git a/src/uadk_dh.c b/src/uadk_dh.c +index 40fb583..3882306 100644 +--- a/src/uadk_dh.c ++++ b/src/uadk_dh.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index 355917d..ecc0ce6 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -1,5 +1,6 @@ + /* +- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Linaro ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +diff --git a/src/uadk_ec.c b/src/uadk_ec.c +index db69871..e219bdf 100644 +--- a/src/uadk_ec.c ++++ b/src/uadk_ec.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c +index 67f9350..5d0ff76 100644 +--- a/src/uadk_ecx.c ++++ b/src/uadk_ecx.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c +index f27e2f5..d4ec30e 100644 +--- a/src/uadk_pkey.c ++++ b/src/uadk_pkey.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h +index dfe6fbe..b30c2de 100644 +--- a/src/uadk_pkey.h ++++ b/src/uadk_pkey.h +@@ -1,5 +1,5 @@ + /* +- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index 821cb78..a80d203 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c +index 8c75611..a478a94 100644 +--- a/src/uadk_sm2.c ++++ b/src/uadk_sm2.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +-- +2.27.0 + diff --git a/0039-README-move-test-script-to-sanity_test.sh.patch b/0039-README-move-test-script-to-sanity_test.sh.patch new file mode 100644 index 0000000..f423381 --- /dev/null +++ b/0039-README-move-test-script-to-sanity_test.sh.patch @@ -0,0 +1,197 @@ +From 5dab65ce804d8e7995cef2eecfb375270d55f2ed Mon Sep 17 00:00:00 2001 +From: Zhangfei Gao +Date: Wed, 30 Mar 2022 07:34:43 +0000 +Subject: [PATCH 39/57] README: move test script to sanity_test.sh + +Move test script from README to sanity_test.sh + +Signed-off-by: Zhangfei Gao +--- + README | 103 +------------------------------------------- + test/sanity_test.sh | 39 ++++++++++++++++- + 2 files changed, 39 insertions(+), 103 deletions(-) + +diff --git a/README b/README +index 562a859..ed49128 100644 +--- a/README ++++ b/README +@@ -63,108 +63,7 @@ Build & Install OpenSSL UADK Engine + Testing + ------- + ``` +- sudo test/sanity_test.sh +-``` +-1. Cipher +-``` +-openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +-openssl speed -engine uadk_engine -async_jobs 1 -evp aes-128-cbc +-openssl speed -engine uadk_engine -async_jobs 1 -evp sm4-cbc +-openssl speed -engine uadk_engine -async_jobs 1 -evp des-ede3-cbc +-``` +-2. RSA +-``` +-openssl genrsa -out prikey.pem -engine uadk_engine 2048 +-openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk_engine +-openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk_engine +-openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk_engine +-openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk_engine +-openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk_engine +-openssl speed -elapsed -engine uadk_engine rsa2048 +-openssl speed -elapsed -engine uadk_engine -async_jobs 10 rsa2048 +-``` +-3. SM3 +-``` +-openssl sm3 -engine uadk_engine data +-``` +-4. MD5 +-``` +-openssl speed -engine uadk_engine -async_jobs 1 -evp md5 +-``` +-5. SHA +-``` +-openssl sha1 -engine uadk_engine data +-openssl sha256 -engine uadk_engine data +-openssl sha512 -engine uadk_engine data +-``` +-6. DH +- +-[step 1] Generate global public parameters, and save them in the file +-dhparam.pem: +-``` +-openssl dhparam -out dhparam.pem 2048 +-``` +-[step 2] Generate own private key: +-``` +-openssl genpkey -paramfile dhparam.pem -out privatekey1.pem +-openssl genpkey -paramfile dhparam.pem -out privatekey2.pem +-``` +-[step 3] Generate public key: +-``` +-openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine uadk +-openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine uadk +-``` +-[step 4] After exchanging public key, each user can derive the shared secret: +-``` +-openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out +-secret1.bin -engine uadk_engine +-openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out +-secret2.bin -engine uadk_engine +-``` +-[step 5] Check secret1.bin and secret2.bin: +-``` +-cmp secret1.bin secret2.bin +-xxd secret1.bin +-xxd secret2.bin +-``` +-secret1.bin and secret2.bin should be the same. +- +-7. SM2 +-``` +-openssl speed -elapsed -engine uadk_engine sm2 +-openssl speed -elapsed -engine uadk_engine -async_jobs 1 sm2 +-openssl ecparam -genkey -name SM2 -out SM2PrivateKey.pem +-openssl ec -in SM2PrivateKey.pem -pubout -out SM2PublicKey.pem +-``` +-8. ECDSA +-``` +-openssl speed -elapsed -engine uadk_engine ecdsap256 +-openssl speed -elapsed -engine uadk_engine -async_jobs 1 ecdsap256 ++ ./test/sanity_test.sh + ``` + + Environment variable of uadk engine +diff --git a/test/sanity_test.sh b/test/sanity_test.sh +index 4273310..2c0c504 100755 +--- a/test/sanity_test.sh ++++ b/test/sanity_test.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-chmod 666 /dev/hisi_* ++sudo chmod 666 /dev/hisi_* + + if [ ! -n "$1" ]; then + engine_id=uadk_engine +@@ -24,6 +24,12 @@ if [[ $algs =~ "SM3" ]]; then + openssl speed -engine $engine_id -async_jobs 1 -evp sm3 + fi + ++if [[ $algs =~ "SM2" ]]; then ++ echo "testing SM2" ++ openssl speed -engine $engine_id -evp sm2 ++ openssl speed -engine $engine_id -async_jobs 1 -evp sm2 ++fi ++ + if [[ $algs =~ "SHA" ]]; then + echo "testing SHA" + openssl speed -engine $engine_id -evp sha1 +@@ -58,6 +64,12 @@ if [[ $algs =~ "AES" ]]; then + openssl speed -engine $engine_id -async_jobs 1 -evp aes-128-xts + openssl speed -engine $engine_id -evp aes-256-xts + openssl speed -engine $engine_id -async_jobs 1 -evp aes-256-xts ++ openssl speed -engine $engine_id -evp aes-128-ctr ++ openssl speed -engine $engine_id -async_jobs 1 -evp aes-128-ctr ++ openssl speed -engine $engine_id -evp aes-192-ctr ++ openssl speed -engine $engine_id -async_jobs 1 -evp aes-192-ctr ++ openssl speed -engine $engine_id -evp aes-256-ctr ++ openssl speed -engine $engine_id -async_jobs 1 -evp aes-256-ctr + fi + + if [[ $algs =~ "SM4-CBC" ]]; then +@@ -134,3 +146,28 @@ if [[ $algs =~ "id-ecPublicKey" ]]; then + openssl speed -elapsed -engine $engine_id ecdhbrp384r1 + openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhbrp384r1 + fi ++ ++#DH ++if [[ $algs =~ "DH" ]]; then ++ echo "testing DH" ++ #1. Generate global public parameters, and save them in the file dhparam.pem: ++ openssl dhparam -out dhparam.pem 2048 ++ ++ #2. Generate own private key: ++ openssl genpkey -paramfile dhparam.pem -out privatekey1.pem ++ openssl genpkey -paramfile dhparam.pem -out privatekey2.pem ++ ++ #3. Generate public key: ++ openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine $engine_id ++ openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine $engine_id ++ ++ #4. After exchanging public key, each user can derive the shared secret: ++ openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out secret1.bin -engine $engine_id ++ openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out secret2.bin -engine $engine_id ++ ++ #5. Check secret1.bin and secret2.bin: ++ cmp secret1.bin secret2.bin ++ xxd secret1.bin ++ xxd secret2.bin ++ #secret1.bin and secret2.bin should be same. ++fi +-- +2.27.0 + diff --git a/0040-uadk_engine-fix-string-compare-mode.patch b/0040-uadk_engine-fix-string-compare-mode.patch new file mode 100644 index 0000000..97c3511 --- /dev/null +++ b/0040-uadk_engine-fix-string-compare-mode.patch @@ -0,0 +1,38 @@ +From 4763c7f374d4ba29a070b06147e2d47504902cf3 Mon Sep 17 00:00:00 2001 +From: JunchongPan +Date: Sat, 2 Apr 2022 09:47:08 +0800 +Subject: [PATCH 40/57] uadk_engine:fix string compare mode + +String compare now use '==' while compare point and string, +changed to strcmp + +Signed-off-by: JunchongPan +--- + src/e_uadk.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/e_uadk.c b/src/e_uadk.c +index 4288569..58a10de 100644 +--- a/src/e_uadk.c ++++ b/src/e_uadk.c +@@ -116,7 +116,7 @@ int uadk_e_is_env_enabled(const char *alg_name) + int i = 0; + + while (i < len) { +- if (uadk_env_enabled[i].alg_name == alg_name) ++ if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) + return uadk_env_enabled[i].env_enabled; + i++; + } +@@ -130,7 +130,7 @@ static void uadk_e_set_env_enabled(const char *alg_name, __u8 value) + int i = 0; + + while (i < len) { +- if (uadk_env_enabled[i].alg_name == alg_name) { ++ if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) { + uadk_env_enabled[i].env_enabled = value; + return; + } +-- +2.27.0 + diff --git a/0041-cipher-optimize-the-process-of-ctx-initialization.patch b/0041-cipher-optimize-the-process-of-ctx-initialization.patch new file mode 100644 index 0000000..6eece84 --- /dev/null +++ b/0041-cipher-optimize-the-process-of-ctx-initialization.patch @@ -0,0 +1,32 @@ +From 17bfd66f31e712ffd9364bfb43c9899e10e84a7d Mon Sep 17 00:00:00 2001 +From: Kai Ye +Date: Sat, 2 Apr 2022 11:19:16 +0800 +Subject: [PATCH 41/57] cipher: optimize the process of ctx initialization + +Optimize the process of ctx initialization as switching to soft work. +If the ctx resources of a thread are insufficient at the beginning, the +thread can't apply for resources again. Therefore, an flag checking is +required. + +Signed-off-by: Kai Ye +--- + src/uadk_cipher.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index 91895cc..8a2c39d 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -851,6 +851,9 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv) + priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx); + priv->req.iv = priv->iv; + ++ if (priv->switch_flag == UADK_DO_SOFT) ++ return; ++ + ret = uadk_e_init_cipher(); + if (unlikely(!ret)) { + priv->switch_flag = UADK_DO_SOFT; +-- +2.27.0 + diff --git a/0042-cipher-adding-an-iv-update-to-a-decryption.patch b/0042-cipher-adding-an-iv-update-to-a-decryption.patch new file mode 100644 index 0000000..7580b8d --- /dev/null +++ b/0042-cipher-adding-an-iv-update-to-a-decryption.patch @@ -0,0 +1,59 @@ +From 11016568bf6a929aebc216f5e7f5fd28b2e1d2a6 Mon Sep 17 00:00:00 2001 +From: Kai Ye +Date: Thu, 12 May 2022 10:31:56 +0800 +Subject: [PATCH 42/57] cipher: adding an iv update to a decryption + +Adding an iv update to de-crypto method as cbc mode. +the dst address should not be changed. So fix it. + +Signed-off-by: Kai Ye +--- + src/uadk_cipher.c | 25 ++++++++++++++----------- + 1 file changed, 14 insertions(+), 11 deletions(-) + +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index 8a2c39d..49022f7 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -763,10 +763,13 @@ static void uadk_cipher_update_priv_ctx(struct cipher_priv_ctx *priv) + + switch (priv->setup.mode) { + case WD_CIPHER_CBC: +- if (priv->req.op_type == WD_CIPHER_ENCRYPTION) { +- priv->req.dst += priv->req.in_bytes; +- memcpy(priv->iv, priv->req.dst - iv_bytes, iv_bytes); +- } ++ if (priv->req.op_type == WD_CIPHER_ENCRYPTION) ++ memcpy(priv->iv, priv->req.dst + priv->req.in_bytes - iv_bytes, ++ iv_bytes); ++ else ++ memcpy(priv->iv, priv->req.src + priv->req.in_bytes - iv_bytes, ++ iv_bytes); ++ + break; + case WD_CIPHER_OFB: + for (i = 0; i < IV_LEN; i++) { +@@ -776,13 +779,13 @@ static void uadk_cipher_update_priv_ctx(struct cipher_priv_ctx *priv) + memcpy(priv->iv, K, iv_bytes); + break; + case WD_CIPHER_CFB: +- if (priv->req.op_type == WD_CIPHER_ENCRYPTION) { +- priv->req.dst += priv->req.in_bytes; +- memcpy(priv->iv, priv->req.dst - iv_bytes, iv_bytes); +- } else { +- priv->req.src += priv->req.in_bytes; +- memcpy(priv->iv, priv->req.src - iv_bytes, iv_bytes); +- } ++ if (priv->req.op_type == WD_CIPHER_ENCRYPTION) ++ memcpy(priv->iv, priv->req.dst + priv->req.in_bytes - iv_bytes, ++ iv_bytes); ++ else ++ memcpy(priv->iv, priv->req.src + priv->req.in_bytes - iv_bytes, ++ iv_bytes); ++ + break; + case WD_CIPHER_CTR: + ctr_iv_inc(priv->iv, priv->req.in_bytes >> CTR_MODE_LEN_SHIFT); +-- +2.27.0 + diff --git a/0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch b/0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch new file mode 100644 index 0000000..dbeb155 --- /dev/null +++ b/0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch @@ -0,0 +1,47 @@ +From d6b2f7a4b2486afb3b3a418f32ce9d43783ef8f0 Mon Sep 17 00:00:00 2001 +From: Kai Ye +Date: Thu, 12 May 2022 10:31:57 +0800 +Subject: [PATCH 43/57] cipher: fix cipher decrypto failed as use jdk + +Because the java releases the memory immediately after the +memory is used. So the engine should not use user memory for +storage the key. + +Signed-off-by: Kai Ye +--- + src/uadk_cipher.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index 49022f7..7eba992 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -36,6 +36,7 @@ + #define BYTE_BITS 8 + #define IV_LEN 16 + #define ENV_ENABLED 1 ++#define MAX_KEY_LEN 64 + + struct cipher_engine { + struct wd_ctx_config ctx_cfg; +@@ -57,7 +58,7 @@ struct cipher_priv_ctx { + struct wd_cipher_sess_setup setup; + struct wd_cipher_req req; + unsigned char iv[IV_LEN]; +- const unsigned char *key; ++ unsigned char key[MAX_KEY_LEN]; + int switch_flag; + void *sw_ctx_data; + /* Crypto small packet offload threshold */ +@@ -694,7 +695,7 @@ static int uadk_e_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + if (unlikely(ret != 1)) + return 0; + +- priv->key = key; ++ memcpy(priv->key, key, EVP_CIPHER_CTX_key_length(ctx)); + priv->switch_threshold = SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT; + + return 1; +-- +2.27.0 + diff --git a/0044-engine-add-receiving-timeout-count.patch b/0044-engine-add-receiving-timeout-count.patch new file mode 100644 index 0000000..08b33c5 --- /dev/null +++ b/0044-engine-add-receiving-timeout-count.patch @@ -0,0 +1,169 @@ +From 4fbef0e061a97e3ead086de7f3f5689e9d53f454 Mon Sep 17 00:00:00 2001 +From: Kai Ye +Date: Mon, 18 Jul 2022 09:41:39 +0800 +Subject: [PATCH 44/57] engine: add receiving timeout count + +Task fail due to hardware errors, but the process of poll +isn't exit. Increase the count of packet receiving timeout +as doing async jobs. Prevents falling into an infinite loop +in poll ctx. + +Signed-off-by: Kai Ye +--- + src/uadk.h | 5 +++-- + src/uadk_cipher.c | 7 +++++-- + src/uadk_dh.c | 7 +++++-- + src/uadk_digest.c | 7 +++++-- + src/uadk_pkey.c | 7 +++++-- + src/uadk_rsa.c | 7 +++++-- + 6 files changed, 28 insertions(+), 12 deletions(-) + +diff --git a/src/uadk.h b/src/uadk.h +index ef09274..e2635d4 100644 +--- a/src/uadk.h ++++ b/src/uadk.h +@@ -22,8 +22,9 @@ + #include + #include "uadk_utils.h" + +-#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) +-#define ENV_STRING_LEN 256 ++#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) ++#define ENV_STRING_LEN 256 ++#define ENGINE_RECV_MAX_CNT 60000000 + + enum { + KUNPENG920, +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index 7eba992..472c0ad 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -504,6 +504,7 @@ static int sched_single_poll_policy(handle_t h_sched_ctx, + static int uadk_e_cipher_poll(void *ctx) + { + struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *) ctx; ++ __u64 rx_cnt = 0; + __u32 recv = 0; + /* Poll one packet currently */ + int expt = 1; +@@ -520,9 +521,11 @@ static int uadk_e_cipher_poll(void *ctx) + return 0; + else if (ret < 0 && ret != -EAGAIN) + return ret; +- } while (ret == -EAGAIN); ++ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); + +- return ret; ++ fprintf(stderr, "failed to recv msg: timeout!\n"); ++ ++ return -ETIMEDOUT; + } + + static int uadk_e_cipher_env_poll(void *ctx) +diff --git a/src/uadk_dh.c b/src/uadk_dh.c +index 3882306..893b0f2 100644 +--- a/src/uadk_dh.c ++++ b/src/uadk_dh.c +@@ -204,6 +204,7 @@ static __u32 dh_pick_next_ctx(handle_t sched_ctx, + + static int uadk_e_dh_poll(void *ctx) + { ++ __u64 rx_cnt = 0; + __u32 recv = 0; + int expect = 1; + int idx = 1; +@@ -215,9 +216,11 @@ static int uadk_e_dh_poll(void *ctx) + return UADK_E_POLL_SUCCESS; + else if (ret < 0 && ret != -EAGAIN) + return ret; +- } while (ret == -EAGAIN); ++ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); + +- return ret; ++ fprintf(stderr, "failed to recv msg: timeout!\n"); ++ ++ return -ETIMEDOUT; + } + + static void uadk_e_dh_cb(void *req_t) +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index ecc0ce6..2e61e80 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -332,6 +332,7 @@ static int sched_single_poll_policy(handle_t h_sched_ctx, + + static int uadk_e_digest_poll(void *ctx) + { ++ __u64 rx_cnt = 0; + __u32 recv = 0; + int expt = 1; + int ret = 0; +@@ -342,9 +343,11 @@ static int uadk_e_digest_poll(void *ctx) + return 0; + else if (ret < 0 && ret != -EAGAIN) + return ret; +- } while (ret == -EAGAIN); ++ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); + +- return ret; ++ fprintf(stderr, "failed to recv msg: timeout!\n"); ++ ++ return -ETIMEDOUT; + } + + static int uadk_e_digest_env_poll(void *ctx) +diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c +index d4ec30e..2616c5e 100644 +--- a/src/uadk_pkey.c ++++ b/src/uadk_pkey.c +@@ -113,6 +113,7 @@ void uadk_ecc_cb(void *req_t) + static int uadk_ecc_poll(void *ctx) + { + unsigned int recv = 0; ++ __u64 rx_cnt = 0; + int expt = 1; + int ret; + +@@ -122,9 +123,11 @@ static int uadk_ecc_poll(void *ctx) + return 0; + else if (ret < 0 && ret != -EAGAIN) + return ret; +- } while (ret == -EAGAIN); ++ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); + +- return ret; ++ fprintf(stderr, "failed to recv msg: timeout!\n"); ++ ++ return -ETIMEDOUT; + } + + /* make resource configure static */ +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index a80d203..29b2521 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -656,6 +656,7 @@ static int rsa_poll_policy(handle_t h_sched_ctx, __u32 expect, __u32 *count) + + static int uadk_e_rsa_poll(void *ctx) + { ++ __u64 rx_cnt = 0; + __u32 recv = 0; + int expt = 1; + int ret; +@@ -666,9 +667,11 @@ static int uadk_e_rsa_poll(void *ctx) + return UADK_E_POLL_SUCCESS; + else if (ret < 0 && ret != -EAGAIN) + return ret; +- } while (ret == -EAGAIN); ++ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); + +- return ret; ++ fprintf(stderr, "failed to recv msg: timeout!\n"); ++ ++ return -ETIMEDOUT; + } + + static struct rsa_res_config rsa_res_config = { +-- +2.27.0 + diff --git a/0045-digest-fix-the-fault-as-using-the-nginx.patch b/0045-digest-fix-the-fault-as-using-the-nginx.patch new file mode 100644 index 0000000..0df7ca6 --- /dev/null +++ b/0045-digest-fix-the-fault-as-using-the-nginx.patch @@ -0,0 +1,49 @@ +From 7718ed9e56633bf2781f108a591eefe093ccb18b Mon Sep 17 00:00:00 2001 +From: Kai Ye +Date: Mon, 18 Jul 2022 14:43:53 +0800 +Subject: [PATCH 45/57] digest: fix the fault as using the nginx + +Prevent double-free after the private ctx copy is used. + +Signed-off-by: Kai Ye +--- + src/uadk_digest.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index 2e61e80..8127373 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -240,6 +240,10 @@ static void digest_soft_cleanup(struct digest_priv_ctx *md_ctx) + { + EVP_MD_CTX *ctx = md_ctx->soft_ctx; + ++ /* Prevent double-free after the copy is used */ ++ if (md_ctx->copy) ++ return; ++ + if (ctx != NULL) { + if (ctx->md_data) { + OPENSSL_free(ctx->md_data); +@@ -641,7 +645,9 @@ static int do_digest_sync(struct digest_priv_ctx *priv) + { + int ret; + +- /* Fix me: not support switch the soft work as input is lower */ ++ if (priv->req.in_bytes <= priv->switch_threshold && ++ priv->state == SEC_DIGEST_INIT) ++ return 0; + + ret = wd_do_digest_sync(priv->sess, &priv->req); + if (ret) { +@@ -743,6 +749,7 @@ static int uadk_e_digest_cleanup(EVP_MD_CTX *ctx) + struct digest_priv_ctx *priv = + (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx); + ++ /* Prevent double-free after the copy is used */ + if (!priv || priv->copy) + return 1; + +-- +2.27.0 + diff --git a/0046-ecc-cleanup-of-static-code-check.patch b/0046-ecc-cleanup-of-static-code-check.patch new file mode 100644 index 0000000..3a857ad --- /dev/null +++ b/0046-ecc-cleanup-of-static-code-check.patch @@ -0,0 +1,121 @@ +From c8dbfbdd80ea8b8d422a50c634e057dd37ac9aea Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 23 Jul 2022 16:45:03 +0800 +Subject: [PATCH 46/57] ecc: cleanup of static code check + +1. Use macros instead of specific numbers to represent +the key size. +2. Global variable 'sm2_order' only used in function +'sm2_update_sess' should be declared in function scope. +3. Remove unused structure 'uadk_ecc_sess'. + +Signed-off-by: Zhiqi Song +--- + src/uadk_ec.c | 22 +++++++++++----------- + src/uadk_pkey.c | 9 --------- + src/uadk_sm2.c | 21 ++++++--------------- + 3 files changed, 17 insertions(+), 35 deletions(-) + +diff --git a/src/uadk_ec.c b/src/uadk_ec.c +index e219bdf..d78658b 100644 +--- a/src/uadk_ec.c ++++ b/src/uadk_ec.c +@@ -129,18 +129,18 @@ err: + static int get_smallest_hw_keybits(int bits) + { + /* ec curve order width */ +- if (bits > 384) +- return 521; +- else if (bits > 320) +- return 384; +- else if (bits > 256) +- return 320; +- else if (bits > 192) +- return 256; +- else if (bits > 128) +- return 192; ++ if (bits > ECC384BITS) ++ return ECC521BITS; ++ else if (bits > ECC320BITS) ++ return ECC384BITS; ++ else if (bits > ECC256BITS) ++ return ECC320BITS; ++ else if (bits > ECC192BITS) ++ return ECC256BITS; ++ else if (bits > ECC128BITS) ++ return ECC192BITS; + else +- return 128; ++ return ECC128BITS; + } + + static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg) +diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c +index 2616c5e..a0b74af 100644 +--- a/src/uadk_pkey.c ++++ b/src/uadk_pkey.c +@@ -44,15 +44,6 @@ struct ecc_res_config { + int numa_id; + }; + +-typedef struct uadk_ecc_sess { +- handle_t sess; +- struct wd_ecc_sess_setup setup; +- struct wd_ecc_req req; +- int is_pubkey_ready; +- int is_privkey_ready; +- int key_size; +-} uadk_ecc_sess_t; +- + /* ecc global hardware resource is saved here */ + struct ecc_res { + struct wd_ctx_config *ctx_res; +diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c +index a478a94..fcca9f2 100644 +--- a/src/uadk_sm2.c ++++ b/src/uadk_sm2.c +@@ -46,15 +46,6 @@ struct sm2_ctx { + bool is_init; + }; + +-typedef struct uadk_ecc_sess { +- handle_t sess; +- struct wd_ecc_sess_setup setup; +- struct wd_ecc_req req; +- int is_pubkey_ready; +- int is_privkey_ready; +- int key_size; +-} uadk_ecc_sess_t; +- + typedef struct sm2_ciphertext { + BIGNUM *C1x; + BIGNUM *C1y; +@@ -115,12 +106,6 @@ typedef int (*PFUNC_DEC)(EVP_PKEY_CTX *ctx, + const unsigned char *in, + size_t inlen); + +-const unsigned char sm2_order[] = { +- 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,\ +- 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,\ +- 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23 +-}; +- + static int get_hash_type(int nid_hash) + { + switch (nid_hash) { +@@ -166,6 +151,12 @@ static int compute_hash(const char *in, size_t in_len, + + static int sm2_update_sess(struct sm2_ctx *smctx) + { ++ const unsigned char sm2_order[] = { ++ 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b, ++ 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23 ++ }; + int nid_hash = smctx->ctx.md ? EVP_MD_type(smctx->ctx.md) : NID_sm3; + struct wd_ecc_sess_setup setup; + handle_t sess; +-- +2.27.0 + diff --git a/0047-ecc-bugfix-about-return-value-check.patch b/0047-ecc-bugfix-about-return-value-check.patch new file mode 100644 index 0000000..02dc446 --- /dev/null +++ b/0047-ecc-bugfix-about-return-value-check.patch @@ -0,0 +1,260 @@ +From a8613bb37a229c64ab1846e4da2220912876fbfa Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 23 Jul 2022 16:56:02 +0800 +Subject: [PATCH 47/57] ecc: bugfix about return value check + +Check the return value of BN_CTX_get(), and add a new +structure to wrap the curve parameters to make the logic +of return value check clearer. + +Signed-off-by: Zhiqi Song +--- + src/uadk_ec.c | 159 ++++++++++++++++++++++++++++++++++---------------- + 1 file changed, 108 insertions(+), 51 deletions(-) + +diff --git a/src/uadk_ec.c b/src/uadk_ec.c +index d78658b..37683cd 100644 +--- a/src/uadk_ec.c ++++ b/src/uadk_ec.c +@@ -34,6 +34,19 @@ + #define ECC384BITS 384 + #define ECC521BITS 521 + ++struct curve_param { ++ /* prime */ ++ BIGNUM *p; ++ /* ecc coefficient 'a' */ ++ BIGNUM *a; ++ /* ecc coefficient 'b' */ ++ BIGNUM *b; ++ /* base point */ ++ const EC_POINT *g; ++ /* order of base point */ ++ const BIGNUM *order; ++}; ++ + typedef ECDSA_SIG* (*PFUNC_SIGN_SIG)(const unsigned char *, + int, + const BIGNUM *, +@@ -70,58 +83,92 @@ static void init_dtb_param(void *dtb, char *start, + } + } + ++static void fill_ecc_cv_param(struct wd_ecc_curve *pparam, ++ struct curve_param *cv_param, ++ BIGNUM *g_x, BIGNUM *g_y) ++{ ++ pparam->p.dsize = BN_bn2bin(cv_param->p, (void *)pparam->p.data); ++ pparam->a.dsize = BN_bn2bin(cv_param->a, (void *)pparam->a.data); ++ if (!pparam->a.dsize) { ++ pparam->a.dsize = 1; ++ pparam->a.data[0] = 0; ++ } ++ ++ pparam->b.dsize = BN_bn2bin(cv_param->b, (void *)pparam->b.data); ++ if (!pparam->b.dsize) { ++ pparam->b.dsize = 1; ++ pparam->b.data[0] = 0; ++ } ++ ++ pparam->g.x.dsize = BN_bn2bin(g_x, (void *)pparam->g.x.data); ++ pparam->g.y.dsize = BN_bn2bin(g_y, (void *)pparam->g.y.data); ++ pparam->n.dsize = BN_bn2bin(cv_param->order, (void *)pparam->n.data); ++} ++ + static int set_sess_setup_cv(const EC_GROUP *group, + struct wd_ecc_curve_cfg *cv) + { + struct wd_ecc_curve *pparam = cv->cfg.pparam; +- BIGNUM *p, *a, *b, *xg, *yg, *order; +- const EC_POINT *g; ++ struct curve_param *cv_param; ++ BIGNUM *g_x, *g_y; ++ int ret = -1; + BN_CTX *ctx; +- int ret; + + ctx = BN_CTX_new(); + if (!ctx) +- return -ENOMEM; ++ return ret; + + BN_CTX_start(ctx); +- p = BN_CTX_get(ctx); +- a = BN_CTX_get(ctx); +- b = BN_CTX_get(ctx); +- xg = BN_CTX_get(ctx); +- yg = BN_CTX_get(ctx); + +- ret = uadk_get_curve(group, p, a, b, ctx); ++ cv_param = OPENSSL_malloc(sizeof(struct curve_param)); ++ if (!cv_param) ++ goto free_ctx; ++ ++ cv_param->p = BN_CTX_get(ctx); ++ if (!cv_param->p) ++ goto free_cv; ++ ++ cv_param->a = BN_CTX_get(ctx); ++ if (!cv_param->a) ++ goto free_cv; ++ ++ cv_param->b = BN_CTX_get(ctx); ++ if (!cv_param->b) ++ goto free_cv; ++ ++ g_x = BN_CTX_get(ctx); ++ if (!g_x) ++ goto free_cv; ++ ++ g_y = BN_CTX_get(ctx); ++ if (!g_y) ++ goto free_cv; ++ ++ ret = uadk_get_curve(group, cv_param->p, cv_param->a, cv_param->b, ctx); + if (ret) +- goto err; ++ goto free_cv; + +- g = EC_GROUP_get0_generator(group); +- ret = uadk_get_affine_coordinates(group, g, xg, yg, ctx); ++ cv_param->g = EC_GROUP_get0_generator(group); ++ if (!cv_param->g) ++ goto free_cv; ++ ++ ret = uadk_get_affine_coordinates(group, cv_param->g, g_x, g_y, ctx); + if (ret) +- goto err; ++ goto free_cv; + +- order = (BIGNUM *)EC_GROUP_get0_order(group); +- pparam->p.dsize = BN_bn2bin(p, (void *)pparam->p.data); +- pparam->a.dsize = BN_bn2bin(a, (void *)pparam->a.data); +- /* a or b is all zero, but uadk not allow parameter length is zero */ +- if (!pparam->a.dsize) { +- pparam->a.dsize = 1; +- pparam->a.data[0] = 0; +- } +- pparam->b.dsize = BN_bn2bin(b, (void *)pparam->b.data); +- if (!pparam->b.dsize) { +- pparam->b.dsize = 1; +- pparam->b.data[0] = 0; +- } +- pparam->g.x.dsize = BN_bn2bin(xg, (void *)pparam->g.x.data); +- pparam->g.y.dsize = BN_bn2bin(yg, (void *)pparam->g.y.data); +- pparam->n.dsize = BN_bn2bin(order, (void *)pparam->n.data); ++ cv_param->order = EC_GROUP_get0_order(group); ++ if (!cv_param->order) ++ goto free_cv; ++ ++ fill_ecc_cv_param(pparam, cv_param, g_x, g_y); + cv->type = WD_CV_CFG_PARAM; + ret = 0; +-err: +- if (ctx) { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- } ++ ++free_cv: ++ OPENSSL_free(cv_param); ++free_ctx: ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); + + return ret; + } +@@ -166,12 +213,13 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg) + sp.cv.cfg.pparam = ¶m; + group = EC_KEY_get0_group(eckey); + ret = set_sess_setup_cv(group, &sp.cv); +- if (ret) { +- free(dev); +- return (handle_t)0; +- } ++ if (ret) ++ goto free_dev; + + order = EC_GROUP_get0_order(group); ++ if (!order) ++ goto free_dev; ++ + key_bits = BN_num_bits(order); + sp.alg = alg; + sp.key_bits = get_smallest_hw_keybits(key_bits); +@@ -184,8 +232,11 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg) + fprintf(stderr, "failed to alloc ecc sess\n"); + + free(dev); +- + return sess; ++ ++free_dev: ++ free(dev); ++ return (handle_t)0; + } + + static int check_ecc_bit_useful(const int bits) +@@ -506,6 +557,10 @@ static int ecdsa_do_verify_check(EC_KEY *eckey, + const BIGNUM *order; + int ret; + ++ ret = eckey_check(eckey); ++ if (ret) ++ return ret; ++ + if (!dgst) { + fprintf(stderr, "dgst is NULL\n"); + return -1; +@@ -516,10 +571,6 @@ static int ecdsa_do_verify_check(EC_KEY *eckey, + return -1; + } + +- ret = eckey_check(eckey); +- if (ret) +- return ret; +- + pub_key = EC_KEY_get0_public_key(eckey); + if (!pub_key) { + fprintf(stderr, "pub_key is NULL\n"); +@@ -957,10 +1008,20 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req, + ctx = BN_CTX_new(); + if (!ctx) + return -ENOMEM; ++ ++ BN_CTX_start(ctx); + pkey_x = BN_CTX_get(ctx); ++ if (!pkey_x) ++ goto free_ctx; ++ + pkey_y = BN_CTX_get(ctx); ++ if (!pkey_y) ++ goto free_ctx; + + group = EC_KEY_get0_group(ecdh); ++ if (!group) ++ goto free_ctx; ++ + uadk_get_affine_coordinates(group, pubkey, pkey_x, pkey_y, ctx); + in_pkey.x.data = buf_x; + in_pkey.y.data = buf_y; +@@ -986,13 +1047,9 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req, + ret = 1; + + free_ctx: +- if (ctx) { +- if (pkey_x) +- BN_clear(pkey_x); +- if (pkey_y) +- BN_clear(pkey_y); +- BN_CTX_free(ctx); +- } ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ + return ret; + } + +-- +2.27.0 + diff --git a/0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch b/0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch new file mode 100644 index 0000000..fcb2341 --- /dev/null +++ b/0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch @@ -0,0 +1,170 @@ +From 7989e5639ab9a2de5d03ecb06942ad556ed41d93 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 23 Jul 2022 16:57:50 +0800 +Subject: [PATCH 48/57] ecc: bugfix multiple definition of ecx structure + +The structure 'ECX_KEY' is defined in the libcrypto of OpenSSL, +but OpenSSL does not put this definition in the header file in +its 1.1.1x release version, so we can not use this structure +directly. We should define a new structure that provides the +same function to avoid conflict with the definition in OpenSSL +when using static compilation. + +Signed-off-by: Zhiqi Song +--- + src/uadk_ecx.c | 43 +++++++++++++++++++++++-------------------- + 1 file changed, 23 insertions(+), 20 deletions(-) + +diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c +index 5d0ff76..df23156 100644 +--- a/src/uadk_ecx.c ++++ b/src/uadk_ecx.c +@@ -31,14 +31,14 @@ + #define X448_KEYLEN 56 + #define X25519_KEYBITS 256 + #define X448_KEYBITS 448 +-#define MAX_KEYLEN 57 ++#define ECX_MAX_KEYLEN 57 + #define UADK_E_SUCCESS 1 + #define UADK_E_FAIL 0 + +-typedef struct { +- unsigned char pubkey[MAX_KEYLEN]; ++struct ecx_key { ++ unsigned char pubkey[ECX_MAX_KEYLEN]; + unsigned char *privkey; +-} ECX_KEY; ++}; + + struct ecx_ctx { + handle_t sess; +@@ -224,12 +224,12 @@ static int ecx_get_nid(EVP_PKEY_CTX *ctx) + return nid; + } + +-static int ecx_create_privkey(ECX_KEY **ecx_key, int key_size) ++static int ecx_create_privkey(struct ecx_key **ecx_key, int key_size) + { + unsigned char *privkey; + int ret; + +- *ecx_key = OPENSSL_zalloc(sizeof(ECX_KEY)); ++ *ecx_key = OPENSSL_zalloc(sizeof(struct ecx_key)); + if (!(*ecx_key)) { + fprintf(stderr, "failed to alloc ecx_key\n"); + return UADK_E_FAIL; +@@ -259,7 +259,8 @@ free_ecx_key: + return UADK_E_FAIL; + } + +-static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key) ++static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx, ++ struct ecx_key *ecx_key) + { + handle_t sess = ecx_ctx->sess; + struct wd_ecc_key *ecc_key; +@@ -280,14 +281,14 @@ static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key) + } + + static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx, +- struct wd_ecc_req *req, ECX_KEY *ecx_key) ++ struct wd_ecc_req *req, struct ecx_key *ecx_key) + { + struct wd_ecc_point *pubkey = NULL; + int key_size = ecx_ctx->key_size; + int ret; + + wd_ecxdh_get_out_params(req->dst, &pubkey); +- if (key_size > MAX_KEYLEN) { ++ if (key_size > ECX_MAX_KEYLEN) { + fprintf(stderr, "invalid key size, key_size = %d\n", key_size); + return UADK_E_FAIL; + } +@@ -368,8 +369,8 @@ static int openssl_do_ecx_genkey(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + static int x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + struct ecx_ctx *keygen_ctx = NULL; ++ struct ecx_key *ecx_key = NULL; + struct wd_ecc_req req = {0}; +- ECX_KEY *ecx_key = NULL; + int ret; + + ret = ecx_genkey_check(ctx, pkey); +@@ -426,8 +427,8 @@ do_soft: + static int x448_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + struct ecx_ctx *keygen_ctx = NULL; ++ struct ecx_key *ecx_key = NULL; + struct wd_ecc_req req = {0}; +- ECX_KEY *ecx_key = NULL; + int ret; + + ret = ecx_genkey_check(ctx, pkey); +@@ -482,12 +483,13 @@ do_soft: + } + + static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req, +- ECX_KEY *peer_ecx_key, ECX_KEY *ecx_key) ++ struct ecx_key *peer_ecx_key, ++ struct ecx_key *ecx_key) + { + int key_size = ecx_ctx->key_size; ++ char buf_y[ECX_MAX_KEYLEN] = {0}; + handle_t sess = ecx_ctx->sess; + struct wd_ecc_point in_pubkey; +- char buf_y[MAX_KEYLEN] = {0}; + struct wd_ecc_out *ecx_out; + struct wd_ecc_in *ecx_in; + int ret; +@@ -542,7 +544,8 @@ static void ecx_compkey_uninit_iot(handle_t sess, struct wd_ecc_req *req) + wd_ecc_del_in(sess, req->src); + } + +-static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key) ++static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ++ struct ecx_key *ecx_key) + { + int key_size = ecx_ctx->key_size; + handle_t sess = ecx_ctx->sess; +@@ -576,8 +579,8 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key) + return UADK_E_SUCCESS; + } + +-static int ecx_get_key(EVP_PKEY_CTX *ctx, ECX_KEY **ecx_key, +- ECX_KEY **peer_ecx_key) ++static int ecx_get_key(EVP_PKEY_CTX *ctx, struct ecx_key **ecx_key, ++ struct ecx_key **peer_ecx_key) + { + EVP_PKEY *pkey, *peer_key; + +@@ -623,11 +626,11 @@ static void x25519_pad_out_key(unsigned char *dst_key, unsigned char *src_key, + static int x25519_derive(EVP_PKEY_CTX *ctx, unsigned char *key, + size_t *keylen) + { ++ struct ecx_key *peer_ecx_key = NULL; + struct wd_ecc_point *s_key = NULL; + struct ecx_ctx *derive_ctx = NULL; +- ECX_KEY *peer_ecx_key = NULL; ++ struct ecx_key *ecx_key = NULL; + struct wd_ecc_req req = {0}; +- ECX_KEY *ecx_key = NULL; + int ret; + + ret = x25519_init(ctx); +@@ -709,11 +712,11 @@ static void x448_pad_out_key(unsigned char *dst_key, unsigned char *src_key, + static int x448_derive(EVP_PKEY_CTX *ctx, unsigned char *key, + size_t *keylen) + { ++ struct ecx_key *peer_ecx_key = NULL; + struct wd_ecc_point *s_key = NULL; + struct ecx_ctx *derive_ctx = NULL; +- ECX_KEY *peer_ecx_key = NULL; ++ struct ecx_key *ecx_key = NULL; + struct wd_ecc_req req = {0}; +- ECX_KEY *ecx_key = NULL; + int ret; + + ret = x448_init(ctx); +-- +2.27.0 + diff --git a/0049-uadk_engine-remove-redundant-extern.patch b/0049-uadk_engine-remove-redundant-extern.patch new file mode 100644 index 0000000..a00e806 --- /dev/null +++ b/0049-uadk_engine-remove-redundant-extern.patch @@ -0,0 +1,76 @@ +From 55edca5dd3c13ff623c078eaea2dfb9a7f444eb7 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 23 Jul 2022 17:06:29 +0800 +Subject: [PATCH 49/57] uadk_engine: remove redundant extern + +Remove the "extern" keyword before function declaration in +the header file. Because the function in header file is +'extern' by default, there is no need to specify explicitly. + +Signed-off-by: Zhiqi Song +--- + src/uadk.h | 24 ++++++++++++------------ + src/uadk_async.h | 16 ++++++++-------- + 2 files changed, 20 insertions(+), 20 deletions(-) + +diff --git a/src/uadk.h b/src/uadk.h +index e2635d4..0188f0b 100644 +--- a/src/uadk.h ++++ b/src/uadk.h +@@ -32,16 +32,16 @@ enum { + }; + + extern const char *engine_uadk_id; +-extern int uadk_e_bind_cipher(ENGINE *e); +-extern void uadk_e_destroy_cipher(void); +-extern int uadk_e_bind_digest(ENGINE *e); +-extern void uadk_e_destroy_digest(void); +-extern int uadk_e_bind_rsa(ENGINE *e); +-extern void uadk_e_destroy_rsa(void); +-extern int uadk_e_bind_dh(ENGINE *e); +-extern void uadk_e_destroy_dh(void); +-extern int uadk_e_bind_ecc(ENGINE *e); +-extern void uadk_e_destroy_ecc(void); +-extern int uadk_e_is_env_enabled(const char *alg_name); +-extern int uadk_e_set_env(const char *var_name, int numa_id); ++int uadk_e_bind_cipher(ENGINE *e); ++void uadk_e_destroy_cipher(void); ++int uadk_e_bind_digest(ENGINE *e); ++void uadk_e_destroy_digest(void); ++int uadk_e_bind_rsa(ENGINE *e); ++void uadk_e_destroy_rsa(void); ++int uadk_e_bind_dh(ENGINE *e); ++void uadk_e_destroy_dh(void); ++int uadk_e_bind_ecc(ENGINE *e); ++void uadk_e_destroy_ecc(void); ++int uadk_e_is_env_enabled(const char *alg_name); ++int uadk_e_set_env(const char *var_name, int numa_id); + #endif +diff --git a/src/uadk_async.h b/src/uadk_async.h +index d2a7e16..78f7a21 100644 +--- a/src/uadk_async.h ++++ b/src/uadk_async.h +@@ -65,12 +65,12 @@ struct async_poll_queue { + pthread_t thread_id; + }; + +-extern int async_setup_async_event_notification(struct async_op *op); +-extern int async_clear_async_event_notification(void); +-extern int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id); +-extern void async_register_poll_fn(int type, async_recv_t func); +-extern void async_module_init(void); +-extern int async_wake_job(ASYNC_JOB *job); +-extern void async_free_poll_task(int id, bool is_cb); +-extern int async_get_free_task(int *id); ++int async_setup_async_event_notification(struct async_op *op); ++int async_clear_async_event_notification(void); ++int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id); ++void async_register_poll_fn(int type, async_recv_t func); ++void async_module_init(void); ++int async_wake_job(ASYNC_JOB *job); ++void async_free_poll_task(int id, bool is_cb); ++int async_get_free_task(int *id); + #endif +-- +2.27.0 + diff --git a/0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch b/0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch new file mode 100644 index 0000000..98980e3 --- /dev/null +++ b/0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch @@ -0,0 +1,212 @@ +From ba0a9ede4f72387f065e88c054e35dc6fdb59079 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 23 Jul 2022 17:10:47 +0800 +Subject: [PATCH 50/57] uadk_engine: add timeout protection mechanism in poll + +Count the cycle times of poll. When the count times exceed the +maximum number, exit to prevent the task from timeout. + +Signed-off-by: Zhiqi Song +--- + src/uadk_cipher.c | 13 ++++++++----- + src/uadk_dh.c | 11 +++++++---- + src/uadk_digest.c | 11 +++++++---- + src/uadk_pkey.c | 13 ++++++++----- + src/uadk_rsa.c | 11 +++++++---- + 5 files changed, 37 insertions(+), 22 deletions(-) + +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index 472c0ad..54d0a7d 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -517,7 +517,7 @@ static int uadk_e_cipher_poll(void *ctx) + + do { + ret = wd_cipher_poll_ctx(idx, expt, &recv); +- if (recv >= expt) ++ if (recv == expt) + return 0; + else if (ret < 0 && ret != -EAGAIN) + return ret; +@@ -530,18 +530,21 @@ static int uadk_e_cipher_poll(void *ctx) + + static int uadk_e_cipher_env_poll(void *ctx) + { ++ __u64 rx_cnt = 0; + __u32 recv = 0; +- /* poll one packet currently */ ++ /* Poll one packet currently */ + int expt = 1; + int ret; + + do { + ret = wd_cipher_poll(expt, &recv); +- if (ret < 0) ++ if (ret < 0 || recv == expt) + return ret; +- } while (recv < expt); ++ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); + +- return ret; ++ fprintf(stderr, "failed to poll msg: timeout!\n"); ++ ++ return -ETIMEDOUT; + } + + static int uadk_e_wd_cipher_env_init(struct uacce_dev *dev) +diff --git a/src/uadk_dh.c b/src/uadk_dh.c +index 893b0f2..cf319e5 100644 +--- a/src/uadk_dh.c ++++ b/src/uadk_dh.c +@@ -212,7 +212,7 @@ static int uadk_e_dh_poll(void *ctx) + + do { + ret = wd_dh_poll_ctx(idx, expect, &recv); +- if (recv >= expect) ++ if (recv == expect) + return UADK_E_POLL_SUCCESS; + else if (ret < 0 && ret != -EAGAIN) + return ret; +@@ -273,6 +273,7 @@ static struct dh_res_config dh_res_config = { + + static int uadk_e_dh_env_poll(void *ctx) + { ++ __u64 rx_cnt = 0; + __u32 recv = 0; + /* Poll one packet currently */ + int expt = 1; +@@ -280,11 +281,13 @@ static int uadk_e_dh_env_poll(void *ctx) + + do { + ret = wd_dh_poll(expt, &recv); +- if (ret < 0) ++ if (ret < 0 || recv == expt) + return ret; +- } while (recv < expt); ++ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); + +- return ret; ++ fprintf(stderr, "failed to poll msg: timeout!\n"); ++ ++ return -ETIMEDOUT; + } + + static int uadk_e_wd_dh_env_init(struct uacce_dev *dev) +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index 8127373..853aa39 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -343,7 +343,7 @@ static int uadk_e_digest_poll(void *ctx) + + do { + ret = wd_digest_poll_ctx(CTX_ASYNC, expt, &recv); +- if (recv >= expt) ++ if (recv == expt) + return 0; + else if (ret < 0 && ret != -EAGAIN) + return ret; +@@ -356,6 +356,7 @@ static int uadk_e_digest_poll(void *ctx) + + static int uadk_e_digest_env_poll(void *ctx) + { ++ __u64 rx_cnt = 0; + __u32 recv = 0; + /* Poll one packet currently */ + int expt = 1; +@@ -363,11 +364,13 @@ static int uadk_e_digest_env_poll(void *ctx) + + do { + ret = wd_digest_poll(expt, &recv); +- if (ret < 0) ++ if (ret < 0 || recv == expt) + return ret; +- } while (recv < expt); ++ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); + +- return ret; ++ fprintf(stderr, "failed to poll msg: timeout!\n"); ++ ++ return -ETIMEDOUT; + } + + static int uadk_e_wd_digest_env_init(struct uacce_dev *dev) +diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c +index a0b74af..9a3a725 100644 +--- a/src/uadk_pkey.c ++++ b/src/uadk_pkey.c +@@ -110,7 +110,7 @@ static int uadk_ecc_poll(void *ctx) + + do { + ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv); +- if (recv >= expt) ++ if (recv == expt) + return 0; + else if (ret < 0 && ret != -EAGAIN) + return ret; +@@ -143,18 +143,21 @@ int uadk_e_ecc_get_numa_id(void) + + static int uadk_e_ecc_env_poll(void *ctx) + { ++ __u64 rx_cnt = 0; + __u32 recv = 0; +- /* poll one packet currently */ ++ /* Poll one packet currently */ + int expt = 1; + int ret; + + do { + ret = wd_ecc_poll(expt, &recv); +- if (ret < 0) ++ if (ret < 0 || recv == expt) + return ret; +- } while (recv < expt); ++ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); + +- return ret; ++ fprintf(stderr, "failed to poll msg: timeout!\n"); ++ ++ return -ETIMEDOUT; + } + + static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev) +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index 29b2521..a74343f 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -663,7 +663,7 @@ static int uadk_e_rsa_poll(void *ctx) + + do { + ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv); +- if (recv >= expt) ++ if (recv == expt) + return UADK_E_POLL_SUCCESS; + else if (ret < 0 && ret != -EAGAIN) + return ret; +@@ -689,6 +689,7 @@ static struct rsa_res_config rsa_res_config = { + + static int uadk_e_rsa_env_poll(void *ctx) + { ++ __u64 rx_cnt = 0; + __u32 recv = 0; + /* Poll one packet currently */ + int expt = 1; +@@ -696,11 +697,13 @@ static int uadk_e_rsa_env_poll(void *ctx) + + do { + ret = wd_rsa_poll(expt, &recv); +- if (ret < 0) ++ if (ret < 0 || recv == expt) + return ret; +- } while (recv < expt); ++ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); + +- return ret; ++ fprintf(stderr, "failed to poll msg: timeout!\n"); ++ ++ return -ETIMEDOUT; + } + + static int uadk_e_wd_rsa_env_init(struct uacce_dev *dev) +-- +2.27.0 + diff --git a/0051-rsa-cleanup-redundant-BN-operation.patch b/0051-rsa-cleanup-redundant-BN-operation.patch new file mode 100644 index 0000000..3d2e807 --- /dev/null +++ b/0051-rsa-cleanup-redundant-BN-operation.patch @@ -0,0 +1,272 @@ +From 25b026f401195e0385fc575c51752e1c0c731394 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 23 Jul 2022 17:13:09 +0800 +Subject: [PATCH 51/57] rsa: cleanup redundant BN operation + +Remove redundant codes for big number and rsa crt +mode judgment. + +Signed-off-by: Zhiqi Song +--- + src/uadk_rsa.c | 92 ++++++++++++++++++++++---------------------------- + 1 file changed, 40 insertions(+), 52 deletions(-) + +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index a74343f..f95632b 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -871,8 +871,8 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits, + int is_crt) + { + unsigned int key_size = bits >> BIT_BYTES_SHIFT; +- struct uadk_rsa_sess *rsa_sess; + struct sched_params params = {0}; ++ struct uadk_rsa_sess *rsa_sess; + + rsa_sess = rsa_new_eng_session(rsa); + if (!rsa_sess) +@@ -882,11 +882,7 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits, + rsa_sess->setup.key_bits = key_size << BIT_BYTES_SHIFT; + params.numa_id = g_rsa_res.numa_id; + rsa_sess->setup.sched_param = ¶ms; +- +- if (is_crt) +- rsa_sess->setup.is_crt = IS_SET; +- else +- rsa_sess->setup.is_crt = UN_SET; ++ rsa_sess->setup.is_crt = is_crt; + + rsa_sess->sess = wd_rsa_alloc_sess(&rsa_sess->setup); + if (!rsa_sess->sess) { +@@ -1377,10 +1373,8 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) + + ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess, + rsa, bn_param); +- if (!ret) { ++ if (!ret) + ret = UADK_DO_SOFT; +- goto free_kg_in_out; +- } + + free_kg_in_out: + rsa_free_keygen_data(rsa_sess); +@@ -1398,11 +1392,11 @@ exe_soft: + static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { ++ struct rsa_pubkey_param *pub_enc = NULL; + struct uadk_rsa_sess *rsa_sess = NULL; +- struct rsa_pubkey_param *pub = NULL; + unsigned char *from_buf = NULL; + int num_bytes, is_crt, ret; +- BIGNUM *ret_bn = NULL; ++ BIGNUM *enc_bn = NULL; + + ret = check_rsa_input_para(flen, from, to, rsa); + if (!ret || ret == SOFT) +@@ -1412,7 +1406,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, + if (ret) + goto exe_soft; + +- ret = rsa_pkey_param_alloc(&pub, NULL); ++ ret = rsa_pkey_param_alloc(&pub_enc, NULL); + if (ret == -ENOMEM) + goto exe_soft; + +@@ -1424,7 +1418,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, + goto free_pkey; + } + +- ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes); ++ ret = rsa_create_pub_bn_ctx(rsa, pub_enc, &from_buf, &num_bytes); + if (ret <= 0 || flen > num_bytes) { + ret = UADK_DO_SOFT; + goto free_sess; +@@ -1436,7 +1430,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, + goto free_buf; + } + +- ret = rsa_fill_pubkey(pub, rsa_sess, from_buf, to); ++ ret = rsa_fill_pubkey(pub_enc, rsa_sess, from_buf, to); + if (!ret) { + ret = UADK_DO_SOFT; + goto free_buf; +@@ -1448,27 +1442,25 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, + goto free_buf; + } + +- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, ++ enc_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, + rsa_sess->req.dst_bytes, NULL); +- if (!ret_bn) { ++ if (!enc_bn) { + ret = UADK_DO_SOFT; + goto free_buf; + } + +- ret = BN_bn2binpad(ret_bn, to, num_bytes); +- if (ret == -1) { ++ ret = BN_bn2binpad(enc_bn, to, num_bytes); ++ if (ret == -1) + ret = UADK_DO_SOFT; +- goto free_bn; +- } + +-free_bn: +- BN_free(ret_bn); ++ BN_free(enc_bn); ++ + free_buf: + rsa_free_pub_bn_ctx(&from_buf); + free_sess: + rsa_free_eng_session(rsa_sess); + free_pkey: +- rsa_pkey_param_free(&pub, NULL); ++ rsa_pkey_param_free(&pub_enc, NULL); + if (ret != UADK_DO_SOFT) + return ret; + exe_soft: +@@ -1484,7 +1476,7 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, + unsigned char *from_buf = NULL; + struct uadk_rsa_sess *rsa_sess; + int num_bytes, len, ret; +- BIGNUM *ret_bn = NULL; ++ BIGNUM *dec_bn = NULL; + + ret = check_rsa_input_para(flen, from, to, rsa); + if (!ret || ret == SOFT) +@@ -1526,27 +1518,25 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, + goto free_buf; + } + +- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, ++ dec_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, + rsa_sess->req.dst_bytes, NULL); +- if (!ret_bn) { ++ if (!dec_bn) { + ret = UADK_DO_SOFT; + goto free_buf; + } + +- len = BN_bn2binpad(ret_bn, from_buf, num_bytes); ++ len = BN_bn2binpad(dec_bn, from_buf, num_bytes); + if (!len) { + ret = UADK_DO_SOFT; +- goto free_bn; ++ goto free_dec_bn; + } + + ret = check_rsa_pridec_padding(to, num_bytes, from_buf, len, padding); +- if (!ret) { ++ if (!ret) + ret = UADK_DO_SOFT; +- goto free_bn; +- } + +-free_bn: +- BN_free(ret_bn); ++free_dec_bn: ++ BN_free(dec_bn); + free_buf: + rsa_free_pri_bn_ctx(&from_buf); + free_sess: +@@ -1567,7 +1557,7 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, + struct uadk_rsa_sess *rsa_sess = NULL; + struct rsa_prikey_param *pri = NULL; + unsigned char *from_buf = NULL; +- BIGNUM *ret_bn = NULL; ++ BIGNUM *sign_bn = NULL; + BIGNUM *to_bn = NULL; + BIGNUM *res = NULL; + int num_bytes, ret; +@@ -1616,9 +1606,9 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, + goto free_buf; + } + +- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, ++ sign_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, + rsa_sess->req.dst_bytes, NULL); +- if (!ret_bn) { ++ if (!sign_bn) { + ret = UADK_DO_SOFT; + goto free_buf; + } +@@ -1626,10 +1616,10 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, + to_bn = BN_bin2bn(from_buf, num_bytes, NULL); + if (!to_bn) { + ret = UADK_DO_SOFT; +- goto free_ret_bn; ++ goto free_sign_bn; + } + +- ret = rsa_get_sign_res(padding, to_bn, pri->n, ret_bn, &res); ++ ret = rsa_get_sign_res(padding, to_bn, pri->n, sign_bn, &res); + if (!ret) { + ret = UADK_DO_SOFT; + goto free_to_bn; +@@ -1639,8 +1629,8 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, + + free_to_bn: + BN_free(to_bn); +-free_ret_bn: +- BN_free(ret_bn); ++free_sign_bn: ++ BN_free(sign_bn); + free_buf: + rsa_free_pri_bn_ctx(&from_buf); + free_sess: +@@ -1662,7 +1652,7 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from, + struct rsa_pubkey_param *pub = NULL; + int num_bytes, is_crt, len, ret; + unsigned char *from_buf = NULL; +- BIGNUM *ret_bn = NULL; ++ BIGNUM *verify_bn = NULL; + + ret = check_rsa_input_para(flen, from, to, rsa); + if (!ret) +@@ -1705,33 +1695,31 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from, + goto free_buf; + } + +- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, ++ verify_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, + rsa_sess->req.dst_bytes, NULL); +- if (!ret_bn) { ++ if (!verify_bn) { + ret = UADK_DO_SOFT; + goto free_buf; + } + +- ret = rsa_get_verify_res(padding, pub->n, ret_bn); ++ ret = rsa_get_verify_res(padding, pub->n, verify_bn); + if (!ret) { + ret = UADK_DO_SOFT; +- goto free_bn; ++ goto free_verify_bn; + } + +- len = BN_bn2binpad(ret_bn, from_buf, num_bytes); ++ len = BN_bn2binpad(verify_bn, from_buf, num_bytes); + if (!len) { + ret = UADK_DO_SOFT; +- goto free_bn; ++ goto free_verify_bn; + } + + ret = check_rsa_pubdec_padding(to, num_bytes, from_buf, len, padding); +- if (!ret) { ++ if (!ret) + ret = UADK_DO_SOFT; +- goto free_bn; +- } + +-free_bn: +- BN_free(ret_bn); ++free_verify_bn: ++ BN_free(verify_bn); + free_buf: + rsa_free_pub_bn_ctx(&from_buf); + free_sess: +-- +2.27.0 + diff --git a/0052-rsa-bugfix-memory-leak-in-genkey-process.patch b/0052-rsa-bugfix-memory-leak-in-genkey-process.patch new file mode 100644 index 0000000..e4b62d9 --- /dev/null +++ b/0052-rsa-bugfix-memory-leak-in-genkey-process.patch @@ -0,0 +1,189 @@ +From 8d27c38b9bbf0dee3ba17aac4d1bf9529bdafdea Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 23 Jul 2022 17:15:05 +0800 +Subject: [PATCH 52/57] rsa: bugfix memory leak in genkey process + +The process of releasing keygen parameter is supplemented: +When an abnormal situation occurs, uadk engine needs to switch +to software keygen function, so we need to free BN ctx we alloced +before. But in normal situation, the BN ctx should be freed by +OpenSSL tools or users, because the OpenSSL tool, for example, +genrsa, has implemented the free operation, we should not free +it again. + +Signed-off-by: Zhiqi Song +--- + src/e_uadk.c | 3 +-- + src/uadk_rsa.c | 57 ++++++++++++++++++++++++++------------------------ + 2 files changed, 31 insertions(+), 29 deletions(-) + +diff --git a/src/e_uadk.c b/src/e_uadk.c +index 58a10de..23fe0f2 100644 +--- a/src/e_uadk.c ++++ b/src/e_uadk.c +@@ -333,8 +333,7 @@ static void bind_fn_uadk_alg(ENGINE *e) + } + + /* +- * This stuff is needed if this ENGINE is being +- * compiled into a self-contained shared-library. ++ * Connect uadk_engine to OpenSSL engine library. + */ + static int bind_fn(ENGINE *e, const char *id) + { +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index f95632b..5b23dab 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -968,15 +968,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess, + return UADK_E_SUCCESS; + } + +-static int rsa_get_keygen_param(struct wd_rsa_req *req, +- handle_t ctx, RSA *rsa, +- struct rsa_keygen_param_bn *bn_param) ++static int rsa_get_keygen_param(struct wd_rsa_req *req, handle_t ctx, RSA *rsa, ++ struct rsa_keygen_param_bn *bn_param, BN_CTX **bn_ctx_in) + { + struct wd_rsa_kg_out *out = (struct wd_rsa_kg_out *)req->dst; + struct wd_dtb wd_d, wd_n, wd_qinv, wd_dq, wd_dp; + BIGNUM *dmp1, *dmq1, *iqmp, *n, *d; + unsigned int key_bits, key_size; +- BN_CTX *bn_ctx; ++ BN_CTX *bn_ctx = *bn_ctx_in; + + key_bits = wd_rsa_get_key_bits(ctx); + if (!key_bits) +@@ -986,30 +985,25 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req, + wd_rsa_get_kg_out_params(out, &wd_d, &wd_n); + wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp); + +- bn_ctx = BN_CTX_new(); +- if (!bn_ctx) +- return UADK_E_FAIL; +- +- BN_CTX_start(bn_ctx); + dmp1 = BN_CTX_get(bn_ctx); + if (!dmp1) +- goto free_bn_ctx; ++ return UADK_E_FAIL; + + dmq1 = BN_CTX_get(bn_ctx); + if (!dmq1) +- goto free_bn_ctx; ++ return UADK_E_FAIL; + + iqmp = BN_CTX_get(bn_ctx); + if (!iqmp) +- goto free_bn_ctx; ++ return UADK_E_FAIL; + + n = BN_CTX_get(bn_ctx); + if (!n) +- goto free_bn_ctx; ++ return UADK_E_FAIL; + + d = BN_CTX_get(bn_ctx); + if (!d) +- goto free_bn_ctx; ++ return UADK_E_FAIL; + + BN_bin2bn((unsigned char *)wd_d.data, key_size, d); + BN_bin2bn((unsigned char *)wd_n.data, key_size, n); +@@ -1020,15 +1014,9 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req, + if (!(RSA_set0_key(rsa, n, bn_param->e, d) && + RSA_set0_factors(rsa, bn_param->p, bn_param->q) && + RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp))) +- goto free_bn_ctx; ++ return UADK_E_FAIL; + + return UADK_E_SUCCESS; +- +-free_bn_ctx: +- BN_CTX_end(bn_ctx); +- BN_CTX_free(bn_ctx); +- +- return UADK_E_FAIL; + } + + static void uadk_e_rsa_cb(void *req_t) +@@ -1179,7 +1167,7 @@ static void rsa_free_keygen_data(struct uadk_rsa_sess *rsa_sess) + + static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param, + struct rsa_keygen_param_bn **keygen_bn_param, +- struct rsa_keypair **key_pair) ++ struct rsa_keypair **key_pair, BN_CTX **bn_ctx_in) + { + BN_CTX *bn_ctx; + +@@ -1201,6 +1189,8 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param, + goto free_key_pair; + + BN_CTX_start(bn_ctx); ++ *bn_ctx_in = bn_ctx; ++ + (*keygen_bn_param)->e = BN_CTX_get(bn_ctx); + if (!(*keygen_bn_param)->e) + goto free_bn_ctx; +@@ -1230,8 +1220,21 @@ err: + + static void rsa_keygen_param_free(struct rsa_keygen_param **keygen_param, + struct rsa_keygen_param_bn **keygen_bn_param, +- struct rsa_keypair **key_pair) ++ struct rsa_keypair **key_pair, BN_CTX **bn_ctx, ++ int free_bn_ctx_tag) + { ++ /* ++ * When an abnormal situation occurs, uadk engine needs ++ * to switch to software keygen function, so we need to ++ * free BN ctx we alloced before. But in normal situation, ++ * the BN ctx should be freed by OpenSSL tools or users. ++ * Therefore, we use a tag to distinguish these cases. ++ */ ++ if (free_bn_ctx_tag == UADK_DO_SOFT) { ++ BN_CTX_end(*bn_ctx); ++ BN_CTX_free(*bn_ctx); ++ } ++ + OPENSSL_free(*keygen_bn_param); + OPENSSL_free(*keygen_param); + OPENSSL_free(*key_pair); +@@ -1327,6 +1330,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) + struct rsa_keygen_param_bn *bn_param = NULL; + struct uadk_rsa_sess *rsa_sess = NULL; + struct rsa_keypair *key_pair = NULL; ++ BN_CTX *bn_ctx = NULL; + int is_crt = 1; + int ret; + +@@ -1338,7 +1342,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) + if (ret) + goto exe_soft; + +- ret = rsa_keygen_param_alloc(&keygen_param, &bn_param, &key_pair); ++ ret = rsa_keygen_param_alloc(&keygen_param, &bn_param, &key_pair, &bn_ctx); + if (ret == -ENOMEM) + goto exe_soft; + +@@ -1371,8 +1375,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) + goto free_kg_in_out; + } + +- ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess, +- rsa, bn_param); ++ ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess, rsa, bn_param, &bn_ctx); + if (!ret) + ret = UADK_DO_SOFT; + +@@ -1381,7 +1384,7 @@ free_kg_in_out: + free_sess: + rsa_free_eng_session(rsa_sess); + free_keygen: +- rsa_keygen_param_free(&keygen_param, &bn_param, &key_pair); ++ rsa_keygen_param_free(&keygen_param, &bn_param, &key_pair, &bn_ctx, ret); + if (ret != UADK_DO_SOFT) + return ret; + exe_soft: +-- +2.27.0 + diff --git a/0053-rsa-remove-unused-software-method.patch b/0053-rsa-remove-unused-software-method.patch new file mode 100644 index 0000000..7cac77f --- /dev/null +++ b/0053-rsa-remove-unused-software-method.patch @@ -0,0 +1,97 @@ +From ff703a9aa6a0a2dada51b7bf88cc9e1a8ce2d6cd Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 23 Jul 2022 17:16:59 +0800 +Subject: [PATCH 53/57] rsa: remove unused software method + +Switching to software methods in abnormal scenarios has been +implemented in other functions, uadk_e_get_rsa_sw_methods() +is actually unused, so we remove it. + +Signed-off-by: Zhiqi Song +--- + src/uadk_rsa.c | 49 +++++-------------------------------------------- + 1 file changed, 5 insertions(+), 44 deletions(-) + +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index 5b23dab..7983bc0 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -53,7 +53,6 @@ + #define ENV_ENABLED 1 + + static RSA_METHOD *rsa_hw_meth; +-static RSA_METHOD *rsa_sw_meth; + + struct bignum_st { + BN_ULONG *d; +@@ -1737,25 +1736,11 @@ exe_soft: + (flen, from, to, rsa, padding); + } + +-static RSA_METHOD *uadk_e_get_rsa_sw_methods(void) +-{ +- /* meth: default rsa software method */ +- const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); +- +- rsa_sw_meth = RSA_meth_new("rsa soft method", 0); +- (void)RSA_meth_set_pub_enc(rsa_sw_meth, RSA_meth_get_pub_enc(meth)); +- (void)RSA_meth_set_priv_enc(rsa_sw_meth, RSA_meth_get_priv_enc(meth)); +- (void)RSA_meth_set_pub_dec(rsa_sw_meth, RSA_meth_get_pub_dec(meth)); +- (void)RSA_meth_set_priv_dec(rsa_sw_meth, RSA_meth_get_priv_dec(meth)); +- (void)RSA_meth_set_keygen(rsa_sw_meth, uadk_e_soft_rsa_keygen); +- (void)RSA_meth_set_mod_exp(rsa_sw_meth, RSA_meth_get_mod_exp(meth)); +- (void)RSA_meth_set_bn_mod_exp(rsa_sw_meth, +- RSA_meth_get_bn_mod_exp(meth)); +- +- return rsa_sw_meth; +-} +- +-static RSA_METHOD *uadk_e_get_rsa_hw_methods(void) ++/** ++ * uadk_get_rsa_method() - Set rsa hardware methods of the RSA implementation which ++ * can be called from ENGINE structure. ++ */ ++static RSA_METHOD *uadk_e_get_rsa_methods(void) + { + if (rsa_hw_meth) + return rsa_hw_meth; +@@ -1780,36 +1765,12 @@ static RSA_METHOD *uadk_e_get_rsa_hw_methods(void) + return rsa_hw_meth; + } + +-/** +- * uadk_get_rsa_method() - Set rsa methods of the RSA implementation which +- * can be called from ENGINE structure. +- */ +-static RSA_METHOD *uadk_e_get_rsa_methods(void) +-{ +- struct uacce_dev *dev; +- +- dev = wd_get_accel_dev("rsa"); +- if (!dev) +- return uadk_e_get_rsa_sw_methods(); +- +- free(dev); +- return uadk_e_get_rsa_hw_methods(); +-} +- + static void uadk_e_delete_rsa_meth(void) + { +- if (!rsa_hw_meth && !rsa_sw_meth) +- return; +- + if (rsa_hw_meth) { + RSA_meth_free(rsa_hw_meth); + rsa_hw_meth = NULL; + } +- +- if (rsa_sw_meth) { +- RSA_meth_free(rsa_sw_meth); +- rsa_sw_meth = NULL; +- } + } + + /** +-- +2.27.0 + diff --git a/0054-doc-Modify-maintainers.patch b/0054-doc-Modify-maintainers.patch new file mode 100644 index 0000000..7038758 --- /dev/null +++ b/0054-doc-Modify-maintainers.patch @@ -0,0 +1,26 @@ +From 9dd29d1cfd3b3038bc8a347c51f1f176c28ec0b5 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Mon, 25 Jul 2022 11:42:11 +0800 +Subject: [PATCH 54/57] doc: Modify maintainers + +Personnel change, replace a maintainer. + +Signed-off-by: Zhiqi Song +--- + docs/maintenance.md | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/docs/maintenance.md b/docs/maintenance.md +index 50ed1fe..1a563ce 100644 +--- a/docs/maintenance.md ++++ b/docs/maintenance.md +@@ -28,5 +28,5 @@ sudo test/sanity_test.sh + ``` + Zhangfei Gao + Zhou Wang +-Hui Tang ++Zhiqi Song + ``` +-- +2.27.0 + diff --git a/0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch b/0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch new file mode 100644 index 0000000..0b7c0bf --- /dev/null +++ b/0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch @@ -0,0 +1,52 @@ +From 623c8687b64381b0dc454ea2d2c81ee5f6bfdbc7 Mon Sep 17 00:00:00 2001 +From: Weili Qian +Date: Tue, 26 Jul 2022 10:39:01 +0800 +Subject: [PATCH 55/57] rsa: modify the default algorithm of keygen soft + algorithm + +When the hardware algorithm execution fails, the engine needs to +switch to the soft algorithm execution, and the callback needs to +be modified to the soft algorithm to prevent it from being +re-transferred to the hardware interface. + +Signed-off-by: Weili Qian +--- + src/uadk_rsa.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index 7983bc0..03f2ce5 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -140,6 +140,8 @@ enum { + MAX_CODE, + }; + ++static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); ++ + static int rsa_check_bit_useful(const int bits, int flen) + { + if (flen > bits) +@@ -1100,10 +1102,19 @@ err: + + static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) + { ++ const RSA_METHOD *default_meth = RSA_PKCS1_OpenSSL(); + int ret; + ++ if (!default_meth) { ++ fprintf(stderr, "failed to get soft method.\n"); ++ return UADK_E_FAIL; ++ } ++ + UNUSED(cb); ++ (void)RSA_meth_set_keygen(rsa_hw_meth, ++ RSA_meth_get_keygen(default_meth)); + ret = RSA_generate_key_ex(rsa, bits, e, NULL); ++ (void)RSA_meth_set_keygen(rsa_hw_meth, uadk_e_rsa_keygen); + + return ret; + } +-- +2.27.0 + diff --git a/0056-engine-initialize-resources-only-once.patch b/0056-engine-initialize-resources-only-once.patch new file mode 100644 index 0000000..eb0f202 --- /dev/null +++ b/0056-engine-initialize-resources-only-once.patch @@ -0,0 +1,224 @@ +From 0245d700da510dd54926eab3fb9377bde991024f Mon Sep 17 00:00:00 2001 +From: Weili Qian +Date: Tue, 26 Jul 2022 10:54:03 +0800 +Subject: [PATCH 56/57] engine: initialize resources only once + +If multiple threads load the engine repeatedly, the +poll_queue and global locks in the algorithm API are +repeatedly initialized. As a result, tasks of other +threads are abnormal. + +Therefore, this patch moves resource initialization +to the function 'uadk_init' and only initialize once. + +Signed-off-by: Weili Qian +--- + src/e_uadk.c | 37 +++++++++++++++++++++++++++++++++---- + src/uadk.h | 5 +++++ + src/uadk_cipher.c | 7 +++++-- + src/uadk_dh.c | 7 +++++-- + src/uadk_digest.c | 7 +++++-- + src/uadk_pkey.c | 7 +++++-- + src/uadk_rsa.c | 6 ++++-- + 7 files changed, 62 insertions(+), 14 deletions(-) + +diff --git a/src/e_uadk.c b/src/e_uadk.c +index 23fe0f2..1b95284 100644 +--- a/src/e_uadk.c ++++ b/src/e_uadk.c +@@ -43,6 +43,8 @@ static int uadk_digest; + static int uadk_rsa; + static int uadk_dh; + static int uadk_ecc; ++static int uadk_inited; ++static pthread_mutex_t uadk_engine_mutex = PTHREAD_MUTEX_INITIALIZER; + + #ifdef KAE + static int uadk_cipher_nosva; +@@ -219,12 +221,41 @@ static int uadk_destroy(ENGINE *e) + uadk_e_destroy_ecc(); + if (uadk_dh) + uadk_e_destroy_dh(); ++ ++ pthread_mutex_lock(&uadk_engine_mutex); ++ uadk_inited = 0; ++ pthread_mutex_unlock(&uadk_engine_mutex); ++ + return 1; + } + +- + static int uadk_init(ENGINE *e) + { ++ int ret; ++ ++ pthread_mutex_lock(&uadk_engine_mutex); ++ if (uadk_inited) { ++ pthread_mutex_unlock(&uadk_engine_mutex); ++ return 1; ++ } ++ ++ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) ++ async_module_init(); ++ ++ if (uadk_digest) ++ uadk_e_digest_lock_init(); ++ if (uadk_cipher) ++ uadk_e_cipher_lock_init(); ++ if (uadk_rsa) ++ uadk_e_rsa_lock_init(); ++ if (uadk_dh) ++ uadk_e_dh_lock_init(); ++ if (uadk_ecc) ++ uadk_e_ecc_lock_init(); ++ ++ uadk_inited = 1; ++ pthread_mutex_unlock(&uadk_engine_mutex); ++ + return 1; + } + +@@ -360,10 +391,8 @@ static int bind_fn(ENGINE *e, const char *id) + #endif + bind_fn_uadk_alg(e); + +- if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) { +- async_module_init(); ++ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) + pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler); +- } + + ret = ENGINE_set_ctrl_function(e, uadk_engine_ctrl); + if (ret != 1) { +diff --git a/src/uadk.h b/src/uadk.h +index 0188f0b..cd3447c 100644 +--- a/src/uadk.h ++++ b/src/uadk.h +@@ -44,4 +44,9 @@ int uadk_e_bind_ecc(ENGINE *e); + void uadk_e_destroy_ecc(void); + int uadk_e_is_env_enabled(const char *alg_name); + int uadk_e_set_env(const char *var_name, int numa_id); ++void uadk_e_ecc_lock_init(void); ++void uadk_e_rsa_lock_init(void); ++void uadk_e_dh_lock_init(void); ++void uadk_e_cipher_lock_init(void); ++void uadk_e_digest_lock_init(void); + #endif +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index 54d0a7d..c5bc7af 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -1076,8 +1076,6 @@ int uadk_e_bind_cipher(ENGINE *e) + if (platform > KUNPENG920) + bind_v3_cipher(); + +- pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE); +- + return ENGINE_set_ciphers(e, uadk_e_engine_ciphers); + } + +@@ -1160,3 +1158,8 @@ void uadk_e_destroy_cipher(void) + if (platform > KUNPENG920) + destroy_v3_cipher(); + } ++ ++void uadk_e_cipher_lock_init(void) ++{ ++ pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE); ++} +diff --git a/src/uadk_dh.c b/src/uadk_dh.c +index cf319e5..37f84e9 100644 +--- a/src/uadk_dh.c ++++ b/src/uadk_dh.c +@@ -902,8 +902,6 @@ static void uadk_e_delete_dh_meth(void) + + int uadk_e_bind_dh(ENGINE *e) + { +- pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE); +- + return ENGINE_set_DH(e, uadk_e_get_dh_methods()); + } + +@@ -913,3 +911,8 @@ void uadk_e_destroy_dh(void) + uadk_e_delete_dh_meth(); + uadk_e_wd_dh_uninit(); + } ++ ++void uadk_e_dh_lock_init(void) ++{ ++ pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE); ++} +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index 853aa39..b2646cb 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -804,6 +804,11 @@ do { \ + return 0; \ + } while (0) + ++void uadk_e_digest_lock_init(void) ++{ ++ pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE); ++} ++ + int uadk_e_bind_digest(ENGINE *e) + { + UADK_DIGEST_DESCR(md5, md5WithRSAEncryption, MD5_DIGEST_LENGTH, +@@ -849,8 +854,6 @@ int uadk_e_bind_digest(ENGINE *e) + uadk_e_digest_final, uadk_e_digest_cleanup, + uadk_e_digest_copy); + +- pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE); +- + return ENGINE_set_digests(e, uadk_engine_digests); + } + +diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c +index 9a3a725..211f1cc 100644 +--- a/src/uadk_pkey.c ++++ b/src/uadk_pkey.c +@@ -615,6 +615,11 @@ static int uadk_ecc_bind_pmeth(ENGINE *e) + return ENGINE_set_pkey_meths(e, get_pkey_meths); + } + ++void uadk_e_ecc_lock_init(void) ++{ ++ pthread_spin_init(&ecc_res.lock, PTHREAD_PROCESS_PRIVATE); ++} ++ + int uadk_e_bind_ecc(ENGINE *e) + { + int ret; +@@ -631,8 +636,6 @@ int uadk_e_bind_ecc(ENGINE *e) + return ret; + } + +- pthread_spin_init(&ecc_res.lock, PTHREAD_PROCESS_PRIVATE); +- + return ret; + } + +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index 03f2ce5..ef1739d 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -1790,8 +1790,6 @@ static void uadk_e_delete_rsa_meth(void) + */ + int uadk_e_bind_rsa(ENGINE *e) + { +- pthread_spin_init(&g_rsa_res.lock, PTHREAD_PROCESS_PRIVATE); +- + return ENGINE_set_RSA(e, uadk_e_get_rsa_methods()); + } + +@@ -1802,3 +1800,7 @@ void uadk_e_destroy_rsa(void) + uadk_e_rsa_uninit(); + } + ++void uadk_e_rsa_lock_init(void) ++{ ++ pthread_spin_init(&g_rsa_res.lock, PTHREAD_PROCESS_PRIVATE); ++} +-- +2.27.0 + diff --git a/0057-engine-fix-function-type.patch b/0057-engine-fix-function-type.patch new file mode 100644 index 0000000..7b7f386 --- /dev/null +++ b/0057-engine-fix-function-type.patch @@ -0,0 +1,105 @@ +From f43d50084550042f053de2dcce03d91d5f8b040a Mon Sep 17 00:00:00 2001 +From: Weili Qian +Date: Tue, 26 Jul 2022 10:58:56 +0800 +Subject: [PATCH 57/57] engine: fix function type + +If return type of the function 'async_module_init' is void, +when function executes failed, the app continues to execute tasks. +The process will be abnormal. Change 'async_module_init' type to int. +If function executes failed, 0 is returned. + +Signed-off-by: Weili Qian +--- + src/e_uadk.c | 16 +++++++++++++--- + src/uadk_async.c | 9 +++++---- + src/uadk_async.h | 2 +- + 3 files changed, 19 insertions(+), 8 deletions(-) + +diff --git a/src/e_uadk.c b/src/e_uadk.c +index 1b95284..77612d7 100644 +--- a/src/e_uadk.c ++++ b/src/e_uadk.c +@@ -239,8 +239,14 @@ static int uadk_init(ENGINE *e) + return 1; + } + +- if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) +- async_module_init(); ++ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) { ++ ret = async_module_init(); ++ if (!ret) { ++ pthread_mutex_unlock(&uadk_engine_mutex); ++ fprintf(stderr, "failed to init async module!\n"); ++ return 0; ++ } ++ } + + if (uadk_digest) + uadk_e_digest_lock_init(); +@@ -266,7 +272,11 @@ static int uadk_finish(ENGINE *e) + + static void engine_init_child_at_fork_handler(void) + { +- async_module_init(); ++ int ret; ++ ++ ret = async_module_init(); ++ if (!ret) ++ fprintf(stderr, "failed to init child async module!\n"); + } + + #ifdef KAE +diff --git a/src/uadk_async.c b/src/uadk_async.c +index 11d624c..3f2e1db 100644 +--- a/src/uadk_async.c ++++ b/src/uadk_async.c +@@ -336,7 +336,7 @@ static void *async_poll_process_func(void *args) + return NULL; + } + +-void async_module_init(void) ++int async_module_init(void) + { + pthread_t thread_id; + pthread_attr_t thread_attr; +@@ -344,11 +344,11 @@ void async_module_init(void) + memset(&poll_queue, 0, sizeof(struct async_poll_queue)); + + if (pthread_mutex_init(&(poll_queue.async_task_mutex), NULL) < 0) +- return; ++ return 0; + + poll_queue.head = malloc(sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM); + if (poll_queue.head == NULL) +- return; ++ return 0; + + memset(poll_queue.head, 0, + sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM); +@@ -368,8 +368,9 @@ void async_module_init(void) + poll_queue.thread_id = thread_id; + OPENSSL_atexit(async_poll_task_free); + +- return; ++ return 1; + + err: + async_poll_task_free(); ++ return 0; + } +diff --git a/src/uadk_async.h b/src/uadk_async.h +index 78f7a21..9bae3f4 100644 +--- a/src/uadk_async.h ++++ b/src/uadk_async.h +@@ -69,7 +69,7 @@ int async_setup_async_event_notification(struct async_op *op); + int async_clear_async_event_notification(void); + int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id); + void async_register_poll_fn(int type, async_recv_t func); +-void async_module_init(void); ++int async_module_init(void); + int async_wake_job(ASYNC_JOB *job); + void async_free_poll_task(int id, bool is_cb); + int async_get_free_task(int *id); +-- +2.27.0 + diff --git a/uadk_engine.spec b/uadk_engine.spec index 9d25456..624ddd8 100644 --- a/uadk_engine.spec +++ b/uadk_engine.spec @@ -3,7 +3,7 @@ Name: uadk_engine Summary: UADK Accelerator Engine Version: 1.0.0 -Release: 6 +Release: 7 License: Apache-2.0 Source: %{name}-%{version}.tar.gz ExclusiveOS: linux @@ -16,43 +16,63 @@ BuildRequires: openssl-devel sed autoconf automake libtool Requires: openssl ExclusiveArch: aarch64 -Patch0001: 0001-digest-support-digest-multiple-update.patch -Patch0002: 0002-uadk_engine-define-the-variable-as-const.patch -Patch0003: 0003-ecc-fix-codecheck-warning.patch -Patch0004: 0004-rsa-delete-redundant-copy.patch -Patch0005: 0005-rsa-fix-coverity-warning.patch -Patch0006: 0006-ecc-cleanup-duplicate-public-key-allocation.patch -Patch0007: 0007-rsa-cleanup-about-reducing-function-parameters.patch -Patch0008: 0008-ecc-cleanup-sm2-compute-digest-function.patch -Patch0009: 0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch -Patch0010: 0010-rsa-cleanup-about-prime-generation.patch -Patch0011: 0011-ecc-cleanup-the-form-of-the-return-value.patch -Patch0012: 0012-engine-fix-uadk-engine-compatibility-issue.patch -Patch0013: 0013-digest-modify-the-process-of-free-session.patch -Patch0014: 0014-digest-modify-the-process-of-soft-and-hardware-hando.patch -Patch0015: 0015-ecc-bugfix-about-sm2-decryption.patch -Patch0016: 0016-dh-bugfix-about-dh-compute-key.patch -Patch0017: 0017-ecc-bugfix-about-ecc-general-init.patch -Patch0018: 0018-digest-fix-codecheck-warning.patch -Patch0019: 0019-cipher-fixup-a-code-check-warning.patch -Patch0020: 0020-rsa-fixup-a-code-check-warning.patch -Patch0021: 0021-cipher-delete-a-redundant-branch.patch -Patch0022: 0022-engine-fix-engine-can-t-work-under-hybrid-mode.patch -Patch0023: 0023-engine-add-the-kae-log-feature.patch -Patch0024: 0024-rsa-fix-interface-name.patch -Patch0025: 0025-ecc-cleanup-sm2-unreachable-code.patch -Patch0026: 0026-rsa-cleanup-of-code-style.patch -Patch0027: 0027-v1-fixup-about-uninitialized-variable.patch -Patch0028: 0028-ecc-fix-checking-conditions.patch -Patch0029: 0029-ecc-cleanup-print-log.patch -Patch0030: 0030-engine-fix-function-return-type.patch -Patch0031: 0031-rsa-fixup-about-the-wrong-copy.patch -Patch0032: 0032-README-modify-the-engine-id-name.patch -Patch0033: 0033-digest-improve-the-digest-performance.patch -Patch0034: 0034-cipher-support-the-sm4-ecb-alg.patch -Patch0035: 0035-cipher-fix-segmentation-fault-for-uadk_e_ctx_init.patch -Patch0036: 0036-cipher-sm4-ecb-algorithm-is-deleted-by-mistake.patch -Patch0037: 0037-rsa-bugfix-about-redundant-and-inefficient-operation.patch +Patch0001: 0001-digest-support-digest-multiple-update.patch +Patch0002: 0002-uadk_engine-define-the-variable-as-const.patch +Patch0003: 0003-ecc-fix-codecheck-warning.patch +Patch0004: 0004-rsa-delete-redundant-copy.patch +Patch0005: 0005-rsa-fix-coverity-warning.patch +Patch0006: 0006-ecc-cleanup-duplicate-public-key-allocation.patch +Patch0007: 0007-rsa-cleanup-about-reducing-function-parameters.patch +Patch0008: 0008-ecc-cleanup-sm2-compute-digest-function.patch +Patch0009: 0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch +Patch0010: 0010-rsa-cleanup-about-prime-generation.patch +Patch0011: 0011-ecc-cleanup-the-form-of-the-return-value.patch +Patch0012: 0012-engine-fix-uadk-engine-compatibility-issue.patch +Patch0013: 0013-digest-modify-the-process-of-free-session.patch +Patch0014: 0014-digest-modify-the-process-of-soft-and-hardware-hando.patch +Patch0015: 0015-ecc-bugfix-about-sm2-decryption.patch +Patch0016: 0016-dh-bugfix-about-dh-compute-key.patch +Patch0017: 0017-ecc-bugfix-about-ecc-general-init.patch +Patch0018: 0018-digest-fix-codecheck-warning.patch +Patch0019: 0019-cipher-fixup-a-code-check-warning.patch +Patch0020: 0020-rsa-fixup-a-code-check-warning.patch +Patch0021: 0021-cipher-delete-a-redundant-branch.patch +Patch0022: 0022-engine-fix-engine-can-t-work-under-hybrid-mode.patch +Patch0023: 0023-engine-add-the-kae-log-feature.patch +Patch0024: 0024-rsa-fix-interface-name.patch +Patch0025: 0025-ecc-cleanup-sm2-unreachable-code.patch +Patch0026: 0026-rsa-cleanup-of-code-style.patch +Patch0027: 0027-v1-fixup-about-uninitialized-variable.patch +Patch0028: 0028-ecc-fix-checking-conditions.patch +Patch0029: 0029-ecc-cleanup-print-log.patch +Patch0030: 0030-engine-fix-function-return-type.patch +Patch0031: 0031-rsa-fixup-about-the-wrong-copy.patch +Patch0032: 0032-README-modify-the-engine-id-name.patch +Patch0033: 0033-digest-improve-the-digest-performance.patch +Patch0034: 0034-cipher-support-the-sm4-ecb-alg.patch +Patch0035: 0035-cipher-fix-segmentation-fault-for-uadk_e_ctx_init.patch +Patch0036: 0036-cipher-sm4-ecb-algorithm-is-deleted-by-mistake.patch +Patch0037: 0037-rsa-bugfix-about-redundant-and-inefficient-operation.patch +Patch0038: 0038-uadk-engine-change-Copyright-to-2022.patch +Patch0039: 0039-README-move-test-script-to-sanity_test.sh.patch +Patch0040: 0040-uadk_engine-fix-string-compare-mode.patch +Patch0041: 0041-cipher-optimize-the-process-of-ctx-initialization.patch +Patch0042: 0042-cipher-adding-an-iv-update-to-a-decryption.patch +Patch0043: 0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch +Patch0044: 0044-engine-add-receiving-timeout-count.patch +Patch0045: 0045-digest-fix-the-fault-as-using-the-nginx.patch +Patch0046: 0046-ecc-cleanup-of-static-code-check.patch +Patch0047: 0047-ecc-bugfix-about-return-value-check.patch +Patch0048: 0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch +Patch0049: 0049-uadk_engine-remove-redundant-extern.patch +Patch0050: 0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch +Patch0051: 0051-rsa-cleanup-redundant-BN-operation.patch +Patch0052: 0052-rsa-bugfix-memory-leak-in-genkey-process.patch +Patch0053: 0053-rsa-remove-unused-software-method.patch +Patch0054: 0054-doc-Modify-maintainers.patch +Patch0055: 0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch +Patch0056: 0056-engine-initialize-resources-only-once.patch +Patch0057: 0057-engine-fix-function-type.patch %description This package contains the UADK Accelerator Engine @@ -102,6 +122,9 @@ fi /sbin/ldconfig %changelog +* Tue Jul 26 2022 Yang Shen 1.0.0-7 +- Backport uadk engine patch from v1.0.0 to v1.0.1 + * Mon Mar 21 2022 linwenkai 1.0.0-6 - Backport uadk engine patch for v1.0.0 -- Gitee