From a31a6cb32aa5e7fc09cc98b8a819b4b82f7d6bfc Mon Sep 17 00:00:00 2001 From: admin Date: Fri, 16 Dec 2022 08:24:42 -0500 Subject: [PATCH] dk_engine - update uadk engine source Update some patch for uadk_engine from mainline. From: @YangJS Signed-off-by: JiangShui Yang --- ...the-full-mac-buffer-length-as-doing-.patch | 74 +++ 0059-uadk_utils-fix-x86-local-build.patch | 59 ++ ...-about-segfault-in-sm2-ctrl-function.patch | 188 ++++++ ...HW_V2-HW_V3-to-distinguish-different.patch | 142 +++++ ...te-the-numa-parameter-of-the-schedul.patch | 73 +++ ...bugfix-side-effects-of-right-operand.patch | 205 +++++++ ...nup-static-check-warning-of-clangtid.patch | 118 ++++ ...e-bugfix-enable-environment-variable.patch | 38 ++ ...ne-cleanup-magic-number-and-comments.patch | 537 ++++++++++++++++++ 0067-uadk_engine-cleanup-header-file.patch | 250 ++++++++ 10 files changed, 1684 insertions(+) create mode 100644 0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch create mode 100644 0059-uadk_utils-fix-x86-local-build.patch create mode 100644 0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch create mode 100644 0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch create mode 100644 0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch create mode 100644 0063-uadk_engine-bugfix-side-effects-of-right-operand.patch create mode 100644 0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch create mode 100644 0065-uadk_engine-bugfix-enable-environment-variable.patch create mode 100644 0066-uadk_engine-cleanup-magic-number-and-comments.patch create mode 100644 0067-uadk_engine-cleanup-header-file.patch diff --git a/0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch b/0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch new file mode 100644 index 0000000..b19486b --- /dev/null +++ b/0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch @@ -0,0 +1,74 @@ +From 36ea42a1d9556e937be5ebf47f41f66b51a29cb6 Mon Sep 17 00:00:00 2001 +From: Kai Ye +Date: Tue, 16 Aug 2022 09:57:18 +0800 +Subject: uadk_digest: fix the full mac buffer length as doing long hash + +Sha224 and Sha384 need full length mac buffer as doing long hash. + +Depends-on:uadk 802878d71999("digest: fix mac buffer len as long hash") +Signed-off-by: Kai Ye +--- + src/uadk_digest.c | 25 +++++++++++++++++++++++-- + 1 file changed, 23 insertions(+), 2 deletions(-) + +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index b2646cb..63887e7 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -484,7 +484,7 @@ static void digest_priv_ctx_setup(struct digest_priv_ctx *priv, + { + priv->setup.alg = alg; + priv->setup.mode = mode; +- priv->req.out_buf_bytes = out_len; ++ priv->req.out_buf_bytes = MAX_DIGEST_LENGTH; + priv->req.out_bytes = out_len; + } + +@@ -543,15 +543,30 @@ soft_init: + return digest_soft_init(priv->soft_ctx, priv->e_nid); + } + ++static void digest_update_out_length(EVP_MD_CTX *ctx) ++{ ++ struct digest_priv_ctx *priv = ++ (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx); ++ ++ /* Sha224 and Sha384 need full length mac buffer as doing long hash */ ++ if (priv->e_nid == NID_sha224) ++ priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN; ++ ++ if (priv->e_nid == NID_sha384) ++ priv->req.out_bytes = WD_DIGEST_SHA384_FULL_LEN; ++} ++ + static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_len) + { + struct digest_priv_ctx *priv = +- (struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx); ++ (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx); + const unsigned char *tmpdata = (const unsigned char *)data; + size_t left_len = data_len; + int copy_to_bufflen; + int ret; + ++ digest_update_out_length(ctx); ++ + priv->req.has_next = DIGEST_DOING; + + while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) { +@@ -708,6 +723,12 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) + priv->req.in_bytes = priv->last_update_bufflen; + priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx)); + ++ if (priv->e_nid == NID_sha224) ++ priv->req.out_bytes = WD_DIGEST_SHA224_LEN; ++ ++ if (priv->e_nid == NID_sha384) ++ priv->req.out_bytes = WD_DIGEST_SHA384_LEN; ++ + ret = async_setup_async_event_notification(&op); + if (unlikely(!ret)) { + fprintf(stderr, "failed to setup async event notification.\n"); +-- +1.8.3.1 + diff --git a/0059-uadk_utils-fix-x86-local-build.patch b/0059-uadk_utils-fix-x86-local-build.patch new file mode 100644 index 0000000..e8673e6 --- /dev/null +++ b/0059-uadk_utils-fix-x86-local-build.patch @@ -0,0 +1,59 @@ +From 06fd1fe00a03bfbc7430ec8e1b1f7356f47da55d Mon Sep 17 00:00:00 2001 +From: Zhangfei Gao +Date: Tue, 18 Oct 2022 15:39:11 +0800 +Subject: uadk_utils: fix x86 local build +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +On x86 local build: +autoreconf -i +./configure --libdir=/usr/local/lib/engines-1.1/ +make -j4 + +uadk_utils.c: In function ‘uadk_memcpy’: +uadk_utils.c:23:2: error: unknown register name ‘q1’ in ‘asm’ + __asm__ __volatile__( + ^ +uadk_utils.c:23:2: error: unknown register name ‘q0’ in ‘asm’ +uadk_utils.c:23:2: error: unknown register name ‘x14’ in ‘asm’ +uadk_utils.c:23:2: error: unknown register name ‘x5’ in ‘asm’ +uadk_utils.c:23:2: error: unknown register name ‘x4’ in ‘asm’ +uadk_utils.c:23:2: error: unknown register name ‘x3’ in ‘asm’ + +With this patch, x86 build is OK + +Signed-off-by: Zhangfei Gao +--- + src/uadk_utils.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/src/uadk_utils.c b/src/uadk_utils.c +index 2b34b3a..275a124 100644 +--- a/src/uadk_utils.c ++++ b/src/uadk_utils.c +@@ -16,6 +16,8 @@ + */ + #include "uadk_utils.h" + ++#if defined(__AARCH64_CMODEL_SMALL__) && __AARCH64_CMODEL_SMALL__ ++ + #define UADK_MEM_IMPROVE_THRESHOLD 1024 + + static void *memcpy_large(void *dstpp, const void *srcpp, size_t len) +@@ -61,3 +63,12 @@ void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len) + else + return memcpy(dstpp, srcpp, len); + } ++ ++#else ++ ++void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len) ++{ ++ return memcpy(dstpp, srcpp, len); ++} ++ ++#endif +-- +1.8.3.1 + diff --git a/0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch b/0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch new file mode 100644 index 0000000..8e0b7e3 --- /dev/null +++ b/0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch @@ -0,0 +1,188 @@ +From 8c4f478b1e8965e592467be92d042c8b00c8c426 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 22 Oct 2022 15:14:03 +0800 +Subject: sm2: bugfix about segfault in sm2 ctrl function + +When there is no available instance of hpre device, the sm2_init() +in uadk_engine will failed, the setting of sched_init() will failed, +so sched_init() will be NULL. If the sm2_ctrl() function still call +the sm2_update_sess() in this situation, and make wd_ecc_alloc_sess() +to call sched_init(), there will be a segfault. + +The solution is to modify the status field of sm2_ctx, make the +variable 'init_status' to indicate the status of init operation: +'CTX_UNINIT' indicates the init operation has not been performed, +'CTX_INIT_SUCC' indicates the init operation has been succeeded, +'CTX_INIT_FAIL' indicates the init operation has been failed. + +The sm2_update_sess() will only be called if the 'init_status' is +'CTX_INIT_SUCC'. Then there will be no segfault. + +And when there is no available instance, it should switch to openssl +software method, so modify some return values to help finish this +process. + +Signed-off-by: Zhiqi Song +--- + src/uadk_sm2.c | 44 ++++++++++++++++++++++++++++++++------------ + 1 file changed, 32 insertions(+), 12 deletions(-) + +diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c +index fcca9f2..8a9adca 100644 +--- a/src/uadk_sm2.c ++++ b/src/uadk_sm2.c +@@ -25,6 +25,12 @@ + #include "uadk.h" + #include "uadk_pkey.h" + ++enum { ++ CTX_INIT_FAIL = -1, ++ CTX_UNINIT, ++ CTX_INIT_SUCC ++}; ++ + typedef struct { + /* Key and paramgen group */ + EC_GROUP *gen_group; +@@ -43,7 +49,7 @@ struct sm2_ctx { + const BIGNUM *prikey; + const EC_POINT *pubkey; + BIGNUM *order; +- bool is_init; ++ int init_status; + }; + + typedef struct sm2_ciphertext { +@@ -165,6 +171,7 @@ static int sm2_update_sess(struct sm2_ctx *smctx) + + memset(&setup, 0, sizeof(setup)); + setup.alg = "sm2"; ++ + if (smctx->ctx.md) { + setup.hash.cb = compute_hash; + setup.hash.usr = (void *)smctx->ctx.md; +@@ -189,6 +196,7 @@ static int sm2_update_sess(struct sm2_ctx *smctx) + + if (smctx->sess) + wd_ecc_free_sess(smctx->sess); ++ + smctx->sess = sess; + smctx->prikey = NULL; + smctx->pubkey = NULL; +@@ -636,7 +644,7 @@ static int sm2_sign_check(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + + if (!smctx || !smctx->sess) { + fprintf(stderr, "smctx or sess NULL\n"); +- return -EINVAL; ++ return UADK_DO_SOFT; + } + + if (sig_sz <= 0) { +@@ -676,7 +684,7 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + if (ret) + goto do_soft; + +- if (!smctx->is_init) { ++ if (smctx->init_status != CTX_INIT_SUCC) { + ret = UADK_DO_SOFT; + goto do_soft; + } +@@ -744,6 +752,13 @@ static int sm2_verify_check(EVP_PKEY_CTX *ctx, + const unsigned char *tbs, + size_t tbslen) + { ++ struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx); ++ ++ if (!smctx || !smctx->sess) { ++ fprintf(stderr, "smctx or sess NULL\n"); ++ return UADK_DO_SOFT; ++ } ++ + if (tbslen > SM2_KEY_BYTES) + return UADK_DO_SOFT; + +@@ -772,7 +787,7 @@ static int sm2_verify(EVP_PKEY_CTX *ctx, + if (ret) + goto do_soft; + +- if (!smctx->is_init) { ++ if (smctx->init_status != CTX_INIT_SUCC) { + ret = UADK_DO_SOFT; + goto do_soft; + } +@@ -853,7 +868,7 @@ static int sm2_encrypt_check(EVP_PKEY_CTX *ctx, + + if (!smctx || !smctx->sess) { + fprintf(stderr, "smctx or sess NULL\n"); +- return 0; ++ return UADK_DO_SOFT; + } + + md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md; +@@ -897,7 +912,7 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx, + if (ret) + goto do_soft; + +- if (!smctx->is_init) { ++ if (smctx->init_status != CTX_INIT_SUCC) { + ret = UADK_DO_SOFT; + goto do_soft; + } +@@ -953,7 +968,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx, + + if (!smctx || !smctx->sess) { + fprintf(stderr, "smctx or sess NULL\n"); +- return -EINVAL; ++ return UADK_DO_SOFT; + } + + md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md; +@@ -1038,7 +1053,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx, + if (ret) + goto do_soft; + +- if (!smctx->is_init) { ++ if (smctx->init_status != CTX_INIT_SUCC) { + ret = UADK_DO_SOFT; + goto do_soft; + } +@@ -1124,18 +1139,18 @@ static int sm2_init(EVP_PKEY_CTX *ctx) + ret = uadk_init_ecc(); + if (ret) { + fprintf(stderr, "failed to uadk_init_ecc, ret = %d\n", ret); +- smctx->is_init = false; ++ smctx->init_status = CTX_INIT_FAIL; + goto end; + } + + ret = sm2_update_sess(smctx); + if (ret) { + fprintf(stderr, "failed to update sess\n"); +- smctx->is_init = false; ++ smctx->init_status = CTX_INIT_FAIL; + goto end; + } + +- smctx->is_init = true; ++ smctx->init_status = CTX_INIT_SUCC; + end: + EVP_PKEY_CTX_set_data(ctx, smctx); + EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0); +@@ -1196,8 +1211,13 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + return 1; + case EVP_PKEY_CTRL_MD: + smctx->ctx.md = p2; +- if (sm2_update_sess(smctx)) ++ if (smctx->init_status != CTX_INIT_SUCC) ++ return 1; ++ ++ if (sm2_update_sess(smctx)) { ++ fprintf(stderr, "failed to set MD\n"); + return 0; ++ } + return 1; + case EVP_PKEY_CTRL_GET_MD: + *(const EVP_MD **)p2 = smctx->ctx.md; +-- +1.8.3.1 + diff --git a/0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch b/0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch new file mode 100644 index 0000000..55ab785 --- /dev/null +++ b/0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch @@ -0,0 +1,142 @@ +From e34a0bb0cc5c381f45877e05d927fd4bc5dc98f6 Mon Sep 17 00:00:00 2001 +From: Hao Fang +Date: Sat, 22 Oct 2022 15:27:20 +0800 +Subject: uadk_engine: use HW_V2/HW_V3 to distinguish different hardware + platforms + +Hardware version numbers are used to distinguish different hardware. + +Signed-off-by: Hao Fang +Tested-by: Junchong Pan +--- + src/uadk.h | 4 ++-- + src/uadk_cipher.c | 22 +++++++++++----------- + test/sanity_test.sh | 8 ++++---- + 3 files changed, 17 insertions(+), 17 deletions(-) + +diff --git a/src/uadk.h b/src/uadk.h +index cd3447c..99c65c7 100644 +--- a/src/uadk.h ++++ b/src/uadk.h +@@ -27,8 +27,8 @@ + #define ENGINE_RECV_MAX_CNT 60000000 + + enum { +- KUNPENG920, +- KUNPENG930, ++ HW_V2, ++ HW_V3, + }; + + extern const char *engine_uadk_id; +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index c5bc7af..c6878c3 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -77,7 +77,7 @@ static int platform; + + #define SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT 192 + +-static int cipher_920_nids[] = { ++static int cipher_hw_v2_nids[] = { + NID_aes_128_cbc, + NID_aes_192_cbc, + NID_aes_256_cbc, +@@ -93,7 +93,7 @@ static int cipher_920_nids[] = { + 0, + }; + +-static int cipher_930_nids[] = { ++static int cipher_hw_v3_nids[] = { + NID_aes_128_cbc, + NID_aes_192_cbc, + NID_aes_256_cbc, +@@ -342,9 +342,9 @@ static int uadk_get_accel_platform(char *alg_name) + return 0; + + if (!strcmp(dev->api, "hisi_qm_v2")) +- platform = KUNPENG920; ++ platform = HW_V2; + else +- platform = KUNPENG930; ++ platform = HW_V3; + free(dev); + + return 1; +@@ -358,12 +358,12 @@ static int uadk_e_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + int size; + int i; + +- if (platform == KUNPENG920) { +- size = (sizeof(cipher_920_nids) - 1) / sizeof(int); +- cipher_nids = cipher_920_nids; ++ if (platform == HW_V2) { ++ size = (sizeof(cipher_hw_v2_nids) - 1) / sizeof(int); ++ cipher_nids = cipher_hw_v2_nids; + } else { +- size = (sizeof(cipher_930_nids) - 1) / sizeof(int); +- cipher_nids = cipher_930_nids; ++ size = (sizeof(cipher_hw_v3_nids) - 1) / sizeof(int); ++ cipher_nids = cipher_hw_v3_nids; + } + + if (!cipher) { +@@ -1073,7 +1073,7 @@ int uadk_e_bind_cipher(ENGINE *e) + } + + bind_v2_cipher(); +- if (platform > KUNPENG920) ++ if (platform > HW_V2) + bind_v3_cipher(); + + return ENGINE_set_ciphers(e, uadk_e_engine_ciphers); +@@ -1155,7 +1155,7 @@ void uadk_e_destroy_cipher(void) + pthread_spin_destroy(&engine.lock); + + destroy_v2_cipher(); +- if (platform > KUNPENG920) ++ if (platform > HW_V2) + destroy_v3_cipher(); + } + +diff --git a/test/sanity_test.sh b/test/sanity_test.sh +index 2c0c504..bdedc15 100755 +--- a/test/sanity_test.sh ++++ b/test/sanity_test.sh +@@ -103,7 +103,7 @@ if [[ $algs =~ "RSA" ]]; then + openssl speed -elapsed -engine $engine_id -async_jobs 1 rsa4096 + fi + +-#ecdsa only supported in Kunpeng930 or later ++#ecdsa only supported in HW_V3 or later + if [[ $algs =~ "id-ecPublicKey" ]]; then + echo "testing ECDSA" + openssl speed -elapsed -engine $engine_id ecdsap224 +@@ -116,21 +116,21 @@ if [[ $algs =~ "id-ecPublicKey" ]]; then + openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdsap521 + fi + +-#X25519 only supported in Kunpeng930 or later ++#X25519 only supported in HW_V3 or later + if [[ $algs =~ "X25519" ]]; then + echo "testing X25519" + openssl speed -elapsed -engine $engine_id ecdhx25519 + openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhx25519 + fi + +-#X448 only supported in Kunpeng930 or later ++#X448 only supported in HW_V3 or later + if [[ $algs =~ "X448" ]]; then + echo "testing X448" + openssl speed -elapsed -engine $engine_id ecdhx448 + openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhx448 + fi + +-#ecdh only supported in Kunpeng930 or later ++#ecdh only supported in HW_V3 or later + if [[ $algs =~ "id-ecPublicKey" ]]; then + echo "testing ECDH" + openssl speed -elapsed -engine $engine_id ecdhp192 +-- +1.8.3.1 + diff --git a/0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch b/0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch new file mode 100644 index 0000000..1c5a5d9 --- /dev/null +++ b/0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch @@ -0,0 +1,73 @@ +From 01580bb856fe7a2206990954b38d8213efd06098 Mon Sep 17 00:00:00 2001 +From: Longfang Liu +Date: Sat, 22 Oct 2022 15:31:24 +0800 +Subject: uadk/engine: update the numa parameter of the scheduler + +In the scenario where multiple devices are enabled at the +same time through environment variables, fixing a numa id +will make other devices unusable. When using the default +numa parameter, the scheduler will automatically allocate +device resources according to the CPU id of the thread, +so as to realize all devices. + +Signed-off-by: Longfang Liu +--- + src/uadk_cipher.c | 4 ++-- + src/uadk_digest.c | 3 ++- + src/uadk_rsa.c | 4 +++- + 3 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index c6878c3..8e8c5f3 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -469,7 +469,6 @@ static handle_t sched_single_init(handle_t h_sched_ctx, void *sched_param) + return (handle_t)0; + } + +- skey->numa_id = param->numa_id; + skey->type = param->type; + + return (handle_t)skey; +@@ -881,7 +880,8 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv) + if (ret) + params.type = 0; + +- params.numa_id = engine.numa_id; ++ /* Use the default numa parameters */ ++ params.numa_id = -1; + priv->setup.sched_param = ¶ms; + if (!priv->sess) { + priv->sess = wd_cipher_alloc_sess(&priv->setup); +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index 63887e7..8370490 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -523,7 +523,8 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) + return 0; + } + +- params.numa_id = engine.numa_id; ++ /* Use the default numa parameters */ ++ params.numa_id = -1; + priv->setup.sched_param = ¶ms; + priv->sess = wd_digest_alloc_sess(&priv->setup); + if (unlikely(!priv->sess)) +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index ef1739d..74852e7 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -881,7 +881,9 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits, + + rsa_sess->key_size = key_size; + rsa_sess->setup.key_bits = key_size << BIT_BYTES_SHIFT; +- params.numa_id = g_rsa_res.numa_id; ++ ++ /* Use the default numa parameters */ ++ params.numa_id = -1; + rsa_sess->setup.sched_param = ¶ms; + rsa_sess->setup.is_crt = is_crt; + +-- +1.8.3.1 + diff --git a/0063-uadk_engine-bugfix-side-effects-of-right-operand.patch b/0063-uadk_engine-bugfix-side-effects-of-right-operand.patch new file mode 100644 index 0000000..838d1e7 --- /dev/null +++ b/0063-uadk_engine-bugfix-side-effects-of-right-operand.patch @@ -0,0 +1,205 @@ +From 5b59c17f84d5a1f6e7c996a499f5a70059d89ee7 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 22 Oct 2022 15:35:17 +0800 +Subject: uadk_engine: bugfix side effects of right operand + +The right operand of while condition may contains side effects, +variables change "rx_cnt++". Move 'rx_cnt++' from condition +to statement. + +Signed-off-by: Zhiqi Song +--- + src/uadk_cipher.c | 13 ++++++++----- + src/uadk_dh.c | 18 +++++++++++------- + src/uadk_digest.c | 13 ++++++++----- + src/uadk_pkey.c | 13 ++++++++----- + src/uadk_rsa.c | 14 +++++++++----- + 5 files changed, 44 insertions(+), 27 deletions(-) + +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index 8e8c5f3..9d4f692 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -516,11 +516,13 @@ static int uadk_e_cipher_poll(void *ctx) + + do { + ret = wd_cipher_poll_ctx(idx, expt, &recv); +- if (recv == expt) ++ if (!ret && recv == expt) + return 0; +- else if (ret < 0 && ret != -EAGAIN) +- return ret; +- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); ++ else if (ret == -EAGAIN) ++ rx_cnt++; ++ else ++ return -1; ++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); + + fprintf(stderr, "failed to recv msg: timeout!\n"); + +@@ -539,7 +541,8 @@ static int uadk_e_cipher_env_poll(void *ctx) + ret = wd_cipher_poll(expt, &recv); + if (ret < 0 || recv == expt) + return ret; +- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); ++ rx_cnt++; ++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); + + fprintf(stderr, "failed to poll msg: timeout!\n"); + +diff --git a/src/uadk_dh.c b/src/uadk_dh.c +index 37f84e9..2af2455 100644 +--- a/src/uadk_dh.c ++++ b/src/uadk_dh.c +@@ -48,6 +48,7 @@ + #define UADK_E_SUCCESS 1 + #define UADK_E_FAIL 0 + #define UADK_E_POLL_SUCCESS 0 ++#define UADK_E_POLL_FAIL (-1) + #define UADK_E_INIT_SUCCESS 0 + #define ENV_ENABLED 1 + +@@ -206,17 +207,19 @@ static int uadk_e_dh_poll(void *ctx) + { + __u64 rx_cnt = 0; + __u32 recv = 0; +- int expect = 1; ++ int expt = 1; + int idx = 1; + int ret; + + do { +- ret = wd_dh_poll_ctx(idx, expect, &recv); +- if (recv == expect) ++ ret = wd_dh_poll_ctx(idx, expt, &recv); ++ if (!ret && recv == expt) + return UADK_E_POLL_SUCCESS; +- else if (ret < 0 && ret != -EAGAIN) +- return ret; +- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); ++ else if (ret == -EAGAIN) ++ rx_cnt++; ++ else ++ return UADK_E_POLL_FAIL; ++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); + + fprintf(stderr, "failed to recv msg: timeout!\n"); + +@@ -283,7 +286,8 @@ static int uadk_e_dh_env_poll(void *ctx) + ret = wd_dh_poll(expt, &recv); + if (ret < 0 || recv == expt) + return ret; +- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); ++ rx_cnt++; ++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); + + fprintf(stderr, "failed to poll msg: timeout!\n"); + +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index 8370490..9568a98 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -343,11 +343,13 @@ static int uadk_e_digest_poll(void *ctx) + + do { + ret = wd_digest_poll_ctx(CTX_ASYNC, expt, &recv); +- if (recv == expt) ++ if (!ret && recv == expt) + return 0; +- else if (ret < 0 && ret != -EAGAIN) +- return ret; +- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); ++ else if (ret == -EAGAIN) ++ rx_cnt++; ++ else ++ return -1; ++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); + + fprintf(stderr, "failed to recv msg: timeout!\n"); + +@@ -366,7 +368,8 @@ static int uadk_e_digest_env_poll(void *ctx) + ret = wd_digest_poll(expt, &recv); + if (ret < 0 || recv == expt) + return ret; +- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); ++ rx_cnt++; ++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); + + fprintf(stderr, "failed to poll msg: timeout!\n"); + +diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c +index 211f1cc..6920cff 100644 +--- a/src/uadk_pkey.c ++++ b/src/uadk_pkey.c +@@ -110,11 +110,13 @@ static int uadk_ecc_poll(void *ctx) + + do { + ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv); +- if (recv == expt) ++ if (!ret && recv == expt) + return 0; +- else if (ret < 0 && ret != -EAGAIN) +- return ret; +- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); ++ else if (ret == -EAGAIN) ++ rx_cnt++; ++ else ++ return -1; ++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); + + fprintf(stderr, "failed to recv msg: timeout!\n"); + +@@ -153,7 +155,8 @@ static int uadk_e_ecc_env_poll(void *ctx) + ret = wd_ecc_poll(expt, &recv); + if (ret < 0 || recv == expt) + return ret; +- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); ++ rx_cnt++; ++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); + + fprintf(stderr, "failed to poll msg: timeout!\n"); + +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index 74852e7..bcdd6bc 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -48,6 +48,7 @@ + #define UADK_E_FAIL 0 + #define UADK_DO_SOFT (-0xE0) + #define UADK_E_POLL_SUCCESS 0 ++#define UADK_E_POLL_FAIL (-1) + #define UADK_E_INIT_SUCCESS 0 + #define CHECK_PADDING_FAIL (-1) + #define ENV_ENABLED 1 +@@ -664,11 +665,13 @@ static int uadk_e_rsa_poll(void *ctx) + + do { + ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv); +- if (recv == expt) ++ if (!ret && recv == expt) + return UADK_E_POLL_SUCCESS; +- else if (ret < 0 && ret != -EAGAIN) +- return ret; +- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); ++ else if (ret == -EAGAIN) ++ rx_cnt++; ++ else ++ return UADK_E_POLL_FAIL; ++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); + + fprintf(stderr, "failed to recv msg: timeout!\n"); + +@@ -700,7 +703,8 @@ static int uadk_e_rsa_env_poll(void *ctx) + ret = wd_rsa_poll(expt, &recv); + if (ret < 0 || recv == expt) + return ret; +- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); ++ rx_cnt++; ++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); + + fprintf(stderr, "failed to poll msg: timeout!\n"); + +-- +1.8.3.1 + diff --git a/0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch b/0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch new file mode 100644 index 0000000..9107679 --- /dev/null +++ b/0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch @@ -0,0 +1,118 @@ +From f17c89d7d27b3a728232c7e641c2978db238a2f3 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 22 Oct 2022 15:37:45 +0800 +Subject: uadk_engine: cleanup static check warning of clangtidy tool + +Cleanup the following warning: +1. Parameters of function should not be used as working +variable. +2. Cleanup uninitialized value. +3. Storage class should be specified after a type. + +Signed-off-by: Zhiqi Song +--- + src/e_uadk.c | 6 ++---- + src/uadk_cipher.c | 9 +++++---- + src/uadk_ec.c | 5 +++-- + src/uadk_rsa.c | 16 ++++++++-------- + 4 files changed, 18 insertions(+), 18 deletions(-) + +diff --git a/src/e_uadk.c b/src/e_uadk.c +index 77612d7..21ceb86 100644 +--- a/src/e_uadk.c ++++ b/src/e_uadk.c +@@ -89,13 +89,11 @@ static const ENGINE_CMD_DEFN g_uadk_cmd_defns[] = { + } + }; + +-__attribute__((constructor)) +-static void uadk_constructor(void) ++static void __attribute__((constructor)) uadk_constructor(void) + { + } + +-__attribute__((destructor)) +-static void uadk_destructor(void) ++static void __attribute__((destructor)) uadk_destructor(void) + { + } + +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index 9d4f692..14e2af2 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -749,17 +749,18 @@ static void ctr_iv_inc(uint8_t *counter, __u32 c) + { + uint32_t n = CTR_128BIT_COUNTER; + uint8_t *counter1 = counter; ++ __u32 c_value = c; + + /* + * Since the counter has been increased 1 by the hardware, + * so the c need to decrease 1. + */ +- c = c - 1; ++ c_value -= 1; + do { + --n; +- c += counter1[n]; +- counter1[n] = (uint8_t)c; +- c >>= BYTE_BITS; ++ c_value += counter1[n]; ++ counter1[n] = (uint8_t)c_value; ++ c_value >>= BYTE_BITS; + } while (n); + } + +diff --git a/src/uadk_ec.c b/src/uadk_ec.c +index 37683cd..247b875 100644 +--- a/src/uadk_ec.c ++++ b/src/uadk_ec.c +@@ -72,14 +72,15 @@ static void init_dtb_param(void *dtb, char *start, + __u32 dsz, __u32 bsz, __u32 num) + { + struct wd_dtb *tmp = dtb; ++ char *buff = start; + int i = 0; + + while (i++ < num) { +- tmp->data = start; ++ tmp->data = buff; + tmp->dsize = dsz; + tmp->bsize = bsz; + tmp += 1; +- start += bsz; ++ buff += bsz; + } + } + +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index bcdd6bc..7d25338 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -932,14 +932,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess, + struct rsa_prikey_param *pri, + unsigned char *in_buf, unsigned char *to) + { +- struct wd_rsa_prikey *prikey; +- struct wd_dtb *wd_dq; +- struct wd_dtb *wd_dp; +- struct wd_dtb *wd_q; +- struct wd_dtb *wd_p; +- struct wd_dtb *wd_qinv; +- struct wd_dtb *wd_d; +- struct wd_dtb *wd_n; ++ struct wd_rsa_prikey *prikey = NULL; ++ struct wd_dtb *wd_qinv = NULL; ++ struct wd_dtb *wd_dq = NULL; ++ struct wd_dtb *wd_dp = NULL; ++ struct wd_dtb *wd_q = NULL; ++ struct wd_dtb *wd_p = NULL; ++ struct wd_dtb *wd_d = NULL; ++ struct wd_dtb *wd_n = NULL; + + if (!(rsa_sess->is_prikey_ready) && (pri->is_crt)) { + wd_rsa_get_prikey(rsa_sess->sess, &prikey); +-- +1.8.3.1 + diff --git a/0065-uadk_engine-bugfix-enable-environment-variable.patch b/0065-uadk_engine-bugfix-enable-environment-variable.patch new file mode 100644 index 0000000..2fab708 --- /dev/null +++ b/0065-uadk_engine-bugfix-enable-environment-variable.patch @@ -0,0 +1,38 @@ +From 7ef97aab7a5cd964241fe9879588ceb54a547003 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 22 Oct 2022 15:53:53 +0800 +Subject: uadk_engine: bugfix enable environment variable + +When the 'alg_name' set by the user is valid, the 'env_enabled' +field should be set or returned. + +Signed-off-by: Zhiqi Song +--- + src/e_uadk.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/e_uadk.c b/src/e_uadk.c +index 21ceb86..0a9e3e6 100644 +--- a/src/e_uadk.c ++++ b/src/e_uadk.c +@@ -116,7 +116,7 @@ int uadk_e_is_env_enabled(const char *alg_name) + int i = 0; + + while (i < len) { +- if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) ++ if (!strcmp(uadk_env_enabled[i].alg_name, alg_name)) + return uadk_env_enabled[i].env_enabled; + i++; + } +@@ -130,7 +130,7 @@ static void uadk_e_set_env_enabled(const char *alg_name, __u8 value) + int i = 0; + + while (i < len) { +- if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) { ++ if (!strcmp(uadk_env_enabled[i].alg_name, alg_name)) { + uadk_env_enabled[i].env_enabled = value; + return; + } +-- +1.8.3.1 + diff --git a/0066-uadk_engine-cleanup-magic-number-and-comments.patch b/0066-uadk_engine-cleanup-magic-number-and-comments.patch new file mode 100644 index 0000000..b9a5379 --- /dev/null +++ b/0066-uadk_engine-cleanup-magic-number-and-comments.patch @@ -0,0 +1,537 @@ +From 20049f2becb9cc339276d4839f6d9f909273f5a5 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 22 Oct 2022 15:54:51 +0800 +Subject: uadk_engine: cleanup magic number and comments + +Use macros to replace magic numbers and related operations. +Simplify code comments and unify style. + +Signed-off-by: Zhiqi Song +--- + src/uadk_cipher.c | 4 +--- + src/uadk_dh.c | 5 ++--- + src/uadk_digest.c | 2 +- + src/uadk_ec.c | 51 ++++++++++++++++++++++++++------------------------- + src/uadk_ecx.c | 40 +++++++++++++++++++++++----------------- + src/uadk_pkey.c | 9 ++++----- + src/uadk_pkey.h | 6 +++++- + src/uadk_rsa.c | 25 ++++++++++--------------- + src/uadk_sm2.c | 23 ++++++++++++----------- + 9 files changed, 84 insertions(+), 81 deletions(-) + +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index 14e2af2..de5f078 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -480,13 +480,11 @@ static __u32 sched_single_pick_next_ctx(handle_t sched_ctx, + struct sched_params *key = (struct sched_params *)sched_key; + + if (sched_mode) { +- /* async */ + if (key->type == WD_CIPHER_ENCRYPTION) + return CTX_ASYNC_ENC; + else + return CTX_ASYNC_DEC; + } else { +- /* sync */ + if (key->type == WD_CIPHER_ENCRYPTION) + return CTX_SYNC_ENC; + else +@@ -744,7 +742,7 @@ static void async_cb(struct wd_cipher_req *req, void *data) + } + } + +-/* increment counter (128-bit int) by c */ ++/* Increment counter (128-bit int) by c */ + static void ctr_iv_inc(uint8_t *counter, __u32 c) + { + uint32_t n = CTR_128BIT_COUNTER; +diff --git a/src/uadk_dh.c b/src/uadk_dh.c +index 2af2455..6356872 100644 +--- a/src/uadk_dh.c ++++ b/src/uadk_dh.c +@@ -603,7 +603,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p, + if (!ag_bin) + return UADK_E_FAIL; + +- /* malloc a contiguous chunk of memory */ ++ /* Malloc a contiguous chunk of memory */ + apriv_key_bin = OPENSSL_malloc(key_size * DH_PARAMS_CNT); + if (!apriv_key_bin) + goto free_ag; +@@ -615,7 +615,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p, + memset(ap_bin, 0, key_size); + memset(out_pri, 0, key_size); + +- /* construct data block of g */ ++ /* Construct data block of g */ + ret = dh_set_g(g, key_size, ag_bin, dh_sess); + if (!ret) + goto free_apriv; +@@ -623,7 +623,6 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p, + dh_sess->req.xbytes = BN_bn2bin(priv_key, apriv_key_bin); + dh_sess->req.pbytes = BN_bn2bin(p, ap_bin); + dh_sess->req.x_p = (void *)apriv_key_bin; +- /* the output from uadk */ + dh_sess->req.pri = out_pri; + dh_sess->req.pri_bytes = key_size; + dh_sess->req.op_type = WD_DH_PHASE1; +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index 9568a98..9d009a9 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -71,7 +71,7 @@ static struct digest_engine engine; + + struct evp_md_ctx_st { + const EVP_MD *digest; +- /* functional reference if 'digest' is ENGINE-provided */ ++ /* Functional reference if 'digest' is ENGINE-provided */ + ENGINE *engine; + unsigned long flags; + void *md_data; +diff --git a/src/uadk_ec.c b/src/uadk_ec.c +index 247b875..9b48ae7 100644 +--- a/src/uadk_ec.c ++++ b/src/uadk_ec.c +@@ -27,23 +27,23 @@ + #include "uadk.h" + + #define ECC128BITS 128 +-#define ECC192BITS 192 +-#define ECC224BITS 224 +-#define ECC256BITS 256 +-#define ECC320BITS 320 +-#define ECC384BITS 384 +-#define ECC521BITS 521 ++#define ECC192BITS 192 ++#define ECC224BITS 224 ++#define ECC256BITS 256 ++#define ECC320BITS 320 ++#define ECC384BITS 384 ++#define ECC521BITS 521 + + struct curve_param { +- /* prime */ ++ /* Prime */ + BIGNUM *p; +- /* ecc coefficient 'a' */ ++ /* ECC coefficient 'a' */ + BIGNUM *a; +- /* ecc coefficient 'b' */ ++ /* ECC coefficient 'b' */ + BIGNUM *b; +- /* base point */ ++ /* Base point */ + const EC_POINT *g; +- /* order of base point */ ++ /* Order of base point */ + const BIGNUM *order; + }; + +@@ -176,7 +176,6 @@ free_ctx: + + static int get_smallest_hw_keybits(int bits) + { +- /* ec curve order width */ + if (bits > ECC384BITS) + return ECC521BITS; + else if (bits > ECC320BITS) +@@ -283,7 +282,7 @@ static int eckey_check(const EC_KEY *eckey) + return -1; + } + +- /* field GF(2m) is not supported by uadk */ ++ /* Field GF(2m) is not supported by uadk */ + if (!uadk_prime_field(group)) + return UADK_DO_SOFT; + +@@ -336,22 +335,25 @@ static int set_digest(handle_t sess, struct wd_dtb *e, + unsigned int dlen = sdgst->dsize; + BIGNUM *m; + +- if (dlen << UADK_BITS_2_BYTES_SHIFT > order_bits) { ++ if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits) { + m = BN_new(); + + /* Need to truncate digest if it is too long: first truncate + * whole bytes + */ +- dlen = (order_bits + 7) >> UADK_BITS_2_BYTES_SHIFT; ++ dlen = BITS_TO_BYTES(order_bits); + if (!BN_bin2bn(dgst, dlen, m)) { + fprintf(stderr, "failed to BN_bin2bn digest\n"); + BN_free(m); + return -1; + } + +- /* If still too long, truncate remaining bits with a shift */ +- if (dlen << UADK_BITS_2_BYTES_SHIFT > order_bits && +- !BN_rshift(m, m, 8 - (order_bits & 0x7))) { ++ /* If the length of digest is still longer than the length ++ * of the base point order, truncate remaining bits with a ++ * shift to that length ++ */ ++ if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits && ++ !BN_rshift(m, m, DGST_SHIFT_NUM(order_bits))) { + fprintf(stderr, "failed to truncate input digest\n"); + BN_free(m); + return -1; +@@ -743,7 +745,7 @@ err: + + static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) + { +- unsigned char buff[SM2_KEY_BYTES * 2 + 1] = {UADK_OCTET_STRING}; ++ unsigned char buff[ECC_POINT_SIZE(SM2_KEY_BYTES) + 1] = {UADK_OCTET_STRING}; + struct wd_ecc_point *pubkey = NULL; + struct wd_dtb *privkey = NULL; + const EC_GROUP *group; +@@ -768,8 +770,8 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) + return -ENOMEM; + } + +- memcpy(buff + 1, pubkey->x.data, SM2_KEY_BYTES * 2); +- tmp = BN_bin2bn(buff, SM2_KEY_BYTES * 2 + 1, NULL); ++ memcpy(buff + 1, pubkey->x.data, ECC_POINT_SIZE(SM2_KEY_BYTES)); ++ tmp = BN_bin2bn(buff, ECC_POINT_SIZE(SM2_KEY_BYTES) + 1, NULL); + ptr = EC_POINT_bn2point(group, tmp, point, NULL); + BN_free(tmp); + if (!ptr) { +@@ -1029,7 +1031,7 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req, + in_pkey.x.dsize = BN_bn2bin(pkey_x, (unsigned char *)in_pkey.x.data); + in_pkey.y.dsize = BN_bn2bin(pkey_y, (unsigned char *)in_pkey.y.data); + +- /* set public key */ ++ /* Set public key */ + ecdh_in = wd_ecxdh_new_in(sess, &in_pkey); + if (!ecdh_in) { + fprintf(stderr, "failed to new ecxdh in\n"); +@@ -1075,7 +1077,7 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req) + } + + key_size_std = (unsigned int)(EC_GROUP_get_degree(group) + +- UADK_ECC_PADDING) >> UADK_BITS_2_BYTES_SHIFT; ++ UADK_ECC_PADDING) >> TRANS_BITS_BYTES_SHIFT; + key_size_x = pubkey->x.dsize; + key_size_y = pubkey->y.dsize; + if ((key_size_x > key_size_std) || (key_size_y > key_size_std)) { +@@ -1088,9 +1090,8 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req) + * tag - 1 byte + * point_x - [key_size_std] bytes + * point_y - [key_size_std] bytes +- * so the malloc size is: key_size_std * 2 + 1 + */ +- buff_size = key_size_std * 2 + 1; ++ buff_size = ECC_POINT_SIZE(key_size_std) + 1; + x_shift = key_size_std - key_size_x + 1; + y_shift = buff_size - key_size_y; + buff = (unsigned char *)OPENSSL_malloc(buff_size); +diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c +index df23156..67042a3 100644 +--- a/src/uadk_ecx.c ++++ b/src/uadk_ecx.c +@@ -295,33 +295,39 @@ static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx, + + memcpy(ecx_key->pubkey, (const unsigned char *)pubkey->x.data, + key_size); +- /* trans public key from big-endian to little-endian */ ++ /* Trans public key from big-endian to little-endian */ + ret = reverse_bytes(ecx_key->pubkey, key_size); + if (!ret) { + fprintf(stderr, "failed to trans public key\n"); + return UADK_E_FAIL; + } +- /* trans private key from big-endian to little-endian */ ++ /* Trans private key from big-endian to little-endian */ + ret = reverse_bytes(ecx_key->privkey, key_size); + if (!ret) { + fprintf(stderr, "failed to trans private key\n"); + return UADK_E_FAIL; + } + /* +- * This is a pretreatment of X25519/X448, as described in RFC 7748: +- * For X25519, in order to decode 32 random bytes as an integer +- * scaler, set the three LSB of the first byte and MSB of the last +- * to zero, set the second MSB of the last byte to 1. +- * For X448, set the two LSB of the first byte to 0, and MSB of the +- * last byte to 1. Decode in little-endian mode. ++ * This is a pretreatment of X25519/X448 described in RFC 7748. ++ * In order to decode the random bytes as an integer scaler, there ++ * are some special data processing. And use little-endian mode for ++ * decoding. + */ + if (ecx_ctx->nid == EVP_PKEY_X25519) { +- ecx_key->privkey[0] &= 248; +- ecx_key->privkey[X25519_KEYLEN - 1] &= 127; +- ecx_key->privkey[X25519_KEYLEN - 1] |= 64; ++ /* Set the three LSB of the first byte to 0 */ ++ ecx_key->privkey[0] &= 0xF8; ++ ++ /* Set the MSB of the last byte to 0 */ ++ ecx_key->privkey[X25519_KEYLEN - 1] &= 0x7F; ++ ++ /* Set the second MSB of the last byte to 1 */ ++ ecx_key->privkey[X25519_KEYLEN - 1] |= 0x40; + } else if (ecx_ctx->nid == EVP_PKEY_X448) { +- ecx_key->privkey[0] &= 252; +- ecx_key->privkey[X448_KEYLEN - 1] |= 128; ++ /* Set the two LSB of the first byte to 0 */ ++ ecx_key->privkey[0] &= 0xFC; ++ ++ /* Set the MSB of the last byte to 1 */ ++ ecx_key->privkey[X448_KEYLEN - 1] |= 0x80; + } + + ret = EVP_PKEY_assign(pkey, ecx_ctx->nid, ecx_key); +@@ -494,7 +500,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req, + struct wd_ecc_in *ecx_in; + int ret; + +- /* trans public key from little-endian to big-endian */ ++ /* Trans public key from little-endian to big-endian */ + ret = reverse_bytes(peer_ecx_key->pubkey, key_size); + if(!ret) { + fprintf(stderr, "failed to trans public key\n"); +@@ -521,7 +527,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req, + + uadk_ecc_fill_req(req, WD_ECXDH_COMPUTE_KEY, ecx_in, ecx_out); + +- /* trans public key from big-endian to little-endian */ ++ /* Trans public key from big-endian to little-endian */ + ret = reverse_bytes(peer_ecx_key->pubkey, key_size); + if (!ret) { + fprintf(stderr, "failed to trans public key\n"); +@@ -553,7 +559,7 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, + struct wd_dtb prikey; + int ret; + +- /* trans private key from little-endian to big-endian */ ++ /* Trans private key from little-endian to big-endian */ + ret = reverse_bytes(ecx_key->privkey, key_size); + if (!ret) { + fprintf(stderr, "failed to trans private key\n"); +@@ -569,7 +575,7 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, + return UADK_E_FAIL; + } + +- /* trans private key from big-endian to little-endian */ ++ /* Trans private key from big-endian to little-endian */ + ret = reverse_bytes(ecx_key->privkey, key_size); + if (!ret) { + fprintf(stderr, "failed to trans private key\n"); +diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c +index 6920cff..6b5ae9a 100644 +--- a/src/uadk_pkey.c ++++ b/src/uadk_pkey.c +@@ -44,7 +44,7 @@ struct ecc_res_config { + int numa_id; + }; + +-/* ecc global hardware resource is saved here */ ++/* ECC global hardware resource is saved here */ + struct ecc_res { + struct wd_ctx_config *ctx_res; + int pid; +@@ -123,7 +123,7 @@ static int uadk_ecc_poll(void *ctx) + return -ETIMEDOUT; + } + +-/* make resource configure static */ ++/* Make resource configure static */ + struct ecc_res_config ecc_res_config = { + .sched = { + .sched_type = -1, +@@ -234,7 +234,7 @@ static int uadk_wd_ecc_init(struct ecc_res_config *config) + struct uacce_dev *dev; + int ret; + +- /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */ ++ /* The ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */ + dev = wd_get_accel_dev("ecdsa"); + if (!dev) + return -ENOMEM; +@@ -396,8 +396,7 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey) + return -EINVAL; + } + +- /* pad and convert bits to bytes */ +- buflen = (EC_GROUP_get_degree(group) + 7) / 8; ++ buflen = BITS_TO_BYTES(EC_GROUP_get_degree(group)); + ecc_key = wd_ecc_get_key(sess); + prikey.data = (void *)bin; + prikey.dsize = BN_bn2binpad(d, bin, buflen); +diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h +index b30c2de..6d1cc77 100644 +--- a/src/uadk_pkey.h ++++ b/src/uadk_pkey.h +@@ -26,7 +26,6 @@ + #define UADK_ECC_MAX_KEY_BITS 521 + #define UADK_ECC_MAX_KEY_BYTES 66 + #define UADK_ECC_CV_PARAM_NUM 6 +-#define UADK_BITS_2_BYTES_SHIFT 3 + #define SM2_KEY_BYTES 32 + #define UADK_OCTET_STRING 4 + #define UADK_ECC_PUBKEY_PARAM_NUM 2 +@@ -34,6 +33,11 @@ + #define UADK_ECDH_CV_NUM 8 + #define ENV_ENABLED 1 + #define UADK_E_INVALID (-2) ++#define TRANS_BITS_BYTES_SHIFT 3 ++#define ECC_POINT_SIZE(n) ((n) * 2) ++#define GET_MS_BYTE(n) ((n) >> 8) ++#define GET_LS_BYTE(n) ((n) & 0xFF) ++#define DGST_SHIFT_NUM(n) (8 - ((n) & 0x7)) + + struct uadk_pkey_meth { + EVP_PKEY_METHOD *sm2; +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index 7d25338..e9a2c53 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -52,6 +52,9 @@ + #define UADK_E_INIT_SUCCESS 0 + #define CHECK_PADDING_FAIL (-1) + #define ENV_ENABLED 1 ++#define PRIME_RETRY_COUNT 4 ++#define GENCB_NEXT 2 ++#define GENCB_RETRY 3 + + static RSA_METHOD *rsa_hw_meth; + +@@ -173,11 +176,7 @@ static int rsa_prime_mul_res(int num, struct rsa_prime_param *param, + if (!BN_mul(param->r1, param->rsa_p, param->rsa_q, ctx)) + return BN_ERR; + } else { +- /* +- * Use the number 3 to indicate whether +- * the generator has been found. +- */ +- if (!BN_GENCB_call(cb, 3, num)) ++ if (!BN_GENCB_call(cb, GENCB_RETRY, num)) + return BN_ERR; + return BN_CONTINUE; + } +@@ -228,14 +227,11 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, + *bitse -= bitsr[*num]; + else + return -1; +- /* +- * Use the number 2 to indicate whether +- * a prime has been found. +- */ +- ret = BN_GENCB_call(cb, 2, *n++); ++ ++ ret = BN_GENCB_call(cb, GENCB_NEXT, *n++); + if (!ret) + return -1; +- if (retries == 4) { ++ if (retries == PRIME_RETRY_COUNT) { + *num = -1; + *bitse = 0; + retries = 0; +@@ -244,8 +240,8 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, + retries++; + return BN_REDO; + } +- /* Use the number 3 to indicate whether the generator has been found. */ +- ret = BN_GENCB_call(cb, 3, *num); ++ ++ ret = BN_GENCB_call(cb, GENCB_RETRY, *num); + if (!ret) + return BN_ERR; + retries = 0; +@@ -320,8 +316,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param, + else + return BN_ERR; + +- /* Use the number 2 to indicate whether a prime has been found. */ +- if (!BN_GENCB_call(cb, 2, *n++)) ++ if (!BN_GENCB_call(cb, GENCB_NEXT, *n++)) + return BN_ERR; + + return GET_ERR_FINISH; +diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c +index 8a9adca..578d2d8 100644 +--- a/src/uadk_sm2.c ++++ b/src/uadk_sm2.c +@@ -34,12 +34,12 @@ enum { + typedef struct { + /* Key and paramgen group */ + EC_GROUP *gen_group; +- /* message digest */ ++ /* Message digest */ + const EVP_MD *md; + /* Distinguishing Identifier, ISO/IEC 15946-3 */ + uint8_t *id; + size_t id_len; +- /* id_set indicates if the 'id' field is set (1) or not (0) */ ++ /* Indicates if the 'id' field is set (1) or not (0) */ + int id_set; + } SM2_PKEY_CTX; + +@@ -557,8 +557,7 @@ static size_t ec_field_size(const EC_GROUP *group) + if (!EC_GROUP_get_curve(group, p, a, b, NULL)) + goto done; + +- /* Pad and convert bits to bytes */ +- field_size = (BN_num_bits(p) + 7) / 8; ++ field_size = BITS_TO_BYTES(BN_num_bits(p)); + + done: + BN_free(p); +@@ -1172,7 +1171,7 @@ static int sm2_set_ctx_id(struct sm2_ctx *smctx, int p1, const void *p2) + OPENSSL_free(smctx->ctx.id); + smctx->ctx.id = tmp_id; + } else { +- /* set null-ID */ ++ /* Set null-ID */ + OPENSSL_free(smctx->ctx.id); + smctx->ctx.id = NULL; + } +@@ -1231,7 +1230,7 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + *(size_t *)p2 = smctx->ctx.id_len; + return 1; + case EVP_PKEY_CTRL_DIGESTINIT: +- /* nothing to be inited, this is to suppress the error... */ ++ /* Nothing to be inited, for suppress the error */ + return 1; + default: + fprintf(stderr, "sm2 ctrl type = %d error\n", type); +@@ -1323,20 +1322,22 @@ static int check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash, + } + + /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */ +- if (id_len >= (UINT16_MAX / 8)) { ++ if (id_len >= (UINT16_MAX >> TRANS_BITS_BYTES_SHIFT)) { + fprintf(stderr, "id too large\n"); + return 0; + } + +- entl = (uint16_t)(8 * id_len); ++ entl = (uint16_t)(id_len << TRANS_BITS_BYTES_SHIFT); + +- e_byte = entl >> 8; ++ /* Update the most significant (first) byte of 'entl' */ ++ e_byte = GET_MS_BYTE(entl); + if (!EVP_DigestUpdate(hash, &e_byte, 1)) { + fprintf(stderr, "error evp lib\n"); + return 0; + } + +- e_byte = entl & 0xFF; ++ /* Update the least significant (second) byte of 'entl' */ ++ e_byte = GET_LS_BYTE(entl); + if (!EVP_DigestUpdate(hash, &e_byte, 1)) { + fprintf(stderr, "error evp lib\n"); + return 0; +@@ -1516,7 +1517,7 @@ static int sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) + return 0; + } + +- /* get hashed prefix 'z' of tbs message */ ++ /* Get hashed prefix 'z' of tbs message */ + if (!sm2_compute_z_digest(z, md, smctx->ctx.id, smctx->ctx.id_len, ec)) + return 0; + +-- +1.8.3.1 + diff --git a/0067-uadk_engine-cleanup-header-file.patch b/0067-uadk_engine-cleanup-header-file.patch new file mode 100644 index 0000000..b6f7fbc --- /dev/null +++ b/0067-uadk_engine-cleanup-header-file.patch @@ -0,0 +1,250 @@ +From 1dd1503428df2b33f679f81b1541a4314fe0aa11 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 22 Oct 2022 15:56:54 +0800 +Subject: uadk_engine: cleanup header file + +Remove redundant header file and modify magic number. + +Signed-off-by: Zhiqi Song +--- + src/uadk.h | 3 --- + src/uadk_async.c | 1 + + src/uadk_async.h | 2 +- + src/uadk_cipher.c | 1 + + src/uadk_dh.c | 1 + + src/uadk_digest.c | 2 ++ + src/uadk_ec.c | 1 + + src/uadk_ecx.c | 2 +- + src/uadk_pkey.c | 5 ++++- + src/uadk_rsa.c | 6 +++++- + src/uadk_sm2.c | 7 +++++-- + 11 files changed, 22 insertions(+), 9 deletions(-) + +diff --git a/src/uadk.h b/src/uadk.h +index 99c65c7..30c099f 100644 +--- a/src/uadk.h ++++ b/src/uadk.h +@@ -18,9 +18,6 @@ + #ifndef UADK_H + #define UADK_H + #include +-#include +-#include +-#include "uadk_utils.h" + + #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) + #define ENV_STRING_LEN 256 +diff --git a/src/uadk_async.c b/src/uadk_async.c +index 3f2e1db..2edd6ea 100644 +--- a/src/uadk_async.c ++++ b/src/uadk_async.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + #include "uadk.h" + #include "uadk_async.h" + +diff --git a/src/uadk_async.h b/src/uadk_async.h +index 9bae3f4..8a4822e 100644 +--- a/src/uadk_async.h ++++ b/src/uadk_async.h +@@ -19,8 +19,8 @@ + #define UADK_ASYNC_H + + #include +-#include + #include ++#include + + #define ASYNC_QUEUE_TASK_NUM 1024 + +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index de5f078..cc06429 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + #include "uadk.h" + #include "uadk_async.h" + +diff --git a/src/uadk_dh.c b/src/uadk_dh.c +index 6356872..680564c 100644 +--- a/src/uadk_dh.c ++++ b/src/uadk_dh.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + #include "uadk.h" + #include "uadk_async.h" + +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index 9d009a9..26a6272 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -25,8 +25,10 @@ + #include + #include + #include ++#include + #include "uadk.h" + #include "uadk_async.h" ++#include "uadk_utils.h" + + #define UADK_DO_SOFT (-0xE0) + #define CTX_SYNC 0 +diff --git a/src/uadk_ec.c b/src/uadk_ec.c +index 9b48ae7..6106083 100644 +--- a/src/uadk_ec.c ++++ b/src/uadk_ec.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + #include "uadk_pkey.h" + #include "uadk.h" + +diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c +index 67042a3..b62f81d 100644 +--- a/src/uadk_ecx.c ++++ b/src/uadk_ecx.c +@@ -14,7 +14,6 @@ + * limitations under the License. + * + */ +-#include + #include + #include + #include +@@ -24,6 +23,7 @@ + #include + #include + #include ++#include + #include "uadk_pkey.h" + #include "uadk.h" + +diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c +index 6b5ae9a..7b7a345 100644 +--- a/src/uadk_pkey.c ++++ b/src/uadk_pkey.c +@@ -17,6 +17,7 @@ + #include + #include + #include ++#include + #include "uadk_async.h" + #include "uadk.h" + #include "uadk_pkey.h" +@@ -381,6 +382,7 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey) + const EC_GROUP *group; + struct wd_dtb prikey; + const BIGNUM *d; ++ size_t degree; + int buflen; + int ret; + +@@ -396,7 +398,8 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey) + return -EINVAL; + } + +- buflen = BITS_TO_BYTES(EC_GROUP_get_degree(group)); ++ degree = EC_GROUP_get_degree(group); ++ buflen = BITS_TO_BYTES(degree); + ecc_key = wd_ecc_get_key(sess); + prikey.data = (void *)bin; + prikey.dsize = BN_bn2binpad(d, bin, buflen); +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index e9a2c53..96c898f 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + #include "uadk_async.h" + #include "uadk.h" + +@@ -55,6 +56,7 @@ + #define PRIME_RETRY_COUNT 4 + #define GENCB_NEXT 2 + #define GENCB_RETRY 3 ++#define PRIME_CHECK_BIT_NUM 4 + + static RSA_METHOD *rsa_hw_meth; + +@@ -210,7 +212,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, + * key by using the modulus in a certificate. This is also covered + * by checking the length should not be less than 0x9. + */ +- if (!BN_rshift(param->r2, param->r1, *bitse - 4)) ++ if (!BN_rshift(param->r2, param->r1, *bitse - PRIME_CHECK_BIT_NUM)) + return BN_ERR; + + bitst = BN_get_word(param->r2); +@@ -231,6 +233,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, + ret = BN_GENCB_call(cb, GENCB_NEXT, *n++); + if (!ret) + return -1; ++ + if (retries == PRIME_RETRY_COUNT) { + *num = -1; + *bitse = 0; +@@ -288,6 +291,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param, + BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb) + { + unsigned long err; ++ + /* + * BN_sub(r,a,b) substracts b from a and place the result in r, + * r = a-b. +diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c +index 578d2d8..b14fbcf 100644 +--- a/src/uadk_sm2.c ++++ b/src/uadk_sm2.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + #include "uadk.h" + #include "uadk_pkey.h" + +@@ -550,6 +551,7 @@ static size_t ec_field_size(const EC_GROUP *group) + BIGNUM *a = BN_new(); + BIGNUM *b = BN_new(); + size_t field_size = 0; ++ size_t p_bits; + + if (p == NULL || a == NULL || b == NULL) + goto done; +@@ -557,7 +559,8 @@ static size_t ec_field_size(const EC_GROUP *group) + if (!EC_GROUP_get_curve(group, p, a, b, NULL)) + goto done; + +- field_size = BITS_TO_BYTES(BN_num_bits(p)); ++ p_bits = BN_num_bits(p); ++ field_size = BITS_TO_BYTES(p_bits); + + done: + BN_free(p); +@@ -598,7 +601,7 @@ static int sm2_ciphertext_size(const EC_KEY *key, + * Integer and string are simple type; set constructed = 0, means + * primitive and definite length encoding. + */ +- sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER) ++ sz = ECC_POINT_SIZE(ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER)) + + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING) + + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING); + *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE); +-- +1.8.3.1 + -- Gitee