diff --git a/0001-digest-support-digest-multiple-update.patch b/0001-digest-support-digest-multiple-update.patch deleted file mode 100644 index 92f060c88ed2e4f1685162262473be1275b112d7..0000000000000000000000000000000000000000 --- a/0001-digest-support-digest-multiple-update.patch +++ /dev/null @@ -1,161 +0,0 @@ -From 8cc0e8724565c12f0fa6f099070ec57504cd21fa Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Thu, 9 Dec 2021 15:39:32 +0800 -Subject: [PATCH 01/18] digest: support digest multiple update - -Support digest multiple updating by using the SEC stream mode. - -Signed-off-by: Kai Ye ---- - src/uadk_digest.c | 77 ++++++++++++++++++++++++++++++++++++++--------- - 1 file changed, 62 insertions(+), 15 deletions(-) - -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index db33d16..41de449 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -31,6 +31,8 @@ - #define CTX_SYNC 0 - #define CTX_ASYNC 1 - #define CTX_NUM 2 -+#define DIGEST_DOING 1 -+#define DIGEST_END 0 - #define ENV_ENABLED 1 - - /* The max BD data length is 16M-512B */ -@@ -41,6 +43,7 @@ - #define SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512) - #define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024) - #define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512) -+#define MAX_DIGEST_LENGTH 64 - - struct digest_threshold_table { - int nid; -@@ -69,12 +72,16 @@ struct evp_md_ctx_st { - int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); - }; - -+#define DIGEST_BLOCK_SIZE 4096 -+ - struct digest_priv_ctx { - handle_t sess; - struct wd_digest_sess_setup setup; - struct wd_digest_req req; - unsigned char *data; -- long tail; -+ unsigned char out[MAX_DIGEST_LENGTH]; -+ size_t tail; -+ size_t last_update_bufflen; - bool copy; - uint32_t e_nid; - EVP_MD_CTX *soft_ctx; -@@ -496,6 +503,13 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) - if (unlikely(!priv->sess)) - return 0; - -+ priv->data = malloc(DIGEST_BLOCK_SIZE); -+ if (priv->data == NULL) { -+ wd_digest_free_sess(priv->sess); -+ return 0; -+ } -+ memset(priv->data, 0, DIGEST_BLOCK_SIZE); -+ - priv->switch_threshold = sec_digest_get_sw_threshold(nid); - - return 1; -@@ -504,6 +518,45 @@ soft_init: - return digest_soft_init(priv->soft_ctx, priv->e_nid); - } - -+static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_len) -+{ -+ struct digest_priv_ctx *priv = -+ (struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx); -+ const unsigned char *tmpdata = (const unsigned char *)data; -+ size_t left_len = data_len; -+ int copy_to_bufflen; -+ int ret; -+ -+ priv->req.has_next = DIGEST_DOING; -+ -+ while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) { -+ copy_to_bufflen = DIGEST_BLOCK_SIZE - priv->last_update_bufflen; -+ memcpy(priv->data + priv->last_update_bufflen, tmpdata, copy_to_bufflen); -+ -+ priv->last_update_bufflen = DIGEST_BLOCK_SIZE; -+ priv->req.in_bytes = DIGEST_BLOCK_SIZE; -+ priv->req.in = priv->data; -+ priv->req.out = priv->out; -+ left_len -= copy_to_bufflen; -+ tmpdata += copy_to_bufflen; -+ -+ ret = wd_do_digest_sync(priv->sess, &priv->req); -+ if (ret) -+ return 0; -+ -+ priv->last_update_bufflen = 0; -+ memset(priv->data, 0, DIGEST_BLOCK_SIZE); -+ if (left_len <= DIGEST_BLOCK_SIZE) { -+ priv->last_update_bufflen = left_len; -+ memcpy(priv->data, tmpdata, priv->last_update_bufflen); -+ break; -+ } -+ -+ } -+ -+ return 1; -+} -+ - static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_len) - { - struct digest_priv_ctx *priv = -@@ -512,20 +565,13 @@ static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_l - if (unlikely(priv->switch_flag == UADK_DO_SOFT)) - goto soft_update; - -- if ((data_len <= BUF_LEN - priv->tail) && (data_len > 0)) { -- if (!priv->data) { -- priv->data = OPENSSL_malloc(BUF_LEN); -- if (priv->data == NULL) -- return 0; -- } -- -- memcpy(priv->data + priv->tail, data, data_len); -- priv->tail += data_len; -- -+ if (priv->last_update_bufflen + data_len <= DIGEST_BLOCK_SIZE) { -+ memcpy(priv->data + priv->last_update_bufflen, data, data_len); -+ priv->last_update_bufflen += data_len; - return 1; - } - -- return 0; -+ return digest_update_inner(ctx, data, data_len); - - soft_update: - return digest_soft_update(priv->soft_ctx, priv->e_nid, data, data_len); -@@ -606,10 +652,10 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) - (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx); - int ret = 1; - struct async_op op; -- -+ priv->req.has_next = DIGEST_END; - priv->req.in = priv->data; -- priv->req.out = digest; -- priv->req.in_bytes = priv->tail; -+ priv->req.out = priv->out; -+ priv->req.in_bytes = priv->last_update_bufflen; - priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx)); - - ret = async_setup_async_event_notification(&op); -@@ -634,6 +680,7 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) - if (!ret) - goto clear; - } -+ memcpy(digest, priv->req.out, priv->req.out_bytes); - - return 1; - --- -2.24.4 - diff --git a/0001-readme-export-PKG_CONFIG_PATH-on-openEuler.patch b/0001-readme-export-PKG_CONFIG_PATH-on-openEuler.patch new file mode 100644 index 0000000000000000000000000000000000000000..fe1a1f9a4b0b24761ba4d3a0987a005a350300b8 --- /dev/null +++ b/0001-readme-export-PKG_CONFIG_PATH-on-openEuler.patch @@ -0,0 +1,85 @@ +From 2f129935991cb3d8e3fdb8b85f5c8e500390ab01 Mon Sep 17 00:00:00 2001 +From: Zhangfei Gao +Date: Tue, 6 Jun 2023 03:44:14 +0000 +Subject: [PATCH 1/7] readme: export PKG_CONFIG_PATH on openEuler + +openEuler requires setting PKG_CONFIG_PATH though /usr/local/lib/pkgconfig + +Signed-off-by: Zhangfei Gao +--- + README.md | 26 +++++++++++++++++++------- + 1 file changed, 19 insertions(+), 7 deletions(-) + +diff --git a/README.md b/README.md +index 2fe165a..ac721e3 100644 +--- a/README.md ++++ b/README.md +@@ -21,21 +21,32 @@ Installation Instruction + ======================== + + Build and install OpenSSL +------------------------ ++------------------------ + + ``` + git clone https://github.com/openssl/openssl.git + cd openssl + git checkout -b OpenSSL_1_1_1f OpenSSL_1_1_1f +- ./config -Wl,-rpath=/usr/local/lib ++ ./config + make +- make test + sudo make install + openssl version + ``` + ++Run pkg-config to ensure env is setup correctly ++----------------------------------------------- ++ ++``` ++ $ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/ ++ $ pkg-config libcrypto --libs ++ -L/usr/local/lib -lcrypto ++``` ++ ++* export ``PKG_CONFIG_PATH`` is required on openEuler, ++ where /usr/local/lib is not set as the default pkgconfig search path. ++ + Build and install UADK +--------------------- ++---------------------- + + ``` + git clone https://github.com/Linaro/uadk.git +@@ -46,16 +57,17 @@ Build and install UADK + make + sudo make install + ``` ++ + * If get error:"cannot find -lnuma", please install the libnuma-dev + * If get error:"fatal error: zlib.h: No such file or directory", please install zlib. + + Build and install UADK Engine +------------------------------------ ++----------------------------- + ``` + git clone https://github.com/Linaro/uadk_engine.git + cd uadk_engine + autoreconf -i +- ./configure --libdir=/usr/local/lib/engines-1.1/ --enable-kae ++ ./configure --libdir=/usr/local/lib/engines-1.1/ [--enable-kae] + make + sudo make install + +@@ -93,7 +105,7 @@ Install libraries to the temp folder + -L/tmp/build/lib -lwd + + $ cd uadk_engine +- $ autoreconf ++ $ autoreconf -i + $ ./configure --prefix=/tmp/build + $ make; make install + +-- +2.25.1 + diff --git a/0002-uadk_engine-define-the-variable-as-const.patch b/0002-uadk_engine-define-the-variable-as-const.patch deleted file mode 100644 index 87c693066b063f8a7c2f0032dd4dd34caa6d663d..0000000000000000000000000000000000000000 --- a/0002-uadk_engine-define-the-variable-as-const.patch +++ /dev/null @@ -1,38 +0,0 @@ -From b7bb19a4e5c239035926f952d24c2e95bf813fd8 Mon Sep 17 00:00:00 2001 -From: Weili Qian -Date: Mon, 20 Dec 2021 02:48:54 +0000 -Subject: [PATCH 02/18] uadk_engine: define the variable as 'const' - -Parameter: 'n' in the function has not been changed, -it should be defined as 'const'. - -Signed-off-by: Weili Qian ---- - src/uadk_rsa.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index bab3c24..75ae0d1 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -174,7 +174,7 @@ static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1, - } - - static int check_prime_sufficient(int *num, const int *bitsr, int *bitse, -- int *n, BIGNUM *rsa_p, BIGNUM *rsa_q, -+ const int *n, BIGNUM *rsa_p, BIGNUM *rsa_q, - BIGNUM *r1, BIGNUM *r2, BN_CTX *ctx, - BN_GENCB *cb) - { -@@ -268,7 +268,7 @@ static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, - return UADK_E_SUCCESS; - } - --static int check_prime_useful(int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2, -+static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2, - BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb) - { - unsigned long err; --- -2.24.4 - diff --git a/0002-uadk_engine-use-calloc-to-replace-malloc-memset.patch b/0002-uadk_engine-use-calloc-to-replace-malloc-memset.patch new file mode 100644 index 0000000000000000000000000000000000000000..f84e8794522aacc99e92e2482c6e2c6424ab0691 --- /dev/null +++ b/0002-uadk_engine-use-calloc-to-replace-malloc-memset.patch @@ -0,0 +1,222 @@ +From e6dcaa276f295a5baa6ea5109a943d2299ade757 Mon Sep 17 00:00:00 2001 +From: Zhangfei Gao +Date: Tue, 6 Jun 2023 05:06:32 +0000 +Subject: [PATCH 2/7] uadk_engine: use calloc to replace malloc+memset + +malloc + memset(0) can be replaced by calloc + +Signed-off-by: Zhangfei Gao +--- + src/uadk_async.c | 5 +---- + src/uadk_ecx.c | 6 ++---- + src/uadk_sm2.c | 4 +--- + src/v1/alg/dh/hpre_dh_wd.c | 3 +-- + src/v1/async/async_task_queue.c | 4 +--- + src/v1/utils/engine_log.c | 6 ++---- + src/v1/wdmngr/wd_alg_queue.c | 6 ++---- + src/v1/wdmngr/wd_queue_memory.c | 11 ++++------- + 8 files changed, 14 insertions(+), 31 deletions(-) + +diff --git a/src/uadk_async.c b/src/uadk_async.c +index f21eabb..86aa9e5 100644 +--- a/src/uadk_async.c ++++ b/src/uadk_async.c +@@ -362,13 +362,10 @@ int async_module_init(void) + if (pthread_mutex_init(&(poll_queue.async_task_mutex), NULL) < 0) + return 0; + +- poll_queue.head = malloc(sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM); ++ poll_queue.head = calloc(ASYNC_QUEUE_TASK_NUM, sizeof(struct async_poll_task)); + if (poll_queue.head == NULL) + return 0; + +- memset(poll_queue.head, 0, +- sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM); +- + if (sem_init(&poll_queue.empty_sem, 0, ASYNC_QUEUE_TASK_NUM) != 0) + goto err; + +diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c +index 2824a0d..0537890 100644 +--- a/src/uadk_ecx.c ++++ b/src/uadk_ecx.c +@@ -89,12 +89,11 @@ static int x25519_init(EVP_PKEY_CTX *ctx) + return UADK_E_FAIL; + } + +- x25519_ctx = malloc(sizeof(struct ecx_ctx)); ++ x25519_ctx = calloc(1, sizeof(struct ecx_ctx)); + if (!x25519_ctx) { + fprintf(stderr, "failed to alloc x25519 ctx\n"); + return UADK_E_FAIL; + } +- memset(x25519_ctx, 0, sizeof(struct ecx_ctx)); + + setup.alg = "x25519"; + setup.key_bits = X25519_KEYBITS; +@@ -146,13 +145,12 @@ static int x448_init(EVP_PKEY_CTX *ctx) + return UADK_E_FAIL; + } + +- x448_ctx = malloc(sizeof(struct ecx_ctx)); ++ x448_ctx = calloc(1, sizeof(struct ecx_ctx)); + if (!x448_ctx) { + fprintf(stderr, "failed to alloc x448 ctx\n"); + return UADK_E_FAIL; + } + +- memset(x448_ctx, 0, sizeof(struct ecx_ctx)); + setup.alg = "x448"; + setup.key_bits = X448_KEYBITS; + params.numa_id = uadk_e_ecc_get_numa_id(); +diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c +index 01186ef..63d4fdf 100644 +--- a/src/uadk_sm2.c ++++ b/src/uadk_sm2.c +@@ -1157,14 +1157,12 @@ static int sm2_init(EVP_PKEY_CTX *ctx) + struct sm2_ctx *smctx; + int ret; + +- smctx = malloc(sizeof(*smctx)); ++ smctx = calloc(1, sizeof(*smctx)); + if (!smctx) { + fprintf(stderr, "failed to alloc sm2 ctx\n"); + return 0; + } + +- memset(smctx, 0, sizeof(*smctx)); +- + ret = uadk_e_ecc_get_support_state(SM2_SUPPORT); + if (!ret) { + fprintf(stderr, "sm2 is not supported\n"); +diff --git a/src/v1/alg/dh/hpre_dh_wd.c b/src/v1/alg/dh/hpre_dh_wd.c +index 38a3d09..8dbb9b4 100644 +--- a/src/v1/alg/dh/hpre_dh_wd.c ++++ b/src/v1/alg/dh/hpre_dh_wd.c +@@ -265,12 +265,11 @@ static hpre_dh_engine_ctx_t *hpre_dh_new_eng_ctx(DH *alg) + { + hpre_dh_engine_ctx_t *eng_ctx = NULL; + +- eng_ctx = (hpre_dh_engine_ctx_t *)OPENSSL_malloc(sizeof(hpre_dh_engine_ctx_t)); ++ eng_ctx = (hpre_dh_engine_ctx_t *)OPENSSL_calloc(1, sizeof(hpre_dh_engine_ctx_t)); + if (eng_ctx == NULL) { + US_ERR("hpre engine_ctx malloc fail"); + return NULL; + } +- kae_memset(eng_ctx, 0, sizeof(hpre_dh_engine_ctx_t)); + + eng_ctx->priv_ctx.ssl_alg = alg; + eng_ctx->qlist = kae_get_node_from_pool(g_hpre_dh_qnode_pool); +diff --git a/src/v1/async/async_task_queue.c b/src/v1/async/async_task_queue.c +index 2feea7e..0ef1e84 100644 +--- a/src/v1/async/async_task_queue.c ++++ b/src/v1/async/async_task_queue.c +@@ -60,13 +60,11 @@ int async_poll_task_init_v1(void) + kae_memset(&g_async_poll_queue, 0, sizeof(g_async_poll_queue)); + + g_async_poll_queue.async_poll_task_queue_head = +- (async_poll_task *)malloc(sizeof(async_poll_task) * ASYNC_POLL_TASK_NUM); ++ (async_poll_task *)calloc(ASYNC_POLL_TASK_NUM, sizeof(async_poll_task)); + if (g_async_poll_queue.async_poll_task_queue_head == NULL) { + US_ERR("no enough memory for task queue, errno=%d", errno); //lint !e666 + return 0; + } +- kae_memset(g_async_poll_queue.async_poll_task_queue_head, 0, +- sizeof(async_poll_task) * ASYNC_POLL_TASK_NUM); + g_async_poll_queue.left_task = ASYNC_POLL_TASK_NUM; + + ret = sem_init(&g_async_poll_queue.empty_sem, 0, (unsigned int)g_async_poll_queue.left_task); +diff --git a/src/v1/utils/engine_log.c b/src/v1/utils/engine_log.c +index 6e32b97..ef009e5 100644 +--- a/src/v1/utils/engine_log.c ++++ b/src/v1/utils/engine_log.c +@@ -60,12 +60,10 @@ static void kae_set_conf_debuglevel(void) + + if (conf_path == NULL || strlen(conf_path) > MAX_CONFIG_LEN) + goto err; +- file_path = (char *)kae_malloc(strlen(conf_path) + strlen(filename) + 1); +- debuglev = (char *)kae_malloc(MAX_LEVEL_LEN); ++ file_path = (char *)kae_calloc(1, strlen(conf_path) + strlen(filename) + 1); ++ debuglev = (char *)kae_calloc(1, MAX_LEVEL_LEN); + if (!file_path || !debuglev) + goto err; +- memset(debuglev, 0, MAX_LEVEL_LEN); +- memset(file_path, 0, sizeof(conf_path) + sizeof(filename) + 1); + strcat(file_path, conf_path); + strcat(file_path, filename); + ret = kae_drv_get_item(file_path, "LogSection", "debug_level", debuglev); +diff --git a/src/v1/wdmngr/wd_alg_queue.c b/src/v1/wdmngr/wd_alg_queue.c +index 5cd33ae..098231f 100644 +--- a/src/v1/wdmngr/wd_alg_queue.c ++++ b/src/v1/wdmngr/wd_alg_queue.c +@@ -21,16 +21,14 @@ + + struct wd_queue *wd_new_queue(int algtype) + { +- struct wd_queue *queue = (struct wd_queue *)kae_malloc(sizeof(struct wd_queue)); + int ret; +- ++ struct wd_queue *queue = (struct wd_queue *)kae_calloc(1, ++ sizeof(struct wd_queue)); + if (queue == NULL) { + US_ERR("malloc failed"); + return NULL; + } + +- kae_memset(queue, 0, sizeof(struct wd_queue)); +- + switch (algtype) { + case WCRYPTO_RSA: + queue->capa.alg = "rsa"; +diff --git a/src/v1/wdmngr/wd_queue_memory.c b/src/v1/wdmngr/wd_queue_memory.c +index e6e7a2c..5f28357 100644 +--- a/src/v1/wdmngr/wd_queue_memory.c ++++ b/src/v1/wdmngr/wd_queue_memory.c +@@ -62,13 +62,12 @@ struct wd_queue_mempool *wd_queue_mempool_create(struct wd_queue *q, unsigned in + kae_memset(addr, 0, rsv_mm_sz); + + bitmap_sz = (block_num / BLOCKS_PER_BITMAP + 1) * sizeof(unsigned int); +- pool = +- (struct wd_queue_mempool *)kae_malloc(sizeof(struct wd_queue_mempool) + bitmap_sz); ++ pool = (struct wd_queue_mempool *)kae_calloc(1, ++ sizeof(struct wd_queue_mempool) + bitmap_sz); + if (pool == NULL) { + US_ERR("Alloc pool handle fail!"); + return NULL; + } +- kae_memset(pool, 0, sizeof(struct wd_queue_mempool) + bitmap_sz); + + pool->base = addr; + sem_init(&pool->mempool_sem, 0, 1); +@@ -190,13 +189,12 @@ KAE_QUEUE_POOL_HEAD_S *kae_init_queue_pool(int algtype) + + /* malloc a pool */ + kae_pool->kae_queue_pool = (KAE_QUEUE_POOL_NODE_S *) +- kae_malloc(KAE_QUEUE_POOL_MAX_SIZE * sizeof(KAE_QUEUE_POOL_NODE_S)); ++ kae_calloc(KAE_QUEUE_POOL_MAX_SIZE, sizeof(KAE_QUEUE_POOL_NODE_S)); + if (kae_pool->kae_queue_pool == NULL) { + US_ERR("malloc failed"); + kae_free(kae_pool); + return NULL; + } +- kae_memset(kae_pool->kae_queue_pool, 0, KAE_QUEUE_POOL_MAX_SIZE * sizeof(KAE_QUEUE_POOL_NODE_S)); + + pthread_mutex_init(&kae_pool->kae_queue_mutex, NULL); + pthread_mutex_init(&kae_pool->destroy_mutex, NULL); +@@ -271,12 +269,11 @@ static KAE_QUEUE_DATA_NODE_S *kae_new_wd_queue_memory(int algtype) + { + KAE_QUEUE_DATA_NODE_S *queue_node = NULL; + +- queue_node = (KAE_QUEUE_DATA_NODE_S *)kae_malloc(sizeof(KAE_QUEUE_DATA_NODE_S)); ++ queue_node = (KAE_QUEUE_DATA_NODE_S *)kae_calloc(1, sizeof(KAE_QUEUE_DATA_NODE_S)); + if (queue_node == NULL) { + US_ERR("malloc failed"); + return NULL; + } +- kae_memset(queue_node, 0, sizeof(KAE_QUEUE_DATA_NODE_S)); + + queue_node->kae_wd_queue = wd_new_queue(algtype); + if (queue_node->kae_wd_queue == NULL) { +-- +2.25.1 + diff --git a/0003-ecc-fix-codecheck-warning.patch b/0003-ecc-fix-codecheck-warning.patch deleted file mode 100644 index f6eb7eaebe165c82964433c826006824d3af1574..0000000000000000000000000000000000000000 --- a/0003-ecc-fix-codecheck-warning.patch +++ /dev/null @@ -1,113 +0,0 @@ -From 1cd8bd255ae0f55742d2dffa7ba09aea28d56c9a Mon Sep 17 00:00:00 2001 -From: Weili Qian -Date: Wed, 22 Dec 2021 03:37:13 +0000 -Subject: [PATCH 03/18] ecc: fix codecheck warning - -fix a more than 50 lines function 'uadk_wd_ecc_init'. - -Signed-off-by: Weili Qian ---- - src/uadk_pkey.c | 61 +++++++++++++++++++++++++------------------------ - 1 file changed, 31 insertions(+), 30 deletions(-) - -diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c -index c20b22b..62362b0 100644 ---- a/src/uadk_pkey.c -+++ b/src/uadk_pkey.c -@@ -178,38 +178,20 @@ static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev) - return async_register_poll_fn(ASYNC_TASK_ECC, uadk_e_ecc_env_poll); - } - --static int uadk_wd_ecc_init(struct ecc_res_config *config) -+static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev, -+ struct wd_sched *sched) - { -- struct wd_sched *sched = &config->sched.wd_sched; - struct wd_ctx_config *ctx_cfg; -- struct uacce_dev *dev; - int ret, i; - -- /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */ -- dev = wd_get_accel_dev("ecdsa"); -- if (!dev) -- return -ENOMEM; -- -- config->numa_id = dev->numa_id; -- -- ret = uadk_e_is_env_enabled("ecc"); -- if (ret == ENV_ENABLED) { -- ret = uadk_e_wd_ecc_env_init(dev); -- goto free_dev; -- } -- -- if (ecc_res.ctx_res) { -- ret = 0; -- goto free_dev; -- } -+ if (ecc_res.ctx_res) -+ return 0; - - ctx_cfg = calloc(1, sizeof(struct wd_ctx_config)); -- if (!ctx_cfg) { -+ if (!ctx_cfg) - ret = -ENOMEM; -- goto free_dev; -- } -- ecc_res.ctx_res = ctx_cfg; - -+ ecc_res.ctx_res = ctx_cfg; - ctx_cfg->ctx_num = CTX_NUM; - ctx_cfg->ctxs = calloc(CTX_NUM, sizeof(struct wd_ctx)); - if (!ctx_cfg->ctxs) { -@@ -230,23 +212,42 @@ static int uadk_wd_ecc_init(struct ecc_res_config *config) - if (ret) - goto free_ctx; - -- free(dev); -- - return async_register_poll_fn(ASYNC_TASK_ECC, uadk_ecc_poll); - - free_ctx: - for (i = 0; i < CTX_NUM; i++) { -- if (ctx_cfg->ctxs[i].ctx) { -+ if (ctx_cfg->ctxs[i].ctx) - wd_release_ctx(ctx_cfg->ctxs[i].ctx); -- ctx_cfg->ctxs[i].ctx = 0; -- } - } - free(ctx_cfg->ctxs); - free_cfg: - free(ctx_cfg); - ecc_res.ctx_res = NULL; --free_dev: -+ -+ return ret; -+} -+ -+static int uadk_wd_ecc_init(struct ecc_res_config *config) -+{ -+ struct wd_sched *sched = &config->sched.wd_sched; -+ struct uacce_dev *dev; -+ int ret; -+ -+ /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */ -+ dev = wd_get_accel_dev("ecdsa"); -+ if (!dev) -+ return -ENOMEM; -+ -+ config->numa_id = dev->numa_id; -+ -+ ret = uadk_e_is_env_enabled("ecc"); -+ if (ret) -+ ret = uadk_e_wd_ecc_env_init(dev); -+ else -+ ret = uadk_e_wd_ecc_general_init(dev, sched); -+ - free(dev); -+ - return ret; - } - --- -2.24.4 - diff --git a/0003-v1-some-code-clean.patch b/0003-v1-some-code-clean.patch new file mode 100644 index 0000000000000000000000000000000000000000..922a81264cbb5c6eabe269391aa4ca341bfe08e4 --- /dev/null +++ b/0003-v1-some-code-clean.patch @@ -0,0 +1,125 @@ +From e6dae9e2197dad6173f9ec7fbc55373adcfbb29e Mon Sep 17 00:00:00 2001 +From: Zhangfei Gao +Date: Tue, 6 Jun 2023 06:12:23 +0000 +Subject: [PATCH 3/7] v1: some code clean + +remove #if 0, print address, etc + +Signed-off-by: Zhangfei Gao +--- + src/v1/alg/ciphers/sec_ciphers_soft.c | 15 ++++----------- + src/v1/alg/pkey/hpre_rsa.c | 20 +------------------- + src/v1/alg/pkey/hpre_rsa_utils.c | 5 ++--- + 3 files changed, 7 insertions(+), 33 deletions(-) + +diff --git a/src/v1/alg/ciphers/sec_ciphers_soft.c b/src/v1/alg/ciphers/sec_ciphers_soft.c +index 71fbb33..9c597b5 100644 +--- a/src/v1/alg/ciphers/sec_ciphers_soft.c ++++ b/src/v1/alg/ciphers/sec_ciphers_soft.c +@@ -110,11 +110,11 @@ int sec_ciphers_sw_impl_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + + /* allowed iv to be empty. */ + if (unlikely(key == NULL)) { +- US_ERR("kae sw init parameter is NULL. key=%p", key); ++ US_ERR("kae sw init parameter is NULL"); + return KAE_FAIL; + } + if (unlikely(ctx == NULL)) { +- US_ERR("kae sw init parameter is NULL. ctx=%p", ctx); ++ US_ERR("kae sw init parameter is NULL"); + return KAE_FAIL; + } + +@@ -155,11 +155,10 @@ int sec_ciphers_sw_impl_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + ret = EVP_CIPHER_meth_get_init(sw_cipher)(ctx, key, iv, enc); + EVP_CIPHER_CTX_set_cipher_data(ctx, priv_ctx); + if (ret != OPENSSL_SUCCESS) { +- US_ERR("OPENSSL init key failed. ctx=%p", ctx); ++ US_ERR("OPENSSL init key failed."); + kae_free(priv_ctx->sw_ctx_data); + return KAE_FAIL; + } +- US_DEBUG("kae sw init impl success. ctx=%p", ctx); + + return KAE_SUCCESS; + } +@@ -185,18 +184,14 @@ int sec_ciphers_sw_impl_cleanup(EVP_CIPHER_CTX *ctx) + + kae_free(priv_ctx->sw_ctx_data); + +- US_DEBUG("kae sw cleanup impl success, ctx=%p", ctx); +- + return KAE_SUCCESS; + } + + static int sec_ciphers_sw_impl_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) + { +- if (unlikely((ctx == NULL) || (out == NULL) || (in == NULL))) { +- US_ERR("kae sw cipher parameter is null.ctx=%p, in=%p, out=%p, inl=%d", ctx, out, in, (int)inl); ++ if (unlikely((ctx == NULL) || (out == NULL) || (in == NULL))) + return KAE_FAIL; +- } + + cipher_priv_ctx_t *priv_ctx = (cipher_priv_ctx_t *)EVP_CIPHER_CTX_get_cipher_data(ctx); + +@@ -277,8 +272,6 @@ int sec_ciphers_sw_hw_ctx_sync(EVP_CIPHER_CTX *ctx, sec_cipher_priv_ctx_syncto_t + } + } + +- US_DEBUG("state sync success, direct=%d[1:SW_TO_HW, 2:HW_TO_SW], offset=%d", direction, num); +- + return KAE_SUCCESS; + } + +diff --git a/src/v1/alg/pkey/hpre_rsa.c b/src/v1/alg/pkey/hpre_rsa.c +index 6c1d96d..4e21dde 100644 +--- a/src/v1/alg/pkey/hpre_rsa.c ++++ b/src/v1/alg/pkey/hpre_rsa.c +@@ -67,25 +67,7 @@ RSA_METHOD *hpre_get_rsa_methods(void) + return g_hpre_rsa_method; + if (g_soft_rsa_method != NULL) + return g_soft_rsa_method; +-#if 0 +- if (!kae_get_device(g_hpre_device)) { +- const RSA_METHOD *default_soft_method = RSA_PKCS1_OpenSSL(); +- +- g_soft_rsa_method = RSA_meth_new("SOFT RSA METHOD", 0); +- ret &= RSA_meth_set_pub_enc(g_soft_rsa_method, RSA_meth_get_pub_enc(default_soft_method)); +- ret &= RSA_meth_set_priv_enc(g_soft_rsa_method, RSA_meth_get_priv_enc(default_soft_method)); +- ret &= RSA_meth_set_pub_dec(g_soft_rsa_method, RSA_meth_get_pub_dec(default_soft_method)); +- ret &= RSA_meth_set_priv_dec(g_soft_rsa_method, RSA_meth_get_priv_dec(default_soft_method)); +- ret &= RSA_meth_set_keygen(g_soft_rsa_method, hpre_rsa_soft_genkey); +- ret &= RSA_meth_set_mod_exp(g_soft_rsa_method, RSA_meth_get_mod_exp(default_soft_method)); +- ret &= RSA_meth_set_bn_mod_exp(g_soft_rsa_method, RSA_meth_get_bn_mod_exp(default_soft_method)); +- if (ret == 0) { +- US_ERR("Failed to set SOFT RSA methods"); +- return NULL; +- } +- return g_soft_rsa_method; +- } +-#endif ++ + g_hpre_rsa_method = RSA_meth_new("HPRE RSA method", 0); + if (g_hpre_rsa_method == NULL) { + KAEerr(KAE_F_HPRE_GET_RSA_METHODS, KAE_R_MALLOC_FAILURE); +diff --git a/src/v1/alg/pkey/hpre_rsa_utils.c b/src/v1/alg/pkey/hpre_rsa_utils.c +index 0630b28..317a5a0 100644 +--- a/src/v1/alg/pkey/hpre_rsa_utils.c ++++ b/src/v1/alg/pkey/hpre_rsa_utils.c +@@ -44,10 +44,9 @@ void hpre_free_bn_ctx_buf(BN_CTX *bn_ctx, unsigned char *in_buf, int num) + int hpre_rsa_check_para(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa) + { +- if ((rsa == NULL || from == NULL || to == NULL || flen <= 0)) { +- US_ERR("RSA key %p, input %p or output %p are NULL, or flen invalid length.\n", rsa, from, to); ++ if ((rsa == NULL || from == NULL || to == NULL || flen <= 0)) + return HPRE_CRYPTO_FAIL; +- } ++ + return HPRE_CRYPTO_SUCC; + } + +-- +2.25.1 + diff --git a/0004-rsa-delete-redundant-copy.patch b/0004-rsa-delete-redundant-copy.patch deleted file mode 100644 index 8bf9eae93e328993fc07f9ad5c8faf5b144be1dc..0000000000000000000000000000000000000000 --- a/0004-rsa-delete-redundant-copy.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 6c916851ae54c9272a96c7af73cba83598ab3c43 Mon Sep 17 00:00:00 2001 -From: Weili Qian -Date: Wed, 22 Dec 2021 03:51:48 +0000 -Subject: [PATCH 04/18] rsa: delete redundant copy - -'from_buf' and 'req.src' point to the same address space, -redundant copy is not required. - -Signed-off-by: Weili Qian ---- - src/uadk_rsa.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index 75ae0d1..1e1e226 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -1595,7 +1595,6 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, - goto free_buf; - } - -- memcpy(rsa_sess->req.src, from_buf, rsa_sess->req.src_bytes); - ret = rsa_do_crypto(rsa_sess); - if (!ret || rsa_sess->req.status) { - ret = UADK_DO_SOFT; --- -2.24.4 - diff --git a/0004-v1-fix-implicit-declaration-of-function-OPENSSL_call.patch b/0004-v1-fix-implicit-declaration-of-function-OPENSSL_call.patch new file mode 100644 index 0000000000000000000000000000000000000000..aac63af31fe21f72fe2fbc1dea9da54ee46480f5 --- /dev/null +++ b/0004-v1-fix-implicit-declaration-of-function-OPENSSL_call.patch @@ -0,0 +1,41 @@ +From 1d05480962b3110b8da9f467cc3dbd9047f04589 Mon Sep 17 00:00:00 2001 +From: Zhangfei Gao +Date: Fri, 16 Jun 2023 02:09:00 +0000 +Subject: [PATCH 4/7] =?UTF-8?q?v1:=20fix=20implicit=20declaration=20of=20f?= + =?UTF-8?q?unction=20=E2=80=98OPENSSL=5Fcalloc=E2=80=99?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fix implicit declaration of function ‘OPENSSL_calloc’ with calloc + +Signed-off-by: Zhangfei Gao +--- + src/v1/alg/dh/hpre_dh_wd.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/v1/alg/dh/hpre_dh_wd.c b/src/v1/alg/dh/hpre_dh_wd.c +index 8dbb9b4..b8ca9a1 100644 +--- a/src/v1/alg/dh/hpre_dh_wd.c ++++ b/src/v1/alg/dh/hpre_dh_wd.c +@@ -199,7 +199,7 @@ void hpre_dh_free_eng_ctx(hpre_dh_engine_ctx_t *eng_ctx) + eng_ctx->opdata.pri = NULL; + eng_ctx->opdata.x_p = NULL; + eng_ctx->opdata.pv = NULL; +- OPENSSL_free(eng_ctx); ++ free(eng_ctx); + eng_ctx = NULL; + } + +@@ -265,7 +265,7 @@ static hpre_dh_engine_ctx_t *hpre_dh_new_eng_ctx(DH *alg) + { + hpre_dh_engine_ctx_t *eng_ctx = NULL; + +- eng_ctx = (hpre_dh_engine_ctx_t *)OPENSSL_calloc(1, sizeof(hpre_dh_engine_ctx_t)); ++ eng_ctx = (hpre_dh_engine_ctx_t *)calloc(1, sizeof(hpre_dh_engine_ctx_t)); + if (eng_ctx == NULL) { + US_ERR("hpre engine_ctx malloc fail"); + return NULL; +-- +2.25.1 + diff --git a/0005-rsa-fix-coverity-warning.patch b/0005-rsa-fix-coverity-warning.patch deleted file mode 100644 index f444142e206c5d46987c638d8a97313e0fa1ecf4..0000000000000000000000000000000000000000 --- a/0005-rsa-fix-coverity-warning.patch +++ /dev/null @@ -1,35 +0,0 @@ -From f5fac71459234b4e44fe8ff386b19627e88ad680 Mon Sep 17 00:00:00 2001 -From: Weili Qian -Date: Wed, 22 Dec 2021 06:39:46 +0000 -Subject: [PATCH 05/18] rsa: fix coverity warning - -Parameter: 'n' in the function 'get_prime_once' has not -been changed, it should be defined as 'const'. - -Signed-off-by: Weili Qian ---- - src/uadk_rsa.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index 1e1e226..cb98159 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -307,10 +307,10 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r - return GET_ERR_FINISH; - } - --static int get_prime_once(int num, const int *bitsr, int *n, BIGNUM *prime, -- BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1, -- BIGNUM *r2, BIGNUM *e_pub, BN_CTX *ctx, -- BN_GENCB *cb) -+static int get_prime_once(int num, const int *bitsr, const int *n, -+ BIGNUM *prime, BIGNUM *rsa_p, BIGNUM *rsa_q, -+ BIGNUM *r1, BIGNUM *r2, BIGNUM *e_pub, -+ BN_CTX *ctx, BN_GENCB *cb) - { - int ret = -1; - --- -2.24.4 - diff --git a/0005-uadk-build-uadk_engine-only-if-openssl-1.1.patch b/0005-uadk-build-uadk_engine-only-if-openssl-1.1.patch new file mode 100644 index 0000000000000000000000000000000000000000..07c8f1d7a0426182a26a92ca3c4d3d962ec84223 --- /dev/null +++ b/0005-uadk-build-uadk_engine-only-if-openssl-1.1.patch @@ -0,0 +1,93 @@ +From aa06f50efb5725a99f5ff93cca04c968ec981635 Mon Sep 17 00:00:00 2001 +From: Zhangfei Gao +Date: Fri, 9 Jun 2023 04:52:30 +0000 +Subject: [PATCH 5/7] uadk: build uadk_engine only if openssl 1.1 + +Rename e_uadk.c to uadk_engine_init.c +Build uadk_engine only if openssl 1.1 + +Signed-off-by: Zhangfei Gao +--- + Makefile.am | 2 -- + configure.ac | 7 ++++--- + src/Makefile.am | 11 ++++++++--- + src/{e_uadk.c => uadk_engine_init.c} | 0 + 4 files changed, 12 insertions(+), 8 deletions(-) + rename src/{e_uadk.c => uadk_engine_init.c} (100%) + +diff --git a/Makefile.am b/Makefile.am +index 55fd400..1ade214 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -1,7 +1,5 @@ + ACLOCAL_AMFLAGS = -I m4 + +-if HAVE_CRYPTO + if HAVE_WD + SUBDIRS = src + endif +-endif +diff --git a/configure.ac b/configure.ac +index fb03a5b..0fc14ed 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1,6 +1,5 @@ + AC_PREREQ([2.69]) + AC_INIT([uadk_engine], [1.2]) +-AC_CONFIG_SRCDIR([src/e_uadk.c]) + AM_INIT_AUTOMAKE([1.10 no-define]) + + AC_CONFIG_MACRO_DIR([m4]) +@@ -15,8 +14,6 @@ AC_ARG_ENABLE(kae, + AC_SUBST(enable_kae) + AM_CONDITIONAL([WD_KAE], [test "$enable_kae" = "yes"]) + +-AC_CHECK_HEADERS([openssl/engine.h]) +- + PKG_CHECK_MODULES(WD, libwd libwd_crypto, [with_wd=yes], [with_wd=no]) + AM_CONDITIONAL(HAVE_WD, [test "$with_wd" != "no"]) + +@@ -24,6 +21,10 @@ PKG_CHECK_MODULES(libcrypto, libcrypto < 3.0 libcrypto >= 1.1, + [with_crypto=yes], [with_crypto=no]) + AM_CONDITIONAL(HAVE_CRYPTO, test "$with_crypto" != "no") + ++PKG_CHECK_MODULES(libcrypto, libcrypto >= 3.0, ++ [with_crypto3=yes], [with_crypto3=no]) ++AM_CONDITIONAL(HAVE_CRYPTO3, test "$with_crypto3" != "no") ++ + AC_CONFIG_FILES([ + Makefile + src/Makefile]) +diff --git a/src/Makefile.am b/src/Makefile.am +index 8ced0e8..65afe1d 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -1,13 +1,18 @@ + VERSION = 1:2 + ACLOCAL_AMFLAGS = -I m4 + ++if HAVE_CRYPTO + lib_LTLIBRARIES=uadk_engine.la ++endif #HAVE_CRYPTO ++ ++uadk_engine_la_SOURCES=uadk_utils.c uadk_engine_init.c uadk_cipher.c \ ++ uadk_digest.c uadk_async.c uadk_rsa.c uadk_sm2.c \ ++ uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c + +-uadk_engine_la_SOURCES=uadk_utils.c e_uadk.c uadk_cipher.c uadk_digest.c uadk_async.c \ +- uadk_rsa.c uadk_sm2.c uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c + uadk_engine_la_LIBADD=-ldl $(WD_LIBS) -lpthread + uadk_engine_la_LDFLAGS=-module -version-number $(VERSION) +-uadk_engine_la_CFLAGS=$(WD_CFLAGS) ++uadk_engine_la_CFLAGS=$(WD_CFLAGS) $(libcrypto_CFLAGS) ++uadk_engine_la_CFLAGS+=-DCRYPTO + + AUTOMAKE_OPTIONS = subdir-objects + +diff --git a/src/e_uadk.c b/src/uadk_engine_init.c +similarity index 100% +rename from src/e_uadk.c +rename to src/uadk_engine_init.c +-- +2.25.1 + diff --git a/0006-ecc-cleanup-duplicate-public-key-allocation.patch b/0006-ecc-cleanup-duplicate-public-key-allocation.patch deleted file mode 100644 index 95b735b6cac96fa6a993f051cab88c51e7355f81..0000000000000000000000000000000000000000 --- a/0006-ecc-cleanup-duplicate-public-key-allocation.patch +++ /dev/null @@ -1,165 +0,0 @@ -From 941c89ea6fefe3e78255437788c3f274b6c81414 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Wed, 22 Dec 2021 08:27:45 +0000 -Subject: [PATCH 06/18] ecc: cleanup duplicate public key allocation - -Remove duplicate allocation and copy of public key. - -Signed-off-by: Zhiqi Song ---- - src/uadk_ec.c | 95 +++++++++++++++++++++++++++------------------------ - 1 file changed, 51 insertions(+), 44 deletions(-) - -diff --git a/src/uadk_ec.c b/src/uadk_ec.c -index d97436b..9040d3c 100644 ---- a/src/uadk_ec.c -+++ b/src/uadk_ec.c -@@ -784,59 +784,78 @@ static int sm2_keygen_init_iot(handle_t sess, struct wd_ecc_req *req) - - static int eckey_create_key(EC_KEY *eckey) - { -- const EC_GROUP *group; -- EC_POINT *pub_key; - BIGNUM *priv_key; -+ int ret; - -- group = EC_KEY_get0_group(eckey); -- pub_key = (EC_POINT *)EC_KEY_get0_public_key(eckey); -- if (!pub_key) { -- pub_key = EC_POINT_new(group); -- if (!pub_key) { -- fprintf(stderr, "failed to new pub_key\n"); -- return -1; -- } -- EC_KEY_set_public_key(eckey, pub_key); -+ priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey); -+ if (priv_key) -+ return 1; -+ -+ priv_key = BN_new(); -+ if (!priv_key) { -+ fprintf(stderr, "failed to BN_new priv_key\n"); -+ return 0; - } - -+ ret = EC_KEY_set_private_key(eckey, priv_key); -+ if (!ret) -+ fprintf(stderr, "failed to set private key\n"); -+ -+ BN_free(priv_key); -+ return ret; -+} -+ -+static int ecdh_set_private_key(EC_KEY *eckey, BIGNUM *order) -+{ -+ BIGNUM *priv_key; -+ int ret; -+ -+ priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey); -+ if (priv_key) -+ return 1; -+ - priv_key = BN_new(); - if (!priv_key) { - fprintf(stderr, "failed to BN_new priv_key\n"); -- return -1; -+ return 0; - } -- EC_KEY_set_private_key(eckey, priv_key); - -- return 0; -+ do { -+ if (!BN_rand_range(priv_key, order)) { -+ fprintf(stderr, "failed to generate random value\n"); -+ ret = 0; -+ goto free_priv_key; -+ } -+ } while (BN_is_zero(priv_key)); -+ -+ ret = EC_KEY_set_private_key(eckey, priv_key); -+ if (!ret) -+ fprintf(stderr, "failed to set private key\n"); -+ -+free_priv_key: -+ BN_free(priv_key); -+ return ret; - } - - static int ecdh_create_key(EC_KEY *eckey) - { -- BIGNUM *priv_key, *order; - const EC_GROUP *group; -- EC_POINT *pub_key; -+ BIGNUM *order; - BN_CTX *ctx; -- int ret = 0; -+ int ret; - - group = EC_KEY_get0_group(eckey); -- pub_key = (EC_POINT *)EC_KEY_get0_public_key(eckey); -- if (!pub_key) { -- pub_key = EC_POINT_new(group); -- if (!pub_key) { -- fprintf(stderr, "failed to new pub_key\n"); -- return ret; -- } -- ret = EC_KEY_set_public_key(eckey, pub_key); -- } - - ctx = BN_CTX_new(); - if (!ctx) { - fprintf(stderr, "failed to allocate ctx\n"); -- return ret; -+ return 0; - } - -- order = BN_CTX_get(ctx); -+ order = BN_CTX_get(ctx); - if (!order) { - fprintf(stderr, "failed to allocate order\n"); -+ ret = 0; - goto free_ctx; - } - -@@ -846,26 +865,14 @@ static int ecdh_create_key(EC_KEY *eckey) - goto free_order; - } - -- priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey); -- if (!priv_key) { -- priv_key = BN_new(); -- if (!priv_key) { -- fprintf(stderr, "failed to BN_new priv_key\n"); -- goto free_order; -- } -- do { -- if (!BN_rand_range(priv_key, order)) -- fprintf(stderr, "failed to generate random value\n"); -- } while (BN_is_zero(priv_key)); -- ret = EC_KEY_set_private_key(eckey, priv_key); -- } -- ret = 1; -+ ret = ecdh_set_private_key(eckey, order); -+ if (!ret) -+ fprintf(stderr, "failed to set private key\n"); - - free_order: - BN_clear(order); - free_ctx: - BN_CTX_free(ctx); -- - return ret; - } - -@@ -880,7 +887,7 @@ static int sm2_generate_key(EC_KEY *eckey) - goto do_soft; - - ret = eckey_create_key(eckey); -- if (ret) -+ if (!ret) - return ret; - - ret = UADK_DO_SOFT; --- -2.24.4 - diff --git a/0006-uadk-support-openssl-3.0.patch b/0006-uadk-support-openssl-3.0.patch new file mode 100644 index 0000000000000000000000000000000000000000..0a28d7f08df1d1d04c9717cf7f7587c8309c6f76 --- /dev/null +++ b/0006-uadk-support-openssl-3.0.patch @@ -0,0 +1,915 @@ +From c6aab5dadf83fad2716b1687366d040303b1301c Mon Sep 17 00:00:00 2001 +From: Zhangfei Gao +Date: Fri, 9 Jun 2023 09:04:30 +0000 +Subject: [PATCH 6/7] uadk: support openssl 3.0 + +Openssl3.0 provoder will be built when libcrypto >= 3.0 + +First step to support digest + +Test with +openssl speed -provider xx/uadk_provider.so -provider default -evp md5 +openssl speed -provider xx/uadk_provider.so -provider default -evp sm3 +openssl speed -provider xx/uadk_provider.so -provider default -evp sha1 +openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-224 +openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-256 +openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-384 +openssl speed -provider xx/uadk_provider.so -provider default -evp sha2-512 + +Signed-off-by: Zhangfei Gao +--- + src/Makefile.am | 11 + + src/uadk_prov.h | 30 ++ + src/uadk_prov_digest.c | 699 +++++++++++++++++++++++++++++++++++++++++ + src/uadk_prov_init.c | 110 +++++++ + 4 files changed, 850 insertions(+) + create mode 100644 src/uadk_prov.h + create mode 100644 src/uadk_prov_digest.c + create mode 100644 src/uadk_prov_init.c + +diff --git a/src/Makefile.am b/src/Makefile.am +index 65afe1d..bfaeb78 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -5,6 +5,10 @@ if HAVE_CRYPTO + lib_LTLIBRARIES=uadk_engine.la + endif #HAVE_CRYPTO + ++if HAVE_CRYPTO3 ++lib_LTLIBRARIES=uadk_provider.la ++endif #HAVE_CRYPTO3 ++ + uadk_engine_la_SOURCES=uadk_utils.c uadk_engine_init.c uadk_cipher.c \ + uadk_digest.c uadk_async.c uadk_rsa.c uadk_sm2.c \ + uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c +@@ -45,3 +49,10 @@ uadk_engine_la_SOURCES+=v1/alg/ciphers/sec_ciphers.c \ + v1/async/async_poll.c \ + v1/async/async_task_queue.c + endif #WD_KAE ++ ++uadk_provider_la_SOURCES=uadk_prov_init.c uadk_prov_digest.c uadk_async.c uadk_utils.c ++ ++uadk_provider_la_LDFLAGS=-module -version-number $(VERSION) ++uadk_provider_la_LIBADD=$(WD_LIBS) -lpthread ++uadk_provider_la_CFLAGS=$(WD_CFLAGS) $(libcrypto_CFLAGS) ++uadk_provider_la_CFLAGS+=-DCRYPTO3 +diff --git a/src/uadk_prov.h b/src/uadk_prov.h +new file mode 100644 +index 0000000..c63c3fe +--- /dev/null ++++ b/src/uadk_prov.h +@@ -0,0 +1,30 @@ ++/* ++ * Copyright 2023-2024 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2023-2024 Linaro ltd. ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ * ++ */ ++#ifndef UADK_PROV_H ++#define UADK_PROV_H ++ ++extern const OSSL_DISPATCH uadk_md5_functions[]; ++extern const OSSL_DISPATCH uadk_sm3_functions[]; ++extern const OSSL_DISPATCH uadk_sha1_functions[]; ++extern const OSSL_DISPATCH uadk_sha224_functions[]; ++extern const OSSL_DISPATCH uadk_sha256_functions[]; ++extern const OSSL_DISPATCH uadk_sha384_functions[]; ++extern const OSSL_DISPATCH uadk_sha512_functions[]; ++ ++void uadk_prov_destroy_digest(void); ++#endif +diff --git a/src/uadk_prov_digest.c b/src/uadk_prov_digest.c +new file mode 100644 +index 0000000..fd05753 +--- /dev/null ++++ b/src/uadk_prov_digest.c +@@ -0,0 +1,699 @@ ++/* ++ * Copyright 2023-2024 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2023-2024 Linaro ltd. ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "uadk.h" ++#include "uadk_async.h" ++#include "uadk_utils.h" ++ ++#define UADK_DO_SOFT (-0xE0) ++#define CTX_SYNC 0 ++#define CTX_ASYNC 1 ++#define CTX_NUM 2 ++#define DIGEST_DOING 1 ++#define DIGEST_END 0 ++ ++/* The max BD data length is 16M-512B */ ++#define BUF_LEN 0xFFFE00 ++ ++#define SM3_DIGEST_LENGTH 32 ++#define SM3_CBLOCK 64 ++#define SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512) ++#define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024) ++#define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512) ++#define MAX_DIGEST_LENGTH 64 ++#define DIGEST_BLOCK_SIZE (512 * 1024) ++#define ALG_NAME_SIZE 128 ++ ++enum sec_digest_state { ++ SEC_DIGEST_INIT, ++ SEC_DIGEST_FIRST_UPDATING, ++ SEC_DIGEST_DOING, ++ SEC_DIGEST_FINAL ++}; ++ ++struct digest_threshold_table { ++ int nid; ++ int threshold; ++}; ++ ++struct digest_prov { ++ int pid; ++}; ++ ++static struct digest_prov prov; ++static pthread_mutex_t digest_mutex = PTHREAD_MUTEX_INITIALIZER; ++ ++struct evp_md_ctx_st { ++ const EVP_MD *digest; ++ /* Functional reference if 'digest' is ENGINE-provided */ ++ ENGINE *engine; ++ unsigned long flags; ++ void *md_data; ++ /* Public key context for sign/verify */ ++ EVP_PKEY_CTX *pctx; ++ /* Update function: usually copied from EVP_MD */ ++ int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); ++}; ++ ++struct digest_priv_ctx { ++ handle_t sess; ++ struct wd_digest_sess_setup setup; ++ struct wd_digest_req req; ++ unsigned char *data; ++ unsigned char out[MAX_DIGEST_LENGTH]; ++ EVP_MD_CTX *soft_ctx; ++ EVP_MD *soft_md; ++ size_t last_update_bufflen; ++ uint32_t e_nid; ++ uint32_t state; ++ uint32_t switch_threshold; ++ int switch_flag; ++ size_t md_size; ++ size_t blk_size; ++ char alg_name[ALG_NAME_SIZE]; ++}; ++ ++struct digest_info { ++ int nid; ++ enum wd_digest_mode mode; ++ enum wd_digest_type alg; ++ __u32 out_len; ++}; ++ ++static struct digest_threshold_table digest_pkt_threshold_table[] = { ++ { NID_sm3, SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT }, ++ { NID_md5, MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT }, ++ { NID_sha1, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT }, ++ { NID_sha224, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT }, ++ { NID_sha256, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT }, ++ { NID_sha384, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT }, ++ { NID_sha512, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT }, ++}; ++ ++static struct digest_info digest_info_table[] = { ++ {NID_md5, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16}, ++ {NID_sm3, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32}, ++ {NID_sha1, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20}, ++ {NID_sha224, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28}, ++ {NID_sha256, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32}, ++ {NID_sha384, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48}, ++ {NID_sha512, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64}, ++}; ++ ++static int uadk_e_digests_soft_md(struct digest_priv_ctx *priv) ++{ ++ if (priv->soft_md) ++ return 1; ++ ++ switch (priv->e_nid) { ++ case NID_sm3: ++ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SM3, "provider=default"); ++ break; ++ case NID_md5: ++ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_MD5, "provider=default"); ++ break; ++ case NID_sha1: ++ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA1, "provider=default"); ++ break; ++ case NID_sha224: ++ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_224, "provider=default"); ++ break; ++ case NID_sha256: ++ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_256, "provider=default"); ++ break; ++ case NID_sha384: ++ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_384, "provider=default"); ++ break; ++ case NID_sha512: ++ priv->soft_md = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_SHA3_512, "provider=default"); ++ break; ++ default: ++ break; ++ } ++ ++ if (unlikely(priv->soft_md == NULL)) ++ return 0; ++ ++ return 1; ++} ++ ++static uint32_t sec_digest_get_sw_threshold(int n_id) ++{ ++ int threshold_table_size = ARRAY_SIZE(digest_pkt_threshold_table); ++ int i = 0; ++ ++ do { ++ if (digest_pkt_threshold_table[i].nid == n_id) ++ return digest_pkt_threshold_table[i].threshold; ++ } while (++i < threshold_table_size); ++ ++ fprintf(stderr, "nid %d not found in digest threshold table", n_id); ++ return 0; ++} ++ ++static int digest_soft_init(struct digest_priv_ctx *priv) ++{ ++ return EVP_DigestInit(priv->soft_ctx, priv->soft_md); ++} ++ ++static int digest_soft_update(EVP_MD_CTX *ctx, const void *data, size_t len) ++{ ++ return EVP_DigestUpdate(ctx, data, len); ++} ++ ++static int digest_soft_final(struct digest_priv_ctx *priv, unsigned char *digest) ++{ ++ unsigned int digest_length = EVP_MD_get_size(priv->soft_md); ++ ++ return EVP_DigestFinal(priv->soft_ctx, digest, &digest_length); ++} ++ ++static void digest_soft_cleanup(struct digest_priv_ctx *priv) ++{ ++ EVP_MD_CTX *ctx = priv->soft_ctx; ++ ++ if (ctx != NULL) { ++ if (ctx->md_data) { ++ OPENSSL_free(ctx->md_data); ++ ctx->md_data = NULL; ++ } ++ EVP_MD_CTX_free(ctx); ++ ctx = NULL; ++ } ++ ++ if (priv->soft_md) { ++ EVP_MD_free(priv->soft_md); ++ priv->soft_md = NULL; ++ } ++} ++ ++static int uadk_e_digest_soft_work(struct digest_priv_ctx *priv, int len, ++ unsigned char *digest) ++{ ++ digest_soft_init(priv); ++ ++ if (len != 0) ++ digest_soft_update(priv->soft_ctx, priv->data, len); ++ ++ digest_soft_final(priv, digest); ++ digest_soft_cleanup(priv); ++ ++ return 1; ++} ++ ++static int uadk_e_digest_env_poll(void *ctx) ++{ ++ __u64 rx_cnt = 0; ++ __u32 recv = 0; ++ /* Poll one packet currently */ ++ int expt = 1; ++ int ret; ++ ++ do { ++ ret = wd_digest_poll(expt, &recv); ++ if (ret < 0 || recv == expt) ++ return ret; ++ rx_cnt++; ++ } while (rx_cnt < ENGINE_RECV_MAX_CNT); ++ ++ fprintf(stderr, "failed to poll msg: timeout!\n"); ++ ++ return -ETIMEDOUT; ++} ++ ++static int uadk_digest_init(struct digest_priv_ctx *priv) ++{ ++ int digest_counts = ARRAY_SIZE(digest_info_table); ++ struct sched_params params = {0}; ++ int nid = priv->e_nid; ++ int ret, i; ++ ++ pthread_mutex_lock(&digest_mutex); ++ if (prov.pid != getpid()) { ++ ret = wd_digest_init2(priv->alg_name, 0, 0); ++ if (unlikely(ret)) { ++ priv->switch_flag = UADK_DO_SOFT; ++ goto soft_init; ++ } ++ prov.pid = getpid(); ++ async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_env_poll); ++ } ++ pthread_mutex_unlock(&digest_mutex); ++ ++ for (i = 0; i < digest_counts; i++) { ++ if (nid == digest_info_table[i].nid) { ++ priv->setup.alg = digest_info_table[i].alg; ++ priv->setup.mode = digest_info_table[i].mode; ++ priv->req.out_buf_bytes = MAX_DIGEST_LENGTH; ++ priv->req.out_bytes = digest_info_table[i].out_len; ++ break; ++ } ++ } ++ ++ if (unlikely(i == digest_counts)) { ++ fprintf(stderr, "failed to setup the private ctx.\n"); ++ return 0; ++ } ++ ++ /* Use the default numa parameters */ ++ params.numa_id = -1; ++ priv->setup.sched_param = ¶ms; ++ priv->sess = wd_digest_alloc_sess(&priv->setup); ++ if (unlikely(!priv->sess)) ++ return 0; ++ ++ priv->data = malloc(DIGEST_BLOCK_SIZE); ++ if (unlikely(!priv->data)) { ++ wd_digest_free_sess(priv->sess); ++ return 0; ++ } ++ ++ if (uadk_e_digests_soft_md(priv)) ++ priv->switch_threshold = sec_digest_get_sw_threshold(nid); ++ ++ return 1; ++ ++soft_init: ++ pthread_mutex_unlock(&digest_mutex); ++ fprintf(stderr, "uadk failed to initialize digest.\n"); ++ return digest_soft_init(priv); ++} ++ ++static void digest_update_out_length(struct digest_priv_ctx *priv) ++{ ++ /* Sha224 and Sha384 need full length mac buffer as doing long hash */ ++ if (priv->e_nid == NID_sha224) ++ priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN; ++ ++ if (priv->e_nid == NID_sha384) ++ priv->req.out_bytes = WD_DIGEST_SHA384_FULL_LEN; ++} ++ ++static int digest_update_inner(struct digest_priv_ctx *priv, const void *data, size_t data_len) ++{ ++ const unsigned char *tmpdata = (const unsigned char *)data; ++ size_t left_len = data_len; ++ int copy_to_bufflen; ++ int ret; ++ ++ digest_update_out_length(priv); ++ ++ priv->req.has_next = DIGEST_DOING; ++ ++ while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) { ++ copy_to_bufflen = DIGEST_BLOCK_SIZE - priv->last_update_bufflen; ++ uadk_memcpy(priv->data + priv->last_update_bufflen, tmpdata, ++ copy_to_bufflen); ++ ++ priv->last_update_bufflen = DIGEST_BLOCK_SIZE; ++ priv->req.in_bytes = DIGEST_BLOCK_SIZE; ++ priv->req.in = priv->data; ++ priv->req.out = priv->out; ++ left_len -= copy_to_bufflen; ++ tmpdata += copy_to_bufflen; ++ if (priv->state == SEC_DIGEST_INIT) ++ priv->state = SEC_DIGEST_FIRST_UPDATING; ++ else if (priv->state == SEC_DIGEST_FIRST_UPDATING) ++ priv->state = SEC_DIGEST_DOING; ++ ++ ret = wd_do_digest_sync(priv->sess, &priv->req); ++ if (ret) { ++ fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n"); ++ goto do_soft_digest; ++ } ++ ++ priv->last_update_bufflen = 0; ++ if (left_len <= DIGEST_BLOCK_SIZE) { ++ priv->last_update_bufflen = left_len; ++ uadk_memcpy(priv->data, tmpdata, priv->last_update_bufflen); ++ break; ++ } ++ } ++ ++ return 1; ++ ++do_soft_digest: ++ if (priv->state == SEC_DIGEST_FIRST_UPDATING ++ && priv->data ++ && priv->last_update_bufflen != 0) { ++ priv->switch_flag = UADK_DO_SOFT; ++ digest_soft_init(priv); ++ ret = digest_soft_update(priv->soft_ctx, ++ priv->data, priv->last_update_bufflen); ++ if (ret != 1) ++ return ret; ++ ++ return digest_soft_update(priv->soft_ctx, ++ tmpdata, left_len); ++ } ++ ++ fprintf(stderr, "do soft digest failed during updating!\n"); ++ return 0; ++} ++ ++static int uadk_digest_update(struct digest_priv_ctx *priv, const void *data, size_t data_len) ++{ ++ if (unlikely(priv->switch_flag == UADK_DO_SOFT)) ++ goto soft_update; ++ ++ if (priv->last_update_bufflen + data_len <= DIGEST_BLOCK_SIZE) { ++ uadk_memcpy(priv->data + priv->last_update_bufflen, data, data_len); ++ priv->last_update_bufflen += data_len; ++ return 1; ++ } ++ ++ return digest_update_inner(priv, data, data_len); ++ ++soft_update: ++ return digest_soft_update(priv->soft_ctx, data, data_len); ++} ++ ++static void async_cb(struct wd_digest_req *req, void *data) ++{ ++ struct uadk_e_cb_info *cb_param; ++ struct async_op *op; ++ ++ if (!req) ++ return; ++ ++ cb_param = req->cb_param; ++ if (!cb_param) ++ return; ++ op = cb_param->op; ++ if (op && op->job && !op->done) { ++ op->done = 1; ++ async_free_poll_task(op->idx, 1); ++ async_wake_job(op->job); ++ } ++} ++ ++static int do_digest_sync(struct digest_priv_ctx *priv) ++{ ++ int ret; ++ ++ if (priv->req.in_bytes <= priv->switch_threshold && ++ priv->state == SEC_DIGEST_INIT) ++ return 0; ++ ++ ret = wd_do_digest_sync(priv->sess, &priv->req); ++ if (ret) { ++ fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n"); ++ return 0; ++ } ++ return 1; ++} ++ ++static int do_digest_async(struct digest_priv_ctx *priv, struct async_op *op) ++{ ++ struct uadk_e_cb_info cb_param; ++ int idx, ret; ++ ++ if (unlikely(priv->switch_flag == UADK_DO_SOFT)) { ++ fprintf(stderr, "async cipher init failed.\n"); ++ return 0; ++ } ++ ++ cb_param.op = op; ++ cb_param.priv = priv; ++ priv->req.cb = (void *)async_cb; ++ priv->req.cb_param = &cb_param; ++ ++ ret = async_get_free_task(&idx); ++ if (!ret) ++ return 0; ++ ++ op->idx = idx; ++ ++ do { ++ ret = wd_do_digest_async(priv->sess, &priv->req); ++ if (ret < 0 && ret != -EBUSY) { ++ fprintf(stderr, "do sec digest async failed.\n"); ++ async_free_poll_task(op->idx, 0); ++ return 0; ++ } ++ } while (ret == -EBUSY); ++ ++ ret = async_pause_job(priv, op, ASYNC_TASK_DIGEST, idx); ++ if (!ret) ++ return 0; ++ return 1; ++} ++ ++static int uadk_digest_final(struct digest_priv_ctx *priv, unsigned char *digest) ++{ ++ struct async_op op; ++ int ret; ++ ++ priv->req.has_next = DIGEST_END; ++ priv->req.in = priv->data; ++ priv->req.out = priv->out; ++ priv->req.in_bytes = priv->last_update_bufflen; ++ ++ if (priv->e_nid == NID_sha224) ++ priv->req.out_bytes = WD_DIGEST_SHA224_LEN; ++ ++ if (priv->e_nid == NID_sha384) ++ priv->req.out_bytes = WD_DIGEST_SHA384_LEN; ++ ++ ret = async_setup_async_event_notification(&op); ++ if (unlikely(!ret)) { ++ fprintf(stderr, "failed to setup async event notification.\n"); ++ return 0; ++ } ++ ++ if (op.job == NULL) { ++ /* Synchronous, only the synchronous mode supports soft computing */ ++ if (unlikely(priv->switch_flag == UADK_DO_SOFT)) { ++ ret = digest_soft_final(priv, digest); ++ digest_soft_cleanup(priv); ++ goto clear; ++ } ++ ++ ret = do_digest_sync(priv); ++ if (!ret) ++ goto sync_err; ++ } else { ++ ret = do_digest_async(priv, &op); ++ if (!ret) ++ goto clear; ++ } ++ memcpy(digest, priv->req.out, priv->req.out_bytes); ++ ++ return 1; ++ ++sync_err: ++ if (priv->state == SEC_DIGEST_INIT) { ++ ret = uadk_e_digest_soft_work(priv, priv->req.in_bytes, digest); ++ } else { ++ ret = 0; ++ fprintf(stderr, "do sec digest stream mode failed.\n"); ++ } ++clear: ++ async_clear_async_event_notification(); ++ return ret; ++} ++ ++static int uadk_digest_cleanup(struct digest_priv_ctx *priv) ++{ ++ if (priv->sess) { ++ wd_digest_free_sess(priv->sess); ++ priv->sess = 0; ++ } ++ ++ if (priv->data) ++ OPENSSL_free(priv->data); ++ ++ return 1; ++} ++ ++/* some params related code is copied from OpenSSL v3.0 prov/digestcommon.h */ ++static const OSSL_PARAM uadk_digest_default_known_gettable_params[] = { ++ OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, NULL), ++ OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_SIZE, NULL), ++ OSSL_PARAM_int(OSSL_DIGEST_PARAM_XOF, NULL), ++ OSSL_PARAM_int(OSSL_DIGEST_PARAM_ALGID_ABSENT, NULL), ++ OSSL_PARAM_END ++}; ++ ++static const OSSL_PARAM *uadk_prov_gettable_params(void *provctx) ++{ ++ return uadk_digest_default_known_gettable_params; ++} ++ ++static int uadk_digest_default_get_params(OSSL_PARAM params[], size_t blksz, ++ size_t paramsz) ++{ ++ OSSL_PARAM *p = NULL; ++ ++ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_BLOCK_SIZE); ++ if (p != NULL && !OSSL_PARAM_set_size_t(p, blksz)) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); ++ return 0; ++ } ++ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE); ++ if (p != NULL && !OSSL_PARAM_set_size_t(p, paramsz)) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); ++ return 0; ++ } ++ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_XOF); ++ if (p != NULL ++ && !OSSL_PARAM_set_int(p, 0)) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); ++ return 0; ++ } ++ p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_ALGID_ABSENT); ++ if (p != NULL ++ && !OSSL_PARAM_set_int(p, 0)) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static void uadk_prov_freectx(void *dctx) ++{ ++ struct digest_priv_ctx *priv = (struct digest_priv_ctx *)dctx; ++ ++ uadk_digest_cleanup(priv); ++ OPENSSL_clear_free(priv, sizeof(*priv)); ++} ++ ++static void *uadk_prov_dupctx(void *dctx) ++{ ++ struct digest_priv_ctx *in; ++ struct digest_priv_ctx *ret; ++ ++ in = (struct digest_priv_ctx *)dctx; ++ ret = OPENSSL_zalloc(sizeof(struct digest_priv_ctx *)); ++ ++ if (ret != NULL) ++ *ret = *in; ++ return ret; ++} ++ ++static int uadk_prov_init(void *dctx, const OSSL_PARAM params[]) ++{ ++ struct digest_priv_ctx *priv = ++ (struct digest_priv_ctx *) dctx; ++ ++ return uadk_digest_init(priv); ++} ++ ++static int uadk_prov_update(void *dctx, const unsigned char *in, size_t inl) ++{ ++ return uadk_digest_update((struct digest_priv_ctx *)dctx, in, inl); ++} ++ ++/* ++ * Note: ++ * The I parameter contains a pointer to the provider side context. ++ * The digest should be written to I<*out> and the length of the digest to I<*outl>. ++ * The digest should not exceed I bytes. ++ */ ++static int uadk_prov_final(void *dctx, unsigned char *out, ++ size_t *outl, size_t outsz) ++{ ++ struct digest_priv_ctx *priv = ++ (struct digest_priv_ctx *) dctx; ++ int ret; ++ ++ if (outsz > 0) { ++ ret = uadk_digest_final(priv, out); ++ if (!ret) ++ return ret; ++ } ++ ++ if (unlikely(outl != NULL)) ++ *outl = priv->md_size; ++ ++ return 1; ++} ++ ++void uadk_prov_destroy_digest(void) ++{ ++ pthread_mutex_lock(&digest_mutex); ++ if (prov.pid == getpid()) { ++ wd_digest_uninit2(); ++ prov.pid = 0; ++ } ++ pthread_mutex_unlock(&digest_mutex); ++} ++ ++static OSSL_FUNC_digest_freectx_fn uadk_prov_freectx; ++static OSSL_FUNC_digest_dupctx_fn uadk_prov_dupctx; ++static OSSL_FUNC_digest_init_fn uadk_prov_init; ++static OSSL_FUNC_digest_update_fn uadk_prov_update; ++static OSSL_FUNC_digest_final_fn uadk_prov_final; ++static OSSL_FUNC_digest_gettable_params_fn ++ uadk_prov_gettable_params; ++ ++#define UADK_PROVIDER_IMPLEMENTATION(name, nid, mdsize, blksize) \ ++static OSSL_FUNC_digest_newctx_fn uadk_##name##_newctx; \ ++static void *uadk_##name##_newctx(void *provctx) \ ++{ \ ++ struct digest_priv_ctx *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ ++ \ ++ if (ctx == NULL) \ ++ return NULL; \ ++ ctx->blk_size = blksize; \ ++ ctx->md_size = mdsize; \ ++ ctx->e_nid = nid; \ ++ ctx->soft_ctx = EVP_MD_CTX_new(); \ ++ if (ctx->soft_ctx == NULL) \ ++ fprintf(stderr, "EVP_MD_CTX_new failed.\n"); \ ++ strncpy(ctx->alg_name, #name, ALG_NAME_SIZE - 1); \ ++ return ctx; \ ++} \ ++static OSSL_FUNC_digest_get_params_fn uadk_##name##_get_params; \ ++static int uadk_##name##_get_params(OSSL_PARAM params[]) \ ++{ \ ++ return uadk_digest_default_get_params(params, blksize, mdsize); \ ++} \ ++const OSSL_DISPATCH uadk_##name##_functions[] = { \ ++ { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))uadk_##name##_newctx }, \ ++ { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))uadk_prov_freectx }, \ ++ { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))uadk_prov_dupctx }, \ ++ { OSSL_FUNC_DIGEST_INIT, (void (*)(void))uadk_prov_init }, \ ++ { OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))uadk_prov_update }, \ ++ { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))uadk_prov_final }, \ ++ { OSSL_FUNC_DIGEST_GET_PARAMS, \ ++ (void (*)(void))uadk_##name##_get_params }, \ ++ { OSSL_FUNC_DIGEST_GETTABLE_PARAMS, \ ++ (void (*)(void))uadk_prov_gettable_params }, \ ++ { 0, NULL } \ ++} ++ ++UADK_PROVIDER_IMPLEMENTATION(md5, NID_md5, MD5_DIGEST_LENGTH, MD5_CBLOCK); ++UADK_PROVIDER_IMPLEMENTATION(sm3, NID_sm3, SM3_DIGEST_LENGTH, SM3_CBLOCK); ++UADK_PROVIDER_IMPLEMENTATION(sha1, NID_sha1, 20, 64); ++UADK_PROVIDER_IMPLEMENTATION(sha224, NID_sha224, 28, 64); ++UADK_PROVIDER_IMPLEMENTATION(sha256, NID_sha256, 32, 64); ++UADK_PROVIDER_IMPLEMENTATION(sha384, NID_sha384, 48, 128); ++UADK_PROVIDER_IMPLEMENTATION(sha512, NID_sha512, 64, 128); +diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c +new file mode 100644 +index 0000000..e363584 +--- /dev/null ++++ b/src/uadk_prov_init.c +@@ -0,0 +1,110 @@ ++/* ++ * Copyright 2023-2024 Huawei Technologies Co.,Ltd. All rights reserved. ++ * Copyright 2023-2024 Linaro ltd. ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ * ++ */ ++ ++#include ++#include ++ ++#include ++#include ++#include ++ ++#include "uadk_async.h" ++#include "uadk_prov.h" ++ ++struct p_uadk_ctx { ++ const OSSL_CORE_HANDLE *handle; ++ OSSL_LIB_CTX *libctx; ++}; ++ ++const char *engine_uadk_id = "uadk_provider"; ++static const char UADK_DEFAULT_PROPERTIES[] = "provider=uadk"; ++ ++const OSSL_ALGORITHM uadk_prov_digests[] = { ++ { OSSL_DIGEST_NAME_MD5, UADK_DEFAULT_PROPERTIES, ++ uadk_md5_functions, "uadk_provider md5" }, ++ { OSSL_DIGEST_NAME_SM3, UADK_DEFAULT_PROPERTIES, ++ uadk_sm3_functions, "uadk_provider sm3" }, ++ { OSSL_DIGEST_NAME_SHA1, UADK_DEFAULT_PROPERTIES, ++ uadk_sha1_functions, "uadk_provider sha1" }, ++ { OSSL_DIGEST_NAME_SHA2_224, UADK_DEFAULT_PROPERTIES, ++ uadk_sha224_functions, "uadk_provider sha2-224" }, ++ { OSSL_DIGEST_NAME_SHA2_256, UADK_DEFAULT_PROPERTIES, ++ uadk_sha256_functions, "uadk_provider sha2-256" }, ++ { OSSL_DIGEST_NAME_SHA2_384, UADK_DEFAULT_PROPERTIES, ++ uadk_sha384_functions, "uadk_provider sha2-384" }, ++ { OSSL_DIGEST_NAME_SHA2_512, UADK_DEFAULT_PROPERTIES, ++ uadk_sha512_functions, "uadk_provider sha2-512" }, ++ { NULL, NULL, NULL } ++}; ++ ++static const OSSL_ALGORITHM *p_prov_query(void *provctx, int operation_id, ++ int *no_cache) ++{ ++ *no_cache = 0; ++ ++ switch (operation_id) { ++ case OSSL_OP_DIGEST: ++ return uadk_prov_digests; ++ } ++ return NULL; ++} ++ ++static void p_teardown(void *provctx) ++{ ++ struct p_uadk_ctx *ctx = (struct p_uadk_ctx *)provctx; ++ ++ uadk_prov_destroy_digest(); ++ OPENSSL_free(ctx); ++} ++ ++static const OSSL_DISPATCH p_test_table[] = { ++ { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_prov_query }, ++ { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown }, ++ { 0, NULL } ++}; ++ ++static void provider_init_child_at_fork_handler(void) ++{ ++ int ret; ++ ++ ret = async_module_init(); ++ if (!ret) ++ fprintf(stderr, "async_module_init fail!\n"); ++} ++ ++int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, ++ const OSSL_DISPATCH *oin, ++ const OSSL_DISPATCH **out, ++ void **provctx) ++{ ++ struct p_uadk_ctx *ctx; ++ int ret; ++ ++ ctx = OPENSSL_zalloc(sizeof(*ctx)); ++ if (ctx == NULL) ++ return 0; ++ ++ ret = async_module_init(); ++ if (!ret) ++ fprintf(stderr, "async_module_init fail!\n"); ++ pthread_atfork(NULL, NULL, provider_init_child_at_fork_handler); ++ ++ *provctx = (void *)ctx; ++ *out = p_test_table; ++ return 1; ++} +-- +2.25.1 + diff --git a/0007-README-update-openssl-3.0.patch b/0007-README-update-openssl-3.0.patch new file mode 100644 index 0000000000000000000000000000000000000000..d565bb8b5b67e360f779c50c6439a60028db3757 --- /dev/null +++ b/0007-README-update-openssl-3.0.patch @@ -0,0 +1,173 @@ +From bbf050d5f1eb525e881c7d581f913f2df27d2637 Mon Sep 17 00:00:00 2001 +From: Zhangfei Gao +Date: Tue, 13 Jun 2023 09:24:19 +0000 +Subject: [PATCH 7/7] README: update openssl 3.0 + +Update build steps for openssl 3.0 + +Also update sanity_test.sh +If ./configure --libdir=/usr/local/lib/ossl-modules/ +$ ./test/sanity_test.sh + +If ./configure --prefix=/tmp/build +$ ./test/sanity_test.sh /tmp/build/lib/uadk_provider.so + +Signed-off-by: Zhangfei Gao +--- + README.md | 34 ++++++++++++++++++++++++++------ + test/sanity_test.sh | 48 +++++++++++++++++++++++++++++++++++++++------ + 2 files changed, 70 insertions(+), 12 deletions(-) + +diff --git a/README.md b/README.md +index ac721e3..86676db 100644 +--- a/README.md ++++ b/README.md +@@ -13,7 +13,7 @@ OpenSSL engine for uadk + Prerequisites + ============= + * CPU: aarch64 +-* OpenSSL: 1.1.1f ++* OpenSSL: 1.1.1f or 3.0 + * libnuma + * zlib + +@@ -26,24 +26,26 @@ Build and install OpenSSL + ``` + git clone https://github.com/openssl/openssl.git + cd openssl +- git checkout -b OpenSSL_1_1_1f OpenSSL_1_1_1f ++ // For openssl1.1.1f ++ git checkout -b opensssl1.1 OpenSSL_1_1_1f ++ // for openssl 3.0 ++ git checkout -b openssl3.0 openssl-3.0.0 + ./config + make + sudo make install + openssl version + ``` + +-Run pkg-config to ensure env is setup correctly ++Setup env on-demand + ----------------------------------------------- + + ``` + $ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/ + $ pkg-config libcrypto --libs + -L/usr/local/lib -lcrypto +-``` + +-* export ``PKG_CONFIG_PATH`` is required on openEuler, +- where /usr/local/lib is not set as the default pkgconfig search path. ++ $ export LD_LIBRARY_PATH=/usr/local/lib ++``` + + Build and install UADK + ---------------------- +@@ -63,6 +65,7 @@ Build and install UADK + + Build and install UADK Engine + ----------------------------- ++For openssl 1.1 + ``` + git clone https://github.com/Linaro/uadk_engine.git + cd uadk_engine +@@ -74,6 +77,20 @@ Build and install UADK Engine + Option --enable-kae can be chosen to enable KAE for non-sva version + ``` + ++For openssl 3.0 ++``` ++ git clone https://github.com/Linaro/uadk_engine.git ++ cd uadk_engine ++ autoreconf -i ++ // openEuler ++ ./configure --libdir=/usr/local/lib/engines-3/ ++ // ubuntu ++ ./configure --libdir=/usr/local/lib/ossl-modules/ ++ make ++ sudo make install ++ ++``` ++ + Testing + ------- + ``` +@@ -109,9 +126,14 @@ Install libraries to the temp folder + $ ./configure --prefix=/tmp/build + $ make; make install + ++ // For openssl 1.1 + $ openssl engine -c /tmp/build/lib/uadk_engine.so + $ ./test/sanity_test.sh /tmp/build/lib/uadk_engine.so + ++ // For openssl 3.0 ++ $ openssl speed -provider /tmp/build/lib/uadk_provider.so -provider default -evp md5 ++ $ ./test/sanity_test.sh /tmp/build/lib/uadk_provider.so ++ + ``` + + Environment variable of uadk engine +diff --git a/test/sanity_test.sh b/test/sanity_test.sh +index bdedc15..899d02c 100755 +--- a/test/sanity_test.sh ++++ b/test/sanity_test.sh +@@ -2,14 +2,50 @@ + + sudo chmod 666 /dev/hisi_* + +-if [ ! -n "$1" ]; then +- engine_id=uadk_engine +-else +- engine_id=$1 ++ ++version=$(openssl version) ++echo $version ++if [[ $version =~ "3.0" ]]; then ++ echo "openssl 3.0" ++ if [ ! -n "$1" ]; then ++ engine_id=uadk_provider ++ else ++ engine_id=$1 ++ fi ++ ++ digest_algs=$(openssl list -provider $engine_id -digest-algorithms) ++fi ++ ++if [[ $digest_algs =~ "uadk_provider" ]]; then ++ echo "uadk_provider testing digest" ++ openssl speed -provider $engine_id -provider default -evp md5 ++ openssl speed -provider $engine_id -provider default -evp sm3 ++ openssl speed -provider $engine_id -provider default -evp sha1 ++ openssl speed -provider $engine_id -provider default -evp sha2-224 ++ openssl speed -provider $engine_id -provider default -evp sha2-256 ++ openssl speed -provider $engine_id -provider default -evp sha2-384 ++ openssl speed -provider $engine_id -provider default -evp sha2-512 ++ ++ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp md5 ++ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sm3 ++ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha1 ++ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-224 ++ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-256 ++ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-384 ++ openssl speed -provider $engine_id -provider default -async_jobs 1 -evp sha2-512 + fi + +-algs=$(openssl engine -c $engine_id) +-echo $algs ++if [[ $version =~ "1.1.1" ]]; then ++ echo "openssl 1.1.1" ++ if [ ! -n "$1" ]; then ++ engine_id=uadk_engine ++ else ++ engine_id=$1 ++ fi ++ ++ algs=$(openssl engine -c $engine_id) ++ echo $algs ++fi + + #digest + if [[ $algs =~ "MD5" ]]; then +-- +2.25.1 + diff --git a/0007-rsa-cleanup-about-reducing-function-parameters.patch b/0007-rsa-cleanup-about-reducing-function-parameters.patch deleted file mode 100644 index b7321759a8fb201815a5f9c793d1f7762c12396c..0000000000000000000000000000000000000000 --- a/0007-rsa-cleanup-about-reducing-function-parameters.patch +++ /dev/null @@ -1,349 +0,0 @@ -From 273cf10d03532e73dfcd9f8a1223bfecb64d0f16 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Wed, 22 Dec 2021 10:51:48 +0000 -Subject: [PATCH 07/18] rsa: cleanup about reducing function parameters - -Reduce the number of parameters of functions -related to prime, and make the name of those -functions clearer. - -Signed-off-by: Zhiqi Song ---- - src/uadk_rsa.c | 155 ++++++++++++++++++++++++++++++------------------- - 1 file changed, 95 insertions(+), 60 deletions(-) - -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index cb98159..c1609ca 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -97,6 +97,14 @@ struct rsa_prikey_param { - int is_crt; - }; - -+struct rsa_prime_param { -+ BIGNUM *r1; -+ BIGNUM *r2; -+ BIGNUM *rsa_p; -+ BIGNUM *rsa_q; -+ BIGNUM *prime; -+}; -+ - struct uadk_rsa_sess { - handle_t sess; - struct wd_rsa_sess_setup setup; -@@ -156,15 +164,14 @@ static int rsa_check_bit_useful(const int bits, int flen) - } - } - --static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1, -- BN_CTX *ctx, BN_GENCB *cb) -+static int rsa_prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1, -+ BN_CTX *ctx, BN_GENCB *cb) - { -- /* calculate n = p * q */ - if (num == 1) { - if (!BN_mul(r1, rsa_p, rsa_q, ctx)) - return BN_ERR; - } else { -- /* if num == 0, use number 3 to indicate do nothing */ -+ /* If num == 0, use number 3 to indicate do nothing */ - if (!BN_GENCB_call(cb, 3, num)) - return BN_ERR; - return BN_CONTINUE; -@@ -173,20 +180,21 @@ static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1, - return BN_VALID; - } - --static int check_prime_sufficient(int *num, const int *bitsr, int *bitse, -- const int *n, BIGNUM *rsa_p, BIGNUM *rsa_q, -- BIGNUM *r1, BIGNUM *r2, BN_CTX *ctx, -- BN_GENCB *cb) -+static int check_rsa_prime_sufficient(int *num, const int *bitsr, -+ int *bitse, const int *n, -+ struct rsa_prime_param *param, -+ BN_CTX *ctx, BN_GENCB *cb) - { - static int retries; - BN_ULONG bitst; - int ret; - -- ret = prime_mul_res(*num, rsa_p, rsa_q, r1, ctx, cb); -+ ret = rsa_prime_mul_res(*num, param->rsa_p, param->rsa_q, -+ param->r1, ctx, cb); - if (ret) - return ret; - /* -- * if |r1|, product of factors so far, is not as long as expected -+ * If |r1|, product of factors so far, is not as long as expected - * (by checking the first 4 bits are less than 0x9 or greater than - * 0xF). If so, re-generate the last prime. - * -@@ -199,10 +207,10 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse, - * key by using the modulus in a certificate. This is also covered - * by checking the length should not be less than 0x9. - */ -- if (!BN_rshift(r2, r1, *bitse - 4)) -+ if (!BN_rshift(param->r2, param->r1, *bitse - 4)) - return BN_ERR; - -- bitst = BN_get_word(r2); -+ bitst = BN_get_word(param->r2); - if (bitst < 0x9 || bitst > 0xF) { - /* - * For keys with more than 4 primes, we attempt longer factor to -@@ -216,7 +224,9 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse, - *bitse -= bitsr[*num]; - else - return -1; -- if (!BN_GENCB_call(cb, 2, *n++)) -+ -+ ret = BN_GENCB_call(cb, 2, *n++); -+ if (!ret) - return -1; - if (retries == 4) { - *num = -1; -@@ -227,14 +237,17 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse, - retries++; - return BN_REDO; - } -- if (!BN_GENCB_call(cb, 3, *num)) -+ -+ ret = BN_GENCB_call(cb, 3, *num); -+ if (!ret) - return BN_ERR; - retries = 0; - - return BN_VALID; - } - --static void set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM **prime) -+static void rsa_set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, -+ BIGNUM **prime) - { - if (num == 0) - *prime = rsa_p; -@@ -244,8 +257,8 @@ static void set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM **prime) - BN_set_flags(*prime, BN_FLG_CONSTTIME); - } - --static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, -- BIGNUM *prime) -+static int check_rsa_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, -+ BIGNUM *prime) - { - BIGNUM *prev_prime; - int j; -@@ -268,8 +281,8 @@ static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, - return UADK_E_SUCCESS; - } - --static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2, -- BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb) -+static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param, -+ BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb) - { - unsigned long err; - /* -@@ -278,10 +291,10 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r - * BN_value_one() returns a BIGNUM constant of value 1. - * r2 = prime - 1. - */ -- if (!BN_sub(r2, prime, BN_value_one())) -+ if (!BN_sub(param->r2, param->prime, BN_value_one())) - return -1; - ERR_set_mark(); -- BN_set_flags(r2, BN_FLG_CONSTTIME); -+ BN_set_flags(param->r2, BN_FLG_CONSTTIME); - /* - * BN_mod_inverse(r,a,n,ctx) used to compute inverse modulo n. - * Precisely, it computes the inverse of "a" modulo "n", and places -@@ -290,7 +303,7 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r - * The expected result: (r2 * r1) % e_pub ==1, - * the inverse of r2 exist, that is r1. - */ -- if (BN_mod_inverse(r1, r2, e_pub, ctx)) -+ if (BN_mod_inverse(param->r1, param->r2, e_pub, ctx)) - return UADK_E_SUCCESS; - - err = ERR_peek_last_error(); -@@ -307,10 +320,9 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r - return GET_ERR_FINISH; - } - --static int get_prime_once(int num, const int *bitsr, const int *n, -- BIGNUM *prime, BIGNUM *rsa_p, BIGNUM *rsa_q, -- BIGNUM *r1, BIGNUM *r2, BIGNUM *e_pub, -- BN_CTX *ctx, BN_GENCB *cb) -+static int get_rsa_prime_once(int num, const int *bitsr, const int *n, -+ BIGNUM *e_pub, struct rsa_prime_param *param, -+ BN_CTX *ctx, BN_GENCB *cb) - { - int ret = -1; - -@@ -318,12 +330,13 @@ static int get_prime_once(int num, const int *bitsr, const int *n, - return ret; - while (1) { - /* Generate prime with bitsr[num] len. */ -- if (!BN_generate_prime_ex(prime, bitsr[num], -+ if (!BN_generate_prime_ex(param->prime, bitsr[num], - 0, NULL, NULL, cb)) - return BN_ERR; -- if (!check_prime_equal(num, rsa_p, rsa_q, prime)) -+ if (!check_rsa_prime_equal(num, param->rsa_p, param->rsa_q, -+ param->prime)) - continue; -- ret = check_prime_useful(n, prime, r1, r2, e_pub, ctx, cb); -+ ret = check_rsa_prime_useful(n, param, e_pub, ctx, cb); - if (ret == BN_ERR) - return BN_ERR; - else if (ret == UADK_E_SUCCESS) -@@ -333,8 +346,7 @@ static int get_prime_once(int num, const int *bitsr, const int *n, - return ret; - } - --static void switch_p_q(BIGNUM *rsa_p, BIGNUM *rsa_q, -- BIGNUM *p, BIGNUM *q) -+static void rsa_switch_p_q(BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *p, BIGNUM *q) - { - BIGNUM *tmp; - -@@ -373,13 +385,37 @@ static int check_rsa_is_crt(RSA *rsa) - return UN_SET; - } - -+static int get_rsa_prime_param(struct rsa_prime_param *param, BN_CTX *ctx) -+{ -+ param->r1 = BN_CTX_get(ctx); -+ if (!param->r1) -+ goto end; -+ -+ param->r2 = BN_CTX_get(ctx); -+ if (!param->r2) -+ goto end; -+ -+ param->rsa_p = BN_CTX_get(ctx); -+ if (!param->rsa_p) -+ goto end; -+ -+ param->rsa_q = BN_CTX_get(ctx); -+ if (!param->rsa_q) -+ goto end; -+ -+ return UADK_E_SUCCESS; -+ -+end: -+ fprintf(stderr, "failed to malloc params\n"); -+ return UADK_E_FAIL; -+} -+ - static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p, - BIGNUM *q, BN_GENCB *cb) - { -- BIGNUM *r1, *r2, *rsa_p, *rsa_q; -+ struct rsa_prime_param *param = NULL; - int bitsr[RSA_MAX_PRIME_NUM] = {0}; - int flag, quo, rmd, i; -- BIGNUM *prime = NULL; - BN_CTX *ctx; - int bitse = 0; - int ret = 0; -@@ -391,12 +427,15 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p, - return ret; - - BN_CTX_start(ctx); -- r1 = BN_CTX_get(ctx); -- r2 = BN_CTX_get(ctx); -- rsa_p = BN_CTX_get(ctx); -- rsa_q = BN_CTX_get(ctx); -- if (!r1 || !r2 || !rsa_p || !rsa_q) -- goto err; -+ param = OPENSSL_zalloc(sizeof(struct rsa_prime_param)); -+ if (!param) { -+ fprintf(stderr, "failed to malloc rsa prime param\n"); -+ goto free_ctx; -+ } -+ -+ ret = get_rsa_prime_param(param, ctx); -+ if (!ret) -+ goto free_param; - - /* Divide bits into 'primes' pieces evenly */ - quo = bits / RSA_MAX_PRIME_NUM; -@@ -409,39 +448,37 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p, - /* flag: whether primes are generated correctely. */ - flag = 1; - /* Set flag for primes rsa_p and rsa_q separately. */ -- set_primes(i, rsa_p, rsa_q, &prime); -+ rsa_set_primes(i, param->rsa_p, param->rsa_q, ¶m->prime); - while (flag == 1) { -- if (get_prime_once(i, bitsr, &n, prime, rsa_p, rsa_q, -- r1, r2, e_pub, ctx, cb) == -1) -- goto err; -+ ret = get_rsa_prime_once(i, bitsr, &n, e_pub, param, -+ ctx, cb); -+ if (ret == -1) -+ goto free_param; - bitse += bitsr[i]; -- ret = check_prime_sufficient(&i, bitsr, &bitse, &n, -- rsa_p, rsa_q, r1, r2, -- ctx, cb); -+ ret = check_rsa_prime_sufficient(&i, bitsr, &bitse, &n, -+ param, ctx, cb); - if (ret == BN_ERR) -- goto err; -+ goto free_param; - else if (ret == BN_REDO) - continue; - else - flag = 0; - } - } -- switch_p_q(rsa_p, rsa_q, p, q); -+ rsa_switch_p_q(param->rsa_p, param->rsa_q, p, q); - - ret = UADK_E_SUCCESS; - --err: -- if (ctx) { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- } -- -+free_param: -+ OPENSSL_free(param); -+free_ctx: -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); - return ret; - } - - static int add_rsa_pubenc_padding(int flen, const unsigned char *from, -- unsigned char *buf, int num, -- int padding) -+ unsigned char *buf, int num, int padding) - { - int ret; - -@@ -852,8 +889,7 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits, - - static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param, - struct uadk_rsa_sess *rsa_sess, -- unsigned char *in_buf, -- unsigned char *to) -+ unsigned char *in_buf, unsigned char *to) - { - struct wd_rsa_pubkey *pubkey = NULL; - struct wd_dtb *wd_e = NULL; -@@ -882,8 +918,7 @@ static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param, - - static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess, - struct rsa_prikey_param *pri, -- unsigned char *in_buf, -- unsigned char *to) -+ unsigned char *in_buf, unsigned char *to) - { - struct wd_rsa_prikey *prikey; - struct wd_dtb *wd_dq; --- -2.24.4 - diff --git a/0008-cipher-fix-double-free-error.patch b/0008-cipher-fix-double-free-error.patch new file mode 100644 index 0000000000000000000000000000000000000000..e22947577e3f15c642406c095d88767c0f92a466 --- /dev/null +++ b/0008-cipher-fix-double-free-error.patch @@ -0,0 +1,29 @@ +From 516c9a1c8f77e8d1d91c78478425b4df585ec485 Mon Sep 17 00:00:00 2001 +From: taoqi +Date: Tue, 20 Jun 2023 22:38:01 +0800 +Subject: [PATCH 08/10] cipher: fix double free error + +When wd_cipher_set_key() failed, after the handle +is released, the handle should be set to 0 to avoid +reusing. + +Signed-off-by: taoqi +--- + src/uadk_cipher.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index c7be21a..1905e47 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -878,6 +878,7 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv) + ret = wd_cipher_set_key(priv->sess, priv->key, EVP_CIPHER_CTX_key_length(ctx)); + if (ret) { + wd_cipher_free_sess(priv->sess); ++ priv->sess = 0; + fprintf(stderr, "uadk failed to set key!\n"); + } + } +-- +2.25.1 + diff --git a/0008-ecc-cleanup-sm2-compute-digest-function.patch b/0008-ecc-cleanup-sm2-compute-digest-function.patch deleted file mode 100644 index e4647bbc1036d55e89789054bd89c5562f7da818..0000000000000000000000000000000000000000 --- a/0008-ecc-cleanup-sm2-compute-digest-function.patch +++ /dev/null @@ -1,355 +0,0 @@ -From b99452edd6ae045e833e3ae01866b8546fd5733a Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Fri, 24 Dec 2021 07:30:22 +0000 -Subject: [PATCH 08/18] ecc: cleanup sm2 compute digest function - -The operation flow of sm2_compute_z_digest() -is modularized and encapsulated to reduce -the code line of sm2_compute_z_digest() and -make the code easier to understand. - -Signed-off-by: Zhiqi Song ---- - src/uadk_sm2.c | 277 +++++++++++++++++++++++++++++++++++-------------- - 1 file changed, 197 insertions(+), 80 deletions(-) - -diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c -index d74aa3a..6d5dad0 100644 ---- a/src/uadk_sm2.c -+++ b/src/uadk_sm2.c -@@ -62,6 +62,26 @@ typedef struct sm2_ciphertext { - ASN1_OCTET_STRING *C2; - } SM2_Ciphertext; - -+struct sm2_param { -+ /* -+ * p: BIGNUM with the prime number (GFp) or the polynomial -+ * defining the underlying field (GF2m) -+ */ -+ BIGNUM *p; -+ /* a: BIGNUM for parameter a of the equation */ -+ BIGNUM *a; -+ /* b: BIGNUM for parameter b of the equation */ -+ BIGNUM *b; -+ /* xG: BIGNUM for the x-coordinate value of G point */ -+ BIGNUM *xG; -+ /* yG: BIGNUM for the y-coordinate value of G point */ -+ BIGNUM *yG; -+ /* xA: BIGNUM for the x-coordinate value of PA point */ -+ BIGNUM *xA; -+ /* yA: BIGNUM for the y-coordinate value of PA point */ -+ BIGNUM *yA; -+}; -+ - DECLARE_ASN1_FUNCTIONS(SM2_Ciphertext) - - ASN1_SEQUENCE(SM2_Ciphertext) = { -@@ -695,8 +715,7 @@ static int sm2_verify_init(EVP_PKEY_CTX *ctx) - } - - static int sm2_verify_init_iot(handle_t sess, struct wd_ecc_req *req, -- struct wd_dtb *e, -- struct wd_dtb *r, -+ struct wd_dtb *e, struct wd_dtb *r, - struct wd_dtb *s) - { - struct wd_ecc_in *ecc_in; -@@ -1229,119 +1248,217 @@ static int sm2_ctrl_str(EVP_PKEY_CTX *ctx, - return UADK_E_INVALID; - } - --static int sm2_compute_z_digest(uint8_t *out, -- const EVP_MD *digest, -- const uint8_t *id, -- const size_t id_len, -- const EC_KEY *key) -+static int get_sm2_param(struct sm2_param *sm2_param, BN_CTX *ctx) - { -- const EC_GROUP *group = EC_KEY_get0_group(key); -- EVP_MD_CTX *hash = NULL; -- uint8_t *buf = NULL; -- BN_CTX *ctx = NULL; -- BIGNUM *p = NULL; -- BIGNUM *a = NULL; -- BIGNUM *b = NULL; -- BIGNUM *xG = NULL; -- BIGNUM *yG = NULL; -- BIGNUM *xA = NULL; -- BIGNUM *yA = NULL; -- uint8_t e_byte; -- uint16_t entl; -- int p_bytes; -- int rc = 0; -+ sm2_param->p = BN_CTX_get(ctx); -+ if (!sm2_param->p) -+ goto end; - -- hash = EVP_MD_CTX_new(); -- ctx = BN_CTX_new(); -- if (hash == NULL || ctx == NULL) { -- fprintf(stderr, "failed to EVP_CTX_new\n"); -- goto done; -- } -+ sm2_param->a = BN_CTX_get(ctx); -+ if (!sm2_param->a) -+ goto end; - -- p = BN_CTX_get(ctx); -- a = BN_CTX_get(ctx); -- b = BN_CTX_get(ctx); -- xG = BN_CTX_get(ctx); -- yG = BN_CTX_get(ctx); -- xA = BN_CTX_get(ctx); -- yA = BN_CTX_get(ctx); -- if (yA == NULL) { -- fprintf(stderr, "failed to malloc\n"); -- goto done; -- } -+ sm2_param->b = BN_CTX_get(ctx); -+ if (!sm2_param->b) -+ goto end; -+ -+ sm2_param->xG = BN_CTX_get(ctx); -+ if (!sm2_param->xG) -+ goto end; -+ -+ sm2_param->yG = BN_CTX_get(ctx); -+ if (!sm2_param->yG) -+ goto end; -+ -+ sm2_param->xA = BN_CTX_get(ctx); -+ if (!sm2_param->xA) -+ goto end; -+ -+ sm2_param->yA = BN_CTX_get(ctx); -+ if (!sm2_param->yA) -+ goto end; -+ -+ return 1; -+ -+end: -+ fprintf(stderr, "failed to malloc params\n"); -+ return 0; -+} -+ -+static int check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash, -+ const size_t id_len, const uint8_t *id) -+{ -+ uint8_t e_byte; -+ uint16_t entl; - - if (!EVP_DigestInit(hash, digest)) { - fprintf(stderr, "error evp lib\n"); -- goto done; -+ return 0; - } - - /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */ - if (id_len >= (UINT16_MAX / 8)) { -- /* too large */ - fprintf(stderr, "id too large\n"); -- goto done; -+ return 0; - } - - entl = (uint16_t)(8 * id_len); - - e_byte = entl >> 8; -- if (!EVP_DigestUpdate(hash, &e_byte, 1)) { -- fprintf(stderr, "error evp lib\n"); -- goto done; -- } -+ if (!EVP_DigestUpdate(hash, &e_byte, 1)) { -+ fprintf(stderr, "error evp lib\n"); -+ return 0; -+ } -+ - e_byte = entl & 0xFF; - if (!EVP_DigestUpdate(hash, &e_byte, 1)) { - fprintf(stderr, "error evp lib\n"); -- goto done; -+ return 0; - } - - if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) { - fprintf(stderr, "error evp lib\n"); -- goto done; -+ return 0; - } - -- if (!EC_GROUP_get_curve(group, p, a, b, ctx)) { -- fprintf(stderr, "error ec lib\n"); -- goto done; -+ return 1; -+} -+ -+static int check_equation_param(struct sm2_param *param, EVP_MD_CTX *hash, -+ uint8_t *buf, int p_bytes) -+{ -+ if (BN_bn2binpad(param->a, buf, p_bytes) < 0 || -+ !EVP_DigestUpdate(hash, buf, p_bytes) || -+ BN_bn2binpad(param->b, buf, p_bytes) < 0 || -+ !EVP_DigestUpdate(hash, buf, p_bytes)) { -+ fprintf(stderr, "failed to check equation param\n"); -+ return 0; - } - -- p_bytes = BN_num_bytes(p); -- buf = OPENSSL_zalloc(p_bytes); -- if (buf == NULL) { -- fprintf(stderr, "failed to malloc\n"); -- goto done; -+ return 1; -+} -+ -+ -+static int check_base_point_group_param(struct sm2_param *param, BN_CTX *ctx, -+ const EC_KEY *key) -+{ -+ const EC_GROUP *group = EC_KEY_get0_group(key); -+ -+ if (!EC_POINT_get_affine_coordinates(group, -+ EC_GROUP_get0_generator(group), -+ param->xG, param->yG, ctx)) { -+ fprintf(stderr, "failed to check base point group param\n"); -+ return 0; - } - -- if (BN_bn2binpad(a, buf, p_bytes) < 0 -- || !EVP_DigestUpdate(hash, buf, p_bytes) -- || BN_bn2binpad(b, buf, p_bytes) < 0 -- || !EVP_DigestUpdate(hash, buf, p_bytes) -- || !EC_POINT_get_affine_coordinates(group, -- EC_GROUP_get0_generator(group), -- xG, yG, ctx) -- || BN_bn2binpad(xG, buf, p_bytes) < 0 -- || !EVP_DigestUpdate(hash, buf, p_bytes) -- || BN_bn2binpad(yG, buf, p_bytes) < 0 -- || !EVP_DigestUpdate(hash, buf, p_bytes) -- || !EC_POINT_get_affine_coordinates(group, -- EC_KEY_get0_public_key(key), -- xA, yA, ctx) -- || BN_bn2binpad(xA, buf, p_bytes) < 0 -- || !EVP_DigestUpdate(hash, buf, p_bytes) -- || BN_bn2binpad(yA, buf, p_bytes) < 0 -- || !EVP_DigestUpdate(hash, buf, p_bytes) -- || !EVP_DigestFinal(hash, out, NULL)) { -- fprintf(stderr, "internal error\n"); -- goto done; -+ return 1; -+} -+ -+static int check_base_point_param(struct sm2_param *param, EVP_MD_CTX *hash, -+ uint8_t *buf, int p_bytes) -+{ -+ if (BN_bn2binpad(param->xG, buf, p_bytes) < 0 || -+ !EVP_DigestUpdate(hash, buf, p_bytes) || -+ BN_bn2binpad(param->yG, buf, p_bytes) < 0 || -+ !EVP_DigestUpdate(hash, buf, p_bytes)) { -+ fprintf(stderr, "failed to check base point param\n"); -+ return 0; - } - -- rc = 1; -+ return 1; -+} - --done: -+static int check_pkey_point_group_param(struct sm2_param *param, BN_CTX *ctx, -+ const EC_KEY *key) -+{ -+ const EC_GROUP *group = EC_KEY_get0_group(key); -+ -+ if (!EC_POINT_get_affine_coordinates(group, -+ EC_KEY_get0_public_key(key), -+ param->xA, param->yA, ctx)) { -+ fprintf(stderr, "failed to check pkey point group param\n"); -+ return 0; -+ } -+ return 1; -+} -+ -+static int check_pkey_point_param(struct sm2_param *param, EVP_MD_CTX *hash, -+ uint8_t *buf, int p_bytes, uint8_t *out) -+{ -+ if (BN_bn2binpad(param->xA, buf, p_bytes) < 0 || -+ !EVP_DigestUpdate(hash, buf, p_bytes) || -+ BN_bn2binpad(param->yA, buf, p_bytes) < 0 || -+ !EVP_DigestUpdate(hash, buf, p_bytes) || -+ !EVP_DigestFinal(hash, out, NULL)) { -+ fprintf(stderr, "failed to check pkey point param\n"); -+ return 0; -+ } -+ -+ return 1; -+} -+ -+static int sm2_compute_z_digest(uint8_t *out, const EVP_MD *digest, -+ const uint8_t *id, const size_t id_len, -+ const EC_KEY *key) -+{ -+ const EC_GROUP *group = EC_KEY_get0_group(key); -+ struct sm2_param *param = NULL; -+ EVP_MD_CTX *hash = NULL; -+ uint8_t *buf = NULL; -+ BN_CTX *ctx = NULL; -+ int p_bytes; -+ int ret = 0; -+ -+ hash = EVP_MD_CTX_new(); -+ if (!hash) -+ return ret; -+ -+ ctx = BN_CTX_new(); -+ if (!ctx) -+ goto free_hash; -+ -+ param = OPENSSL_zalloc(sizeof(struct sm2_param)); -+ if (!param) { -+ fprintf(stderr, "failed to malloc sm2 param\n"); -+ goto free_ctx; -+ } -+ -+ if (!get_sm2_param(param, ctx)) -+ goto free_param; -+ -+ if (!check_digest_evp_lib(digest, hash, id_len, id)) -+ goto free_param; -+ -+ if (!EC_GROUP_get_curve(group, param->p, param->a, param->b, ctx)) { -+ fprintf(stderr, "failed to get curve\n"); -+ goto free_param; -+ } -+ -+ p_bytes = BN_num_bytes(param->p); -+ buf = OPENSSL_zalloc(p_bytes); -+ if (!buf) { -+ fprintf(stderr, "failed to malloc buf\n"); -+ goto free_param; -+ } -+ -+ if (!check_equation_param(param, hash, buf, p_bytes) || -+ !check_base_point_group_param(param, ctx, key) || -+ !check_base_point_param(param, hash, buf, p_bytes) || -+ !check_pkey_point_group_param(param, ctx, key) || -+ !check_pkey_point_param(param, hash, buf, p_bytes, out)) -+ goto free_buf; -+ -+ ret = 1; -+ -+free_buf: - OPENSSL_free(buf); -+free_param: -+ OPENSSL_free(param); -+free_ctx: - BN_CTX_free(ctx); -+free_hash: - EVP_MD_CTX_free(hash); -- return rc; -+ return ret; - } - - static int sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) --- -2.24.4 - diff --git a/0009-cipher-fix-set-key-error.patch b/0009-cipher-fix-set-key-error.patch new file mode 100644 index 0000000000000000000000000000000000000000..4575d1d62dc9fea1c68190b67b4d6888a18abc65 --- /dev/null +++ b/0009-cipher-fix-set-key-error.patch @@ -0,0 +1,56 @@ +From c8f3d1d021f028a9ca500d079c4158038e1b22c9 Mon Sep 17 00:00:00 2001 +From: taoqi +Date: Tue, 20 Jun 2023 23:05:06 +0800 +Subject: [PATCH 09/10] cipher: fix set key error + +Initialize the algorithm type again to prevent +the algorithm type from being changed. + +Signed-off-by: taoqi +--- + src/uadk_cipher.c | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index 1905e47..cc13823 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -840,8 +840,10 @@ static int do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *op) + + static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv) + { ++ __u32 cipher_counts = ARRAY_SIZE(cipher_info_table); + struct sched_params params = {0}; +- int ret; ++ int nid, ret; ++ __u32 i; + + priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx); + priv->req.iv = priv->iv; +@@ -869,7 +871,23 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv) + /* Use the default numa parameters */ + params.numa_id = -1; + priv->setup.sched_param = ¶ms; ++ + if (!priv->sess) { ++ nid = EVP_CIPHER_CTX_nid(ctx); ++ ++ for (i = 0; i < cipher_counts; i++) { ++ if (nid == cipher_info_table[i].nid) { ++ cipher_priv_ctx_setup(priv, cipher_info_table[i].alg, ++ cipher_info_table[i].mode, cipher_info_table[i].out_bytes); ++ break; ++ } ++ } ++ ++ if (i == cipher_counts) { ++ fprintf(stderr, "failed to setup the private ctx.\n"); ++ return; ++ } ++ + priv->sess = wd_cipher_alloc_sess(&priv->setup); + if (!priv->sess) + fprintf(stderr, "uadk failed to alloc session!\n"); +-- +2.25.1 + diff --git a/0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch b/0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch deleted file mode 100644 index af9a35e6bfbe7d8aefa4a497133ae21bc120ab84..0000000000000000000000000000000000000000 --- a/0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch +++ /dev/null @@ -1,232 +0,0 @@ -From 1bb24b3d0769f82e6903ca94fa6b8ad466eb5bbe Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Fri, 24 Dec 2021 08:44:03 +0000 -Subject: [PATCH 09/18] ecc: bugfix about ecc init after alloc sess - -When executing allocating session operation, it needs -sched_init(), which is supported by init operation -in the engine, so the init operation should be done -before executing allocating session operation. - -Signed-off-by: Zhiqi Song ---- - src/uadk_ec.c | 93 +++++++++++++++++++++++---------------------------- - 1 file changed, 42 insertions(+), 51 deletions(-) - -diff --git a/src/uadk_ec.c b/src/uadk_ec.c -index 9040d3c..0c8a011 100644 ---- a/src/uadk_ec.c -+++ b/src/uadk_ec.c -@@ -426,7 +426,10 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, - if (ret) - goto do_soft; - -- ret = UADK_DO_SOFT; -+ ret = uadk_init_ecc(); -+ if (ret) -+ goto do_soft; -+ - sess = ecc_alloc_sess(eckey, "ecdsa"); - if (!sess) - goto do_soft; -@@ -438,33 +441,28 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, - if (ret) - goto free_sess; - -- ret = uadk_ecc_set_private_key(sess, eckey); -+ ret = uadk_ecc_set_private_key(sess, eckey); - if (ret) - goto uninit_iot; - -- ret = uadk_init_ecc(); -- if (ret) { -- ret = UADK_DO_SOFT; -- goto uninit_iot; -- } -- - ret = uadk_ecc_crypto(sess, &req, (void *)sess); -- if (ret != 1) { -- ret = UADK_DO_SOFT; -+ if (ret != 1) - goto uninit_iot; -- } - - sig = create_ecdsa_sig(&req); - -+ wd_ecc_del_in(sess, req.src); -+ wd_ecc_del_out(sess, req.dst); -+ wd_ecc_free_sess(sess); -+ -+ return sig; -+ - uninit_iot: - wd_ecc_del_in(sess, req.src); - wd_ecc_del_out(sess, req.dst); - free_sess: - wd_ecc_free_sess(sess); - do_soft: -- if (ret != UADK_DO_SOFT) -- return sig; -- - fprintf(stderr, "switch to execute openssl software calculation.\n"); - return openssl_do_sign(dgst, dlen, in_kinv, in_r, eckey); - } -@@ -617,7 +615,10 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen, - if (ret) - goto do_soft; - -- ret = UADK_DO_SOFT; -+ ret = uadk_init_ecc(); -+ if (ret) -+ goto do_soft; -+ - sess = ecc_alloc_sess(eckey, "ecdsa"); - if (!sess) - goto do_soft; -@@ -633,24 +634,19 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen, - if (ret) - goto uninit_iot; - -- ret = uadk_init_ecc(); -- if (ret) { -- ret = UADK_DO_SOFT; -- goto uninit_iot; -- } -- - ret = uadk_ecc_crypto(sess, &req, (void *)sess); - if (ret != 1) { -- printf("failed to uadk_ecc_crypto, ret = %d\n", ret); -- ret = UADK_DO_SOFT; -+ fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret); -+ goto uninit_iot; - } -+ -+ return ret; -+ - uninit_iot: - wd_ecc_del_in(sess, req.src); - free_sess: - wd_ecc_free_sess(sess); - do_soft: -- if (ret != UADK_DO_SOFT) -- return ret; - fprintf(stderr, "switch to execute openssl software calculation.\n"); - return openssl_do_verify(dgst, dlen, sig, eckey); - } -@@ -888,9 +884,12 @@ static int sm2_generate_key(EC_KEY *eckey) - - ret = eckey_create_key(eckey); - if (!ret) -- return ret; -+ goto do_soft; -+ -+ ret = uadk_init_ecc(); -+ if (ret) -+ goto do_soft; - -- ret = UADK_DO_SOFT; - sess = ecc_alloc_sess(eckey, "sm2"); - if (!sess) - goto do_soft; -@@ -900,35 +899,29 @@ static int sm2_generate_key(EC_KEY *eckey) - if (ret) - goto free_sess; - -- ret = uadk_init_ecc(); -- if (ret) { -- ret = UADK_DO_SOFT; -- goto uninit_iot; -- } -- - ret = uadk_ecc_crypto(sess, &req, (void *)sess); -- if (ret != 1) { -- ret = UADK_DO_SOFT; -+ if (ret != 1) - goto uninit_iot; -- } - - ret = set_key_to_ec_key(eckey, &req); - if (ret) - goto uninit_iot; - - ret = 1; -+ wd_ecc_del_out(sess, req.dst); -+ wd_ecc_free_sess(sess); -+ -+ return ret; -+ - uninit_iot: - wd_ecc_del_out(sess, req.dst); - free_sess: - wd_ecc_free_sess(sess); - do_soft: -- if (ret != UADK_DO_SOFT) -- return ret; - fprintf(stderr, "switch to execute openssl software calculation.\n"); - return openssl_do_generate(eckey); - } - -- - static int ecdh_keygen_init_iot(handle_t sess, struct wd_ecc_req *req, - EC_KEY *ecdh) - { -@@ -1108,6 +1101,10 @@ static int ecdh_generate_key(EC_KEY *ecdh) - if (!ret) - goto do_soft; - -+ ret = uadk_init_ecc(); -+ if (ret) -+ goto do_soft; -+ - sess = ecc_alloc_sess(ecdh, "ecdh"); - if (!sess) - goto do_soft; -@@ -1121,10 +1118,6 @@ static int ecdh_generate_key(EC_KEY *ecdh) - if (ret) - goto uninit_iot; - -- ret = uadk_init_ecc(); -- if (ret) -- goto uninit_iot; -- - ret = uadk_ecc_crypto(sess, &req, (void *)sess); - if (ret != 1) - goto uninit_iot; -@@ -1202,10 +1195,8 @@ static int ecc_compkey_check(unsigned char **out, - return 1; - } - --static int ecdh_compute_key(unsigned char **out, -- size_t *outlen, -- const EC_POINT *pub_key, -- const EC_KEY *ecdh) -+static int ecdh_compute_key(unsigned char **out, size_t *outlen, -+ const EC_POINT *pub_key, const EC_KEY *ecdh) - { - struct wd_ecc_req req; - handle_t sess; -@@ -1215,6 +1206,10 @@ static int ecdh_compute_key(unsigned char **out, - if (!ret) - goto do_soft; - -+ ret = uadk_init_ecc(); -+ if (ret) -+ goto do_soft; -+ - sess = ecc_alloc_sess(ecdh, "ecdh"); - if (!sess) - goto do_soft; -@@ -1232,10 +1227,6 @@ static int ecdh_compute_key(unsigned char **out, - if (ret) - goto uninit_iot; - -- ret = uadk_init_ecc(); -- if (ret) -- goto uninit_iot; -- - ret = uadk_ecc_crypto(sess, &req, (void *)sess); - if (ret != 1) - goto uninit_iot; --- -2.24.4 - diff --git a/0010-cipher-fix-async-hardware-computing-error.patch b/0010-cipher-fix-async-hardware-computing-error.patch new file mode 100644 index 0000000000000000000000000000000000000000..6a91b91414d4062c94ea55bb426398b9181464c0 --- /dev/null +++ b/0010-cipher-fix-async-hardware-computing-error.patch @@ -0,0 +1,36 @@ +From 9fa67d9748d0e8b710bc8a0cdd3f289e3a1b2f8f Mon Sep 17 00:00:00 2001 +From: taoqi +Date: Tue, 20 Jun 2023 23:07:31 +0800 +Subject: [PATCH 10/10] cipher: fix async hardware computing error + +If the length of the input data does not reach to +hardware computing threshold, directly switch to +soft cipher. + +Signed-off-by: taoqi +--- + src/uadk_cipher.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c +index cc13823..940c26c 100644 +--- a/src/uadk_cipher.c ++++ b/src/uadk_cipher.c +@@ -927,6 +927,14 @@ static int uadk_e_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + if (!ret) + goto sync_err; + } else { ++ /* ++ * If the length of the input data ++ * does not reach to hardware computing threshold, ++ * directly switch to soft cipher. ++ */ ++ if (priv->req.in_bytes <= priv->switch_threshold) ++ goto sync_err; ++ + ret = do_cipher_async(priv, &op); + if (!ret) + goto out_notify; +-- +2.25.1 + diff --git a/0010-rsa-cleanup-about-prime-generation.patch b/0010-rsa-cleanup-about-prime-generation.patch deleted file mode 100644 index 22d3d170e3545b7a5fb851455dd9419b42eb7bc1..0000000000000000000000000000000000000000 --- a/0010-rsa-cleanup-about-prime-generation.patch +++ /dev/null @@ -1,110 +0,0 @@ -From fc023b87189ff488b4e760567d92afeca2635559 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 25 Dec 2021 01:35:03 +0000 -Subject: [PATCH 10/18] rsa: cleanup about prime generation - -Reduce parameter number of rsa_prime_mul_res(), -and add comments of BN_GENCB_call(). - -Signed-off-by: Zhiqi Song ---- - src/uadk_rsa.c | 28 +++++++++++++++++----------- - 1 file changed, 17 insertions(+), 11 deletions(-) - -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index c1609ca..2526af9 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -164,14 +164,17 @@ static int rsa_check_bit_useful(const int bits, int flen) - } - } - --static int rsa_prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1, -+static int rsa_prime_mul_res(int num, struct rsa_prime_param *param, - BN_CTX *ctx, BN_GENCB *cb) - { - if (num == 1) { -- if (!BN_mul(r1, rsa_p, rsa_q, ctx)) -+ if (!BN_mul(param->r1, param->rsa_p, param->rsa_q, ctx)) - return BN_ERR; - } else { -- /* If num == 0, use number 3 to indicate do nothing */ -+ /* -+ * Use the number 3 to indicate whether -+ * the generator has been found. -+ */ - if (!BN_GENCB_call(cb, 3, num)) - return BN_ERR; - return BN_CONTINUE; -@@ -189,8 +192,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, - BN_ULONG bitst; - int ret; - -- ret = rsa_prime_mul_res(*num, param->rsa_p, param->rsa_q, -- param->r1, ctx, cb); -+ ret = rsa_prime_mul_res(*num, param, ctx, cb); - if (ret) - return ret; - /* -@@ -224,7 +226,10 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, - *bitse -= bitsr[*num]; - else - return -1; -- -+ /* -+ * Use the number 2 to indicate whether -+ * a prime has been found. -+ */ - ret = BN_GENCB_call(cb, 2, *n++); - if (!ret) - return -1; -@@ -237,7 +242,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, - retries++; - return BN_REDO; - } -- -+ /* Use the number 3 to indicate whether the generator has been found. */ - ret = BN_GENCB_call(cb, 3, *num); - if (!ret) - return BN_ERR; -@@ -314,6 +319,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param, - else - return BN_ERR; - -+ /* Use the number 2 to indicate whether a prime has been found. */ - if (!BN_GENCB_call(cb, 2, *n++)) - return BN_ERR; - -@@ -1094,7 +1100,7 @@ static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - int ret; - - if (!default_meth) { -- printf("failed to get soft method.\n"); -+ fprintf(stderr, "failed to get soft method.\n"); - return UADK_E_FAIL; - } - -@@ -1121,7 +1127,7 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess, - return UADK_E_FAIL; - - keygen_param->wd_e->dsize = BN_bn2bin(bn_param->e, -- (unsigned char *)keygen_param->wd_e->data); -+ (unsigned char *)keygen_param->wd_e->data); - - wd_rsa_get_prikey(rsa_sess->sess, &key_pair->prikey); - if (!key_pair->prikey) -@@ -1133,9 +1139,9 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess, - return UADK_E_FAIL; - - keygen_param->wd_q->dsize = BN_bn2bin(bn_param->q, -- (unsigned char *)keygen_param->wd_q->data); -+ (unsigned char *)keygen_param->wd_q->data); - keygen_param->wd_p->dsize = BN_bn2bin(bn_param->p, -- (unsigned char *)keygen_param->wd_p->data); -+ (unsigned char *)keygen_param->wd_p->data); - - rsa_sess->req.src_bytes = rsa_sess->key_size; - rsa_sess->req.dst_bytes = rsa_sess->key_size; --- -2.24.4 - diff --git a/0011-ecc-cleanup-the-form-of-the-return-value.patch b/0011-ecc-cleanup-the-form-of-the-return-value.patch deleted file mode 100644 index 50f740266e085106e6b3d6f561d9479f6bbb8c7f..0000000000000000000000000000000000000000 --- a/0011-ecc-cleanup-the-form-of-the-return-value.patch +++ /dev/null @@ -1,209 +0,0 @@ -From dbb4ff29da9ed378d8753a6e5d18e86756c1d254 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Mon, 27 Dec 2021 07:04:43 +0000 -Subject: [PATCH 11/18] ecc: cleanup the form of the return value - -This patch includes: -1. Unified the return value form. -2. Remove redundant goto jumps. - -Signed-off-by: Zhiqi Song ---- - src/uadk_ec.c | 20 +++++++++++--------- - src/uadk_ecx.c | 8 ++++---- - src/uadk_pkey.c | 5 ++--- - src/uadk_sm2.c | 8 ++++---- - 4 files changed, 21 insertions(+), 20 deletions(-) - -diff --git a/src/uadk_ec.c b/src/uadk_ec.c -index 0c8a011..db69871 100644 ---- a/src/uadk_ec.c -+++ b/src/uadk_ec.c -@@ -446,7 +446,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, - goto uninit_iot; - - ret = uadk_ecc_crypto(sess, &req, (void *)sess); -- if (ret != 1) -+ if (!ret) - goto uninit_iot; - - sig = create_ecdsa_sig(&req); -@@ -635,11 +635,14 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen, - goto uninit_iot; - - ret = uadk_ecc_crypto(sess, &req, (void *)sess); -- if (ret != 1) { -+ if (!ret) { - fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret); - goto uninit_iot; - } - -+ wd_ecc_del_in(sess, req.src); -+ wd_ecc_free_sess(sess); -+ - return ret; - - uninit_iot: -@@ -701,7 +704,7 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) - tmp = BN_bin2bn((unsigned char *)privkey->data, privkey->dsize, NULL); - ret = EC_KEY_set_private_key(ec, tmp); - BN_free(tmp); -- if (ret != 1) { -+ if (!ret) { - fprintf(stderr, "failed to EC KEY set private key\n"); - return -EINVAL; - } -@@ -725,7 +728,7 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) - - ret = EC_KEY_set_public_key(ec, point); - EC_POINT_free(point); -- if (ret != 1) { -+ if (!ret) { - fprintf(stderr, "failed to EC_KEY_set_public_key\n"); - return -EINVAL; - } -@@ -900,18 +903,17 @@ static int sm2_generate_key(EC_KEY *eckey) - goto free_sess; - - ret = uadk_ecc_crypto(sess, &req, (void *)sess); -- if (ret != 1) -+ if (!ret) - goto uninit_iot; - - ret = set_key_to_ec_key(eckey, &req); - if (ret) - goto uninit_iot; - -- ret = 1; - wd_ecc_del_out(sess, req.dst); - wd_ecc_free_sess(sess); - -- return ret; -+ return 1; - - uninit_iot: - wd_ecc_del_out(sess, req.dst); -@@ -1119,7 +1121,7 @@ static int ecdh_generate_key(EC_KEY *ecdh) - goto uninit_iot; - - ret = uadk_ecc_crypto(sess, &req, (void *)sess); -- if (ret != 1) -+ if (!ret) - goto uninit_iot; - - ret = ecdh_set_key_to_ec_key(ecdh, &req); -@@ -1228,7 +1230,7 @@ static int ecdh_compute_key(unsigned char **out, size_t *outlen, - goto uninit_iot; - - ret = uadk_ecc_crypto(sess, &req, (void *)sess); -- if (ret != 1) -+ if (!ret) - goto uninit_iot; - - ret = ecdh_get_shared_key(ecdh, out, outlen, &req); -diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c -index 6a9f78c..67f9350 100644 ---- a/src/uadk_ecx.c -+++ b/src/uadk_ecx.c -@@ -399,7 +399,7 @@ static int x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - goto uninit_iot; - - ret = uadk_ecc_crypto(keygen_ctx->sess, &req, (void *)keygen_ctx->sess); -- if (ret != 1) -+ if (!ret) - goto uninit_iot; - - ret = ecx_keygen_set_pkey(pkey, keygen_ctx, &req, ecx_key); -@@ -457,7 +457,7 @@ static int x448_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - goto uninit_iot; - - ret = uadk_ecc_crypto(keygen_ctx->sess, &req, (void *)keygen_ctx->sess); -- if (ret != 1) -+ if (!ret) - goto uninit_iot; - - ret = ecx_keygen_set_pkey(pkey, keygen_ctx, &req, ecx_key); -@@ -659,7 +659,7 @@ static int x25519_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - goto uninit_iot; - - ret = uadk_ecc_crypto(derive_ctx->sess, &req, (void *)derive_ctx); -- if (ret != 1) -+ if (!ret) - goto uninit_iot; - - wd_ecxdh_get_out_params(req.dst, &s_key); -@@ -745,7 +745,7 @@ static int x448_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - goto uninit_iot; - - ret = uadk_ecc_crypto(derive_ctx->sess, &req, (void *)derive_ctx); -- if (ret != 1) -+ if (!ret) - goto uninit_iot; - - wd_ecxdh_get_out_params(req.dst, &s_key); -diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c -index 62362b0..7ca998b 100644 ---- a/src/uadk_pkey.c -+++ b/src/uadk_pkey.c -@@ -273,8 +273,7 @@ static void uadk_wd_ecc_uninit(void) - ecc_res.pid = 0; - } - --int uadk_ecc_crypto(handle_t sess, -- struct wd_ecc_req *req, void *usr) -+int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr) - { - struct uadk_e_cb_info cb_param; - struct async_op op; -@@ -314,7 +313,7 @@ int uadk_ecc_crypto(handle_t sess, - } else { - ret = wd_do_ecc_sync(sess, req); - if (ret < 0) -- return ret; -+ return 0; - } - return 1; - err: -diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c -index 6d5dad0..f602e48 100644 ---- a/src/uadk_sm2.c -+++ b/src/uadk_sm2.c -@@ -359,7 +359,7 @@ static int sign_bin_to_ber(EC_KEY *ec, struct wd_dtb *r, struct wd_dtb *s, - } - - ret = ECDSA_SIG_set0(e_sig, br, bs); -- if (ret != 1) { -+ if (!ret) { - fprintf(stderr, "failed to ECDSA_SIG_set0\n"); - ret = -EINVAL; - goto free_s; -@@ -686,7 +686,7 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - } - - ret = uadk_ecc_crypto(smctx->sess, &req, smctx); -- if (ret != 1) { -+ if (!ret) { - fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret); - ret = UADK_DO_SOFT; - goto uninit_iot; -@@ -907,7 +907,7 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx, - } - - ret = uadk_ecc_crypto(smctx->sess, &req, smctx); -- if (ret != 1) { -+ if (!ret) { - ret = UADK_DO_SOFT; - fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret); - goto uninit_iot; -@@ -1061,7 +1061,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx, - } - - ret = uadk_ecc_crypto(smctx->sess, &req, smctx); -- if (ret != 1) { -+ if (!ret) { - ret = UADK_DO_SOFT; - fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret); - goto uninit_iot; --- -2.24.4 - diff --git a/0012-engine-fix-uadk-engine-compatibility-issue.patch b/0012-engine-fix-uadk-engine-compatibility-issue.patch deleted file mode 100644 index ee913eaf0eee4dff7da88aab3ec719713086682f..0000000000000000000000000000000000000000 --- a/0012-engine-fix-uadk-engine-compatibility-issue.patch +++ /dev/null @@ -1,140 +0,0 @@ -From c212eedcab9135acc0433a125c8fab151674e8c5 Mon Sep 17 00:00:00 2001 -From: Wenkai Lin -Date: Tue, 23 Nov 2021 09:14:31 +0000 -Subject: [PATCH 12/18] engine: fix uadk engine compatibility issue - -When uadk use no sva mode, it should use wd_get_available_dev_num, -otherwise, it will not find old kernel's device path with attrs. - -Signed-off-by: Wenkai Lin ---- - src/e_uadk.c | 70 +++++++++++++++--------------------- - src/v1/uadk_v1.h | 1 + - src/v1/wdmngr/wd_alg_queue.c | 4 +++ - src/v1/wdmngr/wd_alg_queue.h | 2 ++ - 4 files changed, 36 insertions(+), 41 deletions(-) - -diff --git a/src/e_uadk.c b/src/e_uadk.c -index 18c2e4e..4e87c86 100644 ---- a/src/e_uadk.c -+++ b/src/e_uadk.c -@@ -239,54 +239,42 @@ static void engine_init_child_at_fork_handler(void) - #ifdef KAE - static void bind_fn_kae_alg(ENGINE *e) - { -- struct uacce_dev *dev; -+ int dev_num; - -- dev = wd_get_accel_dev("cipher"); -- if (dev) { -- if (!(dev->flags & UACCE_DEV_SVA)) { -- cipher_module_init(); -- if (!ENGINE_set_ciphers(e, sec_engine_ciphers)) -- fprintf(stderr, "uadk bind cipher failed\n"); -- else -- uadk_cipher_nosva = 1; -- } -- free(dev); -+ dev_num = wd_get_nosva_dev_num("cipher"); -+ if (dev_num > 0) { -+ cipher_module_init(); -+ if (!ENGINE_set_ciphers(e, sec_engine_ciphers)) -+ fprintf(stderr, "uadk bind cipher failed\n"); -+ else -+ uadk_cipher_nosva = 1; - } - -- dev = wd_get_accel_dev("digest"); -- if (dev) { -- if (!(dev->flags & UACCE_DEV_SVA)) { -- digest_module_init(); -- if (!ENGINE_set_digests(e, sec_engine_digests)) -- fprintf(stderr, "uadk bind digest failed\n"); -- else -- uadk_digest_nosva = 1; -- } -- free(dev); -+ dev_num = wd_get_nosva_dev_num("digest"); -+ if (dev_num > 0) { -+ digest_module_init(); -+ if (!ENGINE_set_digests(e, sec_engine_digests)) -+ fprintf(stderr, "uadk bind digest failed\n"); -+ else -+ uadk_digest_nosva = 1; - } - -- dev = wd_get_accel_dev("rsa"); -- if (dev) { -- if (!(dev->flags & UACCE_DEV_SVA)) { -- hpre_module_init(); -- if (!ENGINE_set_RSA(e, hpre_get_rsa_methods())) -- fprintf(stderr, "uadk bind rsa failed\n"); -- else -- uadk_rsa_nosva = 1; -- } -- free(dev); -+ dev_num = wd_get_nosva_dev_num("rsa"); -+ if (dev_num > 0) { -+ hpre_module_init(); -+ if (!ENGINE_set_RSA(e, hpre_get_rsa_methods())) -+ fprintf(stderr, "uadk bind rsa failed\n"); -+ else -+ uadk_rsa_nosva = 1; - } - -- dev = wd_get_accel_dev("dh"); -- if (dev) { -- if (!(dev->flags & UACCE_DEV_SVA)) { -- hpre_module_dh_init(); -- if (!ENGINE_set_DH(e, hpre_get_dh_methods())) -- fprintf(stderr, "uadk bind dh failed\n"); -- else -- uadk_dh_nosva = 1; -- } -- free(dev); -+ dev_num = wd_get_nosva_dev_num("dh"); -+ if (dev_num > 0) { -+ hpre_module_dh_init(); -+ if (!ENGINE_set_DH(e, hpre_get_dh_methods())) -+ fprintf(stderr, "uadk bind dh failed\n"); -+ else -+ uadk_dh_nosva = 1; - } - } - #endif -diff --git a/src/v1/uadk_v1.h b/src/v1/uadk_v1.h -index f5081e3..d921706 100644 ---- a/src/v1/uadk_v1.h -+++ b/src/v1/uadk_v1.h -@@ -35,4 +35,5 @@ extern void hpre_dh_destroy(void); - - extern int hpre_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, - const int **pnids, int nid); -+extern int wd_get_nosva_dev_num(const char *algorithm); - #endif -diff --git a/src/v1/wdmngr/wd_alg_queue.c b/src/v1/wdmngr/wd_alg_queue.c -index 79c9a6d..5cd33ae 100644 ---- a/src/v1/wdmngr/wd_alg_queue.c -+++ b/src/v1/wdmngr/wd_alg_queue.c -@@ -74,3 +74,7 @@ void wd_free_queue(struct wd_queue *queue) - } - } - -+int wd_get_nosva_dev_num(const char *algorithm) -+{ -+ return wd_get_available_dev_num(algorithm); -+} -diff --git a/src/v1/wdmngr/wd_alg_queue.h b/src/v1/wdmngr/wd_alg_queue.h -index 4fd3a9d..955eed5 100644 ---- a/src/v1/wdmngr/wd_alg_queue.h -+++ b/src/v1/wdmngr/wd_alg_queue.h -@@ -25,4 +25,6 @@ - struct wd_queue *wd_new_queue(int algtype); - - void wd_free_queue(struct wd_queue *queue); -+ -+int wd_get_nosva_dev_num(const char *algorithm); - #endif --- -2.24.4 - diff --git a/0013-digest-modify-the-process-of-free-session.patch b/0013-digest-modify-the-process-of-free-session.patch deleted file mode 100644 index 701bbcd5de61ef35bb72802d8ab4193e8e8b44d1..0000000000000000000000000000000000000000 --- a/0013-digest-modify-the-process-of-free-session.patch +++ /dev/null @@ -1,31 +0,0 @@ -From ca59dfa548656d82d6d50a6dad6bfc88b2825473 Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Thu, 6 Jan 2022 14:49:27 +0800 -Subject: [PATCH 13/18] digest: modify the process of free session - -Currently, release the session in the cleanup instead of final. so not -should free session in the final. Here is fix it. - -Signed-off-by: Kai Ye ---- - src/uadk_digest.c | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index 41de449..cbfb539 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -688,10 +688,6 @@ sync_err: - ret = uadk_e_digest_soft_work(priv, priv->tail, digest); - clear: - async_clear_async_event_notification(); -- if (priv->sess) { -- wd_digest_free_sess(priv->sess); -- priv->sess = 0; -- } - return ret; - } - --- -2.24.4 - diff --git a/0014-digest-modify-the-process-of-soft-and-hardware-hando.patch b/0014-digest-modify-the-process-of-soft-and-hardware-hando.patch deleted file mode 100644 index 5c90457bc6e4d55782e5e33086c15896cf699722..0000000000000000000000000000000000000000 --- a/0014-digest-modify-the-process-of-soft-and-hardware-hando.patch +++ /dev/null @@ -1,153 +0,0 @@ -From 7efc5b169d74b84af8108bc736d80eedbe3a8004 Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Thu, 6 Jan 2022 14:48:13 +0800 -Subject: [PATCH 14/18] digest: modify the process of soft and hardware handoff - -Due to has added the stream mode for digest. So need to modify the -process of software and hardware handoff. - -Signed-off-by: Kai Ye ---- - src/uadk_digest.c | 60 +++++++++++++++++++++++++++++++++++++---------- - 1 file changed, 48 insertions(+), 12 deletions(-) - -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index cbfb539..bf738af 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -44,6 +44,14 @@ - #define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024) - #define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512) - #define MAX_DIGEST_LENGTH 64 -+#define DIGEST_BLOCK_SIZE (512 * 1024) -+ -+enum sec_digestz_state { -+ SEC_DIGEST_INIT, -+ SEC_DIGEST_FIRST_UPDATING, -+ SEC_DIGEST_DOING, -+ SEC_DIGEST_FINAL -+}; - - struct digest_threshold_table { - int nid; -@@ -72,21 +80,19 @@ struct evp_md_ctx_st { - int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); - }; - --#define DIGEST_BLOCK_SIZE 4096 -- - struct digest_priv_ctx { - handle_t sess; - struct wd_digest_sess_setup setup; - struct wd_digest_req req; - unsigned char *data; - unsigned char out[MAX_DIGEST_LENGTH]; -- size_t tail; -+ EVP_MD_CTX *soft_ctx; - size_t last_update_bufflen; -- bool copy; - uint32_t e_nid; -- EVP_MD_CTX *soft_ctx; -- size_t switch_threshold; -+ uint32_t state; -+ uint32_t switch_threshold; - int switch_flag; -+ bool copy; - }; - - static int digest_nids[] = { -@@ -150,7 +156,7 @@ static const EVP_MD *uadk_e_digests_soft_md(uint32_t e_nid) - return digest_md; - } - --static int sec_digest_get_sw_threshold(int n_id) -+static uint32_t sec_digest_get_sw_threshold(int n_id) - { - int threshold_table_size = ARRAY_SIZE(digest_pkt_threshold_table); - int i = 0; -@@ -464,6 +470,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) - priv->soft_ctx = EVP_MD_CTX_new(); - priv->e_nid = nid; - -+ priv->state = SEC_DIGEST_INIT; - ret = uadk_e_init_digest(); - if (!ret) { - priv->switch_flag = UADK_DO_SOFT; -@@ -504,7 +511,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) - return 0; - - priv->data = malloc(DIGEST_BLOCK_SIZE); -- if (priv->data == NULL) { -+ if (!priv->data) { - wd_digest_free_sess(priv->sess); - return 0; - } -@@ -540,9 +547,16 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le - left_len -= copy_to_bufflen; - tmpdata += copy_to_bufflen; - -+ if (priv->state == SEC_DIGEST_INIT) -+ priv->state = SEC_DIGEST_FIRST_UPDATING; -+ else if (priv->state == SEC_DIGEST_FIRST_UPDATING) -+ priv->state = SEC_DIGEST_DOING; -+ - ret = wd_do_digest_sync(priv->sess, &priv->req); -- if (ret) -- return 0; -+ if (ret) { -+ fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n"); -+ goto do_soft_digest; -+ } - - priv->last_update_bufflen = 0; - memset(priv->data, 0, DIGEST_BLOCK_SIZE); -@@ -551,10 +565,26 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le - memcpy(priv->data, tmpdata, priv->last_update_bufflen); - break; - } -+ } -+ -+ return 1; -+do_soft_digest: -+ if (priv->state == SEC_DIGEST_FIRST_UPDATING -+ && priv->data -+ && priv->last_update_bufflen != 0) { -+ priv->switch_flag = UADK_DO_SOFT; -+ digest_soft_init(priv->soft_ctx, priv->e_nid); -+ ret = digest_soft_update(priv->soft_ctx, priv->e_nid, -+ priv->data, priv->last_update_bufflen); -+ if (ret != 1) -+ return ret; - -+ return digest_soft_update(priv->soft_ctx, priv->e_nid, -+ tmpdata, left_len); - } - -- return 1; -+ fprintf(stderr, "do soft digest failed during updating!\n"); -+ return 0; - } - - static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_len) -@@ -681,11 +711,17 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) - goto clear; - } - memcpy(digest, priv->req.out, priv->req.out_bytes); -+ priv->last_update_bufflen = 0; - - return 1; - - sync_err: -- ret = uadk_e_digest_soft_work(priv, priv->tail, digest); -+ if (priv->state == SEC_DIGEST_INIT) { -+ ret = uadk_e_digest_soft_work(priv, priv->req.in_bytes, digest); -+ } else { -+ ret = 0; -+ fprintf(stderr, "do sec digest stream mode failed.\n"); -+ } - clear: - async_clear_async_event_notification(); - return ret; --- -2.24.4 - diff --git a/0015-ecc-bugfix-about-sm2-decryption.patch b/0015-ecc-bugfix-about-sm2-decryption.patch deleted file mode 100644 index 3c64c7bf51aae22a4ed315169d890bd910b5ce26..0000000000000000000000000000000000000000 --- a/0015-ecc-bugfix-about-sm2-decryption.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 32c58bf68e7f33d0170b3cc9040a11395a68df72 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 8 Jan 2022 07:24:22 +0000 -Subject: [PATCH 15/18] ecc: bugfix about sm2 decryption - -When doing sm2_decrypt_check(), if the out param is NULL, -it is supposed to use sm2_plaintext_size() function to -get the output plain text length, rather than use -sm2_ciphertext_size(). - -Signed-off-by: Zhiqi Song ---- - src/uadk_sm2.c | 29 ++++++++++++++++++++++------- - 1 file changed, 22 insertions(+), 7 deletions(-) - -diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c -index f602e48..b39c418 100644 ---- a/src/uadk_sm2.c -+++ b/src/uadk_sm2.c -@@ -524,7 +524,7 @@ static int cipher_ber_to_bin(unsigned char *ber, size_t ber_len, - len = BN_num_bytes(ctext_struct->C1x); - len1 = BN_num_bytes(ctext_struct->C1y); - c1->x.data = malloc(len + len1 + ctext_struct->C2->length + -- ctext_struct->C3->length); -+ ctext_struct->C3->length); - if (!c1->x.data) { - ret = -ENOMEM; - goto free_ctext; -@@ -547,7 +547,6 @@ free_ctext: - - static size_t ec_field_size(const EC_GROUP *group) - { -- /* Is there some simpler way to do this? */ - BIGNUM *p = BN_new(); - BIGNUM *a = BN_new(); - BIGNUM *b = BN_new(); -@@ -559,7 +558,7 @@ static size_t ec_field_size(const EC_GROUP *group) - if (!EC_GROUP_get_curve(group, p, a, b, NULL)) - goto done; - -- /* Pad and convert bits to bytes*/ -+ /* Pad and convert bits to bytes */ - field_size = (BN_num_bits(p) + 7) / 8; - - done: -@@ -570,6 +569,22 @@ done: - return field_size; - } - -+static int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size) -+{ -+ struct sm2_ciphertext *sm2_ctext; -+ -+ sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size); -+ if (!sm2_ctext) { -+ fprintf(stderr, "invalid sm2 encoding\n"); -+ return 0; -+ } -+ -+ *pt_size = sm2_ctext->C2->length; -+ SM2_Ciphertext_free(sm2_ctext); -+ -+ return 1; -+} -+ - static int sm2_ciphertext_size(const EC_KEY *key, - const EVP_MD *digest, size_t msg_len, - size_t *ct_size) -@@ -589,6 +604,7 @@ static int sm2_ciphertext_size(const EC_KEY *key, - + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING) - + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING); - *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE); -+ - return 1; - } - -@@ -792,7 +808,7 @@ static int sm2_verify(EVP_PKEY_CTX *ctx, - } - - ret = uadk_ecc_crypto(smctx->sess, &req, smctx); -- if (ret != 1) { -+ if (!ret) { - ret = UADK_DO_SOFT; - fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret); - goto uninit_iot; -@@ -941,8 +957,6 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx, - const unsigned char *in, size_t inlen) - { - struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx); -- EVP_PKEY *p_key = EVP_PKEY_CTX_get0_pkey(ctx); -- EC_KEY *ec = EVP_PKEY_get0(p_key); - const EVP_MD *md; - int hash_size; - -@@ -959,7 +973,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx, - } - - if (!out) { -- if (!sm2_ciphertext_size(ec, md, inlen, outlen)) -+ if (!sm2_plaintext_size(in, inlen, outlen)) - return -1; - else - return 1; -@@ -1039,6 +1053,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx, - } - - md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md; -+ - ret = cipher_ber_to_bin((void *)in, inlen, &c1, &c2, &c3); - if (ret) - goto do_soft; --- -2.24.4 - diff --git a/0016-dh-bugfix-about-dh-compute-key.patch b/0016-dh-bugfix-about-dh-compute-key.patch deleted file mode 100644 index c9f8f60c3f3fbf2be0ba47a388c1f6897a3cdd0e..0000000000000000000000000000000000000000 --- a/0016-dh-bugfix-about-dh-compute-key.patch +++ /dev/null @@ -1,103 +0,0 @@ -From ff486764bbab601177acad102febb1497262a88c Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 8 Jan 2022 08:42:55 +0000 -Subject: [PATCH 16/18] dh: bugfix about dh compute key - -This patch includes: -1. Add an UADK_DO_SOFT tag when dh_do_crypto() failed. -2. Do some tiny cleanup. - -Signed-off-by: Zhiqi Song ---- - src/uadk_dh.c | 14 ++++---------- - 1 file changed, 4 insertions(+), 10 deletions(-) - -diff --git a/src/uadk_dh.c b/src/uadk_dh.c -index 9c2bfbf..989c9ec 100644 ---- a/src/uadk_dh.c -+++ b/src/uadk_dh.c -@@ -741,13 +741,12 @@ static int dh_soft_set_pkey(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) - return UADK_E_SUCCESS; - } - --/* Main Phase1: Generate public key */ - static int uadk_e_dh_generate_key(DH *dh) - { - struct uadk_dh_sess *dh_sess = NULL; -- int bits = DH_bits(dh); -- BIGNUM *pub_key = NULL; - BIGNUM *priv_key = NULL; -+ BIGNUM *pub_key = NULL; -+ int bits = DH_bits(dh); - const BIGNUM *p = NULL; - const BIGNUM *g = NULL; - const BIGNUM *q = NULL; -@@ -771,7 +770,6 @@ static int uadk_e_dh_generate_key(DH *dh) - goto exe_soft; - } - -- /* Fill request data */ - ret = dh_fill_genkey_req(g, p, priv_key, dh_sess); - if (!ret) { - fprintf(stderr, "failed to fill req\n"); -@@ -786,7 +784,6 @@ static int uadk_e_dh_generate_key(DH *dh) - goto free_sess; - } - -- /* Get the generated public key from uadk(->hardware) */ - ret = dh_get_pubkey(dh_sess, &pub_key); - if (!ret) { - fprintf(stderr, "failed to get public key\n"); -@@ -794,7 +791,6 @@ static int uadk_e_dh_generate_key(DH *dh) - goto free_sess; - } - -- /* Set the public key and private key */ - ret = dh_soft_set_pkey(dh, pub_key, priv_key); - - free_sess: -@@ -806,16 +802,15 @@ exe_soft: - return uadk_e_dh_soft_generate_key(dh); - } - --/* Main Phase2: Compute shared key */ - static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, - DH *dh) - { - struct uadk_dh_sess *dh_sess = NULL; -+ BIGNUM *priv_key = NULL; - int bits = DH_bits(dh); - const BIGNUM *p = NULL; - const BIGNUM *g = NULL; - const BIGNUM *q = NULL; -- BIGNUM *priv_key = NULL; - int ret; - - if (!dh || !key || !pub_key || !DH_get0_priv_key(dh)) -@@ -845,6 +840,7 @@ static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, - ret = dh_do_crypto(dh_sess); - if (!ret) { - fprintf(stderr, "failed to generate DH shared key\n"); -+ ret = UADK_DO_SOFT; - goto free_sess; - } - -@@ -894,7 +890,6 @@ static void uadk_e_delete_dh_meth(void) - uadk_dh_method = NULL; - } - -- - int uadk_e_bind_dh(ENGINE *e) - { - pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE); -@@ -905,7 +900,6 @@ int uadk_e_bind_dh(ENGINE *e) - void uadk_e_destroy_dh(void) - { - pthread_spin_destroy(&g_dh_res.lock); -- - uadk_e_delete_dh_meth(); - uadk_e_wd_dh_uninit(); - } --- -2.24.4 - diff --git a/0017-ecc-bugfix-about-ecc-general-init.patch b/0017-ecc-bugfix-about-ecc-general-init.patch deleted file mode 100644 index c008750a1c39365081236bd29410e605a7d69036..0000000000000000000000000000000000000000 --- a/0017-ecc-bugfix-about-ecc-general-init.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 3ff18ada641a8ad6c54a6054b4b8323b0b4389a2 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 8 Jan 2022 09:03:00 +0000 -Subject: [PATCH 17/18] ecc: bugfix about ecc general init - -When calloc failed, it should return with error code directly. - -Signed-off-by: Zhiqi Song ---- - src/uadk_pkey.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c -index 7ca998b..14e0b8f 100644 ---- a/src/uadk_pkey.c -+++ b/src/uadk_pkey.c -@@ -189,7 +189,7 @@ static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev, - - ctx_cfg = calloc(1, sizeof(struct wd_ctx_config)); - if (!ctx_cfg) -- ret = -ENOMEM; -+ return -ENOMEM; - - ecc_res.ctx_res = ctx_cfg; - ctx_cfg->ctx_num = CTX_NUM; --- -2.24.4 - diff --git a/0018-digest-fix-codecheck-warning.patch b/0018-digest-fix-codecheck-warning.patch deleted file mode 100644 index 20a28e81e92664ad89204f422ffb954eefda2b3d..0000000000000000000000000000000000000000 --- a/0018-digest-fix-codecheck-warning.patch +++ /dev/null @@ -1,113 +0,0 @@ -From e26726746340428c58ea1ce2460c0fb669bb7545 Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Fri, 7 Jan 2022 09:56:54 +0800 -Subject: [PATCH 18/18] digest: fix codecheck warning - -fix a more than 50 lines function uadk_e_digest_init. - -Signed-off-by: Kai Ye ---- - src/uadk_digest.c | 57 ++++++++++++++++++++++++++--------------------- - 1 file changed, 31 insertions(+), 26 deletions(-) - -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index bf738af..5b843a0 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -95,6 +95,13 @@ struct digest_priv_ctx { - bool copy; - }; - -+struct digest_info { -+ int nid; -+ enum wd_digest_mode mode; -+ enum wd_digest_type alg; -+ __u32 out_len; -+}; -+ - static int digest_nids[] = { - NID_md5, - NID_sm3, -@@ -116,6 +123,16 @@ static struct digest_threshold_table digest_pkt_threshold_table[] = { - { NID_sha512, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT }, - }; - -+static struct digest_info digest_info_table[] = { -+ {NID_md5, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16}, -+ {NID_sm3, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32}, -+ {NID_sha1, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20}, -+ {NID_sha224, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28}, -+ {NID_sha256, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32}, -+ {NID_sha384, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48}, -+ {NID_sha512, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64}, -+}; -+ - static EVP_MD *uadk_md5; - static EVP_MD *uadk_sm3; - static EVP_MD *uadk_sha1; -@@ -451,8 +468,8 @@ static void digest_priv_ctx_setup(struct digest_priv_ctx *priv, - enum wd_digest_type alg, enum wd_digest_mode mode, - __u32 out_len) - { -- priv->setup.mode = alg; -- priv->setup.alg = mode; -+ priv->setup.alg = alg; -+ priv->setup.mode = mode; - priv->req.out_buf_bytes = out_len; - priv->req.out_bytes = out_len; - } -@@ -461,9 +478,10 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) - { - struct digest_priv_ctx *priv = - (struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx); -+ int digest_counts = ARRAY_SIZE(digest_info_table); - int nid = EVP_MD_nid(EVP_MD_CTX_md(ctx)); - struct sched_params params = {0}; -- int ret; -+ int ret, i; - - /* Allocate a soft ctx for hardware engine */ - if (priv->soft_ctx == NULL) -@@ -478,29 +496,16 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) - goto soft_init; - } - -- switch (nid) { -- case NID_md5: -- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16); -- break; -- case NID_sm3: -- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32); -- break; -- case NID_sha1: -- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20); -- break; -- case NID_sha224: -- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28); -- break; -- case NID_sha256: -- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32); -- break; -- case NID_sha384: -- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48); -- break; -- case NID_sha512: -- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64); -- break; -- default: -+ for (i = 0; i < digest_counts; i++) { -+ if (nid == digest_info_table[i].nid) { -+ digest_priv_ctx_setup(priv, digest_info_table[i].alg, -+ digest_info_table[i].mode, digest_info_table[i].out_len); -+ break; -+ } -+ } -+ -+ if (i == digest_counts) { -+ fprintf(stderr, "failed to setup the private ctx.\n"); - return 0; - } - --- -2.24.4 - diff --git a/0019-cipher-fixup-a-code-check-warning.patch b/0019-cipher-fixup-a-code-check-warning.patch deleted file mode 100644 index 181b5e30a9ea67c15954a0724711bf9165f30030..0000000000000000000000000000000000000000 --- a/0019-cipher-fixup-a-code-check-warning.patch +++ /dev/null @@ -1,27 +0,0 @@ -From e82ec8d48be21d107635e5f1a4874fb8999a27c4 Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Wed, 19 Jan 2022 09:41:25 +0800 -Subject: [PATCH 19/22] cipher: fixup a code check warning - -Do not put two or more continuous blank lines inside function. - -Signed-off-by: Kai Ye ---- - src/uadk_cipher.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index 2b8bb9c..3d376bf 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -890,7 +890,6 @@ static int uadk_e_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - struct async_op op; - int ret; - -- - priv->req.src = (unsigned char *)in; - priv->req.in_bytes = inlen; - priv->req.dst = out; --- -2.24.4 - diff --git a/0020-rsa-fixup-a-code-check-warning.patch b/0020-rsa-fixup-a-code-check-warning.patch deleted file mode 100644 index da4fc40476249321aa2af92d68ce7a0f00cda903..0000000000000000000000000000000000000000 --- a/0020-rsa-fixup-a-code-check-warning.patch +++ /dev/null @@ -1,27 +0,0 @@ -From d45c783eb7a7e1e38d5520239c218e7c927b1c00 Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Fri, 21 Jan 2022 17:01:15 +0800 -Subject: [PATCH 20/22] rsa: fixup a code check warning - -Do not add blank lines on the start of a code block defined by braces. - -Signed-off-by: Kai Ye ---- - src/uadk_rsa.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index 2526af9..8cad2f7 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -1781,7 +1781,6 @@ exe_soft: - - static RSA_METHOD *uadk_e_get_rsa_sw_methods(void) - { -- - /* meth: default rsa software method */ - const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); - --- -2.24.4 - diff --git a/0021-cipher-delete-a-redundant-branch.patch b/0021-cipher-delete-a-redundant-branch.patch deleted file mode 100644 index 3854d71311630760a4485548dad42f2fc859cc83..0000000000000000000000000000000000000000 --- a/0021-cipher-delete-a-redundant-branch.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 7a757c76d11b80282abc22e614f7126909027ecc Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Tue, 25 Jan 2022 14:21:48 +0800 -Subject: [PATCH 21/22] cipher: delete a redundant branch - -Find a redundant branch by DT-FUZZ, these codes have the same -logic as the following default code. - -Signed-off-by: Kai Ye ---- - src/uadk_cipher.c | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index 3d376bf..6e09a8c 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -373,11 +373,6 @@ static int uadk_e_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - break; - } - -- if (i == size) { -- *cipher = NULL; -- return 0; -- } -- - switch (nid) { - case NID_aes_128_cbc: - *cipher = uadk_aes_128_cbc; --- -2.24.4 - diff --git a/0022-engine-fix-engine-can-t-work-under-hybrid-mode.patch b/0022-engine-fix-engine-can-t-work-under-hybrid-mode.patch deleted file mode 100644 index 582f2189f3e16b2a47d7e7aca3aa27d50611ff57..0000000000000000000000000000000000000000 --- a/0022-engine-fix-engine-can-t-work-under-hybrid-mode.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 02dbe7743190f334609a86b61bc46ea6e91e82b4 Mon Sep 17 00:00:00 2001 -From: Wenkai Lin -Date: Wed, 16 Feb 2022 16:11:06 +0800 -Subject: [PATCH 22/22] engine: fix engine can't work under hybrid mode - -If hpre works in no-sva mode, and sec works in sva mode, -it will init hpre device first and return straightly, this -casuse sec not initialized correctly. So uadk engine should -init for both sva and no-sva device. - -Signed-off-by: Wenkai Lin ---- - src/e_uadk.c | 25 ++++++++++++++----------- - 1 file changed, 14 insertions(+), 11 deletions(-) - -diff --git a/src/e_uadk.c b/src/e_uadk.c -index 4e87c86..2714d5b 100644 ---- a/src/e_uadk.c -+++ b/src/e_uadk.c -@@ -319,10 +319,15 @@ static void bind_fn_uadk_alg(ENGINE *e) - free(dev); - } - -- if (!uadk_e_bind_ecc(e)) -- fprintf(stderr, "uadk bind ecc failed\n"); -- else -- uadk_ecc = 1; -+ /* find an ecc device, no difference for sm2/ecdsa/ecdh/x25519/x448 */ -+ dev = wd_get_accel_dev("ecdsa"); -+ if (dev) { -+ if (!uadk_e_bind_ecc(e)) -+ fprintf(stderr, "uadk bind ecc failed\n"); -+ else -+ uadk_ecc = 1; -+ free(dev); -+ } - } - - /* -@@ -349,17 +354,15 @@ static int bind_fn(ENGINE *e, const char *id) - uadk_dh_nosva) { - async_module_init_v1(); - pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler_v1); -- goto set_ctrl_cmd; - } - #endif -- async_module_init(); -- pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler); -- - bind_fn_uadk_alg(e); - --#ifdef KAE --set_ctrl_cmd: --#endif -+ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) { -+ async_module_init(); -+ pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler); -+ } -+ - ret = ENGINE_set_ctrl_function(e, uadk_engine_ctrl); - if (ret != 1) { - fprintf(stderr, "failed to set ctrl function\n"); --- -2.24.4 - diff --git a/0023-engine-add-the-kae-log-feature.patch b/0023-engine-add-the-kae-log-feature.patch deleted file mode 100644 index 8c390f1c42f8b02c3a2992451992a73240a972db..0000000000000000000000000000000000000000 --- a/0023-engine-add-the-kae-log-feature.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 351422390bf42e19a802d0e282f7f85342a1f792 Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Tue, 22 Feb 2022 11:18:46 +0800 -Subject: [PATCH 23/23] engine: add the kae log feature - -The original version of the kae engine supports the log system. So -need to be enabled the kae log feature at uadk_engine. - -example: -insmod hisi_sec2.ko uacce_mode=2 - -export KAE_CONF_ENV=/var/log/ -cd /var/log/ -touch kae.cnf -write: -[LogSection] -debug_level=error - -the debug_level can be set to none/error/iofo/warning/debug, -the result is stored in /var/log/kae.log - -Signed-off-by: Kai Ye ---- - src/e_uadk.c | 2 ++ - src/v1/uadk_v1.h | 1 + - 2 files changed, 3 insertions(+) - -diff --git a/src/e_uadk.c b/src/e_uadk.c -index 2714d5b..79ecef8 100644 ---- a/src/e_uadk.c -+++ b/src/e_uadk.c -@@ -205,6 +205,7 @@ static int uadk_destroy(ENGINE *e) - hpre_destroy(); - if (uadk_dh_nosva) - hpre_dh_destroy(); -+ kae_debug_close_log(); - #endif - - if (uadk_cipher) -@@ -348,6 +349,7 @@ static int bind_fn(ENGINE *e, const char *id) - } - - #ifdef KAE -+ kae_debug_init_log(); - bind_fn_kae_alg(e); - - if (uadk_cipher_nosva || uadk_digest_nosva || uadk_rsa_nosva || -diff --git a/src/v1/uadk_v1.h b/src/v1/uadk_v1.h -index d921706..9ca0a94 100644 ---- a/src/v1/uadk_v1.h -+++ b/src/v1/uadk_v1.h -@@ -16,6 +16,7 @@ - #define UADK_V1_H - #include "async/async_poll.h" - #include "utils/engine_fork.h" -+#include "utils/engine_log.h" - - extern void sec_ciphers_free_ciphers(void); - extern int cipher_module_init(void); --- -2.24.4 - diff --git a/0024-rsa-fix-interface-name.patch b/0024-rsa-fix-interface-name.patch deleted file mode 100644 index 065a08f373d132357d562cd65490612af5a2efbe..0000000000000000000000000000000000000000 --- a/0024-rsa-fix-interface-name.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 63c9bc75f229057657ff8b09c556bf416a493607 Mon Sep 17 00:00:00 2001 -From: Junchong Pan -Date: Wed, 2 Mar 2022 08:30:50 +0000 -Subject: [PATCH 24/31] rsa: fix interface name - -The name of the function wd_rsa_key_bits() -has been changed to wd_rsa_get_key_bits() -in uadk driver, so it needs to be modified -in engine synchronously. - -Signed-off-by: Junchong Pan -Signed-off-by: Zhiqi Song ---- - src/uadk_rsa.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index 8cad2f7..90cc535 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -986,7 +986,7 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req, - struct wd_dtb wd_dq; - struct wd_dtb wd_dp; - -- key_bits = wd_rsa_key_bits(ctx); -+ key_bits = wd_rsa_get_key_bits(ctx); - key_size = key_bits >> BIT_BYTES_SHIFT; - wd_rsa_get_kg_out_params(out, &wd_d, &wd_n); - wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp); --- -2.24.4 - diff --git a/0025-ecc-cleanup-sm2-unreachable-code.patch b/0025-ecc-cleanup-sm2-unreachable-code.patch deleted file mode 100644 index 4ddd2f78d98933f88f4db67f45e43b3af5c1bcc1..0000000000000000000000000000000000000000 --- a/0025-ecc-cleanup-sm2-unreachable-code.patch +++ /dev/null @@ -1,28 +0,0 @@ -From dcceb7e8f77306dda7dea31798ea8ab952fbe8ea Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Thu, 3 Mar 2022 02:00:46 +0000 -Subject: [PATCH 25/31] ecc: cleanup sm2 unreachable code - -The variable "b_s" should be judged, rather than "b_r". - -Signed-off-by: Zhiqi Song ---- - src/uadk_sm2.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c -index b39c418..8c75611 100644 ---- a/src/uadk_sm2.c -+++ b/src/uadk_sm2.c -@@ -422,7 +422,7 @@ static int sig_ber_to_bin(EC_KEY *ec, unsigned char *sig, size_t sig_len, - } - - b_s = (void *)ECDSA_SIG_get0_s((const ECDSA_SIG *)e_sig); -- if (!b_r) { -+ if (!b_s) { - fprintf(stderr, "failed to get s\n"); - ret = -EINVAL; - goto free_der; --- -2.24.4 - diff --git a/0026-rsa-cleanup-of-code-style.patch b/0026-rsa-cleanup-of-code-style.patch deleted file mode 100644 index 23e3cd76e9dcf1df3404505866cea441badf108b..0000000000000000000000000000000000000000 --- a/0026-rsa-cleanup-of-code-style.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 4bcecc067ed99f2323f1568779c34b858b5863a1 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Thu, 3 Mar 2022 02:32:44 +0000 -Subject: [PATCH 26/31] rsa: cleanup of code style - -Fix the following problems: -1. Macro replacement list should be enclosed in parentheses. -2. Return value judgment should follow the function call. -3. Remove redundant judgment. - -Signed-off-by: Zhiqi Song ---- - src/uadk_rsa.c | 12 +++--------- - 1 file changed, 3 insertions(+), 9 deletions(-) - -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index 90cc535..f7755e3 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -49,7 +49,7 @@ - #define UADK_DO_SOFT (-0xE0) - #define UADK_E_POLL_SUCCESS 0 - #define UADK_E_INIT_SUCCESS 0 --#define CHECK_PADDING_FAIL -1 -+#define CHECK_PADDING_FAIL (-1) - #define ENV_ENABLED 1 - - static RSA_METHOD *rsa_hw_meth; -@@ -312,7 +312,6 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param, - return UADK_E_SUCCESS; - - err = ERR_peek_last_error(); -- - if (ERR_GET_LIB(err) == ERR_LIB_BN && - ERR_GET_REASON(err) == BN_R_NO_INVERSE) - ERR_pop_to_mark(); -@@ -500,18 +499,13 @@ static int add_rsa_pubenc_padding(int flen, const unsigned char *from, - fprintf(stderr, "RSA_PKCS1_PADDING err\n"); - break; - case RSA_PKCS1_OAEP_PADDING: -- ret = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, -- NULL, 0); -+ ret = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0); - if (!ret) - fprintf(stderr, "RSA_PKCS1_OAEP_PADDING err\n"); - break; - default: - ret = UADK_E_FAIL; - } -- if (ret <= 0) -- ret = UADK_E_FAIL; -- else -- ret = UADK_E_SUCCESS; - - return ret; - } -@@ -530,7 +524,7 @@ static int check_rsa_pridec_padding(unsigned char *to, int num, - break; - case RSA_PKCS1_OAEP_PADDING: - ret = RSA_padding_check_PKCS1_OAEP(to, num, buf, len, num, -- NULL, 0); -+ NULL, 0); - if (!ret) - fprintf(stderr, "RSA_PKCS1_OAEP_PADDING err\n"); - break; --- -2.24.4 - diff --git a/0027-v1-fixup-about-uninitialized-variable.patch b/0027-v1-fixup-about-uninitialized-variable.patch deleted file mode 100644 index 2966d88ac7940f74da0b818d75e70300ca707d9b..0000000000000000000000000000000000000000 --- a/0027-v1-fixup-about-uninitialized-variable.patch +++ /dev/null @@ -1,62 +0,0 @@ -From fe44bced638c7d3d3084f4e788478b2faa35ffa4 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Thu, 3 Mar 2022 02:53:01 +0000 -Subject: [PATCH 27/31] v1: fixup about uninitialized variable - -Fix the compile warning of uninitialized variable. - -Signed-off-by: Zhiqi Song ---- - src/v1/alg/pkey/hpre_rsa.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/v1/alg/pkey/hpre_rsa.c b/src/v1/alg/pkey/hpre_rsa.c -index 93ba99a..6c1d96d 100644 ---- a/src/v1/alg/pkey/hpre_rsa.c -+++ b/src/v1/alg/pkey/hpre_rsa.c -@@ -316,7 +316,9 @@ static int hpre_rsa_public_encrypt(int flen, const unsigned char *from, - BIGNUM *ret_bn = NULL; - hpre_engine_ctx_t *eng_ctx = NULL; - unsigned char *in_buf = NULL; -- int key_bits, num_bytes; -+ BN_CTX *bn_ctx = NULL; -+ int num_bytes = 0; -+ int key_bits; - int ret; - - if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC) -@@ -340,7 +342,7 @@ static int hpre_rsa_public_encrypt(int flen, const unsigned char *from, - GOTOEND_IF(ret != HPRE_CRYPTO_SUCC, "check public key fail", - KAE_F_HPRE_RSA_PUBENC, KAE_R_PUBLIC_KEY_INVALID); - -- BN_CTX *bn_ctx = BN_CTX_new(); -+ bn_ctx = BN_CTX_new(); - - GOTOEND_IF(bn_ctx == NULL, "bn_ctx MALLOC FAILED!", - KAE_F_HPRE_RSA_PUBENC, KAE_R_MALLOC_FAILURE); -@@ -403,7 +405,9 @@ static int hpre_rsa_private_encrypt(int flen, const unsigned char *from, - const BIGNUM *dmq1 = (const BIGNUM *)NULL; - const BIGNUM *iqmp = (const BIGNUM *)NULL; - unsigned char *in_buf = (unsigned char *)NULL; -+ int num_bytes = 0; - int key_bits; -+ int version; - - if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC) - return HPRE_CRYPTO_FAIL; -@@ -431,10 +435,10 @@ static int hpre_rsa_private_encrypt(int flen, const unsigned char *from, - bn_ret = BN_CTX_get(bn_ctx); - RSA_get0_factors(rsa, &p, &q); - RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); -- int version = RSA_get_version(rsa); -+ version = RSA_get_version(rsa); - - RSA_get0_key(rsa, &n, &e, &d); -- int num_bytes = BN_num_bytes(n); -+ num_bytes = BN_num_bytes(n); - - in_buf = (unsigned char *)OPENSSL_malloc(num_bytes); - GOTOEND_IF(bn_ret == NULL || in_buf == NULL, "OpenSSL malloc failure", --- -2.24.4 - diff --git a/0028-ecc-fix-checking-conditions.patch b/0028-ecc-fix-checking-conditions.patch deleted file mode 100644 index a95e09e97ddd25c7ea822fcd5a91d4e83825b69c..0000000000000000000000000000000000000000 --- a/0028-ecc-fix-checking-conditions.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 8ce0ba841358d85eb89bf726d229dfaf4cd13156 Mon Sep 17 00:00:00 2001 -From: Weili Qian -Date: Thu, 3 Mar 2022 02:59:13 +0000 -Subject: [PATCH 28/31] ecc: fix checking conditions - -When initializing, the process is guaranteed -not to be initialized repeatedly. And when -uninitializing, the resource is released according -to whether the pid is equal or not. - -Signed-off-by: Weili Qian -Signed-off-by: Zhiqi Song ---- - src/uadk_pkey.c | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c -index 14e0b8f..ceb7a8f 100644 ---- a/src/uadk_pkey.c -+++ b/src/uadk_pkey.c -@@ -184,9 +184,6 @@ static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev, - struct wd_ctx_config *ctx_cfg; - int ret, i; - -- if (ecc_res.ctx_res) -- return 0; -- - ctx_cfg = calloc(1, sizeof(struct wd_ctx_config)); - if (!ctx_cfg) - return -ENOMEM; -@@ -256,7 +253,7 @@ static void uadk_wd_ecc_uninit(void) - struct wd_ctx_config *ctx_cfg = ecc_res.ctx_res; - int i, ret; - -- if (!ctx_cfg) -+ if (ecc_res.pid != getpid()) - return; - - ret = uadk_e_is_env_enabled("ecc"); --- -2.24.4 - diff --git a/0029-ecc-cleanup-print-log.patch b/0029-ecc-cleanup-print-log.patch deleted file mode 100644 index 7d5c41a9931f52c745700cd61b3263939f7b0bcb..0000000000000000000000000000000000000000 --- a/0029-ecc-cleanup-print-log.patch +++ /dev/null @@ -1,55 +0,0 @@ -From a19b11343facb6ff073cb01bf3583c8bf6cbb009 Mon Sep 17 00:00:00 2001 -From: Weili Qian -Date: Thu, 3 Mar 2022 03:08:45 +0000 -Subject: [PATCH 29/31] ecc: cleanup print log - -print with '\n' - -Signed-off-by: Weili Qian ---- - src/uadk_pkey.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c -index ceb7a8f..216ccc3 100644 ---- a/src/uadk_pkey.c -+++ b/src/uadk_pkey.c -@@ -572,7 +572,7 @@ static int get_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, - case EVP_PKEY_SM2: - ret = uadk_sm2_create_pmeth(&pkey_meth); - if (!ret) { -- fprintf(stderr, "failed to register sm2 pmeth"); -+ fprintf(stderr, "failed to register sm2 pmeth.\n"); - return 0; - } - *pmeth = pkey_meth.sm2; -@@ -580,7 +580,7 @@ static int get_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, - case EVP_PKEY_EC: - ret = uadk_ec_create_pmeth(&pkey_meth); - if (!ret) { -- fprintf(stderr, "failed to register ec pmeth"); -+ fprintf(stderr, "failed to register ec pmeth.\n"); - return 0; - } - *pmeth = pkey_meth.ec; -@@ -588,7 +588,7 @@ static int get_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, - case EVP_PKEY_X448: - ret = uadk_x448_create_pmeth(&pkey_meth); - if (!ret) { -- fprintf(stderr, "failed to register x448 pmeth"); -+ fprintf(stderr, "failed to register x448 pmeth.\n"); - return 0; - } - *pmeth = pkey_meth.x448; -@@ -596,7 +596,7 @@ static int get_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, - case EVP_PKEY_X25519: - ret = uadk_x25519_create_pmeth(&pkey_meth); - if (!ret) { -- fprintf(stderr, "failed to register x25519 pmeth"); -+ fprintf(stderr, "failed to register x25519 pmeth.\n"); - return 0; - } - *pmeth = pkey_meth.x25519; --- -2.24.4 - diff --git a/0030-engine-fix-function-return-type.patch b/0030-engine-fix-function-return-type.patch deleted file mode 100644 index 4f14a7a94c508c0a451c4adab9346bd583ae4ee8..0000000000000000000000000000000000000000 --- a/0030-engine-fix-function-return-type.patch +++ /dev/null @@ -1,218 +0,0 @@ -From 26360660c516fe54b48502a3ca9eb1bbf47146d5 Mon Sep 17 00:00:00 2001 -From: Weili Qian -Date: Thu, 3 Mar 2022 03:11:24 +0000 -Subject: [PATCH 30/31] engine: fix function return type - -The async_register_poll_fn() is an internal -function, and the probability of parameter -error is low. If the parameter is wrong, -a log will be printed, there is no need to -return an error code. And 'MAX_ALG_SIZE' is -chenged to 'ASYNC_TASK_MAX'. - -Signed-off-by: Weili Qian -Signed-off-by: Zhiqi Song ---- - src/uadk_async.c | 13 ++++++------- - src/uadk_async.h | 5 +++-- - src/uadk_cipher.c | 9 ++++++--- - src/uadk_dh.c | 8 ++++++-- - src/uadk_digest.c | 9 ++++++--- - src/uadk_pkey.c | 8 ++++++-- - src/uadk_rsa.c | 8 ++++++-- - 7 files changed, 39 insertions(+), 21 deletions(-) - -diff --git a/src/uadk_async.c b/src/uadk_async.c -index 5320ae6..c98153b 100644 ---- a/src/uadk_async.c -+++ b/src/uadk_async.c -@@ -22,11 +22,9 @@ - #include "uadk.h" - #include "uadk_async.h" - --#define MAX_ALG_SIZE 6 -- - static struct async_poll_queue poll_queue; - --static async_recv_t async_recv_func[MAX_ALG_SIZE]; -+static async_recv_t async_recv_func[ASYNC_TASK_MAX]; - - static void async_fd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, - OSSL_ASYNC_FD readfd, void *custom) -@@ -292,13 +290,14 @@ int async_wake_job(ASYNC_JOB *job) - return ret; - } - --int async_register_poll_fn(int type, async_recv_t func) -+void async_register_poll_fn(int type, async_recv_t func) - { -- if (type < 0 || type >= MAX_ALG_SIZE) -- return -1; -+ if (type < 0 || type >= ASYNC_TASK_MAX) { -+ fprintf(stderr, "alg type is error, type= %d.\n", type); -+ return; -+ } - - async_recv_func[type] = func; -- return 0; - } - - static void *async_poll_process_func(void *args) -diff --git a/src/uadk_async.h b/src/uadk_async.h -index cbb4b62..9836dbb 100644 ---- a/src/uadk_async.h -+++ b/src/uadk_async.h -@@ -42,7 +42,8 @@ enum task_type { - ASYNC_TASK_DIGEST, - ASYNC_TASK_RSA, - ASYNC_TASK_DH, -- ASYNC_TASK_ECC -+ ASYNC_TASK_ECC, -+ ASYNC_TASK_MAX - }; - - struct async_poll_task { -@@ -66,7 +67,7 @@ struct async_poll_queue { - extern int async_setup_async_event_notification(struct async_op *op); - extern int async_clear_async_event_notification(void); - extern int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id); --extern int async_register_poll_fn(int type, async_recv_t func); -+extern void async_register_poll_fn(int type, async_recv_t func); - extern void async_module_init(void); - extern int async_wake_job(ASYNC_JOB *job); - extern void async_free_poll_task(int id, bool is_cb); -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index 6e09a8c..8f8af7e 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -550,8 +550,9 @@ static int uadk_e_wd_cipher_env_init(struct uacce_dev *dev) - if (ret) - return ret; - -- return async_register_poll_fn(ASYNC_TASK_CIPHER, -- uadk_e_cipher_env_poll); -+ async_register_poll_fn(ASYNC_TASK_CIPHER, uadk_e_cipher_env_poll); -+ -+ return 0; - } - - static int uadk_e_wd_cipher_init(struct uacce_dev *dev) -@@ -596,7 +597,9 @@ static int uadk_e_wd_cipher_init(struct uacce_dev *dev) - if (ret) - goto err_freectx; - -- return async_register_poll_fn(ASYNC_TASK_CIPHER, uadk_e_cipher_poll); -+ async_register_poll_fn(ASYNC_TASK_CIPHER, uadk_e_cipher_poll); -+ -+ return 0; - - err_freectx: - for (j = 0; j < i; j++) -diff --git a/src/uadk_dh.c b/src/uadk_dh.c -index 989c9ec..40fb583 100644 ---- a/src/uadk_dh.c -+++ b/src/uadk_dh.c -@@ -296,7 +296,9 @@ static int uadk_e_wd_dh_env_init(struct uacce_dev *dev) - if (ret) - return ret; - -- return async_register_poll_fn(ASYNC_TASK_DH, uadk_e_dh_env_poll); -+ async_register_poll_fn(ASYNC_TASK_DH, uadk_e_dh_env_poll); -+ -+ return 0; - } - - static int uadk_e_wd_dh_init(struct dh_res_config *config, struct uacce_dev *dev) -@@ -335,7 +337,9 @@ static int uadk_e_wd_dh_init(struct dh_res_config *config, struct uacce_dev *dev - if (ret) - goto free_ctx; - -- return async_register_poll_fn(ASYNC_TASK_DH, uadk_e_dh_poll); -+ async_register_poll_fn(ASYNC_TASK_DH, uadk_e_dh_poll); -+ -+ return 0; - - free_ctx: - for (i = 0; i < CTX_NUM; i++) { -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index 5b843a0..ad24168 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -374,8 +374,9 @@ static int uadk_e_wd_digest_env_init(struct uacce_dev *dev) - if (ret) - return ret; - -- return async_register_poll_fn(ASYNC_TASK_DIGEST, -- uadk_e_digest_env_poll); -+ async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_env_poll); -+ -+ return 0; - } - - static int uadk_e_wd_digest_init(struct uacce_dev *dev) -@@ -415,7 +416,9 @@ static int uadk_e_wd_digest_init(struct uacce_dev *dev) - if (ret) - goto err_freectx; - -- return async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_poll); -+ async_register_poll_fn(ASYNC_TASK_DIGEST, uadk_e_digest_poll); -+ -+ return 0; - - err_freectx: - for (j = 0; j < i; j++) -diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c -index 216ccc3..f27e2f5 100644 ---- a/src/uadk_pkey.c -+++ b/src/uadk_pkey.c -@@ -175,7 +175,9 @@ static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev) - if (ret) - return ret; - -- return async_register_poll_fn(ASYNC_TASK_ECC, uadk_e_ecc_env_poll); -+ async_register_poll_fn(ASYNC_TASK_ECC, uadk_e_ecc_env_poll); -+ -+ return 0; - } - - static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev, -@@ -209,7 +211,9 @@ static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev, - if (ret) - goto free_ctx; - -- return async_register_poll_fn(ASYNC_TASK_ECC, uadk_ecc_poll); -+ async_register_poll_fn(ASYNC_TASK_ECC, uadk_ecc_poll); -+ -+ return 0; - - free_ctx: - for (i = 0; i < CTX_NUM; i++) { -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index f7755e3..c5d4dbb 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -713,7 +713,9 @@ static int uadk_e_wd_rsa_env_init(struct uacce_dev *dev) - if (ret) - return ret; - -- return async_register_poll_fn(ASYNC_TASK_RSA, uadk_e_rsa_env_poll); -+ async_register_poll_fn(ASYNC_TASK_RSA, uadk_e_rsa_env_poll); -+ -+ return 0; - } - - static int uadk_e_wd_rsa_init(struct rsa_res_config *config, -@@ -753,7 +755,9 @@ static int uadk_e_wd_rsa_init(struct rsa_res_config *config, - if (ret) - goto free_ctx; - -- return async_register_poll_fn(ASYNC_TASK_RSA, uadk_e_rsa_poll); -+ async_register_poll_fn(ASYNC_TASK_RSA, uadk_e_rsa_poll); -+ -+ return 0; - - free_ctx: - for (i = 0; i < CTX_NUM; i++) { --- -2.24.4 - diff --git a/0031-rsa-fixup-about-the-wrong-copy.patch b/0031-rsa-fixup-about-the-wrong-copy.patch deleted file mode 100644 index a41a420bca55c85ba89c860c2d637e678c828a26..0000000000000000000000000000000000000000 --- a/0031-rsa-fixup-about-the-wrong-copy.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 2c99863001cbb39838d983d76171ac131930c310 Mon Sep 17 00:00:00 2001 -From: Weili Qian -Date: Thu, 3 Mar 2022 03:25:03 +0000 -Subject: [PATCH 31/31] rsa: fixup about the wrong copy - -The pointer of 'req.src' is NULL, and the -direct memcpy operation will fail. Therefore, -delete the memcpy and assign a value directly later. - -Signed-off-by: Weili Qian -Signed-off-by: Zhiqi Song ---- - src/uadk_rsa.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index c5d4dbb..1488b98 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -902,7 +902,6 @@ static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param, - if (!rsa_sess->is_pubkey_ready) { - wd_rsa_get_pubkey(rsa_sess->sess, &pubkey); - wd_rsa_get_pubkey_params(pubkey, &wd_e, &wd_n); -- memcpy(rsa_sess->req.src, in_buf, rsa_sess->req.src_bytes); - wd_e->dsize = BN_bn2bin(pubkey_param->e, - (unsigned char *)wd_e->data); - wd_n->dsize = BN_bn2bin(pubkey_param->n, --- -2.24.4 - diff --git a/0032-README-modify-the-engine-id-name.patch b/0032-README-modify-the-engine-id-name.patch deleted file mode 100644 index 37b5b7711e3bbe1d5ceabf268f8d031f312cb58f..0000000000000000000000000000000000000000 --- a/0032-README-modify-the-engine-id-name.patch +++ /dev/null @@ -1,164 +0,0 @@ -From a476a9881ed143f16eb579f3a34446ea24cb20f8 Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Fri, 4 Mar 2022 14:44:07 +0800 -Subject: [PATCH 32/32] README: modify the engine id name - -The new engine id name is 'uadk_engine'. So need to update -the README. - -Signed-off-by: Kai Ye ---- - README | 98 +++++++++++++++++++++++++++++----------------------------- - 1 file changed, 49 insertions(+), 49 deletions(-) - -diff --git a/README b/README -index e02de8f..562a859 100644 ---- a/README -+++ b/README -@@ -67,60 +67,60 @@ Testing - ``` - 1. Cipher - ``` --openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p --openssl speed -engine uadk -async_jobs 1 -evp aes-128-cbc --openssl speed -engine uadk -async_jobs 1 -evp sm4-cbc --openssl speed -engine uadk -async_jobs 1 -evp des-ede3-cbc -+openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -+openssl speed -engine uadk_engine -async_jobs 1 -evp aes-128-cbc -+openssl speed -engine uadk_engine -async_jobs 1 -evp sm4-cbc -+openssl speed -engine uadk_engine -async_jobs 1 -evp des-ede3-cbc - ``` - 2. RSA - ``` --openssl genrsa -out prikey.pem -engine uadk 2048 --openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk --openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk --openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk --openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk --openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk --openssl speed -elapsed -engine uadk rsa2048 --openssl speed -elapsed -engine uadk -async_jobs 10 rsa2048 -+openssl genrsa -out prikey.pem -engine uadk_engine 2048 -+openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk_engine -+openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk_engine -+openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk_engine -+openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk_engine -+openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk_engine -+openssl speed -elapsed -engine uadk_engine rsa2048 -+openssl speed -elapsed -engine uadk_engine -async_jobs 10 rsa2048 - ``` - 3. SM3 - ``` --openssl sm3 -engine uadk data -+openssl sm3 -engine uadk_engine data - ``` - 4. MD5 - ``` --openssl speed -engine uadk -async_jobs 1 -evp md5 -+openssl speed -engine uadk_engine -async_jobs 1 -evp md5 - ``` - 5. SHA - ``` --openssl sha1 -engine uadk data --openssl sha256 -engine uadk data --openssl sha512 -engine uadk data -+openssl sha1 -engine uadk_engine data -+openssl sha256 -engine uadk_engine data -+openssl sha512 -engine uadk_engine data - ``` - 6. DH - -@@ -142,9 +142,9 @@ openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine uadk - [step 4] After exchanging public key, each user can derive the shared secret: - ``` - openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out --secret1.bin -engine uadk -+secret1.bin -engine uadk_engine - openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out --secret2.bin -engine uadk -+secret2.bin -engine uadk_engine - ``` - [step 5] Check secret1.bin and secret2.bin: - ``` -@@ -156,15 +156,15 @@ secret1.bin and secret2.bin should be the same. - - 7. SM2 - ``` --openssl speed -elapsed -engine uadk sm2 --openssl speed -elapsed -engine uadk -async_jobs 1 sm2 -+openssl speed -elapsed -engine uadk_engine sm2 -+openssl speed -elapsed -engine uadk_engine -async_jobs 1 sm2 - openssl ecparam -genkey -name SM2 -out SM2PrivateKey.pem - openssl ec -in SM2PrivateKey.pem -pubout -out SM2PublicKey.pem - ``` - 8. ECDSA - ``` --openssl speed -elapsed -engine uadk ecdsap256 --openssl speed -elapsed -engine uadk -async_jobs 1 ecdsap256 -+openssl speed -elapsed -engine uadk_engine ecdsap256 -+openssl speed -elapsed -engine uadk_engine -async_jobs 1 ecdsap256 - ``` - - Environment variable of uadk engine -@@ -184,7 +184,7 @@ openssl_cnf = openssl_def - [openssl_def] - engines = engine_section - [engine_section] --uadk = uadk_section -+uadk_engine = uadk_section - [uadk_section] - UADK_CMD_ENABLE_RSA_ENV = 1 - UADK_CMD_ENABLE_DH_ENV = 1 --- -2.24.4 - diff --git a/0033-digest-improve-the-digest-performance.patch b/0033-digest-improve-the-digest-performance.patch deleted file mode 100644 index d7aa57a797d4e665460fd0c1274e3bf016027e4f..0000000000000000000000000000000000000000 --- a/0033-digest-improve-the-digest-performance.patch +++ /dev/null @@ -1,226 +0,0 @@ -From 3cbf3c85645d7ec43aa149c1bcf346a556bbf30a Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Tue, 8 Mar 2022 15:44:00 +0800 -Subject: [PATCH 33/36] digest: improve the digest performance - -1. The memset function found to be a hotspot function by perf. so should - remove the memset in io path. it can improve three times - performance. -2. add some branch predictor function to improve a little performance. -3. use the uadk_memory_cpy can improve 5% performance. - -Signed-off-by: Kai Ye ---- - src/Makefile.am | 4 +-- - src/uadk.h | 1 + - src/uadk_digest.c | 17 ++++++------- - src/uadk_utils.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++ - src/uadk_utils.h | 24 ++++++++++++++++++ - 5 files changed, 98 insertions(+), 11 deletions(-) - create mode 100644 src/uadk_utils.c - create mode 100644 src/uadk_utils.h - -diff --git a/src/Makefile.am b/src/Makefile.am -index 636f559..75595aa 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -7,8 +7,8 @@ UADK_ENGINE_VERSION = -version-number ${MAJOR}:${MINOR}:${REVISION} - - lib_LTLIBRARIES=uadk_engine.la - --uadk_engine_la_SOURCES=e_uadk.c uadk_cipher.c uadk_digest.c uadk_async.c uadk_rsa.c \ -- uadk_sm2.c uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c -+uadk_engine_la_SOURCES=uadk_utils.c e_uadk.c uadk_cipher.c uadk_digest.c uadk_async.c \ -+ uadk_rsa.c uadk_sm2.c uadk_pkey.c uadk_dh.c uadk_ec.c uadk_ecx.c - uadk_engine_la_LIBADD=-ldl -lwd -lwd_crypto -lpthread - uadk_engine_la_LDFLAGS=-module $(UADK_ENGINE_VERSION) - -diff --git a/src/uadk.h b/src/uadk.h -index 0f9b0be..384e035 100644 ---- a/src/uadk.h -+++ b/src/uadk.h -@@ -19,6 +19,7 @@ - #include - #include - #include -+#include "uadk_utils.h" - - #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) - #define ENV_STRING_LEN 256 -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index ad24168..355917d 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -493,7 +493,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) - - priv->state = SEC_DIGEST_INIT; - ret = uadk_e_init_digest(); -- if (!ret) { -+ if (unlikely(!ret)) { - priv->switch_flag = UADK_DO_SOFT; - fprintf(stderr, "uadk failed to initialize digest.\n"); - goto soft_init; -@@ -507,7 +507,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) - } - } - -- if (i == digest_counts) { -+ if (unlikely(i == digest_counts)) { - fprintf(stderr, "failed to setup the private ctx.\n"); - return 0; - } -@@ -519,11 +519,10 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) - return 0; - - priv->data = malloc(DIGEST_BLOCK_SIZE); -- if (!priv->data) { -+ if (unlikely(!priv->data)) { - wd_digest_free_sess(priv->sess); - return 0; - } -- memset(priv->data, 0, DIGEST_BLOCK_SIZE); - - priv->switch_threshold = sec_digest_get_sw_threshold(nid); - -@@ -546,7 +545,8 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le - - while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) { - copy_to_bufflen = DIGEST_BLOCK_SIZE - priv->last_update_bufflen; -- memcpy(priv->data + priv->last_update_bufflen, tmpdata, copy_to_bufflen); -+ uadk_memcpy(priv->data + priv->last_update_bufflen, tmpdata, -+ copy_to_bufflen); - - priv->last_update_bufflen = DIGEST_BLOCK_SIZE; - priv->req.in_bytes = DIGEST_BLOCK_SIZE; -@@ -567,10 +567,9 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le - } - - priv->last_update_bufflen = 0; -- memset(priv->data, 0, DIGEST_BLOCK_SIZE); - if (left_len <= DIGEST_BLOCK_SIZE) { - priv->last_update_bufflen = left_len; -- memcpy(priv->data, tmpdata, priv->last_update_bufflen); -+ uadk_memcpy(priv->data, tmpdata, priv->last_update_bufflen); - break; - } - } -@@ -604,7 +603,7 @@ static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_l - goto soft_update; - - if (priv->last_update_bufflen + data_len <= DIGEST_BLOCK_SIZE) { -- memcpy(priv->data + priv->last_update_bufflen, data, data_len); -+ uadk_memcpy(priv->data + priv->last_update_bufflen, data, data_len); - priv->last_update_bufflen += data_len; - return 1; - } -@@ -697,7 +696,7 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) - priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx)); - - ret = async_setup_async_event_notification(&op); -- if (!ret) { -+ if (unlikely(!ret)) { - fprintf(stderr, "failed to setup async event notification.\n"); - return 0; - } -diff --git a/src/uadk_utils.c b/src/uadk_utils.c -new file mode 100644 -index 0000000..2b34b3a ---- /dev/null -+++ b/src/uadk_utils.c -@@ -0,0 +1,63 @@ -+/* -+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. -+ * -+ * Licensed under the Apache License, Version 2.0 (the "License"); -+ * you may not use this file except in compliance with the License. -+ * You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ * -+ */ -+#include "uadk_utils.h" -+ -+#define UADK_MEM_IMPROVE_THRESHOLD 1024 -+ -+static void *memcpy_large(void *dstpp, const void *srcpp, size_t len) -+{ -+ __asm__ __volatile__( -+ "add x4, %[src], %[count]\n\t" -+ "add x5, %[res], %[count]\n\t" -+ "ldr q0, [%[src]]\n\t" -+ "str q0, [%[res]]\n\t" -+ "sub %[count], %[count], 80\n\t" -+ "and x14, %[src], 15\n\t" -+ "bic %[src], %[src], 15\n\t" -+ "sub x3, %[res], x14\n\t" -+ "add %[count], %[count], x14\n\t" -+ -+ "1:\n\t" -+ "ldp q0, q1, [%[src], 16]\n\t" -+ "stp q0, q1, [x3, 16]\n\t" -+ "ldp q0, q1, [%[src], 48]\n\t" -+ "stp q0, q1, [x3, 48]\n\t" -+ "add %[src], %[src], 64\n\t" -+ "add x3, x3, 64\n\t" -+ "subs %[count], %[count], 64\n\t" -+ "b.hi 1b\n\t" -+ -+ "ldp q0, q1, [x4, -64]\n\t" -+ "stp q0, q1, [x5, -64]\n\t" -+ "ldp q0, q1, [x4, -32]\n\t" -+ "stp q0, q1, [x5, -32]\n\t" -+ -+ : [res] "+r"(dstpp) -+ : [src] "r"(srcpp), [count] "r"(len) -+ : "x3", "x4", "x5", "x14", "q0", "q1" -+ ); -+ -+ return dstpp; -+} -+ -+void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len) -+{ -+ if (len >= UADK_MEM_IMPROVE_THRESHOLD) -+ return memcpy_large(dstpp, srcpp, len); -+ else -+ return memcpy(dstpp, srcpp, len); -+} -diff --git a/src/uadk_utils.h b/src/uadk_utils.h -new file mode 100644 -index 0000000..a16536b ---- /dev/null -+++ b/src/uadk_utils.h -@@ -0,0 +1,24 @@ -+/* -+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. -+ * -+ * Licensed under the Apache License, Version 2.0 (the "License"); -+ * you may not use this file except in compliance with the License. -+ * You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ * -+ */ -+#ifndef UADK_UTILS -+#define UADK_UTILS -+#include -+#include -+#include -+ -+void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len); -+#endif --- -2.24.4 - diff --git a/0034-cipher-support-the-sm4-ecb-alg.patch b/0034-cipher-support-the-sm4-ecb-alg.patch deleted file mode 100644 index 4bb58d1e30f443c8ca5a205fb264d6054dfb5a31..0000000000000000000000000000000000000000 --- a/0034-cipher-support-the-sm4-ecb-alg.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 2dc0aa3a544afd4861656f4e876e287aa3ead9b9 Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Tue, 8 Mar 2022 16:15:32 +0800 -Subject: [PATCH 34/36] cipher: support the sm4-ecb alg - -the uadk sdk layer has supported the sm4-ecb alg. Kunpeng 920 -supports the sm4-ecb by new chip fs. - -Signed-off-by: Kai Ye ---- - src/uadk_cipher.c | 15 ++++++++------- - src/v1/alg/ciphers/sec_ciphers.c | 1 + - 2 files changed, 9 insertions(+), 7 deletions(-) - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index 8f8af7e..e4595be 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -87,6 +87,7 @@ static int cipher_920_nids[] = { - NID_sm4_cbc, - NID_des_ede3_cbc, - NID_des_ede3_ecb, -+ NID_sm4_ecb, - 0, - }; - -@@ -103,7 +104,6 @@ static int cipher_930_nids[] = { - NID_aes_128_xts, - NID_aes_256_xts, - NID_sm4_cbc, -- NID_sm4_ecb, - NID_des_ede3_cbc, - NID_des_ede3_ecb, - NID_aes_128_cfb128, -@@ -984,6 +984,11 @@ static int bind_v2_cipher(void) - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); -+ UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 16, EVP_CIPH_ECB_MODE, -+ sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, -+ uadk_e_do_cipher, uadk_e_cipher_cleanup, -+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); -+ - return 0; - } - -@@ -1037,10 +1042,6 @@ static int bind_v3_cipher(void) - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); -- UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 16, EVP_CIPH_ECB_MODE, -- sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, -- uadk_e_do_cipher, uadk_e_cipher_cleanup, -- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); - - return 0; - } -@@ -1088,6 +1089,8 @@ static void destroy_v2_cipher(void) - uadk_des_ede3_cbc = 0; - EVP_CIPHER_meth_free(uadk_des_ede3_ecb); - uadk_des_ede3_ecb = 0; -+ EVP_CIPHER_meth_free(uadk_sm4_ecb); -+ uadk_sm4_ecb = 0; - } - - static void destroy_v3_cipher(void) -@@ -1116,8 +1119,6 @@ static void destroy_v3_cipher(void) - uadk_sm4_ofb128 = 0; - EVP_CIPHER_meth_free(uadk_sm4_ctr); - uadk_sm4_ctr = 0; -- EVP_CIPHER_meth_free(uadk_sm4_ecb); -- uadk_sm4_ecb = 0; - } - - void uadk_e_destroy_cipher(void) -diff --git a/src/v1/alg/ciphers/sec_ciphers.c b/src/v1/alg/ciphers/sec_ciphers.c -index 2c619be..b4743ed 100644 ---- a/src/v1/alg/ciphers/sec_ciphers.c -+++ b/src/v1/alg/ciphers/sec_ciphers.c -@@ -85,6 +85,7 @@ static int g_known_cipher_nids[CIPHERS_COUNT] = { - NID_sm4_ctr, - NID_sm4_cbc, - NID_sm4_ofb128, -+ NID_sm4_ecb, - }; - - #define SEC_CIPHERS_RETURN_FAIL_IF(cond, mesg, ret) \ --- -2.24.4 - diff --git a/0035-cipher-fix-segmentation-fault-for-uadk_e_ctx_init.patch b/0035-cipher-fix-segmentation-fault-for-uadk_e_ctx_init.patch deleted file mode 100644 index d23b5127e7a711d9392d2550f3fc1c4c552c7e58..0000000000000000000000000000000000000000 --- a/0035-cipher-fix-segmentation-fault-for-uadk_e_ctx_init.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 1ff08b383a59150a193870b3150d5265a03864ed Mon Sep 17 00:00:00 2001 -From: Wenkai Lin -Date: Thu, 10 Mar 2022 20:03:20 +0800 -Subject: [PATCH 35/36] cipher: fix segmentation fault for uadk_e_ctx_init - -if uadk_e_init_cipher failed, there is no need to -alloc cipher session, and alloc session will meet -a segmentation fault because sched_init is not -set by wd_cipher_init. - -Signed-off-by: Wenkai Lin ---- - src/uadk_cipher.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index e4595be..d6dd8e8 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -846,15 +846,16 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv) - struct sched_params params = {0}; - int ret; - -+ priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx); -+ priv->req.iv = priv->iv; -+ - ret = uadk_e_init_cipher(); - if (unlikely(!ret)) { - priv->switch_flag = UADK_DO_SOFT; - fprintf(stderr, "uadk failed to init cipher HW!\n"); -+ return; - } - -- priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx); -- priv->req.iv = priv->iv; -- - /* - * The internal RR scheduler used by environment variables, - * the cipher algorithm does not distinguish between --- -2.24.4 - diff --git a/0036-cipher-sm4-ecb-algorithm-is-deleted-by-mistake.patch b/0036-cipher-sm4-ecb-algorithm-is-deleted-by-mistake.patch deleted file mode 100644 index 0fb5eb46c6e329fdf99077df272e8bde1cf41ccd..0000000000000000000000000000000000000000 --- a/0036-cipher-sm4-ecb-algorithm-is-deleted-by-mistake.patch +++ /dev/null @@ -1,28 +0,0 @@ -From cf720869f7637e41ff1094d8bc640180fca55f75 Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Tue, 15 Mar 2022 17:07:59 +0800 -Subject: [PATCH 36/36] cipher: sm4-ecb algorithm is deleted by mistake - -Because sm4-ecb alg is deleted by mistake. So this alg -not be found in hardware V3. - -Signed-off-by: Kai Ye ---- - src/uadk_cipher.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index d6dd8e8..5ebad64 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -104,6 +104,7 @@ static int cipher_930_nids[] = { - NID_aes_128_xts, - NID_aes_256_xts, - NID_sm4_cbc, -+ NID_sm4_ecb, - NID_des_ede3_cbc, - NID_des_ede3_ecb, - NID_aes_128_cfb128, --- -2.24.4 - diff --git a/0037-rsa-bugfix-about-redundant-and-inefficient-operation.patch b/0037-rsa-bugfix-about-redundant-and-inefficient-operation.patch deleted file mode 100644 index f5292178b90ef30bfcb51302b6240e922d814c05..0000000000000000000000000000000000000000 --- a/0037-rsa-bugfix-about-redundant-and-inefficient-operation.patch +++ /dev/null @@ -1,694 +0,0 @@ -From 50692e4bc425c5709a468946cb56ad483be90f7c Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Fri, 18 Mar 2022 23:25:47 +0800 -Subject: [PATCH 37/37] rsa: bugfix about redundant and inefficient operations - -Includes: -1. Remove redundant judgment conditions. -2. Remove redundant function parameters. -3. Remove the redundant operation in soft RSA keygen method. -4. Use more efficient BN memory allocation method, and add -judgment of the results. - -Signed-off-by: Zhiqi Song ---- - src/uadk_rsa.c | 331 ++++++++++++++++++++++--------------------------- - 1 file changed, 148 insertions(+), 183 deletions(-) - -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index 1488b98..821cb78 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -143,7 +143,7 @@ enum { - - static int rsa_check_bit_useful(const int bits, int flen) - { -- if (!flen && flen > bits) -+ if (flen > bits) - return SOFT; - - if (bits < RSA_MIN_MODULUS_BITS) -@@ -411,8 +411,8 @@ static int get_rsa_prime_param(struct rsa_prime_param *param, BN_CTX *ctx) - return UADK_E_SUCCESS; - - end: -- fprintf(stderr, "failed to malloc params\n"); -- return UADK_E_FAIL; -+ fprintf(stderr, "failed to allocate rsa prime params\n"); -+ return -ENOMEM; - } - - static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p, -@@ -433,13 +433,11 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p, - - BN_CTX_start(ctx); - param = OPENSSL_zalloc(sizeof(struct rsa_prime_param)); -- if (!param) { -- fprintf(stderr, "failed to malloc rsa prime param\n"); -+ if (!param) - goto free_ctx; -- } - - ret = get_rsa_prime_param(param, ctx); -- if (!ret) -+ if (ret != UADK_E_SUCCESS) - goto free_param; - - /* Divide bits into 'primes' pieces evenly */ -@@ -624,9 +622,10 @@ static int rsa_get_sign_res(int padding, BIGNUM *to_bn, const BIGNUM *n, - return UADK_E_SUCCESS; - } - --static int rsa_get_verify_res(int padding, BIGNUM *to_bn, const BIGNUM *n, -- BIGNUM *ret_bn) -+static int rsa_get_verify_res(int padding, const BIGNUM *n, BIGNUM *ret_bn) - { -+ BIGNUM *to_bn = NULL; -+ - if ((padding == RSA_X931_PADDING) && ((bn_get_words(ret_bn)[0] & 0xf) - != 0x0c)) { - if (!BN_sub(to_bn, n, ret_bn)) -@@ -840,6 +839,7 @@ static struct uadk_rsa_sess *rsa_new_eng_session(RSA *rsa) - rsa_sess = OPENSSL_malloc(sizeof(struct uadk_rsa_sess)); - if (!rsa_sess) - return NULL; -+ - memset(rsa_sess, 0, sizeof(struct uadk_rsa_sess)); - rsa_sess->alg = rsa; - rsa_sess->is_prikey_ready = UN_SET; -@@ -971,23 +971,44 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req, - struct rsa_keygen_param_bn *bn_param) - { - struct wd_rsa_kg_out *out = (struct wd_rsa_kg_out *)req->dst; -+ struct wd_dtb wd_d, wd_n, wd_qinv, wd_dq, wd_dp; -+ BIGNUM *dmp1, *dmq1, *iqmp, *n, *d; - unsigned int key_bits, key_size; -- BIGNUM *dmp1 = BN_new(); -- BIGNUM *dmq1 = BN_new(); -- BIGNUM *iqmp = BN_new(); -- BIGNUM *n = BN_new(); -- BIGNUM *d = BN_new(); -- struct wd_dtb wd_d; -- struct wd_dtb wd_n; -- struct wd_dtb wd_qinv; -- struct wd_dtb wd_dq; -- struct wd_dtb wd_dp; -+ BN_CTX *bn_ctx; - - key_bits = wd_rsa_get_key_bits(ctx); -+ if (!key_bits) -+ return UADK_E_FAIL; -+ - key_size = key_bits >> BIT_BYTES_SHIFT; - wd_rsa_get_kg_out_params(out, &wd_d, &wd_n); - wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp); - -+ bn_ctx = BN_CTX_new(); -+ if (!bn_ctx) -+ return UADK_E_FAIL; -+ -+ BN_CTX_start(bn_ctx); -+ dmp1 = BN_CTX_get(bn_ctx); -+ if (!dmp1) -+ goto free_bn_ctx; -+ -+ dmq1 = BN_CTX_get(bn_ctx); -+ if (!dmq1) -+ goto free_bn_ctx; -+ -+ iqmp = BN_CTX_get(bn_ctx); -+ if (!iqmp) -+ goto free_bn_ctx; -+ -+ n = BN_CTX_get(bn_ctx); -+ if (!n) -+ goto free_bn_ctx; -+ -+ d = BN_CTX_get(bn_ctx); -+ if (!d) -+ goto free_bn_ctx; -+ - BN_bin2bn((unsigned char *)wd_d.data, key_size, d); - BN_bin2bn((unsigned char *)wd_n.data, key_size, n); - BN_bin2bn((unsigned char *)wd_qinv.data, wd_qinv.dsize, iqmp); -@@ -997,16 +1018,13 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req, - if (!(RSA_set0_key(rsa, n, bn_param->e, d) && - RSA_set0_factors(rsa, bn_param->p, bn_param->q) && - RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp))) -- goto bn_free; -+ goto free_bn_ctx; - - return UADK_E_SUCCESS; - --bn_free: -- BN_clear_free(dmp1); -- BN_clear_free(dmq1); -- BN_clear_free(iqmp); -- BN_clear_free(n); -- BN_clear_free(d); -+free_bn_ctx: -+ BN_CTX_end(bn_ctx); -+ BN_CTX_free(bn_ctx); - - return UADK_E_FAIL; - } -@@ -1093,20 +1111,11 @@ err: - - static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - { -- const RSA_METHOD *default_meth = RSA_PKCS1_OpenSSL(); - int ret; - -- if (!default_meth) { -- fprintf(stderr, "failed to get soft method.\n"); -- return UADK_E_FAIL; -- } -- - UNUSED(cb); -- RSA_set_method(rsa, default_meth); - ret = RSA_generate_key_ex(rsa, bits, e, NULL); - -- RSA_set_method(rsa, rsa_hw_meth); -- - return ret; - } - -@@ -1131,7 +1140,7 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess, - return UADK_E_FAIL; - - wd_rsa_get_crt_prikey_params(key_pair->prikey, NULL, NULL, NULL, -- &keygen_param->wd_q, &keygen_param->wd_p); -+ &keygen_param->wd_q, &keygen_param->wd_p); - if (!keygen_param->wd_q || !keygen_param->wd_p) - return UADK_E_FAIL; - -@@ -1170,9 +1179,11 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param, - struct rsa_keygen_param_bn **keygen_bn_param, - struct rsa_keypair **key_pair) - { -+ BN_CTX *bn_ctx; -+ - *keygen_param = OPENSSL_malloc(sizeof(struct rsa_keygen_param)); - if (!(*keygen_param)) -- return -ENOMEM; -+ goto err; - - *keygen_bn_param = (struct rsa_keygen_param_bn *) - OPENSSL_malloc(sizeof(struct rsa_keygen_param_bn)); -@@ -1183,16 +1194,35 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param, - if (!(*key_pair)) - goto free_keygen_bn_param; - -- (*keygen_bn_param)->e = BN_new(); -- (*keygen_bn_param)->p = BN_new(); -- (*keygen_bn_param)->q = BN_new(); -+ bn_ctx = BN_CTX_new(); -+ if (!bn_ctx) -+ goto free_key_pair; -+ -+ BN_CTX_start(bn_ctx); -+ (*keygen_bn_param)->e = BN_CTX_get(bn_ctx); -+ if (!(*keygen_bn_param)->e) -+ goto free_bn_ctx; -+ -+ (*keygen_bn_param)->p = BN_CTX_get(bn_ctx); -+ if (!(*keygen_bn_param)->p) -+ goto free_bn_ctx; -+ -+ (*keygen_bn_param)->q = BN_CTX_get(bn_ctx); -+ if (!(*keygen_bn_param)->q) -+ goto free_bn_ctx; - - return UADK_E_SUCCESS; - -+free_bn_ctx: -+ BN_CTX_end(bn_ctx); -+ BN_CTX_free(bn_ctx); -+free_key_pair: -+ OPENSSL_free(*key_pair); - free_keygen_bn_param: - OPENSSL_free(*keygen_bn_param); - free_keygen_param: - OPENSSL_free(*keygen_param); -+err: - return -ENOMEM; - } - -@@ -1236,81 +1266,56 @@ static void rsa_pkey_param_free(struct rsa_pubkey_param **pub, - } - - static int rsa_create_pub_bn_ctx(RSA *rsa, struct rsa_pubkey_param *pub, -- BN_CTX **bn_ctx, unsigned char **from_buf) -+ unsigned char **from_buf, int *num_bytes) - { -- BIGNUM *ret_bn; -- int num_bytes; -- - RSA_get0_key(rsa, &pub->n, &pub->e, NULL); -- -- *bn_ctx = BN_CTX_new(); -- if (!(*bn_ctx)) -+ if (!(pub->n) || !(pub->e)) - return UADK_E_FAIL; - -- BN_CTX_start(*bn_ctx); -- ret_bn = BN_CTX_get(*bn_ctx); -- if (!ret_bn) -- goto err; -- -- num_bytes = BN_num_bytes(pub->n); -- if (!num_bytes) -- goto err; -+ *num_bytes = BN_num_bytes(pub->n); -+ if (!(*num_bytes)) -+ return UADK_E_FAIL; - -- *from_buf = OPENSSL_malloc(num_bytes); -+ *from_buf = OPENSSL_malloc(*num_bytes); - if (!(*from_buf)) -- goto err; -+ return -ENOMEM; - - return UADK_E_SUCCESS; -- --err: -- BN_CTX_free(*bn_ctx); -- return UADK_E_FAIL; - } - --static void rsa_free_pub_bn_ctx(BN_CTX **bn_ctx, unsigned char **from_buf) -+static void rsa_free_pub_bn_ctx(unsigned char **from_buf) - { -- BN_CTX_free(*bn_ctx); -- - OPENSSL_free(*from_buf); - } - - static int rsa_create_pri_bn_ctx(RSA *rsa, struct rsa_prikey_param *pri, -- BN_CTX **bn_ctx, unsigned char **from_buf) -+ unsigned char **from_buf, int *num_bytes) - { -- BIGNUM *ret_bn; -- int num_bytes; -- - RSA_get0_key(rsa, &pri->n, &pri->e, &pri->d); -- RSA_get0_factors(rsa, &pri->p, &pri->q); -- RSA_get0_crt_params(rsa, &pri->dmp1, &pri->dmq1, &pri->iqmp); -+ if (!(pri->n) || !(pri->e) || !(pri->d)) -+ return UADK_E_FAIL; - -- *bn_ctx = BN_CTX_new(); -- if (!(*bn_ctx)) -+ RSA_get0_factors(rsa, &pri->p, &pri->q); -+ if (!(pri->p) || !(pri->q)) - return UADK_E_FAIL; - -- BN_CTX_start(*bn_ctx); -- ret_bn = BN_CTX_get(*bn_ctx); -- if (!ret_bn) -- goto err; -+ RSA_get0_crt_params(rsa, &pri->dmp1, &pri->dmq1, &pri->iqmp); -+ if (!(pri->dmp1) || !(pri->dmq1) || !(pri->iqmp)) -+ return UADK_E_FAIL; - -- num_bytes = BN_num_bytes(pri->n); -- if (!num_bytes) -- goto err; -+ *num_bytes = BN_num_bytes(pri->n); -+ if (!(*num_bytes)) -+ return UADK_E_FAIL; - -- *from_buf = OPENSSL_malloc(num_bytes); -+ *from_buf = OPENSSL_malloc(*num_bytes); - if (!(*from_buf)) -- goto err; -+ return -ENOMEM; - - return UADK_E_SUCCESS; --err: -- BN_CTX_free(*bn_ctx); -- return UADK_E_FAIL; - } - --static void rsa_free_pri_bn_ctx(BN_CTX **bn_ctx, unsigned char **from_buf) -+static void rsa_free_pri_bn_ctx(unsigned char **from_buf) - { -- BN_CTX_free(*bn_ctx); -- - OPENSSL_free(*from_buf); - } - -@@ -1318,14 +1323,13 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - { - struct rsa_keygen_param *keygen_param = NULL; - struct rsa_keygen_param_bn *bn_param = NULL; -+ struct uadk_rsa_sess *rsa_sess = NULL; - struct rsa_keypair *key_pair = NULL; -- struct uadk_rsa_sess *rsa_sess; - int is_crt = 1; -- int key_size; - int ret; - -- key_size = rsa_check_bit_useful(bits, 0); -- if (!key_size || key_size == SOFT) -+ ret = rsa_check_bit_useful(bits, 0); -+ if (!ret || ret == SOFT) - goto exe_soft; - - ret = uadk_e_rsa_init(); -@@ -1388,14 +1392,11 @@ exe_soft: - static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { -+ struct uadk_rsa_sess *rsa_sess = NULL; - struct rsa_pubkey_param *pub = NULL; -- struct uadk_rsa_sess *rsa_sess; - unsigned char *from_buf = NULL; -+ int num_bytes, is_crt, ret; - BIGNUM *ret_bn = NULL; -- BN_CTX *bn_ctx = NULL; -- int num_bytes; -- int is_crt; -- int ret; - - ret = check_rsa_input_para(flen, from, to, rsa); - if (!ret || ret == SOFT) -@@ -1417,18 +1418,12 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, - goto free_pkey; - } - -- ret = rsa_create_pub_bn_ctx(rsa, pub, &bn_ctx, &from_buf); -- if (!ret) { -+ ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes); -+ if (ret <= 0 || flen > num_bytes) { - ret = UADK_DO_SOFT; - goto free_sess; - } - -- num_bytes = BN_num_bytes(pub->n); -- if (flen > num_bytes) { -- ret = UADK_DO_SOFT; -- goto free_buf; -- } -- - ret = add_rsa_pubenc_padding(flen, from, from_buf, num_bytes, padding); - if (!ret) { - ret = UADK_DO_SOFT; -@@ -1448,7 +1443,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, - } - - ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, -- rsa_sess->req.dst_bytes, ret_bn); -+ rsa_sess->req.dst_bytes, NULL); - if (!ret_bn) { - ret = UADK_DO_SOFT; - goto free_buf; -@@ -1457,11 +1452,13 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, - ret = BN_bn2binpad(ret_bn, to, num_bytes); - if (ret == -1) { - ret = UADK_DO_SOFT; -- goto free_buf; -+ goto free_bn; - } - -+free_bn: -+ BN_free(ret_bn); - free_buf: -- rsa_free_pub_bn_ctx(&bn_ctx, &from_buf); -+ rsa_free_pub_bn_ctx(&from_buf); - free_sess: - rsa_free_eng_session(rsa_sess); - free_pkey: -@@ -1480,11 +1477,8 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, - struct rsa_prikey_param *pri = NULL; - unsigned char *from_buf = NULL; - struct uadk_rsa_sess *rsa_sess; -+ int num_bytes, len, ret; - BIGNUM *ret_bn = NULL; -- BN_CTX *bn_ctx = NULL; -- int num_bytes; -- int ret; -- int len; - - ret = check_rsa_input_para(flen, from, to, rsa); - if (!ret || ret == SOFT) -@@ -1506,18 +1500,12 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, - goto free_pkey; - } - -- ret = rsa_create_pri_bn_ctx(rsa, pri, &bn_ctx, &from_buf); -- if (!ret) { -+ ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes); -+ if (ret <= 0 || flen > num_bytes) { - ret = UADK_DO_SOFT; - goto free_sess; - } - -- num_bytes = BN_num_bytes(pri->n); -- if (flen > num_bytes) { -- ret = UADK_DO_SOFT; -- goto free_buf; -- } -- - ret = rsa_fill_prikey(rsa, rsa_sess, pri, from_buf, to); - if (!ret) { - ret = UADK_DO_SOFT; -@@ -1533,7 +1521,7 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, - } - - ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, -- rsa_sess->req.dst_bytes, ret_bn); -+ rsa_sess->req.dst_bytes, NULL); - if (!ret_bn) { - ret = UADK_DO_SOFT; - goto free_buf; -@@ -1542,17 +1530,19 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, - len = BN_bn2binpad(ret_bn, from_buf, num_bytes); - if (!len) { - ret = UADK_DO_SOFT; -- goto free_buf; -+ goto free_bn; - } - - ret = check_rsa_pridec_padding(to, num_bytes, from_buf, len, padding); - if (!ret) { - ret = UADK_DO_SOFT; -- goto free_buf; -+ goto free_bn; - } - -+free_bn: -+ BN_free(ret_bn); - free_buf: -- rsa_free_pri_bn_ctx(&bn_ctx, &from_buf); -+ rsa_free_pri_bn_ctx(&from_buf); - free_sess: - rsa_free_eng_session(rsa_sess); - free_pkey: -@@ -1568,14 +1558,13 @@ exe_soft: - static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { -+ struct uadk_rsa_sess *rsa_sess = NULL; - struct rsa_prikey_param *pri = NULL; -- struct uadk_rsa_sess *rsa_sess; - unsigned char *from_buf = NULL; -- BIGNUM *to_bn, *ret_bn; -- BN_CTX *bn_ctx = NULL; -+ BIGNUM *ret_bn = NULL; -+ BIGNUM *to_bn = NULL; - BIGNUM *res = NULL; -- int num_bytes; -- int ret; -+ int num_bytes, ret; - - ret = check_rsa_input_para(flen, from, to, rsa); - if (!ret || ret == SOFT) -@@ -1597,36 +1586,18 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, - goto free_pkey; - } - -- ret = rsa_create_pri_bn_ctx(rsa, pri, &bn_ctx, &from_buf); -- if (!ret) { -+ ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes); -+ if (ret <= 0 || flen > num_bytes) { - ret = UADK_DO_SOFT; - goto free_sess; - } - -- to_bn = BN_CTX_get(bn_ctx); -- if (!to_bn) { -- ret = UADK_DO_SOFT; -- goto free_buf; -- } -- -- num_bytes = BN_num_bytes(pri->n); -- if (flen > num_bytes) { -- ret = UADK_DO_SOFT; -- goto free_buf; -- } -- - ret = add_rsa_prienc_padding(flen, from, from_buf, num_bytes, padding); - if (!ret) { - ret = UADK_DO_SOFT; - goto free_buf; - } - -- ret_bn = BN_bin2bn(from_buf, num_bytes, to_bn); -- if (!ret_bn) { -- ret = UADK_DO_SOFT; -- goto free_buf; -- } -- - ret = rsa_fill_prikey(rsa, rsa_sess, pri, from_buf, to); - if (!ret) { - ret = UADK_DO_SOFT; -@@ -1639,24 +1610,33 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, - goto free_buf; - } - -- ret_bn = NULL; - ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, -- rsa_sess->req.dst_bytes, ret_bn); -+ rsa_sess->req.dst_bytes, NULL); - if (!ret_bn) { - ret = UADK_DO_SOFT; - goto free_buf; - } - -+ to_bn = BN_bin2bn(from_buf, num_bytes, NULL); -+ if (!to_bn) { -+ ret = UADK_DO_SOFT; -+ goto free_ret_bn; -+ } -+ - ret = rsa_get_sign_res(padding, to_bn, pri->n, ret_bn, &res); - if (!ret) { - ret = UADK_DO_SOFT; -- goto free_buf; -+ goto free_to_bn; - } - - ret = BN_bn2binpad(res, to, num_bytes); - -+free_to_bn: -+ BN_free(to_bn); -+free_ret_bn: -+ BN_free(ret_bn); - free_buf: -- rsa_free_pri_bn_ctx(&bn_ctx, &from_buf); -+ rsa_free_pri_bn_ctx(&from_buf); - free_sess: - rsa_free_eng_session(rsa_sess); - free_pkey: -@@ -1672,15 +1652,11 @@ exe_soft: - static int uadk_e_rsa_public_verify(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { -- struct uadk_rsa_sess *rsa_sess; -+ struct uadk_rsa_sess *rsa_sess = NULL; -+ struct rsa_pubkey_param *pub = NULL; -+ int num_bytes, is_crt, len, ret; - unsigned char *from_buf = NULL; -- struct rsa_pubkey_param *pub; -- BIGNUM *ret_bn, *to_bn; -- BN_CTX *bn_ctx = NULL; -- int num_bytes; -- int is_crt; -- int ret; -- int len; -+ BIGNUM *ret_bn = NULL; - - ret = check_rsa_input_para(flen, from, to, rsa); - if (!ret) -@@ -1704,25 +1680,12 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from, - goto free_pkey; - } - -- ret = rsa_create_pub_bn_ctx(rsa, pub, &bn_ctx, &from_buf); -- if (!ret) { -+ ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes); -+ if (ret <= 0 || flen > num_bytes) { - ret = UADK_DO_SOFT; - goto free_sess; - } - -- to_bn = BN_CTX_get(bn_ctx); -- if (!to_bn) { -- ret = UADK_DO_SOFT; -- goto free_buf; -- } -- -- num_bytes = BN_num_bytes(pub->n); -- ret_bn = BN_bin2bn(from_buf, num_bytes, to_bn); -- if (!ret_bn) { -- ret = UADK_DO_SOFT; -- goto free_buf; -- } -- - ret = rsa_fill_pubkey(pub, rsa_sess, from_buf, to); - if (!ret) { - ret = UADK_DO_SOFT; -@@ -1736,34 +1699,35 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from, - goto free_buf; - } - -- ret_bn = NULL; - ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, -- rsa_sess->req.dst_bytes, ret_bn); -+ rsa_sess->req.dst_bytes, NULL); - if (!ret_bn) { - ret = UADK_DO_SOFT; - goto free_buf; - } - -- ret = rsa_get_verify_res(padding, to_bn, pub->n, ret_bn); -+ ret = rsa_get_verify_res(padding, pub->n, ret_bn); - if (!ret) { - ret = UADK_DO_SOFT; -- goto free_buf; -+ goto free_bn; - } - - len = BN_bn2binpad(ret_bn, from_buf, num_bytes); - if (!len) { - ret = UADK_DO_SOFT; -- goto free_buf; -+ goto free_bn; - } - - ret = check_rsa_pubdec_padding(to, num_bytes, from_buf, len, padding); - if (!ret) { - ret = UADK_DO_SOFT; -- goto free_buf; -+ goto free_bn; - } - -+free_bn: -+ BN_free(ret_bn); - free_buf: -- rsa_free_pub_bn_ctx(&bn_ctx, &from_buf); -+ rsa_free_pub_bn_ctx(&from_buf); - free_sess: - rsa_free_eng_session(rsa_sess); - free_pkey: -@@ -1786,7 +1750,7 @@ static RSA_METHOD *uadk_e_get_rsa_sw_methods(void) - (void)RSA_meth_set_priv_enc(rsa_sw_meth, RSA_meth_get_priv_enc(meth)); - (void)RSA_meth_set_pub_dec(rsa_sw_meth, RSA_meth_get_pub_dec(meth)); - (void)RSA_meth_set_priv_dec(rsa_sw_meth, RSA_meth_get_priv_dec(meth)); -- (void)RSA_meth_set_keygen(rsa_sw_meth, RSA_meth_get_keygen(meth)); -+ (void)RSA_meth_set_keygen(rsa_sw_meth, uadk_e_soft_rsa_keygen); - (void)RSA_meth_set_mod_exp(rsa_sw_meth, RSA_meth_get_mod_exp(meth)); - (void)RSA_meth_set_bn_mod_exp(rsa_sw_meth, - RSA_meth_get_bn_mod_exp(meth)); -@@ -1798,6 +1762,7 @@ static RSA_METHOD *uadk_e_get_rsa_hw_methods(void) - { - if (rsa_hw_meth) - return rsa_hw_meth; -+ - rsa_hw_meth = RSA_meth_new("uadk hardware rsa method", 0); - if (!rsa_hw_meth) { - fprintf(stderr, "failed to allocate rsa hardware method\n"); --- -2.24.4 - diff --git a/0038-uadk-engine-change-Copyright-to-2022.patch b/0038-uadk-engine-change-Copyright-to-2022.patch deleted file mode 100644 index 2b07c144c23f335db965b653192b040ca31b50be..0000000000000000000000000000000000000000 --- a/0038-uadk-engine-change-Copyright-to-2022.patch +++ /dev/null @@ -1,177 +0,0 @@ -From 1b8b65e31da0c6347575d0d201c8417241e81453 Mon Sep 17 00:00:00 2001 -From: Zhangfei Gao -Date: Mon, 28 Mar 2022 02:31:53 +0000 -Subject: [PATCH 38/57] uadk-engine: change Copyright to 2022 - -Change Copyright to 2022 -Add Linaro Copyright as well - -Signed-off-by: Zhangfei Gao ---- - src/e_uadk.c | 3 ++- - src/uadk.h | 3 ++- - src/uadk_async.c | 3 ++- - src/uadk_async.h | 3 ++- - src/uadk_cipher.c | 3 ++- - src/uadk_dh.c | 2 +- - src/uadk_digest.c | 3 ++- - src/uadk_ec.c | 2 +- - src/uadk_ecx.c | 2 +- - src/uadk_pkey.c | 2 +- - src/uadk_pkey.h | 2 +- - src/uadk_rsa.c | 2 +- - src/uadk_sm2.c | 2 +- - 13 files changed, 19 insertions(+), 13 deletions(-) - -diff --git a/src/e_uadk.c b/src/e_uadk.c -index 79ecef8..4288569 100644 ---- a/src/e_uadk.c -+++ b/src/e_uadk.c -@@ -1,5 +1,6 @@ - /* -- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Linaro ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. -diff --git a/src/uadk.h b/src/uadk.h -index 384e035..ef09274 100644 ---- a/src/uadk.h -+++ b/src/uadk.h -@@ -1,5 +1,6 @@ - /* -- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Linaro ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. -diff --git a/src/uadk_async.c b/src/uadk_async.c -index c98153b..11d624c 100644 ---- a/src/uadk_async.c -+++ b/src/uadk_async.c -@@ -1,5 +1,6 @@ - /* -- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Linaro ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. -diff --git a/src/uadk_async.h b/src/uadk_async.h -index 9836dbb..d2a7e16 100644 ---- a/src/uadk_async.h -+++ b/src/uadk_async.h -@@ -1,5 +1,6 @@ - /* -- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Linaro ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index 5ebad64..91895cc 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -1,5 +1,6 @@ - /* -- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Linaro ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. -diff --git a/src/uadk_dh.c b/src/uadk_dh.c -index 40fb583..3882306 100644 ---- a/src/uadk_dh.c -+++ b/src/uadk_dh.c -@@ -1,5 +1,5 @@ - /* -- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index 355917d..ecc0ce6 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -1,5 +1,6 @@ - /* -- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Linaro ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. -diff --git a/src/uadk_ec.c b/src/uadk_ec.c -index db69871..e219bdf 100644 ---- a/src/uadk_ec.c -+++ b/src/uadk_ec.c -@@ -1,5 +1,5 @@ - /* -- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. -diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c -index 67f9350..5d0ff76 100644 ---- a/src/uadk_ecx.c -+++ b/src/uadk_ecx.c -@@ -1,5 +1,5 @@ - /* -- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. -diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c -index f27e2f5..d4ec30e 100644 ---- a/src/uadk_pkey.c -+++ b/src/uadk_pkey.c -@@ -1,5 +1,5 @@ - /* -- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. -diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h -index dfe6fbe..b30c2de 100644 ---- a/src/uadk_pkey.h -+++ b/src/uadk_pkey.h -@@ -1,5 +1,5 @@ - /* -- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index 821cb78..a80d203 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -1,5 +1,5 @@ - /* -- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. -diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c -index 8c75611..a478a94 100644 ---- a/src/uadk_sm2.c -+++ b/src/uadk_sm2.c -@@ -1,5 +1,5 @@ - /* -- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved. -+ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. --- -2.27.0 - diff --git a/0039-README-move-test-script-to-sanity_test.sh.patch b/0039-README-move-test-script-to-sanity_test.sh.patch deleted file mode 100644 index f4233819f829a3594b5b9ff1aec43e550ef0caa5..0000000000000000000000000000000000000000 --- a/0039-README-move-test-script-to-sanity_test.sh.patch +++ /dev/null @@ -1,197 +0,0 @@ -From 5dab65ce804d8e7995cef2eecfb375270d55f2ed Mon Sep 17 00:00:00 2001 -From: Zhangfei Gao -Date: Wed, 30 Mar 2022 07:34:43 +0000 -Subject: [PATCH 39/57] README: move test script to sanity_test.sh - -Move test script from README to sanity_test.sh - -Signed-off-by: Zhangfei Gao ---- - README | 103 +------------------------------------------- - test/sanity_test.sh | 39 ++++++++++++++++- - 2 files changed, 39 insertions(+), 103 deletions(-) - -diff --git a/README b/README -index 562a859..ed49128 100644 ---- a/README -+++ b/README -@@ -63,108 +63,7 @@ Build & Install OpenSSL UADK Engine - Testing - ------- - ``` -- sudo test/sanity_test.sh --``` --1. Cipher --``` --openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p --openssl speed -engine uadk_engine -async_jobs 1 -evp aes-128-cbc --openssl speed -engine uadk_engine -async_jobs 1 -evp sm4-cbc --openssl speed -engine uadk_engine -async_jobs 1 -evp des-ede3-cbc --``` --2. RSA --``` --openssl genrsa -out prikey.pem -engine uadk_engine 2048 --openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk_engine --openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk_engine --openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk_engine --openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk_engine --openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk_engine --openssl speed -elapsed -engine uadk_engine rsa2048 --openssl speed -elapsed -engine uadk_engine -async_jobs 10 rsa2048 --``` --3. SM3 --``` --openssl sm3 -engine uadk_engine data --``` --4. MD5 --``` --openssl speed -engine uadk_engine -async_jobs 1 -evp md5 --``` --5. SHA --``` --openssl sha1 -engine uadk_engine data --openssl sha256 -engine uadk_engine data --openssl sha512 -engine uadk_engine data --``` --6. DH -- --[step 1] Generate global public parameters, and save them in the file --dhparam.pem: --``` --openssl dhparam -out dhparam.pem 2048 --``` --[step 2] Generate own private key: --``` --openssl genpkey -paramfile dhparam.pem -out privatekey1.pem --openssl genpkey -paramfile dhparam.pem -out privatekey2.pem --``` --[step 3] Generate public key: --``` --openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine uadk --openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine uadk --``` --[step 4] After exchanging public key, each user can derive the shared secret: --``` --openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out --secret1.bin -engine uadk_engine --openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out --secret2.bin -engine uadk_engine --``` --[step 5] Check secret1.bin and secret2.bin: --``` --cmp secret1.bin secret2.bin --xxd secret1.bin --xxd secret2.bin --``` --secret1.bin and secret2.bin should be the same. -- --7. SM2 --``` --openssl speed -elapsed -engine uadk_engine sm2 --openssl speed -elapsed -engine uadk_engine -async_jobs 1 sm2 --openssl ecparam -genkey -name SM2 -out SM2PrivateKey.pem --openssl ec -in SM2PrivateKey.pem -pubout -out SM2PublicKey.pem --``` --8. ECDSA --``` --openssl speed -elapsed -engine uadk_engine ecdsap256 --openssl speed -elapsed -engine uadk_engine -async_jobs 1 ecdsap256 -+ ./test/sanity_test.sh - ``` - - Environment variable of uadk engine -diff --git a/test/sanity_test.sh b/test/sanity_test.sh -index 4273310..2c0c504 100755 ---- a/test/sanity_test.sh -+++ b/test/sanity_test.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - --chmod 666 /dev/hisi_* -+sudo chmod 666 /dev/hisi_* - - if [ ! -n "$1" ]; then - engine_id=uadk_engine -@@ -24,6 +24,12 @@ if [[ $algs =~ "SM3" ]]; then - openssl speed -engine $engine_id -async_jobs 1 -evp sm3 - fi - -+if [[ $algs =~ "SM2" ]]; then -+ echo "testing SM2" -+ openssl speed -engine $engine_id -evp sm2 -+ openssl speed -engine $engine_id -async_jobs 1 -evp sm2 -+fi -+ - if [[ $algs =~ "SHA" ]]; then - echo "testing SHA" - openssl speed -engine $engine_id -evp sha1 -@@ -58,6 +64,12 @@ if [[ $algs =~ "AES" ]]; then - openssl speed -engine $engine_id -async_jobs 1 -evp aes-128-xts - openssl speed -engine $engine_id -evp aes-256-xts - openssl speed -engine $engine_id -async_jobs 1 -evp aes-256-xts -+ openssl speed -engine $engine_id -evp aes-128-ctr -+ openssl speed -engine $engine_id -async_jobs 1 -evp aes-128-ctr -+ openssl speed -engine $engine_id -evp aes-192-ctr -+ openssl speed -engine $engine_id -async_jobs 1 -evp aes-192-ctr -+ openssl speed -engine $engine_id -evp aes-256-ctr -+ openssl speed -engine $engine_id -async_jobs 1 -evp aes-256-ctr - fi - - if [[ $algs =~ "SM4-CBC" ]]; then -@@ -134,3 +146,28 @@ if [[ $algs =~ "id-ecPublicKey" ]]; then - openssl speed -elapsed -engine $engine_id ecdhbrp384r1 - openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhbrp384r1 - fi -+ -+#DH -+if [[ $algs =~ "DH" ]]; then -+ echo "testing DH" -+ #1. Generate global public parameters, and save them in the file dhparam.pem: -+ openssl dhparam -out dhparam.pem 2048 -+ -+ #2. Generate own private key: -+ openssl genpkey -paramfile dhparam.pem -out privatekey1.pem -+ openssl genpkey -paramfile dhparam.pem -out privatekey2.pem -+ -+ #3. Generate public key: -+ openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine $engine_id -+ openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine $engine_id -+ -+ #4. After exchanging public key, each user can derive the shared secret: -+ openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out secret1.bin -engine $engine_id -+ openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out secret2.bin -engine $engine_id -+ -+ #5. Check secret1.bin and secret2.bin: -+ cmp secret1.bin secret2.bin -+ xxd secret1.bin -+ xxd secret2.bin -+ #secret1.bin and secret2.bin should be same. -+fi --- -2.27.0 - diff --git a/0040-uadk_engine-fix-string-compare-mode.patch b/0040-uadk_engine-fix-string-compare-mode.patch deleted file mode 100644 index 97c35115aa082b01d677d3ec74662c0e2db06f9e..0000000000000000000000000000000000000000 --- a/0040-uadk_engine-fix-string-compare-mode.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 4763c7f374d4ba29a070b06147e2d47504902cf3 Mon Sep 17 00:00:00 2001 -From: JunchongPan -Date: Sat, 2 Apr 2022 09:47:08 +0800 -Subject: [PATCH 40/57] uadk_engine:fix string compare mode - -String compare now use '==' while compare point and string, -changed to strcmp - -Signed-off-by: JunchongPan ---- - src/e_uadk.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/e_uadk.c b/src/e_uadk.c -index 4288569..58a10de 100644 ---- a/src/e_uadk.c -+++ b/src/e_uadk.c -@@ -116,7 +116,7 @@ int uadk_e_is_env_enabled(const char *alg_name) - int i = 0; - - while (i < len) { -- if (uadk_env_enabled[i].alg_name == alg_name) -+ if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) - return uadk_env_enabled[i].env_enabled; - i++; - } -@@ -130,7 +130,7 @@ static void uadk_e_set_env_enabled(const char *alg_name, __u8 value) - int i = 0; - - while (i < len) { -- if (uadk_env_enabled[i].alg_name == alg_name) { -+ if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) { - uadk_env_enabled[i].env_enabled = value; - return; - } --- -2.27.0 - diff --git a/0041-cipher-optimize-the-process-of-ctx-initialization.patch b/0041-cipher-optimize-the-process-of-ctx-initialization.patch deleted file mode 100644 index 6eece84851f060c19be8f5b55d3ff646f88c31cd..0000000000000000000000000000000000000000 --- a/0041-cipher-optimize-the-process-of-ctx-initialization.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 17bfd66f31e712ffd9364bfb43c9899e10e84a7d Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Sat, 2 Apr 2022 11:19:16 +0800 -Subject: [PATCH 41/57] cipher: optimize the process of ctx initialization - -Optimize the process of ctx initialization as switching to soft work. -If the ctx resources of a thread are insufficient at the beginning, the -thread can't apply for resources again. Therefore, an flag checking is -required. - -Signed-off-by: Kai Ye ---- - src/uadk_cipher.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index 91895cc..8a2c39d 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -851,6 +851,9 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv) - priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx); - priv->req.iv = priv->iv; - -+ if (priv->switch_flag == UADK_DO_SOFT) -+ return; -+ - ret = uadk_e_init_cipher(); - if (unlikely(!ret)) { - priv->switch_flag = UADK_DO_SOFT; --- -2.27.0 - diff --git a/0042-cipher-adding-an-iv-update-to-a-decryption.patch b/0042-cipher-adding-an-iv-update-to-a-decryption.patch deleted file mode 100644 index 7580b8dac2f71f2cab925f930b5d994fef19c0a8..0000000000000000000000000000000000000000 --- a/0042-cipher-adding-an-iv-update-to-a-decryption.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 11016568bf6a929aebc216f5e7f5fd28b2e1d2a6 Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Thu, 12 May 2022 10:31:56 +0800 -Subject: [PATCH 42/57] cipher: adding an iv update to a decryption - -Adding an iv update to de-crypto method as cbc mode. -the dst address should not be changed. So fix it. - -Signed-off-by: Kai Ye ---- - src/uadk_cipher.c | 25 ++++++++++++++----------- - 1 file changed, 14 insertions(+), 11 deletions(-) - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index 8a2c39d..49022f7 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -763,10 +763,13 @@ static void uadk_cipher_update_priv_ctx(struct cipher_priv_ctx *priv) - - switch (priv->setup.mode) { - case WD_CIPHER_CBC: -- if (priv->req.op_type == WD_CIPHER_ENCRYPTION) { -- priv->req.dst += priv->req.in_bytes; -- memcpy(priv->iv, priv->req.dst - iv_bytes, iv_bytes); -- } -+ if (priv->req.op_type == WD_CIPHER_ENCRYPTION) -+ memcpy(priv->iv, priv->req.dst + priv->req.in_bytes - iv_bytes, -+ iv_bytes); -+ else -+ memcpy(priv->iv, priv->req.src + priv->req.in_bytes - iv_bytes, -+ iv_bytes); -+ - break; - case WD_CIPHER_OFB: - for (i = 0; i < IV_LEN; i++) { -@@ -776,13 +779,13 @@ static void uadk_cipher_update_priv_ctx(struct cipher_priv_ctx *priv) - memcpy(priv->iv, K, iv_bytes); - break; - case WD_CIPHER_CFB: -- if (priv->req.op_type == WD_CIPHER_ENCRYPTION) { -- priv->req.dst += priv->req.in_bytes; -- memcpy(priv->iv, priv->req.dst - iv_bytes, iv_bytes); -- } else { -- priv->req.src += priv->req.in_bytes; -- memcpy(priv->iv, priv->req.src - iv_bytes, iv_bytes); -- } -+ if (priv->req.op_type == WD_CIPHER_ENCRYPTION) -+ memcpy(priv->iv, priv->req.dst + priv->req.in_bytes - iv_bytes, -+ iv_bytes); -+ else -+ memcpy(priv->iv, priv->req.src + priv->req.in_bytes - iv_bytes, -+ iv_bytes); -+ - break; - case WD_CIPHER_CTR: - ctr_iv_inc(priv->iv, priv->req.in_bytes >> CTR_MODE_LEN_SHIFT); --- -2.27.0 - diff --git a/0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch b/0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch deleted file mode 100644 index dbeb155fc7890abc95fc636a13b2137889459ca4..0000000000000000000000000000000000000000 --- a/0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch +++ /dev/null @@ -1,47 +0,0 @@ -From d6b2f7a4b2486afb3b3a418f32ce9d43783ef8f0 Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Thu, 12 May 2022 10:31:57 +0800 -Subject: [PATCH 43/57] cipher: fix cipher decrypto failed as use jdk - -Because the java releases the memory immediately after the -memory is used. So the engine should not use user memory for -storage the key. - -Signed-off-by: Kai Ye ---- - src/uadk_cipher.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index 49022f7..7eba992 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -36,6 +36,7 @@ - #define BYTE_BITS 8 - #define IV_LEN 16 - #define ENV_ENABLED 1 -+#define MAX_KEY_LEN 64 - - struct cipher_engine { - struct wd_ctx_config ctx_cfg; -@@ -57,7 +58,7 @@ struct cipher_priv_ctx { - struct wd_cipher_sess_setup setup; - struct wd_cipher_req req; - unsigned char iv[IV_LEN]; -- const unsigned char *key; -+ unsigned char key[MAX_KEY_LEN]; - int switch_flag; - void *sw_ctx_data; - /* Crypto small packet offload threshold */ -@@ -694,7 +695,7 @@ static int uadk_e_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - if (unlikely(ret != 1)) - return 0; - -- priv->key = key; -+ memcpy(priv->key, key, EVP_CIPHER_CTX_key_length(ctx)); - priv->switch_threshold = SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT; - - return 1; --- -2.27.0 - diff --git a/0044-engine-add-receiving-timeout-count.patch b/0044-engine-add-receiving-timeout-count.patch deleted file mode 100644 index 08b33c51c9ecd9b8a32cd66615f3f0419bec896d..0000000000000000000000000000000000000000 --- a/0044-engine-add-receiving-timeout-count.patch +++ /dev/null @@ -1,169 +0,0 @@ -From 4fbef0e061a97e3ead086de7f3f5689e9d53f454 Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Mon, 18 Jul 2022 09:41:39 +0800 -Subject: [PATCH 44/57] engine: add receiving timeout count - -Task fail due to hardware errors, but the process of poll -isn't exit. Increase the count of packet receiving timeout -as doing async jobs. Prevents falling into an infinite loop -in poll ctx. - -Signed-off-by: Kai Ye ---- - src/uadk.h | 5 +++-- - src/uadk_cipher.c | 7 +++++-- - src/uadk_dh.c | 7 +++++-- - src/uadk_digest.c | 7 +++++-- - src/uadk_pkey.c | 7 +++++-- - src/uadk_rsa.c | 7 +++++-- - 6 files changed, 28 insertions(+), 12 deletions(-) - -diff --git a/src/uadk.h b/src/uadk.h -index ef09274..e2635d4 100644 ---- a/src/uadk.h -+++ b/src/uadk.h -@@ -22,8 +22,9 @@ - #include - #include "uadk_utils.h" - --#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) --#define ENV_STRING_LEN 256 -+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) -+#define ENV_STRING_LEN 256 -+#define ENGINE_RECV_MAX_CNT 60000000 - - enum { - KUNPENG920, -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index 7eba992..472c0ad 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -504,6 +504,7 @@ static int sched_single_poll_policy(handle_t h_sched_ctx, - static int uadk_e_cipher_poll(void *ctx) - { - struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *) ctx; -+ __u64 rx_cnt = 0; - __u32 recv = 0; - /* Poll one packet currently */ - int expt = 1; -@@ -520,9 +521,11 @@ static int uadk_e_cipher_poll(void *ctx) - return 0; - else if (ret < 0 && ret != -EAGAIN) - return ret; -- } while (ret == -EAGAIN); -+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); - -- return ret; -+ fprintf(stderr, "failed to recv msg: timeout!\n"); -+ -+ return -ETIMEDOUT; - } - - static int uadk_e_cipher_env_poll(void *ctx) -diff --git a/src/uadk_dh.c b/src/uadk_dh.c -index 3882306..893b0f2 100644 ---- a/src/uadk_dh.c -+++ b/src/uadk_dh.c -@@ -204,6 +204,7 @@ static __u32 dh_pick_next_ctx(handle_t sched_ctx, - - static int uadk_e_dh_poll(void *ctx) - { -+ __u64 rx_cnt = 0; - __u32 recv = 0; - int expect = 1; - int idx = 1; -@@ -215,9 +216,11 @@ static int uadk_e_dh_poll(void *ctx) - return UADK_E_POLL_SUCCESS; - else if (ret < 0 && ret != -EAGAIN) - return ret; -- } while (ret == -EAGAIN); -+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); - -- return ret; -+ fprintf(stderr, "failed to recv msg: timeout!\n"); -+ -+ return -ETIMEDOUT; - } - - static void uadk_e_dh_cb(void *req_t) -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index ecc0ce6..2e61e80 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -332,6 +332,7 @@ static int sched_single_poll_policy(handle_t h_sched_ctx, - - static int uadk_e_digest_poll(void *ctx) - { -+ __u64 rx_cnt = 0; - __u32 recv = 0; - int expt = 1; - int ret = 0; -@@ -342,9 +343,11 @@ static int uadk_e_digest_poll(void *ctx) - return 0; - else if (ret < 0 && ret != -EAGAIN) - return ret; -- } while (ret == -EAGAIN); -+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); - -- return ret; -+ fprintf(stderr, "failed to recv msg: timeout!\n"); -+ -+ return -ETIMEDOUT; - } - - static int uadk_e_digest_env_poll(void *ctx) -diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c -index d4ec30e..2616c5e 100644 ---- a/src/uadk_pkey.c -+++ b/src/uadk_pkey.c -@@ -113,6 +113,7 @@ void uadk_ecc_cb(void *req_t) - static int uadk_ecc_poll(void *ctx) - { - unsigned int recv = 0; -+ __u64 rx_cnt = 0; - int expt = 1; - int ret; - -@@ -122,9 +123,11 @@ static int uadk_ecc_poll(void *ctx) - return 0; - else if (ret < 0 && ret != -EAGAIN) - return ret; -- } while (ret == -EAGAIN); -+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); - -- return ret; -+ fprintf(stderr, "failed to recv msg: timeout!\n"); -+ -+ return -ETIMEDOUT; - } - - /* make resource configure static */ -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index a80d203..29b2521 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -656,6 +656,7 @@ static int rsa_poll_policy(handle_t h_sched_ctx, __u32 expect, __u32 *count) - - static int uadk_e_rsa_poll(void *ctx) - { -+ __u64 rx_cnt = 0; - __u32 recv = 0; - int expt = 1; - int ret; -@@ -666,9 +667,11 @@ static int uadk_e_rsa_poll(void *ctx) - return UADK_E_POLL_SUCCESS; - else if (ret < 0 && ret != -EAGAIN) - return ret; -- } while (ret == -EAGAIN); -+ } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); - -- return ret; -+ fprintf(stderr, "failed to recv msg: timeout!\n"); -+ -+ return -ETIMEDOUT; - } - - static struct rsa_res_config rsa_res_config = { --- -2.27.0 - diff --git a/0045-digest-fix-the-fault-as-using-the-nginx.patch b/0045-digest-fix-the-fault-as-using-the-nginx.patch deleted file mode 100644 index 0df7ca618628446ccf0601a2a21fdb6410f3ba47..0000000000000000000000000000000000000000 --- a/0045-digest-fix-the-fault-as-using-the-nginx.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 7718ed9e56633bf2781f108a591eefe093ccb18b Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Mon, 18 Jul 2022 14:43:53 +0800 -Subject: [PATCH 45/57] digest: fix the fault as using the nginx - -Prevent double-free after the private ctx copy is used. - -Signed-off-by: Kai Ye ---- - src/uadk_digest.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index 2e61e80..8127373 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -240,6 +240,10 @@ static void digest_soft_cleanup(struct digest_priv_ctx *md_ctx) - { - EVP_MD_CTX *ctx = md_ctx->soft_ctx; - -+ /* Prevent double-free after the copy is used */ -+ if (md_ctx->copy) -+ return; -+ - if (ctx != NULL) { - if (ctx->md_data) { - OPENSSL_free(ctx->md_data); -@@ -641,7 +645,9 @@ static int do_digest_sync(struct digest_priv_ctx *priv) - { - int ret; - -- /* Fix me: not support switch the soft work as input is lower */ -+ if (priv->req.in_bytes <= priv->switch_threshold && -+ priv->state == SEC_DIGEST_INIT) -+ return 0; - - ret = wd_do_digest_sync(priv->sess, &priv->req); - if (ret) { -@@ -743,6 +749,7 @@ static int uadk_e_digest_cleanup(EVP_MD_CTX *ctx) - struct digest_priv_ctx *priv = - (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx); - -+ /* Prevent double-free after the copy is used */ - if (!priv || priv->copy) - return 1; - --- -2.27.0 - diff --git a/0046-ecc-cleanup-of-static-code-check.patch b/0046-ecc-cleanup-of-static-code-check.patch deleted file mode 100644 index 3a857ad2d02ff0d7469f2d7eec79775cee780ec3..0000000000000000000000000000000000000000 --- a/0046-ecc-cleanup-of-static-code-check.patch +++ /dev/null @@ -1,121 +0,0 @@ -From c8dbfbdd80ea8b8d422a50c634e057dd37ac9aea Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 23 Jul 2022 16:45:03 +0800 -Subject: [PATCH 46/57] ecc: cleanup of static code check - -1. Use macros instead of specific numbers to represent -the key size. -2. Global variable 'sm2_order' only used in function -'sm2_update_sess' should be declared in function scope. -3. Remove unused structure 'uadk_ecc_sess'. - -Signed-off-by: Zhiqi Song ---- - src/uadk_ec.c | 22 +++++++++++----------- - src/uadk_pkey.c | 9 --------- - src/uadk_sm2.c | 21 ++++++--------------- - 3 files changed, 17 insertions(+), 35 deletions(-) - -diff --git a/src/uadk_ec.c b/src/uadk_ec.c -index e219bdf..d78658b 100644 ---- a/src/uadk_ec.c -+++ b/src/uadk_ec.c -@@ -129,18 +129,18 @@ err: - static int get_smallest_hw_keybits(int bits) - { - /* ec curve order width */ -- if (bits > 384) -- return 521; -- else if (bits > 320) -- return 384; -- else if (bits > 256) -- return 320; -- else if (bits > 192) -- return 256; -- else if (bits > 128) -- return 192; -+ if (bits > ECC384BITS) -+ return ECC521BITS; -+ else if (bits > ECC320BITS) -+ return ECC384BITS; -+ else if (bits > ECC256BITS) -+ return ECC320BITS; -+ else if (bits > ECC192BITS) -+ return ECC256BITS; -+ else if (bits > ECC128BITS) -+ return ECC192BITS; - else -- return 128; -+ return ECC128BITS; - } - - static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg) -diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c -index 2616c5e..a0b74af 100644 ---- a/src/uadk_pkey.c -+++ b/src/uadk_pkey.c -@@ -44,15 +44,6 @@ struct ecc_res_config { - int numa_id; - }; - --typedef struct uadk_ecc_sess { -- handle_t sess; -- struct wd_ecc_sess_setup setup; -- struct wd_ecc_req req; -- int is_pubkey_ready; -- int is_privkey_ready; -- int key_size; --} uadk_ecc_sess_t; -- - /* ecc global hardware resource is saved here */ - struct ecc_res { - struct wd_ctx_config *ctx_res; -diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c -index a478a94..fcca9f2 100644 ---- a/src/uadk_sm2.c -+++ b/src/uadk_sm2.c -@@ -46,15 +46,6 @@ struct sm2_ctx { - bool is_init; - }; - --typedef struct uadk_ecc_sess { -- handle_t sess; -- struct wd_ecc_sess_setup setup; -- struct wd_ecc_req req; -- int is_pubkey_ready; -- int is_privkey_ready; -- int key_size; --} uadk_ecc_sess_t; -- - typedef struct sm2_ciphertext { - BIGNUM *C1x; - BIGNUM *C1y; -@@ -115,12 +106,6 @@ typedef int (*PFUNC_DEC)(EVP_PKEY_CTX *ctx, - const unsigned char *in, - size_t inlen); - --const unsigned char sm2_order[] = { -- 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,\ -- 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,\ -- 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23 --}; -- - static int get_hash_type(int nid_hash) - { - switch (nid_hash) { -@@ -166,6 +151,12 @@ static int compute_hash(const char *in, size_t in_len, - - static int sm2_update_sess(struct sm2_ctx *smctx) - { -+ const unsigned char sm2_order[] = { -+ 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, -+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+ 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b, -+ 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23 -+ }; - int nid_hash = smctx->ctx.md ? EVP_MD_type(smctx->ctx.md) : NID_sm3; - struct wd_ecc_sess_setup setup; - handle_t sess; --- -2.27.0 - diff --git a/0047-ecc-bugfix-about-return-value-check.patch b/0047-ecc-bugfix-about-return-value-check.patch deleted file mode 100644 index 02dc4460dd80522a7019a5681ec1ae7d76f78635..0000000000000000000000000000000000000000 --- a/0047-ecc-bugfix-about-return-value-check.patch +++ /dev/null @@ -1,260 +0,0 @@ -From a8613bb37a229c64ab1846e4da2220912876fbfa Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 23 Jul 2022 16:56:02 +0800 -Subject: [PATCH 47/57] ecc: bugfix about return value check - -Check the return value of BN_CTX_get(), and add a new -structure to wrap the curve parameters to make the logic -of return value check clearer. - -Signed-off-by: Zhiqi Song ---- - src/uadk_ec.c | 159 ++++++++++++++++++++++++++++++++++---------------- - 1 file changed, 108 insertions(+), 51 deletions(-) - -diff --git a/src/uadk_ec.c b/src/uadk_ec.c -index d78658b..37683cd 100644 ---- a/src/uadk_ec.c -+++ b/src/uadk_ec.c -@@ -34,6 +34,19 @@ - #define ECC384BITS 384 - #define ECC521BITS 521 - -+struct curve_param { -+ /* prime */ -+ BIGNUM *p; -+ /* ecc coefficient 'a' */ -+ BIGNUM *a; -+ /* ecc coefficient 'b' */ -+ BIGNUM *b; -+ /* base point */ -+ const EC_POINT *g; -+ /* order of base point */ -+ const BIGNUM *order; -+}; -+ - typedef ECDSA_SIG* (*PFUNC_SIGN_SIG)(const unsigned char *, - int, - const BIGNUM *, -@@ -70,58 +83,92 @@ static void init_dtb_param(void *dtb, char *start, - } - } - -+static void fill_ecc_cv_param(struct wd_ecc_curve *pparam, -+ struct curve_param *cv_param, -+ BIGNUM *g_x, BIGNUM *g_y) -+{ -+ pparam->p.dsize = BN_bn2bin(cv_param->p, (void *)pparam->p.data); -+ pparam->a.dsize = BN_bn2bin(cv_param->a, (void *)pparam->a.data); -+ if (!pparam->a.dsize) { -+ pparam->a.dsize = 1; -+ pparam->a.data[0] = 0; -+ } -+ -+ pparam->b.dsize = BN_bn2bin(cv_param->b, (void *)pparam->b.data); -+ if (!pparam->b.dsize) { -+ pparam->b.dsize = 1; -+ pparam->b.data[0] = 0; -+ } -+ -+ pparam->g.x.dsize = BN_bn2bin(g_x, (void *)pparam->g.x.data); -+ pparam->g.y.dsize = BN_bn2bin(g_y, (void *)pparam->g.y.data); -+ pparam->n.dsize = BN_bn2bin(cv_param->order, (void *)pparam->n.data); -+} -+ - static int set_sess_setup_cv(const EC_GROUP *group, - struct wd_ecc_curve_cfg *cv) - { - struct wd_ecc_curve *pparam = cv->cfg.pparam; -- BIGNUM *p, *a, *b, *xg, *yg, *order; -- const EC_POINT *g; -+ struct curve_param *cv_param; -+ BIGNUM *g_x, *g_y; -+ int ret = -1; - BN_CTX *ctx; -- int ret; - - ctx = BN_CTX_new(); - if (!ctx) -- return -ENOMEM; -+ return ret; - - BN_CTX_start(ctx); -- p = BN_CTX_get(ctx); -- a = BN_CTX_get(ctx); -- b = BN_CTX_get(ctx); -- xg = BN_CTX_get(ctx); -- yg = BN_CTX_get(ctx); - -- ret = uadk_get_curve(group, p, a, b, ctx); -+ cv_param = OPENSSL_malloc(sizeof(struct curve_param)); -+ if (!cv_param) -+ goto free_ctx; -+ -+ cv_param->p = BN_CTX_get(ctx); -+ if (!cv_param->p) -+ goto free_cv; -+ -+ cv_param->a = BN_CTX_get(ctx); -+ if (!cv_param->a) -+ goto free_cv; -+ -+ cv_param->b = BN_CTX_get(ctx); -+ if (!cv_param->b) -+ goto free_cv; -+ -+ g_x = BN_CTX_get(ctx); -+ if (!g_x) -+ goto free_cv; -+ -+ g_y = BN_CTX_get(ctx); -+ if (!g_y) -+ goto free_cv; -+ -+ ret = uadk_get_curve(group, cv_param->p, cv_param->a, cv_param->b, ctx); - if (ret) -- goto err; -+ goto free_cv; - -- g = EC_GROUP_get0_generator(group); -- ret = uadk_get_affine_coordinates(group, g, xg, yg, ctx); -+ cv_param->g = EC_GROUP_get0_generator(group); -+ if (!cv_param->g) -+ goto free_cv; -+ -+ ret = uadk_get_affine_coordinates(group, cv_param->g, g_x, g_y, ctx); - if (ret) -- goto err; -+ goto free_cv; - -- order = (BIGNUM *)EC_GROUP_get0_order(group); -- pparam->p.dsize = BN_bn2bin(p, (void *)pparam->p.data); -- pparam->a.dsize = BN_bn2bin(a, (void *)pparam->a.data); -- /* a or b is all zero, but uadk not allow parameter length is zero */ -- if (!pparam->a.dsize) { -- pparam->a.dsize = 1; -- pparam->a.data[0] = 0; -- } -- pparam->b.dsize = BN_bn2bin(b, (void *)pparam->b.data); -- if (!pparam->b.dsize) { -- pparam->b.dsize = 1; -- pparam->b.data[0] = 0; -- } -- pparam->g.x.dsize = BN_bn2bin(xg, (void *)pparam->g.x.data); -- pparam->g.y.dsize = BN_bn2bin(yg, (void *)pparam->g.y.data); -- pparam->n.dsize = BN_bn2bin(order, (void *)pparam->n.data); -+ cv_param->order = EC_GROUP_get0_order(group); -+ if (!cv_param->order) -+ goto free_cv; -+ -+ fill_ecc_cv_param(pparam, cv_param, g_x, g_y); - cv->type = WD_CV_CFG_PARAM; - ret = 0; --err: -- if (ctx) { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -- } -+ -+free_cv: -+ OPENSSL_free(cv_param); -+free_ctx: -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); - - return ret; - } -@@ -166,12 +213,13 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg) - sp.cv.cfg.pparam = ¶m; - group = EC_KEY_get0_group(eckey); - ret = set_sess_setup_cv(group, &sp.cv); -- if (ret) { -- free(dev); -- return (handle_t)0; -- } -+ if (ret) -+ goto free_dev; - - order = EC_GROUP_get0_order(group); -+ if (!order) -+ goto free_dev; -+ - key_bits = BN_num_bits(order); - sp.alg = alg; - sp.key_bits = get_smallest_hw_keybits(key_bits); -@@ -184,8 +232,11 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg) - fprintf(stderr, "failed to alloc ecc sess\n"); - - free(dev); -- - return sess; -+ -+free_dev: -+ free(dev); -+ return (handle_t)0; - } - - static int check_ecc_bit_useful(const int bits) -@@ -506,6 +557,10 @@ static int ecdsa_do_verify_check(EC_KEY *eckey, - const BIGNUM *order; - int ret; - -+ ret = eckey_check(eckey); -+ if (ret) -+ return ret; -+ - if (!dgst) { - fprintf(stderr, "dgst is NULL\n"); - return -1; -@@ -516,10 +571,6 @@ static int ecdsa_do_verify_check(EC_KEY *eckey, - return -1; - } - -- ret = eckey_check(eckey); -- if (ret) -- return ret; -- - pub_key = EC_KEY_get0_public_key(eckey); - if (!pub_key) { - fprintf(stderr, "pub_key is NULL\n"); -@@ -957,10 +1008,20 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req, - ctx = BN_CTX_new(); - if (!ctx) - return -ENOMEM; -+ -+ BN_CTX_start(ctx); - pkey_x = BN_CTX_get(ctx); -+ if (!pkey_x) -+ goto free_ctx; -+ - pkey_y = BN_CTX_get(ctx); -+ if (!pkey_y) -+ goto free_ctx; - - group = EC_KEY_get0_group(ecdh); -+ if (!group) -+ goto free_ctx; -+ - uadk_get_affine_coordinates(group, pubkey, pkey_x, pkey_y, ctx); - in_pkey.x.data = buf_x; - in_pkey.y.data = buf_y; -@@ -986,13 +1047,9 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req, - ret = 1; - - free_ctx: -- if (ctx) { -- if (pkey_x) -- BN_clear(pkey_x); -- if (pkey_y) -- BN_clear(pkey_y); -- BN_CTX_free(ctx); -- } -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ - return ret; - } - --- -2.27.0 - diff --git a/0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch b/0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch deleted file mode 100644 index fcb2341af95898e2b5c6bc1a269c9128f329baeb..0000000000000000000000000000000000000000 --- a/0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch +++ /dev/null @@ -1,170 +0,0 @@ -From 7989e5639ab9a2de5d03ecb06942ad556ed41d93 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 23 Jul 2022 16:57:50 +0800 -Subject: [PATCH 48/57] ecc: bugfix multiple definition of ecx structure - -The structure 'ECX_KEY' is defined in the libcrypto of OpenSSL, -but OpenSSL does not put this definition in the header file in -its 1.1.1x release version, so we can not use this structure -directly. We should define a new structure that provides the -same function to avoid conflict with the definition in OpenSSL -when using static compilation. - -Signed-off-by: Zhiqi Song ---- - src/uadk_ecx.c | 43 +++++++++++++++++++++++-------------------- - 1 file changed, 23 insertions(+), 20 deletions(-) - -diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c -index 5d0ff76..df23156 100644 ---- a/src/uadk_ecx.c -+++ b/src/uadk_ecx.c -@@ -31,14 +31,14 @@ - #define X448_KEYLEN 56 - #define X25519_KEYBITS 256 - #define X448_KEYBITS 448 --#define MAX_KEYLEN 57 -+#define ECX_MAX_KEYLEN 57 - #define UADK_E_SUCCESS 1 - #define UADK_E_FAIL 0 - --typedef struct { -- unsigned char pubkey[MAX_KEYLEN]; -+struct ecx_key { -+ unsigned char pubkey[ECX_MAX_KEYLEN]; - unsigned char *privkey; --} ECX_KEY; -+}; - - struct ecx_ctx { - handle_t sess; -@@ -224,12 +224,12 @@ static int ecx_get_nid(EVP_PKEY_CTX *ctx) - return nid; - } - --static int ecx_create_privkey(ECX_KEY **ecx_key, int key_size) -+static int ecx_create_privkey(struct ecx_key **ecx_key, int key_size) - { - unsigned char *privkey; - int ret; - -- *ecx_key = OPENSSL_zalloc(sizeof(ECX_KEY)); -+ *ecx_key = OPENSSL_zalloc(sizeof(struct ecx_key)); - if (!(*ecx_key)) { - fprintf(stderr, "failed to alloc ecx_key\n"); - return UADK_E_FAIL; -@@ -259,7 +259,8 @@ free_ecx_key: - return UADK_E_FAIL; - } - --static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key) -+static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx, -+ struct ecx_key *ecx_key) - { - handle_t sess = ecx_ctx->sess; - struct wd_ecc_key *ecc_key; -@@ -280,14 +281,14 @@ static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key) - } - - static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx, -- struct wd_ecc_req *req, ECX_KEY *ecx_key) -+ struct wd_ecc_req *req, struct ecx_key *ecx_key) - { - struct wd_ecc_point *pubkey = NULL; - int key_size = ecx_ctx->key_size; - int ret; - - wd_ecxdh_get_out_params(req->dst, &pubkey); -- if (key_size > MAX_KEYLEN) { -+ if (key_size > ECX_MAX_KEYLEN) { - fprintf(stderr, "invalid key size, key_size = %d\n", key_size); - return UADK_E_FAIL; - } -@@ -368,8 +369,8 @@ static int openssl_do_ecx_genkey(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - static int x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - { - struct ecx_ctx *keygen_ctx = NULL; -+ struct ecx_key *ecx_key = NULL; - struct wd_ecc_req req = {0}; -- ECX_KEY *ecx_key = NULL; - int ret; - - ret = ecx_genkey_check(ctx, pkey); -@@ -426,8 +427,8 @@ do_soft: - static int x448_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) - { - struct ecx_ctx *keygen_ctx = NULL; -+ struct ecx_key *ecx_key = NULL; - struct wd_ecc_req req = {0}; -- ECX_KEY *ecx_key = NULL; - int ret; - - ret = ecx_genkey_check(ctx, pkey); -@@ -482,12 +483,13 @@ do_soft: - } - - static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req, -- ECX_KEY *peer_ecx_key, ECX_KEY *ecx_key) -+ struct ecx_key *peer_ecx_key, -+ struct ecx_key *ecx_key) - { - int key_size = ecx_ctx->key_size; -+ char buf_y[ECX_MAX_KEYLEN] = {0}; - handle_t sess = ecx_ctx->sess; - struct wd_ecc_point in_pubkey; -- char buf_y[MAX_KEYLEN] = {0}; - struct wd_ecc_out *ecx_out; - struct wd_ecc_in *ecx_in; - int ret; -@@ -542,7 +544,8 @@ static void ecx_compkey_uninit_iot(handle_t sess, struct wd_ecc_req *req) - wd_ecc_del_in(sess, req->src); - } - --static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key) -+static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, -+ struct ecx_key *ecx_key) - { - int key_size = ecx_ctx->key_size; - handle_t sess = ecx_ctx->sess; -@@ -576,8 +579,8 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key) - return UADK_E_SUCCESS; - } - --static int ecx_get_key(EVP_PKEY_CTX *ctx, ECX_KEY **ecx_key, -- ECX_KEY **peer_ecx_key) -+static int ecx_get_key(EVP_PKEY_CTX *ctx, struct ecx_key **ecx_key, -+ struct ecx_key **peer_ecx_key) - { - EVP_PKEY *pkey, *peer_key; - -@@ -623,11 +626,11 @@ static void x25519_pad_out_key(unsigned char *dst_key, unsigned char *src_key, - static int x25519_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen) - { -+ struct ecx_key *peer_ecx_key = NULL; - struct wd_ecc_point *s_key = NULL; - struct ecx_ctx *derive_ctx = NULL; -- ECX_KEY *peer_ecx_key = NULL; -+ struct ecx_key *ecx_key = NULL; - struct wd_ecc_req req = {0}; -- ECX_KEY *ecx_key = NULL; - int ret; - - ret = x25519_init(ctx); -@@ -709,11 +712,11 @@ static void x448_pad_out_key(unsigned char *dst_key, unsigned char *src_key, - static int x448_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen) - { -+ struct ecx_key *peer_ecx_key = NULL; - struct wd_ecc_point *s_key = NULL; - struct ecx_ctx *derive_ctx = NULL; -- ECX_KEY *peer_ecx_key = NULL; -+ struct ecx_key *ecx_key = NULL; - struct wd_ecc_req req = {0}; -- ECX_KEY *ecx_key = NULL; - int ret; - - ret = x448_init(ctx); --- -2.27.0 - diff --git a/0049-uadk_engine-remove-redundant-extern.patch b/0049-uadk_engine-remove-redundant-extern.patch deleted file mode 100644 index a00e806868f84d7b1e71704babf34ad2cb7c7160..0000000000000000000000000000000000000000 --- a/0049-uadk_engine-remove-redundant-extern.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 55edca5dd3c13ff623c078eaea2dfb9a7f444eb7 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 23 Jul 2022 17:06:29 +0800 -Subject: [PATCH 49/57] uadk_engine: remove redundant extern - -Remove the "extern" keyword before function declaration in -the header file. Because the function in header file is -'extern' by default, there is no need to specify explicitly. - -Signed-off-by: Zhiqi Song ---- - src/uadk.h | 24 ++++++++++++------------ - src/uadk_async.h | 16 ++++++++-------- - 2 files changed, 20 insertions(+), 20 deletions(-) - -diff --git a/src/uadk.h b/src/uadk.h -index e2635d4..0188f0b 100644 ---- a/src/uadk.h -+++ b/src/uadk.h -@@ -32,16 +32,16 @@ enum { - }; - - extern const char *engine_uadk_id; --extern int uadk_e_bind_cipher(ENGINE *e); --extern void uadk_e_destroy_cipher(void); --extern int uadk_e_bind_digest(ENGINE *e); --extern void uadk_e_destroy_digest(void); --extern int uadk_e_bind_rsa(ENGINE *e); --extern void uadk_e_destroy_rsa(void); --extern int uadk_e_bind_dh(ENGINE *e); --extern void uadk_e_destroy_dh(void); --extern int uadk_e_bind_ecc(ENGINE *e); --extern void uadk_e_destroy_ecc(void); --extern int uadk_e_is_env_enabled(const char *alg_name); --extern int uadk_e_set_env(const char *var_name, int numa_id); -+int uadk_e_bind_cipher(ENGINE *e); -+void uadk_e_destroy_cipher(void); -+int uadk_e_bind_digest(ENGINE *e); -+void uadk_e_destroy_digest(void); -+int uadk_e_bind_rsa(ENGINE *e); -+void uadk_e_destroy_rsa(void); -+int uadk_e_bind_dh(ENGINE *e); -+void uadk_e_destroy_dh(void); -+int uadk_e_bind_ecc(ENGINE *e); -+void uadk_e_destroy_ecc(void); -+int uadk_e_is_env_enabled(const char *alg_name); -+int uadk_e_set_env(const char *var_name, int numa_id); - #endif -diff --git a/src/uadk_async.h b/src/uadk_async.h -index d2a7e16..78f7a21 100644 ---- a/src/uadk_async.h -+++ b/src/uadk_async.h -@@ -65,12 +65,12 @@ struct async_poll_queue { - pthread_t thread_id; - }; - --extern int async_setup_async_event_notification(struct async_op *op); --extern int async_clear_async_event_notification(void); --extern int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id); --extern void async_register_poll_fn(int type, async_recv_t func); --extern void async_module_init(void); --extern int async_wake_job(ASYNC_JOB *job); --extern void async_free_poll_task(int id, bool is_cb); --extern int async_get_free_task(int *id); -+int async_setup_async_event_notification(struct async_op *op); -+int async_clear_async_event_notification(void); -+int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id); -+void async_register_poll_fn(int type, async_recv_t func); -+void async_module_init(void); -+int async_wake_job(ASYNC_JOB *job); -+void async_free_poll_task(int id, bool is_cb); -+int async_get_free_task(int *id); - #endif --- -2.27.0 - diff --git a/0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch b/0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch deleted file mode 100644 index 98980e3ada9558d652a1ef8f59224f45f1cea032..0000000000000000000000000000000000000000 --- a/0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch +++ /dev/null @@ -1,212 +0,0 @@ -From ba0a9ede4f72387f065e88c054e35dc6fdb59079 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 23 Jul 2022 17:10:47 +0800 -Subject: [PATCH 50/57] uadk_engine: add timeout protection mechanism in poll - -Count the cycle times of poll. When the count times exceed the -maximum number, exit to prevent the task from timeout. - -Signed-off-by: Zhiqi Song ---- - src/uadk_cipher.c | 13 ++++++++----- - src/uadk_dh.c | 11 +++++++---- - src/uadk_digest.c | 11 +++++++---- - src/uadk_pkey.c | 13 ++++++++----- - src/uadk_rsa.c | 11 +++++++---- - 5 files changed, 37 insertions(+), 22 deletions(-) - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index 472c0ad..54d0a7d 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -517,7 +517,7 @@ static int uadk_e_cipher_poll(void *ctx) - - do { - ret = wd_cipher_poll_ctx(idx, expt, &recv); -- if (recv >= expt) -+ if (recv == expt) - return 0; - else if (ret < 0 && ret != -EAGAIN) - return ret; -@@ -530,18 +530,21 @@ static int uadk_e_cipher_poll(void *ctx) - - static int uadk_e_cipher_env_poll(void *ctx) - { -+ __u64 rx_cnt = 0; - __u32 recv = 0; -- /* poll one packet currently */ -+ /* Poll one packet currently */ - int expt = 1; - int ret; - - do { - ret = wd_cipher_poll(expt, &recv); -- if (ret < 0) -+ if (ret < 0 || recv == expt) - return ret; -- } while (recv < expt); -+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); - -- return ret; -+ fprintf(stderr, "failed to poll msg: timeout!\n"); -+ -+ return -ETIMEDOUT; - } - - static int uadk_e_wd_cipher_env_init(struct uacce_dev *dev) -diff --git a/src/uadk_dh.c b/src/uadk_dh.c -index 893b0f2..cf319e5 100644 ---- a/src/uadk_dh.c -+++ b/src/uadk_dh.c -@@ -212,7 +212,7 @@ static int uadk_e_dh_poll(void *ctx) - - do { - ret = wd_dh_poll_ctx(idx, expect, &recv); -- if (recv >= expect) -+ if (recv == expect) - return UADK_E_POLL_SUCCESS; - else if (ret < 0 && ret != -EAGAIN) - return ret; -@@ -273,6 +273,7 @@ static struct dh_res_config dh_res_config = { - - static int uadk_e_dh_env_poll(void *ctx) - { -+ __u64 rx_cnt = 0; - __u32 recv = 0; - /* Poll one packet currently */ - int expt = 1; -@@ -280,11 +281,13 @@ static int uadk_e_dh_env_poll(void *ctx) - - do { - ret = wd_dh_poll(expt, &recv); -- if (ret < 0) -+ if (ret < 0 || recv == expt) - return ret; -- } while (recv < expt); -+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); - -- return ret; -+ fprintf(stderr, "failed to poll msg: timeout!\n"); -+ -+ return -ETIMEDOUT; - } - - static int uadk_e_wd_dh_env_init(struct uacce_dev *dev) -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index 8127373..853aa39 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -343,7 +343,7 @@ static int uadk_e_digest_poll(void *ctx) - - do { - ret = wd_digest_poll_ctx(CTX_ASYNC, expt, &recv); -- if (recv >= expt) -+ if (recv == expt) - return 0; - else if (ret < 0 && ret != -EAGAIN) - return ret; -@@ -356,6 +356,7 @@ static int uadk_e_digest_poll(void *ctx) - - static int uadk_e_digest_env_poll(void *ctx) - { -+ __u64 rx_cnt = 0; - __u32 recv = 0; - /* Poll one packet currently */ - int expt = 1; -@@ -363,11 +364,13 @@ static int uadk_e_digest_env_poll(void *ctx) - - do { - ret = wd_digest_poll(expt, &recv); -- if (ret < 0) -+ if (ret < 0 || recv == expt) - return ret; -- } while (recv < expt); -+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); - -- return ret; -+ fprintf(stderr, "failed to poll msg: timeout!\n"); -+ -+ return -ETIMEDOUT; - } - - static int uadk_e_wd_digest_env_init(struct uacce_dev *dev) -diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c -index a0b74af..9a3a725 100644 ---- a/src/uadk_pkey.c -+++ b/src/uadk_pkey.c -@@ -110,7 +110,7 @@ static int uadk_ecc_poll(void *ctx) - - do { - ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv); -- if (recv >= expt) -+ if (recv == expt) - return 0; - else if (ret < 0 && ret != -EAGAIN) - return ret; -@@ -143,18 +143,21 @@ int uadk_e_ecc_get_numa_id(void) - - static int uadk_e_ecc_env_poll(void *ctx) - { -+ __u64 rx_cnt = 0; - __u32 recv = 0; -- /* poll one packet currently */ -+ /* Poll one packet currently */ - int expt = 1; - int ret; - - do { - ret = wd_ecc_poll(expt, &recv); -- if (ret < 0) -+ if (ret < 0 || recv == expt) - return ret; -- } while (recv < expt); -+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); - -- return ret; -+ fprintf(stderr, "failed to poll msg: timeout!\n"); -+ -+ return -ETIMEDOUT; - } - - static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev) -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index 29b2521..a74343f 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -663,7 +663,7 @@ static int uadk_e_rsa_poll(void *ctx) - - do { - ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv); -- if (recv >= expt) -+ if (recv == expt) - return UADK_E_POLL_SUCCESS; - else if (ret < 0 && ret != -EAGAIN) - return ret; -@@ -689,6 +689,7 @@ static struct rsa_res_config rsa_res_config = { - - static int uadk_e_rsa_env_poll(void *ctx) - { -+ __u64 rx_cnt = 0; - __u32 recv = 0; - /* Poll one packet currently */ - int expt = 1; -@@ -696,11 +697,13 @@ static int uadk_e_rsa_env_poll(void *ctx) - - do { - ret = wd_rsa_poll(expt, &recv); -- if (ret < 0) -+ if (ret < 0 || recv == expt) - return ret; -- } while (recv < expt); -+ } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); - -- return ret; -+ fprintf(stderr, "failed to poll msg: timeout!\n"); -+ -+ return -ETIMEDOUT; - } - - static int uadk_e_wd_rsa_env_init(struct uacce_dev *dev) --- -2.27.0 - diff --git a/0051-rsa-cleanup-redundant-BN-operation.patch b/0051-rsa-cleanup-redundant-BN-operation.patch deleted file mode 100644 index 3d2e807653afa6d716e937a71143c57c6f493289..0000000000000000000000000000000000000000 --- a/0051-rsa-cleanup-redundant-BN-operation.patch +++ /dev/null @@ -1,272 +0,0 @@ -From 25b026f401195e0385fc575c51752e1c0c731394 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 23 Jul 2022 17:13:09 +0800 -Subject: [PATCH 51/57] rsa: cleanup redundant BN operation - -Remove redundant codes for big number and rsa crt -mode judgment. - -Signed-off-by: Zhiqi Song ---- - src/uadk_rsa.c | 92 ++++++++++++++++++++++---------------------------- - 1 file changed, 40 insertions(+), 52 deletions(-) - -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index a74343f..f95632b 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -871,8 +871,8 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits, - int is_crt) - { - unsigned int key_size = bits >> BIT_BYTES_SHIFT; -- struct uadk_rsa_sess *rsa_sess; - struct sched_params params = {0}; -+ struct uadk_rsa_sess *rsa_sess; - - rsa_sess = rsa_new_eng_session(rsa); - if (!rsa_sess) -@@ -882,11 +882,7 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits, - rsa_sess->setup.key_bits = key_size << BIT_BYTES_SHIFT; - params.numa_id = g_rsa_res.numa_id; - rsa_sess->setup.sched_param = ¶ms; -- -- if (is_crt) -- rsa_sess->setup.is_crt = IS_SET; -- else -- rsa_sess->setup.is_crt = UN_SET; -+ rsa_sess->setup.is_crt = is_crt; - - rsa_sess->sess = wd_rsa_alloc_sess(&rsa_sess->setup); - if (!rsa_sess->sess) { -@@ -1377,10 +1373,8 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - - ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess, - rsa, bn_param); -- if (!ret) { -+ if (!ret) - ret = UADK_DO_SOFT; -- goto free_kg_in_out; -- } - - free_kg_in_out: - rsa_free_keygen_data(rsa_sess); -@@ -1398,11 +1392,11 @@ exe_soft: - static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { -+ struct rsa_pubkey_param *pub_enc = NULL; - struct uadk_rsa_sess *rsa_sess = NULL; -- struct rsa_pubkey_param *pub = NULL; - unsigned char *from_buf = NULL; - int num_bytes, is_crt, ret; -- BIGNUM *ret_bn = NULL; -+ BIGNUM *enc_bn = NULL; - - ret = check_rsa_input_para(flen, from, to, rsa); - if (!ret || ret == SOFT) -@@ -1412,7 +1406,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, - if (ret) - goto exe_soft; - -- ret = rsa_pkey_param_alloc(&pub, NULL); -+ ret = rsa_pkey_param_alloc(&pub_enc, NULL); - if (ret == -ENOMEM) - goto exe_soft; - -@@ -1424,7 +1418,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, - goto free_pkey; - } - -- ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes); -+ ret = rsa_create_pub_bn_ctx(rsa, pub_enc, &from_buf, &num_bytes); - if (ret <= 0 || flen > num_bytes) { - ret = UADK_DO_SOFT; - goto free_sess; -@@ -1436,7 +1430,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, - goto free_buf; - } - -- ret = rsa_fill_pubkey(pub, rsa_sess, from_buf, to); -+ ret = rsa_fill_pubkey(pub_enc, rsa_sess, from_buf, to); - if (!ret) { - ret = UADK_DO_SOFT; - goto free_buf; -@@ -1448,27 +1442,25 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, - goto free_buf; - } - -- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, -+ enc_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, - rsa_sess->req.dst_bytes, NULL); -- if (!ret_bn) { -+ if (!enc_bn) { - ret = UADK_DO_SOFT; - goto free_buf; - } - -- ret = BN_bn2binpad(ret_bn, to, num_bytes); -- if (ret == -1) { -+ ret = BN_bn2binpad(enc_bn, to, num_bytes); -+ if (ret == -1) - ret = UADK_DO_SOFT; -- goto free_bn; -- } - --free_bn: -- BN_free(ret_bn); -+ BN_free(enc_bn); -+ - free_buf: - rsa_free_pub_bn_ctx(&from_buf); - free_sess: - rsa_free_eng_session(rsa_sess); - free_pkey: -- rsa_pkey_param_free(&pub, NULL); -+ rsa_pkey_param_free(&pub_enc, NULL); - if (ret != UADK_DO_SOFT) - return ret; - exe_soft: -@@ -1484,7 +1476,7 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, - unsigned char *from_buf = NULL; - struct uadk_rsa_sess *rsa_sess; - int num_bytes, len, ret; -- BIGNUM *ret_bn = NULL; -+ BIGNUM *dec_bn = NULL; - - ret = check_rsa_input_para(flen, from, to, rsa); - if (!ret || ret == SOFT) -@@ -1526,27 +1518,25 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, - goto free_buf; - } - -- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, -+ dec_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, - rsa_sess->req.dst_bytes, NULL); -- if (!ret_bn) { -+ if (!dec_bn) { - ret = UADK_DO_SOFT; - goto free_buf; - } - -- len = BN_bn2binpad(ret_bn, from_buf, num_bytes); -+ len = BN_bn2binpad(dec_bn, from_buf, num_bytes); - if (!len) { - ret = UADK_DO_SOFT; -- goto free_bn; -+ goto free_dec_bn; - } - - ret = check_rsa_pridec_padding(to, num_bytes, from_buf, len, padding); -- if (!ret) { -+ if (!ret) - ret = UADK_DO_SOFT; -- goto free_bn; -- } - --free_bn: -- BN_free(ret_bn); -+free_dec_bn: -+ BN_free(dec_bn); - free_buf: - rsa_free_pri_bn_ctx(&from_buf); - free_sess: -@@ -1567,7 +1557,7 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, - struct uadk_rsa_sess *rsa_sess = NULL; - struct rsa_prikey_param *pri = NULL; - unsigned char *from_buf = NULL; -- BIGNUM *ret_bn = NULL; -+ BIGNUM *sign_bn = NULL; - BIGNUM *to_bn = NULL; - BIGNUM *res = NULL; - int num_bytes, ret; -@@ -1616,9 +1606,9 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, - goto free_buf; - } - -- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, -+ sign_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, - rsa_sess->req.dst_bytes, NULL); -- if (!ret_bn) { -+ if (!sign_bn) { - ret = UADK_DO_SOFT; - goto free_buf; - } -@@ -1626,10 +1616,10 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, - to_bn = BN_bin2bn(from_buf, num_bytes, NULL); - if (!to_bn) { - ret = UADK_DO_SOFT; -- goto free_ret_bn; -+ goto free_sign_bn; - } - -- ret = rsa_get_sign_res(padding, to_bn, pri->n, ret_bn, &res); -+ ret = rsa_get_sign_res(padding, to_bn, pri->n, sign_bn, &res); - if (!ret) { - ret = UADK_DO_SOFT; - goto free_to_bn; -@@ -1639,8 +1629,8 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, - - free_to_bn: - BN_free(to_bn); --free_ret_bn: -- BN_free(ret_bn); -+free_sign_bn: -+ BN_free(sign_bn); - free_buf: - rsa_free_pri_bn_ctx(&from_buf); - free_sess: -@@ -1662,7 +1652,7 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from, - struct rsa_pubkey_param *pub = NULL; - int num_bytes, is_crt, len, ret; - unsigned char *from_buf = NULL; -- BIGNUM *ret_bn = NULL; -+ BIGNUM *verify_bn = NULL; - - ret = check_rsa_input_para(flen, from, to, rsa); - if (!ret) -@@ -1705,33 +1695,31 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from, - goto free_buf; - } - -- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, -+ verify_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, - rsa_sess->req.dst_bytes, NULL); -- if (!ret_bn) { -+ if (!verify_bn) { - ret = UADK_DO_SOFT; - goto free_buf; - } - -- ret = rsa_get_verify_res(padding, pub->n, ret_bn); -+ ret = rsa_get_verify_res(padding, pub->n, verify_bn); - if (!ret) { - ret = UADK_DO_SOFT; -- goto free_bn; -+ goto free_verify_bn; - } - -- len = BN_bn2binpad(ret_bn, from_buf, num_bytes); -+ len = BN_bn2binpad(verify_bn, from_buf, num_bytes); - if (!len) { - ret = UADK_DO_SOFT; -- goto free_bn; -+ goto free_verify_bn; - } - - ret = check_rsa_pubdec_padding(to, num_bytes, from_buf, len, padding); -- if (!ret) { -+ if (!ret) - ret = UADK_DO_SOFT; -- goto free_bn; -- } - --free_bn: -- BN_free(ret_bn); -+free_verify_bn: -+ BN_free(verify_bn); - free_buf: - rsa_free_pub_bn_ctx(&from_buf); - free_sess: --- -2.27.0 - diff --git a/0052-rsa-bugfix-memory-leak-in-genkey-process.patch b/0052-rsa-bugfix-memory-leak-in-genkey-process.patch deleted file mode 100644 index e4b62d94b71d40494c5a7598dea4ded518a77bc4..0000000000000000000000000000000000000000 --- a/0052-rsa-bugfix-memory-leak-in-genkey-process.patch +++ /dev/null @@ -1,189 +0,0 @@ -From 8d27c38b9bbf0dee3ba17aac4d1bf9529bdafdea Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 23 Jul 2022 17:15:05 +0800 -Subject: [PATCH 52/57] rsa: bugfix memory leak in genkey process - -The process of releasing keygen parameter is supplemented: -When an abnormal situation occurs, uadk engine needs to switch -to software keygen function, so we need to free BN ctx we alloced -before. But in normal situation, the BN ctx should be freed by -OpenSSL tools or users, because the OpenSSL tool, for example, -genrsa, has implemented the free operation, we should not free -it again. - -Signed-off-by: Zhiqi Song ---- - src/e_uadk.c | 3 +-- - src/uadk_rsa.c | 57 ++++++++++++++++++++++++++------------------------ - 2 files changed, 31 insertions(+), 29 deletions(-) - -diff --git a/src/e_uadk.c b/src/e_uadk.c -index 58a10de..23fe0f2 100644 ---- a/src/e_uadk.c -+++ b/src/e_uadk.c -@@ -333,8 +333,7 @@ static void bind_fn_uadk_alg(ENGINE *e) - } - - /* -- * This stuff is needed if this ENGINE is being -- * compiled into a self-contained shared-library. -+ * Connect uadk_engine to OpenSSL engine library. - */ - static int bind_fn(ENGINE *e, const char *id) - { -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index f95632b..5b23dab 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -968,15 +968,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess, - return UADK_E_SUCCESS; - } - --static int rsa_get_keygen_param(struct wd_rsa_req *req, -- handle_t ctx, RSA *rsa, -- struct rsa_keygen_param_bn *bn_param) -+static int rsa_get_keygen_param(struct wd_rsa_req *req, handle_t ctx, RSA *rsa, -+ struct rsa_keygen_param_bn *bn_param, BN_CTX **bn_ctx_in) - { - struct wd_rsa_kg_out *out = (struct wd_rsa_kg_out *)req->dst; - struct wd_dtb wd_d, wd_n, wd_qinv, wd_dq, wd_dp; - BIGNUM *dmp1, *dmq1, *iqmp, *n, *d; - unsigned int key_bits, key_size; -- BN_CTX *bn_ctx; -+ BN_CTX *bn_ctx = *bn_ctx_in; - - key_bits = wd_rsa_get_key_bits(ctx); - if (!key_bits) -@@ -986,30 +985,25 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req, - wd_rsa_get_kg_out_params(out, &wd_d, &wd_n); - wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp); - -- bn_ctx = BN_CTX_new(); -- if (!bn_ctx) -- return UADK_E_FAIL; -- -- BN_CTX_start(bn_ctx); - dmp1 = BN_CTX_get(bn_ctx); - if (!dmp1) -- goto free_bn_ctx; -+ return UADK_E_FAIL; - - dmq1 = BN_CTX_get(bn_ctx); - if (!dmq1) -- goto free_bn_ctx; -+ return UADK_E_FAIL; - - iqmp = BN_CTX_get(bn_ctx); - if (!iqmp) -- goto free_bn_ctx; -+ return UADK_E_FAIL; - - n = BN_CTX_get(bn_ctx); - if (!n) -- goto free_bn_ctx; -+ return UADK_E_FAIL; - - d = BN_CTX_get(bn_ctx); - if (!d) -- goto free_bn_ctx; -+ return UADK_E_FAIL; - - BN_bin2bn((unsigned char *)wd_d.data, key_size, d); - BN_bin2bn((unsigned char *)wd_n.data, key_size, n); -@@ -1020,15 +1014,9 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req, - if (!(RSA_set0_key(rsa, n, bn_param->e, d) && - RSA_set0_factors(rsa, bn_param->p, bn_param->q) && - RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp))) -- goto free_bn_ctx; -+ return UADK_E_FAIL; - - return UADK_E_SUCCESS; -- --free_bn_ctx: -- BN_CTX_end(bn_ctx); -- BN_CTX_free(bn_ctx); -- -- return UADK_E_FAIL; - } - - static void uadk_e_rsa_cb(void *req_t) -@@ -1179,7 +1167,7 @@ static void rsa_free_keygen_data(struct uadk_rsa_sess *rsa_sess) - - static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param, - struct rsa_keygen_param_bn **keygen_bn_param, -- struct rsa_keypair **key_pair) -+ struct rsa_keypair **key_pair, BN_CTX **bn_ctx_in) - { - BN_CTX *bn_ctx; - -@@ -1201,6 +1189,8 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param, - goto free_key_pair; - - BN_CTX_start(bn_ctx); -+ *bn_ctx_in = bn_ctx; -+ - (*keygen_bn_param)->e = BN_CTX_get(bn_ctx); - if (!(*keygen_bn_param)->e) - goto free_bn_ctx; -@@ -1230,8 +1220,21 @@ err: - - static void rsa_keygen_param_free(struct rsa_keygen_param **keygen_param, - struct rsa_keygen_param_bn **keygen_bn_param, -- struct rsa_keypair **key_pair) -+ struct rsa_keypair **key_pair, BN_CTX **bn_ctx, -+ int free_bn_ctx_tag) - { -+ /* -+ * When an abnormal situation occurs, uadk engine needs -+ * to switch to software keygen function, so we need to -+ * free BN ctx we alloced before. But in normal situation, -+ * the BN ctx should be freed by OpenSSL tools or users. -+ * Therefore, we use a tag to distinguish these cases. -+ */ -+ if (free_bn_ctx_tag == UADK_DO_SOFT) { -+ BN_CTX_end(*bn_ctx); -+ BN_CTX_free(*bn_ctx); -+ } -+ - OPENSSL_free(*keygen_bn_param); - OPENSSL_free(*keygen_param); - OPENSSL_free(*key_pair); -@@ -1327,6 +1330,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - struct rsa_keygen_param_bn *bn_param = NULL; - struct uadk_rsa_sess *rsa_sess = NULL; - struct rsa_keypair *key_pair = NULL; -+ BN_CTX *bn_ctx = NULL; - int is_crt = 1; - int ret; - -@@ -1338,7 +1342,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - if (ret) - goto exe_soft; - -- ret = rsa_keygen_param_alloc(&keygen_param, &bn_param, &key_pair); -+ ret = rsa_keygen_param_alloc(&keygen_param, &bn_param, &key_pair, &bn_ctx); - if (ret == -ENOMEM) - goto exe_soft; - -@@ -1371,8 +1375,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - goto free_kg_in_out; - } - -- ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess, -- rsa, bn_param); -+ ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess, rsa, bn_param, &bn_ctx); - if (!ret) - ret = UADK_DO_SOFT; - -@@ -1381,7 +1384,7 @@ free_kg_in_out: - free_sess: - rsa_free_eng_session(rsa_sess); - free_keygen: -- rsa_keygen_param_free(&keygen_param, &bn_param, &key_pair); -+ rsa_keygen_param_free(&keygen_param, &bn_param, &key_pair, &bn_ctx, ret); - if (ret != UADK_DO_SOFT) - return ret; - exe_soft: --- -2.27.0 - diff --git a/0053-rsa-remove-unused-software-method.patch b/0053-rsa-remove-unused-software-method.patch deleted file mode 100644 index 7cac77fc96e1d040ae4452cc97a7d50eb56b28bf..0000000000000000000000000000000000000000 --- a/0053-rsa-remove-unused-software-method.patch +++ /dev/null @@ -1,97 +0,0 @@ -From ff703a9aa6a0a2dada51b7bf88cc9e1a8ce2d6cd Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 23 Jul 2022 17:16:59 +0800 -Subject: [PATCH 53/57] rsa: remove unused software method - -Switching to software methods in abnormal scenarios has been -implemented in other functions, uadk_e_get_rsa_sw_methods() -is actually unused, so we remove it. - -Signed-off-by: Zhiqi Song ---- - src/uadk_rsa.c | 49 +++++-------------------------------------------- - 1 file changed, 5 insertions(+), 44 deletions(-) - -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index 5b23dab..7983bc0 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -53,7 +53,6 @@ - #define ENV_ENABLED 1 - - static RSA_METHOD *rsa_hw_meth; --static RSA_METHOD *rsa_sw_meth; - - struct bignum_st { - BN_ULONG *d; -@@ -1737,25 +1736,11 @@ exe_soft: - (flen, from, to, rsa, padding); - } - --static RSA_METHOD *uadk_e_get_rsa_sw_methods(void) --{ -- /* meth: default rsa software method */ -- const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); -- -- rsa_sw_meth = RSA_meth_new("rsa soft method", 0); -- (void)RSA_meth_set_pub_enc(rsa_sw_meth, RSA_meth_get_pub_enc(meth)); -- (void)RSA_meth_set_priv_enc(rsa_sw_meth, RSA_meth_get_priv_enc(meth)); -- (void)RSA_meth_set_pub_dec(rsa_sw_meth, RSA_meth_get_pub_dec(meth)); -- (void)RSA_meth_set_priv_dec(rsa_sw_meth, RSA_meth_get_priv_dec(meth)); -- (void)RSA_meth_set_keygen(rsa_sw_meth, uadk_e_soft_rsa_keygen); -- (void)RSA_meth_set_mod_exp(rsa_sw_meth, RSA_meth_get_mod_exp(meth)); -- (void)RSA_meth_set_bn_mod_exp(rsa_sw_meth, -- RSA_meth_get_bn_mod_exp(meth)); -- -- return rsa_sw_meth; --} -- --static RSA_METHOD *uadk_e_get_rsa_hw_methods(void) -+/** -+ * uadk_get_rsa_method() - Set rsa hardware methods of the RSA implementation which -+ * can be called from ENGINE structure. -+ */ -+static RSA_METHOD *uadk_e_get_rsa_methods(void) - { - if (rsa_hw_meth) - return rsa_hw_meth; -@@ -1780,36 +1765,12 @@ static RSA_METHOD *uadk_e_get_rsa_hw_methods(void) - return rsa_hw_meth; - } - --/** -- * uadk_get_rsa_method() - Set rsa methods of the RSA implementation which -- * can be called from ENGINE structure. -- */ --static RSA_METHOD *uadk_e_get_rsa_methods(void) --{ -- struct uacce_dev *dev; -- -- dev = wd_get_accel_dev("rsa"); -- if (!dev) -- return uadk_e_get_rsa_sw_methods(); -- -- free(dev); -- return uadk_e_get_rsa_hw_methods(); --} -- - static void uadk_e_delete_rsa_meth(void) - { -- if (!rsa_hw_meth && !rsa_sw_meth) -- return; -- - if (rsa_hw_meth) { - RSA_meth_free(rsa_hw_meth); - rsa_hw_meth = NULL; - } -- -- if (rsa_sw_meth) { -- RSA_meth_free(rsa_sw_meth); -- rsa_sw_meth = NULL; -- } - } - - /** --- -2.27.0 - diff --git a/0054-doc-Modify-maintainers.patch b/0054-doc-Modify-maintainers.patch deleted file mode 100644 index 70387585509a37eb6c5b09e189f9b86eda5e57ad..0000000000000000000000000000000000000000 --- a/0054-doc-Modify-maintainers.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 9dd29d1cfd3b3038bc8a347c51f1f176c28ec0b5 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Mon, 25 Jul 2022 11:42:11 +0800 -Subject: [PATCH 54/57] doc: Modify maintainers - -Personnel change, replace a maintainer. - -Signed-off-by: Zhiqi Song ---- - docs/maintenance.md | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/docs/maintenance.md b/docs/maintenance.md -index 50ed1fe..1a563ce 100644 ---- a/docs/maintenance.md -+++ b/docs/maintenance.md -@@ -28,5 +28,5 @@ sudo test/sanity_test.sh - ``` - Zhangfei Gao - Zhou Wang --Hui Tang -+Zhiqi Song - ``` --- -2.27.0 - diff --git a/0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch b/0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch deleted file mode 100644 index 0b7c0bfa005591c449f3875af4697f1ef6b2a7f8..0000000000000000000000000000000000000000 --- a/0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 623c8687b64381b0dc454ea2d2c81ee5f6bfdbc7 Mon Sep 17 00:00:00 2001 -From: Weili Qian -Date: Tue, 26 Jul 2022 10:39:01 +0800 -Subject: [PATCH 55/57] rsa: modify the default algorithm of keygen soft - algorithm - -When the hardware algorithm execution fails, the engine needs to -switch to the soft algorithm execution, and the callback needs to -be modified to the soft algorithm to prevent it from being -re-transferred to the hardware interface. - -Signed-off-by: Weili Qian ---- - src/uadk_rsa.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index 7983bc0..03f2ce5 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -140,6 +140,8 @@ enum { - MAX_CODE, - }; - -+static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); -+ - static int rsa_check_bit_useful(const int bits, int flen) - { - if (flen > bits) -@@ -1100,10 +1102,19 @@ err: - - static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) - { -+ const RSA_METHOD *default_meth = RSA_PKCS1_OpenSSL(); - int ret; - -+ if (!default_meth) { -+ fprintf(stderr, "failed to get soft method.\n"); -+ return UADK_E_FAIL; -+ } -+ - UNUSED(cb); -+ (void)RSA_meth_set_keygen(rsa_hw_meth, -+ RSA_meth_get_keygen(default_meth)); - ret = RSA_generate_key_ex(rsa, bits, e, NULL); -+ (void)RSA_meth_set_keygen(rsa_hw_meth, uadk_e_rsa_keygen); - - return ret; - } --- -2.27.0 - diff --git a/0056-engine-initialize-resources-only-once.patch b/0056-engine-initialize-resources-only-once.patch deleted file mode 100644 index eb0f20273c366019927a9771c2d447f4dc844c81..0000000000000000000000000000000000000000 --- a/0056-engine-initialize-resources-only-once.patch +++ /dev/null @@ -1,224 +0,0 @@ -From 0245d700da510dd54926eab3fb9377bde991024f Mon Sep 17 00:00:00 2001 -From: Weili Qian -Date: Tue, 26 Jul 2022 10:54:03 +0800 -Subject: [PATCH 56/57] engine: initialize resources only once - -If multiple threads load the engine repeatedly, the -poll_queue and global locks in the algorithm API are -repeatedly initialized. As a result, tasks of other -threads are abnormal. - -Therefore, this patch moves resource initialization -to the function 'uadk_init' and only initialize once. - -Signed-off-by: Weili Qian ---- - src/e_uadk.c | 37 +++++++++++++++++++++++++++++++++---- - src/uadk.h | 5 +++++ - src/uadk_cipher.c | 7 +++++-- - src/uadk_dh.c | 7 +++++-- - src/uadk_digest.c | 7 +++++-- - src/uadk_pkey.c | 7 +++++-- - src/uadk_rsa.c | 6 ++++-- - 7 files changed, 62 insertions(+), 14 deletions(-) - -diff --git a/src/e_uadk.c b/src/e_uadk.c -index 23fe0f2..1b95284 100644 ---- a/src/e_uadk.c -+++ b/src/e_uadk.c -@@ -43,6 +43,8 @@ static int uadk_digest; - static int uadk_rsa; - static int uadk_dh; - static int uadk_ecc; -+static int uadk_inited; -+static pthread_mutex_t uadk_engine_mutex = PTHREAD_MUTEX_INITIALIZER; - - #ifdef KAE - static int uadk_cipher_nosva; -@@ -219,12 +221,41 @@ static int uadk_destroy(ENGINE *e) - uadk_e_destroy_ecc(); - if (uadk_dh) - uadk_e_destroy_dh(); -+ -+ pthread_mutex_lock(&uadk_engine_mutex); -+ uadk_inited = 0; -+ pthread_mutex_unlock(&uadk_engine_mutex); -+ - return 1; - } - -- - static int uadk_init(ENGINE *e) - { -+ int ret; -+ -+ pthread_mutex_lock(&uadk_engine_mutex); -+ if (uadk_inited) { -+ pthread_mutex_unlock(&uadk_engine_mutex); -+ return 1; -+ } -+ -+ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) -+ async_module_init(); -+ -+ if (uadk_digest) -+ uadk_e_digest_lock_init(); -+ if (uadk_cipher) -+ uadk_e_cipher_lock_init(); -+ if (uadk_rsa) -+ uadk_e_rsa_lock_init(); -+ if (uadk_dh) -+ uadk_e_dh_lock_init(); -+ if (uadk_ecc) -+ uadk_e_ecc_lock_init(); -+ -+ uadk_inited = 1; -+ pthread_mutex_unlock(&uadk_engine_mutex); -+ - return 1; - } - -@@ -360,10 +391,8 @@ static int bind_fn(ENGINE *e, const char *id) - #endif - bind_fn_uadk_alg(e); - -- if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) { -- async_module_init(); -+ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) - pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler); -- } - - ret = ENGINE_set_ctrl_function(e, uadk_engine_ctrl); - if (ret != 1) { -diff --git a/src/uadk.h b/src/uadk.h -index 0188f0b..cd3447c 100644 ---- a/src/uadk.h -+++ b/src/uadk.h -@@ -44,4 +44,9 @@ int uadk_e_bind_ecc(ENGINE *e); - void uadk_e_destroy_ecc(void); - int uadk_e_is_env_enabled(const char *alg_name); - int uadk_e_set_env(const char *var_name, int numa_id); -+void uadk_e_ecc_lock_init(void); -+void uadk_e_rsa_lock_init(void); -+void uadk_e_dh_lock_init(void); -+void uadk_e_cipher_lock_init(void); -+void uadk_e_digest_lock_init(void); - #endif -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index 54d0a7d..c5bc7af 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -1076,8 +1076,6 @@ int uadk_e_bind_cipher(ENGINE *e) - if (platform > KUNPENG920) - bind_v3_cipher(); - -- pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE); -- - return ENGINE_set_ciphers(e, uadk_e_engine_ciphers); - } - -@@ -1160,3 +1158,8 @@ void uadk_e_destroy_cipher(void) - if (platform > KUNPENG920) - destroy_v3_cipher(); - } -+ -+void uadk_e_cipher_lock_init(void) -+{ -+ pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE); -+} -diff --git a/src/uadk_dh.c b/src/uadk_dh.c -index cf319e5..37f84e9 100644 ---- a/src/uadk_dh.c -+++ b/src/uadk_dh.c -@@ -902,8 +902,6 @@ static void uadk_e_delete_dh_meth(void) - - int uadk_e_bind_dh(ENGINE *e) - { -- pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE); -- - return ENGINE_set_DH(e, uadk_e_get_dh_methods()); - } - -@@ -913,3 +911,8 @@ void uadk_e_destroy_dh(void) - uadk_e_delete_dh_meth(); - uadk_e_wd_dh_uninit(); - } -+ -+void uadk_e_dh_lock_init(void) -+{ -+ pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE); -+} -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index 853aa39..b2646cb 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -804,6 +804,11 @@ do { \ - return 0; \ - } while (0) - -+void uadk_e_digest_lock_init(void) -+{ -+ pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE); -+} -+ - int uadk_e_bind_digest(ENGINE *e) - { - UADK_DIGEST_DESCR(md5, md5WithRSAEncryption, MD5_DIGEST_LENGTH, -@@ -849,8 +854,6 @@ int uadk_e_bind_digest(ENGINE *e) - uadk_e_digest_final, uadk_e_digest_cleanup, - uadk_e_digest_copy); - -- pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE); -- - return ENGINE_set_digests(e, uadk_engine_digests); - } - -diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c -index 9a3a725..211f1cc 100644 ---- a/src/uadk_pkey.c -+++ b/src/uadk_pkey.c -@@ -615,6 +615,11 @@ static int uadk_ecc_bind_pmeth(ENGINE *e) - return ENGINE_set_pkey_meths(e, get_pkey_meths); - } - -+void uadk_e_ecc_lock_init(void) -+{ -+ pthread_spin_init(&ecc_res.lock, PTHREAD_PROCESS_PRIVATE); -+} -+ - int uadk_e_bind_ecc(ENGINE *e) - { - int ret; -@@ -631,8 +636,6 @@ int uadk_e_bind_ecc(ENGINE *e) - return ret; - } - -- pthread_spin_init(&ecc_res.lock, PTHREAD_PROCESS_PRIVATE); -- - return ret; - } - -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index 03f2ce5..ef1739d 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -1790,8 +1790,6 @@ static void uadk_e_delete_rsa_meth(void) - */ - int uadk_e_bind_rsa(ENGINE *e) - { -- pthread_spin_init(&g_rsa_res.lock, PTHREAD_PROCESS_PRIVATE); -- - return ENGINE_set_RSA(e, uadk_e_get_rsa_methods()); - } - -@@ -1802,3 +1800,7 @@ void uadk_e_destroy_rsa(void) - uadk_e_rsa_uninit(); - } - -+void uadk_e_rsa_lock_init(void) -+{ -+ pthread_spin_init(&g_rsa_res.lock, PTHREAD_PROCESS_PRIVATE); -+} --- -2.27.0 - diff --git a/0057-engine-fix-function-type.patch b/0057-engine-fix-function-type.patch deleted file mode 100644 index 7b7f3862277ec4b8178922c878850fad0381e006..0000000000000000000000000000000000000000 --- a/0057-engine-fix-function-type.patch +++ /dev/null @@ -1,105 +0,0 @@ -From f43d50084550042f053de2dcce03d91d5f8b040a Mon Sep 17 00:00:00 2001 -From: Weili Qian -Date: Tue, 26 Jul 2022 10:58:56 +0800 -Subject: [PATCH 57/57] engine: fix function type - -If return type of the function 'async_module_init' is void, -when function executes failed, the app continues to execute tasks. -The process will be abnormal. Change 'async_module_init' type to int. -If function executes failed, 0 is returned. - -Signed-off-by: Weili Qian ---- - src/e_uadk.c | 16 +++++++++++++--- - src/uadk_async.c | 9 +++++---- - src/uadk_async.h | 2 +- - 3 files changed, 19 insertions(+), 8 deletions(-) - -diff --git a/src/e_uadk.c b/src/e_uadk.c -index 1b95284..77612d7 100644 ---- a/src/e_uadk.c -+++ b/src/e_uadk.c -@@ -239,8 +239,14 @@ static int uadk_init(ENGINE *e) - return 1; - } - -- if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) -- async_module_init(); -+ if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) { -+ ret = async_module_init(); -+ if (!ret) { -+ pthread_mutex_unlock(&uadk_engine_mutex); -+ fprintf(stderr, "failed to init async module!\n"); -+ return 0; -+ } -+ } - - if (uadk_digest) - uadk_e_digest_lock_init(); -@@ -266,7 +272,11 @@ static int uadk_finish(ENGINE *e) - - static void engine_init_child_at_fork_handler(void) - { -- async_module_init(); -+ int ret; -+ -+ ret = async_module_init(); -+ if (!ret) -+ fprintf(stderr, "failed to init child async module!\n"); - } - - #ifdef KAE -diff --git a/src/uadk_async.c b/src/uadk_async.c -index 11d624c..3f2e1db 100644 ---- a/src/uadk_async.c -+++ b/src/uadk_async.c -@@ -336,7 +336,7 @@ static void *async_poll_process_func(void *args) - return NULL; - } - --void async_module_init(void) -+int async_module_init(void) - { - pthread_t thread_id; - pthread_attr_t thread_attr; -@@ -344,11 +344,11 @@ void async_module_init(void) - memset(&poll_queue, 0, sizeof(struct async_poll_queue)); - - if (pthread_mutex_init(&(poll_queue.async_task_mutex), NULL) < 0) -- return; -+ return 0; - - poll_queue.head = malloc(sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM); - if (poll_queue.head == NULL) -- return; -+ return 0; - - memset(poll_queue.head, 0, - sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM); -@@ -368,8 +368,9 @@ void async_module_init(void) - poll_queue.thread_id = thread_id; - OPENSSL_atexit(async_poll_task_free); - -- return; -+ return 1; - - err: - async_poll_task_free(); -+ return 0; - } -diff --git a/src/uadk_async.h b/src/uadk_async.h -index 78f7a21..9bae3f4 100644 ---- a/src/uadk_async.h -+++ b/src/uadk_async.h -@@ -69,7 +69,7 @@ int async_setup_async_event_notification(struct async_op *op); - int async_clear_async_event_notification(void); - int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id); - void async_register_poll_fn(int type, async_recv_t func); --void async_module_init(void); -+int async_module_init(void); - int async_wake_job(ASYNC_JOB *job); - void async_free_poll_task(int id, bool is_cb); - int async_get_free_task(int *id); --- -2.27.0 - diff --git a/0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch b/0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch deleted file mode 100644 index b19486bd8ddaa58aa544e749063156ad95c277af..0000000000000000000000000000000000000000 --- a/0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 36ea42a1d9556e937be5ebf47f41f66b51a29cb6 Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Tue, 16 Aug 2022 09:57:18 +0800 -Subject: uadk_digest: fix the full mac buffer length as doing long hash - -Sha224 and Sha384 need full length mac buffer as doing long hash. - -Depends-on:uadk 802878d71999("digest: fix mac buffer len as long hash") -Signed-off-by: Kai Ye ---- - src/uadk_digest.c | 25 +++++++++++++++++++++++-- - 1 file changed, 23 insertions(+), 2 deletions(-) - -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index b2646cb..63887e7 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -484,7 +484,7 @@ static void digest_priv_ctx_setup(struct digest_priv_ctx *priv, - { - priv->setup.alg = alg; - priv->setup.mode = mode; -- priv->req.out_buf_bytes = out_len; -+ priv->req.out_buf_bytes = MAX_DIGEST_LENGTH; - priv->req.out_bytes = out_len; - } - -@@ -543,15 +543,30 @@ soft_init: - return digest_soft_init(priv->soft_ctx, priv->e_nid); - } - -+static void digest_update_out_length(EVP_MD_CTX *ctx) -+{ -+ struct digest_priv_ctx *priv = -+ (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx); -+ -+ /* Sha224 and Sha384 need full length mac buffer as doing long hash */ -+ if (priv->e_nid == NID_sha224) -+ priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN; -+ -+ if (priv->e_nid == NID_sha384) -+ priv->req.out_bytes = WD_DIGEST_SHA384_FULL_LEN; -+} -+ - static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_len) - { - struct digest_priv_ctx *priv = -- (struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx); -+ (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx); - const unsigned char *tmpdata = (const unsigned char *)data; - size_t left_len = data_len; - int copy_to_bufflen; - int ret; - -+ digest_update_out_length(ctx); -+ - priv->req.has_next = DIGEST_DOING; - - while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) { -@@ -708,6 +723,12 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) - priv->req.in_bytes = priv->last_update_bufflen; - priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx)); - -+ if (priv->e_nid == NID_sha224) -+ priv->req.out_bytes = WD_DIGEST_SHA224_LEN; -+ -+ if (priv->e_nid == NID_sha384) -+ priv->req.out_bytes = WD_DIGEST_SHA384_LEN; -+ - ret = async_setup_async_event_notification(&op); - if (unlikely(!ret)) { - fprintf(stderr, "failed to setup async event notification.\n"); --- -1.8.3.1 - diff --git a/0059-uadk_utils-fix-x86-local-build.patch b/0059-uadk_utils-fix-x86-local-build.patch deleted file mode 100644 index e8673e6a217ec7a32012c8a88e5ed5072eb74608..0000000000000000000000000000000000000000 --- a/0059-uadk_utils-fix-x86-local-build.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 06fd1fe00a03bfbc7430ec8e1b1f7356f47da55d Mon Sep 17 00:00:00 2001 -From: Zhangfei Gao -Date: Tue, 18 Oct 2022 15:39:11 +0800 -Subject: uadk_utils: fix x86 local build -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -On x86 local build: -autoreconf -i -./configure --libdir=/usr/local/lib/engines-1.1/ -make -j4 - -uadk_utils.c: In function ‘uadk_memcpy’: -uadk_utils.c:23:2: error: unknown register name ‘q1’ in ‘asm’ - __asm__ __volatile__( - ^ -uadk_utils.c:23:2: error: unknown register name ‘q0’ in ‘asm’ -uadk_utils.c:23:2: error: unknown register name ‘x14’ in ‘asm’ -uadk_utils.c:23:2: error: unknown register name ‘x5’ in ‘asm’ -uadk_utils.c:23:2: error: unknown register name ‘x4’ in ‘asm’ -uadk_utils.c:23:2: error: unknown register name ‘x3’ in ‘asm’ - -With this patch, x86 build is OK - -Signed-off-by: Zhangfei Gao ---- - src/uadk_utils.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/src/uadk_utils.c b/src/uadk_utils.c -index 2b34b3a..275a124 100644 ---- a/src/uadk_utils.c -+++ b/src/uadk_utils.c -@@ -16,6 +16,8 @@ - */ - #include "uadk_utils.h" - -+#if defined(__AARCH64_CMODEL_SMALL__) && __AARCH64_CMODEL_SMALL__ -+ - #define UADK_MEM_IMPROVE_THRESHOLD 1024 - - static void *memcpy_large(void *dstpp, const void *srcpp, size_t len) -@@ -61,3 +63,12 @@ void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len) - else - return memcpy(dstpp, srcpp, len); - } -+ -+#else -+ -+void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len) -+{ -+ return memcpy(dstpp, srcpp, len); -+} -+ -+#endif --- -1.8.3.1 - diff --git a/0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch b/0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch deleted file mode 100644 index 8e0b7e37e7c14da53bc818fb7982831a2acba8f5..0000000000000000000000000000000000000000 --- a/0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch +++ /dev/null @@ -1,188 +0,0 @@ -From 8c4f478b1e8965e592467be92d042c8b00c8c426 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 22 Oct 2022 15:14:03 +0800 -Subject: sm2: bugfix about segfault in sm2 ctrl function - -When there is no available instance of hpre device, the sm2_init() -in uadk_engine will failed, the setting of sched_init() will failed, -so sched_init() will be NULL. If the sm2_ctrl() function still call -the sm2_update_sess() in this situation, and make wd_ecc_alloc_sess() -to call sched_init(), there will be a segfault. - -The solution is to modify the status field of sm2_ctx, make the -variable 'init_status' to indicate the status of init operation: -'CTX_UNINIT' indicates the init operation has not been performed, -'CTX_INIT_SUCC' indicates the init operation has been succeeded, -'CTX_INIT_FAIL' indicates the init operation has been failed. - -The sm2_update_sess() will only be called if the 'init_status' is -'CTX_INIT_SUCC'. Then there will be no segfault. - -And when there is no available instance, it should switch to openssl -software method, so modify some return values to help finish this -process. - -Signed-off-by: Zhiqi Song ---- - src/uadk_sm2.c | 44 ++++++++++++++++++++++++++++++++------------ - 1 file changed, 32 insertions(+), 12 deletions(-) - -diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c -index fcca9f2..8a9adca 100644 ---- a/src/uadk_sm2.c -+++ b/src/uadk_sm2.c -@@ -25,6 +25,12 @@ - #include "uadk.h" - #include "uadk_pkey.h" - -+enum { -+ CTX_INIT_FAIL = -1, -+ CTX_UNINIT, -+ CTX_INIT_SUCC -+}; -+ - typedef struct { - /* Key and paramgen group */ - EC_GROUP *gen_group; -@@ -43,7 +49,7 @@ struct sm2_ctx { - const BIGNUM *prikey; - const EC_POINT *pubkey; - BIGNUM *order; -- bool is_init; -+ int init_status; - }; - - typedef struct sm2_ciphertext { -@@ -165,6 +171,7 @@ static int sm2_update_sess(struct sm2_ctx *smctx) - - memset(&setup, 0, sizeof(setup)); - setup.alg = "sm2"; -+ - if (smctx->ctx.md) { - setup.hash.cb = compute_hash; - setup.hash.usr = (void *)smctx->ctx.md; -@@ -189,6 +196,7 @@ static int sm2_update_sess(struct sm2_ctx *smctx) - - if (smctx->sess) - wd_ecc_free_sess(smctx->sess); -+ - smctx->sess = sess; - smctx->prikey = NULL; - smctx->pubkey = NULL; -@@ -636,7 +644,7 @@ static int sm2_sign_check(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - - if (!smctx || !smctx->sess) { - fprintf(stderr, "smctx or sess NULL\n"); -- return -EINVAL; -+ return UADK_DO_SOFT; - } - - if (sig_sz <= 0) { -@@ -676,7 +684,7 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - if (ret) - goto do_soft; - -- if (!smctx->is_init) { -+ if (smctx->init_status != CTX_INIT_SUCC) { - ret = UADK_DO_SOFT; - goto do_soft; - } -@@ -744,6 +752,13 @@ static int sm2_verify_check(EVP_PKEY_CTX *ctx, - const unsigned char *tbs, - size_t tbslen) - { -+ struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx); -+ -+ if (!smctx || !smctx->sess) { -+ fprintf(stderr, "smctx or sess NULL\n"); -+ return UADK_DO_SOFT; -+ } -+ - if (tbslen > SM2_KEY_BYTES) - return UADK_DO_SOFT; - -@@ -772,7 +787,7 @@ static int sm2_verify(EVP_PKEY_CTX *ctx, - if (ret) - goto do_soft; - -- if (!smctx->is_init) { -+ if (smctx->init_status != CTX_INIT_SUCC) { - ret = UADK_DO_SOFT; - goto do_soft; - } -@@ -853,7 +868,7 @@ static int sm2_encrypt_check(EVP_PKEY_CTX *ctx, - - if (!smctx || !smctx->sess) { - fprintf(stderr, "smctx or sess NULL\n"); -- return 0; -+ return UADK_DO_SOFT; - } - - md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md; -@@ -897,7 +912,7 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx, - if (ret) - goto do_soft; - -- if (!smctx->is_init) { -+ if (smctx->init_status != CTX_INIT_SUCC) { - ret = UADK_DO_SOFT; - goto do_soft; - } -@@ -953,7 +968,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx, - - if (!smctx || !smctx->sess) { - fprintf(stderr, "smctx or sess NULL\n"); -- return -EINVAL; -+ return UADK_DO_SOFT; - } - - md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md; -@@ -1038,7 +1053,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx, - if (ret) - goto do_soft; - -- if (!smctx->is_init) { -+ if (smctx->init_status != CTX_INIT_SUCC) { - ret = UADK_DO_SOFT; - goto do_soft; - } -@@ -1124,18 +1139,18 @@ static int sm2_init(EVP_PKEY_CTX *ctx) - ret = uadk_init_ecc(); - if (ret) { - fprintf(stderr, "failed to uadk_init_ecc, ret = %d\n", ret); -- smctx->is_init = false; -+ smctx->init_status = CTX_INIT_FAIL; - goto end; - } - - ret = sm2_update_sess(smctx); - if (ret) { - fprintf(stderr, "failed to update sess\n"); -- smctx->is_init = false; -+ smctx->init_status = CTX_INIT_FAIL; - goto end; - } - -- smctx->is_init = true; -+ smctx->init_status = CTX_INIT_SUCC; - end: - EVP_PKEY_CTX_set_data(ctx, smctx); - EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0); -@@ -1196,8 +1211,13 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - return 1; - case EVP_PKEY_CTRL_MD: - smctx->ctx.md = p2; -- if (sm2_update_sess(smctx)) -+ if (smctx->init_status != CTX_INIT_SUCC) -+ return 1; -+ -+ if (sm2_update_sess(smctx)) { -+ fprintf(stderr, "failed to set MD\n"); - return 0; -+ } - return 1; - case EVP_PKEY_CTRL_GET_MD: - *(const EVP_MD **)p2 = smctx->ctx.md; --- -1.8.3.1 - diff --git a/0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch b/0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch deleted file mode 100644 index 55ab7855be4a6d96f5a23254ee3112b9585e2836..0000000000000000000000000000000000000000 --- a/0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch +++ /dev/null @@ -1,142 +0,0 @@ -From e34a0bb0cc5c381f45877e05d927fd4bc5dc98f6 Mon Sep 17 00:00:00 2001 -From: Hao Fang -Date: Sat, 22 Oct 2022 15:27:20 +0800 -Subject: uadk_engine: use HW_V2/HW_V3 to distinguish different hardware - platforms - -Hardware version numbers are used to distinguish different hardware. - -Signed-off-by: Hao Fang -Tested-by: Junchong Pan ---- - src/uadk.h | 4 ++-- - src/uadk_cipher.c | 22 +++++++++++----------- - test/sanity_test.sh | 8 ++++---- - 3 files changed, 17 insertions(+), 17 deletions(-) - -diff --git a/src/uadk.h b/src/uadk.h -index cd3447c..99c65c7 100644 ---- a/src/uadk.h -+++ b/src/uadk.h -@@ -27,8 +27,8 @@ - #define ENGINE_RECV_MAX_CNT 60000000 - - enum { -- KUNPENG920, -- KUNPENG930, -+ HW_V2, -+ HW_V3, - }; - - extern const char *engine_uadk_id; -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index c5bc7af..c6878c3 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -77,7 +77,7 @@ static int platform; - - #define SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT 192 - --static int cipher_920_nids[] = { -+static int cipher_hw_v2_nids[] = { - NID_aes_128_cbc, - NID_aes_192_cbc, - NID_aes_256_cbc, -@@ -93,7 +93,7 @@ static int cipher_920_nids[] = { - 0, - }; - --static int cipher_930_nids[] = { -+static int cipher_hw_v3_nids[] = { - NID_aes_128_cbc, - NID_aes_192_cbc, - NID_aes_256_cbc, -@@ -342,9 +342,9 @@ static int uadk_get_accel_platform(char *alg_name) - return 0; - - if (!strcmp(dev->api, "hisi_qm_v2")) -- platform = KUNPENG920; -+ platform = HW_V2; - else -- platform = KUNPENG930; -+ platform = HW_V3; - free(dev); - - return 1; -@@ -358,12 +358,12 @@ static int uadk_e_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - int size; - int i; - -- if (platform == KUNPENG920) { -- size = (sizeof(cipher_920_nids) - 1) / sizeof(int); -- cipher_nids = cipher_920_nids; -+ if (platform == HW_V2) { -+ size = (sizeof(cipher_hw_v2_nids) - 1) / sizeof(int); -+ cipher_nids = cipher_hw_v2_nids; - } else { -- size = (sizeof(cipher_930_nids) - 1) / sizeof(int); -- cipher_nids = cipher_930_nids; -+ size = (sizeof(cipher_hw_v3_nids) - 1) / sizeof(int); -+ cipher_nids = cipher_hw_v3_nids; - } - - if (!cipher) { -@@ -1073,7 +1073,7 @@ int uadk_e_bind_cipher(ENGINE *e) - } - - bind_v2_cipher(); -- if (platform > KUNPENG920) -+ if (platform > HW_V2) - bind_v3_cipher(); - - return ENGINE_set_ciphers(e, uadk_e_engine_ciphers); -@@ -1155,7 +1155,7 @@ void uadk_e_destroy_cipher(void) - pthread_spin_destroy(&engine.lock); - - destroy_v2_cipher(); -- if (platform > KUNPENG920) -+ if (platform > HW_V2) - destroy_v3_cipher(); - } - -diff --git a/test/sanity_test.sh b/test/sanity_test.sh -index 2c0c504..bdedc15 100755 ---- a/test/sanity_test.sh -+++ b/test/sanity_test.sh -@@ -103,7 +103,7 @@ if [[ $algs =~ "RSA" ]]; then - openssl speed -elapsed -engine $engine_id -async_jobs 1 rsa4096 - fi - --#ecdsa only supported in Kunpeng930 or later -+#ecdsa only supported in HW_V3 or later - if [[ $algs =~ "id-ecPublicKey" ]]; then - echo "testing ECDSA" - openssl speed -elapsed -engine $engine_id ecdsap224 -@@ -116,21 +116,21 @@ if [[ $algs =~ "id-ecPublicKey" ]]; then - openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdsap521 - fi - --#X25519 only supported in Kunpeng930 or later -+#X25519 only supported in HW_V3 or later - if [[ $algs =~ "X25519" ]]; then - echo "testing X25519" - openssl speed -elapsed -engine $engine_id ecdhx25519 - openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhx25519 - fi - --#X448 only supported in Kunpeng930 or later -+#X448 only supported in HW_V3 or later - if [[ $algs =~ "X448" ]]; then - echo "testing X448" - openssl speed -elapsed -engine $engine_id ecdhx448 - openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhx448 - fi - --#ecdh only supported in Kunpeng930 or later -+#ecdh only supported in HW_V3 or later - if [[ $algs =~ "id-ecPublicKey" ]]; then - echo "testing ECDH" - openssl speed -elapsed -engine $engine_id ecdhp192 --- -1.8.3.1 - diff --git a/0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch b/0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch deleted file mode 100644 index 1c5a5d90a3e089f8b3cd005eac1c2fa292741c9f..0000000000000000000000000000000000000000 --- a/0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 01580bb856fe7a2206990954b38d8213efd06098 Mon Sep 17 00:00:00 2001 -From: Longfang Liu -Date: Sat, 22 Oct 2022 15:31:24 +0800 -Subject: uadk/engine: update the numa parameter of the scheduler - -In the scenario where multiple devices are enabled at the -same time through environment variables, fixing a numa id -will make other devices unusable. When using the default -numa parameter, the scheduler will automatically allocate -device resources according to the CPU id of the thread, -so as to realize all devices. - -Signed-off-by: Longfang Liu ---- - src/uadk_cipher.c | 4 ++-- - src/uadk_digest.c | 3 ++- - src/uadk_rsa.c | 4 +++- - 3 files changed, 7 insertions(+), 4 deletions(-) - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index c6878c3..8e8c5f3 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -469,7 +469,6 @@ static handle_t sched_single_init(handle_t h_sched_ctx, void *sched_param) - return (handle_t)0; - } - -- skey->numa_id = param->numa_id; - skey->type = param->type; - - return (handle_t)skey; -@@ -881,7 +880,8 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv) - if (ret) - params.type = 0; - -- params.numa_id = engine.numa_id; -+ /* Use the default numa parameters */ -+ params.numa_id = -1; - priv->setup.sched_param = ¶ms; - if (!priv->sess) { - priv->sess = wd_cipher_alloc_sess(&priv->setup); -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index 63887e7..8370490 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -523,7 +523,8 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) - return 0; - } - -- params.numa_id = engine.numa_id; -+ /* Use the default numa parameters */ -+ params.numa_id = -1; - priv->setup.sched_param = ¶ms; - priv->sess = wd_digest_alloc_sess(&priv->setup); - if (unlikely(!priv->sess)) -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index ef1739d..74852e7 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -881,7 +881,9 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits, - - rsa_sess->key_size = key_size; - rsa_sess->setup.key_bits = key_size << BIT_BYTES_SHIFT; -- params.numa_id = g_rsa_res.numa_id; -+ -+ /* Use the default numa parameters */ -+ params.numa_id = -1; - rsa_sess->setup.sched_param = ¶ms; - rsa_sess->setup.is_crt = is_crt; - --- -1.8.3.1 - diff --git a/0063-uadk_engine-bugfix-side-effects-of-right-operand.patch b/0063-uadk_engine-bugfix-side-effects-of-right-operand.patch deleted file mode 100644 index 838d1e72e76443c1fc2856e8bec93cb425ff5bcf..0000000000000000000000000000000000000000 --- a/0063-uadk_engine-bugfix-side-effects-of-right-operand.patch +++ /dev/null @@ -1,205 +0,0 @@ -From 5b59c17f84d5a1f6e7c996a499f5a70059d89ee7 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 22 Oct 2022 15:35:17 +0800 -Subject: uadk_engine: bugfix side effects of right operand - -The right operand of while condition may contains side effects, -variables change "rx_cnt++". Move 'rx_cnt++' from condition -to statement. - -Signed-off-by: Zhiqi Song ---- - src/uadk_cipher.c | 13 ++++++++----- - src/uadk_dh.c | 18 +++++++++++------- - src/uadk_digest.c | 13 ++++++++----- - src/uadk_pkey.c | 13 ++++++++----- - src/uadk_rsa.c | 14 +++++++++----- - 5 files changed, 44 insertions(+), 27 deletions(-) - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index 8e8c5f3..9d4f692 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -516,11 +516,13 @@ static int uadk_e_cipher_poll(void *ctx) - - do { - ret = wd_cipher_poll_ctx(idx, expt, &recv); -- if (recv == expt) -+ if (!ret && recv == expt) - return 0; -- else if (ret < 0 && ret != -EAGAIN) -- return ret; -- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); -+ else if (ret == -EAGAIN) -+ rx_cnt++; -+ else -+ return -1; -+ } while (rx_cnt < ENGINE_RECV_MAX_CNT); - - fprintf(stderr, "failed to recv msg: timeout!\n"); - -@@ -539,7 +541,8 @@ static int uadk_e_cipher_env_poll(void *ctx) - ret = wd_cipher_poll(expt, &recv); - if (ret < 0 || recv == expt) - return ret; -- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); -+ rx_cnt++; -+ } while (rx_cnt < ENGINE_RECV_MAX_CNT); - - fprintf(stderr, "failed to poll msg: timeout!\n"); - -diff --git a/src/uadk_dh.c b/src/uadk_dh.c -index 37f84e9..2af2455 100644 ---- a/src/uadk_dh.c -+++ b/src/uadk_dh.c -@@ -48,6 +48,7 @@ - #define UADK_E_SUCCESS 1 - #define UADK_E_FAIL 0 - #define UADK_E_POLL_SUCCESS 0 -+#define UADK_E_POLL_FAIL (-1) - #define UADK_E_INIT_SUCCESS 0 - #define ENV_ENABLED 1 - -@@ -206,17 +207,19 @@ static int uadk_e_dh_poll(void *ctx) - { - __u64 rx_cnt = 0; - __u32 recv = 0; -- int expect = 1; -+ int expt = 1; - int idx = 1; - int ret; - - do { -- ret = wd_dh_poll_ctx(idx, expect, &recv); -- if (recv == expect) -+ ret = wd_dh_poll_ctx(idx, expt, &recv); -+ if (!ret && recv == expt) - return UADK_E_POLL_SUCCESS; -- else if (ret < 0 && ret != -EAGAIN) -- return ret; -- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); -+ else if (ret == -EAGAIN) -+ rx_cnt++; -+ else -+ return UADK_E_POLL_FAIL; -+ } while (rx_cnt < ENGINE_RECV_MAX_CNT); - - fprintf(stderr, "failed to recv msg: timeout!\n"); - -@@ -283,7 +286,8 @@ static int uadk_e_dh_env_poll(void *ctx) - ret = wd_dh_poll(expt, &recv); - if (ret < 0 || recv == expt) - return ret; -- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); -+ rx_cnt++; -+ } while (rx_cnt < ENGINE_RECV_MAX_CNT); - - fprintf(stderr, "failed to poll msg: timeout!\n"); - -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index 8370490..9568a98 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -343,11 +343,13 @@ static int uadk_e_digest_poll(void *ctx) - - do { - ret = wd_digest_poll_ctx(CTX_ASYNC, expt, &recv); -- if (recv == expt) -+ if (!ret && recv == expt) - return 0; -- else if (ret < 0 && ret != -EAGAIN) -- return ret; -- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); -+ else if (ret == -EAGAIN) -+ rx_cnt++; -+ else -+ return -1; -+ } while (rx_cnt < ENGINE_RECV_MAX_CNT); - - fprintf(stderr, "failed to recv msg: timeout!\n"); - -@@ -366,7 +368,8 @@ static int uadk_e_digest_env_poll(void *ctx) - ret = wd_digest_poll(expt, &recv); - if (ret < 0 || recv == expt) - return ret; -- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); -+ rx_cnt++; -+ } while (rx_cnt < ENGINE_RECV_MAX_CNT); - - fprintf(stderr, "failed to poll msg: timeout!\n"); - -diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c -index 211f1cc..6920cff 100644 ---- a/src/uadk_pkey.c -+++ b/src/uadk_pkey.c -@@ -110,11 +110,13 @@ static int uadk_ecc_poll(void *ctx) - - do { - ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv); -- if (recv == expt) -+ if (!ret && recv == expt) - return 0; -- else if (ret < 0 && ret != -EAGAIN) -- return ret; -- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); -+ else if (ret == -EAGAIN) -+ rx_cnt++; -+ else -+ return -1; -+ } while (rx_cnt < ENGINE_RECV_MAX_CNT); - - fprintf(stderr, "failed to recv msg: timeout!\n"); - -@@ -153,7 +155,8 @@ static int uadk_e_ecc_env_poll(void *ctx) - ret = wd_ecc_poll(expt, &recv); - if (ret < 0 || recv == expt) - return ret; -- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); -+ rx_cnt++; -+ } while (rx_cnt < ENGINE_RECV_MAX_CNT); - - fprintf(stderr, "failed to poll msg: timeout!\n"); - -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index 74852e7..bcdd6bc 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -48,6 +48,7 @@ - #define UADK_E_FAIL 0 - #define UADK_DO_SOFT (-0xE0) - #define UADK_E_POLL_SUCCESS 0 -+#define UADK_E_POLL_FAIL (-1) - #define UADK_E_INIT_SUCCESS 0 - #define CHECK_PADDING_FAIL (-1) - #define ENV_ENABLED 1 -@@ -664,11 +665,13 @@ static int uadk_e_rsa_poll(void *ctx) - - do { - ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv); -- if (recv == expt) -+ if (!ret && recv == expt) - return UADK_E_POLL_SUCCESS; -- else if (ret < 0 && ret != -EAGAIN) -- return ret; -- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); -+ else if (ret == -EAGAIN) -+ rx_cnt++; -+ else -+ return UADK_E_POLL_FAIL; -+ } while (rx_cnt < ENGINE_RECV_MAX_CNT); - - fprintf(stderr, "failed to recv msg: timeout!\n"); - -@@ -700,7 +703,8 @@ static int uadk_e_rsa_env_poll(void *ctx) - ret = wd_rsa_poll(expt, &recv); - if (ret < 0 || recv == expt) - return ret; -- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); -+ rx_cnt++; -+ } while (rx_cnt < ENGINE_RECV_MAX_CNT); - - fprintf(stderr, "failed to poll msg: timeout!\n"); - --- -1.8.3.1 - diff --git a/0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch b/0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch deleted file mode 100644 index 910767950d16857243e7860ab7590b8f6e95e64a..0000000000000000000000000000000000000000 --- a/0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch +++ /dev/null @@ -1,118 +0,0 @@ -From f17c89d7d27b3a728232c7e641c2978db238a2f3 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 22 Oct 2022 15:37:45 +0800 -Subject: uadk_engine: cleanup static check warning of clangtidy tool - -Cleanup the following warning: -1. Parameters of function should not be used as working -variable. -2. Cleanup uninitialized value. -3. Storage class should be specified after a type. - -Signed-off-by: Zhiqi Song ---- - src/e_uadk.c | 6 ++---- - src/uadk_cipher.c | 9 +++++---- - src/uadk_ec.c | 5 +++-- - src/uadk_rsa.c | 16 ++++++++-------- - 4 files changed, 18 insertions(+), 18 deletions(-) - -diff --git a/src/e_uadk.c b/src/e_uadk.c -index 77612d7..21ceb86 100644 ---- a/src/e_uadk.c -+++ b/src/e_uadk.c -@@ -89,13 +89,11 @@ static const ENGINE_CMD_DEFN g_uadk_cmd_defns[] = { - } - }; - --__attribute__((constructor)) --static void uadk_constructor(void) -+static void __attribute__((constructor)) uadk_constructor(void) - { - } - --__attribute__((destructor)) --static void uadk_destructor(void) -+static void __attribute__((destructor)) uadk_destructor(void) - { - } - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index 9d4f692..14e2af2 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -749,17 +749,18 @@ static void ctr_iv_inc(uint8_t *counter, __u32 c) - { - uint32_t n = CTR_128BIT_COUNTER; - uint8_t *counter1 = counter; -+ __u32 c_value = c; - - /* - * Since the counter has been increased 1 by the hardware, - * so the c need to decrease 1. - */ -- c = c - 1; -+ c_value -= 1; - do { - --n; -- c += counter1[n]; -- counter1[n] = (uint8_t)c; -- c >>= BYTE_BITS; -+ c_value += counter1[n]; -+ counter1[n] = (uint8_t)c_value; -+ c_value >>= BYTE_BITS; - } while (n); - } - -diff --git a/src/uadk_ec.c b/src/uadk_ec.c -index 37683cd..247b875 100644 ---- a/src/uadk_ec.c -+++ b/src/uadk_ec.c -@@ -72,14 +72,15 @@ static void init_dtb_param(void *dtb, char *start, - __u32 dsz, __u32 bsz, __u32 num) - { - struct wd_dtb *tmp = dtb; -+ char *buff = start; - int i = 0; - - while (i++ < num) { -- tmp->data = start; -+ tmp->data = buff; - tmp->dsize = dsz; - tmp->bsize = bsz; - tmp += 1; -- start += bsz; -+ buff += bsz; - } - } - -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index bcdd6bc..7d25338 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -932,14 +932,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess, - struct rsa_prikey_param *pri, - unsigned char *in_buf, unsigned char *to) - { -- struct wd_rsa_prikey *prikey; -- struct wd_dtb *wd_dq; -- struct wd_dtb *wd_dp; -- struct wd_dtb *wd_q; -- struct wd_dtb *wd_p; -- struct wd_dtb *wd_qinv; -- struct wd_dtb *wd_d; -- struct wd_dtb *wd_n; -+ struct wd_rsa_prikey *prikey = NULL; -+ struct wd_dtb *wd_qinv = NULL; -+ struct wd_dtb *wd_dq = NULL; -+ struct wd_dtb *wd_dp = NULL; -+ struct wd_dtb *wd_q = NULL; -+ struct wd_dtb *wd_p = NULL; -+ struct wd_dtb *wd_d = NULL; -+ struct wd_dtb *wd_n = NULL; - - if (!(rsa_sess->is_prikey_ready) && (pri->is_crt)) { - wd_rsa_get_prikey(rsa_sess->sess, &prikey); --- -1.8.3.1 - diff --git a/0065-uadk_engine-bugfix-enable-environment-variable.patch b/0065-uadk_engine-bugfix-enable-environment-variable.patch deleted file mode 100644 index 2fab7080505dea5d5a0d5f726e3d989f8d229358..0000000000000000000000000000000000000000 --- a/0065-uadk_engine-bugfix-enable-environment-variable.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 7ef97aab7a5cd964241fe9879588ceb54a547003 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 22 Oct 2022 15:53:53 +0800 -Subject: uadk_engine: bugfix enable environment variable - -When the 'alg_name' set by the user is valid, the 'env_enabled' -field should be set or returned. - -Signed-off-by: Zhiqi Song ---- - src/e_uadk.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/e_uadk.c b/src/e_uadk.c -index 21ceb86..0a9e3e6 100644 ---- a/src/e_uadk.c -+++ b/src/e_uadk.c -@@ -116,7 +116,7 @@ int uadk_e_is_env_enabled(const char *alg_name) - int i = 0; - - while (i < len) { -- if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) -+ if (!strcmp(uadk_env_enabled[i].alg_name, alg_name)) - return uadk_env_enabled[i].env_enabled; - i++; - } -@@ -130,7 +130,7 @@ static void uadk_e_set_env_enabled(const char *alg_name, __u8 value) - int i = 0; - - while (i < len) { -- if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) { -+ if (!strcmp(uadk_env_enabled[i].alg_name, alg_name)) { - uadk_env_enabled[i].env_enabled = value; - return; - } --- -1.8.3.1 - diff --git a/0066-uadk_engine-cleanup-magic-number-and-comments.patch b/0066-uadk_engine-cleanup-magic-number-and-comments.patch deleted file mode 100644 index b9a5379a73247c5bb08b422c124114bba66266d4..0000000000000000000000000000000000000000 --- a/0066-uadk_engine-cleanup-magic-number-and-comments.patch +++ /dev/null @@ -1,537 +0,0 @@ -From 20049f2becb9cc339276d4839f6d9f909273f5a5 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 22 Oct 2022 15:54:51 +0800 -Subject: uadk_engine: cleanup magic number and comments - -Use macros to replace magic numbers and related operations. -Simplify code comments and unify style. - -Signed-off-by: Zhiqi Song ---- - src/uadk_cipher.c | 4 +--- - src/uadk_dh.c | 5 ++--- - src/uadk_digest.c | 2 +- - src/uadk_ec.c | 51 ++++++++++++++++++++++++++------------------------- - src/uadk_ecx.c | 40 +++++++++++++++++++++++----------------- - src/uadk_pkey.c | 9 ++++----- - src/uadk_pkey.h | 6 +++++- - src/uadk_rsa.c | 25 ++++++++++--------------- - src/uadk_sm2.c | 23 ++++++++++++----------- - 9 files changed, 84 insertions(+), 81 deletions(-) - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index 14e2af2..de5f078 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -480,13 +480,11 @@ static __u32 sched_single_pick_next_ctx(handle_t sched_ctx, - struct sched_params *key = (struct sched_params *)sched_key; - - if (sched_mode) { -- /* async */ - if (key->type == WD_CIPHER_ENCRYPTION) - return CTX_ASYNC_ENC; - else - return CTX_ASYNC_DEC; - } else { -- /* sync */ - if (key->type == WD_CIPHER_ENCRYPTION) - return CTX_SYNC_ENC; - else -@@ -744,7 +742,7 @@ static void async_cb(struct wd_cipher_req *req, void *data) - } - } - --/* increment counter (128-bit int) by c */ -+/* Increment counter (128-bit int) by c */ - static void ctr_iv_inc(uint8_t *counter, __u32 c) - { - uint32_t n = CTR_128BIT_COUNTER; -diff --git a/src/uadk_dh.c b/src/uadk_dh.c -index 2af2455..6356872 100644 ---- a/src/uadk_dh.c -+++ b/src/uadk_dh.c -@@ -603,7 +603,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p, - if (!ag_bin) - return UADK_E_FAIL; - -- /* malloc a contiguous chunk of memory */ -+ /* Malloc a contiguous chunk of memory */ - apriv_key_bin = OPENSSL_malloc(key_size * DH_PARAMS_CNT); - if (!apriv_key_bin) - goto free_ag; -@@ -615,7 +615,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p, - memset(ap_bin, 0, key_size); - memset(out_pri, 0, key_size); - -- /* construct data block of g */ -+ /* Construct data block of g */ - ret = dh_set_g(g, key_size, ag_bin, dh_sess); - if (!ret) - goto free_apriv; -@@ -623,7 +623,6 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p, - dh_sess->req.xbytes = BN_bn2bin(priv_key, apriv_key_bin); - dh_sess->req.pbytes = BN_bn2bin(p, ap_bin); - dh_sess->req.x_p = (void *)apriv_key_bin; -- /* the output from uadk */ - dh_sess->req.pri = out_pri; - dh_sess->req.pri_bytes = key_size; - dh_sess->req.op_type = WD_DH_PHASE1; -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index 9568a98..9d009a9 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -71,7 +71,7 @@ static struct digest_engine engine; - - struct evp_md_ctx_st { - const EVP_MD *digest; -- /* functional reference if 'digest' is ENGINE-provided */ -+ /* Functional reference if 'digest' is ENGINE-provided */ - ENGINE *engine; - unsigned long flags; - void *md_data; -diff --git a/src/uadk_ec.c b/src/uadk_ec.c -index 247b875..9b48ae7 100644 ---- a/src/uadk_ec.c -+++ b/src/uadk_ec.c -@@ -27,23 +27,23 @@ - #include "uadk.h" - - #define ECC128BITS 128 --#define ECC192BITS 192 --#define ECC224BITS 224 --#define ECC256BITS 256 --#define ECC320BITS 320 --#define ECC384BITS 384 --#define ECC521BITS 521 -+#define ECC192BITS 192 -+#define ECC224BITS 224 -+#define ECC256BITS 256 -+#define ECC320BITS 320 -+#define ECC384BITS 384 -+#define ECC521BITS 521 - - struct curve_param { -- /* prime */ -+ /* Prime */ - BIGNUM *p; -- /* ecc coefficient 'a' */ -+ /* ECC coefficient 'a' */ - BIGNUM *a; -- /* ecc coefficient 'b' */ -+ /* ECC coefficient 'b' */ - BIGNUM *b; -- /* base point */ -+ /* Base point */ - const EC_POINT *g; -- /* order of base point */ -+ /* Order of base point */ - const BIGNUM *order; - }; - -@@ -176,7 +176,6 @@ free_ctx: - - static int get_smallest_hw_keybits(int bits) - { -- /* ec curve order width */ - if (bits > ECC384BITS) - return ECC521BITS; - else if (bits > ECC320BITS) -@@ -283,7 +282,7 @@ static int eckey_check(const EC_KEY *eckey) - return -1; - } - -- /* field GF(2m) is not supported by uadk */ -+ /* Field GF(2m) is not supported by uadk */ - if (!uadk_prime_field(group)) - return UADK_DO_SOFT; - -@@ -336,22 +335,25 @@ static int set_digest(handle_t sess, struct wd_dtb *e, - unsigned int dlen = sdgst->dsize; - BIGNUM *m; - -- if (dlen << UADK_BITS_2_BYTES_SHIFT > order_bits) { -+ if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits) { - m = BN_new(); - - /* Need to truncate digest if it is too long: first truncate - * whole bytes - */ -- dlen = (order_bits + 7) >> UADK_BITS_2_BYTES_SHIFT; -+ dlen = BITS_TO_BYTES(order_bits); - if (!BN_bin2bn(dgst, dlen, m)) { - fprintf(stderr, "failed to BN_bin2bn digest\n"); - BN_free(m); - return -1; - } - -- /* If still too long, truncate remaining bits with a shift */ -- if (dlen << UADK_BITS_2_BYTES_SHIFT > order_bits && -- !BN_rshift(m, m, 8 - (order_bits & 0x7))) { -+ /* If the length of digest is still longer than the length -+ * of the base point order, truncate remaining bits with a -+ * shift to that length -+ */ -+ if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits && -+ !BN_rshift(m, m, DGST_SHIFT_NUM(order_bits))) { - fprintf(stderr, "failed to truncate input digest\n"); - BN_free(m); - return -1; -@@ -743,7 +745,7 @@ err: - - static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) - { -- unsigned char buff[SM2_KEY_BYTES * 2 + 1] = {UADK_OCTET_STRING}; -+ unsigned char buff[ECC_POINT_SIZE(SM2_KEY_BYTES) + 1] = {UADK_OCTET_STRING}; - struct wd_ecc_point *pubkey = NULL; - struct wd_dtb *privkey = NULL; - const EC_GROUP *group; -@@ -768,8 +770,8 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) - return -ENOMEM; - } - -- memcpy(buff + 1, pubkey->x.data, SM2_KEY_BYTES * 2); -- tmp = BN_bin2bn(buff, SM2_KEY_BYTES * 2 + 1, NULL); -+ memcpy(buff + 1, pubkey->x.data, ECC_POINT_SIZE(SM2_KEY_BYTES)); -+ tmp = BN_bin2bn(buff, ECC_POINT_SIZE(SM2_KEY_BYTES) + 1, NULL); - ptr = EC_POINT_bn2point(group, tmp, point, NULL); - BN_free(tmp); - if (!ptr) { -@@ -1029,7 +1031,7 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req, - in_pkey.x.dsize = BN_bn2bin(pkey_x, (unsigned char *)in_pkey.x.data); - in_pkey.y.dsize = BN_bn2bin(pkey_y, (unsigned char *)in_pkey.y.data); - -- /* set public key */ -+ /* Set public key */ - ecdh_in = wd_ecxdh_new_in(sess, &in_pkey); - if (!ecdh_in) { - fprintf(stderr, "failed to new ecxdh in\n"); -@@ -1075,7 +1077,7 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req) - } - - key_size_std = (unsigned int)(EC_GROUP_get_degree(group) + -- UADK_ECC_PADDING) >> UADK_BITS_2_BYTES_SHIFT; -+ UADK_ECC_PADDING) >> TRANS_BITS_BYTES_SHIFT; - key_size_x = pubkey->x.dsize; - key_size_y = pubkey->y.dsize; - if ((key_size_x > key_size_std) || (key_size_y > key_size_std)) { -@@ -1088,9 +1090,8 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req) - * tag - 1 byte - * point_x - [key_size_std] bytes - * point_y - [key_size_std] bytes -- * so the malloc size is: key_size_std * 2 + 1 - */ -- buff_size = key_size_std * 2 + 1; -+ buff_size = ECC_POINT_SIZE(key_size_std) + 1; - x_shift = key_size_std - key_size_x + 1; - y_shift = buff_size - key_size_y; - buff = (unsigned char *)OPENSSL_malloc(buff_size); -diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c -index df23156..67042a3 100644 ---- a/src/uadk_ecx.c -+++ b/src/uadk_ecx.c -@@ -295,33 +295,39 @@ static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx, - - memcpy(ecx_key->pubkey, (const unsigned char *)pubkey->x.data, - key_size); -- /* trans public key from big-endian to little-endian */ -+ /* Trans public key from big-endian to little-endian */ - ret = reverse_bytes(ecx_key->pubkey, key_size); - if (!ret) { - fprintf(stderr, "failed to trans public key\n"); - return UADK_E_FAIL; - } -- /* trans private key from big-endian to little-endian */ -+ /* Trans private key from big-endian to little-endian */ - ret = reverse_bytes(ecx_key->privkey, key_size); - if (!ret) { - fprintf(stderr, "failed to trans private key\n"); - return UADK_E_FAIL; - } - /* -- * This is a pretreatment of X25519/X448, as described in RFC 7748: -- * For X25519, in order to decode 32 random bytes as an integer -- * scaler, set the three LSB of the first byte and MSB of the last -- * to zero, set the second MSB of the last byte to 1. -- * For X448, set the two LSB of the first byte to 0, and MSB of the -- * last byte to 1. Decode in little-endian mode. -+ * This is a pretreatment of X25519/X448 described in RFC 7748. -+ * In order to decode the random bytes as an integer scaler, there -+ * are some special data processing. And use little-endian mode for -+ * decoding. - */ - if (ecx_ctx->nid == EVP_PKEY_X25519) { -- ecx_key->privkey[0] &= 248; -- ecx_key->privkey[X25519_KEYLEN - 1] &= 127; -- ecx_key->privkey[X25519_KEYLEN - 1] |= 64; -+ /* Set the three LSB of the first byte to 0 */ -+ ecx_key->privkey[0] &= 0xF8; -+ -+ /* Set the MSB of the last byte to 0 */ -+ ecx_key->privkey[X25519_KEYLEN - 1] &= 0x7F; -+ -+ /* Set the second MSB of the last byte to 1 */ -+ ecx_key->privkey[X25519_KEYLEN - 1] |= 0x40; - } else if (ecx_ctx->nid == EVP_PKEY_X448) { -- ecx_key->privkey[0] &= 252; -- ecx_key->privkey[X448_KEYLEN - 1] |= 128; -+ /* Set the two LSB of the first byte to 0 */ -+ ecx_key->privkey[0] &= 0xFC; -+ -+ /* Set the MSB of the last byte to 1 */ -+ ecx_key->privkey[X448_KEYLEN - 1] |= 0x80; - } - - ret = EVP_PKEY_assign(pkey, ecx_ctx->nid, ecx_key); -@@ -494,7 +500,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req, - struct wd_ecc_in *ecx_in; - int ret; - -- /* trans public key from little-endian to big-endian */ -+ /* Trans public key from little-endian to big-endian */ - ret = reverse_bytes(peer_ecx_key->pubkey, key_size); - if(!ret) { - fprintf(stderr, "failed to trans public key\n"); -@@ -521,7 +527,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req, - - uadk_ecc_fill_req(req, WD_ECXDH_COMPUTE_KEY, ecx_in, ecx_out); - -- /* trans public key from big-endian to little-endian */ -+ /* Trans public key from big-endian to little-endian */ - ret = reverse_bytes(peer_ecx_key->pubkey, key_size); - if (!ret) { - fprintf(stderr, "failed to trans public key\n"); -@@ -553,7 +559,7 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, - struct wd_dtb prikey; - int ret; - -- /* trans private key from little-endian to big-endian */ -+ /* Trans private key from little-endian to big-endian */ - ret = reverse_bytes(ecx_key->privkey, key_size); - if (!ret) { - fprintf(stderr, "failed to trans private key\n"); -@@ -569,7 +575,7 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, - return UADK_E_FAIL; - } - -- /* trans private key from big-endian to little-endian */ -+ /* Trans private key from big-endian to little-endian */ - ret = reverse_bytes(ecx_key->privkey, key_size); - if (!ret) { - fprintf(stderr, "failed to trans private key\n"); -diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c -index 6920cff..6b5ae9a 100644 ---- a/src/uadk_pkey.c -+++ b/src/uadk_pkey.c -@@ -44,7 +44,7 @@ struct ecc_res_config { - int numa_id; - }; - --/* ecc global hardware resource is saved here */ -+/* ECC global hardware resource is saved here */ - struct ecc_res { - struct wd_ctx_config *ctx_res; - int pid; -@@ -123,7 +123,7 @@ static int uadk_ecc_poll(void *ctx) - return -ETIMEDOUT; - } - --/* make resource configure static */ -+/* Make resource configure static */ - struct ecc_res_config ecc_res_config = { - .sched = { - .sched_type = -1, -@@ -234,7 +234,7 @@ static int uadk_wd_ecc_init(struct ecc_res_config *config) - struct uacce_dev *dev; - int ret; - -- /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */ -+ /* The ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */ - dev = wd_get_accel_dev("ecdsa"); - if (!dev) - return -ENOMEM; -@@ -396,8 +396,7 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey) - return -EINVAL; - } - -- /* pad and convert bits to bytes */ -- buflen = (EC_GROUP_get_degree(group) + 7) / 8; -+ buflen = BITS_TO_BYTES(EC_GROUP_get_degree(group)); - ecc_key = wd_ecc_get_key(sess); - prikey.data = (void *)bin; - prikey.dsize = BN_bn2binpad(d, bin, buflen); -diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h -index b30c2de..6d1cc77 100644 ---- a/src/uadk_pkey.h -+++ b/src/uadk_pkey.h -@@ -26,7 +26,6 @@ - #define UADK_ECC_MAX_KEY_BITS 521 - #define UADK_ECC_MAX_KEY_BYTES 66 - #define UADK_ECC_CV_PARAM_NUM 6 --#define UADK_BITS_2_BYTES_SHIFT 3 - #define SM2_KEY_BYTES 32 - #define UADK_OCTET_STRING 4 - #define UADK_ECC_PUBKEY_PARAM_NUM 2 -@@ -34,6 +33,11 @@ - #define UADK_ECDH_CV_NUM 8 - #define ENV_ENABLED 1 - #define UADK_E_INVALID (-2) -+#define TRANS_BITS_BYTES_SHIFT 3 -+#define ECC_POINT_SIZE(n) ((n) * 2) -+#define GET_MS_BYTE(n) ((n) >> 8) -+#define GET_LS_BYTE(n) ((n) & 0xFF) -+#define DGST_SHIFT_NUM(n) (8 - ((n) & 0x7)) - - struct uadk_pkey_meth { - EVP_PKEY_METHOD *sm2; -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index 7d25338..e9a2c53 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -52,6 +52,9 @@ - #define UADK_E_INIT_SUCCESS 0 - #define CHECK_PADDING_FAIL (-1) - #define ENV_ENABLED 1 -+#define PRIME_RETRY_COUNT 4 -+#define GENCB_NEXT 2 -+#define GENCB_RETRY 3 - - static RSA_METHOD *rsa_hw_meth; - -@@ -173,11 +176,7 @@ static int rsa_prime_mul_res(int num, struct rsa_prime_param *param, - if (!BN_mul(param->r1, param->rsa_p, param->rsa_q, ctx)) - return BN_ERR; - } else { -- /* -- * Use the number 3 to indicate whether -- * the generator has been found. -- */ -- if (!BN_GENCB_call(cb, 3, num)) -+ if (!BN_GENCB_call(cb, GENCB_RETRY, num)) - return BN_ERR; - return BN_CONTINUE; - } -@@ -228,14 +227,11 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, - *bitse -= bitsr[*num]; - else - return -1; -- /* -- * Use the number 2 to indicate whether -- * a prime has been found. -- */ -- ret = BN_GENCB_call(cb, 2, *n++); -+ -+ ret = BN_GENCB_call(cb, GENCB_NEXT, *n++); - if (!ret) - return -1; -- if (retries == 4) { -+ if (retries == PRIME_RETRY_COUNT) { - *num = -1; - *bitse = 0; - retries = 0; -@@ -244,8 +240,8 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, - retries++; - return BN_REDO; - } -- /* Use the number 3 to indicate whether the generator has been found. */ -- ret = BN_GENCB_call(cb, 3, *num); -+ -+ ret = BN_GENCB_call(cb, GENCB_RETRY, *num); - if (!ret) - return BN_ERR; - retries = 0; -@@ -320,8 +316,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param, - else - return BN_ERR; - -- /* Use the number 2 to indicate whether a prime has been found. */ -- if (!BN_GENCB_call(cb, 2, *n++)) -+ if (!BN_GENCB_call(cb, GENCB_NEXT, *n++)) - return BN_ERR; - - return GET_ERR_FINISH; -diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c -index 8a9adca..578d2d8 100644 ---- a/src/uadk_sm2.c -+++ b/src/uadk_sm2.c -@@ -34,12 +34,12 @@ enum { - typedef struct { - /* Key and paramgen group */ - EC_GROUP *gen_group; -- /* message digest */ -+ /* Message digest */ - const EVP_MD *md; - /* Distinguishing Identifier, ISO/IEC 15946-3 */ - uint8_t *id; - size_t id_len; -- /* id_set indicates if the 'id' field is set (1) or not (0) */ -+ /* Indicates if the 'id' field is set (1) or not (0) */ - int id_set; - } SM2_PKEY_CTX; - -@@ -557,8 +557,7 @@ static size_t ec_field_size(const EC_GROUP *group) - if (!EC_GROUP_get_curve(group, p, a, b, NULL)) - goto done; - -- /* Pad and convert bits to bytes */ -- field_size = (BN_num_bits(p) + 7) / 8; -+ field_size = BITS_TO_BYTES(BN_num_bits(p)); - - done: - BN_free(p); -@@ -1172,7 +1171,7 @@ static int sm2_set_ctx_id(struct sm2_ctx *smctx, int p1, const void *p2) - OPENSSL_free(smctx->ctx.id); - smctx->ctx.id = tmp_id; - } else { -- /* set null-ID */ -+ /* Set null-ID */ - OPENSSL_free(smctx->ctx.id); - smctx->ctx.id = NULL; - } -@@ -1231,7 +1230,7 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) - *(size_t *)p2 = smctx->ctx.id_len; - return 1; - case EVP_PKEY_CTRL_DIGESTINIT: -- /* nothing to be inited, this is to suppress the error... */ -+ /* Nothing to be inited, for suppress the error */ - return 1; - default: - fprintf(stderr, "sm2 ctrl type = %d error\n", type); -@@ -1323,20 +1322,22 @@ static int check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash, - } - - /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */ -- if (id_len >= (UINT16_MAX / 8)) { -+ if (id_len >= (UINT16_MAX >> TRANS_BITS_BYTES_SHIFT)) { - fprintf(stderr, "id too large\n"); - return 0; - } - -- entl = (uint16_t)(8 * id_len); -+ entl = (uint16_t)(id_len << TRANS_BITS_BYTES_SHIFT); - -- e_byte = entl >> 8; -+ /* Update the most significant (first) byte of 'entl' */ -+ e_byte = GET_MS_BYTE(entl); - if (!EVP_DigestUpdate(hash, &e_byte, 1)) { - fprintf(stderr, "error evp lib\n"); - return 0; - } - -- e_byte = entl & 0xFF; -+ /* Update the least significant (second) byte of 'entl' */ -+ e_byte = GET_LS_BYTE(entl); - if (!EVP_DigestUpdate(hash, &e_byte, 1)) { - fprintf(stderr, "error evp lib\n"); - return 0; -@@ -1516,7 +1517,7 @@ static int sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) - return 0; - } - -- /* get hashed prefix 'z' of tbs message */ -+ /* Get hashed prefix 'z' of tbs message */ - if (!sm2_compute_z_digest(z, md, smctx->ctx.id, smctx->ctx.id_len, ec)) - return 0; - --- -1.8.3.1 - diff --git a/0067-uadk_engine-cleanup-header-file.patch b/0067-uadk_engine-cleanup-header-file.patch deleted file mode 100644 index b6f7fbcb18585cab2f7e88caceede8122559b667..0000000000000000000000000000000000000000 --- a/0067-uadk_engine-cleanup-header-file.patch +++ /dev/null @@ -1,250 +0,0 @@ -From 1dd1503428df2b33f679f81b1541a4314fe0aa11 Mon Sep 17 00:00:00 2001 -From: Zhiqi Song -Date: Sat, 22 Oct 2022 15:56:54 +0800 -Subject: uadk_engine: cleanup header file - -Remove redundant header file and modify magic number. - -Signed-off-by: Zhiqi Song ---- - src/uadk.h | 3 --- - src/uadk_async.c | 1 + - src/uadk_async.h | 2 +- - src/uadk_cipher.c | 1 + - src/uadk_dh.c | 1 + - src/uadk_digest.c | 2 ++ - src/uadk_ec.c | 1 + - src/uadk_ecx.c | 2 +- - src/uadk_pkey.c | 5 ++++- - src/uadk_rsa.c | 6 +++++- - src/uadk_sm2.c | 7 +++++-- - 11 files changed, 22 insertions(+), 9 deletions(-) - -diff --git a/src/uadk.h b/src/uadk.h -index 99c65c7..30c099f 100644 ---- a/src/uadk.h -+++ b/src/uadk.h -@@ -18,9 +18,6 @@ - #ifndef UADK_H - #define UADK_H - #include --#include --#include --#include "uadk_utils.h" - - #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) - #define ENV_STRING_LEN 256 -diff --git a/src/uadk_async.c b/src/uadk_async.c -index 3f2e1db..2edd6ea 100644 ---- a/src/uadk_async.c -+++ b/src/uadk_async.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include - #include "uadk.h" - #include "uadk_async.h" - -diff --git a/src/uadk_async.h b/src/uadk_async.h -index 9bae3f4..8a4822e 100644 ---- a/src/uadk_async.h -+++ b/src/uadk_async.h -@@ -19,8 +19,8 @@ - #define UADK_ASYNC_H - - #include --#include - #include -+#include - - #define ASYNC_QUEUE_TASK_NUM 1024 - -diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c -index de5f078..cc06429 100644 ---- a/src/uadk_cipher.c -+++ b/src/uadk_cipher.c -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include - #include "uadk.h" - #include "uadk_async.h" - -diff --git a/src/uadk_dh.c b/src/uadk_dh.c -index 6356872..680564c 100644 ---- a/src/uadk_dh.c -+++ b/src/uadk_dh.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - #include "uadk.h" - #include "uadk_async.h" - -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index 9d009a9..26a6272 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -25,8 +25,10 @@ - #include - #include - #include -+#include - #include "uadk.h" - #include "uadk_async.h" -+#include "uadk_utils.h" - - #define UADK_DO_SOFT (-0xE0) - #define CTX_SYNC 0 -diff --git a/src/uadk_ec.c b/src/uadk_ec.c -index 9b48ae7..6106083 100644 ---- a/src/uadk_ec.c -+++ b/src/uadk_ec.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - #include "uadk_pkey.h" - #include "uadk.h" - -diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c -index 67042a3..b62f81d 100644 ---- a/src/uadk_ecx.c -+++ b/src/uadk_ecx.c -@@ -14,7 +14,6 @@ - * limitations under the License. - * - */ --#include - #include - #include - #include -@@ -24,6 +23,7 @@ - #include - #include - #include -+#include - #include "uadk_pkey.h" - #include "uadk.h" - -diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c -index 6b5ae9a..7b7a345 100644 ---- a/src/uadk_pkey.c -+++ b/src/uadk_pkey.c -@@ -17,6 +17,7 @@ - #include - #include - #include -+#include - #include "uadk_async.h" - #include "uadk.h" - #include "uadk_pkey.h" -@@ -381,6 +382,7 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey) - const EC_GROUP *group; - struct wd_dtb prikey; - const BIGNUM *d; -+ size_t degree; - int buflen; - int ret; - -@@ -396,7 +398,8 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey) - return -EINVAL; - } - -- buflen = BITS_TO_BYTES(EC_GROUP_get_degree(group)); -+ degree = EC_GROUP_get_degree(group); -+ buflen = BITS_TO_BYTES(degree); - ecc_key = wd_ecc_get_key(sess); - prikey.data = (void *)bin; - prikey.dsize = BN_bn2binpad(d, bin, buflen); -diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c -index e9a2c53..96c898f 100644 ---- a/src/uadk_rsa.c -+++ b/src/uadk_rsa.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include - #include "uadk_async.h" - #include "uadk.h" - -@@ -55,6 +56,7 @@ - #define PRIME_RETRY_COUNT 4 - #define GENCB_NEXT 2 - #define GENCB_RETRY 3 -+#define PRIME_CHECK_BIT_NUM 4 - - static RSA_METHOD *rsa_hw_meth; - -@@ -210,7 +212,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, - * key by using the modulus in a certificate. This is also covered - * by checking the length should not be less than 0x9. - */ -- if (!BN_rshift(param->r2, param->r1, *bitse - 4)) -+ if (!BN_rshift(param->r2, param->r1, *bitse - PRIME_CHECK_BIT_NUM)) - return BN_ERR; - - bitst = BN_get_word(param->r2); -@@ -231,6 +233,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, - ret = BN_GENCB_call(cb, GENCB_NEXT, *n++); - if (!ret) - return -1; -+ - if (retries == PRIME_RETRY_COUNT) { - *num = -1; - *bitse = 0; -@@ -288,6 +291,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param, - BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb) - { - unsigned long err; -+ - /* - * BN_sub(r,a,b) substracts b from a and place the result in r, - * r = a-b. -diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c -index 578d2d8..b14fbcf 100644 ---- a/src/uadk_sm2.c -+++ b/src/uadk_sm2.c -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include - #include "uadk.h" - #include "uadk_pkey.h" - -@@ -550,6 +551,7 @@ static size_t ec_field_size(const EC_GROUP *group) - BIGNUM *a = BN_new(); - BIGNUM *b = BN_new(); - size_t field_size = 0; -+ size_t p_bits; - - if (p == NULL || a == NULL || b == NULL) - goto done; -@@ -557,7 +559,8 @@ static size_t ec_field_size(const EC_GROUP *group) - if (!EC_GROUP_get_curve(group, p, a, b, NULL)) - goto done; - -- field_size = BITS_TO_BYTES(BN_num_bits(p)); -+ p_bits = BN_num_bits(p); -+ field_size = BITS_TO_BYTES(p_bits); - - done: - BN_free(p); -@@ -598,7 +601,7 @@ static int sm2_ciphertext_size(const EC_KEY *key, - * Integer and string are simple type; set constructed = 0, means - * primitive and definite length encoding. - */ -- sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER) -+ sz = ECC_POINT_SIZE(ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER)) - + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING) - + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING); - *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE); --- -1.8.3.1 - diff --git a/uadk_engine-1.0.0.tar.gz b/uadk_engine-1.0.0.tar.gz deleted file mode 100644 index 63b7d49a9e2c0f8f13daed8bf67aa6a61eb80c4c..0000000000000000000000000000000000000000 Binary files a/uadk_engine-1.0.0.tar.gz and /dev/null differ diff --git a/uadk_engine-1.2.0.tar.gz b/uadk_engine-1.2.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..1f652fe907649ca9bec2b25d697b282842c1f9a5 Binary files /dev/null and b/uadk_engine-1.2.0.tar.gz differ diff --git a/uadk_engine.spec b/uadk_engine.spec index a771853e74f9b2da0e2e58656416569cb2df7e63..9e8af7c0bc27ba790ebabd24cedb8caa2ac63f20 100644 --- a/uadk_engine.spec +++ b/uadk_engine.spec @@ -1,7 +1,7 @@ Name: uadk_engine Summary: UADK Accelerator Engine -Version: 1.0.0 -Release: 8 +Version: 1.2.0 +Release: 1 License: Apache-2.0 Source: %{name}-%{version}.tar.gz ExclusiveOS: linux @@ -13,73 +13,16 @@ BuildRequires: libwd >= 2.3.21 BuildRequires: openssl-devel sed autoconf automake libtool ExclusiveArch: aarch64 -Patch0001: 0001-digest-support-digest-multiple-update.patch -Patch0002: 0002-uadk_engine-define-the-variable-as-const.patch -Patch0003: 0003-ecc-fix-codecheck-warning.patch -Patch0004: 0004-rsa-delete-redundant-copy.patch -Patch0005: 0005-rsa-fix-coverity-warning.patch -Patch0006: 0006-ecc-cleanup-duplicate-public-key-allocation.patch -Patch0007: 0007-rsa-cleanup-about-reducing-function-parameters.patch -Patch0008: 0008-ecc-cleanup-sm2-compute-digest-function.patch -Patch0009: 0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch -Patch0010: 0010-rsa-cleanup-about-prime-generation.patch -Patch0011: 0011-ecc-cleanup-the-form-of-the-return-value.patch -Patch0012: 0012-engine-fix-uadk-engine-compatibility-issue.patch -Patch0013: 0013-digest-modify-the-process-of-free-session.patch -Patch0014: 0014-digest-modify-the-process-of-soft-and-hardware-hando.patch -Patch0015: 0015-ecc-bugfix-about-sm2-decryption.patch -Patch0016: 0016-dh-bugfix-about-dh-compute-key.patch -Patch0017: 0017-ecc-bugfix-about-ecc-general-init.patch -Patch0018: 0018-digest-fix-codecheck-warning.patch -Patch0019: 0019-cipher-fixup-a-code-check-warning.patch -Patch0020: 0020-rsa-fixup-a-code-check-warning.patch -Patch0021: 0021-cipher-delete-a-redundant-branch.patch -Patch0022: 0022-engine-fix-engine-can-t-work-under-hybrid-mode.patch -Patch0023: 0023-engine-add-the-kae-log-feature.patch -Patch0024: 0024-rsa-fix-interface-name.patch -Patch0025: 0025-ecc-cleanup-sm2-unreachable-code.patch -Patch0026: 0026-rsa-cleanup-of-code-style.patch -Patch0027: 0027-v1-fixup-about-uninitialized-variable.patch -Patch0028: 0028-ecc-fix-checking-conditions.patch -Patch0029: 0029-ecc-cleanup-print-log.patch -Patch0030: 0030-engine-fix-function-return-type.patch -Patch0031: 0031-rsa-fixup-about-the-wrong-copy.patch -Patch0032: 0032-README-modify-the-engine-id-name.patch -Patch0033: 0033-digest-improve-the-digest-performance.patch -Patch0034: 0034-cipher-support-the-sm4-ecb-alg.patch -Patch0035: 0035-cipher-fix-segmentation-fault-for-uadk_e_ctx_init.patch -Patch0036: 0036-cipher-sm4-ecb-algorithm-is-deleted-by-mistake.patch -Patch0037: 0037-rsa-bugfix-about-redundant-and-inefficient-operation.patch -Patch0038: 0038-uadk-engine-change-Copyright-to-2022.patch -Patch0039: 0039-README-move-test-script-to-sanity_test.sh.patch -Patch0040: 0040-uadk_engine-fix-string-compare-mode.patch -Patch0041: 0041-cipher-optimize-the-process-of-ctx-initialization.patch -Patch0042: 0042-cipher-adding-an-iv-update-to-a-decryption.patch -Patch0043: 0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch -Patch0044: 0044-engine-add-receiving-timeout-count.patch -Patch0045: 0045-digest-fix-the-fault-as-using-the-nginx.patch -Patch0046: 0046-ecc-cleanup-of-static-code-check.patch -Patch0047: 0047-ecc-bugfix-about-return-value-check.patch -Patch0048: 0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch -Patch0049: 0049-uadk_engine-remove-redundant-extern.patch -Patch0050: 0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch -Patch0051: 0051-rsa-cleanup-redundant-BN-operation.patch -Patch0052: 0052-rsa-bugfix-memory-leak-in-genkey-process.patch -Patch0053: 0053-rsa-remove-unused-software-method.patch -Patch0054: 0054-doc-Modify-maintainers.patch -Patch0055: 0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch -Patch0056: 0056-engine-initialize-resources-only-once.patch -Patch0057: 0057-engine-fix-function-type.patch -Patch0058: 0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch -Patch0059: 0059-uadk_utils-fix-x86-local-build.patch -Patch0060: 0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch -Patch0061: 0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch -Patch0062: 0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch -Patch0063: 0063-uadk_engine-bugfix-side-effects-of-right-operand.patch -Patch0064: 0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch -Patch0065: 0065-uadk_engine-bugfix-enable-environment-variable.patch -Patch0066: 0066-uadk_engine-cleanup-magic-number-and-comments.patch -Patch0067: 0067-uadk_engine-cleanup-header-file.patch +Patch0001: 0001-readme-export-PKG_CONFIG_PATH-on-openEuler.patch +Patch0002: 0002-uadk_engine-use-calloc-to-replace-malloc-memset.patch +Patch0003: 0003-v1-some-code-clean.patch +Patch0004: 0004-v1-fix-implicit-declaration-of-function-OPENSSL_call.patch +Patch0005: 0005-uadk-build-uadk_engine-only-if-openssl-1.1.patch +Patch0006: 0006-uadk-support-openssl-3.0.patch +Patch0007: 0007-README-update-openssl-3.0.patch +Patch0008: 0008-cipher-fix-double-free-error.patch +Patch0009: 0009-cipher-fix-set-key-error.patch +Patch0010: 0010-cipher-fix-async-hardware-computing-error.patch %description This package contains the UADK Accelerator Engine @@ -129,7 +72,16 @@ fi /sbin/ldconfig %changelog -* Mon june 8 2023 JiangShui Yang 1.0.0-8 +* Mon Jun 19 2023 JiangShui Yang 1.2.0-1 +- Backport uadk engine patch form v1.0.1 to 1.2.0 + +* Mon Mar 20 2023 linwenkai 1.0.0-10 +- Backport uadk engine build patch + +* Thu Feb 9 2023 linwenkai 1.0.0-9 +- Fix uadk engine build compatiable problem + +* Fri Dec 16 2022 JiangShui Yang 1.0.0-8 - Backport uadk engine patch for v1.0.1 * Tus Jul 26 2022 Yang Shen 1.0.0-7