diff --git a/0001-digest-delete-some-duplicate-code.patch b/0001-digest-delete-some-duplicate-code.patch deleted file mode 100644 index 1c95acc2aa1d741fc8763340ae42b7f3f30396ab..0000000000000000000000000000000000000000 --- a/0001-digest-delete-some-duplicate-code.patch +++ /dev/null @@ -1,55 +0,0 @@ -From eba09f6a2eb20bf431822718fa752a68b6d682c5 Mon Sep 17 00:00:00 2001 -From: Kai Ye -Date: Thu, 9 Dec 2021 11:17:40 +0800 -Subject: [PATCH] digest: delete some duplicate code - -digest task not need to allocate session twice for one stream. -init->update->final as one stream. - -Signed-off-by: Kai Ye ---- - src/uadk_digest.c | 14 +++++--------- - 1 file changed, 5 insertions(+), 9 deletions(-) - -diff --git a/src/uadk_digest.c b/src/uadk_digest.c -index 9fdec91..db33d16 100644 ---- a/src/uadk_digest.c -+++ b/src/uadk_digest.c -@@ -607,10 +607,6 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) - int ret = 1; - struct async_op op; - -- priv->sess = wd_digest_alloc_sess(&priv->setup); -- if (unlikely(!priv->sess)) -- return 0; -- - priv->req.in = priv->data; - priv->req.out = digest; - priv->req.in_bytes = priv->tail; -@@ -639,11 +635,6 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) - goto clear; - } - -- if (priv->sess) { -- wd_digest_free_sess(priv->sess); -- priv->sess = 0; -- } -- - return 1; - - sync_err: -@@ -665,6 +656,11 @@ static int uadk_e_digest_cleanup(EVP_MD_CTX *ctx) - if (!priv || priv->copy) - return 1; - -+ if (priv->sess) { -+ wd_digest_free_sess(priv->sess); -+ priv->sess = 0; -+ } -+ - if (priv && priv->data) - OPENSSL_free(priv->data); - --- -2.24.4 - diff --git a/0001-digest-support-digest-multiple-update.patch b/0001-digest-support-digest-multiple-update.patch new file mode 100644 index 0000000000000000000000000000000000000000..92f060c88ed2e4f1685162262473be1275b112d7 --- /dev/null +++ b/0001-digest-support-digest-multiple-update.patch @@ -0,0 +1,161 @@ +From 8cc0e8724565c12f0fa6f099070ec57504cd21fa Mon Sep 17 00:00:00 2001 +From: Kai Ye +Date: Thu, 9 Dec 2021 15:39:32 +0800 +Subject: [PATCH 01/18] digest: support digest multiple update + +Support digest multiple updating by using the SEC stream mode. + +Signed-off-by: Kai Ye +--- + src/uadk_digest.c | 77 ++++++++++++++++++++++++++++++++++++++--------- + 1 file changed, 62 insertions(+), 15 deletions(-) + +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index db33d16..41de449 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -31,6 +31,8 @@ + #define CTX_SYNC 0 + #define CTX_ASYNC 1 + #define CTX_NUM 2 ++#define DIGEST_DOING 1 ++#define DIGEST_END 0 + #define ENV_ENABLED 1 + + /* The max BD data length is 16M-512B */ +@@ -41,6 +43,7 @@ + #define SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512) + #define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024) + #define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512) ++#define MAX_DIGEST_LENGTH 64 + + struct digest_threshold_table { + int nid; +@@ -69,12 +72,16 @@ struct evp_md_ctx_st { + int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); + }; + ++#define DIGEST_BLOCK_SIZE 4096 ++ + struct digest_priv_ctx { + handle_t sess; + struct wd_digest_sess_setup setup; + struct wd_digest_req req; + unsigned char *data; +- long tail; ++ unsigned char out[MAX_DIGEST_LENGTH]; ++ size_t tail; ++ size_t last_update_bufflen; + bool copy; + uint32_t e_nid; + EVP_MD_CTX *soft_ctx; +@@ -496,6 +503,13 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) + if (unlikely(!priv->sess)) + return 0; + ++ priv->data = malloc(DIGEST_BLOCK_SIZE); ++ if (priv->data == NULL) { ++ wd_digest_free_sess(priv->sess); ++ return 0; ++ } ++ memset(priv->data, 0, DIGEST_BLOCK_SIZE); ++ + priv->switch_threshold = sec_digest_get_sw_threshold(nid); + + return 1; +@@ -504,6 +518,45 @@ soft_init: + return digest_soft_init(priv->soft_ctx, priv->e_nid); + } + ++static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_len) ++{ ++ struct digest_priv_ctx *priv = ++ (struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx); ++ const unsigned char *tmpdata = (const unsigned char *)data; ++ size_t left_len = data_len; ++ int copy_to_bufflen; ++ int ret; ++ ++ priv->req.has_next = DIGEST_DOING; ++ ++ while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) { ++ copy_to_bufflen = DIGEST_BLOCK_SIZE - priv->last_update_bufflen; ++ memcpy(priv->data + priv->last_update_bufflen, tmpdata, copy_to_bufflen); ++ ++ priv->last_update_bufflen = DIGEST_BLOCK_SIZE; ++ priv->req.in_bytes = DIGEST_BLOCK_SIZE; ++ priv->req.in = priv->data; ++ priv->req.out = priv->out; ++ left_len -= copy_to_bufflen; ++ tmpdata += copy_to_bufflen; ++ ++ ret = wd_do_digest_sync(priv->sess, &priv->req); ++ if (ret) ++ return 0; ++ ++ priv->last_update_bufflen = 0; ++ memset(priv->data, 0, DIGEST_BLOCK_SIZE); ++ if (left_len <= DIGEST_BLOCK_SIZE) { ++ priv->last_update_bufflen = left_len; ++ memcpy(priv->data, tmpdata, priv->last_update_bufflen); ++ break; ++ } ++ ++ } ++ ++ return 1; ++} ++ + static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_len) + { + struct digest_priv_ctx *priv = +@@ -512,20 +565,13 @@ static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_l + if (unlikely(priv->switch_flag == UADK_DO_SOFT)) + goto soft_update; + +- if ((data_len <= BUF_LEN - priv->tail) && (data_len > 0)) { +- if (!priv->data) { +- priv->data = OPENSSL_malloc(BUF_LEN); +- if (priv->data == NULL) +- return 0; +- } +- +- memcpy(priv->data + priv->tail, data, data_len); +- priv->tail += data_len; +- ++ if (priv->last_update_bufflen + data_len <= DIGEST_BLOCK_SIZE) { ++ memcpy(priv->data + priv->last_update_bufflen, data, data_len); ++ priv->last_update_bufflen += data_len; + return 1; + } + +- return 0; ++ return digest_update_inner(ctx, data, data_len); + + soft_update: + return digest_soft_update(priv->soft_ctx, priv->e_nid, data, data_len); +@@ -606,10 +652,10 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) + (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx); + int ret = 1; + struct async_op op; +- ++ priv->req.has_next = DIGEST_END; + priv->req.in = priv->data; +- priv->req.out = digest; +- priv->req.in_bytes = priv->tail; ++ priv->req.out = priv->out; ++ priv->req.in_bytes = priv->last_update_bufflen; + priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx)); + + ret = async_setup_async_event_notification(&op); +@@ -634,6 +680,7 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) + if (!ret) + goto clear; + } ++ memcpy(digest, priv->req.out, priv->req.out_bytes); + + return 1; + +-- +2.24.4 + diff --git a/0002-uadk_engine-define-the-variable-as-const.patch b/0002-uadk_engine-define-the-variable-as-const.patch new file mode 100644 index 0000000000000000000000000000000000000000..87c693066b063f8a7c2f0032dd4dd34caa6d663d --- /dev/null +++ b/0002-uadk_engine-define-the-variable-as-const.patch @@ -0,0 +1,38 @@ +From b7bb19a4e5c239035926f952d24c2e95bf813fd8 Mon Sep 17 00:00:00 2001 +From: Weili Qian +Date: Mon, 20 Dec 2021 02:48:54 +0000 +Subject: [PATCH 02/18] uadk_engine: define the variable as 'const' + +Parameter: 'n' in the function has not been changed, +it should be defined as 'const'. + +Signed-off-by: Weili Qian +--- + src/uadk_rsa.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index bab3c24..75ae0d1 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -174,7 +174,7 @@ static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1, + } + + static int check_prime_sufficient(int *num, const int *bitsr, int *bitse, +- int *n, BIGNUM *rsa_p, BIGNUM *rsa_q, ++ const int *n, BIGNUM *rsa_p, BIGNUM *rsa_q, + BIGNUM *r1, BIGNUM *r2, BN_CTX *ctx, + BN_GENCB *cb) + { +@@ -268,7 +268,7 @@ static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, + return UADK_E_SUCCESS; + } + +-static int check_prime_useful(int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2, ++static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2, + BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb) + { + unsigned long err; +-- +2.24.4 + diff --git a/0003-ecc-fix-codecheck-warning.patch b/0003-ecc-fix-codecheck-warning.patch new file mode 100644 index 0000000000000000000000000000000000000000..f6eb7eaebe165c82964433c826006824d3af1574 --- /dev/null +++ b/0003-ecc-fix-codecheck-warning.patch @@ -0,0 +1,113 @@ +From 1cd8bd255ae0f55742d2dffa7ba09aea28d56c9a Mon Sep 17 00:00:00 2001 +From: Weili Qian +Date: Wed, 22 Dec 2021 03:37:13 +0000 +Subject: [PATCH 03/18] ecc: fix codecheck warning + +fix a more than 50 lines function 'uadk_wd_ecc_init'. + +Signed-off-by: Weili Qian +--- + src/uadk_pkey.c | 61 +++++++++++++++++++++++++------------------------ + 1 file changed, 31 insertions(+), 30 deletions(-) + +diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c +index c20b22b..62362b0 100644 +--- a/src/uadk_pkey.c ++++ b/src/uadk_pkey.c +@@ -178,38 +178,20 @@ static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev) + return async_register_poll_fn(ASYNC_TASK_ECC, uadk_e_ecc_env_poll); + } + +-static int uadk_wd_ecc_init(struct ecc_res_config *config) ++static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev, ++ struct wd_sched *sched) + { +- struct wd_sched *sched = &config->sched.wd_sched; + struct wd_ctx_config *ctx_cfg; +- struct uacce_dev *dev; + int ret, i; + +- /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */ +- dev = wd_get_accel_dev("ecdsa"); +- if (!dev) +- return -ENOMEM; +- +- config->numa_id = dev->numa_id; +- +- ret = uadk_e_is_env_enabled("ecc"); +- if (ret == ENV_ENABLED) { +- ret = uadk_e_wd_ecc_env_init(dev); +- goto free_dev; +- } +- +- if (ecc_res.ctx_res) { +- ret = 0; +- goto free_dev; +- } ++ if (ecc_res.ctx_res) ++ return 0; + + ctx_cfg = calloc(1, sizeof(struct wd_ctx_config)); +- if (!ctx_cfg) { ++ if (!ctx_cfg) + ret = -ENOMEM; +- goto free_dev; +- } +- ecc_res.ctx_res = ctx_cfg; + ++ ecc_res.ctx_res = ctx_cfg; + ctx_cfg->ctx_num = CTX_NUM; + ctx_cfg->ctxs = calloc(CTX_NUM, sizeof(struct wd_ctx)); + if (!ctx_cfg->ctxs) { +@@ -230,23 +212,42 @@ static int uadk_wd_ecc_init(struct ecc_res_config *config) + if (ret) + goto free_ctx; + +- free(dev); +- + return async_register_poll_fn(ASYNC_TASK_ECC, uadk_ecc_poll); + + free_ctx: + for (i = 0; i < CTX_NUM; i++) { +- if (ctx_cfg->ctxs[i].ctx) { ++ if (ctx_cfg->ctxs[i].ctx) + wd_release_ctx(ctx_cfg->ctxs[i].ctx); +- ctx_cfg->ctxs[i].ctx = 0; +- } + } + free(ctx_cfg->ctxs); + free_cfg: + free(ctx_cfg); + ecc_res.ctx_res = NULL; +-free_dev: ++ ++ return ret; ++} ++ ++static int uadk_wd_ecc_init(struct ecc_res_config *config) ++{ ++ struct wd_sched *sched = &config->sched.wd_sched; ++ struct uacce_dev *dev; ++ int ret; ++ ++ /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */ ++ dev = wd_get_accel_dev("ecdsa"); ++ if (!dev) ++ return -ENOMEM; ++ ++ config->numa_id = dev->numa_id; ++ ++ ret = uadk_e_is_env_enabled("ecc"); ++ if (ret) ++ ret = uadk_e_wd_ecc_env_init(dev); ++ else ++ ret = uadk_e_wd_ecc_general_init(dev, sched); ++ + free(dev); ++ + return ret; + } + +-- +2.24.4 + diff --git a/0004-rsa-delete-redundant-copy.patch b/0004-rsa-delete-redundant-copy.patch new file mode 100644 index 0000000000000000000000000000000000000000..8bf9eae93e328993fc07f9ad5c8faf5b144be1dc --- /dev/null +++ b/0004-rsa-delete-redundant-copy.patch @@ -0,0 +1,28 @@ +From 6c916851ae54c9272a96c7af73cba83598ab3c43 Mon Sep 17 00:00:00 2001 +From: Weili Qian +Date: Wed, 22 Dec 2021 03:51:48 +0000 +Subject: [PATCH 04/18] rsa: delete redundant copy + +'from_buf' and 'req.src' point to the same address space, +redundant copy is not required. + +Signed-off-by: Weili Qian +--- + src/uadk_rsa.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index 75ae0d1..1e1e226 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -1595,7 +1595,6 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, + goto free_buf; + } + +- memcpy(rsa_sess->req.src, from_buf, rsa_sess->req.src_bytes); + ret = rsa_do_crypto(rsa_sess); + if (!ret || rsa_sess->req.status) { + ret = UADK_DO_SOFT; +-- +2.24.4 + diff --git a/0005-rsa-fix-coverity-warning.patch b/0005-rsa-fix-coverity-warning.patch new file mode 100644 index 0000000000000000000000000000000000000000..f444142e206c5d46987c638d8a97313e0fa1ecf4 --- /dev/null +++ b/0005-rsa-fix-coverity-warning.patch @@ -0,0 +1,35 @@ +From f5fac71459234b4e44fe8ff386b19627e88ad680 Mon Sep 17 00:00:00 2001 +From: Weili Qian +Date: Wed, 22 Dec 2021 06:39:46 +0000 +Subject: [PATCH 05/18] rsa: fix coverity warning + +Parameter: 'n' in the function 'get_prime_once' has not +been changed, it should be defined as 'const'. + +Signed-off-by: Weili Qian +--- + src/uadk_rsa.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index 1e1e226..cb98159 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -307,10 +307,10 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r + return GET_ERR_FINISH; + } + +-static int get_prime_once(int num, const int *bitsr, int *n, BIGNUM *prime, +- BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1, +- BIGNUM *r2, BIGNUM *e_pub, BN_CTX *ctx, +- BN_GENCB *cb) ++static int get_prime_once(int num, const int *bitsr, const int *n, ++ BIGNUM *prime, BIGNUM *rsa_p, BIGNUM *rsa_q, ++ BIGNUM *r1, BIGNUM *r2, BIGNUM *e_pub, ++ BN_CTX *ctx, BN_GENCB *cb) + { + int ret = -1; + +-- +2.24.4 + diff --git a/0006-ecc-cleanup-duplicate-public-key-allocation.patch b/0006-ecc-cleanup-duplicate-public-key-allocation.patch new file mode 100644 index 0000000000000000000000000000000000000000..95b735b6cac96fa6a993f051cab88c51e7355f81 --- /dev/null +++ b/0006-ecc-cleanup-duplicate-public-key-allocation.patch @@ -0,0 +1,165 @@ +From 941c89ea6fefe3e78255437788c3f274b6c81414 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Wed, 22 Dec 2021 08:27:45 +0000 +Subject: [PATCH 06/18] ecc: cleanup duplicate public key allocation + +Remove duplicate allocation and copy of public key. + +Signed-off-by: Zhiqi Song +--- + src/uadk_ec.c | 95 +++++++++++++++++++++++++++------------------------ + 1 file changed, 51 insertions(+), 44 deletions(-) + +diff --git a/src/uadk_ec.c b/src/uadk_ec.c +index d97436b..9040d3c 100644 +--- a/src/uadk_ec.c ++++ b/src/uadk_ec.c +@@ -784,59 +784,78 @@ static int sm2_keygen_init_iot(handle_t sess, struct wd_ecc_req *req) + + static int eckey_create_key(EC_KEY *eckey) + { +- const EC_GROUP *group; +- EC_POINT *pub_key; + BIGNUM *priv_key; ++ int ret; + +- group = EC_KEY_get0_group(eckey); +- pub_key = (EC_POINT *)EC_KEY_get0_public_key(eckey); +- if (!pub_key) { +- pub_key = EC_POINT_new(group); +- if (!pub_key) { +- fprintf(stderr, "failed to new pub_key\n"); +- return -1; +- } +- EC_KEY_set_public_key(eckey, pub_key); ++ priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey); ++ if (priv_key) ++ return 1; ++ ++ priv_key = BN_new(); ++ if (!priv_key) { ++ fprintf(stderr, "failed to BN_new priv_key\n"); ++ return 0; + } + ++ ret = EC_KEY_set_private_key(eckey, priv_key); ++ if (!ret) ++ fprintf(stderr, "failed to set private key\n"); ++ ++ BN_free(priv_key); ++ return ret; ++} ++ ++static int ecdh_set_private_key(EC_KEY *eckey, BIGNUM *order) ++{ ++ BIGNUM *priv_key; ++ int ret; ++ ++ priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey); ++ if (priv_key) ++ return 1; ++ + priv_key = BN_new(); + if (!priv_key) { + fprintf(stderr, "failed to BN_new priv_key\n"); +- return -1; ++ return 0; + } +- EC_KEY_set_private_key(eckey, priv_key); + +- return 0; ++ do { ++ if (!BN_rand_range(priv_key, order)) { ++ fprintf(stderr, "failed to generate random value\n"); ++ ret = 0; ++ goto free_priv_key; ++ } ++ } while (BN_is_zero(priv_key)); ++ ++ ret = EC_KEY_set_private_key(eckey, priv_key); ++ if (!ret) ++ fprintf(stderr, "failed to set private key\n"); ++ ++free_priv_key: ++ BN_free(priv_key); ++ return ret; + } + + static int ecdh_create_key(EC_KEY *eckey) + { +- BIGNUM *priv_key, *order; + const EC_GROUP *group; +- EC_POINT *pub_key; ++ BIGNUM *order; + BN_CTX *ctx; +- int ret = 0; ++ int ret; + + group = EC_KEY_get0_group(eckey); +- pub_key = (EC_POINT *)EC_KEY_get0_public_key(eckey); +- if (!pub_key) { +- pub_key = EC_POINT_new(group); +- if (!pub_key) { +- fprintf(stderr, "failed to new pub_key\n"); +- return ret; +- } +- ret = EC_KEY_set_public_key(eckey, pub_key); +- } + + ctx = BN_CTX_new(); + if (!ctx) { + fprintf(stderr, "failed to allocate ctx\n"); +- return ret; ++ return 0; + } + +- order = BN_CTX_get(ctx); ++ order = BN_CTX_get(ctx); + if (!order) { + fprintf(stderr, "failed to allocate order\n"); ++ ret = 0; + goto free_ctx; + } + +@@ -846,26 +865,14 @@ static int ecdh_create_key(EC_KEY *eckey) + goto free_order; + } + +- priv_key = (BIGNUM *)EC_KEY_get0_private_key(eckey); +- if (!priv_key) { +- priv_key = BN_new(); +- if (!priv_key) { +- fprintf(stderr, "failed to BN_new priv_key\n"); +- goto free_order; +- } +- do { +- if (!BN_rand_range(priv_key, order)) +- fprintf(stderr, "failed to generate random value\n"); +- } while (BN_is_zero(priv_key)); +- ret = EC_KEY_set_private_key(eckey, priv_key); +- } +- ret = 1; ++ ret = ecdh_set_private_key(eckey, order); ++ if (!ret) ++ fprintf(stderr, "failed to set private key\n"); + + free_order: + BN_clear(order); + free_ctx: + BN_CTX_free(ctx); +- + return ret; + } + +@@ -880,7 +887,7 @@ static int sm2_generate_key(EC_KEY *eckey) + goto do_soft; + + ret = eckey_create_key(eckey); +- if (ret) ++ if (!ret) + return ret; + + ret = UADK_DO_SOFT; +-- +2.24.4 + diff --git a/0007-rsa-cleanup-about-reducing-function-parameters.patch b/0007-rsa-cleanup-about-reducing-function-parameters.patch new file mode 100644 index 0000000000000000000000000000000000000000..b7321759a8fb201815a5f9c793d1f7762c12396c --- /dev/null +++ b/0007-rsa-cleanup-about-reducing-function-parameters.patch @@ -0,0 +1,349 @@ +From 273cf10d03532e73dfcd9f8a1223bfecb64d0f16 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Wed, 22 Dec 2021 10:51:48 +0000 +Subject: [PATCH 07/18] rsa: cleanup about reducing function parameters + +Reduce the number of parameters of functions +related to prime, and make the name of those +functions clearer. + +Signed-off-by: Zhiqi Song +--- + src/uadk_rsa.c | 155 ++++++++++++++++++++++++++++++------------------- + 1 file changed, 95 insertions(+), 60 deletions(-) + +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index cb98159..c1609ca 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -97,6 +97,14 @@ struct rsa_prikey_param { + int is_crt; + }; + ++struct rsa_prime_param { ++ BIGNUM *r1; ++ BIGNUM *r2; ++ BIGNUM *rsa_p; ++ BIGNUM *rsa_q; ++ BIGNUM *prime; ++}; ++ + struct uadk_rsa_sess { + handle_t sess; + struct wd_rsa_sess_setup setup; +@@ -156,15 +164,14 @@ static int rsa_check_bit_useful(const int bits, int flen) + } + } + +-static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1, +- BN_CTX *ctx, BN_GENCB *cb) ++static int rsa_prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1, ++ BN_CTX *ctx, BN_GENCB *cb) + { +- /* calculate n = p * q */ + if (num == 1) { + if (!BN_mul(r1, rsa_p, rsa_q, ctx)) + return BN_ERR; + } else { +- /* if num == 0, use number 3 to indicate do nothing */ ++ /* If num == 0, use number 3 to indicate do nothing */ + if (!BN_GENCB_call(cb, 3, num)) + return BN_ERR; + return BN_CONTINUE; +@@ -173,20 +180,21 @@ static int prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1, + return BN_VALID; + } + +-static int check_prime_sufficient(int *num, const int *bitsr, int *bitse, +- const int *n, BIGNUM *rsa_p, BIGNUM *rsa_q, +- BIGNUM *r1, BIGNUM *r2, BN_CTX *ctx, +- BN_GENCB *cb) ++static int check_rsa_prime_sufficient(int *num, const int *bitsr, ++ int *bitse, const int *n, ++ struct rsa_prime_param *param, ++ BN_CTX *ctx, BN_GENCB *cb) + { + static int retries; + BN_ULONG bitst; + int ret; + +- ret = prime_mul_res(*num, rsa_p, rsa_q, r1, ctx, cb); ++ ret = rsa_prime_mul_res(*num, param->rsa_p, param->rsa_q, ++ param->r1, ctx, cb); + if (ret) + return ret; + /* +- * if |r1|, product of factors so far, is not as long as expected ++ * If |r1|, product of factors so far, is not as long as expected + * (by checking the first 4 bits are less than 0x9 or greater than + * 0xF). If so, re-generate the last prime. + * +@@ -199,10 +207,10 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse, + * key by using the modulus in a certificate. This is also covered + * by checking the length should not be less than 0x9. + */ +- if (!BN_rshift(r2, r1, *bitse - 4)) ++ if (!BN_rshift(param->r2, param->r1, *bitse - 4)) + return BN_ERR; + +- bitst = BN_get_word(r2); ++ bitst = BN_get_word(param->r2); + if (bitst < 0x9 || bitst > 0xF) { + /* + * For keys with more than 4 primes, we attempt longer factor to +@@ -216,7 +224,9 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse, + *bitse -= bitsr[*num]; + else + return -1; +- if (!BN_GENCB_call(cb, 2, *n++)) ++ ++ ret = BN_GENCB_call(cb, 2, *n++); ++ if (!ret) + return -1; + if (retries == 4) { + *num = -1; +@@ -227,14 +237,17 @@ static int check_prime_sufficient(int *num, const int *bitsr, int *bitse, + retries++; + return BN_REDO; + } +- if (!BN_GENCB_call(cb, 3, *num)) ++ ++ ret = BN_GENCB_call(cb, 3, *num); ++ if (!ret) + return BN_ERR; + retries = 0; + + return BN_VALID; + } + +-static void set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM **prime) ++static void rsa_set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, ++ BIGNUM **prime) + { + if (num == 0) + *prime = rsa_p; +@@ -244,8 +257,8 @@ static void set_primes(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM **prime) + BN_set_flags(*prime, BN_FLG_CONSTTIME); + } + +-static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, +- BIGNUM *prime) ++static int check_rsa_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, ++ BIGNUM *prime) + { + BIGNUM *prev_prime; + int j; +@@ -268,8 +281,8 @@ static int check_prime_equal(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, + return UADK_E_SUCCESS; + } + +-static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r2, +- BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb) ++static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param, ++ BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb) + { + unsigned long err; + /* +@@ -278,10 +291,10 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r + * BN_value_one() returns a BIGNUM constant of value 1. + * r2 = prime - 1. + */ +- if (!BN_sub(r2, prime, BN_value_one())) ++ if (!BN_sub(param->r2, param->prime, BN_value_one())) + return -1; + ERR_set_mark(); +- BN_set_flags(r2, BN_FLG_CONSTTIME); ++ BN_set_flags(param->r2, BN_FLG_CONSTTIME); + /* + * BN_mod_inverse(r,a,n,ctx) used to compute inverse modulo n. + * Precisely, it computes the inverse of "a" modulo "n", and places +@@ -290,7 +303,7 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r + * The expected result: (r2 * r1) % e_pub ==1, + * the inverse of r2 exist, that is r1. + */ +- if (BN_mod_inverse(r1, r2, e_pub, ctx)) ++ if (BN_mod_inverse(param->r1, param->r2, e_pub, ctx)) + return UADK_E_SUCCESS; + + err = ERR_peek_last_error(); +@@ -307,10 +320,9 @@ static int check_prime_useful(const int *n, BIGNUM *prime, BIGNUM *r1, BIGNUM *r + return GET_ERR_FINISH; + } + +-static int get_prime_once(int num, const int *bitsr, const int *n, +- BIGNUM *prime, BIGNUM *rsa_p, BIGNUM *rsa_q, +- BIGNUM *r1, BIGNUM *r2, BIGNUM *e_pub, +- BN_CTX *ctx, BN_GENCB *cb) ++static int get_rsa_prime_once(int num, const int *bitsr, const int *n, ++ BIGNUM *e_pub, struct rsa_prime_param *param, ++ BN_CTX *ctx, BN_GENCB *cb) + { + int ret = -1; + +@@ -318,12 +330,13 @@ static int get_prime_once(int num, const int *bitsr, const int *n, + return ret; + while (1) { + /* Generate prime with bitsr[num] len. */ +- if (!BN_generate_prime_ex(prime, bitsr[num], ++ if (!BN_generate_prime_ex(param->prime, bitsr[num], + 0, NULL, NULL, cb)) + return BN_ERR; +- if (!check_prime_equal(num, rsa_p, rsa_q, prime)) ++ if (!check_rsa_prime_equal(num, param->rsa_p, param->rsa_q, ++ param->prime)) + continue; +- ret = check_prime_useful(n, prime, r1, r2, e_pub, ctx, cb); ++ ret = check_rsa_prime_useful(n, param, e_pub, ctx, cb); + if (ret == BN_ERR) + return BN_ERR; + else if (ret == UADK_E_SUCCESS) +@@ -333,8 +346,7 @@ static int get_prime_once(int num, const int *bitsr, const int *n, + return ret; + } + +-static void switch_p_q(BIGNUM *rsa_p, BIGNUM *rsa_q, +- BIGNUM *p, BIGNUM *q) ++static void rsa_switch_p_q(BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *p, BIGNUM *q) + { + BIGNUM *tmp; + +@@ -373,13 +385,37 @@ static int check_rsa_is_crt(RSA *rsa) + return UN_SET; + } + ++static int get_rsa_prime_param(struct rsa_prime_param *param, BN_CTX *ctx) ++{ ++ param->r1 = BN_CTX_get(ctx); ++ if (!param->r1) ++ goto end; ++ ++ param->r2 = BN_CTX_get(ctx); ++ if (!param->r2) ++ goto end; ++ ++ param->rsa_p = BN_CTX_get(ctx); ++ if (!param->rsa_p) ++ goto end; ++ ++ param->rsa_q = BN_CTX_get(ctx); ++ if (!param->rsa_q) ++ goto end; ++ ++ return UADK_E_SUCCESS; ++ ++end: ++ fprintf(stderr, "failed to malloc params\n"); ++ return UADK_E_FAIL; ++} ++ + static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p, + BIGNUM *q, BN_GENCB *cb) + { +- BIGNUM *r1, *r2, *rsa_p, *rsa_q; ++ struct rsa_prime_param *param = NULL; + int bitsr[RSA_MAX_PRIME_NUM] = {0}; + int flag, quo, rmd, i; +- BIGNUM *prime = NULL; + BN_CTX *ctx; + int bitse = 0; + int ret = 0; +@@ -391,12 +427,15 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p, + return ret; + + BN_CTX_start(ctx); +- r1 = BN_CTX_get(ctx); +- r2 = BN_CTX_get(ctx); +- rsa_p = BN_CTX_get(ctx); +- rsa_q = BN_CTX_get(ctx); +- if (!r1 || !r2 || !rsa_p || !rsa_q) +- goto err; ++ param = OPENSSL_zalloc(sizeof(struct rsa_prime_param)); ++ if (!param) { ++ fprintf(stderr, "failed to malloc rsa prime param\n"); ++ goto free_ctx; ++ } ++ ++ ret = get_rsa_prime_param(param, ctx); ++ if (!ret) ++ goto free_param; + + /* Divide bits into 'primes' pieces evenly */ + quo = bits / RSA_MAX_PRIME_NUM; +@@ -409,39 +448,37 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p, + /* flag: whether primes are generated correctely. */ + flag = 1; + /* Set flag for primes rsa_p and rsa_q separately. */ +- set_primes(i, rsa_p, rsa_q, &prime); ++ rsa_set_primes(i, param->rsa_p, param->rsa_q, ¶m->prime); + while (flag == 1) { +- if (get_prime_once(i, bitsr, &n, prime, rsa_p, rsa_q, +- r1, r2, e_pub, ctx, cb) == -1) +- goto err; ++ ret = get_rsa_prime_once(i, bitsr, &n, e_pub, param, ++ ctx, cb); ++ if (ret == -1) ++ goto free_param; + bitse += bitsr[i]; +- ret = check_prime_sufficient(&i, bitsr, &bitse, &n, +- rsa_p, rsa_q, r1, r2, +- ctx, cb); ++ ret = check_rsa_prime_sufficient(&i, bitsr, &bitse, &n, ++ param, ctx, cb); + if (ret == BN_ERR) +- goto err; ++ goto free_param; + else if (ret == BN_REDO) + continue; + else + flag = 0; + } + } +- switch_p_q(rsa_p, rsa_q, p, q); ++ rsa_switch_p_q(param->rsa_p, param->rsa_q, p, q); + + ret = UADK_E_SUCCESS; + +-err: +- if (ctx) { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- } +- ++free_param: ++ OPENSSL_free(param); ++free_ctx: ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); + return ret; + } + + static int add_rsa_pubenc_padding(int flen, const unsigned char *from, +- unsigned char *buf, int num, +- int padding) ++ unsigned char *buf, int num, int padding) + { + int ret; + +@@ -852,8 +889,7 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits, + + static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param, + struct uadk_rsa_sess *rsa_sess, +- unsigned char *in_buf, +- unsigned char *to) ++ unsigned char *in_buf, unsigned char *to) + { + struct wd_rsa_pubkey *pubkey = NULL; + struct wd_dtb *wd_e = NULL; +@@ -882,8 +918,7 @@ static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param, + + static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess, + struct rsa_prikey_param *pri, +- unsigned char *in_buf, +- unsigned char *to) ++ unsigned char *in_buf, unsigned char *to) + { + struct wd_rsa_prikey *prikey; + struct wd_dtb *wd_dq; +-- +2.24.4 + diff --git a/0008-ecc-cleanup-sm2-compute-digest-function.patch b/0008-ecc-cleanup-sm2-compute-digest-function.patch new file mode 100644 index 0000000000000000000000000000000000000000..e4647bbc1036d55e89789054bd89c5562f7da818 --- /dev/null +++ b/0008-ecc-cleanup-sm2-compute-digest-function.patch @@ -0,0 +1,355 @@ +From b99452edd6ae045e833e3ae01866b8546fd5733a Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Fri, 24 Dec 2021 07:30:22 +0000 +Subject: [PATCH 08/18] ecc: cleanup sm2 compute digest function + +The operation flow of sm2_compute_z_digest() +is modularized and encapsulated to reduce +the code line of sm2_compute_z_digest() and +make the code easier to understand. + +Signed-off-by: Zhiqi Song +--- + src/uadk_sm2.c | 277 +++++++++++++++++++++++++++++++++++-------------- + 1 file changed, 197 insertions(+), 80 deletions(-) + +diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c +index d74aa3a..6d5dad0 100644 +--- a/src/uadk_sm2.c ++++ b/src/uadk_sm2.c +@@ -62,6 +62,26 @@ typedef struct sm2_ciphertext { + ASN1_OCTET_STRING *C2; + } SM2_Ciphertext; + ++struct sm2_param { ++ /* ++ * p: BIGNUM with the prime number (GFp) or the polynomial ++ * defining the underlying field (GF2m) ++ */ ++ BIGNUM *p; ++ /* a: BIGNUM for parameter a of the equation */ ++ BIGNUM *a; ++ /* b: BIGNUM for parameter b of the equation */ ++ BIGNUM *b; ++ /* xG: BIGNUM for the x-coordinate value of G point */ ++ BIGNUM *xG; ++ /* yG: BIGNUM for the y-coordinate value of G point */ ++ BIGNUM *yG; ++ /* xA: BIGNUM for the x-coordinate value of PA point */ ++ BIGNUM *xA; ++ /* yA: BIGNUM for the y-coordinate value of PA point */ ++ BIGNUM *yA; ++}; ++ + DECLARE_ASN1_FUNCTIONS(SM2_Ciphertext) + + ASN1_SEQUENCE(SM2_Ciphertext) = { +@@ -695,8 +715,7 @@ static int sm2_verify_init(EVP_PKEY_CTX *ctx) + } + + static int sm2_verify_init_iot(handle_t sess, struct wd_ecc_req *req, +- struct wd_dtb *e, +- struct wd_dtb *r, ++ struct wd_dtb *e, struct wd_dtb *r, + struct wd_dtb *s) + { + struct wd_ecc_in *ecc_in; +@@ -1229,119 +1248,217 @@ static int sm2_ctrl_str(EVP_PKEY_CTX *ctx, + return UADK_E_INVALID; + } + +-static int sm2_compute_z_digest(uint8_t *out, +- const EVP_MD *digest, +- const uint8_t *id, +- const size_t id_len, +- const EC_KEY *key) ++static int get_sm2_param(struct sm2_param *sm2_param, BN_CTX *ctx) + { +- const EC_GROUP *group = EC_KEY_get0_group(key); +- EVP_MD_CTX *hash = NULL; +- uint8_t *buf = NULL; +- BN_CTX *ctx = NULL; +- BIGNUM *p = NULL; +- BIGNUM *a = NULL; +- BIGNUM *b = NULL; +- BIGNUM *xG = NULL; +- BIGNUM *yG = NULL; +- BIGNUM *xA = NULL; +- BIGNUM *yA = NULL; +- uint8_t e_byte; +- uint16_t entl; +- int p_bytes; +- int rc = 0; ++ sm2_param->p = BN_CTX_get(ctx); ++ if (!sm2_param->p) ++ goto end; + +- hash = EVP_MD_CTX_new(); +- ctx = BN_CTX_new(); +- if (hash == NULL || ctx == NULL) { +- fprintf(stderr, "failed to EVP_CTX_new\n"); +- goto done; +- } ++ sm2_param->a = BN_CTX_get(ctx); ++ if (!sm2_param->a) ++ goto end; + +- p = BN_CTX_get(ctx); +- a = BN_CTX_get(ctx); +- b = BN_CTX_get(ctx); +- xG = BN_CTX_get(ctx); +- yG = BN_CTX_get(ctx); +- xA = BN_CTX_get(ctx); +- yA = BN_CTX_get(ctx); +- if (yA == NULL) { +- fprintf(stderr, "failed to malloc\n"); +- goto done; +- } ++ sm2_param->b = BN_CTX_get(ctx); ++ if (!sm2_param->b) ++ goto end; ++ ++ sm2_param->xG = BN_CTX_get(ctx); ++ if (!sm2_param->xG) ++ goto end; ++ ++ sm2_param->yG = BN_CTX_get(ctx); ++ if (!sm2_param->yG) ++ goto end; ++ ++ sm2_param->xA = BN_CTX_get(ctx); ++ if (!sm2_param->xA) ++ goto end; ++ ++ sm2_param->yA = BN_CTX_get(ctx); ++ if (!sm2_param->yA) ++ goto end; ++ ++ return 1; ++ ++end: ++ fprintf(stderr, "failed to malloc params\n"); ++ return 0; ++} ++ ++static int check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash, ++ const size_t id_len, const uint8_t *id) ++{ ++ uint8_t e_byte; ++ uint16_t entl; + + if (!EVP_DigestInit(hash, digest)) { + fprintf(stderr, "error evp lib\n"); +- goto done; ++ return 0; + } + + /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */ + if (id_len >= (UINT16_MAX / 8)) { +- /* too large */ + fprintf(stderr, "id too large\n"); +- goto done; ++ return 0; + } + + entl = (uint16_t)(8 * id_len); + + e_byte = entl >> 8; +- if (!EVP_DigestUpdate(hash, &e_byte, 1)) { +- fprintf(stderr, "error evp lib\n"); +- goto done; +- } ++ if (!EVP_DigestUpdate(hash, &e_byte, 1)) { ++ fprintf(stderr, "error evp lib\n"); ++ return 0; ++ } ++ + e_byte = entl & 0xFF; + if (!EVP_DigestUpdate(hash, &e_byte, 1)) { + fprintf(stderr, "error evp lib\n"); +- goto done; ++ return 0; + } + + if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) { + fprintf(stderr, "error evp lib\n"); +- goto done; ++ return 0; + } + +- if (!EC_GROUP_get_curve(group, p, a, b, ctx)) { +- fprintf(stderr, "error ec lib\n"); +- goto done; ++ return 1; ++} ++ ++static int check_equation_param(struct sm2_param *param, EVP_MD_CTX *hash, ++ uint8_t *buf, int p_bytes) ++{ ++ if (BN_bn2binpad(param->a, buf, p_bytes) < 0 || ++ !EVP_DigestUpdate(hash, buf, p_bytes) || ++ BN_bn2binpad(param->b, buf, p_bytes) < 0 || ++ !EVP_DigestUpdate(hash, buf, p_bytes)) { ++ fprintf(stderr, "failed to check equation param\n"); ++ return 0; + } + +- p_bytes = BN_num_bytes(p); +- buf = OPENSSL_zalloc(p_bytes); +- if (buf == NULL) { +- fprintf(stderr, "failed to malloc\n"); +- goto done; ++ return 1; ++} ++ ++ ++static int check_base_point_group_param(struct sm2_param *param, BN_CTX *ctx, ++ const EC_KEY *key) ++{ ++ const EC_GROUP *group = EC_KEY_get0_group(key); ++ ++ if (!EC_POINT_get_affine_coordinates(group, ++ EC_GROUP_get0_generator(group), ++ param->xG, param->yG, ctx)) { ++ fprintf(stderr, "failed to check base point group param\n"); ++ return 0; + } + +- if (BN_bn2binpad(a, buf, p_bytes) < 0 +- || !EVP_DigestUpdate(hash, buf, p_bytes) +- || BN_bn2binpad(b, buf, p_bytes) < 0 +- || !EVP_DigestUpdate(hash, buf, p_bytes) +- || !EC_POINT_get_affine_coordinates(group, +- EC_GROUP_get0_generator(group), +- xG, yG, ctx) +- || BN_bn2binpad(xG, buf, p_bytes) < 0 +- || !EVP_DigestUpdate(hash, buf, p_bytes) +- || BN_bn2binpad(yG, buf, p_bytes) < 0 +- || !EVP_DigestUpdate(hash, buf, p_bytes) +- || !EC_POINT_get_affine_coordinates(group, +- EC_KEY_get0_public_key(key), +- xA, yA, ctx) +- || BN_bn2binpad(xA, buf, p_bytes) < 0 +- || !EVP_DigestUpdate(hash, buf, p_bytes) +- || BN_bn2binpad(yA, buf, p_bytes) < 0 +- || !EVP_DigestUpdate(hash, buf, p_bytes) +- || !EVP_DigestFinal(hash, out, NULL)) { +- fprintf(stderr, "internal error\n"); +- goto done; ++ return 1; ++} ++ ++static int check_base_point_param(struct sm2_param *param, EVP_MD_CTX *hash, ++ uint8_t *buf, int p_bytes) ++{ ++ if (BN_bn2binpad(param->xG, buf, p_bytes) < 0 || ++ !EVP_DigestUpdate(hash, buf, p_bytes) || ++ BN_bn2binpad(param->yG, buf, p_bytes) < 0 || ++ !EVP_DigestUpdate(hash, buf, p_bytes)) { ++ fprintf(stderr, "failed to check base point param\n"); ++ return 0; + } + +- rc = 1; ++ return 1; ++} + +-done: ++static int check_pkey_point_group_param(struct sm2_param *param, BN_CTX *ctx, ++ const EC_KEY *key) ++{ ++ const EC_GROUP *group = EC_KEY_get0_group(key); ++ ++ if (!EC_POINT_get_affine_coordinates(group, ++ EC_KEY_get0_public_key(key), ++ param->xA, param->yA, ctx)) { ++ fprintf(stderr, "failed to check pkey point group param\n"); ++ return 0; ++ } ++ return 1; ++} ++ ++static int check_pkey_point_param(struct sm2_param *param, EVP_MD_CTX *hash, ++ uint8_t *buf, int p_bytes, uint8_t *out) ++{ ++ if (BN_bn2binpad(param->xA, buf, p_bytes) < 0 || ++ !EVP_DigestUpdate(hash, buf, p_bytes) || ++ BN_bn2binpad(param->yA, buf, p_bytes) < 0 || ++ !EVP_DigestUpdate(hash, buf, p_bytes) || ++ !EVP_DigestFinal(hash, out, NULL)) { ++ fprintf(stderr, "failed to check pkey point param\n"); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static int sm2_compute_z_digest(uint8_t *out, const EVP_MD *digest, ++ const uint8_t *id, const size_t id_len, ++ const EC_KEY *key) ++{ ++ const EC_GROUP *group = EC_KEY_get0_group(key); ++ struct sm2_param *param = NULL; ++ EVP_MD_CTX *hash = NULL; ++ uint8_t *buf = NULL; ++ BN_CTX *ctx = NULL; ++ int p_bytes; ++ int ret = 0; ++ ++ hash = EVP_MD_CTX_new(); ++ if (!hash) ++ return ret; ++ ++ ctx = BN_CTX_new(); ++ if (!ctx) ++ goto free_hash; ++ ++ param = OPENSSL_zalloc(sizeof(struct sm2_param)); ++ if (!param) { ++ fprintf(stderr, "failed to malloc sm2 param\n"); ++ goto free_ctx; ++ } ++ ++ if (!get_sm2_param(param, ctx)) ++ goto free_param; ++ ++ if (!check_digest_evp_lib(digest, hash, id_len, id)) ++ goto free_param; ++ ++ if (!EC_GROUP_get_curve(group, param->p, param->a, param->b, ctx)) { ++ fprintf(stderr, "failed to get curve\n"); ++ goto free_param; ++ } ++ ++ p_bytes = BN_num_bytes(param->p); ++ buf = OPENSSL_zalloc(p_bytes); ++ if (!buf) { ++ fprintf(stderr, "failed to malloc buf\n"); ++ goto free_param; ++ } ++ ++ if (!check_equation_param(param, hash, buf, p_bytes) || ++ !check_base_point_group_param(param, ctx, key) || ++ !check_base_point_param(param, hash, buf, p_bytes) || ++ !check_pkey_point_group_param(param, ctx, key) || ++ !check_pkey_point_param(param, hash, buf, p_bytes, out)) ++ goto free_buf; ++ ++ ret = 1; ++ ++free_buf: + OPENSSL_free(buf); ++free_param: ++ OPENSSL_free(param); ++free_ctx: + BN_CTX_free(ctx); ++free_hash: + EVP_MD_CTX_free(hash); +- return rc; ++ return ret; + } + + static int sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) +-- +2.24.4 + diff --git a/0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch b/0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch new file mode 100644 index 0000000000000000000000000000000000000000..af9a35e6bfbe7d8aefa4a497133ae21bc120ab84 --- /dev/null +++ b/0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch @@ -0,0 +1,232 @@ +From 1bb24b3d0769f82e6903ca94fa6b8ad466eb5bbe Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Fri, 24 Dec 2021 08:44:03 +0000 +Subject: [PATCH 09/18] ecc: bugfix about ecc init after alloc sess + +When executing allocating session operation, it needs +sched_init(), which is supported by init operation +in the engine, so the init operation should be done +before executing allocating session operation. + +Signed-off-by: Zhiqi Song +--- + src/uadk_ec.c | 93 +++++++++++++++++++++++---------------------------- + 1 file changed, 42 insertions(+), 51 deletions(-) + +diff --git a/src/uadk_ec.c b/src/uadk_ec.c +index 9040d3c..0c8a011 100644 +--- a/src/uadk_ec.c ++++ b/src/uadk_ec.c +@@ -426,7 +426,10 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, + if (ret) + goto do_soft; + +- ret = UADK_DO_SOFT; ++ ret = uadk_init_ecc(); ++ if (ret) ++ goto do_soft; ++ + sess = ecc_alloc_sess(eckey, "ecdsa"); + if (!sess) + goto do_soft; +@@ -438,33 +441,28 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, + if (ret) + goto free_sess; + +- ret = uadk_ecc_set_private_key(sess, eckey); ++ ret = uadk_ecc_set_private_key(sess, eckey); + if (ret) + goto uninit_iot; + +- ret = uadk_init_ecc(); +- if (ret) { +- ret = UADK_DO_SOFT; +- goto uninit_iot; +- } +- + ret = uadk_ecc_crypto(sess, &req, (void *)sess); +- if (ret != 1) { +- ret = UADK_DO_SOFT; ++ if (ret != 1) + goto uninit_iot; +- } + + sig = create_ecdsa_sig(&req); + ++ wd_ecc_del_in(sess, req.src); ++ wd_ecc_del_out(sess, req.dst); ++ wd_ecc_free_sess(sess); ++ ++ return sig; ++ + uninit_iot: + wd_ecc_del_in(sess, req.src); + wd_ecc_del_out(sess, req.dst); + free_sess: + wd_ecc_free_sess(sess); + do_soft: +- if (ret != UADK_DO_SOFT) +- return sig; +- + fprintf(stderr, "switch to execute openssl software calculation.\n"); + return openssl_do_sign(dgst, dlen, in_kinv, in_r, eckey); + } +@@ -617,7 +615,10 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen, + if (ret) + goto do_soft; + +- ret = UADK_DO_SOFT; ++ ret = uadk_init_ecc(); ++ if (ret) ++ goto do_soft; ++ + sess = ecc_alloc_sess(eckey, "ecdsa"); + if (!sess) + goto do_soft; +@@ -633,24 +634,19 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen, + if (ret) + goto uninit_iot; + +- ret = uadk_init_ecc(); +- if (ret) { +- ret = UADK_DO_SOFT; +- goto uninit_iot; +- } +- + ret = uadk_ecc_crypto(sess, &req, (void *)sess); + if (ret != 1) { +- printf("failed to uadk_ecc_crypto, ret = %d\n", ret); +- ret = UADK_DO_SOFT; ++ fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret); ++ goto uninit_iot; + } ++ ++ return ret; ++ + uninit_iot: + wd_ecc_del_in(sess, req.src); + free_sess: + wd_ecc_free_sess(sess); + do_soft: +- if (ret != UADK_DO_SOFT) +- return ret; + fprintf(stderr, "switch to execute openssl software calculation.\n"); + return openssl_do_verify(dgst, dlen, sig, eckey); + } +@@ -888,9 +884,12 @@ static int sm2_generate_key(EC_KEY *eckey) + + ret = eckey_create_key(eckey); + if (!ret) +- return ret; ++ goto do_soft; ++ ++ ret = uadk_init_ecc(); ++ if (ret) ++ goto do_soft; + +- ret = UADK_DO_SOFT; + sess = ecc_alloc_sess(eckey, "sm2"); + if (!sess) + goto do_soft; +@@ -900,35 +899,29 @@ static int sm2_generate_key(EC_KEY *eckey) + if (ret) + goto free_sess; + +- ret = uadk_init_ecc(); +- if (ret) { +- ret = UADK_DO_SOFT; +- goto uninit_iot; +- } +- + ret = uadk_ecc_crypto(sess, &req, (void *)sess); +- if (ret != 1) { +- ret = UADK_DO_SOFT; ++ if (ret != 1) + goto uninit_iot; +- } + + ret = set_key_to_ec_key(eckey, &req); + if (ret) + goto uninit_iot; + + ret = 1; ++ wd_ecc_del_out(sess, req.dst); ++ wd_ecc_free_sess(sess); ++ ++ return ret; ++ + uninit_iot: + wd_ecc_del_out(sess, req.dst); + free_sess: + wd_ecc_free_sess(sess); + do_soft: +- if (ret != UADK_DO_SOFT) +- return ret; + fprintf(stderr, "switch to execute openssl software calculation.\n"); + return openssl_do_generate(eckey); + } + +- + static int ecdh_keygen_init_iot(handle_t sess, struct wd_ecc_req *req, + EC_KEY *ecdh) + { +@@ -1108,6 +1101,10 @@ static int ecdh_generate_key(EC_KEY *ecdh) + if (!ret) + goto do_soft; + ++ ret = uadk_init_ecc(); ++ if (ret) ++ goto do_soft; ++ + sess = ecc_alloc_sess(ecdh, "ecdh"); + if (!sess) + goto do_soft; +@@ -1121,10 +1118,6 @@ static int ecdh_generate_key(EC_KEY *ecdh) + if (ret) + goto uninit_iot; + +- ret = uadk_init_ecc(); +- if (ret) +- goto uninit_iot; +- + ret = uadk_ecc_crypto(sess, &req, (void *)sess); + if (ret != 1) + goto uninit_iot; +@@ -1202,10 +1195,8 @@ static int ecc_compkey_check(unsigned char **out, + return 1; + } + +-static int ecdh_compute_key(unsigned char **out, +- size_t *outlen, +- const EC_POINT *pub_key, +- const EC_KEY *ecdh) ++static int ecdh_compute_key(unsigned char **out, size_t *outlen, ++ const EC_POINT *pub_key, const EC_KEY *ecdh) + { + struct wd_ecc_req req; + handle_t sess; +@@ -1215,6 +1206,10 @@ static int ecdh_compute_key(unsigned char **out, + if (!ret) + goto do_soft; + ++ ret = uadk_init_ecc(); ++ if (ret) ++ goto do_soft; ++ + sess = ecc_alloc_sess(ecdh, "ecdh"); + if (!sess) + goto do_soft; +@@ -1232,10 +1227,6 @@ static int ecdh_compute_key(unsigned char **out, + if (ret) + goto uninit_iot; + +- ret = uadk_init_ecc(); +- if (ret) +- goto uninit_iot; +- + ret = uadk_ecc_crypto(sess, &req, (void *)sess); + if (ret != 1) + goto uninit_iot; +-- +2.24.4 + diff --git a/0010-rsa-cleanup-about-prime-generation.patch b/0010-rsa-cleanup-about-prime-generation.patch new file mode 100644 index 0000000000000000000000000000000000000000..22d3d170e3545b7a5fb851455dd9419b42eb7bc1 --- /dev/null +++ b/0010-rsa-cleanup-about-prime-generation.patch @@ -0,0 +1,110 @@ +From fc023b87189ff488b4e760567d92afeca2635559 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 25 Dec 2021 01:35:03 +0000 +Subject: [PATCH 10/18] rsa: cleanup about prime generation + +Reduce parameter number of rsa_prime_mul_res(), +and add comments of BN_GENCB_call(). + +Signed-off-by: Zhiqi Song +--- + src/uadk_rsa.c | 28 +++++++++++++++++----------- + 1 file changed, 17 insertions(+), 11 deletions(-) + +diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c +index c1609ca..2526af9 100644 +--- a/src/uadk_rsa.c ++++ b/src/uadk_rsa.c +@@ -164,14 +164,17 @@ static int rsa_check_bit_useful(const int bits, int flen) + } + } + +-static int rsa_prime_mul_res(int num, BIGNUM *rsa_p, BIGNUM *rsa_q, BIGNUM *r1, ++static int rsa_prime_mul_res(int num, struct rsa_prime_param *param, + BN_CTX *ctx, BN_GENCB *cb) + { + if (num == 1) { +- if (!BN_mul(r1, rsa_p, rsa_q, ctx)) ++ if (!BN_mul(param->r1, param->rsa_p, param->rsa_q, ctx)) + return BN_ERR; + } else { +- /* If num == 0, use number 3 to indicate do nothing */ ++ /* ++ * Use the number 3 to indicate whether ++ * the generator has been found. ++ */ + if (!BN_GENCB_call(cb, 3, num)) + return BN_ERR; + return BN_CONTINUE; +@@ -189,8 +192,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, + BN_ULONG bitst; + int ret; + +- ret = rsa_prime_mul_res(*num, param->rsa_p, param->rsa_q, +- param->r1, ctx, cb); ++ ret = rsa_prime_mul_res(*num, param, ctx, cb); + if (ret) + return ret; + /* +@@ -224,7 +226,10 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, + *bitse -= bitsr[*num]; + else + return -1; +- ++ /* ++ * Use the number 2 to indicate whether ++ * a prime has been found. ++ */ + ret = BN_GENCB_call(cb, 2, *n++); + if (!ret) + return -1; +@@ -237,7 +242,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, + retries++; + return BN_REDO; + } +- ++ /* Use the number 3 to indicate whether the generator has been found. */ + ret = BN_GENCB_call(cb, 3, *num); + if (!ret) + return BN_ERR; +@@ -314,6 +319,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param, + else + return BN_ERR; + ++ /* Use the number 2 to indicate whether a prime has been found. */ + if (!BN_GENCB_call(cb, 2, *n++)) + return BN_ERR; + +@@ -1094,7 +1100,7 @@ static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) + int ret; + + if (!default_meth) { +- printf("failed to get soft method.\n"); ++ fprintf(stderr, "failed to get soft method.\n"); + return UADK_E_FAIL; + } + +@@ -1121,7 +1127,7 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess, + return UADK_E_FAIL; + + keygen_param->wd_e->dsize = BN_bn2bin(bn_param->e, +- (unsigned char *)keygen_param->wd_e->data); ++ (unsigned char *)keygen_param->wd_e->data); + + wd_rsa_get_prikey(rsa_sess->sess, &key_pair->prikey); + if (!key_pair->prikey) +@@ -1133,9 +1139,9 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess, + return UADK_E_FAIL; + + keygen_param->wd_q->dsize = BN_bn2bin(bn_param->q, +- (unsigned char *)keygen_param->wd_q->data); ++ (unsigned char *)keygen_param->wd_q->data); + keygen_param->wd_p->dsize = BN_bn2bin(bn_param->p, +- (unsigned char *)keygen_param->wd_p->data); ++ (unsigned char *)keygen_param->wd_p->data); + + rsa_sess->req.src_bytes = rsa_sess->key_size; + rsa_sess->req.dst_bytes = rsa_sess->key_size; +-- +2.24.4 + diff --git a/0011-ecc-cleanup-the-form-of-the-return-value.patch b/0011-ecc-cleanup-the-form-of-the-return-value.patch new file mode 100644 index 0000000000000000000000000000000000000000..50f740266e085106e6b3d6f561d9479f6bbb8c7f --- /dev/null +++ b/0011-ecc-cleanup-the-form-of-the-return-value.patch @@ -0,0 +1,209 @@ +From dbb4ff29da9ed378d8753a6e5d18e86756c1d254 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Mon, 27 Dec 2021 07:04:43 +0000 +Subject: [PATCH 11/18] ecc: cleanup the form of the return value + +This patch includes: +1. Unified the return value form. +2. Remove redundant goto jumps. + +Signed-off-by: Zhiqi Song +--- + src/uadk_ec.c | 20 +++++++++++--------- + src/uadk_ecx.c | 8 ++++---- + src/uadk_pkey.c | 5 ++--- + src/uadk_sm2.c | 8 ++++---- + 4 files changed, 21 insertions(+), 20 deletions(-) + +diff --git a/src/uadk_ec.c b/src/uadk_ec.c +index 0c8a011..db69871 100644 +--- a/src/uadk_ec.c ++++ b/src/uadk_ec.c +@@ -446,7 +446,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, + goto uninit_iot; + + ret = uadk_ecc_crypto(sess, &req, (void *)sess); +- if (ret != 1) ++ if (!ret) + goto uninit_iot; + + sig = create_ecdsa_sig(&req); +@@ -635,11 +635,14 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen, + goto uninit_iot; + + ret = uadk_ecc_crypto(sess, &req, (void *)sess); +- if (ret != 1) { ++ if (!ret) { + fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret); + goto uninit_iot; + } + ++ wd_ecc_del_in(sess, req.src); ++ wd_ecc_free_sess(sess); ++ + return ret; + + uninit_iot: +@@ -701,7 +704,7 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) + tmp = BN_bin2bn((unsigned char *)privkey->data, privkey->dsize, NULL); + ret = EC_KEY_set_private_key(ec, tmp); + BN_free(tmp); +- if (ret != 1) { ++ if (!ret) { + fprintf(stderr, "failed to EC KEY set private key\n"); + return -EINVAL; + } +@@ -725,7 +728,7 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) + + ret = EC_KEY_set_public_key(ec, point); + EC_POINT_free(point); +- if (ret != 1) { ++ if (!ret) { + fprintf(stderr, "failed to EC_KEY_set_public_key\n"); + return -EINVAL; + } +@@ -900,18 +903,17 @@ static int sm2_generate_key(EC_KEY *eckey) + goto free_sess; + + ret = uadk_ecc_crypto(sess, &req, (void *)sess); +- if (ret != 1) ++ if (!ret) + goto uninit_iot; + + ret = set_key_to_ec_key(eckey, &req); + if (ret) + goto uninit_iot; + +- ret = 1; + wd_ecc_del_out(sess, req.dst); + wd_ecc_free_sess(sess); + +- return ret; ++ return 1; + + uninit_iot: + wd_ecc_del_out(sess, req.dst); +@@ -1119,7 +1121,7 @@ static int ecdh_generate_key(EC_KEY *ecdh) + goto uninit_iot; + + ret = uadk_ecc_crypto(sess, &req, (void *)sess); +- if (ret != 1) ++ if (!ret) + goto uninit_iot; + + ret = ecdh_set_key_to_ec_key(ecdh, &req); +@@ -1228,7 +1230,7 @@ static int ecdh_compute_key(unsigned char **out, size_t *outlen, + goto uninit_iot; + + ret = uadk_ecc_crypto(sess, &req, (void *)sess); +- if (ret != 1) ++ if (!ret) + goto uninit_iot; + + ret = ecdh_get_shared_key(ecdh, out, outlen, &req); +diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c +index 6a9f78c..67f9350 100644 +--- a/src/uadk_ecx.c ++++ b/src/uadk_ecx.c +@@ -399,7 +399,7 @@ static int x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + goto uninit_iot; + + ret = uadk_ecc_crypto(keygen_ctx->sess, &req, (void *)keygen_ctx->sess); +- if (ret != 1) ++ if (!ret) + goto uninit_iot; + + ret = ecx_keygen_set_pkey(pkey, keygen_ctx, &req, ecx_key); +@@ -457,7 +457,7 @@ static int x448_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + goto uninit_iot; + + ret = uadk_ecc_crypto(keygen_ctx->sess, &req, (void *)keygen_ctx->sess); +- if (ret != 1) ++ if (!ret) + goto uninit_iot; + + ret = ecx_keygen_set_pkey(pkey, keygen_ctx, &req, ecx_key); +@@ -659,7 +659,7 @@ static int x25519_derive(EVP_PKEY_CTX *ctx, unsigned char *key, + goto uninit_iot; + + ret = uadk_ecc_crypto(derive_ctx->sess, &req, (void *)derive_ctx); +- if (ret != 1) ++ if (!ret) + goto uninit_iot; + + wd_ecxdh_get_out_params(req.dst, &s_key); +@@ -745,7 +745,7 @@ static int x448_derive(EVP_PKEY_CTX *ctx, unsigned char *key, + goto uninit_iot; + + ret = uadk_ecc_crypto(derive_ctx->sess, &req, (void *)derive_ctx); +- if (ret != 1) ++ if (!ret) + goto uninit_iot; + + wd_ecxdh_get_out_params(req.dst, &s_key); +diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c +index 62362b0..7ca998b 100644 +--- a/src/uadk_pkey.c ++++ b/src/uadk_pkey.c +@@ -273,8 +273,7 @@ static void uadk_wd_ecc_uninit(void) + ecc_res.pid = 0; + } + +-int uadk_ecc_crypto(handle_t sess, +- struct wd_ecc_req *req, void *usr) ++int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr) + { + struct uadk_e_cb_info cb_param; + struct async_op op; +@@ -314,7 +313,7 @@ int uadk_ecc_crypto(handle_t sess, + } else { + ret = wd_do_ecc_sync(sess, req); + if (ret < 0) +- return ret; ++ return 0; + } + return 1; + err: +diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c +index 6d5dad0..f602e48 100644 +--- a/src/uadk_sm2.c ++++ b/src/uadk_sm2.c +@@ -359,7 +359,7 @@ static int sign_bin_to_ber(EC_KEY *ec, struct wd_dtb *r, struct wd_dtb *s, + } + + ret = ECDSA_SIG_set0(e_sig, br, bs); +- if (ret != 1) { ++ if (!ret) { + fprintf(stderr, "failed to ECDSA_SIG_set0\n"); + ret = -EINVAL; + goto free_s; +@@ -686,7 +686,7 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + } + + ret = uadk_ecc_crypto(smctx->sess, &req, smctx); +- if (ret != 1) { ++ if (!ret) { + fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret); + ret = UADK_DO_SOFT; + goto uninit_iot; +@@ -907,7 +907,7 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx, + } + + ret = uadk_ecc_crypto(smctx->sess, &req, smctx); +- if (ret != 1) { ++ if (!ret) { + ret = UADK_DO_SOFT; + fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret); + goto uninit_iot; +@@ -1061,7 +1061,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx, + } + + ret = uadk_ecc_crypto(smctx->sess, &req, smctx); +- if (ret != 1) { ++ if (!ret) { + ret = UADK_DO_SOFT; + fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret); + goto uninit_iot; +-- +2.24.4 + diff --git a/0012-engine-fix-uadk-engine-compatibility-issue.patch b/0012-engine-fix-uadk-engine-compatibility-issue.patch new file mode 100644 index 0000000000000000000000000000000000000000..ee913eaf0eee4dff7da88aab3ec719713086682f --- /dev/null +++ b/0012-engine-fix-uadk-engine-compatibility-issue.patch @@ -0,0 +1,140 @@ +From c212eedcab9135acc0433a125c8fab151674e8c5 Mon Sep 17 00:00:00 2001 +From: Wenkai Lin +Date: Tue, 23 Nov 2021 09:14:31 +0000 +Subject: [PATCH 12/18] engine: fix uadk engine compatibility issue + +When uadk use no sva mode, it should use wd_get_available_dev_num, +otherwise, it will not find old kernel's device path with attrs. + +Signed-off-by: Wenkai Lin +--- + src/e_uadk.c | 70 +++++++++++++++--------------------- + src/v1/uadk_v1.h | 1 + + src/v1/wdmngr/wd_alg_queue.c | 4 +++ + src/v1/wdmngr/wd_alg_queue.h | 2 ++ + 4 files changed, 36 insertions(+), 41 deletions(-) + +diff --git a/src/e_uadk.c b/src/e_uadk.c +index 18c2e4e..4e87c86 100644 +--- a/src/e_uadk.c ++++ b/src/e_uadk.c +@@ -239,54 +239,42 @@ static void engine_init_child_at_fork_handler(void) + #ifdef KAE + static void bind_fn_kae_alg(ENGINE *e) + { +- struct uacce_dev *dev; ++ int dev_num; + +- dev = wd_get_accel_dev("cipher"); +- if (dev) { +- if (!(dev->flags & UACCE_DEV_SVA)) { +- cipher_module_init(); +- if (!ENGINE_set_ciphers(e, sec_engine_ciphers)) +- fprintf(stderr, "uadk bind cipher failed\n"); +- else +- uadk_cipher_nosva = 1; +- } +- free(dev); ++ dev_num = wd_get_nosva_dev_num("cipher"); ++ if (dev_num > 0) { ++ cipher_module_init(); ++ if (!ENGINE_set_ciphers(e, sec_engine_ciphers)) ++ fprintf(stderr, "uadk bind cipher failed\n"); ++ else ++ uadk_cipher_nosva = 1; + } + +- dev = wd_get_accel_dev("digest"); +- if (dev) { +- if (!(dev->flags & UACCE_DEV_SVA)) { +- digest_module_init(); +- if (!ENGINE_set_digests(e, sec_engine_digests)) +- fprintf(stderr, "uadk bind digest failed\n"); +- else +- uadk_digest_nosva = 1; +- } +- free(dev); ++ dev_num = wd_get_nosva_dev_num("digest"); ++ if (dev_num > 0) { ++ digest_module_init(); ++ if (!ENGINE_set_digests(e, sec_engine_digests)) ++ fprintf(stderr, "uadk bind digest failed\n"); ++ else ++ uadk_digest_nosva = 1; + } + +- dev = wd_get_accel_dev("rsa"); +- if (dev) { +- if (!(dev->flags & UACCE_DEV_SVA)) { +- hpre_module_init(); +- if (!ENGINE_set_RSA(e, hpre_get_rsa_methods())) +- fprintf(stderr, "uadk bind rsa failed\n"); +- else +- uadk_rsa_nosva = 1; +- } +- free(dev); ++ dev_num = wd_get_nosva_dev_num("rsa"); ++ if (dev_num > 0) { ++ hpre_module_init(); ++ if (!ENGINE_set_RSA(e, hpre_get_rsa_methods())) ++ fprintf(stderr, "uadk bind rsa failed\n"); ++ else ++ uadk_rsa_nosva = 1; + } + +- dev = wd_get_accel_dev("dh"); +- if (dev) { +- if (!(dev->flags & UACCE_DEV_SVA)) { +- hpre_module_dh_init(); +- if (!ENGINE_set_DH(e, hpre_get_dh_methods())) +- fprintf(stderr, "uadk bind dh failed\n"); +- else +- uadk_dh_nosva = 1; +- } +- free(dev); ++ dev_num = wd_get_nosva_dev_num("dh"); ++ if (dev_num > 0) { ++ hpre_module_dh_init(); ++ if (!ENGINE_set_DH(e, hpre_get_dh_methods())) ++ fprintf(stderr, "uadk bind dh failed\n"); ++ else ++ uadk_dh_nosva = 1; + } + } + #endif +diff --git a/src/v1/uadk_v1.h b/src/v1/uadk_v1.h +index f5081e3..d921706 100644 +--- a/src/v1/uadk_v1.h ++++ b/src/v1/uadk_v1.h +@@ -35,4 +35,5 @@ extern void hpre_dh_destroy(void); + + extern int hpre_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, + const int **pnids, int nid); ++extern int wd_get_nosva_dev_num(const char *algorithm); + #endif +diff --git a/src/v1/wdmngr/wd_alg_queue.c b/src/v1/wdmngr/wd_alg_queue.c +index 79c9a6d..5cd33ae 100644 +--- a/src/v1/wdmngr/wd_alg_queue.c ++++ b/src/v1/wdmngr/wd_alg_queue.c +@@ -74,3 +74,7 @@ void wd_free_queue(struct wd_queue *queue) + } + } + ++int wd_get_nosva_dev_num(const char *algorithm) ++{ ++ return wd_get_available_dev_num(algorithm); ++} +diff --git a/src/v1/wdmngr/wd_alg_queue.h b/src/v1/wdmngr/wd_alg_queue.h +index 4fd3a9d..955eed5 100644 +--- a/src/v1/wdmngr/wd_alg_queue.h ++++ b/src/v1/wdmngr/wd_alg_queue.h +@@ -25,4 +25,6 @@ + struct wd_queue *wd_new_queue(int algtype); + + void wd_free_queue(struct wd_queue *queue); ++ ++int wd_get_nosva_dev_num(const char *algorithm); + #endif +-- +2.24.4 + diff --git a/0013-digest-modify-the-process-of-free-session.patch b/0013-digest-modify-the-process-of-free-session.patch new file mode 100644 index 0000000000000000000000000000000000000000..701bbcd5de61ef35bb72802d8ab4193e8e8b44d1 --- /dev/null +++ b/0013-digest-modify-the-process-of-free-session.patch @@ -0,0 +1,31 @@ +From ca59dfa548656d82d6d50a6dad6bfc88b2825473 Mon Sep 17 00:00:00 2001 +From: Kai Ye +Date: Thu, 6 Jan 2022 14:49:27 +0800 +Subject: [PATCH 13/18] digest: modify the process of free session + +Currently, release the session in the cleanup instead of final. so not +should free session in the final. Here is fix it. + +Signed-off-by: Kai Ye +--- + src/uadk_digest.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index 41de449..cbfb539 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -688,10 +688,6 @@ sync_err: + ret = uadk_e_digest_soft_work(priv, priv->tail, digest); + clear: + async_clear_async_event_notification(); +- if (priv->sess) { +- wd_digest_free_sess(priv->sess); +- priv->sess = 0; +- } + return ret; + } + +-- +2.24.4 + diff --git a/0014-digest-modify-the-process-of-soft-and-hardware-hando.patch b/0014-digest-modify-the-process-of-soft-and-hardware-hando.patch new file mode 100644 index 0000000000000000000000000000000000000000..5c90457bc6e4d55782e5e33086c15896cf699722 --- /dev/null +++ b/0014-digest-modify-the-process-of-soft-and-hardware-hando.patch @@ -0,0 +1,153 @@ +From 7efc5b169d74b84af8108bc736d80eedbe3a8004 Mon Sep 17 00:00:00 2001 +From: Kai Ye +Date: Thu, 6 Jan 2022 14:48:13 +0800 +Subject: [PATCH 14/18] digest: modify the process of soft and hardware handoff + +Due to has added the stream mode for digest. So need to modify the +process of software and hardware handoff. + +Signed-off-by: Kai Ye +--- + src/uadk_digest.c | 60 +++++++++++++++++++++++++++++++++++++---------- + 1 file changed, 48 insertions(+), 12 deletions(-) + +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index cbfb539..bf738af 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -44,6 +44,14 @@ + #define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024) + #define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512) + #define MAX_DIGEST_LENGTH 64 ++#define DIGEST_BLOCK_SIZE (512 * 1024) ++ ++enum sec_digestz_state { ++ SEC_DIGEST_INIT, ++ SEC_DIGEST_FIRST_UPDATING, ++ SEC_DIGEST_DOING, ++ SEC_DIGEST_FINAL ++}; + + struct digest_threshold_table { + int nid; +@@ -72,21 +80,19 @@ struct evp_md_ctx_st { + int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); + }; + +-#define DIGEST_BLOCK_SIZE 4096 +- + struct digest_priv_ctx { + handle_t sess; + struct wd_digest_sess_setup setup; + struct wd_digest_req req; + unsigned char *data; + unsigned char out[MAX_DIGEST_LENGTH]; +- size_t tail; ++ EVP_MD_CTX *soft_ctx; + size_t last_update_bufflen; +- bool copy; + uint32_t e_nid; +- EVP_MD_CTX *soft_ctx; +- size_t switch_threshold; ++ uint32_t state; ++ uint32_t switch_threshold; + int switch_flag; ++ bool copy; + }; + + static int digest_nids[] = { +@@ -150,7 +156,7 @@ static const EVP_MD *uadk_e_digests_soft_md(uint32_t e_nid) + return digest_md; + } + +-static int sec_digest_get_sw_threshold(int n_id) ++static uint32_t sec_digest_get_sw_threshold(int n_id) + { + int threshold_table_size = ARRAY_SIZE(digest_pkt_threshold_table); + int i = 0; +@@ -464,6 +470,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) + priv->soft_ctx = EVP_MD_CTX_new(); + priv->e_nid = nid; + ++ priv->state = SEC_DIGEST_INIT; + ret = uadk_e_init_digest(); + if (!ret) { + priv->switch_flag = UADK_DO_SOFT; +@@ -504,7 +511,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) + return 0; + + priv->data = malloc(DIGEST_BLOCK_SIZE); +- if (priv->data == NULL) { ++ if (!priv->data) { + wd_digest_free_sess(priv->sess); + return 0; + } +@@ -540,9 +547,16 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le + left_len -= copy_to_bufflen; + tmpdata += copy_to_bufflen; + ++ if (priv->state == SEC_DIGEST_INIT) ++ priv->state = SEC_DIGEST_FIRST_UPDATING; ++ else if (priv->state == SEC_DIGEST_FIRST_UPDATING) ++ priv->state = SEC_DIGEST_DOING; ++ + ret = wd_do_digest_sync(priv->sess, &priv->req); +- if (ret) +- return 0; ++ if (ret) { ++ fprintf(stderr, "do sec digest sync failed, switch to soft digest.\n"); ++ goto do_soft_digest; ++ } + + priv->last_update_bufflen = 0; + memset(priv->data, 0, DIGEST_BLOCK_SIZE); +@@ -551,10 +565,26 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le + memcpy(priv->data, tmpdata, priv->last_update_bufflen); + break; + } ++ } ++ ++ return 1; ++do_soft_digest: ++ if (priv->state == SEC_DIGEST_FIRST_UPDATING ++ && priv->data ++ && priv->last_update_bufflen != 0) { ++ priv->switch_flag = UADK_DO_SOFT; ++ digest_soft_init(priv->soft_ctx, priv->e_nid); ++ ret = digest_soft_update(priv->soft_ctx, priv->e_nid, ++ priv->data, priv->last_update_bufflen); ++ if (ret != 1) ++ return ret; + ++ return digest_soft_update(priv->soft_ctx, priv->e_nid, ++ tmpdata, left_len); + } + +- return 1; ++ fprintf(stderr, "do soft digest failed during updating!\n"); ++ return 0; + } + + static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_len) +@@ -681,11 +711,17 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) + goto clear; + } + memcpy(digest, priv->req.out, priv->req.out_bytes); ++ priv->last_update_bufflen = 0; + + return 1; + + sync_err: +- ret = uadk_e_digest_soft_work(priv, priv->tail, digest); ++ if (priv->state == SEC_DIGEST_INIT) { ++ ret = uadk_e_digest_soft_work(priv, priv->req.in_bytes, digest); ++ } else { ++ ret = 0; ++ fprintf(stderr, "do sec digest stream mode failed.\n"); ++ } + clear: + async_clear_async_event_notification(); + return ret; +-- +2.24.4 + diff --git a/0015-ecc-bugfix-about-sm2-decryption.patch b/0015-ecc-bugfix-about-sm2-decryption.patch new file mode 100644 index 0000000000000000000000000000000000000000..3c64c7bf51aae22a4ed315169d890bd910b5ce26 --- /dev/null +++ b/0015-ecc-bugfix-about-sm2-decryption.patch @@ -0,0 +1,114 @@ +From 32c58bf68e7f33d0170b3cc9040a11395a68df72 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 8 Jan 2022 07:24:22 +0000 +Subject: [PATCH 15/18] ecc: bugfix about sm2 decryption + +When doing sm2_decrypt_check(), if the out param is NULL, +it is supposed to use sm2_plaintext_size() function to +get the output plain text length, rather than use +sm2_ciphertext_size(). + +Signed-off-by: Zhiqi Song +--- + src/uadk_sm2.c | 29 ++++++++++++++++++++++------- + 1 file changed, 22 insertions(+), 7 deletions(-) + +diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c +index f602e48..b39c418 100644 +--- a/src/uadk_sm2.c ++++ b/src/uadk_sm2.c +@@ -524,7 +524,7 @@ static int cipher_ber_to_bin(unsigned char *ber, size_t ber_len, + len = BN_num_bytes(ctext_struct->C1x); + len1 = BN_num_bytes(ctext_struct->C1y); + c1->x.data = malloc(len + len1 + ctext_struct->C2->length + +- ctext_struct->C3->length); ++ ctext_struct->C3->length); + if (!c1->x.data) { + ret = -ENOMEM; + goto free_ctext; +@@ -547,7 +547,6 @@ free_ctext: + + static size_t ec_field_size(const EC_GROUP *group) + { +- /* Is there some simpler way to do this? */ + BIGNUM *p = BN_new(); + BIGNUM *a = BN_new(); + BIGNUM *b = BN_new(); +@@ -559,7 +558,7 @@ static size_t ec_field_size(const EC_GROUP *group) + if (!EC_GROUP_get_curve(group, p, a, b, NULL)) + goto done; + +- /* Pad and convert bits to bytes*/ ++ /* Pad and convert bits to bytes */ + field_size = (BN_num_bits(p) + 7) / 8; + + done: +@@ -570,6 +569,22 @@ done: + return field_size; + } + ++static int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size) ++{ ++ struct sm2_ciphertext *sm2_ctext; ++ ++ sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size); ++ if (!sm2_ctext) { ++ fprintf(stderr, "invalid sm2 encoding\n"); ++ return 0; ++ } ++ ++ *pt_size = sm2_ctext->C2->length; ++ SM2_Ciphertext_free(sm2_ctext); ++ ++ return 1; ++} ++ + static int sm2_ciphertext_size(const EC_KEY *key, + const EVP_MD *digest, size_t msg_len, + size_t *ct_size) +@@ -589,6 +604,7 @@ static int sm2_ciphertext_size(const EC_KEY *key, + + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING) + + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING); + *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE); ++ + return 1; + } + +@@ -792,7 +808,7 @@ static int sm2_verify(EVP_PKEY_CTX *ctx, + } + + ret = uadk_ecc_crypto(smctx->sess, &req, smctx); +- if (ret != 1) { ++ if (!ret) { + ret = UADK_DO_SOFT; + fprintf(stderr, "failed to uadk_ecc_crypto, ret = %d\n", ret); + goto uninit_iot; +@@ -941,8 +957,6 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx, + const unsigned char *in, size_t inlen) + { + struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx); +- EVP_PKEY *p_key = EVP_PKEY_CTX_get0_pkey(ctx); +- EC_KEY *ec = EVP_PKEY_get0(p_key); + const EVP_MD *md; + int hash_size; + +@@ -959,7 +973,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx, + } + + if (!out) { +- if (!sm2_ciphertext_size(ec, md, inlen, outlen)) ++ if (!sm2_plaintext_size(in, inlen, outlen)) + return -1; + else + return 1; +@@ -1039,6 +1053,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx, + } + + md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md; ++ + ret = cipher_ber_to_bin((void *)in, inlen, &c1, &c2, &c3); + if (ret) + goto do_soft; +-- +2.24.4 + diff --git a/0016-dh-bugfix-about-dh-compute-key.patch b/0016-dh-bugfix-about-dh-compute-key.patch new file mode 100644 index 0000000000000000000000000000000000000000..c9f8f60c3f3fbf2be0ba47a388c1f6897a3cdd0e --- /dev/null +++ b/0016-dh-bugfix-about-dh-compute-key.patch @@ -0,0 +1,103 @@ +From ff486764bbab601177acad102febb1497262a88c Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 8 Jan 2022 08:42:55 +0000 +Subject: [PATCH 16/18] dh: bugfix about dh compute key + +This patch includes: +1. Add an UADK_DO_SOFT tag when dh_do_crypto() failed. +2. Do some tiny cleanup. + +Signed-off-by: Zhiqi Song +--- + src/uadk_dh.c | 14 ++++---------- + 1 file changed, 4 insertions(+), 10 deletions(-) + +diff --git a/src/uadk_dh.c b/src/uadk_dh.c +index 9c2bfbf..989c9ec 100644 +--- a/src/uadk_dh.c ++++ b/src/uadk_dh.c +@@ -741,13 +741,12 @@ static int dh_soft_set_pkey(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) + return UADK_E_SUCCESS; + } + +-/* Main Phase1: Generate public key */ + static int uadk_e_dh_generate_key(DH *dh) + { + struct uadk_dh_sess *dh_sess = NULL; +- int bits = DH_bits(dh); +- BIGNUM *pub_key = NULL; + BIGNUM *priv_key = NULL; ++ BIGNUM *pub_key = NULL; ++ int bits = DH_bits(dh); + const BIGNUM *p = NULL; + const BIGNUM *g = NULL; + const BIGNUM *q = NULL; +@@ -771,7 +770,6 @@ static int uadk_e_dh_generate_key(DH *dh) + goto exe_soft; + } + +- /* Fill request data */ + ret = dh_fill_genkey_req(g, p, priv_key, dh_sess); + if (!ret) { + fprintf(stderr, "failed to fill req\n"); +@@ -786,7 +784,6 @@ static int uadk_e_dh_generate_key(DH *dh) + goto free_sess; + } + +- /* Get the generated public key from uadk(->hardware) */ + ret = dh_get_pubkey(dh_sess, &pub_key); + if (!ret) { + fprintf(stderr, "failed to get public key\n"); +@@ -794,7 +791,6 @@ static int uadk_e_dh_generate_key(DH *dh) + goto free_sess; + } + +- /* Set the public key and private key */ + ret = dh_soft_set_pkey(dh, pub_key, priv_key); + + free_sess: +@@ -806,16 +802,15 @@ exe_soft: + return uadk_e_dh_soft_generate_key(dh); + } + +-/* Main Phase2: Compute shared key */ + static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, + DH *dh) + { + struct uadk_dh_sess *dh_sess = NULL; ++ BIGNUM *priv_key = NULL; + int bits = DH_bits(dh); + const BIGNUM *p = NULL; + const BIGNUM *g = NULL; + const BIGNUM *q = NULL; +- BIGNUM *priv_key = NULL; + int ret; + + if (!dh || !key || !pub_key || !DH_get0_priv_key(dh)) +@@ -845,6 +840,7 @@ static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, + ret = dh_do_crypto(dh_sess); + if (!ret) { + fprintf(stderr, "failed to generate DH shared key\n"); ++ ret = UADK_DO_SOFT; + goto free_sess; + } + +@@ -894,7 +890,6 @@ static void uadk_e_delete_dh_meth(void) + uadk_dh_method = NULL; + } + +- + int uadk_e_bind_dh(ENGINE *e) + { + pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE); +@@ -905,7 +900,6 @@ int uadk_e_bind_dh(ENGINE *e) + void uadk_e_destroy_dh(void) + { + pthread_spin_destroy(&g_dh_res.lock); +- + uadk_e_delete_dh_meth(); + uadk_e_wd_dh_uninit(); + } +-- +2.24.4 + diff --git a/0017-ecc-bugfix-about-ecc-general-init.patch b/0017-ecc-bugfix-about-ecc-general-init.patch new file mode 100644 index 0000000000000000000000000000000000000000..c008750a1c39365081236bd29410e605a7d69036 --- /dev/null +++ b/0017-ecc-bugfix-about-ecc-general-init.patch @@ -0,0 +1,28 @@ +From 3ff18ada641a8ad6c54a6054b4b8323b0b4389a2 Mon Sep 17 00:00:00 2001 +From: Zhiqi Song +Date: Sat, 8 Jan 2022 09:03:00 +0000 +Subject: [PATCH 17/18] ecc: bugfix about ecc general init + +When calloc failed, it should return with error code directly. + +Signed-off-by: Zhiqi Song +--- + src/uadk_pkey.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c +index 7ca998b..14e0b8f 100644 +--- a/src/uadk_pkey.c ++++ b/src/uadk_pkey.c +@@ -189,7 +189,7 @@ static int uadk_e_wd_ecc_general_init(struct uacce_dev *dev, + + ctx_cfg = calloc(1, sizeof(struct wd_ctx_config)); + if (!ctx_cfg) +- ret = -ENOMEM; ++ return -ENOMEM; + + ecc_res.ctx_res = ctx_cfg; + ctx_cfg->ctx_num = CTX_NUM; +-- +2.24.4 + diff --git a/0018-digest-fix-codecheck-warning.patch b/0018-digest-fix-codecheck-warning.patch new file mode 100644 index 0000000000000000000000000000000000000000..20a28e81e92664ad89204f422ffb954eefda2b3d --- /dev/null +++ b/0018-digest-fix-codecheck-warning.patch @@ -0,0 +1,113 @@ +From e26726746340428c58ea1ce2460c0fb669bb7545 Mon Sep 17 00:00:00 2001 +From: Kai Ye +Date: Fri, 7 Jan 2022 09:56:54 +0800 +Subject: [PATCH 18/18] digest: fix codecheck warning + +fix a more than 50 lines function uadk_e_digest_init. + +Signed-off-by: Kai Ye +--- + src/uadk_digest.c | 57 ++++++++++++++++++++++++++--------------------- + 1 file changed, 31 insertions(+), 26 deletions(-) + +diff --git a/src/uadk_digest.c b/src/uadk_digest.c +index bf738af..5b843a0 100644 +--- a/src/uadk_digest.c ++++ b/src/uadk_digest.c +@@ -95,6 +95,13 @@ struct digest_priv_ctx { + bool copy; + }; + ++struct digest_info { ++ int nid; ++ enum wd_digest_mode mode; ++ enum wd_digest_type alg; ++ __u32 out_len; ++}; ++ + static int digest_nids[] = { + NID_md5, + NID_sm3, +@@ -116,6 +123,16 @@ static struct digest_threshold_table digest_pkt_threshold_table[] = { + { NID_sha512, SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT }, + }; + ++static struct digest_info digest_info_table[] = { ++ {NID_md5, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16}, ++ {NID_sm3, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32}, ++ {NID_sha1, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20}, ++ {NID_sha224, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28}, ++ {NID_sha256, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32}, ++ {NID_sha384, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48}, ++ {NID_sha512, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64}, ++}; ++ + static EVP_MD *uadk_md5; + static EVP_MD *uadk_sm3; + static EVP_MD *uadk_sha1; +@@ -451,8 +468,8 @@ static void digest_priv_ctx_setup(struct digest_priv_ctx *priv, + enum wd_digest_type alg, enum wd_digest_mode mode, + __u32 out_len) + { +- priv->setup.mode = alg; +- priv->setup.alg = mode; ++ priv->setup.alg = alg; ++ priv->setup.mode = mode; + priv->req.out_buf_bytes = out_len; + priv->req.out_bytes = out_len; + } +@@ -461,9 +478,10 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) + { + struct digest_priv_ctx *priv = + (struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx); ++ int digest_counts = ARRAY_SIZE(digest_info_table); + int nid = EVP_MD_nid(EVP_MD_CTX_md(ctx)); + struct sched_params params = {0}; +- int ret; ++ int ret, i; + + /* Allocate a soft ctx for hardware engine */ + if (priv->soft_ctx == NULL) +@@ -478,29 +496,16 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) + goto soft_init; + } + +- switch (nid) { +- case NID_md5: +- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16); +- break; +- case NID_sm3: +- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32); +- break; +- case NID_sha1: +- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20); +- break; +- case NID_sha224: +- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28); +- break; +- case NID_sha256: +- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32); +- break; +- case NID_sha384: +- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48); +- break; +- case NID_sha512: +- digest_priv_ctx_setup(priv, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64); +- break; +- default: ++ for (i = 0; i < digest_counts; i++) { ++ if (nid == digest_info_table[i].nid) { ++ digest_priv_ctx_setup(priv, digest_info_table[i].alg, ++ digest_info_table[i].mode, digest_info_table[i].out_len); ++ break; ++ } ++ } ++ ++ if (i == digest_counts) { ++ fprintf(stderr, "failed to setup the private ctx.\n"); + return 0; + } + +-- +2.24.4 + diff --git a/uadk_engine-1.0.0.tar.gz b/uadk_engine-1.0.0.tar.gz index c1656bfed49c0a297229c80f5d436ac1e8d662de..63b7d49a9e2c0f8f13daed8bf67aa6a61eb80c4c 100644 Binary files a/uadk_engine-1.0.0.tar.gz and b/uadk_engine-1.0.0.tar.gz differ diff --git a/uadk_engine.spec b/uadk_engine.spec index 2d822c8627bd4e253d58b734b487a1d5559a2207..2c3b3b1ffcfd370937f1d01c39c5cc65232a7f86 100644 --- a/uadk_engine.spec +++ b/uadk_engine.spec @@ -3,7 +3,7 @@ Name: uadk_engine Summary: UADK Accelerator Engine Version: 1.0.0 -Release: 2 +Release: 3 License: Apache-2.0 Source: %{name}-%{version}.tar.gz ExclusiveOS: linux @@ -16,7 +16,24 @@ BuildRequires: openssl-devel sed autoconf automake libtool Requires: openssl ExclusiveArch: aarch64 -Patch0001: 0001-digest-delete-some-duplicate-code.patch +Patch0001: 0001-digest-support-digest-multiple-update.patch +Patch0002: 0002-uadk_engine-define-the-variable-as-const.patch +Patch0003: 0003-ecc-fix-codecheck-warning.patch +Patch0004: 0004-rsa-delete-redundant-copy.patch +Patch0005: 0005-rsa-fix-coverity-warning.patch +Patch0006: 0006-ecc-cleanup-duplicate-public-key-allocation.patch +Patch0007: 0007-rsa-cleanup-about-reducing-function-parameters.patch +Patch0008: 0008-ecc-cleanup-sm2-compute-digest-function.patch +Patch0009: 0009-ecc-bugfix-about-ecc-init-after-alloc-sess.patch +Patch0010: 0010-rsa-cleanup-about-prime-generation.patch +Patch0011: 0011-ecc-cleanup-the-form-of-the-return-value.patch +Patch0012: 0012-engine-fix-uadk-engine-compatibility-issue.patch +Patch0013: 0013-digest-modify-the-process-of-free-session.patch +Patch0014: 0014-digest-modify-the-process-of-soft-and-hardware-hando.patch +Patch0015: 0015-ecc-bugfix-about-sm2-decryption.patch +Patch0016: 0016-dh-bugfix-about-dh-compute-key.patch +Patch0017: 0017-ecc-bugfix-about-ecc-general-init.patch +Patch0018: 0018-digest-fix-codecheck-warning.patch %description This package contains the UADK Accelerator Engine @@ -66,6 +83,9 @@ fi /sbin/ldconfig %changelog +* Wed Jan 12 2022 linwenkai 1.0.0-3 +- Backport uadk engine patch + * Fri Dec 10 2021 linwenkai 1.0.0-2 - Delete digest duplicate code