From: Chenghai Huang <huangchenghai2@huawei.com> 1.Separate variable declaration and assignment, and obtain mdname after EVP_KDF check. 2.It is no need to give 0 to sess after releasing sess. Delete redundant operation after releasing resource. 3.Delete the loop that does not display the exit condition like for(;;) and use the do while. 4.Change the uadk_params.enable_sw_offload name to uadk_params.enable_sw_flag to avoid duplicate names. Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com> Signed-off-by: JiangShui Yang <yangjiangshui@h-partners.com> --- src/uadk_prov_cipher.c | 5 ++--- src/uadk_prov_ecdh_exch.c | 11 ++++++++--- src/uadk_prov_ffc.c | 36 ++++++++++++++++++++++-------------- src/uadk_prov_hmac.c | 4 ++-- src/uadk_prov_init.c | 8 ++++---- src/uadk_sm2.c | 1 + 6 files changed, 39 insertions(+), 26 deletions(-) diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c index 94ce518..23b93d1 100644 --- a/src/uadk_prov_cipher.c +++ b/src/uadk_prov_cipher.c @@ -1330,10 +1330,9 @@ static void uadk_prov_cipher_freectx(void *ctx) if (priv->sw_ctx) EVP_CIPHER_CTX_free(priv->sw_ctx); - if (priv->sess) { + if (priv->sess) wd_cipher_free_sess(priv->sess); - priv->sess = 0; - } + OPENSSL_clear_free(priv, sizeof(*priv)); } diff --git a/src/uadk_prov_ecdh_exch.c b/src/uadk_prov_ecdh_exch.c index 4102ac1..9bd7559 100644 --- a/src/uadk_prov_ecdh_exch.c +++ b/src/uadk_prov_ecdh_exch.c @@ -371,17 +371,19 @@ static int ecdh_plain_derive(struct ecdh_ctx *pecdhctx, static int ecdh_kdf_X9_63(unsigned char *out, struct ecdh_ctx *pecdhctx, unsigned char *stmp, size_t stmplen) { - EVP_KDF *kdf = EVP_KDF_fetch(pecdhctx->libctx, OSSL_KDF_NAME_X963KDF, NULL); - const char *mdname = EVP_MD_get0_name(pecdhctx->kdf_md); OSSL_PARAM params[4], *p = params; int ret = UADK_P_FAIL; + const char *mdname; EVP_KDF_CTX *kctx; + EVP_KDF *kdf; + kdf = EVP_KDF_fetch(pecdhctx->libctx, OSSL_KDF_NAME_X963KDF, NULL); if (!kdf) { fprintf(stderr, "failed to fetch kdf!\n"); return ret; } + mdname = EVP_MD_get0_name(pecdhctx->kdf_md); kctx = EVP_KDF_CTX_new(kdf); if (!kctx) { fprintf(stderr, "failed to new kctx!\n"); @@ -395,7 +397,10 @@ static int ecdh_kdf_X9_63(unsigned char *out, struct ecdh_ctx *pecdhctx, *p = OSSL_PARAM_construct_end(); ret = EVP_KDF_derive(kctx, out, pecdhctx->kdf_outlen, params); - ret = ret <= 0 ? UADK_P_FAIL : UADK_P_SUCCESS; + if (ret <= 0) + ret = UADK_P_FAIL; + else + ret = UADK_P_SUCCESS; EVP_KDF_CTX_free(kctx); diff --git a/src/uadk_prov_ffc.c b/src/uadk_prov_ffc.c index cd30c87..7719039 100644 --- a/src/uadk_prov_ffc.c +++ b/src/uadk_prov_ffc.c @@ -1126,24 +1126,31 @@ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx, size_t L, size_t N, int *res, BN_GENCB *cb) { - BIGNUM *r0, *test, *tmp, *g = NULL, *q = NULL, *p = NULL; - int counter = 0, pcounter = 0, use_random_seed; - int ok = FFC_PARAM_RET_STATUS_FAILED; unsigned char seed[SHA256_DIGEST_LENGTH]; unsigned char buf[SHA256_DIGEST_LENGTH]; unsigned char *seed_in = params->seed; + int ok = FFC_PARAM_RET_STATUS_FAILED; size_t seed_len = params->seedlen; - int verify = (mode == FFC_PARAM_MODE_VERIFY); - unsigned int flags = verify ? params->flags : 0; - const char *def_name; + int use_random_seed, rv, verify; BN_MONT_CTX *mont = NULL; + BIGNUM *r0, *test, *tmp; + const char *def_name; + unsigned int flags; BN_CTX *ctx = NULL; EVP_MD *md = NULL; + BIGNUM *g = NULL; + BIGNUM *q = NULL; + BIGNUM *p = NULL; + int pcounter = 0; + int counter = 0; int hret = -1; size_t qsize; - int n = 0, m = 0; - int rv; + int done = 0; + int m = 0; + int n = 0; + verify = (mode == FFC_PARAM_MODE_VERIFY); + flags = verify ? params->flags : 0; *res = 0; if (params->mdname != NULL) { @@ -1251,7 +1258,7 @@ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx, } use_random_seed = (seed_in == NULL); - for (;;) { + do { if (!generate_q_fips186_2(ctx, q, md, buf, seed, qsize, use_random_seed, &m, res, cb)) goto err; @@ -1276,12 +1283,13 @@ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx, rv = generate_p(ctx, md, counter, n, buf, qsize, q, p, L, cb, &pcounter, res); if (rv > 0) - break; /* found it */ - if (rv == -1) + done = 1; /* found it */ + else if (rv == -1) goto err; - /* This is what the old code did - probably not a good idea! */ - use_random_seed = 1; - } + else + /* This is what the old code did - probably not a good idea! */ + use_random_seed = 1; + } while (!done); if (!BN_GENCB_call(cb, GENCB_NEXT, 1)) goto err; diff --git a/src/uadk_prov_hmac.c b/src/uadk_prov_hmac.c index dd5f5ad..9ad9168 100644 --- a/src/uadk_prov_hmac.c +++ b/src/uadk_prov_hmac.c @@ -45,8 +45,8 @@ #define ALG_NAME_SIZE 128 #define PARAMS_SIZE 2 -#define KEY_4BYTE_ALIGN(keylen) ((keylen + 3) & ~3) -#define SW_SWITCH_PRINT_ENABLE(SW) (SW ? ", switch to soft hmac" : "") +#define KEY_4BYTE_ALIGN(keylen) (((keylen) + 3) & ~3) +#define SW_SWITCH_PRINT_ENABLE(SW) ((SW) ? ", switch to soft hmac" : "") #define SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512) #define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024) diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c index 5c76041..7869303 100644 --- a/src/uadk_prov_init.c +++ b/src/uadk_prov_init.c @@ -41,7 +41,7 @@ static OSSL_FUNC_core_get_params_fn *c_get_params; static OSSL_FUNC_core_get_libctx_fn *c_get_libctx; struct uadk_provider_params { - char *enable_sw_offload; + char *enable_sw_flag; } uadk_params; /* offload small packets to sw */ @@ -379,7 +379,7 @@ int uadk_get_params_from_core(const OSSL_CORE_HANDLE *handle) *p++ = OSSL_PARAM_construct_utf8_ptr( "enable_sw_offload", - (char **)&uadk_params.enable_sw_offload, + (char **)&uadk_params.enable_sw_flag, 0); *p = OSSL_PARAM_construct_end(); @@ -388,8 +388,8 @@ int uadk_get_params_from_core(const OSSL_CORE_HANDLE *handle) return UADK_P_FAIL; } - if (uadk_params.enable_sw_offload) - uadk_set_sw_offload_state(atoi(uadk_params.enable_sw_offload)); + if (uadk_params.enable_sw_flag) + uadk_set_sw_offload_state(atoi(uadk_params.enable_sw_flag)); return UADK_P_SUCCESS; } diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c index 761038a..ac7d88c 100644 --- a/src/uadk_sm2.c +++ b/src/uadk_sm2.c @@ -1450,6 +1450,7 @@ static int check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash, static int check_equation_param(struct sm2_param *param, EVP_MD_CTX *hash, uint8_t *buf, int p_bytes) { + /* Update param a and b separately */ if (BN_bn2binpad(param->a, buf, p_bytes) < 0 || !EVP_DigestUpdate(hash, buf, p_bytes) || BN_bn2binpad(param->b, buf, p_bytes) < 0 || -- 2.33.0