[PATCH 00/10] uadk_engine: bugfix and cleanup

List overview All Threads
Download

newer

older

[PATCH 01/20] uadk: fix alg driver...

[PATCH 00/10] uadk_engine: bugfix...

Zhiqi Song

2 Jun 2023 2 Jun '23

3:49 p.m.

This patch set including the following modify: 1. Some optimization of ECC and Digest algorithms to improve the performance of them. 2. Some bugfix and cleanup of the code. 3. Fixup the README.md info about enviroment variable.

Zhiqi Song (10): uadk_engine: bugfix null dereference in abnormal conditions digest: cleanup magic number in digest dh: cleanup redundant macro definition ecc: bugfix about repeated alg and dev queries ecc: bugfix the conversion of sm2 pubkey point uadk_engine: modify static check problem ecc: optimize sm2 ctrl process to improve performance digest: remove soft ctx allocation in digest init process ecc: optimize sm2 update session process uadk_engine: fix openssl config info

-- 2.30.0

Show replies by date

Zhiqi Song

2 Jun 2 Jun

3:49 p.m.

New subject: [PATCH 01/10] uadk_engine: bugfix null dereference in abnormal conditions

Add judgment to prevent null dereference in abnormal conditions.

Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_ec.c | 17 +++++++++++++++++ src/uadk_ecx.c | 7 ++++++- src/uadk_rsa.c | 18 ++++++++++++++++++ src/uadk_sm2.c | 15 +++++++++++++++ 4 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/src/uadk_ec.c b/src/uadk_ec.c index 6106083..30e298e 100644 --- a/src/uadk_ec.c +++ b/src/uadk_ec.c @@ -453,6 +453,11 @@ static ECDSA_SIG *create_ecdsa_sig(struct wd_ecc_req *req) }

wd_ecdsa_get_sign_out_params(req->dst, &r, &s); + if (!r || !s) { + fprintf(stderr, "failed to get r or s\n"); + goto err; + } + if (!BN_bin2bn((void *)r->data, r->dsize, br) || !BN_bin2bn((void *)s->data, s->dsize, bs)) { fprintf(stderr, "failed to BN_bin2bn r or s\n"); @@ -755,6 +760,10 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) int ret;

wd_sm2_get_kg_out_params(req->dst, &privkey, &pubkey); + if (!privkey || !pubkey) { + fprintf(stderr, "failed to get privkey or pubkey\n"); + return -EINVAL; + }

tmp = BN_bin2bn((unsigned char *)privkey->data, privkey->dsize, NULL); ret = EC_KEY_set_private_key(ec, tmp); @@ -1069,6 +1078,10 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req) int ret = 0;

wd_ecxdh_get_out_params(req->dst, &pubkey); + if (!pubkey) { + fprintf(stderr, "failed to get pubkey\n"); + return ret; + }

group = EC_KEY_get0_group(ecdh); point = EC_POINT_new(group); @@ -1134,6 +1147,10 @@ static int ecdh_get_shared_key(const EC_KEY *ecdh, struct wd_ecc_point *shared_key = NULL;

wd_ecxdh_get_out_params(req->dst, &shared_key); + if (!shared_key) { + fprintf(stderr, "failed to get shared key\n"); + return 0; + }

*outlen = shared_key->x.dsize;

diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c index b62f81d..4dd5a4c 100644 --- a/src/uadk_ecx.c +++ b/src/uadk_ecx.c @@ -287,12 +287,17 @@ static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx, int key_size = ecx_ctx->key_size; int ret;

- wd_ecxdh_get_out_params(req->dst, &pubkey); if (key_size > ECX_MAX_KEYLEN) { fprintf(stderr, "invalid key size, key_size = %d\n", key_size); return UADK_E_FAIL; }

+ wd_ecxdh_get_out_params(req->dst, &pubkey); + if (!pubkey) { + fprintf(stderr, "failed to get pubkey\n"); + return UADK_E_FAIL; + } + memcpy(ecx_key->pubkey, (const unsigned char *)pubkey->x.data, key_size); /* Trans public key from big-endian to little-endian */ diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index a1bb2cf..8af0844 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -913,7 +913,13 @@ static int rsa_fill_pubkey(struct rsa_pubkey_param *pubkey_param,

if (!rsa_sess->is_pubkey_ready) { wd_rsa_get_pubkey(rsa_sess->sess, &pubkey); + if (!pubkey) + return UADK_E_FAIL; + wd_rsa_get_pubkey_params(pubkey, &wd_e, &wd_n); + if (!wd_e || !wd_n) + return UADK_E_FAIL; + wd_e->dsize = BN_bn2bin(pubkey_param->e, (unsigned char *)wd_e->data); wd_n->dsize = BN_bn2bin(pubkey_param->n, @@ -946,8 +952,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,

if (!(rsa_sess->is_prikey_ready) && (pri->is_crt)) { wd_rsa_get_prikey(rsa_sess->sess, &prikey); + if (!prikey) + return UADK_E_FAIL; + wd_rsa_get_crt_prikey_params(prikey, &wd_dq, &wd_dp, &wd_qinv, &wd_q, &wd_p); + if (!wd_dq || !wd_dp || !wd_qinv || !wd_q || !wd_p) + return UADK_E_FAIL; + wd_dq->dsize = BN_bn2bin(pri->dmq1, (unsigned char *)wd_dq->data); wd_dp->dsize = BN_bn2bin(pri->dmp1, @@ -960,7 +972,13 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess, (unsigned char *)wd_qinv->data); } else if (!(rsa_sess->is_prikey_ready) && !(pri->is_crt)) { wd_rsa_get_prikey(rsa_sess->sess, &prikey); + if (!prikey) + return UADK_E_FAIL; + wd_rsa_get_prikey_params(prikey, &wd_d, &wd_n); + if (!wd_d || !wd_n) + return UADK_E_FAIL; + wd_d->dsize = BN_bn2bin(pri->d, (unsigned char *)wd_d->data); wd_n->dsize = BN_bn2bin(pri->n, diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c index b14fbcf..c5555a9 100644 --- a/src/uadk_sm2.c +++ b/src/uadk_sm2.c @@ -710,6 +710,11 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, }

wd_sm2_get_sign_out_params(req.dst, &r, &s); + if (!r || !s) { + ret = UADK_DO_SOFT; + goto uninit_iot; + } + ret = sign_bin_to_ber(NULL, r, s, sig, siglen); if (ret) goto uninit_iot; @@ -939,6 +944,11 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx,

md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md; wd_sm2_get_enc_out_params(req.dst, &c1, &c2, &c3); + if (!c1 || !c2 || !c3) { + ret = UADK_DO_SOFT; + goto uninit_iot; + } + ret = cipher_bin_to_ber(md, c1, c2, c3, out, outlen); if (ret) goto uninit_iot; @@ -1029,6 +1039,11 @@ static int sm2_get_plaintext(struct wd_ecc_req *req, struct wd_dtb *ptext = NULL;

wd_sm2_get_dec_out_params(req->dst, &ptext); + if (!ptext) { + fprintf(stderr, "failed to get ptext\n"); + return -EINVAL; + } + if (*outlen < ptext->dsize) { fprintf(stderr, "outlen(%lu) < (%u)\n", *outlen, ptext->dsize); return -EINVAL;

-- 2.30.0

Zhiqi Song

3:49 p.m.

New subject: [PATCH 02/10] digest: cleanup magic number in digest

Convert immediate numbers to macros in digest.

Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_digest.c | 40 ++++++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 18 deletions(-)

diff --git a/src/uadk_digest.c b/src/uadk_digest.c index 33139c9..26d9515 100644 --- a/src/uadk_digest.c +++ b/src/uadk_digest.c @@ -21,8 +21,9 @@ #include <string.h> #include <dlfcn.h> #include <openssl/engine.h> -#include <openssl/md5.h> #include <openssl/evp.h> +#include <openssl/md5.h> +#include <openssl/sha.h> #include <uadk/wd_cipher.h> #include <uadk/wd_digest.h> #include <uadk/wd_sched.h> @@ -43,6 +44,9 @@

#define SM3_DIGEST_LENGTH 32 #define SM3_CBLOCK 64 +#define SHA1_CBLOCK 64 +#define SHA224_CBLOCK 64 +#define SHA384_CBLOCK 128 #define SM3_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512) #define MD5_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (8 * 1024) #define SHA_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT (512) @@ -127,13 +131,13 @@ static struct digest_threshold_table digest_pkt_threshold_table[] = { };

static struct digest_info digest_info_table[] = { - {NID_md5, WD_DIGEST_NORMAL, WD_DIGEST_MD5, 16}, - {NID_sm3, WD_DIGEST_NORMAL, WD_DIGEST_SM3, 32}, - {NID_sha1, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, 20}, - {NID_sha224, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, 28}, - {NID_sha256, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, 32}, - {NID_sha384, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, 48}, - {NID_sha512, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, 64}, + {NID_md5, WD_DIGEST_NORMAL, WD_DIGEST_MD5, MD5_DIGEST_LENGTH}, + {NID_sm3, WD_DIGEST_NORMAL, WD_DIGEST_SM3, SM3_DIGEST_LENGTH}, + {NID_sha1, WD_DIGEST_NORMAL, WD_DIGEST_SHA1, SHA_DIGEST_LENGTH}, + {NID_sha224, WD_DIGEST_NORMAL, WD_DIGEST_SHA224, SHA224_DIGEST_LENGTH}, + {NID_sha256, WD_DIGEST_NORMAL, WD_DIGEST_SHA256, SHA256_DIGEST_LENGTH}, + {NID_sha384, WD_DIGEST_NORMAL, WD_DIGEST_SHA384, SHA384_DIGEST_LENGTH}, + {NID_sha512, WD_DIGEST_NORMAL, WD_DIGEST_SHA512, SHA512_DIGEST_LENGTH}, };

static EVP_MD *uadk_md5; @@ -859,32 +863,32 @@ int uadk_e_bind_digest(ENGINE *e) uadk_e_digest_init, uadk_e_digest_update, uadk_e_digest_final, uadk_e_digest_cleanup, uadk_e_digest_copy); - UADK_DIGEST_DESCR(sha1, sha1WithRSAEncryption, 20, - EVP_MD_FLAG_FIPS, 64, + UADK_DIGEST_DESCR(sha1, sha1WithRSAEncryption, SHA_DIGEST_LENGTH, + EVP_MD_FLAG_FIPS, SHA1_CBLOCK, sizeof(EVP_MD *) + sizeof(struct digest_priv_ctx), uadk_e_digest_init, uadk_e_digest_update, uadk_e_digest_final, uadk_e_digest_cleanup, uadk_e_digest_copy); - UADK_DIGEST_DESCR(sha224, sha224WithRSAEncryption, 28, - EVP_MD_FLAG_FIPS, 64, + UADK_DIGEST_DESCR(sha224, sha224WithRSAEncryption, SHA224_DIGEST_LENGTH, + EVP_MD_FLAG_FIPS, SHA224_CBLOCK, sizeof(EVP_MD *) + sizeof(struct digest_priv_ctx), uadk_e_digest_init, uadk_e_digest_update, uadk_e_digest_final, uadk_e_digest_cleanup, uadk_e_digest_copy); - UADK_DIGEST_DESCR(sha256, sha256WithRSAEncryption, 32, - EVP_MD_FLAG_FIPS, 64, + UADK_DIGEST_DESCR(sha256, sha256WithRSAEncryption, SHA256_DIGEST_LENGTH, + EVP_MD_FLAG_FIPS, SHA256_CBLOCK, sizeof(EVP_MD *) + sizeof(struct digest_priv_ctx), uadk_e_digest_init, uadk_e_digest_update, uadk_e_digest_final, uadk_e_digest_cleanup, uadk_e_digest_copy); - UADK_DIGEST_DESCR(sha384, sha384WithRSAEncryption, 48, - EVP_MD_FLAG_FIPS, 128, + UADK_DIGEST_DESCR(sha384, sha384WithRSAEncryption, SHA384_DIGEST_LENGTH, + EVP_MD_FLAG_FIPS, SHA384_CBLOCK, sizeof(EVP_MD *) + sizeof(struct digest_priv_ctx), uadk_e_digest_init, uadk_e_digest_update, uadk_e_digest_final, uadk_e_digest_cleanup, uadk_e_digest_copy); - UADK_DIGEST_DESCR(sha512, sha512WithRSAEncryption, 64, - EVP_MD_FLAG_FIPS, 128, + UADK_DIGEST_DESCR(sha512, sha512WithRSAEncryption, SHA512_DIGEST_LENGTH, + EVP_MD_FLAG_FIPS, SHA512_CBLOCK, sizeof(EVP_MD *) + sizeof(struct digest_priv_ctx), uadk_e_digest_init, uadk_e_digest_update, uadk_e_digest_final, uadk_e_digest_cleanup,

-- 2.30.0

Zhiqi Song

3:49 p.m.

New subject: [PATCH 03/10] dh: cleanup redundant macro definition

Remove duplicated definition of CTX_MODE_NUM.

Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_dh.c | 1 - 1 file changed, 1 deletion(-)

diff --git a/src/uadk_dh.c b/src/uadk_dh.c index 680564c..89157d2 100644 --- a/src/uadk_dh.c +++ b/src/uadk_dh.c @@ -39,7 +39,6 @@ #define CHAR_BIT_SIZE 3 #define DH_PARAMS_CNT 3 #define CTX_MODE_NUM 2 -#define CTX_MODE_NUM 2 #define UN_SET 0 #define IS_SET 1 #define CTX_ASYNC 1

-- 2.30.0

Zhiqi Song

3:49 p.m.

New subject: [PATCH 04/10] ecc: bugfix about repeated alg and dev queries

Rmove operation of enumerating each ecc algorithm to query whether it is supported in ecc init interface. Use a global state array to save the supporting status of each ecc algorithm. And query this global state array in each ecc sub-algorithm task interface. This can reduce CPU overhead for querying.

And move the device query operation of ecc from allocating session to process level initialization. This can reduce the operation number of device queries in the same process.

Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_ec.c | 42 +++++++++++++++++++------------- src/uadk_ecx.c | 16 +++++++++++-- src/uadk_pkey.c | 64 +++++++++++++++++++++++++++++++------------------ src/uadk_pkey.h | 11 ++++++++- src/uadk_sm2.c | 8 ++++++- 5 files changed, 98 insertions(+), 43 deletions(-)

diff --git a/src/uadk_ec.c b/src/uadk_ec.c index 30e298e..33ffc26 100644 --- a/src/uadk_ec.c +++ b/src/uadk_ec.c @@ -197,16 +197,11 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg) struct sched_params sch_p = {0}; struct wd_ecc_sess_setup sp; struct wd_ecc_curve param; - struct uacce_dev *dev; const EC_GROUP *group; const BIGNUM *order; int ret, key_bits; handle_t sess;

- dev = wd_get_accel_dev(alg); - if (!dev) - return 0; - init_dtb_param(&param, buff, 0, UADK_ECC_MAX_KEY_BYTES, UADK_ECC_CV_PARAM_NUM);

@@ -215,29 +210,24 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg) group = EC_KEY_get0_group(eckey); ret = set_sess_setup_cv(group, &sp.cv); if (ret) - goto free_dev; + return (handle_t)0;

order = EC_GROUP_get0_order(group); if (!order) - goto free_dev; + return (handle_t)0;

key_bits = BN_num_bits(order); sp.alg = alg; sp.key_bits = get_smallest_hw_keybits(key_bits); sp.rand.cb = uadk_ecc_get_rand; sp.rand.usr = (void *)order; - sch_p.numa_id = dev->numa_id; + sch_p.numa_id = uadk_e_ecc_get_numa_id(); sp.sched_param = &sch_p; sess = wd_ecc_alloc_sess(&sp); if (!sess) fprintf(stderr, "failed to alloc ecc sess\n");

- free(dev); return sess; - -free_dev: - free(dev); - return (handle_t)0; }

static int check_ecc_bit_useful(const int bits) @@ -486,6 +476,10 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, if (ret) goto do_soft;

+ ret = uadk_e_ecc_get_support_state(ECDSA_SUPPORT); + if (!ret) + goto do_soft; + ret = uadk_init_ecc(); if (ret) goto do_soft; @@ -675,6 +669,10 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen, if (ret) goto do_soft;

+ ret = uadk_e_ecc_get_support_state(ECDSA_SUPPORT); + if (!ret) + goto do_soft; + ret = uadk_init_ecc(); if (ret) goto do_soft; @@ -953,6 +951,10 @@ static int sm2_generate_key(EC_KEY *eckey) if (!ret) goto do_soft;

+ ret = uadk_e_ecc_get_support_state(SM2_SUPPORT); + if (!ret) + goto do_soft; + ret = uadk_init_ecc(); if (ret) goto do_soft; @@ -1180,6 +1182,10 @@ static int ecdh_generate_key(EC_KEY *ecdh) if (!ret) goto do_soft;

+ ret = uadk_e_ecc_get_support_state(ECDH_SUPPORT); + if (!ret) + goto do_soft; + ret = uadk_init_ecc(); if (ret) goto do_soft; @@ -1285,6 +1291,10 @@ static int ecdh_compute_key(unsigned char **out, size_t *outlen, if (!ret) goto do_soft;

+ ret = uadk_e_ecc_get_support_state(ECDH_SUPPORT); + if (!ret) + goto do_soft; + ret = uadk_init_ecc(); if (ret) goto do_soft; @@ -1332,7 +1342,7 @@ do_soft:

static void ec_key_meth_set_ecdsa(EC_KEY_METHOD *meth) { - if (!uadk_support_algorithm("ecdsa")) + if (!uadk_e_ecc_get_support_state(ECDSA_SUPPORT)) return;

EC_KEY_METHOD_set_sign(meth, @@ -1346,8 +1356,8 @@ static void ec_key_meth_set_ecdsa(EC_KEY_METHOD *meth)

static void ec_key_meth_set_ecdh(EC_KEY_METHOD *meth) { - if (!uadk_support_algorithm("ecdh") && - !uadk_support_algorithm("sm2")) + if (!uadk_e_ecc_get_support_state(ECDH_SUPPORT) && + !uadk_e_ecc_get_support_state(SM2_SUPPORT)) return;

EC_KEY_METHOD_set_keygen(meth, ecc_generate_key); diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c index 4dd5a4c..2824a0d 100644 --- a/src/uadk_ecx.c +++ b/src/uadk_ecx.c @@ -77,6 +77,12 @@ static int x25519_init(EVP_PKEY_CTX *ctx) struct ecx_ctx *x25519_ctx; int ret;

+ ret = uadk_e_ecc_get_support_state(X25519_SUPPORT); + if (!ret) { + fprintf(stderr, "x25519 is not supported\n"); + return UADK_E_FAIL; + } + ret = uadk_init_ecc(); if (ret) { fprintf(stderr, "failed to uadk_init_ecc, ret = %d\n", ret); @@ -128,6 +134,12 @@ static int x448_init(EVP_PKEY_CTX *ctx) struct ecx_ctx *x448_ctx; int ret;

+ ret = uadk_e_ecc_get_support_state(X448_SUPPORT); + if (!ret) { + fprintf(stderr, "x448 is not supported\n"); + return UADK_E_FAIL; + } + ret = uadk_init_ecc(); if (ret) { fprintf(stderr, "failed to do uadk_init_ecc, ret = %d\n", ret); @@ -804,7 +816,7 @@ int uadk_x25519_create_pmeth(struct uadk_pkey_meth *pkey_meth)

EVP_PKEY_meth_copy(meth, openssl_meth);

- if (!uadk_support_algorithm("x25519")) { + if (!uadk_e_ecc_get_support_state(X25519_SUPPORT)) { pkey_meth->x25519 = meth; return UADK_E_SUCCESS; } @@ -845,7 +857,7 @@ int uadk_x448_create_pmeth(struct uadk_pkey_meth *pkey_meth)

EVP_PKEY_meth_copy(meth, openssl_meth);

- if (!uadk_support_algorithm("x448")) { + if (!uadk_e_ecc_get_support_state(X448_SUPPORT)) { pkey_meth->x448 = meth; return UADK_E_SUCCESS; } diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c index 7b7a345..8532b88 100644 --- a/src/uadk_pkey.c +++ b/src/uadk_pkey.c @@ -27,6 +27,9 @@ #define CTX_SYNC 0 #define CTX_NUM 2 #define GET_RAND_MAX_CNT 100 +#define SUPPORT 1 + +static int g_ecc_support_state[ECC_TYPE];

static int pkey_nids[] = { EVP_PKEY_EC, @@ -42,13 +45,13 @@ struct ecc_sched {

struct ecc_res_config { struct ecc_sched sched; - int numa_id; };

/* ECC global hardware resource is saved here */ struct ecc_res { struct wd_ctx_config *ctx_res; int pid; + int numa_id; pthread_spinlock_t lock; } ecc_res;

@@ -136,12 +139,21 @@ struct ecc_res_config ecc_res_config = { .h_sched_ctx = 0, }, }, - .numa_id = 0, };

int uadk_e_ecc_get_numa_id(void) { - return ecc_res_config.numa_id; + return ecc_res.numa_id; +} + +int uadk_e_ecc_get_support_state(int alg_tag) +{ + return g_ecc_support_state[alg_tag]; +} + +static void uadk_e_ecc_set_support_state(int alg_tag, int value) +{ + g_ecc_support_state[alg_tag] = value; }

static int uadk_e_ecc_env_poll(void *ctx) @@ -229,27 +241,17 @@ free_cfg: return ret; }

-static int uadk_wd_ecc_init(struct ecc_res_config *config) +static int uadk_wd_ecc_init(struct ecc_res_config *config, struct uacce_dev *dev) { struct wd_sched *sched = &config->sched.wd_sched; - struct uacce_dev *dev; int ret;

- /* The ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */ - dev = wd_get_accel_dev("ecdsa"); - if (!dev) - return -ENOMEM; - - config->numa_id = dev->numa_id; - ret = uadk_e_is_env_enabled("ecc"); if (ret) ret = uadk_e_wd_ecc_env_init(dev); else ret = uadk_e_wd_ecc_general_init(dev, sched);

- free(dev); - return ret; }

@@ -273,6 +275,7 @@ static void uadk_wd_ecc_uninit(void) ecc_res.ctx_res = NULL; } ecc_res.pid = 0; + ecc_res.numa_id = 0; }

int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr) @@ -508,15 +511,9 @@ bool uadk_support_algorithm(const char *alg)

int uadk_init_ecc(void) { + struct uacce_dev *dev; int ret;

- if (!uadk_support_algorithm("sm2") && - !uadk_support_algorithm("ecdsa") && - !uadk_support_algorithm("ecdh") && - !uadk_support_algorithm("x25519") && - !uadk_support_algorithm("x448")) - return -EINVAL; - if (ecc_res.pid != getpid()) { pthread_spin_lock(&ecc_res.lock); if (ecc_res.pid == getpid()) { @@ -524,20 +521,31 @@ int uadk_init_ecc(void) return 0; }

- ret = uadk_wd_ecc_init(&ecc_res_config); + /* Find an ecc device, no difference for sm2/ecdsa/ecdh/x25519/x448 */ + dev = wd_get_accel_dev("ecdsa"); + if (!dev) { + pthread_spin_unlock(&ecc_res.lock); + fprintf(stderr, "failed to get device for ecc\n"); + return -ENOMEM; + } + + ret = uadk_wd_ecc_init(&ecc_res_config, dev); if (ret) { fprintf(stderr, "failed to init ec(%d).\n", ret); goto err_unlock; }

+ ecc_res.numa_id = dev->numa_id; ecc_res.pid = getpid(); pthread_spin_unlock(&ecc_res.lock); + free(dev); }

return 0;

err_unlock: pthread_spin_unlock(&ecc_res.lock); + free(dev); return ret; }

@@ -627,7 +635,17 @@ void uadk_e_ecc_lock_init(void)

int uadk_e_bind_ecc(ENGINE *e) { - int ret; + static const char * const ecc_alg[] = {"sm2", "ecdsa", "ecdh", "x25519", "x448"}; + int i, size, ret; + bool sp; + + /* Enumerate ecc algs to check whether it is supported and set tags */ + size = ARRAY_SIZE(ecc_alg); + for (i = 0; i < size; i++) { + sp = uadk_support_algorithm(*(ecc_alg + i)); + if (sp) + uadk_e_ecc_set_support_state(i, SUPPORT); + }

ret = uadk_ecc_bind_pmeth(e); if (!ret) { diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h index 6d1cc77..d35bb37 100644 --- a/src/uadk_pkey.h +++ b/src/uadk_pkey.h @@ -38,6 +38,15 @@ #define GET_MS_BYTE(n) ((n) >> 8) #define GET_LS_BYTE(n) ((n) & 0xFF) #define DGST_SHIFT_NUM(n) (8 - ((n) & 0x7)) +#define ECC_TYPE 5 + +enum { + SM2_SUPPORT, + ECDSA_SUPPORT, + ECDH_SUPPORT, + X25519_SUPPORT, + X448_SUPPORT +};

struct uadk_pkey_meth { EVP_PKEY_METHOD *sm2; @@ -74,6 +83,6 @@ int uadk_x25519_create_pmeth(struct uadk_pkey_meth *pkey_meth); void uadk_x25519_delete_pmeth(struct uadk_pkey_meth *pkey_meth); int uadk_bind_ec(ENGINE *e); int uadk_e_ecc_get_numa_id(void); - +int uadk_e_ecc_get_support_state(int alg_tag);

#endif diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c index c5555a9..14f879f 100644 --- a/src/uadk_sm2.c +++ b/src/uadk_sm2.c @@ -1153,6 +1153,12 @@ static int sm2_init(EVP_PKEY_CTX *ctx)

memset(smctx, 0, sizeof(*smctx));

+ ret = uadk_e_ecc_get_support_state(SM2_SUPPORT); + if (!ret) { + fprintf(stderr, "sm2 is not supported\n"); + return 0; + } + ret = uadk_init_ecc(); if (ret) { fprintf(stderr, "failed to uadk_init_ecc, ret = %d\n", ret); @@ -1592,7 +1598,7 @@ int uadk_sm2_create_pmeth(struct uadk_pkey_meth *pkey_meth) openssl_meth = get_openssl_pkey_meth(EVP_PKEY_SM2); EVP_PKEY_meth_copy(meth, openssl_meth);

- if (!uadk_support_algorithm("sm2")) { + if (!uadk_e_ecc_get_support_state(SM2_SUPPORT)) { pkey_meth->sm2 = meth; return 1; }

-- 2.30.0

Zhiqi Song

3:49 p.m.

New subject: [PATCH 05/10] ecc: bugfix the conversion of sm2 pubkey point

The data size of the sm2 pubkey may less than or equal to the buffer size of it. So use the size offset to eliminate the difference when the data size is less than buffer size. This can avoid getting wrong pubkey value.

Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_ec.c | 20 +++++++++++++++----- src/uadk_pkey.h | 2 +- 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/src/uadk_ec.c b/src/uadk_ec.c index 33ffc26..69ad4e8 100644 --- a/src/uadk_ec.c +++ b/src/uadk_ec.c @@ -747,15 +747,15 @@ err: return ret; }

-static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) +static int sm2_set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) { - unsigned char buff[ECC_POINT_SIZE(SM2_KEY_BYTES) + 1] = {UADK_OCTET_STRING}; + unsigned char buff[ECC_POINT_SIZE(SM2_KEY_BYTES) + 1] = {0}; struct wd_ecc_point *pubkey = NULL; struct wd_dtb *privkey = NULL; + int x_offset, y_offset, ret; const EC_GROUP *group; EC_POINT *point, *ptr; BIGNUM *tmp; - int ret;

wd_sm2_get_kg_out_params(req->dst, &privkey, &pubkey); if (!privkey || !pubkey) { @@ -763,6 +763,11 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) return -EINVAL; }

+ if (pubkey->x.dsize > SM2_KEY_BYTES || pubkey->y.dsize > SM2_KEY_BYTES) { + fprintf(stderr, "invalid pubkey size: %u, %u\n", pubkey->x.dsize, pubkey->y.dsize); + return -EINVAL; + } + tmp = BN_bin2bn((unsigned char *)privkey->data, privkey->dsize, NULL); ret = EC_KEY_set_private_key(ec, tmp); BN_free(tmp); @@ -778,7 +783,12 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) return -ENOMEM; }

- memcpy(buff + 1, pubkey->x.data, ECC_POINT_SIZE(SM2_KEY_BYTES)); + buff[0] = UADK_OCTET_STRING; + /* The component of sm2 pubkey need a SM2_KEY_BYTES align */ + x_offset = 1 + SM2_KEY_BYTES - pubkey->x.dsize; + y_offset = 1 + ECC_POINT_SIZE(SM2_KEY_BYTES) - pubkey->y.dsize; + memcpy(buff + x_offset, pubkey->x.data, pubkey->x.dsize); + memcpy(buff + y_offset, pubkey->y.data, pubkey->y.dsize); tmp = BN_bin2bn(buff, ECC_POINT_SIZE(SM2_KEY_BYTES) + 1, NULL); ptr = EC_POINT_bn2point(group, tmp, point, NULL); BN_free(tmp); @@ -972,7 +982,7 @@ static int sm2_generate_key(EC_KEY *eckey) if (!ret) goto uninit_iot;

- ret = set_key_to_ec_key(eckey, &req); + ret = sm2_set_key_to_ec_key(eckey, &req); if (ret) goto uninit_iot;

diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h index d35bb37..b80e425 100644 --- a/src/uadk_pkey.h +++ b/src/uadk_pkey.h @@ -27,7 +27,7 @@ #define UADK_ECC_MAX_KEY_BYTES 66 #define UADK_ECC_CV_PARAM_NUM 6 #define SM2_KEY_BYTES 32 -#define UADK_OCTET_STRING 4 +#define UADK_OCTET_STRING 0x04 #define UADK_ECC_PUBKEY_PARAM_NUM 2 #define UADK_ECC_PADDING 7 #define UADK_ECDH_CV_NUM 8

-- 2.30.0

Zhiqi Song

3:49 p.m.

New subject: [PATCH 06/10] uadk_engine: modify static check problem

1. Modify unreachable return logic in async_poll_process_func. Use global variable to control the async poll progress. 2. Add static attribute of ecc_res_config.

Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_async.c | 22 +++++++++++++++++++--- src/uadk_async.h | 7 ++++++- src/uadk_pkey.c | 2 +- 3 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/src/uadk_async.c b/src/uadk_async.c index 2edd6ea..f21eabb 100644 --- a/src/uadk_async.c +++ b/src/uadk_async.c @@ -26,8 +26,20 @@

static struct async_poll_queue poll_queue;

+static int g_uadk_e_keep_polling; + static async_recv_t async_recv_func[ASYNC_TASK_MAX];

+static int uadk_e_get_async_poll_state(void) +{ + return g_uadk_e_keep_polling; +} + +static void uadk_e_set_async_poll_state(int state) +{ + g_uadk_e_keep_polling = state; +} + static void async_fd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD readfd, void *custom) { @@ -114,6 +126,9 @@ static void async_poll_task_free(void) OPENSSL_free(task);

poll_queue.head = NULL; + + uadk_e_set_async_poll_state(DISABLE_ASYNC_POLLING); + pthread_mutex_unlock(&poll_queue.async_task_mutex); sem_destroy(&poll_queue.empty_sem); sem_destroy(&poll_queue.full_sem); @@ -308,7 +323,7 @@ static void *async_poll_process_func(void *args) struct async_op *op; int ret, idx;

- while (1) { + while (uadk_e_get_async_poll_state()) { if (sem_wait(&poll_queue.full_sem) != 0) { if (errno == EINTR) { /* sem_wait is interrupted by interrupt, continue */ @@ -354,13 +369,14 @@ int async_module_init(void) memset(poll_queue.head, 0, sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM);

- if (sem_init(&poll_queue.empty_sem, 0, - ASYNC_QUEUE_TASK_NUM) != 0) + if (sem_init(&poll_queue.empty_sem, 0, ASYNC_QUEUE_TASK_NUM) != 0) goto err;

if (sem_init(&poll_queue.full_sem, 0, 0) != 0) goto err;

+ uadk_e_set_async_poll_state(ENABLE_ASYNC_POLLING); + pthread_attr_init(&thread_attr); pthread_attr_setdetachstate(&thread_attr, PTHREAD_CREATE_DETACHED); if (pthread_create(&thread_id, &thread_attr, async_poll_process_func, NULL)) diff --git a/src/uadk_async.h b/src/uadk_async.h index 8a4822e..d7a8bb5 100644 --- a/src/uadk_async.h +++ b/src/uadk_async.h @@ -22,7 +22,7 @@ #include <semaphore.h> #include <openssl/async.h>

-#define ASYNC_QUEUE_TASK_NUM 1024 +#define ASYNC_QUEUE_TASK_NUM 1024

struct async_op { ASYNC_JOB *job; @@ -47,6 +47,11 @@ enum task_type { ASYNC_TASK_MAX };

+enum poll_state { + DISABLE_ASYNC_POLLING, + ENABLE_ASYNC_POLLING +}; + struct async_poll_task { enum task_type type; void *ctx; diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c index 8532b88..ba33b7d 100644 --- a/src/uadk_pkey.c +++ b/src/uadk_pkey.c @@ -128,7 +128,7 @@ static int uadk_ecc_poll(void *ctx) }

/* Make resource configure static */ -struct ecc_res_config ecc_res_config = { +static struct ecc_res_config ecc_res_config = { .sched = { .sched_type = -1, .wd_sched = {

-- 2.30.0

Zhiqi Song

3:49 p.m.

New subject: [PATCH 07/10] ecc: optimize sm2 ctrl process to improve performance

Move updating session operation into sm2_ctrl() process to reduce redundant updating and make digest method more effective. And use helper function to set the data from upper interface.

Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_sm2.c | 35 ++++++++++++++++------------------- 1 file changed, 16 insertions(+), 19 deletions(-)

diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c index 14f879f..fe1ce65 100644 --- a/src/uadk_sm2.c +++ b/src/uadk_sm2.c @@ -1142,7 +1142,7 @@ static void sm2_cleanup(EVP_PKEY_CTX *ctx)

static int sm2_init(EVP_PKEY_CTX *ctx) { - struct sm2_ctx *smctx; + struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx); int ret;

smctx = malloc(sizeof(*smctx)); @@ -1166,13 +1166,6 @@ static int sm2_init(EVP_PKEY_CTX *ctx) goto end; }

- ret = sm2_update_sess(smctx); - if (ret) { - fprintf(stderr, "failed to update sess\n"); - smctx->init_status = CTX_INIT_FAIL; - goto end; - } - smctx->init_status = CTX_INIT_SUCC; end: EVP_PKEY_CTX_set_data(ctx, smctx); @@ -1224,29 +1217,24 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) } EC_GROUP_free(smctx->ctx.gen_group); smctx->ctx.gen_group = group; - return 1; + goto set_data; case EVP_PKEY_CTRL_EC_PARAM_ENC: if (smctx->ctx.gen_group == NULL) { fprintf(stderr, "no parameters set\n"); return 0; } EC_GROUP_set_asn1_flag(smctx->ctx.gen_group, p1); - return 1; + goto set_data; case EVP_PKEY_CTRL_MD: smctx->ctx.md = p2; - if (smctx->init_status != CTX_INIT_SUCC) - return 1; - - if (sm2_update_sess(smctx)) { - fprintf(stderr, "failed to set MD\n"); - return 0; - } - return 1; + goto set_data; case EVP_PKEY_CTRL_GET_MD: *(const EVP_MD **)p2 = smctx->ctx.md; return 1; case EVP_PKEY_CTRL_SET1_ID: - return sm2_set_ctx_id(smctx, p1, p2); + if (sm2_set_ctx_id(smctx, p1, p2)) + goto set_data; + return 0; case EVP_PKEY_CTRL_GET1_ID: memcpy(p2, smctx->ctx.id, smctx->ctx.id_len); return 1; @@ -1260,6 +1248,15 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) fprintf(stderr, "sm2 ctrl type = %d error\n", type); return UADK_E_INVALID; } + +set_data: + if (sm2_update_sess(smctx)) { + fprintf(stderr, "failed to update sess\n"); + smctx->init_status = CTX_INIT_FAIL; + return 0; + } + EVP_PKEY_CTX_set_data(ctx, smctx); + return 1; }

static int sm2_ctrl_str(EVP_PKEY_CTX *ctx,

-- 2.30.0

Zhiqi Song

3:49 p.m.

New subject: [PATCH 08/10] digest: remove soft ctx allocation in digest init process

Remove priv->soft_ctx allocation in uadk_e_digest_init() hardware compute process, move the soft_ctx allocation into soft_init process and delete the redundant create ctx operation. This can improve the performace of digest.

Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_digest.c | 58 ++++++++++++++++++++++++++++------------------- 1 file changed, 35 insertions(+), 23 deletions(-)

diff --git a/src/uadk_digest.c b/src/uadk_digest.c index 26d9515..b7718e6 100644 --- a/src/uadk_digest.c +++ b/src/uadk_digest.c @@ -194,11 +194,19 @@ static uint32_t sec_digest_get_sw_threshold(int n_id) return 0; }

-static int digest_soft_init(EVP_MD_CTX *ctx, uint32_t e_nid) +static int digest_soft_init(struct digest_priv_ctx *md_ctx) { + uint32_t e_nid = md_ctx->e_nid; const EVP_MD *digest_md = NULL; + EVP_MD_CTX *ctx = NULL; int ctx_len;

+ /* Allocate a soft ctx for hardware engine */ + if (md_ctx->soft_ctx == NULL) + md_ctx->soft_ctx = EVP_MD_CTX_new(); + + ctx = md_ctx->soft_ctx; + digest_md = uadk_e_digests_soft_md(e_nid); if (unlikely(digest_md == NULL)) { fprintf(stderr, "get openssl software digest failed, nid = %u.\n", e_nid); @@ -215,23 +223,36 @@ static int digest_soft_init(EVP_MD_CTX *ctx, uint32_t e_nid) return EVP_MD_meth_get_init(digest_md)(ctx); }

-static int digest_soft_update(EVP_MD_CTX *ctx, uint32_t e_nid, - const void *data, size_t len) +static int digest_soft_update(struct digest_priv_ctx *md_ctx, const void *data, size_t len) { + EVP_MD_CTX *ctx = md_ctx->soft_ctx; + uint32_t e_nid = md_ctx->e_nid; const EVP_MD *digest_md = NULL;

+ if (!ctx) { + fprintf(stderr, "failed to get soft ctx.\n"); + return 0; + } + digest_md = uadk_e_digests_soft_md(e_nid); if (unlikely(digest_md == NULL)) { - fprintf(stderr, "switch to soft:don't support by sec engine.\n"); + fprintf(stderr, "switch to soft: don't support by sec engine.\n"); return 0; }

return EVP_MD_meth_get_update(digest_md)(ctx, data, len); }

-static int digest_soft_final(EVP_MD_CTX *ctx, uint32_t e_nid, unsigned char *digest) +static int digest_soft_final(struct digest_priv_ctx *md_ctx, unsigned char *digest) { + EVP_MD_CTX *ctx = md_ctx->soft_ctx; const EVP_MD *digest_md = NULL; + uint32_t e_nid = md_ctx->e_nid; + + if (!ctx) { + fprintf(stderr, "failed to get soft ctx.\n"); + return 0; + }

digest_md = uadk_e_digests_soft_md(e_nid); if (unlikely(digest_md == NULL)) { @@ -263,16 +284,12 @@ static void digest_soft_cleanup(struct digest_priv_ctx *md_ctx) static int uadk_e_digest_soft_work(struct digest_priv_ctx *md_ctx, int len, unsigned char *digest) { - if (md_ctx->soft_ctx == NULL) - md_ctx->soft_ctx = EVP_MD_CTX_new(); - - (void)digest_soft_init(md_ctx->soft_ctx, md_ctx->e_nid); + (void)digest_soft_init(md_ctx);

if (len != 0) - (void)digest_soft_update(md_ctx->soft_ctx, md_ctx->e_nid, - md_ctx->data, len); + (void)digest_soft_update(md_ctx, md_ctx->data, len);

- (void)digest_soft_final(md_ctx->soft_ctx, md_ctx->e_nid, digest); + (void)digest_soft_final(md_ctx, digest);

digest_soft_cleanup(md_ctx);

@@ -515,9 +532,6 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) struct sched_params params = {0}; int ret, i;

- /* Allocate a soft ctx for hardware engine */ - if (priv->soft_ctx == NULL) - priv->soft_ctx = EVP_MD_CTX_new(); priv->e_nid = nid;

digest_priv_ctx_cleanup(priv); @@ -560,7 +574,7 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) return 1;

soft_init: - return digest_soft_init(priv->soft_ctx, priv->e_nid); + return digest_soft_init(priv); }

static void digest_update_out_length(EVP_MD_CTX *ctx) @@ -626,14 +640,12 @@ do_soft_digest: && priv->data && priv->last_update_bufflen != 0) { priv->switch_flag = UADK_DO_SOFT; - digest_soft_init(priv->soft_ctx, priv->e_nid); - ret = digest_soft_update(priv->soft_ctx, priv->e_nid, - priv->data, priv->last_update_bufflen); + (void)digest_soft_init(priv); + ret = digest_soft_update(priv, priv->data, priv->last_update_bufflen); if (ret != 1) return ret;

- return digest_soft_update(priv->soft_ctx, priv->e_nid, - tmpdata, left_len); + return digest_soft_update(priv, tmpdata, left_len); }

fprintf(stderr, "do soft digest failed during updating!\n"); @@ -657,7 +669,7 @@ static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_l return digest_update_inner(ctx, data, data_len);

soft_update: - return digest_soft_update(priv->soft_ctx, priv->e_nid, data, data_len); + return digest_soft_update(priv, data, data_len); }

static void async_cb(struct wd_digest_req *req, void *data) @@ -758,7 +770,7 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) if (op.job == NULL) { /* Synchronous, only the synchronous mode supports soft computing */ if (unlikely(priv->switch_flag == UADK_DO_SOFT)) { - ret = digest_soft_final(priv->soft_ctx, priv->e_nid, digest); + ret = digest_soft_final(priv, digest); digest_soft_cleanup(priv); goto clear; }

-- 2.30.0

Zhiqi Song

3:49 p.m.

New subject: [PATCH 09/10] ecc: optimize sm2 update session process

As sm2_update_sess() is used to set the hash method that user choose to use and allocate sm2 session, the same config do not need to be setted repeatedly. We use update flag in sm2_ctrl() to avoid duplicate calls to improve the performance.

Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_sm2.c | 45 ++++++++++++++++++++++++++++++++++----------- 1 file changed, 34 insertions(+), 11 deletions(-)

diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c index fe1ce65..01186ef 100644 --- a/src/uadk_sm2.c +++ b/src/uadk_sm2.c @@ -32,6 +32,11 @@ enum { CTX_INIT_SUCC };

+enum { + MD_UNCHANGED, + MD_CHANGED +}; + typedef struct { /* Key and paramgen group */ EC_GROUP *gen_group; @@ -51,6 +56,10 @@ struct sm2_ctx { const EC_POINT *pubkey; BIGNUM *order; int init_status; + /* The nid of digest method */ + int md_nid; + /* The update status of digest method, changed (1), not changed (0) */ + int md_update_status; };

typedef struct sm2_ciphertext { @@ -164,7 +173,6 @@ static int sm2_update_sess(struct sm2_ctx *smctx) 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b, 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23 }; - int nid_hash = smctx->ctx.md ? EVP_MD_type(smctx->ctx.md) : NID_sm3; struct wd_ecc_sess_setup setup; handle_t sess; BIGNUM *order; @@ -174,12 +182,13 @@ static int sm2_update_sess(struct sm2_ctx *smctx) setup.alg = "sm2";

if (smctx->ctx.md) { + /* Set hash method */ setup.hash.cb = compute_hash; setup.hash.usr = (void *)smctx->ctx.md; - type = get_hash_type(nid_hash); + type = get_hash_type(smctx->md_nid); if (type < 0) { fprintf(stderr, "uadk not support hash nid %d\n", - nid_hash); + smctx->md_nid); return -EINVAL; } setup.hash.type = type; @@ -192,16 +201,19 @@ static int sm2_update_sess(struct sm2_ctx *smctx) if (!sess) { fprintf(stderr, "failed to alloc sess\n"); BN_free(order); + smctx->init_status = CTX_INIT_FAIL; return -EINVAL; }

+ /* Free old session before setting new session */ if (smctx->sess) wd_ecc_free_sess(smctx->sess); - smctx->sess = sess; + smctx->prikey = NULL; smctx->pubkey = NULL; smctx->order = order; + return 0; }

@@ -1142,7 +1154,7 @@ static void sm2_cleanup(EVP_PKEY_CTX *ctx)

static int sm2_init(EVP_PKEY_CTX *ctx) { - struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx); + struct sm2_ctx *smctx; int ret;

smctx = malloc(sizeof(*smctx)); @@ -1202,6 +1214,7 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx); EC_GROUP *group; + int md_nid;

if (!smctx) { fprintf(stderr, "smctx not set.\n"); @@ -1226,7 +1239,18 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) EC_GROUP_set_asn1_flag(smctx->ctx.gen_group, p1); goto set_data; case EVP_PKEY_CTRL_MD: - smctx->ctx.md = p2; + if (!p2) + smctx->ctx.md = EVP_sm3(); + else + smctx->ctx.md = p2; + + md_nid = EVP_MD_type(smctx->ctx.md); + if (md_nid == smctx->md_nid) { + smctx->md_update_status = MD_UNCHANGED; + } else { + smctx->md_update_status = MD_CHANGED; + smctx->md_nid = md_nid; + } goto set_data; case EVP_PKEY_CTRL_GET_MD: *(const EVP_MD **)p2 = smctx->ctx.md; @@ -1250,11 +1274,10 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) }

set_data: - if (sm2_update_sess(smctx)) { - fprintf(stderr, "failed to update sess\n"); - smctx->init_status = CTX_INIT_FAIL; - return 0; - } + if (smctx->init_status == CTX_INIT_SUCC && smctx->md_update_status) + if (sm2_update_sess(smctx)) + return 0; + EVP_PKEY_CTX_set_data(ctx, smctx); return 1; }

-- 2.30.0

Zhiqi Song

3:49 p.m.

New subject: [PATCH 10/10] uadk_engine: fix openssl config info

Fix the wrong command of openssl config file in README.

Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md index d44327a..2fe165a 100644 --- a/README.md +++ b/README.md @@ -115,17 +115,17 @@ Usage #. Firstly, modify the openssl.cnf file, add the following settings at the beginning of this file:

``` -openssl_cnf = openssl_def +openssl_cnf=openssl_def [openssl_def] -engines = engine_section +engines=engine_section [engine_section] -uadk_engine = uadk_section +uadk_engine=uadk_section [uadk_section] -UADK_CMD_ENABLE_RSA_ENV = 1 -UADK_CMD_ENABLE_DH_ENV = 1 -UADK_CMD_ENABLE_CIPHER_ENV = 1 -UADK_CMD_ENABLE_DIGEST_ENV = 1 -UADK_CMD_ENABLE_ECC_ENV = 1 +UADK_CMD_ENABLE_RSA_ENV=1 +UADK_CMD_ENABLE_DH_ENV=1 +UADK_CMD_ENABLE_CIPHER_ENV=1 +UADK_CMD_ENABLE_DIGEST_ENV=1 +UADK_CMD_ENABLE_ECC_ENV=1 ``` Note: * The number 1 for enable environment variable, and 0 for disable environment variable.

-- 2.30.0

530

Age (days ago)

530

Last active (days ago)

acc@openeuler.org

10 comments

1 participants

tags (0)

participants (1)

Zhiqi Song