Cleanup aboout uadk_engine.
Zhiqi Song (5): uadk_engine: remove redundant extern uadk_engine: add timeout protection mechanism in poll rsa: cleanup redundant BN operation rsa: bugfix memory leak in genkey process rsa: remove unused software method
src/e_uadk.c | 3 +- src/uadk.h | 34 ++++---- src/uadk_async.h | 16 ++-- src/uadk_cipher.c | 13 +-- src/uadk_dh.c | 11 ++- src/uadk_digest.c | 11 ++- src/uadk_pkey.c | 13 +-- src/uadk_rsa.c | 209 ++++++++++++++++++---------------------------- 8 files changed, 138 insertions(+), 172 deletions(-)
Remove the "extern" keyword before function declaration in the header file. Because the function in header file is 'extern' by default, there is no need to specify explicitly.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk.h | 34 +++++++++++++++++----------------- src/uadk_async.h | 16 ++++++++-------- 2 files changed, 25 insertions(+), 25 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h index 267da89..a00f6ac 100644 --- a/src/uadk.h +++ b/src/uadk.h @@ -31,21 +31,21 @@ enum { };
extern const char *engine_uadk_id; -extern int uadk_e_bind_cipher(ENGINE *e); -extern void uadk_e_destroy_cipher(void); -extern int uadk_e_bind_digest(ENGINE *e); -extern void uadk_e_destroy_digest(void); -extern int uadk_e_bind_rsa(ENGINE *e); -extern void uadk_e_destroy_rsa(void); -extern int uadk_e_bind_dh(ENGINE *e); -extern void uadk_e_destroy_dh(void); -extern int uadk_e_bind_ecc(ENGINE *e); -extern void uadk_e_destroy_ecc(void); -extern int uadk_e_is_env_enabled(const char *alg_name); -extern int uadk_e_set_env(const char *var_name, int numa_id); -extern void uadk_e_ecc_lock_init(void); -extern void uadk_e_rsa_lock_init(void); -extern void uadk_e_dh_lock_init(void); -extern void uadk_e_cipher_lock_init(void); -extern void uadk_e_digest_lock_init(void); +int uadk_e_bind_cipher(ENGINE *e); +void uadk_e_destroy_cipher(void); +int uadk_e_bind_digest(ENGINE *e); +void uadk_e_destroy_digest(void); +int uadk_e_bind_rsa(ENGINE *e); +void uadk_e_destroy_rsa(void); +int uadk_e_bind_dh(ENGINE *e); +void uadk_e_destroy_dh(void); +int uadk_e_bind_ecc(ENGINE *e); +void uadk_e_destroy_ecc(void); +int uadk_e_is_env_enabled(const char *alg_name); +int uadk_e_set_env(const char *var_name, int numa_id); +void uadk_e_ecc_lock_init(void); +void uadk_e_rsa_lock_init(void); +void uadk_e_dh_lock_init(void); +void uadk_e_cipher_lock_init(void); +void uadk_e_digest_lock_init(void); #endif diff --git a/src/uadk_async.h b/src/uadk_async.h index 97b7d15..dbcd142 100644 --- a/src/uadk_async.h +++ b/src/uadk_async.h @@ -64,12 +64,12 @@ struct async_poll_queue { pthread_t thread_id; };
-extern int async_setup_async_event_notification(struct async_op *op); -extern int async_clear_async_event_notification(void); -extern int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id); -extern void async_register_poll_fn(int type, async_recv_t func); -extern int async_module_init(void); -extern int async_wake_job(ASYNC_JOB *job); -extern void async_free_poll_task(int id, bool is_cb); -extern int async_get_free_task(int *id); +int async_setup_async_event_notification(struct async_op *op); +int async_clear_async_event_notification(void); +int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id); +void async_register_poll_fn(int type, async_recv_t func); +int async_module_init(void); +int async_wake_job(ASYNC_JOB *job); +void async_free_poll_task(int id, bool is_cb); +int async_get_free_task(int *id); #endif
Count the cycle times of poll. When the count times exceed the maximum number, exit to prevent the task from timeout.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_cipher.c | 13 ++++++++----- src/uadk_dh.c | 11 +++++++---- src/uadk_digest.c | 11 +++++++---- src/uadk_pkey.c | 13 ++++++++----- src/uadk_rsa.c | 11 +++++++---- 5 files changed, 37 insertions(+), 22 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c index 5993386..b75cc99 100644 --- a/src/uadk_cipher.c +++ b/src/uadk_cipher.c @@ -516,7 +516,7 @@ static int uadk_e_cipher_poll(void *ctx)
do { ret = wd_cipher_poll_ctx(idx, expt, &recv); - if (recv >= expt) + if (recv == expt) return 0; else if (ret < 0 && ret != -EAGAIN) return ret; @@ -529,18 +529,21 @@ static int uadk_e_cipher_poll(void *ctx)
static int uadk_e_cipher_env_poll(void *ctx) { + __u64 rx_cnt = 0; __u32 recv = 0; - /* poll one packet currently */ + /* Poll one packet currently */ int expt = 1; int ret;
do { ret = wd_cipher_poll(expt, &recv); - if (ret < 0) + if (ret < 0 || recv == expt) return ret; - } while (recv < expt); + } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret; + fprintf(stderr, "failed to poll msg: timeout!\n"); + + return -ETIMEDOUT; }
static int uadk_e_wd_cipher_env_init(struct uacce_dev *dev) diff --git a/src/uadk_dh.c b/src/uadk_dh.c index 018a3b6..4127d48 100644 --- a/src/uadk_dh.c +++ b/src/uadk_dh.c @@ -212,7 +212,7 @@ static int uadk_e_dh_poll(void *ctx)
do { ret = wd_dh_poll_ctx(idx, expect, &recv); - if (recv >= expect) + if (recv == expect) return UADK_E_POLL_SUCCESS; else if (ret < 0 && ret != -EAGAIN) return ret; @@ -273,6 +273,7 @@ static struct dh_res_config dh_res_config = {
static int uadk_e_dh_env_poll(void *ctx) { + __u64 rx_cnt = 0; __u32 recv = 0; /* Poll one packet currently */ int expt = 1; @@ -280,11 +281,13 @@ static int uadk_e_dh_env_poll(void *ctx)
do { ret = wd_dh_poll(expt, &recv); - if (ret < 0) + if (ret < 0 || recv == expt) return ret; - } while (recv < expt); + } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret; + fprintf(stderr, "failed to poll msg: timeout!\n"); + + return -ETIMEDOUT; }
static int uadk_e_wd_dh_env_init(struct uacce_dev *dev) diff --git a/src/uadk_digest.c b/src/uadk_digest.c index 278ffda..fff0a75 100644 --- a/src/uadk_digest.c +++ b/src/uadk_digest.c @@ -342,7 +342,7 @@ static int uadk_e_digest_poll(void *ctx)
do { ret = wd_digest_poll_ctx(CTX_ASYNC, expt, &recv); - if (recv >= expt) + if (recv == expt) return 0; else if (ret < 0 && ret != -EAGAIN) return ret; @@ -355,6 +355,7 @@ static int uadk_e_digest_poll(void *ctx)
static int uadk_e_digest_env_poll(void *ctx) { + __u64 rx_cnt = 0; __u32 recv = 0; /* Poll one packet currently */ int expt = 1; @@ -362,11 +363,13 @@ static int uadk_e_digest_env_poll(void *ctx)
do { ret = wd_digest_poll(expt, &recv); - if (ret < 0) + if (ret < 0 || recv == expt) return ret; - } while (recv < expt); + } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret; + fprintf(stderr, "failed to poll msg: timeout!\n"); + + return -ETIMEDOUT; }
static int uadk_e_wd_digest_env_init(struct uacce_dev *dev) diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c index 9dfffac..d784b01 100644 --- a/src/uadk_pkey.c +++ b/src/uadk_pkey.c @@ -110,7 +110,7 @@ static int uadk_ecc_poll(void *ctx)
do { ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv); - if (recv >= expt) + if (recv == expt) return 0; else if (ret < 0 && ret != -EAGAIN) return ret; @@ -143,18 +143,21 @@ int uadk_e_ecc_get_numa_id(void)
static int uadk_e_ecc_env_poll(void *ctx) { + __u64 rx_cnt = 0; __u32 recv = 0; - /* poll one packet currently */ + /* Poll one packet currently */ int expt = 1; int ret;
do { ret = wd_ecc_poll(expt, &recv); - if (ret < 0) + if (ret < 0 || recv == expt) return ret; - } while (recv < expt); + } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret; + fprintf(stderr, "failed to poll msg: timeout!\n"); + + return -ETIMEDOUT; }
static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev) diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index 42c3506..9de1b9d 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -665,7 +665,7 @@ static int uadk_e_rsa_poll(void *ctx)
do { ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv); - if (recv >= expt) + if (recv == expt) return UADK_E_POLL_SUCCESS; else if (ret < 0 && ret != -EAGAIN) return ret; @@ -691,6 +691,7 @@ static struct rsa_res_config rsa_res_config = {
static int uadk_e_rsa_env_poll(void *ctx) { + __u64 rx_cnt = 0; __u32 recv = 0; /* Poll one packet currently */ int expt = 1; @@ -698,11 +699,13 @@ static int uadk_e_rsa_env_poll(void *ctx)
do { ret = wd_rsa_poll(expt, &recv); - if (ret < 0) + if (ret < 0 || recv == expt) return ret; - } while (recv < expt); + } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
- return ret; + fprintf(stderr, "failed to poll msg: timeout!\n"); + + return -ETIMEDOUT; }
static int uadk_e_wd_rsa_env_init(struct uacce_dev *dev)
Remove redundant codes for big number and rsa crt mode judgment.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_rsa.c | 92 ++++++++++++++++++++++---------------------------- 1 file changed, 40 insertions(+), 52 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index 9de1b9d..598e1ca 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -873,8 +873,8 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits, int is_crt) { unsigned int key_size = bits >> BIT_BYTES_SHIFT; - struct uadk_rsa_sess *rsa_sess; struct sched_params params = {0}; + struct uadk_rsa_sess *rsa_sess;
rsa_sess = rsa_new_eng_session(rsa); if (!rsa_sess) @@ -884,11 +884,7 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits, rsa_sess->setup.key_bits = key_size << BIT_BYTES_SHIFT; params.numa_id = g_rsa_res.numa_id; rsa_sess->setup.sched_param = ¶ms; - - if (is_crt) - rsa_sess->setup.is_crt = IS_SET; - else - rsa_sess->setup.is_crt = UN_SET; + rsa_sess->setup.is_crt = is_crt;
rsa_sess->sess = wd_rsa_alloc_sess(&rsa_sess->setup); if (!rsa_sess->sess) { @@ -1388,10 +1384,8 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess, rsa, bn_param); - if (!ret) { + if (!ret) ret = UADK_DO_SOFT; - goto free_kg_in_out; - }
free_kg_in_out: rsa_free_keygen_data(rsa_sess); @@ -1409,11 +1403,11 @@ exe_soft: static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { + struct rsa_pubkey_param *pub_enc = NULL; struct uadk_rsa_sess *rsa_sess = NULL; - struct rsa_pubkey_param *pub = NULL; unsigned char *from_buf = NULL; int num_bytes, is_crt, ret; - BIGNUM *ret_bn = NULL; + BIGNUM *enc_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa); if (!ret || ret == SOFT) @@ -1423,7 +1417,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, if (ret) goto exe_soft;
- ret = rsa_pkey_param_alloc(&pub, NULL); + ret = rsa_pkey_param_alloc(&pub_enc, NULL); if (ret == -ENOMEM) goto exe_soft;
@@ -1435,7 +1429,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, goto free_pkey; }
- ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes); + ret = rsa_create_pub_bn_ctx(rsa, pub_enc, &from_buf, &num_bytes); if (ret <= 0 || flen > num_bytes) { ret = UADK_DO_SOFT; goto free_sess; @@ -1447,7 +1441,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, goto free_buf; }
- ret = rsa_fill_pubkey(pub, rsa_sess, from_buf, to); + ret = rsa_fill_pubkey(pub_enc, rsa_sess, from_buf, to); if (!ret) { ret = UADK_DO_SOFT; goto free_buf; @@ -1459,27 +1453,25 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, goto free_buf; }
- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, + enc_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, rsa_sess->req.dst_bytes, NULL); - if (!ret_bn) { + if (!enc_bn) { ret = UADK_DO_SOFT; goto free_buf; }
- ret = BN_bn2binpad(ret_bn, to, num_bytes); - if (ret == -1) { + ret = BN_bn2binpad(enc_bn, to, num_bytes); + if (ret == -1) ret = UADK_DO_SOFT; - goto free_bn; - }
-free_bn: - BN_free(ret_bn); + BN_free(enc_bn); + free_buf: rsa_free_pub_bn_ctx(&from_buf); free_sess: rsa_free_eng_session(rsa_sess); free_pkey: - rsa_pkey_param_free(&pub, NULL); + rsa_pkey_param_free(&pub_enc, NULL); if (ret != UADK_DO_SOFT) return ret; exe_soft: @@ -1495,7 +1487,7 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *from_buf = NULL; struct uadk_rsa_sess *rsa_sess; int num_bytes, len, ret; - BIGNUM *ret_bn = NULL; + BIGNUM *dec_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa); if (!ret || ret == SOFT) @@ -1537,27 +1529,25 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, goto free_buf; }
- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, + dec_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, rsa_sess->req.dst_bytes, NULL); - if (!ret_bn) { + if (!dec_bn) { ret = UADK_DO_SOFT; goto free_buf; }
- len = BN_bn2binpad(ret_bn, from_buf, num_bytes); + len = BN_bn2binpad(dec_bn, from_buf, num_bytes); if (!len) { ret = UADK_DO_SOFT; - goto free_bn; + goto free_dec_bn; }
ret = check_rsa_pridec_padding(to, num_bytes, from_buf, len, padding); - if (!ret) { + if (!ret) ret = UADK_DO_SOFT; - goto free_bn; - }
-free_bn: - BN_free(ret_bn); +free_dec_bn: + BN_free(dec_bn); free_buf: rsa_free_pri_bn_ctx(&from_buf); free_sess: @@ -1578,7 +1568,7 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, struct uadk_rsa_sess *rsa_sess = NULL; struct rsa_prikey_param *pri = NULL; unsigned char *from_buf = NULL; - BIGNUM *ret_bn = NULL; + BIGNUM *sign_bn = NULL; BIGNUM *to_bn = NULL; BIGNUM *res = NULL; int num_bytes, ret; @@ -1627,9 +1617,9 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, goto free_buf; }
- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, + sign_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, rsa_sess->req.dst_bytes, NULL); - if (!ret_bn) { + if (!sign_bn) { ret = UADK_DO_SOFT; goto free_buf; } @@ -1637,10 +1627,10 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, to_bn = BN_bin2bn(from_buf, num_bytes, NULL); if (!to_bn) { ret = UADK_DO_SOFT; - goto free_ret_bn; + goto free_sign_bn; }
- ret = rsa_get_sign_res(padding, to_bn, pri->n, ret_bn, &res); + ret = rsa_get_sign_res(padding, to_bn, pri->n, sign_bn, &res); if (!ret) { ret = UADK_DO_SOFT; goto free_to_bn; @@ -1650,8 +1640,8 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
free_to_bn: BN_free(to_bn); -free_ret_bn: - BN_free(ret_bn); +free_sign_bn: + BN_free(sign_bn); free_buf: rsa_free_pri_bn_ctx(&from_buf); free_sess: @@ -1673,7 +1663,7 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from, struct rsa_pubkey_param *pub = NULL; int num_bytes, is_crt, len, ret; unsigned char *from_buf = NULL; - BIGNUM *ret_bn = NULL; + BIGNUM *verify_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa); if (!ret) @@ -1716,33 +1706,31 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from, goto free_buf; }
- ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, + verify_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, rsa_sess->req.dst_bytes, NULL); - if (!ret_bn) { + if (!verify_bn) { ret = UADK_DO_SOFT; goto free_buf; }
- ret = rsa_get_verify_res(padding, pub->n, ret_bn); + ret = rsa_get_verify_res(padding, pub->n, verify_bn); if (!ret) { ret = UADK_DO_SOFT; - goto free_bn; + goto free_verify_bn; }
- len = BN_bn2binpad(ret_bn, from_buf, num_bytes); + len = BN_bn2binpad(verify_bn, from_buf, num_bytes); if (!len) { ret = UADK_DO_SOFT; - goto free_bn; + goto free_verify_bn; }
ret = check_rsa_pubdec_padding(to, num_bytes, from_buf, len, padding); - if (!ret) { + if (!ret) ret = UADK_DO_SOFT; - goto free_bn; - }
-free_bn: - BN_free(ret_bn); +free_verify_bn: + BN_free(verify_bn); free_buf: rsa_free_pub_bn_ctx(&from_buf); free_sess:
The process of releasing keygen parameter is supplemented: When an abnormal situation occurs, uadk engine needs to switch to software keygen function, so we need to free BN ctx we alloced before. But in normal situation, the BN ctx should be freed by OpenSSL tools or users, because the OpenSSL tool, for example, genrsa, has implemented the free operation, we should not free it again.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/e_uadk.c | 3 +-- src/uadk_rsa.c | 57 ++++++++++++++++++++++++++------------------------ 2 files changed, 31 insertions(+), 29 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c index ac4d738..cd97194 100644 --- a/src/e_uadk.c +++ b/src/e_uadk.c @@ -373,8 +373,7 @@ static void bind_fn_uadk_alg(ENGINE *e) }
/* - * This stuff is needed if this ENGINE is being - * compiled into a self-contained shared-library. + * Connect uadk_engine to OpenSSL engine library. */ static int bind_fn(ENGINE *e, const char *id) { diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index 598e1ca..dcfd0cf 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -970,15 +970,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess, return UADK_E_SUCCESS; }
-static int rsa_get_keygen_param(struct wd_rsa_req *req, - handle_t ctx, RSA *rsa, - struct rsa_keygen_param_bn *bn_param) +static int rsa_get_keygen_param(struct wd_rsa_req *req, handle_t ctx, RSA *rsa, + struct rsa_keygen_param_bn *bn_param, BN_CTX **bn_ctx_in) { struct wd_rsa_kg_out *out = (struct wd_rsa_kg_out *)req->dst; struct wd_dtb wd_d, wd_n, wd_qinv, wd_dq, wd_dp; BIGNUM *dmp1, *dmq1, *iqmp, *n, *d; unsigned int key_bits, key_size; - BN_CTX *bn_ctx; + BN_CTX *bn_ctx = *bn_ctx_in;
key_bits = wd_rsa_get_key_bits(ctx); if (!key_bits) @@ -988,30 +987,25 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req, wd_rsa_get_kg_out_params(out, &wd_d, &wd_n); wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp);
- bn_ctx = BN_CTX_new(); - if (!bn_ctx) - return UADK_E_FAIL; - - BN_CTX_start(bn_ctx); dmp1 = BN_CTX_get(bn_ctx); if (!dmp1) - goto free_bn_ctx; + return UADK_E_FAIL;
dmq1 = BN_CTX_get(bn_ctx); if (!dmq1) - goto free_bn_ctx; + return UADK_E_FAIL;
iqmp = BN_CTX_get(bn_ctx); if (!iqmp) - goto free_bn_ctx; + return UADK_E_FAIL;
n = BN_CTX_get(bn_ctx); if (!n) - goto free_bn_ctx; + return UADK_E_FAIL;
d = BN_CTX_get(bn_ctx); if (!d) - goto free_bn_ctx; + return UADK_E_FAIL;
BN_bin2bn((unsigned char *)wd_d.data, key_size, d); BN_bin2bn((unsigned char *)wd_n.data, key_size, n); @@ -1022,15 +1016,9 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req, if (!(RSA_set0_key(rsa, n, bn_param->e, d) && RSA_set0_factors(rsa, bn_param->p, bn_param->q) && RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp))) - goto free_bn_ctx; + return UADK_E_FAIL;
return UADK_E_SUCCESS; - -free_bn_ctx: - BN_CTX_end(bn_ctx); - BN_CTX_free(bn_ctx); - - return UADK_E_FAIL; }
static void uadk_e_rsa_cb(void *req_t) @@ -1190,7 +1178,7 @@ static void rsa_free_keygen_data(struct uadk_rsa_sess *rsa_sess)
static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param, struct rsa_keygen_param_bn **keygen_bn_param, - struct rsa_keypair **key_pair) + struct rsa_keypair **key_pair, BN_CTX **bn_ctx_in) { BN_CTX *bn_ctx;
@@ -1212,6 +1200,8 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param, goto free_key_pair;
BN_CTX_start(bn_ctx); + *bn_ctx_in = bn_ctx; + (*keygen_bn_param)->e = BN_CTX_get(bn_ctx); if (!(*keygen_bn_param)->e) goto free_bn_ctx; @@ -1241,8 +1231,21 @@ err:
static void rsa_keygen_param_free(struct rsa_keygen_param **keygen_param, struct rsa_keygen_param_bn **keygen_bn_param, - struct rsa_keypair **key_pair) + struct rsa_keypair **key_pair, BN_CTX **bn_ctx, + int free_bn_ctx_tag) { + /* + * When an abnormal situation occurs, uadk engine needs + * to switch to software keygen function, so we need to + * free BN ctx we alloced before. But in normal situation, + * the BN ctx should be freed by OpenSSL tools or users. + * Therefore, we use a tag to distinguish these cases. + */ + if (free_bn_ctx_tag == UADK_DO_SOFT) { + BN_CTX_end(*bn_ctx); + BN_CTX_free(*bn_ctx); + } + OPENSSL_free(*keygen_bn_param); OPENSSL_free(*keygen_param); OPENSSL_free(*key_pair); @@ -1338,6 +1341,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) struct rsa_keygen_param_bn *bn_param = NULL; struct uadk_rsa_sess *rsa_sess = NULL; struct rsa_keypair *key_pair = NULL; + BN_CTX *bn_ctx = NULL; int is_crt = 1; int ret;
@@ -1349,7 +1353,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) if (ret) goto exe_soft;
- ret = rsa_keygen_param_alloc(&keygen_param, &bn_param, &key_pair); + ret = rsa_keygen_param_alloc(&keygen_param, &bn_param, &key_pair, &bn_ctx); if (ret == -ENOMEM) goto exe_soft;
@@ -1382,8 +1386,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) goto free_kg_in_out; }
- ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess, - rsa, bn_param); + ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess, rsa, bn_param, &bn_ctx); if (!ret) ret = UADK_DO_SOFT;
@@ -1392,7 +1395,7 @@ free_kg_in_out: free_sess: rsa_free_eng_session(rsa_sess); free_keygen: - rsa_keygen_param_free(&keygen_param, &bn_param, &key_pair); + rsa_keygen_param_free(&keygen_param, &bn_param, &key_pair, &bn_ctx, ret); if (ret != UADK_DO_SOFT) return ret; exe_soft:
Switching to software methods in abnormal scenarios has been implemented in other functions, uadk_e_get_rsa_sw_methods() is actually unused, so we remove it.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_rsa.c | 49 +++++-------------------------------------------- 1 file changed, 5 insertions(+), 44 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index dcfd0cf..493c4b1 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -53,7 +53,6 @@ #define ENV_ENABLED 1
static RSA_METHOD *rsa_hw_meth; -static RSA_METHOD *rsa_sw_meth;
struct bignum_st { BN_ULONG *d; @@ -1748,25 +1747,11 @@ exe_soft: (flen, from, to, rsa, padding); }
-static RSA_METHOD *uadk_e_get_rsa_sw_methods(void) -{ - /* meth: default rsa software method */ - const RSA_METHOD *meth = RSA_PKCS1_OpenSSL(); - - rsa_sw_meth = RSA_meth_new("rsa soft method", 0); - (void)RSA_meth_set_pub_enc(rsa_sw_meth, RSA_meth_get_pub_enc(meth)); - (void)RSA_meth_set_priv_enc(rsa_sw_meth, RSA_meth_get_priv_enc(meth)); - (void)RSA_meth_set_pub_dec(rsa_sw_meth, RSA_meth_get_pub_dec(meth)); - (void)RSA_meth_set_priv_dec(rsa_sw_meth, RSA_meth_get_priv_dec(meth)); - (void)RSA_meth_set_keygen(rsa_sw_meth, uadk_e_soft_rsa_keygen); - (void)RSA_meth_set_mod_exp(rsa_sw_meth, RSA_meth_get_mod_exp(meth)); - (void)RSA_meth_set_bn_mod_exp(rsa_sw_meth, - RSA_meth_get_bn_mod_exp(meth)); - - return rsa_sw_meth; -} - -static RSA_METHOD *uadk_e_get_rsa_hw_methods(void) +/** + * uadk_get_rsa_method() - Set rsa hardware methods of the RSA implementation which + * can be called from ENGINE structure. + */ +static RSA_METHOD *uadk_e_get_rsa_methods(void) { if (rsa_hw_meth) return rsa_hw_meth; @@ -1791,36 +1776,12 @@ static RSA_METHOD *uadk_e_get_rsa_hw_methods(void) return rsa_hw_meth; }
-/** - * uadk_get_rsa_method() - Set rsa methods of the RSA implementation which - * can be called from ENGINE structure. - */ -static RSA_METHOD *uadk_e_get_rsa_methods(void) -{ - struct uacce_dev *dev; - - dev = wd_get_accel_dev("rsa"); - if (!dev) - return uadk_e_get_rsa_sw_methods(); - - free(dev); - return uadk_e_get_rsa_hw_methods(); -} - static void uadk_e_delete_rsa_meth(void) { - if (!rsa_hw_meth && !rsa_sw_meth) - return; - if (rsa_hw_meth) { RSA_meth_free(rsa_hw_meth); rsa_hw_meth = NULL; } - - if (rsa_sw_meth) { - RSA_meth_free(rsa_sw_meth); - rsa_sw_meth = NULL; - } }
/**
-
Zhiqi Song