This is a patch set about some bugfix and cleanup of uadk_engine.
Hao Fang (1): uadk_engine: use HW_V2/HW_V3 to distinguish different hardware platforms.
Longfang Liu (1): uadk/engine: Update the numa parameter of the scheduler
Zhiqi Song (8): sm2: bugfix about segfault in sm2 ctrl function uadk_engine: bugfix side effects of right operand uadk_engine: cleanup avoid modify param of functions rsa: cleanup uninitialized value uadk_engine: cleanup storage class position uadk_engine: bugfix enable environment variable uadk_engine: cleanup magic number and comments uadk_engine: cleanup header file
If there is no available instance, the sm2_init() will failed, the setting of sched_init() will failed, so sched_init() will be NULL. If the sm2_ctrl() function still call the sm2_update_sess() in this situation, and make wd_ecc_alloc_sess() to call sched_init(), there will be a segfault.
The solution is to modify the status field of sm2_ctx, make the variable 'init_status' to indicate the status of init operation: 'CTX_UNINIT' indicates the init operation has not been performed, 'CTX_INIT_SUCC' indicates the init operation has been succeeded, 'CTX_INIT_FAIL' indicates the init operation has been failed.
The sm2_update_sess() will only be called if the 'init_status' is 'CTX_INIT_SUCC'. Then there will be no segfault.
And when there is no available instance, it should switch to openssl software method, so modify some return values to help finish this process.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_sm2.c | 44 ++++++++++++++++++++++++++++++++------------ 1 file changed, 32 insertions(+), 12 deletions(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c index 1ef6032..3ecce6b 100644 --- a/src/uadk_sm2.c +++ b/src/uadk_sm2.c @@ -25,6 +25,12 @@ #include "uadk.h" #include "uadk_pkey.h"
+enum { + CTX_INIT_FAIL = -1, + CTX_UNINIT, + CTX_INIT_SUCC +}; + typedef struct { /* Key and paramgen group */ EC_GROUP *gen_group; @@ -43,7 +49,7 @@ struct sm2_ctx { const BIGNUM *prikey; const EC_POINT *pubkey; BIGNUM *order; - bool is_init; + int init_status; };
typedef struct sm2_ciphertext { @@ -165,6 +171,7 @@ static int sm2_update_sess(struct sm2_ctx *smctx)
memset(&setup, 0, sizeof(setup)); setup.alg = "sm2"; + if (smctx->ctx.md) { setup.hash.cb = compute_hash; setup.hash.usr = (void *)smctx->ctx.md; @@ -189,6 +196,7 @@ static int sm2_update_sess(struct sm2_ctx *smctx)
if (smctx->sess) wd_ecc_free_sess(smctx->sess); + smctx->sess = sess; smctx->prikey = NULL; smctx->pubkey = NULL; @@ -636,7 +644,7 @@ static int sm2_sign_check(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
if (!smctx || !smctx->sess) { fprintf(stderr, "smctx or sess NULL\n"); - return -EINVAL; + return UADK_DO_SOFT; }
if (sig_sz <= 0) { @@ -676,7 +684,7 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, if (ret) goto do_soft;
- if (!smctx->is_init) { + if (smctx->init_status != CTX_INIT_SUCC) { ret = UADK_DO_SOFT; goto do_soft; } @@ -744,6 +752,13 @@ static int sm2_verify_check(EVP_PKEY_CTX *ctx, const unsigned char *tbs, size_t tbslen) { + struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx); + + if (!smctx || !smctx->sess) { + fprintf(stderr, "smctx or sess NULL\n"); + return UADK_DO_SOFT; + } + if (tbslen > SM2_KEY_BYTES) return UADK_DO_SOFT;
@@ -772,7 +787,7 @@ static int sm2_verify(EVP_PKEY_CTX *ctx, if (ret) goto do_soft;
- if (!smctx->is_init) { + if (smctx->init_status != CTX_INIT_SUCC) { ret = UADK_DO_SOFT; goto do_soft; } @@ -853,7 +868,7 @@ static int sm2_encrypt_check(EVP_PKEY_CTX *ctx,
if (!smctx || !smctx->sess) { fprintf(stderr, "smctx or sess NULL\n"); - return 0; + return UADK_DO_SOFT; }
md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md; @@ -897,7 +912,7 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx, if (ret) goto do_soft;
- if (!smctx->is_init) { + if (smctx->init_status != CTX_INIT_SUCC) { ret = UADK_DO_SOFT; goto do_soft; } @@ -953,7 +968,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx,
if (!smctx || !smctx->sess) { fprintf(stderr, "smctx or sess NULL\n"); - return -EINVAL; + return UADK_DO_SOFT; }
md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md; @@ -1038,7 +1053,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx, if (ret) goto do_soft;
- if (!smctx->is_init) { + if (smctx->init_status != CTX_INIT_SUCC) { ret = UADK_DO_SOFT; goto do_soft; } @@ -1124,18 +1139,18 @@ static int sm2_init(EVP_PKEY_CTX *ctx) ret = uadk_init_ecc(); if (ret) { fprintf(stderr, "failed to uadk_init_ecc, ret = %d\n", ret); - smctx->is_init = false; + smctx->init_status = CTX_INIT_FAIL; goto end; }
ret = sm2_update_sess(smctx); if (ret) { fprintf(stderr, "failed to update sess\n"); - smctx->is_init = false; + smctx->init_status = CTX_INIT_FAIL; goto end; }
- smctx->is_init = true; + smctx->init_status = CTX_INIT_SUCC; end: EVP_PKEY_CTX_set_data(ctx, smctx); EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0); @@ -1196,8 +1211,13 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 1; case EVP_PKEY_CTRL_MD: smctx->ctx.md = p2; - if (sm2_update_sess(smctx)) + if (smctx->init_status != CTX_INIT_SUCC) + return 1; + + if (sm2_update_sess(smctx)) { + fprintf(stderr, "failed to set MD\n"); return 0; + } return 1; case EVP_PKEY_CTRL_GET_MD: *(const EVP_MD **)p2 = smctx->ctx.md;
From: Hao Fang fanghao11@huawei.com
Hardware version numbers are used to distinguish different hardware.
Signed-off-by: Hao Fang fanghao11@huawei.com Tested-by: Junchong Pan panjunchong@hisilicon.com --- src/uadk.h | 4 ++-- src/uadk_cipher.c | 22 +++++++++++----------- test/sanity_test.sh | 8 ++++---- 3 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h index a00f6ac..6d8d5d5 100644 --- a/src/uadk.h +++ b/src/uadk.h @@ -26,8 +26,8 @@ #define ENGINE_RECV_MAX_CNT 60000000
enum { - KUNPENG920, - KUNPENG930, + HW_V2, + HW_V3, };
extern const char *engine_uadk_id; diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c index b75cc99..cf7f4bb 100644 --- a/src/uadk_cipher.c +++ b/src/uadk_cipher.c @@ -76,7 +76,7 @@ static int platform;
#define SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT 192
-static int cipher_920_nids[] = { +static int cipher_hw_v2_nids[] = { NID_aes_128_cbc, NID_aes_192_cbc, NID_aes_256_cbc, @@ -92,7 +92,7 @@ static int cipher_920_nids[] = { 0, };
-static int cipher_930_nids[] = { +static int cipher_hw_v3_nids[] = { NID_aes_128_cbc, NID_aes_192_cbc, NID_aes_256_cbc, @@ -341,9 +341,9 @@ static int uadk_get_accel_platform(char *alg_name) return 0;
if (!strcmp(dev->api, "hisi_qm_v2")) - platform = KUNPENG920; + platform = HW_V2; else - platform = KUNPENG930; + platform = HW_V3; free(dev);
return 1; @@ -357,12 +357,12 @@ static int uadk_e_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, int size; int i;
- if (platform == KUNPENG920) { - size = (sizeof(cipher_920_nids) - 1) / sizeof(int); - cipher_nids = cipher_920_nids; + if (platform == HW_V2) { + size = (sizeof(cipher_hw_v2_nids) - 1) / sizeof(int); + cipher_nids = cipher_hw_v2_nids; } else { - size = (sizeof(cipher_930_nids) - 1) / sizeof(int); - cipher_nids = cipher_930_nids; + size = (sizeof(cipher_hw_v3_nids) - 1) / sizeof(int); + cipher_nids = cipher_hw_v3_nids; }
if (!cipher) { @@ -1069,7 +1069,7 @@ int uadk_e_bind_cipher(ENGINE *e) }
bind_v2_cipher(); - if (platform > KUNPENG920) + if (platform > HW_V2) bind_v3_cipher();
return ENGINE_set_ciphers(e, uadk_e_engine_ciphers); @@ -1151,7 +1151,7 @@ void uadk_e_destroy_cipher(void) pthread_spin_destroy(&engine.lock);
destroy_v2_cipher(); - if (platform > KUNPENG920) + if (platform > HW_V2) destroy_v3_cipher(); }
diff --git a/test/sanity_test.sh b/test/sanity_test.sh index 4273310..c901796 100755 --- a/test/sanity_test.sh +++ b/test/sanity_test.sh @@ -91,7 +91,7 @@ if [[ $algs =~ "RSA" ]]; then openssl speed -elapsed -engine $engine_id -async_jobs 1 rsa4096 fi
-#ecdsa only supported in Kunpeng930 or later +#ecdsa only supported in HW_V3 or later if [[ $algs =~ "id-ecPublicKey" ]]; then echo "testing ECDSA" openssl speed -elapsed -engine $engine_id ecdsap224 @@ -104,21 +104,21 @@ if [[ $algs =~ "id-ecPublicKey" ]]; then openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdsap521 fi
-#X25519 only supported in Kunpeng930 or later +#X25519 only supported in HW_V3 or later if [[ $algs =~ "X25519" ]]; then echo "testing X25519" openssl speed -elapsed -engine $engine_id ecdhx25519 openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhx25519 fi
-#X448 only supported in Kunpeng930 or later +#X448 only supported in HW_V3 or later if [[ $algs =~ "X448" ]]; then echo "testing X448" openssl speed -elapsed -engine $engine_id ecdhx448 openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhx448 fi
-#ecdh only supported in Kunpeng930 or later +#ecdh only supported in HW_V3 or later if [[ $algs =~ "id-ecPublicKey" ]]; then echo "testing ECDH" openssl speed -elapsed -engine $engine_id ecdhp192
From: Longfang Liu liulongfang@huawei.com
In the scenario where multiple devices are enabled at the same time through environment variables, fixing a numa id will make other devices unusable. When using the default numa parameter, the scheduler will automatically allocate device resources according to the CPU id of the thread, so as to realize all devices.
Signed-off-by: Longfang Liu liulongfang@huawei.com --- src/uadk_cipher.c | 4 ++-- src/uadk_digest.c | 3 ++- src/uadk_rsa.c | 4 +++- 3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c index cf7f4bb..e56cf01 100644 --- a/src/uadk_cipher.c +++ b/src/uadk_cipher.c @@ -468,7 +468,6 @@ static handle_t sched_single_init(handle_t h_sched_ctx, void *sched_param) return (handle_t)0; }
- skey->numa_id = param->numa_id; skey->type = param->type;
return (handle_t)skey; @@ -877,7 +876,8 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv) if (ret) params.type = 0;
- params.numa_id = engine.numa_id; + /* Use the default numa parameters */ + params.numa_id = -1; priv->setup.sched_param = ¶ms; if (!priv->sess) { priv->sess = wd_cipher_alloc_sess(&priv->setup); diff --git a/src/uadk_digest.c b/src/uadk_digest.c index fff0a75..51d67be 100644 --- a/src/uadk_digest.c +++ b/src/uadk_digest.c @@ -522,7 +522,8 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) return 0; }
- params.numa_id = engine.numa_id; + /* Use the default numa parameters */ + params.numa_id = -1; priv->setup.sched_param = ¶ms; priv->sess = wd_digest_alloc_sess(&priv->setup); if (unlikely(!priv->sess)) diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index 493c4b1..4618d6b 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -881,7 +881,9 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
rsa_sess->key_size = key_size; rsa_sess->setup.key_bits = key_size << BIT_BYTES_SHIFT; - params.numa_id = g_rsa_res.numa_id; + + /* Use the default numa parameters */ + params.numa_id = -1; rsa_sess->setup.sched_param = ¶ms; rsa_sess->setup.is_crt = is_crt;
The right operand of while condition may contains side effects, variables change "rx_cnt++". Move 'rx_cnt++' from condition to statement.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_cipher.c | 13 ++++++++----- src/uadk_dh.c | 18 +++++++++++------- src/uadk_digest.c | 13 ++++++++----- src/uadk_pkey.c | 13 ++++++++----- src/uadk_rsa.c | 14 +++++++++----- 5 files changed, 44 insertions(+), 27 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c index cf7f4bb..e74a8c8 100644 --- a/src/uadk_cipher.c +++ b/src/uadk_cipher.c @@ -516,11 +516,13 @@ static int uadk_e_cipher_poll(void *ctx)
do { ret = wd_cipher_poll_ctx(idx, expt, &recv); - if (recv == expt) + if (!ret && recv == expt) return 0; - else if (ret < 0 && ret != -EAGAIN) - return ret; - } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); + else if (ret == -EAGAIN) + rx_cnt++; + else + return -1; + } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -539,7 +541,8 @@ static int uadk_e_cipher_env_poll(void *ctx) ret = wd_cipher_poll(expt, &recv); if (ret < 0 || recv == expt) return ret; - } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); + rx_cnt++; + } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
diff --git a/src/uadk_dh.c b/src/uadk_dh.c index 4127d48..78d0a03 100644 --- a/src/uadk_dh.c +++ b/src/uadk_dh.c @@ -48,6 +48,7 @@ #define UADK_E_SUCCESS 1 #define UADK_E_FAIL 0 #define UADK_E_POLL_SUCCESS 0 +#define UADK_E_POLL_FAIL (-1) #define UADK_E_INIT_SUCCESS 0 #define ENV_ENABLED 1
@@ -206,17 +207,19 @@ static int uadk_e_dh_poll(void *ctx) { __u64 rx_cnt = 0; __u32 recv = 0; - int expect = 1; + int expt = 1; int idx = 1; int ret;
do { - ret = wd_dh_poll_ctx(idx, expect, &recv); - if (recv == expect) + ret = wd_dh_poll_ctx(idx, expt, &recv); + if (!ret && recv == expt) return UADK_E_POLL_SUCCESS; - else if (ret < 0 && ret != -EAGAIN) - return ret; - } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); + else if (ret == -EAGAIN) + rx_cnt++; + else + return UADK_E_POLL_FAIL; + } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -283,7 +286,8 @@ static int uadk_e_dh_env_poll(void *ctx) ret = wd_dh_poll(expt, &recv); if (ret < 0 || recv == expt) return ret; - } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); + rx_cnt++; + } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
diff --git a/src/uadk_digest.c b/src/uadk_digest.c index fff0a75..60f9fbf 100644 --- a/src/uadk_digest.c +++ b/src/uadk_digest.c @@ -342,11 +342,13 @@ static int uadk_e_digest_poll(void *ctx)
do { ret = wd_digest_poll_ctx(CTX_ASYNC, expt, &recv); - if (recv == expt) + if (!ret && recv == expt) return 0; - else if (ret < 0 && ret != -EAGAIN) - return ret; - } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); + else if (ret == -EAGAIN) + rx_cnt++; + else + return -1; + } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -365,7 +367,8 @@ static int uadk_e_digest_env_poll(void *ctx) ret = wd_digest_poll(expt, &recv); if (ret < 0 || recv == expt) return ret; - } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); + rx_cnt++; + } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c index d784b01..2e7e439 100644 --- a/src/uadk_pkey.c +++ b/src/uadk_pkey.c @@ -110,11 +110,13 @@ static int uadk_ecc_poll(void *ctx)
do { ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv); - if (recv == expt) + if (!ret && recv == expt) return 0; - else if (ret < 0 && ret != -EAGAIN) - return ret; - } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); + else if (ret == -EAGAIN) + rx_cnt++; + else + return -1; + } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -153,7 +155,8 @@ static int uadk_e_ecc_env_poll(void *ctx) ret = wd_ecc_poll(expt, &recv); if (ret < 0 || recv == expt) return ret; - } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); + rx_cnt++; + } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index 493c4b1..5cd93c8 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -48,6 +48,7 @@ #define UADK_E_FAIL 0 #define UADK_DO_SOFT (-0xE0) #define UADK_E_POLL_SUCCESS 0 +#define UADK_E_POLL_FAIL (-1) #define UADK_E_INIT_SUCCESS 0 #define CHECK_PADDING_FAIL (-1) #define ENV_ENABLED 1 @@ -664,11 +665,13 @@ static int uadk_e_rsa_poll(void *ctx)
do { ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv); - if (recv == expt) + if (!ret && recv == expt) return UADK_E_POLL_SUCCESS; - else if (ret < 0 && ret != -EAGAIN) - return ret; - } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT)); + else if (ret == -EAGAIN) + rx_cnt++; + else + return UADK_E_POLL_FAIL; + } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -700,7 +703,8 @@ static int uadk_e_rsa_env_poll(void *ctx) ret = wd_rsa_poll(expt, &recv); if (ret < 0 || recv == expt) return ret; - } while (rx_cnt++ < ENGINE_RECV_MAX_CNT); + rx_cnt++; + } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
Modify static check warning of clangtidy tool: parameters of function should not be used as working variable.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_cipher.c | 9 +++++---- src/uadk_ec.c | 5 +++-- 2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c index e74a8c8..d5c074e 100644 --- a/src/uadk_cipher.c +++ b/src/uadk_cipher.c @@ -749,17 +749,18 @@ static void ctr_iv_inc(uint8_t *counter, __u32 c) { uint32_t n = CTR_128BIT_COUNTER; uint8_t *counter1 = counter; + __u32 c_value = c;
/* * Since the counter has been increased 1 by the hardware, * so the c need to decrease 1. */ - c = c - 1; + c_value -= 1; do { --n; - c += counter1[n]; - counter1[n] = (uint8_t)c; - c >>= BYTE_BITS; + c_value += counter1[n]; + counter1[n] = (uint8_t)c_value; + c_value >>= BYTE_BITS; } while (n); }
diff --git a/src/uadk_ec.c b/src/uadk_ec.c index 2ed5755..e9bbda7 100644 --- a/src/uadk_ec.c +++ b/src/uadk_ec.c @@ -72,14 +72,15 @@ static void init_dtb_param(void *dtb, char *start, __u32 dsz, __u32 bsz, __u32 num) { struct wd_dtb *tmp = dtb; + char *buff = start; int i = 0;
while (i++ < num) { - tmp->data = start; + tmp->data = buff; tmp->dsize = dsz; tmp->bsize = bsz; tmp += 1; - start += bsz; + buff += bsz; } }
The private key related parameters should be initialized before using.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_rsa.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index 5cd93c8..dd62e0a 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -930,14 +930,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess, struct rsa_prikey_param *pri, unsigned char *in_buf, unsigned char *to) { - struct wd_rsa_prikey *prikey; - struct wd_dtb *wd_dq; - struct wd_dtb *wd_dp; - struct wd_dtb *wd_q; - struct wd_dtb *wd_p; - struct wd_dtb *wd_qinv; - struct wd_dtb *wd_d; - struct wd_dtb *wd_n; + struct wd_rsa_prikey *prikey = NULL; + struct wd_dtb *wd_qinv = NULL; + struct wd_dtb *wd_dq = NULL; + struct wd_dtb *wd_dp = NULL; + struct wd_dtb *wd_q = NULL; + struct wd_dtb *wd_p = NULL; + struct wd_dtb *wd_d = NULL; + struct wd_dtb *wd_n = NULL;
if (!(rsa_sess->is_prikey_ready) && (pri->is_crt)) { wd_rsa_get_prikey(rsa_sess->sess, &prikey);
Storage class should be specified after a type.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/e_uadk.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c index cd97194..5aaf113 100644 --- a/src/e_uadk.c +++ b/src/e_uadk.c @@ -88,13 +88,11 @@ static const ENGINE_CMD_DEFN g_uadk_cmd_defns[] = { } };
-__attribute__((constructor)) -static void uadk_constructor(void) +static void __attribute__((constructor)) uadk_constructor(void) { }
-__attribute__((destructor)) -static void uadk_destructor(void) +static void __attribute__((destructor)) uadk_destructor(void) { }
When the 'alg_name' set by the user is valid, the 'env_enabled' field should be set or returned.
Fixes: 3c0c996ef1b43("uadk_engine:fix string compare mode") Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/e_uadk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c index 5aaf113..f879870 100644 --- a/src/e_uadk.c +++ b/src/e_uadk.c @@ -115,7 +115,7 @@ int uadk_e_is_env_enabled(const char *alg_name) int i = 0;
while (i < len) { - if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) + if (!strcmp(uadk_env_enabled[i].alg_name, alg_name)) return uadk_env_enabled[i].env_enabled; i++; } @@ -129,7 +129,7 @@ static void uadk_e_set_env_enabled(const char *alg_name, __u8 value) int i = 0;
while (i < len) { - if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) { + if (!strcmp(uadk_env_enabled[i].alg_name, alg_name)) { uadk_env_enabled[i].env_enabled = value; return; }
Use macros to replace magic numbers and related operations. Simplify code comments and unify style.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_cipher.c | 4 +--- src/uadk_dh.c | 5 ++--- src/uadk_digest.c | 2 +- src/uadk_ec.c | 51 ++++++++++++++++++++++++----------------------- src/uadk_ecx.c | 40 +++++++++++++++++++++---------------- src/uadk_pkey.c | 9 ++++----- src/uadk_pkey.h | 6 +++++- src/uadk_rsa.c | 25 ++++++++++------------- src/uadk_sm2.c | 23 +++++++++++---------- 9 files changed, 84 insertions(+), 81 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c index 717ba48..7acaa73 100644 --- a/src/uadk_cipher.c +++ b/src/uadk_cipher.c @@ -479,13 +479,11 @@ static __u32 sched_single_pick_next_ctx(handle_t sched_ctx, struct sched_params *key = (struct sched_params *)sched_key;
if (sched_mode) { - /* async */ if (key->type == WD_CIPHER_ENCRYPTION) return CTX_ASYNC_ENC; else return CTX_ASYNC_DEC; } else { - /* sync */ if (key->type == WD_CIPHER_ENCRYPTION) return CTX_SYNC_ENC; else @@ -743,7 +741,7 @@ static void async_cb(struct wd_cipher_req *req, void *data) } }
-/* increment counter (128-bit int) by c */ +/* Increment counter (128-bit int) by c */ static void ctr_iv_inc(uint8_t *counter, __u32 c) { uint32_t n = CTR_128BIT_COUNTER; diff --git a/src/uadk_dh.c b/src/uadk_dh.c index 78d0a03..3ec3011 100644 --- a/src/uadk_dh.c +++ b/src/uadk_dh.c @@ -603,7 +603,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p, if (!ag_bin) return UADK_E_FAIL;
- /* malloc a contiguous chunk of memory */ + /* Malloc a contiguous chunk of memory */ apriv_key_bin = OPENSSL_malloc(key_size * DH_PARAMS_CNT); if (!apriv_key_bin) goto free_ag; @@ -615,7 +615,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p, memset(ap_bin, 0, key_size); memset(out_pri, 0, key_size);
- /* construct data block of g */ + /* Construct data block of g */ ret = dh_set_g(g, key_size, ag_bin, dh_sess); if (!ret) goto free_apriv; @@ -623,7 +623,6 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p, dh_sess->req.xbytes = BN_bn2bin(priv_key, apriv_key_bin); dh_sess->req.pbytes = BN_bn2bin(p, ap_bin); dh_sess->req.x_p = (void *)apriv_key_bin; - /* the output from uadk */ dh_sess->req.pri = out_pri; dh_sess->req.pri_bytes = key_size; dh_sess->req.op_type = WD_DH_PHASE1; diff --git a/src/uadk_digest.c b/src/uadk_digest.c index dcfab9f..cfdc852 100644 --- a/src/uadk_digest.c +++ b/src/uadk_digest.c @@ -70,7 +70,7 @@ static struct digest_engine engine;
struct evp_md_ctx_st { const EVP_MD *digest; - /* functional reference if 'digest' is ENGINE-provided */ + /* Functional reference if 'digest' is ENGINE-provided */ ENGINE *engine; unsigned long flags; void *md_data; diff --git a/src/uadk_ec.c b/src/uadk_ec.c index e9bbda7..b07b610 100644 --- a/src/uadk_ec.c +++ b/src/uadk_ec.c @@ -27,23 +27,23 @@ #include "uadk.h"
#define ECC128BITS 128 -#define ECC192BITS 192 -#define ECC224BITS 224 -#define ECC256BITS 256 -#define ECC320BITS 320 -#define ECC384BITS 384 -#define ECC521BITS 521 +#define ECC192BITS 192 +#define ECC224BITS 224 +#define ECC256BITS 256 +#define ECC320BITS 320 +#define ECC384BITS 384 +#define ECC521BITS 521
struct curve_param { - /* prime */ + /* Prime */ BIGNUM *p; - /* ecc coefficient 'a' */ + /* ECC coefficient 'a' */ BIGNUM *a; - /* ecc coefficient 'b' */ + /* ECC coefficient 'b' */ BIGNUM *b; - /* base point */ + /* Base point */ const EC_POINT *g; - /* order of base point */ + /* Order of base point */ const BIGNUM *order; };
@@ -176,7 +176,6 @@ free_ctx:
static int get_smallest_hw_keybits(int bits) { - /* ec curve order width */ if (bits > ECC384BITS) return ECC521BITS; else if (bits > ECC320BITS) @@ -283,7 +282,7 @@ static int eckey_check(const EC_KEY *eckey) return -1; }
- /* field GF(2m) is not supported by uadk */ + /* Field GF(2m) is not supported by uadk */ if (!uadk_prime_field(group)) return UADK_DO_SOFT;
@@ -336,22 +335,25 @@ static int set_digest(handle_t sess, struct wd_dtb *e, unsigned int dlen = sdgst->dsize; BIGNUM *m;
- if (dlen << UADK_BITS_2_BYTES_SHIFT > order_bits) { + if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits) { m = BN_new();
/* Need to truncate digest if it is too long: first truncate * whole bytes */ - dlen = (order_bits + 7) >> UADK_BITS_2_BYTES_SHIFT; + dlen = BITS_TO_BYTES(order_bits); if (!BN_bin2bn(dgst, dlen, m)) { fprintf(stderr, "failed to BN_bin2bn digest\n"); BN_free(m); return -1; }
- /* If still too long, truncate remaining bits with a shift */ - if (dlen << UADK_BITS_2_BYTES_SHIFT > order_bits && - !BN_rshift(m, m, 8 - (order_bits & 0x7))) { + /* If the length of digest is still longer than the length + * of the base point order, truncate remaining bits with a + * shift to that length + */ + if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits && + !BN_rshift(m, m, DGST_SHIFT_NUM(order_bits))) { fprintf(stderr, "failed to truncate input digest\n"); BN_free(m); return -1; @@ -743,7 +745,7 @@ err:
static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) { - unsigned char buff[SM2_KEY_BYTES * 2 + 1] = {UADK_OCTET_STRING}; + unsigned char buff[ECC_POINT_SIZE(SM2_KEY_BYTES) + 1] = {UADK_OCTET_STRING}; struct wd_ecc_point *pubkey = NULL; struct wd_dtb *privkey = NULL; const EC_GROUP *group; @@ -768,8 +770,8 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req) return -ENOMEM; }
- memcpy(buff + 1, pubkey->x.data, SM2_KEY_BYTES * 2); - tmp = BN_bin2bn(buff, SM2_KEY_BYTES * 2 + 1, NULL); + memcpy(buff + 1, pubkey->x.data, ECC_POINT_SIZE(SM2_KEY_BYTES)); + tmp = BN_bin2bn(buff, ECC_POINT_SIZE(SM2_KEY_BYTES) + 1, NULL); ptr = EC_POINT_bn2point(group, tmp, point, NULL); BN_free(tmp); if (!ptr) { @@ -1029,7 +1031,7 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req, in_pkey.x.dsize = BN_bn2bin(pkey_x, (unsigned char *)in_pkey.x.data); in_pkey.y.dsize = BN_bn2bin(pkey_y, (unsigned char *)in_pkey.y.data);
- /* set public key */ + /* Set public key */ ecdh_in = wd_ecxdh_new_in(sess, &in_pkey); if (!ecdh_in) { fprintf(stderr, "failed to new ecxdh in\n"); @@ -1075,7 +1077,7 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req) }
key_size_std = (unsigned int)(EC_GROUP_get_degree(group) + - UADK_ECC_PADDING) >> UADK_BITS_2_BYTES_SHIFT; + UADK_ECC_PADDING) >> TRANS_BITS_BYTES_SHIFT; key_size_x = pubkey->x.dsize; key_size_y = pubkey->y.dsize; if ((key_size_x > key_size_std) || (key_size_y > key_size_std)) { @@ -1088,9 +1090,8 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req) * tag - 1 byte * point_x - [key_size_std] bytes * point_y - [key_size_std] bytes - * so the malloc size is: key_size_std * 2 + 1 */ - buff_size = key_size_std * 2 + 1; + buff_size = ECC_POINT_SIZE(key_size_std) + 1; x_shift = key_size_std - key_size_x + 1; y_shift = buff_size - key_size_y; buff = (unsigned char *)OPENSSL_malloc(buff_size); diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c index 73c41b9..56ce3dc 100644 --- a/src/uadk_ecx.c +++ b/src/uadk_ecx.c @@ -295,33 +295,39 @@ static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx,
memcpy(ecx_key->pubkey, (const unsigned char *)pubkey->x.data, key_size); - /* trans public key from big-endian to little-endian */ + /* Trans public key from big-endian to little-endian */ ret = reverse_bytes(ecx_key->pubkey, key_size); if (!ret) { fprintf(stderr, "failed to trans public key\n"); return UADK_E_FAIL; } - /* trans private key from big-endian to little-endian */ + /* Trans private key from big-endian to little-endian */ ret = reverse_bytes(ecx_key->privkey, key_size); if (!ret) { fprintf(stderr, "failed to trans private key\n"); return UADK_E_FAIL; } /* - * This is a pretreatment of X25519/X448, as described in RFC 7748: - * For X25519, in order to decode 32 random bytes as an integer - * scaler, set the three LSB of the first byte and MSB of the last - * to zero, set the second MSB of the last byte to 1. - * For X448, set the two LSB of the first byte to 0, and MSB of the - * last byte to 1. Decode in little-endian mode. + * This is a pretreatment of X25519/X448 described in RFC 7748. + * In order to decode the random bytes as an integer scaler, there + * are some special data processing. And use little-endian mode for + * decoding. */ if (ecx_ctx->nid == EVP_PKEY_X25519) { - ecx_key->privkey[0] &= 248; - ecx_key->privkey[X25519_KEYLEN - 1] &= 127; - ecx_key->privkey[X25519_KEYLEN - 1] |= 64; + /* Set the three LSB of the first byte to 0 */ + ecx_key->privkey[0] &= 0xF8; + + /* Set the MSB of the last byte to 0 */ + ecx_key->privkey[X25519_KEYLEN - 1] &= 0x7F; + + /* Set the second MSB of the last byte to 1 */ + ecx_key->privkey[X25519_KEYLEN - 1] |= 0x40; } else if (ecx_ctx->nid == EVP_PKEY_X448) { - ecx_key->privkey[0] &= 252; - ecx_key->privkey[X448_KEYLEN - 1] |= 128; + /* Set the two LSB of the first byte to 0 */ + ecx_key->privkey[0] &= 0xFC; + + /* Set the MSB of the last byte to 1 */ + ecx_key->privkey[X448_KEYLEN - 1] |= 0x80; }
ret = EVP_PKEY_assign(pkey, ecx_ctx->nid, ecx_key); @@ -494,7 +500,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req, struct wd_ecc_in *ecx_in; int ret;
- /* trans public key from little-endian to big-endian */ + /* Trans public key from little-endian to big-endian */ ret = reverse_bytes(peer_ecx_key->pubkey, key_size); if(!ret) { fprintf(stderr, "failed to trans public key\n"); @@ -521,7 +527,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req,
uadk_ecc_fill_req(req, WD_ECXDH_COMPUTE_KEY, ecx_in, ecx_out);
- /* trans public key from big-endian to little-endian */ + /* Trans public key from big-endian to little-endian */ ret = reverse_bytes(peer_ecx_key->pubkey, key_size); if (!ret) { fprintf(stderr, "failed to trans public key\n"); @@ -553,7 +559,7 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, struct wd_dtb prikey; int ret;
- /* trans private key from little-endian to big-endian */ + /* Trans private key from little-endian to big-endian */ ret = reverse_bytes(ecx_key->privkey, key_size); if (!ret) { fprintf(stderr, "failed to trans private key\n"); @@ -569,7 +575,7 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, return UADK_E_FAIL; }
- /* trans private key from big-endian to little-endian */ + /* Trans private key from big-endian to little-endian */ ret = reverse_bytes(ecx_key->privkey, key_size); if (!ret) { fprintf(stderr, "failed to trans private key\n"); diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c index 2e7e439..5dc1c60 100644 --- a/src/uadk_pkey.c +++ b/src/uadk_pkey.c @@ -44,7 +44,7 @@ struct ecc_res_config { int numa_id; };
-/* ecc global hardware resource is saved here */ +/* ECC global hardware resource is saved here */ struct ecc_res { struct wd_ctx_config *ctx_res; int pid; @@ -123,7 +123,7 @@ static int uadk_ecc_poll(void *ctx) return -ETIMEDOUT; }
-/* make resource configure static */ +/* Make resource configure static */ struct ecc_res_config ecc_res_config = { .sched = { .sched_type = -1, @@ -234,7 +234,7 @@ static int uadk_wd_ecc_init(struct ecc_res_config *config) struct uacce_dev *dev; int ret;
- /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */ + /* The ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */ dev = wd_get_accel_dev("ecdsa"); if (!dev) return -ENOMEM; @@ -396,8 +396,7 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey) return -EINVAL; }
- /* pad and convert bits to bytes */ - buflen = (EC_GROUP_get_degree(group) + 7) / 8; + buflen = BITS_TO_BYTES(EC_GROUP_get_degree(group)); ecc_key = wd_ecc_get_key(sess); prikey.data = (void *)bin; prikey.dsize = BN_bn2binpad(d, bin, buflen); diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h index dfe6fbe..b01f514 100644 --- a/src/uadk_pkey.h +++ b/src/uadk_pkey.h @@ -26,7 +26,6 @@ #define UADK_ECC_MAX_KEY_BITS 521 #define UADK_ECC_MAX_KEY_BYTES 66 #define UADK_ECC_CV_PARAM_NUM 6 -#define UADK_BITS_2_BYTES_SHIFT 3 #define SM2_KEY_BYTES 32 #define UADK_OCTET_STRING 4 #define UADK_ECC_PUBKEY_PARAM_NUM 2 @@ -34,6 +33,11 @@ #define UADK_ECDH_CV_NUM 8 #define ENV_ENABLED 1 #define UADK_E_INVALID (-2) +#define TRANS_BITS_BYTES_SHIFT 3 +#define ECC_POINT_SIZE(n) ((n) * 2) +#define GET_MS_BYTE(n) ((n) >> 8) +#define GET_LS_BYTE(n) ((n) & 0xFF) +#define DGST_SHIFT_NUM(n) (8 - ((n) & 0x7))
struct uadk_pkey_meth { EVP_PKEY_METHOD *sm2; diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index 363dc5a..a5d5520 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -52,6 +52,9 @@ #define UADK_E_INIT_SUCCESS 0 #define CHECK_PADDING_FAIL (-1) #define ENV_ENABLED 1 +#define PRIME_RETRY_COUNT 4 +#define GENCB_NEXT 2 +#define GENCB_RETRY 3
static RSA_METHOD *rsa_hw_meth;
@@ -173,11 +176,7 @@ static int rsa_prime_mul_res(int num, struct rsa_prime_param *param, if (!BN_mul(param->r1, param->rsa_p, param->rsa_q, ctx)) return BN_ERR; } else { - /* - * Use the number 3 to indicate whether - * the generator has been found. - */ - if (!BN_GENCB_call(cb, 3, num)) + if (!BN_GENCB_call(cb, GENCB_RETRY, num)) return BN_ERR; return BN_CONTINUE; } @@ -228,14 +227,11 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, *bitse -= bitsr[*num]; else return -1; - /* - * Use the number 2 to indicate whether - * a prime has been found. - */ - ret = BN_GENCB_call(cb, 2, *n++); + + ret = BN_GENCB_call(cb, GENCB_NEXT, *n++); if (!ret) return -1; - if (retries == 4) { + if (retries == PRIME_RETRY_COUNT) { *num = -1; *bitse = 0; retries = 0; @@ -244,8 +240,8 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, retries++; return BN_REDO; } - /* Use the number 3 to indicate whether the generator has been found. */ - ret = BN_GENCB_call(cb, 3, *num); + + ret = BN_GENCB_call(cb, GENCB_RETRY, *num); if (!ret) return BN_ERR; retries = 0; @@ -320,8 +316,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param, else return BN_ERR;
- /* Use the number 2 to indicate whether a prime has been found. */ - if (!BN_GENCB_call(cb, 2, *n++)) + if (!BN_GENCB_call(cb, GENCB_NEXT, *n++)) return BN_ERR;
return GET_ERR_FINISH; diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c index 3ecce6b..a6fe71f 100644 --- a/src/uadk_sm2.c +++ b/src/uadk_sm2.c @@ -34,12 +34,12 @@ enum { typedef struct { /* Key and paramgen group */ EC_GROUP *gen_group; - /* message digest */ + /* Message digest */ const EVP_MD *md; /* Distinguishing Identifier, ISO/IEC 15946-3 */ uint8_t *id; size_t id_len; - /* id_set indicates if the 'id' field is set (1) or not (0) */ + /* Indicates if the 'id' field is set (1) or not (0) */ int id_set; } SM2_PKEY_CTX;
@@ -557,8 +557,7 @@ static size_t ec_field_size(const EC_GROUP *group) if (!EC_GROUP_get_curve(group, p, a, b, NULL)) goto done;
- /* Pad and convert bits to bytes */ - field_size = (BN_num_bits(p) + 7) / 8; + field_size = BITS_TO_BYTES(BN_num_bits(p));
done: BN_free(p); @@ -1172,7 +1171,7 @@ static int sm2_set_ctx_id(struct sm2_ctx *smctx, int p1, const void *p2) OPENSSL_free(smctx->ctx.id); smctx->ctx.id = tmp_id; } else { - /* set null-ID */ + /* Set null-ID */ OPENSSL_free(smctx->ctx.id); smctx->ctx.id = NULL; } @@ -1231,7 +1230,7 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) *(size_t *)p2 = smctx->ctx.id_len; return 1; case EVP_PKEY_CTRL_DIGESTINIT: - /* nothing to be inited, this is to suppress the error... */ + /* Nothing to be inited, for suppress the error */ return 1; default: fprintf(stderr, "sm2 ctrl type = %d error\n", type); @@ -1323,20 +1322,22 @@ static int check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash, }
/* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */ - if (id_len >= (UINT16_MAX / 8)) { + if (id_len >= (UINT16_MAX >> TRANS_BITS_BYTES_SHIFT)) { fprintf(stderr, "id too large\n"); return 0; }
- entl = (uint16_t)(8 * id_len); + entl = (uint16_t)(id_len << TRANS_BITS_BYTES_SHIFT);
- e_byte = entl >> 8; + /* Update the most significant (first) byte of 'entl' */ + e_byte = GET_MS_BYTE(entl); if (!EVP_DigestUpdate(hash, &e_byte, 1)) { fprintf(stderr, "error evp lib\n"); return 0; }
- e_byte = entl & 0xFF; + /* Update the least significant (second) byte of 'entl' */ + e_byte = GET_LS_BYTE(entl); if (!EVP_DigestUpdate(hash, &e_byte, 1)) { fprintf(stderr, "error evp lib\n"); return 0; @@ -1516,7 +1517,7 @@ static int sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) return 0; }
- /* get hashed prefix 'z' of tbs message */ + /* Get hashed prefix 'z' of tbs message */ if (!sm2_compute_z_digest(z, md, smctx->ctx.id, smctx->ctx.id_len, ec)) return 0;
Remove redundant header file and modify magic number.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk.h | 3 --- src/uadk_async.c | 1 + src/uadk_async.h | 2 +- src/uadk_cipher.c | 1 + src/uadk_dh.c | 1 + src/uadk_digest.c | 2 ++ src/uadk_ec.c | 1 + src/uadk_ecx.c | 2 +- src/uadk_pkey.c | 5 ++++- src/uadk_rsa.c | 6 +++++- src/uadk_sm2.c | 7 +++++-- 11 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h index 6d8d5d5..3c8d148 100644 --- a/src/uadk.h +++ b/src/uadk.h @@ -17,9 +17,6 @@ #ifndef UADK_H #define UADK_H #include <openssl/engine.h> -#include <uadk/wd.h> -#include <uadk/wd_sched.h> -#include "uadk_utils.h"
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) #define ENV_STRING_LEN 256 diff --git a/src/uadk_async.c b/src/uadk_async.c index e4eff43..cf8b0cd 100644 --- a/src/uadk_async.c +++ b/src/uadk_async.c @@ -19,6 +19,7 @@ #include <string.h> #include <sys/eventfd.h> #include <unistd.h> +#include <openssl/async.h> #include "uadk.h" #include "uadk_async.h"
diff --git a/src/uadk_async.h b/src/uadk_async.h index dbcd142..fdfd32d 100644 --- a/src/uadk_async.h +++ b/src/uadk_async.h @@ -18,8 +18,8 @@ #define UADK_ASYNC_H
#include <stdbool.h> -#include <openssl/async.h> #include <semaphore.h> +#include <openssl/async.h>
#define ASYNC_QUEUE_TASK_NUM 1024
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c index 7acaa73..c71e54c 100644 --- a/src/uadk_cipher.c +++ b/src/uadk_cipher.c @@ -21,6 +21,7 @@ #include <dlfcn.h> #include <openssl/engine.h> #include <uadk/wd_cipher.h> +#include <uadk/wd_sched.h> #include "uadk.h" #include "uadk_async.h"
diff --git a/src/uadk_dh.c b/src/uadk_dh.c index 3ec3011..6065160 100644 --- a/src/uadk_dh.c +++ b/src/uadk_dh.c @@ -23,6 +23,7 @@ #include <openssl/dh.h> #include <string.h> #include <uadk/wd_dh.h> +#include <uadk/wd_sched.h> #include "uadk.h" #include "uadk_async.h"
diff --git a/src/uadk_digest.c b/src/uadk_digest.c index cfdc852..ba0876e 100644 --- a/src/uadk_digest.c +++ b/src/uadk_digest.c @@ -24,8 +24,10 @@ #include <openssl/evp.h> #include <uadk/wd_cipher.h> #include <uadk/wd_digest.h> +#include <uadk/wd_sched.h> #include "uadk.h" #include "uadk_async.h" +#include "uadk_utils.h"
#define UADK_DO_SOFT (-0xE0) #define CTX_SYNC 0 diff --git a/src/uadk_ec.c b/src/uadk_ec.c index b07b610..e341f5b 100644 --- a/src/uadk_ec.c +++ b/src/uadk_ec.c @@ -23,6 +23,7 @@ #include <openssl/err.h> #include <openssl/ec.h> #include <uadk/wd_ecc.h> +#include <uadk/wd_sched.h> #include "uadk_pkey.h" #include "uadk.h"
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c index 56ce3dc..e6edbc3 100644 --- a/src/uadk_ecx.c +++ b/src/uadk_ecx.c @@ -14,7 +14,6 @@ * limitations under the License. * */ -#include <errno.h> #include <string.h> #include <openssl/bn.h> #include <openssl/engine.h> @@ -24,6 +23,7 @@ #include <openssl/ec.h> #include <openssl/evp.h> #include <uadk/wd_ecc.h> +#include <uadk/wd_sched.h> #include "uadk_pkey.h" #include "uadk.h"
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c index 5dc1c60..e73a2fe 100644 --- a/src/uadk_pkey.c +++ b/src/uadk_pkey.c @@ -17,6 +17,7 @@ #include <openssl/engine.h> #include <uadk/wd.h> #include <uadk/wd_ecc.h> +#include <uadk/wd_sched.h> #include "uadk_async.h" #include "uadk.h" #include "uadk_pkey.h" @@ -381,6 +382,7 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey) const EC_GROUP *group; struct wd_dtb prikey; const BIGNUM *d; + size_t degree; int buflen; int ret;
@@ -396,7 +398,8 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey) return -EINVAL; }
- buflen = BITS_TO_BYTES(EC_GROUP_get_degree(group)); + degree = EC_GROUP_get_degree(group); + buflen = BITS_TO_BYTES(degree); ecc_key = wd_ecc_get_key(sess); prikey.data = (void *)bin; prikey.dsize = BN_bn2binpad(d, bin, buflen); diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index a5d5520..e7ab9ff 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -20,6 +20,7 @@ #include <openssl/ossl_typ.h> #include <openssl/rsa.h> #include <uadk/wd_rsa.h> +#include <uadk/wd_sched.h> #include "uadk_async.h" #include "uadk.h"
@@ -55,6 +56,7 @@ #define PRIME_RETRY_COUNT 4 #define GENCB_NEXT 2 #define GENCB_RETRY 3 +#define PRIME_CHECK_BIT_NUM 4
static RSA_METHOD *rsa_hw_meth;
@@ -210,7 +212,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, * key by using the modulus in a certificate. This is also covered * by checking the length should not be less than 0x9. */ - if (!BN_rshift(param->r2, param->r1, *bitse - 4)) + if (!BN_rshift(param->r2, param->r1, *bitse - PRIME_CHECK_BIT_NUM)) return BN_ERR;
bitst = BN_get_word(param->r2); @@ -231,6 +233,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr, ret = BN_GENCB_call(cb, GENCB_NEXT, *n++); if (!ret) return -1; + if (retries == PRIME_RETRY_COUNT) { *num = -1; *bitse = 0; @@ -288,6 +291,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param, BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb) { unsigned long err; + /* * BN_sub(r,a,b) substracts b from a and place the result in r, * r = a-b. diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c index a6fe71f..af26690 100644 --- a/src/uadk_sm2.c +++ b/src/uadk_sm2.c @@ -22,6 +22,7 @@ #include <openssl/ossl_typ.h> #include <openssl/err.h> #include <uadk/wd_ecc.h> +#include <uadk/wd_sched.h> #include "uadk.h" #include "uadk_pkey.h"
@@ -550,6 +551,7 @@ static size_t ec_field_size(const EC_GROUP *group) BIGNUM *a = BN_new(); BIGNUM *b = BN_new(); size_t field_size = 0; + size_t p_bits;
if (p == NULL || a == NULL || b == NULL) goto done; @@ -557,7 +559,8 @@ static size_t ec_field_size(const EC_GROUP *group) if (!EC_GROUP_get_curve(group, p, a, b, NULL)) goto done;
- field_size = BITS_TO_BYTES(BN_num_bits(p)); + p_bits = BN_num_bits(p); + field_size = BITS_TO_BYTES(p_bits);
done: BN_free(p); @@ -598,7 +601,7 @@ static int sm2_ciphertext_size(const EC_KEY *key, * Integer and string are simple type; set constructed = 0, means * primitive and definite length encoding. */ - sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER) + sz = ECC_POINT_SIZE(ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER)) + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING) + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING); *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE);
-
Zhiqi Song