This patchset contains some bugfix and cleanup.
Hao Fang (6): uadk_engine: cipher/digest: fixes for priv address check uadk_engine: ec: add BN_new memory check uadk_engine: rsa: fix mem leak for from_buf uadk_engine: uadk_rsa: fix to free from_buffer uadk_engine: uask_async: fix thread_attr res leak uadk_engine: async: fix add async send timeout
Qi Tao (3): cipher: uadk_e_bind_ciphers function is optimized cipher: UADK_CIPHER_DESCR is optimized uadk_engine/v1: fix g_sec_ciphers_info[] error
Weili Qian (2): uadk_engine: add device initialization status sm2: fixup switching soft sm2 decrypt problem
Zhiqi Song (6): ecc: optimize sm2 sign check function digest: fix the address of async op uadk_engine: fixup resource management issues ecc: add check of siglen v1/pkey: add check of qlist v1/pkey: fix uninitialized variable
src/uadk.h | 5 + src/uadk_aead.c | 39 ++++-- src/uadk_async.c | 14 +- src/uadk_async.h | 1 + src/uadk_cipher.c | 170 ++++++++---------------- src/uadk_cipher_adapter.c | 38 +++--- src/uadk_dh.c | 150 +++++++++++++-------- src/uadk_digest.c | 59 +++++++-- src/uadk_ec.c | 69 ++++++---- src/uadk_ecx.c | 8 +- src/uadk_pkey.c | 113 ++++++++++------ src/uadk_rsa.c | 218 +++++++++++++++++++------------ src/uadk_sm2.c | 42 +++--- src/v1/alg/ciphers/sec_ciphers.c | 2 +- src/v1/alg/pkey/hpre_rsa.c | 13 +- src/v1/alg/pkey/hpre_wd.c | 9 +- 16 files changed, 553 insertions(+), 397 deletions(-)
Enable users to pass NULL sign parameter to obtain the length of the signature result. If users want to do actual signature task, they need to call the signature function a second time.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_sm2.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c index f393641..df760fe 100644 --- a/src/uadk_sm2.c +++ b/src/uadk_sm2.c @@ -26,6 +26,8 @@ #include "uadk.h" #include "uadk_pkey.h"
+#define GET_SIGNLEN 1 + enum { CTX_INIT_FAIL = -1, CTX_UNINIT, @@ -673,6 +675,17 @@ static int sm2_sign_check(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, EC_KEY *ec = EVP_PKEY_get0(p_key); const int sig_sz = ECDSA_size(ec);
+ /* + * If 'sig' is NULL, users can use sm2_decrypt API to obtain the valid 'siglen' first, + * then users use the value of 'signlen' to alloc the memory of 'sig' and call the + * sm2_decrypt API a second time to do the decryption task. + */ + if (!sig) { + fprintf(stderr, "sig is NULL, get valid siglen\n"); + *siglen = (size_t)sig_sz; + return GET_SIGNLEN; + } + if (!smctx || !smctx->sess) { fprintf(stderr, "smctx or sess NULL\n"); return UADK_DO_SOFT; @@ -693,12 +706,6 @@ static int sm2_sign_check(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, return -EINVAL; }
- if (!sig) { - fprintf(stderr, "invalid: sig is NULL\n"); - *siglen = (size_t)sig_sz; - return -EINVAL; - } - if (tbslen > SM2_KEY_BYTES) return UADK_DO_SOFT;
When call uadk_engine by gmssl: gmssl speed -elapsed -engine uadk_engine -async_jobs 16
There is a core dump, the call stack is: | read | async_pause_job | do_digest_async | uadk_e_digest_final | EVP_DigestFinal_ex | rand_bytes | rand_nopseudo_bytes | RAND_bytes | bnrand | BN_pseudo_rand | bn_rand_range | BN_priv_rand_range | uadk_ecc_get_rand | generate_random | new_sign_in | wd_sm2_new_sign_in | sm2_sign_init_iot After finishing uadk_e_digest_final(), EVP_DigestFinal_ex() will continue calling cleanup() function, the address of async job will be changed. As the address is on stack, if the async thread happens to use this async job, the core dump will occur: | ASYNC_WAIT_CTX_get_fd | async_wake_job | async_cb | wd_digest_poll_ctx | uadk_e_digest_poll | async_poll_process_func So the address of op should be on heap to save the async job, or it will be released by digest cleaup process, and affects the following async task.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_digest.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c index fa96e57..0aa90f3 100644 --- a/src/uadk_digest.c +++ b/src/uadk_digest.c @@ -767,7 +767,7 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) { struct digest_priv_ctx *priv = (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx); - struct async_op op; + struct async_op *op; int ret = 1;
digest_set_msg_state(priv, true); @@ -782,13 +782,18 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) if (priv->e_nid == NID_sha384) priv->req.out_bytes = WD_DIGEST_SHA384_LEN;
- ret = async_setup_async_event_notification(&op); + op = malloc(sizeof(struct async_op)); + if (!op) + return 0; + + ret = async_setup_async_event_notification(op); if (unlikely(!ret)) { fprintf(stderr, "failed to setup async event notification.\n"); + free(op); return 0; }
- if (op.job == NULL) { + if (!op->job) { /* Synchronous, only the synchronous mode supports soft computing */ if (unlikely(priv->switch_flag == UADK_DO_SOFT)) { ret = digest_soft_final(priv, digest); @@ -800,12 +805,13 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) if (!ret) goto sync_err; } else { - ret = do_digest_async(priv, &op); + ret = do_digest_async(priv, op); if (!ret) goto clear; } memcpy(digest, priv->req.out, priv->req.out_bytes);
+ free(op); return 1;
sync_err: @@ -817,6 +823,7 @@ sync_err: } clear: async_clear_async_event_notification(); + free(op); return ret; }
From: Weili Qian qianweili@huawei.com
The process needs to initialize the device only once. The process pid is used to intercept repeated initialization, but the getpid() takes a long time. Therefore, the device status is added, and the system does not attempt to initialize the device after the device initialization fails. When the device is reset, update status to UADK_DEVICE_ERROR, and tasks are not sent to the hardware.
Signed-off-by: Weili Qian qianweili@huawei.com --- src/uadk.h | 4 ++ src/uadk_dh.c | 139 +++++++++++++++++++++++-------------- src/uadk_ec.c | 60 ++++++++-------- src/uadk_ecx.c | 8 +-- src/uadk_pkey.c | 102 +++++++++++++++++---------- src/uadk_rsa.c | 181 +++++++++++++++++++++++++++++------------------- src/uadk_sm2.c | 3 +- 7 files changed, 301 insertions(+), 196 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h index 3dbaba1..c5ebf32 100644 --- a/src/uadk.h +++ b/src/uadk.h @@ -22,6 +22,10 @@ #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) #define ENV_STRING_LEN 256 #define ENGINE_RECV_MAX_CNT 60000000 +#define UADK_UNINIT 0 +#define UADK_INIT_SUCCESS 1 +#define UADK_INIT_FAIL 2 +#define UADK_DEVICE_ERROR 3
enum { HW_V2, diff --git a/src/uadk_dh.c b/src/uadk_dh.c index 418747e..62c75fe 100644 --- a/src/uadk_dh.c +++ b/src/uadk_dh.c @@ -75,8 +75,8 @@ struct uadk_dh_sess {
struct dh_res { struct wd_ctx_config *ctx_res; - int pid; int numa_id; + int status; pthread_spinlock_t lock; } g_dh_res;
@@ -200,6 +200,13 @@ static __u32 dh_pick_next_ctx(handle_t sched_ctx, return CTX_SYNC; }
+static void uadk_e_dh_set_status(void) +{ + pthread_spin_lock(&g_dh_res.lock); + g_dh_res.status = UADK_DEVICE_ERROR; + pthread_spin_unlock(&g_dh_res.lock); +} + static int uadk_e_dh_poll(void *ctx) { __u64 rx_cnt = 0; @@ -210,12 +217,15 @@ static int uadk_e_dh_poll(void *ctx)
do { ret = wd_dh_poll_ctx(idx, expt, &recv); - if (!ret && recv == expt) + if (!ret && recv == expt) { return UADK_E_POLL_SUCCESS; - else if (ret == -EAGAIN) + } else if (ret == -EAGAIN) { rx_cnt++; - else + } else { + if (ret == -WD_HW_EACCESS) + uadk_e_dh_set_status(); return UADK_E_POLL_FAIL; + } } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n"); @@ -281,8 +291,11 @@ static int uadk_e_dh_env_poll(void *ctx)
do { ret = wd_dh_poll(expt, &recv); - if (ret < 0 || recv == expt) + if (ret < 0 || recv == expt) { + if (ret == -WD_HW_EACCESS) + uadk_e_dh_set_status(); return ret; + } rx_cnt++; } while (rx_cnt < ENGINE_RECV_MAX_CNT);
@@ -363,41 +376,42 @@ free_cfg:
static int uadk_e_dh_init(void) { - struct uacce_dev *dev; + struct uacce_dev *dev = NULL; int ret;
- if (g_dh_res.pid != getpid()) { - pthread_spin_lock(&g_dh_res.lock); - if (g_dh_res.pid == getpid()) { - pthread_spin_unlock(&g_dh_res.lock); - return UADK_E_INIT_SUCCESS; - } - - dev = wd_get_accel_dev("dh"); - if (!dev) { - pthread_spin_unlock(&g_dh_res.lock); - fprintf(stderr, "failed to get device for dh\n"); - return -ENOMEM; - } + if (g_dh_res.status != UADK_UNINIT) + return g_dh_res.status;
- ret = uadk_e_wd_dh_init(&dh_res_config, dev); - if (ret) - goto err_unlock; + pthread_spin_lock(&g_dh_res.lock); + if (g_dh_res.status != UADK_UNINIT) + goto unlock;
- g_dh_res.numa_id = dev->numa_id; - g_dh_res.pid = getpid(); - pthread_spin_unlock(&g_dh_res.lock); - free(dev); + dev = wd_get_accel_dev("dh"); + if (!dev) { + fprintf(stderr, "no device available, switch to software!\n"); + goto err_init; }
- return UADK_E_INIT_SUCCESS; + ret = uadk_e_wd_dh_init(&dh_res_config, dev); + if (ret) { + fprintf(stderr, "device unavailable(%d), switch to software!\n", ret); + goto err_init; + }
-err_unlock: + g_dh_res.numa_id = dev->numa_id; + g_dh_res.status = UADK_INIT_SUCCESS; pthread_spin_unlock(&g_dh_res.lock); free(dev); - fprintf(stderr, "failed to init dh(%d)\n", ret);
- return ret; + return g_dh_res.status; + +err_init: + g_dh_res.status = UADK_INIT_FAIL; +unlock: + pthread_spin_unlock(&g_dh_res.lock); + if (dev) + free(dev); + return g_dh_res.status; }
static void uadk_e_wd_dh_uninit(void) @@ -406,20 +420,26 @@ static void uadk_e_wd_dh_uninit(void) __u32 i; int ret;
- if (g_dh_res.pid == getpid()) { - ret = uadk_e_is_env_enabled("dh"); - if (ret == ENV_ENABLED) { - wd_dh_env_uninit(); - } else { - wd_dh_uninit(); - for (i = 0; i < ctx_cfg->ctx_num; i++) - wd_release_ctx(ctx_cfg->ctxs[i].ctx); + if (g_dh_res.status == UADK_UNINIT) + return;
- free(ctx_cfg->ctxs); - free(ctx_cfg); - } - g_dh_res.pid = 0; + if (g_dh_res.status == UADK_INIT_FAIL) + goto clear_status; + + ret = uadk_e_is_env_enabled("dh"); + if (ret == ENV_ENABLED) { + wd_dh_env_uninit(); + } else { + wd_dh_uninit(); + for (i = 0; i < ctx_cfg->ctx_num; i++) + wd_release_ctx(ctx_cfg->ctxs[i].ctx); + + free(ctx_cfg->ctxs); + free(ctx_cfg); } + +clear_status: + g_dh_res.status = UADK_UNINIT; }
static struct uadk_dh_sess *dh_new_eng_session(DH *dh_alg) @@ -706,8 +726,11 @@ static int dh_do_crypto(struct uadk_dh_sess *dh_sess)
if (!op.job) { ret = wd_do_dh_sync(dh_sess->sess, &dh_sess->req); - if (ret) + if (ret) { + if (ret == -WD_HW_EACCESS) + uadk_e_dh_set_status(); return UADK_E_FAIL; + } } else { cb_param.op = &op; cb_param.priv = &dh_sess->req; @@ -723,6 +746,8 @@ static int dh_do_crypto(struct uadk_dh_sess *dh_sess) do { ret = wd_do_dh_async(dh_sess->sess, &dh_sess->req); if (ret < 0 && ret != -EBUSY) { + if (ret == -WD_HW_EACCESS) + uadk_e_dh_set_status(); async_free_poll_task(op.idx, 0); goto err; } @@ -770,21 +795,21 @@ static int uadk_e_dh_generate_key(DH *dh) int ret;
if (!dh) - goto exe_soft; + return UADK_E_FAIL;
ret = uadk_e_dh_init(); - if (ret) + if (ret != UADK_INIT_SUCCESS) goto exe_soft;
DH_get0_pqg(dh, &p, &q, &g); if (!p || !g || q) - goto exe_soft; + return UADK_E_FAIL;
/* Get session and prepare private key */ ret = dh_prepare_data(g, dh, &dh_sess, &priv_key); if (!ret) { fprintf(stderr, "prepare dh data failed\n"); - goto exe_soft; + goto soft_log; }
ret = dh_fill_genkey_req(g, p, priv_key, dh_sess); @@ -814,8 +839,9 @@ free_data: if (dh_sess->key_flag == KEY_GEN_BY_ENGINE) BN_free(priv_key); dh_free_eng_session(dh_sess); -exe_soft: +soft_log: fprintf(stderr, "switch to execute openssl software calculation.\n"); +exe_soft: return uadk_e_dh_soft_generate_key(dh); }
@@ -830,20 +856,20 @@ static int uadk_e_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, int ret;
if (!dh || !key || !pub_key || !DH_get0_priv_key(dh)) - goto exe_soft; + return UADK_E_FAIL;
ret = uadk_e_dh_init(); - if (ret) + if (ret != UADK_INIT_SUCCESS) goto exe_soft;
DH_get0_pqg(dh, &p, &q, &g); if (!p || !g) - goto exe_soft; + return UADK_E_FAIL;
ret = dh_prepare_data(g, dh, &dh_sess, &priv_key); if (!ret) { fprintf(stderr, "failed to prepare dh data\n"); - goto exe_soft; + goto soft_log; }
ret = dh_fill_compkey_req(g, p, priv_key, pub_key, dh_sess); @@ -868,8 +894,9 @@ free_data: if (dh_sess->key_flag == KEY_GEN_BY_ENGINE) BN_free(priv_key); dh_free_eng_session(dh_sess); -exe_soft: +soft_log: fprintf(stderr, "switch to execute openssl software calculation.\n"); +exe_soft: return uadk_e_dh_soft_compute_key(key, pub_key, dh); }
@@ -919,7 +946,13 @@ void uadk_e_destroy_dh(void) uadk_e_wd_dh_uninit(); }
+static void uadk_e_dh_clear_status(void) +{ + g_dh_res.status = UADK_UNINIT; +} + void uadk_e_dh_lock_init(void) { + pthread_atfork(NULL, NULL, uadk_e_dh_clear_status); pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE); } diff --git a/src/uadk_ec.c b/src/uadk_ec.c index 5852d04..78c403f 100644 --- a/src/uadk_ec.c +++ b/src/uadk_ec.c @@ -479,19 +479,19 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
ret = ecdsa_do_sign_check(eckey, dgst, dlen, in_kinv, in_r); if (ret) - goto do_soft; + goto soft_log;
ret = uadk_e_ecc_get_support_state(ECDSA_SUPPORT); if (!ret) - goto do_soft; + goto soft_log;
ret = uadk_init_ecc(); - if (ret) + if (ret != UADK_INIT_SUCCESS) goto do_soft;
sess = ecc_alloc_sess(eckey, "ecdsa"); if (!sess) - goto do_soft; + goto soft_log;
memset(&req, 0, sizeof(req)); tdgst.data = (void *)dgst; @@ -521,8 +521,9 @@ uninit_iot: wd_ecc_del_out(sess, req.dst); free_sess: wd_ecc_free_sess(sess); -do_soft: +soft_log: fprintf(stderr, "switch to execute openssl software calculation.\n"); +do_soft: return openssl_do_sign(dgst, dlen, in_kinv, in_r, eckey); }
@@ -677,19 +678,19 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dlen,
ret = ecdsa_do_verify_check(eckey, dgst, dlen, sig); if (ret) - goto do_soft; + goto soft_log;
ret = uadk_e_ecc_get_support_state(ECDSA_SUPPORT); if (!ret) - goto do_soft; + goto soft_log;
ret = uadk_init_ecc(); - if (ret) + if (ret != UADK_INIT_SUCCESS) goto do_soft;
sess = ecc_alloc_sess(eckey, "ecdsa"); if (!sess) - goto do_soft; + goto soft_log;
memset(&req, 0, sizeof(req)); tdgst.data = (void *)dgst; @@ -717,8 +718,9 @@ uninit_iot: wd_ecc_del_in(sess, req.src); free_sess: wd_ecc_free_sess(sess); -do_soft: +soft_log: fprintf(stderr, "switch to execute openssl software calculation.\n"); +do_soft: return openssl_do_verify(dgst, dlen, sig, eckey); }
@@ -970,23 +972,23 @@ static int sm2_generate_key(EC_KEY *eckey)
ret = ecc_genkey_check(eckey); if (ret) - goto do_soft; + goto soft_log;
ret = eckey_create_key(eckey); if (!ret) - goto do_soft; + goto soft_log;
ret = uadk_e_ecc_get_support_state(SM2_SUPPORT); if (!ret) - goto do_soft; + goto soft_log;
ret = uadk_init_ecc(); - if (ret) + if (ret != UADK_INIT_SUCCESS) goto do_soft;
sess = ecc_alloc_sess(eckey, "sm2"); if (!sess) - goto do_soft; + goto soft_log;
memset(&req, 0, sizeof(req)); ret = sm2_keygen_init_iot(sess, &req); @@ -1010,8 +1012,9 @@ uninit_iot: wd_ecc_del_out(sess, req.dst); free_sess: wd_ecc_free_sess(sess); -do_soft: +soft_log: fprintf(stderr, "switch to execute openssl software calculation.\n"); +do_soft: return openssl_do_generate(eckey); }
@@ -1031,7 +1034,6 @@ static int ecdh_keygen_init_iot(handle_t sess, struct wd_ecc_req *req, return 1; }
- static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req, const EC_POINT *pubkey, const EC_KEY *ecdh) { @@ -1201,23 +1203,23 @@ static int ecdh_generate_key(EC_KEY *ecdh)
ret = ecc_genkey_check(ecdh); if (ret) - goto do_soft; + goto soft_log;
ret = ecdh_create_key(ecdh); if (!ret) - goto do_soft; + goto soft_log;
ret = uadk_e_ecc_get_support_state(ECDH_SUPPORT); if (!ret) - goto do_soft; + goto soft_log;
ret = uadk_init_ecc(); - if (ret) + if (ret != UADK_INIT_SUCCESS) goto do_soft;
sess = ecc_alloc_sess(ecdh, "ecdh"); if (!sess) - goto do_soft; + goto soft_log;
memset(&req, 0, sizeof(req)); ret = ecdh_keygen_init_iot(sess, &req, ecdh); @@ -1245,8 +1247,9 @@ uninit_iot: wd_ecc_del_out(sess, req.dst); free_sess: wd_ecc_free_sess(sess); -do_soft: +soft_log: fprintf(stderr, "switch to execute openssl software calculation.\n"); +do_soft: return openssl_do_generate(ecdh); }
@@ -1319,19 +1322,19 @@ static int ecdh_compute_key(unsigned char **out, size_t *outlen,
ret = ecc_compkey_check(out, outlen, pub_key, ecdh); if (!ret) - goto do_soft; + goto soft_log;
ret = uadk_e_ecc_get_support_state(ECDH_SUPPORT); if (!ret) - goto do_soft; + goto soft_log;
ret = uadk_init_ecc(); - if (ret) + if (ret != UADK_INIT_SUCCESS) goto do_soft;
sess = ecc_alloc_sess(ecdh, "ecdh"); if (!sess) - goto do_soft; + goto soft_log;
memset(&req, 0, sizeof(req)); ret = ecdh_compkey_init_iot(sess, &req, pub_key, ecdh); @@ -1365,8 +1368,9 @@ uninit_iot: wd_ecc_del_out(sess, req.dst); free_sess: wd_ecc_free_sess(sess); -do_soft: +soft_log: fprintf(stderr, "switch to execute openssl software calculation.\n"); +do_soft: return openssl_do_compute(out, outlen, pub_key, ecdh); }
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c index 3eafdfb..c8d7205 100644 --- a/src/uadk_ecx.c +++ b/src/uadk_ecx.c @@ -85,10 +85,8 @@ static int x25519_init(EVP_PKEY_CTX *ctx) }
ret = uadk_init_ecc(); - if (ret) { - fprintf(stderr, "failed to uadk_init_ecc, ret = %d\n", ret); + if (ret != UADK_INIT_SUCCESS) return UADK_E_FAIL; - }
x25519_ctx = calloc(1, sizeof(struct ecx_ctx)); if (!x25519_ctx) { @@ -141,10 +139,8 @@ static int x448_init(EVP_PKEY_CTX *ctx) }
ret = uadk_init_ecc(); - if (ret) { - fprintf(stderr, "failed to do uadk_init_ecc, ret = %d\n", ret); + if (ret != UADK_INIT_SUCCESS) return UADK_E_FAIL; - }
x448_ctx = calloc(1, sizeof(struct ecx_ctx)); if (!x448_ctx) { diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c index b071d8b..3497e77 100644 --- a/src/uadk_pkey.c +++ b/src/uadk_pkey.c @@ -50,7 +50,7 @@ struct ecc_res_config { /* ECC global hardware resource is saved here */ struct ecc_res { struct wd_ctx_config *ctx_res; - int pid; + int status; int numa_id; pthread_spinlock_t lock; } ecc_res; @@ -105,6 +105,13 @@ void uadk_e_ecc_cb(void *req_t) } }
+static void uadk_e_ecc_set_status(void) +{ + pthread_spin_lock(&ecc_res.lock); + ecc_res.status = UADK_DEVICE_ERROR; + pthread_spin_unlock(&ecc_res.lock); +} + static int uadk_ecc_poll(void *ctx) { unsigned int recv = 0; @@ -114,12 +121,15 @@ static int uadk_ecc_poll(void *ctx)
do { ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv); - if (!ret && recv == expt) + if (!ret && recv == expt) { return 0; - else if (ret == -EAGAIN) + } else if (ret == -EAGAIN) { rx_cnt++; - else + } else { + if (ret == -WD_HW_EACCESS) + uadk_e_ecc_set_status(); return -1; + } } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n"); @@ -166,8 +176,11 @@ static int uadk_e_ecc_env_poll(void *ctx)
do { ret = wd_ecc_poll(expt, &recv); - if (ret < 0 || recv == expt) + if (ret < 0 || recv == expt) { + if (ret == -WD_HW_EACCESS) + uadk_e_ecc_set_status(); return ret; + } rx_cnt++; } while (rx_cnt < ENGINE_RECV_MAX_CNT);
@@ -262,9 +275,12 @@ static void uadk_wd_ecc_uninit(void) __u32 i; int ret;
- if (ecc_res.pid != getpid()) + if (ecc_res.status == UADK_UNINIT) return;
+ if (ecc_res.status == UADK_INIT_FAIL) + goto clear_status; + ret = uadk_e_is_env_enabled("ecc"); if (ret == ENV_ENABLED) { wd_ecc_env_uninit(); @@ -276,8 +292,10 @@ static void uadk_wd_ecc_uninit(void) free(ctx_cfg); ecc_res.ctx_res = NULL; } - ecc_res.pid = 0; ecc_res.numa_id = 0; + +clear_status: + ecc_res.status = UADK_UNINIT; }
int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr) @@ -307,6 +325,8 @@ int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr) do { ret = wd_do_ecc_async(sess, req); if (ret < 0 && ret != -EBUSY) { + if (ret == -WD_HW_EACCESS) + uadk_e_ecc_set_status(); async_free_poll_task(op.idx, 0); goto err; } @@ -319,8 +339,11 @@ int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr) return 0; } else { ret = wd_do_ecc_sync(sess, req); - if (ret < 0) - return 0; + if (ret < 0) { + if (ret == -WD_HW_EACCESS) + uadk_e_ecc_set_status(); + return 0; + } } return 1; err: @@ -513,42 +536,43 @@ bool uadk_support_algorithm(const char *alg)
int uadk_init_ecc(void) { - struct uacce_dev *dev; + struct uacce_dev *dev = NULL; int ret;
- if (ecc_res.pid != getpid()) { - pthread_spin_lock(&ecc_res.lock); - if (ecc_res.pid == getpid()) { - pthread_spin_unlock(&ecc_res.lock); - return 0; - } - - /* Find an ecc device, no difference for sm2/ecdsa/ecdh/x25519/x448 */ - dev = wd_get_accel_dev("ecdsa"); - if (!dev) { - pthread_spin_unlock(&ecc_res.lock); - fprintf(stderr, "failed to get device for ecc\n"); - return -ENOMEM; - } + if (ecc_res.status != UADK_UNINIT) + return ecc_res.status;
- ret = uadk_wd_ecc_init(&ecc_res_config, dev); - if (ret) { - fprintf(stderr, "failed to init ec(%d).\n", ret); - goto err_unlock; - } + pthread_spin_lock(&ecc_res.lock); + if (ecc_res.status != UADK_UNINIT) + goto unlock;
- ecc_res.numa_id = dev->numa_id; - ecc_res.pid = getpid(); - pthread_spin_unlock(&ecc_res.lock); - free(dev); + /* Find an ecc device, no difference for sm2/ecdsa/ecdh/x25519/x448 */ + dev = wd_get_accel_dev("ecdsa"); + if (!dev) { + fprintf(stderr, "no device available, switch to software!\n"); + goto err_init; }
- return 0; + ret = uadk_wd_ecc_init(&ecc_res_config, dev); + if (ret) { + fprintf(stderr, "device unavailable(%d), switch to software!\n", ret); + goto err_init; + }
-err_unlock: + ecc_res.numa_id = dev->numa_id; + ecc_res.status = UADK_INIT_SUCCESS; pthread_spin_unlock(&ecc_res.lock); free(dev); - return ret; + + return ecc_res.status; + +err_init: + ecc_res.status = UADK_INIT_FAIL; +unlock: + pthread_spin_unlock(&ecc_res.lock); + if (dev) + free(dev); + return ecc_res.status; }
static void uadk_uninit_ecc(void) @@ -630,8 +654,14 @@ static int uadk_ecc_bind_pmeth(ENGINE *e) return ENGINE_set_pkey_meths(e, get_pkey_meths); }
+static void uadk_e_ecc_clear_status(void) +{ + ecc_res.status = UADK_UNINIT; +} + void uadk_e_ecc_lock_init(void) { + pthread_atfork(NULL, NULL, uadk_e_ecc_clear_status); pthread_spin_init(&ecc_res.lock, PTHREAD_PROCESS_PRIVATE); }
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index ca05ef7..fa4d354 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -132,8 +132,8 @@ struct rsa_res_config { /* Save rsa global hardware resource */ struct rsa_res { struct wd_ctx_config *ctx_res; - int pid; int numa_id; + int status; pthread_spinlock_t lock; } g_rsa_res;
@@ -659,6 +659,13 @@ static int rsa_poll_policy(handle_t h_sched_ctx, __u32 expect, __u32 *count) return UADK_E_POLL_SUCCESS; }
+static void uadk_e_rsa_set_status(void) +{ + pthread_spin_lock(&g_rsa_res.lock); + g_rsa_res.status = UADK_DEVICE_ERROR; + pthread_spin_unlock(&g_rsa_res.lock); +} + static int uadk_e_rsa_poll(void *ctx) { __u64 rx_cnt = 0; @@ -668,12 +675,15 @@ static int uadk_e_rsa_poll(void *ctx)
do { ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv); - if (!ret && recv == expt) + if (!ret && recv == expt) { return UADK_E_POLL_SUCCESS; - else if (ret == -EAGAIN) + } else if (ret == -EAGAIN) { rx_cnt++; - else + } else { + if (ret == -WD_HW_EACCESS) + uadk_e_rsa_set_status(); return UADK_E_POLL_FAIL; + } } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n"); @@ -704,8 +714,11 @@ static int uadk_e_rsa_env_poll(void *ctx)
do { ret = wd_rsa_poll(expt, &recv); - if (ret < 0 || recv == expt) + if (ret < 0 || recv == expt) { + if (ret == -WD_HW_EACCESS) + uadk_e_rsa_set_status(); return ret; + } rx_cnt++; } while (rx_cnt < ENGINE_RECV_MAX_CNT);
@@ -788,42 +801,42 @@ free_cfg:
static int uadk_e_rsa_init(void) { - struct uacce_dev *dev; + struct uacce_dev *dev = NULL; int ret;
- if (g_rsa_res.pid != getpid()) { - pthread_spin_lock(&g_rsa_res.lock); - if (g_rsa_res.pid == getpid()) { - pthread_spin_unlock(&g_rsa_res.lock); - return UADK_E_INIT_SUCCESS; - } + if (g_rsa_res.status != UADK_UNINIT) + return g_rsa_res.status;
- dev = wd_get_accel_dev("rsa"); - if (!dev) { - pthread_spin_unlock(&g_rsa_res.lock); - fprintf(stderr, "failed to get device for rsa\n"); - return -ENOMEM; - } - - ret = uadk_e_wd_rsa_init(&rsa_res_config, dev); - if (ret) - goto err_unlock; + pthread_spin_lock(&g_rsa_res.lock); + if (g_rsa_res.status != UADK_UNINIT) + goto unlock;
- g_rsa_res.numa_id = dev->numa_id; - g_rsa_res.pid = getpid(); - pthread_spin_unlock(&g_rsa_res.lock); - free(dev); + dev = wd_get_accel_dev("rsa"); + if (!dev) { + fprintf(stderr, "no device available, switch to software!\n"); + goto err_init; }
- return UADK_E_INIT_SUCCESS; + ret = uadk_e_wd_rsa_init(&rsa_res_config, dev); + if (ret) { + fprintf(stderr, "device unavailable(%d), switch to software!\n", ret); + goto err_init; + }
-err_unlock: - g_rsa_res.ctx_res = NULL; + g_rsa_res.numa_id = dev->numa_id; + g_rsa_res.status = UADK_INIT_SUCCESS; pthread_spin_unlock(&g_rsa_res.lock); free(dev); - (void)fprintf(stderr, "failed to init rsa(%d)\n", ret);
- return ret; + return g_rsa_res.status; + +err_init: + g_rsa_res.status = UADK_INIT_FAIL; +unlock: + pthread_spin_unlock(&g_rsa_res.lock); + if (dev) + free(dev); + return g_rsa_res.status; }
static void uadk_e_rsa_uninit(void) @@ -832,23 +845,25 @@ static void uadk_e_rsa_uninit(void) __u32 i; int ret;
- if (!ctx_cfg) + if (g_rsa_res.status == UADK_UNINIT) return;
- if (g_rsa_res.pid == getpid()) { - ret = uadk_e_is_env_enabled("rsa"); - if (ret == ENV_ENABLED) { - wd_rsa_env_uninit(); - } else { - wd_rsa_uninit(); - for (i = 0; i < ctx_cfg->ctx_num; i++) - wd_release_ctx(ctx_cfg->ctxs[i].ctx); - free(ctx_cfg->ctxs); - free(ctx_cfg); - } + if (g_rsa_res.status == UADK_INIT_FAIL) + goto clear_status;
- g_rsa_res.pid = 0; + ret = uadk_e_is_env_enabled("rsa"); + if (ret == ENV_ENABLED) { + wd_rsa_env_uninit(); + } else { + wd_rsa_uninit(); + for (i = 0; i < ctx_cfg->ctx_num; i++) + wd_release_ctx(ctx_cfg->ctxs[i].ctx); + free(ctx_cfg->ctxs); + free(ctx_cfg); } + +clear_status: + g_rsa_res.status = UADK_UNINIT; }
static struct uadk_rsa_sess *rsa_new_eng_session(RSA *rsa) @@ -1094,10 +1109,13 @@ static int rsa_do_crypto(struct uadk_rsa_sess *rsa_sess)
if (!op.job) { ret = wd_do_rsa_sync(rsa_sess->sess, &(rsa_sess->req)); - if (!ret) - return UADK_E_SUCCESS; - else + if (ret) { + if (ret == -WD_HW_EACCESS) + uadk_e_rsa_set_status(); goto err; + } else { + return UADK_E_SUCCESS; + } } cb_param.op = &op; cb_param.priv = &(rsa_sess->req); @@ -1113,6 +1131,8 @@ static int rsa_do_crypto(struct uadk_rsa_sess *rsa_sess) do { ret = wd_do_rsa_async(rsa_sess->sess, &(rsa_sess->req)); if (ret < 0 && ret != -EBUSY) { + if (ret == -WD_HW_EACCESS) + uadk_e_rsa_set_status(); async_free_poll_task(op.idx, 0); goto err; } @@ -1379,16 +1399,18 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) int ret;
ret = rsa_check_bit_useful(bits, 0); - if (!ret || ret == SOFT) - goto exe_soft; + if (!ret) + return UADK_E_FAIL; + else if (ret == SOFT) + goto soft_log;
ret = uadk_e_rsa_init(); - if (ret) + if (ret != UADK_INIT_SUCCESS) goto exe_soft;
ret = rsa_keygen_param_alloc(&keygen_param, &bn_param, &key_pair, &bn_ctx); if (ret == -ENOMEM) - goto exe_soft; + return ret;
rsa_sess = rsa_get_eng_session(rsa, bits, is_crt); if (!rsa_sess) { @@ -1431,8 +1453,9 @@ free_keygen: rsa_keygen_param_free(&keygen_param, &bn_param, &key_pair, &bn_ctx, ret); if (ret != UADK_DO_SOFT) return ret; -exe_soft: +soft_log: fprintf(stderr, "switch to execute openssl software calculation.\n"); +exe_soft: return uadk_e_soft_rsa_keygen(rsa, bits, e, cb); }
@@ -1446,16 +1469,18 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, BIGNUM *enc_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa); - if (!ret || ret == SOFT) - goto exe_soft; + if (!ret) + return UADK_E_FAIL; + else if (ret == SOFT) + goto soft_log;
ret = uadk_e_rsa_init(); - if (ret) + if (ret != UADK_INIT_SUCCESS) goto exe_soft;
ret = rsa_pkey_param_alloc(&pub_enc, NULL); if (ret == -ENOMEM) - goto exe_soft; + return ret;
is_crt = check_rsa_is_crt(rsa);
@@ -1510,8 +1535,9 @@ free_pkey: rsa_pkey_param_free(&pub_enc, NULL); if (ret != UADK_DO_SOFT) return ret; -exe_soft: +soft_log: fprintf(stderr, "switch to execute openssl software calculation.\n"); +exe_soft: return RSA_meth_get_pub_enc(RSA_PKCS1_OpenSSL()) (flen, from, to, rsa, padding); } @@ -1526,16 +1552,18 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, BIGNUM *dec_bn = NULL;
ret = check_rsa_input_para(flen, from, to, rsa); - if (!ret || ret == SOFT) - goto exe_soft; + if (!ret) + return UADK_E_FAIL; + else if (ret == SOFT) + goto soft_log;
ret = uadk_e_rsa_init(); - if (ret) + if (ret != UADK_INIT_SUCCESS) goto exe_soft;
ret = rsa_pkey_param_alloc(NULL, &pri); if (ret == -ENOMEM) - goto exe_soft; + return ret;
pri->is_crt = check_rsa_is_crt(rsa);
@@ -1592,8 +1620,9 @@ free_pkey: rsa_pkey_param_free(NULL, &pri); if (ret != UADK_DO_SOFT) return ret; -exe_soft: +soft_log: fprintf(stderr, "switch to execute openssl software calculation.\n"); +exe_soft: return RSA_meth_get_priv_dec(RSA_PKCS1_OpenSSL()) (flen, from, to, rsa, padding); } @@ -1610,16 +1639,18 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, int num_bytes, ret;
ret = check_rsa_input_para(flen, from, to, rsa); - if (!ret || ret == SOFT) - goto exe_soft; + if (!ret) + return UADK_E_FAIL; + else if (ret == SOFT) + goto soft_log;
ret = uadk_e_rsa_init(); - if (ret) + if (ret != UADK_INIT_SUCCESS) goto exe_soft;
ret = rsa_pkey_param_alloc(NULL, &pri); if (ret == -ENOMEM) - goto exe_soft; + return ret;
pri->is_crt = check_rsa_is_crt(rsa);
@@ -1686,8 +1717,9 @@ free_pkey: rsa_pkey_param_free(NULL, &pri); if (ret != UADK_DO_SOFT) return ret; -exe_soft: +soft_log: fprintf(stderr, "switch to execute openssl software calculation.\n"); +exe_soft: return RSA_meth_get_priv_enc(RSA_PKCS1_OpenSSL()) (flen, from, to, rsa, padding); } @@ -1705,15 +1737,15 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from, if (!ret) return UADK_E_FAIL; else if (ret == SOFT) - goto exe_soft; + goto soft_log;
ret = uadk_e_rsa_init(); - if (ret) + if (ret != UADK_INIT_SUCCESS) goto exe_soft;
ret = rsa_pkey_param_alloc(&pub, NULL); if (ret == -ENOMEM) - goto exe_soft; + return ret;
is_crt = check_rsa_is_crt(rsa);
@@ -1775,8 +1807,9 @@ free_pkey: rsa_pkey_param_free(&pub, NULL); if (ret != UADK_DO_SOFT) return ret; -exe_soft: +soft_log: fprintf(stderr, "switch to execute openssl software calculation.\n"); +exe_soft: return RSA_meth_get_pub_dec(RSA_PKCS1_OpenSSL()) (flen, from, to, rsa, padding); } @@ -1834,7 +1867,13 @@ void uadk_e_destroy_rsa(void) uadk_e_rsa_uninit(); }
+static void uadk_e_rsa_clear_status(void) +{ + g_rsa_res.status = UADK_UNINIT; +} + void uadk_e_rsa_lock_init(void) { + pthread_atfork(NULL, NULL, uadk_e_rsa_clear_status); pthread_spin_init(&g_rsa_res.lock, PTHREAD_PROCESS_PRIVATE); } diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c index df760fe..1db6e3a 100644 --- a/src/uadk_sm2.c +++ b/src/uadk_sm2.c @@ -1204,8 +1204,7 @@ static int sm2_init(EVP_PKEY_CTX *ctx) }
ret = uadk_init_ecc(); - if (ret) { - fprintf(stderr, "failed to uadk_init_ecc, ret = %d\n", ret); + if (ret != UADK_INIT_SUCCESS) { smctx->init_status = CTX_INIT_FAIL; goto end; }
1. Modify return value. 2. Use matching resource application and release functions. 3. Fix memory leak in abonormal scenarios. 4. Add null pointer check for ctrl param p2 of sm2 alg.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_async.c | 6 ++++-- src/uadk_sm2.c | 7 +++++-- 2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/uadk_async.c b/src/uadk_async.c index 870065d..499907b 100644 --- a/src/uadk_async.c +++ b/src/uadk_async.c @@ -302,8 +302,10 @@ int async_wake_job(ASYNC_JOB *job)
ret = ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom); if (ret > 0) { - if (write(efd, &buf, sizeof(uint64_t)) == -1) + if (write(efd, &buf, sizeof(uint64_t)) == -1) { fprintf(stderr, "failed to write to fd: %d - error: %d\n", efd, errno); + return errno; + } }
return ret; @@ -364,7 +366,7 @@ int async_module_init(void) if (pthread_mutex_init(&(poll_queue.async_task_mutex), NULL) < 0) return 0;
- poll_queue.head = calloc(ASYNC_QUEUE_TASK_NUM, sizeof(struct async_poll_task)); + poll_queue.head = OPENSSL_malloc(ASYNC_QUEUE_TASK_NUM * sizeof(struct async_poll_task)); if (poll_queue.head == NULL) return 0;
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c index 1db6e3a..84bda98 100644 --- a/src/uadk_sm2.c +++ b/src/uadk_sm2.c @@ -149,7 +149,7 @@ static int get_hash_type(int nid_hash) }
static int compute_hash(const char *in, size_t in_len, - char *out, size_t out_len, void *usr) + char *out, size_t out_len, void *usr) { const EVP_MD *digest = (const EVP_MD *)usr; EVP_MD_CTX *hash = EVP_MD_CTX_new(); @@ -377,7 +377,7 @@ static int sign_bin_to_ber(EC_KEY *ec, struct wd_dtb *r, struct wd_dtb *s, e_sig = ECDSA_SIG_new(); if (!e_sig) { fprintf(stderr, "failed to ECDSA_SIG_new\n"); - return -EINVAL; + return -ENOMEM; }
br = BN_bin2bn((void *)r->data, r->dsize, NULL); @@ -1200,6 +1200,7 @@ static int sm2_init(EVP_PKEY_CTX *ctx) ret = uadk_e_ecc_get_support_state(SM2_SUPPORT); if (!ret) { fprintf(stderr, "sm2 is not supported\n"); + free(smctx); return 0; }
@@ -1284,6 +1285,8 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) } goto set_data; case EVP_PKEY_CTRL_GET_MD: + if (!p2) + return 0; *(const EVP_MD **)p2 = smctx->ctx.md; return 1; case EVP_PKEY_CTRL_SET1_ID:
From: Weili Qian qianweili@huawei.com
The openssl API d2i_SM2_Ciphertext() will change the 'in' address and clean the data. If still use 'in' when switching to soft computing, input data errors may occur. So pre-store the address to 'in_soft' and use it in software computing.
Signed-off-by: Weili Qian qianweili@huawei.com Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_sm2.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c index 84bda98..8421931 100644 --- a/src/uadk_sm2.c +++ b/src/uadk_sm2.c @@ -922,7 +922,7 @@ static int sm2_encrypt_check(EVP_PKEY_CTX *ctx, c3_size = EVP_MD_size(md); if (c3_size <= 0) { fprintf(stderr, "c3 size error\n"); - return 0; + return UADK_E_INVALID; }
if (!out) { @@ -1033,7 +1033,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx, hash_size = EVP_MD_size(md); if (hash_size <= 0) { fprintf(stderr, "hash size = %d error\n", hash_size); - return 0; + return UADK_E_INVALID; }
if (!out) { @@ -1107,6 +1107,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx, { struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx); struct sm2_ciphertext *ctext_struct; + const unsigned char *in_soft = in; struct wd_ecc_req req = {0}; struct wd_ecc_point c1; struct wd_dtb c2, c3; @@ -1120,10 +1121,8 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx, md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
ctext_struct = d2i_SM2_Ciphertext(NULL, &in, inlen); - if (!ctext_struct) { - ret = UADK_DO_SOFT; - goto do_soft; - } + if (!ctext_struct) + return 0;
ret = cipher_ber_to_bin(md, ctext_struct, &c1, &c2, &c3); if (ret) { @@ -1165,7 +1164,7 @@ do_soft: return ret;
fprintf(stderr, "switch to execute openssl software calculation.\n"); - return openssl_decrypt(ctx, out, outlen, in, inlen); + return openssl_decrypt(ctx, out, outlen, in_soft, inlen); }
static void sm2_cleanup(EVP_PKEY_CTX *ctx)
From: Hao Fang fanghao11@huawei.com
1.Add priv address check return by EVP_CIPHER_CTX_get_cipher_data(). 2.Add priv address check return by EVP_MD_CTX_md_data().
Signed-off-by: Hao Fang fanghao11@huawei.com --- src/uadk_cipher.c | 18 ++++++++++++++---- src/uadk_digest.c | 30 ++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 4 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c index 12830b7..472c47c 100644 --- a/src/uadk_cipher.c +++ b/src/uadk_cipher.c @@ -185,7 +185,7 @@ static int uadk_e_cipher_sw_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
priv = (struct cipher_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); if (unlikely(priv == NULL)) { - fprintf(stderr, "uadk engine state is NULL.\n"); + fprintf(stderr, "priv get from cipher ctx is NULL.\n"); return 0; }
@@ -235,7 +235,7 @@ static int uadk_e_cipher_soft_work(EVP_CIPHER_CTX *ctx, unsigned char *out,
priv = (struct cipher_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); if (unlikely(priv == NULL)) { - fprintf(stderr, "uadk engine state is NULL.\n"); + fprintf(stderr, "priv get from cipher ctx is NULL.\n"); return 0; }
@@ -277,7 +277,7 @@ static void uadk_e_cipher_sw_cleanup(EVP_CIPHER_CTX *ctx) struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
- if (priv->sw_ctx_data) { + if (priv && priv->sw_ctx_data) { OPENSSL_free(priv->sw_ctx_data); priv->sw_ctx_data = NULL; } @@ -500,6 +500,11 @@ static int uadk_e_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, int nid, ret; __u32 i;
+ if (unlikely(!priv)) { + fprintf(stderr, "priv get from cipher ctx is NULL.\n"); + return 0; + } + if (unlikely(!key)) { fprintf(stderr, "ctx init parameter key is NULL.\n"); return 0; @@ -541,7 +546,7 @@ static int uadk_e_cipher_cleanup(EVP_CIPHER_CTX *ctx)
uadk_e_cipher_sw_cleanup(ctx);
- if (priv->sess) { + if (priv && priv->sess) { wd_cipher_free_sess(priv->sess); priv->sess = 0; } @@ -752,6 +757,11 @@ static int uadk_e_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, struct async_op op; int ret;
+ if (unlikely(!priv)) { + fprintf(stderr, "priv get from cipher ctx is NULL.\n"); + return 0; + } + priv->req.src = (unsigned char *)in; priv->req.in_bytes = inlen; priv->req.dst = out; diff --git a/src/uadk_digest.c b/src/uadk_digest.c index 0aa90f3..06851f1 100644 --- a/src/uadk_digest.c +++ b/src/uadk_digest.c @@ -535,6 +535,11 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx) __u32 i; int ret;
+ if (unlikely(!priv)) { + fprintf(stderr, "priv get from digest ctx is NULL.\n"); + return 0; + } + priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
digest_priv_ctx_reset(priv); @@ -587,6 +592,11 @@ static void digest_update_out_length(EVP_MD_CTX *ctx) struct digest_priv_ctx *priv = (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
+ if (unlikely(!priv)) { + fprintf(stderr, "priv get from digest ctx is NULL.\n"); + return; + } + /* Sha224 and Sha384 need full length mac buffer as doing long hash */ if (priv->e_nid == NID_sha224) priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN; @@ -614,6 +624,11 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le int copy_to_bufflen; int ret;
+ if (unlikely(!priv)) { + fprintf(stderr, "priv get from digest ctx is NULL.\n"); + return 0; + } + digest_update_out_length(ctx); digest_set_msg_state(priv, false);
@@ -671,6 +686,11 @@ static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_l struct digest_priv_ctx *priv = (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
+ if (unlikely(!priv)) { + fprintf(stderr, "priv get from digest ctx is NULL.\n"); + return 0; + } + if (unlikely(priv->switch_flag == UADK_DO_SOFT)) goto soft_update;
@@ -770,6 +790,11 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest) struct async_op *op; int ret = 1;
+ if (unlikely(!priv)) { + fprintf(stderr, "priv get from digest ctx is NULL.\n"); + return 0; + } + digest_set_msg_state(priv, true); priv->req.in = priv->data; priv->req.out = priv->out; @@ -863,6 +888,11 @@ static int uadk_e_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) if (!t) return 1;
+ if (!f) { + fprintf(stderr, "priv get from digest ctx is NULL.\n"); + return 0; + } + if (t->sess) { params.numa_id = -1; t->setup.sched_param = ¶ms;
From: Hao Fang fanghao11@huawei.com
Signed-off-by: Hao Fang fanghao11@huawei.com --- src/uadk_ec.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c index 78c403f..400040e 100644 --- a/src/uadk_ec.c +++ b/src/uadk_ec.c @@ -328,6 +328,10 @@ static int set_digest(handle_t sess, struct wd_dtb *e,
if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits) { m = BN_new(); + if (!m) { + fprintf(stderr, "failed to BN_new BIGNUM m\n"); + return -1; + }
/* Need to truncate digest if it is too long: first truncate * whole bytes
From: Hao Fang fanghao11@huawei.com
If flen > num_bytes, need to free from_buf.
Signed-off-by: Hao Fang fanghao11@huawei.com --- src/uadk_rsa.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index fa4d354..1289fd3 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -1491,11 +1491,16 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, }
ret = rsa_create_pub_bn_ctx(rsa, pub_enc, &from_buf, &num_bytes); - if (ret <= 0 || flen > num_bytes) { + if (ret <= 0) { ret = UADK_DO_SOFT; goto free_sess; }
+ if (flen > num_bytes) { + ret = UADK_DO_SOFT; + goto free_buf; + } + ret = add_rsa_pubenc_padding(flen, from, from_buf, num_bytes, padding); if (!ret) { ret = UADK_DO_SOFT; @@ -1756,11 +1761,16 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from, }
ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes); - if (ret <= 0 || flen > num_bytes) { + if (ret <= 0) { ret = UADK_DO_SOFT; goto free_sess; }
+ if (flen > num_bytes) { + ret = UADK_DO_SOFT; + goto free_buf; + } + ret = rsa_fill_pubkey(pub, rsa_sess, from_buf, to); if (!ret) { ret = UADK_DO_SOFT;
Add null pointer check of 'siglen' parameter.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/uadk_ec.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/uadk_ec.c b/src/uadk_ec.c index 400040e..b1dbdfe 100644 --- a/src/uadk_ec.c +++ b/src/uadk_ec.c @@ -548,8 +548,11 @@ static int ecdsa_sign(int type, const unsigned char *dgst, int dlen, goto err; }
- *siglen = i2d_ECDSA_SIG(s, &sig); + if (siglen) + *siglen = i2d_ECDSA_SIG(s, &sig); + ECDSA_SIG_free(s); + return 1;
err:
Add null pointer check of 'eng_ctx->qlist'.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/v1/alg/pkey/hpre_wd.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/v1/alg/pkey/hpre_wd.c b/src/v1/alg/pkey/hpre_wd.c index 971f7b2..855d47c 100644 --- a/src/v1/alg/pkey/hpre_wd.c +++ b/src/v1/alg/pkey/hpre_wd.c @@ -157,10 +157,13 @@ void hpre_free_eng_ctx(hpre_engine_ctx_t *eng_ctx) }
if (eng_ctx->opdata.op_type != WCRYPTO_RSA_GENKEY) { - if (eng_ctx->opdata.in) - eng_ctx->rsa_setup.br.free(eng_ctx->qlist->kae_queue_mem_pool, eng_ctx->opdata.in); + if (eng_ctx->opdata.in) { + if (eng_ctx->qlist) + eng_ctx->rsa_setup.br.free(eng_ctx->qlist->kae_queue_mem_pool, eng_ctx->opdata.in); + } + if (eng_ctx->opdata.out) { - if (eng_ctx->qlist != NULL) + if (eng_ctx->qlist) eng_ctx->rsa_setup.br.free(eng_ctx->qlist->kae_queue_mem_pool, eng_ctx->opdata.out); } } else {
From: Hao Fang fanghao11@huawei.com
If flen > num_bytes, need to free from_buffer. The reasonable operation is put the size check before the memory malloc.
Signed-off-by: Hao Fang fanghao11@huawei.com --- src/uadk_rsa.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index 1289fd3..c9e2b34 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -1358,7 +1358,7 @@ static void rsa_free_pub_bn_ctx(unsigned char **from_buf) }
static int rsa_create_pri_bn_ctx(RSA *rsa, struct rsa_prikey_param *pri, - unsigned char **from_buf, int *num_bytes) + unsigned char **from_buf, int *num_bytes, int flen) { RSA_get0_key(rsa, &pri->n, &pri->e, &pri->d); if (!(pri->n) || !(pri->e) || !(pri->d)) @@ -1376,6 +1376,9 @@ static int rsa_create_pri_bn_ctx(RSA *rsa, struct rsa_prikey_param *pri, if (!(*num_bytes)) return UADK_E_FAIL;
+ if (flen > *num_bytes) + return UADK_E_FAIL; + *from_buf = OPENSSL_malloc(*num_bytes); if (!(*from_buf)) return -ENOMEM; @@ -1578,8 +1581,8 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, goto free_pkey; }
- ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes); - if (ret <= 0 || flen > num_bytes) { + ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes, flen); + if (ret <= 0) { ret = UADK_DO_SOFT; goto free_sess; } @@ -1665,8 +1668,8 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, goto free_pkey; }
- ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes); - if (ret <= 0 || flen > num_bytes) { + ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes, flen); + if (ret <= 0) { ret = UADK_DO_SOFT; goto free_sess; }
From: Hao Fang fanghao11@huawei.com
When the pthread exit also need to call async_poll_task_free() to unint thread_attr.
Signed-off-by: Hao Fang fanghao11@huawei.com --- src/uadk_async.c | 8 ++++---- src/uadk_async.h | 1 + 2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/uadk_async.c b/src/uadk_async.c index 499907b..8cfb651 100644 --- a/src/uadk_async.c +++ b/src/uadk_async.c @@ -132,6 +132,7 @@ void async_poll_task_free(void) poll_queue.head = NULL;
pthread_mutex_unlock(&poll_queue.async_task_mutex); + pthread_attr_destroy(&poll_queue.thread_attr); sem_destroy(&poll_queue.empty_sem); sem_destroy(&poll_queue.full_sem); pthread_mutex_destroy(&poll_queue.async_task_mutex); @@ -359,7 +360,6 @@ static void *async_poll_process_func(void *args) int async_module_init(void) { pthread_t thread_id; - pthread_attr_t thread_attr;
memset(&poll_queue, 0, sizeof(struct async_poll_queue));
@@ -378,9 +378,9 @@ int async_module_init(void)
uadk_e_set_async_poll_state(ENABLE_ASYNC_POLLING);
- pthread_attr_init(&thread_attr); - pthread_attr_setdetachstate(&thread_attr, PTHREAD_CREATE_DETACHED); - if (pthread_create(&thread_id, &thread_attr, async_poll_process_func, NULL)) + pthread_attr_init(&poll_queue.thread_attr); + pthread_attr_setdetachstate(&poll_queue.thread_attr, PTHREAD_CREATE_DETACHED); + if (pthread_create(&thread_id, &poll_queue.thread_attr, async_poll_process_func, NULL)) goto err;
poll_queue.thread_id = thread_id; diff --git a/src/uadk_async.h b/src/uadk_async.h index 678e392..6857927 100644 --- a/src/uadk_async.h +++ b/src/uadk_async.h @@ -69,6 +69,7 @@ struct async_poll_queue { sem_t full_sem; pthread_mutex_t async_task_mutex; pthread_t thread_id; + pthread_attr_t thread_attr; };
int async_setup_async_event_notification(struct async_op *op);
From: Hao Fang fanghao11@huawei.com
The system does not keep busy in normal, only add a timeout mechanism to exit the while loop.
Signed-off-by: Hao Fang fanghao11@huawei.com --- src/uadk.h | 1 + src/uadk_aead.c | 39 ++++++++++++++++++++++++++------------- src/uadk_cipher.c | 13 ++++++++++--- src/uadk_dh.c | 13 +++++++++---- src/uadk_digest.c | 14 ++++++++++---- src/uadk_pkey.c | 13 +++++++++---- src/uadk_rsa.c | 12 +++++++++--- 7 files changed, 74 insertions(+), 31 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h index c5ebf32..1945ba2 100644 --- a/src/uadk.h +++ b/src/uadk.h @@ -21,6 +21,7 @@
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) #define ENV_STRING_LEN 256 +#define ENGINE_SEND_MAX_CNT 90000000 #define ENGINE_RECV_MAX_CNT 60000000 #define UADK_UNINIT 0 #define UADK_INIT_SUCCESS 1 diff --git a/src/uadk_aead.c b/src/uadk_aead.c index c2646f1..40a35e3 100644 --- a/src/uadk_aead.c +++ b/src/uadk_aead.c @@ -27,7 +27,7 @@ #include "uadk_async.h" #include "uadk_utils.h"
-#define RET_FAIL -1 +#define RET_FAIL (-1) #define STATE_FAIL 0xFFFF #define CTX_SYNC_ENC 0 #define CTX_SYNC_DEC 1 @@ -521,17 +521,9 @@ static void *uadk_e_aead_cb(struct wd_aead_req *req, void *data) return NULL; }
-static int do_aead_async(struct aead_priv_ctx *priv, struct async_op *op, - unsigned char *out, const unsigned char *in, size_t inlen) +static void do_aead_async_prepare(struct aead_priv_ctx *priv, unsigned char *out, + const unsigned char *in, size_t inlen) { - struct uadk_e_cb_info *cb_param; - int ret; - - if (unlikely(priv->req.assoc_bytes + inlen > AEAD_BLOCK_SIZE)) { - fprintf(stderr, "aead input data length is too long!\n"); - return 0; - } - priv->req.in_bytes = inlen; /* AAD data is input or output together with plaintext or ciphertext. */ if (priv->req.assoc_bytes) { @@ -542,6 +534,21 @@ static int do_aead_async(struct aead_priv_ctx *priv, struct async_op *op, priv->req.src = (unsigned char *)in; priv->req.dst = out; } +} + +static int do_aead_async(struct aead_priv_ctx *priv, struct async_op *op, + unsigned char *out, const unsigned char *in, size_t inlen) +{ + struct uadk_e_cb_info *cb_param; + int cnt = 0; + int ret; + + if (unlikely(priv->req.assoc_bytes + inlen > AEAD_BLOCK_SIZE)) { + fprintf(stderr, "aead input data length is too long!\n"); + return 0; + } + + do_aead_async_prepare(priv, out, in, inlen);
cb_param = malloc(sizeof(struct uadk_e_cb_info)); if (unlikely(!cb_param)) { @@ -562,8 +569,14 @@ static int do_aead_async(struct aead_priv_ctx *priv, struct async_op *op,
do { ret = wd_do_aead_async(priv->sess, &priv->req); - if (unlikely(ret < 0 && ret != -EBUSY)) { - fprintf(stderr, "do aead async operation failed.\n"); + if (unlikely(ret < 0)) { + if (unlikely(ret != -EBUSY)) + fprintf(stderr, "do aead async operation failed.\n"); + else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT)) + fprintf(stderr, "do aead async operation timeout.\n"); + else + continue; + async_free_poll_task(op->idx, 0); ret = 0; goto free_cb_param; diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c index 472c47c..4bc8c7f 100644 --- a/src/uadk_cipher.c +++ b/src/uadk_cipher.c @@ -652,7 +652,7 @@ static int do_cipher_sync(struct cipher_priv_ctx *priv) static int do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *op) { struct uadk_e_cb_info cb_param; - int idx, ret; + int idx, ret, cnt;
if (unlikely(priv->switch_flag == UADK_DO_SOFT)) { fprintf(stderr, "switch to soft cipher.\n"); @@ -668,11 +668,18 @@ static int do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *op) if (!ret) return 0;
+ cnt = 0; op->idx = idx; do { ret = wd_do_cipher_async(priv->sess, &priv->req); - if (ret < 0 && ret != -EBUSY) { - fprintf(stderr, "do sec cipher failed, switch to soft cipher.\n"); + if (unlikely(ret < 0)) { + if (unlikely(ret != -EBUSY)) + fprintf(stderr, "do cipher async operation failed.\n"); + else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT)) + fprintf(stderr, "do cipher async operation timeout.\n"); + else + continue; + async_free_poll_task(op->idx, 0); return 0; } diff --git a/src/uadk_dh.c b/src/uadk_dh.c index 62c75fe..328bb80 100644 --- a/src/uadk_dh.c +++ b/src/uadk_dh.c @@ -716,7 +716,7 @@ static int dh_do_crypto(struct uadk_dh_sess *dh_sess) { struct uadk_e_cb_info cb_param; struct async_op op; - int idx, ret; + int idx, ret, cnt;
ret = async_setup_async_event_notification(&op); if (!ret) { @@ -742,12 +742,17 @@ static int dh_do_crypto(struct uadk_dh_sess *dh_sess) goto err;
op.idx = idx; - + cnt = 0; do { ret = wd_do_dh_async(dh_sess->sess, &dh_sess->req); - if (ret < 0 && ret != -EBUSY) { - if (ret == -WD_HW_EACCESS) + if (unlikely(ret < 0)) { + if (unlikely(ret == -WD_HW_EACCESS)) uadk_e_dh_set_status(); + else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT)) + fprintf(stderr, "do dh async operation timeout.\n"); + else + continue; + async_free_poll_task(op.idx, 0); goto err; } diff --git a/src/uadk_digest.c b/src/uadk_digest.c index 06851f1..cbcae1f 100644 --- a/src/uadk_digest.c +++ b/src/uadk_digest.c @@ -750,7 +750,7 @@ static int do_digest_sync(struct digest_priv_ctx *priv) static int do_digest_async(struct digest_priv_ctx *priv, struct async_op *op) { struct uadk_e_cb_info cb_param; - int idx, ret; + int idx, ret, cnt;
if (unlikely(priv->switch_flag == UADK_DO_SOFT)) { fprintf(stderr, "async cipher init failed.\n"); @@ -767,11 +767,17 @@ static int do_digest_async(struct digest_priv_ctx *priv, struct async_op *op) return 0;
op->idx = idx; - + cnt = 0; do { ret = wd_do_digest_async(priv->sess, &priv->req); - if (ret < 0 && ret != -EBUSY) { - fprintf(stderr, "do sec digest async failed.\n"); + if (unlikely(ret < 0)) { + if (unlikely(ret != -EBUSY)) + fprintf(stderr, "do digest async operation failed.\n"); + else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT)) + fprintf(stderr, "do digest async operation timeout.\n"); + else + continue; + async_free_poll_task(op->idx, 0); return 0; } diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c index 3497e77..fb5c75b 100644 --- a/src/uadk_pkey.c +++ b/src/uadk_pkey.c @@ -302,7 +302,7 @@ int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr) { struct uadk_e_cb_info cb_param; struct async_op op; - int idx, ret; + int idx, ret, cnt;
ret = async_setup_async_event_notification(&op); if (!ret) { @@ -321,12 +321,17 @@ int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr) goto err;
op.idx = idx; - + cnt = 0; do { ret = wd_do_ecc_async(sess, req); - if (ret < 0 && ret != -EBUSY) { - if (ret == -WD_HW_EACCESS) + if (unlikely(ret < 0)) { + if (unlikely(ret == -WD_HW_EACCESS)) uadk_e_ecc_set_status(); + else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT)) + fprintf(stderr, "do ecc async operation timeout.\n"); + else + continue; + async_free_poll_task(op.idx, 0); goto err; } diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index c9e2b34..24dd7b9 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -1099,7 +1099,7 @@ static int rsa_do_crypto(struct uadk_rsa_sess *rsa_sess) { struct uadk_e_cb_info cb_param; struct async_op op; - int idx, ret; + int idx, ret, cnt;
ret = async_setup_async_event_notification(&op); if (!ret) { @@ -1128,11 +1128,17 @@ static int rsa_do_crypto(struct uadk_rsa_sess *rsa_sess) goto err;
op.idx = idx; + cnt = 0; do { ret = wd_do_rsa_async(rsa_sess->sess, &(rsa_sess->req)); - if (ret < 0 && ret != -EBUSY) { - if (ret == -WD_HW_EACCESS) + if (unlikely(ret < 0)) { + if (unlikely(ret == -WD_HW_EACCESS)) uadk_e_rsa_set_status(); + else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT)) + fprintf(stderr, "do rsa async operation timeout.\n"); + else + continue; + async_free_poll_task(op.idx, 0); goto err; }
From: Qi Tao taoqi10@huawei.com
The uadk_e_bind_ciphers function is executed only once, however, the uadk_e_ciphers may be executed multiple times, it is better to check whether the hardware is available at the beginning of uadk_e_bind_ciphers.
Signed-off-by: Qi Tao taoqi10@huawei.com --- src/uadk_cipher_adapter.c | 38 ++++++++++++++++++-------------------- 1 file changed, 18 insertions(+), 20 deletions(-)
diff --git a/src/uadk_cipher_adapter.c b/src/uadk_cipher_adapter.c index 065575b..caf8af3 100644 --- a/src/uadk_cipher_adapter.c +++ b/src/uadk_cipher_adapter.c @@ -16,11 +16,10 @@ */ #include "uadk_cipher_adapter.h"
-#define HW_UNINIT -1 -#define HW_SEC_V2 0 -#define HW_SEC_V3 1 +#define HW_SEC_V2 2 +#define HW_SEC_V3 3
-static int g_platform = HW_UNINIT; +static int g_platform;
static int cipher_hw_v2_nids[] = { NID_aes_128_cbc, @@ -143,7 +142,6 @@ static void uadk_e_create_ciphers(int index)
int uadk_e_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid) { - struct uacce_dev *dev; __u32 i;
if (!e) @@ -155,21 +153,6 @@ int uadk_e_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int n return 0; }
- if (g_platform == HW_UNINIT) { - dev = wd_get_accel_dev("cipher"); - if (!dev) { - fprintf(stderr, "no device available, switch to software!\n"); - return 0; - } - - if (!strcmp(dev->api, "hisi_qm_v2")) - g_platform = HW_SEC_V2; - else - g_platform = HW_SEC_V3; - - free(dev); - } - if (cipher == NULL) { if (g_platform == HW_SEC_V2) { *nids = cipher_hw_v2_nids; @@ -198,6 +181,21 @@ int uadk_e_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int n
int uadk_e_bind_ciphers(ENGINE *e) { + struct uacce_dev *dev; + + dev = wd_get_accel_dev("cipher"); + if (!dev) { + fprintf(stderr, "no device available, switch to software!\n"); + return 0; + } + + if (!strcmp(dev->api, "hisi_qm_v2")) + g_platform = HW_SEC_V2; + else + g_platform = HW_SEC_V3; + + free(dev); + return ENGINE_set_ciphers(e, uadk_e_ciphers); }
From: Qi Tao taoqi10@huawei.com
The common input parameter UADK_CIPHER_DESCR is deleted.
Signed-off-by: Qi Tao taoqi10@huawei.com --- src/uadk_cipher.c | 139 +++++++++++----------------------------------- 1 file changed, 33 insertions(+), 106 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c index 4bc8c7f..4b79493 100644 --- a/src/uadk_cipher.c +++ b/src/uadk_cipher.c @@ -811,19 +811,18 @@ out_notify: return ret; }
-#define UADK_CIPHER_DESCR(name, block_size, key_size, iv_len, flags, ctx_size, \ - init, cipher, cleanup, set_params, get_params) \ +#define UADK_CIPHER_DESCR(name, block_size, key_size, iv_len, flags) \ do { \ uadk_##name = EVP_CIPHER_meth_new(NID_##name, block_size, key_size); \ if (uadk_##name == 0 || \ - !EVP_CIPHER_meth_set_iv_length(uadk_##name, iv_len) || \ - !EVP_CIPHER_meth_set_flags(uadk_##name, flags) || \ - !EVP_CIPHER_meth_set_impl_ctx_size(uadk_##name, ctx_size) || \ - !EVP_CIPHER_meth_set_init(uadk_##name, init) || \ - !EVP_CIPHER_meth_set_do_cipher(uadk_##name, cipher) || \ - !EVP_CIPHER_meth_set_cleanup(uadk_##name, cleanup) || \ - !EVP_CIPHER_meth_set_set_asn1_params(uadk_##name, set_params) || \ - !EVP_CIPHER_meth_set_get_asn1_params(uadk_##name, get_params)) \ + !EVP_CIPHER_meth_set_iv_length(uadk_##name, iv_len) || \ + !EVP_CIPHER_meth_set_flags(uadk_##name, flags) || \ + !EVP_CIPHER_meth_set_impl_ctx_size(uadk_##name, sizeof(struct cipher_priv_ctx)) || \ + !EVP_CIPHER_meth_set_init(uadk_##name, uadk_e_cipher_init) || \ + !EVP_CIPHER_meth_set_do_cipher(uadk_##name, uadk_e_do_cipher) || \ + !EVP_CIPHER_meth_set_cleanup(uadk_##name, uadk_e_cipher_cleanup) || \ + !EVP_CIPHER_meth_set_set_asn1_params(uadk_##name, EVP_CIPHER_set_asn1_iv) || \ + !EVP_CIPHER_meth_set_get_asn1_params(uadk_##name, EVP_CIPHER_get_asn1_iv)) \ return 0; \ } while (0)
@@ -833,171 +832,99 @@ EVP_CIPHER *uadk_create_cipher_meth(int nid)
switch (nid) { case NID_aes_128_cbc: - UADK_CIPHER_DESCR(aes_128_cbc, 16, 16, 16, EVP_CIPH_CBC_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_128_cbc, 16, 16, 16, EVP_CIPH_CBC_MODE); cipher = uadk_aes_128_cbc; break; case NID_aes_192_cbc: - UADK_CIPHER_DESCR(aes_192_cbc, 16, 24, 16, EVP_CIPH_CBC_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_192_cbc, 16, 24, 16, EVP_CIPH_CBC_MODE); cipher = uadk_aes_192_cbc; break; case NID_aes_256_cbc: - UADK_CIPHER_DESCR(aes_256_cbc, 16, 32, 16, EVP_CIPH_CBC_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_256_cbc, 16, 32, 16, EVP_CIPH_CBC_MODE); cipher = uadk_aes_256_cbc; break; case NID_aes_128_ecb: - UADK_CIPHER_DESCR(aes_128_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_128_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE); cipher = uadk_aes_128_ecb; break; case NID_aes_192_ecb: - UADK_CIPHER_DESCR(aes_192_ecb, 16, 24, 0, EVP_CIPH_ECB_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_192_ecb, 16, 24, 0, EVP_CIPH_ECB_MODE); cipher = uadk_aes_192_ecb; break; case NID_aes_256_ecb: - UADK_CIPHER_DESCR(aes_256_ecb, 16, 32, 0, EVP_CIPH_ECB_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_256_ecb, 16, 32, 0, EVP_CIPH_ECB_MODE); cipher = uadk_aes_256_ecb; break; case NID_aes_128_xts: - UADK_CIPHER_DESCR(aes_128_xts, 1, 32, 16, EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_128_xts, 1, 32, 16, EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV); cipher = uadk_aes_128_xts; break; case NID_aes_256_xts: - UADK_CIPHER_DESCR(aes_256_xts, 1, 64, 16, EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_256_xts, 1, 64, 16, EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV); cipher = uadk_aes_256_xts; break; case NID_sm4_cbc: - UADK_CIPHER_DESCR(sm4_cbc, 16, 16, 16, EVP_CIPH_CBC_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(sm4_cbc, 16, 16, 16, EVP_CIPH_CBC_MODE); cipher = uadk_sm4_cbc; break; case NID_sm4_ecb: - UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE); cipher = uadk_sm4_ecb; break; case NID_des_ede3_cbc: - UADK_CIPHER_DESCR(des_ede3_cbc, 8, 24, 8, EVP_CIPH_CBC_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(des_ede3_cbc, 8, 24, 8, EVP_CIPH_CBC_MODE); cipher = uadk_des_ede3_cbc; break; case NID_des_ede3_ecb: - UADK_CIPHER_DESCR(des_ede3_ecb, 8, 24, 0, EVP_CIPH_ECB_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(des_ede3_ecb, 8, 24, 0, EVP_CIPH_ECB_MODE); cipher = uadk_des_ede3_ecb; break; case NID_aes_128_ctr: - UADK_CIPHER_DESCR(aes_128_ctr, 1, 16, 16, EVP_CIPH_CTR_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_128_ctr, 1, 16, 16, EVP_CIPH_CTR_MODE); cipher = uadk_aes_128_ctr; break; case NID_aes_192_ctr: - UADK_CIPHER_DESCR(aes_192_ctr, 1, 24, 16, EVP_CIPH_CTR_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_192_ctr, 1, 24, 16, EVP_CIPH_CTR_MODE); cipher = uadk_aes_192_ctr; break; case NID_aes_256_ctr: - UADK_CIPHER_DESCR(aes_256_ctr, 1, 32, 16, EVP_CIPH_CTR_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_256_ctr, 1, 32, 16, EVP_CIPH_CTR_MODE); cipher = uadk_aes_256_ctr; break; case NID_aes_128_ofb128: - UADK_CIPHER_DESCR(aes_128_ofb128, 1, 16, 16, EVP_CIPH_OFB_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_128_ofb128, 1, 16, 16, EVP_CIPH_OFB_MODE); cipher = uadk_aes_128_ofb128; break; case NID_aes_192_ofb128: - UADK_CIPHER_DESCR(aes_192_ofb128, 1, 24, 16, EVP_CIPH_OFB_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_192_ofb128, 1, 24, 16, EVP_CIPH_OFB_MODE); cipher = uadk_aes_192_ofb128; break; case NID_aes_256_ofb128: - UADK_CIPHER_DESCR(aes_256_ofb128, 1, 32, 16, EVP_CIPH_OFB_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_256_ofb128, 1, 32, 16, EVP_CIPH_OFB_MODE); cipher = uadk_aes_256_ofb128; break; case NID_aes_128_cfb128: - UADK_CIPHER_DESCR(aes_128_cfb128, 1, 16, 16, EVP_CIPH_CFB_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_128_cfb128, 1, 16, 16, EVP_CIPH_CFB_MODE); cipher = uadk_aes_128_cfb128; break; case NID_aes_192_cfb128: - UADK_CIPHER_DESCR(aes_192_cfb128, 1, 24, 16, EVP_CIPH_CFB_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_192_cfb128, 1, 24, 16, EVP_CIPH_CFB_MODE); cipher = uadk_aes_192_cfb128; break; case NID_aes_256_cfb128: - UADK_CIPHER_DESCR(aes_256_cfb128, 1, 32, 16, EVP_CIPH_CFB_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(aes_256_cfb128, 1, 32, 16, EVP_CIPH_CFB_MODE); cipher = uadk_aes_256_cfb128; break; case NID_sm4_ofb128: - UADK_CIPHER_DESCR(sm4_ofb128, 1, 16, 16, EVP_CIPH_OFB_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(sm4_ofb128, 1, 16, 16, EVP_CIPH_OFB_MODE); cipher = uadk_sm4_ofb128; break; case NID_sm4_cfb128: - UADK_CIPHER_DESCR(sm4_cfb128, 1, 16, 16, EVP_CIPH_OFB_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(sm4_cfb128, 1, 16, 16, EVP_CIPH_OFB_MODE); cipher = uadk_sm4_cfb128; break; case NID_sm4_ctr: - UADK_CIPHER_DESCR(sm4_ctr, 1, 16, 16, EVP_CIPH_CTR_MODE, - sizeof(struct cipher_priv_ctx), uadk_e_cipher_init, - uadk_e_do_cipher, uadk_e_cipher_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv); + UADK_CIPHER_DESCR(sm4_ctr, 1, 16, 16, EVP_CIPH_CTR_MODE); cipher = uadk_sm4_ctr; break; default:
Fix uninitialized variable 'ret'.
Signed-off-by: Zhiqi Song songzhiqi1@huawei.com --- src/v1/alg/pkey/hpre_rsa.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/v1/alg/pkey/hpre_rsa.c b/src/v1/alg/pkey/hpre_rsa.c index 4e21dde..2086e0c 100644 --- a/src/v1/alg/pkey/hpre_rsa.c +++ b/src/v1/alg/pkey/hpre_rsa.c @@ -298,13 +298,13 @@ static int hpre_rsa_public_encrypt(int flen, const unsigned char *from, BIGNUM *ret_bn = NULL; hpre_engine_ctx_t *eng_ctx = NULL; unsigned char *in_buf = NULL; + int ret = HPRE_CRYPTO_FAIL; BN_CTX *bn_ctx = NULL; int num_bytes = 0; int key_bits; - int ret;
if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC) - return HPRE_CRYPTO_FAIL; + return ret;
key_bits = RSA_bits(rsa); if (!check_bit_useful(key_bits)) { @@ -392,7 +392,7 @@ static int hpre_rsa_private_encrypt(int flen, const unsigned char *from, int version;
if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC) - return HPRE_CRYPTO_FAIL; + return ret;
key_bits = RSA_bits(rsa); if (!check_bit_useful(key_bits)) { @@ -479,6 +479,7 @@ static int hpre_rsa_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { hpre_engine_ctx_t *eng_ctx = NULL; + int ret = HPRE_CRYPTO_FAIL; BIGNUM *bn_ret = NULL; BIGNUM *f = NULL; BN_CTX *bn_ctx = NULL; @@ -488,10 +489,10 @@ static int hpre_rsa_public_decrypt(int flen, const unsigned char *from, int num_bytes = 0; int rsa_soft_mark = 0; unsigned char *buf = NULL; - int ret, len; + int len;
if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC) - return HPRE_CRYPTO_FAIL; + return ret;
RSA_get0_key(rsa, &n, &e, &d); ret = hpre_rsa_check(flen, n, e, &num_bytes, rsa); @@ -578,7 +579,7 @@ static int hpre_rsa_private_decrypt(int flen, const unsigned char *from, BN_CTX *bn_ctx = NULL;
if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC) - return HPRE_CRYPTO_FAIL; + return ret;
RSA_get0_key(rsa, &n, &e, &d); num_bytes = BN_num_bytes(n);
From: Qi Tao taoqi10@huawei.com
The flags of sm4_ecb algorithm is EVP_CIPH_ECB_MODE.
Signed-off-by: Qi Tao taoqi10@huawei.com --- src/v1/alg/ciphers/sec_ciphers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/v1/alg/ciphers/sec_ciphers.c b/src/v1/alg/ciphers/sec_ciphers.c index b4743ed..f2c5e7e 100644 --- a/src/v1/alg/ciphers/sec_ciphers.c +++ b/src/v1/alg/ciphers/sec_ciphers.c @@ -64,7 +64,7 @@ static cipher_info_t g_sec_ciphers_info[] = { {NID_sm4_ctr, 1, 16, 16, EVP_CIPH_CTR_MODE, 1, NULL}, {NID_sm4_cbc, 16, 16, 16, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1, 1, NULL}, {NID_sm4_ofb128, 1, 16, 16, EVP_CIPH_OFB_MODE, 1, NULL}, - {NID_sm4_ecb, 16, 16, 0, EVP_CIPH_CTR_MODE, 1, NULL}, + {NID_sm4_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE, 1, NULL}, };
#define CIPHERS_COUNT (BLOCKSIZES_OF(g_sec_ciphers_info))
在 2023/11/25 16:13, Zhiqi Song 写道:
This patchset contains some bugfix and cleanup.
Hao Fang (6): uadk_engine: cipher/digest: fixes for priv address check uadk_engine: ec: add BN_new memory check uadk_engine: rsa: fix mem leak for from_buf uadk_engine: uadk_rsa: fix to free from_buffer uadk_engine: uask_async: fix thread_attr res leak uadk_engine: async: fix add async send timeout
Qi Tao (3): cipher: uadk_e_bind_ciphers function is optimized cipher: UADK_CIPHER_DESCR is optimized uadk_engine/v1: fix g_sec_ciphers_info[] error
Weili Qian (2): uadk_engine: add device initialization status sm2: fixup switching soft sm2 decrypt problem
Zhiqi Song (6): ecc: optimize sm2 sign check function digest: fix the address of async op uadk_engine: fixup resource management issues ecc: add check of siglen v1/pkey: add check of qlist v1/pkey: fix uninitialized variable
src/uadk.h | 5 + src/uadk_aead.c | 39 ++++-- src/uadk_async.c | 14 +- src/uadk_async.h | 1 + src/uadk_cipher.c | 170 ++++++++---------------- src/uadk_cipher_adapter.c | 38 +++--- src/uadk_dh.c | 150 +++++++++++++-------- src/uadk_digest.c | 59 +++++++-- src/uadk_ec.c | 69 ++++++---- src/uadk_ecx.c | 8 +- src/uadk_pkey.c | 113 ++++++++++------ src/uadk_rsa.c | 218 +++++++++++++++++++------------ src/uadk_sm2.c | 42 +++--- src/v1/alg/ciphers/sec_ciphers.c | 2 +- src/v1/alg/pkey/hpre_rsa.c | 13 +- src/v1/alg/pkey/hpre_wd.c | 9 +- 16 files changed, 553 insertions(+), 397 deletions(-)
lgtm.
cheers!
-
fanghao (A) -
Zhiqi Song