uadk_provider: some algorithm optimization and problem fixing #223

patch-king · 2024-10-18T03:40:29Z

Chenghai Huang (15):
uadk_provider: add input pointer length check for digest and cipher
uadk_provider: code cleanup for provider bio
uadk_provider: add length check for input pointer
uadk_provider: add a timeout exit condition to the loop
uadk_provider: code cleanup for uadk_provider and uadk_engine
uadk_provider: add aes alg for uadk_provider in openssl3.0
uadk_engine: optimized engine update process
uadk_provider: fix cipher issue when input len is 0 in decrypto update
uadk_provider: fix the set ctx param function for ivlen and pad
uadk_provider: fix the key and IV verification methods for cipher init
uadk_provider: fix the switch condition issue of soft digest in engine
uadk_provider: extract hardware initialization functions to separate
functions
uadk_provider: modify poll loop exit condition
uadk_provider: add aes cts alg to uadk_provider in openssl3.0
uadk_provider: bugfix cipher decryption issue

Qi Tao (2):
uadk_prov: fix some cleancode issues and bugs for rsa
uadk_prov: fix data type conversion errors

Wenkai Lin (1):
uadk_engine: remove update iv for cipher

Zhiqi Song (6):
uadk_provider: add openssl ffc library function
uadk_provider: reconstructing dh implementation
uadk_engine/ecx: merge some similar code logic
uadk_engine: fixup pubkey size used in reverse operation
uadk_provider/rsa: unify function definitions with macro
uadk_provider/pkey: fixup functions with the same name

IAMHCHCH · 2024-10-18T03:49:05Z

/lgtm

gaozhangfei · 2024-10-18T13:58:19Z

linux/scripts/checkpatch.pl patch/*

ERROR: Macros with complex values should be enclosed in parentheses
#59: FILE: src/uadk_prov_ffc.c:19:
+#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo

ERROR: Macros with complex values should be enclosed in parentheses
#61: FILE: src/uadk_prov_ffc.c:21:
+#define BN_DEF(lo, hi) lo, hi

ERROR: code indent should use tabs where possible
#179: FILE: src/uadk_cipher.c:689:
+^I^I^I^I^I cipher_info_table[i].mode);$

gaozhangfei · 2024-10-18T14:01:32Z

build with some warning:
uadk_prov_init.c: In function 'uadk_teardown':
uadk_prov_init.c:205:9: warning: implicit declaration of function 'uadk_prov_dh_uninit'; did you mean 'uadk_prov_sm2_uninit'? [-Wimplicit-function-declaration]
205 | uadk_prov_dh_uninit();
| ^~~~~~~~~~~~~~~~~~~
| uadk_prov_sm2_uninit
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_prov_bio.lo -MD -MP -MF .deps/uadk_provider_la-uadk_prov_bio.Tpo -c uadk_prov_bio.c -o uadk_provider_la-uadk_prov_bio.o >/dev/null 2>&1
uadk_prov_rsa.c: In function 'uadk_prov_rsa_private_decrypt':
uadk_prov_rsa.c:1693:1: warning: label 'free_sess' defined but not used [-Wunused-label]
1693 | free_sess:
| ^~~~~~~~~
uadk_prov_rsa.c: In function 'uadk_prov_rsa_public_verify':
uadk_prov_rsa.c:1827:17: warning: unused variable 'verify_bn' [-Wunused-variable]
1827 | BIGNUM *verify_bn = NULL;
| ^~~~~~~~~
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_prov_der_writer.lo -MD -MP -MF .deps/uadk_provider_la-uadk_prov_der_writer.Tpo -c uadk_prov_der_writer.c -o uadk_provider_la-uadk_prov_der_writer.o >/dev/null 2>&1
mv -f .deps/uadk_engine_la-uadk_utils.Tpo .deps/uadk_engine_la-uadk_utils.Plo
uadk_prov_cipher.c: In function 'uadk_get_cipher_info':
uadk_prov_cipher.c:372:13: warning: unused variable 'nid' [-Wunused-variable]
372 | int nid = priv->nid;
| ^~~
uadk_prov_cipher.c: In function 'uadk_prov_cipher_set_ctx_params':
uadk_prov_cipher.c:1139:23: warning: unused variable 'ptr' [-Wunused-variable]
1139 | char *ptr;
| ^~~
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_prov_packet.lo -MD -MP -MF .deps/uadk_provider_la-uadk_prov_packet.Tpo -c uadk_prov_packet.c -o uadk_provider_la-uadk_prov_packet.o >/dev/null 2>&1
uadk_prov_digest.c: In function 'uadk_prov_digest':
uadk_prov_digest.c:773:44: warning: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'size_t' {aka 'long unsigned int'} [-Wformat=]
773 | fprintf(stderr, "data len(%u) can not be processed in single digest.\n",
| ^
| |
| unsigned int
| %lu
774 | inl);
| ~~~
| |
| size_t {aka long unsigned int}
uadk_prov_dh.c: In function 'uadk_prov_dh_gen_params_with_group':
uadk_prov_dh.c:1060:9: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
1060 | if (gctx->group_nid == NID_undef)
| ^
uadk_prov_dh.c:1062:17: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
1062 | if (gctx->group_nid == NID_undef) {
| ^~
uadk_prov_dh.c: In function 'uadk_dh_compute_key_padded':
uadk_prov_dh.c:1574:71: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'size_t' {aka 'long unsigned int'} [-Wformat=]
1574 | fprintf(stderr, "invalid: recv key size(%d) > dhsize(%u)", rv, dhsize);
| ~^ ~~~~~~
| | |
| | size_t {aka long unsigned int}
| unsigned int
| %lu
uadk_prov_dh.c: In function 'uadk_prov_dh_plain_derive':
uadk_prov_dh.c:1606:51: warning: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'size_t' {aka 'long unsigned int'} [-Wformat=]
1606 | fprintf(stderr, "invalid: outlen(%u) < dhsize(%u)\n", outlen, dhsize);
| ~^ ~~~~~~
| | |
| unsigned int size_t {aka long unsigned int}
| %lu
uadk_prov_dh.c:1606:64: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'size_t' {aka 'long unsigned int'} [-Wformat=]
1606 | fprintf(stderr, "invalid: outlen(%u) < dhsize(%u)\n", outlen, dhsize);
| ~^ ~~~~~~
| | |
| unsigned int size_t {aka long unsigned int}
| %lu
In file included from uadk_prov_sm2.c:29:
uadk_prov_pkey.h:376:30: warning: 'get_default_sm2_asym_cipher' defined but not used [-Wunused-function]
376 | static UADK_PKEY_ASYM_CIPHER get_default_##nm##asym_cipher(void)
| ^~~~~~~~~~~~
uadk_prov_sm2.c:37:1: note: in expansion of macro 'UADK_PKEY_ASYM_CIPHER_DESCR'
37 | UADK_PKEY_ASYM_CIPHER_DESCR(sm2, SM2);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
uadk_prov_pkey.h:280:28: warning: 'get_default_sm2_signature' defined but not used [-Wunused-function]
280 | static UADK_PKEY_SIGNATURE get_default##nm##signature(void)
| ^~~~~~~~~~~~
uadk_prov_sm2.c:36:1: note: in expansion of macro 'UADK_PKEY_SIGNATURE_DESCR'
36 | UADK_PKEY_SIGNATURE_DESCR(sm2, SM2);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
uadk_prov_dh.c: In function 'uadk_prov_dh_X9_42_kdf_derive':
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_prov_init.lo -MD -MP -MF .deps/uadk_provider_la-uadk_prov_init.Tpo -c uadk_prov_init.c -o uadk_provider_la-uadk_prov_init.o >/dev/null 2>&1
uadk_prov_dh.c:1691:51: warning: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'size_t' {aka 'long unsigned int'} [-Wformat=]
1691 | fprintf(stderr, "invalid: outlen(%u) < kdf_outlen(%u)\n",
| ~^
| |
| unsigned int
| %lu
1692 | outlen, pdhctx->kdf_outlen);
| ~~~~~~
| |
| size_t {aka long unsigned int}
uadk_prov_dh.c:1691:68: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'size_t' {aka 'long unsigned int'} [-Wformat=]
1691 | fprintf(stderr, "invalid: outlen(%u) < kdf_outlen(%u)\n",
| ~^
| |
| unsigned int
| %lu
1692 | outlen, pdhctx->kdf_outlen);
| ~~~~~~~~~~~~~~~~~~
| |
| size_t {aka long unsigned int}
uadk_prov_dh.c: In function 'uadk_keyexch_dh_set_ctx_params':
uadk_prov_dh.c:1927:15: warning: unused variable 'str' [-Wunused-variable]
1927 | char *str = NULL;
| ^~~
uadk_prov_dh.c:1926:27: warning: unused variable 'p' [-Wunused-variable]
1926 | const OSSL_PARAM *p;
| ^
uadk_prov_dh.c:1924:14: warning: unused variable 'name' [-Wunused-variable]
1924 | char name[DH_MAX_PARAM_LEN + 1] = {'\0'};
| ^~~~
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_async.lo -MD -MP -MF .deps/uadk_provider_la-uadk_async.Tpo -c uadk_async.c -o uadk_provider_la-uadk_async.o >/dev/null 2>&1
In file included from uadk_prov_dh.c:29:
uadk_prov_dh.c: At top level:
uadk_prov_pkey.h:447:26: warning: 'get_default_dh_keyexch' defined but not used [-Wunused-function]
447 | static UADK_PKEY_KEYEXCH get_default##nm##_keyexch(void)
| ^~~~~~~~~~~~
uadk_prov_dh.c:60:1: note: in expansion of macro 'UADK_PKEY_KEYEXCH_DESCR'
60 | UADK_PKEY_KEYEXCH_DESCR(dh, DH);
| ^~~~~~~~~~~~~~~~~~~~~~~

tq444 · 2024-10-22T01:20:35Z

linux/scripts/checkpatch.pl patch/*

ERROR: Macros with complex values should be enclosed in parentheses #59: FILE: src/uadk_prov_ffc.c:19: +#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo

ERROR: Macros with complex values should be enclosed in parentheses #61: FILE: src/uadk_prov_ffc.c:21: +#define BN_DEF(lo, hi) lo, hi

ERROR: code indent should use tabs where possible #179: FILE: src/uadk_cipher.c:689: +^I^I^I^I^I cipher_info_table[i].mode);$

Macros with complex

Ignore problem "Macros with complex values should be enclosed", because adding parentheses will report an error. Other problems are solved.

tq444 · 2024-10-22T01:26:17Z

build with some warning: uadk_prov_init.c: In function 'uadk_teardown': uadk_prov_init.c:205:9: warning: implicit declaration of function 'uadk_prov_dh_uninit'; did you mean 'uadk_prov_sm2_uninit'? [-Wimplicit-function-declaration] 205 | uadk_prov_dh_uninit(); | ^~~~~~~~~~~~~~~~~~~ | uadk_prov_sm2_uninit libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_prov_bio.lo -MD -MP -MF .deps/uadk_provider_la-uadk_prov_bio.Tpo -c uadk_prov_bio.c -o uadk_provider_la-uadk_prov_bio.o >/dev/null 2>&1 uadk_prov_rsa.c: In function 'uadk_prov_rsa_private_decrypt': uadk_prov_rsa.c:1693:1: warning: label 'free_sess' defined but not used [-Wunused-label] 1693 | free_sess: | ^~~~~~~~~ uadk_prov_rsa.c: In function 'uadk_prov_rsa_public_verify': uadk_prov_rsa.c:1827:17: warning: unused variable 'verify_bn' [-Wunused-variable] 1827 | BIGNUM *verify_bn = NULL; | ^~~~~~~~~ libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_prov_der_writer.lo -MD -MP -MF .deps/uadk_provider_la-uadk_prov_der_writer.Tpo -c uadk_prov_der_writer.c -o uadk_provider_la-uadk_prov_der_writer.o >/dev/null 2>&1 mv -f .deps/uadk_engine_la-uadk_utils.Tpo .deps/uadk_engine_la-uadk_utils.Plo uadk_prov_cipher.c: In function 'uadk_get_cipher_info': uadk_prov_cipher.c:372:13: warning: unused variable 'nid' [-Wunused-variable] 372 | int nid = priv->nid; | ^~~ uadk_prov_cipher.c: In function 'uadk_prov_cipher_set_ctx_params': uadk_prov_cipher.c:1139:23: warning: unused variable 'ptr' [-Wunused-variable] 1139 | char *ptr; | ^~~ libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_prov_packet.lo -MD -MP -MF .deps/uadk_provider_la-uadk_prov_packet.Tpo -c uadk_prov_packet.c -o uadk_provider_la-uadk_prov_packet.o >/dev/null 2>&1 uadk_prov_digest.c: In function 'uadk_prov_digest': uadk_prov_digest.c:773:44: warning: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 773 | fprintf(stderr, "data len(%u) can not be processed in single digest.\n", | ^ | | | unsigned int | %lu 774 | inl); | ~~~ | | | size_t {aka long unsigned int} uadk_prov_dh.c: In function 'uadk_prov_dh_gen_params_with_group': uadk_prov_dh.c:1060:9: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 1060 | if (gctx->group_nid == NID_undef) | ^ uadk_prov_dh.c:1062:17: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 1062 | if (gctx->group_nid == NID_undef) { | ^~ uadk_prov_dh.c: In function 'uadk_dh_compute_key_padded': uadk_prov_dh.c:1574:71: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 1574 | fprintf(stderr, "invalid: recv key size(%d) > dhsize(%u)", rv, dhsize); | ~^ ~~~~~~ | | | | | size_t {aka long unsigned int} | unsigned int | %lu uadk_prov_dh.c: In function 'uadk_prov_dh_plain_derive': uadk_prov_dh.c:1606:51: warning: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 1606 | fprintf(stderr, "invalid: outlen(%u) < dhsize(%u)\n", outlen, dhsize); | ~^ ~~~~~~ | | | | unsigned int size_t {aka long unsigned int} | %lu uadk_prov_dh.c:1606:64: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 1606 | fprintf(stderr, "invalid: outlen(%u) < dhsize(%u)\n", outlen, dhsize); | ~^ ~~~~~~ | | | | unsigned int size_t {aka long unsigned int} | %lu In file included from uadk_prov_sm2.c:29: uadk_prov_pkey.h:376:30: warning: 'get_default_sm2_asym_cipher' defined but not used [-Wunused-function] 376 | static UADK_PKEY_ASYM_CIPHER get_default_##nm##asym_cipher(void) | ^~~~~~~~~~~~ uadk_prov_sm2.c:37:1: note: in expansion of macro 'UADK_PKEY_ASYM_CIPHER_DESCR' 37 | UADK_PKEY_ASYM_CIPHER_DESCR(sm2, SM2); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ uadk_prov_pkey.h:280:28: warning: 'get_default_sm2_signature' defined but not used [-Wunused-function] 280 | static UADK_PKEY_SIGNATURE get_default##nm##signature(void) | ^~~~~~~~~~~~ uadk_prov_sm2.c:36:1: note: in expansion of macro 'UADK_PKEY_SIGNATURE_DESCR' 36 | UADK_PKEY_SIGNATURE_DESCR(sm2, SM2); | ^~~~~~~~~~~~~~~~~~~~~~~~~ uadk_prov_dh.c: In function 'uadk_prov_dh_X9_42_kdf_derive': libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_prov_init.lo -MD -MP -MF .deps/uadk_provider_la-uadk_prov_init.Tpo -c uadk_prov_init.c -o uadk_provider_la-uadk_prov_init.o >/dev/null 2>&1 uadk_prov_dh.c:1691:51: warning: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 1691 | fprintf(stderr, "invalid: outlen(%u) < kdf_outlen(%u)\n", | ~^ | | | unsigned int | %lu 1692 | outlen, pdhctx->kdf_outlen); | ~~~~~~ | | | size_t {aka long unsigned int} uadk_prov_dh.c:1691:68: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 1691 | fprintf(stderr, "invalid: outlen(%u) < kdf_outlen(%u)\n", | ~^ | | | unsigned int | %lu 1692 | outlen, pdhctx->kdf_outlen); | ~~~~~~~~~~~~~~~~~~ | | | size_t {aka long unsigned int} uadk_prov_dh.c: In function 'uadk_keyexch_dh_set_ctx_params': uadk_prov_dh.c:1927:15: warning: unused variable 'str' [-Wunused-variable] 1927 | char *str = NULL; | ^~~ uadk_prov_dh.c:1926:27: warning: unused variable 'p' [-Wunused-variable] 1926 | const OSSL_PARAM *p; | ^ uadk_prov_dh.c:1924:14: warning: unused variable 'name' [-Wunused-variable] 1924 | char name[DH_MAX_PARAM_LEN + 1] = {'\0'}; | ^~~~ libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_async.lo -MD -MP -MF .deps/uadk_provider_la-uadk_async.Tpo -c uadk_async.c -o uadk_provider_la-uadk_async.o >/dev/null 2>&1 In file included from uadk_prov_dh.c:29: uadk_prov_dh.c: At top level: uadk_prov_pkey.h:447:26: warning: 'get_default_dh_keyexch' defined but not used [-Wunused-function] 447 | static UADK_PKEY_KEYEXCH get_default##nm##_keyexch(void) | ^~~~~~~~~~~~ uadk_prov_dh.c:60:1: note: in expansion of macro 'UADK_PKEY_KEYEXCH_DESCR' 60 | UADK_PKEY_KEYEXCH_DESCR(dh, DH); | ^~~~~~~~~~~~~~~~~~~~~~~

The problems similar to "warning: 'get_default_dh_keyexch' defined but not used" are ignored. The function will be invoked in the subsequent development. Other problems are solved.

IAMHCHCH · 2024-10-22T01:32:12Z

/lgtm

gaozhangfei · 2024-10-22T06:18:28Z

build with some warning: uadk_prov_init.c: In function 'uadk_teardown': uadk_prov_init.c:205:9: warning: implicit declaration of function 'uadk_prov_dh_uninit'; did you mean 'uadk_prov_sm2_uninit'? [-Wimplicit-function-declaration] 205 | uadk_prov_dh_uninit(); | ^~~~~~~~~~~~~~~~~~~ | uadk_prov_sm2_uninit libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_prov_bio.lo -MD -MP -MF .deps/uadk_provider_la-uadk_prov_bio.Tpo -c uadk_prov_bio.c -o uadk_provider_la-uadk_prov_bio.o >/dev/null 2>&1 uadk_prov_rsa.c: In function 'uadk_prov_rsa_private_decrypt': uadk_prov_rsa.c:1693:1: warning: label 'free_sess' defined but not used [-Wunused-label] 1693 | free_sess: | ^~~~~~~~~ uadk_prov_rsa.c: In function 'uadk_prov_rsa_public_verify': uadk_prov_rsa.c:1827:17: warning: unused variable 'verify_bn' [-Wunused-variable] 1827 | BIGNUM *verify_bn = NULL; | ^~~~~~~~~ libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_prov_der_writer.lo -MD -MP -MF .deps/uadk_provider_la-uadk_prov_der_writer.Tpo -c uadk_prov_der_writer.c -o uadk_provider_la-uadk_prov_der_writer.o >/dev/null 2>&1 mv -f .deps/uadk_engine_la-uadk_utils.Tpo .deps/uadk_engine_la-uadk_utils.Plo uadk_prov_cipher.c: In function 'uadk_get_cipher_info': uadk_prov_cipher.c:372:13: warning: unused variable 'nid' [-Wunused-variable] 372 | int nid = priv->nid; | ^~~ uadk_prov_cipher.c: In function 'uadk_prov_cipher_set_ctx_params': uadk_prov_cipher.c:1139:23: warning: unused variable 'ptr' [-Wunused-variable] 1139 | char *ptr; | ^~~ libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_prov_packet.lo -MD -MP -MF .deps/uadk_provider_la-uadk_prov_packet.Tpo -c uadk_prov_packet.c -o uadk_provider_la-uadk_prov_packet.o >/dev/null 2>&1 uadk_prov_digest.c: In function 'uadk_prov_digest': uadk_prov_digest.c:773:44: warning: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 773 | fprintf(stderr, "data len(%u) can not be processed in single digest.\n", | ^ | | | unsigned int | %lu 774 | inl); | ~~~ | | | size_t {aka long unsigned int} uadk_prov_dh.c: In function 'uadk_prov_dh_gen_params_with_group': uadk_prov_dh.c:1060:9: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 1060 | if (gctx->group_nid == NID_undef) | ^ uadk_prov_dh.c:1062:17: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 1062 | if (gctx->group_nid == NID_undef) { | ^~ uadk_prov_dh.c: In function 'uadk_dh_compute_key_padded': uadk_prov_dh.c:1574:71: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 1574 | fprintf(stderr, "invalid: recv key size(%d) > dhsize(%u)", rv, dhsize); | ~^ ~~~~~~ | | | | | size_t {aka long unsigned int} | unsigned int | %lu uadk_prov_dh.c: In function 'uadk_prov_dh_plain_derive': uadk_prov_dh.c:1606:51: warning: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 1606 | fprintf(stderr, "invalid: outlen(%u) < dhsize(%u)\n", outlen, dhsize); | ~^ ~~~~~~ | | | | unsigned int size_t {aka long unsigned int} | %lu uadk_prov_dh.c:1606:64: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 1606 | fprintf(stderr, "invalid: outlen(%u) < dhsize(%u)\n", outlen, dhsize); | ~^ ~~~~~~ | | | | unsigned int size_t {aka long unsigned int} | %lu In file included from uadk_prov_sm2.c:29: uadk_prov_pkey.h:376:30: warning: 'get_default_sm2_asym_cipher' defined but not used [-Wunused-function] 376 | static UADK_PKEY_ASYM_CIPHER get_default_##nm##asym_cipher(void) | ^~~~~~~~~~~~ uadk_prov_sm2.c:37:1: note: in expansion of macro 'UADK_PKEY_ASYM_CIPHER_DESCR' 37 | UADK_PKEY_ASYM_CIPHER_DESCR(sm2, SM2); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ uadk_prov_pkey.h:280:28: warning: 'get_default_sm2_signature' defined but not used [-Wunused-function] 280 | static UADK_PKEY_SIGNATURE get_default##nm##signature(void) | ^~~~~~~~~~~~ uadk_prov_sm2.c:36:1: note: in expansion of macro 'UADK_PKEY_SIGNATURE_DESCR' 36 | UADK_PKEY_SIGNATURE_DESCR(sm2, SM2); | ^~~~~~~~~~~~~~~~~~~~~~~~~ uadk_prov_dh.c: In function 'uadk_prov_dh_X9_42_kdf_derive': libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_prov_init.lo -MD -MP -MF .deps/uadk_provider_la-uadk_prov_init.Tpo -c uadk_prov_init.c -o uadk_provider_la-uadk_prov_init.o >/dev/null 2>&1 uadk_prov_dh.c:1691:51: warning: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 1691 | fprintf(stderr, "invalid: outlen(%u) < kdf_outlen(%u)\n", | ~^ | | | unsigned int | %lu 1692 | outlen, pdhctx->kdf_outlen); | ~~~~~~ | | | size_t {aka long unsigned int} uadk_prov_dh.c:1691:68: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 1691 | fprintf(stderr, "invalid: outlen(%u) < kdf_outlen(%u)\n", | ~^ | | | unsigned int | %lu 1692 | outlen, pdhctx->kdf_outlen); | ~~~~~~~~~~~~~~~~~~ | | | size_t {aka long unsigned int} uadk_prov_dh.c: In function 'uadk_keyexch_dh_set_ctx_params': uadk_prov_dh.c:1927:15: warning: unused variable 'str' [-Wunused-variable] 1927 | char *str = NULL; | ^~~ uadk_prov_dh.c:1926:27: warning: unused variable 'p' [-Wunused-variable] 1926 | const OSSL_PARAM *p; | ^ uadk_prov_dh.c:1924:14: warning: unused variable 'name' [-Wunused-variable] 1924 | char name[DH_MAX_PARAM_LEN + 1] = {'\0'}; | ^~~~ libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_async.lo -MD -MP -MF .deps/uadk_provider_la-uadk_async.Tpo -c uadk_async.c -o uadk_provider_la-uadk_async.o >/dev/null 2>&1 In file included from uadk_prov_dh.c:29: uadk_prov_dh.c: At top level: uadk_prov_pkey.h:447:26: warning: 'get_default_dh_keyexch' defined but not used [-Wunused-function] 447 | static UADK_PKEY_KEYEXCH get_default##nm##_keyexch(void) | ^~~~~~~~~~~~ uadk_prov_dh.c:60:1: note: in expansion of macro 'UADK_PKEY_KEYEXCH_DESCR' 60 | UADK_PKEY_KEYEXCH_DESCR(dh, DH); | ^~~~~~~~~~~~~~~~~~~~~~~

The problems similar to "warning: 'get_default_dh_keyexch' defined but not used" are ignored. The function will be invoked in the subsequent development. Other problems are solved.

后面会用到这个函数还是啥？没看懂，

gaozhangfei · 2024-10-22T06:19:01Z

linux/scripts/checkpatch.pl patch/*
ERROR: Macros with complex values should be enclosed in parentheses #59: FILE: src/uadk_prov_ffc.c:19: +#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
ERROR: Macros with complex values should be enclosed in parentheses #61: FILE: src/uadk_prov_ffc.c:21: +#define BN_DEF(lo, hi) lo, hi
ERROR: code indent should use tabs where possible #179: FILE: src/uadk_cipher.c:689: +^I^I^I^I^I cipher_info_table[i].mode);$

Macros with complex

Ignore problem "Macros with complex values should be enclosed", because adding parentheses will report an error. Other problems are solved.

为啥几个括号会报错？

tq444 · 2024-10-22T07:13:16Z

build with some warning: uadk_prov_init.c: In function 'uadk_teardown': uadk_prov_init.c:205:9: warning: implicit declaration of function 'uadk_prov_dh_uninit'; did you mean 'uadk_prov_sm2_uninit'? [-Wimplicit-function-declaration] 205 | uadk_prov_dh_uninit(); | ^~~~~~~~~~~~~~~~~~~ | uadk_prov_sm2_uninit libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_prov_bio.lo -MD -MP -MF .deps/uadk_provider_la-uadk_prov_bio.Tpo -c uadk_prov_bio.c -o uadk_provider_la-uadk_prov_bio.o >/dev/null 2>&1 uadk_prov_rsa.c: In function 'uadk_prov_rsa_private_decrypt': uadk_prov_rsa.c:1693:1: warning: label 'free_sess' defined but not used [-Wunused-label] 1693 | free_sess: | ^~~~~~~~~ uadk_prov_rsa.c: In function 'uadk_prov_rsa_public_verify': uadk_prov_rsa.c:1827:17: warning: unused variable 'verify_bn' [-Wunused-variable] 1827 | BIGNUM *verify_bn = NULL; | ^~~~~~~~~ libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_prov_der_writer.lo -MD -MP -MF .deps/uadk_provider_la-uadk_prov_der_writer.Tpo -c uadk_prov_der_writer.c -o uadk_provider_la-uadk_prov_der_writer.o >/dev/null 2>&1 mv -f .deps/uadk_engine_la-uadk_utils.Tpo .deps/uadk_engine_la-uadk_utils.Plo uadk_prov_cipher.c: In function 'uadk_get_cipher_info': uadk_prov_cipher.c:372:13: warning: unused variable 'nid' [-Wunused-variable] 372 | int nid = priv->nid; | ^~~ uadk_prov_cipher.c: In function 'uadk_prov_cipher_set_ctx_params': uadk_prov_cipher.c:1139:23: warning: unused variable 'ptr' [-Wunused-variable] 1139 | char *ptr; | ^~~ libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_prov_packet.lo -MD -MP -MF .deps/uadk_provider_la-uadk_prov_packet.Tpo -c uadk_prov_packet.c -o uadk_provider_la-uadk_prov_packet.o >/dev/null 2>&1 uadk_prov_digest.c: In function 'uadk_prov_digest': uadk_prov_digest.c:773:44: warning: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 773 | fprintf(stderr, "data len(%u) can not be processed in single digest.\n", | ^ | | | unsigned int | %lu 774 | inl); | ~~~ | | | size_t {aka long unsigned int} uadk_prov_dh.c: In function 'uadk_prov_dh_gen_params_with_group': uadk_prov_dh.c:1060:9: warning: this 'if' clause does not guard... [-Wmisleading-indentation] 1060 | if (gctx->group_nid == NID_undef) | ^ uadk_prov_dh.c:1062:17: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if' 1062 | if (gctx->group_nid == NID_undef) { | ^~ uadk_prov_dh.c: In function 'uadk_dh_compute_key_padded': uadk_prov_dh.c:1574:71: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 1574 | fprintf(stderr, "invalid: recv key size(%d) > dhsize(%u)", rv, dhsize); | ~^ ~~~~~~ | | | | | size_t {aka long unsigned int} | unsigned int | %lu uadk_prov_dh.c: In function 'uadk_prov_dh_plain_derive': uadk_prov_dh.c:1606:51: warning: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 1606 | fprintf(stderr, "invalid: outlen(%u) < dhsize(%u)\n", outlen, dhsize); | ~^ ~~~~~~ | | | | unsigned int size_t {aka long unsigned int} | %lu uadk_prov_dh.c:1606:64: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 1606 | fprintf(stderr, "invalid: outlen(%u) < dhsize(%u)\n", outlen, dhsize); | ~^ ~~~~~~ | | | | unsigned int size_t {aka long unsigned int} | %lu In file included from uadk_prov_sm2.c:29: uadk_prov_pkey.h:376:30: warning: 'get_default_sm2_asym_cipher' defined but not used [-Wunused-function] 376 | static UADK_PKEY_ASYM_CIPHER get_default_##nm##asym_cipher(void) | ^~~~~~~~~~~~ uadk_prov_sm2.c:37:1: note: in expansion of macro 'UADK_PKEY_ASYM_CIPHER_DESCR' 37 | UADK_PKEY_ASYM_CIPHER_DESCR(sm2, SM2); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ uadk_prov_pkey.h:280:28: warning: 'get_default_sm2_signature' defined but not used [-Wunused-function] 280 | static UADK_PKEY_SIGNATURE get_default##nm##signature(void) | ^~~~~~~~~~~~ uadk_prov_sm2.c:36:1: note: in expansion of macro 'UADK_PKEY_SIGNATURE_DESCR' 36 | UADK_PKEY_SIGNATURE_DESCR(sm2, SM2); | ^~~~~~~~~~~~~~~~~~~~~~~~~ uadk_prov_dh.c: In function 'uadk_prov_dh_X9_42_kdf_derive': libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_prov_init.lo -MD -MP -MF .deps/uadk_provider_la-uadk_prov_init.Tpo -c uadk_prov_init.c -o uadk_provider_la-uadk_prov_init.o >/dev/null 2>&1 uadk_prov_dh.c:1691:51: warning: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 1691 | fprintf(stderr, "invalid: outlen(%u) < kdf_outlen(%u)\n", | ~^ | | | unsigned int | %lu 1692 | outlen, pdhctx->kdf_outlen); | ~~~~~~ | | | size_t {aka long unsigned int} uadk_prov_dh.c:1691:68: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'size_t' {aka 'long unsigned int'} [-Wformat=] 1691 | fprintf(stderr, "invalid: outlen(%u) < kdf_outlen(%u)\n", | ~^ | | | unsigned int | %lu 1692 | outlen, pdhctx->kdf_outlen); | ~~~~~~~~~~~~~~~~~~ | | | size_t {aka long unsigned int} uadk_prov_dh.c: In function 'uadk_keyexch_dh_set_ctx_params': uadk_prov_dh.c:1927:15: warning: unused variable 'str' [-Wunused-variable] 1927 | char *str = NULL; | ^~~ uadk_prov_dh.c:1926:27: warning: unused variable 'p' [-Wunused-variable] 1926 | const OSSL_PARAM *p; | ^ uadk_prov_dh.c:1924:14: warning: unused variable 'name' [-Wunused-variable] 1924 | char name[DH_MAX_PARAM_LEN + 1] = {'\0'}; | ^~~~ libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include -I/usr/local/include -DOPENSSL_SUPPRESS_DEPRECATED -Wall -MT uadk_provider_la-uadk_async.lo -MD -MP -MF .deps/uadk_provider_la-uadk_async.Tpo -c uadk_async.c -o uadk_provider_la-uadk_async.o >/dev/null 2>&1 In file included from uadk_prov_dh.c:29: uadk_prov_dh.c: At top level: uadk_prov_pkey.h:447:26: warning: 'get_default_dh_keyexch' defined but not used [-Wunused-function] 447 | static UADK_PKEY_KEYEXCH get_default##nm##_keyexch(void) | ^~~~~~~~~~~~ uadk_prov_dh.c:60:1: note: in expansion of macro 'UADK_PKEY_KEYEXCH_DESCR' 60 | UADK_PKEY_KEYEXCH_DESCR(dh, DH); | ^~~~~~~~~~~~~~~~~~~~~~~

The problems similar to "warning: 'get_default_dh_keyexch' defined but not used" are ignored. The function will be invoked in the subsequent development. Other problems are solved.

后面会用到这个函数还是啥？没看懂，

后面有patch会调到这些函数

tq444 · 2024-10-22T07:27:39Z

linux/scripts/checkpatch.pl patch/*
ERROR: Macros with complex values should be enclosed in parentheses #59: FILE: src/uadk_prov_ffc.c:19: +#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
ERROR: Macros with complex values should be enclosed in parentheses #61: FILE: src/uadk_prov_ffc.c:21: +#define BN_DEF(lo, hi) lo, hi
ERROR: code indent should use tabs where possible #179: FILE: src/uadk_cipher.c:689: +^I^I^I^I^I cipher_info_table[i].mode);$

Macros with complex

Ignore problem "Macros with complex values should be enclosed", because adding parentheses will report an error. Other problems are solved.

为啥几个括号会报错？

BN_DEF这个宏是用来表示数组的元素的不同形式
+static const BN_ULONG modp_2048_p[] = {

BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x8AACAA68, 0x15728E5A),
BN_DEF(0x98FA0510, 0x15D22618), BN_DEF(0xEA956AE5, 0x3995497C),
BN_DEF(0x95581718, 0xDE2BCBF6), BN_DEF(0x6F4C52C9, 0xB5C55DF0),
BN_DEF(0xEC07A28F, 0x9B2783A2), BN_DEF(0x180E8603, 0xE39E772C),
BN_DEF(0x2E36CE3B, 0x32905E46), BN_DEF(0xCA18217C, 0xF1746C08),
BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907),
BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23),
BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836),
BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651),
BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB),
BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9),
BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D),
BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3),
BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6),
BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B),
BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
+};

gaozhangfei · 2024-10-22T11:27:19Z

编译错误蛮难看的，其实可以用的时候再加，要是确实后面用到，可以先不管了

另外我测试的时候遇到这个错误 ./test/sanity_test.sh
2084FFB5FFFF0000:error:030000BD:digital envelope routines:EVP_EncryptUpdate:update error:crypto/evp/evp_enc.c:690:
2084FFB5FFFF0000:error:1C8000BC:Provider routines:ossl_prov_drbg_instantiate:error instantiating drbg:providers/implementations/rands/drbg.c:463:
2084FFB5FFFF0000:error:1200006C:random number generator:rand_new_drbg:error instantiating drbg:crypto/rand/rand_lib.c:607:

openssl speed -provider /mnt/uadk_engine/test/../src/.libs/uadk_provider.so -evp sm3

gaozhangfei · 2024-10-22T11:40:45Z

docker openEuler 2403, openssl 3.0 环境下 920
./test/sanity_test.sh

2064EC83FFFF0000:error:030000BD:digital envelope routines:EVP_EncryptUpdate:update error:crypto/evp/evp_enc.c:690:
2064EC83FFFF0000:error:030000BD:digital envelope routines:EVP_EncryptUpdate:update error:crypto/evp/evp_enc.c:690:
2064EC83FFFF0000:error:030000BD:digital envelope routines:EVP_EncryptUpdate:update error:crypto/evp/evp_enc.c:690:
2064EC83FFFF0000:error:030000BD:digital envelope routines:EVP_EncryptUpdate:update error:crypto/evp/evp_enc.c:690:
2064EC83FFFF0000:error:030000BD:digital envelope routines:EVP_EncryptUpdate:update error:crypto/evp/evp_enc.c:690:
2064EC83FFFF0000:error:030000BD:digital envelope routines:EVP_EncryptUpdate:update error:crypto/evp/evp_enc.c:690:
2064EC83FFFF0000:error:030000BD:digital envelope routines:EVP_EncryptUpdate:update error:crypto/evp/evp_enc.c:690:
2064EC83FFFF0000:error:030000BD:digital envelope routines:EVP_EncryptUpdate:update error:crypto/evp/evp_enc.c:690:
2064EC83FFFF0000:error:030000BD:digital envelope routines:EVP_EncryptUpdate:update error:crypto/evp/evp_enc.c:690:
2064EC83FFFF0000:error:030000BD:digital envelope routines:EVP_EncryptUpdate:update error:crypto/evp/evp_enc.c:690:
2064EC83FFFF0000:error:030000BD:digital envelope routines:EVP_EncryptUpdate:update error:crypto/evp/evp_enc.c:690:
2064EC83FFFF0000:error:030000BC:digital envelope routines:EVP_EncryptFinal_ex:final error:crypto/evp/evp_enc.c:750:
2064EC83FFFF0000:error:030000BD:digital envelope routines:EVP_EncryptUpdate:update error:crypto/evp/evp_enc.c:690:
2064EC83FFFF0000:error:1C8000BC:Provider routines:ossl_prov_drbg_instantiate:error instantiating drbg:providers/implementations/rands/drbg.c:463:
2064EC83FFFF0000:error:1200006C:random number generator:rand_new_drbg:error instantiating drbg:crypto/rand/rand_lib.c:607:

openssl genpkey -paramfile dhparam.pem -out privatekey1.pem -provider /mnt/uadk_engine/test/../src/.libs/uadk_provider.so
Warning: generating random key material may take a long time
if the system has a poor entropy source
failed to BN_priv_rand
failed to generate new private key
failed to get private key
failed to prepare dh data
failed to do dh generation key
genpkey: Error generating asymmetric key
20D497A8FFFF0000:error:030000BD:digital envelope routines:EVP_EncryptUpdate:update error:crypto/evp/evp_enc.c:690:
20D497A8FFFF0000:error:1C8000BC:Provider routines:ossl_prov_drbg_instantiate:error instantiating drbg:providers/implementations/rands/drbg.c:463:
20D497A8FFFF0000:error:1200006C:random number generator:rand_new_drbg:error instantiating drbg:crypto/rand/rand_lib.c:607:
20D497A8FFFF0000:error:030000BD:digital envelope routines:EVP_EncryptUpdate:update error:crypto/evp/evp_enc.c:690:
20D497A8FFFF0000:error:1C8000BC:Provider routines:ossl_prov_drbg_instantiate:error instantiating drbg:providers/implementations/rands/drbg.c:463:
20D497A8FFFF0000:error:1200006C:random number generator:rand_new_drbg:error instantiating drbg:crypto/rand/rand_lib.c:607:
openssl genpkey -paramfile dhparam.pem -out privatekey2.pem -provider /mnt/uadk_engine/test/../src/.libs/uadk_provider.so
Warning: generating random key material may take a long time
if the system has a poor entropy source
failed to BN_priv_rand
failed to generate new private key
failed to get private key
failed to prepare dh data
failed to do dh generation key
genpkey: Error generating asymmetric key

gaozhangfei · 2024-10-22T12:14:40Z

我用uadk_engine master
uadk master, 去掉 cipher check
diff --git a/wd_cipher.c b/wd_cipher.c
index 0e5de25..ec6fb15 100644
--- a/wd_cipher.c
+++ b/wd_cipher.c
@@ -646,12 +646,6 @@ static int wd_cipher_check_params(handle_t h_sess,
return -WD_EINVAL;
}

  if (unlikely(req->in_bytes != req->out_bytes)) {

          WD_ERR("cipher set out_bytes is error, size = %u\n",

```
                  req->out_bytes);
```
```
          return -WD_EINVAL;
```
```
  }
```

openssl 3.0 docker openEuler 2403,
./test/sanity_test.sh
可以直接过，没有这些奇奇怪怪的问题。

The major issues that have been resolved are as follows: 1. In uadk_prov_rsa_init(), a deadlock occurs when a lock is returned before it is released. 2. In rsa_check_bit_useful(), the unit of the bits parameter is bit, and the unit of the flen parameter is byte. They cannot be compared directly. 3. As "new" and "export" are keywords in C++, there will be compile error with mocker UT framework. 4. In the case of an exception, the return value of the RSA_padding_xxx function is not 0. 5. Switch to software calculation only when one of the following three conditions occur, indicating that the hardware initialization fails, hardware services fail to be executed and the packet length specification is not supported. Signed-off-by: Qi Tao <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

Add the input pointer length check for the digest and cipher to ensure that the input data is valid. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

As DH needs FFC(Finite Field Cryptography) API of OpenSSL, but the OpenSSL3.x does not place these APIs in external header file currently. Therefore, we put the related APIs in independent file of uadk_provider. Signed-off-by: Zhiqi Song <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

Based on the original implementation, a unified data structure is used. And FFC-related extended functions are added. Signed-off-by: Zhiqi Song <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

The return value of the execution result is changed to the definition. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

The length of the input IV and key pointer cannot exceed the maximum length. Otherwise, memory overwriting occurs during the copy. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

There is no timeout exit condition in the loop. When busy is returned continuously, an infinite loop occurs. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

Deleted unnecessary return values and modified the format. Use a unified format to define the return values of success and failure. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

The following 17 AES algorithms are added: AES-128-CBC AES-192-CBC AES-256-CBC AES-128-ECB AES-192-ECB AES-256-ECB AES-128-XTS AES-256-XTS AES-128-CTR AES-192-CTR AES-256-CTR AES-128-OFB AES-192-OFB AES-256-OFB AES-128-CFB AES-192-CFB AES-256-CFB Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

In the update operation, the first packet needs to combine the previous unprocessed data into a 512 KB packet for calculation. Other data is calculated based on the maximum packet length (16M-512B) of the UADK In this way, a computing resource required for copying may be omitted, and a data volume of once hardware computation may be increased, thereby reducing a quantity of times of sending and receiving data, and better exerting hardware acceleration performance. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

In the decrypted filled data update process, the input size will be zero when the input size is smaller than the block size. As a result, an error message indicating that the output size is 0 is reported by UDAK. Therefore, it need to check whether the input length is 0 before UADK encryption/decryption. In addition, if the input length is greater than 0 and smaller than the block size, that is, the length of the data currently to be processed is 0, the data needs to be cached in the buffer through ossl_cipher_trailingdata() and sent to the next step. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

The ivlen param setting function is added. In addition, the pad param is missing in the ctx param table. As a result, users cannot set this parameter. This param is added. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

The OpenSSL enc tool call EVP_CipherInit_ex() twice. The first time is to initialize the encryption/decryption algorithm, and the second time is to input the key and IV parameters. Therefore, an empty key and iv will be passed in the first call. A flag bit needs to be added to indicate whether the key and IV have been set. Otherwise, the key and IV that are not set will cause a cipher error. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

The digest update after optimization needs to distinguish whether the buffer is copied. If the buffer is filled, the data in the buffer after the copy will be processed. Otherwise, the remaining data will be processed directly. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

…functions Extract hardware initialization functions to separate functions. And add the unlock function when the process fork. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

When the num of recv packets is greater than the expected number. The condition that expected nums equal to actual nums, for exiting the poll loop will cause a long retry loop. Therefore, the loop exit condition is modified, and full_sem is reduced when no task needs to be queried. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

The key generation and key derivation functions of the x25519 and x448 algorithms are implemented separately before. This modification combines the similar logic to simplify the code, reducing code duplication ratio. Signed-off-by: Zhiqi Song <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

The length of the pubkey get from wd_ecxdh_get_out_params() may not be 'key_size', the actual value in 'dsize' may smaller than 'key_size'. So copy 'key_size' length to ecx_key->pubkey will make the reverse_bytes() operates on incorrect pubkey length, which will make the actual value changed. Fix this issue by using the length filled in 'dsize'. Signed-off-by: Zhiqi Song <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

Add AES-128-CBC-CTS AES-192-CBC-CTS AES-256-CBC-CTS to uadk_provider. Each alg has 3 modes, such as CS1, CS2, and CS3. The default mode is CS1. You can select a mode by setting the OSSL_CIPHER_PARAM_CTS_MODE parameter. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

On openssl version 3.0, the pad function is not enabled in the default scenario. After the data encrypted by pad is decrypted, the result is inconsistent with the original data. Therefore, pad processing needs to be performed through soft calculation to ensure that the results are correct. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

The IV has been updated by the uadk, the uadk engine does not need update it and use the right out_bytes to determine whether to update the IV. Signed-off-by: Wenkai Lin <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

Use UADK_PKEY_KEYMGMT_DESCR, UADK_PKEY_SIGNATURE_DESCR and UADK_PKEY_ASYM_CIPHER_DESCR macro to unify the definitions of RSA functions, reducing code duplication ratio. Signed-off-by: Zhiqi Song <[email protected]> Signed-off-by: Qi Tao <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

Rename get_default_xxx() function with algorithm specific name, avoid functions with the same name but different implementations. Signed-off-by: Zhiqi Song <[email protected]> Signed-off-by: Qi Tao <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

Can not convert ‘size_t*’ {‘long unsigned int*’} to ‘int*’, which may cause data loss or other problems. Signed-off-by: Qi Tao <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

CaptainMiaow · 2024-11-06T09:30:42Z

/lgtm

tq444 · 2024-11-06T09:31:52Z

Chenghai Huang (15): uadk_provider: add input pointer length check for digest and cipher uadk_provider: code cleanup for provider bio uadk_provider: add length check for input pointer uadk_provider: add a timeout exit condition to the loop uadk_provider: code cleanup for uadk_provider and uadk_engine uadk_provider: add aes alg for uadk_provider in openssl3.0 uadk_engine: optimized engine update process uadk_provider: fix cipher issue when input len is 0 in decrypto update uadk_provider: fix the set ctx param function for ivlen and pad uadk_provider: fix the key and IV verification methods for cipher init uadk_provider: fix the switch condition issue of soft digest in engine uadk_provider: extract hardware initialization functions to separate functions uadk_provider: modify poll loop exit condition uadk_provider: add aes cts alg to uadk_provider in openssl3.0 uadk_provider: bugfix cipher decryption issue

Qi Tao (2): uadk_prov: fix some cleancode issues and bugs for rsa uadk_prov: fix data type conversion errors

Wenkai Lin (1): uadk_engine: remove update iv for cipher

Zhiqi Song (6): uadk_provider: add openssl ffc library function uadk_provider: reconstructing dh implementation uadk_engine/ecx: merge some similar code logic uadk_engine: fixup pubkey size used in reverse operation uadk_provider/rsa: unify function definitions with macro uadk_provider/pkey: fixup functions with the same name

/lgtm

gaozhangfei · 2024-11-06T13:36:19Z

merged,
could you add sm2 check in sanity_test, found sm2 fail on 920

patch-king force-pushed the master branch from 51dcfcc to 4cbd212 Compare October 21, 2024 12:32

Qi Tao and others added 16 commits November 6, 2024 16:19

uadk_provider: add input pointer length check for digest and cipher

9af16cb

Add the input pointer length check for the digest and cipher to ensure that the input data is valid. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

uadk_provider: reconstructing dh implementation

453eeca

Based on the original implementation, a unified data structure is used. And FFC-related extended functions are added. Signed-off-by: Zhiqi Song <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

uadk_provider: code cleanup for provider bio

7144a90

The return value of the execution result is changed to the definition. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

uadk_provider: add length check for input pointer

44d9fc6

The length of the input IV and key pointer cannot exceed the maximum length. Otherwise, memory overwriting occurs during the copy. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

uadk_provider: add a timeout exit condition to the loop

6b557e7

There is no timeout exit condition in the loop. When busy is returned continuously, an infinite loop occurs. Signed-off-by: Chenghai Huang <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

Zhiqi Song and others added 8 commits November 6, 2024 16:19

uadk_engine: remove update iv for cipher

d976478

The IV has been updated by the uadk, the uadk engine does not need update it and use the right out_bytes to determine whether to update the IV. Signed-off-by: Wenkai Lin <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

uadk_prov: fix data type conversion errors

2a04559

Can not convert ‘size_t*’ {‘long unsigned int*’} to ‘int*’, which may cause data loss or other problems. Signed-off-by: Qi Tao <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>

patch-king force-pushed the master branch from 4cbd212 to 2a04559 Compare November 6, 2024 08:38

gaozhangfei merged commit f2881a8 into Linaro:master Nov 6, 2024

uadk_provider: some algorithm optimization and problem fixing #223

uadk_provider: some algorithm optimization and problem fixing #223

Uh oh!

Conversation

patch-king commented Oct 18, 2024

Uh oh!

IAMHCHCH commented Oct 18, 2024

Uh oh!

gaozhangfei commented Oct 18, 2024

Uh oh!

gaozhangfei commented Oct 18, 2024

Uh oh!

tq444 commented Oct 22, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

tq444 commented Oct 22, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

IAMHCHCH commented Oct 22, 2024

Uh oh!

gaozhangfei commented Oct 22, 2024

Uh oh!

gaozhangfei commented Oct 22, 2024

Uh oh!

tq444 commented Oct 22, 2024

Uh oh!

tq444 commented Oct 22, 2024

Uh oh!

gaozhangfei commented Oct 22, 2024

Uh oh!

gaozhangfei commented Oct 22, 2024

Uh oh!

gaozhangfei commented Oct 22, 2024

Uh oh!

CaptainMiaow commented Nov 6, 2024

Uh oh!

tq444 commented Nov 6, 2024

Uh oh!

gaozhangfei commented Nov 6, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

tq444 commented Oct 22, 2024 •

edited

Loading

tq444 commented Oct 22, 2024 •

edited

Loading