From 76312df4d6ceec790fdf2ae27ae55e8da69bdae9 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Fri, 31 May 2024 21:02:04 +0800 Subject: [PATCH] Clean code --- INSTALL.md | 26 ++++++++++++++++++++++++++ include/gmssl/sm3_x8_avx2.h | 5 ++++- src/asn1.c | 2 +- src/tls13.c | 30 +++++++++--------------------- tools/tlcp_client.c | 6 +++--- 5 files changed, 43 insertions(+), 26 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 4ece7bc54..d4fa16aca 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -252,3 +252,29 @@ cpack -G DEB make package ``` +## 生成二进制包 + +为了保证兼容性,发布的二进制包不包含针对特定指令集的优化代码,并且不启用编译器的`-O3`优化。 + +在正式发布之前,需要在测试平台上编译、测试、安装。验证`gmssl`命令行可以正确使用,验证`sm3_demo.c`可以正确和`-lgmssl`编译,并且可以正确输出哈希值。 + +完成编译和测试后,在`build`目录下执行如下操作 + +``` bash +#!/bin/bash -x +VERSION=3.2.0 +OS=macos +ARCH=arm64 +mkdir build; cd build; cmake ..; make +cmake .. -DBUILD_SHARED_LIBS=OFF; make +mkdir gmssl-$VERSION +cd gmssl-$VERSION +mkdir bin; mkdir lib; mkdir include +cp ../bin/gmssl bin +cp -P ../bin/libgmssl* lib +cp -r ../../include/gmssl include +cd .. +tar czvf gmssl-$VERSION-$OS-$ARCH.tar.gz gmssl-$VERSION +``` + +其中`cmake .. -DBUILD_SHARED_LIBS=OFF; make`重新生成了静态库,以及和静态库连接的`gmssl`二进制程序,因此最终打包的`gmssl`命令行不依赖系统库之外的动态库。 diff --git a/include/gmssl/sm3_x8_avx2.h b/include/gmssl/sm3_x8_avx2.h index f3674c20e..2695cb5d4 100644 --- a/include/gmssl/sm3_x8_avx2.h +++ b/include/gmssl/sm3_x8_avx2.h @@ -7,7 +7,10 @@ * http://www.apache.org/licenses/LICENSE-2.0 */ -#ifndef GMSSL_SM3_X8_AVX2_H +// TODO: a new header for coarse-grained parallelism SM3, implemented by sm3_avx2/avx512, sm3_sve/sve2, sm3_cl +// and used by sm3_xmss or other algors + +#ifndef GMSSL_SM3_X8_AVX2_H // GMSSL_SM3_MULTI_H ? #define GMSSL_SM3_X8_AVX2_H #include diff --git a/src/asn1.c b/src/asn1.c index a89f7f564..4059bb972 100644 --- a/src/asn1.c +++ b/src/asn1.c @@ -212,7 +212,7 @@ int asn1_length_from_der(size_t *len, const uint8_t **in, size_t *inlen) // check if the left input is enough for reading (d,dlen) if (*inlen < *len) { error_print(); - return -2; // 特殊错误值用于 test_asn1_length() 的测试 // TODO: 修改 asn1test.c 的测试向量 + return -2; // Special error for test_asn1_length() // TODO: fix asn1test.c test vector } return 1; } diff --git a/src/tls13.c b/src/tls13.c index e875b94c0..8ef99b3de 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -29,16 +29,6 @@ static const int tls13_ciphers[] = { TLS_cipher_sm4_gcm_sm3 }; static size_t tls13_ciphers_count = sizeof(tls13_ciphers)/sizeof(int); -/* -int tls13_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int format, int indent) -{ - // 目前只支持TLCP的ECC公钥加密套件,因此不论用哪个套件解析都是一样的 - // 如果未来支持ECDHE套件,可以将函数改为宏,直接传入 (conn->cipher_suite << 8) - format |= tls13_ciphers[0] << 8; - return tls_record_print(fp, record, recordlen, format, indent); -} -*/ - static int tls13_client_hello_exts[] = { TLS_extension_supported_versions, TLS_extension_padding, @@ -201,13 +191,11 @@ int tls13_gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12], return 1; } -// 这个函数是不对的,在我们的一些情况下,加密的时候并不会组成完整的数据 +// TODO: check this func again int tls13_record_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12], const uint8_t seq_num[8], const uint8_t *record, size_t recordlen, size_t padding_len, uint8_t *enced_record, size_t *enced_recordlen) { - // 被加密的是握手消息或者是应用层数据 - if (tls13_gcm_encrypt(key, iv, seq_num, record[0], record + 5, recordlen - 5, padding_len, enced_record + 5, enced_recordlen) != 1) { @@ -215,7 +203,7 @@ int tls13_record_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12], return -1; } - enced_record[0] = TLS_record_application_data; // 显然这个不太对啊 + enced_record[0] = TLS_record_application_data; // FIXME, maybe other type enced_record[1] = 0x03; //TLS_protocol_tls12_major; enced_record[2] = 0x03; //TLS_protocol_tls12_minor; enced_record[3] = (uint8_t)((*enced_recordlen) >> 8); @@ -254,7 +242,7 @@ int tls13_send(TLS_CONNECT *conn, const uint8_t *data, size_t datalen, size_t *s uint8_t *seq_num; uint8_t *record = conn->record; size_t recordlen; - size_t padding_len = 0; //FIXME: 在conn中设置是否加随机填充,及设置该值 + size_t padding_len = 0; //FIXME: add random padding to conn tls_trace("send {ApplicationData}\n"); @@ -368,7 +356,7 @@ int tls13_do_recv(TLS_CONNECT *conn) return ret; } tls_record_trace(stderr, record, recordlen, 0, 0); - // TODO: 是否需要检查record_type? record[0] != TLS_record_application_data + // TODO: do we need to check record_type? record[0] != TLS_record_application_data if (tls13_gcm_decrypt(key, iv, seq_num, record + 5, recordlen - 5, @@ -665,8 +653,8 @@ int tls13_process_client_hello_exts(const uint8_t *exts, size_t extslen, switch (ext_type) { /* - // tls13_process_client_hello_exts 的接口需要处理,部分输出要输出到server_exts中 - case TLS_extension_supported_groups: // 这个应该放在EE里面 + // tls13_process_client_hello_exts API should be fixed, output some exts to server_exts中 + case TLS_extension_supported_groups: // should be in EE if (tls_process_client_supported_groups(ext_data, ext_datalen, NULL, &len) != 1 || len > server_exts_maxlen) { error_print(); @@ -674,7 +662,7 @@ int tls13_process_client_hello_exts(const uint8_t *exts, size_t extslen, } tls_process_client_supported_groups(ext_data, ext_datalen, &server_exts, server_exts_len); break; - case TLS_extension_signature_algorithms: // client单方面通知就可以了,服务器不需要响应 + case TLS_extension_signature_algorithms: // client notify, server no need to response if (tls_process_client_signature_algorithms(ext_data, ext_datalen, NULL, &len) != 1 || len > server_exts_maxlen) { error_print(); @@ -740,7 +728,7 @@ int tls_client_key_shares_from_bytes(SM2_Z256_POINT *sm2_point, const uint8_t ** return 1; } -// 这个函数不是太正确,应该也是一个process +// FIXME: should be a process function int tls13_server_hello_extensions_get(const uint8_t *exts, size_t extslen, SM2_Z256_POINT *sm2_point) { uint16_t version; @@ -771,7 +759,7 @@ int tls13_server_hello_extensions_get(const uint8_t *exts, size_t extslen, SM2_Z } break; //default: - // FIXME: 还有几个扩展没有处理! + // FIXME: not all exts handled //error_print(); //return -1; } diff --git a/tools/tlcp_client.c b/tools/tlcp_client.c index ab114203c..a65d68e05 100644 --- a/tools/tlcp_client.c +++ b/tools/tlcp_client.c @@ -1,4 +1,4 @@ -/* +/* * Copyright 2014-2024 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may @@ -254,9 +254,9 @@ int tlcp_client_main(int argc, char *argv[]) FD_SET(conn.sock, &fds); if (read_stdin) #ifdef WIN32 - FD_SET(_fileno, &fds); + FD_SET(_fileno, &fds); // in WIN32, first arg type is SOCKET, maybe typedef of uint #else - FD_SET(STDIN_FILENO, &fds); + FD_SET(STDIN_FILENO, &fds); // in POSIX, first arg type is int #endif if (select(conn.sock + 1, &fds, NULL, NULL, NULL) < 0) { fprintf(stderr, "%s: select error\n", prog);