!38 uadk_engine support aead aes-gcm and sm4 ecb mode

From: @xiao_jiang_shui 
Reviewed-by: @hao-fang 
Signed-off-by: @hao-fang

0049-uadk_prov_init-remove-engine_uadk_id.patch

@@ -0,0 +1,198 @@
+From 82144d6f4802aae3a562fbdb1e51c4d35e2b32b2 Mon Sep 17 00:00:00 2001
+From: Zhangfei Gao <zhangfei.gao@linaro.org>
+Date: Fri, 20 Oct 2023 07:53:45 +0000
+Subject: [PATCH 49/63] uadk_prov_init: remove engine_uadk_id.
+
+It looks strange to define engine_uadk_id in uadk_prov_init.c
+
+ASYNC_WAIT_CTX_set_wait_fd and ASYNC_WAIT_CTX_get_fd does not need to
+use engine_uadk_id as the key, only if the key is the same.
+So define uadk_async_key in the file itself.
+
+Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
+---
+ src/uadk.h                 |  1 -
+ src/uadk_async.c           | 17 +++++++++--------
+ src/uadk_engine_init.c     |  2 +-
+ src/uadk_prov_init.c       |  1 -
+ src/v1/async/async_event.c | 19 ++++++++++---------
+ 5 files changed, 20 insertions(+), 20 deletions(-)
+
+diff --git a/src/uadk.h b/src/uadk.h
+index 30c099f..5a98feb 100644
+--- a/src/uadk.h
++++ b/src/uadk.h
+@@ -28,7 +28,6 @@ enum {
+ 	HW_V3,
+ };
+ 
+-extern const char *engine_uadk_id;
+ int uadk_e_bind_cipher(ENGINE *e);
+ void uadk_e_destroy_cipher(void);
+ int uadk_e_bind_digest(ENGINE *e);
+diff --git a/src/uadk_async.c b/src/uadk_async.c
+index c46976c..45f3918 100644
+--- a/src/uadk_async.c
++++ b/src/uadk_async.c
+@@ -24,6 +24,7 @@
+ #include "uadk.h"
+ #include "uadk_async.h"
+ 
++static const char *uadk_async_key = "uadk_async_key";
+ static struct async_poll_queue poll_queue;
+ 
+ static int g_uadk_e_keep_polling;
+@@ -61,15 +62,15 @@ int async_setup_async_event_notification(struct async_op *op)
+ 	if (waitctx == NULL)
+ 		return 0;
+ 
+-	if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_uadk_id,
++	if (ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key,
+ 				  &efd, &custom) == 0) {
+ 		efd = eventfd(0, EFD_NONBLOCK);
+ 		if (efd == -1)
+ 			return 0;
+ 
+-		if (ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_uadk_id, efd,
++		if (ASYNC_WAIT_CTX_set_wait_fd(waitctx, uadk_async_key, efd,
+ 					       custom, async_fd_cleanup) == 0) {
+-			async_fd_cleanup(waitctx, engine_uadk_id, efd, NULL);
++			async_fd_cleanup(waitctx, uadk_async_key, efd, NULL);
+ 			return 0;
+ 		}
+ 	}
+@@ -99,13 +100,13 @@ int async_clear_async_event_notification(void)
+ 		return 0;
+ 
+ 	if (num_add_fds > 0) {
+-		if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_uadk_id,
++		if (ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key,
+ 					  &efd, &custom) == 0)
+ 			return 0;
+ 
+-		async_fd_cleanup(waitctx, engine_uadk_id, efd, NULL);
++		async_fd_cleanup(waitctx, uadk_async_key, efd, NULL);
+ 
+-		if (ASYNC_WAIT_CTX_clear_fd(waitctx, engine_uadk_id) == 0)
++		if (ASYNC_WAIT_CTX_clear_fd(waitctx, uadk_async_key) == 0)
+ 			return 0;
+ 	}
+ 
+@@ -272,7 +273,7 @@ int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id)
+ 		if (ASYNC_pause_job() == 0)
+ 			return 0;
+ 
+-		ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_uadk_id, &efd, &custom);
++		ret = ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom);
+ 		if (ret <= 0)
+ 			continue;
+ 
+@@ -299,7 +300,7 @@ int async_wake_job(ASYNC_JOB *job)
+ 	if (waitctx == NULL)
+ 		return 0;
+ 
+-	ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_uadk_id, &efd, &custom);
++	ret = ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom);
+ 	if (ret > 0) {
+ 		if (write(efd, &buf, sizeof(uint64_t)) == -1)
+ 			fprintf(stderr, "failed to write to fd: %d - error: %d\n", efd, errno);
+diff --git a/src/uadk_engine_init.c b/src/uadk_engine_init.c
+index e2aa392..cf54360 100644
+--- a/src/uadk_engine_init.c
++++ b/src/uadk_engine_init.c
+@@ -35,7 +35,7 @@
+ #define UADK_CMD_ENABLE_ECC_ENV		(ENGINE_CMD_BASE + 4)
+ 
+ /* Constants used when creating the ENGINE */
+-const char *engine_uadk_id = "uadk_engine";
++static const char *engine_uadk_id = "uadk_engine";
+ static const char *engine_uadk_name = "uadk hardware engine support";
+ 
+ static int uadk_cipher;
+diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c
+index 2bde080..9b2c190 100644
+--- a/src/uadk_prov_init.c
++++ b/src/uadk_prov_init.c
+@@ -28,7 +28,6 @@
+ #include "uadk_async.h"
+ #include "uadk_prov.h"
+ 
+-const char *engine_uadk_id = "uadk_provider";
+ static const char UADK_DEFAULT_PROPERTIES[] = "provider=uadk_provider";
+ static OSSL_PROVIDER *prov;
+ 
+diff --git a/src/v1/async/async_event.c b/src/v1/async/async_event.c
+index 245c269..c843bcf 100644
+--- a/src/v1/async/async_event.c
++++ b/src/v1/async/async_event.c
+@@ -35,7 +35,8 @@
+ 
+ #include "async_event.h"
+ #include "../utils/engine_log.h"
+-#include "../../uadk.h"
++
++static const char *uadk_async_key = "uadk_async_key";
+ 
+ static void async_fd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD readfd, void *custom)
+ {
+@@ -66,7 +67,7 @@ int async_setup_async_event_notification_v1(int jobStatus)
+ 		return 0;
+ 	}
+ 
+-	if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_uadk_id, &efd,
++	if (ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd,
+ 				&custom) == 0) {
+ 		efd = eventfd(0, EFD_NONBLOCK);
+ 		if (efd == -1) {
+@@ -74,10 +75,10 @@ int async_setup_async_event_notification_v1(int jobStatus)
+ 			return 0;
+ 		}
+ 
+-		if (ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_uadk_id, efd,
++		if (ASYNC_WAIT_CTX_set_wait_fd(waitctx, uadk_async_key, efd,
+ 					custom, async_fd_cleanup) == 0) {
+ 			US_ERR("set wait fd error.");
+-			async_fd_cleanup(waitctx, engine_uadk_id, efd, NULL);
++			async_fd_cleanup(waitctx, uadk_async_key, efd, NULL);
+ 			return 0;
+ 		}
+ 	}
+@@ -111,14 +112,14 @@ int async_clear_async_event_notification_v1(void)
+ 	}
+ 
+ 	if (num_add_fds > 0) {
+-		if (ASYNC_WAIT_CTX_get_fd(waitctx, engine_uadk_id, &efd, &custom) == 0) {
++		if (ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom) == 0) {
+ 			US_ERR("no fd.");
+ 			return 0;
+ 		}
+ 
+-		async_fd_cleanup(waitctx, engine_uadk_id, efd, NULL);
++		async_fd_cleanup(waitctx, uadk_async_key, efd, NULL);
+ 
+-		if (ASYNC_WAIT_CTX_clear_fd(waitctx, engine_uadk_id) == 0) {
++		if (ASYNC_WAIT_CTX_clear_fd(waitctx, uadk_async_key) == 0) {
+ 			US_ERR("clear fd error.");
+ 			return 0;
+ 		}
+@@ -148,7 +149,7 @@ int async_pause_job_v1(volatile ASYNC_JOB *job, int jobStatus)
+ 		return ret;
+ 	}
+ 
+-	ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_uadk_id, &efd, &custom);
++	ret = ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom);
+ 	if (ret > 0) {
+ 		if (read(efd, &buf, sizeof(uint64_t)) == -1) {
+ 			if (errno != EAGAIN)
+@@ -178,7 +179,7 @@ int async_wake_job_v1(volatile ASYNC_JOB *job, int jobStatus)
+ 		return ret;
+ 	}
+ 
+-	ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_uadk_id, &efd, &custom);
++	ret = ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom);
+ 	if (ret > 0) {
+ 		if (write(efd, &buf, sizeof(uint64_t)) == -1)
+ 			US_ERR("Failed to write to fd: %d - error: %d\n", efd, errno);
+-- 
+2.25.1
+

0050-uadk_prov-reuse-OSSL_OP_STORE-from-default-provider.patch

@@ -0,0 +1,161 @@
+From db09ea12d7a95247022f8907b3321c3cb4b42900 Mon Sep 17 00:00:00 2001
+From: Zhangfei Gao <zhangfei.gao@linaro.org>
+Date: Fri, 20 Oct 2023 08:46:18 +0000
+Subject: [PATCH 50/63] uadk_prov: reuse OSSL_OP_STORE from default provider
+
+The store func is provided in default provider, so "-provider default"
+is required. otherwise errors reported:
+
+Could not open file or uri for loading private key from privatekey1.pem
+2020D5BEFFFF0000:error:16000069:STORE routines:ossl_store_get0_loader_int:\
+	unregistered scheme:crypto/store/store_register.c:237:scheme=file
+2020D5BEFFFF0000:error:1608010C:STORE routines:inner_loader_fetch: \
+	unsupported:crypto/store/store_meth.c:356:No store loader found. \
+	For standard store loaders you need at least one of the default or base \
+	providers available. Did you forget to load them? Info: \
+	Global default library context, Scheme (file : 0), Properties (<null>)
+
+Instead, uadk_provider can provide OSSL_OP_STORE by reusing
+the default provider's prov->query_operation
+
+Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
+---
+ src/uadk_prov.h      | 62 ++++++++++++++++++++++++++++++++++++++++++++
+ src/uadk_prov_init.c |  2 ++
+ src/uadk_prov_rsa.c  |  4 +--
+ test/sanity_test.sh  |  6 ++---
+ 4 files changed, 68 insertions(+), 6 deletions(-)
+
+diff --git a/src/uadk_prov.h b/src/uadk_prov.h
+index efb29ee..01e799e 100644
+--- a/src/uadk_prov.h
++++ b/src/uadk_prov.h
+@@ -18,6 +18,68 @@
+ #ifndef UADK_PROV_H
+ #define UADK_PROV_H
+ 
++typedef int CRYPTO_REF_COUNT;
++
++struct ossl_provider_st {
++	/* Flag bits */
++	unsigned int flag_initialized:1;
++	unsigned int flag_activated:1;
++	unsigned int flag_fallback:1; /* Can be used as fallback */
++
++	/* Getting and setting the flags require synchronization */
++	CRYPTO_RWLOCK *flag_lock;
++
++	/* OpenSSL library side data */
++	CRYPTO_REF_COUNT refcnt;
++	CRYPTO_RWLOCK *refcnt_lock;  /* For the ref counter */
++	int activatecnt;
++	char *name;
++	char *path;
++	void *module;
++	OSSL_provider_init_fn *init_function;
++
++	STACK_OF(INFOPAIR) * parameters;
++	OSSL_LIB_CTX *libctx; /* The library context this instance is in */
++	struct provider_store_st *store; /* The store this instance belongs to */
++#ifndef FIPS_MODULE
++	/*
++	 * In the FIPS module inner provider, this isn't needed, since the
++	 * error upcalls are always direct calls to the outer provider.
++	 */
++	int error_lib;     /* ERR library number, one for each provider */
++# ifndef OPENSSL_NO_ERR
++	char *error_strings; /* Copy of what the provider gives us */
++# endif
++#endif
++
++	/* Provider side functions */
++	OSSL_FUNC_provider_teardown_fn * teardown;
++	OSSL_FUNC_provider_gettable_params_fn *gettable_params;
++	OSSL_FUNC_provider_get_params_fn *get_params;
++	OSSL_FUNC_provider_get_capabilities_fn *get_capabilities;
++	OSSL_FUNC_provider_self_test_fn *self_test;
++	OSSL_FUNC_provider_query_operation_fn *query_operation;
++	OSSL_FUNC_provider_unquery_operation_fn *unquery_operation;
++
++	/*
++	 * Cache of bit to indicate of query_operation() has been called on
++	 * a specific operation or not.
++	 */
++	unsigned char *operation_bits;
++	size_t operation_bits_sz;
++	CRYPTO_RWLOCK *opbits_lock;
++
++#ifndef FIPS_MODULE
++	/* Whether this provider is the child of some other provider */
++	const OSSL_CORE_HANDLE * handle;
++	unsigned int ischild:1;
++#endif
++
++	/* Provider side data */
++	void *provctx;
++	const OSSL_DISPATCH *dispatch;
++};
++
+ struct uadk_prov_ctx {
+ 	const OSSL_CORE_HANDLE *handle;
+ 	OSSL_LIB_CTX *libctx;
+diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c
+index 9b2c190..fc09b64 100644
+--- a/src/uadk_prov_init.c
++++ b/src/uadk_prov_init.c
+@@ -120,6 +120,8 @@ static const OSSL_ALGORITHM *uadk_query(void *provctx, int operation_id,
+ 		return uadk_prov_keymgmt;
+ 	case OSSL_OP_ASYM_CIPHER:
+ 		return uadk_prov_asym_cipher;
++	case OSSL_OP_STORE:
++		return prov->query_operation(provctx, operation_id, no_cache);
+ 	}
+ 	return NULL;
+ }
+diff --git a/src/uadk_prov_rsa.c b/src/uadk_prov_rsa.c
+index a342e92..cd9b1e1 100644
+--- a/src/uadk_prov_rsa.c
++++ b/src/uadk_prov_rsa.c
+@@ -220,7 +220,7 @@ struct rsa_st {
+ 	/* Be careful using this if the RSA structure is shared */
+ 	CRYPTO_EX_DATA ex_data;
+ 
+-	int references; //CRYPTO_REF_COUNT references;
++	CRYPTO_REF_COUNT references;
+ 	int flags;
+ 	/* Used to cache montgomery values */
+ 	BN_MONT_CTX *_method_mod_n;
+@@ -235,8 +235,6 @@ struct rsa_st {
+ 
+ typedef struct rsa_st RSA;
+ 
+-typedef int CRYPTO_REF_COUNT;
+-
+ struct evp_signature_st {
+ 	int name_id;
+ 	char *type_name;
+diff --git a/test/sanity_test.sh b/test/sanity_test.sh
+index 6a37014..5b61da3 100755
+--- a/test/sanity_test.sh
++++ b/test/sanity_test.sh
+@@ -78,14 +78,14 @@ if [[ $signature_algs =~ "uadk_provider" ]]; then
+ 	openssl speed -provider $engine_id -async_jobs 1 rsa4096
+ 
+ 	openssl genrsa -out prikey.pem -provider $engine_id 1024
+-	openssl rsa -in prikey.pem -pubout -out pubkey.pem -provider $engine_id -provider default
++	openssl rsa -in prikey.pem -pubout -out pubkey.pem -provider $engine_id
+ 	echo "Content to be encrypted" > plain.txt
+ 
+ 	openssl pkeyutl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt \
+-	-pkeyopt rsa_padding_mode:pkcs1 -provider uadk_provider -provider default
++	-pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id
+ 
+ 	openssl pkeyutl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt \
+-        -pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id -provider default
++        -pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id
+ fi
+ 
+ if [[ $version =~ "1.1.1" ]]; then
+-- 
+2.25.1
+

0052-uadk-add-DH-sanity-test.patch

@@ -0,0 +1,225 @@
+From e98342b85f0f437de57f82078ecfff987d939570 Mon Sep 17 00:00:00 2001
+From: Zhangfei Gao <zhangfei.gao@linaro.org>
+Date: Mon, 23 Oct 2023 06:38:15 +0000
+Subject: [PATCH 52/63] uadk: add DH sanity test
+
+Add DH sanity test.
+
+Also, for clarity, put all 3.0 sanity tests into a different file:
+test/sanity_test_openssl3.0.sh
+
+Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
+---
+ test/sanity_test.sh            |  73 +--------------------
+ test/sanity_test_openssl3.0.sh | 115 +++++++++++++++++++++++++++++++++
+ 2 files changed, 116 insertions(+), 72 deletions(-)
+ create mode 100755 test/sanity_test_openssl3.0.sh
+
+diff --git a/test/sanity_test.sh b/test/sanity_test.sh
+index 5b61da3..7f2d586 100755
+--- a/test/sanity_test.sh
++++ b/test/sanity_test.sh
+@@ -14,78 +14,7 @@ echo "OpenSSL major version is "$major_version
+ 
+ # Check if the major version is equal to or greater than 3
+ if ((major_version >= 3)); then
+-	engine_id="$TEST_SCRIPT_DIR/../src/.libs/uadk_provider.so"
+-	digest_algs=$(openssl list -provider $engine_id -digest-algorithms)
+-	cipher_algs=$(openssl list -provider $engine_id -cipher-algorithms)
+-	signature_algs=$(openssl list -provider $engine_id -signature-algorithms)
+-fi
+-
+-if [[ $digest_algs =~ "uadk_provider" ]]; then
+-	echo "uadk_provider testing digest"
+-	openssl speed -provider $engine_id -evp md5
+-	openssl speed -provider $engine_id -evp sm3
+-	openssl speed -provider $engine_id -evp sha1
+-	openssl speed -provider $engine_id -evp sha2-224
+-	openssl speed -provider $engine_id -evp sha2-256
+-	openssl speed -provider $engine_id -evp sha2-384
+-	openssl speed -provider $engine_id -evp sha2-512
+-
+-	openssl speed -provider $engine_id -async_jobs 1 -evp md5
+-	openssl speed -provider $engine_id -async_jobs 1 -evp sm3
+-	openssl speed -provider $engine_id -async_jobs 1 -evp sha1
+-	openssl speed -provider $engine_id -async_jobs 1 -evp sha2-224
+-	openssl speed -provider $engine_id -async_jobs 1 -evp sha2-256
+-	openssl speed -provider $engine_id -async_jobs 1 -evp sha2-384
+-	openssl speed -provider $engine_id -async_jobs 1 -evp sha2-512
+-fi
+-
+-if [[ $cipher_algs =~ "uadk_provider" ]]; then
+-	echo "uadk_provider testing cipher"
+-	openssl speed -provider $engine_id -evp aes-128-cbc
+-	openssl speed -provider $engine_id -evp aes-192-cbc
+-	openssl speed -provider $engine_id -evp aes-256-cbc
+-	openssl speed -provider $engine_id -evp aes-128-ecb
+-	openssl speed -provider $engine_id -evp aes-192-ecb
+-	openssl speed -provider $engine_id -evp aes-256-ecb
+-	openssl speed -provider $engine_id -evp aes-128-xts
+-	openssl speed -provider $engine_id -evp aes-256-xts
+-	openssl speed -provider $engine_id -evp sm4-cbc
+-	openssl speed -provider $engine_id -evp sm4-ecb
+-	openssl speed -provider $engine_id -evp des-ede3-cbc
+-	openssl speed -provider $engine_id -evp des-ede3-ecb
+-
+-	openssl speed -provider $engine_id -async_jobs 1 -evp aes-128-cbc
+-	openssl speed -provider $engine_id -async_jobs 1 -evp aes-192-cbc
+-	openssl speed -provider $engine_id -async_jobs 1 -evp aes-256-cbc
+-	openssl speed -provider $engine_id -async_jobs 1 -evp aes-128-ecb
+-	openssl speed -provider $engine_id -async_jobs 1 -evp aes-192-ecb
+-	openssl speed -provider $engine_id -async_jobs 1 -evp aes-256-ecb
+-	openssl speed -provider $engine_id -async_jobs 1 -evp aes-128-xts
+-	openssl speed -provider $engine_id -async_jobs 1 -evp aes-256-xts
+-	openssl speed -provider $engine_id -async_jobs 1 -evp sm4-cbc
+-	openssl speed -provider $engine_id -async_jobs 1 -evp sm4-ecb
+-	openssl speed -provider $engine_id -async_jobs 1 -evp des-ede3-cbc
+-	openssl speed -provider $engine_id -async_jobs 1 -evp des-ede3-ecb
+-fi
+-
+-if [[ $signature_algs =~ "uadk_provider" ]]; then
+-	echo "uadk_provider testing rsa"
+-	openssl speed -provider $engine_id rsa1024
+-	openssl speed -provider $engine_id rsa2048
+-	openssl speed -provider $engine_id rsa4096
+-	openssl speed -provider $engine_id -async_jobs 1 rsa1024
+-	openssl speed -provider $engine_id -async_jobs 1 rsa2048
+-	openssl speed -provider $engine_id -async_jobs 1 rsa4096
+-
+-	openssl genrsa -out prikey.pem -provider $engine_id 1024
+-	openssl rsa -in prikey.pem -pubout -out pubkey.pem -provider $engine_id
+-	echo "Content to be encrypted" > plain.txt
+-
+-	openssl pkeyutl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt \
+-	-pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id
+-
+-	openssl pkeyutl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt \
+-        -pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id
++	$TEST_SCRIPT_DIR/sanity_test_openssl3.0.sh
+ fi
+ 
+ if [[ $version =~ "1.1.1" ]]; then
+diff --git a/test/sanity_test_openssl3.0.sh b/test/sanity_test_openssl3.0.sh
+new file mode 100755
+index 0000000..7f543ae
+--- /dev/null
++++ b/test/sanity_test_openssl3.0.sh
+@@ -0,0 +1,115 @@
++#!/bin/bash
++
++set -x
++sudo chmod 666 /dev/hisi_*
++
++TEST_SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
++
++version=$(openssl version)
++echo $version
++
++# Extract the major version number (e.g., "3") from the version string
++major_version=$(echo $version | awk -F'[ .]' '{print $2}')
++echo "OpenSSL major version is "$major_version
++
++# Check if the major version is equal to or greater than 3
++if ((major_version >= 3)); then
++	engine_id="$TEST_SCRIPT_DIR/../src/.libs/uadk_provider.so"
++	digest_algs=$(openssl list -provider $engine_id -digest-algorithms)
++	cipher_algs=$(openssl list -provider $engine_id -cipher-algorithms)
++	signature_algs=$(openssl list -provider $engine_id -signature-algorithms)
++	keyexch_algs=$(openssl list -provider $engine_id -key-exchange-algorithms)
++fi
++
++if [[ $digest_algs =~ "uadk_provider" ]]; then
++	echo "uadk_provider testing digest"
++	openssl speed -provider $engine_id -evp md5
++	openssl speed -provider $engine_id -evp sm3
++	openssl speed -provider $engine_id -evp sha1
++	openssl speed -provider $engine_id -evp sha2-224
++	openssl speed -provider $engine_id -evp sha2-256
++	openssl speed -provider $engine_id -evp sha2-384
++	openssl speed -provider $engine_id -evp sha2-512
++
++	openssl speed -provider $engine_id -async_jobs 1 -evp md5
++	openssl speed -provider $engine_id -async_jobs 1 -evp sm3
++	openssl speed -provider $engine_id -async_jobs 1 -evp sha1
++	openssl speed -provider $engine_id -async_jobs 1 -evp sha2-224
++	openssl speed -provider $engine_id -async_jobs 1 -evp sha2-256
++	openssl speed -provider $engine_id -async_jobs 1 -evp sha2-384
++	openssl speed -provider $engine_id -async_jobs 1 -evp sha2-512
++fi
++
++if [[ $cipher_algs =~ "uadk_provider" ]]; then
++	echo "uadk_provider testing cipher"
++	openssl speed -provider $engine_id -evp aes-128-cbc
++	openssl speed -provider $engine_id -evp aes-192-cbc
++	openssl speed -provider $engine_id -evp aes-256-cbc
++	openssl speed -provider $engine_id -evp aes-128-ecb
++	openssl speed -provider $engine_id -evp aes-192-ecb
++	openssl speed -provider $engine_id -evp aes-256-ecb
++	openssl speed -provider $engine_id -evp aes-128-xts
++	openssl speed -provider $engine_id -evp aes-256-xts
++	openssl speed -provider $engine_id -evp sm4-cbc
++	openssl speed -provider $engine_id -evp sm4-ecb
++	openssl speed -provider $engine_id -evp des-ede3-cbc
++	openssl speed -provider $engine_id -evp des-ede3-ecb
++
++	openssl speed -provider $engine_id -async_jobs 1 -evp aes-128-cbc
++	openssl speed -provider $engine_id -async_jobs 1 -evp aes-192-cbc
++	openssl speed -provider $engine_id -async_jobs 1 -evp aes-256-cbc
++	openssl speed -provider $engine_id -async_jobs 1 -evp aes-128-ecb
++	openssl speed -provider $engine_id -async_jobs 1 -evp aes-192-ecb
++	openssl speed -provider $engine_id -async_jobs 1 -evp aes-256-ecb
++	openssl speed -provider $engine_id -async_jobs 1 -evp aes-128-xts
++	openssl speed -provider $engine_id -async_jobs 1 -evp aes-256-xts
++	openssl speed -provider $engine_id -async_jobs 1 -evp sm4-cbc
++	openssl speed -provider $engine_id -async_jobs 1 -evp sm4-ecb
++	openssl speed -provider $engine_id -async_jobs 1 -evp des-ede3-cbc
++	openssl speed -provider $engine_id -async_jobs 1 -evp des-ede3-ecb
++fi
++
++if [[ $signature_algs =~ "uadk_provider" ]]; then
++	echo "uadk_provider testing rsa"
++	openssl speed -provider $engine_id rsa1024
++	openssl speed -provider $engine_id rsa2048
++	openssl speed -provider $engine_id rsa4096
++	openssl speed -provider $engine_id -async_jobs 1 rsa1024
++	openssl speed -provider $engine_id -async_jobs 1 rsa2048
++	openssl speed -provider $engine_id -async_jobs 1 rsa4096
++
++	openssl genrsa -out prikey.pem -provider $engine_id 1024
++	openssl rsa -in prikey.pem -pubout -out pubkey.pem -provider $engine_id
++	echo "Content to be encrypted" > plain.txt
++
++	openssl pkeyutl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt \
++	-pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id
++
++	openssl pkeyutl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt \
++        -pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id
++fi
++
++if [[ $keyexch_algs =~ "uadk_provider" ]]; then
++	echo "uadk_provider testing dh"
++
++	#1. Generate global public parameters, and save them in the file dhparam.pem:
++	openssl dhparam -out dhparam.pem 2048
++
++	#2. Generate own private key:
++	openssl genpkey -paramfile dhparam.pem -out privatekey1.pem -provider $engine_id
++	openssl genpkey -paramfile dhparam.pem -out privatekey2.pem -provider $engine_id
++
++	#3. Generate public key:
++	openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -provider $engine_id
++	openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -provider $engine_id
++
++	#4. After exchanging public key, each user can derive the shared secret:
++	openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out secret1.bin -provider $engine_id
++	openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out secret2.bin -provider $engine_id
++
++	#5. Check secret1.bin and secret2.bin:
++	cmp secret1.bin secret2.bin
++	xxd secret1.bin
++	xxd secret2.bin
++	#secret1.bin and secret2.bin should be same.
++fi
+-- 
+2.25.1
+

0053-uadk-add-uadk_provider.cnf.patch

@@ -0,0 +1,41 @@
+From 9d0d42f00ed60dd8b1dd13fd611068dcea6408d4 Mon Sep 17 00:00:00 2001
+From: Zhangfei Gao <zhangfei.gao@linaro.org>
+Date: Tue, 24 Oct 2023 08:55:11 +0000
+Subject: [PATCH 53/63] uadk: add uadk_provider.cnf
+
+uadk_provider can be enabled via uadk_provider.cnf
+
+export OPENSSL_CONF=/path/to/uadk_provider.cnf
+openssl command -config /path/to/uadk_provider.cnf
+application calls CONF_modules_load_file
+
+Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
+---
+ uadk_provider.cnf | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+ create mode 100644 uadk_provider.cnf
+
+diff --git a/uadk_provider.cnf b/uadk_provider.cnf
+new file mode 100644
+index 0000000..c9d1596
+--- /dev/null
++++ b/uadk_provider.cnf
+@@ -0,0 +1,15 @@
++# uadk_provider can be enabled via uadk_provider.cnf
++# export OPENSSL_CONF=/path/to/uadk_provider.cnf
++# openssl command -config /path/to/uadk_provider.cnf
++# application calls CONF_modules_load_file
++
++openssl_conf = openssl_init
++
++[openssl_init]
++providers = provider_sect
++
++[provider_sect]
++uadk_provider = uadk_sect
++
++[uadk_sect]
++activate = 1
+-- 
+2.25.1
+

0054-uadk-add-evp_test.sh.patch

@@ -0,0 +1,66 @@
+From 172ab332b9ada14fe333dd585dda3ceacd09dfc6 Mon Sep 17 00:00:00 2001
+From: Zhangfei Gao <zhangfei.gao@linaro.org>
+Date: Tue, 24 Oct 2023 09:07:06 +0000
+Subject: [PATCH 54/63] uadk: add evp_test.sh
+
+Enable uadk_provider via export OPENSSL_CONF
+cd to /path/to/openssl/test and doing evp_test
+
+For example:
+./test/evp_test.sh ../openssl
+
+Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
+Signed-off-by: Guodong Xu <guodong.xu@linaro.org>
+---
+ test/evp_test.sh | 39 +++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 39 insertions(+)
+ create mode 100755 test/evp_test.sh
+
+diff --git a/test/evp_test.sh b/test/evp_test.sh
+new file mode 100755
+index 0000000..5c1b022
+--- /dev/null
++++ b/test/evp_test.sh
+@@ -0,0 +1,39 @@
++#!/bin/bash
++
++set -x
++
++TEST_SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
++
++if [ $# -eq 0 ]; then
++	echo "No para: evp_test.sh /path/to/openssl"
++	exit
++fi
++
++export OPENSSL_CONF=$TEST_SCRIPT_DIR/../uadk_provider.cnf
++
++cd "$1"/test
++
++#Cipher test
++digest_algs=$(openssl list -digest-algorithms)
++if [[ $digest_algs =~ "uadk_provider" ]]; then
++	./evp_test ./recipes/30-test_evp_data/evpmd_sm3.txt
++	./evp_test ./recipes/30-test_evp_data/evpmd_sha.txt
++fi
++
++cipher_algs=$(openssl list -cipher-algorithms)
++if [[ $cipher_algs =~ "uadk_provider" ]]; then
++	./evp_test ./recipes/30-test_evp_data/evpciph_sm4.txt
++	./evp_test ./recipes/30-test_evp_data/evpciph_aes_common.txt
++	./evp_test ./recipes/30-test_evp_data/evpciph_des3_common.txt
++fi
++
++signature_algs=$(openssl list -signature-algorithms)
++if [[ $signature_algs =~ "uadk_provider" ]]; then
++	./evp_test ./recipes/30-test_evp_data/evppkey_rsa.txt
++	./evp_test ./recipes/30-test_evp_data/evppkey_rsa_common.txt
++fi
++
++keyexch_algs=$(openssl list -key-exchange-algorithms)
++if [[ $keyexch_algs =~ "uadk_provider" ]]; then
++	./evp_test ./recipes/30-test_evp_data/evppkey_dh.txt
++fi
+-- 
+2.25.1
+

0055-uadk_engine-remove-redundant-param-of-async.patch

@@ -0,0 +1,202 @@
+From 553d8a9068a7848294dba8605be3a2feb9db1498 Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Thu, 9 Nov 2023 11:23:37 +0800
+Subject: [PATCH 55/63] uadk_engine: remove redundant param of async
+
+Remove redundant index parameter of async_pause_job(),
+as the value of the index has been saved in async_op
+type variable.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk_async.c       | 8 ++++----
+ src/uadk_async.h       | 2 +-
+ src/uadk_cipher.c      | 2 +-
+ src/uadk_dh.c          | 4 ++--
+ src/uadk_digest.c      | 2 +-
+ src/uadk_pkey.c        | 2 +-
+ src/uadk_prov_cipher.c | 2 +-
+ src/uadk_prov_dh.c     | 2 +-
+ src/uadk_prov_digest.c | 2 +-
+ src/uadk_prov_rsa.c    | 2 +-
+ src/uadk_rsa.c         | 2 +-
+ 11 files changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/src/uadk_async.c b/src/uadk_async.c
+index 45f3918..870065d 100644
+--- a/src/uadk_async.c
++++ b/src/uadk_async.c
+@@ -234,14 +234,14 @@ out:
+ 	return ret;
+ }
+ 
+-static int async_add_poll_task(void *ctx, struct async_op *op, enum task_type type, int id)
++static int async_add_poll_task(void *ctx, struct async_op *op, enum task_type type)
+ {
+ 	struct async_poll_task *task_queue;
+ 	struct async_poll_task *task;
+ 	int ret;
+ 
+ 	task_queue = poll_queue.head;
+-	task = &task_queue[id];
++	task = &task_queue[op->idx];
+ 	task->ctx = ctx;
+ 	task->type = type;
+ 	task->op = op;
+@@ -253,7 +253,7 @@ static int async_add_poll_task(void *ctx, struct async_op *op, enum task_type ty
+ 	return 1;
+ }
+ 
+-int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id)
++int async_pause_job(void *ctx, struct async_op *op, enum task_type type)
+ {
+ 	ASYNC_WAIT_CTX *waitctx;
+ 	OSSL_ASYNC_FD efd;
+@@ -261,7 +261,7 @@ int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id)
+ 	uint64_t buf;
+ 	int ret;
+ 
+-	ret = async_add_poll_task(ctx, op, type, id);
++	ret = async_add_poll_task(ctx, op, type);
+ 	if (ret == 0)
+ 		return ret;
+ 
+diff --git a/src/uadk_async.h b/src/uadk_async.h
+index 9160c98..1208c30 100644
+--- a/src/uadk_async.h
++++ b/src/uadk_async.h
+@@ -72,7 +72,7 @@ struct async_poll_queue {
+ 
+ int async_setup_async_event_notification(struct async_op *op);
+ int async_clear_async_event_notification(void);
+-int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
++int async_pause_job(void *ctx, struct async_op *op, enum task_type type);
+ void async_register_poll_fn(int type, async_recv_t func);
+ int async_module_init(void);
+ int async_wake_job(ASYNC_JOB *job);
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index 901c29e..ed25787 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -841,7 +841,7 @@ static int do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *op)
+ 		}
+ 	} while (ret == -EBUSY);
+ 
+-	ret = async_pause_job(priv, op, ASYNC_TASK_CIPHER, idx);
++	ret = async_pause_job(priv, op, ASYNC_TASK_CIPHER);
+ 	if (!ret)
+ 		return 0;
+ 	return 1;
+diff --git a/src/uadk_dh.c b/src/uadk_dh.c
+index acb5b8a..418747e 100644
+--- a/src/uadk_dh.c
++++ b/src/uadk_dh.c
+@@ -723,12 +723,12 @@ static int dh_do_crypto(struct uadk_dh_sess *dh_sess)
+ 		do {
+ 			ret = wd_do_dh_async(dh_sess->sess, &dh_sess->req);
+ 			if (ret < 0 && ret != -EBUSY) {
+-				async_free_poll_task(idx, 0);
++				async_free_poll_task(op.idx, 0);
+ 				goto err;
+ 			}
+ 		} while (ret == -EBUSY);
+ 
+-		ret = async_pause_job(dh_sess, &op, ASYNC_TASK_DH, idx);
++		ret = async_pause_job(dh_sess, &op, ASYNC_TASK_DH);
+ 		if (!ret)
+ 			goto err;
+ 
+diff --git a/src/uadk_digest.c b/src/uadk_digest.c
+index beb9f51..fa96e57 100644
+--- a/src/uadk_digest.c
++++ b/src/uadk_digest.c
+@@ -757,7 +757,7 @@ static int do_digest_async(struct digest_priv_ctx *priv, struct async_op *op)
+ 		}
+ 	} while (ret == -EBUSY);
+ 
+-	ret = async_pause_job(priv, op, ASYNC_TASK_DIGEST, idx);
++	ret = async_pause_job(priv, op, ASYNC_TASK_DIGEST);
+ 	if (!ret)
+ 		return 0;
+ 	return 1;
+diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
+index 60e3238..b071d8b 100644
+--- a/src/uadk_pkey.c
++++ b/src/uadk_pkey.c
+@@ -312,7 +312,7 @@ int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr)
+ 			}
+ 		} while (ret == -EBUSY);
+ 
+-		ret = async_pause_job((void *)usr, &op, ASYNC_TASK_ECC, idx);
++		ret = async_pause_job((void *)usr, &op, ASYNC_TASK_ECC);
+ 		if (!ret)
+ 			goto err;
+ 		if (req->status)
+diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c
+index 21bf0a2..9b0e9fe 100644
+--- a/src/uadk_prov_cipher.c
++++ b/src/uadk_prov_cipher.c
+@@ -396,7 +396,7 @@ static int uadk_do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *o
+ 		}
+ 	} while (ret == -EBUSY);
+ 
+-	ret = async_pause_job(priv, op, ASYNC_TASK_CIPHER, idx);
++	ret = async_pause_job(priv, op, ASYNC_TASK_CIPHER);
+ 	if (!ret)
+ 		return 0;
+ 	return 1;
+diff --git a/src/uadk_prov_dh.c b/src/uadk_prov_dh.c
+index cf84cb9..5437c46 100644
+--- a/src/uadk_prov_dh.c
++++ b/src/uadk_prov_dh.c
+@@ -926,7 +926,7 @@ static int dh_do_crypto(struct uadk_dh_sess *dh_sess)
+ 			}
+ 		} while (ret == -EBUSY);
+ 
+-		ret = async_pause_job(dh_sess, &op, ASYNC_TASK_DH, idx);
++		ret = async_pause_job(dh_sess, &op, ASYNC_TASK_DH);
+ 		if (!ret)
+ 			goto err;
+ 
+diff --git a/src/uadk_prov_digest.c b/src/uadk_prov_digest.c
+index ecb8d23..8d6bf06 100644
+--- a/src/uadk_prov_digest.c
++++ b/src/uadk_prov_digest.c
+@@ -445,7 +445,7 @@ static int uadk_do_digest_async(struct digest_priv_ctx *priv, struct async_op *o
+ 		}
+ 	} while (ret == -EBUSY);
+ 
+-	ret = async_pause_job(priv, op, ASYNC_TASK_DIGEST, idx);
++	ret = async_pause_job(priv, op, ASYNC_TASK_DIGEST);
+ 	if (!ret)
+ 		return 0;
+ 	return 1;
+diff --git a/src/uadk_prov_rsa.c b/src/uadk_prov_rsa.c
+index cd9b1e1..b60de0c 100644
+--- a/src/uadk_prov_rsa.c
++++ b/src/uadk_prov_rsa.c
+@@ -1349,7 +1349,7 @@ static int rsa_do_crypto(struct uadk_rsa_sess *rsa_sess)
+ 		}
+ 	} while (ret == -EBUSY);
+ 
+-	ret = async_pause_job(rsa_sess, &op, ASYNC_TASK_RSA, idx);
++	ret = async_pause_job(rsa_sess, &op, ASYNC_TASK_RSA);
+ 	if (!ret)
+ 		goto err;
+ 
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index d0780a7..ca05ef7 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -1118,7 +1118,7 @@ static int rsa_do_crypto(struct uadk_rsa_sess *rsa_sess)
+ 		}
+ 	} while (ret == -EBUSY);
+ 
+-	ret = async_pause_job(rsa_sess, &op, ASYNC_TASK_RSA, idx);
++	ret = async_pause_job(rsa_sess, &op, ASYNC_TASK_RSA);
+ 	if (!ret)
+ 		goto err;
+ 
+-- 
+2.25.1
+

0057-cipher-fix-uadk_e_destroy_cipher-memory-leak.patch

@@ -0,0 +1,45 @@
+From fef65630b7470bbb6f4fbecd946247fe8ba09027 Mon Sep 17 00:00:00 2001
+From: Wenkai Lin <linwenkai6@hisilicon.com>
+Date: Thu, 9 Nov 2023 11:23:39 +0800
+Subject: [PATCH 57/63] cipher: fix uadk_e_destroy_cipher memory leak
+
+Fix an issue where hardware resources are not released
+and locks are not destroyed.
+
+Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
+---
+ src/uadk_cipher.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index 73be09d..63cc738 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -996,6 +996,24 @@ static void destroy_cipher(struct engine_cipher_info *info, int num)
+ 
+ void uadk_e_destroy_cipher(struct engine_cipher_info *info, int num)
+ {
++	__u32 i;
++	int ret;
++
++	if (g_cipher_engine.pid == getpid()) {
++		ret = uadk_e_is_env_enabled("cipher");
++		if (ret == ENV_ENABLED) {
++			wd_cipher_env_uninit();
++		} else {
++			wd_cipher_uninit();
++			for (i = 0; i < g_cipher_engine.ctx_cfg.ctx_num; i++)
++				wd_release_ctx(g_cipher_engine.ctx_cfg.ctxs[i].ctx);
++			free(g_cipher_engine.ctx_cfg.ctxs);
++		}
++		g_cipher_engine.pid = 0;
++	}
++
++	pthread_spin_destroy(&g_cipher_engine.lock);
++
+ 	destroy_cipher(info, num);
+ }
+ 
+-- 
+2.25.1
+

0058-aead-fix-for-engine-lock-is-not-initialized.patch

@@ -0,0 +1,216 @@
+From 06b1812e0bac3588519c48a8016c0fae559be7be Mon Sep 17 00:00:00 2001
+From: Wenkai Lin <linwenkai6@hisilicon.com>
+Date: Thu, 9 Nov 2023 11:23:40 +0800
+Subject: [PATCH 58/63] aead: fix for engine lock is not initialized
+
+Fix an issue where the AEAD global lock is not initialized.
+
+In the multi-thread scenario, if the hardware is faulty
+and the get_dev return is empty, the uadk engine should
+continue to complete registration instead of returning.
+
+Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
+---
+ src/uadk.h             |  1 +
+ src/uadk_aead.c        | 81 ++++++++++++++++++++++--------------------
+ src/uadk_engine_init.c |  4 ++-
+ 3 files changed, 47 insertions(+), 39 deletions(-)
+
+diff --git a/src/uadk.h b/src/uadk.h
+index 4cf2c13..3dbaba1 100644
+--- a/src/uadk.h
++++ b/src/uadk.h
+@@ -42,5 +42,6 @@ void uadk_e_ecc_lock_init(void);
+ void uadk_e_rsa_lock_init(void);
+ void uadk_e_dh_lock_init(void);
+ void uadk_e_cipher_lock_init(void);
++void uadk_e_aead_lock_init(void);
+ void uadk_e_digest_lock_init(void);
+ #endif
+diff --git a/src/uadk_aead.c b/src/uadk_aead.c
+index 64a5f5c..360f3f8 100644
+--- a/src/uadk_aead.c
++++ b/src/uadk_aead.c
+@@ -61,7 +61,7 @@ struct aead_engine {
+ 	pthread_spinlock_t lock;
+ };
+ 
+-static struct aead_engine engine;
++static struct aead_engine g_aead_engine;
+ 
+ static EVP_CIPHER *uadk_aes_128_gcm;
+ static EVP_CIPHER *uadk_aes_192_gcm;
+@@ -175,42 +175,42 @@ static int uadk_e_wd_aead_cipher_init(struct uacce_dev *dev)
+ 	__u32 i, j;
+ 	int ret;
+ 
+-	engine.numa_id = dev->numa_id;
++	g_aead_engine.numa_id = dev->numa_id;
+ 
+ 	ret = uadk_e_is_env_enabled("aead");
+ 	if (ret)
+ 		return uadk_e_wd_aead_cipher_env_init(dev);
+ 
+-	memset(&engine.ctx_cfg, 0, sizeof(struct wd_ctx_config));
+-	engine.ctx_cfg.ctx_num = CTX_NUM;
+-	engine.ctx_cfg.ctxs = calloc(CTX_NUM, sizeof(struct wd_ctx));
+-	if (!engine.ctx_cfg.ctxs)
++	memset(&g_aead_engine.ctx_cfg, 0, sizeof(struct wd_ctx_config));
++	g_aead_engine.ctx_cfg.ctx_num = CTX_NUM;
++	g_aead_engine.ctx_cfg.ctxs = calloc(CTX_NUM, sizeof(struct wd_ctx));
++	if (!g_aead_engine.ctx_cfg.ctxs)
+ 		return -ENOMEM;
+ 
+ 	for (i = 0; i < CTX_NUM; i++) {
+-		engine.ctx_cfg.ctxs[i].ctx = wd_request_ctx(dev);
+-		if (!engine.ctx_cfg.ctxs[i].ctx) {
++		g_aead_engine.ctx_cfg.ctxs[i].ctx = wd_request_ctx(dev);
++		if (!g_aead_engine.ctx_cfg.ctxs[i].ctx) {
+ 			ret = -ENOMEM;
+ 			goto err_freectx;
+ 		}
+ 	}
+ 
+-	engine.ctx_cfg.ctxs[CTX_SYNC_ENC].op_type = CTX_TYPE_ENCRYPT;
+-	engine.ctx_cfg.ctxs[CTX_SYNC_DEC].op_type = CTX_TYPE_DECRYPT;
+-	engine.ctx_cfg.ctxs[CTX_SYNC_ENC].ctx_mode = CTX_MODE_SYNC;
+-	engine.ctx_cfg.ctxs[CTX_SYNC_DEC].ctx_mode = CTX_MODE_SYNC;
++	g_aead_engine.ctx_cfg.ctxs[CTX_SYNC_ENC].op_type = CTX_TYPE_ENCRYPT;
++	g_aead_engine.ctx_cfg.ctxs[CTX_SYNC_DEC].op_type = CTX_TYPE_DECRYPT;
++	g_aead_engine.ctx_cfg.ctxs[CTX_SYNC_ENC].ctx_mode = CTX_MODE_SYNC;
++	g_aead_engine.ctx_cfg.ctxs[CTX_SYNC_DEC].ctx_mode = CTX_MODE_SYNC;
+ 
+-	engine.ctx_cfg.ctxs[CTX_ASYNC_ENC].op_type = CTX_TYPE_ENCRYPT;
+-	engine.ctx_cfg.ctxs[CTX_ASYNC_DEC].op_type = CTX_TYPE_DECRYPT;
+-	engine.ctx_cfg.ctxs[CTX_ASYNC_ENC].ctx_mode = CTX_MODE_ASYNC;
+-	engine.ctx_cfg.ctxs[CTX_ASYNC_DEC].ctx_mode = CTX_MODE_ASYNC;
++	g_aead_engine.ctx_cfg.ctxs[CTX_ASYNC_ENC].op_type = CTX_TYPE_ENCRYPT;
++	g_aead_engine.ctx_cfg.ctxs[CTX_ASYNC_DEC].op_type = CTX_TYPE_DECRYPT;
++	g_aead_engine.ctx_cfg.ctxs[CTX_ASYNC_ENC].ctx_mode = CTX_MODE_ASYNC;
++	g_aead_engine.ctx_cfg.ctxs[CTX_ASYNC_DEC].ctx_mode = CTX_MODE_ASYNC;
+ 
+-	engine.sched.name = "sched_single";
+-	engine.sched.pick_next_ctx = sched_single_pick_next_ctx;
+-	engine.sched.poll_policy = sched_single_poll_policy;
+-	engine.sched.sched_init = sched_single_aead_init;
++	g_aead_engine.sched.name = "sched_single";
++	g_aead_engine.sched.pick_next_ctx = sched_single_pick_next_ctx;
++	g_aead_engine.sched.poll_policy = sched_single_poll_policy;
++	g_aead_engine.sched.sched_init = sched_single_aead_init;
+ 
+-	ret = wd_aead_init(&engine.ctx_cfg, &engine.sched);
++	ret = wd_aead_init(&g_aead_engine.ctx_cfg, &g_aead_engine.sched);
+ 	if (ret)
+ 		goto err_freectx;
+ 
+@@ -219,9 +219,9 @@ static int uadk_e_wd_aead_cipher_init(struct uacce_dev *dev)
+ 
+ err_freectx:
+ 	for (j = 0; j < i; j++)
+-		wd_release_ctx(engine.ctx_cfg.ctxs[j].ctx);
++		wd_release_ctx(g_aead_engine.ctx_cfg.ctxs[j].ctx);
+ 
+-	free(engine.ctx_cfg.ctxs);
++	free(g_aead_engine.ctx_cfg.ctxs);
+ 
+ 	return ret;
+ }
+@@ -231,30 +231,30 @@ static int uadk_e_init_aead_cipher(void)
+ 	struct uacce_dev *dev;
+ 	int ret;
+ 
+-	if (engine.pid != getpid()) {
+-		pthread_spin_lock(&engine.lock);
+-		if (engine.pid == getpid()) {
+-			pthread_spin_unlock(&engine.lock);
++	if (g_aead_engine.pid != getpid()) {
++		pthread_spin_lock(&g_aead_engine.lock);
++		if (g_aead_engine.pid == getpid()) {
++			pthread_spin_unlock(&g_aead_engine.lock);
+ 			return 1;
+ 		}
+ 
+ 		dev = wd_get_accel_dev("aead");
+ 		if (!dev) {
+-			pthread_spin_unlock(&engine.lock);
++			pthread_spin_unlock(&g_aead_engine.lock);
+ 			fprintf(stderr, "failed to get device for aead.\n");
+ 			return 0;
+ 		}
+ 
+ 		ret = uadk_e_wd_aead_cipher_init(dev);
+ 		if (ret < 0) {
+-			pthread_spin_unlock(&engine.lock);
++			pthread_spin_unlock(&g_aead_engine.lock);
+ 			fprintf(stderr, "failed to initiate aead cipher.\n");
+ 			free(dev);
+ 			return 0;
+ 		}
+ 
+-		engine.pid = getpid();
+-		pthread_spin_unlock(&engine.lock);
++		g_aead_engine.pid = getpid();
++		pthread_spin_unlock(&g_aead_engine.lock);
+ 		free(dev);
+ 	}
+ 
+@@ -277,7 +277,7 @@ static int uadk_e_ctx_init(struct aead_priv_ctx *priv, const unsigned char *ckey
+ 	if (ret)
+ 		params.type = 0;
+ 
+-	params.numa_id = engine.numa_id;
++	params.numa_id = g_aead_engine.numa_id;
+ 	priv->setup.sched_param = &params;
+ 	if (!priv->sess) {
+ 		priv->sess = wd_aead_alloc_sess(&priv->setup);
+@@ -713,20 +713,25 @@ void uadk_e_destroy_aead(struct engine_cipher_info *info, int num)
+ 	__u32 i;
+ 	int ret;
+ 
+-	if (engine.pid == getpid()) {
++	if (g_aead_engine.pid == getpid()) {
+ 		ret = uadk_e_is_env_enabled("aead");
+ 		if (ret) {
+ 			wd_aead_env_uninit();
+ 		} else {
+ 			wd_aead_uninit();
+-			for (i = 0; i < engine.ctx_cfg.ctx_num; i++)
+-				wd_release_ctx(engine.ctx_cfg.ctxs[i].ctx);
++			for (i = 0; i < g_aead_engine.ctx_cfg.ctx_num; i++)
++				wd_release_ctx(g_aead_engine.ctx_cfg.ctxs[i].ctx);
+ 
+-			free(engine.ctx_cfg.ctxs);
++			free(g_aead_engine.ctx_cfg.ctxs);
+ 		}
+-		engine.pid = 0;
++		g_aead_engine.pid = 0;
+ 	}
+ 
+-	pthread_spin_destroy(&engine.lock);
++	pthread_spin_destroy(&g_aead_engine.lock);
+ 	destroy_aead(info, num);
+ }
++
++void uadk_e_aead_lock_init(void)
++{
++	pthread_spin_init(&g_aead_engine.lock, PTHREAD_PROCESS_PRIVATE);
++}
+diff --git a/src/uadk_engine_init.c b/src/uadk_engine_init.c
+index 33707bf..c9cdd10 100644
+--- a/src/uadk_engine_init.c
++++ b/src/uadk_engine_init.c
+@@ -262,8 +262,10 @@ static int uadk_init(ENGINE *e)
+ 
+ 	if (uadk_digest)
+ 		uadk_e_digest_lock_init();
+-	if (uadk_cipher)
++	if (uadk_cipher) {
+ 		uadk_e_cipher_lock_init();
++		uadk_e_aead_lock_init();
++	}
+ 	if (uadk_rsa)
+ 		uadk_e_rsa_lock_init();
+ 	if (uadk_dh)
+-- 
+2.25.1
+

0059-uadk-fix-cipher-switchover-to-software-calculation-f.patch

@@ -0,0 +1,84 @@
+From f8c8181e68dfa14360aaaa2feff24779fc03ce76 Mon Sep 17 00:00:00 2001
+From: Wenkai Lin <linwenkai6@hisilicon.com>
+Date: Thu, 9 Nov 2023 11:23:41 +0800
+Subject: [PATCH 59/63] uadk: fix cipher switchover to software calculation
+ fails
+
+In the multi-thread scenario, if the hardware is faulty
+and the get_dev return is empty, the uadk engine should
+continue to complete registration instead of returning.
+
+Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
+---
+ src/uadk_cipher_adapter.c | 35 +++++++++++++++++++----------------
+ 1 file changed, 19 insertions(+), 16 deletions(-)
+
+diff --git a/src/uadk_cipher_adapter.c b/src/uadk_cipher_adapter.c
+index c915df8..2c4ed15 100644
+--- a/src/uadk_cipher_adapter.c
++++ b/src/uadk_cipher_adapter.c
+@@ -16,9 +16,11 @@
+  */
+ #include "uadk_cipher_adapter.h"
+ 
+-#define HW_SEC_V2 0
+-#define HW_SEC_V3 1
+-#define OTHERS_HW 2
++#define HW_UNINIT	-1
++#define HW_SEC_V2	0
++#define HW_SEC_V3	1
++
++static int g_platform = HW_UNINIT;
+ 
+ static int cipher_hw_v2_nids[] = {
+ 	NID_aes_128_cbc,
+@@ -140,7 +142,6 @@ static void uadk_e_create_ciphers(int index)
+ 
+ int uadk_e_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
+ {
+-	int platform = OTHERS_HW;
+ 	struct uacce_dev *dev;
+ 	__u32 i;
+ 
+@@ -153,24 +154,26 @@ int uadk_e_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int n
+ 		return 0;
+ 	}
+ 
+-	dev = wd_get_accel_dev("cipher");
+-	if (!dev) {
+-		fprintf(stderr, "no device available, switch to software!\n");
+-		return 0;
+-	}
++	if (g_platform == HW_UNINIT) {
++		dev = wd_get_accel_dev("cipher");
++		if (!dev) {
++			fprintf(stderr, "no device available, switch to software!\n");
++			return 0;
++		}
+ 
+-	if (!strcmp(dev->api, "hisi_qm_v2"))
+-		platform = HW_SEC_V2;
+-	else if (!strcmp(dev->api, "hisi_qm_v3"))
+-		platform = HW_SEC_V3;
++		if (!strcmp(dev->api, "hisi_qm_v2"))
++			g_platform = HW_SEC_V2;
++		else
++			g_platform = HW_SEC_V3;
+ 
+-	free(dev);
++		free(dev);
++	}
+ 
+ 	if (cipher == NULL) {
+-		if (platform == HW_SEC_V2) {
++		if (g_platform == HW_SEC_V2) {
+ 			*nids = cipher_hw_v2_nids;
+ 			return ARRAY_SIZE(cipher_hw_v2_nids);
+-		} else if (platform == HW_SEC_V3) {
++		} else if (g_platform == HW_SEC_V3) {
+ 			*nids = cipher_hw_v3_nids;
+ 			return ARRAY_SIZE(cipher_hw_v3_nids);
+ 		}
+-- 
+2.25.1
+

0060-aead-fix-tag-length-check.patch

@@ -0,0 +1,67 @@
+From d2e54deb1a0e1596fde73bc0970fb058316f3fb5 Mon Sep 17 00:00:00 2001
+From: Wenkai Lin <linwenkai6@hisilicon.com>
+Date: Thu, 9 Nov 2023 11:23:42 +0800
+Subject: [PATCH 60/63] aead: fix tag length check
+
+Encryption and decryption are distinguished when taglen is checked.
+
+Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
+---
+ src/uadk_aead.c | 19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/src/uadk_aead.c b/src/uadk_aead.c
+index 360f3f8..00ba4d2 100644
+--- a/src/uadk_aead.c
++++ b/src/uadk_aead.c
+@@ -375,6 +375,7 @@ static int uadk_e_aes_gcm_set_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
+ {
+ 	struct aead_priv_ctx *priv =
+ 		(struct aead_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
++	void *ctx_buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+ 	int enc = EVP_CIPHER_CTX_encrypting(ctx);
+ 
+ 	switch (type) {
+@@ -391,30 +392,30 @@ static int uadk_e_aes_gcm_set_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
+ 		}
+ 		return 1;
+ 	case EVP_CTRL_GCM_GET_TAG:
+-		if (arg <= 0 || arg > AES_GCM_TAG_LEN) {
+-			fprintf(stderr, "TAG length invalid.\n");
++		if (arg <= 0 || arg > AES_GCM_TAG_LEN || !enc) {
++			fprintf(stderr, "cannot get tag when decrypt or arg is invalid.\n");
+ 			return 0;
+ 		}
+ 
+-		if (EVP_CIPHER_CTX_buf_noconst(ctx) == NULL || ptr == NULL) {
+-			fprintf(stderr, "ctx memory pointer is invalid.\n");
++		if (ctx_buf == NULL || ptr == NULL) {
++			fprintf(stderr, "failed to get tag, ctx memory pointer is invalid.\n");
+ 			return 0;
+ 		}
+ 
+-		memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(ctx), arg);
++		memcpy(ptr, ctx_buf, arg);
+ 		return 1;
+ 	case EVP_CTRL_GCM_SET_TAG:
+-		if (arg != AES_GCM_TAG_LEN || enc) {
++		if (arg <= 0 || arg > AES_GCM_TAG_LEN || enc) {
+ 			fprintf(stderr, "cannot set tag when encrypt or arg is invalid.\n");
+ 			return 0;
+ 		}
+ 
+-		if (EVP_CIPHER_CTX_buf_noconst(ctx) == NULL || ptr == NULL) {
+-			fprintf(stderr, "ctx memory pointer is invalid.\n");
++		if (ctx_buf == NULL || ptr == NULL) {
++			fprintf(stderr, "failed to set tag, ctx memory pointer is invalid.\n");
+ 			return 0;
+ 		}
+ 
+-		memcpy(EVP_CIPHER_CTX_buf_noconst(ctx), ptr, AES_GCM_TAG_LEN);
++		memcpy(ctx_buf, ptr, arg);
+ 		return 1;
+ 	default:
+ 		fprintf(stderr, "unsupported ctrl type: %d\n", type);
+-- 
+2.25.1
+

0061-aead-fix-for-aes-gcm-update-process.patch

@@ -0,0 +1,503 @@
+From a76e6fd7bf698c19a5195506f331c39c35b37e40 Mon Sep 17 00:00:00 2001
+From: Wenkai Lin <linwenkai6@hisilicon.com>
+Date: Thu, 9 Nov 2023 11:23:43 +0800
+Subject: [PATCH 61/63] aead: fix for aes gcm update process
+
+According to openssl use mode, in the cipher update stage, the input
+data length should be the same as the output length, however, cached data
+is used for block mode now, this patch is intended to fix the problem.
+
+In the aead stream mode, the length of the final packet is 0 and can be
+calculated in the final stage, in the block mode(like asynchronous and
+aad 0-length scenarios), the calculation result must be returned
+to the user in the update stage.
+
+However, this adds an additional restriction, user need to set the mac
+before the update stage.
+
+Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
+---
+ src/uadk_aead.c | 278 +++++++++++++++++++++++++++---------------------
+ 1 file changed, 159 insertions(+), 119 deletions(-)
+
+diff --git a/src/uadk_aead.c b/src/uadk_aead.c
+index 00ba4d2..e27aba5 100644
+--- a/src/uadk_aead.c
++++ b/src/uadk_aead.c
+@@ -28,6 +28,7 @@
+ #include "uadk_utils.h"
+ 
+ #define RET_FAIL		-1
++#define STATE_FAIL		0xFFFF
+ #define CTX_SYNC_ENC		0
+ #define CTX_SYNC_DEC		1
+ #define CTX_ASYNC_ENC		2
+@@ -50,7 +51,7 @@ struct aead_priv_ctx {
+ 	unsigned char *data;
+ 	unsigned char iv[AES_GCM_BLOCK_SIZE];
+ 	unsigned char mac[AES_GCM_TAG_LEN];
+-	size_t last_update_bufflen;
++	int taglen;
+ };
+ 
+ struct aead_engine {
+@@ -267,10 +268,8 @@ static int uadk_e_ctx_init(struct aead_priv_ctx *priv, const unsigned char *ckey
+ 	int ret;
+ 
+ 	ret = uadk_e_init_aead_cipher();
+-	if (unlikely(!ret)) {
+-		fprintf(stderr, "uadk failed to init aead HW!\n");
++	if (!ret)
+ 		return 0;
+-	}
+ 
+ 	params.type = priv->req.op_type;
+ 	ret = uadk_e_is_env_enabled("aead");
+@@ -296,10 +295,14 @@ static int uadk_e_ctx_init(struct aead_priv_ctx *priv, const unsigned char *ckey
+ 			fprintf(stderr, "uadk engine failed to set ckey!\n");
+ 			goto out;
+ 		}
+-		priv->data = malloc(AEAD_BLOCK_SIZE << 1);
+-		if (unlikely(!priv->data)) {
+-			fprintf(stderr, "uadk engine failed to alloc data!\n");
+-			goto out;
++
++		if (ASYNC_get_current_job()) {
++			/* Memory needs to be reserved for both input and output. */
++			priv->data = malloc(AEAD_BLOCK_SIZE << 1);
++			if (unlikely(!priv->data)) {
++				fprintf(stderr, "uadk engine failed to alloc data!\n");
++				goto out;
++			}
+ 		}
+ 	}
+ 
+@@ -313,10 +316,15 @@ out:
+ static int uadk_e_aes_gcm_init(EVP_CIPHER_CTX *ctx, const unsigned char *ckey,
+ 			       const unsigned char *iv, int enc)
+ {
+-	struct aead_priv_ctx *priv =
+-		(struct aead_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
++	struct aead_priv_ctx *priv;
+ 	int ret, ckey_len;
+ 
++	priv = (struct aead_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
++	if (!priv) {
++		fprintf(stderr, "invalid: aead priv ctx is NULL.\n");
++		return 0;
++	}
++
+ 	if (unlikely(!ckey))
+ 		return 1;
+ 
+@@ -328,7 +336,6 @@ static int uadk_e_aes_gcm_init(EVP_CIPHER_CTX *ctx, const unsigned char *ckey,
+ 	priv->setup.dalg = 0;
+ 	priv->setup.dmode = 0;
+ 
+-	priv->last_update_bufflen = 0;
+ 	priv->req.assoc_bytes = 0;
+ 	priv->req.out_bytes = 0;
+ 	priv->req.data_fmt = WD_FLAT_BUF;
+@@ -339,6 +346,8 @@ static int uadk_e_aes_gcm_init(EVP_CIPHER_CTX *ctx, const unsigned char *ckey,
+ 
+ 	priv->req.mac = priv->mac;
+ 	priv->req.mac_bytes = AES_GCM_TAG_LEN;
++	priv->taglen = 0;
++	priv->data = NULL;
+ 
+ 	if (enc)
+ 		priv->req.op_type = WD_CIPHER_ENCRYPTION_DIGEST;
+@@ -355,8 +364,13 @@ static int uadk_e_aes_gcm_init(EVP_CIPHER_CTX *ctx, const unsigned char *ckey,
+ 
+ static int uadk_e_aes_gcm_cleanup(EVP_CIPHER_CTX *ctx)
+ {
+-	struct aead_priv_ctx *priv =
+-		(struct aead_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
++	struct aead_priv_ctx *priv;
++
++	priv = (struct aead_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
++	if (!priv) {
++		fprintf(stderr, "invalid: aead priv ctx is NULL.\n");
++		return 0;
++	}
+ 
+ 	if (priv->sess) {
+ 		wd_aead_free_sess(priv->sess);
+@@ -373,10 +387,15 @@ static int uadk_e_aes_gcm_cleanup(EVP_CIPHER_CTX *ctx)
+ 
+ static int uadk_e_aes_gcm_set_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+ {
+-	struct aead_priv_ctx *priv =
+-		(struct aead_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+ 	void *ctx_buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+ 	int enc = EVP_CIPHER_CTX_encrypting(ctx);
++	struct aead_priv_ctx *priv;
++
++	priv = (struct aead_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
++	if (!priv) {
++		fprintf(stderr, "invalid: aead priv ctx is NULL.\n");
++		return 0;
++	}
+ 
+ 	switch (type) {
+ 	case EVP_CTRL_INIT:
+@@ -387,7 +406,7 @@ static int uadk_e_aes_gcm_set_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
+ 		return 1;
+ 	case EVP_CTRL_GCM_SET_IVLEN:
+ 		if (arg != AES_GCM_IV_LEN) {
+-			fprintf(stderr, "gcm only support 12 bytes.\n");
++			fprintf(stderr, "invalid: aead gcm iv length only support 12B.\n");
+ 			return 0;
+ 		}
+ 		return 1;
+@@ -416,6 +435,7 @@ static int uadk_e_aes_gcm_set_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
+ 		}
+ 
+ 		memcpy(ctx_buf, ptr, arg);
++		priv->taglen = arg;
+ 		return 1;
+ 	default:
+ 		fprintf(stderr, "unsupported ctrl type: %d\n", type);
+@@ -423,18 +443,16 @@ static int uadk_e_aes_gcm_set_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
+ 	}
+ }
+ 
+-static int uadk_e_do_aes_gcm_first(EVP_CIPHER_CTX *ctx, unsigned char *out,
++static int uadk_e_do_aes_gcm_first(struct aead_priv_ctx *priv, unsigned char *out,
+ 				   const unsigned char *in, size_t inlen)
+ {
+-	struct aead_priv_ctx *priv =
+-	     (struct aead_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+ 	int ret;
+ 
+ 	priv->req.assoc_bytes = inlen;
+ 
++	/* Asynchronous jobs use the block mode. */
+ 	if (ASYNC_get_current_job()) {
+-		memcpy(priv->data + priv->last_update_bufflen, in, inlen);
+-		priv->last_update_bufflen += inlen;
++		memcpy(priv->data, in, inlen);
+ 		return 1;
+ 	}
+ 
+@@ -442,68 +460,43 @@ static int uadk_e_do_aes_gcm_first(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ 	priv->req.msg_state = AEAD_MSG_FIRST;
+ 
+ 	ret = wd_do_aead_sync(priv->sess, &priv->req);
+-	if (ret < 0) {
+-		fprintf(stderr, "do sec aead first operation failed, ret:%d!\n", ret);
++	if (unlikely(ret < 0)) {
++		fprintf(stderr, "do aead first operation failed, ret: %d!\n", ret);
+ 		return RET_FAIL;
+ 	}
+ 
+ 	return 1;
+ }
+ 
+-static int uadk_e_hw_update(struct aead_priv_ctx *priv, unsigned char *out,
+-			    unsigned char *in, size_t inlen)
++static int do_aead_sync(struct aead_priv_ctx *priv, unsigned char *out,
++			const unsigned char *in, size_t inlen)
+ {
+ 	int ret;
+ 
+-	priv->req.src = in;
++	/* Due to a hardware limitation, zero-length aad using block mode. */
++	if (priv->req.assoc_bytes)
++		priv->req.msg_state = AEAD_MSG_MIDDLE;
++	else
++		priv->req.msg_state = AEAD_MSG_BLOCK;
++
++	priv->req.src = (unsigned char *)in;
+ 	priv->req.dst = out;
+ 	priv->req.in_bytes = inlen;
+-	priv->req.msg_state = AEAD_MSG_MIDDLE;
++	priv->req.state = 0;
+ 	ret = wd_do_aead_sync(priv->sess, &priv->req);
+-	if (ret < 0) {
+-		fprintf(stderr, "do sec aead update operation failed, ret:%d!\n", ret);
++	if (ret < 0 || priv->req.state) {
++		fprintf(stderr, "do aead update operation failed, ret: %d, state: %u!\n",
++			ret, priv->req.state);
+ 		return RET_FAIL;
+ 	}
+ 
+-	return 0;
+-}
+-
+-static int uadk_e_cache_data(struct aead_priv_ctx *priv, const unsigned char *in, size_t inlen)
+-{
+-	if (ASYNC_get_current_job() || !priv->req.assoc_bytes) {
+-		if (priv->last_update_bufflen + inlen > AEAD_BLOCK_SIZE) {
+-			fprintf(stderr, "aead input data length is too long!\n");
+-			return RET_FAIL;
+-		}
+-		memcpy(priv->data + priv->last_update_bufflen, in, inlen);
+-		priv->last_update_bufflen += inlen;
+-		return 0;
+-	}
+-
+-	return 1;
+-}
+-
+-static int uadk_e_do_aes_gcm_update(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-				    const unsigned char *in, size_t inlen)
+-{
+-	struct aead_priv_ctx *priv =
+-	     (struct aead_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+-	int ret;
+-
+-	ret = uadk_e_cache_data(priv, in, inlen);
+-	if (ret <= 0)
+-		return ret;
+-
+-	ret = uadk_e_hw_update(priv, out, in, inlen);
+-	if (ret < 0)
+-		return RET_FAIL;
+-
+ 	return inlen;
+ }
+ 
+ static void *uadk_e_aead_cb(struct wd_aead_req *req, void *data)
+ {
+ 	struct uadk_e_cb_info *cb_param;
++	struct wd_aead_req *req_origin;
+ 	struct async_op *op;
+ 
+ 	if (!req)
+@@ -513,6 +506,9 @@ static void *uadk_e_aead_cb(struct wd_aead_req *req, void *data)
+ 	if (!cb_param)
+ 		return NULL;
+ 
++	req_origin = cb_param->priv;
++	req_origin->state = req->state;
++
+ 	op = cb_param->op;
+ 	if (op && op->job && !op->done) {
+ 		op->done = 1;
+@@ -523,35 +519,49 @@ static void *uadk_e_aead_cb(struct wd_aead_req *req, void *data)
+ 	return NULL;
+ }
+ 
+-static int do_aead_async(struct aead_priv_ctx *priv, struct async_op *op)
++static int do_aead_async(struct aead_priv_ctx *priv, struct async_op *op,
++			 unsigned char *out, const unsigned char *in, size_t inlen)
+ {
+ 	struct uadk_e_cb_info *cb_param;
+-	int ret = 0;
+-	int idx;
++	int ret;
+ 
+-	priv->req.in_bytes = priv->last_update_bufflen - priv->req.assoc_bytes;
+-	priv->req.dst = priv->data + AEAD_BLOCK_SIZE;
++	if (unlikely(priv->req.assoc_bytes + inlen > AEAD_BLOCK_SIZE)) {
++		fprintf(stderr, "aead input data length is too long!\n");
++		return 0;
++	}
++
++	priv->req.in_bytes = inlen;
++	/* AAD data is input or output together with plaintext or ciphertext. */
++	if (priv->req.assoc_bytes) {
++		memcpy(priv->data + priv->req.assoc_bytes, in, inlen);
++		priv->req.src = priv->data;
++		priv->req.dst = priv->data + AEAD_BLOCK_SIZE;
++	} else {
++		priv->req.src = (unsigned char *)in;
++		priv->req.dst = out;
++	}
+ 
+ 	cb_param = malloc(sizeof(struct uadk_e_cb_info));
+-	if (!cb_param) {
++	if (unlikely(!cb_param)) {
+ 		fprintf(stderr, "failed to alloc cb_param.\n");
+-		return ret;
++		return 0;
+ 	}
+ 
+ 	cb_param->op = op;
+-	cb_param->priv = priv;
++	cb_param->priv = &priv->req;
+ 	priv->req.cb = uadk_e_aead_cb;
+ 	priv->req.cb_param = cb_param;
++	priv->req.msg_state = AEAD_MSG_BLOCK;
++	priv->req.state = STATE_FAIL;
+ 
+-	ret = async_get_free_task(&idx);
+-	if (!ret)
++	ret = async_get_free_task(&op->idx);
++	if (unlikely(!ret))
+ 		goto free_cb_param;
+ 
+-	op->idx = idx;
+ 	do {
+ 		ret = wd_do_aead_async(priv->sess, &priv->req);
+-		if (ret < 0 && ret != -EBUSY) {
+-			fprintf(stderr, "do sec aead async failed.\n");
++		if (unlikely(ret < 0 && ret != -EBUSY)) {
++			fprintf(stderr, "do aead async operation failed.\n");
+ 			async_free_poll_task(op->idx, 0);
+ 			ret = 0;
+ 			goto free_cb_param;
+@@ -559,65 +569,59 @@ static int do_aead_async(struct aead_priv_ctx *priv, struct async_op *op)
+ 	} while (ret == -EBUSY);
+ 
+ 	ret = async_pause_job(priv, op, ASYNC_TASK_AEAD);
++	if (unlikely(!ret || priv->req.state)) {
++		fprintf(stderr, "do aead async job failed, ret: %d, state: %u!\n",
++			ret, priv->req.state);
++		ret = 0;
++		goto free_cb_param;
++	}
++
++	if (priv->req.assoc_bytes)
++		memcpy(out, priv->req.dst + priv->req.assoc_bytes, inlen);
+ 
+ free_cb_param:
+ 	free(cb_param);
+ 	return ret;
+ }
+ 
+-static int uadk_e_do_aes_gcm_final(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-				   const unsigned char *in, size_t inlen)
++static int uadk_e_do_aes_gcm_update(EVP_CIPHER_CTX *ctx, struct aead_priv_ctx *priv,
++				    unsigned char *out, const unsigned char *in, size_t inlen)
+ {
+-	struct aead_priv_ctx *priv =
+-	     (struct aead_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+ 	unsigned char *ctx_buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+ 	struct async_op *op;
+ 	int ret, enc;
+ 
+-	op = malloc(sizeof(struct async_op));
+-	if (!op)
+-		return RET_FAIL;
+-
+-	ret = async_setup_async_event_notification(op);
+-	if (unlikely(!ret)) {
+-		fprintf(stderr, "failed to setup async event notification.\n");
+-		free(op);
+-		return RET_FAIL;
++	enc = EVP_CIPHER_CTX_encrypting(ctx);
++	if (!enc) {
++		if (priv->taglen == AES_GCM_TAG_LEN) {
++			memcpy(priv->req.mac, ctx_buf, AES_GCM_TAG_LEN);
++		} else {
++			fprintf(stderr, "invalid: aead gcm mac length only support 16B.\n");
++			return RET_FAIL;
++		}
+ 	}
+ 
+-	if (priv->req.assoc_bytes && !op->job)
+-		priv->req.msg_state = AEAD_MSG_END;
+-	else
+-		priv->req.msg_state = AEAD_MSG_BLOCK;
+-
+-	enc = EVP_CIPHER_CTX_encrypting(ctx);
+-	if (!enc)
+-		memcpy(priv->req.mac, ctx_buf, AES_GCM_TAG_LEN);
++	if (ASYNC_get_current_job()) {
++		op = malloc(sizeof(struct async_op));
++		if (unlikely(!op))
++			return RET_FAIL;
+ 
+-	priv->req.src = priv->data;
+-	if (!op->job) {
+-		priv->req.in_bytes = priv->last_update_bufflen;
+-		priv->req.dst = out;
+-		ret = wd_do_aead_sync(priv->sess, &priv->req);
+-		if (ret < 0) {
+-			fprintf(stderr, "do sec aead final operation failed, ret: %d!\n", ret);
+-			goto out;
++		ret = async_setup_async_event_notification(op);
++		if (unlikely(!ret)) {
++			fprintf(stderr, "failed to setup async event notification.\n");
++			free(op);
++			return RET_FAIL;
+ 		}
+-	} else {
+-		ret = do_aead_async(priv, op);
+-		if (!ret)
++
++		ret = do_aead_async(priv, op, out, in, inlen);
++		if (unlikely(!ret))
+ 			goto out;
+ 
+-		memcpy(out, priv->req.dst + priv->req.assoc_bytes, priv->req.in_bytes);
++		free(op);
++		return inlen;
+ 	}
+ 
+-	if (enc)
+-		memcpy(ctx_buf, priv->req.mac, AES_GCM_TAG_LEN);
+-
+-	priv->last_update_bufflen = 0;
+-
+-	free(op);
+-	return priv->req.in_bytes;
++	return do_aead_sync(priv, out, in, inlen);
+ 
+ out:
+ 	(void)async_clear_async_event_notification();
+@@ -625,19 +629,55 @@ out:
+ 	return RET_FAIL;
+ }
+ 
++static int uadk_e_do_aes_gcm_final(EVP_CIPHER_CTX *ctx, struct aead_priv_ctx *priv,
++				   unsigned char *out, const unsigned char *in, size_t inlen)
++{
++	unsigned char *ctx_buf = EVP_CIPHER_CTX_buf_noconst(ctx);
++	int ret, enc;
++
++	enc = EVP_CIPHER_CTX_encrypting(ctx);
++
++	if (ASYNC_get_current_job() || !priv->req.assoc_bytes)
++		goto out;
++
++	priv->req.msg_state = AEAD_MSG_END;
++	priv->req.src = NULL;
++	priv->req.in_bytes = 0;
++	priv->req.dst = out;
++	priv->req.state = 0;
++	ret = wd_do_aead_sync(priv->sess, &priv->req);
++	if (ret < 0 || priv->req.state) {
++		fprintf(stderr, "do aead final operation failed, ret: %d, state: %u!\n",
++			ret, priv->req.state);
++		return RET_FAIL;
++	}
++
++out:
++	if (enc)
++		memcpy(ctx_buf, priv->req.mac, AES_GCM_TAG_LEN);
++
++	return 0;
++}
++
+ static int uadk_e_do_aes_gcm(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ 			     const unsigned char *in, size_t inlen)
+ {
+-	int ret;
++	struct aead_priv_ctx *priv;
++
++	priv = (struct aead_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
++	if (unlikely(!priv)) {
++		fprintf(stderr, "invalid: aead priv ctx is NULL.\n");
++		return 0;
++	}
+ 
+ 	if (in) {
+ 		if (out == NULL)
+-			return uadk_e_do_aes_gcm_first(ctx, out, in, inlen);
++			return uadk_e_do_aes_gcm_first(priv, out, in, inlen);
+ 
+-		return uadk_e_do_aes_gcm_update(ctx, out, in, inlen);
++		return uadk_e_do_aes_gcm_update(ctx, priv, out, in, inlen);
+ 	}
+ 
+-	return uadk_e_do_aes_gcm_final(ctx, out, NULL, 0);
++	return uadk_e_do_aes_gcm_final(ctx, priv, out, NULL, 0);
+ }
+ 
+ #define UADK_AEAD_DESCR(name, block_size, key_size, iv_len, flags, ctx_size,	\
+-- 
+2.25.1
+

0062-cipher-add-sm4-ecb-mode.patch

@@ -0,0 +1,47 @@
+From 1fd2648b118e62cff58c88e4ad71f1fe57d7905d Mon Sep 17 00:00:00 2001
+From: Wenkai Lin <linwenkai6@hisilicon.com>
+Date: Thu, 9 Nov 2023 11:23:44 +0800
+Subject: [PATCH 62/63] cipher: add sm4 ecb mode
+
+The sm4 ecb disappeared in the previous modification
+and added its support again.
+
+Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
+---
+ src/uadk_cipher.c         | 7 +++++++
+ src/uadk_cipher_adapter.c | 1 +
+ 2 files changed, 8 insertions(+)
+
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index 63cc738..12830b7 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -878,6 +878,13 @@ EVP_CIPHER *uadk_create_cipher_meth(int nid)
+ 				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
+ 		cipher = uadk_sm4_cbc;
+ 		break;
++	case NID_sm4_ecb:
++		UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE,
++				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
++				uadk_e_do_cipher, uadk_e_cipher_cleanup,
++				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		cipher = uadk_sm4_ecb;
++		break;
+ 	case NID_des_ede3_cbc:
+ 		UADK_CIPHER_DESCR(des_ede3_cbc, 8, 24, 8, EVP_CIPH_CBC_MODE,
+ 				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+diff --git a/src/uadk_cipher_adapter.c b/src/uadk_cipher_adapter.c
+index 2c4ed15..065575b 100644
+--- a/src/uadk_cipher_adapter.c
++++ b/src/uadk_cipher_adapter.c
+@@ -32,6 +32,7 @@ static int cipher_hw_v2_nids[] = {
+ 	NID_aes_128_xts,
+ 	NID_aes_256_xts,
+ 	NID_sm4_cbc,
++	NID_sm4_ecb,
+ 	NID_des_ede3_cbc,
+ 	NID_des_ede3_ecb,
+ 	NID_aes_128_gcm,
+-- 
+2.25.1
+

0063-uadk-fix-EVP_CTRL_GET_IVLEN-not-find.patch

@@ -0,0 +1,31 @@
+From fec3d5c63da44062b9cf8726a20281e9ac955eda Mon Sep 17 00:00:00 2001
+From: Wenkai Lin <linwenkai6@hisilicon.com>
+Date: Thu, 9 Nov 2023 16:46:01 +0800
+Subject: [PATCH 63/63] uadk: fix EVP_CTRL_GET_IVLEN not find
+
+EVP_CTRL_GET_IVLEN was not introduced in early versions.
+
+Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
+---
+ src/uadk_aead.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/uadk_aead.c b/src/uadk_aead.c
+index e27aba5..c2646f1 100644
+--- a/src/uadk_aead.c
++++ b/src/uadk_aead.c
+@@ -401,9 +401,11 @@ static int uadk_e_aes_gcm_set_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
+ 	case EVP_CTRL_INIT:
+ 		priv->req.iv_bytes = 0;
+ 		return 1;
++# if (OPENSSL_VERSION_NUMBER >= 0x1010106fL)
+ 	case EVP_CTRL_GET_IVLEN:
+ 		*(int *)ptr = priv->req.iv_bytes;
+ 		return 1;
++#endif
+ 	case EVP_CTRL_GCM_SET_IVLEN:
+ 		if (arg != AES_GCM_IV_LEN) {
+ 			fprintf(stderr, "invalid: aead gcm iv length only support 12B.\n");
+-- 
+2.25.1
+

uadk_engine.spec

@@ -1,7 +1,7 @@
 Name:          uadk_engine
 Summary:       UADK Accelerator Engine
 Version:       1.2.0
-Release:       2
+Release:       3
 License:       Apache-2.0
 Source:        %{name}-%{version}.tar.gz
 ExclusiveOS:   linux
@@ -61,6 +61,21 @@ Patch0045:	0045-uadk_provider-add-DOPENSSL_SUPPRESS_DEPRECATED.patch
 Patch0046:	0046-uadk_prov_cipher-fix-build-warning.patch
 Patch0047:	0047-uadk_prov_init-change-name-more-informative.patch
 Patch0048:	0048-digest-alloc-session-and-data-when-copy-evp-context.patch
+Patch0049:	0049-uadk_prov_init-remove-engine_uadk_id.patch
+Patch0050:	0050-uadk_prov-reuse-OSSL_OP_STORE-from-default-provider.patch
+Patch0051:	0051-uadk-add-uadk_prov_dh.patch
+Patch0052:	0052-uadk-add-DH-sanity-test.patch
+Patch0053:	0053-uadk-add-uadk_provider.cnf.patch
+Patch0054:	0054-uadk-add-evp_test.sh.patch
+Patch0055:	0055-uadk_engine-remove-redundant-param-of-async.patch
+Patch0056:	0056-uadk_engine-support-aead-aes-gcm-algorithm.patch
+Patch0057:	0057-cipher-fix-uadk_e_destroy_cipher-memory-leak.patch
+Patch0058:	0058-aead-fix-for-engine-lock-is-not-initialized.patch
+Patch0059:	0059-uadk-fix-cipher-switchover-to-software-calculation-f.patch
+Patch0060:	0060-aead-fix-tag-length-check.patch
+Patch0061:	0061-aead-fix-for-aes-gcm-update-process.patch
+Patch0062:	0062-cipher-add-sm4-ecb-mode.patch
+Patch0063:	0063-uadk-fix-EVP_CTRL_GET_IVLEN-not-find.patch
 
 %description
 This package contains the UADK Accelerator Engine
@@ -110,6 +125,9 @@ fi
 /sbin/ldconfig
 
 %changelog
+* Tue Nov 21 2023 JiangShui Yang <yangjiangshui@h-partners.com> 1.2.0-3
+- Backport uadk engine build patch
+
 * Tue Oct 31 2023 JiangShui Yang <yangjiangshui@h-partners.com> 1.2.0-2
 - Backport uadk engine build patch