Backport uadk engine build patch

0064-configure-use-LT_INIT-to-replace-obsolete-AC_PROG_LI.patch

@@ -0,0 +1,31 @@
+From c0a9cc207853c2231713991c780d95c21f821c72 Mon Sep 17 00:00:00 2001
+From: Zhangfei Gao <zhangfei.gao@linaro.org>
+Date: Mon, 13 Nov 2023 09:10:52 +0000
+Subject: [PATCH 64/82] configure: use LT_INIT to replace obsolete
+ AC_PROG_LIBTOOL
+
+resolve configure warning
+configure.ac:9: warning: The macro `AC_PROG_LIBTOOL' is obsolete.
+
+Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
+---
+ configure.ac | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 0fc14ed..a3fee58 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -6,8 +6,7 @@ AC_CONFIG_MACRO_DIR([m4])
+ AC_CONFIG_HEADERS([config.h])
+ 
+ AC_PROG_CC
+-AC_PROG_LIBTOOL
+-AM_PROG_LIBTOOL
++LT_INIT
+ 
+ AC_ARG_ENABLE(kae,
+ 	      AS_HELP_STRING([--enable-kae],[Enable kae support]))
+-- 
+2.25.1
+

0065-uadk_prov-Set-enable_sw_offload-from-uadk_provider.c.patch

@@ -0,0 +1,265 @@
+From bd2488f4f418e3a3cb4bee1aaedab25e7737fc99 Mon Sep 17 00:00:00 2001
+From: Zhangfei Gao <zhangfei.gao@linaro.org>
+Date: Tue, 14 Nov 2023 09:10:12 +0000
+Subject: [PATCH 65/82] uadk_prov: Set enable_sw_offload from uadk_provider.cnf
+
+Add para enable_sw_offload to offload small packets to sw.
+This can be configured from uadk_provider.cnf with default 0.
+Only offload when enable_sw_offload != 0
+
+Other paras can be added accordingly later
+
+For example:
+vi uadk_provider.cnf
+enable_sw_offload = 1
+
+OPENSSL_CONF=uadk_provider.cnf openssl speed -evp md5
+
+Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
+---
+ src/uadk_prov.h        |  3 +++
+ src/uadk_prov_cipher.c | 41 ++++++++++++++++++++++-----------
+ src/uadk_prov_digest.c |  7 ++++--
+ src/uadk_prov_init.c   | 52 ++++++++++++++++++++++++++++++++++++++++++
+ uadk_provider.cnf      |  1 +
+ 5 files changed, 89 insertions(+), 15 deletions(-)
+
+diff --git a/src/uadk_prov.h b/src/uadk_prov.h
+index 718e78c..b4871b3 100644
+--- a/src/uadk_prov.h
++++ b/src/uadk_prov.h
+@@ -124,4 +124,7 @@ void uadk_prov_destroy_digest(void);
+ void uadk_prov_destroy_cipher(void);
+ void uadk_prov_destroy_rsa(void);
+ void uadk_prov_destroy_dh(void);
++
++/* offload small packets to sw */
++extern int enable_sw_offload;
+ #endif
+diff --git a/src/uadk_prov_cipher.c b/src/uadk_prov_cipher.c
+index 9b0e9fe..5cb91f6 100644
+--- a/src/uadk_prov_cipher.c
++++ b/src/uadk_prov_cipher.c
+@@ -27,6 +27,7 @@
+ #include <uadk/wd_sched.h>
+ #include "uadk.h"
+ #include "uadk_async.h"
++#include "uadk_prov.h"
+ 
+ #define UADK_DO_SOFT		(-0xE0)
+ #define UADK_DO_HW		(-0xF0)
+@@ -283,7 +284,8 @@ static int uadk_prov_cipher_init(struct cipher_priv_ctx *priv,
+ 	if (key)
+ 		memcpy(priv->key, key, keylen);
+ 
+-	uadk_prov_cipher_sw_init(priv, key, iv);
++	if (enable_sw_offload)
++		uadk_prov_cipher_sw_init(priv, key, iv);
+ 	return 1;
+ }
+ 
+@@ -446,7 +448,8 @@ static void uadk_prov_cipher_ctx_init(struct cipher_priv_ctx *priv)
+ 		free(ctx_set_num);
+ 
+ 		if (unlikely(ret)) {
+-			priv->switch_flag = UADK_DO_SOFT;
++			if (priv->sw_cipher)
++				priv->switch_flag = UADK_DO_SOFT;
+ 			pthread_mutex_unlock(&cipher_mutex);
+ 			return;
+ 		}
+@@ -634,10 +637,16 @@ static int uadk_prov_do_cipher(struct cipher_priv_ctx *priv, unsigned char *out,
+ 	int outlint = 0;
+ 	int ret;
+ 
+-	if (priv->switch_flag == UADK_DO_SOFT ||
+-	    (priv->sw_cipher && priv->switch_flag != UADK_DO_HW &&
+-	     inlen <= priv->switch_threshold)) {
+-		/* have issue if both using hw and soft partly */
++	if (priv->sw_cipher &&
++	    (priv->switch_flag == UADK_DO_SOFT ||
++	    (priv->switch_flag != UADK_DO_HW &&
++	     inlen <= priv->switch_threshold))) {
++		/*
++		 * Using soft only if enable_sw_offload, which is set in conf file,
++		 * then sw_cipher is initialzied
++		 * 1. small packets
++		 * 2. already choose DO_SOFT, can be hw fail case or following sw case
++		 */
+ 		ret = uadk_prov_cipher_soft_work(priv, out, &outlint, in, inlen);
+ 		if (ret) {
+ 			*outl = outlint;
+@@ -746,7 +755,8 @@ static int uadk_prov_cipher_block_final(void *vctx, unsigned char *out,
+ 	int sw_final_len = 0;
+ 	int ret;
+ 
+-	if (priv->switch_flag == UADK_DO_SOFT) {
++	if (priv->sw_cipher &&
++	    priv->switch_flag == UADK_DO_SOFT) {
+ 		if (!EVP_CipherFinal_ex(priv->sw_ctx, out, &sw_final_len)) {
+ 			fprintf(stderr, "EVP_CipherFinal_ex sw_ctx failed.\n");
+ 			return 0;
+@@ -854,9 +864,10 @@ static int uadk_prov_cipher_stream_update(void *vctx, unsigned char *out,
+ 		return 0;
+ 	}
+ 
+-	if (priv->switch_flag == UADK_DO_SOFT ||
+-	    (priv->sw_cipher && priv->switch_flag != UADK_DO_HW &&
+-	     inl <= priv->switch_threshold)) {
++	if (priv->sw_cipher &&
++	    (priv->switch_flag == UADK_DO_SOFT ||
++	    (priv->switch_flag != UADK_DO_HW &&
++	     inl <= priv->switch_threshold))) {
+ 		int len = 0;
+ 
+ 		/* have isseu if both using hw and soft partly */
+@@ -883,7 +894,8 @@ static int uadk_prov_cipher_stream_final(void *vctx, unsigned char *out,
+ 	struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)vctx;
+ 	int sw_final_len = 0;
+ 
+-	if (priv->switch_flag == UADK_DO_SOFT) {
++	if (priv->sw_cipher &&
++	    priv->switch_flag == UADK_DO_SOFT) {
+ 		if (!EVP_CipherFinal_ex(priv->sw_ctx, out, &sw_final_len)) {
+ 			fprintf(stderr, "EVP_CipherFinal_ex sw_ctx failed.\n");
+ 			return 0;
+@@ -1083,8 +1095,11 @@ static void uadk_prov_cipher_freectx(void *ctx)
+ {
+ 	struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *)ctx;
+ 
+-	EVP_CIPHER_free(priv->sw_cipher);
+-	EVP_CIPHER_CTX_free(priv->sw_ctx);
++	if (priv->sw_cipher)
++		EVP_CIPHER_free(priv->sw_cipher);
++
++	if (priv->sw_ctx)
++		EVP_CIPHER_CTX_free(priv->sw_ctx);
+ 
+ 	if (priv->sess) {
+ 		wd_cipher_free_sess(priv->sess);
+diff --git a/src/uadk_prov_digest.c b/src/uadk_prov_digest.c
+index 8d6bf06..378bcbc 100644
+--- a/src/uadk_prov_digest.c
++++ b/src/uadk_prov_digest.c
+@@ -29,6 +29,7 @@
+ #include <uadk/wd_sched.h>
+ #include "uadk.h"
+ #include "uadk_async.h"
++#include "uadk_prov.h"
+ #include "uadk_utils.h"
+ 
+ #define UADK_DO_SOFT	(-0xE0)
+@@ -288,7 +289,8 @@ static int uadk_digest_init(struct digest_priv_ctx *priv)
+ 		return 0;
+ 	}
+ 
+-	uadk_digests_soft_md(priv);
++	if (enable_sw_offload)
++		uadk_digests_soft_md(priv);
+ 
+ 	return 1;
+ 
+@@ -403,7 +405,8 @@ static int uadk_do_digest_sync(struct digest_priv_ctx *priv)
+ {
+ 	int ret;
+ 
+-	if (priv->req.in_bytes <= priv->switch_threshold &&
++	if (priv->soft_md &&
++	    priv->req.in_bytes <= priv->switch_threshold &&
+ 	    priv->state == SEC_DIGEST_INIT)
+ 		return 0;
+ 
+diff --git a/src/uadk_prov_init.c b/src/uadk_prov_init.c
+index c3d4a63..9cea8b9 100644
+--- a/src/uadk_prov_init.c
++++ b/src/uadk_prov_init.c
+@@ -31,6 +31,17 @@
+ static const char UADK_DEFAULT_PROPERTIES[] = "provider=uadk_provider";
+ static OSSL_PROVIDER *prov;
+ 
++/* Functions provided by the core */
++static OSSL_FUNC_core_get_params_fn *c_get_params;
++static OSSL_FUNC_core_get_libctx_fn *c_get_libctx;
++
++struct uadk_provider_params {
++	char *enable_sw_offload;
++} uadk_params;
++
++/* offload small packets to sw */
++int enable_sw_offload;
++
+ const OSSL_ALGORITHM uadk_prov_digests[] = {
+ 	{ OSSL_DIGEST_NAME_MD5, UADK_DEFAULT_PROPERTIES,
+ 	  uadk_md5_functions, "uadk_provider md5" },
+@@ -153,6 +164,28 @@ static const OSSL_DISPATCH uadk_dispatch_table[] = {
+ 	{ 0, NULL }
+ };
+ 
++int uadk_get_params_from_core(const OSSL_CORE_HANDLE *handle)
++{
++	OSSL_PARAM core_params[2], *p = core_params;
++
++	*p++ = OSSL_PARAM_construct_utf8_ptr(
++			"enable_sw_offload",
++			(char **)&uadk_params.enable_sw_offload,
++			0);
++
++	*p = OSSL_PARAM_construct_end();
++
++	if (!c_get_params(handle, core_params)) {
++		fprintf(stderr, "WARN: UADK get parameters from core is failed.\n");
++		return 0;
++	}
++
++	if (uadk_params.enable_sw_offload)
++		enable_sw_offload = atoi(uadk_params.enable_sw_offload);
++
++	return 1;
++}
++
+ static void provider_init_child_at_fork_handler(void)
+ {
+ 	int ret;
+@@ -170,11 +203,30 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
+ 	struct uadk_prov_ctx *ctx;
+ 	int ret;
+ 
++	for (; oin->function_id != 0; oin++) {
++		switch (oin->function_id) {
++		case OSSL_FUNC_CORE_GET_PARAMS:
++			c_get_params = OSSL_FUNC_core_get_params(oin);
++			break;
++		case OSSL_FUNC_CORE_GET_LIBCTX:
++			c_get_libctx = OSSL_FUNC_core_get_libctx(oin);
++			break;
++		default:
++			/* Just ignore anything we don't understand */
++			break;
++		}
++	}
++
++	/* get parameters from uadk_provider.cnf */
++	if (!uadk_get_params_from_core(handle))
++		return 0;
++
+ 	ctx = OPENSSL_zalloc(sizeof(*ctx));
+ 	if (ctx == NULL)
+ 		return 0;
+ 
+ 	ctx->handle = handle;
++	ctx->libctx = (OSSL_LIB_CTX *)c_get_libctx(handle);
+ 	ret = async_module_init();
+ 	if (!ret)
+ 		fprintf(stderr, "async_module_init fail!\n");
+diff --git a/uadk_provider.cnf b/uadk_provider.cnf
+index c9d1596..7b277ac 100644
+--- a/uadk_provider.cnf
++++ b/uadk_provider.cnf
+@@ -13,3 +13,4 @@ uadk_provider = uadk_sect
+ 
+ [uadk_sect]
+ activate = 1
++enable_sw_offload = 0
+-- 
+2.25.1
+

0066-ecc-optimize-sm2-sign-check-function.patch

@@ -0,0 +1,62 @@
+From f4f8c9a20fa60b2b8c97a3b2a5b0edef1fc896b7 Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 25 Nov 2023 16:13:17 +0800
+Subject: [PATCH 66/82] ecc: optimize sm2 sign check function
+
+Enable users to pass NULL sign parameter to obtain the
+length of the signature result. If users want to do actual
+signature task, they need to call the signature function a
+second time.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk_sm2.c | 19 +++++++++++++------
+ 1 file changed, 13 insertions(+), 6 deletions(-)
+
+diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
+index f393641..df760fe 100644
+--- a/src/uadk_sm2.c
++++ b/src/uadk_sm2.c
+@@ -26,6 +26,8 @@
+ #include "uadk.h"
+ #include "uadk_pkey.h"
+ 
++#define GET_SIGNLEN	1
++
+ enum {
+ 	CTX_INIT_FAIL = -1,
+ 	CTX_UNINIT,
+@@ -673,6 +675,17 @@ static int sm2_sign_check(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+ 	EC_KEY *ec = EVP_PKEY_get0(p_key);
+ 	const int sig_sz = ECDSA_size(ec);
+ 
++	/*
++	 * If 'sig' is NULL, users can use sm2_decrypt API to obtain the valid 'siglen' first,
++	 * then users use the value of 'signlen' to alloc the memory of 'sig' and call the
++	 * sm2_decrypt API a second time to do the decryption task.
++	 */
++	if (!sig) {
++		fprintf(stderr, "sig is NULL, get valid siglen\n");
++		*siglen = (size_t)sig_sz;
++		return GET_SIGNLEN;
++	}
++
+ 	if (!smctx || !smctx->sess) {
+ 		fprintf(stderr, "smctx or sess NULL\n");
+ 		return UADK_DO_SOFT;
+@@ -693,12 +706,6 @@ static int sm2_sign_check(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+ 		return -EINVAL;
+ 	}
+ 
+-	if (!sig) {
+-		fprintf(stderr, "invalid: sig is NULL\n");
+-		*siglen = (size_t)sig_sz;
+-		return -EINVAL;
+-	}
+-
+ 	if (tbslen > SM2_KEY_BYTES)
+ 		return UADK_DO_SOFT;
+ 
+-- 
+2.25.1
+

0067-digest-fix-the-address-of-async-op.patch

@@ -0,0 +1,104 @@
+From e88c3c63a1f71048854c83aaa45710d8eaf702af Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 25 Nov 2023 16:13:18 +0800
+Subject: [PATCH 67/82] digest: fix the address of async op
+
+When call uadk_engine by gmssl:
+	gmssl speed -elapsed -engine uadk_engine -async_jobs 16
+
+There is a core dump, the call stack is:
+	| read
+	| async_pause_job
+	| do_digest_async
+	| uadk_e_digest_final
+	| EVP_DigestFinal_ex
+	| rand_bytes
+	| rand_nopseudo_bytes
+	| RAND_bytes
+	| bnrand
+	| BN_pseudo_rand
+	| bn_rand_range
+	| BN_priv_rand_range
+	| uadk_ecc_get_rand
+	| generate_random
+	| new_sign_in
+	| wd_sm2_new_sign_in
+	| sm2_sign_init_iot
+After finishing uadk_e_digest_final(), EVP_DigestFinal_ex() will continue
+calling cleanup() function, the address of async job will be changed. As
+the address is on stack, if the async thread happens to use this async job,
+the core dump will occur:
+	| ASYNC_WAIT_CTX_get_fd
+	| async_wake_job
+	| async_cb
+	| wd_digest_poll_ctx
+	| uadk_e_digest_poll
+	| async_poll_process_func
+So the address of op should be on heap to save the async job, or it will
+be released by digest cleaup process, and affects the following async task.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk_digest.c | 15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/src/uadk_digest.c b/src/uadk_digest.c
+index fa96e57..0aa90f3 100644
+--- a/src/uadk_digest.c
++++ b/src/uadk_digest.c
+@@ -767,7 +767,7 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
+ {
+ 	struct digest_priv_ctx *priv =
+ 		(struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
+-	struct async_op op;
++	struct async_op *op;
+ 	int ret = 1;
+ 
+ 	digest_set_msg_state(priv, true);
+@@ -782,13 +782,18 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
+ 	if (priv->e_nid == NID_sha384)
+ 		priv->req.out_bytes = WD_DIGEST_SHA384_LEN;
+ 
+-	ret = async_setup_async_event_notification(&op);
++	op = malloc(sizeof(struct async_op));
++	if (!op)
++		return 0;
++
++	ret = async_setup_async_event_notification(op);
+ 	if (unlikely(!ret)) {
+ 		fprintf(stderr, "failed to setup async event notification.\n");
++		free(op);
+ 		return 0;
+ 	}
+ 
+-	if (op.job == NULL) {
++	if (!op->job) {
+ 		/* Synchronous, only the synchronous mode supports soft computing */
+ 		if (unlikely(priv->switch_flag == UADK_DO_SOFT)) {
+ 			ret = digest_soft_final(priv, digest);
+@@ -800,12 +805,13 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
+ 		if (!ret)
+ 			goto sync_err;
+ 	} else {
+-		ret = do_digest_async(priv, &op);
++		ret = do_digest_async(priv, op);
+ 		if (!ret)
+ 			goto clear;
+ 	}
+ 	memcpy(digest, priv->req.out, priv->req.out_bytes);
+ 
++	free(op);
+ 	return 1;
+ 
+ sync_err:
+@@ -817,6 +823,7 @@ sync_err:
+ 	}
+ clear:
+ 	async_clear_async_event_notification();
++	free(op);
+ 	return ret;
+ }
+ 
+-- 
+2.25.1
+

0069-uadk_engine-fixup-resource-management-issues.patch

@@ -0,0 +1,84 @@
+From 580477d52699b0fbce8ca8f9fa8ac1fe4caa9ac7 Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 25 Nov 2023 16:13:20 +0800
+Subject: [PATCH 69/82] uadk_engine: fixup resource management issues
+
+1. Modify return value.
+2. Use matching resource application and release
+   functions.
+3. Fix memory leak in abonormal scenarios.
+4. Add null pointer check for ctrl param p2 of sm2 alg.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk_async.c | 6 ++++--
+ src/uadk_sm2.c   | 7 +++++--
+ 2 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/src/uadk_async.c b/src/uadk_async.c
+index 870065d..342db2a 100644
+--- a/src/uadk_async.c
++++ b/src/uadk_async.c
+@@ -302,8 +302,10 @@ int async_wake_job(ASYNC_JOB *job)
+ 
+ 	ret = ASYNC_WAIT_CTX_get_fd(waitctx, uadk_async_key, &efd, &custom);
+ 	if (ret > 0) {
+-		if (write(efd, &buf, sizeof(uint64_t)) == -1)
++		if (write(efd, &buf, sizeof(uint64_t)) == -1) {
+ 			fprintf(stderr, "failed to write to fd: %d - error: %d\n", efd, errno);
++			return errno;
++		}
+ 	}
+ 
+ 	return ret;
+@@ -364,7 +366,7 @@ int async_module_init(void)
+ 	if (pthread_mutex_init(&(poll_queue.async_task_mutex), NULL) < 0)
+ 		return 0;
+ 
+-	poll_queue.head = calloc(ASYNC_QUEUE_TASK_NUM, sizeof(struct async_poll_task));
++	poll_queue.head = OPENSSL_malloc(ASYNC_QUEUE_TASK_NUM * sizeof(struct async_poll_task));
+ 	if (poll_queue.head == NULL)
+ 		return 0;
+ 
+diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
+index 1db6e3a..84bda98 100644
+--- a/src/uadk_sm2.c
++++ b/src/uadk_sm2.c
+@@ -149,7 +149,7 @@ static int get_hash_type(int nid_hash)
+ }
+ 
+ static int compute_hash(const char *in, size_t in_len,
+-		       char *out, size_t out_len, void *usr)
++			char *out, size_t out_len, void *usr)
+ {
+ 	const EVP_MD *digest = (const EVP_MD *)usr;
+ 	EVP_MD_CTX *hash = EVP_MD_CTX_new();
+@@ -377,7 +377,7 @@ static int sign_bin_to_ber(EC_KEY *ec, struct wd_dtb *r, struct wd_dtb *s,
+ 	e_sig = ECDSA_SIG_new();
+ 	if (!e_sig) {
+ 		fprintf(stderr, "failed to ECDSA_SIG_new\n");
+-		return -EINVAL;
++		return -ENOMEM;
+ 	}
+ 
+ 	br = BN_bin2bn((void *)r->data, r->dsize, NULL);
+@@ -1200,6 +1200,7 @@ static int sm2_init(EVP_PKEY_CTX *ctx)
+ 	ret = uadk_e_ecc_get_support_state(SM2_SUPPORT);
+ 	if (!ret) {
+ 		fprintf(stderr, "sm2 is not supported\n");
++		free(smctx);
+ 		return 0;
+ 	}
+ 
+@@ -1284,6 +1285,8 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+ 		}
+ 		goto set_data;
+ 	case EVP_PKEY_CTRL_GET_MD:
++		if (!p2)
++			return 0;
+ 		*(const EVP_MD **)p2 = smctx->ctx.md;
+ 		return 1;
+ 	case EVP_PKEY_CTRL_SET1_ID:
+-- 
+2.25.1
+

0070-sm2-fixup-switching-soft-sm2-decrypt-problem.patch

@@ -0,0 +1,71 @@
+From 9fd7d907e9c087c92a76da137c8e557edbb7f07f Mon Sep 17 00:00:00 2001
+From: Weili Qian <qianweili@huawei.com>
+Date: Sat, 25 Nov 2023 16:13:21 +0800
+Subject: [PATCH 70/82] sm2: fixup switching soft sm2 decrypt problem
+
+The openssl API d2i_SM2_Ciphertext() will change the 'in' address and
+clean the data. If still use 'in' when switching to soft computing, input
+data errors may occur. So pre-store the address to 'in_soft' and use it
+in software computing.
+
+Signed-off-by: Weili Qian <qianweili@huawei.com>
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk_sm2.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
+index 84bda98..8421931 100644
+--- a/src/uadk_sm2.c
++++ b/src/uadk_sm2.c
+@@ -922,7 +922,7 @@ static int sm2_encrypt_check(EVP_PKEY_CTX *ctx,
+ 	c3_size = EVP_MD_size(md);
+ 	if (c3_size <= 0) {
+ 		fprintf(stderr, "c3 size error\n");
+-		return 0;
++		return UADK_E_INVALID;
+ 	}
+ 
+ 	if (!out) {
+@@ -1033,7 +1033,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx,
+ 	hash_size = EVP_MD_size(md);
+ 	if (hash_size <= 0) {
+ 		fprintf(stderr, "hash size = %d error\n", hash_size);
+-		return 0;
++		return UADK_E_INVALID;
+ 	}
+ 
+ 	if (!out) {
+@@ -1107,6 +1107,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
+ {
+ 	struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx);
+ 	struct sm2_ciphertext *ctext_struct;
++	const unsigned char *in_soft = in;
+ 	struct wd_ecc_req req = {0};
+ 	struct wd_ecc_point c1;
+ 	struct wd_dtb c2, c3;
+@@ -1120,10 +1121,8 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
+ 	md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
+ 
+ 	ctext_struct = d2i_SM2_Ciphertext(NULL, &in, inlen);
+-	if (!ctext_struct) {
+-		ret = UADK_DO_SOFT;
+-		goto do_soft;
+-	}
++	if (!ctext_struct)
++		return 0;
+ 
+ 	ret = cipher_ber_to_bin(md, ctext_struct, &c1, &c2, &c3);
+ 	if (ret) {
+@@ -1165,7 +1164,7 @@ do_soft:
+ 		return ret;
+ 
+ 	fprintf(stderr, "switch to execute openssl software calculation.\n");
+-	return openssl_decrypt(ctx, out, outlen, in, inlen);
++	return openssl_decrypt(ctx, out, outlen, in_soft, inlen);
+ }
+ 
+ static void sm2_cleanup(EVP_PKEY_CTX *ctx)
+-- 
+2.25.1
+

0071-uadk_engine-cipher-digest-fixes-for-priv-address-che.patch

@@ -0,0 +1,158 @@
+From ffdacf318e16c0d666aa171d46c7bd75d128a32a Mon Sep 17 00:00:00 2001
+From: Hao Fang <fanghao11@huawei.com>
+Date: Sat, 25 Nov 2023 16:13:22 +0800
+Subject: [PATCH 71/82] uadk_engine: cipher/digest: fixes for priv address
+ check
+
+1.Add priv address check return by EVP_CIPHER_CTX_get_cipher_data().
+2.Add priv address check return by EVP_MD_CTX_md_data().
+
+Signed-off-by: Hao Fang <fanghao11@huawei.com>
+---
+ src/uadk_cipher.c | 18 ++++++++++++++----
+ src/uadk_digest.c | 30 ++++++++++++++++++++++++++++++
+ 2 files changed, 44 insertions(+), 4 deletions(-)
+
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index 12830b7..472c47c 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -185,7 +185,7 @@ static int uadk_e_cipher_sw_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ 
+ 	priv = (struct cipher_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+ 	if (unlikely(priv == NULL)) {
+-		fprintf(stderr, "uadk engine state is NULL.\n");
++		fprintf(stderr, "priv get from cipher ctx is NULL.\n");
+ 		return 0;
+ 	}
+ 
+@@ -235,7 +235,7 @@ static int uadk_e_cipher_soft_work(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ 
+ 	priv = (struct cipher_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+ 	if (unlikely(priv == NULL)) {
+-		fprintf(stderr, "uadk engine state is NULL.\n");
++		fprintf(stderr, "priv get from cipher ctx is NULL.\n");
+ 		return 0;
+ 	}
+ 
+@@ -277,7 +277,7 @@ static void uadk_e_cipher_sw_cleanup(EVP_CIPHER_CTX *ctx)
+ 	struct cipher_priv_ctx *priv =
+ 		(struct cipher_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+ 
+-	if (priv->sw_ctx_data) {
++	if (priv && priv->sw_ctx_data) {
+ 		OPENSSL_free(priv->sw_ctx_data);
+ 		priv->sw_ctx_data = NULL;
+ 	}
+@@ -500,6 +500,11 @@ static int uadk_e_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ 	int nid, ret;
+ 	__u32 i;
+ 
++	if (unlikely(!priv)) {
++		fprintf(stderr, "priv get from cipher ctx is NULL.\n");
++		return 0;
++	}
++
+ 	if (unlikely(!key)) {
+ 		fprintf(stderr, "ctx init parameter key is NULL.\n");
+ 		return 0;
+@@ -541,7 +546,7 @@ static int uadk_e_cipher_cleanup(EVP_CIPHER_CTX *ctx)
+ 
+ 	uadk_e_cipher_sw_cleanup(ctx);
+ 
+-	if (priv->sess) {
++	if (priv && priv->sess) {
+ 		wd_cipher_free_sess(priv->sess);
+ 		priv->sess = 0;
+ 	}
+@@ -752,6 +757,11 @@ static int uadk_e_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ 	struct async_op op;
+ 	int ret;
+ 
++	if (unlikely(!priv)) {
++		fprintf(stderr, "priv get from cipher ctx is NULL.\n");
++		return 0;
++	}
++
+ 	priv->req.src = (unsigned char *)in;
+ 	priv->req.in_bytes = inlen;
+ 	priv->req.dst = out;
+diff --git a/src/uadk_digest.c b/src/uadk_digest.c
+index 0aa90f3..06851f1 100644
+--- a/src/uadk_digest.c
++++ b/src/uadk_digest.c
+@@ -535,6 +535,11 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
+ 	__u32 i;
+ 	int ret;
+ 
++	if (unlikely(!priv)) {
++		fprintf(stderr, "priv get from digest ctx is NULL.\n");
++		return 0;
++	}
++
+ 	priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
+ 
+ 	digest_priv_ctx_reset(priv);
+@@ -587,6 +592,11 @@ static void digest_update_out_length(EVP_MD_CTX *ctx)
+ 	struct digest_priv_ctx *priv =
+ 		(struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
+ 
++	if (unlikely(!priv)) {
++		fprintf(stderr, "priv get from digest ctx is NULL.\n");
++		return;
++	}
++
+ 	/* Sha224 and Sha384 need full length mac buffer as doing long hash */
+ 	if (priv->e_nid == NID_sha224)
+ 		priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN;
+@@ -614,6 +624,11 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
+ 	int copy_to_bufflen;
+ 	int ret;
+ 
++	if (unlikely(!priv)) {
++		fprintf(stderr, "priv get from digest ctx is NULL.\n");
++		return 0;
++	}
++
+ 	digest_update_out_length(ctx);
+ 	digest_set_msg_state(priv, false);
+ 
+@@ -671,6 +686,11 @@ static int uadk_e_digest_update(EVP_MD_CTX *ctx, const void *data, size_t data_l
+ 	struct digest_priv_ctx *priv =
+ 		(struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
+ 
++	if (unlikely(!priv)) {
++		fprintf(stderr, "priv get from digest ctx is NULL.\n");
++		return 0;
++	}
++
+ 	if (unlikely(priv->switch_flag == UADK_DO_SOFT))
+ 		goto soft_update;
+ 
+@@ -770,6 +790,11 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
+ 	struct async_op *op;
+ 	int ret = 1;
+ 
++	if (unlikely(!priv)) {
++		fprintf(stderr, "priv get from digest ctx is NULL.\n");
++		return 0;
++	}
++
+ 	digest_set_msg_state(priv, true);
+ 	priv->req.in = priv->data;
+ 	priv->req.out = priv->out;
+@@ -863,6 +888,11 @@ static int uadk_e_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+ 	if (!t)
+ 		return 1;
+ 
++	if (!f) {
++		fprintf(stderr, "priv get from digest ctx is NULL.\n");
++		return 0;
++	}
++
+ 	if (t->sess) {
+ 		params.numa_id = -1;
+ 		t->setup.sched_param = &params;
+-- 
+2.25.1
+

0072-uadk_engine-ec-add-BN_new-memory-check.patch

@@ -0,0 +1,28 @@
+From 9def3ae661a45238de72b608dc2698afa45ce34b Mon Sep 17 00:00:00 2001
+From: Hao Fang <fanghao11@huawei.com>
+Date: Sat, 25 Nov 2023 16:13:23 +0800
+Subject: [PATCH 72/82] uadk_engine: ec: add BN_new memory check
+
+Signed-off-by: Hao Fang <fanghao11@huawei.com>
+---
+ src/uadk_ec.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/uadk_ec.c b/src/uadk_ec.c
+index 78c403f..400040e 100644
+--- a/src/uadk_ec.c
++++ b/src/uadk_ec.c
+@@ -328,6 +328,10 @@ static int set_digest(handle_t sess, struct wd_dtb *e,
+ 
+ 	if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits) {
+ 		m = BN_new();
++		if (!m) {
++			fprintf(stderr, "failed to BN_new BIGNUM m\n");
++			return -1;
++		}
+ 
+ 		/* Need to truncate digest if it is too long: first truncate
+ 		 * whole bytes
+-- 
+2.25.1
+

0073-uadk_engine-rsa-fix-mem-leak-for-from_buf.patch

@@ -0,0 +1,55 @@
+From ae30da69956973e2c1c478078aea76ba3b09ad8c Mon Sep 17 00:00:00 2001
+From: Hao Fang <fanghao11@huawei.com>
+Date: Sat, 25 Nov 2023 16:13:24 +0800
+Subject: [PATCH 73/82] uadk_engine: rsa: fix mem leak for from_buf
+
+If flen > num_bytes, need to free from_buf.
+
+Signed-off-by: Hao Fang <fanghao11@huawei.com>
+---
+ src/uadk_rsa.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index fa4d354..1289fd3 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -1491,11 +1491,16 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
+ 	}
+ 
+ 	ret = rsa_create_pub_bn_ctx(rsa, pub_enc, &from_buf, &num_bytes);
+-	if (ret <= 0 || flen > num_bytes) {
++	if (ret <= 0) {
+ 		ret = UADK_DO_SOFT;
+ 		goto free_sess;
+ 	}
+ 
++	if (flen > num_bytes) {
++		ret = UADK_DO_SOFT;
++		goto free_buf;
++	}
++
+ 	ret = add_rsa_pubenc_padding(flen, from, from_buf, num_bytes, padding);
+ 	if (!ret) {
+ 		ret = UADK_DO_SOFT;
+@@ -1756,11 +1761,16 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
+ 	}
+ 
+ 	ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes);
+-	if (ret <= 0 || flen > num_bytes) {
++	if (ret <= 0) {
+ 		ret = UADK_DO_SOFT;
+ 		goto free_sess;
+ 	}
+ 
++	if (flen > num_bytes) {
++		ret = UADK_DO_SOFT;
++		goto free_buf;
++	}
++
+ 	ret = rsa_fill_pubkey(pub, rsa_sess, from_buf, to);
+ 	if (!ret) {
+ 		ret = UADK_DO_SOFT;
+-- 
+2.25.1
+

0074-ecc-add-check-of-siglen.patch

@@ -0,0 +1,32 @@
+From 7c1a870b448ad5bd269ed6cb496ee098a223b0ae Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 25 Nov 2023 16:13:25 +0800
+Subject: [PATCH 74/82] ecc: add check of siglen
+
+Add null pointer check of 'siglen' parameter.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk_ec.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/uadk_ec.c b/src/uadk_ec.c
+index 400040e..b1dbdfe 100644
+--- a/src/uadk_ec.c
++++ b/src/uadk_ec.c
+@@ -548,8 +548,11 @@ static int ecdsa_sign(int type, const unsigned char *dgst, int dlen,
+ 		goto err;
+ 	}
+ 
+-	*siglen = i2d_ECDSA_SIG(s, &sig);
++	if (siglen)
++		*siglen = i2d_ECDSA_SIG(s, &sig);
++
+ 	ECDSA_SIG_free(s);
++
+ 	return 1;
+ 
+ err:
+-- 
+2.25.1
+

0075-v1-pkey-add-check-of-qlist.patch

@@ -0,0 +1,36 @@
+From 9cb01d217d9963c1e3a7a56f91528e3dbe6e28c7 Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 25 Nov 2023 16:13:26 +0800
+Subject: [PATCH 75/82] v1/pkey: add check of qlist
+
+Add null pointer check of 'eng_ctx->qlist'.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/v1/alg/pkey/hpre_wd.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/v1/alg/pkey/hpre_wd.c b/src/v1/alg/pkey/hpre_wd.c
+index 971f7b2..855d47c 100644
+--- a/src/v1/alg/pkey/hpre_wd.c
++++ b/src/v1/alg/pkey/hpre_wd.c
+@@ -157,10 +157,13 @@ void hpre_free_eng_ctx(hpre_engine_ctx_t *eng_ctx)
+ 	}
+ 
+ 	if (eng_ctx->opdata.op_type != WCRYPTO_RSA_GENKEY) {
+-		if (eng_ctx->opdata.in)
+-			eng_ctx->rsa_setup.br.free(eng_ctx->qlist->kae_queue_mem_pool, eng_ctx->opdata.in);
++		if (eng_ctx->opdata.in) {
++			if (eng_ctx->qlist)
++				eng_ctx->rsa_setup.br.free(eng_ctx->qlist->kae_queue_mem_pool, eng_ctx->opdata.in);
++		}
++
+ 		if (eng_ctx->opdata.out) {
+-			if (eng_ctx->qlist != NULL)
++			if (eng_ctx->qlist)
+ 				eng_ctx->rsa_setup.br.free(eng_ctx->qlist->kae_queue_mem_pool, eng_ctx->opdata.out);
+ 		}
+ 	} else {
+-- 
+2.25.1
+

0076-uadk_engine-uadk_rsa-fix-to-free-from_buffer.patch

@@ -0,0 +1,61 @@
+From 97ae256181ad35d7d637bd85b969222969f74495 Mon Sep 17 00:00:00 2001
+From: Hao Fang <fanghao11@huawei.com>
+Date: Sat, 25 Nov 2023 16:13:27 +0800
+Subject: [PATCH 76/82] uadk_engine: uadk_rsa: fix to free from_buffer
+
+If flen > num_bytes, need to free from_buffer.
+The reasonable operation is put the size check before the memory malloc.
+
+Signed-off-by: Hao Fang <fanghao11@huawei.com>
+---
+ src/uadk_rsa.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index 1289fd3..c9e2b34 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -1358,7 +1358,7 @@ static void rsa_free_pub_bn_ctx(unsigned char **from_buf)
+ }
+ 
+ static int rsa_create_pri_bn_ctx(RSA *rsa, struct rsa_prikey_param *pri,
+-				 unsigned char **from_buf, int *num_bytes)
++				 unsigned char **from_buf, int *num_bytes, int flen)
+ {
+ 	RSA_get0_key(rsa, &pri->n, &pri->e, &pri->d);
+ 	if (!(pri->n) || !(pri->e) || !(pri->d))
+@@ -1376,6 +1376,9 @@ static int rsa_create_pri_bn_ctx(RSA *rsa, struct rsa_prikey_param *pri,
+ 	if (!(*num_bytes))
+ 		return UADK_E_FAIL;
+ 
++	if (flen > *num_bytes)
++		return UADK_E_FAIL;
++
+ 	*from_buf = OPENSSL_malloc(*num_bytes);
+ 	if (!(*from_buf))
+ 		return -ENOMEM;
+@@ -1578,8 +1581,8 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
+ 		goto free_pkey;
+ 	}
+ 
+-	ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes);
+-	if (ret <= 0 || flen > num_bytes) {
++	ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes, flen);
++	if (ret <= 0) {
+ 		ret = UADK_DO_SOFT;
+ 		goto free_sess;
+ 	}
+@@ -1665,8 +1668,8 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
+ 		goto free_pkey;
+ 	}
+ 
+-	ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes);
+-	if (ret <= 0 || flen > num_bytes) {
++	ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes, flen);
++	if (ret <= 0) {
+ 		ret = UADK_DO_SOFT;
+ 		goto free_sess;
+ 	}
+-- 
+2.25.1
+

0077-uadk_engine-uask_async-fix-thread_attr-res-leak.patch

@@ -0,0 +1,62 @@
+From aaac36df78ea259008a2c3c11f9e766580d06367 Mon Sep 17 00:00:00 2001
+From: Hao Fang <fanghao11@huawei.com>
+Date: Sat, 25 Nov 2023 16:13:28 +0800
+Subject: [PATCH 77/82] uadk_engine: uask_async: fix thread_attr res leak
+
+When the pthread exit also need to call async_poll_task_free()
+to unint thread_attr.
+
+Signed-off-by: Hao Fang <fanghao11@huawei.com>
+---
+ src/uadk_async.c | 8 ++++----
+ src/uadk_async.h | 1 +
+ 2 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/src/uadk_async.c b/src/uadk_async.c
+index 342db2a..726ee09 100644
+--- a/src/uadk_async.c
++++ b/src/uadk_async.c
+@@ -132,6 +132,7 @@ void async_poll_task_free(void)
+ 	poll_queue.head = NULL;
+ 
+ 	pthread_mutex_unlock(&poll_queue.async_task_mutex);
++	pthread_attr_destroy(&poll_queue.thread_attr);
+ 	sem_destroy(&poll_queue.empty_sem);
+ 	sem_destroy(&poll_queue.full_sem);
+ 	pthread_mutex_destroy(&poll_queue.async_task_mutex);
+@@ -359,7 +360,6 @@ static void *async_poll_process_func(void *args)
+ int async_module_init(void)
+ {
+ 	pthread_t thread_id;
+-	pthread_attr_t thread_attr;
+ 
+ 	memset(&poll_queue, 0, sizeof(struct async_poll_queue));
+ 
+@@ -378,9 +378,9 @@ int async_module_init(void)
+ 
+ 	uadk_e_set_async_poll_state(ENABLE_ASYNC_POLLING);
+ 
+-	pthread_attr_init(&thread_attr);
+-	pthread_attr_setdetachstate(&thread_attr, PTHREAD_CREATE_DETACHED);
+-	if (pthread_create(&thread_id, &thread_attr, async_poll_process_func, NULL))
++	pthread_attr_init(&poll_queue.thread_attr);
++	pthread_attr_setdetachstate(&poll_queue.thread_attr, PTHREAD_CREATE_DETACHED);
++	if (pthread_create(&thread_id, &poll_queue.thread_attr, async_poll_process_func, NULL))
+ 		goto err;
+ 
+ 	poll_queue.thread_id = thread_id;
+diff --git a/src/uadk_async.h b/src/uadk_async.h
+index 678e392..6857927 100644
+--- a/src/uadk_async.h
++++ b/src/uadk_async.h
+@@ -69,6 +69,7 @@ struct async_poll_queue {
+ 	sem_t full_sem;
+ 	pthread_mutex_t async_task_mutex;
+ 	pthread_t thread_id;
++	pthread_attr_t thread_attr;
+ };
+ 
+ int async_setup_async_event_notification(struct async_op *op);
+-- 
+2.25.1
+

0078-uadk_engine-async-fix-add-async-send-timeout.patch

@@ -0,0 +1,275 @@
+From 12deb741e44def7839ae99caac8858be52a9ec74 Mon Sep 17 00:00:00 2001
+From: Hao Fang <fanghao11@huawei.com>
+Date: Sat, 25 Nov 2023 16:13:29 +0800
+Subject: [PATCH 78/82] uadk_engine: async: fix add async send timeout
+
+The system does not keep busy in normal, only add
+a timeout mechanism to exit the while loop.
+
+Signed-off-by: Hao Fang <fanghao11@huawei.com>
+---
+ src/uadk.h        |  1 +
+ src/uadk_aead.c   | 39 ++++++++++++++++++++++++++-------------
+ src/uadk_cipher.c | 13 ++++++++++---
+ src/uadk_dh.c     | 13 +++++++++----
+ src/uadk_digest.c | 14 ++++++++++----
+ src/uadk_pkey.c   | 13 +++++++++----
+ src/uadk_rsa.c    | 12 +++++++++---
+ 7 files changed, 74 insertions(+), 31 deletions(-)
+
+diff --git a/src/uadk.h b/src/uadk.h
+index c5ebf32..1945ba2 100644
+--- a/src/uadk.h
++++ b/src/uadk.h
+@@ -21,6 +21,7 @@
+ 
+ #define ARRAY_SIZE(x)		(sizeof(x) / sizeof((x)[0]))
+ #define ENV_STRING_LEN		256
++#define ENGINE_SEND_MAX_CNT	90000000
+ #define ENGINE_RECV_MAX_CNT	60000000
+ #define UADK_UNINIT		0
+ #define UADK_INIT_SUCCESS	1
+diff --git a/src/uadk_aead.c b/src/uadk_aead.c
+index c2646f1..40a35e3 100644
+--- a/src/uadk_aead.c
++++ b/src/uadk_aead.c
+@@ -27,7 +27,7 @@
+ #include "uadk_async.h"
+ #include "uadk_utils.h"
+ 
+-#define RET_FAIL		-1
++#define RET_FAIL		(-1)
+ #define STATE_FAIL		0xFFFF
+ #define CTX_SYNC_ENC		0
+ #define CTX_SYNC_DEC		1
+@@ -521,17 +521,9 @@ static void *uadk_e_aead_cb(struct wd_aead_req *req, void *data)
+ 	return NULL;
+ }
+ 
+-static int do_aead_async(struct aead_priv_ctx *priv, struct async_op *op,
+-			 unsigned char *out, const unsigned char *in, size_t inlen)
++static void do_aead_async_prepare(struct aead_priv_ctx *priv, unsigned char *out,
++				  const unsigned char *in, size_t inlen)
+ {
+-	struct uadk_e_cb_info *cb_param;
+-	int ret;
+-
+-	if (unlikely(priv->req.assoc_bytes + inlen > AEAD_BLOCK_SIZE)) {
+-		fprintf(stderr, "aead input data length is too long!\n");
+-		return 0;
+-	}
+-
+ 	priv->req.in_bytes = inlen;
+ 	/* AAD data is input or output together with plaintext or ciphertext. */
+ 	if (priv->req.assoc_bytes) {
+@@ -542,6 +534,21 @@ static int do_aead_async(struct aead_priv_ctx *priv, struct async_op *op,
+ 		priv->req.src = (unsigned char *)in;
+ 		priv->req.dst = out;
+ 	}
++}
++
++static int do_aead_async(struct aead_priv_ctx *priv, struct async_op *op,
++			 unsigned char *out, const unsigned char *in, size_t inlen)
++{
++	struct uadk_e_cb_info *cb_param;
++	int cnt = 0;
++	int ret;
++
++	if (unlikely(priv->req.assoc_bytes + inlen > AEAD_BLOCK_SIZE)) {
++		fprintf(stderr, "aead input data length is too long!\n");
++		return 0;
++	}
++
++	do_aead_async_prepare(priv, out, in, inlen);
+ 
+ 	cb_param = malloc(sizeof(struct uadk_e_cb_info));
+ 	if (unlikely(!cb_param)) {
+@@ -562,8 +569,14 @@ static int do_aead_async(struct aead_priv_ctx *priv, struct async_op *op,
+ 
+ 	do {
+ 		ret = wd_do_aead_async(priv->sess, &priv->req);
+-		if (unlikely(ret < 0 && ret != -EBUSY)) {
+-			fprintf(stderr, "do aead async operation failed.\n");
++		if (unlikely(ret < 0)) {
++			if (unlikely(ret != -EBUSY))
++				fprintf(stderr, "do aead async operation failed.\n");
++			else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT))
++				fprintf(stderr, "do aead async operation timeout.\n");
++			else
++				continue;
++
+ 			async_free_poll_task(op->idx, 0);
+ 			ret = 0;
+ 			goto free_cb_param;
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index 472c47c..007eca3 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -652,7 +652,7 @@ static int do_cipher_sync(struct cipher_priv_ctx *priv)
+ static int do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *op)
+ {
+ 	struct uadk_e_cb_info cb_param;
+-	int idx, ret;
++	int idx, ret, cnt;
+ 
+ 	if (unlikely(priv->switch_flag == UADK_DO_SOFT)) {
+ 		fprintf(stderr, "switch to soft cipher.\n");
+@@ -668,11 +668,18 @@ static int do_cipher_async(struct cipher_priv_ctx *priv, struct async_op *op)
+ 	if (!ret)
+ 		return 0;
+ 
++	cnt = 0;
+ 	op->idx = idx;
+ 	do {
+ 		ret = wd_do_cipher_async(priv->sess, &priv->req);
+-		if (ret < 0 && ret != -EBUSY) {
+-			fprintf(stderr, "do sec cipher failed, switch to soft cipher.\n");
++		if (unlikely(ret < 0)) {
++			if (unlikely(ret != -EBUSY))
++				fprintf(stderr, "do cipher async operation failed.\n");
++			else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT))
++				fprintf(stderr, "do cipher async operation timeout.\n");
++			else
++				continue;
++
+ 			async_free_poll_task(op->idx, 0);
+ 			return 0;
+ 		}
+diff --git a/src/uadk_dh.c b/src/uadk_dh.c
+index 62c75fe..328bb80 100644
+--- a/src/uadk_dh.c
++++ b/src/uadk_dh.c
+@@ -716,7 +716,7 @@ static int dh_do_crypto(struct uadk_dh_sess *dh_sess)
+ {
+ 	struct uadk_e_cb_info cb_param;
+ 	struct async_op op;
+-	int idx, ret;
++	int idx, ret, cnt;
+ 
+ 	ret = async_setup_async_event_notification(&op);
+ 	if (!ret) {
+@@ -742,12 +742,17 @@ static int dh_do_crypto(struct uadk_dh_sess *dh_sess)
+ 			goto err;
+ 
+ 		op.idx = idx;
+-
++		cnt = 0;
+ 		do {
+ 			ret = wd_do_dh_async(dh_sess->sess, &dh_sess->req);
+-			if (ret < 0 && ret != -EBUSY) {
+-				if (ret == -WD_HW_EACCESS)
++			if (unlikely(ret < 0)) {
++				if (unlikely(ret == -WD_HW_EACCESS))
+ 					uadk_e_dh_set_status();
++				else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT))
++					fprintf(stderr, "do dh async operation timeout.\n");
++				else
++					continue;
++
+ 				async_free_poll_task(op.idx, 0);
+ 				goto err;
+ 			}
+diff --git a/src/uadk_digest.c b/src/uadk_digest.c
+index 06851f1..cbcae1f 100644
+--- a/src/uadk_digest.c
++++ b/src/uadk_digest.c
+@@ -750,7 +750,7 @@ static int do_digest_sync(struct digest_priv_ctx *priv)
+ static int do_digest_async(struct digest_priv_ctx *priv, struct async_op *op)
+ {
+ 	struct uadk_e_cb_info cb_param;
+-	int idx, ret;
++	int idx, ret, cnt;
+ 
+ 	if (unlikely(priv->switch_flag == UADK_DO_SOFT)) {
+ 		fprintf(stderr, "async cipher init failed.\n");
+@@ -767,11 +767,17 @@ static int do_digest_async(struct digest_priv_ctx *priv, struct async_op *op)
+ 		return 0;
+ 
+ 	op->idx = idx;
+-
++	cnt = 0;
+ 	do {
+ 		ret = wd_do_digest_async(priv->sess, &priv->req);
+-		if (ret < 0 && ret != -EBUSY) {
+-			fprintf(stderr, "do sec digest async failed.\n");
++		if (unlikely(ret < 0)) {
++			if (unlikely(ret != -EBUSY))
++				fprintf(stderr, "do digest async operation failed.\n");
++			else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT))
++				fprintf(stderr, "do digest async operation timeout.\n");
++			else
++				continue;
++
+ 			async_free_poll_task(op->idx, 0);
+ 			return 0;
+ 		}
+diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
+index a950f6d..986851f 100644
+--- a/src/uadk_pkey.c
++++ b/src/uadk_pkey.c
+@@ -302,7 +302,7 @@ int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr)
+ {
+ 	struct uadk_e_cb_info cb_param;
+ 	struct async_op op;
+-	int idx, ret;
++	int idx, ret, cnt;
+ 
+ 	ret = async_setup_async_event_notification(&op);
+ 	if (!ret) {
+@@ -321,12 +321,17 @@ int uadk_ecc_crypto(handle_t sess, struct wd_ecc_req *req, void *usr)
+ 			goto err;
+ 
+ 		op.idx = idx;
+-
++		cnt = 0;
+ 		do {
+ 			ret = wd_do_ecc_async(sess, req);
+-			if (ret < 0 && ret != -EBUSY) {
+-				if (ret == -WD_HW_EACCESS)
++			if (unlikely(ret < 0)) {
++				if (unlikely(ret == -WD_HW_EACCESS))
+ 					uadk_e_ecc_set_status();
++				else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT))
++					fprintf(stderr, "do ecc async operation timeout.\n");
++				else
++					continue;
++
+ 				async_free_poll_task(op.idx, 0);
+ 				goto err;
+ 			}
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index c9e2b34..24dd7b9 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -1099,7 +1099,7 @@ static int rsa_do_crypto(struct uadk_rsa_sess *rsa_sess)
+ {
+ 	struct uadk_e_cb_info cb_param;
+ 	struct async_op op;
+-	int idx, ret;
++	int idx, ret, cnt;
+ 
+ 	ret = async_setup_async_event_notification(&op);
+ 	if (!ret) {
+@@ -1128,11 +1128,17 @@ static int rsa_do_crypto(struct uadk_rsa_sess *rsa_sess)
+ 		goto err;
+ 
+ 	op.idx = idx;
++	cnt = 0;
+ 	do {
+ 		ret = wd_do_rsa_async(rsa_sess->sess, &(rsa_sess->req));
+-		if (ret < 0 && ret != -EBUSY) {
+-			if (ret == -WD_HW_EACCESS)
++		if (unlikely(ret < 0)) {
++			if (unlikely(ret == -WD_HW_EACCESS))
+ 				uadk_e_rsa_set_status();
++			else if (unlikely(cnt++ > ENGINE_SEND_MAX_CNT))
++				fprintf(stderr, "do rsa async operation timeout.\n");
++			else
++				continue;
++
+ 			async_free_poll_task(op.idx, 0);
+ 			goto err;
+ 		}
+-- 
+2.25.1
+

0079-cipher-uadk_e_bind_ciphers-function-is-optimized.patch

@@ -0,0 +1,89 @@
+From a3dffc15df2212ca8fa3161f82393048c3e9cbc5 Mon Sep 17 00:00:00 2001
+From: Qi Tao <taoqi10@huawei.com>
+Date: Sat, 25 Nov 2023 16:13:30 +0800
+Subject: [PATCH 79/82] cipher: uadk_e_bind_ciphers function is optimized
+
+The uadk_e_bind_ciphers function is executed only once,
+however, the uadk_e_ciphers may be executed multiple times,
+it is better to check whether the hardware is available
+at the beginning of uadk_e_bind_ciphers.
+
+Signed-off-by: Qi Tao <taoqi10@huawei.com>
+---
+ src/uadk_cipher_adapter.c | 38 ++++++++++++++++++--------------------
+ 1 file changed, 18 insertions(+), 20 deletions(-)
+
+diff --git a/src/uadk_cipher_adapter.c b/src/uadk_cipher_adapter.c
+index 065575b..caf8af3 100644
+--- a/src/uadk_cipher_adapter.c
++++ b/src/uadk_cipher_adapter.c
+@@ -16,11 +16,10 @@
+  */
+ #include "uadk_cipher_adapter.h"
+ 
+-#define HW_UNINIT	-1
+-#define HW_SEC_V2	0
+-#define HW_SEC_V3	1
++#define HW_SEC_V2	2
++#define HW_SEC_V3	3
+ 
+-static int g_platform = HW_UNINIT;
++static int g_platform;
+ 
+ static int cipher_hw_v2_nids[] = {
+ 	NID_aes_128_cbc,
+@@ -143,7 +142,6 @@ static void uadk_e_create_ciphers(int index)
+ 
+ int uadk_e_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
+ {
+-	struct uacce_dev *dev;
+ 	__u32 i;
+ 
+ 	if (!e)
+@@ -155,21 +153,6 @@ int uadk_e_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int n
+ 		return 0;
+ 	}
+ 
+-	if (g_platform == HW_UNINIT) {
+-		dev = wd_get_accel_dev("cipher");
+-		if (!dev) {
+-			fprintf(stderr, "no device available, switch to software!\n");
+-			return 0;
+-		}
+-
+-		if (!strcmp(dev->api, "hisi_qm_v2"))
+-			g_platform = HW_SEC_V2;
+-		else
+-			g_platform = HW_SEC_V3;
+-
+-		free(dev);
+-	}
+-
+ 	if (cipher == NULL) {
+ 		if (g_platform == HW_SEC_V2) {
+ 			*nids = cipher_hw_v2_nids;
+@@ -198,6 +181,21 @@ int uadk_e_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int n
+ 
+ int uadk_e_bind_ciphers(ENGINE *e)
+ {
++	struct uacce_dev *dev;
++
++	dev = wd_get_accel_dev("cipher");
++	if (!dev) {
++		fprintf(stderr, "no device available, switch to software!\n");
++		return 0;
++	}
++
++	if (!strcmp(dev->api, "hisi_qm_v2"))
++		g_platform = HW_SEC_V2;
++	else
++		g_platform = HW_SEC_V3;
++
++	free(dev);
++
+ 	return ENGINE_set_ciphers(e, uadk_e_ciphers);
+ }
+ 
+-- 
+2.25.1
+

0080-cipher-UADK_CIPHER_DESCR-is-optimized.patch

@@ -0,0 +1,244 @@
+From cebde688ce0924cb739d1a588fbb5b41bf41864d Mon Sep 17 00:00:00 2001
+From: Qi Tao <taoqi10@huawei.com>
+Date: Sat, 25 Nov 2023 16:13:31 +0800
+Subject: [PATCH 80/82] cipher: UADK_CIPHER_DESCR is optimized
+
+The common input parameter UADK_CIPHER_DESCR is deleted.
+
+Signed-off-by: Qi Tao <taoqi10@huawei.com>
+---
+ src/uadk_cipher.c | 139 +++++++++++-----------------------------------
+ 1 file changed, 33 insertions(+), 106 deletions(-)
+
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index 007eca3..180b566 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -811,19 +811,18 @@ out_notify:
+ 	return ret;
+ }
+ 
+-#define UADK_CIPHER_DESCR(name, block_size, key_size, iv_len, flags, ctx_size, \
+-	init, cipher, cleanup, set_params, get_params) \
++#define UADK_CIPHER_DESCR(name, block_size, key_size, iv_len, flags) \
+ do { \
+ 	uadk_##name = EVP_CIPHER_meth_new(NID_##name, block_size, key_size); \
+ 	if (uadk_##name == 0 || \
+-		!EVP_CIPHER_meth_set_iv_length(uadk_##name, iv_len) || \
+-		!EVP_CIPHER_meth_set_flags(uadk_##name, flags) || \
+-		!EVP_CIPHER_meth_set_impl_ctx_size(uadk_##name, ctx_size) || \
+-		!EVP_CIPHER_meth_set_init(uadk_##name, init) || \
+-		!EVP_CIPHER_meth_set_do_cipher(uadk_##name, cipher) || \
+-		!EVP_CIPHER_meth_set_cleanup(uadk_##name, cleanup) || \
+-		!EVP_CIPHER_meth_set_set_asn1_params(uadk_##name, set_params) || \
+-		!EVP_CIPHER_meth_set_get_asn1_params(uadk_##name, get_params)) \
++	    !EVP_CIPHER_meth_set_iv_length(uadk_##name, iv_len) || \
++	    !EVP_CIPHER_meth_set_flags(uadk_##name, flags) || \
++	    !EVP_CIPHER_meth_set_impl_ctx_size(uadk_##name, sizeof(struct cipher_priv_ctx)) || \
++	    !EVP_CIPHER_meth_set_init(uadk_##name, uadk_e_cipher_init) || \
++	    !EVP_CIPHER_meth_set_do_cipher(uadk_##name, uadk_e_do_cipher) || \
++	    !EVP_CIPHER_meth_set_cleanup(uadk_##name, uadk_e_cipher_cleanup) || \
++	    !EVP_CIPHER_meth_set_set_asn1_params(uadk_##name, EVP_CIPHER_set_asn1_iv) || \
++	    !EVP_CIPHER_meth_set_get_asn1_params(uadk_##name, EVP_CIPHER_get_asn1_iv)) \
+ 		return 0; \
+ } while (0)
+ 
+@@ -833,171 +832,99 @@ EVP_CIPHER *uadk_create_cipher_meth(int nid)
+ 
+ 	switch (nid) {
+ 	case NID_aes_128_cbc:
+-		UADK_CIPHER_DESCR(aes_128_cbc, 16, 16, 16, EVP_CIPH_CBC_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_128_cbc, 16, 16, 16, EVP_CIPH_CBC_MODE);
+ 		cipher = uadk_aes_128_cbc;
+ 		break;
+ 	case NID_aes_192_cbc:
+-		UADK_CIPHER_DESCR(aes_192_cbc, 16, 24, 16, EVP_CIPH_CBC_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_192_cbc, 16, 24, 16, EVP_CIPH_CBC_MODE);
+ 		cipher = uadk_aes_192_cbc;
+ 		break;
+ 	case NID_aes_256_cbc:
+-		UADK_CIPHER_DESCR(aes_256_cbc, 16, 32, 16, EVP_CIPH_CBC_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_256_cbc, 16, 32, 16, EVP_CIPH_CBC_MODE);
+ 		cipher = uadk_aes_256_cbc;
+ 		break;
+ 	case NID_aes_128_ecb:
+-		UADK_CIPHER_DESCR(aes_128_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_128_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE);
+ 		cipher = uadk_aes_128_ecb;
+ 		break;
+ 	case NID_aes_192_ecb:
+-		UADK_CIPHER_DESCR(aes_192_ecb, 16, 24, 0, EVP_CIPH_ECB_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_192_ecb, 16, 24, 0, EVP_CIPH_ECB_MODE);
+ 		cipher = uadk_aes_192_ecb;
+ 		break;
+ 	case NID_aes_256_ecb:
+-		UADK_CIPHER_DESCR(aes_256_ecb, 16, 32, 0, EVP_CIPH_ECB_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_256_ecb, 16, 32, 0, EVP_CIPH_ECB_MODE);
+ 		cipher = uadk_aes_256_ecb;
+ 		break;
+ 	case NID_aes_128_xts:
+-		UADK_CIPHER_DESCR(aes_128_xts, 1, 32, 16, EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_128_xts, 1, 32, 16, EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV);
+ 		cipher = uadk_aes_128_xts;
+ 		break;
+ 	case NID_aes_256_xts:
+-		UADK_CIPHER_DESCR(aes_256_xts, 1, 64, 16, EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_256_xts, 1, 64, 16, EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV);
+ 		cipher = uadk_aes_256_xts;
+ 		break;
+ 	case NID_sm4_cbc:
+-		UADK_CIPHER_DESCR(sm4_cbc, 16, 16, 16, EVP_CIPH_CBC_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(sm4_cbc, 16, 16, 16, EVP_CIPH_CBC_MODE);
+ 		cipher = uadk_sm4_cbc;
+ 		break;
+ 	case NID_sm4_ecb:
+-		UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(sm4_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE);
+ 		cipher = uadk_sm4_ecb;
+ 		break;
+ 	case NID_des_ede3_cbc:
+-		UADK_CIPHER_DESCR(des_ede3_cbc, 8, 24, 8, EVP_CIPH_CBC_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(des_ede3_cbc, 8, 24, 8, EVP_CIPH_CBC_MODE);
+ 		cipher = uadk_des_ede3_cbc;
+ 		break;
+ 	case NID_des_ede3_ecb:
+-		UADK_CIPHER_DESCR(des_ede3_ecb, 8, 24, 0, EVP_CIPH_ECB_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(des_ede3_ecb, 8, 24, 0, EVP_CIPH_ECB_MODE);
+ 		cipher = uadk_des_ede3_ecb;
+ 		break;
+ 	case NID_aes_128_ctr:
+-		UADK_CIPHER_DESCR(aes_128_ctr, 1, 16, 16, EVP_CIPH_CTR_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_128_ctr, 1, 16, 16, EVP_CIPH_CTR_MODE);
+ 		cipher = uadk_aes_128_ctr;
+ 		break;
+ 	case NID_aes_192_ctr:
+-		UADK_CIPHER_DESCR(aes_192_ctr, 1, 24, 16, EVP_CIPH_CTR_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_192_ctr, 1, 24, 16, EVP_CIPH_CTR_MODE);
+ 		cipher = uadk_aes_192_ctr;
+ 		break;
+ 	case NID_aes_256_ctr:
+-		UADK_CIPHER_DESCR(aes_256_ctr, 1, 32, 16, EVP_CIPH_CTR_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_256_ctr, 1, 32, 16, EVP_CIPH_CTR_MODE);
+ 		cipher = uadk_aes_256_ctr;
+ 		break;
+ 	case NID_aes_128_ofb128:
+-		UADK_CIPHER_DESCR(aes_128_ofb128, 1, 16, 16, EVP_CIPH_OFB_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_128_ofb128, 1, 16, 16, EVP_CIPH_OFB_MODE);
+ 		cipher = uadk_aes_128_ofb128;
+ 		break;
+ 	case NID_aes_192_ofb128:
+-		UADK_CIPHER_DESCR(aes_192_ofb128, 1, 24, 16, EVP_CIPH_OFB_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_192_ofb128, 1, 24, 16, EVP_CIPH_OFB_MODE);
+ 		cipher = uadk_aes_192_ofb128;
+ 		break;
+ 	case NID_aes_256_ofb128:
+-		UADK_CIPHER_DESCR(aes_256_ofb128, 1, 32, 16, EVP_CIPH_OFB_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_256_ofb128, 1, 32, 16, EVP_CIPH_OFB_MODE);
+ 		cipher = uadk_aes_256_ofb128;
+ 		break;
+ 	case NID_aes_128_cfb128:
+-		UADK_CIPHER_DESCR(aes_128_cfb128, 1, 16, 16, EVP_CIPH_CFB_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_128_cfb128, 1, 16, 16, EVP_CIPH_CFB_MODE);
+ 		cipher = uadk_aes_128_cfb128;
+ 		break;
+ 	case NID_aes_192_cfb128:
+-		UADK_CIPHER_DESCR(aes_192_cfb128, 1, 24, 16, EVP_CIPH_CFB_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_192_cfb128, 1, 24, 16, EVP_CIPH_CFB_MODE);
+ 		cipher = uadk_aes_192_cfb128;
+ 		break;
+ 	case NID_aes_256_cfb128:
+-		UADK_CIPHER_DESCR(aes_256_cfb128, 1, 32, 16, EVP_CIPH_CFB_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(aes_256_cfb128, 1, 32, 16, EVP_CIPH_CFB_MODE);
+ 		cipher = uadk_aes_256_cfb128;
+ 		break;
+ 	case NID_sm4_ofb128:
+-		UADK_CIPHER_DESCR(sm4_ofb128, 1, 16, 16, EVP_CIPH_OFB_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(sm4_ofb128, 1, 16, 16, EVP_CIPH_OFB_MODE);
+ 		cipher = uadk_sm4_ofb128;
+ 		break;
+ 	case NID_sm4_cfb128:
+-		UADK_CIPHER_DESCR(sm4_cfb128, 1, 16, 16, EVP_CIPH_OFB_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(sm4_cfb128, 1, 16, 16, EVP_CIPH_OFB_MODE);
+ 		cipher = uadk_sm4_cfb128;
+ 		break;
+ 	case NID_sm4_ctr:
+-		UADK_CIPHER_DESCR(sm4_ctr, 1, 16, 16, EVP_CIPH_CTR_MODE,
+-				sizeof(struct cipher_priv_ctx), uadk_e_cipher_init,
+-				uadk_e_do_cipher, uadk_e_cipher_cleanup,
+-				EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv);
++		UADK_CIPHER_DESCR(sm4_ctr, 1, 16, 16, EVP_CIPH_CTR_MODE);
+ 		cipher = uadk_sm4_ctr;
+ 		break;
+ 	default:
+-- 
+2.25.1
+

0081-v1-pkey-fix-uninitialized-variable.patch

@@ -0,0 +1,74 @@
+From 391351d4ed470bfb6c7aab3b8c06ad3dd7b65ecf Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 25 Nov 2023 16:13:32 +0800
+Subject: [PATCH 81/82] v1/pkey: fix uninitialized variable
+
+Fix uninitialized variable 'ret'.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/v1/alg/pkey/hpre_rsa.c | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/src/v1/alg/pkey/hpre_rsa.c b/src/v1/alg/pkey/hpre_rsa.c
+index 4e21dde..2086e0c 100644
+--- a/src/v1/alg/pkey/hpre_rsa.c
++++ b/src/v1/alg/pkey/hpre_rsa.c
+@@ -298,13 +298,13 @@ static int hpre_rsa_public_encrypt(int flen, const unsigned char *from,
+ 	BIGNUM *ret_bn  = NULL;
+ 	hpre_engine_ctx_t *eng_ctx = NULL;
+ 	unsigned char *in_buf = NULL;
++	int ret = HPRE_CRYPTO_FAIL;
+ 	BN_CTX *bn_ctx = NULL;
+ 	int num_bytes = 0;
+ 	int key_bits;
+-	int ret;
+ 
+ 	if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC)
+-		return HPRE_CRYPTO_FAIL;
++		return ret;
+ 
+ 	key_bits = RSA_bits(rsa);
+ 	if (!check_bit_useful(key_bits)) {
+@@ -392,7 +392,7 @@ static int hpre_rsa_private_encrypt(int flen, const unsigned char *from,
+ 	int version;
+ 
+ 	if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC)
+-		return HPRE_CRYPTO_FAIL;
++		return ret;
+ 
+ 	key_bits = RSA_bits(rsa);
+ 	if (!check_bit_useful(key_bits)) {
+@@ -479,6 +479,7 @@ static int hpre_rsa_public_decrypt(int flen, const unsigned char *from,
+ 		unsigned char *to, RSA *rsa, int padding)
+ {
+ 	hpre_engine_ctx_t *eng_ctx = NULL;
++	int ret = HPRE_CRYPTO_FAIL;
+ 	BIGNUM *bn_ret = NULL;
+ 	BIGNUM *f = NULL;
+ 	BN_CTX *bn_ctx = NULL;
+@@ -488,10 +489,10 @@ static int hpre_rsa_public_decrypt(int flen, const unsigned char *from,
+ 	int num_bytes = 0;
+ 	int rsa_soft_mark = 0;
+ 	unsigned char *buf = NULL;
+-	int ret, len;
++	int len;
+ 
+ 	if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC)
+-		return HPRE_CRYPTO_FAIL;
++		return ret;
+ 
+ 	RSA_get0_key(rsa, &n, &e, &d);
+ 	ret = hpre_rsa_check(flen, n, e, &num_bytes, rsa);
+@@ -578,7 +579,7 @@ static int hpre_rsa_private_decrypt(int flen, const unsigned char *from,
+ 	BN_CTX *bn_ctx = NULL;
+ 
+ 	if (hpre_rsa_check_para(flen, from, to, rsa) != HPRE_CRYPTO_SUCC)
+-		return HPRE_CRYPTO_FAIL;
++		return ret;
+ 
+ 	RSA_get0_key(rsa, &n, &e, &d);
+ 	num_bytes = BN_num_bytes(n);
+-- 
+2.25.1
+

0082-uadk_engine-v1-fix-g_sec_ciphers_info-error.patch

@@ -0,0 +1,28 @@
+From e3f0530082dce872c1a845e1b2313169b9d7c380 Mon Sep 17 00:00:00 2001
+From: Qi Tao <taoqi10@huawei.com>
+Date: Sat, 25 Nov 2023 16:13:33 +0800
+Subject: [PATCH 82/82] uadk_engine/v1: fix g_sec_ciphers_info[] error
+
+The flags of sm4_ecb algorithm is EVP_CIPH_ECB_MODE.
+
+Signed-off-by: Qi Tao <taoqi10@huawei.com>
+---
+ src/v1/alg/ciphers/sec_ciphers.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/v1/alg/ciphers/sec_ciphers.c b/src/v1/alg/ciphers/sec_ciphers.c
+index b4743ed..f2c5e7e 100644
+--- a/src/v1/alg/ciphers/sec_ciphers.c
++++ b/src/v1/alg/ciphers/sec_ciphers.c
+@@ -64,7 +64,7 @@ static cipher_info_t g_sec_ciphers_info[] = {
+ 	{NID_sm4_ctr, 1, 16, 16, EVP_CIPH_CTR_MODE, 1, NULL},
+ 	{NID_sm4_cbc, 16, 16, 16, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1, 1, NULL},
+ 	{NID_sm4_ofb128, 1, 16, 16, EVP_CIPH_OFB_MODE, 1, NULL},
+-	{NID_sm4_ecb, 16, 16, 0, EVP_CIPH_CTR_MODE, 1, NULL},
++	{NID_sm4_ecb, 16, 16, 0, EVP_CIPH_ECB_MODE, 1, NULL},
+ };
+ 
+ #define CIPHERS_COUNT (BLOCKSIZES_OF(g_sec_ciphers_info))
+-- 
+2.25.1
+

uadk_engine.spec

@@ -1,7 +1,7 @@
 Name:          uadk_engine
 Summary:       UADK Accelerator Engine
 Version:       1.2.0
-Release:       3
+Release:       4
 License:       Apache-2.0
 Source:        %{name}-%{version}.tar.gz
 ExclusiveOS:   linux
@@ -76,6 +76,25 @@ Patch0060:	0060-aead-fix-tag-length-check.patch
 Patch0061:	0061-aead-fix-for-aes-gcm-update-process.patch
 Patch0062:	0062-cipher-add-sm4-ecb-mode.patch
 Patch0063:	0063-uadk-fix-EVP_CTRL_GET_IVLEN-not-find.patch
+Patch0064:	0064-configure-use-LT_INIT-to-replace-obsolete-AC_PROG_LI.patch
+Patch0065:	0065-uadk_prov-Set-enable_sw_offload-from-uadk_provider.c.patch
+Patch0066:	0066-ecc-optimize-sm2-sign-check-function.patch
+Patch0067:	0067-digest-fix-the-address-of-async-op.patch
+Patch0068:	0068-uadk_engine-add-device-initialization-status.patch
+Patch0069:	0069-uadk_engine-fixup-resource-management-issues.patch
+Patch0070:	0070-sm2-fixup-switching-soft-sm2-decrypt-problem.patch
+Patch0071:	0071-uadk_engine-cipher-digest-fixes-for-priv-address-che.patch
+Patch0072:	0072-uadk_engine-ec-add-BN_new-memory-check.patch
+Patch0073:	0073-uadk_engine-rsa-fix-mem-leak-for-from_buf.patch
+Patch0074:	0074-ecc-add-check-of-siglen.patch
+Patch0075:	0075-v1-pkey-add-check-of-qlist.patch
+Patch0076:	0076-uadk_engine-uadk_rsa-fix-to-free-from_buffer.patch
+Patch0077:	0077-uadk_engine-uask_async-fix-thread_attr-res-leak.patch
+Patch0078:	0078-uadk_engine-async-fix-add-async-send-timeout.patch
+Patch0079:	0079-cipher-uadk_e_bind_ciphers-function-is-optimized.patch
+Patch0080:	0080-cipher-UADK_CIPHER_DESCR-is-optimized.patch
+Patch0081:	0081-v1-pkey-fix-uninitialized-variable.patch
+Patch0082:	0082-uadk_engine-v1-fix-g_sec_ciphers_info-error.patch
 
 %description
 This package contains the UADK Accelerator Engine
@@ -125,6 +144,9 @@ fi
 /sbin/ldconfig
 
 %changelog
+* Wed Nov 29 2023 JiangShui Yang <yangjiangshui@h-partners.com> 1.2.0-4
+- Backport uadk engine build patch
+
 * Tue Nov 21 2023 JiangShui Yang <yangjiangshui@h-partners.com> 1.2.0-3
 - Backport uadk engine build patch