!18 [sync] PR-17: uadk_engine - update uadk engine source

From: @openeuler-sync-bot 
Reviewed-by: @hao-fang 
Signed-off-by: @hao-fang

0038-uadk-engine-change-Copyright-to-2022.patch

@@ -0,0 +1,177 @@
+From 1b8b65e31da0c6347575d0d201c8417241e81453 Mon Sep 17 00:00:00 2001
+From: Zhangfei Gao <zhangfei.gao@linaro.org>
+Date: Mon, 28 Mar 2022 02:31:53 +0000
+Subject: [PATCH 38/57] uadk-engine: change Copyright to 2022
+
+Change Copyright to 2022
+Add Linaro Copyright as well
+
+Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
+---
+ src/e_uadk.c      | 3 ++-
+ src/uadk.h        | 3 ++-
+ src/uadk_async.c  | 3 ++-
+ src/uadk_async.h  | 3 ++-
+ src/uadk_cipher.c | 3 ++-
+ src/uadk_dh.c     | 2 +-
+ src/uadk_digest.c | 3 ++-
+ src/uadk_ec.c     | 2 +-
+ src/uadk_ecx.c    | 2 +-
+ src/uadk_pkey.c   | 2 +-
+ src/uadk_pkey.h   | 2 +-
+ src/uadk_rsa.c    | 2 +-
+ src/uadk_sm2.c    | 2 +-
+ 13 files changed, 19 insertions(+), 13 deletions(-)
+
+diff --git a/src/e_uadk.c b/src/e_uadk.c
+index 79ecef8..4288569 100644
+--- a/src/e_uadk.c
++++ b/src/e_uadk.c
+@@ -1,5 +1,6 @@
+ /*
+- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Linaro ltd.
+  *
+  * Licensed under the Apache License, Version 2.0 (the "License");
+  * you may not use this file except in compliance with the License.
+diff --git a/src/uadk.h b/src/uadk.h
+index 384e035..ef09274 100644
+--- a/src/uadk.h
++++ b/src/uadk.h
+@@ -1,5 +1,6 @@
+ /*
+- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Linaro ltd.
+  *
+  * Licensed under the Apache License, Version 2.0 (the "License");
+  * you may not use this file except in compliance with the License.
+diff --git a/src/uadk_async.c b/src/uadk_async.c
+index c98153b..11d624c 100644
+--- a/src/uadk_async.c
++++ b/src/uadk_async.c
+@@ -1,5 +1,6 @@
+ /*
+- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Linaro ltd.
+  *
+  * Licensed under the Apache License, Version 2.0 (the "License");
+  * you may not use this file except in compliance with the License.
+diff --git a/src/uadk_async.h b/src/uadk_async.h
+index 9836dbb..d2a7e16 100644
+--- a/src/uadk_async.h
++++ b/src/uadk_async.h
+@@ -1,5 +1,6 @@
+ /*
+- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Linaro ltd.
+  *
+  * Licensed under the Apache License, Version 2.0 (the "License");
+  * you may not use this file except in compliance with the License.
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index 5ebad64..91895cc 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -1,5 +1,6 @@
+ /*
+- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Linaro ltd.
+  *
+  * Licensed under the Apache License, Version 2.0 (the "License");
+  * you may not use this file except in compliance with the License.
+diff --git a/src/uadk_dh.c b/src/uadk_dh.c
+index 40fb583..3882306 100644
+--- a/src/uadk_dh.c
++++ b/src/uadk_dh.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+  *
+  * Licensed under the Apache License, Version 2.0 (the "License");
+  * you may not use this file except in compliance with the License.
+diff --git a/src/uadk_digest.c b/src/uadk_digest.c
+index 355917d..ecc0ce6 100644
+--- a/src/uadk_digest.c
++++ b/src/uadk_digest.c
+@@ -1,5 +1,6 @@
+ /*
+- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Linaro ltd.
+  *
+  * Licensed under the Apache License, Version 2.0 (the "License");
+  * you may not use this file except in compliance with the License.
+diff --git a/src/uadk_ec.c b/src/uadk_ec.c
+index db69871..e219bdf 100644
+--- a/src/uadk_ec.c
++++ b/src/uadk_ec.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+  *
+  * Licensed under the Apache License, Version 2.0 (the "License");
+  * you may not use this file except in compliance with the License.
+diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
+index 67f9350..5d0ff76 100644
+--- a/src/uadk_ecx.c
++++ b/src/uadk_ecx.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+  *
+  * Licensed under the Apache License, Version 2.0 (the "License");
+  * you may not use this file except in compliance with the License.
+diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
+index f27e2f5..d4ec30e 100644
+--- a/src/uadk_pkey.c
++++ b/src/uadk_pkey.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+  *
+  * Licensed under the Apache License, Version 2.0 (the "License");
+  * you may not use this file except in compliance with the License.
+diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h
+index dfe6fbe..b30c2de 100644
+--- a/src/uadk_pkey.h
++++ b/src/uadk_pkey.h
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+  *
+  * Licensed under the Apache License, Version 2.0 (the "License");
+  * you may not use this file except in compliance with the License.
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index 821cb78..a80d203 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+  *
+  * Licensed under the Apache License, Version 2.0 (the "License");
+  * you may not use this file except in compliance with the License.
+diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
+index 8c75611..a478a94 100644
+--- a/src/uadk_sm2.c
++++ b/src/uadk_sm2.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 2020-2021 Huawei Technologies Co.,Ltd. All rights reserved.
++ * Copyright 2020-2022 Huawei Technologies Co.,Ltd. All rights reserved.
+  *
+  * Licensed under the Apache License, Version 2.0 (the "License");
+  * you may not use this file except in compliance with the License.
+-- 
+2.27.0
+

0039-README-move-test-script-to-sanity_test.sh.patch

@@ -0,0 +1,197 @@
+From 5dab65ce804d8e7995cef2eecfb375270d55f2ed Mon Sep 17 00:00:00 2001
+From: Zhangfei Gao <zhangfei.gao@linaro.org>
+Date: Wed, 30 Mar 2022 07:34:43 +0000
+Subject: [PATCH 39/57] README: move test script to sanity_test.sh
+
+Move test script from README to sanity_test.sh
+
+Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
+---
+ README              | 103 +-------------------------------------------
+ test/sanity_test.sh |  39 ++++++++++++++++-
+ 2 files changed, 39 insertions(+), 103 deletions(-)
+
+diff --git a/README b/README
+index 562a859..ed49128 100644
+--- a/README
++++ b/README
+@@ -63,108 +63,7 @@ Build & Install OpenSSL UADK Engine
+ Testing
+ -------
+ ```
+-    sudo test/sanity_test.sh
+-```
+-1. Cipher
+-```
+-openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
+-openssl speed -engine uadk_engine -async_jobs 1 -evp aes-128-cbc
+-openssl speed -engine uadk_engine -async_jobs 1 -evp sm4-cbc
+-openssl speed -engine uadk_engine -async_jobs 1 -evp des-ede3-cbc
+-```
+-2. RSA
+-```
+-openssl genrsa -out prikey.pem -engine uadk_engine 2048
+-openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk_engine
+-openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk_engine
+-openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk_engine
+-openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk_engine
+-openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk_engine
+-openssl speed -elapsed -engine uadk_engine rsa2048
+-openssl speed -elapsed -engine uadk_engine -async_jobs 10 rsa2048
+-```
+-3. SM3
+-```
+-openssl sm3 -engine uadk_engine data
+-```
+-4. MD5
+-```
+-openssl speed -engine uadk_engine -async_jobs 1 -evp md5
+-```
+-5. SHA
+-```
+-openssl sha1 -engine uadk_engine data
+-openssl sha256 -engine uadk_engine data
+-openssl sha512 -engine uadk_engine data
+-```
+-6. DH
+-
+-[step 1] Generate global public parameters, and save them in the file
+-dhparam.pem:
+-```
+-openssl dhparam -out dhparam.pem 2048
+-```
+-[step 2] Generate own private key:
+-```
+-openssl genpkey -paramfile dhparam.pem -out privatekey1.pem
+-openssl genpkey -paramfile dhparam.pem -out privatekey2.pem
+-```
+-[step 3] Generate public key:
+-```
+-openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine uadk
+-openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine uadk
+-```
+-[step 4] After exchanging public key, each user can derive the shared secret:
+-```
+-openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out
+-secret1.bin -engine uadk_engine
+-openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out
+-secret2.bin -engine uadk_engine
+-```
+-[step 5] Check secret1.bin and secret2.bin:
+-```
+-cmp secret1.bin secret2.bin
+-xxd secret1.bin
+-xxd secret2.bin
+-```
+-secret1.bin and secret2.bin should be the same.
+-
+-7. SM2
+-```
+-openssl speed -elapsed -engine uadk_engine sm2
+-openssl speed -elapsed -engine uadk_engine -async_jobs 1 sm2
+-openssl ecparam -genkey -name SM2 -out SM2PrivateKey.pem
+-openssl ec -in SM2PrivateKey.pem -pubout -out SM2PublicKey.pem
+-```
+-8. ECDSA
+-```
+-openssl speed -elapsed -engine uadk_engine ecdsap256
+-openssl speed -elapsed -engine uadk_engine -async_jobs 1 ecdsap256
++    ./test/sanity_test.sh
+ ```
+ 
+ Environment variable of uadk engine
+diff --git a/test/sanity_test.sh b/test/sanity_test.sh
+index 4273310..2c0c504 100755
+--- a/test/sanity_test.sh
++++ b/test/sanity_test.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ 
+-chmod 666 /dev/hisi_*
++sudo chmod 666 /dev/hisi_*
+ 
+ if [ ! -n "$1" ]; then
+ 	engine_id=uadk_engine
+@@ -24,6 +24,12 @@ if [[ $algs =~ "SM3" ]]; then
+ 	openssl speed -engine $engine_id -async_jobs 1 -evp sm3
+ fi
+ 
++if [[ $algs =~ "SM2" ]]; then
++	echo "testing SM2"
++	openssl speed -engine $engine_id -evp sm2
++	openssl speed -engine $engine_id -async_jobs 1 -evp sm2
++fi
++
+ if [[ $algs =~ "SHA" ]]; then
+ 	echo "testing SHA"
+ 	openssl speed -engine $engine_id -evp sha1
+@@ -58,6 +64,12 @@ if [[ $algs =~ "AES" ]]; then
+ 	openssl speed -engine $engine_id -async_jobs 1 -evp aes-128-xts
+ 	openssl speed -engine $engine_id -evp aes-256-xts
+ 	openssl speed -engine $engine_id -async_jobs 1 -evp aes-256-xts
++	openssl speed -engine $engine_id -evp aes-128-ctr
++	openssl speed -engine $engine_id -async_jobs 1 -evp aes-128-ctr
++	openssl speed -engine $engine_id -evp aes-192-ctr
++	openssl speed -engine $engine_id -async_jobs 1 -evp aes-192-ctr
++	openssl speed -engine $engine_id -evp aes-256-ctr
++	openssl speed -engine $engine_id -async_jobs 1 -evp aes-256-ctr
+ fi
+ 
+ if [[ $algs =~ "SM4-CBC" ]]; then
+@@ -134,3 +146,28 @@ if [[ $algs =~ "id-ecPublicKey" ]]; then
+ 	openssl speed -elapsed -engine $engine_id ecdhbrp384r1
+ 	openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhbrp384r1
+ fi
++
++#DH
++if [[ $algs =~ "DH" ]]; then
++	echo "testing DH"
++	#1. Generate global public parameters, and save them in the file dhparam.pem:
++	openssl dhparam -out dhparam.pem 2048
++
++	#2. Generate own private key:
++	openssl genpkey -paramfile dhparam.pem -out privatekey1.pem
++	openssl genpkey -paramfile dhparam.pem -out privatekey2.pem
++
++	#3. Generate public key:
++	openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine $engine_id
++	openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine $engine_id
++
++	#4. After exchanging public key, each user can derive the shared secret:
++	openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out secret1.bin -engine $engine_id
++	openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out secret2.bin -engine $engine_id
++
++	#5. Check secret1.bin and secret2.bin:
++	cmp secret1.bin secret2.bin
++	xxd secret1.bin
++	xxd secret2.bin
++	#secret1.bin and secret2.bin should be same.
++fi
+-- 
+2.27.0
+

0040-uadk_engine-fix-string-compare-mode.patch

@@ -0,0 +1,38 @@
+From 4763c7f374d4ba29a070b06147e2d47504902cf3 Mon Sep 17 00:00:00 2001
+From: JunchongPan <panjunchong@hisilicon.com>
+Date: Sat, 2 Apr 2022 09:47:08 +0800
+Subject: [PATCH 40/57] uadk_engine:fix string compare mode
+
+String compare now use '==' while compare point and string,
+changed to strcmp
+
+Signed-off-by: JunchongPan <panjunchong@hisilicon.com>
+---
+ src/e_uadk.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/e_uadk.c b/src/e_uadk.c
+index 4288569..58a10de 100644
+--- a/src/e_uadk.c
++++ b/src/e_uadk.c
+@@ -116,7 +116,7 @@ int uadk_e_is_env_enabled(const char *alg_name)
+ 	int i = 0;
+ 
+ 	while (i < len) {
+-		if (uadk_env_enabled[i].alg_name == alg_name)
++		if (strcmp(uadk_env_enabled[i].alg_name, alg_name))
+ 			return uadk_env_enabled[i].env_enabled;
+ 		i++;
+ 	}
+@@ -130,7 +130,7 @@ static void uadk_e_set_env_enabled(const char *alg_name, __u8 value)
+ 	int i = 0;
+ 
+ 	while (i < len) {
+-		if (uadk_env_enabled[i].alg_name == alg_name) {
++		if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) {
+ 			uadk_env_enabled[i].env_enabled = value;
+ 			return;
+ 		}
+-- 
+2.27.0
+

0041-cipher-optimize-the-process-of-ctx-initialization.patch

@@ -0,0 +1,32 @@
+From 17bfd66f31e712ffd9364bfb43c9899e10e84a7d Mon Sep 17 00:00:00 2001
+From: Kai Ye <yekai13@huawei.com>
+Date: Sat, 2 Apr 2022 11:19:16 +0800
+Subject: [PATCH 41/57] cipher: optimize the process of ctx initialization
+
+Optimize the process of ctx initialization as switching to soft work.
+If the ctx resources of a thread are insufficient at the beginning, the
+thread can't apply for resources again. Therefore, an flag checking is
+required.
+
+Signed-off-by: Kai Ye <yekai13@huawei.com>
+---
+ src/uadk_cipher.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index 91895cc..8a2c39d 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -851,6 +851,9 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
+ 	priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx);
+ 	priv->req.iv = priv->iv;
+ 
++	if (priv->switch_flag == UADK_DO_SOFT)
++		return;
++
+ 	ret = uadk_e_init_cipher();
+ 	if (unlikely(!ret)) {
+ 		priv->switch_flag = UADK_DO_SOFT;
+-- 
+2.27.0
+

0042-cipher-adding-an-iv-update-to-a-decryption.patch

@@ -0,0 +1,59 @@
+From 11016568bf6a929aebc216f5e7f5fd28b2e1d2a6 Mon Sep 17 00:00:00 2001
+From: Kai Ye <yekai13@huawei.com>
+Date: Thu, 12 May 2022 10:31:56 +0800
+Subject: [PATCH 42/57] cipher: adding an iv update to a decryption
+
+Adding an iv update to de-crypto method as cbc mode.
+the dst address should not be changed. So fix it.
+
+Signed-off-by: Kai Ye <yekai13@huawei.com>
+---
+ src/uadk_cipher.c | 25 ++++++++++++++-----------
+ 1 file changed, 14 insertions(+), 11 deletions(-)
+
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index 8a2c39d..49022f7 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -763,10 +763,13 @@ static void uadk_cipher_update_priv_ctx(struct cipher_priv_ctx *priv)
+ 
+ 	switch (priv->setup.mode) {
+ 	case WD_CIPHER_CBC:
+-		if (priv->req.op_type == WD_CIPHER_ENCRYPTION) {
+-			priv->req.dst += priv->req.in_bytes;
+-			memcpy(priv->iv, priv->req.dst - iv_bytes, iv_bytes);
+-		}
++		if (priv->req.op_type == WD_CIPHER_ENCRYPTION)
++			memcpy(priv->iv, priv->req.dst + priv->req.in_bytes - iv_bytes,
++			       iv_bytes);
++		else
++			memcpy(priv->iv, priv->req.src  + priv->req.in_bytes - iv_bytes,
++			       iv_bytes);
++
+ 		break;
+ 	case WD_CIPHER_OFB:
+ 		for (i = 0; i < IV_LEN; i++) {
+@@ -776,13 +779,13 @@ static void uadk_cipher_update_priv_ctx(struct cipher_priv_ctx *priv)
+ 		memcpy(priv->iv, K, iv_bytes);
+ 		break;
+ 	case WD_CIPHER_CFB:
+-		if (priv->req.op_type == WD_CIPHER_ENCRYPTION) {
+-			priv->req.dst += priv->req.in_bytes;
+-			memcpy(priv->iv, priv->req.dst - iv_bytes, iv_bytes);
+-		} else {
+-			priv->req.src += priv->req.in_bytes;
+-			memcpy(priv->iv, priv->req.src - iv_bytes, iv_bytes);
+-		}
++		if (priv->req.op_type == WD_CIPHER_ENCRYPTION)
++			memcpy(priv->iv, priv->req.dst + priv->req.in_bytes - iv_bytes,
++			       iv_bytes);
++		else
++			memcpy(priv->iv, priv->req.src + priv->req.in_bytes - iv_bytes,
++			       iv_bytes);
++
+ 		break;
+ 	case WD_CIPHER_CTR:
+ 		ctr_iv_inc(priv->iv, priv->req.in_bytes >> CTR_MODE_LEN_SHIFT);
+-- 
+2.27.0
+

0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch

@@ -0,0 +1,47 @@
+From d6b2f7a4b2486afb3b3a418f32ce9d43783ef8f0 Mon Sep 17 00:00:00 2001
+From: Kai Ye <yekai13@huawei.com>
+Date: Thu, 12 May 2022 10:31:57 +0800
+Subject: [PATCH 43/57] cipher: fix cipher decrypto failed as use jdk
+
+Because the java releases the memory immediately after the
+memory is used. So the engine should not use user memory for
+storage the key.
+
+Signed-off-by: Kai Ye <yekai13@huawei.com>
+---
+ src/uadk_cipher.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index 49022f7..7eba992 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -36,6 +36,7 @@
+ #define BYTE_BITS		8
+ #define IV_LEN			16
+ #define ENV_ENABLED		1
++#define MAX_KEY_LEN		64
+ 
+ struct cipher_engine {
+ 	struct wd_ctx_config ctx_cfg;
+@@ -57,7 +58,7 @@ struct cipher_priv_ctx {
+ 	struct wd_cipher_sess_setup setup;
+ 	struct wd_cipher_req req;
+ 	unsigned char iv[IV_LEN];
+-	const unsigned char *key;
++	unsigned char key[MAX_KEY_LEN];
+ 	int switch_flag;
+ 	void *sw_ctx_data;
+ 	/* Crypto small packet offload threshold */
+@@ -694,7 +695,7 @@ static int uadk_e_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ 	if (unlikely(ret != 1))
+ 		return 0;
+ 
+-	priv->key = key;
++	memcpy(priv->key, key, EVP_CIPHER_CTX_key_length(ctx));
+ 	priv->switch_threshold = SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT;
+ 
+ 	return 1;
+-- 
+2.27.0
+

0044-engine-add-receiving-timeout-count.patch

@@ -0,0 +1,169 @@
+From 4fbef0e061a97e3ead086de7f3f5689e9d53f454 Mon Sep 17 00:00:00 2001
+From: Kai Ye <yekai13@huawei.com>
+Date: Mon, 18 Jul 2022 09:41:39 +0800
+Subject: [PATCH 44/57] engine: add receiving timeout count
+
+Task fail due to hardware errors, but the process of poll
+isn't exit. Increase the count of packet receiving timeout
+as doing async jobs. Prevents falling into an infinite loop
+in poll ctx.
+
+Signed-off-by: Kai Ye <yekai13@huawei.com>
+---
+ src/uadk.h        | 5 +++--
+ src/uadk_cipher.c | 7 +++++--
+ src/uadk_dh.c     | 7 +++++--
+ src/uadk_digest.c | 7 +++++--
+ src/uadk_pkey.c   | 7 +++++--
+ src/uadk_rsa.c    | 7 +++++--
+ 6 files changed, 28 insertions(+), 12 deletions(-)
+
+diff --git a/src/uadk.h b/src/uadk.h
+index ef09274..e2635d4 100644
+--- a/src/uadk.h
++++ b/src/uadk.h
+@@ -22,8 +22,9 @@
+ #include <uadk/wd_sched.h>
+ #include "uadk_utils.h"
+ 
+-#define ARRAY_SIZE(x)	(sizeof(x) / sizeof((x)[0]))
+-#define ENV_STRING_LEN	256
++#define ARRAY_SIZE(x)		(sizeof(x) / sizeof((x)[0]))
++#define ENV_STRING_LEN		256
++#define ENGINE_RECV_MAX_CNT	60000000
+ 
+ enum {
+ 	KUNPENG920,
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index 7eba992..472c0ad 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -504,6 +504,7 @@ static int sched_single_poll_policy(handle_t h_sched_ctx,
+ static int uadk_e_cipher_poll(void *ctx)
+ {
+ 	struct cipher_priv_ctx *priv = (struct cipher_priv_ctx *) ctx;
++	__u64 rx_cnt = 0;
+ 	__u32 recv = 0;
+ 	/* Poll one packet currently */
+ 	int expt = 1;
+@@ -520,9 +521,11 @@ static int uadk_e_cipher_poll(void *ctx)
+ 			return 0;
+ 		else if (ret < 0 && ret != -EAGAIN)
+ 			return ret;
+-	} while (ret == -EAGAIN);
++	} while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ 
+-	return ret;
++	fprintf(stderr, "failed to recv msg: timeout!\n");
++
++	return -ETIMEDOUT;
+ }
+ 
+ static int uadk_e_cipher_env_poll(void *ctx)
+diff --git a/src/uadk_dh.c b/src/uadk_dh.c
+index 3882306..893b0f2 100644
+--- a/src/uadk_dh.c
++++ b/src/uadk_dh.c
+@@ -204,6 +204,7 @@ static __u32 dh_pick_next_ctx(handle_t sched_ctx,
+ 
+ static int uadk_e_dh_poll(void *ctx)
+ {
++	__u64 rx_cnt = 0;
+ 	__u32 recv = 0;
+ 	int expect = 1;
+ 	int idx = 1;
+@@ -215,9 +216,11 @@ static int uadk_e_dh_poll(void *ctx)
+ 			return UADK_E_POLL_SUCCESS;
+ 		else if (ret < 0 && ret != -EAGAIN)
+ 			return ret;
+-	} while (ret == -EAGAIN);
++	} while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ 
+-	return ret;
++	fprintf(stderr, "failed to recv msg: timeout!\n");
++
++	return -ETIMEDOUT;
+ }
+ 
+ static void uadk_e_dh_cb(void *req_t)
+diff --git a/src/uadk_digest.c b/src/uadk_digest.c
+index ecc0ce6..2e61e80 100644
+--- a/src/uadk_digest.c
++++ b/src/uadk_digest.c
+@@ -332,6 +332,7 @@ static int sched_single_poll_policy(handle_t h_sched_ctx,
+ 
+ static int uadk_e_digest_poll(void *ctx)
+ {
++	__u64 rx_cnt = 0;
+ 	__u32 recv = 0;
+ 	int expt = 1;
+ 	int ret = 0;
+@@ -342,9 +343,11 @@ static int uadk_e_digest_poll(void *ctx)
+ 			return 0;
+ 		else if (ret < 0 && ret != -EAGAIN)
+ 			return ret;
+-	} while (ret == -EAGAIN);
++	} while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ 
+-	return ret;
++	fprintf(stderr, "failed to recv msg: timeout!\n");
++
++	return -ETIMEDOUT;
+ }
+ 
+ static int uadk_e_digest_env_poll(void *ctx)
+diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
+index d4ec30e..2616c5e 100644
+--- a/src/uadk_pkey.c
++++ b/src/uadk_pkey.c
+@@ -113,6 +113,7 @@ void uadk_ecc_cb(void *req_t)
+ static int uadk_ecc_poll(void *ctx)
+ {
+ 	unsigned int recv = 0;
++	__u64 rx_cnt = 0;
+ 	int expt = 1;
+ 	int ret;
+ 
+@@ -122,9 +123,11 @@ static int uadk_ecc_poll(void *ctx)
+ 			return 0;
+ 		else if (ret < 0 && ret != -EAGAIN)
+ 			return ret;
+-	} while (ret == -EAGAIN);
++	} while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ 
+-	return ret;
++	fprintf(stderr, "failed to recv msg: timeout!\n");
++
++	return -ETIMEDOUT;
+ }
+ 
+ /* make resource configure static */
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index a80d203..29b2521 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -656,6 +656,7 @@ static int rsa_poll_policy(handle_t h_sched_ctx, __u32 expect, __u32 *count)
+ 
+ static int uadk_e_rsa_poll(void *ctx)
+ {
++	__u64 rx_cnt = 0;
+ 	__u32 recv = 0;
+ 	int expt = 1;
+ 	int ret;
+@@ -666,9 +667,11 @@ static int uadk_e_rsa_poll(void *ctx)
+ 			return UADK_E_POLL_SUCCESS;
+ 		else if (ret < 0 && ret != -EAGAIN)
+ 			return ret;
+-	} while (ret == -EAGAIN);
++	} while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ 
+-	return ret;
++	fprintf(stderr, "failed to recv msg: timeout!\n");
++
++	return -ETIMEDOUT;
+ }
+ 
+ static struct rsa_res_config rsa_res_config = {
+-- 
+2.27.0
+

0045-digest-fix-the-fault-as-using-the-nginx.patch

@@ -0,0 +1,49 @@
+From 7718ed9e56633bf2781f108a591eefe093ccb18b Mon Sep 17 00:00:00 2001
+From: Kai Ye <yekai13@huawei.com>
+Date: Mon, 18 Jul 2022 14:43:53 +0800
+Subject: [PATCH 45/57] digest: fix the fault as using the nginx
+
+Prevent double-free after the private ctx copy is used.
+
+Signed-off-by: Kai Ye <yekai13@huawei.com>
+---
+ src/uadk_digest.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/uadk_digest.c b/src/uadk_digest.c
+index 2e61e80..8127373 100644
+--- a/src/uadk_digest.c
++++ b/src/uadk_digest.c
+@@ -240,6 +240,10 @@ static void digest_soft_cleanup(struct digest_priv_ctx *md_ctx)
+ {
+ 	EVP_MD_CTX *ctx = md_ctx->soft_ctx;
+ 
++	/* Prevent double-free after the copy is used */
++	if (md_ctx->copy)
++		return;
++
+ 	if (ctx != NULL) {
+ 		if (ctx->md_data) {
+ 			OPENSSL_free(ctx->md_data);
+@@ -641,7 +645,9 @@ static int do_digest_sync(struct digest_priv_ctx *priv)
+ {
+ 	int ret;
+ 
+-	/* Fix me: not support switch the soft work as input is lower  */
++	if (priv->req.in_bytes <= priv->switch_threshold &&
++		priv->state == SEC_DIGEST_INIT)
++		return 0;
+ 
+ 	ret = wd_do_digest_sync(priv->sess, &priv->req);
+ 	if (ret) {
+@@ -743,6 +749,7 @@ static int uadk_e_digest_cleanup(EVP_MD_CTX *ctx)
+ 	struct digest_priv_ctx *priv =
+ 		(struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
+ 
++	/* Prevent double-free after the copy is used */
+ 	if (!priv || priv->copy)
+ 		return 1;
+ 
+-- 
+2.27.0
+

0046-ecc-cleanup-of-static-code-check.patch

@@ -0,0 +1,121 @@
+From c8dbfbdd80ea8b8d422a50c634e057dd37ac9aea Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 23 Jul 2022 16:45:03 +0800
+Subject: [PATCH 46/57] ecc: cleanup of static code check
+
+1. Use macros instead of specific numbers to represent
+the key size.
+2. Global variable 'sm2_order' only used in function
+'sm2_update_sess' should be declared in function scope.
+3. Remove unused structure 'uadk_ecc_sess'.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk_ec.c   | 22 +++++++++++-----------
+ src/uadk_pkey.c |  9 ---------
+ src/uadk_sm2.c  | 21 ++++++---------------
+ 3 files changed, 17 insertions(+), 35 deletions(-)
+
+diff --git a/src/uadk_ec.c b/src/uadk_ec.c
+index e219bdf..d78658b 100644
+--- a/src/uadk_ec.c
++++ b/src/uadk_ec.c
+@@ -129,18 +129,18 @@ err:
+ static int get_smallest_hw_keybits(int bits)
+ {
+ 	/* ec curve order width */
+-	if (bits > 384)
+-		return 521;
+-	else if (bits > 320)
+-		return 384;
+-	else if (bits > 256)
+-		return 320;
+-	else if (bits > 192)
+-		return 256;
+-	else if (bits > 128)
+-		return 192;
++	if (bits > ECC384BITS)
++		return ECC521BITS;
++	else if (bits > ECC320BITS)
++		return ECC384BITS;
++	else if (bits > ECC256BITS)
++		return ECC320BITS;
++	else if (bits > ECC192BITS)
++		return ECC256BITS;
++	else if (bits > ECC128BITS)
++		return ECC192BITS;
+ 	else
+-		return 128;
++		return ECC128BITS;
+ }
+ 
+ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
+diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
+index 2616c5e..a0b74af 100644
+--- a/src/uadk_pkey.c
++++ b/src/uadk_pkey.c
+@@ -44,15 +44,6 @@ struct ecc_res_config {
+ 	int numa_id;
+ };
+ 
+-typedef struct uadk_ecc_sess {
+-	handle_t sess;
+-	struct wd_ecc_sess_setup setup;
+-	struct wd_ecc_req req;
+-	int is_pubkey_ready;
+-	int is_privkey_ready;
+-	int key_size;
+-} uadk_ecc_sess_t;
+-
+ /* ecc global hardware resource is saved here */
+ struct ecc_res {
+ 	struct wd_ctx_config *ctx_res;
+diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
+index a478a94..fcca9f2 100644
+--- a/src/uadk_sm2.c
++++ b/src/uadk_sm2.c
+@@ -46,15 +46,6 @@ struct sm2_ctx {
+ 	bool is_init;
+ };
+ 
+-typedef struct uadk_ecc_sess {
+-	handle_t sess;
+-	struct wd_ecc_sess_setup setup;
+-	struct wd_ecc_req req;
+-	int is_pubkey_ready;
+-	int is_privkey_ready;
+-	int key_size;
+-} uadk_ecc_sess_t;
+-
+ typedef struct sm2_ciphertext {
+ 	BIGNUM *C1x;
+ 	BIGNUM *C1y;
+@@ -115,12 +106,6 @@ typedef int (*PFUNC_DEC)(EVP_PKEY_CTX *ctx,
+ 			 const unsigned char *in,
+ 			 size_t inlen);
+ 
+-const unsigned char sm2_order[] = {
+-	0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,\
+-	0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,\
+-	0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23
+-};
+-
+ static int get_hash_type(int nid_hash)
+ {
+ 	switch (nid_hash) {
+@@ -166,6 +151,12 @@ static int compute_hash(const char *in, size_t in_len,
+ 
+ static int sm2_update_sess(struct sm2_ctx *smctx)
+ {
++	const unsigned char sm2_order[] = {
++		0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff,
++		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
++		0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
++		0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23
++	};
+ 	int nid_hash = smctx->ctx.md ? EVP_MD_type(smctx->ctx.md) : NID_sm3;
+ 	struct wd_ecc_sess_setup setup;
+ 	handle_t sess;
+-- 
+2.27.0
+

0047-ecc-bugfix-about-return-value-check.patch

@@ -0,0 +1,260 @@
+From a8613bb37a229c64ab1846e4da2220912876fbfa Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 23 Jul 2022 16:56:02 +0800
+Subject: [PATCH 47/57] ecc: bugfix about return value check
+
+Check the return value of BN_CTX_get(), and add a new
+structure to wrap the curve parameters to make the logic
+of return value check clearer.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk_ec.c | 159 ++++++++++++++++++++++++++++++++++----------------
+ 1 file changed, 108 insertions(+), 51 deletions(-)
+
+diff --git a/src/uadk_ec.c b/src/uadk_ec.c
+index d78658b..37683cd 100644
+--- a/src/uadk_ec.c
++++ b/src/uadk_ec.c
+@@ -34,6 +34,19 @@
+ #define ECC384BITS      384
+ #define ECC521BITS      521
+ 
++struct curve_param {
++	/* prime */
++	BIGNUM *p;
++	/* ecc coefficient 'a' */
++	BIGNUM *a;
++	/* ecc coefficient 'b' */
++	BIGNUM *b;
++	/* base point */
++	const EC_POINT *g;
++	/* order of base point */
++	const BIGNUM *order;
++};
++
+ typedef ECDSA_SIG* (*PFUNC_SIGN_SIG)(const unsigned char *,
+ 				     int,
+ 				     const BIGNUM *,
+@@ -70,58 +83,92 @@ static void init_dtb_param(void *dtb, char *start,
+ 	}
+ }
+ 
++static void fill_ecc_cv_param(struct wd_ecc_curve *pparam,
++			      struct curve_param *cv_param,
++			      BIGNUM *g_x, BIGNUM *g_y)
++{
++	pparam->p.dsize = BN_bn2bin(cv_param->p, (void *)pparam->p.data);
++	pparam->a.dsize = BN_bn2bin(cv_param->a, (void *)pparam->a.data);
++	if (!pparam->a.dsize) {
++		pparam->a.dsize = 1;
++		pparam->a.data[0] = 0;
++	}
++
++	pparam->b.dsize = BN_bn2bin(cv_param->b, (void *)pparam->b.data);
++	if (!pparam->b.dsize) {
++		pparam->b.dsize = 1;
++		pparam->b.data[0] = 0;
++	}
++
++	pparam->g.x.dsize = BN_bn2bin(g_x, (void *)pparam->g.x.data);
++	pparam->g.y.dsize = BN_bn2bin(g_y, (void *)pparam->g.y.data);
++	pparam->n.dsize = BN_bn2bin(cv_param->order, (void *)pparam->n.data);
++}
++
+ static int set_sess_setup_cv(const EC_GROUP *group,
+ 			     struct wd_ecc_curve_cfg *cv)
+ {
+ 	struct wd_ecc_curve *pparam = cv->cfg.pparam;
+-	BIGNUM *p, *a, *b, *xg, *yg, *order;
+-	const EC_POINT *g;
++	struct curve_param *cv_param;
++	BIGNUM *g_x, *g_y;
++	int ret = -1;
+ 	BN_CTX *ctx;
+-	int ret;
+ 
+ 	ctx = BN_CTX_new();
+ 	if (!ctx)
+-		return -ENOMEM;
++		return ret;
+ 
+ 	BN_CTX_start(ctx);
+-	p = BN_CTX_get(ctx);
+-	a = BN_CTX_get(ctx);
+-	b = BN_CTX_get(ctx);
+-	xg = BN_CTX_get(ctx);
+-	yg = BN_CTX_get(ctx);
+ 
+-	ret = uadk_get_curve(group, p, a, b, ctx);
++	cv_param = OPENSSL_malloc(sizeof(struct curve_param));
++	if (!cv_param)
++		goto free_ctx;
++
++	cv_param->p = BN_CTX_get(ctx);
++	if (!cv_param->p)
++		goto free_cv;
++
++	cv_param->a = BN_CTX_get(ctx);
++	if (!cv_param->a)
++		goto free_cv;
++
++	cv_param->b = BN_CTX_get(ctx);
++	if (!cv_param->b)
++		goto free_cv;
++
++	g_x = BN_CTX_get(ctx);
++	if (!g_x)
++		goto free_cv;
++
++	g_y = BN_CTX_get(ctx);
++	if (!g_y)
++		goto free_cv;
++
++	ret = uadk_get_curve(group, cv_param->p, cv_param->a, cv_param->b, ctx);
+ 	if (ret)
+-		goto err;
++		goto free_cv;
+ 
+-	g = EC_GROUP_get0_generator(group);
+-	ret = uadk_get_affine_coordinates(group, g, xg, yg, ctx);
++	cv_param->g = EC_GROUP_get0_generator(group);
++	if (!cv_param->g)
++		goto free_cv;
++
++	ret = uadk_get_affine_coordinates(group, cv_param->g, g_x, g_y, ctx);
+ 	if (ret)
+-		goto err;
++		goto free_cv;
+ 
+-	order = (BIGNUM *)EC_GROUP_get0_order(group);
+-	pparam->p.dsize = BN_bn2bin(p, (void *)pparam->p.data);
+-	pparam->a.dsize = BN_bn2bin(a, (void *)pparam->a.data);
+-	/* a or b is all zero, but uadk not allow parameter length is zero */
+-	if (!pparam->a.dsize) {
+-		pparam->a.dsize = 1;
+-		pparam->a.data[0] = 0;
+-	}
+-	pparam->b.dsize = BN_bn2bin(b, (void *)pparam->b.data);
+-	if (!pparam->b.dsize) {
+-		pparam->b.dsize = 1;
+-		pparam->b.data[0] = 0;
+-	}
+-	pparam->g.x.dsize = BN_bn2bin(xg, (void *)pparam->g.x.data);
+-	pparam->g.y.dsize = BN_bn2bin(yg, (void *)pparam->g.y.data);
+-	pparam->n.dsize = BN_bn2bin(order, (void *)pparam->n.data);
++	cv_param->order = EC_GROUP_get0_order(group);
++	if (!cv_param->order)
++		goto free_cv;
++
++	fill_ecc_cv_param(pparam, cv_param, g_x, g_y);
+ 	cv->type = WD_CV_CFG_PARAM;
+ 	ret = 0;
+-err:
+-	if (ctx) {
+-		BN_CTX_end(ctx);
+-		BN_CTX_free(ctx);
+-	}
++
++free_cv:
++	OPENSSL_free(cv_param);
++free_ctx:
++	BN_CTX_end(ctx);
++	BN_CTX_free(ctx);
+ 
+ 	return ret;
+ }
+@@ -166,12 +213,13 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
+ 	sp.cv.cfg.pparam = &param;
+ 	group = EC_KEY_get0_group(eckey);
+ 	ret = set_sess_setup_cv(group, &sp.cv);
+-	if (ret) {
+-		free(dev);
+-		return (handle_t)0;
+-	}
++	if (ret)
++		goto free_dev;
+ 
+ 	order = EC_GROUP_get0_order(group);
++	if (!order)
++		goto free_dev;
++
+ 	key_bits = BN_num_bits(order);
+ 	sp.alg = alg;
+ 	sp.key_bits = get_smallest_hw_keybits(key_bits);
+@@ -184,8 +232,11 @@ static handle_t ecc_alloc_sess(const EC_KEY *eckey, char *alg)
+ 		fprintf(stderr, "failed to alloc ecc sess\n");
+ 
+ 	free(dev);
+-
+ 	return sess;
++
++free_dev:
++	free(dev);
++	return (handle_t)0;
+ }
+ 
+ static int check_ecc_bit_useful(const int bits)
+@@ -506,6 +557,10 @@ static int ecdsa_do_verify_check(EC_KEY *eckey,
+ 	const BIGNUM *order;
+ 	int ret;
+ 
++	ret = eckey_check(eckey);
++	if (ret)
++		return ret;
++
+ 	if (!dgst) {
+ 		fprintf(stderr, "dgst is NULL\n");
+ 		return -1;
+@@ -516,10 +571,6 @@ static int ecdsa_do_verify_check(EC_KEY *eckey,
+ 		return -1;
+ 	}
+ 
+-	ret = eckey_check(eckey);
+-	if (ret)
+-		return ret;
+-
+ 	pub_key = EC_KEY_get0_public_key(eckey);
+ 	if (!pub_key) {
+ 		fprintf(stderr, "pub_key is NULL\n");
+@@ -957,10 +1008,20 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req,
+ 	ctx = BN_CTX_new();
+ 	if (!ctx)
+ 		return -ENOMEM;
++
++	BN_CTX_start(ctx);
+ 	pkey_x = BN_CTX_get(ctx);
++	if (!pkey_x)
++		goto free_ctx;
++
+ 	pkey_y = BN_CTX_get(ctx);
++	if (!pkey_y)
++		goto free_ctx;
+ 
+ 	group = EC_KEY_get0_group(ecdh);
++	if (!group)
++		goto free_ctx;
++
+ 	uadk_get_affine_coordinates(group, pubkey, pkey_x, pkey_y, ctx);
+ 	in_pkey.x.data = buf_x;
+ 	in_pkey.y.data = buf_y;
+@@ -986,13 +1047,9 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req,
+ 	ret = 1;
+ 
+ free_ctx:
+-	if (ctx) {
+-		if (pkey_x)
+-			BN_clear(pkey_x);
+-		if (pkey_y)
+-			BN_clear(pkey_y);
+-		BN_CTX_free(ctx);
+-	}
++	BN_CTX_end(ctx);
++	BN_CTX_free(ctx);
++
+ 	return ret;
+ }
+ 
+-- 
+2.27.0
+

0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch

@@ -0,0 +1,170 @@
+From 7989e5639ab9a2de5d03ecb06942ad556ed41d93 Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 23 Jul 2022 16:57:50 +0800
+Subject: [PATCH 48/57] ecc: bugfix multiple definition of ecx structure
+
+The structure 'ECX_KEY' is defined in the libcrypto of OpenSSL,
+but OpenSSL does not put this definition in the header file in
+its 1.1.1x release version, so we can not use this structure
+directly. We should define a new structure that provides the
+same function to avoid conflict with the definition in OpenSSL
+when using static compilation.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk_ecx.c | 43 +++++++++++++++++++++++--------------------
+ 1 file changed, 23 insertions(+), 20 deletions(-)
+
+diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
+index 5d0ff76..df23156 100644
+--- a/src/uadk_ecx.c
++++ b/src/uadk_ecx.c
+@@ -31,14 +31,14 @@
+ #define X448_KEYLEN		56
+ #define X25519_KEYBITS		256
+ #define X448_KEYBITS		448
+-#define MAX_KEYLEN		57
++#define ECX_MAX_KEYLEN		57
+ #define UADK_E_SUCCESS		1
+ #define UADK_E_FAIL		0
+ 
+-typedef struct {
+-	unsigned char pubkey[MAX_KEYLEN];
++struct ecx_key {
++	unsigned char pubkey[ECX_MAX_KEYLEN];
+ 	unsigned char *privkey;
+-} ECX_KEY;
++};
+ 
+ struct ecx_ctx {
+ 	handle_t sess;
+@@ -224,12 +224,12 @@ static int ecx_get_nid(EVP_PKEY_CTX *ctx)
+ 	return nid;
+ }
+ 
+-static int ecx_create_privkey(ECX_KEY **ecx_key, int key_size)
++static int ecx_create_privkey(struct ecx_key **ecx_key, int key_size)
+ {
+ 	unsigned char *privkey;
+ 	int ret;
+ 
+-	*ecx_key = OPENSSL_zalloc(sizeof(ECX_KEY));
++	*ecx_key = OPENSSL_zalloc(sizeof(struct ecx_key));
+ 	if (!(*ecx_key)) {
+ 		fprintf(stderr, "failed to alloc ecx_key\n");
+ 		return UADK_E_FAIL;
+@@ -259,7 +259,8 @@ free_ecx_key:
+ 	return UADK_E_FAIL;
+ }
+ 
+-static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
++static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx,
++				      struct ecx_key *ecx_key)
+ {
+ 	handle_t sess = ecx_ctx->sess;
+ 	struct wd_ecc_key *ecc_key;
+@@ -280,14 +281,14 @@ static int ecx_keygen_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
+ }
+ 
+ static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx,
+-			       struct wd_ecc_req *req, ECX_KEY *ecx_key)
++			       struct wd_ecc_req *req, struct ecx_key *ecx_key)
+ {
+ 	struct wd_ecc_point *pubkey = NULL;
+ 	int key_size = ecx_ctx->key_size;
+ 	int ret;
+ 
+ 	wd_ecxdh_get_out_params(req->dst, &pubkey);
+-	if (key_size > MAX_KEYLEN) {
++	if (key_size > ECX_MAX_KEYLEN) {
+ 		fprintf(stderr, "invalid key size, key_size = %d\n", key_size);
+ 		return UADK_E_FAIL;
+ 	}
+@@ -368,8 +369,8 @@ static int openssl_do_ecx_genkey(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+ static int x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+ {
+ 	struct ecx_ctx *keygen_ctx = NULL;
++	struct ecx_key *ecx_key = NULL;
+ 	struct wd_ecc_req req = {0};
+-	ECX_KEY *ecx_key = NULL;
+ 	int ret;
+ 
+ 	ret = ecx_genkey_check(ctx, pkey);
+@@ -426,8 +427,8 @@ do_soft:
+ static int x448_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+ {
+ 	struct ecx_ctx *keygen_ctx = NULL;
++	struct ecx_key *ecx_key = NULL;
+ 	struct wd_ecc_req req = {0};
+-	ECX_KEY *ecx_key = NULL;
+ 	int ret;
+ 
+ 	ret = ecx_genkey_check(ctx, pkey);
+@@ -482,12 +483,13 @@ do_soft:
+ }
+ 
+ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req,
+-				ECX_KEY *peer_ecx_key, ECX_KEY *ecx_key)
++				struct ecx_key *peer_ecx_key,
++				struct ecx_key *ecx_key)
+ {
+ 	int key_size = ecx_ctx->key_size;
++	char buf_y[ECX_MAX_KEYLEN] = {0};
+ 	handle_t sess = ecx_ctx->sess;
+ 	struct wd_ecc_point in_pubkey;
+-	char buf_y[MAX_KEYLEN] = {0};
+ 	struct wd_ecc_out *ecx_out;
+ 	struct wd_ecc_in *ecx_in;
+ 	int ret;
+@@ -542,7 +544,8 @@ static void ecx_compkey_uninit_iot(handle_t sess, struct wd_ecc_req *req)
+ 	wd_ecc_del_in(sess, req->src);
+ }
+ 
+-static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
++static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx,
++				      struct ecx_key *ecx_key)
+ {
+ 	int key_size = ecx_ctx->key_size;
+ 	handle_t sess = ecx_ctx->sess;
+@@ -576,8 +579,8 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx, ECX_KEY *ecx_key)
+ 	return UADK_E_SUCCESS;
+ }
+ 
+-static int ecx_get_key(EVP_PKEY_CTX *ctx, ECX_KEY **ecx_key,
+-		       ECX_KEY **peer_ecx_key)
++static int ecx_get_key(EVP_PKEY_CTX *ctx, struct ecx_key **ecx_key,
++		       struct ecx_key **peer_ecx_key)
+ {
+ 	EVP_PKEY *pkey, *peer_key;
+ 
+@@ -623,11 +626,11 @@ static void x25519_pad_out_key(unsigned char *dst_key, unsigned char *src_key,
+ static int x25519_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+ 			 size_t *keylen)
+ {
++	struct ecx_key *peer_ecx_key = NULL;
+ 	struct wd_ecc_point *s_key = NULL;
+ 	struct ecx_ctx *derive_ctx = NULL;
+-	ECX_KEY *peer_ecx_key = NULL;
++	struct ecx_key *ecx_key = NULL;
+ 	struct wd_ecc_req req = {0};
+-	ECX_KEY *ecx_key = NULL;
+ 	int ret;
+ 
+ 	ret = x25519_init(ctx);
+@@ -709,11 +712,11 @@ static void x448_pad_out_key(unsigned char *dst_key, unsigned char *src_key,
+ static int x448_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+ 		       size_t *keylen)
+ {
++	struct ecx_key *peer_ecx_key = NULL;
+ 	struct wd_ecc_point *s_key = NULL;
+ 	struct ecx_ctx *derive_ctx = NULL;
+-	ECX_KEY *peer_ecx_key = NULL;
++	struct ecx_key *ecx_key = NULL;
+ 	struct wd_ecc_req req = {0};
+-	ECX_KEY *ecx_key = NULL;
+ 	int ret;
+ 
+ 	ret = x448_init(ctx);
+-- 
+2.27.0
+

0049-uadk_engine-remove-redundant-extern.patch

@@ -0,0 +1,76 @@
+From 55edca5dd3c13ff623c078eaea2dfb9a7f444eb7 Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 23 Jul 2022 17:06:29 +0800
+Subject: [PATCH 49/57] uadk_engine: remove redundant extern
+
+Remove the "extern" keyword before function declaration in
+the header file. Because the function in header file is
+'extern' by default, there is no need to specify explicitly.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk.h       | 24 ++++++++++++------------
+ src/uadk_async.h | 16 ++++++++--------
+ 2 files changed, 20 insertions(+), 20 deletions(-)
+
+diff --git a/src/uadk.h b/src/uadk.h
+index e2635d4..0188f0b 100644
+--- a/src/uadk.h
++++ b/src/uadk.h
+@@ -32,16 +32,16 @@ enum {
+ };
+ 
+ extern const char *engine_uadk_id;
+-extern int uadk_e_bind_cipher(ENGINE *e);
+-extern void uadk_e_destroy_cipher(void);
+-extern int uadk_e_bind_digest(ENGINE *e);
+-extern void uadk_e_destroy_digest(void);
+-extern int uadk_e_bind_rsa(ENGINE *e);
+-extern void uadk_e_destroy_rsa(void);
+-extern int uadk_e_bind_dh(ENGINE *e);
+-extern void uadk_e_destroy_dh(void);
+-extern int uadk_e_bind_ecc(ENGINE *e);
+-extern void uadk_e_destroy_ecc(void);
+-extern int uadk_e_is_env_enabled(const char *alg_name);
+-extern int uadk_e_set_env(const char *var_name, int numa_id);
++int uadk_e_bind_cipher(ENGINE *e);
++void uadk_e_destroy_cipher(void);
++int uadk_e_bind_digest(ENGINE *e);
++void uadk_e_destroy_digest(void);
++int uadk_e_bind_rsa(ENGINE *e);
++void uadk_e_destroy_rsa(void);
++int uadk_e_bind_dh(ENGINE *e);
++void uadk_e_destroy_dh(void);
++int uadk_e_bind_ecc(ENGINE *e);
++void uadk_e_destroy_ecc(void);
++int uadk_e_is_env_enabled(const char *alg_name);
++int uadk_e_set_env(const char *var_name, int numa_id);
+ #endif
+diff --git a/src/uadk_async.h b/src/uadk_async.h
+index d2a7e16..78f7a21 100644
+--- a/src/uadk_async.h
++++ b/src/uadk_async.h
+@@ -65,12 +65,12 @@ struct async_poll_queue {
+ 	pthread_t thread_id;
+ };
+ 
+-extern int async_setup_async_event_notification(struct async_op *op);
+-extern int async_clear_async_event_notification(void);
+-extern int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
+-extern void async_register_poll_fn(int type, async_recv_t func);
+-extern void async_module_init(void);
+-extern int async_wake_job(ASYNC_JOB *job);
+-extern void async_free_poll_task(int id, bool is_cb);
+-extern int async_get_free_task(int *id);
++int async_setup_async_event_notification(struct async_op *op);
++int async_clear_async_event_notification(void);
++int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
++void async_register_poll_fn(int type, async_recv_t func);
++void async_module_init(void);
++int async_wake_job(ASYNC_JOB *job);
++void async_free_poll_task(int id, bool is_cb);
++int async_get_free_task(int *id);
+ #endif
+-- 
+2.27.0
+

0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch

@@ -0,0 +1,212 @@
+From ba0a9ede4f72387f065e88c054e35dc6fdb59079 Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 23 Jul 2022 17:10:47 +0800
+Subject: [PATCH 50/57] uadk_engine: add timeout protection mechanism in poll
+
+Count the cycle times of poll. When the count times exceed the
+maximum number, exit to prevent the task from timeout.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk_cipher.c | 13 ++++++++-----
+ src/uadk_dh.c     | 11 +++++++----
+ src/uadk_digest.c | 11 +++++++----
+ src/uadk_pkey.c   | 13 ++++++++-----
+ src/uadk_rsa.c    | 11 +++++++----
+ 5 files changed, 37 insertions(+), 22 deletions(-)
+
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index 472c0ad..54d0a7d 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -517,7 +517,7 @@ static int uadk_e_cipher_poll(void *ctx)
+ 
+ 	do {
+ 		ret = wd_cipher_poll_ctx(idx, expt, &recv);
+-		if (recv >= expt)
++		if (recv == expt)
+ 			return 0;
+ 		else if (ret < 0 && ret != -EAGAIN)
+ 			return ret;
+@@ -530,18 +530,21 @@ static int uadk_e_cipher_poll(void *ctx)
+ 
+ static int uadk_e_cipher_env_poll(void *ctx)
+ {
++	__u64 rx_cnt = 0;
+ 	__u32 recv = 0;
+-	/* poll one packet currently */
++	/* Poll one packet currently */
+ 	int expt = 1;
+ 	int ret;
+ 
+ 	do {
+ 		ret = wd_cipher_poll(expt, &recv);
+-		if (ret < 0)
++		if (ret < 0 || recv == expt)
+ 			return ret;
+-	} while (recv < expt);
++	} while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ 
+-	return ret;
++	fprintf(stderr, "failed to poll msg: timeout!\n");
++
++	return -ETIMEDOUT;
+ }
+ 
+ static int uadk_e_wd_cipher_env_init(struct uacce_dev *dev)
+diff --git a/src/uadk_dh.c b/src/uadk_dh.c
+index 893b0f2..cf319e5 100644
+--- a/src/uadk_dh.c
++++ b/src/uadk_dh.c
+@@ -212,7 +212,7 @@ static int uadk_e_dh_poll(void *ctx)
+ 
+ 	do {
+ 		ret = wd_dh_poll_ctx(idx, expect, &recv);
+-		if (recv >= expect)
++		if (recv == expect)
+ 			return UADK_E_POLL_SUCCESS;
+ 		else if (ret < 0 && ret != -EAGAIN)
+ 			return ret;
+@@ -273,6 +273,7 @@ static struct dh_res_config dh_res_config = {
+ 
+ static int uadk_e_dh_env_poll(void *ctx)
+ {
++	__u64 rx_cnt = 0;
+ 	__u32 recv = 0;
+ 	/* Poll one packet currently */
+ 	int expt = 1;
+@@ -280,11 +281,13 @@ static int uadk_e_dh_env_poll(void *ctx)
+ 
+ 	do {
+ 		ret = wd_dh_poll(expt, &recv);
+-		if (ret < 0)
++		if (ret < 0 || recv == expt)
+ 			return ret;
+-	} while (recv < expt);
++	} while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ 
+-	return ret;
++	fprintf(stderr, "failed to poll msg: timeout!\n");
++
++	return -ETIMEDOUT;
+ }
+ 
+ static int uadk_e_wd_dh_env_init(struct uacce_dev *dev)
+diff --git a/src/uadk_digest.c b/src/uadk_digest.c
+index 8127373..853aa39 100644
+--- a/src/uadk_digest.c
++++ b/src/uadk_digest.c
+@@ -343,7 +343,7 @@ static int uadk_e_digest_poll(void *ctx)
+ 
+ 	do {
+ 		ret = wd_digest_poll_ctx(CTX_ASYNC, expt, &recv);
+-		if (recv >= expt)
++		if (recv == expt)
+ 			return 0;
+ 		else if (ret < 0 && ret != -EAGAIN)
+ 			return ret;
+@@ -356,6 +356,7 @@ static int uadk_e_digest_poll(void *ctx)
+ 
+ static int uadk_e_digest_env_poll(void *ctx)
+ {
++	__u64 rx_cnt = 0;
+ 	__u32 recv = 0;
+ 	/* Poll one packet currently */
+ 	int expt = 1;
+@@ -363,11 +364,13 @@ static int uadk_e_digest_env_poll(void *ctx)
+ 
+ 	do {
+ 		ret = wd_digest_poll(expt, &recv);
+-		if (ret < 0)
++		if (ret < 0 || recv == expt)
+ 			return ret;
+-	} while (recv < expt);
++	} while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ 
+-	return ret;
++	fprintf(stderr, "failed to poll msg: timeout!\n");
++
++	return -ETIMEDOUT;
+ }
+ 
+ static int uadk_e_wd_digest_env_init(struct uacce_dev *dev)
+diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
+index a0b74af..9a3a725 100644
+--- a/src/uadk_pkey.c
++++ b/src/uadk_pkey.c
+@@ -110,7 +110,7 @@ static int uadk_ecc_poll(void *ctx)
+ 
+ 	do {
+ 		ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv);
+-		if (recv >= expt)
++		if (recv == expt)
+ 			return 0;
+ 		else if (ret < 0 && ret != -EAGAIN)
+ 			return ret;
+@@ -143,18 +143,21 @@ int uadk_e_ecc_get_numa_id(void)
+ 
+ static int uadk_e_ecc_env_poll(void *ctx)
+ {
++	__u64 rx_cnt = 0;
+ 	__u32 recv = 0;
+-	/* poll one packet currently */
++	/* Poll one packet currently */
+ 	int expt = 1;
+ 	int ret;
+ 
+ 	do {
+ 		ret = wd_ecc_poll(expt, &recv);
+-		if (ret < 0)
++		if (ret < 0 || recv == expt)
+ 			return ret;
+-	} while (recv < expt);
++	} while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ 
+-	return ret;
++	fprintf(stderr, "failed to poll msg: timeout!\n");
++
++	return -ETIMEDOUT;
+ }
+ 
+ static int uadk_e_wd_ecc_env_init(struct uacce_dev *dev)
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index 29b2521..a74343f 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -663,7 +663,7 @@ static int uadk_e_rsa_poll(void *ctx)
+ 
+ 	do {
+ 		ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv);
+-		if (recv >= expt)
++		if (recv == expt)
+ 			return UADK_E_POLL_SUCCESS;
+ 		else if (ret < 0 && ret != -EAGAIN)
+ 			return ret;
+@@ -689,6 +689,7 @@ static struct rsa_res_config rsa_res_config = {
+ 
+ static int uadk_e_rsa_env_poll(void *ctx)
+ {
++	__u64 rx_cnt = 0;
+ 	__u32 recv = 0;
+ 	/* Poll one packet currently */
+ 	int expt = 1;
+@@ -696,11 +697,13 @@ static int uadk_e_rsa_env_poll(void *ctx)
+ 
+ 	do {
+ 		ret = wd_rsa_poll(expt, &recv);
+-		if (ret < 0)
++		if (ret < 0 || recv == expt)
+ 			return ret;
+-	} while (recv < expt);
++	} while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ 
+-	return ret;
++	fprintf(stderr, "failed to poll msg: timeout!\n");
++
++	return -ETIMEDOUT;
+ }
+ 
+ static int uadk_e_wd_rsa_env_init(struct uacce_dev *dev)
+-- 
+2.27.0
+

0051-rsa-cleanup-redundant-BN-operation.patch

@@ -0,0 +1,272 @@
+From 25b026f401195e0385fc575c51752e1c0c731394 Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 23 Jul 2022 17:13:09 +0800
+Subject: [PATCH 51/57] rsa: cleanup redundant BN operation
+
+Remove redundant codes for big number and rsa crt
+mode judgment.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk_rsa.c | 92 ++++++++++++++++++++++----------------------------
+ 1 file changed, 40 insertions(+), 52 deletions(-)
+
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index a74343f..f95632b 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -871,8 +871,8 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
+ 						 int is_crt)
+ {
+ 	unsigned int key_size =  bits >> BIT_BYTES_SHIFT;
+-	struct uadk_rsa_sess *rsa_sess;
+ 	struct sched_params params = {0};
++	struct uadk_rsa_sess *rsa_sess;
+ 
+ 	rsa_sess =  rsa_new_eng_session(rsa);
+ 	if (!rsa_sess)
+@@ -882,11 +882,7 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
+ 	rsa_sess->setup.key_bits = key_size << BIT_BYTES_SHIFT;
+ 	params.numa_id = g_rsa_res.numa_id;
+ 	rsa_sess->setup.sched_param = &params;
+-
+-	if (is_crt)
+-		rsa_sess->setup.is_crt = IS_SET;
+-	else
+-		rsa_sess->setup.is_crt = UN_SET;
++	rsa_sess->setup.is_crt = is_crt;
+ 
+ 	rsa_sess->sess = wd_rsa_alloc_sess(&rsa_sess->setup);
+ 	if (!rsa_sess->sess) {
+@@ -1377,10 +1373,8 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+ 
+ 	ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess,
+ 				   rsa, bn_param);
+-	if (!ret) {
++	if (!ret)
+ 		ret = UADK_DO_SOFT;
+-		goto free_kg_in_out;
+-	}
+ 
+ free_kg_in_out:
+ 	rsa_free_keygen_data(rsa_sess);
+@@ -1398,11 +1392,11 @@ exe_soft:
+ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
+ 				     unsigned char *to, RSA *rsa, int padding)
+ {
++	struct rsa_pubkey_param *pub_enc = NULL;
+ 	struct uadk_rsa_sess *rsa_sess = NULL;
+-	struct rsa_pubkey_param *pub = NULL;
+ 	unsigned char *from_buf = NULL;
+ 	int num_bytes, is_crt, ret;
+-	BIGNUM *ret_bn = NULL;
++	BIGNUM *enc_bn = NULL;
+ 
+ 	ret = check_rsa_input_para(flen, from, to, rsa);
+ 	if (!ret || ret == SOFT)
+@@ -1412,7 +1406,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
+ 	if (ret)
+ 		goto exe_soft;
+ 
+-	ret = rsa_pkey_param_alloc(&pub, NULL);
++	ret = rsa_pkey_param_alloc(&pub_enc, NULL);
+ 	if (ret == -ENOMEM)
+ 		goto exe_soft;
+ 
+@@ -1424,7 +1418,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
+ 		goto free_pkey;
+ 	}
+ 
+-	ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes);
++	ret = rsa_create_pub_bn_ctx(rsa, pub_enc, &from_buf, &num_bytes);
+ 	if (ret <= 0 || flen > num_bytes) {
+ 		ret = UADK_DO_SOFT;
+ 		goto free_sess;
+@@ -1436,7 +1430,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
+ 		goto free_buf;
+ 	}
+ 
+-	ret = rsa_fill_pubkey(pub, rsa_sess, from_buf, to);
++	ret = rsa_fill_pubkey(pub_enc, rsa_sess, from_buf, to);
+ 	if (!ret) {
+ 		ret = UADK_DO_SOFT;
+ 		goto free_buf;
+@@ -1448,27 +1442,25 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from,
+ 		goto free_buf;
+ 	}
+ 
+-	ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
++	enc_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
+ 			   rsa_sess->req.dst_bytes, NULL);
+-	if (!ret_bn) {
++	if (!enc_bn) {
+ 		ret = UADK_DO_SOFT;
+ 		goto free_buf;
+ 	}
+ 
+-	ret = BN_bn2binpad(ret_bn, to, num_bytes);
+-	if (ret == -1) {
++	ret = BN_bn2binpad(enc_bn, to, num_bytes);
++	if (ret == -1)
+ 		ret = UADK_DO_SOFT;
+-		goto free_bn;
+-	}
+ 
+-free_bn:
+-	BN_free(ret_bn);
++	BN_free(enc_bn);
++
+ free_buf:
+ 	rsa_free_pub_bn_ctx(&from_buf);
+ free_sess:
+ 	rsa_free_eng_session(rsa_sess);
+ free_pkey:
+-	rsa_pkey_param_free(&pub, NULL);
++	rsa_pkey_param_free(&pub_enc, NULL);
+ 	if (ret != UADK_DO_SOFT)
+ 		return ret;
+ exe_soft:
+@@ -1484,7 +1476,7 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
+ 	unsigned char *from_buf = NULL;
+ 	struct uadk_rsa_sess *rsa_sess;
+ 	int num_bytes, len, ret;
+-	BIGNUM *ret_bn = NULL;
++	BIGNUM *dec_bn = NULL;
+ 
+ 	ret = check_rsa_input_para(flen, from, to, rsa);
+ 	if (!ret || ret == SOFT)
+@@ -1526,27 +1518,25 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from,
+ 		goto free_buf;
+ 	}
+ 
+-	ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
++	dec_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
+ 			   rsa_sess->req.dst_bytes, NULL);
+-	if (!ret_bn) {
++	if (!dec_bn) {
+ 		ret = UADK_DO_SOFT;
+ 		goto free_buf;
+ 	}
+ 
+-	len = BN_bn2binpad(ret_bn, from_buf, num_bytes);
++	len = BN_bn2binpad(dec_bn, from_buf, num_bytes);
+ 	if (!len) {
+ 		ret = UADK_DO_SOFT;
+-		goto free_bn;
++		goto free_dec_bn;
+ 	}
+ 
+ 	ret = check_rsa_pridec_padding(to, num_bytes, from_buf, len, padding);
+-	if (!ret) {
++	if (!ret)
+ 		ret = UADK_DO_SOFT;
+-		goto free_bn;
+-	}
+ 
+-free_bn:
+-	BN_free(ret_bn);
++free_dec_bn:
++	BN_free(dec_bn);
+ free_buf:
+ 	rsa_free_pri_bn_ctx(&from_buf);
+ free_sess:
+@@ -1567,7 +1557,7 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
+ 	struct uadk_rsa_sess *rsa_sess = NULL;
+ 	struct rsa_prikey_param *pri = NULL;
+ 	unsigned char *from_buf = NULL;
+-	BIGNUM *ret_bn = NULL;
++	BIGNUM *sign_bn = NULL;
+ 	BIGNUM *to_bn = NULL;
+ 	BIGNUM *res = NULL;
+ 	int num_bytes, ret;
+@@ -1616,9 +1606,9 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
+ 		goto free_buf;
+ 	}
+ 
+-	ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
++	sign_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
+ 			   rsa_sess->req.dst_bytes, NULL);
+-	if (!ret_bn) {
++	if (!sign_bn) {
+ 		ret = UADK_DO_SOFT;
+ 		goto free_buf;
+ 	}
+@@ -1626,10 +1616,10 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
+ 	to_bn = BN_bin2bn(from_buf, num_bytes, NULL);
+ 	if (!to_bn) {
+ 		ret = UADK_DO_SOFT;
+-		goto free_ret_bn;
++		goto free_sign_bn;
+ 	}
+ 
+-	ret = rsa_get_sign_res(padding, to_bn, pri->n, ret_bn, &res);
++	ret = rsa_get_sign_res(padding, to_bn, pri->n, sign_bn, &res);
+ 	if (!ret) {
+ 		ret = UADK_DO_SOFT;
+ 		goto free_to_bn;
+@@ -1639,8 +1629,8 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from,
+ 
+ free_to_bn:
+ 	BN_free(to_bn);
+-free_ret_bn:
+-	BN_free(ret_bn);
++free_sign_bn:
++	BN_free(sign_bn);
+ free_buf:
+ 	rsa_free_pri_bn_ctx(&from_buf);
+ free_sess:
+@@ -1662,7 +1652,7 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
+ 	struct rsa_pubkey_param *pub = NULL;
+ 	int num_bytes, is_crt, len, ret;
+ 	unsigned char *from_buf = NULL;
+-	BIGNUM *ret_bn = NULL;
++	BIGNUM *verify_bn = NULL;
+ 
+ 	ret = check_rsa_input_para(flen, from, to, rsa);
+ 	if (!ret)
+@@ -1705,33 +1695,31 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from,
+ 		goto free_buf;
+ 	}
+ 
+-	ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
++	verify_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst,
+ 			    rsa_sess->req.dst_bytes, NULL);
+-	if (!ret_bn) {
++	if (!verify_bn) {
+ 		ret = UADK_DO_SOFT;
+ 		goto free_buf;
+ 	}
+ 
+-	ret = rsa_get_verify_res(padding, pub->n, ret_bn);
++	ret = rsa_get_verify_res(padding, pub->n, verify_bn);
+ 	if (!ret) {
+ 		ret = UADK_DO_SOFT;
+-		goto free_bn;
++		goto free_verify_bn;
+ 	}
+ 
+-	len = BN_bn2binpad(ret_bn, from_buf, num_bytes);
++	len = BN_bn2binpad(verify_bn, from_buf, num_bytes);
+ 	if (!len) {
+ 		ret = UADK_DO_SOFT;
+-		goto free_bn;
++		goto free_verify_bn;
+ 	}
+ 
+ 	ret = check_rsa_pubdec_padding(to, num_bytes, from_buf, len, padding);
+-	if (!ret) {
++	if (!ret)
+ 		ret = UADK_DO_SOFT;
+-		goto free_bn;
+-	}
+ 
+-free_bn:
+-	BN_free(ret_bn);
++free_verify_bn:
++	BN_free(verify_bn);
+ free_buf:
+ 	rsa_free_pub_bn_ctx(&from_buf);
+ free_sess:
+-- 
+2.27.0
+

0052-rsa-bugfix-memory-leak-in-genkey-process.patch

@@ -0,0 +1,189 @@
+From 8d27c38b9bbf0dee3ba17aac4d1bf9529bdafdea Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 23 Jul 2022 17:15:05 +0800
+Subject: [PATCH 52/57] rsa: bugfix memory leak in genkey process
+
+The process of releasing keygen parameter is supplemented:
+When an abnormal situation occurs, uadk engine needs to switch
+to software keygen function, so we need to free BN ctx we alloced
+before. But in normal situation, the BN ctx should be freed by
+OpenSSL tools or users, because the OpenSSL tool, for example,
+genrsa, has implemented the free operation, we should not free
+it again.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/e_uadk.c   |  3 +--
+ src/uadk_rsa.c | 57 ++++++++++++++++++++++++++------------------------
+ 2 files changed, 31 insertions(+), 29 deletions(-)
+
+diff --git a/src/e_uadk.c b/src/e_uadk.c
+index 58a10de..23fe0f2 100644
+--- a/src/e_uadk.c
++++ b/src/e_uadk.c
+@@ -333,8 +333,7 @@ static void bind_fn_uadk_alg(ENGINE *e)
+ }
+ 
+ /*
+- * This stuff is needed if this ENGINE is being
+- * compiled into a self-contained shared-library.
++ * Connect uadk_engine to OpenSSL engine library.
+  */
+ static int bind_fn(ENGINE *e, const char *id)
+ {
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index f95632b..5b23dab 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -968,15 +968,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,
+ 	return UADK_E_SUCCESS;
+ }
+ 
+-static int rsa_get_keygen_param(struct wd_rsa_req *req,
+-				handle_t ctx, RSA *rsa,
+-				struct rsa_keygen_param_bn *bn_param)
++static int rsa_get_keygen_param(struct wd_rsa_req *req, handle_t ctx, RSA *rsa,
++				struct rsa_keygen_param_bn *bn_param, BN_CTX **bn_ctx_in)
+ {
+ 	struct wd_rsa_kg_out *out = (struct wd_rsa_kg_out *)req->dst;
+ 	struct wd_dtb wd_d, wd_n, wd_qinv, wd_dq, wd_dp;
+ 	BIGNUM *dmp1, *dmq1, *iqmp, *n, *d;
+ 	unsigned int key_bits, key_size;
+-	BN_CTX *bn_ctx;
++	BN_CTX *bn_ctx = *bn_ctx_in;
+ 
+ 	key_bits = wd_rsa_get_key_bits(ctx);
+ 	if (!key_bits)
+@@ -986,30 +985,25 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
+ 	wd_rsa_get_kg_out_params(out, &wd_d, &wd_n);
+ 	wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp);
+ 
+-	bn_ctx = BN_CTX_new();
+-	if (!bn_ctx)
+-		return UADK_E_FAIL;
+-
+-	BN_CTX_start(bn_ctx);
+ 	dmp1 = BN_CTX_get(bn_ctx);
+ 	if (!dmp1)
+-		goto free_bn_ctx;
++		return UADK_E_FAIL;
+ 
+ 	dmq1 = BN_CTX_get(bn_ctx);
+ 	if (!dmq1)
+-		goto free_bn_ctx;
++		return UADK_E_FAIL;
+ 
+ 	iqmp = BN_CTX_get(bn_ctx);
+ 	if (!iqmp)
+-		goto free_bn_ctx;
++		return UADK_E_FAIL;
+ 
+ 	n = BN_CTX_get(bn_ctx);
+ 	if (!n)
+-		goto free_bn_ctx;
++		return UADK_E_FAIL;
+ 
+ 	d = BN_CTX_get(bn_ctx);
+ 	if (!d)
+-		goto free_bn_ctx;
++		return UADK_E_FAIL;
+ 
+ 	BN_bin2bn((unsigned char *)wd_d.data, key_size, d);
+ 	BN_bin2bn((unsigned char *)wd_n.data, key_size, n);
+@@ -1020,15 +1014,9 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req,
+ 	if (!(RSA_set0_key(rsa, n, bn_param->e, d) &&
+ 	    RSA_set0_factors(rsa, bn_param->p, bn_param->q) &&
+ 	    RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)))
+-		goto free_bn_ctx;
++		return UADK_E_FAIL;
+ 
+ 	return UADK_E_SUCCESS;
+-
+-free_bn_ctx:
+-	BN_CTX_end(bn_ctx);
+-	BN_CTX_free(bn_ctx);
+-
+-	return UADK_E_FAIL;
+ }
+ 
+ static void uadk_e_rsa_cb(void *req_t)
+@@ -1179,7 +1167,7 @@ static void rsa_free_keygen_data(struct uadk_rsa_sess *rsa_sess)
+ 
+ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
+ 				  struct rsa_keygen_param_bn **keygen_bn_param,
+-				  struct rsa_keypair **key_pair)
++				  struct rsa_keypair **key_pair, BN_CTX **bn_ctx_in)
+ {
+ 	BN_CTX *bn_ctx;
+ 
+@@ -1201,6 +1189,8 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param,
+ 		goto free_key_pair;
+ 
+ 	BN_CTX_start(bn_ctx);
++	*bn_ctx_in = bn_ctx;
++
+ 	(*keygen_bn_param)->e = BN_CTX_get(bn_ctx);
+ 	if (!(*keygen_bn_param)->e)
+ 		goto free_bn_ctx;
+@@ -1230,8 +1220,21 @@ err:
+ 
+ static void rsa_keygen_param_free(struct rsa_keygen_param **keygen_param,
+ 				  struct rsa_keygen_param_bn **keygen_bn_param,
+-				  struct rsa_keypair **key_pair)
++				  struct rsa_keypair **key_pair, BN_CTX **bn_ctx,
++				  int free_bn_ctx_tag)
+ {
++	/*
++	 * When an abnormal situation occurs, uadk engine needs
++	 * to switch to software keygen function, so we need to
++	 * free BN ctx we alloced before. But in normal situation,
++	 * the BN ctx should be freed by OpenSSL tools or users.
++	 * Therefore, we use a tag to distinguish these cases.
++	 */
++	if (free_bn_ctx_tag == UADK_DO_SOFT) {
++		BN_CTX_end(*bn_ctx);
++		BN_CTX_free(*bn_ctx);
++	}
++
+ 	OPENSSL_free(*keygen_bn_param);
+ 	OPENSSL_free(*keygen_param);
+ 	OPENSSL_free(*key_pair);
+@@ -1327,6 +1330,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+ 	struct rsa_keygen_param_bn *bn_param = NULL;
+ 	struct uadk_rsa_sess *rsa_sess = NULL;
+ 	struct rsa_keypair *key_pair = NULL;
++	BN_CTX *bn_ctx = NULL;
+ 	int is_crt = 1;
+ 	int ret;
+ 
+@@ -1338,7 +1342,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+ 	if (ret)
+ 		goto exe_soft;
+ 
+-	ret = rsa_keygen_param_alloc(&keygen_param, &bn_param, &key_pair);
++	ret = rsa_keygen_param_alloc(&keygen_param, &bn_param, &key_pair, &bn_ctx);
+ 	if (ret == -ENOMEM)
+ 		goto exe_soft;
+ 
+@@ -1371,8 +1375,7 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+ 		goto free_kg_in_out;
+ 	}
+ 
+-	ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess,
+-				   rsa, bn_param);
++	ret = rsa_get_keygen_param(&rsa_sess->req, rsa_sess->sess, rsa, bn_param, &bn_ctx);
+ 	if (!ret)
+ 		ret = UADK_DO_SOFT;
+ 
+@@ -1381,7 +1384,7 @@ free_kg_in_out:
+ free_sess:
+ 	rsa_free_eng_session(rsa_sess);
+ free_keygen:
+-	rsa_keygen_param_free(&keygen_param, &bn_param, &key_pair);
++	rsa_keygen_param_free(&keygen_param, &bn_param, &key_pair, &bn_ctx, ret);
+ 	if (ret != UADK_DO_SOFT)
+ 		return ret;
+ exe_soft:
+-- 
+2.27.0
+

0053-rsa-remove-unused-software-method.patch

@@ -0,0 +1,97 @@
+From ff703a9aa6a0a2dada51b7bf88cc9e1a8ce2d6cd Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 23 Jul 2022 17:16:59 +0800
+Subject: [PATCH 53/57] rsa: remove unused software method
+
+Switching to software methods in abnormal scenarios has been
+implemented in other functions, uadk_e_get_rsa_sw_methods()
+is actually unused, so we remove it.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk_rsa.c | 49 +++++--------------------------------------------
+ 1 file changed, 5 insertions(+), 44 deletions(-)
+
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index 5b23dab..7983bc0 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -53,7 +53,6 @@
+ #define ENV_ENABLED			1
+ 
+ static RSA_METHOD *rsa_hw_meth;
+-static RSA_METHOD *rsa_sw_meth;
+ 
+ struct bignum_st {
+ 	BN_ULONG *d;
+@@ -1737,25 +1736,11 @@ exe_soft:
+ 				   (flen, from, to, rsa, padding);
+ }
+ 
+-static RSA_METHOD *uadk_e_get_rsa_sw_methods(void)
+-{
+-	/* meth: default rsa software method */
+-	const RSA_METHOD *meth = RSA_PKCS1_OpenSSL();
+-
+-	rsa_sw_meth = RSA_meth_new("rsa soft method", 0);
+-	(void)RSA_meth_set_pub_enc(rsa_sw_meth, RSA_meth_get_pub_enc(meth));
+-	(void)RSA_meth_set_priv_enc(rsa_sw_meth, RSA_meth_get_priv_enc(meth));
+-	(void)RSA_meth_set_pub_dec(rsa_sw_meth, RSA_meth_get_pub_dec(meth));
+-	(void)RSA_meth_set_priv_dec(rsa_sw_meth, RSA_meth_get_priv_dec(meth));
+-	(void)RSA_meth_set_keygen(rsa_sw_meth, uadk_e_soft_rsa_keygen);
+-	(void)RSA_meth_set_mod_exp(rsa_sw_meth, RSA_meth_get_mod_exp(meth));
+-	(void)RSA_meth_set_bn_mod_exp(rsa_sw_meth,
+-				      RSA_meth_get_bn_mod_exp(meth));
+-
+-	return rsa_sw_meth;
+-}
+-
+-static RSA_METHOD *uadk_e_get_rsa_hw_methods(void)
++/**
++ * uadk_get_rsa_method() - Set rsa hardware methods of the RSA implementation which
++ * can be called from ENGINE structure.
++ */
++static RSA_METHOD *uadk_e_get_rsa_methods(void)
+ {
+ 	if (rsa_hw_meth)
+ 		return rsa_hw_meth;
+@@ -1780,36 +1765,12 @@ static RSA_METHOD *uadk_e_get_rsa_hw_methods(void)
+ 	return rsa_hw_meth;
+ }
+ 
+-/**
+- * uadk_get_rsa_method() - Set rsa methods of the RSA implementation which
+- * can be called from ENGINE structure.
+- */
+-static RSA_METHOD *uadk_e_get_rsa_methods(void)
+-{
+-	struct uacce_dev *dev;
+-
+-	dev = wd_get_accel_dev("rsa");
+-	if (!dev)
+-		return uadk_e_get_rsa_sw_methods();
+-
+-	free(dev);
+-	return uadk_e_get_rsa_hw_methods();
+-}
+-
+ static void uadk_e_delete_rsa_meth(void)
+ {
+-	if (!rsa_hw_meth && !rsa_sw_meth)
+-		return;
+-
+ 	if (rsa_hw_meth) {
+ 		RSA_meth_free(rsa_hw_meth);
+ 		rsa_hw_meth = NULL;
+ 	}
+-
+-	if (rsa_sw_meth) {
+-		RSA_meth_free(rsa_sw_meth);
+-		rsa_sw_meth = NULL;
+-	}
+ }
+ 
+ /**
+-- 
+2.27.0
+

0054-doc-Modify-maintainers.patch

@@ -0,0 +1,26 @@
+From 9dd29d1cfd3b3038bc8a347c51f1f176c28ec0b5 Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Mon, 25 Jul 2022 11:42:11 +0800
+Subject: [PATCH 54/57] doc: Modify maintainers
+
+Personnel change, replace a maintainer.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ docs/maintenance.md | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs/maintenance.md b/docs/maintenance.md
+index 50ed1fe..1a563ce 100644
+--- a/docs/maintenance.md
++++ b/docs/maintenance.md
+@@ -28,5 +28,5 @@ sudo test/sanity_test.sh
+ ```
+ Zhangfei Gao <zhangfei.gao@linaro.org>
+ Zhou Wang <wangzhou1@hisilicon.com>
+-Hui Tang <tanghui20@huawei.com>
++Zhiqi Song <songzhiqi1@huawei.com>
+ ```
+-- 
+2.27.0
+

0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch

@@ -0,0 +1,52 @@
+From 623c8687b64381b0dc454ea2d2c81ee5f6bfdbc7 Mon Sep 17 00:00:00 2001
+From: Weili Qian <qianweili@huawei.com>
+Date: Tue, 26 Jul 2022 10:39:01 +0800
+Subject: [PATCH 55/57] rsa: modify the default algorithm of keygen soft
+ algorithm
+
+When the hardware algorithm execution fails, the engine needs to
+switch to the soft algorithm execution, and the callback needs to
+be modified to the soft algorithm to prevent it from being
+re-transferred to the hardware interface.
+
+Signed-off-by: Weili Qian <qianweili@huawei.com>
+---
+ src/uadk_rsa.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index 7983bc0..03f2ce5 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -140,6 +140,8 @@ enum {
+ 	MAX_CODE,
+ };
+ 
++static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
++
+ static int rsa_check_bit_useful(const int bits, int flen)
+ {
+ 	if (flen > bits)
+@@ -1100,10 +1102,19 @@ err:
+ 
+ static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+ {
++	const RSA_METHOD *default_meth = RSA_PKCS1_OpenSSL();
+ 	int ret;
+ 
++	if (!default_meth) {
++		fprintf(stderr, "failed to get soft method.\n");
++		return UADK_E_FAIL;
++	}
++
+ 	UNUSED(cb);
++	(void)RSA_meth_set_keygen(rsa_hw_meth,
++				  RSA_meth_get_keygen(default_meth));
+ 	ret = RSA_generate_key_ex(rsa, bits, e, NULL);
++	(void)RSA_meth_set_keygen(rsa_hw_meth, uadk_e_rsa_keygen);
+ 
+ 	return ret;
+ }
+-- 
+2.27.0
+

0056-engine-initialize-resources-only-once.patch

@@ -0,0 +1,224 @@
+From 0245d700da510dd54926eab3fb9377bde991024f Mon Sep 17 00:00:00 2001
+From: Weili Qian <qianweili@huawei.com>
+Date: Tue, 26 Jul 2022 10:54:03 +0800
+Subject: [PATCH 56/57] engine: initialize resources only once
+
+If multiple threads load the engine repeatedly, the
+poll_queue and global locks in the algorithm API are
+repeatedly initialized. As a result, tasks of other
+threads are abnormal.
+
+Therefore, this patch moves resource initialization
+to the function 'uadk_init' and only initialize once.
+
+Signed-off-by: Weili Qian <qianweili@huawei.com>
+---
+ src/e_uadk.c      | 37 +++++++++++++++++++++++++++++++++----
+ src/uadk.h        |  5 +++++
+ src/uadk_cipher.c |  7 +++++--
+ src/uadk_dh.c     |  7 +++++--
+ src/uadk_digest.c |  7 +++++--
+ src/uadk_pkey.c   |  7 +++++--
+ src/uadk_rsa.c    |  6 ++++--
+ 7 files changed, 62 insertions(+), 14 deletions(-)
+
+diff --git a/src/e_uadk.c b/src/e_uadk.c
+index 23fe0f2..1b95284 100644
+--- a/src/e_uadk.c
++++ b/src/e_uadk.c
+@@ -43,6 +43,8 @@ static int uadk_digest;
+ static int uadk_rsa;
+ static int uadk_dh;
+ static int uadk_ecc;
++static int uadk_inited;
++static pthread_mutex_t uadk_engine_mutex = PTHREAD_MUTEX_INITIALIZER;
+ 
+ #ifdef KAE
+ static int uadk_cipher_nosva;
+@@ -219,12 +221,41 @@ static int uadk_destroy(ENGINE *e)
+ 		uadk_e_destroy_ecc();
+ 	if (uadk_dh)
+ 		uadk_e_destroy_dh();
++
++	pthread_mutex_lock(&uadk_engine_mutex);
++	uadk_inited = 0;
++	pthread_mutex_unlock(&uadk_engine_mutex);
++
+ 	return 1;
+ }
+ 
+-
+ static int uadk_init(ENGINE *e)
+ {
++	int ret;
++
++	pthread_mutex_lock(&uadk_engine_mutex);
++	if (uadk_inited) {
++		pthread_mutex_unlock(&uadk_engine_mutex);
++		return 1;
++	}
++
++	if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc)
++		async_module_init();
++
++	if (uadk_digest)
++		uadk_e_digest_lock_init();
++	if (uadk_cipher)
++		uadk_e_cipher_lock_init();
++	if (uadk_rsa)
++		uadk_e_rsa_lock_init();
++	if (uadk_dh)
++		uadk_e_dh_lock_init();
++	if (uadk_ecc)
++		uadk_e_ecc_lock_init();
++
++	uadk_inited = 1;
++	pthread_mutex_unlock(&uadk_engine_mutex);
++
+ 	return 1;
+ }
+ 
+@@ -360,10 +391,8 @@ static int bind_fn(ENGINE *e, const char *id)
+ #endif
+ 	bind_fn_uadk_alg(e);
+ 
+-	if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) {
+-		async_module_init();
++	if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc)
+ 		pthread_atfork(NULL, NULL, engine_init_child_at_fork_handler);
+-	}
+ 
+ 	ret = ENGINE_set_ctrl_function(e, uadk_engine_ctrl);
+ 	if (ret != 1) {
+diff --git a/src/uadk.h b/src/uadk.h
+index 0188f0b..cd3447c 100644
+--- a/src/uadk.h
++++ b/src/uadk.h
+@@ -44,4 +44,9 @@ int uadk_e_bind_ecc(ENGINE *e);
+ void uadk_e_destroy_ecc(void);
+ int uadk_e_is_env_enabled(const char *alg_name);
+ int uadk_e_set_env(const char *var_name, int numa_id);
++void uadk_e_ecc_lock_init(void);
++void uadk_e_rsa_lock_init(void);
++void uadk_e_dh_lock_init(void);
++void uadk_e_cipher_lock_init(void);
++void uadk_e_digest_lock_init(void);
+ #endif
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index 54d0a7d..c5bc7af 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -1076,8 +1076,6 @@ int uadk_e_bind_cipher(ENGINE *e)
+ 	if (platform > KUNPENG920)
+ 		bind_v3_cipher();
+ 
+-	pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
+-
+ 	return ENGINE_set_ciphers(e, uadk_e_engine_ciphers);
+ }
+ 
+@@ -1160,3 +1158,8 @@ void uadk_e_destroy_cipher(void)
+ 	if (platform > KUNPENG920)
+ 		destroy_v3_cipher();
+ }
++
++void uadk_e_cipher_lock_init(void)
++{
++	pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
++}
+diff --git a/src/uadk_dh.c b/src/uadk_dh.c
+index cf319e5..37f84e9 100644
+--- a/src/uadk_dh.c
++++ b/src/uadk_dh.c
+@@ -902,8 +902,6 @@ static void uadk_e_delete_dh_meth(void)
+ 
+ int uadk_e_bind_dh(ENGINE *e)
+ {
+-	pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE);
+-
+ 	return ENGINE_set_DH(e, uadk_e_get_dh_methods());
+ }
+ 
+@@ -913,3 +911,8 @@ void uadk_e_destroy_dh(void)
+ 	uadk_e_delete_dh_meth();
+ 	uadk_e_wd_dh_uninit();
+ }
++
++void uadk_e_dh_lock_init(void)
++{
++	pthread_spin_init(&g_dh_res.lock, PTHREAD_PROCESS_PRIVATE);
++}
+diff --git a/src/uadk_digest.c b/src/uadk_digest.c
+index 853aa39..b2646cb 100644
+--- a/src/uadk_digest.c
++++ b/src/uadk_digest.c
+@@ -804,6 +804,11 @@ do { \
+ 		return 0; \
+ } while (0)
+ 
++void uadk_e_digest_lock_init(void)
++{
++	pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
++}
++
+ int uadk_e_bind_digest(ENGINE *e)
+ {
+ 	UADK_DIGEST_DESCR(md5, md5WithRSAEncryption, MD5_DIGEST_LENGTH,
+@@ -849,8 +854,6 @@ int uadk_e_bind_digest(ENGINE *e)
+ 			  uadk_e_digest_final, uadk_e_digest_cleanup,
+ 			  uadk_e_digest_copy);
+ 
+-	pthread_spin_init(&engine.lock, PTHREAD_PROCESS_PRIVATE);
+-
+ 	return ENGINE_set_digests(e, uadk_engine_digests);
+ }
+ 
+diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
+index 9a3a725..211f1cc 100644
+--- a/src/uadk_pkey.c
++++ b/src/uadk_pkey.c
+@@ -615,6 +615,11 @@ static int uadk_ecc_bind_pmeth(ENGINE *e)
+ 	return ENGINE_set_pkey_meths(e, get_pkey_meths);
+ }
+ 
++void uadk_e_ecc_lock_init(void)
++{
++	pthread_spin_init(&ecc_res.lock, PTHREAD_PROCESS_PRIVATE);
++}
++
+ int uadk_e_bind_ecc(ENGINE *e)
+ {
+ 	int ret;
+@@ -631,8 +636,6 @@ int uadk_e_bind_ecc(ENGINE *e)
+ 		return ret;
+ 	}
+ 
+-	pthread_spin_init(&ecc_res.lock, PTHREAD_PROCESS_PRIVATE);
+-
+ 	return ret;
+ }
+ 
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index 03f2ce5..ef1739d 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -1790,8 +1790,6 @@ static void uadk_e_delete_rsa_meth(void)
+  */
+ int uadk_e_bind_rsa(ENGINE *e)
+ {
+-	pthread_spin_init(&g_rsa_res.lock, PTHREAD_PROCESS_PRIVATE);
+-
+ 	return ENGINE_set_RSA(e, uadk_e_get_rsa_methods());
+ }
+ 
+@@ -1802,3 +1800,7 @@ void uadk_e_destroy_rsa(void)
+ 	uadk_e_rsa_uninit();
+ }
+ 
++void uadk_e_rsa_lock_init(void)
++{
++	pthread_spin_init(&g_rsa_res.lock, PTHREAD_PROCESS_PRIVATE);
++}
+-- 
+2.27.0
+

0057-engine-fix-function-type.patch

@@ -0,0 +1,105 @@
+From f43d50084550042f053de2dcce03d91d5f8b040a Mon Sep 17 00:00:00 2001
+From: Weili Qian <qianweili@huawei.com>
+Date: Tue, 26 Jul 2022 10:58:56 +0800
+Subject: [PATCH 57/57] engine: fix function type
+
+If return type of the function 'async_module_init' is void,
+when function executes failed, the app continues to execute tasks.
+The process will be abnormal. Change 'async_module_init' type to int.
+If function executes failed, 0 is returned.
+
+Signed-off-by: Weili Qian <qianweili@huawei.com>
+---
+ src/e_uadk.c     | 16 +++++++++++++---
+ src/uadk_async.c |  9 +++++----
+ src/uadk_async.h |  2 +-
+ 3 files changed, 19 insertions(+), 8 deletions(-)
+
+diff --git a/src/e_uadk.c b/src/e_uadk.c
+index 1b95284..77612d7 100644
+--- a/src/e_uadk.c
++++ b/src/e_uadk.c
+@@ -239,8 +239,14 @@ static int uadk_init(ENGINE *e)
+ 		return 1;
+ 	}
+ 
+-	if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc)
+-		async_module_init();
++	if (uadk_cipher || uadk_digest || uadk_rsa || uadk_dh || uadk_ecc) {
++		ret = async_module_init();
++		if (!ret) {
++			pthread_mutex_unlock(&uadk_engine_mutex);
++			fprintf(stderr, "failed to init async module!\n");
++			return 0;
++		}
++	}
+ 
+ 	if (uadk_digest)
+ 		uadk_e_digest_lock_init();
+@@ -266,7 +272,11 @@ static int uadk_finish(ENGINE *e)
+ 
+ static void engine_init_child_at_fork_handler(void)
+ {
+-	async_module_init();
++	int ret;
++
++	ret = async_module_init();
++	if (!ret)
++		fprintf(stderr, "failed to init child async module!\n");
+ }
+ 
+ #ifdef KAE
+diff --git a/src/uadk_async.c b/src/uadk_async.c
+index 11d624c..3f2e1db 100644
+--- a/src/uadk_async.c
++++ b/src/uadk_async.c
+@@ -336,7 +336,7 @@ static void *async_poll_process_func(void *args)
+ 	return NULL;
+ }
+ 
+-void async_module_init(void)
++int async_module_init(void)
+ {
+ 	pthread_t thread_id;
+ 	pthread_attr_t thread_attr;
+@@ -344,11 +344,11 @@ void async_module_init(void)
+ 	memset(&poll_queue, 0, sizeof(struct async_poll_queue));
+ 
+ 	if (pthread_mutex_init(&(poll_queue.async_task_mutex), NULL) < 0)
+-		return;
++		return 0;
+ 
+ 	poll_queue.head = malloc(sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM);
+ 	if (poll_queue.head == NULL)
+-		return;
++		return 0;
+ 
+ 	memset(poll_queue.head, 0,
+ 	       sizeof(struct async_poll_task) * ASYNC_QUEUE_TASK_NUM);
+@@ -368,8 +368,9 @@ void async_module_init(void)
+ 	poll_queue.thread_id = thread_id;
+ 	OPENSSL_atexit(async_poll_task_free);
+ 
+-	return;
++	return 1;
+ 
+ err:
+ 	async_poll_task_free();
++	return 0;
+ }
+diff --git a/src/uadk_async.h b/src/uadk_async.h
+index 78f7a21..9bae3f4 100644
+--- a/src/uadk_async.h
++++ b/src/uadk_async.h
+@@ -69,7 +69,7 @@ int async_setup_async_event_notification(struct async_op *op);
+ int async_clear_async_event_notification(void);
+ int async_pause_job(void *ctx, struct async_op *op, enum task_type type, int id);
+ void async_register_poll_fn(int type, async_recv_t func);
+-void async_module_init(void);
++int async_module_init(void);
+ int async_wake_job(ASYNC_JOB *job);
+ void async_free_poll_task(int id, bool is_cb);
+ int async_get_free_task(int *id);
+-- 
+2.27.0
+

uadk_engine.spec

@@ -3,7 +3,7 @@
 Name:          uadk_engine
 Summary:       UADK Accelerator Engine
 Version:       1.0.0
-Release:       6
+Release:       7
 License:       Apache-2.0
 Source:        %{name}-%{version}.tar.gz
 ExclusiveOS:   linux
@@ -53,6 +53,26 @@ Patch0034:	0034-cipher-support-the-sm4-ecb-alg.patch
 Patch0035:     0035-cipher-fix-segmentation-fault-for-uadk_e_ctx_init.patch
 Patch0036:     0036-cipher-sm4-ecb-algorithm-is-deleted-by-mistake.patch
 Patch0037:     0037-rsa-bugfix-about-redundant-and-inefficient-operation.patch
+Patch0038:     0038-uadk-engine-change-Copyright-to-2022.patch
+Patch0039:     0039-README-move-test-script-to-sanity_test.sh.patch
+Patch0040:     0040-uadk_engine-fix-string-compare-mode.patch
+Patch0041:     0041-cipher-optimize-the-process-of-ctx-initialization.patch
+Patch0042:     0042-cipher-adding-an-iv-update-to-a-decryption.patch
+Patch0043:     0043-cipher-fix-cipher-decrypto-failed-as-use-jdk.patch
+Patch0044:     0044-engine-add-receiving-timeout-count.patch
+Patch0045:     0045-digest-fix-the-fault-as-using-the-nginx.patch
+Patch0046:     0046-ecc-cleanup-of-static-code-check.patch
+Patch0047:     0047-ecc-bugfix-about-return-value-check.patch
+Patch0048:     0048-ecc-bugfix-multiple-definition-of-ecx-structure.patch
+Patch0049:     0049-uadk_engine-remove-redundant-extern.patch
+Patch0050:     0050-uadk_engine-add-timeout-protection-mechanism-in-poll.patch
+Patch0051:     0051-rsa-cleanup-redundant-BN-operation.patch
+Patch0052:     0052-rsa-bugfix-memory-leak-in-genkey-process.patch
+Patch0053:     0053-rsa-remove-unused-software-method.patch
+Patch0054:     0054-doc-Modify-maintainers.patch
+Patch0055:     0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch
+Patch0056:     0056-engine-initialize-resources-only-once.patch
+Patch0057:     0057-engine-fix-function-type.patch
 
 %description
 This package contains the UADK Accelerator Engine
@@ -102,6 +122,9 @@ fi
 /sbin/ldconfig
 
 %changelog
+* Tue Jul 26 2022 Yang Shen <shenyang39@huawei.com> 1.0.0-7
+- Backport uadk engine patch from v1.0.0 to v1.0.1
+
 * Mon Mar 21 2022 linwenkai <linwenkai6@hisilicon.com> 1.0.0-6
 - Backport uadk engine patch for v1.0.0