packages/uadk_engine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
uadk_engine/0001-Backport-uadk-engine-patch-for-v1.0.1.patch

1808 lines
56 KiB
Diff
Raw Normal View History

Backport uadk engine build patch (cherry picked from commit 4c7a2772dee9fe31cc270c260c4bc4efa9325f0c)
2023-11-29 16:35:32 +08:00
From 39c35271759ee04a3509c058bc587ecce2d2db50 Mon Sep 17 00:00:00 2001
From: JiangShui <1175135535@qq.com>
Date: Fri, 4 Aug 2023 10:51:48 +0800
Subject: [PATCH] Backport uadk engine patch for v1.0.1
---
...the-full-mac-buffer-length-as-doing-.patch | 74 +++
0059-uadk_utils-fix-x86-local-build.patch | 59 ++
...-about-segfault-in-sm2-ctrl-function.patch | 188 ++++++
...HW_V2-HW_V3-to-distinguish-different.patch | 142 +++++
...te-the-numa-parameter-of-the-schedul.patch | 73 +++
...bugfix-side-effects-of-right-operand.patch | 205 +++++++
...nup-static-check-warning-of-clangtid.patch | 118 ++++
...e-bugfix-enable-environment-variable.patch | 38 ++
...ne-cleanup-magic-number-and-comments.patch | 537 ++++++++++++++++++
0067-uadk_engine-cleanup-header-file.patch | 250 ++++++++
uadk_engine.spec | 13 +
11 files changed, 1697 insertions(+)
create mode 100644 0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch
create mode 100644 0059-uadk_utils-fix-x86-local-build.patch
create mode 100644 0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch
create mode 100644 0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch
create mode 100644 0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch
create mode 100644 0063-uadk_engine-bugfix-side-effects-of-right-operand.patch
create mode 100644 0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch
create mode 100644 0065-uadk_engine-bugfix-enable-environment-variable.patch
create mode 100644 0066-uadk_engine-cleanup-magic-number-and-comments.patch
create mode 100644 0067-uadk_engine-cleanup-header-file.patch
diff --git a/0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch b/0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch
new file mode 100644
index 0000000..b19486b
--- /dev/null
+++ b/0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch
@@ -0,0 +1,74 @@
+From 36ea42a1d9556e937be5ebf47f41f66b51a29cb6 Mon Sep 17 00:00:00 2001
+From: Kai Ye <yekai13@huawei.com>
+Date: Tue, 16 Aug 2022 09:57:18 +0800
+Subject: uadk_digest: fix the full mac buffer length as doing long hash
+
+Sha224 and Sha384 need full length mac buffer as doing long hash.
+
+Depends-on:uadk 802878d71999("digest: fix mac buffer len as long hash")
+Signed-off-by: Kai Ye <yekai13@huawei.com>
+---
+ src/uadk_digest.c | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/src/uadk_digest.c b/src/uadk_digest.c
+index b2646cb..63887e7 100644
+--- a/src/uadk_digest.c
++++ b/src/uadk_digest.c
+@@ -484,7 +484,7 @@ static void digest_priv_ctx_setup(struct digest_priv_ctx *priv,
+ {
+ priv->setup.alg = alg;
+ priv->setup.mode = mode;
+- priv->req.out_buf_bytes = out_len;
++ priv->req.out_buf_bytes = MAX_DIGEST_LENGTH;
+ priv->req.out_bytes = out_len;
+ }
+
+@@ -543,15 +543,30 @@ soft_init:
+ return digest_soft_init(priv->soft_ctx, priv->e_nid);
+ }
+
++static void digest_update_out_length(EVP_MD_CTX *ctx)
++{
++ struct digest_priv_ctx *priv =
++ (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
++
++ /* Sha224 and Sha384 need full length mac buffer as doing long hash */
++ if (priv->e_nid == NID_sha224)
++ priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN;
++
++ if (priv->e_nid == NID_sha384)
++ priv->req.out_bytes = WD_DIGEST_SHA384_FULL_LEN;
++}
++
+ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_len)
+ {
+ struct digest_priv_ctx *priv =
+- (struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx);
++ (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
+ const unsigned char *tmpdata = (const unsigned char *)data;
+ size_t left_len = data_len;
+ int copy_to_bufflen;
+ int ret;
+
++ digest_update_out_length(ctx);
++
+ priv->req.has_next = DIGEST_DOING;
+
+ while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) {
+@@ -708,6 +723,12 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
+ priv->req.in_bytes = priv->last_update_bufflen;
+ priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
+
++ if (priv->e_nid == NID_sha224)
++ priv->req.out_bytes = WD_DIGEST_SHA224_LEN;
++
++ if (priv->e_nid == NID_sha384)
++ priv->req.out_bytes = WD_DIGEST_SHA384_LEN;
++
+ ret = async_setup_async_event_notification(&op);
+ if (unlikely(!ret)) {
+ fprintf(stderr, "failed to setup async event notification.\n");
+--
+1.8.3.1
+
diff --git a/0059-uadk_utils-fix-x86-local-build.patch b/0059-uadk_utils-fix-x86-local-build.patch
new file mode 100644
index 0000000..e8673e6
--- /dev/null
+++ b/0059-uadk_utils-fix-x86-local-build.patch
@@ -0,0 +1,59 @@
+From 06fd1fe00a03bfbc7430ec8e1b1f7356f47da55d Mon Sep 17 00:00:00 2001
+From: Zhangfei Gao <zhangfei.gao@linaro.org>
+Date: Tue, 18 Oct 2022 15:39:11 +0800
+Subject: uadk_utils: fix x86 local build
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On x86 local build:
+autoreconf -i
+./configure --libdir=/usr/local/lib/engines-1.1/
+make -j4
+
+uadk_utils.c: In function uadk_memcpy:
+uadk_utils.c:23:2: error: unknown register name q1 in asm
+ __asm__ __volatile__(
+ ^
+uadk_utils.c:23:2: error: unknown register name q0 in asm
+uadk_utils.c:23:2: error: unknown register name x14 in asm
+uadk_utils.c:23:2: error: unknown register name x5 in asm
+uadk_utils.c:23:2: error: unknown register name x4 in asm
+uadk_utils.c:23:2: error: unknown register name x3 in asm
+
+With this patch, x86 build is OK
+
+Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
+---
+ src/uadk_utils.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/uadk_utils.c b/src/uadk_utils.c
+index 2b34b3a..275a124 100644
+--- a/src/uadk_utils.c
++++ b/src/uadk_utils.c
+@@ -16,6 +16,8 @@
+ */
+ #include "uadk_utils.h"
+
++#if defined(__AARCH64_CMODEL_SMALL__) && __AARCH64_CMODEL_SMALL__
++
+ #define UADK_MEM_IMPROVE_THRESHOLD 1024
+
+ static void *memcpy_large(void *dstpp, const void *srcpp, size_t len)
+@@ -61,3 +63,12 @@ void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len)
+ else
+ return memcpy(dstpp, srcpp, len);
+ }
++
++#else
++
++void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len)
++{
++ return memcpy(dstpp, srcpp, len);
++}
++
++#endif
+--
+1.8.3.1
+
diff --git a/0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch b/0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch
new file mode 100644
index 0000000..8e0b7e3
--- /dev/null
+++ b/0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch
@@ -0,0 +1,188 @@
+From 8c4f478b1e8965e592467be92d042c8b00c8c426 Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 22 Oct 2022 15:14:03 +0800
+Subject: sm2: bugfix about segfault in sm2 ctrl function
+
+When there is no available instance of hpre device, the sm2_init()
+in uadk_engine will failed, the setting of sched_init() will failed,
+so sched_init() will be NULL. If the sm2_ctrl() function still call
+the sm2_update_sess() in this situation, and make wd_ecc_alloc_sess()
+to call sched_init(), there will be a segfault.
+
+The solution is to modify the status field of sm2_ctx, make the
+variable 'init_status' to indicate the status of init operation:
+'CTX_UNINIT' indicates the init operation has not been performed,
+'CTX_INIT_SUCC' indicates the init operation has been succeeded,
+'CTX_INIT_FAIL' indicates the init operation has been failed.
+
+The sm2_update_sess() will only be called if the 'init_status' is
+'CTX_INIT_SUCC'. Then there will be no segfault.
+
+And when there is no available instance, it should switch to openssl
+software method, so modify some return values to help finish this
+process.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk_sm2.c | 44 ++++++++++++++++++++++++++++++++------------
+ 1 file changed, 32 insertions(+), 12 deletions(-)
+
+diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
+index fcca9f2..8a9adca 100644
+--- a/src/uadk_sm2.c
++++ b/src/uadk_sm2.c
+@@ -25,6 +25,12 @@
+ #include "uadk.h"
+ #include "uadk_pkey.h"
+
++enum {
++ CTX_INIT_FAIL = -1,
++ CTX_UNINIT,
++ CTX_INIT_SUCC
++};
++
+ typedef struct {
+ /* Key and paramgen group */
+ EC_GROUP *gen_group;
+@@ -43,7 +49,7 @@ struct sm2_ctx {
+ const BIGNUM *prikey;
+ const EC_POINT *pubkey;
+ BIGNUM *order;
+- bool is_init;
++ int init_status;
+ };
+
+ typedef struct sm2_ciphertext {
+@@ -165,6 +171,7 @@ static int sm2_update_sess(struct sm2_ctx *smctx)
+
+ memset(&setup, 0, sizeof(setup));
+ setup.alg = "sm2";
++
+ if (smctx->ctx.md) {
+ setup.hash.cb = compute_hash;
+ setup.hash.usr = (void *)smctx->ctx.md;
+@@ -189,6 +196,7 @@ static int sm2_update_sess(struct sm2_ctx *smctx)
+
+ if (smctx->sess)
+ wd_ecc_free_sess(smctx->sess);
++
+ smctx->sess = sess;
+ smctx->prikey = NULL;
+ smctx->pubkey = NULL;
+@@ -636,7 +644,7 @@ static int sm2_sign_check(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+
+ if (!smctx || !smctx->sess) {
+ fprintf(stderr, "smctx or sess NULL\n");
+- return -EINVAL;
++ return UADK_DO_SOFT;
+ }
+
+ if (sig_sz <= 0) {
+@@ -676,7 +684,7 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+ if (ret)
+ goto do_soft;
+
+- if (!smctx->is_init) {
++ if (smctx->init_status != CTX_INIT_SUCC) {
+ ret = UADK_DO_SOFT;
+ goto do_soft;
+ }
+@@ -744,6 +752,13 @@ static int sm2_verify_check(EVP_PKEY_CTX *ctx,
+ const unsigned char *tbs,
+ size_t tbslen)
+ {
++ struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx);
++
++ if (!smctx || !smctx->sess) {
++ fprintf(stderr, "smctx or sess NULL\n");
++ return UADK_DO_SOFT;
++ }
++
+ if (tbslen > SM2_KEY_BYTES)
+ return UADK_DO_SOFT;
+
+@@ -772,7 +787,7 @@ static int sm2_verify(EVP_PKEY_CTX *ctx,
+ if (ret)
+ goto do_soft;
+
+- if (!smctx->is_init) {
++ if (smctx->init_status != CTX_INIT_SUCC) {
+ ret = UADK_DO_SOFT;
+ goto do_soft;
+ }
+@@ -853,7 +868,7 @@ static int sm2_encrypt_check(EVP_PKEY_CTX *ctx,
+
+ if (!smctx || !smctx->sess) {
+ fprintf(stderr, "smctx or sess NULL\n");
+- return 0;
++ return UADK_DO_SOFT;
+ }
+
+ md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
+@@ -897,7 +912,7 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx,
+ if (ret)
+ goto do_soft;
+
+- if (!smctx->is_init) {
++ if (smctx->init_status != CTX_INIT_SUCC) {
+ ret = UADK_DO_SOFT;
+ goto do_soft;
+ }
+@@ -953,7 +968,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx,
+
+ if (!smctx || !smctx->sess) {
+ fprintf(stderr, "smctx or sess NULL\n");
+- return -EINVAL;
++ return UADK_DO_SOFT;
+ }
+
+ md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
+@@ -1038,7 +1053,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
+ if (ret)
+ goto do_soft;
+
+- if (!smctx->is_init) {
++ if (smctx->init_status != CTX_INIT_SUCC) {
+ ret = UADK_DO_SOFT;
+ goto do_soft;
+ }
+@@ -1124,18 +1139,18 @@ static int sm2_init(EVP_PKEY_CTX *ctx)
+ ret = uadk_init_ecc();
+ if (ret) {
+ fprintf(stderr, "failed to uadk_init_ecc, ret = %d\n", ret);
+- smctx->is_init = false;
++ smctx->init_status = CTX_INIT_FAIL;
+ goto end;
+ }
+
+ ret = sm2_update_sess(smctx);
+ if (ret) {
+ fprintf(stderr, "failed to update sess\n");
+- smctx->is_init = false;
++ smctx->init_status = CTX_INIT_FAIL;
+ goto end;
+ }
+
+- smctx->is_init = true;
++ smctx->init_status = CTX_INIT_SUCC;
+ end:
+ EVP_PKEY_CTX_set_data(ctx, smctx);
+ EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
+@@ -1196,8 +1211,13 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+ return 1;
+ case EVP_PKEY_CTRL_MD:
+ smctx->ctx.md = p2;
+- if (sm2_update_sess(smctx))
++ if (smctx->init_status != CTX_INIT_SUCC)
++ return 1;
++
++ if (sm2_update_sess(smctx)) {
++ fprintf(stderr, "failed to set MD\n");
+ return 0;
++ }
+ return 1;
+ case EVP_PKEY_CTRL_GET_MD:
+ *(const EVP_MD **)p2 = smctx->ctx.md;
+--
+1.8.3.1
+
diff --git a/0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch b/0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch
new file mode 100644
index 0000000..55ab785
--- /dev/null
+++ b/0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch
@@ -0,0 +1,142 @@
+From e34a0bb0cc5c381f45877e05d927fd4bc5dc98f6 Mon Sep 17 00:00:00 2001
+From: Hao Fang <fanghao11@huawei.com>
+Date: Sat, 22 Oct 2022 15:27:20 +0800
+Subject: uadk_engine: use HW_V2/HW_V3 to distinguish different hardware
+ platforms
+
+Hardware version numbers are used to distinguish different hardware.
+
+Signed-off-by: Hao Fang <fanghao11@huawei.com>
+Tested-by: Junchong Pan <panjunchong@hisilicon.com>
+---
+ src/uadk.h | 4 ++--
+ src/uadk_cipher.c | 22 +++++++++++-----------
+ test/sanity_test.sh | 8 ++++----
+ 3 files changed, 17 insertions(+), 17 deletions(-)
+
+diff --git a/src/uadk.h b/src/uadk.h
+index cd3447c..99c65c7 100644
+--- a/src/uadk.h
++++ b/src/uadk.h
+@@ -27,8 +27,8 @@
+ #define ENGINE_RECV_MAX_CNT 60000000
+
+ enum {
+- KUNPENG920,
+- KUNPENG930,
++ HW_V2,
++ HW_V3,
+ };
+
+ extern const char *engine_uadk_id;
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index c5bc7af..c6878c3 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -77,7 +77,7 @@ static int platform;
+
+ #define SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT 192
+
+-static int cipher_920_nids[] = {
++static int cipher_hw_v2_nids[] = {
+ NID_aes_128_cbc,
+ NID_aes_192_cbc,
+ NID_aes_256_cbc,
+@@ -93,7 +93,7 @@ static int cipher_920_nids[] = {
+ 0,
+ };
+
+-static int cipher_930_nids[] = {
++static int cipher_hw_v3_nids[] = {
+ NID_aes_128_cbc,
+ NID_aes_192_cbc,
+ NID_aes_256_cbc,
+@@ -342,9 +342,9 @@ static int uadk_get_accel_platform(char *alg_name)
+ return 0;
+
+ if (!strcmp(dev->api, "hisi_qm_v2"))
+- platform = KUNPENG920;
++ platform = HW_V2;
+ else
+- platform = KUNPENG930;
++ platform = HW_V3;
+ free(dev);
+
+ return 1;
+@@ -358,12 +358,12 @@ static int uadk_e_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ int size;
+ int i;
+
+- if (platform == KUNPENG920) {
+- size = (sizeof(cipher_920_nids) - 1) / sizeof(int);
+- cipher_nids = cipher_920_nids;
++ if (platform == HW_V2) {
++ size = (sizeof(cipher_hw_v2_nids) - 1) / sizeof(int);
++ cipher_nids = cipher_hw_v2_nids;
+ } else {
+- size = (sizeof(cipher_930_nids) - 1) / sizeof(int);
+- cipher_nids = cipher_930_nids;
++ size = (sizeof(cipher_hw_v3_nids) - 1) / sizeof(int);
++ cipher_nids = cipher_hw_v3_nids;
+ }
+
+ if (!cipher) {
+@@ -1073,7 +1073,7 @@ int uadk_e_bind_cipher(ENGINE *e)
+ }
+
+ bind_v2_cipher();
+- if (platform > KUNPENG920)
++ if (platform > HW_V2)
+ bind_v3_cipher();
+
+ return ENGINE_set_ciphers(e, uadk_e_engine_ciphers);
+@@ -1155,7 +1155,7 @@ void uadk_e_destroy_cipher(void)
+ pthread_spin_destroy(&engine.lock);
+
+ destroy_v2_cipher();
+- if (platform > KUNPENG920)
++ if (platform > HW_V2)
+ destroy_v3_cipher();
+ }
+
+diff --git a/test/sanity_test.sh b/test/sanity_test.sh
+index 2c0c504..bdedc15 100755
+--- a/test/sanity_test.sh
++++ b/test/sanity_test.sh
+@@ -103,7 +103,7 @@ if [[ $algs =~ "RSA" ]]; then
+ openssl speed -elapsed -engine $engine_id -async_jobs 1 rsa4096
+ fi
+
+-#ecdsa only supported in Kunpeng930 or later
++#ecdsa only supported in HW_V3 or later
+ if [[ $algs =~ "id-ecPublicKey" ]]; then
+ echo "testing ECDSA"
+ openssl speed -elapsed -engine $engine_id ecdsap224
+@@ -116,21 +116,21 @@ if [[ $algs =~ "id-ecPublicKey" ]]; then
+ openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdsap521
+ fi
+
+-#X25519 only supported in Kunpeng930 or later
++#X25519 only supported in HW_V3 or later
+ if [[ $algs =~ "X25519" ]]; then
+ echo "testing X25519"
+ openssl speed -elapsed -engine $engine_id ecdhx25519
+ openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhx25519
+ fi
+
+-#X448 only supported in Kunpeng930 or later
++#X448 only supported in HW_V3 or later
+ if [[ $algs =~ "X448" ]]; then
+ echo "testing X448"
+ openssl speed -elapsed -engine $engine_id ecdhx448
+ openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhx448
+ fi
+
+-#ecdh only supported in Kunpeng930 or later
++#ecdh only supported in HW_V3 or later
+ if [[ $algs =~ "id-ecPublicKey" ]]; then
+ echo "testing ECDH"
+ openssl speed -elapsed -engine $engine_id ecdhp192
+--
+1.8.3.1
+
diff --git a/0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch b/0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch
new file mode 100644
index 0000000..1c5a5d9
--- /dev/null
+++ b/0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch
@@ -0,0 +1,73 @@
+From 01580bb856fe7a2206990954b38d8213efd06098 Mon Sep 17 00:00:00 2001
+From: Longfang Liu <liulongfang@huawei.com>
+Date: Sat, 22 Oct 2022 15:31:24 +0800
+Subject: uadk/engine: update the numa parameter of the scheduler
+
+In the scenario where multiple devices are enabled at the
+same time through environment variables, fixing a numa id
+will make other devices unusable. When using the default
+numa parameter, the scheduler will automatically allocate
+device resources according to the CPU id of the thread,
+so as to realize all devices.
+
+Signed-off-by: Longfang Liu <liulongfang@huawei.com>
+---
+ src/uadk_cipher.c | 4 ++--
+ src/uadk_digest.c | 3 ++-
+ src/uadk_rsa.c | 4 +++-
+ 3 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index c6878c3..8e8c5f3 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -469,7 +469,6 @@ static handle_t sched_single_init(handle_t h_sched_ctx, void *sched_param)
+ return (handle_t)0;
+ }
+
+- skey->numa_id = param->numa_id;
+ skey->type = param->type;
+
+ return (handle_t)skey;
+@@ -881,7 +880,8 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
+ if (ret)
+ params.type = 0;
+
+- params.numa_id = engine.numa_id;
++ /* Use the default numa parameters */
++ params.numa_id = -1;
+ priv->setup.sched_param = &params;
+ if (!priv->sess) {
+ priv->sess = wd_cipher_alloc_sess(&priv->setup);
+diff --git a/src/uadk_digest.c b/src/uadk_digest.c
+index 63887e7..8370490 100644
+--- a/src/uadk_digest.c
++++ b/src/uadk_digest.c
+@@ -523,7 +523,8 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
+ return 0;
+ }
+
+- params.numa_id = engine.numa_id;
++ /* Use the default numa parameters */
++ params.numa_id = -1;
+ priv->setup.sched_param = &params;
+ priv->sess = wd_digest_alloc_sess(&priv->setup);
+ if (unlikely(!priv->sess))
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index ef1739d..74852e7 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -881,7 +881,9 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
+
+ rsa_sess->key_size = key_size;
+ rsa_sess->setup.key_bits = key_size << BIT_BYTES_SHIFT;
+- params.numa_id = g_rsa_res.numa_id;
++
++ /* Use the default numa parameters */
++ params.numa_id = -1;
+ rsa_sess->setup.sched_param = &params;
+ rsa_sess->setup.is_crt = is_crt;
+
+--
+1.8.3.1
+
diff --git a/0063-uadk_engine-bugfix-side-effects-of-right-operand.patch b/0063-uadk_engine-bugfix-side-effects-of-right-operand.patch
new file mode 100644
index 0000000..838d1e7
--- /dev/null
+++ b/0063-uadk_engine-bugfix-side-effects-of-right-operand.patch
@@ -0,0 +1,205 @@
+From 5b59c17f84d5a1f6e7c996a499f5a70059d89ee7 Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 22 Oct 2022 15:35:17 +0800
+Subject: uadk_engine: bugfix side effects of right operand
+
+The right operand of while condition may contains side effects,
+variables change "rx_cnt++". Move 'rx_cnt++' from condition
+to statement.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk_cipher.c | 13 ++++++++-----
+ src/uadk_dh.c | 18 +++++++++++-------
+ src/uadk_digest.c | 13 ++++++++-----
+ src/uadk_pkey.c | 13 ++++++++-----
+ src/uadk_rsa.c | 14 +++++++++-----
+ 5 files changed, 44 insertions(+), 27 deletions(-)
+
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index 8e8c5f3..9d4f692 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -516,11 +516,13 @@ static int uadk_e_cipher_poll(void *ctx)
+
+ do {
+ ret = wd_cipher_poll_ctx(idx, expt, &recv);
+- if (recv == expt)
++ if (!ret && recv == expt)
+ return 0;
+- else if (ret < 0 && ret != -EAGAIN)
+- return ret;
+- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
++ else if (ret == -EAGAIN)
++ rx_cnt++;
++ else
++ return -1;
++ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
+
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+@@ -539,7 +541,8 @@ static int uadk_e_cipher_env_poll(void *ctx)
+ ret = wd_cipher_poll(expt, &recv);
+ if (ret < 0 || recv == expt)
+ return ret;
+- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
++ rx_cnt++;
++ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
+
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+diff --git a/src/uadk_dh.c b/src/uadk_dh.c
+index 37f84e9..2af2455 100644
+--- a/src/uadk_dh.c
++++ b/src/uadk_dh.c
+@@ -48,6 +48,7 @@
+ #define UADK_E_SUCCESS 1
+ #define UADK_E_FAIL 0
+ #define UADK_E_POLL_SUCCESS 0
++#define UADK_E_POLL_FAIL (-1)
+ #define UADK_E_INIT_SUCCESS 0
+ #define ENV_ENABLED 1
+
+@@ -206,17 +207,19 @@ static int uadk_e_dh_poll(void *ctx)
+ {
+ __u64 rx_cnt = 0;
+ __u32 recv = 0;
+- int expect = 1;
++ int expt = 1;
+ int idx = 1;
+ int ret;
+
+ do {
+- ret = wd_dh_poll_ctx(idx, expect, &recv);
+- if (recv == expect)
++ ret = wd_dh_poll_ctx(idx, expt, &recv);
++ if (!ret && recv == expt)
+ return UADK_E_POLL_SUCCESS;
+- else if (ret < 0 && ret != -EAGAIN)
+- return ret;
+- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
++ else if (ret == -EAGAIN)
++ rx_cnt++;
++ else
++ return UADK_E_POLL_FAIL;
++ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
+
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+@@ -283,7 +286,8 @@ static int uadk_e_dh_env_poll(void *ctx)
+ ret = wd_dh_poll(expt, &recv);
+ if (ret < 0 || recv == expt)
+ return ret;
+- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
++ rx_cnt++;
++ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
+
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+diff --git a/src/uadk_digest.c b/src/uadk_digest.c
+index 8370490..9568a98 100644
+--- a/src/uadk_digest.c
++++ b/src/uadk_digest.c
+@@ -343,11 +343,13 @@ static int uadk_e_digest_poll(void *ctx)
+
+ do {
+ ret = wd_digest_poll_ctx(CTX_ASYNC, expt, &recv);
+- if (recv == expt)
++ if (!ret && recv == expt)
+ return 0;
+- else if (ret < 0 && ret != -EAGAIN)
+- return ret;
+- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
++ else if (ret == -EAGAIN)
++ rx_cnt++;
++ else
++ return -1;
++ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
+
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+@@ -366,7 +368,8 @@ static int uadk_e_digest_env_poll(void *ctx)
+ ret = wd_digest_poll(expt, &recv);
+ if (ret < 0 || recv == expt)
+ return ret;
+- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
++ rx_cnt++;
++ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
+
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
+index 211f1cc..6920cff 100644
+--- a/src/uadk_pkey.c
++++ b/src/uadk_pkey.c
+@@ -110,11 +110,13 @@ static int uadk_ecc_poll(void *ctx)
+
+ do {
+ ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv);
+- if (recv == expt)
++ if (!ret && recv == expt)
+ return 0;
+- else if (ret < 0 && ret != -EAGAIN)
+- return ret;
+- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
++ else if (ret == -EAGAIN)
++ rx_cnt++;
++ else
++ return -1;
++ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
+
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+@@ -153,7 +155,8 @@ static int uadk_e_ecc_env_poll(void *ctx)
+ ret = wd_ecc_poll(expt, &recv);
+ if (ret < 0 || recv == expt)
+ return ret;
+- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
++ rx_cnt++;
++ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
+
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index 74852e7..bcdd6bc 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -48,6 +48,7 @@
+ #define UADK_E_FAIL 0
+ #define UADK_DO_SOFT (-0xE0)
+ #define UADK_E_POLL_SUCCESS 0
++#define UADK_E_POLL_FAIL (-1)
+ #define UADK_E_INIT_SUCCESS 0
+ #define CHECK_PADDING_FAIL (-1)
+ #define ENV_ENABLED 1
+@@ -664,11 +665,13 @@ static int uadk_e_rsa_poll(void *ctx)
+
+ do {
+ ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv);
+- if (recv == expt)
++ if (!ret && recv == expt)
+ return UADK_E_POLL_SUCCESS;
+- else if (ret < 0 && ret != -EAGAIN)
+- return ret;
+- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
++ else if (ret == -EAGAIN)
++ rx_cnt++;
++ else
++ return UADK_E_POLL_FAIL;
++ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
+
+ fprintf(stderr, "failed to recv msg: timeout!\n");
+
+@@ -700,7 +703,8 @@ static int uadk_e_rsa_env_poll(void *ctx)
+ ret = wd_rsa_poll(expt, &recv);
+ if (ret < 0 || recv == expt)
+ return ret;
+- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
++ rx_cnt++;
++ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
+
+ fprintf(stderr, "failed to poll msg: timeout!\n");
+
+--
+1.8.3.1
+
diff --git a/0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch b/0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch
new file mode 100644
index 0000000..9107679
--- /dev/null
+++ b/0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch
@@ -0,0 +1,118 @@
+From f17c89d7d27b3a728232c7e641c2978db238a2f3 Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 22 Oct 2022 15:37:45 +0800
+Subject: uadk_engine: cleanup static check warning of clangtidy tool
+
+Cleanup the following warning:
+1. Parameters of function should not be used as working
+variable.
+2. Cleanup uninitialized value.
+3. Storage class should be specified after a type.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/e_uadk.c | 6 ++----
+ src/uadk_cipher.c | 9 +++++----
+ src/uadk_ec.c | 5 +++--
+ src/uadk_rsa.c | 16 ++++++++--------
+ 4 files changed, 18 insertions(+), 18 deletions(-)
+
+diff --git a/src/e_uadk.c b/src/e_uadk.c
+index 77612d7..21ceb86 100644
+--- a/src/e_uadk.c
++++ b/src/e_uadk.c
+@@ -89,13 +89,11 @@ static const ENGINE_CMD_DEFN g_uadk_cmd_defns[] = {
+ }
+ };
+
+-__attribute__((constructor))
+-static void uadk_constructor(void)
++static void __attribute__((constructor)) uadk_constructor(void)
+ {
+ }
+
+-__attribute__((destructor))
+-static void uadk_destructor(void)
++static void __attribute__((destructor)) uadk_destructor(void)
+ {
+ }
+
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index 9d4f692..14e2af2 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -749,17 +749,18 @@ static void ctr_iv_inc(uint8_t *counter, __u32 c)
+ {
+ uint32_t n = CTR_128BIT_COUNTER;
+ uint8_t *counter1 = counter;
++ __u32 c_value = c;
+
+ /*
+ * Since the counter has been increased 1 by the hardware,
+ * so the c need to decrease 1.
+ */
+- c = c - 1;
++ c_value -= 1;
+ do {
+ --n;
+- c += counter1[n];
+- counter1[n] = (uint8_t)c;
+- c >>= BYTE_BITS;
++ c_value += counter1[n];
++ counter1[n] = (uint8_t)c_value;
++ c_value >>= BYTE_BITS;
+ } while (n);
+ }
+
+diff --git a/src/uadk_ec.c b/src/uadk_ec.c
+index 37683cd..247b875 100644
+--- a/src/uadk_ec.c
++++ b/src/uadk_ec.c
+@@ -72,14 +72,15 @@ static void init_dtb_param(void *dtb, char *start,
+ __u32 dsz, __u32 bsz, __u32 num)
+ {
+ struct wd_dtb *tmp = dtb;
++ char *buff = start;
+ int i = 0;
+
+ while (i++ < num) {
+- tmp->data = start;
++ tmp->data = buff;
+ tmp->dsize = dsz;
+ tmp->bsize = bsz;
+ tmp += 1;
+- start += bsz;
++ buff += bsz;
+ }
+ }
+
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index bcdd6bc..7d25338 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -932,14 +932,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,
+ struct rsa_prikey_param *pri,
+ unsigned char *in_buf, unsigned char *to)
+ {
+- struct wd_rsa_prikey *prikey;
+- struct wd_dtb *wd_dq;
+- struct wd_dtb *wd_dp;
+- struct wd_dtb *wd_q;
+- struct wd_dtb *wd_p;
+- struct wd_dtb *wd_qinv;
+- struct wd_dtb *wd_d;
+- struct wd_dtb *wd_n;
++ struct wd_rsa_prikey *prikey = NULL;
++ struct wd_dtb *wd_qinv = NULL;
++ struct wd_dtb *wd_dq = NULL;
++ struct wd_dtb *wd_dp = NULL;
++ struct wd_dtb *wd_q = NULL;
++ struct wd_dtb *wd_p = NULL;
++ struct wd_dtb *wd_d = NULL;
++ struct wd_dtb *wd_n = NULL;
+
+ if (!(rsa_sess->is_prikey_ready) && (pri->is_crt)) {
+ wd_rsa_get_prikey(rsa_sess->sess, &prikey);
+--
+1.8.3.1
+
diff --git a/0065-uadk_engine-bugfix-enable-environment-variable.patch b/0065-uadk_engine-bugfix-enable-environment-variable.patch
new file mode 100644
index 0000000..2fab708
--- /dev/null
+++ b/0065-uadk_engine-bugfix-enable-environment-variable.patch
@@ -0,0 +1,38 @@
+From 7ef97aab7a5cd964241fe9879588ceb54a547003 Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 22 Oct 2022 15:53:53 +0800
+Subject: uadk_engine: bugfix enable environment variable
+
+When the 'alg_name' set by the user is valid, the 'env_enabled'
+field should be set or returned.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/e_uadk.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/e_uadk.c b/src/e_uadk.c
+index 21ceb86..0a9e3e6 100644
+--- a/src/e_uadk.c
++++ b/src/e_uadk.c
+@@ -116,7 +116,7 @@ int uadk_e_is_env_enabled(const char *alg_name)
+ int i = 0;
+
+ while (i < len) {
+- if (strcmp(uadk_env_enabled[i].alg_name, alg_name))
++ if (!strcmp(uadk_env_enabled[i].alg_name, alg_name))
+ return uadk_env_enabled[i].env_enabled;
+ i++;
+ }
+@@ -130,7 +130,7 @@ static void uadk_e_set_env_enabled(const char *alg_name, __u8 value)
+ int i = 0;
+
+ while (i < len) {
+- if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) {
++ if (!strcmp(uadk_env_enabled[i].alg_name, alg_name)) {
+ uadk_env_enabled[i].env_enabled = value;
+ return;
+ }
+--
+1.8.3.1
+
diff --git a/0066-uadk_engine-cleanup-magic-number-and-comments.patch b/0066-uadk_engine-cleanup-magic-number-and-comments.patch
new file mode 100644
index 0000000..b9a5379
--- /dev/null
+++ b/0066-uadk_engine-cleanup-magic-number-and-comments.patch
@@ -0,0 +1,537 @@
+From 20049f2becb9cc339276d4839f6d9f909273f5a5 Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 22 Oct 2022 15:54:51 +0800
+Subject: uadk_engine: cleanup magic number and comments
+
+Use macros to replace magic numbers and related operations.
+Simplify code comments and unify style.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk_cipher.c | 4 +---
+ src/uadk_dh.c | 5 ++---
+ src/uadk_digest.c | 2 +-
+ src/uadk_ec.c | 51 ++++++++++++++++++++++++++-------------------------
+ src/uadk_ecx.c | 40 +++++++++++++++++++++++-----------------
+ src/uadk_pkey.c | 9 ++++-----
+ src/uadk_pkey.h | 6 +++++-
+ src/uadk_rsa.c | 25 ++++++++++---------------
+ src/uadk_sm2.c | 23 ++++++++++++-----------
+ 9 files changed, 84 insertions(+), 81 deletions(-)
+
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index 14e2af2..de5f078 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -480,13 +480,11 @@ static __u32 sched_single_pick_next_ctx(handle_t sched_ctx,
+ struct sched_params *key = (struct sched_params *)sched_key;
+
+ if (sched_mode) {
+- /* async */
+ if (key->type == WD_CIPHER_ENCRYPTION)
+ return CTX_ASYNC_ENC;
+ else
+ return CTX_ASYNC_DEC;
+ } else {
+- /* sync */
+ if (key->type == WD_CIPHER_ENCRYPTION)
+ return CTX_SYNC_ENC;
+ else
+@@ -744,7 +742,7 @@ static void async_cb(struct wd_cipher_req *req, void *data)
+ }
+ }
+
+-/* increment counter (128-bit int) by c */
++/* Increment counter (128-bit int) by c */
+ static void ctr_iv_inc(uint8_t *counter, __u32 c)
+ {
+ uint32_t n = CTR_128BIT_COUNTER;
+diff --git a/src/uadk_dh.c b/src/uadk_dh.c
+index 2af2455..6356872 100644
+--- a/src/uadk_dh.c
++++ b/src/uadk_dh.c
+@@ -603,7 +603,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p,
+ if (!ag_bin)
+ return UADK_E_FAIL;
+
+- /* malloc a contiguous chunk of memory */
++ /* Malloc a contiguous chunk of memory */
+ apriv_key_bin = OPENSSL_malloc(key_size * DH_PARAMS_CNT);
+ if (!apriv_key_bin)
+ goto free_ag;
+@@ -615,7 +615,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p,
+ memset(ap_bin, 0, key_size);
+ memset(out_pri, 0, key_size);
+
+- /* construct data block of g */
++ /* Construct data block of g */
+ ret = dh_set_g(g, key_size, ag_bin, dh_sess);
+ if (!ret)
+ goto free_apriv;
+@@ -623,7 +623,6 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p,
+ dh_sess->req.xbytes = BN_bn2bin(priv_key, apriv_key_bin);
+ dh_sess->req.pbytes = BN_bn2bin(p, ap_bin);
+ dh_sess->req.x_p = (void *)apriv_key_bin;
+- /* the output from uadk */
+ dh_sess->req.pri = out_pri;
+ dh_sess->req.pri_bytes = key_size;
+ dh_sess->req.op_type = WD_DH_PHASE1;
+diff --git a/src/uadk_digest.c b/src/uadk_digest.c
+index 9568a98..9d009a9 100644
+--- a/src/uadk_digest.c
++++ b/src/uadk_digest.c
+@@ -71,7 +71,7 @@ static struct digest_engine engine;
+
+ struct evp_md_ctx_st {
+ const EVP_MD *digest;
+- /* functional reference if 'digest' is ENGINE-provided */
++ /* Functional reference if 'digest' is ENGINE-provided */
+ ENGINE *engine;
+ unsigned long flags;
+ void *md_data;
+diff --git a/src/uadk_ec.c b/src/uadk_ec.c
+index 247b875..9b48ae7 100644
+--- a/src/uadk_ec.c
++++ b/src/uadk_ec.c
+@@ -27,23 +27,23 @@
+ #include "uadk.h"
+
+ #define ECC128BITS 128
+-#define ECC192BITS 192
+-#define ECC224BITS 224
+-#define ECC256BITS 256
+-#define ECC320BITS 320
+-#define ECC384BITS 384
+-#define ECC521BITS 521
++#define ECC192BITS 192
++#define ECC224BITS 224
++#define ECC256BITS 256
++#define ECC320BITS 320
++#define ECC384BITS 384
++#define ECC521BITS 521
+
+ struct curve_param {
+- /* prime */
++ /* Prime */
+ BIGNUM *p;
+- /* ecc coefficient 'a' */
++ /* ECC coefficient 'a' */
+ BIGNUM *a;
+- /* ecc coefficient 'b' */
++ /* ECC coefficient 'b' */
+ BIGNUM *b;
+- /* base point */
++ /* Base point */
+ const EC_POINT *g;
+- /* order of base point */
++ /* Order of base point */
+ const BIGNUM *order;
+ };
+
+@@ -176,7 +176,6 @@ free_ctx:
+
+ static int get_smallest_hw_keybits(int bits)
+ {
+- /* ec curve order width */
+ if (bits > ECC384BITS)
+ return ECC521BITS;
+ else if (bits > ECC320BITS)
+@@ -283,7 +282,7 @@ static int eckey_check(const EC_KEY *eckey)
+ return -1;
+ }
+
+- /* field GF(2m) is not supported by uadk */
++ /* Field GF(2m) is not supported by uadk */
+ if (!uadk_prime_field(group))
+ return UADK_DO_SOFT;
+
+@@ -336,22 +335,25 @@ static int set_digest(handle_t sess, struct wd_dtb *e,
+ unsigned int dlen = sdgst->dsize;
+ BIGNUM *m;
+
+- if (dlen << UADK_BITS_2_BYTES_SHIFT > order_bits) {
++ if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits) {
+ m = BN_new();
+
+ /* Need to truncate digest if it is too long: first truncate
+ * whole bytes
+ */
+- dlen = (order_bits + 7) >> UADK_BITS_2_BYTES_SHIFT;
++ dlen = BITS_TO_BYTES(order_bits);
+ if (!BN_bin2bn(dgst, dlen, m)) {
+ fprintf(stderr, "failed to BN_bin2bn digest\n");
+ BN_free(m);
+ return -1;
+ }
+
+- /* If still too long, truncate remaining bits with a shift */
+- if (dlen << UADK_BITS_2_BYTES_SHIFT > order_bits &&
+- !BN_rshift(m, m, 8 - (order_bits & 0x7))) {
++ /* If the length of digest is still longer than the length
++ * of the base point order, truncate remaining bits with a
++ * shift to that length
++ */
++ if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits &&
++ !BN_rshift(m, m, DGST_SHIFT_NUM(order_bits))) {
+ fprintf(stderr, "failed to truncate input digest\n");
+ BN_free(m);
+ return -1;
+@@ -743,7 +745,7 @@ err:
+
+ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req)
+ {
+- unsigned char buff[SM2_KEY_BYTES * 2 + 1] = {UADK_OCTET_STRING};
++ unsigned char buff[ECC_POINT_SIZE(SM2_KEY_BYTES) + 1] = {UADK_OCTET_STRING};
+ struct wd_ecc_point *pubkey = NULL;
+ struct wd_dtb *privkey = NULL;
+ const EC_GROUP *group;
+@@ -768,8 +770,8 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req)
+ return -ENOMEM;
+ }
+
+- memcpy(buff + 1, pubkey->x.data, SM2_KEY_BYTES * 2);
+- tmp = BN_bin2bn(buff, SM2_KEY_BYTES * 2 + 1, NULL);
++ memcpy(buff + 1, pubkey->x.data, ECC_POINT_SIZE(SM2_KEY_BYTES));
++ tmp = BN_bin2bn(buff, ECC_POINT_SIZE(SM2_KEY_BYTES) + 1, NULL);
+ ptr = EC_POINT_bn2point(group, tmp, point, NULL);
+ BN_free(tmp);
+ if (!ptr) {
+@@ -1029,7 +1031,7 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req,
+ in_pkey.x.dsize = BN_bn2bin(pkey_x, (unsigned char *)in_pkey.x.data);
+ in_pkey.y.dsize = BN_bn2bin(pkey_y, (unsigned char *)in_pkey.y.data);
+
+- /* set public key */
++ /* Set public key */
+ ecdh_in = wd_ecxdh_new_in(sess, &in_pkey);
+ if (!ecdh_in) {
+ fprintf(stderr, "failed to new ecxdh in\n");
+@@ -1075,7 +1077,7 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req)
+ }
+
+ key_size_std = (unsigned int)(EC_GROUP_get_degree(group) +
+- UADK_ECC_PADDING) >> UADK_BITS_2_BYTES_SHIFT;
++ UADK_ECC_PADDING) >> TRANS_BITS_BYTES_SHIFT;
+ key_size_x = pubkey->x.dsize;
+ key_size_y = pubkey->y.dsize;
+ if ((key_size_x > key_size_std) || (key_size_y > key_size_std)) {
+@@ -1088,9 +1090,8 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req)
+ * tag - 1 byte
+ * point_x - [key_size_std] bytes
+ * point_y - [key_size_std] bytes
+- * so the malloc size is: key_size_std * 2 + 1
+ */
+- buff_size = key_size_std * 2 + 1;
++ buff_size = ECC_POINT_SIZE(key_size_std) + 1;
+ x_shift = key_size_std - key_size_x + 1;
+ y_shift = buff_size - key_size_y;
+ buff = (unsigned char *)OPENSSL_malloc(buff_size);
+diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
+index df23156..67042a3 100644
+--- a/src/uadk_ecx.c
++++ b/src/uadk_ecx.c
+@@ -295,33 +295,39 @@ static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx,
+
+ memcpy(ecx_key->pubkey, (const unsigned char *)pubkey->x.data,
+ key_size);
+- /* trans public key from big-endian to little-endian */
++ /* Trans public key from big-endian to little-endian */
+ ret = reverse_bytes(ecx_key->pubkey, key_size);
+ if (!ret) {
+ fprintf(stderr, "failed to trans public key\n");
+ return UADK_E_FAIL;
+ }
+- /* trans private key from big-endian to little-endian */
++ /* Trans private key from big-endian to little-endian */
+ ret = reverse_bytes(ecx_key->privkey, key_size);
+ if (!ret) {
+ fprintf(stderr, "failed to trans private key\n");
+ return UADK_E_FAIL;
+ }
+ /*
+- * This is a pretreatment of X25519/X448, as described in RFC 7748:
+- * For X25519, in order to decode 32 random bytes as an integer
+- * scaler, set the three LSB of the first byte and MSB of the last
+- * to zero, set the second MSB of the last byte to 1.
+- * For X448, set the two LSB of the first byte to 0, and MSB of the
+- * last byte to 1. Decode in little-endian mode.
++ * This is a pretreatment of X25519/X448 described in RFC 7748.
++ * In order to decode the random bytes as an integer scaler, there
++ * are some special data processing. And use little-endian mode for
++ * decoding.
+ */
+ if (ecx_ctx->nid == EVP_PKEY_X25519) {
+- ecx_key->privkey[0] &= 248;
+- ecx_key->privkey[X25519_KEYLEN - 1] &= 127;
+- ecx_key->privkey[X25519_KEYLEN - 1] |= 64;
++ /* Set the three LSB of the first byte to 0 */
++ ecx_key->privkey[0] &= 0xF8;
++
++ /* Set the MSB of the last byte to 0 */
++ ecx_key->privkey[X25519_KEYLEN - 1] &= 0x7F;
++
++ /* Set the second MSB of the last byte to 1 */
++ ecx_key->privkey[X25519_KEYLEN - 1] |= 0x40;
+ } else if (ecx_ctx->nid == EVP_PKEY_X448) {
+- ecx_key->privkey[0] &= 252;
+- ecx_key->privkey[X448_KEYLEN - 1] |= 128;
++ /* Set the two LSB of the first byte to 0 */
++ ecx_key->privkey[0] &= 0xFC;
++
++ /* Set the MSB of the last byte to 1 */
++ ecx_key->privkey[X448_KEYLEN - 1] |= 0x80;
+ }
+
+ ret = EVP_PKEY_assign(pkey, ecx_ctx->nid, ecx_key);
+@@ -494,7 +500,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req,
+ struct wd_ecc_in *ecx_in;
+ int ret;
+
+- /* trans public key from little-endian to big-endian */
++ /* Trans public key from little-endian to big-endian */
+ ret = reverse_bytes(peer_ecx_key->pubkey, key_size);
+ if(!ret) {
+ fprintf(stderr, "failed to trans public key\n");
+@@ -521,7 +527,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req,
+
+ uadk_ecc_fill_req(req, WD_ECXDH_COMPUTE_KEY, ecx_in, ecx_out);
+
+- /* trans public key from big-endian to little-endian */
++ /* Trans public key from big-endian to little-endian */
+ ret = reverse_bytes(peer_ecx_key->pubkey, key_size);
+ if (!ret) {
+ fprintf(stderr, "failed to trans public key\n");
+@@ -553,7 +559,7 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx,
+ struct wd_dtb prikey;
+ int ret;
+
+- /* trans private key from little-endian to big-endian */
++ /* Trans private key from little-endian to big-endian */
+ ret = reverse_bytes(ecx_key->privkey, key_size);
+ if (!ret) {
+ fprintf(stderr, "failed to trans private key\n");
+@@ -569,7 +575,7 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx,
+ return UADK_E_FAIL;
+ }
+
+- /* trans private key from big-endian to little-endian */
++ /* Trans private key from big-endian to little-endian */
+ ret = reverse_bytes(ecx_key->privkey, key_size);
+ if (!ret) {
+ fprintf(stderr, "failed to trans private key\n");
+diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
+index 6920cff..6b5ae9a 100644
+--- a/src/uadk_pkey.c
++++ b/src/uadk_pkey.c
+@@ -44,7 +44,7 @@ struct ecc_res_config {
+ int numa_id;
+ };
+
+-/* ecc global hardware resource is saved here */
++/* ECC global hardware resource is saved here */
+ struct ecc_res {
+ struct wd_ctx_config *ctx_res;
+ int pid;
+@@ -123,7 +123,7 @@ static int uadk_ecc_poll(void *ctx)
+ return -ETIMEDOUT;
+ }
+
+-/* make resource configure static */
++/* Make resource configure static */
+ struct ecc_res_config ecc_res_config = {
+ .sched = {
+ .sched_type = -1,
+@@ -234,7 +234,7 @@ static int uadk_wd_ecc_init(struct ecc_res_config *config)
+ struct uacce_dev *dev;
+ int ret;
+
+- /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */
++ /* The ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */
+ dev = wd_get_accel_dev("ecdsa");
+ if (!dev)
+ return -ENOMEM;
+@@ -396,8 +396,7 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey)
+ return -EINVAL;
+ }
+
+- /* pad and convert bits to bytes */
+- buflen = (EC_GROUP_get_degree(group) + 7) / 8;
++ buflen = BITS_TO_BYTES(EC_GROUP_get_degree(group));
+ ecc_key = wd_ecc_get_key(sess);
+ prikey.data = (void *)bin;
+ prikey.dsize = BN_bn2binpad(d, bin, buflen);
+diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h
+index b30c2de..6d1cc77 100644
+--- a/src/uadk_pkey.h
++++ b/src/uadk_pkey.h
+@@ -26,7 +26,6 @@
+ #define UADK_ECC_MAX_KEY_BITS 521
+ #define UADK_ECC_MAX_KEY_BYTES 66
+ #define UADK_ECC_CV_PARAM_NUM 6
+-#define UADK_BITS_2_BYTES_SHIFT 3
+ #define SM2_KEY_BYTES 32
+ #define UADK_OCTET_STRING 4
+ #define UADK_ECC_PUBKEY_PARAM_NUM 2
+@@ -34,6 +33,11 @@
+ #define UADK_ECDH_CV_NUM 8
+ #define ENV_ENABLED 1
+ #define UADK_E_INVALID (-2)
++#define TRANS_BITS_BYTES_SHIFT 3
++#define ECC_POINT_SIZE(n) ((n) * 2)
++#define GET_MS_BYTE(n) ((n) >> 8)
++#define GET_LS_BYTE(n) ((n) & 0xFF)
++#define DGST_SHIFT_NUM(n) (8 - ((n) & 0x7))
+
+ struct uadk_pkey_meth {
+ EVP_PKEY_METHOD *sm2;
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index 7d25338..e9a2c53 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -52,6 +52,9 @@
+ #define UADK_E_INIT_SUCCESS 0
+ #define CHECK_PADDING_FAIL (-1)
+ #define ENV_ENABLED 1
++#define PRIME_RETRY_COUNT 4
++#define GENCB_NEXT 2
++#define GENCB_RETRY 3
+
+ static RSA_METHOD *rsa_hw_meth;
+
+@@ -173,11 +176,7 @@ static int rsa_prime_mul_res(int num, struct rsa_prime_param *param,
+ if (!BN_mul(param->r1, param->rsa_p, param->rsa_q, ctx))
+ return BN_ERR;
+ } else {
+- /*
+- * Use the number 3 to indicate whether
+- * the generator has been found.
+- */
+- if (!BN_GENCB_call(cb, 3, num))
++ if (!BN_GENCB_call(cb, GENCB_RETRY, num))
+ return BN_ERR;
+ return BN_CONTINUE;
+ }
+@@ -228,14 +227,11 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
+ *bitse -= bitsr[*num];
+ else
+ return -1;
+- /*
+- * Use the number 2 to indicate whether
+- * a prime has been found.
+- */
+- ret = BN_GENCB_call(cb, 2, *n++);
++
++ ret = BN_GENCB_call(cb, GENCB_NEXT, *n++);
+ if (!ret)
+ return -1;
+- if (retries == 4) {
++ if (retries == PRIME_RETRY_COUNT) {
+ *num = -1;
+ *bitse = 0;
+ retries = 0;
+@@ -244,8 +240,8 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
+ retries++;
+ return BN_REDO;
+ }
+- /* Use the number 3 to indicate whether the generator has been found. */
+- ret = BN_GENCB_call(cb, 3, *num);
++
++ ret = BN_GENCB_call(cb, GENCB_RETRY, *num);
+ if (!ret)
+ return BN_ERR;
+ retries = 0;
+@@ -320,8 +316,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
+ else
+ return BN_ERR;
+
+- /* Use the number 2 to indicate whether a prime has been found. */
+- if (!BN_GENCB_call(cb, 2, *n++))
++ if (!BN_GENCB_call(cb, GENCB_NEXT, *n++))
+ return BN_ERR;
+
+ return GET_ERR_FINISH;
+diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
+index 8a9adca..578d2d8 100644
+--- a/src/uadk_sm2.c
++++ b/src/uadk_sm2.c
+@@ -34,12 +34,12 @@ enum {
+ typedef struct {
+ /* Key and paramgen group */
+ EC_GROUP *gen_group;
+- /* message digest */
++ /* Message digest */
+ const EVP_MD *md;
+ /* Distinguishing Identifier, ISO/IEC 15946-3 */
+ uint8_t *id;
+ size_t id_len;
+- /* id_set indicates if the 'id' field is set (1) or not (0) */
++ /* Indicates if the 'id' field is set (1) or not (0) */
+ int id_set;
+ } SM2_PKEY_CTX;
+
+@@ -557,8 +557,7 @@ static size_t ec_field_size(const EC_GROUP *group)
+ if (!EC_GROUP_get_curve(group, p, a, b, NULL))
+ goto done;
+
+- /* Pad and convert bits to bytes */
+- field_size = (BN_num_bits(p) + 7) / 8;
++ field_size = BITS_TO_BYTES(BN_num_bits(p));
+
+ done:
+ BN_free(p);
+@@ -1172,7 +1171,7 @@ static int sm2_set_ctx_id(struct sm2_ctx *smctx, int p1, const void *p2)
+ OPENSSL_free(smctx->ctx.id);
+ smctx->ctx.id = tmp_id;
+ } else {
+- /* set null-ID */
++ /* Set null-ID */
+ OPENSSL_free(smctx->ctx.id);
+ smctx->ctx.id = NULL;
+ }
+@@ -1231,7 +1230,7 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+ *(size_t *)p2 = smctx->ctx.id_len;
+ return 1;
+ case EVP_PKEY_CTRL_DIGESTINIT:
+- /* nothing to be inited, this is to suppress the error... */
++ /* Nothing to be inited, for suppress the error */
+ return 1;
+ default:
+ fprintf(stderr, "sm2 ctrl type = %d error\n", type);
+@@ -1323,20 +1322,22 @@ static int check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash,
+ }
+
+ /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */
+- if (id_len >= (UINT16_MAX / 8)) {
++ if (id_len >= (UINT16_MAX >> TRANS_BITS_BYTES_SHIFT)) {
+ fprintf(stderr, "id too large\n");
+ return 0;
+ }
+
+- entl = (uint16_t)(8 * id_len);
++ entl = (uint16_t)(id_len << TRANS_BITS_BYTES_SHIFT);
+
+- e_byte = entl >> 8;
++ /* Update the most significant (first) byte of 'entl' */
++ e_byte = GET_MS_BYTE(entl);
+ if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
+ fprintf(stderr, "error evp lib\n");
+ return 0;
+ }
+
+- e_byte = entl & 0xFF;
++ /* Update the least significant (second) byte of 'entl' */
++ e_byte = GET_LS_BYTE(entl);
+ if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
+ fprintf(stderr, "error evp lib\n");
+ return 0;
+@@ -1516,7 +1517,7 @@ static int sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+ return 0;
+ }
+
+- /* get hashed prefix 'z' of tbs message */
++ /* Get hashed prefix 'z' of tbs message */
+ if (!sm2_compute_z_digest(z, md, smctx->ctx.id, smctx->ctx.id_len, ec))
+ return 0;
+
+--
+1.8.3.1
+
diff --git a/0067-uadk_engine-cleanup-header-file.patch b/0067-uadk_engine-cleanup-header-file.patch
new file mode 100644
index 0000000..b6f7fbc
--- /dev/null
+++ b/0067-uadk_engine-cleanup-header-file.patch
@@ -0,0 +1,250 @@
+From 1dd1503428df2b33f679f81b1541a4314fe0aa11 Mon Sep 17 00:00:00 2001
+From: Zhiqi Song <songzhiqi1@huawei.com>
+Date: Sat, 22 Oct 2022 15:56:54 +0800
+Subject: uadk_engine: cleanup header file
+
+Remove redundant header file and modify magic number.
+
+Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
+---
+ src/uadk.h | 3 ---
+ src/uadk_async.c | 1 +
+ src/uadk_async.h | 2 +-
+ src/uadk_cipher.c | 1 +
+ src/uadk_dh.c | 1 +
+ src/uadk_digest.c | 2 ++
+ src/uadk_ec.c | 1 +
+ src/uadk_ecx.c | 2 +-
+ src/uadk_pkey.c | 5 ++++-
+ src/uadk_rsa.c | 6 +++++-
+ src/uadk_sm2.c | 7 +++++--
+ 11 files changed, 22 insertions(+), 9 deletions(-)
+
+diff --git a/src/uadk.h b/src/uadk.h
+index 99c65c7..30c099f 100644
+--- a/src/uadk.h
++++ b/src/uadk.h
+@@ -18,9 +18,6 @@
+ #ifndef UADK_H
+ #define UADK_H
+ #include <openssl/engine.h>
+-#include <uadk/wd.h>
+-#include <uadk/wd_sched.h>
+-#include "uadk_utils.h"
+
+ #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+ #define ENV_STRING_LEN 256
+diff --git a/src/uadk_async.c b/src/uadk_async.c
+index 3f2e1db..2edd6ea 100644
+--- a/src/uadk_async.c
++++ b/src/uadk_async.c
+@@ -20,6 +20,7 @@
+ #include <string.h>
+ #include <sys/eventfd.h>
+ #include <unistd.h>
++#include <openssl/async.h>
+ #include "uadk.h"
+ #include "uadk_async.h"
+
+diff --git a/src/uadk_async.h b/src/uadk_async.h
+index 9bae3f4..8a4822e 100644
+--- a/src/uadk_async.h
++++ b/src/uadk_async.h
+@@ -19,8 +19,8 @@
+ #define UADK_ASYNC_H
+
+ #include <stdbool.h>
+-#include <openssl/async.h>
+ #include <semaphore.h>
++#include <openssl/async.h>
+
+ #define ASYNC_QUEUE_TASK_NUM 1024
+
+diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
+index de5f078..cc06429 100644
+--- a/src/uadk_cipher.c
++++ b/src/uadk_cipher.c
+@@ -22,6 +22,7 @@
+ #include <dlfcn.h>
+ #include <openssl/engine.h>
+ #include <uadk/wd_cipher.h>
++#include <uadk/wd_sched.h>
+ #include "uadk.h"
+ #include "uadk_async.h"
+
+diff --git a/src/uadk_dh.c b/src/uadk_dh.c
+index 6356872..680564c 100644
+--- a/src/uadk_dh.c
++++ b/src/uadk_dh.c
+@@ -23,6 +23,7 @@
+ #include <openssl/dh.h>
+ #include <string.h>
+ #include <uadk/wd_dh.h>
++#include <uadk/wd_sched.h>
+ #include "uadk.h"
+ #include "uadk_async.h"
+
+diff --git a/src/uadk_digest.c b/src/uadk_digest.c
+index 9d009a9..26a6272 100644
+--- a/src/uadk_digest.c
++++ b/src/uadk_digest.c
+@@ -25,8 +25,10 @@
+ #include <openssl/evp.h>
+ #include <uadk/wd_cipher.h>
+ #include <uadk/wd_digest.h>
++#include <uadk/wd_sched.h>
+ #include "uadk.h"
+ #include "uadk_async.h"
++#include "uadk_utils.h"
+
+ #define UADK_DO_SOFT (-0xE0)
+ #define CTX_SYNC 0
+diff --git a/src/uadk_ec.c b/src/uadk_ec.c
+index 9b48ae7..6106083 100644
+--- a/src/uadk_ec.c
++++ b/src/uadk_ec.c
+@@ -23,6 +23,7 @@
+ #include <openssl/err.h>
+ #include <openssl/ec.h>
+ #include <uadk/wd_ecc.h>
++#include <uadk/wd_sched.h>
+ #include "uadk_pkey.h"
+ #include "uadk.h"
+
+diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
+index 67042a3..b62f81d 100644
+--- a/src/uadk_ecx.c
++++ b/src/uadk_ecx.c
+@@ -14,7 +14,6 @@
+ * limitations under the License.
+ *
+ */
+-#include <errno.h>
+ #include <string.h>
+ #include <openssl/bn.h>
+ #include <openssl/engine.h>
+@@ -24,6 +23,7 @@
+ #include <openssl/ec.h>
+ #include <openssl/evp.h>
+ #include <uadk/wd_ecc.h>
++#include <uadk/wd_sched.h>
+ #include "uadk_pkey.h"
+ #include "uadk.h"
+
+diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
+index 6b5ae9a..7b7a345 100644
+--- a/src/uadk_pkey.c
++++ b/src/uadk_pkey.c
+@@ -17,6 +17,7 @@
+ #include <openssl/engine.h>
+ #include <uadk/wd.h>
+ #include <uadk/wd_ecc.h>
++#include <uadk/wd_sched.h>
+ #include "uadk_async.h"
+ #include "uadk.h"
+ #include "uadk_pkey.h"
+@@ -381,6 +382,7 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey)
+ const EC_GROUP *group;
+ struct wd_dtb prikey;
+ const BIGNUM *d;
++ size_t degree;
+ int buflen;
+ int ret;
+
+@@ -396,7 +398,8 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey)
+ return -EINVAL;
+ }
+
+- buflen = BITS_TO_BYTES(EC_GROUP_get_degree(group));
++ degree = EC_GROUP_get_degree(group);
++ buflen = BITS_TO_BYTES(degree);
+ ecc_key = wd_ecc_get_key(sess);
+ prikey.data = (void *)bin;
+ prikey.dsize = BN_bn2binpad(d, bin, buflen);
+diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
+index e9a2c53..96c898f 100644
+--- a/src/uadk_rsa.c
++++ b/src/uadk_rsa.c
+@@ -20,6 +20,7 @@
+ #include <openssl/ossl_typ.h>
+ #include <openssl/rsa.h>
+ #include <uadk/wd_rsa.h>
++#include <uadk/wd_sched.h>
+ #include "uadk_async.h"
+ #include "uadk.h"
+
+@@ -55,6 +56,7 @@
+ #define PRIME_RETRY_COUNT 4
+ #define GENCB_NEXT 2
+ #define GENCB_RETRY 3
++#define PRIME_CHECK_BIT_NUM 4
+
+ static RSA_METHOD *rsa_hw_meth;
+
+@@ -210,7 +212,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
+ * key by using the modulus in a certificate. This is also covered
+ * by checking the length should not be less than 0x9.
+ */
+- if (!BN_rshift(param->r2, param->r1, *bitse - 4))
++ if (!BN_rshift(param->r2, param->r1, *bitse - PRIME_CHECK_BIT_NUM))
+ return BN_ERR;
+
+ bitst = BN_get_word(param->r2);
+@@ -231,6 +233,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
+ ret = BN_GENCB_call(cb, GENCB_NEXT, *n++);
+ if (!ret)
+ return -1;
++
+ if (retries == PRIME_RETRY_COUNT) {
+ *num = -1;
+ *bitse = 0;
+@@ -288,6 +291,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
+ BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb)
+ {
+ unsigned long err;
++
+ /*
+ * BN_sub(r,a,b) substracts b from a and place the result in r,
+ * r = a-b.
+diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
+index 578d2d8..b14fbcf 100644
+--- a/src/uadk_sm2.c
++++ b/src/uadk_sm2.c
+@@ -22,6 +22,7 @@
+ #include <openssl/ossl_typ.h>
+ #include <openssl/err.h>
+ #include <uadk/wd_ecc.h>
++#include <uadk/wd_sched.h>
+ #include "uadk.h"
+ #include "uadk_pkey.h"
+
+@@ -550,6 +551,7 @@ static size_t ec_field_size(const EC_GROUP *group)
+ BIGNUM *a = BN_new();
+ BIGNUM *b = BN_new();
+ size_t field_size = 0;
++ size_t p_bits;
+
+ if (p == NULL || a == NULL || b == NULL)
+ goto done;
+@@ -557,7 +559,8 @@ static size_t ec_field_size(const EC_GROUP *group)
+ if (!EC_GROUP_get_curve(group, p, a, b, NULL))
+ goto done;
+
+- field_size = BITS_TO_BYTES(BN_num_bits(p));
++ p_bits = BN_num_bits(p);
++ field_size = BITS_TO_BYTES(p_bits);
+
+ done:
+ BN_free(p);
+@@ -598,7 +601,7 @@ static int sm2_ciphertext_size(const EC_KEY *key,
+ * Integer and string are simple type; set constructed = 0, means
+ * primitive and definite length encoding.
+ */
+- sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER)
++ sz = ECC_POINT_SIZE(ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER))
+ + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING)
+ + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING);
+ *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE);
+--
+1.8.3.1
+
diff --git a/uadk_engine.spec b/uadk_engine.spec
index 4e32f87..b2cd083 100644
--- a/uadk_engine.spec
+++ b/uadk_engine.spec
@@ -71,6 +71,16 @@ Patch0054: 0054-doc-Modify-maintainers.patch
Patch0055: 0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch
Patch0056: 0056-engine-initialize-resources-only-once.patch
Patch0057: 0057-engine-fix-function-type.patch
+Patch0058: 0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch
+Patch0059: 0059-uadk_utils-fix-x86-local-build.patch
+Patch0060: 0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch
+Patch0061: 0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch
+Patch0062: 0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch
+Patch0063: 0063-uadk_engine-bugfix-side-effects-of-right-operand.patch
+Patch0064: 0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch
+Patch0065: 0065-uadk_engine-bugfix-enable-environment-variable.patch
+Patch0066: 0066-uadk_engine-cleanup-magic-number-and-comments.patch
+Patch0067: 0067-uadk_engine-cleanup-header-file.patch
%description
This package contains the UADK Accelerator Engine
@@ -120,6 +130,9 @@ fi
/sbin/ldconfig
%changelog
+* Fri Aug 19 2023 JiangShui Yang <yangjiangshui@h-partners.com> 1.0.0-9
+- Backport uadk engine patch for v1.0.1
+
* Fri Aug 19 2023 JiangShui Yang <yangjiangshui@h-partners.com> 1.0.0-8
- Eable debuginfo for fix strip
--
2.25.1
Reference in New Issue Copy Permalink