!192 sync from master

From: @houmingyong 
Reviewed-by: @hzero1996 
Signed-off-by: @hzero1996

0072-use-memset-instead-of-explicit_bzero.patch

@@ -0,0 +1,67 @@
+From 248f56df792c14421074a6049ac668464070a574 Mon Sep 17 00:00:00 2001
+From: zhengxiaoxiao <zhengxiaoxiao2@huawei.com>
+Date: Tue, 12 Mar 2024 16:53:22 +0800
+Subject: [PATCH] use memset instead of explicit_bzero
+
+Reference: https://gitee.com/openeuler/secGear/commit/248f56df792c14421074a6049ac668464070a574
+Conflict: NA
+---
+ src/enclave_src/gp/itrustee/itrustee_seal_data.c |  8 ++++----
+ src/host_src/enclave.c                           |  4 ++--
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/enclave_src/gp/itrustee/itrustee_seal_data.c b/src/enclave_src/gp/itrustee/itrustee_seal_data.c
+index cae1734..b074d6f 100644
+--- a/src/enclave_src/gp/itrustee/itrustee_seal_data.c
++++ b/src/enclave_src/gp/itrustee/itrustee_seal_data.c
+@@ -139,13 +139,13 @@ TEE_Result itrustee_seal_data(uint8_t *seal_data, uint32_t seal_data_len, void *
+     result = data_copy(tmp_sealed_data, salt, nonce, mac_data, mac_data_len);
+ 
+ error0:
+-    explicit_bzero(nonce, SEAL_DATA_NONCE_LEN);
++    memset(nonce, 0, SEAL_DATA_NONCE_LEN);
+     TEE_Free(nonce);
+ error1:
+-    explicit_bzero(salt, SEAL_KEY_SALT_LEN);
++    memset(salt, 0, SEAL_KEY_SALT_LEN);
+     TEE_Free(salt);
+ error2:
+-    explicit_bzero(key_buf, SEAL_KEY_LEN);
++    memset(key_buf, 0, SEAL_KEY_LEN);
+     TEE_Free(key_buf);
+     return result;
+ }
+@@ -251,7 +251,7 @@ TEE_Result itrustee_unseal_data(void *sealed_data, uint8_t *decrypted_data, uint
+     }
+
+ done:
+-    explicit_bzero(key_buf, SEAL_KEY_LEN);
++    memset(key_buf, 0, SEAL_KEY_LEN);
+     TEE_Free(key_buf);
+     return result;
+ }
+diff --git a/src/host_src/enclave.c b/src/host_src/enclave.c
+index d8b7d35..f13feec 100644
+--- a/src/host_src/enclave.c
++++ b/src/host_src/enclave.c
+@@ -70,7 +70,7 @@ static void error_handle(cc_enclave_t *enclave, void *handle, p_tee_registered r
+ 
+     if (enclave) {
+         pthread_rwlock_destroy(&enclave->rwlock);
+-        explicit_bzero(enclave, sizeof(cc_enclave_t));
++        memset(enclave, 0, sizeof(cc_enclave_t));
+     }
+ }
+ 
+@@ -310,7 +310,7 @@ cc_enclave_result_t cc_enclave_destroy(cc_enclave_t *context)
+     }
+     pthread_rwlock_unlock(&context->rwlock);
+     pthread_rwlock_destroy(&context->rwlock);
+-    explicit_bzero(context, sizeof(cc_enclave_t));
++    memset(context, 0, sizeof(cc_enclave_t));
+ 
+     return CC_SUCCESS;
+ }
+-- 
+2.33.0
+

0073-memset-no-optimize.patch

@@ -0,0 +1,58 @@
+From c15207d44281663b32ad4a8ede998dd4c7bda6fd Mon Sep 17 00:00:00 2001
+From: zhengxiaoxiao <zhengxiaoxiao2@huawei.com>
+Date: Thu, 14 Mar 2024 20:20:34 +0800
+Subject: [PATCH] memset no optimize
+
+Reference:https://gitee.com/openeuler/secGear/commit/c0997efc6a69d465b286347285cb1508a9d9c24b
+Conflict:NA
+---
+ src/enclave_src/gp/itrustee/itrustee_seal_data.c | 15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/src/enclave_src/gp/itrustee/itrustee_seal_data.c b/src/enclave_src/gp/itrustee/itrustee_seal_data.c
+index b074d6f..e23cb1e 100644
+--- a/src/enclave_src/gp/itrustee/itrustee_seal_data.c
++++ b/src/enclave_src/gp/itrustee/itrustee_seal_data.c
+@@ -15,6 +15,13 @@
+ #include "tee_crypto_api.h"
+ #include "dataseal_internal.h"
+ #include "tee_trusted_storage.h"
++
++#define CC_OPTIMIZE_OFF __attribute__((optimize("O0")))
++CC_OPTIMIZE_OFF static void *memset_no_optimize(void *ptr, int value, size_t num)
++{
++    memset(ptr, 0, num);
++}
++
+ uint32_t get_sealed_data_size_ex(uint32_t seal_data_len, uint32_t aad_len)
+ {
+     if (UINT32_MAX - aad_len <= seal_data_len) {
+@@ -139,13 +146,13 @@ TEE_Result itrustee_seal_data(uint8_t *seal_data, uint32_t seal_data_len, void *
+     result = data_copy(tmp_sealed_data, salt, nonce, mac_data, mac_data_len);
+ 
+ error0:
+-    memset(nonce, 0, SEAL_DATA_NONCE_LEN);
++    memset_no_optimize(nonce, 0, SEAL_DATA_NONCE_LEN);
+     TEE_Free(nonce);
+ error1:
+-    memset(salt, 0, SEAL_KEY_SALT_LEN);
++    memset_no_optimize(salt, 0, SEAL_KEY_SALT_LEN);
+     TEE_Free(salt);
+ error2:
+-    memset(key_buf, 0, SEAL_KEY_LEN);
++    memset_no_optimize(key_buf, 0, SEAL_KEY_LEN);
+     TEE_Free(key_buf);
+     return result;
+ }
+@@ -249,7 +256,7 @@ TEE_Result itrustee_unseal_data(void *sealed_data, uint8_t *decrypted_data, uint
+     }
+ 
+ done:
+-    memset(key_buf, 0, SEAL_KEY_LEN);
++    memset_no_optimize(key_buf, 0, SEAL_KEY_LEN);
+     TEE_Free(key_buf);
+     return result;
+ }
+-- 
+2.33.0
+

0074-add-codegen-compile-marco.patch

@@ -0,0 +1,29 @@
+From 088eca103708b2d54c4fe46f6dc2da7a21f4f0da Mon Sep 17 00:00:00 2001
+From: houmingyong <houmingyong@huawei.com>
+Date: Thu, 7 Dec 2023 14:08:36 +0800
+Subject: [PATCH] add codegen compile marco
+
+Reference:https://gitee.com/openeuler/secGear/commit/088eca103708b2d54c4fe46f6dc2da7a21f4f0da
+Conflict:Deleted the PL part from the patch.
+---
+ CMakeLists.txt | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 25e6381..8a6f22b 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -74,7 +74,10 @@ if(${ENCLAVE} STREQUAL "SGX")
+ 	set(CC_SGX ON)
+ endif()
+ 
+-add_subdirectory(tools/codegener)
++option(CODEGEN "default off" ON)
++if(CODEGEN)
++	add_subdirectory(tools/codegener)
++endif()
+ 
+ add_subdirectory(src)
+ add_subdirectory(component)
+-- 
+2.33.0

0075-Correct-the-error-in-the-comment.patch

@@ -0,0 +1,26 @@
+From 985be3c3b4947d1a304ff9171c74ca3fe77a86bf Mon Sep 17 00:00:00 2001
+From: zhengxiaoxiaoGitee <zhengxiaoxiao2@huawei.com>
+Date: Mon, 1 Apr 2024 17:05:10 +0800
+Subject: [PATCH] Correct the error in the comment.
+
+Reference:https://gitee.com/openeuler/secGear/commit/985be3c3b4947d1a304ff9171c74ca3fe77a86bf
+Conflict:NA
+---
+ inc/host_inc/status.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/inc/host_inc/status.h b/inc/host_inc/status.h
+index 7a7920b..c0ff6c7 100644
+--- a/inc/host_inc/status.h
++++ b/inc/host_inc/status.h
+@@ -179,7 +179,7 @@ typedef enum _enclave_result_t
+     CC_CLIENT_INTR                    = 0xFFFF4000, /* Interrupted by CFC. Broken control flow is detected. */
+     CC_ERROR_TIME_NOT_SET             = 0xFFFF5000, /* *< 时间未设置 */
+     CC_ERROR_TIME_NEEDS_RESET         = 0xFFFF5001, /* *< 时间需要重置 */
+-    CC_FAIL                           = 0xFFFF5002, /* *< 时间需要重置 */
++    CC_FAIL                           = 0xFFFF5002, /* *< 操作失败 */
+     CC_ERROR_TIMER                    = 0xFFFF6000,
+     CC_ERROR_TIMER_CREATE_FAILED,
+     CC_ERROR_TIMER_DESTORY_FAILED,
+-- 
+2.33.0

0076-change-log-file-permission-0400.patch

@@ -0,0 +1,24 @@
+From 1b2de0be8912fb1b705454011ed6190f52199f60 Mon Sep 17 00:00:00 2001
+From: zhengxiaoxiao <zhengxiaoxiao2@huawei.com>
+Date: Sat, 11 Jun 2022 12:17:18 +0800
+Subject: [PATCH] change log file permission 0400
+
+---
+ conf/logrotate.d/secgear | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/conf/logrotate.d/secgear b/conf/logrotate.d/secgear
+index 92da41e..f88bb59 100644
+--- a/conf/logrotate.d/secgear
++++ b/conf/logrotate.d/secgear
+@@ -5,4 +5,7 @@
+ 	nocompress
+ 	copytruncate
+ 	size 2048k
++	lastaction
++	chmod 0400 /var/log/secgear/secgear.log.*
++	endscript
+ }
+-- 
+2.27.0
+

secGear.spec

@@ -1,6 +1,6 @@
 Name:		secGear
 Version:	0.1.0
-Release:	38
+Release:	40
 Summary:	secGear is an SDK to develop confidential computing apps based on hardware enclave features
 
 
@@ -80,6 +80,12 @@ Patch67:	0068-bugfix-when-input-empty-hash.patch
 Patch68:	0069-adapt-sign-tool-to-pass-API_LEVEL.patch
 Patch69:	0070-sign-tool-add-invalid-param-verify.patch
 Patch70:	0071-adapt-report-with-request-key.patch
+Patch71:	0072-use-memset-instead-of-explicit_bzero.patch
+Patch72:	0073-memset-no-optimize.patch
+Patch73:	0074-add-codegen-compile-marco.patch
+Patch74:	0075-Correct-the-error-in-the-comment.patch
+Patch75:	0076-change-log-file-permission-0400.patch
+
 
 BuildRequires:	gcc python automake autoconf libtool
 BUildRequires:	glibc glibc-devel cmake ocaml-dune rpm gcc-c++ compat-openssl11-libs compat-openssl11-devel
@@ -211,6 +217,12 @@ popd
 systemctl restart rsyslog
 
 %changelog
+* Thu Jun 20 2024 houmingyong <houmingyong@huawei.com> - 0.1.0-40
+- synchoronous features
+
+* Wed Mar 27 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.1.0-39
+- use memset instead of explicit_bzero
+
 * Wed Sep 13 2023 wangqingsan<wangqingsan@huawei.com> - 0.1.0-38
 - synchronous features