diff --git a/Makefile.am b/Makefile.am
index 0190d643..526af6e1 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -178,8 +178,7 @@ mostlyclean-generic:
test_bssl/*.o qatengine_test
if QAT_ERR_FILES_BUILD
-src_c_files_str := $(shell ls *.c)
-err_files_str := $(subst qat_bssl_err.c, , ${src_c_files_str})
+err_files_str != ls *.c | sed "s/qat_bssl_err.c//"
MAKE = make err-files && make
endif
diff --git a/README.md b/README.md
index da756a21..7eb3ce14 100644
--- a/README.md
+++ b/README.md
@@ -369,10 +369,11 @@ make install
In the above example, `--disable-qat_hw` needs to be provided if the system
has qatlib installed.
Note : `--enable-qat_sw` checks crypto_mb and IPSec_MB libraries in its
-respective default path or in the path provided in the config flag
-`--with-qat_sw_install_dir`. If any of the libraries is not installed then
-their corresponding algorithm support is disabled (cryto_mb library for PKE
-algorithms and IPSec_mb library for AES-GCM).
+respective default path (/usr/local/lib and /usr/lib) or in the path provided
+in the config flag `--with-qat_sw_crypto_mb_install_dir` (for crypto_mb) and
+`--with-qat_sw_ipsec_mb_install_dir` (for ipsec_mb). If any of the libraries
+is not installed then their corresponding algorithm support is disabled
+(crypto_mb library for PKE algorithms and IPSec_mb library for AES-GCM).
diff --git a/configure.ac b/configure.ac
index 407eaebd..0b6ae778 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ([2.68])
-AC_INIT([qatengine], [0.6.14], [])
+AC_INIT([qatengine], [0.6.15], [])
AC_CONFIG_SRCDIR([config.h.in])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_AUX_DIR([.])
diff --git a/docs/limitations.md b/docs/limitations.md
index 7f9ae217..30ae7300 100644
--- a/docs/limitations.md
+++ b/docs/limitations.md
@@ -20,9 +20,10 @@
of the Intel® QAT driver for Linux. Use `--with-cc-opt="-DQAT_HW_DISABLE_NONZERO_MEMFREE"`
in the Intel® QAT OpenSSL\* Engine configuration when building against earlier
versions of the Linux driver.
-* Support for QAT HW ECX, QAT SW ECX, QAT HW PRF and QAT HW HKDF is disabled when built
- against OpenSSL 3.0 engine interface due to known issues, instead it uses
- non-accelerated implementation from OpenSSL.
+* Support for QAT HW ECX, QAT SW ECX, QAT SW SM2 ECDSA, QAT HW PRF and QAT HW HKDF is disabled
+ when built against OpenSSL 3.0 engine interface since OpenSSL doesn't have default implementation
+ methods accessible from OpenSSL3.0 engine interface, instead it uses non-accelerated
+ implementation from OpenSSL default provider.
* There is known performance scaling issue (performance drop with threads >32)
with ECDSA Ciphers in the QAT Software acceleration using multithread mode
in the Haproxy application. This issue is not observed when using RSA ciphers
@@ -46,3 +47,6 @@
`SSL_OP_NO_ENCRYPT_THEN_MAC` programmatically using SSL_CTX_set_options() to offload
symmetric chained ciphers via QAT_HW. Please note disabling ENCRYPT_THEN_MAC has security
implications.
+* Known issue with OpenSSL 3.0 s_server using qatengine with cipher "DHE-RSA-CHACHA20-POLY1305" which
+ works fine with Nginx. The issue is due to failure at EVP_PKEY_copy_parameter() in OpenSSL which is
+ yet to be root caused.
diff --git a/docs/software_requirements.md b/docs/software_requirements.md
index 81dfc129..8f37e747 100644
--- a/docs/software_requirements.md
+++ b/docs/software_requirements.md
@@ -11,6 +11,7 @@ Driver for FreeBSD. This release was validated on the following:
* Intel® Communications Chipset C62X Series Software for FreeBSD\*, version **3.12**
* OpenSSL\* 1.1.1q & 3.0.5
* BoringSSL\* commit - [fa3fbda07b][1]
+* BabaSSL - 8.3.1
## qat_sw Requirements
Successful operation of the Intel® QAT Software acceleration requires a
@@ -31,6 +32,7 @@ This release was validated on the following:
version **IPP Crypto 2021.5**
* Intel® Multi-Buffer crypto for IPsec Library release version **v1.2**
* OpenSSL\* 1.1.1q & 3.0.5
+* BabaSSL - 8.3.1
[1]:https://github.com/google/boringssl/tree/fa3fbda07bbf70925453d6a3c25a7aa455aa1cef
[2]:https://github.com/intel/ipp-crypto
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index 62873690..5e4f7d55 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -26,8 +26,9 @@ If this occurs some of the things to check are:
7. If building from OpenSSL prebuilt RPM Package, has the OpenSSL developement
packages (openssl-devel for Redhat* based distribution and libssl-devel
for Debian* based distibution) been installed ?
- 8. Incase of qat_sw acceleration, Has the dependant libraries are installed in
- the default path or provide the path via `--with-qat_sw_install_dir` if
+ 8. Incase of qat_sw acceleration, has the dependant libraries are installed in
+ the default path or provide the path via `--with-qat_sw_crypto_mb_install_dir`
+ (for crypto_mb) and `--with-qat_sw_ipsec_mb_install_dir` (for ipsec_mb) if
installed in the path other than default.
If running on a Debian\* based OS (Ubuntu\* for example) it is possible that the
diff --git a/e_qat.c b/e_qat.c
index 987bbd72..e8833752 100644
--- a/e_qat.c
+++ b/e_qat.c
@@ -148,13 +148,13 @@
const char *engine_qat_id = STR(QAT_ENGINE_ID);
#if defined(QAT_HW) && defined(QAT_SW)
const char *engine_qat_name =
- "Reference implementation of QAT crypto engine(qat_hw & qat_sw) v0.6.14";
+ "Reference implementation of QAT crypto engine(qat_hw & qat_sw) v0.6.15";
#elif QAT_HW
const char *engine_qat_name =
- "Reference implementation of QAT crypto engine(qat_hw) v0.6.14";
+ "Reference implementation of QAT crypto engine(qat_hw) v0.6.15";
#else
const char *engine_qat_name =
- "Reference implementation of QAT crypto engine(qat_sw) v0.6.14";
+ "Reference implementation of QAT crypto engine(qat_sw) v0.6.15";
#endif
unsigned int engine_inited = 0;
diff --git a/qat_provider.h b/qat_provider.h
index e2fd675d..287141f5 100644
--- a/qat_provider.h
+++ b/qat_provider.h
@@ -51,8 +51,8 @@
# include
# include
-# define QAT_PROVIDER_VERSION_STR "v0.6.14"
-# define QAT_PROVIDER_FULL_VERSION_STR "QAT Provider v0.6.14"
+# define QAT_PROVIDER_VERSION_STR "v0.6.15"
+# define QAT_PROVIDER_FULL_VERSION_STR "QAT Provider v0.6.15"
# if defined(QAT_HW) && defined(QAT_SW)
# define QAT_PROVIDER_NAME_STR "QAT Provider for QAT_HW and QAT_SW"
diff --git a/qatengine-sw.spec b/qatengine-sw.spec
index b09f1fcb..c644fe56 100644
--- a/qatengine-sw.spec
+++ b/qatengine-sw.spec
@@ -4,7 +4,7 @@
%global enginesdir %(pkg-config --variable=enginesdir libcrypto)
Name: qatengine-sw
-Version: 0.6.14
+Version: 0.6.15
Release: 1%{?dist}
Summary: Intel QuickAssist Technology (QAT) OpenSSL Engine
# Most of the source code is BSD, with the following exceptions:
@@ -49,6 +49,9 @@ autoreconf -ivf
%exclude %{enginesdir}/qatengine.la
%changelog
+* Wed Aug 24 2022 Yogaraj Alamenda - 0.6.15-1
+- Update to qatengine v0.6.15
+
* Wed Jul 20 2022 Yogaraj Alamenda - 0.6.14-1
- Update to qatengine v0.6.14
diff --git a/qatengine.spec b/qatengine.spec
index 63900994..4f4e5b17 100644
--- a/qatengine.spec
+++ b/qatengine.spec
@@ -4,7 +4,7 @@
%global enginesdir %(pkg-config --variable=enginesdir libcrypto)
Name: qatengine
-Version: 0.6.14
+Version: 0.6.15
Release: 1%{?dist}
Summary: Intel QuickAssist Technology (QAT) OpenSSL Engine
# Most of the source code is BSD, with the following exceptions:
@@ -46,6 +46,12 @@ autoreconf -ivf
%exclude %{enginesdir}/qatengine.la
%changelog
+* Wed Aug 24 2022 Yogaraj Alamenda - 0.6.15-1
+- Update to qatengine v0.6.15
+
+* Sat Jul 30 2022 Vladis Dronov - 0.6.14-2
+- Rebuild due to qatlib so-version bump
+
* Wed Jul 20 2022 Yogaraj Alamenda - 0.6.14-1
- Update to qatengine v0.6.14