Bug Fixes and update README.

- Move Engine load error messages to print in console. - Fix qatlib and QAT_SW co-existence build. - Fix issue with disable prf and gcm provider build. - Fix issue sm3 ctx initilization. Signed-off-by: Yogaraj Alamenda <[email protected]>
intel · Jun 24, 2022 · ce99c7c · ce99c7c
1 parent 7cc5eb9
commit ce99c7c
Show file tree

Hide file tree

Showing 12 changed files with 193 additions and 201 deletions.
diff --git a/configure.ac b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.68])
-AC_INIT([qatengine], [0.6.12], [])
+AC_INIT([qatengine], [0.6.13], [])
 AC_CONFIG_SRCDIR([config.h.in])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_AUX_DIR([.])
@@ -255,7 +255,7 @@ AC_SUBST([LIBQATNAME], "qatengine")
 AC_CHECK_FILE(${qat_hw_dir_prefix}/include/qat/icp_sal_versions.h,
 	      [with_icp_sal_versions_h=yes],
 	      [with_icp_sal_versions_h=no])
-if test "x$with_icp_sal_versions_h" = "xyes" -a "x$enable_qat_sw" = "x"
+if test "x$with_icp_sal_versions_h" = "xyes"
 then
   if test `grep "define SAL_INFO2_DRIVER_SW_VERSION_TYPE \"in-tree\"" ${qat_hw_dir_prefix}/include/qat/icp_sal_versions.h | wc -l` = "1"
   then
@@ -377,7 +377,7 @@ then
     if test "x$ac_cv_lib_crypto_mb_mbx_getversion" = "xyes"
     then
       AC_CHECK_FILE(/usr/local/lib/libcrypto_mb.so,
-                   [AC_SUBST([QAT_SW_CRYPTO_MB_LIB], ["-Wl,-rpath,/usr/local/lib -L/usr/loca/lib -lcrypto_mb"])],
+                   [AC_SUBST([QAT_SW_CRYPTO_MB_LIB], ["-Wl,-rpath,/usr/local/lib -L/usr/local/lib -lcrypto_mb"])],
                    [AC_SUBST([QAT_SW_CRYPTO_MB_LIB], ["-lcrypto_mb"])])
       AC_SUBST([cflags_qat_sw], ["-DQAT_SW"])
     fi

diff --git a/docs/limitations.md b/docs/limitations.md
@@ -21,8 +21,8 @@
   in the Intel&reg; QAT OpenSSL\* Engine configuration when building against earlier
   versions of the Linux driver.
 * Support for QAT HW ECX, QAT SW ECX, QAT HW PRF and QAT HW HKDF is disabled when built
-  against OpenSSL 3.0 due to known issues instead it uses non-accelerated implementation
-  from OpenSSL.
+  against OpenSSL 3.0 engine interface due to known issues, instead it uses
+  non-accelerated implementation from OpenSSL.
 * There is known performance scaling issue (performance drop with threads >32)
   with ECDSA Ciphers in the QAT Software acceleration using multithread mode
   in the Haproxy application. This issue is not observed when using RSA ciphers
@@ -37,9 +37,8 @@
   Performance drop observed in mulithread scenario for all ciphers suites
   due to the locks at engine_table_select in OpenSSL.
 * OpenSSL 1.1.1n introduced misleading error message(undefined symbol: EVP_PKEY_get_base_id)
-  during engine load which can be ignored as it is not a real failure. Details of error
-  message can be found [here][1]
+  during engine load which can be ignored as it is not a real failure. This is later fixed in
+  OpenSSL\* 1.1.1o release.
 * AES-CBC-HMAC-SHA chained ciphers does not support pipeline feature when built with
   OpenSSL 3.0 as the corresponding support is not available in OpenSSL 3.0.
-
-[1]:https://github.com/openssl/openssl/issues/17962
+* There is a known issue with OpenSSL s_server application using qatprovider on OpenSSL 3.0.
diff --git a/docs/software_requirements.md b/docs/software_requirements.md
@@ -8,9 +8,9 @@ Driver for FreeBSD. This release was validated on the following:
 
 * Operating system: CentOS\* 7.4 64-bit version & FreeBSD\* 11.4 64-bit version
 * Kernel: GNU\*/Linux\* 3.10.0-693
-* Intel&reg; Communications Chipset C62X Series Software for Linux\*, version **4.16**
-* Intel&reg; Communications Chipset C62X Series Software for FreeBSD\*, version **3.11**
-* OpenSSL\* 1.1.1n & 3.0.1
+* Intel&reg; Communications Chipset C62X Series Software for Linux\*, version **4.18**
+* Intel&reg; Communications Chipset C62X Series Software for FreeBSD\*, version **3.12**
+* OpenSSL\* 1.1.1o & 3.0.3
 
 ## qat_sw Requirements
 Successful operation of the Intel&reg; QAT Software acceleration requires a
@@ -31,7 +31,7 @@ This release was validated on the following:
 * Intel&reg; Crypto Multi-buffer library from the [ipp-crypto][1] release
   version **IPP Crypto 2021.5**
 * Intel&reg; Multi-Buffer crypto for IPsec Library release version **v1.2**
-* OpenSSL\* 1.1.1n & 3.0.1
+* OpenSSL\* 1.1.1o & 3.0.3
 
 [1]:https://github.com/intel/ipp-crypto
 [2]:https://github.com/intel/ipp-crypto/tree/develop/sources/ippcp/crypto_mb

diff --git a/e_qat.c b/e_qat.c
@@ -144,13 +144,13 @@
 const char *engine_qat_id = STR(QAT_ENGINE_ID);
 #if defined(QAT_HW) && defined(QAT_SW)
 const char *engine_qat_name =
-    "Reference implementation of QAT crypto engine(qat_hw & qat_sw) v0.6.12";
+    "Reference implementation of QAT crypto engine(qat_hw & qat_sw) v0.6.13";
 #elif QAT_HW
 const char *engine_qat_name =
-    "Reference implementation of QAT crypto engine(qat_hw) v0.6.12";
+    "Reference implementation of QAT crypto engine(qat_hw) v0.6.13";
 #else
 const char *engine_qat_name =
-    "Reference implementation of QAT crypto engine(qat_sw) v0.6.12";
+    "Reference implementation of QAT crypto engine(qat_sw) v0.6.13";
 #endif
 unsigned int engine_inited = 0;
 
@@ -421,15 +421,15 @@ int hw_support(void) {
         vpclmulqdq = 1;
 
     DEBUG("Processor Support - AVX512F = %u, VAES = %u, VPCLMULQDQ = %u\n",
-          avx512f, vaes, vpclmulqdq);
+           avx512f, vaes, vpclmulqdq);
 
     if (avx512f && vaes && vpclmulqdq) {
         qat_sw_ipsec = 1;
         return 1;
     } else {
-        WARN("Processor unsupported - AVX512F = %u, VAES = %u, VPCLMULQDQ = %u\n",
-             avx512f, vaes, vpclmulqdq);
-	return 0;
+        fprintf(stderr, "Processor unsupported for QAT_SW - AVX512F = %u, VAES = %u, VPCLMULQDQ = %u\n",
+                avx512f, vaes, vpclmulqdq);
+        return 0;
     }
 }
 #endif
@@ -468,7 +468,7 @@ int qat_engine_init(ENGINE *e)
 #ifdef QAT_HW
     if (qat_hw_offload) {
         if (!qat_init(e)) {
-            WARN("QAT initialization Failed\n");
+            fprintf(stderr, "QAT_HW initialization Failed\n");
             return 0;
         }
     }
@@ -477,7 +477,7 @@ int qat_engine_init(ENGINE *e)
 #ifdef QAT_SW
     if (qat_sw_offload) {
         if (!multibuff_init(e)) {
-            WARN("Multibuff initialization Failed\n");
+            fprintf(stderr, "QAT_SW initialization Failed\n");
             return 0;
         }
     }
@@ -858,21 +858,21 @@ static int bind_qat(ENGINE *e, const char *id)
     if (icp_sal_userIsQatAvailable() == CPA_TRUE) {
         qat_hw_offload = 1;
     } else {
-        WARN("Qat Intree device not available\n");
 #  ifndef QAT_SW
+        fprintf(stderr, "Qat Intree device not available\n");
         goto end;
 #  endif
     }
 # else
     if (access(QAT_DEV, F_OK) == 0) {
         qat_hw_offload = 1;
         if (access(QAT_MEM_DEV, F_OK) != 0) {
-            WARN("Qat memory driver not present\n");
+            fprintf(stderr, "Qat memory driver not present\n");
             goto end;
         }
     } else {
-        WARN("Qat device not available\n");
 #  ifndef QAT_SW
+        fprintf(stderr, "Qat device not available\n");
         goto end;
 #  endif
     }
@@ -885,12 +885,12 @@ static int bind_qat(ENGINE *e, const char *id)
     }
 
     if (!ENGINE_set_id(e, engine_qat_id)) {
-        WARN("ENGINE_set_id failed\n");
+        fprintf(stderr, "ENGINE_set_id failed\n");
         goto end;
     }
 
     if (!ENGINE_set_name(e, engine_qat_name)) {
-        WARN("ENGINE_set_name failed\n");
+        fprintf(stderr, "ENGINE_set_name failed\n");
         goto end;
     }
 
@@ -965,7 +965,7 @@ static int bind_qat(ENGINE *e, const char *id)
     if (hw_support()) {
 # ifdef ENABLE_QAT_SW_GCM
         if (!vaesgcm_init_ipsec_mb_mgr()) {
-            WARN("IPSec Multi-Buffer Manager Initialization failed\n");
+            fprintf(stderr, "IPSec Multi-Buffer Manager Initialization failed\n");
             goto end;
         }
 # endif
@@ -1000,7 +1000,7 @@ static int bind_qat(ENGINE *e, const char *id)
     ret &= ENGINE_set_finish_function(e, qat_engine_finish);
     ret &= ENGINE_set_cmd_defns(e, qat_cmd_defns);
     if (ret == 0) {
-        WARN("Engine failed to register init, finish or destroy functions\n");
+        fprintf(stderr, "Engine failed to register init, finish or destroy functions\n");
     }
 
     /*
@@ -1046,13 +1046,13 @@ static ENGINE *engine_qat(void)
     ret = ENGINE_new();
 
     if (!ret) {
-        WARN("Failed to create Engine\n");
+        fprintf(stderr, "Failed to create Engine\n");
         QATerr(QAT_F_ENGINE_QAT, QAT_R_QAT_CREATE_ENGINE_FAILURE);
         return NULL;
     }
 
     if (!bind_qat(ret, engine_qat_id)) {
-        WARN("Qat engine bind failed\n");
+        fprintf(stderr, "Qat Engine bind failed\n");
         ENGINE_free(ret);
         return NULL;
     }

diff --git a/qat_hw_gcm.c b/qat_hw_gcm.c
@@ -1007,7 +1007,6 @@ int QAT_AES_CIPHER_CTX_encrypting(QAT_GCM_CTX *qctx)
 }
 #endif
 
-#ifndef QAT_OPENSSL_PROVIDER
 /******************************************************************************
 * function:
 *    qat_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -1241,7 +1240,7 @@ int qat_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     DEBUG("Function result = %d\n",ret_val);
     return ret_val;
 }
-#endif
+
 /******************************************************************************
 * function:
 *    qat_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -1349,9 +1348,7 @@ int qat_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
     /* Distinguish the Update and TLS case */
     if (qctx->tls_aad_len >= 0) {
-#ifndef QAT_OPENSSL_PROVIDER
         return qat_aes_gcm_tls_cipher(ctx, out, in, len);
-#endif
     }
 
     /* If either key or IV not set, throw error here. */

diff --git a/qat_hw_prf.h b/qat_hw_prf.h
@@ -47,8 +47,6 @@
 #ifndef QAT_HW_PRF_H
 #define QAT_HW_PRF_H
 
-#ifdef ENABLE_QAT_HW_PRF
-
 #include <pthread.h>
 #include <string.h>
 #include <signal.h>
@@ -72,13 +70,14 @@
  * early on here if they are exceeded rather than later on
  * down in the driver.
  */
-#if CPA_CY_API_VERSION_NUM_MAJOR > 2
-# define QAT_TLS1_PRF_SECRET_MAXBUF 1024
-#else
-# define QAT_TLS1_PRF_SECRET_MAXBUF 512
-#endif
-#define QAT_TLS1_PRF_SEED_MAXBUF 64
-#define QAT_TLS1_PRF_LABEL_MAXBUF 136
+# ifdef ENABLE_QAT_HW_PRF
+#  if CPA_CY_API_VERSION_NUM_MAJOR > 2
+#   define QAT_TLS1_PRF_SECRET_MAXBUF 1024
+#  else
+#   define QAT_TLS1_PRF_SECRET_MAXBUF 512
+#  endif
+#  define QAT_TLS1_PRF_SEED_MAXBUF 64
+#  define QAT_TLS1_PRF_LABEL_MAXBUF 136
 
 /* QAT TLS  pkey context structure */
 typedef struct {
@@ -101,6 +100,6 @@ void qat_prf_cleanup(EVP_PKEY_CTX *ctx);
 int qat_prf_tls_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
                                 size_t *olen);
 int qat_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
-#endif /* DISABLE_QAT_HW_PRF */
+# endif /* DISABLE_QAT_HW_PRF */
 
 #endif /* QAT_HW_PRF_H */
diff --git a/qat_provider.h b/qat_provider.h
@@ -50,8 +50,8 @@
 # include <openssl/provider.h>
 # include <openssl/bio.h>
 
-# define QAT_PROVIDER_VERSION_STR "v0.6.12"
-# define QAT_PROVIDER_FULL_VERSION_STR "QAT Provider v0.6.12"
+# define QAT_PROVIDER_VERSION_STR "v0.6.13"
+# define QAT_PROVIDER_FULL_VERSION_STR "QAT Provider v0.6.13"
 
 # if defined(QAT_HW) && defined(QAT_SW)
 #  define QAT_PROVIDER_NAME_STR "QAT Provider for QAT_HW and QAT_SW"