diff --git a/e_qat.c b/e_qat.c index 1166b0e9..2bbf3f98 100644 --- a/e_qat.c +++ b/e_qat.c @@ -180,6 +180,7 @@ sigset_t set = {{0}}; pthread_t qat_timer_poll_func_thread = 0; pthread_t multibuff_timer_poll_func_thread = 0; int cleared_to_start = 0; +int qat_sw_ipsec = 0; #ifdef QAT_HW # define QAT_CONFIG_SECTION_NAME_SIZE 64 @@ -423,19 +424,20 @@ static int hw_support(void) { unsigned int vpclmulqdq = 0; if (*ebx & (0x1 << AVX512F_BIT)) - avx512f = 1; + avx512f = 1; if (*ecx & (0x1 << VAES_BIT)) - vaes = 1; + vaes = 1; if (*ecx & (0x1 << VPCLMULQDQ_BIT)) - vpclmulqdq = 1; + vpclmulqdq = 1; DEBUG("Processor Support - AVX512F = %u, VAES = %u, VPCLMULQDQ = %u\n", avx512f, vaes, vpclmulqdq); if (avx512f && vaes && vpclmulqdq) { - return 1; + qat_sw_ipsec = 1; + return 1; } else { WARN("Processor unsupported - AVX512F = %u, VAES = %u, VPCLMULQDQ = %u\n", avx512f, vaes, vpclmulqdq); @@ -959,16 +961,14 @@ static int bind_qat(ENGINE *e, const char *id) #endif #ifdef QAT_SW_IPSEC - if (!hw_support()) { - WARN("The Processor does not support the features needed for VAES.\n"); - goto end; - } + if (hw_support()) { # ifndef DISABLE_QAT_SW_GCM - if (!vaesgcm_init_ipsec_mb_mgr()) { - WARN("IPSec Multi-Buffer Manager Initialization failed\n"); - goto end; - } + if (!vaesgcm_init_ipsec_mb_mgr()) { + WARN("IPSec Multi-Buffer Manager Initialization failed\n"); + goto end; + } # endif + } #endif #if defined(QAT_HW) || defined(QAT_SW_IPSEC) diff --git a/e_qat.h b/e_qat.h index d969203f..68307636 100644 --- a/e_qat.h +++ b/e_qat.h @@ -313,6 +313,7 @@ extern sigset_t set; extern pthread_t qat_timer_poll_func_thread; extern pthread_t multibuff_timer_poll_func_thread; extern int cleared_to_start; +extern int qat_sw_ipsec; # ifdef QAT_HW extern char qat_config_section_name[QAT_CONFIG_SECTION_NAME_SIZE]; diff --git a/qat_evp.c b/qat_evp.c index 8c2b7984..49d6e8ee 100644 --- a/qat_evp.c +++ b/qat_evp.c @@ -198,31 +198,42 @@ void qat_create_ciphers(void) for (i = 0; i < num_cc; i++) { if (info[i].cipher == NULL) { + switch (info[i].nid) { + case NID_aes_128_gcm: + case NID_aes_192_gcm: + case NID_aes_256_gcm: #ifdef QAT_SW_IPSEC - if (info[i].nid == NID_aes_128_gcm || - info[i].nid == NID_aes_192_gcm || - info[i].nid == NID_aes_256_gcm) { - info[i].cipher = (EVP_CIPHER *) - vaesgcm_create_cipher_meth(info[i].nid, info[i].keylen); - } + if(qat_sw_ipsec) + info[i].cipher = (EVP_CIPHER *) + vaesgcm_create_cipher_meth(info[i].nid, info[i].keylen); +#else +# ifdef ENABLE_QAT_HW_GCM + if (qat_offload) { + if (info[i].nid != NID_aes_192_gcm) + info[i].cipher = (EVP_CIPHER *) + qat_create_gcm_cipher_meth(info[i].nid, info[i].keylen); + } +# endif #endif + break; #ifdef QAT_HW - if (qat_offload) { - if (info[i].nid == NID_aes_128_gcm || - info[i].nid == NID_aes_256_gcm) { -# ifdef ENABLE_QAT_HW_GCM - info[i].cipher = (EVP_CIPHER *) - qat_create_gcm_cipher_meth(info[i].nid, info[i].keylen); -# endif - } else { + case NID_aes_128_cbc_hmac_sha1: + case NID_aes_128_cbc_hmac_sha256: + case NID_aes_256_cbc_hmac_sha1: + case NID_aes_256_cbc_hmac_sha256: + if (qat_offload) info[i].cipher = (EVP_CIPHER *) qat_create_cipher_meth(info[i].nid, info[i].keylen); - } - } + break; #endif + default: + /* Do nothing */ + break; + } } } + } void qat_free_ciphers(void) @@ -231,16 +242,26 @@ void qat_free_ciphers(void) for (i = 0; i < num_cc; i++) { if (info[i].cipher != NULL) { - if (info[i].nid == NID_aes_128_gcm || - info[i].nid == NID_aes_192_gcm || - info[i].nid == NID_aes_256_gcm) { + switch (info[i].nid) { + case NID_aes_128_gcm: + case NID_aes_192_gcm: + case NID_aes_256_gcm: #ifndef DISABLE_QAT_SW_GCM EVP_CIPHER_meth_free(info[i].cipher); #endif - } else { -#if !defined(DISABLE_QAT_HW_CIPHERS) || !defined(DISABLE_QAT_HW_GCM) +#ifndef DISABLE_QAT_HW_GCM + if (info[i].nid != NID_aes_192_gcm) + EVP_CIPHER_meth_free(info[i].cipher); +#endif + break; + case NID_aes_128_cbc_hmac_sha1: + case NID_aes_128_cbc_hmac_sha256: + case NID_aes_256_cbc_hmac_sha1: + case NID_aes_256_cbc_hmac_sha256: +#ifndef DISABLE_QAT_HW_CIPHERS EVP_CIPHER_meth_free(info[i].cipher); #endif + break; } info[i].cipher = NULL; }