From e93fc98b069d240dda18ebc2d0c6c33be66c3ca1 Mon Sep 17 00:00:00 2001 From: Yogaraj Alamenda Date: Fri, 22 Jul 2022 11:35:13 +0530 Subject: [PATCH] README and v0.6.14 version update. Signed-off-by: Yogaraj Alamenda --- configure.ac | 2 +- docs/additional_information.md | 12 ++++++++++-- docs/features.md | 11 ++++++----- docs/limitations.md | 11 ++++++----- docs/qat_common.md | 4 ++-- docs/software_requirements.md | 12 +++++------- e_qat.c | 6 +++--- qat_provider.h | 4 ++-- qatengine-sw.spec | 5 ++++- qatengine.spec | 5 ++++- 10 files changed, 43 insertions(+), 29 deletions(-) diff --git a/configure.ac b/configure.ac index 0ba33c62..815a72c6 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ([2.68]) -AC_INIT([qatengine], [0.6.13], []) +AC_INIT([qatengine], [0.6.14], []) AC_CONFIG_SRCDIR([config.h.in]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_AUX_DIR([.]) diff --git a/docs/additional_information.md b/docs/additional_information.md index ff13b847..fb3bcfff 100644 --- a/docs/additional_information.md +++ b/docs/additional_information.md @@ -2,13 +2,21 @@ * [Intel® QuickAssist Technology Driver][1] * [White Paper: Intel® QuickAssist Technology and OpenSSL-1.1.0:Performance][2] +* [Sample installation guide for Software Acceleration (QAT_SW) using Intel® QAT Engine][3] Additional Information on integrating the Intel® QAT OpenSSL\* Engine with NGINX\* including an asynchronous fork of NGINX\* can be found at the following Github\* repository: -* [Intel® QuickAssist Technology (QAT) Async Mode NGINX\*][3] +* [Intel® QuickAssist Technology (QAT) Async Mode NGINX\*][4] + +Additional Information and experimental code on integrating the Intel® QAT BoringSSL\* +Library with NGINX\* for QUIC support can be found at the following location in [01.org][1] + +* [Experimental QUIC support for NGINX][5] [1]:https://01.org/intel-quickassist-technology [2]:https://01.org/sites/default/files/downloads/intelr-quickassist-technology/337003-001-intelquickassisttechnologyandopenssl-110.pdf -[3]:https://github.com/intel/asynch_mode_nginx +[3]:https://www.intel.com/content/www/us/en/developer/articles/guide/building-software-acceleration-features-in-the-intel-qat-engine-for-openssl.html +[4]:https://github.com/intel/asynch_mode_nginx +[5]:https://cdrdv2.intel.com/v1/dl/getContent/737522 diff --git a/docs/features.md b/docs/features.md index f9fbe8c9..ab1843e8 100644 --- a/docs/features.md +++ b/docs/features.md @@ -23,6 +23,7 @@ * [Pipelined Operations](qat_hw.md#using-the-openssl-pipelining-capability) * [Intel® QAT OpenSSL\* Engine Software Fallback](qat_hw.md#intel-qat-openssl-engine-software-fallback-feature) * RSA8K, SHA3-224/256/384/512 and ChaCha20-Poly1305 using 4xxx (QAT gen4 devices) only. +* [BoringSSL Support](bssl_support.md) ## qat_sw Features * [Intel® QAT Software Acceleration for Asymmetric PKE and AES-GCM](qat_sw.md) @@ -37,10 +38,10 @@ * SM3 Hash Support using 16 Multibuffer requests (Experimental). * AES128-GCM, AES192-GCM and AES256-GCM -##### [QAT_HW & QAT_SW Co-existence Feature](qat_common.md#qat-hw-and-qat-sw-co-existence-feature) -##### [OpenSSL 3.0 Provider Support](qat_common.md#openssl-3.0-provider-support) +## Common Features to qat_hw & qat_sw +* [QAT_HW & QAT_SW Co-existence with runtime configuration](qat_common.md#qat-hw-and-qat-sw-co-existence) +* [OpenSSL 3.0 Provider Support](qat_common.md#openssl-30-provider-support) -Note: RSA Padding schemes are handled by OpenSSL\* rather than accelerated, so the -engine supports the same padding schemes as OpenSSL does natively. +Note: RSA Padding schemes are handled by OpenSSL\* or BoringSSL\* rather than accelerated, so the +engine supports the same padding schemes as OpenSSL\* or BoringSSL\* does natively. -## [BoringSSL Support](bssl_support.md) \ No newline at end of file diff --git a/docs/limitations.md b/docs/limitations.md index 14c1bd57..5da3f6e4 100644 --- a/docs/limitations.md +++ b/docs/limitations.md @@ -33,18 +33,19 @@ calls is needed to unblock the issue. * SM2 ECDH and ECDSA application testing is done using BabaSSL only since OpenSSL doesn't support SMx cipher suites. -* SM3 is disabled by default due to known issue from cryto_mb. When SM3 enabled, - Performance drop observed in mulithread scenario for all ciphers suites - due to the locks at engine_table_select in OpenSSL. +* SM3 is disabled by default due to performance drop observed in mulithread scenario + for all ciphers suites due to the locks at engine_table_select in OpenSSL. * OpenSSL 1.1.1n introduced misleading error message(undefined symbol: EVP_PKEY_get_base_id) during engine load which can be ignored as it is not a real failure. This is later fixed in OpenSSL\* 1.1.1o release. * AES-CBC-HMAC-SHA chained ciphers does not support pipeline feature when built with OpenSSL 3.0 as the corresponding support is not available in OpenSSL 3.0. -* There is a known issue with OpenSSL s_server application using qatprovider on OpenSSL 3.0. +* There is a known issue with OpenSSL s_server application for QAT_HW GCM and QAT_SW_GCM + using qatprovider on OpenSSL 3.0. Disable GCM Support using --disable-qat_sw_gcm(for QAT_SW_GCM) + in the build configure. For QAT_HW GCM is disabled by default. * QAT Engine doesn't support ENCRYPT_THEN_MAC(default) mode of operation meaning when Encrypt then MAC is negotiated for symmetric ciphers say AES-CBC, the requests will not get offloaded via QAT_HW, instead uses OpenSSL SW. Disable ENCRYPT_THEN_MAC with the flag `SSL_OP_NO_ENCRYPT_THEN_MAC` programmatically using SSL_CTX_set_options() to offload symmetric chained ciphers via QAT_HW. Please note disabling ENCRYPT_THEN_MAC has security - implications. \ No newline at end of file + implications. diff --git a/docs/qat_common.md b/docs/qat_common.md index d461109b..61e03566 100644 --- a/docs/qat_common.md +++ b/docs/qat_common.md @@ -1,4 +1,4 @@ -# QAT_HW and QAT_SW Co-existence Feature +# QAT_HW and QAT_SW Co-existence Intel® QAT OpenSSL\* Engine supports QAT_HW and QAT_SW Co-existence build with both QAT_HW and QAT_SW dependant libraries(QAT Driver, crypto_mb and @@ -17,7 +17,7 @@ The default behavior can be changed using corresponding algorithm's enable flags (eg:--enable-qat_sw_rsa) in which case the individual algorithms enabled (either qat_hw or qat_sw) in the build configure will get accelerated. -## Setup HW&SW algorithm bitmap +## Run time Co-existence configuration using HW & SW algorithm bitmap Intel® QAT OpenSSL\* Engine supports a runtime mechanism to dynamically choose the QAT_HW or QAT_SW or both for each algorithm, using QAT_HW and QAT_SW dependent libraries linked in a single qatengine. diff --git a/docs/software_requirements.md b/docs/software_requirements.md index 577b0fca..81dfc129 100644 --- a/docs/software_requirements.md +++ b/docs/software_requirements.md @@ -6,12 +6,11 @@ that supports OpenSSL\* 1.1.1 or OpenSSL\* 3.0 or BoringSSL\* and Intel® Qui Technology Driver for Linux or Intel® QuickAssist Technology Driver for FreeBSD. This release was validated on the following: -* Operating system: CentOS\* 7.4 64-bit version & FreeBSD\* 11.4 64-bit version -* Kernel: GNU\*/Linux\* 3.10.0-693 +* Operating system: CentOS* 8.4, Ubuntu\* 20.04.2 LTS & FreeBSD\* 12.3 * Intel® Communications Chipset C62X Series Software for Linux\*, version **4.18** * Intel® Communications Chipset C62X Series Software for FreeBSD\*, version **3.12** -* OpenSSL\* 1.1.1o & 3.0.3 -* BoringSSL\* commit - [fa3fbda07b] [1] +* OpenSSL\* 1.1.1q & 3.0.5 +* BoringSSL\* commit - [fa3fbda07b][1] ## qat_sw Requirements Successful operation of the Intel® QAT Software acceleration requires a @@ -27,12 +26,11 @@ The Intel® QAT Engine supports QAT SW AES-GCM from OpenSSL\* 1.1.1d. This release was validated on the following: -* Operating system: Ubuntu 20.04.2 LTS -* Kernel: 5.4.0-62-generic +* Operating system: Ubuntu\* 20.04.2 LTS * Intel® Crypto Multi-buffer library from the [ipp-crypto][2] release version **IPP Crypto 2021.5** * Intel® Multi-Buffer crypto for IPsec Library release version **v1.2** -* OpenSSL\* 1.1.1o & 3.0.3 +* OpenSSL\* 1.1.1q & 3.0.5 [1]:https://github.com/google/boringssl/tree/fa3fbda07bbf70925453d6a3c25a7aa455aa1cef [2]:https://github.com/intel/ipp-crypto diff --git a/e_qat.c b/e_qat.c index bc4b8817..987bbd72 100644 --- a/e_qat.c +++ b/e_qat.c @@ -148,13 +148,13 @@ const char *engine_qat_id = STR(QAT_ENGINE_ID); #if defined(QAT_HW) && defined(QAT_SW) const char *engine_qat_name = - "Reference implementation of QAT crypto engine(qat_hw & qat_sw) v0.6.13"; + "Reference implementation of QAT crypto engine(qat_hw & qat_sw) v0.6.14"; #elif QAT_HW const char *engine_qat_name = - "Reference implementation of QAT crypto engine(qat_hw) v0.6.13"; + "Reference implementation of QAT crypto engine(qat_hw) v0.6.14"; #else const char *engine_qat_name = - "Reference implementation of QAT crypto engine(qat_sw) v0.6.13"; + "Reference implementation of QAT crypto engine(qat_sw) v0.6.14"; #endif unsigned int engine_inited = 0; diff --git a/qat_provider.h b/qat_provider.h index b3722093..2efe4608 100644 --- a/qat_provider.h +++ b/qat_provider.h @@ -51,8 +51,8 @@ # include # include -# define QAT_PROVIDER_VERSION_STR "v0.6.13" -# define QAT_PROVIDER_FULL_VERSION_STR "QAT Provider v0.6.13" +# define QAT_PROVIDER_VERSION_STR "v0.6.14" +# define QAT_PROVIDER_FULL_VERSION_STR "QAT Provider v0.6.14" # if defined(QAT_HW) && defined(QAT_SW) # define QAT_PROVIDER_NAME_STR "QAT Provider for QAT_HW and QAT_SW" diff --git a/qatengine-sw.spec b/qatengine-sw.spec index 9c6b8bd5..b09f1fcb 100644 --- a/qatengine-sw.spec +++ b/qatengine-sw.spec @@ -4,7 +4,7 @@ %global enginesdir %(pkg-config --variable=enginesdir libcrypto) Name: qatengine-sw -Version: 0.6.13 +Version: 0.6.14 Release: 1%{?dist} Summary: Intel QuickAssist Technology (QAT) OpenSSL Engine # Most of the source code is BSD, with the following exceptions: @@ -49,6 +49,9 @@ autoreconf -ivf %exclude %{enginesdir}/qatengine.la %changelog +* Wed Jul 20 2022 Yogaraj Alamenda - 0.6.14-1 +- Update to qatengine v0.6.14 + * Wed Jun 22 2022 Yogaraj Alamenda - 0.6.13-1 - Update to qatengine v0.6.13 diff --git a/qatengine.spec b/qatengine.spec index 5acadbce..63900994 100644 --- a/qatengine.spec +++ b/qatengine.spec @@ -4,7 +4,7 @@ %global enginesdir %(pkg-config --variable=enginesdir libcrypto) Name: qatengine -Version: 0.6.13 +Version: 0.6.14 Release: 1%{?dist} Summary: Intel QuickAssist Technology (QAT) OpenSSL Engine # Most of the source code is BSD, with the following exceptions: @@ -46,6 +46,9 @@ autoreconf -ivf %exclude %{enginesdir}/qatengine.la %changelog +* Wed Jul 20 2022 Yogaraj Alamenda - 0.6.14-1 +- Update to qatengine v0.6.14 + * Wed Jun 22 2022 Yogaraj Alamenda - 0.6.13-1 - Update to qatengine v0.6.13