* [dpdk-dev v1] crypto/qat: Enable OpenSSL legacy provider in session
@ 2022-07-11 17:08 Kai Ji
2022-07-19 9:48 ` Zhang, Roy Fan
0 siblings, 1 reply; 3+ messages in thread
From: Kai Ji @ 2022-07-11 17:08 UTC (permalink / raw)
To: dev; +Cc: gakhil, Kai Ji
Some cryptographic algorithms such as MD and DES are now considered legacy
and not enabled by default in OpenSSL 3.0. Load up lagacy provider as MD5
DES are needed in QAT session pre-computes and secure session creation.
Fixes: 3227bc7138f5 ("crypto/qat: use intel-ipsec-mb for partial hash and AES")
Signed-off-by: Kai Ji <kai.ji@intel.com>
---
drivers/crypto/qat/qat_sym_session.c | 53 ++++++++++++++++++++--------
1 file changed, 39 insertions(+), 14 deletions(-)
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index b30396487e..42164cc6c6 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -30,6 +30,35 @@
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
#include <openssl/provider.h>
+
+static OSSL_PROVIDER * legacy_lib;
+static OSSL_PROVIDER *default_lib;
+
+/* Some cryptographic algorithms such as MD and DES are now considered legacy
+ * and not enabled by default in OpenSSL 3.0. Load up lagacy provider as MD5
+ * DES are needed in QAT pre-computes and secure session creation.
+ */
+static int ossl_legacy_provider_load(void)
+{
+ /* Load Multiple providers into the default (NULL) library context */
+ legacy_lib = OSSL_PROVIDER_load(NULL, "legacy");
+ if (legacy_lib == NULL)
+ return -EINVAL;
+
+ default_lib = OSSL_PROVIDER_load(NULL, "default");
+ if (default_lib == NULL) {
+ OSSL_PROVIDER_unload(legacy_lib);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static void ossl_legacy_provider_unload(void)
+{
+ OSSL_PROVIDER_unload(legacy_lib);
+ OSSL_PROVIDER_unload(default_lib);
+}
#endif
extern int qat_ipsec_mb_lib;
@@ -485,19 +514,8 @@ qat_sym_session_configure(struct rte_cryptodev *dev,
}
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
- OSSL_PROVIDER *legacy;
- OSSL_PROVIDER *deflt;
-
- /* Load Multiple providers into the default (NULL) library context */
- legacy = OSSL_PROVIDER_load(NULL, "legacy");
- if (legacy == NULL)
+ if (ossl_legacy_provider_load())
return -EINVAL;
-
- deflt = OSSL_PROVIDER_load(NULL, "default");
- if (deflt == NULL) {
- OSSL_PROVIDER_unload(legacy);
- return -EINVAL;
- }
#endif
ret = qat_sym_session_set_parameters(dev, xform, sess_private_data);
if (ret != 0) {
@@ -513,8 +531,7 @@ qat_sym_session_configure(struct rte_cryptodev *dev,
sess_private_data);
# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
- OSSL_PROVIDER_unload(legacy);
- OSSL_PROVIDER_unload(deflt);
+ ossl_legacy_provider_unload();
# endif
return 0;
}
@@ -2606,6 +2623,10 @@ qat_security_session_create(void *dev,
return -ENOMEM;
}
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+ if (ossl_legacy_provider_load())
+ return -EINVAL;
+#endif
ret = qat_sec_session_set_docsis_parameters(cdev, conf,
sess_private_data);
if (ret != 0) {
@@ -2639,6 +2660,10 @@ qat_security_session_destroy(void *dev __rte_unused,
set_sec_session_private_data(sess, NULL);
rte_mempool_put(sess_mp, sess_priv);
}
+
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+ ossl_legacy_provider_unload();
+# endif
return 0;
}
#endif
--
2.17.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: [dpdk-dev v1] crypto/qat: Enable OpenSSL legacy provider in session
2022-07-11 17:08 [dpdk-dev v1] crypto/qat: Enable OpenSSL legacy provider in session Kai Ji
@ 2022-07-19 9:48 ` Zhang, Roy Fan
2022-08-26 12:07 ` Akhil Goyal
0 siblings, 1 reply; 3+ messages in thread
From: Zhang, Roy Fan @ 2022-07-19 9:48 UTC (permalink / raw)
To: Ji, Kai, dev; +Cc: gakhil, Ji, Kai
> -----Original Message-----
> From: Kai Ji <kai.ji@intel.com>
> Sent: Monday, July 11, 2022 6:08 PM
> To: dev@dpdk.org
> Cc: gakhil@marvell.com; Ji, Kai <kai.ji@intel.com>
> Subject: [dpdk-dev v1] crypto/qat: Enable OpenSSL legacy provider in session
>
> Some cryptographic algorithms such as MD and DES are now considered
> legacy
> and not enabled by default in OpenSSL 3.0. Load up lagacy provider as MD5
> DES are needed in QAT session pre-computes and secure session creation.
>
> Fixes: 3227bc7138f5 ("crypto/qat: use intel-ipsec-mb for partial hash and
> AES")
>
> Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: [dpdk-dev v1] crypto/qat: Enable OpenSSL legacy provider in session
2022-07-19 9:48 ` Zhang, Roy Fan
@ 2022-08-26 12:07 ` Akhil Goyal
0 siblings, 0 replies; 3+ messages in thread
From: Akhil Goyal @ 2022-08-26 12:07 UTC (permalink / raw)
To: Zhang, Roy Fan, Ji, Kai, dev; +Cc: Ji, Kai
> > Some cryptographic algorithms such as MD and DES are now considered
> > legacy
> > and not enabled by default in OpenSSL 3.0. Load up lagacy provider as MD5
> > DES are needed in QAT session pre-computes and secure session creation.
> >
> > Fixes: 3227bc7138f5 ("crypto/qat: use intel-ipsec-mb for partial hash and
> > AES")
> >
> > Signed-off-by: Kai Ji <kai.ji@intel.com>
> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Applied to dpdk-next-crypto
Thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-08-26 12:07 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-11 17:08 [dpdk-dev v1] crypto/qat: Enable OpenSSL legacy provider in session Kai Ji
2022-07-19 9:48 ` Zhang, Roy Fan
2022-08-26 12:07 ` Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).