From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id BA960A0032; Mon, 11 Jul 2022 19:08:27 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id AB8BE42826; Mon, 11 Jul 2022 19:08:27 +0200 (CEST) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mails.dpdk.org (Postfix) with ESMTP id 74D2D40C35 for ; Mon, 11 Jul 2022 19:08:26 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1657559306; x=1689095306; h=from:to:cc:subject:date:message-id; bh=sY/tlzjkRlr1Qqkw6HCQALnFOjwZfzPGL8KgkAHjKOw=; b=IEF1Z8JWM8lEzph067AZKfs+UPOuoMs1xqPaz6SL4DcYUKMV14P2glIo EXkJem3csvN3hks0BcawcIkDmLofTGPEoUiL3pYYuIcyOM6azPdi+KHbX xgfw6E/nYDQdNzyjbRNK1odvMufO/GpW/kH2kQDadf6ccNZxF52n1zdG2 ekCR8uHb2dYgnaJcjt8Q3UYSm/NkD2xNuuMUqBCH4RD1OBLeFPUJz/84A 07K5NU1+O6oZpN313TEd3KT3bV/KDr3pmnwzZ6c4wo4SBfDGbMKnIbJSH TlFAbeA3uaWQRrKG+tnbXA915G2yIOUw5D+D6oBWftYBa4gm1Q2bAmt1X A==; X-IronPort-AV: E=McAfee;i="6400,9594,10405"; a="265128767" X-IronPort-AV: E=Sophos;i="5.92,263,1650956400"; d="scan'208";a="265128767" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jul 2022 10:08:25 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.92,263,1650956400"; d="scan'208";a="652541932" Received: from silpixa00400465.ir.intel.com ([10.55.128.22]) by fmsmga008.fm.intel.com with ESMTP; 11 Jul 2022 10:08:24 -0700 From: Kai Ji To: dev@dpdk.org Cc: gakhil@marvell.com, Kai Ji Subject: [dpdk-dev v1] crypto/qat: Enable OpenSSL legacy provider in session Date: Tue, 12 Jul 2022 01:08:22 +0800 Message-Id: <20220711170822.60795-1-kai.ji@intel.com> X-Mailer: git-send-email 2.17.1 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Some cryptographic algorithms such as MD and DES are now considered legacy and not enabled by default in OpenSSL 3.0. Load up lagacy provider as MD5 DES are needed in QAT session pre-computes and secure session creation. Fixes: 3227bc7138f5 ("crypto/qat: use intel-ipsec-mb for partial hash and AES") Signed-off-by: Kai Ji --- drivers/crypto/qat/qat_sym_session.c | 53 ++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 14 deletions(-) diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index b30396487e..42164cc6c6 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -30,6 +30,35 @@ #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) #include + +static OSSL_PROVIDER * legacy_lib; +static OSSL_PROVIDER *default_lib; + +/* Some cryptographic algorithms such as MD and DES are now considered legacy + * and not enabled by default in OpenSSL 3.0. Load up lagacy provider as MD5 + * DES are needed in QAT pre-computes and secure session creation. + */ +static int ossl_legacy_provider_load(void) +{ + /* Load Multiple providers into the default (NULL) library context */ + legacy_lib = OSSL_PROVIDER_load(NULL, "legacy"); + if (legacy_lib == NULL) + return -EINVAL; + + default_lib = OSSL_PROVIDER_load(NULL, "default"); + if (default_lib == NULL) { + OSSL_PROVIDER_unload(legacy_lib); + return -EINVAL; + } + + return 0; +} + +static void ossl_legacy_provider_unload(void) +{ + OSSL_PROVIDER_unload(legacy_lib); + OSSL_PROVIDER_unload(default_lib); +} #endif extern int qat_ipsec_mb_lib; @@ -485,19 +514,8 @@ qat_sym_session_configure(struct rte_cryptodev *dev, } #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) - OSSL_PROVIDER *legacy; - OSSL_PROVIDER *deflt; - - /* Load Multiple providers into the default (NULL) library context */ - legacy = OSSL_PROVIDER_load(NULL, "legacy"); - if (legacy == NULL) + if (ossl_legacy_provider_load()) return -EINVAL; - - deflt = OSSL_PROVIDER_load(NULL, "default"); - if (deflt == NULL) { - OSSL_PROVIDER_unload(legacy); - return -EINVAL; - } #endif ret = qat_sym_session_set_parameters(dev, xform, sess_private_data); if (ret != 0) { @@ -513,8 +531,7 @@ qat_sym_session_configure(struct rte_cryptodev *dev, sess_private_data); # if (OPENSSL_VERSION_NUMBER >= 0x30000000L) - OSSL_PROVIDER_unload(legacy); - OSSL_PROVIDER_unload(deflt); + ossl_legacy_provider_unload(); # endif return 0; } @@ -2606,6 +2623,10 @@ qat_security_session_create(void *dev, return -ENOMEM; } +#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) + if (ossl_legacy_provider_load()) + return -EINVAL; +#endif ret = qat_sec_session_set_docsis_parameters(cdev, conf, sess_private_data); if (ret != 0) { @@ -2639,6 +2660,10 @@ qat_security_session_destroy(void *dev __rte_unused, set_sec_session_private_data(sess, NULL); rte_mempool_put(sess_mp, sess_priv); } + +# if (OPENSSL_VERSION_NUMBER >= 0x30000000L) + ossl_legacy_provider_unload(); +# endif return 0; } #endif -- 2.17.1