From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 784A3A04DD; Fri, 23 Oct 2020 18:20:41 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id C4551493D; Fri, 23 Oct 2020 18:20:39 +0200 (CEST) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id 0D2C13DC for ; Fri, 23 Oct 2020 18:20:37 +0200 (CEST) IronPort-SDR: 4Jyb1S8+AiOICaryUhZKvLjYn0H5x3bY95w0je7p/tcPrX42MKpSYZYQ731+d122BXmyghAZJ0 u6+52OYfuYbA== X-IronPort-AV: E=McAfee;i="6000,8403,9782"; a="167791889" X-IronPort-AV: E=Sophos;i="5.77,409,1596524400"; d="scan'208";a="167791889" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Oct 2020 09:20:35 -0700 IronPort-SDR: VlhcnzE+Ek/T3gwvAAsd2RNwpBf2gaioGnyxGRcJFYodBP9cI5+FjDxMUnpjeAtSriWklKoQN1 Z3AbJnSP4/tw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,409,1596524400"; d="scan'208";a="317136511" Received: from silpixa00389815.ir.intel.com (HELO silpixa00389815.ger.corp.intel.com) ([10.237.223.46]) by orsmga003.jf.intel.com with ESMTP; 23 Oct 2020 09:20:33 -0700 From: John McNamara To: declan.doherty@intel.com Cc: dev@dpdk.org, John McNamara Date: Fri, 23 Oct 2020 16:20:28 +0000 Message-Id: <20201023162028.1619189-1-john.mcnamara@intel.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v1] doc: add recommendation to update to latest openssl version X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add recommendation to update to latest OpenSSL version when using the OpenSSL PMD and to at least version 1.1.1g to avoid known CVEs. Signed-off-by: John McNamara --- doc/guides/cryptodevs/openssl.rst | 24 +++++------------------- 1 file changed, 5 insertions(+), 19 deletions(-) diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst index ca0f0b43f..848a2e8eb 100644 --- a/doc/guides/cryptodevs/openssl.rst +++ b/doc/guides/cryptodevs/openssl.rst @@ -58,27 +58,13 @@ Supported Asymmetric Crypto algorithms: Installation ------------ -To compile openssl PMD, appropriate openssl packages have to be installed -in the build environment. +To compile the OpenSSL PMD the openssl library must be installed. It will +then be picked up by the Meson/Ninja build system. -The newest openssl library version is supported: +To ensure that you have the latest security fixes it is recommended that you +use version 1.1.1g or newer. -* 1.0.2h-fips 3 May 2016. - -Older versions that were also verified: - -* 1.0.1f 6 Jan 2014 -* 1.0.1 14 Mar 2012 - -For Ubuntu 14.04 LTS these packages have to be installed in the build system: - -.. code-block:: console - - sudo apt-get install openssl - sudo apt-get install libc6-dev-i386 # for i686-native-linux-gcc target - -This code was also verified on Fedora 24. -This code has NOT been verified on FreeBSD yet. +* 1.1.1g, 2020-Apr-21. https://www.openssl.org/source/ Initialization -------------- -- 2.25.1