From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
To: dev@dpdk.org
Cc: gakhil@marvell.com, roy.fan.zhang@intel.com,
Arek Kusztal <arkadiuszx.kusztal@intel.com>
Subject: [PATCH] crypto/qat: remove openssl 3.0 deprecated functions
Date: Tue, 28 Dec 2021 10:08:52 +0000 [thread overview]
Message-ID: <20211228100852.56922-1-arkadiuszx.kusztal@intel.com> (raw)
This commit removes OpenSSL 3.0 deprecated functions
from Intel QuickAssist Technology PMD. It does not remove
all deprecated functions, this will be added in later versions.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
drivers/crypto/qat/qat_sym_session.c | 47 ++++++++++++++++++------------------
1 file changed, 23 insertions(+), 24 deletions(-)
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 8ca475ca8b..57deddba85 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -72,6 +72,26 @@ qat_sym_cd_auth_set(struct qat_sym_session *cdesc,
static void
qat_sym_session_init_common_hdr(struct qat_sym_session *session);
+/* AES helper function */
+static int
+aes_encrypt(const uint8_t *key, uint8_t *in, uint8_t *out)
+{
+ int outlen;
+ EVP_CIPHER_CTX *ctx;
+
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ QAT_LOG(ERR, "EVP_CIPHER_CTX_new error");
+ return -1;
+ }
+ EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, key, NULL);
+ if (!EVP_EncryptUpdate(ctx, out, &outlen, in, 16)) {
+ QAT_LOG(ERR, "EVP_EncryptUpdate error");
+ return -1;
+ }
+ return 0;
+}
+
/* Req/cd init functions */
static void
@@ -1309,7 +1329,6 @@ static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,
/* CMAC */
if (aes_cmac) {
- AES_KEY enc_key;
uint8_t *in = NULL;
uint8_t k0[ICP_QAT_HW_AES_128_KEY_SZ];
uint8_t *k1, *k2;
@@ -1327,14 +1346,8 @@ static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,
rte_memcpy(in, AES_CMAC_SEED,
ICP_QAT_HW_AES_128_KEY_SZ);
rte_memcpy(p_state_buf, auth_key, auth_keylen);
-
- if (AES_set_encrypt_key(auth_key, auth_keylen << 3,
- &enc_key) != 0) {
- rte_free(in);
+ if (aes_encrypt(auth_key, in, k0) < 0)
return -EFAULT;
- }
-
- AES_encrypt(in, k0, &enc_key);
k1 = p_state_buf + ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ;
k2 = k1 + ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ;
@@ -1360,7 +1373,6 @@ static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,
uint8_t *in = NULL;
uint8_t *out = p_state_buf;
int x;
- AES_KEY enc_key;
in = rte_zmalloc("working mem for key",
ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ, 16);
@@ -1372,17 +1384,8 @@ static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,
rte_memcpy(in, qat_aes_xcbc_key_seed,
ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);
for (x = 0; x < HASH_XCBC_PRECOMP_KEY_NUM; x++) {
- if (AES_set_encrypt_key(auth_key,
- auth_keylen << 3,
- &enc_key) != 0) {
- rte_free(in -
- (x * ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ));
- memset(out -
- (x * ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ),
- 0, ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);
+ if (aes_encrypt(auth_key, in, out) < 0)
return -EFAULT;
- }
- AES_encrypt(in, out, &enc_key);
in += ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ;
out += ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ;
}
@@ -1395,7 +1398,6 @@ static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,
(hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64)) {
uint8_t *in = NULL;
uint8_t *out = p_state_buf;
- AES_KEY enc_key;
memset(p_state_buf, 0, ICP_QAT_HW_GALOIS_H_SZ +
ICP_QAT_HW_GALOIS_LEN_A_SZ +
@@ -1408,11 +1410,8 @@ static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,
}
memset(in, 0, ICP_QAT_HW_GALOIS_H_SZ);
- if (AES_set_encrypt_key(auth_key, auth_keylen << 3,
- &enc_key) != 0) {
+ if (aes_encrypt(auth_key, in, out) < 0)
return -EFAULT;
- }
- AES_encrypt(in, out, &enc_key);
*p_state_len = ICP_QAT_HW_GALOIS_H_SZ +
ICP_QAT_HW_GALOIS_LEN_A_SZ +
ICP_QAT_HW_GALOIS_E_CTR0_SZ;
--
2.13.6
next reply other threads:[~2021-12-28 11:14 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-28 10:08 Arek Kusztal [this message]
2023-02-01 14:36 ` [EXT] " Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211228100852.56922-1-arkadiuszx.kusztal@intel.com \
--to=arkadiuszx.kusztal@intel.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).