From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 16308A00C4; Thu, 17 Feb 2022 19:02:00 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D7F0240150; Thu, 17 Feb 2022 19:01:59 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 68A7540042 for ; Thu, 17 Feb 2022 19:01:58 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 21HFRgCp025670; Thu, 17 Feb 2022 10:01:56 -0800 Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2173.outbound.protection.outlook.com [104.47.58.173]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3e9kktt3dg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 17 Feb 2022 10:01:56 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MvpYdc0XGGRPVz/xFUBZmJkqmuStjpJ2pdPworQ7LzSeOh8M3MQoNsgEPY7b6okh2rKX+de8gGHeAKo3inO/ccprwdmST3YDMcEoKBe992UxIIr3MOtVXhpQQ7VG/+rTCADu/F038zpMexixIjn+U3e3p4/luZIUEw5rAgUWm7/dto4EdzftZxLQsgel0eDIsSvOiqJ7fF3kFe6fEeXdqCRjgIq2tMrpgCt04XLbKsGojPkpBbOZn70BeLJvSX1i9SeR+C72qzAL8LEW3NxiHYd757MWWuJiQ01bs6Z+7SEN++ji3RqSrpwyMon8JIvZ9qI+SCEs5c1yskV1Lpj0YA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Pf210TsD72Dayqw4vzag+MuCDi7Bt0DE20liJLr2bMc=; b=QpeR9ySeqtVn+GTB1dVdhq4MEM77cr44GaRmGSOYkh8blQya1EV30ybj8kmJ/Nli18hxL4gxNWaQmbZTJebQxdNjQ0lWC96PeO0B3wyEVrMBr5QoQJK2ju+VrKCpRGnjDdf867zZjZ9bOgnhBq0Xj985ibk/hRqx2oISlaS17QbqqcCYG5YV1YH8lmVveFpK6QnWV7IJHuU89EKRP2iQOzGiA6+5p3fJlcg90CtHaq3GPNg3IkWZEwjVQhn83ijwTEhQUM+7CI0zSHfYzMy67Z37bUEMt0wMA/05bAQs+a8r7iJop9mff2faMb4AlE6O4BkzE2plju3V25VWHC1SGg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pf210TsD72Dayqw4vzag+MuCDi7Bt0DE20liJLr2bMc=; b=OzUFd8mm0fBwk5T89TCtttdlMFk3mFZzxQIuEMBc32/ucATe4U+nzAREdtiFslkPboDO8grbeEW2DquXxMJWy7JBh3SInhpBK3A2wFvmQXEJ8EKyJCnXpMi7ZZWBFAaWZAHl2YE6KBu2ioFub13MSxS19C6f1CDNCNZVbXqOkAY= Received: from CO6PR18MB4484.namprd18.prod.outlook.com (2603:10b6:5:359::9) by BY3PR18MB4770.namprd18.prod.outlook.com (2603:10b6:a03:3cd::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.17; Thu, 17 Feb 2022 18:01:52 +0000 Received: from CO6PR18MB4484.namprd18.prod.outlook.com ([fe80::1c79:10d9:2997:cd79]) by CO6PR18MB4484.namprd18.prod.outlook.com ([fe80::1c79:10d9:2997:cd79%7]) with mapi id 15.20.4995.017; Thu, 17 Feb 2022 18:01:52 +0000 From: Akhil Goyal To: Kai Ji , "dev@dpdk.org" CC: "roy.fan.zhang@intel.com" Subject: RE: [EXT] [dpdk-dev v3] crypto/openssl: openssl 3.0 support on sym crypto routine Thread-Topic: [EXT] [dpdk-dev v3] crypto/openssl: openssl 3.0 support on sym crypto routine Thread-Index: AQHYJCY8QKNgXmFjGUaTue9+2uRPbayYB/bQ Date: Thu, 17 Feb 2022 18:01:52 +0000 Message-ID: References: <20220207152410.53244-1-kai.ji@intel.com> <20220217174552.50903-1-kai.ji@intel.com> In-Reply-To: <20220217174552.50903-1-kai.ji@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ab9c5b36-702d-4520-2576-08d9f23f93e9 x-ms-traffictypediagnostic: BY3PR18MB4770:EE_ x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3383; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: DWTp+CrmJYXs7RgJfDzPny1BXZmTeulOh8R7iRkLEOOe/Q9v6YiywA8DXO2Y3bi15ckMI2U8k8mm7lrhgXSnwQbuRxZntgJSElVAKFuvVNPu/cO6suhbYCAtue5WbnOCXWtZA9riVeyG1A5DC58mT/PvhaDMBWmJoUsgkmDxxcaRdnxtm10pgAswtFBh+8/5iLQ4ovSpKOhI+pr/K8gOBvHZ0G/Ae9xasnIB/0+mLP0f/ZjG+1tkJpv003NMGpDmqJc2JZMLuYPSjssFJ6GaVLRb/NpBOIe3CEi0IOC+dOtfyA1zPn+GnhHV3P/PLnkwBpKYwyhzxcYv8OPSGU33giOwa0K/kgGE4+P0AZvxnEuuVVXpUnGg6JVC1Se79xTeJRLwYTPV5QQp9gSxjbfgMQ0VWRTz+Kv54YhmDZpiqjEoyqAYS2PHytFFeRaEybgba9JQ+aDdl9jJEV0fKFXJJ31S8DN1P91wmVKnOKmrLdzOtqJYbheL7EH/uvTyj9XESp46qag8OMG5zXumeDVRibFNNLPTuYFnqI8rMTJJ2ZYJDJGjr+wTnvI+IJuat2ylbo8HQBML0RHbQXY5/ZhhoAW8fGxtIKuWZhilx8SUMU8bV6L6N2HPJhvmqwQki2yiG9gq9Fn189fc62OZl6HyjBAcNQAT6z5qQdOffS1tIIyOoTbvqVBKPXzvbHD3U97nGdt1OqRlGOgfd/9oQlEl3w== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO6PR18MB4484.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(38100700002)(122000001)(110136005)(5660300002)(30864003)(316002)(66556008)(66476007)(66946007)(76116006)(64756008)(66446008)(4326008)(8676002)(8936002)(83380400001)(52536014)(186003)(26005)(2906002)(508600001)(55236004)(71200400001)(55016003)(86362001)(6506007)(7696005)(9686003)(38070700005)(33656002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?1TMTAMFGRg+5qQD0acxM2WMv2DxUDoDO9S7mlEWaiZ9Z42qBymSmjBtnQXRo?= =?us-ascii?Q?K0lKyJuMI6YT6NI3QZbE9KjwjH05pqMAq+CY4Vvo7rjNz0S1ILRPpt8a+Mm0?= =?us-ascii?Q?b9mtPO2LsIU9PI09VveiOOlWs08uyk+tgpZSFm70wVl8DoABmf4XMXe24oUi?= =?us-ascii?Q?JmSDVnOfcqxcyb6Lf+LiuWR1KqJrAZ3QNCfvrTHTzy1Ulyod6vid70OiOZKC?= =?us-ascii?Q?ynFhmg8XuUrjSRy4Iyca6FzOhiaaYVYWtyKoA04vvFwkRSEHeLP2NRwxWv5/?= =?us-ascii?Q?qGsOIplaK0FOpFv+6zmKjRVt/XSNzFp9s8weQbzbIfaOVnmFkPXfgsCVbOFz?= =?us-ascii?Q?b5lGeWlEAZF//ObMe+hQVBQpK3W3K7Hn7bWvzrssjno3Tof3qIonQeLtJD32?= =?us-ascii?Q?WRL3sFOKyqqpFQERyCE9/UKawU6XFqgPIkqZ68iNyGEEzIKDt8Ez2TMaIg+C?= =?us-ascii?Q?tN30QnQvTA2kK8wmvkkhdrc669vHwIMzPYoVHhgvlI5rP1KJ/ns28TVc3vDB?= =?us-ascii?Q?wkT/k+Tg4giIl1/a25fvstBWy6fcJMfz7Kh9gLnC+UlOILywmcVDyqMCXDxw?= =?us-ascii?Q?rvtFEA0KyD9qX8NWcS5ekZApnLGJTCG5DQUfxwxOAl0VVN3NQMK5R8z62UkJ?= =?us-ascii?Q?Znf2QUtIhBi6ecukD2RZRajankiVZtDiJ2hhoiU0OzjhgtTw4CbhPPM3cPBD?= =?us-ascii?Q?0zt5idIj4NsfKeBgcKNnEI2ihzhIW8ZKXowLoEOrrw18+G6mUYqYJvrKGnvn?= =?us-ascii?Q?QP+4QM+DyQ//S6bGn5d/1sUgdO7sqM9jRJLvxAZcy0LaDH7yNfjeQirzUq/p?= =?us-ascii?Q?wA0h0xI4ARAaSt4IxkHkPA8XBNwOijHQukdAtocvkABQBQi1gpregLWp8/7C?= =?us-ascii?Q?hXvj89hDiUZlJbMoOqXrvgPk5r4BVjr3xVwtPElseIyIljzVL/37rNk7by5/?= =?us-ascii?Q?z2HjIyJh5BNB/zCzMZP6xTur9Lwq4IHp+rq9ZcboZBUkqj8kGa6WV9bEcROJ?= =?us-ascii?Q?dsAZIz0ZbPG9fJZzHGKUbzz+MK5oi2xp/+OjBNaMKgYTts+62x8YSqj6qvKb?= =?us-ascii?Q?WZJNsQPJiDXktEYL/8/p4P0HD8WQ1gwjGnlCJtL0EWfgr2ttY0aXdIgfr+Zl?= =?us-ascii?Q?46MkTr9nbEn7sFOwVRsctOzNbKqU/T6xrBgLvIYY48msnrmWtoznKr5FL+Nj?= =?us-ascii?Q?D5dJIvnGiHyv3oSbga+3gYTmBEoYaOeUokCcnqwrGB5lr7bq0SZyuCnZlAyk?= =?us-ascii?Q?KmL/UMrEBBC2zjnwmEZSyOfjIxSNSBiW1Z0LldTOw2hpuS3M8RbcTv+FoHiS?= =?us-ascii?Q?hdE+bZX25u3WZJcFTMcOhdYtQnO5Tmrs9d1u4sDzErNhjHgkQSDm18fZKYUu?= =?us-ascii?Q?ZxkOted98zJa20Bu1ewjLySIvQ+QdVQBZzYGopypKeNIrc3J/hd9536yr8pX?= =?us-ascii?Q?0zBWNFOYU/Ow2ktS9oDGrRUwdvP+i4EU0oY2mLuppEKq6SGG4kWmC3wnZjBi?= =?us-ascii?Q?E7FjBte0jf8eW0JnShbzb/ASJUTf9m0uI/1WlUXzuBEMTZbgfyJujBC+SLqy?= =?us-ascii?Q?WMWeyVneNL9SOttossp0IuEOLn2jWqb8wWvz2QB4TRGNH/mHrtb1JLff8SyS?= =?us-ascii?Q?p5I4EMihxgbJlyQ+e/eTffY=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO6PR18MB4484.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ab9c5b36-702d-4520-2576-08d9f23f93e9 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Feb 2022 18:01:52.7402 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: xO3eOzfp9rVMh6x1z3DpBdeAg/dmOoS1OhwpI1IAmb/D3GXhsx7jQGDIxbqH8lXCO4y49JHEdaOu9et9aoPd8Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY3PR18MB4770 X-Proofpoint-ORIG-GUID: AKb3A6CGKZpebTgSv3-oahqmu71LX4Ku X-Proofpoint-GUID: AKb3A6CGKZpebTgSv3-oahqmu71LX4Ku X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-02-17_06,2022-02-17_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org > This patch update the symmetric EVP routine in crypto openssl pmd > to adopt openssl 3.0 library. >=20 > Signed-off-by: Kai Ji >=20 > v3: > - rebase to 22.03-RC1 > - enable openssl 3.0 lagacy library of DES > - remove local ctx in combined op as EVP_CIPHER_CTX_copy refuse copy > without > a valid dup function pointer. >=20 > v2: > - minor code fix >=20 > --- > drivers/crypto/openssl/compat.h | 12 ++ > drivers/crypto/openssl/openssl_pmd_private.h | 4 + > drivers/crypto/openssl/rte_openssl_pmd.c | 181 ++++++++++++++++++- > 3 files changed, 188 insertions(+), 9 deletions(-) >=20 > diff --git a/drivers/crypto/openssl/compat.h b/drivers/crypto/openssl/com= pat.h > index eecb7d3698..d3884334bd 100644 > --- a/drivers/crypto/openssl/compat.h > +++ b/drivers/crypto/openssl/compat.h > @@ -192,6 +192,18 @@ get_dsa_priv_key(DSA *dsa, const BIGNUM > **priv_key) > DSA_get0_key(dsa, NULL, priv_key); > } >=20 > +#if OPENSSL_VERSION_NUMBER >=3D 0x30000000L > +/* Known DIGEST names (not a complete list) */ > +#define OSSL_DIGEST_NAME_MD5 "MD5" > +#define OSSL_DIGEST_NAME_MD5_SHA1 "MD5-SHA1" > +#define OSSL_DIGEST_NAME_SHA1 "SHA1" > +#define OSSL_DIGEST_NAME_SHA2_224 "SHA2-224" > +#define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256" > +#define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384" > +#define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512" > + > +#endif > + > #endif /* version < 10100000 */ >=20 > #endif /* __RTA_COMPAT_H__ */ > diff --git a/drivers/crypto/openssl/openssl_pmd_private.h > b/drivers/crypto/openssl/openssl_pmd_private.h > index b2054b3754..86dc169aaf 100644 > --- a/drivers/crypto/openssl/openssl_pmd_private.h > +++ b/drivers/crypto/openssl/openssl_pmd_private.h > @@ -134,8 +134,12 @@ struct openssl_session { > /**< pointer to EVP key */ > const EVP_MD *evp_algo; > /**< pointer to EVP algorithm function */ > +# if OPENSSL_VERSION_NUMBER >=3D 0x30000000L > + EVP_MAC_CTX * ctx; > +# else > HMAC_CTX *ctx; > /**< pointer to EVP context structure */ > +# endif > } hmac; > }; >=20 > diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c > b/drivers/crypto/openssl/rte_openssl_pmd.c > index d80e1052e2..14a6524b6c 100644 > --- a/drivers/crypto/openssl/rte_openssl_pmd.c > +++ b/drivers/crypto/openssl/rte_openssl_pmd.c > @@ -39,6 +39,57 @@ static void HMAC_CTX_free(HMAC_CTX *ctx) > } > #endif >=20 > +#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > +#include > + > +OSSL_PROVIDER * legacy; > +OSSL_PROVIDER *deflt; > + > +static void ossl_load_legacy_provider(void) > +{ > + /* Load Multiple providers into the default (NULL) library context */ > + legacy =3D OSSL_PROVIDER_load(NULL, "legacy"); > + if (legacy =3D=3D NULL) { > + OPENSSL_LOG(ERR, "Failed to load Legacy provider\n"); > + return -EINVAL; > + } > + > + deflt =3D OSSL_PROVIDER_load(NULL, "default"); > + if (deflt =3D=3D NULL) { > + OPENSSL_LOG(ERR, "Failed to load Default provider\n"); > + OSSL_PROVIDER_unload(legacy); > + return -EINVAL; > + } > +} > + > +static void ossl_unload_legacy_provider(void) > +{ > + OSSL_PROVIDER_unload(legacy); > + OSSL_PROVIDER_unload(deflt); > +} > + > +static __rte_always_inline const char * > +get_digest_name(const struct rte_crypto_sym_xform *xform) > +{ > + switch (xform->auth.algo) { > + case RTE_CRYPTO_AUTH_MD5_HMAC: > + return OSSL_DIGEST_NAME_MD5; > + case RTE_CRYPTO_AUTH_SHA1_HMAC: > + return OSSL_DIGEST_NAME_SHA1; > + case RTE_CRYPTO_AUTH_SHA224_HMAC: > + return OSSL_DIGEST_NAME_SHA2_224; > + case RTE_CRYPTO_AUTH_SHA256_HMAC: > + return OSSL_DIGEST_NAME_SHA2_256; > + case RTE_CRYPTO_AUTH_SHA384_HMAC: > + return OSSL_DIGEST_NAME_SHA2_384; > + case RTE_CRYPTO_AUTH_SHA512_HMAC: > + return OSSL_DIGEST_NAME_SHA2_512; > + default: > + return NULL; > + } > +} > +#endif > + > static int cryptodev_openssl_remove(struct rte_vdev_device *vdev); >=20 > /*----------------------------------------------------------------------= ------*/ > @@ -580,6 +631,34 @@ openssl_set_session_auth_parameters(struct > openssl_session *sess, > sess->auth.auth.ctx =3D EVP_MD_CTX_create(); > break; >=20 > +# if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > + case RTE_CRYPTO_AUTH_MD5_HMAC: > + case RTE_CRYPTO_AUTH_SHA1_HMAC: > + case RTE_CRYPTO_AUTH_SHA224_HMAC: > + case RTE_CRYPTO_AUTH_SHA256_HMAC: > + case RTE_CRYPTO_AUTH_SHA384_HMAC: > + case RTE_CRYPTO_AUTH_SHA512_HMAC: > + sess->auth.mode =3D OPENSSL_AUTH_AS_HMAC; > + > + OSSL_PARAM params[2]; > + const char *algo =3D get_digest_name(xform); > + EVP_MAC *mac =3D EVP_MAC_fetch(NULL, "HMAC", NULL); > + sess->auth.hmac.ctx =3D EVP_MAC_CTX_new(mac); > + EVP_MAC_free(mac); > + if (get_auth_algo(xform->auth.algo, > + &sess->auth.hmac.evp_algo) !=3D 0) > + return -EINVAL; > + > + params[0] =3D OSSL_PARAM_construct_utf8_string("digest", > + (char *)algo, 0); > + params[1] =3D OSSL_PARAM_construct_end(); > + if (EVP_MAC_init(sess->auth.hmac.ctx, > + xform->auth.key.data, > + xform->auth.key.length, > + params) !=3D 1) > + return -EINVAL; > + break; > +# else > case RTE_CRYPTO_AUTH_MD5_HMAC: > case RTE_CRYPTO_AUTH_SHA1_HMAC: > case RTE_CRYPTO_AUTH_SHA224_HMAC: > @@ -598,7 +677,7 @@ openssl_set_session_auth_parameters(struct > openssl_session *sess, > sess->auth.hmac.evp_algo, NULL) !=3D 1) > return -EINVAL; > break; > - > +# endif > default: > return -ENOTSUP; > } > @@ -723,7 +802,11 @@ openssl_reset_session(struct openssl_session *sess) > break; > case OPENSSL_AUTH_AS_HMAC: > EVP_PKEY_free(sess->auth.hmac.pkey); > +# if OPENSSL_VERSION_NUMBER >=3D 0x30000000L > + EVP_MAC_CTX_free(sess->auth.hmac.ctx); > +# else > HMAC_CTX_free(sess->auth.hmac.ctx); > +# endif > break; > default: > break; > @@ -1260,6 +1343,59 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, > uint8_t *dst, int offset, > return -EINVAL; > } >=20 > +# if OPENSSL_VERSION_NUMBER >=3D 0x30000000L > +/** Process standard openssl auth algorithms with hmac */ > +static int > +process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int > offset, > + int srclen, EVP_MAC_CTX *ctx) > +{ > + size_t dstlen; > + struct rte_mbuf *m; > + int l, n =3D srclen; > + uint8_t *src; > + > + for (m =3D mbuf_src; m !=3D NULL && offset > rte_pktmbuf_data_len(m); > + m =3D m->next) > + offset -=3D rte_pktmbuf_data_len(m); > + > + if (m =3D=3D 0) > + goto process_auth_err; > + > + src =3D rte_pktmbuf_mtod_offset(m, uint8_t *, offset); > + > + l =3D rte_pktmbuf_data_len(m) - offset; > + if (srclen <=3D l) { > + if (EVP_MAC_update(ctx, (unsigned char *)src, srclen) !=3D 1) > + goto process_auth_err; > + goto process_auth_final; > + } > + > + if (EVP_MAC_update(ctx, (unsigned char *)src, l) !=3D 1) > + goto process_auth_err; > + > + n -=3D l; > + > + for (m =3D m->next; (m !=3D NULL) && (n > 0); m =3D m->next) { > + src =3D rte_pktmbuf_mtod(m, uint8_t *); > + l =3D rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n; > + if (EVP_MAC_update(ctx, (unsigned char *)src, l) !=3D 1) > + goto process_auth_err; > + n -=3D l; > + } > + > +process_auth_final: > + if (EVP_MAC_final(ctx, dst, &dstlen, sizeof(dst)) !=3D 1) > + goto process_auth_err; > + > + EVP_MAC_CTX_free(ctx); > + return 0; > + > +process_auth_err: > + EVP_MAC_CTX_free(ctx); > + OPENSSL_LOG(ERR, "Process openssl auth failed"); > + return -EINVAL; > +} > +# else > /** Process standard openssl auth algorithms with hmac */ > static int > process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int > offset, > @@ -1312,6 +1448,7 @@ process_openssl_auth_hmac(struct rte_mbuf > *mbuf_src, uint8_t *dst, int offset, > OPENSSL_LOG(ERR, "Process openssl auth failed"); > return -EINVAL; > } > +# endif >=20 > /*----------------------------------------------------------------------= ------*/ >=20 > @@ -1326,7 +1463,6 @@ process_openssl_combined_op > int srclen, aadlen, status =3D -1; > uint32_t offset; > uint8_t taglen; > - EVP_CIPHER_CTX *ctx_copy; >=20 > /* > * Segmented destination buffer is not supported for > @@ -1363,8 +1499,6 @@ process_openssl_combined_op > } >=20 > taglen =3D sess->auth.digest_length; > - ctx_copy =3D EVP_CIPHER_CTX_new(); > - EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx); >=20 > if (sess->cipher.direction =3D=3D RTE_CRYPTO_CIPHER_OP_ENCRYPT) { > if (sess->auth.algo =3D=3D RTE_CRYPTO_AUTH_AES_GMAC || > @@ -1372,12 +1506,12 @@ process_openssl_combined_op > status =3D process_openssl_auth_encryption_gcm( > mbuf_src, offset, srclen, > aad, aadlen, iv, > - dst, tag, ctx_copy); > + dst, tag, sess->cipher.ctx); > else > status =3D process_openssl_auth_encryption_ccm( > mbuf_src, offset, srclen, > aad, aadlen, iv, > - dst, tag, taglen, ctx_copy); > + dst, tag, taglen, sess->cipher.ctx); >=20 > } else { > if (sess->auth.algo =3D=3D RTE_CRYPTO_AUTH_AES_GMAC || > @@ -1385,15 +1519,14 @@ process_openssl_combined_op > status =3D process_openssl_auth_decryption_gcm( > mbuf_src, offset, srclen, > aad, aadlen, iv, > - dst, tag, ctx_copy); > + dst, tag, sess->cipher.ctx); > else > status =3D process_openssl_auth_decryption_ccm( > mbuf_src, offset, srclen, > aad, aadlen, iv, > - dst, tag, taglen, ctx_copy); > + dst, tag, taglen, sess->cipher.ctx); > } >=20 > - EVP_CIPHER_CTX_free(ctx_copy); > if (status !=3D 0) { > if (status =3D=3D (-EFAULT) && > sess->auth.operation =3D=3D > @@ -1555,7 +1688,13 @@ process_openssl_auth_op(struct openssl_qp *qp, > struct rte_crypto_op *op, > uint8_t *dst; > int srclen, status; > EVP_MD_CTX *ctx_a; > + > +# if OPENSSL_VERSION_NUMBER >=3D 0x30000000L > + EVP_MAC_CTX *ctx_h; > + EVP_MAC *mac; > +# else > HMAC_CTX *ctx_h; > +# endif >=20 > srclen =3D op->sym->auth.data.length; >=20 > @@ -1571,12 +1710,24 @@ process_openssl_auth_op(struct openssl_qp *qp, > struct rte_crypto_op *op, > EVP_MD_CTX_destroy(ctx_a); > break; > case OPENSSL_AUTH_AS_HMAC: > +# if OPENSSL_VERSION_NUMBER >=3D 0x30000000L > + > + mac =3D EVP_MAC_fetch(NULL, "HMAC", NULL); > + ctx_h =3D EVP_MAC_CTX_new(mac); > + ctx_h =3D EVP_MAC_CTX_dup(sess->auth.hmac.ctx); > + EVP_MAC_free(mac); > + status =3D process_openssl_auth_hmac(mbuf_src, dst, > + op->sym->auth.data.offset, srclen, > + ctx_h); > +# else > + > ctx_h =3D HMAC_CTX_new(); > HMAC_CTX_copy(ctx_h, sess->auth.hmac.ctx); > status =3D process_openssl_auth_hmac(mbuf_src, dst, > op->sym->auth.data.offset, srclen, > ctx_h); > HMAC_CTX_free(ctx_h); > +# endif > break; > default: > status =3D -1; > @@ -2213,6 +2364,14 @@ cryptodev_openssl_create(const char *name, >=20 > rte_cryptodev_pmd_probing_finish(dev); >=20 > +# if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > + /* Load lagacy provider > + * Some algorithms are no longer available in earlier version of openss= l, > + * unless the legacy provider explicitly.loaded. e.g. DES > + */ > + ossl_load_legacy_provider(); > +# endif > + Please remove extra blank lines here and elsewhere. Also run spell check. %s/lagacy/legacy > return 0; >=20 > init_error: > @@ -2261,6 +2420,10 @@ cryptodev_openssl_remove(struct rte_vdev_device > *vdev) > if (cryptodev =3D=3D NULL) > return -ENODEV; >=20 > +# if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > + ossl_unload_legacy_provider(); > +# endif > + > return rte_cryptodev_pmd_destroy(cryptodev); > } >=20 > -- > 2.17.1