From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6DFE0A0543; Tue, 21 Jun 2022 11:22:21 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5A0604069C; Tue, 21 Jun 2022 11:22:21 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 55DE740151 for ; Tue, 21 Jun 2022 11:22:19 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 25L1JQnm026834; Tue, 21 Jun 2022 02:22:18 -0700 Received: from nam10-bn7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2101.outbound.protection.outlook.com [104.47.70.101]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3gu47psh21-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 21 Jun 2022 02:22:18 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UQ3g0uX0zVGLVQwAif5aLBTDG18oHRykqytZEWCDPwyJAJHYw0d23Ih1qu4ZeBuleoFwuP+m6LtdqwZ5Oi+zzD+HIaAtcvDdFxd6LS7EsMvgJTA//iHLYemFuEWh1RVeFIf3aaimzFW1JYvmNgA5p2c27u3zVNcbYEStjKekaiIW/CSy9RBW8CaDiDVsLaEUP5RWd0ggva9+G5jS/QdQmjepGBgNpdwwvMZtm/LfVZ0u3zySMOWwwaHocMBJ2iopaUmjweB2pjPA6XlSgdQgS6/ZOy8mN1/CgyIgyFnnxMVujxiAvHETMvYNekueqstOU0ltOxJCQnmh5uKKDs6WLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yQ9g2YOqliuzRjPl0uBlkq3IAo9wvcWdnXitpEPztSE=; b=EnCuRc25eF2cfEbkNGHuJlvBrzUlcTlRFO83iEZg5+ccgFkwykgZdAxGpoJyqTMJbfLpposF30mdrbhfOGQ9nLwMMWghr+9M+/Fdx6Yf0ebnPQx/5UJo80PJK/SDZMdQkOKvf82CyTUWpx4YGioUgGMpHQAV4LgmjCfIEYLvydZHVqiTyzgpUq1UDBGDxOb2YGunmQUBNBFj702xxUkZQekUMtUgmrqwAfwaz5XnOTXpnJlFv2V9SFHDL9twT5O49qjYthKf1MmFKEXxeLIhlx7Q0aPdEgS9XsoYAmF4dYtOKkVE5DcuWYYEO40nLEboBK1OHxERbUUs7vFCYJY7Ww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yQ9g2YOqliuzRjPl0uBlkq3IAo9wvcWdnXitpEPztSE=; b=lXjdi2rFF16LYCt8yyskUZ1z1KQza2qorFynV4aJJuESr6t0JNv8yABJ2qRSqLckLSiofNuhBitpyvtVLlGaseabZhZl0iGREdJxC/lap2DvDFAX34qyq+eVXYTbDojbTl1aIdWK8pc54qJ22W6z+gqhgMlJXiJwWfp73RQiMK4= Received: from CO6PR18MB4484.namprd18.prod.outlook.com (2603:10b6:5:359::9) by MN2PR18MB3310.namprd18.prod.outlook.com (2603:10b6:208:16a::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5353.22; Tue, 21 Jun 2022 09:22:13 +0000 Received: from CO6PR18MB4484.namprd18.prod.outlook.com ([fe80::bc33:1fb9:5d70:8c5]) by CO6PR18MB4484.namprd18.prod.outlook.com ([fe80::bc33:1fb9:5d70:8c5%9]) with mapi id 15.20.5353.022; Tue, 21 Jun 2022 09:22:13 +0000 From: Akhil Goyal To: Kai Ji , "dev@dpdk.org" Subject: RE: [EXT] [dpdk-dev v4 1/4] crypto/openssl: 3.0 EVP update on HMAC routine Thread-Topic: [EXT] [dpdk-dev v4 1/4] crypto/openssl: 3.0 EVP update on HMAC routine Thread-Index: AQHYf/JE9rb6TPPEI0CHg25TsCVUuK1ZmdOA Date: Tue, 21 Jun 2022 09:22:13 +0000 Message-ID: References: <20220613164023.70872-1-kai.ji@intel.com> <20220614132542.76241-1-kai.ji@intel.com> <20220614132542.76241-2-kai.ji@intel.com> In-Reply-To: <20220614132542.76241-2-kai.ji@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 232f64ac-d1a2-4203-dad2-08da53678704 x-ms-traffictypediagnostic: MN2PR18MB3310:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: L4sfEX1hqltctywYTTi8VMIa03AT+tg9b4ujw88quSwWGlOO4OLm8kEAUPLqCN2uEIf2CagqbbR8Ms4Jx+uNx/WpHhz4cOqUj+z0wUXpxg+Drt+GSVITsBjpd3/NhtatJwYdbuYD6cIMLq+5plOSCd/qi7baRDses6u2ZDU08hlBtpv7jrZC4udqDkNg6HD1PQWaVfxRDGxDl75i+6YV92GH3Euo03wGcEiw4wpqcD62mW8JQeNixxu2zassrwq/V+cOmnIEOEodSWEI+lxeZSIL9xHjIXFlzcv8BSTYj5GYvGfrZfvCb2e/uBAypIcpzyFwEEPoASDYzCJfNJyR8+OOTU+CqoLtC/afa9FJmdDYoj/PJqI3/+mfeqZR1N32reE5yQT/8Z44TIdvb6BCuXI3aN67HKjV77q6Qjn45VIAoKyQIzkz2rrdYmD91qjxgrwVE6op9YvqrT/LlaWzbLfktEmeA2vahCwyrkFx+PhLdqnQ0Z0bNcBibFdKEJeSlsk6B/gKTYQ3arVMxcciRRhgL33HHiMkulynEJBXkUR8XHf/GnwJthwOUWqo3HgllVv2WaU98QiT3xTEJjnfPCl2EgkkxE7MkZLUnntq+JRWPbi+lYZ41pvmaAj2QDsvv/g0qAJSHxVBc8IjSVncvMNPLAQrfeUN1vSx+xTbh2xn6xjFk71S7cXIyRYVhH9etQt+jYvS/zjqfHTquKf/Kg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO6PR18MB4484.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(136003)(396003)(376002)(39860400002)(346002)(366004)(66946007)(186003)(122000001)(83380400001)(55016003)(38070700005)(38100700002)(7696005)(6506007)(55236004)(9686003)(71200400001)(8936002)(2906002)(30864003)(316002)(478600001)(15650500001)(41300700001)(64756008)(66476007)(66556008)(66446008)(52536014)(76116006)(110136005)(26005)(8676002)(86362001)(33656002)(5660300002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?Db1Qm6Is92mqh1Asckk6hAk3rZPyjOuWb8QDVuQRzrS/+/02o0kkNc9bc57A?= =?us-ascii?Q?Z47rflaFmYCVzrlLRF90Tbh3TLrKOL6reA60cfCwDgJ/t6JSCRWMbfZWTwCt?= =?us-ascii?Q?D8dB4Q0jbSGHNV1QqXG66H3lvLeYNeDhHsjFo+Ktgkdv2E0ThN1IZTcxEgq0?= =?us-ascii?Q?Ubj0dLwdYXRoaxu4MwR9WfoNSvAhP+Vr41gTeixKVCLRBvT4gcmjZ8ZM5nC2?= =?us-ascii?Q?M3WuJwNgX+6KtJGvYyEJxrEt0AHC8GNsd00Qv6oR+07h9e6I1MuyhIRWf0FU?= =?us-ascii?Q?NTVJuv1pLKaZbMlbquIz8HMHEt67B1LZOUBNMfkUsJS4/3QbgaFFXisI1+WY?= =?us-ascii?Q?gQAyvho7vWhhPcMIqAhKoZ7O9lkP4uK4RBxUxdz907+qXzaVWWzKYP2xSUdd?= =?us-ascii?Q?FPJtmbmqxk6cooE/OnzBp12dS77dbkwVYQLjFLddS0Q1IW2ZmSV/snWFZvwr?= =?us-ascii?Q?eTWXZgNuYgGjj0Ji8mHyf3+W75oIl1ghEfplkUYfLyoYfO5Jjy4O9Ljf10Kd?= =?us-ascii?Q?/6+F/5E4AWbI//LwYHWxvq4ZbRWDNEL50WjYuYcmdoAGwg8QNG/jcnsWrssf?= =?us-ascii?Q?AUjceP8WqDMwWB7AIan1Z0Dgmj3YcefQS3v2kf9qEKm3vdrGVMR1+mhfEo8S?= =?us-ascii?Q?Pr/KHYDjxDWW+hC7bIW7xErR3JYQkbZ00yM3piwxmZ2klBp09EiO0z+osG+6?= =?us-ascii?Q?YHN3tHqL1xqcJzPtFnSVnLTJn2LsCFQqPDP6doOrKMgAtIVq6Z4KtKx4fWMn?= =?us-ascii?Q?Z/7GVDcJY6GfGXcR0JazfO5/5W87Wy65l6YmUtf2EyWrZWftnHK+ykVSMPhZ?= =?us-ascii?Q?La9ksydQrslugPXMZgY9WkK3AWKTArC9Cr/UB39yETOKVaeFkKSb5bDbbnKp?= =?us-ascii?Q?P623LzxgAotvcIfajVsMU4ivv5AK+vSDXIpwGiMYE+xKBXBEKmn+n7hQwwCG?= =?us-ascii?Q?fQcUshlo9ggMpNledTwihHmKj51R/QDYZ5jckNq1TFIz1vzgL5H+1yn9Q10w?= =?us-ascii?Q?xfdE7igQnuRDIPFmm7DXVontZZ60bJ/Voi7gz9CH2VHi6dJ9wHUf9ZmqHbIp?= =?us-ascii?Q?rldgus7EZ+Sa7WomG+c2pPlZf1soEAyLQyIOpvSMWfeMfZHkmRE0hY0F8R2s?= =?us-ascii?Q?klCmpokCholtP4bhhD2rAnEOYohxkXN1bLq22ClJwajPJUqrvpnec645KJZA?= =?us-ascii?Q?TZl+UsHdYkT8DCR8WZz3BFX3h8oRmSCO98ZURnxKwtMzJGkCboGiH3HLNlit?= =?us-ascii?Q?5xVSesgQ9wLqs2c1dUG/2bX1MW6f0mqa75+19zSOreUJ+UcbZAB2cGccF0ZK?= =?us-ascii?Q?FpEjCvYK1KRK4hz45WIyhgLujawuFmrLq2QtDRCSH+cigyTK5C5yU0L32of/?= =?us-ascii?Q?DTGTHyNIZZUWWK1hjLxqLfVwf9L7zH77mBV8TWUVw1tP/Oo9jCMEZqfZ7WSC?= =?us-ascii?Q?eAShCys/dzv1DCg25h086M2k0PcMdrFXukneOfBGRG6ue1HoDyzbgy81z8Ox?= =?us-ascii?Q?HD4Y6iIKI7VOztWbQFkeX35GMNlY93JLkb2bRWz+9Yw3QMNtupsG2NMBXj5O?= =?us-ascii?Q?gJQo2rj3rsIG0FveVY2JG4iC1gi5HCGllo7qAFzq2Oj/OxNfeqGetfwZJwA7?= =?us-ascii?Q?DhhoA/WFpoC8vzPIJo7xKMJSJJFV26loyu8F6XDvmpl96wZfWBN+jC2ttx0o?= =?us-ascii?Q?22PS8jeH0RsPkIFT4vNL4XHWrYntCjoYIB5G4bKqxupoRZZQyW8201VkC5UC?= =?us-ascii?Q?pYMmJkqg3g=3D=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO6PR18MB4484.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 232f64ac-d1a2-4203-dad2-08da53678704 X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Jun 2022 09:22:13.8169 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Xhl20JANgwcdaZx2orOOC7YuTiAVHeLYn1Y47+jbjAiTpQP/h5p1qm4ibFriEU0I54cVS2Mbsv4RBhzd/XrADg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR18MB3310 X-Proofpoint-GUID: MY52Ws7C1JFtVom5Lh9ChMM27Ob6ch40 X-Proofpoint-ORIG-GUID: MY52Ws7C1JFtVom5Lh9ChMM27Ob6ch40 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.64.514 definitions=2022-06-21_03,2022-06-17_01,2022-02-23_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org > Subject: [EXT] [dpdk-dev v4 1/4] crypto/openssl: 3.0 EVP update on HMAC > routine Title should be=20 Crypto/openssl: update HMAC routine with 3.0 EVP API >=20 > This patch update the symmetric HMAC routine in crypto openssl > pmd to adopt openssl 3.0 EVP apis. >=20 > Signed-off-by: Kai Ji > --- > drivers/crypto/openssl/openssl_pmd_private.h | 4 + > drivers/crypto/openssl/rte_openssl_pmd.c | 187 ++++++++++++++++++- > 2 files changed, 181 insertions(+), 10 deletions(-) >=20 > diff --git a/drivers/crypto/openssl/openssl_pmd_private.h > b/drivers/crypto/openssl/openssl_pmd_private.h > index b2054b3754..86dc169aaf 100644 > --- a/drivers/crypto/openssl/openssl_pmd_private.h > +++ b/drivers/crypto/openssl/openssl_pmd_private.h > @@ -134,8 +134,12 @@ struct openssl_session { > /**< pointer to EVP key */ > const EVP_MD *evp_algo; > /**< pointer to EVP algorithm function */ > +# if OPENSSL_VERSION_NUMBER >=3D 0x30000000L > + EVP_MAC_CTX * ctx; > +# else > HMAC_CTX *ctx; > /**< pointer to EVP context structure */ > +# endif Endif should be above comment. > } hmac; > }; >=20 > diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c > b/drivers/crypto/openssl/rte_openssl_pmd.c > index 6ac2dfff5a..5dbe6074eb 100644 > --- a/drivers/crypto/openssl/rte_openssl_pmd.c > +++ b/drivers/crypto/openssl/rte_openssl_pmd.c > @@ -41,6 +41,61 @@ static void HMAC_CTX_free(HMAC_CTX *ctx) > } > #endif >=20 > +#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > + > +#include > +#include > + > +#define MAX_OSSL_ALGO_NAME_SIZE 16 > + > +OSSL_PROVIDER *legacy; > +OSSL_PROVIDER *deflt; > + > +static void ossl_load_legacy_provider(void) Static void should be separate line. Check for other functions as well. verb should be in the end Ossl_legacy_provider_load/unload > +{ > + /* Load Multiple providers into the default (NULL) library context */ > + legacy =3D OSSL_PROVIDER_load(NULL, "legacy"); > + if (legacy =3D=3D NULL) { > + OPENSSL_LOG(ERR, "Failed to load Legacy provider\n"); > + return; > + } > + > + deflt =3D OSSL_PROVIDER_load(NULL, "default"); > + if (deflt =3D=3D NULL) { > + OPENSSL_LOG(ERR, "Failed to load Default provider\n"); > + OSSL_PROVIDER_unload(legacy); > + return; > + } > +} > + > +static void ossl_unload_legacy_provider(void) > +{ > + OSSL_PROVIDER_unload(legacy); > + OSSL_PROVIDER_unload(deflt); > +} > + > +static __rte_always_inline const char * > +get_digest_name(const struct rte_crypto_sym_xform *xform) Digest_name_get > +{ > + switch (xform->auth.algo) { > + case RTE_CRYPTO_AUTH_MD5_HMAC: > + return OSSL_DIGEST_NAME_MD5; > + case RTE_CRYPTO_AUTH_SHA1_HMAC: > + return OSSL_DIGEST_NAME_SHA1; > + case RTE_CRYPTO_AUTH_SHA224_HMAC: > + return OSSL_DIGEST_NAME_SHA2_224; > + case RTE_CRYPTO_AUTH_SHA256_HMAC: > + return OSSL_DIGEST_NAME_SHA2_256; > + case RTE_CRYPTO_AUTH_SHA384_HMAC: > + return OSSL_DIGEST_NAME_SHA2_384; > + case RTE_CRYPTO_AUTH_SHA512_HMAC: > + return OSSL_DIGEST_NAME_SHA2_512; > + default: > + return NULL; > + } > +} > +#endif > + > static int cryptodev_openssl_remove(struct rte_vdev_device *vdev); >=20 > /*----------------------------------------------------------------------= ------*/ > @@ -582,6 +637,40 @@ openssl_set_session_auth_parameters(struct > openssl_session *sess, > sess->auth.auth.ctx =3D EVP_MD_CTX_create(); > break; >=20 > +# if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > + case RTE_CRYPTO_AUTH_MD5_HMAC: > + case RTE_CRYPTO_AUTH_SHA1_HMAC: > + case RTE_CRYPTO_AUTH_SHA224_HMAC: > + case RTE_CRYPTO_AUTH_SHA256_HMAC: > + case RTE_CRYPTO_AUTH_SHA384_HMAC: > + case RTE_CRYPTO_AUTH_SHA512_HMAC: > + sess->auth.mode =3D OPENSSL_AUTH_AS_HMAC; > + > + OSSL_PARAM params[2]; > + const char *algo; > + algo =3D get_digest_name(xform); Pass xform->auth.algo directly > + if (!algo) > + return -EINVAL; > + char algo_name[MAX_OSSL_ALGO_NAME_SIZE]; > + rte_memcpy(algo_name, algo, (sizeof(algo)+1)); > + > + EVP_MAC *mac =3D EVP_MAC_fetch(NULL, "HMAC", NULL); > + sess->auth.hmac.ctx =3D EVP_MAC_CTX_new(mac); > + EVP_MAC_free(mac); > + if (get_auth_algo(xform->auth.algo, > + &sess->auth.hmac.evp_algo) !=3D 0) > + return -EINVAL; > + > + params[0] =3D OSSL_PARAM_construct_utf8_string("digest", > + algo_name, 0); > + params[1] =3D OSSL_PARAM_construct_end(); > + if (EVP_MAC_init(sess->auth.hmac.ctx, > + xform->auth.key.data, > + xform->auth.key.length, > + params) !=3D 1) > + return -EINVAL; > + break; > +# else > case RTE_CRYPTO_AUTH_MD5_HMAC: > case RTE_CRYPTO_AUTH_SHA1_HMAC: > case RTE_CRYPTO_AUTH_SHA224_HMAC: > @@ -600,7 +689,7 @@ openssl_set_session_auth_parameters(struct > openssl_session *sess, > sess->auth.hmac.evp_algo, NULL) !=3D 1) > return -EINVAL; > break; > - > +# endif > default: > return -ENOTSUP; > } > @@ -725,7 +814,11 @@ openssl_reset_session(struct openssl_session *sess) > break; > case OPENSSL_AUTH_AS_HMAC: > EVP_PKEY_free(sess->auth.hmac.pkey); > +# if OPENSSL_VERSION_NUMBER >=3D 0x30000000L > + EVP_MAC_CTX_free(sess->auth.hmac.ctx); > +# else > HMAC_CTX_free(sess->auth.hmac.ctx); > +# endif > break; > default: > break; > @@ -1262,6 +1355,59 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, > uint8_t *dst, int offset, > return -EINVAL; > } >=20 > +# if OPENSSL_VERSION_NUMBER >=3D 0x30000000L > +/** Process standard openssl auth algorithms with hmac */ > +static int > +process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int > offset, > + int srclen, EVP_MAC_CTX *ctx) > +{ > + size_t dstlen; > + struct rte_mbuf *m; > + int l, n =3D srclen; > + uint8_t *src; > + > + for (m =3D mbuf_src; m !=3D NULL && offset > rte_pktmbuf_data_len(m); > + m =3D m->next) > + offset -=3D rte_pktmbuf_data_len(m); > + > + if (m =3D=3D 0) > + goto process_auth_err; > + > + src =3D rte_pktmbuf_mtod_offset(m, uint8_t *, offset); > + > + l =3D rte_pktmbuf_data_len(m) - offset; > + if (srclen <=3D l) { > + if (EVP_MAC_update(ctx, (unsigned char *)src, srclen) !=3D 1) > + goto process_auth_err; > + goto process_auth_final; > + } > + > + if (EVP_MAC_update(ctx, (unsigned char *)src, l) !=3D 1) > + goto process_auth_err; > + > + n -=3D l; > + > + for (m =3D m->next; (m !=3D NULL) && (n > 0); m =3D m->next) { > + src =3D rte_pktmbuf_mtod(m, uint8_t *); > + l =3D rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n; > + if (EVP_MAC_update(ctx, (unsigned char *)src, l) !=3D 1) > + goto process_auth_err; > + n -=3D l; > + } > + > +process_auth_final: > + if (EVP_MAC_final(ctx, dst, &dstlen, sizeof(dst)) !=3D 1) > + goto process_auth_err; > + > + EVP_MAC_CTX_free(ctx); > + return 0; > + > +process_auth_err: > + EVP_MAC_CTX_free(ctx); > + OPENSSL_LOG(ERR, "Process openssl auth failed"); > + return -EINVAL; > +} > +# else > /** Process standard openssl auth algorithms with hmac */ > static int > process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int > offset, > @@ -1314,7 +1460,7 @@ process_openssl_auth_hmac(struct rte_mbuf > *mbuf_src, uint8_t *dst, int offset, > OPENSSL_LOG(ERR, "Process openssl auth failed"); > return -EINVAL; > } > - > +# endif > /*----------------------------------------------------------------------= ------*/ >=20 > /** Process auth/cipher combined operation */ > @@ -1328,7 +1474,6 @@ process_openssl_combined_op > int srclen, aadlen, status =3D -1; > uint32_t offset; > uint8_t taglen; > - EVP_CIPHER_CTX *ctx_copy; >=20 > /* > * Segmented destination buffer is not supported for > @@ -1365,8 +1510,6 @@ process_openssl_combined_op > } >=20 > taglen =3D sess->auth.digest_length; > - ctx_copy =3D EVP_CIPHER_CTX_new(); > - EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx); >=20 > if (sess->cipher.direction =3D=3D RTE_CRYPTO_CIPHER_OP_ENCRYPT) { > if (sess->auth.algo =3D=3D RTE_CRYPTO_AUTH_AES_GMAC || > @@ -1374,12 +1517,12 @@ process_openssl_combined_op > status =3D process_openssl_auth_encryption_gcm( > mbuf_src, offset, srclen, > aad, aadlen, iv, > - dst, tag, ctx_copy); > + dst, tag, sess->cipher.ctx); > else > status =3D process_openssl_auth_encryption_ccm( > mbuf_src, offset, srclen, > aad, aadlen, iv, > - dst, tag, taglen, ctx_copy); > + dst, tag, taglen, sess->cipher.ctx); >=20 > } else { > if (sess->auth.algo =3D=3D RTE_CRYPTO_AUTH_AES_GMAC || > @@ -1387,15 +1530,14 @@ process_openssl_combined_op > status =3D process_openssl_auth_decryption_gcm( > mbuf_src, offset, srclen, > aad, aadlen, iv, > - dst, tag, ctx_copy); > + dst, tag, sess->cipher.ctx); > else > status =3D process_openssl_auth_decryption_ccm( > mbuf_src, offset, srclen, > aad, aadlen, iv, > - dst, tag, taglen, ctx_copy); > + dst, tag, taglen, sess->cipher.ctx); > } >=20 > - EVP_CIPHER_CTX_free(ctx_copy); > if (status !=3D 0) { > if (status =3D=3D (-EFAULT) && > sess->auth.operation =3D=3D > @@ -1557,7 +1699,12 @@ process_openssl_auth_op(struct openssl_qp *qp, > struct rte_crypto_op *op, > uint8_t *dst; > int srclen, status; > EVP_MD_CTX *ctx_a; > +# if OPENSSL_VERSION_NUMBER >=3D 0x30000000L > + EVP_MAC_CTX *ctx_h; > + EVP_MAC *mac; > +# else > HMAC_CTX *ctx_h; > +# endif >=20 > srclen =3D op->sym->auth.data.length; >=20 > @@ -1573,12 +1720,22 @@ process_openssl_auth_op(struct openssl_qp *qp, > struct rte_crypto_op *op, > EVP_MD_CTX_destroy(ctx_a); > break; > case OPENSSL_AUTH_AS_HMAC: > +# if OPENSSL_VERSION_NUMBER >=3D 0x30000000L > + mac =3D EVP_MAC_fetch(NULL, "HMAC", NULL); > + ctx_h =3D EVP_MAC_CTX_new(mac); > + ctx_h =3D EVP_MAC_CTX_dup(sess->auth.hmac.ctx); > + EVP_MAC_free(mac); > + status =3D process_openssl_auth_hmac(mbuf_src, dst, > + op->sym->auth.data.offset, srclen, > + ctx_h); > +# else > ctx_h =3D HMAC_CTX_new(); > HMAC_CTX_copy(ctx_h, sess->auth.hmac.ctx); > status =3D process_openssl_auth_hmac(mbuf_src, dst, > op->sym->auth.data.offset, srclen, > ctx_h); > HMAC_CTX_free(ctx_h); > +# endif > break; > default: > status =3D -1; > @@ -2212,6 +2369,13 @@ cryptodev_openssl_create(const char *name, >=20 > rte_cryptodev_pmd_probing_finish(dev); >=20 > +# if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > + /* Load legacy provider > + * Some algorithms are no longer available in earlier version of openss= l, > + * unless the legacy provider explicitly loaded. e.g. DES > + */ > + ossl_load_legacy_provider(); > +# endif > return 0; >=20 > init_error: > @@ -2260,6 +2424,9 @@ cryptodev_openssl_remove(struct rte_vdev_device > *vdev) > if (cryptodev =3D=3D NULL) > return -ENODEV; >=20 > +# if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > + ossl_unload_legacy_provider(); > +# endif > return rte_cryptodev_pmd_destroy(cryptodev); > } >=20 > -- > 2.17.1