diff mbox series

[v1] crypto/qat: Enable OpenSSL legacy provider in session

Message ID	20220711170822.60795-1-kai.ji@intel.com (mailing list archive)
State	Accepted, archived
Delegated to:	akhil goyal
Headers	From: Kai Ji <kai.ji@intel.com> To: dev@dpdk.org Cc: gakhil@marvell.com, Kai Ji <kai.ji@intel.com> Subject: [dpdk-dev v1] crypto/qat: Enable OpenSSL legacy provider in session Date: Tue, 12 Jul 2022 01:08:22 +0800 Message-Id: <20220711170822.60795-1-kai.ji@intel.com> Precedence: list Errors-To: dev-bounces@dpdk.org
Series	[v1] crypto/qat: Enable OpenSSL legacy provider in session \| [v1] crypto/qat: Enable OpenSSL legacy provider in session

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-x86_64-compile-testing	success	Testing PASS
ci/iol-abi-testing	success	Testing PASS
ci/iol-aarch64-compile-testing	success	Testing PASS
ci/iol-aarch64-unit-testing	success	Testing PASS
ci/github-robot: build	success	github build: passed
ci/iol-x86_64-unit-testing	success	Testing PASS
ci/intel-Testing	success	Testing PASS

Commit Message

Ji, Kai July 11, 2022, 5:08 p.m. UTC

  Some cryptographic algorithms such as MD and DES are now considered legacy
and not enabled by default in OpenSSL 3.0. Load up lagacy provider as MD5
DES are needed in QAT session pre-computes and secure session creation.

Fixes: 3227bc7138f5 ("crypto/qat: use intel-ipsec-mb for partial hash and AES")

Signed-off-by: Kai Ji <kai.ji@intel.com>
---
 drivers/crypto/qat/qat_sym_session.c | 53 ++++++++++++++++++++--------
 1 file changed, 39 insertions(+), 14 deletions(-)

Comments

Fan Zhang July 19, 2022, 9:48 a.m. UTC | #1

> -----Original Message-----
> From: Kai Ji <kai.ji@intel.com>
> Sent: Monday, July 11, 2022 6:08 PM
> To: dev@dpdk.org
> Cc: gakhil@marvell.com; Ji, Kai <kai.ji@intel.com>
> Subject: [dpdk-dev v1] crypto/qat: Enable OpenSSL legacy provider in session
> 
> Some cryptographic algorithms such as MD and DES are now considered
> legacy
> and not enabled by default in OpenSSL 3.0. Load up lagacy provider as MD5
> DES are needed in QAT session pre-computes and secure session creation.
> 
> Fixes: 3227bc7138f5 ("crypto/qat: use intel-ipsec-mb for partial hash and
> AES")
> 
> Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

Akhil Goyal Aug. 26, 2022, 12:07 p.m. UTC | #2

> > Some cryptographic algorithms such as MD and DES are now considered
> > legacy
> > and not enabled by default in OpenSSL 3.0. Load up lagacy provider as MD5
> > DES are needed in QAT session pre-computes and secure session creation.
> >
> > Fixes: 3227bc7138f5 ("crypto/qat: use intel-ipsec-mb for partial hash and
> > AES")
> >
> > Signed-off-by: Kai Ji <kai.ji@intel.com>
> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

Applied to dpdk-next-crypto

Thanks.

diff mbox series

Patch

diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index b30396487e..42164cc6c6 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -30,6 +30,35 @@ 
 
 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 #include <openssl/provider.h>
+
+static OSSL_PROVIDER * legacy_lib;
+static OSSL_PROVIDER *default_lib;
+
+/* Some cryptographic algorithms such as MD and DES are now considered legacy
+ * and not enabled by default in OpenSSL 3.0. Load up lagacy provider as MD5
+ * DES are needed in QAT pre-computes and secure session creation.
+ */
+static int ossl_legacy_provider_load(void)
+{
+	/* Load Multiple providers into the default (NULL) library context */
+	legacy_lib = OSSL_PROVIDER_load(NULL, "legacy");
+	if (legacy_lib == NULL)
+		return -EINVAL;
+
+	default_lib = OSSL_PROVIDER_load(NULL, "default");
+	if (default_lib == NULL) {
+		OSSL_PROVIDER_unload(legacy_lib);
+		return  -EINVAL;
+	}
+
+	return 0;
+}
+
+static void ossl_legacy_provider_unload(void)
+{
+	OSSL_PROVIDER_unload(legacy_lib);
+	OSSL_PROVIDER_unload(default_lib);
+}
 #endif
 
 extern int qat_ipsec_mb_lib;
@@ -485,19 +514,8 @@  qat_sym_session_configure(struct rte_cryptodev *dev,
 	}
 
 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-	OSSL_PROVIDER *legacy;
-	OSSL_PROVIDER *deflt;
-
-	/* Load Multiple providers into the default (NULL) library context */
-	legacy = OSSL_PROVIDER_load(NULL, "legacy");
-	if (legacy == NULL)
+	if (ossl_legacy_provider_load())
 		return -EINVAL;
-
-	deflt = OSSL_PROVIDER_load(NULL, "default");
-	if (deflt == NULL) {
-		OSSL_PROVIDER_unload(legacy);
-		return  -EINVAL;
-	}
 #endif
 	ret = qat_sym_session_set_parameters(dev, xform, sess_private_data);
 	if (ret != 0) {
@@ -513,8 +531,7 @@  qat_sym_session_configure(struct rte_cryptodev *dev,
 		sess_private_data);
 
 # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-	OSSL_PROVIDER_unload(legacy);
-	OSSL_PROVIDER_unload(deflt);
+	ossl_legacy_provider_unload();
 # endif
 	return 0;
 }
@@ -2606,6 +2623,10 @@  qat_security_session_create(void *dev,
 		return -ENOMEM;
 	}
 
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+	if (ossl_legacy_provider_load())
+		return -EINVAL;
+#endif
 	ret = qat_sec_session_set_docsis_parameters(cdev, conf,
 			sess_private_data);
 	if (ret != 0) {
@@ -2639,6 +2660,10 @@  qat_security_session_destroy(void *dev __rte_unused,
 		set_sec_session_private_data(sess, NULL);
 		rte_mempool_put(sess_mp, sess_priv);
 	}
+
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+	ossl_legacy_provider_unload();
+# endif
 	return 0;
 }
 #endif