diff mbox series

crypto/openssl: do not build useless workaround

Message ID	20230418145619.2648068-1-didier.pallard@6wind.com (mailing list archive)
State	Accepted, archived
Delegated to:	akhil goyal
Headers	From: Didier Pallard <didier.pallard@6wind.com> To: dev@dpdk.org Cc: stable@dpdk.org, Kai Ji <kai.ji@intel.com>, Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>, Tomasz Kulasek <tomaszx.kulasek@intel.com>, Michal Kobylinski <michalx.kobylinski@intel.com>, Pablo de Lara <pablo.de.lara.guarch@intel.com>, Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com> Subject: [PATCH] crypto/openssl: do not build useless workaround Date: Tue, 18 Apr 2023 16:56:19 +0200 Message-Id: <20230418145619.2648068-1-didier.pallard@6wind.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: dev-bounces@dpdk.org
Series	crypto/openssl: do not build useless workaround \| crypto/openssl: do not build useless workaround

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/loongarch-compilation	success	Compilation OK
ci/loongarch-unit-testing	success	Unit Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/intel-Testing	success	Testing PASS
ci/iol-broadcom-Performance	success	Performance Testing PASS
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/iol-broadcom-Functional	success	Functional Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/github-robot: build	success	github build: passed
ci/iol-aarch64-unit-testing	success	Testing PASS
ci/iol-unit-testing	success	Testing PASS
ci/iol-abi-testing	success	Testing PASS
ci/intel-Functional	success	Functional PASS
ci/iol-x86_64-compile-testing	success	Testing PASS
ci/iol-aarch64-compile-testing	success	Testing PASS
ci/iol-testing	success	Testing PASS
ci/iol-x86_64-unit-testing	success	Testing PASS

Commit Message

Didier Pallard April 18, 2023, 2:56 p.m. UTC

  This workaround was needed before version 1.0.1f. Do not build it for
versions >= 1.1.

Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
Signed-off-by: Didier Pallard <didier.pallard@6wind.com>
Cc: stable@dpdk.org
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

Comments

Ji, Kai June 20, 2023, 9:29 a.m. UTC | #1

Acked-by: Kai Ji <kai.ji@intel.com<mailto:kai.ji@intel.com>>

Akhil Goyal June 20, 2023, 11 a.m. UTC | #2

Applied to dpdk-next-crypto

Thanks.

Thomas Monjalon June 25, 2023, 7:22 p.m. UTC | #3

18/04/2023 16:56, Didier Pallard:
> This workaround was needed before version 1.0.1f. Do not build it for
> versions >= 1.1.
> 
> Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
> Signed-off-by: Didier Pallard <didier.pallard@6wind.com>
> Cc: stable@dpdk.org
[...]
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
>  	/* Workaround open ssl bug in version less then 1.0.1f */
>  	if (EVP_EncryptUpdate(ctx, empty, &unused, empty, 0) <= 0)
>  		goto process_auth_encryption_gcm_err;
> +#endif

What happens if we build with OpenSSL 1.1 and run with OpenSSL 1.0?
Can we have a runtime check?
Or is it better doing the workaround always as before?

Didier Pallard June 26, 2023, 9:13 a.m. UTC | #4

HI,
not sure to understand how it is possible.
If build  OPENSSL_VERSION_NUMBER <  0x10100000L, linker should link binary
with libcrypto.so.1.0.0.
libcrypto.so.1.1 if build for 0x10100000L and libcrypto.so.3 for
0x30000000L
loader should not allow to link with a library different from the one used
at build time, no?

didier

On Sun, Jun 25, 2023 at 9:22 PM Thomas Monjalon <thomas@monjalon.net> wrote:

> 18/04/2023 16:56, Didier Pallard:
> > This workaround was needed before version 1.0.1f. Do not build it for
> > versions >= 1.1.
> >
> > Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
> > Signed-off-by: Didier Pallard <didier.pallard@6wind.com>
> > Cc: stable@dpdk.org
> [...]
> > +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> >       /* Workaround open ssl bug in version less then 1.0.1f */
> >       if (EVP_EncryptUpdate(ctx, empty, &unused, empty, 0) <= 0)
> >               goto process_auth_encryption_gcm_err;
> > +#endif
>
> What happens if we build with OpenSSL 1.1 and run with OpenSSL 1.0?
> Can we have a runtime check?
> Or is it better doing the workaround always as before?
>
>
>

Thomas Monjalon June 26, 2023, 10:04 a.m. UTC | #5

26/06/2023 11:13, Didier Pallard:
> HI,
> not sure to understand how it is possible.
> If build  OPENSSL_VERSION_NUMBER <  0x10100000L, linker should link binary
> with libcrypto.so.1.0.0.
> libcrypto.so.1.1 if build for 0x10100000L and libcrypto.so.3 for
> 0x30000000L
> loader should not allow to link with a library different from the one used
> at build time, no?

You are probably right.
libcrypto.so.1.1 and libcrypto.so.1.0 are incompatible versions?
If we are linking against libcrypto.so.1.1 and you did exactly
a check for lower than libcrypto.so.1.1, then it should be OK.


> On Sun, Jun 25, 2023 at 9:22 PM Thomas Monjalon <thomas@monjalon.net> wrote:
> 
> > 18/04/2023 16:56, Didier Pallard:
> > > This workaround was needed before version 1.0.1f. Do not build it for
> > > versions >= 1.1.
> > >
> > > Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
> > > Signed-off-by: Didier Pallard <didier.pallard@6wind.com>
> > > Cc: stable@dpdk.org
> > [...]
> > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> > >       /* Workaround open ssl bug in version less then 1.0.1f */
> > >       if (EVP_EncryptUpdate(ctx, empty, &unused, empty, 0) <= 0)
> > >               goto process_auth_encryption_gcm_err;
> > > +#endif
> >
> > What happens if we build with OpenSSL 1.1 and run with OpenSSL 1.0?
> > Can we have a runtime check?
> > Or is it better doing the workaround always as before?

Didier Pallard June 26, 2023, 10:39 a.m. UTC | #6

On Mon, Jun 26, 2023 at 12:04 PM Thomas Monjalon <thomas@monjalon.net>
wrote:

> 26/06/2023 11:13, Didier Pallard:
> > HI,
> > not sure to understand how it is possible.
> > If build  OPENSSL_VERSION_NUMBER <  0x10100000L, linker should link
> binary
> > with libcrypto.so.1.0.0.
> > libcrypto.so.1.1 if build for 0x10100000L and libcrypto.so.3 for
> > 0x30000000L
> > loader should not allow to link with a library different from the one
> used
> > at build time, no?
>
> You are probably right.
> libcrypto.so.1.1 and libcrypto.so.1.0 are incompatible versions?
>
I think so. Can someone else confirm?


> If we are linking against libcrypto.so.1.1 and you did exactly
> a check for lower than libcrypto.so.1.1, then it should be OK.
>
>
> > On Sun, Jun 25, 2023 at 9:22 PM Thomas Monjalon <thomas@monjalon.net>
> wrote:
> >
> > > 18/04/2023 16:56, Didier Pallard:
> > > > This workaround was needed before version 1.0.1f. Do not build it for
> > > > versions >= 1.1.
> > > >
> > > > Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL
> library")
> > > > Signed-off-by: Didier Pallard <didier.pallard@6wind.com>
> > > > Cc: stable@dpdk.org
> > > [...]
> > > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> > > >       /* Workaround open ssl bug in version less then 1.0.1f */
> > > >       if (EVP_EncryptUpdate(ctx, empty, &unused, empty, 0) <= 0)
> > > >               goto process_auth_encryption_gcm_err;
> > > > +#endif
> > >
> > > What happens if we build with OpenSSL 1.1 and run with OpenSSL 1.0?
> > > Can we have a runtime check?
> > > Or is it better doing the workaround always as before?
>
>
>
>

diff mbox series

Patch

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index e00db0facba5..a11885df8255 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1195,8 +1195,11 @@  process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
 		int srclen, uint8_t *aad, int aadlen, uint8_t *iv,
 		uint8_t *dst, uint8_t *tag, EVP_CIPHER_CTX *ctx)
 {
-	int len = 0, unused = 0;
+	int len = 0;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+	int unused = 0;
 	uint8_t empty[] = {};
+#endif
 
 	if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
 		goto process_auth_encryption_gcm_err;
@@ -1210,9 +1213,11 @@  process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
 				srclen, ctx, 0))
 			goto process_auth_encryption_gcm_err;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	/* Workaround open ssl bug in version less then 1.0.1f */
 	if (EVP_EncryptUpdate(ctx, empty, &unused, empty, 0) <= 0)
 		goto process_auth_encryption_gcm_err;
+#endif
 
 	if (EVP_EncryptFinal_ex(ctx, dst, &len) <= 0)
 		goto process_auth_encryption_gcm_err;
@@ -1274,8 +1279,11 @@  process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset,
 		int srclen, uint8_t *aad, int aadlen, uint8_t *iv,
 		uint8_t *dst, uint8_t *tag, EVP_CIPHER_CTX *ctx)
 {
-	int len = 0, unused = 0;
+	int len = 0;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+	int unused = 0;
 	uint8_t empty[] = {};
+#endif
 
 	if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag) <= 0)
 		goto process_auth_decryption_gcm_err;
@@ -1292,9 +1300,11 @@  process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset,
 				srclen, ctx, 0))
 			goto process_auth_decryption_gcm_err;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	/* Workaround open ssl bug in version less then 1.0.1f */
 	if (EVP_DecryptUpdate(ctx, empty, &unused, empty, 0) <= 0)
 		goto process_auth_decryption_gcm_err;
+#endif
 
 	if (EVP_DecryptFinal_ex(ctx, dst, &len) <= 0)
 		return -EFAULT;