Bug Fixes and update README.

- Move Engine load error messages to print in console. - Fix qatlib and QAT_SW co-existence build. - Fix issue with disable prf and gcm provider build. - Fix issue sm3 ctx initilization. Signed-off-by: Yogaraj Alamenda <yogarajx.alamenda@intel.com>

Author: Yogaraj-Alamenda

configure.ac

@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.68])
-AC_INIT([qatengine], [0.6.12], [])
+AC_INIT([qatengine], [0.6.13], [])
 AC_CONFIG_SRCDIR([config.h.in])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_AUX_DIR([.])
@@ -255,7 +255,7 @@ AC_SUBST([LIBQATNAME], "qatengine")
 AC_CHECK_FILE(${qat_hw_dir_prefix}/include/qat/icp_sal_versions.h,
  [with_icp_sal_versions_h=yes],
  [with_icp_sal_versions_h=no])
-if test "x$with_icp_sal_versions_h" = "xyes" -a "x$enable_qat_sw" = "x"
+if test "x$with_icp_sal_versions_h" = "xyes"
 then
  if test `grep "define SAL_INFO2_DRIVER_SW_VERSION_TYPE \"in-tree\"" ${qat_hw_dir_prefix}/include/qat/icp_sal_versions.h | wc -l` = "1"
  then
@@ -377,7 +377,7 @@ then
  if test "x$ac_cv_lib_crypto_mb_mbx_getversion" = "xyes"
  then
  AC_CHECK_FILE(/usr/local/lib/libcrypto_mb.so,
- [AC_SUBST([QAT_SW_CRYPTO_MB_LIB], ["-Wl,-rpath,/usr/local/lib -L/usr/loca/lib -lcrypto_mb"])],
+ [AC_SUBST([QAT_SW_CRYPTO_MB_LIB], ["-Wl,-rpath,/usr/local/lib -L/usr/local/lib -lcrypto_mb"])],
  [AC_SUBST([QAT_SW_CRYPTO_MB_LIB], ["-lcrypto_mb"])])
  AC_SUBST([cflags_qat_sw], ["-DQAT_SW"])
  fi

docs/limitations.md

@@ -21,8 +21,8 @@
  in the Intel® QAT OpenSSL\* Engine configuration when building against earlier
  versions of the Linux driver.
 * Support for QAT HW ECX, QAT SW ECX, QAT HW PRF and QAT HW HKDF is disabled when built
- against OpenSSL 3.0 due to known issues instead it uses non-accelerated implementation
- from OpenSSL.
+ against OpenSSL 3.0 engine interface due to known issues, instead it uses
+ non-accelerated implementation from OpenSSL.
 * There is known performance scaling issue (performance drop with threads >32)
  with ECDSA Ciphers in the QAT Software acceleration using multithread mode
  in the Haproxy application. This issue is not observed when using RSA ciphers
@@ -37,9 +37,8 @@
  Performance drop observed in mulithread scenario for all ciphers suites
  due to the locks at engine_table_select in OpenSSL.
 * OpenSSL 1.1.1n introduced misleading error message(undefined symbol: EVP_PKEY_get_base_id)
- during engine load which can be ignored as it is not a real failure. Details of error
- message can be found [here][1]
+ during engine load which can be ignored as it is not a real failure. This is later fixed in
+ OpenSSL\* 1.1.1o release.
 * AES-CBC-HMAC-SHA chained ciphers does not support pipeline feature when built with
  OpenSSL 3.0 as the corresponding support is not available in OpenSSL 3.0.
-
-[1]:https://github.com/openssl/openssl/issues/17962
+* There is a known issue with OpenSSL s_server application using qatprovider on OpenSSL 3.0.

docs/software_requirements.md

@@ -8,9 +8,9 @@ Driver for FreeBSD. This release was validated on the following:
 
 * Operating system: CentOS\* 7.4 64-bit version & FreeBSD\* 11.4 64-bit version
 * Kernel: GNU\*/Linux\* 3.10.0-693
-* Intel® Communications Chipset C62X Series Software for Linux\*, version **4.16**
-* Intel® Communications Chipset C62X Series Software for FreeBSD\*, version **3.11**
-* OpenSSL\* 1.1.1n & 3.0.1
+* Intel® Communications Chipset C62X Series Software for Linux\*, version **4.18**
+* Intel® Communications Chipset C62X Series Software for FreeBSD\*, version **3.12**
+* OpenSSL\* 1.1.1o & 3.0.3
 
 ## qat_sw Requirements
 Successful operation of the Intel® QAT Software acceleration requires a
@@ -31,7 +31,7 @@ This release was validated on the following:
 * Intel® Crypto Multi-buffer library from the [ipp-crypto][1] release
  version **IPP Crypto 2021.5**
 * Intel® Multi-Buffer crypto for IPsec Library release version **v1.2**
-* OpenSSL\* 1.1.1n & 3.0.1
+* OpenSSL\* 1.1.1o & 3.0.3
 
 [1]:https://github.com/intel/ipp-crypto
 [2]:https://github.com/intel/ipp-crypto/tree/develop/sources/ippcp/crypto_mb

e_qat.c

@@ -144,13 +144,13 @@
 const char *engine_qat_id = STR(QAT_ENGINE_ID);
 #if defined(QAT_HW) && defined(QAT_SW)
 const char *engine_qat_name =
- "Reference implementation of QAT crypto engine(qat_hw & qat_sw) v0.6.12";
+ "Reference implementation of QAT crypto engine(qat_hw & qat_sw) v0.6.13";
 #elif QAT_HW
 const char *engine_qat_name =
- "Reference implementation of QAT crypto engine(qat_hw) v0.6.12";
+ "Reference implementation of QAT crypto engine(qat_hw) v0.6.13";
 #else
 const char *engine_qat_name =
- "Reference implementation of QAT crypto engine(qat_sw) v0.6.12";
+ "Reference implementation of QAT crypto engine(qat_sw) v0.6.13";
 #endif
 unsigned int engine_inited = 0;
 
@@ -421,15 +421,15 @@ int hw_support(void) {
  vpclmulqdq = 1;
 
  DEBUG("Processor Support - AVX512F = %u, VAES = %u, VPCLMULQDQ = %u\n",
- avx512f, vaes, vpclmulqdq);
+  avx512f, vaes, vpclmulqdq);
 
  if (avx512f && vaes && vpclmulqdq) {
  qat_sw_ipsec = 1;
  return 1;
  } else {
- WARN("Processor unsupported - AVX512F = %u, VAES = %u, VPCLMULQDQ = %u\n",
- avx512f, vaes, vpclmulqdq);
-return 0;
+ fprintf(stderr, "Processor unsupported for QAT_SW - AVX512F = %u, VAES = %u, VPCLMULQDQ = %u\n",
+  avx512f, vaes, vpclmulqdq);
+ return 0;
  }
 }
 #endif
@@ -468,7 +468,7 @@ int qat_engine_init(ENGINE *e)
 #ifdef QAT_HW
  if (qat_hw_offload) {
  if (!qat_init(e)) {
- WARN("QAT initialization Failed\n");
+ fprintf(stderr, "QAT_HW initialization Failed\n");
  return 0;
  }
  }
@@ -477,7 +477,7 @@ int qat_engine_init(ENGINE *e)
 #ifdef QAT_SW
  if (qat_sw_offload) {
  if (!multibuff_init(e)) {
- WARN("Multibuff initialization Failed\n");
+ fprintf(stderr, "QAT_SW initialization Failed\n");
  return 0;
  }
  }
@@ -858,21 +858,21 @@ static int bind_qat(ENGINE *e, const char *id)
  if (icp_sal_userIsQatAvailable() == CPA_TRUE) {
  qat_hw_offload = 1;
  } else {
- WARN("Qat Intree device not available\n");
 # ifndef QAT_SW
+ fprintf(stderr, "Qat Intree device not available\n");
  goto end;
 # endif
  }
 # else
  if (access(QAT_DEV, F_OK) == 0) {
  qat_hw_offload = 1;
  if (access(QAT_MEM_DEV, F_OK) != 0) {
- WARN("Qat memory driver not present\n");
+ fprintf(stderr, "Qat memory driver not present\n");
  goto end;
  }
  } else {
- WARN("Qat device not available\n");
 # ifndef QAT_SW
+ fprintf(stderr, "Qat device not available\n");
  goto end;
 # endif
  }
@@ -885,12 +885,12 @@ static int bind_qat(ENGINE *e, const char *id)
  }
 
  if (!ENGINE_set_id(e, engine_qat_id)) {
- WARN("ENGINE_set_id failed\n");
+ fprintf(stderr, "ENGINE_set_id failed\n");
  goto end;
  }
 
  if (!ENGINE_set_name(e, engine_qat_name)) {
- WARN("ENGINE_set_name failed\n");
+ fprintf(stderr, "ENGINE_set_name failed\n");
  goto end;
  }
 
@@ -965,7 +965,7 @@ static int bind_qat(ENGINE *e, const char *id)
  if (hw_support()) {
 # ifdef ENABLE_QAT_SW_GCM
  if (!vaesgcm_init_ipsec_mb_mgr()) {
- WARN("IPSec Multi-Buffer Manager Initialization failed\n");
+ fprintf(stderr, "IPSec Multi-Buffer Manager Initialization failed\n");
  goto end;
  }
 # endif
@@ -1000,7 +1000,7 @@ static int bind_qat(ENGINE *e, const char *id)
  ret &= ENGINE_set_finish_function(e, qat_engine_finish);
  ret &= ENGINE_set_cmd_defns(e, qat_cmd_defns);
  if (ret == 0) {
- WARN("Engine failed to register init, finish or destroy functions\n");
+ fprintf(stderr, "Engine failed to register init, finish or destroy functions\n");
  }
 
  /*
@@ -1046,13 +1046,13 @@ static ENGINE *engine_qat(void)
  ret = ENGINE_new();
 
  if (!ret) {
- WARN("Failed to create Engine\n");
+ fprintf(stderr, "Failed to create Engine\n");
  QATerr(QAT_F_ENGINE_QAT, QAT_R_QAT_CREATE_ENGINE_FAILURE);
  return NULL;
  }
 
  if (!bind_qat(ret, engine_qat_id)) {
- WARN("Qat engine bind failed\n");
+ fprintf(stderr, "Qat Engine bind failed\n");
  ENGINE_free(ret);
  return NULL;
  }

qat_hw_gcm.c

@@ -1007,7 +1007,6 @@ int QAT_AES_CIPHER_CTX_encrypting(QAT_GCM_CTX *qctx)
 }
 #endif
 
-#ifndef QAT_OPENSSL_PROVIDER
 /******************************************************************************
 * function:
 * qat_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -1241,7 +1240,7 @@ int qat_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  DEBUG("Function result = %d\n",ret_val);
  return ret_val;
 }
-#endif
+
 /******************************************************************************
 * function:
 * qat_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -1349,9 +1348,7 @@ int qat_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
  /* Distinguish the Update and TLS case */
  if (qctx->tls_aad_len >= 0) {
-#ifndef QAT_OPENSSL_PROVIDER
  return qat_aes_gcm_tls_cipher(ctx, out, in, len);
-#endif
  }
 
  /* If either key or IV not set, throw error here. */

qat_hw_prf.h

@@ -47,8 +47,6 @@
 #ifndef QAT_HW_PRF_H
 #define QAT_HW_PRF_H
 
-#ifdef ENABLE_QAT_HW_PRF
-
 #include <pthread.h>
 #include <string.h>
 #include <signal.h>
@@ -72,13 +70,14 @@
  * early on here if they are exceeded rather than later on
  * down in the driver.
  */
-#if CPA_CY_API_VERSION_NUM_MAJOR > 2
-# define QAT_TLS1_PRF_SECRET_MAXBUF 1024
-#else
-# define QAT_TLS1_PRF_SECRET_MAXBUF 512
-#endif
-#define QAT_TLS1_PRF_SEED_MAXBUF 64
-#define QAT_TLS1_PRF_LABEL_MAXBUF 136
+# ifdef ENABLE_QAT_HW_PRF
+# if CPA_CY_API_VERSION_NUM_MAJOR > 2
+# define QAT_TLS1_PRF_SECRET_MAXBUF 1024
+# else
+# define QAT_TLS1_PRF_SECRET_MAXBUF 512
+# endif
+# define QAT_TLS1_PRF_SEED_MAXBUF 64
+# define QAT_TLS1_PRF_LABEL_MAXBUF 136
 
 /* QAT TLS pkey context structure */
 typedef struct {
@@ -101,6 +100,6 @@ void qat_prf_cleanup(EVP_PKEY_CTX *ctx);
 int qat_prf_tls_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
  size_t *olen);
 int qat_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
-#endif /* DISABLE_QAT_HW_PRF */
+# endif /* DISABLE_QAT_HW_PRF */
 
 #endif /* QAT_HW_PRF_H */

qat_provider.h

@@ -50,8 +50,8 @@
 # include <openssl/provider.h>
 # include <openssl/bio.h>
 
-# define QAT_PROVIDER_VERSION_STR "v0.6.12"
-# define QAT_PROVIDER_FULL_VERSION_STR "QAT Provider v0.6.12"
+# define QAT_PROVIDER_VERSION_STR "v0.6.13"
+# define QAT_PROVIDER_FULL_VERSION_STR "QAT Provider v0.6.13"
 
 # if defined(QAT_HW) && defined(QAT_SW)
 # define QAT_PROVIDER_NAME_STR "QAT Provider for QAT_HW and QAT_SW"