Remove OpenSSL 1.1.0 Support.

Only OpenSSL 1.1.1 and 3.0(via engine) is supported. All other versions are not supported. Signed-off-by: Yogaraj Alamenda <yogarajx.alamenda@intel.com>

Author: Yogaraj-Alamenda

Makefile.am

@@ -42,14 +42,11 @@ if QAT_HW
  qat_hw_dsa.c \
  qat_hw_ec.c \
  qat_hw_prf.c \
- qat_hw_gcm.c
-
-if !QAT_OPENSSL_110
- QAT_HW_111_SRC = qat_hw_hkdf.c \
- qat_hw_ecx.c \
- qat_hw_sha3.c \
- qat_hw_chachapoly.c
-endif
+ qat_hw_gcm.c \
+ qat_hw_hkdf.c \
+ qat_hw_ecx.c \
+ qat_hw_sha3.c \
+ qat_hw_chachapoly.c
 endif
 
 if QAT_SW
@@ -70,7 +67,6 @@ endif
 qatengine_la_SOURCES = ${QAT_COMMON_SRC} \
  ${QAT_ERR_SRC} \
  ${QAT_HW_SRC} \
- ${QAT_HW_111_SRC} \
  ${QAT_HW_MEM_SRC} \
  ${QAT_SW_SRC} \
  ${QAT_SW_IPSEC_SRC}
@@ -111,19 +107,12 @@ MAKE = make err-files && make
 endif
 
 err-files:
-if QAT_OPENSSL_110
-rm -rf e_qat_err* && perl -I$(with_openssl_dir) \
- $(with_openssl_dir)/util/mkerr.pl -conf e_qat.ec \
- -rebuild -reindex -nostatic -write *.c
-else
 if QAT_OPENSSL_3
 perl -I$(with_openssl_dir) $(with_openssl_dir)/util/mkerr.pl -conf qat_prov.ec \
  -rebuild -reindex *.c
 else
-rm -f e_qat_err.c e_qat.txt && perl -I$(with_openssl_dir) \
- $(with_openssl_dir)/util/mkerr.pl -conf e_qat.ec \
+perl -I$(with_openssl_dir) $(with_openssl_dir)/util/mkerr.pl -conf e_qat.ec \
  -rebuild -reindex *.c
 endif
-endif
 
 include test.am

README.md

@@ -143,9 +143,9 @@ Clone OpenSSL\* from Github\* at the following location:
 
  git clone https://github.com/openssl/openssl.git
 
-It is recommended to checkout and build against the OpenSSL\* 1.1.1 git tag
-specified in the release notes.
-Versions of OpenSSL\* before OpenSSL\* 1.1.0 are not supported.
+It is recommended to checkout and build against the OpenSSL\* git tag
+specified in the Software Requirements section. OpenSSL\* Version 1.1.1
+and 3.0 are only supported.
 
 Due to the nature of the Intel® QAT OpenSSL\* Engine being a dynamic engine
 it can only be used with shared library builds of OpenSSL\*.
@@ -305,8 +305,8 @@ the engines dir of the system which can be checked using
 If OpenSSL\* version in the system can not be updated to 1.1.1 series, then
 the engine needs to be built from source using the option
 `--with-openssl_install_dir`. An additional option `--with-openssl_dir` pointing
-to the top directory of the OpenSSL\* source needs to be provided for building
-against OpenSSL\* 1.1.0 as the engine err files need to be regenerated for 1.1.0.
+to the top directory of the OpenSSL\* source needs to be provided for regenerating
+err files if there are any new error messages added/deleted in the source code.
 
 <br>
 </details>

configure.ac

@@ -268,17 +268,9 @@ then
  AC_SUBST([OPENSSL_LIB], ["-Wl,-rpath,\$(with_openssl_install_dir)/lib -L\$(with_openssl_install_dir)/lib -lcrypto"])
  fi
  else
- AC_MSG_NOTICE([Build QAT engine against OpenSSL 1.1.x])
+ AC_MSG_NOTICE([Build QAT engine against OpenSSL 1.1.1])
  libdir="\$(with_openssl_install_dir)/lib/engines-1.1"
  AC_SUBST([OPENSSL_LIB], ["-Wl,-rpath,\$(with_openssl_install_dir)/lib -L\$(with_openssl_install_dir)/lib -lcrypto"])
- if test "`grep "define OPENSSL_VERSION_NUMBER 0x101000" $with_openssl_install_dir/include/openssl/opensslv.h | wc -l`" = "1"
- then
- if test "x$with_openssl_dir" = "x"
- then
- AC_MSG_ERROR([OpenSSL version 1.1.0! Additional flag "--with-openssl_dir" pointing to the OpenSSL source dir needs to be configured for OpenSSL 1.1.0 to regenerate err files])
- fi
- AC_SUBST([cflags_openssl_110], ["-DQAT_OPENSSL_110"])
- fi
  fi
  AC_SUBST([includes_openssl], ["-I\$(with_openssl_install_dir)/include"])
 else
@@ -290,18 +282,12 @@ else
  then
  AC_MSG_NOTICE([Build QAT engine against OpenSSL 3.0])
  AC_SUBST([cflags_openssl_3], ["-DQAT_OPENSSL_3 -DOPENSSL_SUPPRESS_DEPRECATED"])
- else
- if test "`grep "define OPENSSL_VERSION_NUMBER 0x10100" $includes_openssl/openssl/opensslv.h | wc -l`" = "1"
- then
- AC_MSG_ERROR([OpenSSL version in the system is less than 1.1.1. Either update system OpenSSL to 1.1.1 or Use "--with-openssl_install_dir" pointing to the path where OpenSSL downloaded from source is installed. Additional flag "--with-openssl_dir" pointing to the OpenSSL source dir needs to be configured for OpenSSL 1.1.0])
- fi
  fi
  AC_MSG_NOTICE([Install engine in the system OpenSSL enginesdir Path])
  AC_SUBST([includes_openssl], ["-I`pkg-config --variable=includedir libcrypto`"])
  AC_SUBST([OPENSSL_LIB], ["-lcrypto"])
  AC_SUBST([libdir])
 fi
-AM_CONDITIONAL([QAT_OPENSSL_110], [test "x$cflags_openssl_110" != "x"])
 AM_CONDITIONAL([QAT_OPENSSL_3], [test "x$cflags_openssl_3" != "x"])
 
 # If both QAT HW and QAT SW configured, then check the libraries from standard location and use accordingly.
@@ -370,14 +356,10 @@ fi
 AM_CONDITIONAL([QAT_SW], [test "x$cflags_qat_sw" != "x"])
 AM_CONDITIONAL([QAT_SW_IPSEC], [test "x$cflags_qat_sw_ipsec" != "x"])
 
-# OpenSSL source dir to regenerate err file for OpenSSL 1.1.0
+# OpenSSL source dir to regenerate err files if any changes in err messages
 if test "x$with_openssl_dir" = "x"
 then
  AC_MSG_NOTICE([Build with existing error files without regenerating from OpenSSL source])
-else if test "x$with_openssl_dir" = "xno"
-then
- AC_MSG_ERROR([--without-openssl_dir is invalid, set using --with-openssl_dir to the path to the OpenSSL source code. e.g: --with-openssl_dir=/path/to/openssl])
-fi
 fi
 AM_CONDITIONAL([QAT_ERR_FILES_BUILD], [test "x$with_openssl_dir" != "x"])
 

docs/config_options.md

@@ -35,24 +35,6 @@ The following is a list of the options that can be used with the
  (eg: /usr/lib64/engine-1.1).
 
 ```
-### OpenSSL 1.1.0 option
-```
---with-openssl_dir=/path/to/openssl
- Specify the path to the top level of the OpenSSL* source code. This path
- is only needed to regenerate engine specific error source files using the
- mkerr.pl script from the OpenSSL source files. This option needs to be used
- if there is any new error message added in the QAT Engine source files
- and the error files will get updated using the mkerr.pl script. The default
- if not provided will build QAT Engine from the existing error files
- e_qat_err.c, e_qat_err.h & e_qat.txt in the QAT Engine dir which is
- generated from OpenSSL release mentioned in the github release page.
- This option is mandatory when building against OpenSSL* 1.1.0 as existing
- err files is generated for 1.1.1 which is not compatible for 1.1.0 and
- `--with-openssl_install_dir` needs to be provided to regenerate it.
- For example if you cloned the OpenSSL* Github* repository from within `/`
- then you would use the following setting:
- --with-openssl_dir=/openssl
-```
 ### qat_sw options
 ```
 --enable-qat_sw/--disable-qat_sw
@@ -79,6 +61,19 @@ The following is a list of the options that can be used with the
 
 ### Optional
 ```
+--with-openssl_dir=/path/to/openssl
+ Specify the path to the top level of the OpenSSL* source code. This path
+ is only needed to regenerate engine specific error source files using the
+ mkerr.pl script from the OpenSSL source. This option needs to be used
+ if there is any new error message added in the QAT Engine source files
+ and the error files will get updated using the mkerr.pl script. The default
+ if not provided will build QAT Engine from the existing error files
+ e_qat_err.c, e_qat_err.h & e_qat.txt in the QAT Engine dir which is
+ generated from OpenSSL release mentioned in the github release page.
+ For example if you cloned the OpenSSL* Github* repository from within `/`
+ then you would use the following setting:
+ --with-openssl_dir=/openssl
+
 --with-qat_hw_install_dir=/path/to/qat_driver/build
  Specify the path to the location of the built Intel(R) QAT Hardware Driver
  library files. This path is needed in order to link to the userspace

docs/limitations.md

@@ -6,13 +6,6 @@
 * Only one level of forking is permitted, if a child process forks again then
  the Intel® QAT OpenSSL\* Engine will not be available in that forked
  process.
-* The function `ASYNC_WAIT_CTX_get_changed_fds` contained in OpenSSL\* 1.1.0
- might return incorrect values in the case of failures during the submission of
- operations to the hardware accelerator. This could result in errors at the
- application level. The fix has been delivered in OpenSSL\* 1.1.0e and OpenSSL\*
- 1.1.1. All previous versions of the library are affected.
- For more information, please refer to the following pull request on Github:
- [Fix waitctx fds removing the fd from the list #2581][1]
 * Event driven mode of polling operation is not supported in the FreeBSD
  Operating system or in the qatlib RPM.
 * qat_contig_mem memory driver is not supported when running under FreeBSD
@@ -38,5 +31,3 @@
  sshd looks to be closing the file descriptors associated with QAT engine and driver
  after initialising openssl. Work around in sshd which comments out the closefrom()
  calls is needed to unblock the issue.
-
-[1]:https://github.com/openssl/openssl/pull/2581

docs/software_requirements.md

@@ -2,7 +2,7 @@
 
 ## qat_hw Requirements
 Successful operation of QAT Hardware acceleration requires a software tool chain
-that supports OpenSSL\* 1.1.1 or OpenSSL\* 1.1.0 and Intel® QuickAssist
+that supports OpenSSL\* 1.1.1 or OpenSSL\* 3.0 and Intel® QuickAssist
 Technology Driver for Linux or Intel® QuickAssist Technology
 Driver for FreeBSD. This release was validated on the following:
 
@@ -14,8 +14,8 @@ Driver for FreeBSD. This release was validated on the following:
 
 ## qat_sw Requirements
 Successful operation of the Intel® QAT Software acceleration requires a
-software tool chain that supports OpenSSL\* 1.1.1 and Intel® Crypto
-Multi-buffer library(for Asymmetric PKE) cloned from the [ipp-crypto][1] repo.
+software tool chain that supports OpenSSL\* 1.1.1 or OpenSSL\* 3.0 and Intel®
+Crypto Multi-buffer library(for Asymmetric PKE) cloned from the [ipp-crypto][1] repo.
 The crypto_mb library needs to be installed using the instructions from the
 [Crypto Multi-buffer Library][2] Readme.
 

e_qat.txt

@@ -91,24 +91,23 @@ QAT_F_QAT_RSA_PRIV_ENC:181:qat_rsa_priv_enc
 QAT_F_QAT_RSA_PUB_DEC:182:qat_rsa_pub_dec
 QAT_F_QAT_RSA_PUB_ENC:183:qat_rsa_pub_enc
 QAT_F_QAT_SESSION_DATA_INIT:184:qat_session_data_init
-QAT_F_QAT_SET_AFFINE_COORDINATES:185:qat_set_affine_coordinates
-QAT_F_QAT_SET_INSTANCE_FOR_THREAD:186:qat_set_instance_for_thread
-QAT_F_QAT_SHA3_CLEANUP:187:qat_sha3_cleanup
-QAT_F_QAT_SHA3_CTRL:188:qat_sha3_ctrl
-QAT_F_QAT_SHA3_FINAL:189:qat_sha3_final
-QAT_F_QAT_SHA3_SESSION_DATA_INIT:190:qat_sha3_session_data_init
-QAT_F_QAT_SHA3_SETUP_PARAM:191:qat_sha3_setup_param
-QAT_F_QAT_SHA3_UPDATE:192:qat_sha3_update
-QAT_F_QAT_SYM_PERFORM_OP:193:qat_sym_perform_op
-QAT_F_QAT_VALIDATE_ECX_DERIVE:194:qat_validate_ecx_derive
-QAT_F_QAT_X25519_PMETH:195:qat_x25519_pmeth
-QAT_F_QAT_X448_PMETH:196:qat_x448_pmeth
-QAT_F_VAESGCM_CIPHERS_CTRL:197:vaesgcm_ciphers_ctrl
-QAT_F_VAESGCM_CIPHERS_DO_CIPHER:198:vaesgcm_ciphers_do_cipher
-QAT_F_VAESGCM_CIPHERS_INIT:199:vaesgcm_ciphers_init
-QAT_F_VAESGCM_INIT_GCM:200:vaesgcm_init_gcm
-QAT_F_VAESGCM_INIT_IPSEC_MB_MGR:201:vaesgcm_init_ipsec_mb_mgr
-QAT_F_VAESGCM_INIT_KEY:202:vaesgcm_init_key
+QAT_F_QAT_SET_INSTANCE_FOR_THREAD:185:qat_set_instance_for_thread
+QAT_F_QAT_SHA3_CLEANUP:186:qat_sha3_cleanup
+QAT_F_QAT_SHA3_CTRL:187:qat_sha3_ctrl
+QAT_F_QAT_SHA3_FINAL:188:qat_sha3_final
+QAT_F_QAT_SHA3_SESSION_DATA_INIT:189:qat_sha3_session_data_init
+QAT_F_QAT_SHA3_SETUP_PARAM:190:qat_sha3_setup_param
+QAT_F_QAT_SHA3_UPDATE:191:qat_sha3_update
+QAT_F_QAT_SYM_PERFORM_OP:192:qat_sym_perform_op
+QAT_F_QAT_VALIDATE_ECX_DERIVE:193:qat_validate_ecx_derive
+QAT_F_QAT_X25519_PMETH:194:qat_x25519_pmeth
+QAT_F_QAT_X448_PMETH:195:qat_x448_pmeth
+QAT_F_VAESGCM_CIPHERS_CTRL:196:vaesgcm_ciphers_ctrl
+QAT_F_VAESGCM_CIPHERS_DO_CIPHER:197:vaesgcm_ciphers_do_cipher
+QAT_F_VAESGCM_CIPHERS_INIT:198:vaesgcm_ciphers_init
+QAT_F_VAESGCM_INIT_GCM:199:vaesgcm_init_gcm
+QAT_F_VAESGCM_INIT_IPSEC_MB_MGR:200:vaesgcm_init_ipsec_mb_mgr
+QAT_F_VAESGCM_INIT_KEY:201:vaesgcm_init_key
 
 #Reason codes
 QAT_R_AAD_INVALID_PTR:100:aad invalid ptr

e_qat_err.c

@@ -119,8 +119,6 @@ static ERR_STRING_DATA QAT_str_functs[] = {
  {ERR_PACK(0, QAT_F_QAT_RSA_PUB_DEC, 0), "qat_rsa_pub_dec"},
  {ERR_PACK(0, QAT_F_QAT_RSA_PUB_ENC, 0), "qat_rsa_pub_enc"},
  {ERR_PACK(0, QAT_F_QAT_SESSION_DATA_INIT, 0), "qat_session_data_init"},
- {ERR_PACK(0, QAT_F_QAT_SET_AFFINE_COORDINATES, 0),
- "qat_set_affine_coordinates"},
  {ERR_PACK(0, QAT_F_QAT_SET_INSTANCE_FOR_THREAD, 0),
  "qat_set_instance_for_thread"},
  {ERR_PACK(0, QAT_F_QAT_SHA3_CLEANUP, 0), "qat_sha3_cleanup"},

e_qat_err.h

@@ -114,24 +114,23 @@ void ERR_QAT_error(int function, int reason, char *file, int line);
 # define QAT_F_QAT_RSA_PUB_DEC 182
 # define QAT_F_QAT_RSA_PUB_ENC 183
 # define QAT_F_QAT_SESSION_DATA_INIT 184
-# define QAT_F_QAT_SET_AFFINE_COORDINATES 185
-# define QAT_F_QAT_SET_INSTANCE_FOR_THREAD 186
-# define QAT_F_QAT_SHA3_CLEANUP 187
-# define QAT_F_QAT_SHA3_CTRL 188
-# define QAT_F_QAT_SHA3_FINAL 189
-# define QAT_F_QAT_SHA3_SESSION_DATA_INIT 190
-# define QAT_F_QAT_SHA3_SETUP_PARAM 191
-# define QAT_F_QAT_SHA3_UPDATE 192
-# define QAT_F_QAT_SYM_PERFORM_OP 193
-# define QAT_F_QAT_VALIDATE_ECX_DERIVE 194
-# define QAT_F_QAT_X25519_PMETH 195
-# define QAT_F_QAT_X448_PMETH 196
-# define QAT_F_VAESGCM_CIPHERS_CTRL 197
-# define QAT_F_VAESGCM_CIPHERS_DO_CIPHER 198
-# define QAT_F_VAESGCM_CIPHERS_INIT 199
-# define QAT_F_VAESGCM_INIT_GCM 200
-# define QAT_F_VAESGCM_INIT_IPSEC_MB_MGR 201
-# define QAT_F_VAESGCM_INIT_KEY 202
+# define QAT_F_QAT_SET_INSTANCE_FOR_THREAD 185
+# define QAT_F_QAT_SHA3_CLEANUP 186
+# define QAT_F_QAT_SHA3_CTRL 187
+# define QAT_F_QAT_SHA3_FINAL 188
+# define QAT_F_QAT_SHA3_SESSION_DATA_INIT 189
+# define QAT_F_QAT_SHA3_SETUP_PARAM 190
+# define QAT_F_QAT_SHA3_UPDATE 191
+# define QAT_F_QAT_SYM_PERFORM_OP 192
+# define QAT_F_QAT_VALIDATE_ECX_DERIVE 193
+# define QAT_F_QAT_X25519_PMETH 194
+# define QAT_F_QAT_X448_PMETH 195
+# define QAT_F_VAESGCM_CIPHERS_CTRL 196
+# define QAT_F_VAESGCM_CIPHERS_DO_CIPHER 197
+# define QAT_F_VAESGCM_CIPHERS_INIT 198
+# define QAT_F_VAESGCM_INIT_GCM 199
+# define QAT_F_VAESGCM_INIT_IPSEC_MB_MGR 200
+# define QAT_F_VAESGCM_INIT_KEY 201
 
 /*
  * QAT reason codes.