README and v0.6.14 version update.

Signed-off-by: Yogaraj Alamenda <[email protected]>
intel · Jul 22, 2022 · e93fc98 · e93fc98
1 parent a530427
commit e93fc98
Show file tree

Hide file tree

Showing 10 changed files with 43 additions and 29 deletions.
diff --git a/configure.ac b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.68])
-AC_INIT([qatengine], [0.6.13], [])
+AC_INIT([qatengine], [0.6.14], [])
 AC_CONFIG_SRCDIR([config.h.in])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_AUX_DIR([.])

diff --git a/docs/additional_information.md b/docs/additional_information.md
@@ -2,13 +2,21 @@
 
 * [Intel&reg; QuickAssist Technology Driver][1]
 * [White Paper: Intel&reg; QuickAssist Technology and OpenSSL-1.1.0:Performance][2]
+* [Sample installation guide for Software Acceleration (QAT_SW) using Intel&reg QAT Engine][3]
 
 Additional Information on integrating the Intel&reg QAT OpenSSL\* Engine with NGINX\*
 including an asynchronous fork of NGINX\* can be found at the following Github\*
 repository:
 
-* [Intel&reg; QuickAssist Technology (QAT) Async Mode NGINX\*][3]
+* [Intel&reg; QuickAssist Technology (QAT) Async Mode NGINX\*][4]
+
+Additional Information and experimental code on integrating the Intel&reg QAT BoringSSL\*
+Library with NGINX\* for QUIC support can be found at the following location in [01.org][1]
+
+* [Experimental QUIC support for NGINX][5]
 
 [1]:https://01.org/intel-quickassist-technology
 [2]:https://01.org/sites/default/files/downloads/intelr-quickassist-technology/337003-001-intelquickassisttechnologyandopenssl-110.pdf
-[3]:https://github.com/intel/asynch_mode_nginx
+[3]:https://www.intel.com/content/www/us/en/developer/articles/guide/building-software-acceleration-features-in-the-intel-qat-engine-for-openssl.html
+[4]:https://github.com/intel/asynch_mode_nginx
+[5]:https://cdrdv2.intel.com/v1/dl/getContent/737522
diff --git a/docs/features.md b/docs/features.md
@@ -23,6 +23,7 @@
 * [Pipelined Operations](qat_hw.md#using-the-openssl-pipelining-capability)
 * [Intel&reg; QAT OpenSSL\* Engine Software Fallback](qat_hw.md#intel-qat-openssl-engine-software-fallback-feature)
 * RSA8K, SHA3-224/256/384/512 and ChaCha20-Poly1305 using 4xxx (QAT gen4 devices) only.
+* [BoringSSL Support](bssl_support.md)
 
 ## qat_sw Features
 * [Intel&reg; QAT Software Acceleration for Asymmetric PKE and AES-GCM](qat_sw.md)
@@ -37,10 +38,10 @@
     * SM3 Hash Support using 16 Multibuffer requests (Experimental).
     * AES128-GCM, AES192-GCM and AES256-GCM
 
-##### [QAT_HW & QAT_SW Co-existence Feature](qat_common.md#qat-hw-and-qat-sw-co-existence-feature)
-##### [OpenSSL 3.0 Provider Support](qat_common.md#openssl-3.0-provider-support)
+## Common Features to qat_hw & qat_sw
+* [QAT_HW & QAT_SW Co-existence with runtime configuration](qat_common.md#qat-hw-and-qat-sw-co-existence)
+* [OpenSSL 3.0 Provider Support](qat_common.md#openssl-30-provider-support)
 
-Note: RSA Padding schemes are handled by OpenSSL\* rather than accelerated, so the
-engine supports the same padding schemes as OpenSSL does natively.
+Note: RSA Padding schemes are handled by OpenSSL\* or BoringSSL\* rather than accelerated, so the
+engine supports the same padding schemes as OpenSSL\* or BoringSSL\* does natively.
 
-## [BoringSSL Support](bssl_support.md)
diff --git a/docs/limitations.md b/docs/limitations.md
@@ -33,18 +33,19 @@
   calls is needed to unblock the issue.
 * SM2 ECDH and ECDSA application testing is done using BabaSSL only since OpenSSL
   doesn't support SMx cipher suites.
-* SM3 is disabled by default due to known issue from cryto_mb. When SM3 enabled,
-  Performance drop observed in mulithread scenario for all ciphers suites
-  due to the locks at engine_table_select in OpenSSL.
+* SM3 is disabled by default due to performance drop observed in mulithread scenario
+  for all ciphers suites due to the locks at engine_table_select in OpenSSL.
 * OpenSSL 1.1.1n introduced misleading error message(undefined symbol: EVP_PKEY_get_base_id)
   during engine load which can be ignored as it is not a real failure. This is later fixed in
   OpenSSL\* 1.1.1o release.
 * AES-CBC-HMAC-SHA chained ciphers does not support pipeline feature when built with
   OpenSSL 3.0 as the corresponding support is not available in OpenSSL 3.0.
-* There is a known issue with OpenSSL s_server application using qatprovider on OpenSSL 3.0.
+* There is a known issue with OpenSSL s_server application for QAT_HW GCM and QAT_SW_GCM
+  using qatprovider on OpenSSL 3.0. Disable GCM Support using --disable-qat_sw_gcm(for QAT_SW_GCM)
+  in the build configure. For QAT_HW GCM is disabled by default.
 * QAT Engine doesn't support ENCRYPT_THEN_MAC(default) mode of operation meaning
   when Encrypt then MAC is negotiated for symmetric ciphers say AES-CBC, the requests will not
   get offloaded via QAT_HW, instead uses OpenSSL SW. Disable ENCRYPT_THEN_MAC with the flag
   `SSL_OP_NO_ENCRYPT_THEN_MAC` programmatically using SSL_CTX_set_options() to offload
   symmetric chained ciphers via QAT_HW. Please note disabling ENCRYPT_THEN_MAC has security
-  implications.
+  implications.
diff --git a/docs/qat_common.md b/docs/qat_common.md
@@ -1,4 +1,4 @@
-# QAT_HW and QAT_SW Co-existence Feature
+# QAT_HW and QAT_SW Co-existence
 
 Intel&reg; QAT OpenSSL\* Engine supports QAT_HW and QAT_SW Co-existence build
 with both QAT_HW and QAT_SW dependant libraries(QAT Driver, crypto_mb and
@@ -17,7 +17,7 @@ The default behavior can be changed using corresponding algorithm's enable
 flags (eg:--enable-qat_sw_rsa) in which case the individual algorithms enabled
 (either qat_hw or qat_sw) in the build configure will get accelerated.
 
-## Setup HW&SW algorithm bitmap
+## Run time Co-existence configuration using HW & SW algorithm bitmap
 Intel&reg; QAT OpenSSL\* Engine supports a runtime mechanism to dynamically choose
 the QAT_HW or QAT_SW or both for each algorithm, using QAT_HW and QAT_SW dependent
 libraries linked in a single qatengine.

diff --git a/docs/software_requirements.md b/docs/software_requirements.md
@@ -6,12 +6,11 @@ that supports OpenSSL\* 1.1.1 or OpenSSL\* 3.0 or BoringSSL\* and Intel&reg; Qui
 Technology Driver for Linux or Intel&reg;  QuickAssist Technology
 Driver for FreeBSD. This release was validated on the following:
 
-* Operating system: CentOS\* 7.4 64-bit version & FreeBSD\* 11.4 64-bit version
-* Kernel: GNU\*/Linux\* 3.10.0-693
+* Operating system: CentOS* 8.4, Ubuntu\* 20.04.2 LTS & FreeBSD\* 12.3
 * Intel&reg; Communications Chipset C62X Series Software for Linux\*, version **4.18**
 * Intel&reg; Communications Chipset C62X Series Software for FreeBSD\*, version **3.12**
-* OpenSSL\* 1.1.1o & 3.0.3
-* BoringSSL\* commit - [fa3fbda07b] [1]
+* OpenSSL\* 1.1.1q & 3.0.5
+* BoringSSL\* commit - [fa3fbda07b][1]
 
 ## qat_sw Requirements
 Successful operation of the Intel&reg; QAT Software acceleration requires a
@@ -27,12 +26,11 @@ The Intel&reg; QAT Engine supports QAT SW AES-GCM from OpenSSL\* 1.1.1d.
 
 This release was validated on the following:
 
-* Operating system: Ubuntu 20.04.2 LTS
-* Kernel: 5.4.0-62-generic
+* Operating system: Ubuntu\* 20.04.2 LTS
 * Intel&reg; Crypto Multi-buffer library from the [ipp-crypto][2] release
   version **IPP Crypto 2021.5**
 * Intel&reg; Multi-Buffer crypto for IPsec Library release version **v1.2**
-* OpenSSL\* 1.1.1o & 3.0.3
+* OpenSSL\* 1.1.1q & 3.0.5
 
 [1]:https://github.com/google/boringssl/tree/fa3fbda07bbf70925453d6a3c25a7aa455aa1cef
 [2]:https://github.com/intel/ipp-crypto

diff --git a/e_qat.c b/e_qat.c
@@ -148,13 +148,13 @@
 const char *engine_qat_id = STR(QAT_ENGINE_ID);
 #if defined(QAT_HW) && defined(QAT_SW)
 const char *engine_qat_name =
-    "Reference implementation of QAT crypto engine(qat_hw & qat_sw) v0.6.13";
+    "Reference implementation of QAT crypto engine(qat_hw & qat_sw) v0.6.14";
 #elif QAT_HW
 const char *engine_qat_name =
-    "Reference implementation of QAT crypto engine(qat_hw) v0.6.13";
+    "Reference implementation of QAT crypto engine(qat_hw) v0.6.14";
 #else
 const char *engine_qat_name =
-    "Reference implementation of QAT crypto engine(qat_sw) v0.6.13";
+    "Reference implementation of QAT crypto engine(qat_sw) v0.6.14";
 #endif
 unsigned int engine_inited = 0;
 

diff --git a/qat_provider.h b/qat_provider.h
@@ -51,8 +51,8 @@
 # include <openssl/bio.h>
 # include <openssl/core_dispatch.h>
 
-# define QAT_PROVIDER_VERSION_STR "v0.6.13"
-# define QAT_PROVIDER_FULL_VERSION_STR "QAT Provider v0.6.13"
+# define QAT_PROVIDER_VERSION_STR "v0.6.14"
+# define QAT_PROVIDER_FULL_VERSION_STR "QAT Provider v0.6.14"
 
 # if defined(QAT_HW) && defined(QAT_SW)
 #  define QAT_PROVIDER_NAME_STR "QAT Provider for QAT_HW and QAT_SW"

diff --git a/qatengine-sw.spec b/qatengine-sw.spec
@@ -4,7 +4,7 @@
 %global enginesdir %(pkg-config --variable=enginesdir libcrypto)
 
 Name:           qatengine-sw
-Version:        0.6.13
+Version:        0.6.14
 Release:        1%{?dist}
 Summary:        Intel QuickAssist Technology (QAT) OpenSSL Engine
 # Most of the source code is BSD, with the following exceptions:
@@ -49,6 +49,9 @@ autoreconf -ivf
 %exclude %{enginesdir}/qatengine.la
 
 %changelog
+* Wed Jul 20 2022 Yogaraj Alamenda <[email protected]> - 0.6.14-1
+- Update to qatengine v0.6.14
+
 * Wed Jun 22 2022 Yogaraj Alamenda <[email protected]> - 0.6.13-1
 - Update to qatengine v0.6.13
 

diff --git a/qatengine.spec b/qatengine.spec
@@ -4,7 +4,7 @@
 %global enginesdir %(pkg-config --variable=enginesdir libcrypto)
 
 Name:           qatengine
-Version:        0.6.13
+Version:        0.6.14
 Release:        1%{?dist}
 Summary:        Intel QuickAssist Technology (QAT) OpenSSL Engine
 # Most of the source code is BSD, with the following exceptions:
@@ -46,6 +46,9 @@ autoreconf -ivf
 %exclude %{enginesdir}/qatengine.la
 
 %changelog
+* Wed Jul 20 2022 Yogaraj Alamenda <[email protected]> - 0.6.14-1
+- Update to qatengine v0.6.14
+
 * Wed Jun 22 2022 Yogaraj Alamenda <[email protected]> - 0.6.13-1
 - Update to qatengine v0.6.13