[EXT] [dpdk-dev v5] crypto/openssl: openssl 3.0 support on sym crypto routine

Zhang, Roy Fan roy.fan.zhang at intel.com
Fri Feb 25 14:51:10 CET 2022

Previous message (by thread): [EXT] [dpdk-dev v5] crypto/openssl: openssl 3.0 support on sym crypto routine
Next message (by thread): [EXT] [dpdk-dev v5] crypto/openssl: openssl 3.0 support on sym crypto routine
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Akhil,

> -----Original Message-----
> From: Akhil Goyal <gakhil at marvell.com>
> Sent: Friday, February 25, 2022 10:40 AM
> To: Ji, Kai <kai.ji at intel.com>; dev at dpdk.org
> Cc: Zhang, Roy Fan <roy.fan.zhang at intel.com>
> Subject: RE: [EXT] [dpdk-dev v5] crypto/openssl: openssl 3.0 support on sym
> crypto routine
> 
> Hi Kai,
> >
> > The warning messages are deprecated APIs warnings from openssl , not
> > compiler warnings from gcc, the integrity of DPDK remain the same.
> > Alongside openssl pmd, the ccp and qat pmd also raise the same type of
> > warnings once openssl 3.0 installed.
> >
> > In the current intel roadmap,  we will try to support 3.0 API fully for openssl
> and
> > qat pmds by the end of year, so this patch is the first step.
> > I think the warning messages are safe to stay, Unfortunately the fix ccp
> pmd
> > driver is out of our reach.
> >
> 
> When DPDK is compiled with openssl 3.0. I am seeing these errors in
> compilation.
> So, compilation is broken and we cannot take this patch as is.
> We have few options,
> - fix all of these errors,
> - add exception in meson.build for ignoring these errors.
> - disable/skip compilation of PMDs if openssl version is >3.0
> 
> Adding only one type of APIs does not make sense, if the driver is not
> compiled.
> 
> In file included from ../drivers/crypto/openssl/openssl_pmd_private.h:12,
>                  from ../drivers/crypto/openssl/rte_openssl_pmd.c:16:
> /usr/local/include/openssl/dh.h:223:27: note: declared here
>   223 | OSSL_DEPRECATEDIN_3_0 int DH_generate_key(DH *dh);
>       |                           ^~~~~~~~~~~~~~~
> ../drivers/crypto/openssl/rte_openssl_pmd.c: In function
> 'process_openssl_rsa_op':
> ../drivers/crypto/openssl/rte_openssl_pmd.c:2068:3: error:
> 'RSA_public_encrypt' is deprecated: Since OpenSSL 3.0 [-
> Werror=deprecated-declarations]
>  2068 |   ret = RSA_public_encrypt(op->rsa.message.length,

You are right. We will defer the change to next release so we can send along
with the asym openssl change Kai is working on. But since we have your attention
I would want to drag Chandubabu's attention too  as there are three PMDs uses
deprecated openssl lib APIs: openssl, qat, and ccp. Adding a suppress flag to meson
build file won't resolve the problem - we need to resolve them before the APIs are
gone for good.

> 
> Also, avoid top posting of comments!

Previous message (by thread): [EXT] [dpdk-dev v5] crypto/openssl: openssl 3.0 support on sym crypto routine
Next message (by thread): [EXT] [dpdk-dev v5] crypto/openssl: openssl 3.0 support on sym crypto routine
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list