[EXT] [dpdk-dev v5] crypto/openssl: openssl 3.0 support on sym crypto routine

[Namburu, Chandu-babu]

[Public]

Hi Roy Fan,

-----Original Message-----
From: Zhang, Roy Fan <roy.fan.zhang at intel.com> 
Sent: Friday, February 25, 2022 7:21 PM
To: Akhil Goyal <gakhil at marvell.com>; Ji, Kai <kai.ji at intel.com>; dev at dpdk.org
Cc: Namburu, Chandu-babu <chandu at amd.com>
Subject: RE: [EXT] [dpdk-dev v5] crypto/openssl: openssl 3.0 support on sym crypto routine

Hi Akhil,

> -----Original Message-----
> From: Akhil Goyal <gakhil at marvell.com>
> Sent: Friday, February 25, 2022 10:40 AM
> To: Ji, Kai <kai.ji at intel.com>; dev at dpdk.org
> Cc: Zhang, Roy Fan <roy.fan.zhang at intel.com>
> Subject: RE: [EXT] [dpdk-dev v5] crypto/openssl: openssl 3.0 support 
> on sym crypto routine
> 
> Hi Kai,
> >
> > The warning messages are deprecated APIs warnings from openssl , not 
> > compiler warnings from gcc, the integrity of DPDK remain the same.
> > Alongside openssl pmd, the ccp and qat pmd also raise the same type 
> > of warnings once openssl 3.0 installed.
> >
> > In the current intel roadmap,  we will try to support 3.0 API fully 
> > for openssl
> and
> > qat pmds by the end of year, so this patch is the first step.
> > I think the warning messages are safe to stay, Unfortunately the fix 
> > ccp
> pmd
> > driver is out of our reach.
> >
> 
> When DPDK is compiled with openssl 3.0. I am seeing these errors in 
> compilation.
> So, compilation is broken and we cannot take this patch as is.
> We have few options,
> - fix all of these errors,
> - add exception in meson.build for ignoring these errors.
> - disable/skip compilation of PMDs if openssl version is >3.0
> 
> Adding only one type of APIs does not make sense, if the driver is not 
> compiled.
> 
> In file included from ../drivers/crypto/openssl/openssl_pmd_private.h:12,
>                  from ../drivers/crypto/openssl/rte_openssl_pmd.c:16:
> /usr/local/include/openssl/dh.h:223:27: note: declared here
>   223 | OSSL_DEPRECATEDIN_3_0 int DH_generate_key(DH *dh);
>       |                           ^~~~~~~~~~~~~~~
> ../drivers/crypto/openssl/rte_openssl_pmd.c: In function
> 'process_openssl_rsa_op':
> ../drivers/crypto/openssl/rte_openssl_pmd.c:2068:3: error:
> 'RSA_public_encrypt' is deprecated: Since OpenSSL 3.0 [- 
> Werror=deprecated-declarations]
>  2068 |   ret = RSA_public_encrypt(op->rsa.message.length,

You are right. We will defer the change to next release so we can send along with the asym openssl change Kai is working on. But since we have your attention I would want to drag Chandubabu's attention too  as there are three PMDs uses deprecated openssl lib APIs: openssl, qat, and ccp. Adding a suppress flag to meson build file won't resolve the problem - we need to resolve them before the APIs are gone for good.

Thank you for bringing this to our attention, we will work on CCP changes to support 3.0 API's.

> 
> Also, avoid top posting of comments!