Fix build with OPENSSL_NO_ENGINE

The ENGINE APIs are deprecated in OpenSSL v3, and Fedora 41 and RHEL 10 no longer ship the openssl/engine.h header by default. This allows the build to succeed as a provider without engine.h present. Signed-off-by: Venkatesh J <[email protected]> Co-authored-by: Yaakov Selkowitz <[email protected]>
intel · Nov 5, 2024 · f3ecd64 · f3ecd64
1 parent af75fd1
commit f3ecd64
Show file tree

Hide file tree

Showing 21 changed files with 85 additions and 31 deletions.
diff --git a/e_qat.c b/e_qat.c
@@ -350,7 +350,7 @@ clock_t clock_id = CLOCK_MONOTONIC_RAW;
 clock_t clock_id = CLOCK_MONOTONIC_PRECISE;
 #endif
 
-#ifndef QAT_BORINGSSL
+#if ! defined(QAT_BORINGSSL) && ! defined(QAT_OPENSSL_PROVIDER)
 const ENGINE_CMD_DEFN qat_cmd_defns[] = {
     {
         QAT_CMD_ENABLE_EXTERNAL_POLLING,
@@ -747,6 +747,7 @@ int qat_engine_finish(ENGINE *e)
  *         ENGINE_init
  ******************************************************************************/
 
+#ifndef QAT_OPENSSL_PROVIDER
 int qat_engine_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
 {
     unsigned int retVal = 1;
@@ -1052,6 +1053,7 @@ int qat_engine_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
     }
     return retVal;
 }
+#endif /* QAT_OPENSSL_PROVIDER */
 
 #ifdef ENABLE_QAT_HW_KPT
 EVP_PKEY *qat_engine_load_privkey(ENGINE *e, const char *key_id, UI_METHOD *ui_method, void *callback_data)
@@ -1417,6 +1419,7 @@ int bind_qat(ENGINE *e, const char *id)
     return ret;
 }
 
+#ifndef QAT_OPENSSL_PROVIDER
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 IMPLEMENT_DYNAMIC_BIND_FN(bind_qat)
 IMPLEMENT_DYNAMIC_CHECK_FN()
@@ -1499,4 +1502,5 @@ void ENGINE_unload_qat(void)
     }
 }
 #endif /* QAT_BORINGSSL */
+#endif /* QAT_OPENSSL_PROVIDER */
 #endif
diff --git a/e_qat.h b/e_qat.h
@@ -46,7 +46,11 @@
 #ifndef E_QAT_H
 # define E_QAT_H
 
-# include <openssl/engine.h>
+# ifndef QAT_OPENSSL_PROVIDER
+#  include <openssl/engine.h>
+# endif
+# include <openssl/ec.h>
+# include <openssl/err.h>
 # include <sys/types.h>
 # include <unistd.h>
 # include <string.h>

diff --git a/qat_evp.h b/qat_evp.h
@@ -47,7 +47,6 @@
 # define QAT_EVP_H
 
 
-# include <openssl/engine.h>
 # include <openssl/ossl_typ.h>
 # include "e_qat.h"
 

diff --git a/qat_fips.h b/qat_fips.h
@@ -86,7 +86,6 @@
 # include <openssl/rand.h>
 # include <openssl/sha.h>
 # include <openssl/err.h>
-# include <openssl/engine.h>
 # include <openssl/evp.h>
 # include <openssl/async.h>
 # include <openssl/e_os2.h>

diff --git a/qat_hw_ccm.h b/qat_hw_ccm.h
@@ -46,7 +46,10 @@
 #ifndef QAT_HW_CCM_H
 # define QAT_HW_CCM_H
 
-# include <openssl/engine.h>
+# ifndef QAT_OPENSSL_PROVIDER
+#  include <openssl/engine.h>
+# endif
+# include <openssl/evp.h>
 
 # include "cpa.h"
 # include "cpa_types.h"

diff --git a/qat_hw_ciphers.h b/qat_hw_ciphers.h
@@ -48,7 +48,9 @@
 
 # ifdef QAT_HW
 
-# include <openssl/engine.h>
+# ifndef QAT_OPENSSL_PROVIDER
+#  include <openssl/engine.h>
+# endif
 # include <openssl/ssl.h>
 # include <openssl/crypto.h>
 # include <openssl/aes.h>

diff --git a/qat_hw_ecx.c b/qat_hw_ecx.c
@@ -51,10 +51,11 @@
 #include <signal.h>
 #include <stdarg.h>
 
-#include "openssl/ossl_typ.h"
-#include "openssl/kdf.h"
-#include "openssl/evp.h"
-#include "openssl/ssl.h"
+#include <openssl/ossl_typ.h>
+#include <openssl/kdf.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/ssl.h>
 #include "e_qat.h"
 #include "qat_utils.h"
 #include "qat_hw_asym_common.h"

diff --git a/qat_hw_gcm.h b/qat_hw_gcm.h
@@ -46,7 +46,10 @@
 #ifndef QAT_HW_GCM_H
 #define QAT_HW_GCM_H
 
-# include <openssl/engine.h>
+# ifndef QAT_OPENSSL_PROVIDER
+#  include <openssl/engine.h>
+# endif
+# include <openssl/evp.h>
 
 # include "cpa.h"
 # include "cpa_types.h"

diff --git a/qat_hw_init.c b/qat_hw_init.c
@@ -128,6 +128,7 @@ int qat_use_signals(void)
        been initialised then there will be a further check within
        qat_engine_init inside a mutex to prevent a race condition. */
 
+#ifndef QAT_OPENSSL_PROVIDER
     if (unlikely(!engine_inited)) {
         ENGINE* e = ENGINE_by_id(engine_qat_id);
 
@@ -146,6 +147,7 @@ int qat_use_signals(void)
         ENGINE_free(e);
         ENGINE_QAT_PTR_RESET();
     }
+#endif
 
     return qat_use_signals_no_engine_start();
 }
@@ -226,6 +228,7 @@ int get_instance(int inst_type, int mem_type)
 
     unsigned int inst_count = 0;
     thread_local_variables_t * tlv = NULL;
+#ifndef QAT_OPENSSL_PROVIDER
     /* See qat_use_signals() above for more info on why it is safe to
        check engine_inited outside of a mutex in this case. */
     if (unlikely(!engine_inited)) {
@@ -245,6 +248,7 @@ int get_instance(int inst_type, int mem_type)
         ENGINE_free(e);
         ENGINE_QAT_PTR_RESET();
     }
+#endif
 
     tlv = qat_check_create_local_variables();
     if (unlikely(NULL == tlv)) {

diff --git a/qat_hw_sha3.h b/qat_hw_sha3.h
@@ -46,7 +46,10 @@
 #ifndef QAT_HW_SHA3_H
 # define QAT_HW_SHA3_H
 
-# include <openssl/engine.h>
+# ifndef QAT_OPENSSL_PROVIDER
+#  include <openssl/engine.h>
+# endif
+# include <openssl/evp.h>
 
 # include "cpa.h"
 # include "cpa_types.h"

diff --git a/qat_hw_sm3.h b/qat_hw_sm3.h
@@ -46,7 +46,10 @@
 #ifndef QAT_HW_SM3_H
 # define QAT_HW_SM3_H
 
+#ifndef QAT_OPENSSL_PROVIDER
 # include <openssl/engine.h>
+#endif
+# include <openssl/evp.h>
 
 # include "cpa.h"
 # include "cpa_types.h"

diff --git a/qat_hw_sm4_cbc.h b/qat_hw_sm4_cbc.h
@@ -53,7 +53,9 @@
 #endif
 
 # ifdef ENABLE_QAT_HW_SM4_CBC
-# include <openssl/engine.h>
+# ifndef QAT_OPENSSL_PROVIDER
+#  include <openssl/engine.h>
+# endif
 # include <openssl/ssl.h>
 # include <openssl/crypto.h>
 

diff --git a/qat_prov_dh.h b/qat_prov_dh.h
@@ -63,6 +63,7 @@
 #include <openssl/err.h>
 #include <openssl/proverr.h>
 #include <openssl/params.h>
+#include <openssl/evp.h>
 #include "e_qat.h"
 
 #define FFC_UNVERIFIABLE_GINDEX -1

diff --git a/qat_prov_dsa.h b/qat_prov_dsa.h
@@ -59,6 +59,7 @@
 #include <openssl/core_names.h>
 #include <openssl/proverr.h>
 #include <openssl/dsa.h>
+#include <openssl/evp.h>
 #include <stdio.h>
 #include <string.h>
 #include "e_qat.h"

diff --git a/qat_sw_ecx.c b/qat_sw_ecx.c
@@ -53,6 +53,7 @@
 #include <pthread.h>
 #include <openssl/rsa.h>
 #include <openssl/err.h>
+#include <openssl/rand.h>
 #include <string.h>
 #include <unistd.h>
 #include <signal.h>

diff --git a/qat_sw_ecx.h b/qat_sw_ecx.h
@@ -46,7 +46,9 @@
 #ifndef QAT_SW_ECX_H
 # define QAT_SW_ECX_H
 
-# include <openssl/engine.h>
+# ifndef QAT_OPENSSL_PROVIDER
+#  include <openssl/engine.h>
+# endif
 # include <openssl/ossl_typ.h>
 
 

diff --git a/qat_sw_sm3.h b/qat_sw_sm3.h
@@ -46,7 +46,10 @@
 #ifndef QAT_SW_SM3_H
 # define QAT_SW_SM3_H
 
-# include <openssl/engine.h>
+# ifndef QAT_OPENSSL_PROVIDER
+#  include <openssl/engine.h>
+# endif
+# include <openssl/evp.h>
 # include <openssl/ossl_typ.h>
 
 /* QAT_SW SM3 methods declaration */

diff --git a/qat_sw_sm4_cbc.h b/qat_sw_sm4_cbc.h
@@ -46,7 +46,10 @@
 #ifndef QAT_SW_SM4_CBC_H
 # define QAT_SW_SM4_CBC_H
 
-# include <openssl/engine.h>
+# ifndef QAT_OPENSSL_PROVIDER
+#  include <openssl/engine.h>
+# endif
+# include <openssl/evp.h>
 # include <openssl/ossl_typ.h>
 
 /* BabaSSL includes needed for sw method */

diff --git a/qat_sw_sm4_ccm.h b/qat_sw_sm4_ccm.h
@@ -46,7 +46,10 @@
 #ifndef QAT_SW_SM4_CCM_H
 # define QAT_SW_SM4_CCM_H
 
-# include <openssl/engine.h>
+# ifndef QAT_OPENSSL_PROVIDER
+#  include <openssl/engine.h>
+# endif
+# include <openssl/evp.h>
 # include <openssl/ossl_typ.h>
 # include <openssl/modes.h>
 

diff --git a/qat_sw_sm4_gcm.h b/qat_sw_sm4_gcm.h
@@ -46,7 +46,10 @@
 #ifndef QAT_SW_SM4_GCM_H
 # define QAT_SW_SM4_GCM_H
 
-# include <openssl/engine.h>
+# ifndef QAT_OPENSSL_PROVIDER
+#  include <openssl/engine.h>
+# endif
+# include <openssl/evp.h>
 # include <openssl/ossl_typ.h>
 # include <openssl/modes.h>
 

diff --git a/qatengine.spec b/qatengine.spec
@@ -1,7 +1,16 @@
 # SPDX-License-Identifier: MIT
 
+# Build as an OpenSSL provider instead of as an engine
+%bcond provider %[0%{?fedora} >= 41 || 0%{?rhel} >= 10]
+# QAT_HW only acceleration for RHEL
+%bcond sw %{undefined rhel}
+
 # Define the directory where the OpenSSL engines are installed
+%if %{with provider}
+%global modulesdir %(pkg-config --variable=modulesdir libcrypto)
+%else
 %global enginesdir %(pkg-config --variable=enginesdir libcrypto)
+%endif
 
 Name:           qatengine
 Version:        1.7.0
@@ -23,15 +32,12 @@ BuildRequires:  automake
 BuildRequires:  gcc
 BuildRequires:  libtool
 BuildRequires:  openssl-devel >= 1.1.1
-%if 0%{?fedora} > 40
-BuildRequires:  openssl-devel-engine
-%endif
 BuildRequires:  qatlib-devel >= 23.02.0
 %if !0%{?rhel}
 BuildRequires:  intel-ipp-crypto-mb-devel >= 1.0.6
 BuildRequires:  intel-ipsec-mb-devel >= 1.3.0
-BuildRequires:  openssl
 %endif
+BuildRequires:  openssl
 
 %description
 This package provides the Intel QuickAssist Technology OpenSSL Engine
@@ -44,13 +50,7 @@ enabled Intel platforms.
 
 %build
 autoreconf -ivf
-%if !0%{?rhel}
-# Enable QAT_HW & QAT_SW Co-existence acceleration
-%configure --enable-qat_sw
-%else
-# QAT_HW only acceleration for RHEL
-%configure
-%endif
+%configure %{?with_sw:--enable-qat_sw} %{?with_provider:--enable-qat_provider}
 %make_build
 
 %install
@@ -60,22 +60,32 @@ autoreconf -ivf
 find %{buildroot} -name "*.la" -delete
 %endif
 
-%if !0%{?rhel}
 %check
+%if %{with provider}
+export OPENSSL_MODULES=%{buildroot}%{modulesdir}
+openssl list -providers -provider qatprovider
+%else
 export OPENSSL_ENGINES=%{buildroot}%{enginesdir}
 openssl engine -v %{name}
 %endif
 
 %files
 %license LICENSE*
 %doc README.md docs*
+%if %{with provider}
+%{modulesdir}/qatprovider.so
+%else
 %{enginesdir}/%{name}.so
+%endif
 
 %changelog
-* Wed Sep 11 2024 Yogaraj Alamenda <[email protected]> - 1.7.0-1
+* Thu Oct 24 2024 Yogaraj Alamenda <[email protected]> - 1.7.0-1
 - Update to qatengine v1.7.0
 - Remove qat_contig_mem from upstream package
 
+* Fri Sep 20 2024 Yaakov Selkowitz <[email protected]> - 1.6.2-2
+- Build as a provider for F41 and EL10
+
 * Wed Aug 14 2024 Krithika Kumaravelu <[email protected]> - 1.6.2-1
 - Update to qatengine v1.6.2