Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/128849/?format=api
{ "id": 128849, "url": "https://patches.dpdk.org/api/patches/128849/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/20230620105617.339222-1-brian.dooley@intel.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20230620105617.339222-1-brian.dooley@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20230620105617.339222-1-brian.dooley@intel.com", "date": "2023-06-20T10:56:17", "name": "[v7] crypto/qat: default to IPsec MB for computations", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "daecbdb49bea56e0eeb30dab4b601315f7db7f2f", "submitter": { "id": 2520, "url": "https://patches.dpdk.org/api/people/2520/?format=api", "name": "Dooley, Brian", "email": "brian.dooley@intel.com" }, "delegate": { "id": 6690, "url": "https://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "https://patches.dpdk.org/project/dpdk/patch/20230620105617.339222-1-brian.dooley@intel.com/mbox/", "series": [ { "id": 28581, "url": "https://patches.dpdk.org/api/series/28581/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=28581", "date": "2023-06-20T10:56:17", "name": "[v7] crypto/qat: default to IPsec MB for computations", "version": 7, "mbox": "https://patches.dpdk.org/series/28581/mbox/" } ], "comments": "https://patches.dpdk.org/api/patches/128849/comments/", "check": "success", "checks": "https://patches.dpdk.org/api/patches/128849/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id E825E42D07;\n\tTue, 20 Jun 2023 12:56:25 +0200 (CEST)", "from mails.dpdk.org (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id BC3064068E;\n\tTue, 20 Jun 2023 12:56:25 +0200 (CEST)", "from mga07.intel.com (mga07.intel.com [134.134.136.100])\n by mails.dpdk.org (Postfix) with ESMTP id D2493400D6\n for <dev@dpdk.org>; Tue, 20 Jun 2023 12:56:23 +0200 (CEST)", "from orsmga007.jf.intel.com ([10.7.209.58])\n by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 20 Jun 2023 03:56:22 -0700", "from silpixa00400883.ir.intel.com ([10.243.22.155])\n by orsmga007.jf.intel.com with ESMTP; 20 Jun 2023 03:56:20 -0700" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1687258584; x=1718794584;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=m9wYirJ9lt7ovly1C2tYgVVdJtEcWFu4lQ5byKAsK8Y=;\n b=l++xuXJSN0YyfUAo6AUvGn0HCx6kmkFeZWeiGAPVdmPWMgMm+8NHVjzc\n LYSFUgJDSKt2DydZJpES+Q2DP3yNLYLphdlMuMrWJm0RSrVzzLeeoUZ62\n onfBKozB9oDUeamt9dP8i3vJlJ+4rRzr9KI2rjjdd3H1O2pLR3TKlk4Kq\n KkxgyxpOpmBa5JXviKxVDKZIWCoczMF7d7aUQw5L2zxpw2aFl2lJpJLf+\n KhvXCRDP70c9cwcydeFL9AyMrjazjx/BFLE8JoT+iFvYfNJxI9glH1etA\n r47n4+tcmWDPyQ1IqRAiAFqrOGCpkmbG1Cxo+MhL0a6AFwLlEe6FBSUKF g==;", "X-IronPort-AV": [ "E=McAfee;i=\"6600,9927,10746\"; a=\"425784507\"", "E=Sophos;i=\"6.00,256,1681196400\"; d=\"scan'208\";a=\"425784507\"", "E=McAfee;i=\"6600,9927,10746\"; a=\"708210421\"", "E=Sophos;i=\"6.00,256,1681196400\"; d=\"scan'208\";a=\"708210421\"" ], "X-ExtLoop1": "1", "From": "Brian Dooley <brian.dooley@intel.com>", "To": "Kai Ji <kai.ji@intel.com>", "Cc": "dev@dpdk.org, gakhil@marvell.com, pablo.de.lara.guarch@intel.com,\n Brian Dooley <brian.dooley@intel.com>, Ciara Power <ciara.power@intel.com>", "Subject": "[PATCH v7] crypto/qat: default to IPsec MB for computations", "Date": "Tue, 20 Jun 2023 10:56:17 +0000", "Message-Id": "<20230620105617.339222-1-brian.dooley@intel.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20230616160223.1044885-1-brian.dooley@intel.com>", "References": "<20230616160223.1044885-1-brian.dooley@intel.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org" }, "content": "Pre and post computations currently use the OpenSSL library by default.\nThis patch changes the default option to Intel IPsec MB library version\n1.4 for the required computations. If this version of IPsec is not met\nit will fallback to use OpenSSL. ARM will always default to using\nOpenSSL as ARM IPsec MB does not support the necessary algorithms.\n\nAdded version checks for libipsecmb and libcrypto into meson build.\nAdded directives for detecting IPsec MB or OpenSSL.\n\nSigned-off-by: Brian Dooley <brian.dooley@intel.com>\nAcked-by: Kai Ji <kai.ji@intel.com>\nAcked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>\nAcked-by: Ciara Power <ciara.power@intel.com>\n---\nv7:\nRebase for-main\nv6:\nFix for arm support and add extra wrappers for docsis cipher crc\nv5:\nRemove ipsec mb define and add previous ack\nv4:\nRebase and fix conflicts\nv3:\nFix checkpatch warnings by replacing return with goto\nv2:\nOpenSSL code reintroduced as a fallback feature if Intel IPsec MB 1.4\nnot available\n---\n doc/guides/cryptodevs/qat.rst | 15 +-\n drivers/common/qat/meson.build | 57 +-\n drivers/common/qat/qat_device.c | 1 -\n drivers/common/qat/qat_device.h | 3 +-\n drivers/crypto/qat/dev/qat_crypto_pmd_gens.h | 29 +-\n drivers/crypto/qat/qat_sym.c | 9 +-\n drivers/crypto/qat/qat_sym.h | 27 +\n drivers/crypto/qat/qat_sym_session.c | 877 ++++++++++---------\n drivers/crypto/qat/qat_sym_session.h | 12 +\n 9 files changed, 576 insertions(+), 454 deletions(-)", "diff": "diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst\nindex b454e1855d..e2a4622c19 100644\n--- a/doc/guides/cryptodevs/qat.rst\n+++ b/doc/guides/cryptodevs/qat.rst\n@@ -331,18 +331,13 @@ To use this feature the user must set the devarg on process start as a device ad\n -a 03:01.1,qat_sym_cipher_crc_enable=1\n \n \n-Running QAT PMD with Intel IPSEC MB library for symmetric precomputes function\n+Running QAT PMD with Intel IPsec MB library for symmetric precomputes function\n ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n \n-The QAT PMD use Openssl library for partial hash calculation in symmetirc precomputes function by\n-default, the following parameter is allow QAT PMD switch over to multi-buffer job API if Intel\n-IPSEC MB library installed on system.\n-\n-- qat_ipsec_mb_lib\n-\n-To use this feature the user must set the parameter on process start as a device additional parameter::\n-\n- -a 03:01.1,qat_ipsec_mb_lib=1\n+The QAT PMD uses Intel IPsec MB library for partial hash calculation in symmetric precomputes function by\n+default, the minimum required version of IPsec MB library is v1.4. If this version of IPsec is not met it\n+will fallback to use OpenSSL. ARM will always default to using OpenSSL as ARM IPsec MB does not support\n+the necessary algorithms.\n \n \n Device and driver naming\ndiff --git a/drivers/common/qat/meson.build b/drivers/common/qat/meson.build\nindex b84e5b3c6c..0f72b6959b 100644\n--- a/drivers/common/qat/meson.build\n+++ b/drivers/common/qat/meson.build\n@@ -28,29 +28,45 @@ if disable_drivers.contains(qat_compress_path)\n endif\n \n libcrypto = dependency('libcrypto', required: false, method: 'pkg-config')\n-if qat_crypto and not libcrypto.found()\n- qat_crypto = false\n- dpdk_drvs_disabled += qat_crypto_path\n- set_variable(qat_crypto_path.underscorify() + '_disable_reason',\n- 'missing dependency, libcrypto')\n-endif\n \n-IMB_required_ver = '1.2.0'\n-IMB_header = '#include<intel-ipsec-mb.h>'\n if arch_subdir == 'arm'\n- IMB_header = '#include<ipsec-mb.h>'\n-endif\n-libipsecmb = cc.find_library('IPSec_MB', required: false)\n-libcrypto_3 = dependency('libcrypto', required: false,\n- method: 'pkg-config', version : '>=3.0.0')\n-if libipsecmb.found() and libcrypto_3.found()\n- # version comes with quotes, so we split based on \" and take the middle\n- imb_ver = cc.get_define('IMB_VERSION_STR',\n- prefix : IMB_header).split('\"')[1]\n+ if libcrypto.found()\n+ ext_deps += libcrypto\n+ dpdk_conf.set('RTE_QAT_OPENSSL', true)\n+ else\n+ qat_crypto = false\n+ dpdk_drvs_disabled += qat_crypto_path\n+ set_variable(qat_crypto_path.underscorify() + '_disable_reason',\n+ 'missing dependency for Arm, libcrypto')\n+ endif\n+else\n+ IMB_required_ver = '1.4.0'\n+ IMB_header = '#include<intel-ipsec-mb.h>'\n+ libipsecmb = cc.find_library('IPSec_MB', required: false)\n+ if libipsecmb.found()\n+ # version comes with quotes, so we split based on \" and take the middle\n+ imb_ver = cc.get_define('IMB_VERSION_STR',\n+ prefix : IMB_header).split('\"')[1]\n \n- if (imb_ver.version_compare('>=' + IMB_required_ver))\n- ext_deps += libipsecmb\n- dpdk_conf.set('RTE_QAT_LIBIPSECMB', true)\n+ if (imb_ver.version_compare('>=' + IMB_required_ver))\n+ ext_deps += libipsecmb\n+ elif libcrypto.found()\n+ ext_deps += libcrypto\n+ dpdk_conf.set('RTE_QAT_OPENSSL', true)\n+ else\n+ qat_crypto = false\n+ dpdk_drvs_disabled += qat_crypto_path\n+ set_variable(qat_crypto_path.underscorify() + '_disable_reason',\n+ 'missing dependency, libipsecmb or libcrypto')\n+ endif\n+ elif libcrypto.found()\n+ ext_deps += libcrypto\n+ dpdk_conf.set('RTE_QAT_OPENSSL', true)\n+ else\n+ qat_crypto = false\n+ dpdk_drvs_disabled += qat_crypto_path\n+ set_variable(qat_crypto_path.underscorify() + '_disable_reason',\n+ 'missing dependency, libipsecmb or libcrypto')\n endif\n endif\n \n@@ -103,6 +119,5 @@ if qat_crypto\n sources += files(join_paths(qat_crypto_relpath, f))\n endforeach\n deps += ['security']\n- ext_deps += libcrypto\n cflags += ['-DBUILD_QAT_SYM', '-DBUILD_QAT_ASYM']\n endif\ndiff --git a/drivers/common/qat/qat_device.c b/drivers/common/qat/qat_device.c\nindex bdd3f689f3..2675f0d9d1 100644\n--- a/drivers/common/qat/qat_device.c\n+++ b/drivers/common/qat/qat_device.c\n@@ -372,7 +372,6 @@ static int qat_pci_probe(struct rte_pci_driver *pci_drv __rte_unused,\n \tstruct qat_dev_hw_spec_funcs *ops_hw;\n \tstruct qat_dev_cmd_param qat_dev_cmd_param[] = {\n \t\t\t{ QAT_LEGACY_CAPA, 0 },\n-\t\t\t{ QAT_IPSEC_MB_LIB, 0 },\n \t\t\t{ SYM_ENQ_THRESHOLD_NAME, 0 },\n \t\t\t{ ASYM_ENQ_THRESHOLD_NAME, 0 },\n \t\t\t{ COMP_ENQ_THRESHOLD_NAME, 0 },\ndiff --git a/drivers/common/qat/qat_device.h b/drivers/common/qat/qat_device.h\nindex ed752b9f28..afee83017b 100644\n--- a/drivers/common/qat/qat_device.h\n+++ b/drivers/common/qat/qat_device.h\n@@ -18,13 +18,12 @@\n #define QAT_DEV_NAME_MAX_LEN\t64\n \n #define QAT_LEGACY_CAPA \"qat_legacy_capa\"\n-#define QAT_IPSEC_MB_LIB \"qat_ipsec_mb_lib\"\n #define SYM_ENQ_THRESHOLD_NAME \"qat_sym_enq_threshold\"\n #define ASYM_ENQ_THRESHOLD_NAME \"qat_asym_enq_threshold\"\n #define COMP_ENQ_THRESHOLD_NAME \"qat_comp_enq_threshold\"\n #define SYM_CIPHER_CRC_ENABLE_NAME \"qat_sym_cipher_crc_enable\"\n #define QAT_CMD_SLICE_MAP \"qat_cmd_slice_disable\"\n-#define QAT_CMD_SLICE_MAP_POS\t6\n+#define QAT_CMD_SLICE_MAP_POS\t5\n #define MAX_QP_THRESHOLD_SIZE\t32\n \n /**\ndiff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h\nindex f2bf343793..8ba985e2fc 100644\n--- a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h\n+++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h\n@@ -82,8 +82,13 @@ qat_bpicipher_preprocess(struct qat_sym_session *ctx,\n \t\t\tQAT_DP_HEXDUMP_LOG(DEBUG, \"BPI: dst before pre-process:\",\n \t\t\tdst, last_block_len);\n #endif\n+#ifdef RTE_QAT_OPENSSL\n \t\top_bpi_cipher_decrypt(last_block, dst, iv, block_len,\n \t\t\t\tlast_block_len, ctx->bpi_ctx);\n+#else\n+\t\tbpi_cipher_ipsec(last_block, dst, iv, last_block_len, ctx->expkey,\n+\t\t\tctx->mb_mgr, ctx->docsis_key_len);\n+#endif\n #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG\n \t\tQAT_DP_HEXDUMP_LOG(DEBUG, \"BPI: src after pre-process:\",\n \t\t\tlast_block, last_block_len);\n@@ -231,7 +236,12 @@ qat_sym_convert_op_to_vec_cipher(struct rte_crypto_op *op,\n \t\tcipher_ofs = op->sym->cipher.data.offset >> 3;\n \t\tbreak;\n \tcase 0:\n+\n+#ifdef RTE_QAT_OPENSSL\n \t\tif (ctx->bpi_ctx) {\n+#else\n+\t\tif (ctx->mb_mgr) {\n+#endif\n \t\t\t/* DOCSIS - only send complete blocks to device.\n \t\t\t * Process any partial block using CFB mode.\n \t\t\t * Even if 0 complete blocks, still send this to device\n@@ -375,6 +385,7 @@ qat_sym_convert_op_to_vec_chain(struct rte_crypto_op *op,\n \tint is_oop = (op->sym->m_dst != NULL) &&\n \t\t\t(op->sym->m_dst != op->sym->m_src);\n \tint is_sgl = op->sym->m_src->nb_segs > 1;\n+\tint is_bpi = 0;\n \tint n_src;\n \tint ret;\n \n@@ -399,9 +410,14 @@ qat_sym_convert_op_to_vec_chain(struct rte_crypto_op *op,\n \t\tcipher_ofs = op->sym->cipher.data.offset >> 3;\n \t\tbreak;\n \tcase 0:\n+#ifdef RTE_QAT_OPENSSL\n \t\tif (ctx->bpi_ctx) {\n+#else\n+\t\tif (ctx->mb_mgr) {\n+#endif\n \t\t\tcipher_len = qat_bpicipher_preprocess(ctx, op);\n \t\t\tcipher_ofs = op->sym->cipher.data.offset;\n+\t\t\tis_bpi = 1;\n \t\t} else {\n \t\t\tcipher_len = op->sym->cipher.data.length;\n \t\t\tcipher_ofs = op->sym->cipher.data.offset;\n@@ -436,7 +452,7 @@ qat_sym_convert_op_to_vec_chain(struct rte_crypto_op *op,\n \t/* digest in buffer check. Needed only for wireless algos\n \t * or combined cipher-crc operations\n \t */\n-\tif (ret == 1 || ctx->bpi_ctx) {\n+\tif (ret == 1 || is_bpi) {\n \t\t/* Handle digest-encrypted cases, i.e.\n \t\t * auth-gen-then-cipher-encrypt and\n \t\t * cipher-decrypt-then-auth-verify\n@@ -465,7 +481,11 @@ qat_sym_convert_op_to_vec_chain(struct rte_crypto_op *op,\n \t\t/* Then check if digest-encrypted conditions are met */\n \t\tif (((auth_ofs + auth_len < cipher_ofs + cipher_len) &&\n \t\t\t\t(digest->iova == auth_end_iova)) ||\n+#ifdef RTE_QAT_OPENSSL\n \t\t\t\tctx->bpi_ctx)\n+#else\n+\t\t\t\tctx->mb_mgr)\n+#endif\n \t\t\tmax_len = RTE_MAX(max_len, auth_ofs + auth_len +\n \t\t\t\t\tctx->digest_length);\n \t}\n@@ -702,7 +722,12 @@ enqueue_one_chain_job_gen1(struct qat_sym_session *ctx,\n \t/* Then check if digest-encrypted conditions are met */\n \tif (((auth_param->auth_off + auth_param->auth_len <\n \t\tcipher_param->cipher_offset + cipher_param->cipher_length) &&\n-\t\t\t(digest->iova == auth_iova_end)) || ctx->bpi_ctx) {\n+\t\t\t(digest->iova == auth_iova_end)) ||\n+#ifdef RTE_QAT_OPENSSL\n+\t\t\tctx->bpi_ctx) {\n+#else\n+\t\t\tctx->mb_mgr) {\n+#endif\n \t\t/* Handle partial digest encryption */\n \t\tif (cipher_param->cipher_offset + cipher_param->cipher_length <\n \t\t\tauth_param->auth_off + auth_param->auth_len +\ndiff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c\nindex fda75e05f6..5c3cdd8183 100644\n--- a/drivers/crypto/qat/qat_sym.c\n+++ b/drivers/crypto/qat/qat_sym.c\n@@ -1,5 +1,5 @@\n /* SPDX-License-Identifier: BSD-3-Clause\n- * Copyright(c) 2015-2022 Intel Corporation\n+ * Copyright(c) 2015-2023 Intel Corporation\n */\n \n #include <openssl/evp.h>\n@@ -16,7 +16,6 @@\n #include \"qat_qp.h\"\n \n uint8_t qat_sym_driver_id;\n-int qat_ipsec_mb_lib;\n int qat_legacy_capa;\n \n struct qat_crypto_gen_dev_ops qat_sym_gen_dev_ops[QAT_N_GENS];\n@@ -108,7 +107,11 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,\n \t\t\tstruct rte_cryptodev *cdev;\n \t\t\tstruct qat_cryptodev_private *internals;\n \n+#ifdef RTE_QAT_OPENSSL\n \t\t\tif (unlikely(ctx->bpi_ctx == NULL)) {\n+#else\n+\t\t\tif (unlikely(ctx->mb_mgr == NULL)) {\n+#endif\n \t\t\t\tQAT_DP_LOG(ERR, \"QAT PMD only supports security\"\n \t\t\t\t\t\t\" operation requests for\"\n \t\t\t\t\t\t\" DOCSIS, op (%p) is not for\"\n@@ -277,8 +280,6 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev,\n \t\t\t\tSYM_CIPHER_CRC_ENABLE_NAME))\n \t\t\tinternals->cipher_crc_offload_enable =\n \t\t\t\t\tqat_dev_cmd_param[i].val;\n-\t\tif (!strcmp(qat_dev_cmd_param[i].name, QAT_IPSEC_MB_LIB))\n-\t\t\tqat_ipsec_mb_lib = qat_dev_cmd_param[i].val;\n \t\tif (!strcmp(qat_dev_cmd_param[i].name, QAT_LEGACY_CAPA))\n \t\t\tqat_legacy_capa = qat_dev_cmd_param[i].val;\n \t\tif (!strcmp(qat_dev_cmd_param[i].name, QAT_CMD_SLICE_MAP))\ndiff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h\nindex 0f78c0f4b8..193281cd91 100644\n--- a/drivers/crypto/qat/qat_sym.h\n+++ b/drivers/crypto/qat/qat_sym.h\n@@ -160,6 +160,20 @@ bpi_cipher_encrypt(uint8_t *src, uint8_t *dst,\n \treturn -EINVAL;\n }\n \n+#ifndef RTE_QAT_OPENSSL\n+static __rte_always_inline void\n+bpi_cipher_ipsec(uint8_t *src, uint8_t *dst, uint8_t *iv, int srclen,\n+\t\tuint64_t *expkey, IMB_MGR *m, uint8_t docsis_key_len)\n+{\n+\tif (docsis_key_len == ICP_QAT_HW_AES_128_KEY_SZ)\n+\t\tIMB_AES128_CFB_ONE(m, dst, src, (uint64_t *)iv, expkey, srclen);\n+\telse if (docsis_key_len == ICP_QAT_HW_AES_256_KEY_SZ)\n+\t\tIMB_AES256_CFB_ONE(m, dst, src, (uint64_t *)iv, expkey, srclen);\n+\telse if (docsis_key_len == ICP_QAT_HW_DES_KEY_SZ)\n+\t\tdes_cfb_one(dst, src, (uint64_t *)iv, expkey, srclen);\n+}\n+#endif\n+\n static inline uint32_t\n qat_bpicipher_postprocess(struct qat_sym_session *ctx,\n \t\t\t\tstruct rte_crypto_op *op)\n@@ -204,8 +218,13 @@ qat_bpicipher_postprocess(struct qat_sym_session *ctx,\n \t\t\t\t\"BPI: dst before post-process:\",\n \t\t\t\tdst, last_block_len);\n #endif\n+#ifdef RTE_QAT_OPENSSL\n \t\tbpi_cipher_encrypt(last_block, dst, iv, block_len,\n \t\t\t\tlast_block_len, ctx->bpi_ctx);\n+#else\n+\t\tbpi_cipher_ipsec(last_block, dst, iv, last_block_len, ctx->expkey,\n+\t\t\tctx->mb_mgr, ctx->docsis_key_len);\n+#endif\n #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG\n \t\tQAT_DP_HEXDUMP_LOG(DEBUG, \"BPI: src after post-process:\",\n \t\t\t\tlast_block, last_block_len);\n@@ -275,7 +294,11 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops)\n \t\tif (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {\n \t\t\tctx = SECURITY_GET_SESS_PRIV(op->sym->session);\n \n+#ifdef RTE_QAT_OPENSSL\n \t\t\tif (ctx == NULL || ctx->bpi_ctx == NULL)\n+#else\n+\t\t\tif (ctx == NULL || ctx->mb_mgr == NULL)\n+#endif\n \t\t\t\tcontinue;\n \n \t\t\tif (ctx->qat_cmd != ICP_QAT_FW_LA_CMD_CIPHER_CRC)\n@@ -320,7 +343,11 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,\n \t} else {\n \t\trx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;\n \n+#ifdef RTE_QAT_OPENSSL\n \t\tif (sess->bpi_ctx) {\n+#else\n+\t\tif (sess->mb_mgr) {\n+#endif\n \t\t\tqat_bpicipher_postprocess(sess, rx_op);\n \t\t\tif (is_docsis_sec && sess->qat_cmd !=\n \t\t\t\t\t\tICP_QAT_FW_LA_CMD_CIPHER_CRC)\ndiff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c\nindex 327f568a28..21d3e524b3 100644\n--- a/drivers/crypto/qat/qat_sym_session.c\n+++ b/drivers/crypto/qat/qat_sym_session.c\n@@ -9,11 +9,8 @@\n #include <openssl/md5.h>\t/* Needed to calculate pre-compute values */\n #include <openssl/evp.h>\t/* Needed for bpi runt block processing */\n \n-#ifdef RTE_QAT_LIBIPSECMB\n-#define NO_COMPAT_IMB_API_053\n-#if defined(RTE_ARCH_ARM)\n-#include <ipsec-mb.h>\n-#else\n+#ifndef RTE_QAT_OPENSSL\n+#ifndef RTE_ARCH_ARM\n #include <intel-ipsec-mb.h>\n #endif\n #endif\n@@ -32,6 +29,7 @@\n #include \"qat_sym_session.h\"\n #include \"qat_sym.h\"\n \n+#ifdef RTE_QAT_OPENSSL\n #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)\n #include <openssl/provider.h>\n \n@@ -64,8 +62,7 @@ static void ossl_legacy_provider_unload(void)\n \tOSSL_PROVIDER_unload(default_lib);\n }\n #endif\n-\n-extern int qat_ipsec_mb_lib;\n+#endif\n \n #define ETH_CRC32_POLYNOMIAL 0x04c11db7\n #define ETH_CRC32_INIT_VAL 0xffffffff\n@@ -144,6 +141,7 @@ qat_sym_session_finalize(struct qat_sym_session *session)\n \tqat_sym_session_init_common_hdr(session);\n }\n \n+#ifdef RTE_QAT_OPENSSL\n /** Frees a context previously created\n * Depends on openssl libcrypto\n */\n@@ -194,6 +192,51 @@ bpi_cipher_ctx_init(enum rte_crypto_cipher_algorithm cryptodev_algo,\n \t}\n \treturn ret;\n }\n+#endif\n+\n+#ifndef RTE_QAT_OPENSSL\n+/** Creates a context in either AES or DES in ECB mode\n+ */\n+static int\n+ipsec_mb_ctx_init(const uint8_t *key, uint16_t key_length,\n+\t\tenum rte_crypto_cipher_algorithm cryptodev_algo,\n+\t\tuint64_t *expkey, uint32_t *dust, IMB_MGR **m)\n+{\n+\tint ret;\n+\n+\t*m = alloc_mb_mgr(0);\n+\tif (*m == NULL)\n+\t\treturn -ENOMEM;\n+\n+\tinit_mb_mgr_auto(*m, NULL);\n+\n+\tif (cryptodev_algo == RTE_CRYPTO_CIPHER_AES_DOCSISBPI) {\n+\t\tif (key_length == ICP_QAT_HW_AES_128_KEY_SZ)\n+\t\t\tIMB_AES_KEYEXP_128(*m, key, expkey, dust);\n+\t\telse if (key_length == ICP_QAT_HW_AES_256_KEY_SZ)\n+\t\t\tIMB_AES_KEYEXP_256(*m, key, expkey, dust);\n+\t\telse {\n+\t\t\tret = -EFAULT;\n+\t\t\tgoto error_out;\n+\t\t}\n+\t} else if (cryptodev_algo == RTE_CRYPTO_CIPHER_DES_DOCSISBPI) {\n+\t\tif (key_length == ICP_QAT_HW_DES_KEY_SZ)\n+\t\t\tIMB_DES_KEYSCHED(*m, (uint64_t *)expkey, key);\n+\t\telse {\n+\t\t\tret = -EFAULT;\n+\t\t\tgoto error_out;\n+\t\t}\n+\t}\n+\treturn 0;\n+\n+error_out:\n+\tif (*m) {\n+\t\tfree_mb_mgr(*m);\n+\t\t*m = NULL;\n+\t}\n+\treturn ret;\n+}\n+#endif\n \n static int\n qat_is_cipher_alg_supported(enum rte_crypto_cipher_algorithm algo,\n@@ -243,8 +286,13 @@ qat_sym_session_clear(struct rte_cryptodev *dev __rte_unused,\n {\n \tstruct qat_sym_session *s = CRYPTODEV_GET_SYM_SESS_PRIV(sess);\n \n+#ifdef RTE_QAT_OPENSSL\n \tif (s->bpi_ctx)\n \t\tbpi_cipher_ctx_free(s->bpi_ctx);\n+#else\n+\tif (s->mb_mgr)\n+\t\tfree_mb_mgr(s->mb_mgr);\n+#endif\n }\n \n static int\n@@ -407,12 +455,23 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev,\n \t\tsession->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;\n \t\tbreak;\n \tcase RTE_CRYPTO_CIPHER_DES_DOCSISBPI:\n+#ifdef RTE_QAT_OPENSSL\n \t\tret = bpi_cipher_ctx_init(\n \t\t\t\t\tcipher_xform->algo,\n \t\t\t\t\tcipher_xform->op,\n \t\t\t\t\tcipher_xform->key.data,\n \t\t\t\t\tcipher_xform->key.length,\n \t\t\t\t\t&session->bpi_ctx);\n+#else\n+\t\tsession->docsis_key_len = cipher_xform->key.length;\n+\t\tret = ipsec_mb_ctx_init(\n+\t\t\t\t\tcipher_xform->key.data,\n+\t\t\t\t\tcipher_xform->key.length,\n+\t\t\t\t\tcipher_xform->algo,\n+\t\t\t\t\tsession->expkey,\n+\t\t\t\t\tsession->dust,\n+\t\t\t\t\t&session->mb_mgr);\n+#endif\n \t\tif (ret != 0) {\n \t\t\tQAT_LOG(ERR, \"failed to create DES BPI ctx\");\n \t\t\tgoto error_out;\n@@ -426,12 +485,23 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev,\n \t\tsession->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;\n \t\tbreak;\n \tcase RTE_CRYPTO_CIPHER_AES_DOCSISBPI:\n+#ifdef RTE_QAT_OPENSSL\n \t\tret = bpi_cipher_ctx_init(\n \t\t\t\t\tcipher_xform->algo,\n \t\t\t\t\tcipher_xform->op,\n \t\t\t\t\tcipher_xform->key.data,\n \t\t\t\t\tcipher_xform->key.length,\n \t\t\t\t\t&session->bpi_ctx);\n+#else\n+\t\tsession->docsis_key_len = cipher_xform->key.length;\n+\t\tret = ipsec_mb_ctx_init(\n+\t\t\t\t\tcipher_xform->key.data,\n+\t\t\t\t\tcipher_xform->key.length,\n+\t\t\t\t\tcipher_xform->algo,\n+\t\t\t\t\tsession->expkey,\n+\t\t\t\t\tsession->dust,\n+\t\t\t\t\t&session->mb_mgr);\n+#endif\n \t\tif (ret != 0) {\n \t\t\tQAT_LOG(ERR, \"failed to create AES BPI ctx\");\n \t\t\tgoto error_out;\n@@ -517,10 +587,18 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev,\n \treturn 0;\n \n error_out:\n+#ifdef RTE_QAT_OPENSSL\n \tif (session->bpi_ctx) {\n \t\tbpi_cipher_ctx_free(session->bpi_ctx);\n \t\tsession->bpi_ctx = NULL;\n \t}\n+#else\n+\tif (session->mb_mgr) {\n+\t\tfree_mb_mgr(session->mb_mgr);\n+\t\tsession->mb_mgr = NULL;\n+\t}\n+\n+#endif\n \treturn ret;\n }\n \n@@ -531,8 +609,10 @@ qat_sym_session_configure(struct rte_cryptodev *dev,\n {\n \tint ret;\n \n+#ifdef RTE_QAT_OPENSSL\n #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)\n \tossl_legacy_provider_load();\n+#endif\n #endif\n \tret = qat_sym_session_set_parameters(dev, xform,\n \t\t\tCRYPTODEV_GET_SYM_SESS_PRIV(sess),\n@@ -544,8 +624,10 @@ qat_sym_session_configure(struct rte_cryptodev *dev,\n \t\treturn ret;\n \t}\n \n+#ifdef RTE_QAT_OPENSSL\n # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)\n \tossl_legacy_provider_unload();\n+# endif\n # endif\n \treturn 0;\n }\n@@ -1207,57 +1289,91 @@ static int qat_hash_get_block_size(enum icp_qat_hw_auth_algo qat_hash_alg)\n #define HMAC_OPAD_VALUE\t0x5c\n #define HASH_XCBC_PRECOMP_KEY_NUM 3\n \n-static const uint8_t AES_CMAC_SEED[ICP_QAT_HW_AES_128_KEY_SZ];\n+#ifdef RTE_QAT_OPENSSL\n+static int partial_hash_sha1(uint8_t *data_in, uint8_t *data_out)\n+{\n+\tSHA_CTX ctx;\n \n-#ifdef RTE_QAT_LIBIPSECMB\n-static int aes_ipsecmb_job(uint8_t *in, uint8_t *out, IMB_MGR *m,\n-\t\tconst uint8_t *key, uint16_t auth_keylen)\n+\tif (!SHA1_Init(&ctx))\n+\t\treturn -EFAULT;\n+\tSHA1_Transform(&ctx, data_in);\n+\trte_memcpy(data_out, &ctx, SHA_DIGEST_LENGTH);\n+\treturn 0;\n+}\n+\n+static int partial_hash_sha224(uint8_t *data_in, uint8_t *data_out)\n {\n-\tint err;\n-\tstruct IMB_JOB *job;\n-\tDECLARE_ALIGNED(uint32_t expkey[4*15], 16);\n-\tDECLARE_ALIGNED(uint32_t dust[4*15], 16);\n+\tSHA256_CTX ctx;\n \n-\tif (auth_keylen == ICP_QAT_HW_AES_128_KEY_SZ)\n-\t\tIMB_AES_KEYEXP_128(m, key, expkey, dust);\n-\telse if (auth_keylen == ICP_QAT_HW_AES_192_KEY_SZ)\n-\t\tIMB_AES_KEYEXP_192(m, key, expkey, dust);\n-\telse if (auth_keylen == ICP_QAT_HW_AES_256_KEY_SZ)\n-\t\tIMB_AES_KEYEXP_256(m, key, expkey, dust);\n-\telse\n+\tif (!SHA224_Init(&ctx))\n \t\treturn -EFAULT;\n+\tSHA256_Transform(&ctx, data_in);\n+\trte_memcpy(data_out, &ctx, SHA256_DIGEST_LENGTH);\n+\treturn 0;\n+}\n \n-\tjob = IMB_GET_NEXT_JOB(m);\n+static int partial_hash_sha256(uint8_t *data_in, uint8_t *data_out)\n+{\n+\tSHA256_CTX ctx;\n \n-\tjob->src = in;\n-\tjob->dst = out;\n-\tjob->enc_keys = expkey;\n-\tjob->key_len_in_bytes = auth_keylen;\n-\tjob->msg_len_to_cipher_in_bytes = 16;\n-\tjob->iv_len_in_bytes = 0;\n-\tjob->cipher_direction = IMB_DIR_ENCRYPT;\n-\tjob->cipher_mode = IMB_CIPHER_ECB;\n-\tjob->hash_alg = IMB_AUTH_NULL;\n+\tif (!SHA256_Init(&ctx))\n+\t\treturn -EFAULT;\n+\tSHA256_Transform(&ctx, data_in);\n+\trte_memcpy(data_out, &ctx, SHA256_DIGEST_LENGTH);\n+\treturn 0;\n+}\n \n-\twhile (IMB_FLUSH_JOB(m) != NULL)\n-\t\t;\n+static int partial_hash_sha384(uint8_t *data_in, uint8_t *data_out)\n+{\n+\tSHA512_CTX ctx;\n \n-\tjob = IMB_SUBMIT_JOB(m);\n-\tif (job) {\n-\t\tif (job->status == IMB_STATUS_COMPLETED)\n-\t\t\treturn 0;\n-\t}\n+\tif (!SHA384_Init(&ctx))\n+\t\treturn -EFAULT;\n+\tSHA512_Transform(&ctx, data_in);\n+\trte_memcpy(data_out, &ctx, SHA512_DIGEST_LENGTH);\n+\treturn 0;\n+}\n \n-\terr = imb_get_errno(m);\n-\tif (err)\n-\t\tQAT_LOG(ERR, \"Error: %s!\\n\", imb_get_strerror(err));\n+static int partial_hash_sha512(uint8_t *data_in, uint8_t *data_out)\n+{\n+\tSHA512_CTX ctx;\n \n-\treturn -EFAULT;\n+\tif (!SHA512_Init(&ctx))\n+\t\treturn -EFAULT;\n+\tSHA512_Transform(&ctx, data_in);\n+\trte_memcpy(data_out, &ctx, SHA512_DIGEST_LENGTH);\n+\treturn 0;\n+}\n+\n+static int partial_hash_md5(uint8_t *data_in, uint8_t *data_out)\n+{\n+\tMD5_CTX ctx;\n+\n+\tif (!MD5_Init(&ctx))\n+\t\treturn -EFAULT;\n+\tMD5_Transform(&ctx, data_in);\n+\trte_memcpy(data_out, &ctx, MD5_DIGEST_LENGTH);\n+\n+\treturn 0;\n+}\n+\n+static void aes_cmac_key_derive(uint8_t *base, uint8_t *derived)\n+{\n+\tint i;\n+\n+\tderived[0] = base[0] << 1;\n+\tfor (i = 1; i < ICP_QAT_HW_AES_BLK_SZ ; i++) {\n+\t\tderived[i] = base[i] << 1;\n+\t\tderived[i - 1] |= base[i] >> 7;\n+\t}\n+\n+\tif (base[0] & 0x80)\n+\t\tderived[ICP_QAT_HW_AES_BLK_SZ - 1] ^= QAT_AES_CMAC_CONST_RB;\n }\n \n static int\n-partial_hash_compute_ipsec_mb(enum icp_qat_hw_auth_algo hash_alg,\n-\t\tuint8_t *data_in, uint8_t *data_out, IMB_MGR *m)\n+partial_hash_compute(enum icp_qat_hw_auth_algo hash_alg,\n+\t\tuint8_t *data_in, uint8_t *data_out)\n {\n \tint digest_size;\n \tuint8_t digest[qat_hash_get_digest_size(\n@@ -1278,37 +1394,43 @@ partial_hash_compute_ipsec_mb(enum icp_qat_hw_auth_algo hash_alg,\n \n \tswitch (hash_alg) {\n \tcase ICP_QAT_HW_AUTH_ALGO_SHA1:\n-\t\tIMB_SHA1_ONE_BLOCK(m, data_in, digest);\n+\t\tif (partial_hash_sha1(data_in, digest))\n+\t\t\treturn -EFAULT;\n \t\tfor (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)\n \t\t\t*hash_state_out_be32 =\n \t\t\t\trte_bswap32(*(((uint32_t *)digest)+i));\n \t\tbreak;\n \tcase ICP_QAT_HW_AUTH_ALGO_SHA224:\n-\t\tIMB_SHA224_ONE_BLOCK(m, data_in, digest);\n+\t\tif (partial_hash_sha224(data_in, digest))\n+\t\t\treturn -EFAULT;\n \t\tfor (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)\n \t\t\t*hash_state_out_be32 =\n \t\t\t\trte_bswap32(*(((uint32_t *)digest)+i));\n \t\tbreak;\n \tcase ICP_QAT_HW_AUTH_ALGO_SHA256:\n-\t\tIMB_SHA256_ONE_BLOCK(m, data_in, digest);\n+\t\tif (partial_hash_sha256(data_in, digest))\n+\t\t\treturn -EFAULT;\n \t\tfor (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)\n \t\t\t*hash_state_out_be32 =\n \t\t\t\trte_bswap32(*(((uint32_t *)digest)+i));\n \t\tbreak;\n \tcase ICP_QAT_HW_AUTH_ALGO_SHA384:\n-\t\tIMB_SHA384_ONE_BLOCK(m, data_in, digest);\n+\t\tif (partial_hash_sha384(data_in, digest))\n+\t\t\treturn -EFAULT;\n \t\tfor (i = 0; i < digest_size >> 3; i++, hash_state_out_be64++)\n \t\t\t*hash_state_out_be64 =\n \t\t\t\trte_bswap64(*(((uint64_t *)digest)+i));\n \t\tbreak;\n \tcase ICP_QAT_HW_AUTH_ALGO_SHA512:\n-\t\tIMB_SHA512_ONE_BLOCK(m, data_in, digest);\n+\t\tif (partial_hash_sha512(data_in, digest))\n+\t\t\treturn -EFAULT;\n \t\tfor (i = 0; i < digest_size >> 3; i++, hash_state_out_be64++)\n \t\t\t*hash_state_out_be64 =\n \t\t\t\trte_bswap64(*(((uint64_t *)digest)+i));\n \t\tbreak;\n \tcase ICP_QAT_HW_AUTH_ALGO_MD5:\n-\t\tIMB_MD5_ONE_BLOCK(m, data_in, data_out);\n+\t\tif (partial_hash_md5(data_in, data_out))\n+\t\t\treturn -EFAULT;\n \t\tbreak;\n \tdefault:\n \t\tQAT_LOG(ERR, \"invalid hash alg %u\", hash_alg);\n@@ -1318,108 +1440,150 @@ partial_hash_compute_ipsec_mb(enum icp_qat_hw_auth_algo hash_alg,\n \treturn 0;\n }\n \n-static int qat_sym_do_precomputes_ipsec_mb(enum icp_qat_hw_auth_algo hash_alg,\n+static const uint8_t AES_CMAC_SEED[ICP_QAT_HW_AES_128_KEY_SZ];\n+\n+static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,\n \t\t\t\tconst uint8_t *auth_key,\n \t\t\t\tuint16_t auth_keylen,\n \t\t\t\tuint8_t *p_state_buf,\n \t\t\t\tuint16_t *p_state_len,\n \t\t\t\tuint8_t aes_cmac)\n {\n-\tint block_size = 0;\n+\tint block_size;\n \tuint8_t ipad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)];\n \tuint8_t opad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)];\n-\tint i, ret = 0;\n-\tuint8_t in[ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ];\n-\n-\tIMB_MGR *m;\n-\tm = alloc_mb_mgr(0);\n-\tif (m == NULL)\n-\t\treturn -ENOMEM;\n+\tint i;\n \n-\tinit_mb_mgr_auto(m, NULL);\n-\tmemset(in, 0, ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);\n \tif (hash_alg == ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC) {\n \n \t\t/* CMAC */\n \t\tif (aes_cmac) {\n+\t\t\tAES_KEY enc_key;\n+\t\t\tuint8_t *in = NULL;\n+\t\t\tuint8_t k0[ICP_QAT_HW_AES_128_KEY_SZ];\n \t\t\tuint8_t *k1, *k2;\n+\n \t\t\tauth_keylen = ICP_QAT_HW_AES_128_KEY_SZ;\n-\t\t\trte_memcpy(p_state_buf, auth_key, auth_keylen);\n \n-\t\t\tDECLARE_ALIGNED(uint32_t expkey[4*15], 16);\n-\t\t\tDECLARE_ALIGNED(uint32_t dust[4*15], 16);\n-\t\t\tIMB_AES_KEYEXP_128(m, p_state_buf, expkey, dust);\n-\t\t\tk1 = p_state_buf + ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ;\n-\t\t\tk2 = k1 + ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ;\n+\t\t\tin = rte_zmalloc(\"AES CMAC K1\",\n+\t\t\t\t\t ICP_QAT_HW_AES_128_KEY_SZ, 16);\n \n-\t\t\tIMB_AES_CMAC_SUBKEY_GEN_128(m, expkey, k1, k2);\n-\t\t\t*p_state_len = ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ;\n-\t\t\tgoto out;\n-\t\t}\n+\t\t\tif (in == NULL) {\n+\t\t\t\tQAT_LOG(ERR, \"Failed to alloc memory\");\n+\t\t\t\treturn -ENOMEM;\n+\t\t\t}\n \n-\t\tstatic uint8_t qat_aes_xcbc_key_seed[\n-\t\t\t\tICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ] = {\n-\t\t\t0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,\n-\t\t\t0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,\n-\t\t\t0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,\n-\t\t\t0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,\n-\t\t\t0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,\n-\t\t\t0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,\n-\t\t};\n+\t\t\trte_memcpy(in, AES_CMAC_SEED,\n+\t\t\t\t ICP_QAT_HW_AES_128_KEY_SZ);\n+\t\t\trte_memcpy(p_state_buf, auth_key, auth_keylen);\n \n-\t\tuint8_t *input = in;\n-\t\tuint8_t *out = p_state_buf;\n-\t\trte_memcpy(input, qat_aes_xcbc_key_seed,\n-\t\t\t\tICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);\n-\t\tfor (i = 0; i < HASH_XCBC_PRECOMP_KEY_NUM; i++) {\n-\t\t\tif (aes_ipsecmb_job(input, out, m, auth_key, auth_keylen)) {\n-\t\t\t\tmemset(input -\n-\t\t\t\t (i * ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ),\n-\t\t\t\t 0, ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);\n-\t\t\t\tret = -EFAULT;\n-\t\t\t\tgoto out;\n+\t\t\tif (AES_set_encrypt_key(auth_key, auth_keylen << 3,\n+\t\t\t\t&enc_key) != 0) {\n+\t\t\t\trte_free(in);\n+\t\t\t\treturn -EFAULT;\n \t\t\t}\n \n-\t\t\tinput += ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ;\n-\t\t\tout += ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ;\n-\t\t}\n-\t\t*p_state_len = ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ;\n-\t\tgoto out;\n+\t\t\tAES_encrypt(in, k0, &enc_key);\n \n-\t} else if ((hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128) ||\n-\t\t(hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64)) {\n-\t\tuint8_t *out = p_state_buf;\n+\t\t\tk1 = p_state_buf + ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ;\n+\t\t\tk2 = k1 + ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ;\n \n-\t\tmemset(p_state_buf, 0, ICP_QAT_HW_GALOIS_H_SZ +\n-\t\t\t\tICP_QAT_HW_GALOIS_LEN_A_SZ +\n-\t\t\t\tICP_QAT_HW_GALOIS_E_CTR0_SZ);\n-\t\tif (aes_ipsecmb_job(in, out, m, auth_key, auth_keylen)) {\n-\t\t\tret = -EFAULT;\n-\t\t\tgoto out;\n-\t\t}\n+\t\t\taes_cmac_key_derive(k0, k1);\n+\t\t\taes_cmac_key_derive(k1, k2);\n \n+\t\t\tmemset(k0, 0, ICP_QAT_HW_AES_128_KEY_SZ);\n+\t\t\t*p_state_len = ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ;\n+\t\t\trte_free(in);\n+\t\t\tgoto out;\n+\t\t} else {\n+\t\t\tstatic uint8_t qat_aes_xcbc_key_seed[\n+\t\t\t\t\tICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ] = {\n+\t\t\t\t0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,\n+\t\t\t\t0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,\n+\t\t\t\t0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,\n+\t\t\t\t0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,\n+\t\t\t\t0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,\n+\t\t\t\t0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,\n+\t\t\t};\n+\n+\t\t\tuint8_t *in = NULL;\n+\t\t\tuint8_t *out = p_state_buf;\n+\t\t\tint x;\n+\t\t\tAES_KEY enc_key;\n+\n+\t\t\tin = rte_zmalloc(\"working mem for key\",\n+\t\t\t\t\tICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ, 16);\n+\t\t\tif (in == NULL) {\n+\t\t\t\tQAT_LOG(ERR, \"Failed to alloc memory\");\n+\t\t\t\treturn -ENOMEM;\n+\t\t\t}\n+\n+\t\t\trte_memcpy(in, qat_aes_xcbc_key_seed,\n+\t\t\t\t\tICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);\n+\t\t\tfor (x = 0; x < HASH_XCBC_PRECOMP_KEY_NUM; x++) {\n+\t\t\t\tif (AES_set_encrypt_key(auth_key,\n+\t\t\t\t\t\t\tauth_keylen << 3,\n+\t\t\t\t\t\t\t&enc_key) != 0) {\n+\t\t\t\t\trte_free(in -\n+\t\t\t\t\t (x * ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ));\n+\t\t\t\t\tmemset(out -\n+\t\t\t\t\t (x * ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ),\n+\t\t\t\t\t 0, ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);\n+\t\t\t\t\treturn -EFAULT;\n+\t\t\t\t}\n+\t\t\t\tAES_encrypt(in, out, &enc_key);\n+\t\t\t\tin += ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ;\n+\t\t\t\tout += ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ;\n+\t\t\t}\n+\t\t\t*p_state_len = ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ;\n+\t\t\trte_free(in - x*ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ);\n+\t\t\tgoto out;\n+\t\t}\n+\n+\t} else if ((hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128) ||\n+\t\t(hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64)) {\n+\t\tuint8_t *in = NULL;\n+\t\tuint8_t *out = p_state_buf;\n+\t\tAES_KEY enc_key;\n+\n+\t\tmemset(p_state_buf, 0, ICP_QAT_HW_GALOIS_H_SZ +\n+\t\t\t\tICP_QAT_HW_GALOIS_LEN_A_SZ +\n+\t\t\t\tICP_QAT_HW_GALOIS_E_CTR0_SZ);\n+\t\tin = rte_zmalloc(\"working mem for key\",\n+\t\t\t\tICP_QAT_HW_GALOIS_H_SZ, 16);\n+\t\tif (in == NULL) {\n+\t\t\tQAT_LOG(ERR, \"Failed to alloc memory\");\n+\t\t\treturn -ENOMEM;\n+\t\t}\n+\n+\t\tmemset(in, 0, ICP_QAT_HW_GALOIS_H_SZ);\n+\t\tif (AES_set_encrypt_key(auth_key, auth_keylen << 3,\n+\t\t\t&enc_key) != 0) {\n+\t\t\treturn -EFAULT;\n+\t\t}\n+\t\tAES_encrypt(in, out, &enc_key);\n \t\t*p_state_len = ICP_QAT_HW_GALOIS_H_SZ +\n \t\t\t\tICP_QAT_HW_GALOIS_LEN_A_SZ +\n \t\t\t\tICP_QAT_HW_GALOIS_E_CTR0_SZ;\n-\t\tgoto out;\n+\t\trte_free(in);\n+\t\treturn 0;\n \t}\n \n \tblock_size = qat_hash_get_block_size(hash_alg);\n-\tif (block_size < 0) {\n-\t\tfree_mb_mgr(m);\n+\tif (block_size < 0)\n \t\treturn block_size;\n-\t}\n+\t/* init ipad and opad from key and xor with fixed values */\n+\tmemset(ipad, 0, block_size);\n+\tmemset(opad, 0, block_size);\n \n \tif (auth_keylen > (unsigned int)block_size) {\n \t\tQAT_LOG(ERR, \"invalid keylen %u\", auth_keylen);\n-\t\tret = -EFAULT;\n-\t\tgoto out;\n+\t\treturn -EFAULT;\n \t}\n-\t/* init ipad and opad from key and xor with fixed values */\n-\tmemset(ipad, 0, block_size);\n-\tmemset(opad, 0, block_size);\n+\n \tRTE_VERIFY(auth_keylen <= sizeof(ipad));\n \tRTE_VERIFY(auth_keylen <= sizeof(opad));\n+\n \trte_memcpy(ipad, auth_key, auth_keylen);\n \trte_memcpy(opad, auth_key, auth_keylen);\n \n@@ -1431,10 +1595,11 @@ static int qat_sym_do_precomputes_ipsec_mb(enum icp_qat_hw_auth_algo hash_alg,\n \t}\n \n \t/* do partial hash of ipad and copy to state1 */\n-\tif (partial_hash_compute_ipsec_mb(hash_alg, ipad, p_state_buf, m)) {\n+\tif (partial_hash_compute(hash_alg, ipad, p_state_buf)) {\n+\t\tmemset(ipad, 0, block_size);\n+\t\tmemset(opad, 0, block_size);\n \t\tQAT_LOG(ERR, \"ipad precompute failed\");\n-\t\tret = -EFAULT;\n-\t\tgoto out;\n+\t\treturn -EFAULT;\n \t}\n \n \t/*\n@@ -1442,105 +1607,70 @@ static int qat_sym_do_precomputes_ipsec_mb(enum icp_qat_hw_auth_algo hash_alg,\n \t * Put the partial hash of opad state_len bytes after state1\n \t */\n \t*p_state_len = qat_hash_get_state1_size(hash_alg);\n-\tif (partial_hash_compute_ipsec_mb(hash_alg, opad,\n-\t\t\t\tp_state_buf + *p_state_len, m)) {\n+\tif (partial_hash_compute(hash_alg, opad, p_state_buf + *p_state_len)) {\n+\t\tmemset(ipad, 0, block_size);\n+\t\tmemset(opad, 0, block_size);\n \t\tQAT_LOG(ERR, \"opad precompute failed\");\n-\t\tret = -EFAULT;\n-\t\tgoto out;\n+\t\treturn -EFAULT;\n \t}\n \n-out:\n \t/* don't leave data lying around */\n \tmemset(ipad, 0, block_size);\n \tmemset(opad, 0, block_size);\n-\tfree_mb_mgr(m);\n-\treturn ret;\n-}\n-#endif\n-static int partial_hash_sha1(uint8_t *data_in, uint8_t *data_out)\n-{\n-\tSHA_CTX ctx;\n-\n-\tif (!SHA1_Init(&ctx))\n-\t\treturn -EFAULT;\n-\tSHA1_Transform(&ctx, data_in);\n-\trte_memcpy(data_out, &ctx, SHA_DIGEST_LENGTH);\n-\treturn 0;\n-}\n-\n-static int partial_hash_sha224(uint8_t *data_in, uint8_t *data_out)\n-{\n-\tSHA256_CTX ctx;\n-\n-\tif (!SHA224_Init(&ctx))\n-\t\treturn -EFAULT;\n-\tSHA256_Transform(&ctx, data_in);\n-\trte_memcpy(data_out, &ctx, SHA256_DIGEST_LENGTH);\n-\treturn 0;\n-}\n-\n-static int partial_hash_sha256(uint8_t *data_in, uint8_t *data_out)\n-{\n-\tSHA256_CTX ctx;\n-\n-\tif (!SHA256_Init(&ctx))\n-\t\treturn -EFAULT;\n-\tSHA256_Transform(&ctx, data_in);\n-\trte_memcpy(data_out, &ctx, SHA256_DIGEST_LENGTH);\n+out:\n \treturn 0;\n }\n \n-static int partial_hash_sha384(uint8_t *data_in, uint8_t *data_out)\n-{\n-\tSHA512_CTX ctx;\n-\n-\tif (!SHA384_Init(&ctx))\n-\t\treturn -EFAULT;\n-\tSHA512_Transform(&ctx, data_in);\n-\trte_memcpy(data_out, &ctx, SHA512_DIGEST_LENGTH);\n-\treturn 0;\n-}\n+#else\n \n-static int partial_hash_sha512(uint8_t *data_in, uint8_t *data_out)\n+static int aes_ipsecmb_job(uint8_t *in, uint8_t *out, IMB_MGR *m,\n+\t\tconst uint8_t *key, uint16_t auth_keylen)\n {\n-\tSHA512_CTX ctx;\n+\tint err;\n+\tstruct IMB_JOB *job;\n+\tDECLARE_ALIGNED(uint32_t expkey[4*15], 16);\n+\tDECLARE_ALIGNED(uint32_t dust[4*15], 16);\n \n-\tif (!SHA512_Init(&ctx))\n+\tif (auth_keylen == ICP_QAT_HW_AES_128_KEY_SZ)\n+\t\tIMB_AES_KEYEXP_128(m, key, expkey, dust);\n+\telse if (auth_keylen == ICP_QAT_HW_AES_192_KEY_SZ)\n+\t\tIMB_AES_KEYEXP_192(m, key, expkey, dust);\n+\telse if (auth_keylen == ICP_QAT_HW_AES_256_KEY_SZ)\n+\t\tIMB_AES_KEYEXP_256(m, key, expkey, dust);\n+\telse\n \t\treturn -EFAULT;\n-\tSHA512_Transform(&ctx, data_in);\n-\trte_memcpy(data_out, &ctx, SHA512_DIGEST_LENGTH);\n-\treturn 0;\n-}\n \n-static int partial_hash_md5(uint8_t *data_in, uint8_t *data_out)\n-{\n-\tMD5_CTX ctx;\n-\n-\tif (!MD5_Init(&ctx))\n-\t\treturn -EFAULT;\n-\tMD5_Transform(&ctx, data_in);\n-\trte_memcpy(data_out, &ctx, MD5_DIGEST_LENGTH);\n+\tjob = IMB_GET_NEXT_JOB(m);\n \n-\treturn 0;\n-}\n+\tjob->src = in;\n+\tjob->dst = out;\n+\tjob->enc_keys = expkey;\n+\tjob->key_len_in_bytes = auth_keylen;\n+\tjob->msg_len_to_cipher_in_bytes = 16;\n+\tjob->iv_len_in_bytes = 0;\n+\tjob->cipher_direction = IMB_DIR_ENCRYPT;\n+\tjob->cipher_mode = IMB_CIPHER_ECB;\n+\tjob->hash_alg = IMB_AUTH_NULL;\n \n-static void aes_cmac_key_derive(uint8_t *base, uint8_t *derived)\n-{\n-\tint i;\n+\twhile (IMB_FLUSH_JOB(m) != NULL)\n+\t\t;\n \n-\tderived[0] = base[0] << 1;\n-\tfor (i = 1; i < ICP_QAT_HW_AES_BLK_SZ ; i++) {\n-\t\tderived[i] = base[i] << 1;\n-\t\tderived[i - 1] |= base[i] >> 7;\n+\tjob = IMB_SUBMIT_JOB(m);\n+\tif (job) {\n+\t\tif (job->status == IMB_STATUS_COMPLETED)\n+\t\t\treturn 0;\n \t}\n \n-\tif (base[0] & 0x80)\n-\t\tderived[ICP_QAT_HW_AES_BLK_SZ - 1] ^= QAT_AES_CMAC_CONST_RB;\n+\terr = imb_get_errno(m);\n+\tif (err)\n+\t\tQAT_LOG(ERR, \"Error: %s!\\n\", imb_get_strerror(err));\n+\n+\treturn -EFAULT;\n }\n \n static int\n-partial_hash_compute(enum icp_qat_hw_auth_algo hash_alg,\n-\t\tuint8_t *data_in, uint8_t *data_out)\n+partial_hash_compute_ipsec_mb(enum icp_qat_hw_auth_algo hash_alg,\n+\t\tuint8_t *data_in, uint8_t *data_out, IMB_MGR *m)\n {\n \tint digest_size;\n \tuint8_t digest[qat_hash_get_digest_size(\n@@ -1561,43 +1691,37 @@ partial_hash_compute(enum icp_qat_hw_auth_algo hash_alg,\n \n \tswitch (hash_alg) {\n \tcase ICP_QAT_HW_AUTH_ALGO_SHA1:\n-\t\tif (partial_hash_sha1(data_in, digest))\n-\t\t\treturn -EFAULT;\n+\t\tIMB_SHA1_ONE_BLOCK(m, data_in, digest);\n \t\tfor (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)\n \t\t\t*hash_state_out_be32 =\n \t\t\t\trte_bswap32(*(((uint32_t *)digest)+i));\n \t\tbreak;\n \tcase ICP_QAT_HW_AUTH_ALGO_SHA224:\n-\t\tif (partial_hash_sha224(data_in, digest))\n-\t\t\treturn -EFAULT;\n+\t\tIMB_SHA224_ONE_BLOCK(m, data_in, digest);\n \t\tfor (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)\n \t\t\t*hash_state_out_be32 =\n \t\t\t\trte_bswap32(*(((uint32_t *)digest)+i));\n \t\tbreak;\n \tcase ICP_QAT_HW_AUTH_ALGO_SHA256:\n-\t\tif (partial_hash_sha256(data_in, digest))\n-\t\t\treturn -EFAULT;\n+\t\tIMB_SHA256_ONE_BLOCK(m, data_in, digest);\n \t\tfor (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)\n \t\t\t*hash_state_out_be32 =\n \t\t\t\trte_bswap32(*(((uint32_t *)digest)+i));\n \t\tbreak;\n \tcase ICP_QAT_HW_AUTH_ALGO_SHA384:\n-\t\tif (partial_hash_sha384(data_in, digest))\n-\t\t\treturn -EFAULT;\n+\t\tIMB_SHA384_ONE_BLOCK(m, data_in, digest);\n \t\tfor (i = 0; i < digest_size >> 3; i++, hash_state_out_be64++)\n \t\t\t*hash_state_out_be64 =\n \t\t\t\trte_bswap64(*(((uint64_t *)digest)+i));\n \t\tbreak;\n \tcase ICP_QAT_HW_AUTH_ALGO_SHA512:\n-\t\tif (partial_hash_sha512(data_in, digest))\n-\t\t\treturn -EFAULT;\n+\t\tIMB_SHA512_ONE_BLOCK(m, data_in, digest);\n \t\tfor (i = 0; i < digest_size >> 3; i++, hash_state_out_be64++)\n \t\t\t*hash_state_out_be64 =\n \t\t\t\trte_bswap64(*(((uint64_t *)digest)+i));\n \t\tbreak;\n \tcase ICP_QAT_HW_AUTH_ALGO_MD5:\n-\t\tif (partial_hash_md5(data_in, data_out))\n-\t\t\treturn -EFAULT;\n+\t\tIMB_MD5_ONE_BLOCK(m, data_in, data_out);\n \t\tbreak;\n \tdefault:\n \t\tQAT_LOG(ERR, \"invalid hash alg %u\", hash_alg);\n@@ -1607,148 +1731,108 @@ partial_hash_compute(enum icp_qat_hw_auth_algo hash_alg,\n \treturn 0;\n }\n \n-static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,\n+static int qat_sym_do_precomputes_ipsec_mb(enum icp_qat_hw_auth_algo hash_alg,\n \t\t\t\tconst uint8_t *auth_key,\n \t\t\t\tuint16_t auth_keylen,\n \t\t\t\tuint8_t *p_state_buf,\n \t\t\t\tuint16_t *p_state_len,\n \t\t\t\tuint8_t aes_cmac)\n {\n-\tint block_size;\n+\tint block_size = 0;\n \tuint8_t ipad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)];\n \tuint8_t opad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)];\n-\tint i;\n+\tint i, ret = 0;\n+\tuint8_t in[ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ];\n \n+\tIMB_MGR *m;\n+\tm = alloc_mb_mgr(0);\n+\tif (m == NULL)\n+\t\treturn -ENOMEM;\n+\n+\tinit_mb_mgr_auto(m, NULL);\n+\tmemset(in, 0, ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);\n \tif (hash_alg == ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC) {\n \n \t\t/* CMAC */\n \t\tif (aes_cmac) {\n-\t\t\tAES_KEY enc_key;\n-\t\t\tuint8_t *in = NULL;\n-\t\t\tuint8_t k0[ICP_QAT_HW_AES_128_KEY_SZ];\n \t\t\tuint8_t *k1, *k2;\n-\n \t\t\tauth_keylen = ICP_QAT_HW_AES_128_KEY_SZ;\n-\n-\t\t\tin = rte_zmalloc(\"AES CMAC K1\",\n-\t\t\t\t\t ICP_QAT_HW_AES_128_KEY_SZ, 16);\n-\n-\t\t\tif (in == NULL) {\n-\t\t\t\tQAT_LOG(ERR, \"Failed to alloc memory\");\n-\t\t\t\treturn -ENOMEM;\n-\t\t\t}\n-\n-\t\t\trte_memcpy(in, AES_CMAC_SEED,\n-\t\t\t\t ICP_QAT_HW_AES_128_KEY_SZ);\n \t\t\trte_memcpy(p_state_buf, auth_key, auth_keylen);\n \n-\t\t\tif (AES_set_encrypt_key(auth_key, auth_keylen << 3,\n-\t\t\t\t&enc_key) != 0) {\n-\t\t\t\trte_free(in);\n-\t\t\t\treturn -EFAULT;\n-\t\t\t}\n-\n-\t\t\tAES_encrypt(in, k0, &enc_key);\n-\n+\t\t\tDECLARE_ALIGNED(uint32_t expkey[4*15], 16);\n+\t\t\tDECLARE_ALIGNED(uint32_t dust[4*15], 16);\n+\t\t\tIMB_AES_KEYEXP_128(m, p_state_buf, expkey, dust);\n \t\t\tk1 = p_state_buf + ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ;\n \t\t\tk2 = k1 + ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ;\n \n-\t\t\taes_cmac_key_derive(k0, k1);\n-\t\t\taes_cmac_key_derive(k1, k2);\n-\n-\t\t\tmemset(k0, 0, ICP_QAT_HW_AES_128_KEY_SZ);\n+\t\t\tIMB_AES_CMAC_SUBKEY_GEN_128(m, expkey, k1, k2);\n \t\t\t*p_state_len = ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ;\n-\t\t\trte_free(in);\n-\t\t\treturn 0;\n-\t\t} else {\n-\t\t\tstatic uint8_t qat_aes_xcbc_key_seed[\n-\t\t\t\t\tICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ] = {\n-\t\t\t\t0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,\n-\t\t\t\t0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,\n-\t\t\t\t0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,\n-\t\t\t\t0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,\n-\t\t\t\t0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,\n-\t\t\t\t0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,\n-\t\t\t};\n+\t\t\tgoto out;\n+\t\t}\n \n-\t\t\tuint8_t *in = NULL;\n-\t\t\tuint8_t *out = p_state_buf;\n-\t\t\tint x;\n-\t\t\tAES_KEY enc_key;\n+\t\tstatic uint8_t qat_aes_xcbc_key_seed[\n+\t\t\t\tICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ] = {\n+\t\t\t0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,\n+\t\t\t0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,\n+\t\t\t0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,\n+\t\t\t0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,\n+\t\t\t0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,\n+\t\t\t0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,\n+\t\t};\n \n-\t\t\tin = rte_zmalloc(\"working mem for key\",\n-\t\t\t\t\tICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ, 16);\n-\t\t\tif (in == NULL) {\n-\t\t\t\tQAT_LOG(ERR, \"Failed to alloc memory\");\n-\t\t\t\treturn -ENOMEM;\n+\t\tuint8_t *input = in;\n+\t\tuint8_t *out = p_state_buf;\n+\t\trte_memcpy(input, qat_aes_xcbc_key_seed,\n+\t\t\t\tICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);\n+\t\tfor (i = 0; i < HASH_XCBC_PRECOMP_KEY_NUM; i++) {\n+\t\t\tif (aes_ipsecmb_job(input, out, m, auth_key, auth_keylen)) {\n+\t\t\t\tmemset(input -\n+\t\t\t\t (i * ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ),\n+\t\t\t\t 0, ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);\n+\t\t\t\tret = -EFAULT;\n+\t\t\t\tgoto out;\n \t\t\t}\n \n-\t\t\trte_memcpy(in, qat_aes_xcbc_key_seed,\n-\t\t\t\t\tICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);\n-\t\t\tfor (x = 0; x < HASH_XCBC_PRECOMP_KEY_NUM; x++) {\n-\t\t\t\tif (AES_set_encrypt_key(auth_key,\n-\t\t\t\t\t\t\tauth_keylen << 3,\n-\t\t\t\t\t\t\t&enc_key) != 0) {\n-\t\t\t\t\trte_free(in -\n-\t\t\t\t\t (x * ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ));\n-\t\t\t\t\tmemset(out -\n-\t\t\t\t\t (x * ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ),\n-\t\t\t\t\t 0, ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);\n-\t\t\t\t\treturn -EFAULT;\n-\t\t\t\t}\n-\t\t\t\tAES_encrypt(in, out, &enc_key);\n-\t\t\t\tin += ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ;\n-\t\t\t\tout += ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ;\n-\t\t\t}\n-\t\t\t*p_state_len = ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ;\n-\t\t\trte_free(in - x*ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ);\n-\t\t\treturn 0;\n+\t\t\tinput += ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ;\n+\t\t\tout += ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ;\n \t\t}\n+\t\t*p_state_len = ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ;\n+\t\tgoto out;\n \n \t} else if ((hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128) ||\n \t\t(hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64)) {\n-\t\tuint8_t *in = NULL;\n \t\tuint8_t *out = p_state_buf;\n-\t\tAES_KEY enc_key;\n \n \t\tmemset(p_state_buf, 0, ICP_QAT_HW_GALOIS_H_SZ +\n \t\t\t\tICP_QAT_HW_GALOIS_LEN_A_SZ +\n \t\t\t\tICP_QAT_HW_GALOIS_E_CTR0_SZ);\n-\t\tin = rte_zmalloc(\"working mem for key\",\n-\t\t\t\tICP_QAT_HW_GALOIS_H_SZ, 16);\n-\t\tif (in == NULL) {\n-\t\t\tQAT_LOG(ERR, \"Failed to alloc memory\");\n-\t\t\treturn -ENOMEM;\n+\t\tif (aes_ipsecmb_job(in, out, m, auth_key, auth_keylen)) {\n+\t\t\tret = -EFAULT;\n+\t\t\tgoto out;\n \t\t}\n \n-\t\tmemset(in, 0, ICP_QAT_HW_GALOIS_H_SZ);\n-\t\tif (AES_set_encrypt_key(auth_key, auth_keylen << 3,\n-\t\t\t&enc_key) != 0) {\n-\t\t\treturn -EFAULT;\n-\t\t}\n-\t\tAES_encrypt(in, out, &enc_key);\n \t\t*p_state_len = ICP_QAT_HW_GALOIS_H_SZ +\n \t\t\t\tICP_QAT_HW_GALOIS_LEN_A_SZ +\n \t\t\t\tICP_QAT_HW_GALOIS_E_CTR0_SZ;\n-\t\trte_free(in);\n-\t\treturn 0;\n+\t\tgoto out;\n \t}\n \n \tblock_size = qat_hash_get_block_size(hash_alg);\n-\tif (block_size < 0)\n+\tif (block_size < 0) {\n+\t\tfree_mb_mgr(m);\n \t\treturn block_size;\n-\t/* init ipad and opad from key and xor with fixed values */\n-\tmemset(ipad, 0, block_size);\n-\tmemset(opad, 0, block_size);\n+\t}\n \n \tif (auth_keylen > (unsigned int)block_size) {\n \t\tQAT_LOG(ERR, \"invalid keylen %u\", auth_keylen);\n-\t\treturn -EFAULT;\n+\t\tret = -EFAULT;\n+\t\tgoto out;\n \t}\n-\n+\t/* init ipad and opad from key and xor with fixed values */\n+\tmemset(ipad, 0, block_size);\n+\tmemset(opad, 0, block_size);\n \tRTE_VERIFY(auth_keylen <= sizeof(ipad));\n \tRTE_VERIFY(auth_keylen <= sizeof(opad));\n-\n \trte_memcpy(ipad, auth_key, auth_keylen);\n \trte_memcpy(opad, auth_key, auth_keylen);\n \n@@ -1760,11 +1844,10 @@ static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,\n \t}\n \n \t/* do partial hash of ipad and copy to state1 */\n-\tif (partial_hash_compute(hash_alg, ipad, p_state_buf)) {\n-\t\tmemset(ipad, 0, block_size);\n-\t\tmemset(opad, 0, block_size);\n+\tif (partial_hash_compute_ipsec_mb(hash_alg, ipad, p_state_buf, m)) {\n \t\tQAT_LOG(ERR, \"ipad precompute failed\");\n-\t\treturn -EFAULT;\n+\t\tret = -EFAULT;\n+\t\tgoto out;\n \t}\n \n \t/*\n@@ -1772,18 +1855,21 @@ static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,\n \t * Put the partial hash of opad state_len bytes after state1\n \t */\n \t*p_state_len = qat_hash_get_state1_size(hash_alg);\n-\tif (partial_hash_compute(hash_alg, opad, p_state_buf + *p_state_len)) {\n-\t\tmemset(ipad, 0, block_size);\n-\t\tmemset(opad, 0, block_size);\n+\tif (partial_hash_compute_ipsec_mb(hash_alg, opad,\n+\t\t\t\tp_state_buf + *p_state_len, m)) {\n \t\tQAT_LOG(ERR, \"opad precompute failed\");\n-\t\treturn -EFAULT;\n+\t\tret = -EFAULT;\n+\t\tgoto out;\n \t}\n \n+out:\n \t/* don't leave data lying around */\n \tmemset(ipad, 0, block_size);\n \tmemset(opad, 0, block_size);\n-\treturn 0;\n+\tfree_mb_mgr(m);\n+\treturn ret;\n }\n+#endif\n \n static void\n qat_sym_session_init_common_hdr(struct qat_sym_session *session)\n@@ -2178,20 +2264,16 @@ int qat_sym_cd_auth_set(struct qat_sym_session *cdesc,\n \t\t\tbreak;\n \t\t}\n \t\t/* SHA-1 HMAC */\n-\t\tif (qat_ipsec_mb_lib) {\n-#ifdef RTE_QAT_LIBIPSECMB\n-\t\t\tret = qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA1,\n-\t\t\t\tauthkey, authkeylen, cdesc->cd_cur_ptr, &state1_size,\n-\t\t\t\tcdesc->aes_cmac);\n+#ifdef RTE_QAT_OPENSSL\n+\t\tret = qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA1, authkey,\n+\t\t\tauthkeylen, cdesc->cd_cur_ptr, &state1_size,\n+\t\t\tcdesc->aes_cmac);\n+\n #else\n-\t\t\tQAT_LOG(ERR, \"Intel IPSEC-MB LIB missing ?\");\n-\t\t\treturn -EFAULT;\n+\t\tret = qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA1,\n+\t\t\tauthkey, authkeylen, cdesc->cd_cur_ptr, &state1_size,\n+\t\t\tcdesc->aes_cmac);\n #endif\n-\t\t} else {\n-\t\t\tret = qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA1, authkey,\n-\t\t\t\tauthkeylen, cdesc->cd_cur_ptr, &state1_size,\n-\t\t\t\tcdesc->aes_cmac);\n-\t\t}\n \n \t\tif (ret) {\n \t\t\tQAT_LOG(ERR, \"(SHA)precompute failed\");\n@@ -2209,21 +2291,15 @@ int qat_sym_cd_auth_set(struct qat_sym_session *cdesc,\n \t\t\tbreak;\n \t\t}\n \t\t/* SHA-224 HMAC */\n-\t\tif (qat_ipsec_mb_lib) {\n-#ifdef RTE_QAT_LIBIPSECMB\n-\t\t\tret = qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA224,\n-\t\t\t\tauthkey, authkeylen, cdesc->cd_cur_ptr, &state1_size,\n-\t\t\t\tcdesc->aes_cmac);\n+#ifdef RTE_QAT_OPENSSL\n+\t\tret = qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA224, authkey,\n+\t\t\tauthkeylen, cdesc->cd_cur_ptr, &state1_size,\n+\t\t\tcdesc->aes_cmac);\n #else\n-\t\t\tQAT_LOG(ERR, \"Intel IPSEC-MB LIB missing ?\");\n-\t\t\treturn -EFAULT;\n+\t\tret = qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA224,\n+\t\t\tauthkey, authkeylen, cdesc->cd_cur_ptr, &state1_size,\n+\t\t\tcdesc->aes_cmac);\n #endif\n-\t\t} else {\n-\t\t\tret = qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA224, authkey,\n-\t\t\t\tauthkeylen, cdesc->cd_cur_ptr, &state1_size,\n-\t\t\t\tcdesc->aes_cmac);\n-\t\t}\n-\n \t\tif (ret) {\n \t\t\tQAT_LOG(ERR, \"(SHA)precompute failed\");\n \t\t\treturn -EFAULT;\n@@ -2240,21 +2316,15 @@ int qat_sym_cd_auth_set(struct qat_sym_session *cdesc,\n \t\t\tbreak;\n \t\t}\n \t\t/* SHA-256 HMAC */\n-\t\tif (qat_ipsec_mb_lib) {\n-#ifdef RTE_QAT_LIBIPSECMB\n-\t\t\tret = qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA256,\n-\t\t\t\tauthkey, authkeylen, cdesc->cd_cur_ptr, &state1_size,\n-\t\t\t\tcdesc->aes_cmac);\n+#ifdef RTE_QAT_OPENSSL\n+\t\tret = qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA256, authkey,\n+\t\t\tauthkeylen, cdesc->cd_cur_ptr, &state1_size,\n+\t\t\tcdesc->aes_cmac);\n #else\n-\t\t\tQAT_LOG(ERR, \"Intel IPSEC-MB LIB missing ?\");\n-\t\t\treturn -EFAULT;\n+\t\tret = qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA256,\n+\t\t\tauthkey, authkeylen, cdesc->cd_cur_ptr, &state1_size,\n+\t\t\tcdesc->aes_cmac);\n #endif\n-\t\t} else {\n-\t\t\tret = qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA256, authkey,\n-\t\t\t\tauthkeylen, cdesc->cd_cur_ptr, &state1_size,\n-\t\t\t\tcdesc->aes_cmac);\n-\t\t}\n-\n \t\tif (ret) {\n \t\t\tQAT_LOG(ERR, \"(SHA)precompute failed\");\n \t\t\treturn -EFAULT;\n@@ -2271,21 +2341,15 @@ int qat_sym_cd_auth_set(struct qat_sym_session *cdesc,\n \t\t\tbreak;\n \t\t}\n \t\t/* SHA-384 HMAC */\n-\t\tif (qat_ipsec_mb_lib) {\n-#ifdef RTE_QAT_LIBIPSECMB\n-\t\t\tret = qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA384,\n-\t\t\t\tauthkey, authkeylen, cdesc->cd_cur_ptr, &state1_size,\n-\t\t\t\tcdesc->aes_cmac);\n+#ifdef RTE_QAT_OPENSSL\n+\t\tret = qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA384, authkey,\n+\t\t\tauthkeylen, cdesc->cd_cur_ptr, &state1_size,\n+\t\t\tcdesc->aes_cmac);\n #else\n-\t\t\tQAT_LOG(ERR, \"Intel IPSEC-MB LIB missing ?\");\n-\t\t\treturn -EFAULT;\n+\t\tret = qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA384,\n+\t\t\tauthkey, authkeylen, cdesc->cd_cur_ptr, &state1_size,\n+\t\t\tcdesc->aes_cmac);\n #endif\n-\t\t} else {\n-\t\t\tret = qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA384, authkey,\n-\t\t\t\tauthkeylen, cdesc->cd_cur_ptr, &state1_size,\n-\t\t\t\tcdesc->aes_cmac);\n-\t\t}\n-\n \t\tif (ret) {\n \t\t\tQAT_LOG(ERR, \"(SHA)precompute failed\");\n \t\t\treturn -EFAULT;\n@@ -2302,21 +2366,15 @@ int qat_sym_cd_auth_set(struct qat_sym_session *cdesc,\n \t\t\tbreak;\n \t\t}\n \t\t/* SHA-512 HMAC */\n-\t\tif (qat_ipsec_mb_lib) {\n-#ifdef RTE_QAT_LIBIPSECMB\n-\t\t\tret = qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA512,\n-\t\t\t\tauthkey, authkeylen, cdesc->cd_cur_ptr, &state1_size,\n-\t\t\t\tcdesc->aes_cmac);\n+#ifdef RTE_QAT_OPENSSL\n+\t\tret = qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA512, authkey,\n+\t\t\tauthkeylen, cdesc->cd_cur_ptr, &state1_size,\n+\t\t\tcdesc->aes_cmac);\n #else\n-\t\t\tQAT_LOG(ERR, \"Intel IPSEC-MB LIB missing ?\");\n-\t\t\treturn -EFAULT;\n+\t\tret = qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA512,\n+\t\t\tauthkey, authkeylen, cdesc->cd_cur_ptr, &state1_size,\n+\t\t\tcdesc->aes_cmac);\n #endif\n-\t\t} else {\n-\t\t\tret = qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA512, authkey,\n-\t\t\t\tauthkeylen, cdesc->cd_cur_ptr, &state1_size,\n-\t\t\t\tcdesc->aes_cmac);\n-\t\t}\n-\n \t\tif (ret) {\n \t\t\tQAT_LOG(ERR, \"(SHA)precompute failed\");\n \t\t\treturn -EFAULT;\n@@ -2352,22 +2410,16 @@ int qat_sym_cd_auth_set(struct qat_sym_session *cdesc,\n \n \t\tif (cdesc->aes_cmac)\n \t\t\tmemset(cdesc->cd_cur_ptr, 0, state1_size);\n-\t\tif (qat_ipsec_mb_lib) {\n-#ifdef RTE_QAT_LIBIPSECMB\n-\t\t\tret = qat_sym_do_precomputes_ipsec_mb(\n-\t\t\t\tICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC,\n-\t\t\t\tauthkey, authkeylen, cdesc->cd_cur_ptr + state1_size,\n-\t\t\t\t&state2_size, cdesc->aes_cmac);\n+#ifdef RTE_QAT_OPENSSL\n+\t\tret = qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC,\n+\t\t\tauthkey, authkeylen, cdesc->cd_cur_ptr + state1_size,\n+\t\t\t&state2_size, cdesc->aes_cmac);\n #else\n-\t\t\tQAT_LOG(ERR, \"Intel IPSEC-MB LIB missing ?\");\n-\t\t\treturn -EFAULT;\n+\t\tret = qat_sym_do_precomputes_ipsec_mb(\n+\t\t\tICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC,\n+\t\t\tauthkey, authkeylen, cdesc->cd_cur_ptr + state1_size,\n+\t\t\t&state2_size, cdesc->aes_cmac);\n #endif\n-\t\t} else {\n-\t\t\tret = qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC,\n-\t\t\t\tauthkey, authkeylen, cdesc->cd_cur_ptr + state1_size,\n-\t\t\t\t&state2_size, cdesc->aes_cmac);\n-\t\t}\n-\n \t\tif (ret) {\n \t\t\tcdesc->aes_cmac ? QAT_LOG(ERR,\n \t\t\t\t\t\t \"(CMAC)precompute failed\")\n@@ -2380,21 +2432,15 @@ int qat_sym_cd_auth_set(struct qat_sym_session *cdesc,\n \tcase ICP_QAT_HW_AUTH_ALGO_GALOIS_64:\n \t\tcdesc->qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_GCM;\n \t\tstate1_size = ICP_QAT_HW_GALOIS_128_STATE1_SZ;\n-\t\tif (qat_ipsec_mb_lib) {\n-#ifdef RTE_QAT_LIBIPSECMB\n-\t\t\tret = qat_sym_do_precomputes_ipsec_mb(cdesc->qat_hash_alg, authkey,\n-\t\t\t\tauthkeylen, cdesc->cd_cur_ptr + state1_size,\n-\t\t\t\t&state2_size, cdesc->aes_cmac);\n+#ifdef RTE_QAT_OPENSSL\n+\t\tret = qat_sym_do_precomputes(cdesc->qat_hash_alg, authkey,\n+\t\t\tauthkeylen, cdesc->cd_cur_ptr + state1_size,\n+\t\t\t&state2_size, cdesc->aes_cmac);\n #else\n-\t\t\tQAT_LOG(ERR, \"Intel IPSEC-MB LIB missing ?\");\n-\t\t\treturn -EFAULT;\n+\t\tret = qat_sym_do_precomputes_ipsec_mb(cdesc->qat_hash_alg, authkey,\n+\t\t\tauthkeylen, cdesc->cd_cur_ptr + state1_size,\n+\t\t\t&state2_size, cdesc->aes_cmac);\n #endif\n-\t\t} else {\n-\t\t\tret = qat_sym_do_precomputes(cdesc->qat_hash_alg, authkey,\n-\t\t\t\tauthkeylen, cdesc->cd_cur_ptr + state1_size,\n-\t\t\t\t&state2_size, cdesc->aes_cmac);\n-\t\t}\n-\n \t\tif (ret) {\n \t\t\tQAT_LOG(ERR, \"(GCM)precompute failed\");\n \t\t\treturn -EFAULT;\n@@ -2451,21 +2497,15 @@ int qat_sym_cd_auth_set(struct qat_sym_session *cdesc,\n \n \t\tbreak;\n \tcase ICP_QAT_HW_AUTH_ALGO_MD5:\n-\t\tif (qat_ipsec_mb_lib) {\n-#ifdef RTE_QAT_LIBIPSECMB\n-\t\t\tret = qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_MD5,\n-\t\t\t\tauthkey, authkeylen, cdesc->cd_cur_ptr, &state1_size,\n-\t\t\t\tcdesc->aes_cmac);\n+#ifdef RTE_QAT_OPENSSL\n+\t\tret = qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_MD5, authkey,\n+\t\t\tauthkeylen, cdesc->cd_cur_ptr, &state1_size,\n+\t\t\tcdesc->aes_cmac);\n #else\n-\t\t\tQAT_LOG(ERR, \"Intel IPSEC-MB LIB missing\");\n-\t\t\treturn -EFAULT;\n+\t\tret = qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_MD5,\n+\t\t\tauthkey, authkeylen, cdesc->cd_cur_ptr, &state1_size,\n+\t\t\tcdesc->aes_cmac);\n #endif\n-\t\t} else {\n-\t\t\tret = qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_MD5, authkey,\n-\t\t\t\tauthkeylen, cdesc->cd_cur_ptr, &state1_size,\n-\t\t\t\tcdesc->aes_cmac);\n-\t\t}\n-\n \t\tif (ret) {\n \t\t\tQAT_LOG(ERR, \"(MD5)precompute failed\");\n \t\t\treturn -EFAULT;\n@@ -2899,9 +2939,11 @@ qat_security_session_create(void *dev,\n \t\treturn -EINVAL;\n \t}\n \n+#ifdef RTE_QAT_OPENSSL\n #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)\n \tif (ossl_legacy_provider_load())\n \t\treturn -EINVAL;\n+#endif\n #endif\n \tret = qat_sec_session_set_docsis_parameters(cdev, conf,\n \t\t\tsess_private_data, SECURITY_GET_SESS_PRIV_IOVA(sess));\n@@ -2910,8 +2952,10 @@ qat_security_session_create(void *dev,\n \t\treturn ret;\n \t}\n \n+#ifdef RTE_QAT_OPENSSL\n #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)\n \tossl_legacy_provider_unload();\n+#endif\n #endif\n \treturn 0;\n }\n@@ -2924,8 +2968,13 @@ qat_security_session_destroy(void *dev __rte_unused,\n \tstruct qat_sym_session *s = (struct qat_sym_session *)sess_priv;\n \n \tif (sess_priv) {\n+#ifdef RTE_QAT_OPENSSL\n \t\tif (s->bpi_ctx)\n \t\t\tbpi_cipher_ctx_free(s->bpi_ctx);\n+#else\n+\t\tif (s->mb_mgr)\n+\t\t\tfree_mb_mgr(s->mb_mgr);\n+#endif\n \t\tmemset(s, 0, qat_sym_session_get_private_size(dev));\n \t}\n \ndiff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h\nindex b7fbf5c491..55e9991bb7 100644\n--- a/drivers/crypto/qat/qat_sym_session.h\n+++ b/drivers/crypto/qat/qat_sym_session.h\n@@ -13,6 +13,12 @@\n #include \"icp_qat_fw.h\"\n #include \"icp_qat_fw_la.h\"\n \n+#ifndef RTE_QAT_OPENSSL\n+#ifndef RTE_ARCH_ARM\n+#include <intel-ipsec-mb.h>\n+#endif\n+#endif\n+\n /*\n * Key Modifier (KM) value used in KASUMI algorithm in F9 mode to XOR\n * Integrity Key (IK)\n@@ -127,6 +133,12 @@ struct qat_sym_session {\n \tuint32_t slice_types;\n \tenum qat_sym_proto_flag qat_proto_flag;\n \tqat_sym_build_request_t build_request[2];\n+#ifndef RTE_QAT_OPENSSL\n+\tIMB_MGR *mb_mgr;\n+#endif\n+\tuint64_t expkey[4*15];\n+\tuint32_t dust[4*15];\n+\tuint8_t docsis_key_len;\n };\n \n int\n", "prefixes": [ "v7" ] }