Version bump to v1.3.0 and update README.

Signed-off-by: Yogaraj Alamenda <yogarajx.alamenda@intel.com>

Author: Yogaraj-Alamenda

README.md

@@ -527,7 +527,8 @@ should follow the procedure below to install it:
 ## Test the Intel® QuickAssist Technology OpenSSL\* Engine
 
 Run this command to verify the Intel® QAT OpenSSL\* Engine is loaded
-correctly:
+correctly: This should not be used to determine QAT Engine capabilities as
+it will not display all the algorithms that are supported in QAT Engine.
 
 ```text
 cd /path/to/openssl_install/bin

configure.ac

@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.68])
-AC_INIT([qatengine], [1.2.0], [])
+AC_INIT([qatengine], [1.3.0], [])
 AC_CONFIG_SRCDIR([config.h.in])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_AUX_DIR([.])

docs/config_options.md

@@ -170,6 +170,11 @@ The following is a list of the options that can be used with the
     This flag is valid only on 4xxx(QAT gen 4 devices) as the support is not available
     for earlier generations of QAT devices (e.g. c62x, dh895xxcc, etc.)
 
+--disable-qat_hw_sm2/--enable-qat_hw_sm2
+    Disable/Enable Intel(R) QAT Hardware SM2 acceleration (disabled by default).
+    This flag is valid only on 4xxx(QAT gen 4 devices) as the support is not available
+    for earlier generations of QAT devices (e.g. c62x, dh895xxcc, etc.)
+
 --disable-qat_hw_chachapoly/--enable-qat_hw_chachapoly
     Disable/Enable Intel(R) QAT Hardware CHACHA20-POLY1305 acceleration (disabled by default).
     This flag is valid only on 4xxx(QAT gen 4 devices) as the support is not available

docs/features.md

@@ -30,6 +30,7 @@
   *  SM4-CBC (Not supported in qatlib)
   *  SHA3-224/256/384/512
   *  ChaCha20-Poly1305
+  *  SM2 (Not supported in qatlib)
   *  SM3 (Not supported in qatlib)
 
 Please refer [here](qat_hw_algo.md) for supported platforms list and default behaviour.

docs/images/qat_coex.png

@@ -80,6 +80,10 @@
   OpenSSL at higher thread counts can produce *worse* performance, due to issues in the way OpenSSL
   handles higher thread counts. Check for `native_queued_spin_lock_slowpath()` consuming CPU process 
   idle time, and see the OpenSSL GitHub issues and web articles below.
+* Nginx Handshake Performance in OpenSSL3.0 is slightly slower compared to OpenSSL 1.1.1. The same
+  behaviour is observed in OpenSSL_SW as well. PRF and HKDF are not offloaded via QAT Engine due to
+  the issue [OpenSSL#21622][5]
+* Performance scaling is not linear in QAT2.0 supported platforms in ECDSA and chacha-poly algorithms.
 
   Articles:
 
@@ -93,3 +97,4 @@
 [2]:https://github.com/openssl/openssl/issues/18298
 [3]:https://github.com/openssh/openssh-portable/commit/c9f7bba2e6f70b7ac1f5ea190d890cb5162ce127
 [4]:https://github.com/openssl/openssl/issues/18509
+[5]:https://github.com/openssl/openssl/issues/21622

docs/limitations.md

@@ -17,6 +17,16 @@ The default behavior can be changed using corresponding algorithm's enable
 flags (eg:--enable-qat_sw_rsa) in which case the individual algorithms enabled
 (either qat_hw or qat_sw) in the build configure will get accelerated.
 
+For the algorithms RSA2K/3K/4K, ECDHP256/P384/X25519 & ECDSAP384 to reach
+better performance, QAT Engine uses both QAT_HW and QAT_SW for acceleration
+when QAT_HW capacity is reached with co-existence build. The Control flow is
+mentioned in the Figure below.
+
+<p align=center>
+<img src="images/qat_coex.png" alt="drawing" width="300"/>
+</p>
+
+
 ## Run time Co-existence configuration using HW & SW algorithm bitmap
 Intel&reg; QAT OpenSSL\* Engine supports a runtime mechanism to dynamically choose
 the QAT_HW or QAT_SW or both for each algorithm, using QAT_HW and QAT_SW dependent
@@ -35,7 +45,7 @@ and the bit map of each algorithm is defined below:
 | ECX448 | 0x00040 | HW |
 | PRF | 0x00080 | HW |
 | HKDF | 0x00100 | HW |
-| SM2(ECDSA) | 0x00200 | SW |
+| SM2(ECDSA) | 0x00200 | HW > SW |
 | AES_GCM | 0x00400 | Both (SW > HW) |
 | AES_CBC_HMAC_SHA | 0x00800 | HW |
 | SM4_CBC | 0x01000 | Both (HW > SW) |
@@ -164,7 +174,7 @@ self tests, integrity tests and will satisfy other FIPS 140-3 CMVP & CAVP
 requirements. The FIPS is build as RPM using the specfile fips/qatengine_fips.spec
 with QAT_HW & QAT_SW Coexistence enabled along with other flags enabled.
 
-Please note that the version v1.2.0 is only satisfying FIPS 140-3 Level-1
+Please note that the version v1.3.0 is only satisfying FIPS 140-3 Level-1
 certification requirements and not FIPS certified yet.
 The FIPS 140-3 certification is under process.
 

docs/qat_common.md

@@ -6,11 +6,11 @@ that supports OpenSSL\* 1.1.1 or OpenSSL\* 3.0 or BoringSSL\* and Intel® Qui
 Technology Driver for Linux or Intel®  QuickAssist Technology
 Driver for FreeBSD. This release was validated on the following:
 
-* Intel® QuickAssist Technology Driver for Linux\* HW Version 2.0 (RHEL\* 8.6) - **QAT20.L.1.0.40-00004**
+* Intel® QuickAssist Technology Driver for Linux\* HW Version 2.0 (RHEL\* 8.6) - **QAT20.L.1.0.50-00003**
 * Intel® QuickAssist Technology Driver for Linux\* HW Version 1.7 & 1.8 (CentOS\* 8.4 & Ubuntu\* 20.04.2) - **QAT.L.4.22.0-00001**
 * Intel® QuickAssist Technology Driver for FreeBSD\* HW Version 1.7 (FreeBSD\* 12.4) - **QAT.B.3.12.0-00004**
-* OpenSSL\* 1.1.1u & 3.0.9
-* BoringSSL\* commit - [987dff1][1]
+* OpenSSL\* 1.1.1v & 3.0.10
+* BoringSSL\* commit - [23ed9d3][1]
 * BabaSSL - 8.3.2
 
 ## qat_sw Requirements
@@ -29,10 +29,10 @@ This release was validated on the following:
 
 * Operating system: Ubuntu\* 20.04.2 LTS
 * Intel® Crypto Multi-buffer library from the [ipp-crypto][2] release
-  version **IPP Crypto 2021.7.1**
-* Intel® Multi-Buffer crypto for IPsec Library release version **v1.3**
-* OpenSSL\* 1.1.1u & 3.0.9
-* BoringSSL\* commit - [987dff1][1]
+  version **IPP Crypto 2021.8**
+* Intel® Multi-Buffer crypto for IPsec Library release version **v1.4**
+* OpenSSL\* 1.1.1v & 3.0.10
+* BoringSSL\* commit - [23ed9d3][1]
 * BabaSSL - 8.3.2
 
 --------------------------------------------------------------------------------
@@ -43,7 +43,7 @@ QAT Engine(qat_hw & qat_sw) is also planning to drop the support for OpenSSL\*
 
 --------------------------------------------------------------------------------
 
-[1]:https://github.com/google/boringssl/commit/987dff1a9fa953a8c7dffa369d78caae02b8d9ab
+[1]:https://github.com/google/boringssl/commit/23ed9d3852bbc738bebeaa0fe4a0782f91d7873c
 [2]:https://github.com/intel/ipp-crypto
 [3]:https://github.com/intel/ipp-crypto/tree/develop/sources/ippcp/crypto_mb
 [4]:https://github.com/intel/intel-ipsec-mb

docs/software_requirements.md

@@ -163,13 +163,13 @@ int qat_fips_kat_test;
 const char *engine_qat_id = STR(QAT_ENGINE_ID);
 #if defined(QAT_HW) && defined(QAT_SW)
 const char *engine_qat_name =
-    "Reference implementation of QAT crypto engine(qat_hw & qat_sw) v1.2.0";
+    "Reference implementation of QAT crypto engine(qat_hw & qat_sw) v1.3.0";
 #elif QAT_HW
 const char *engine_qat_name =
-    "Reference implementation of QAT crypto engine(qat_hw) v1.2.0";
+    "Reference implementation of QAT crypto engine(qat_hw) v1.3.0";
 #else
 const char *engine_qat_name =
-    "Reference implementation of QAT crypto engine(qat_sw) v1.2.0";
+    "Reference implementation of QAT crypto engine(qat_sw) v1.3.0";
 #endif
 unsigned int engine_inited = 0;
 int fallback_to_openssl = 0;

e_qat.c

@@ -201,5 +201,8 @@ rm -rf %{buildroot}
 %{_includedir}/crypto_mb/sm4_gcm.h
 
 %changelog
+* Wed Aug 09 2023 Yogaraj Alamenda <yogarajx.alamenda@intel.com> - 1.3.0-1
+- Update to v1.3.0
+
 * Wed Jun 14 2023 Ponnam Srinivas <ponnamsx.srinivas@intel.com> - 1.2.0-1
 - Initial Version of RPM for QAT Provider with FIPS Support.