[PWCI] "crypto/openssl: Add support for SHA3 algorithms"

[ovsrobot]

NOTE: This is an auto submission for "crypto/openssl: Add support for SHA3 algorithms".

See "http://patchwork.dpdk.org/project/dpdk/list/?series=36989" for details.

Summary by Sourcery

Add SHA3 hash and HMAC algorithm support to the OpenSSL crypto PMD for authentication operations.

New Features:

• Advertise SHA3-224/256/384/512 and corresponding HMAC variants in the OpenSSL PMD capabilities.
• Enable SHA3-224/256/384/512 and HMAC variants for OpenSSL-based auth and HMAC sessions via EVP and digest name mappings.

Summary by CodeRabbit

• New Features
  • Added comprehensive support for the SHA3 cryptographic algorithm family, including SHA3-224, SHA3-256, SHA3-384, and SHA3-512, along with their corresponding HMAC variants. These additions expand the available digest computation and authentication capabilities for cryptographic sessions and operations.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[sourcery-ai]

Reviewer's Guide

Adds SHA3-{224,256,384,512} and corresponding HMAC algorithm support to the OpenSSL crypto PMD, wiring them into capability reporting, OpenSSL EVP selection, digest-name resolution, and session auth-parameter setup.

Sequence diagram for SHA3 HMAC auth setup via OpenSSL PMD

sequenceDiagram
    actor App
    participant RteCryptodev
    participant OpenSSL_PMD
    participant OpenSSL_EVP

    App->>RteCryptodev: query_capabilities()
    RteCryptodev->>OpenSSL_PMD: get_capabilities()
    OpenSSL_PMD-->>RteCryptodev: includes SHA3_224_256_384_512 and HMAC
    RteCryptodev-->>App: advertised capabilities

    App->>RteCryptodev: create_session(algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC)
    RteCryptodev->>OpenSSL_PMD: openssl_set_session_auth_parameters(sess, xform)

    Note over OpenSSL_PMD: xform->auth.algo == RTE_CRYPTO_AUTH_SHA3_256_HMAC

    OpenSSL_PMD->>OpenSSL_PMD: digest_name_get(RTE_CRYPTO_AUTH_SHA3_256_HMAC)
    OpenSSL_PMD-->>OpenSSL_PMD: return OSSL_DIGEST_NAME_SHA3_256

    OpenSSL_PMD->>OpenSSL_PMD: get_auth_algo(RTE_CRYPTO_AUTH_SHA3_256_HMAC, &evp_algo)
    OpenSSL_PMD-->>OpenSSL_PMD: evp_algo = EVP_sha3_256()

    OpenSSL_PMD->>OpenSSL_EVP: HMAC_CTX_new() / EVP setup
    OpenSSL_EVP-->>OpenSSL_PMD: initialized HMAC context

    OpenSSL_PMD-->>RteCryptodev: session configured (mode = OPENSSL_AUTH_AS_HMAC)
    RteCryptodev-->>App: session handle

Loading

Flow diagram for SHA3 auth algorithm handling in OpenSSL PMD

flowchart TD
    A[Start openssl_set_session_auth_parameters] --> B{auth algo}

    B --> C[SHA1 / SHA224 / SHA256 / SHA384 / SHA512]
    B --> D[SHA3_224 / SHA3_256 / SHA3_384 / SHA3_512]
    B --> E[SHA1_HMAC / SHA224_HMAC / SHA256_HMAC / SHA384_HMAC / SHA512_HMAC]
    B --> F[SHA3_224_HMAC / SHA3_256_HMAC / SHA3_384_HMAC / SHA3_512_HMAC]

    C --> C1[Set sess.auth.mode = OPENSSL_AUTH_AS_AUTH]
    C1 --> C2["get_auth_algo(SHA2, &sess.auth.auth.evp_algo)<br/>EVP_sha1_sha2_x"]

    D --> D1[Set sess.auth.mode = OPENSSL_AUTH_AS_AUTH]
    D1 --> D2["get_auth_algo(SHA3, &sess.auth.auth.evp_algo)<br/>EVP_sha3_224_256_384_512"]

    E --> E1[Set sess.auth.mode = OPENSSL_AUTH_AS_HMAC]
    E1 --> E2["algo = digest_name_get(SHA2_HMAC)<br/>OSSL_DIGEST_NAME_SHA2_224_256_384_512"]
    E2 --> E3["HMAC_CTX_new() and init with EVP_sha1_sha2_x"]

    F --> F1[Set sess.auth.mode = OPENSSL_AUTH_AS_HMAC]
    F1 --> F2["algo = digest_name_get(SHA3_HMAC)<br/>OSSL_DIGEST_NAME_SHA3_224_256_384_512"]
    F2 --> F3["HMAC_CTX_new() and init with EVP_sha3_224_256_384_512"]

    C2 --> Z[Return success]
    D2 --> Z
    E3 --> Z
    F3 --> Z
    Z --> End[End auth parameter setup]

Loading

File-Level Changes

Change	Details	Files
Declare SHA3-{224,256,384,512} and HMAC variants as supported auth capabilities in the OpenSSL PMD.	Extend the openssl_pmd_capabilities array with capability entries for SHA3-224/256/384/512 authentication algorithms without keys, specifying their block sizes and fixed digest sizes. Add capability entries for SHA3-224/256/384/512 HMAC algorithms, defining valid key-size ranges, digest-size ranges, and block sizes.	drivers/crypto/openssl/rte_openssl_pmd_ops.c
Wire SHA3-{224,256,384,512} HMAC algorithms into OpenSSL digest-name lookup and EVP algorithm selection for sessions.	Extend digest_name_get() to return the appropriate OSSL_DIGEST_NAME_SHA3_xxx string for each SHA3 HMAC auth algorithm. Update get_auth_algo() to map SHA3 and SHA3 HMAC auth algorithms to the corresponding EVP_sha3_xxx() functions.	drivers/crypto/openssl/rte_openssl_pmd.c
Enable SHA3-{224,256,384,512} and HMAC variants in session authentication parameter configuration paths.	Include non-HMAC SHA3 algorithms in the OPENSSL_AUTH_AS_AUTH mode branch in openssl_set_session_auth_parameters(), reusing get_auth_algo() for EVP selection. Include SHA3 HMAC algorithms in both HMAC configuration branches in openssl_set_session_auth_parameters(), ensuring they are treated as OPENSSL_AUTH_AS_HMAC and get HMAC_CTX allocation where relevant.	drivers/crypto/openssl/rte_openssl_pmd.c

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

📝 Walkthrough

Walkthrough

This patch extends OpenSSL PMD with support for SHA3 family algorithms (SHA3-224, SHA3-256, SHA3-384, SHA3-512) by adding digest selection logic and updating the capability table. Changes include function extensions in authentication paths and new capability entries for both plain and HMAC variants.

Changes

Cohort / File(s)	Summary
Digest Selection and Authentication Logic drivers/crypto/openssl/rte_openssl_pmd.c	Extends digest_name_get() to return SHA3 digest names for HMAC variants; updates get_auth_algo() to recognize SHA3 variants and map to EVP_sha3_* functions; extends openssl_set_session_auth_parameters() to handle SHA3 variants in both non-HMAC and HMAC authentication branches.
Capability Table Extensions drivers/crypto/openssl/rte_openssl_pmd_ops.c	Appends eight new capability entries to static table: SHA3_224_HMAC, SHA3_224, SHA3_256_HMAC, SHA3_256, SHA3_384_HMAC, SHA3_384, SHA3_512_HMAC, and SHA3_512, each specifying operation type (symmetric), xform type (auth), block size, key size constraints, digest size constraints, and IV size.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Through OpenSSL fields this bunny hops,
Adding SHA3 variants—the hashing never stops!
224, 256, 384, 512 so fine,
Each HMAC variant works just divine!
Dig dig dig through crypto with glee,
Enhanced digest capabilities—happy as can be! 🔐

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding SHA3 algorithm support to the OpenSSL PMD across both implementation and capability declaration files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Hey - I've left some high level feedback:

• Consider aligning the key_size and digest_size ranges for the new SHA3_*_HMAC capabilities with the existing SHA2 HMAC entries in this file (e.g., whether to allow truncated digests or arbitrary key sizes) so that behavior is consistent across algorithms.
• EVP_sha3_* is only available from certain OpenSSL versions onward; if this PMD is meant to support older versions, you may want to add compile-time guards or a capability check around the new SHA3 mappings in get_auth_algo() and digest_name_get().

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider aligning the key_size and digest_size ranges for the new SHA3_*_HMAC capabilities with the existing SHA2 HMAC entries in this file (e.g., whether to allow truncated digests or arbitrary key sizes) so that behavior is consistent across algorithms.
- EVP_sha3_* is only available from certain OpenSSL versions onward; if this PMD is meant to support older versions, you may want to add compile-time guards or a capability check around the new SHA3 mappings in get_auth_algo() and digest_name_get().

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @drivers/crypto/openssl/rte_openssl_pmd.c:
- Around line 281-296: The SHA3 EVP calls (EVP_sha3_224/256/384/512) are used in
the switch cases for RTE_CRYPTO_AUTH_SHA3_* and corresponding HMAC enums but are
only available in OpenSSL ≥ 1.1.1; to avoid link-time failures on older OpenSSL,
wrap those switch cases (both the block containing
RTE_CRYPTO_AUTH_SHA3_224..RTE_CRYPTO_AUTH_SHA3_512 and the second occurrence
around lines ~4034-4046) with a compile-time guard such as #if
(OPENSSL_VERSION_NUMBER >= 0x10101000L) ... #endif, or alternatively update the
build configuration to require OpenSSL 1.1.1+ and document that
requirement—choose one approach and apply it consistently for all EVP_sha3_*
uses.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cd60dcd and b0b7dd9.

📒 Files selected for processing (2)

• drivers/crypto/openssl/rte_openssl_pmd.c
• drivers/crypto/openssl/rte_openssl_pmd_ops.c

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Sourcery review

🔇 Additional comments (2)

drivers/crypto/openssl/rte_openssl_pmd_ops.c (1)

272-439: SHA3 capability entries look correct.

The block sizes and digest sizes for all SHA3 variants are accurate according to FIPS 202 (SHA-3 Standard). The block sizes correctly reflect the rate parameter of the Keccak sponge construction, and HMAC key size limits appropriately match the block sizes.

drivers/crypto/openssl/rte_openssl_pmd.c (1)

686-689: SHA3 authentication path integration looks correct.

All SHA3 variants (both plain and HMAC) are consistently integrated into the authentication parameter setup paths, following the same patterns as existing SHA2 algorithms. The code correctly handles both OpenSSL >= 3.0 and < 3.0 branches for HMAC variants.

Note: This inherits the OpenSSL version compatibility concern flagged in the get_auth_algo function.

Also applies to: 745-748, 779-782

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, check if the file exists and its structure
echo "=== Checking file structure ==="
ls -la drivers/crypto/openssl/rte_openssl_pmd.c 2>/dev/null && echo "File found" || echo "File not found"

# Get context around lines 281-296 to see if there are any version guards
echo -e "\n=== Checking context around lines 281-296 ==="
sed -n '270,305p' drivers/crypto/openssl/rte_openssl_pmd.c

# Check for any #if guards related to SHA3 or EVP_sha3
echo -e "\n=== Searching for version guards around SHA3 ==="
rg -n "EVP_sha3_|#if.*OPENSSL.*0x1010" drivers/crypto/openssl/rte_openssl_pmd.c -B 2 -A 2

Repository: ovsrobot/dpdk

Length of output: 2853

---

🏁 Script executed:

#!/bin/bash
# Check if there's documented minimum OpenSSL version
echo "=== Checking for OpenSSL version requirements ==="
find . -type f \( -name "*.md" -o -name "*.txt" -o -name "*.rst" -o -name "INSTALL" -o -name "README*" \) | xargs rg -l "openssl" 2>/dev/null | head -5

# Check meson/cmake build files for OpenSSL version checks
echo -e "\n=== Checking build configuration ==="
find . -type f \( -name "meson.build" -o -name "CMakeLists.txt" \) | xargs rg -n "openssl|OPENSSL" 2>/dev/null | grep -i version | head -10

Repository: ovsrobot/dpdk

Length of output: 345

---

🏁 Script executed:

#!/bin/bash
# Check OpenSSL headers/documentation for when EVP_sha3_* were introduced
echo "=== Checking OpenSSL version history ==="
# Look for other functions added at specific OpenSSL versions for pattern
rg -n "0x10101000L|OPENSSL_VERSION_NUMBER.*1.*1.*1" drivers/crypto/openssl/ -A 2 -B 2

Repository: ovsrobot/dpdk

Length of output: 97

---

🏁 Script executed:

#!/bin/bash
# Identify the function containing lines 281-296
echo "=== Function containing lines 281-296 ==="
sed -n '200,305p' drivers/crypto/openssl/rte_openssl_pmd.c | grep -E "^[a-zA-Z_].*\(|^static|^get_auth_algo" | head -5

# Get full function signature
awk '/^[a-zA-Z_].*\(.*\).*\{/,/^}/ {if (NR <= 296) print NR": "$0}' drivers/crypto/openssl/rte_openssl_pmd.c | grep -A 50 "^2[0-9][0-9]:" | head -20

# Simpler approach - find function name before line 281
echo -e "\n=== Finding function name ==="
sed -n '1,281p' drivers/crypto/openssl/rte_openssl_pmd.c | tail -100 | grep -E "^[a-zA-Z_].*\(|^static|^get_auth_algo"

Repository: ovsrobot/dpdk

Length of output: 359

---

🏁 Script executed:

#!/bin/bash
# Identify the function containing lines 4034-4046
echo "=== Function containing lines 4034-4046 ==="
sed -n '4000,4050p' drivers/crypto/openssl/rte_openssl_pmd.c | head -50

# Find if this function has version guards
sed -n '3950,4100p' drivers/crypto/openssl/rte_openssl_pmd.c | grep -E "^[a-zA-Z_].*\(|#if|#endif|EVP_sha3"

Repository: ovsrobot/dpdk

Length of output: 1481

---

🏁 Script executed:

#!/bin/bash
# Check for documented minimum OpenSSL version in README/meson.build
echo "=== Checking root README ==="
find . -maxdepth 2 -name "README*" -o -name "meson.build" | head -3 | xargs ls -la 2>/dev/null

echo -e "\n=== OpenSSL mentions in meson.build ==="
find . -name "meson.build" -exec rg -l "openssl" {} \; | head -3 | xargs cat 2>/dev/null | grep -i "openssl\|dependency" | head -20

Repository: ovsrobot/dpdk

Length of output: 1122

---

🏁 Script executed:

#!/bin/bash
# Get full get_auth_algo function definition
echo "=== get_auth_algo function ==="
awk '/^static.*get_auth_algo/,/^}/ {print NR": "$0}' drivers/crypto/openssl/rte_openssl_pmd.c | head -80

# Check if there are version guards around the function definition
echo -e "\n=== Check for version guards wrapping get_auth_algo ==="
sed -n '200,350p' drivers/crypto/openssl/rte_openssl_pmd.c | grep -E "^#if|^#endif|get_auth_algo"

Repository: ovsrobot/dpdk

Length of output: 199

---

🏁 Script executed:

#!/bin/bash
# Find the function containing line 4034 and check for version guards
echo "=== Function containing line 4034 ==="
awk 'NR<=4034 {prev=$0; prevnr=NR} NR==4034 {print "Context around 4034:"; for(i=prevnr-50; i<NR; i++) lines[i]=1} END {for(i in lines) if(i>3980) print i": (context)"}' drivers/crypto/openssl/rte_openssl_pmd.c

# Get actual function containing line 4034
sed -n '3950,4100p' drivers/crypto/openssl/rte_openssl_pmd.c | grep -B 50 "EVP_sha3_224" | grep -E "^[a-zA-Z_].*\(|#if|static"

# Get the full function context
echo -e "\n=== Full context around 4034 ==="
sed -n '3900,4100p' drivers/crypto/openssl/rte_openssl_pmd.c | head -100

Repository: ovsrobot/dpdk

Length of output: 3466

---

🏁 Script executed:

#!/bin/bash
# Search for when EVP_sha3_* functions were added
echo "=== Searching for any version checks related to EVP_sha3 or 1.1.1 ==="
rg -n "EVP_sha3|0x10101000|1.*1.*1" drivers/crypto/openssl/ -B 3 -A 3

# Check if there's any version gate that might indirectly protect SHA3 calls
echo -e "\n=== Check if SHA3 operations are behind feature flags ==="
rg -n "RTE_CRYPTO_AUTH_SHA3" drivers/crypto/openssl/rte_openssl_pmd.c | head -20

Repository: ovsrobot/dpdk

Length of output: 5712

---

🏁 Script executed:

#!/bin/bash
# Search for callers of get_auth_algo to see if there's a version guard around usage
echo "=== Searching for calls to get_auth_algo ==="
rg -n "get_auth_algo" drivers/crypto/openssl/rte_openssl_pmd.c -B 5 -A 2

# Get context around line 91-102 which was mentioned in scratchpad as digest_name_get
echo -e "\n=== digest_name_get function (lines 91-102) ==="
sed -n '45,115p' drivers/crypto/openssl/rte_openssl_pmd.c

Repository: ovsrobot/dpdk

Length of output: 3134

---

🏁 Script executed:

#!/bin/bash
# Check what is the minimum OpenSSL version required
echo "=== Checking minimum OpenSSL version ==="
rg -n "OPENSSL_VERSION_NUMBER" drivers/crypto/openssl/rte_openssl_pmd.c | grep -E ">=|>|<" | head -20

# Look for any documentation on OpenSSL version support
echo -e "\n=== Documentation on OpenSSL versions ==="
cat ./README

Repository: ovsrobot/dpdk

Length of output: 1719

---

🏁 Script executed:

#!/bin/bash
# Verify OpenSSL 1.1.1 added EVP_sha3_*
# Check if there's conditional compilation for SHA3 elsewhere in codebase
echo "=== Checking OpenSSL version history documentation ==="
rg -i "sha3|openssl.*1.1.1" doc/ --type md --type txt --type rst 2>/dev/null | head -20

# Check if the entire OpenSSL PMD might be version-gated
echo -e "\n=== Checking if entire openssl PMD is version gated ==="
head -50 drivers/crypto/openssl/rte_openssl_pmd.c

Repository: ovsrobot/dpdk

Length of output: 2822

---

🏁 Script executed:

#!/bin/bash
# Check the context around line 686-691 to see if there's a version guard wrapping the SHA3 cases
echo "=== Context around line 686-691 with possible version guards ==="
sed -n '670,710p' drivers/crypto/openssl/rte_openssl_pmd.c

# Check if there's a version guard around the entire session handling
echo -e "\n=== Full session prepare function signature ==="
sed -n '600,720p' drivers/crypto/openssl/rte_openssl_pmd.c | grep -B 50 "RTE_CRYPTO_AUTH_SHA3_224" | head -80

Repository: ovsrobot/dpdk

Length of output: 2774

---

🏁 Script executed:

#!/bin/bash
# Let's look at what happens if we try to link EVP_sha3_* against old OpenSSL
echo "=== Checking OpenSSL documentation for EVP_sha3 availability ==="
# OpenSSL 1.1.1 was released Sept 2018, let's confirm EVP_sha3_* requirements
# Search for any comments or documentation in the code about this

rg -i "sha3|1.1.1|openssl.*version" drivers/crypto/openssl/ -B 2 -A 2 | grep -A 3 -B 3 "sha3" | head -50

# Check release notes for when SHA3 was added
echo -e "\n=== Release notes mentioning SHA3 ==="
rg -i "sha3" doc/guides/rel_notes/ | grep -v "binary\|image"

Repository: ovsrobot/dpdk

Length of output: 3301

---

🏁 Script executed:

#!/bin/bash
# Check if the PMD is mandatory or optional at build time
echo "=== Checking if OpenSSL PMD is mandatory ==="
grep -r "openssl" drivers/crypto/openssl/meson.build | head -20

# More importantly, check: does OpenSSL version requirement exist anywhere?
echo -e "\n=== Checking meson.build for dependency versions ==="
find . -name "meson.build" -exec rg -l "openssl" {} \; | head -5 | xargs cat | grep -A 5 -B 5 "openssl"

Repository: ovsrobot/dpdk

Length of output: 1197

---

🏁 Script executed:

#!/bin/bash
# Check if there's been a recent change to explicitly require OpenSSL 1.1.1+
echo "=== Searching git history for OpenSSL version changes ==="
git log --oneline --all -- "meson.build" "drivers/crypto/openssl/" 2>/dev/null | head -20

# Check for any documentation about minimum OpenSSL version in the openssl driver doc
echo -e "\n=== OpenSSL PMD documentation ==="
cat doc/guides/cryptodevs/openssl.rst 2>/dev/null | head -100

Repository: ovsrobot/dpdk

Length of output: 3706

---

🏁 Script executed:

#!/bin/bash
# Final verification: confirm EVP_sha3_* availability in OpenSSL history
# These functions are definitely in OpenSSL 1.1.1+ but let's confirm pre-1.1.1
echo "=== OpenSSL 1.1.1 release info ==="
# OpenSSL 1.1.1 was released Sept 11, 2018 and added SHA3 support
# Let's check if there's any conditional compilation already done elsewhere

rg -n "EVP_sha[3]|0x10101000" drivers/crypto/openssl/ -A 3 -B 3

Repository: ovsrobot/dpdk

Length of output: 3024

---

Add version guards for SHA3 functions or document minimum OpenSSL 1.1.1 requirement.

The code calls EVP_sha3_*() functions (lines 281-296 and 4034-4046) without version guards, but these functions were only added in OpenSSL 1.1.1. Since the codebase maintains compatibility with OpenSSL < 1.1.0 (see line 26), this creates a potential link-time failure on systems with OpenSSL 1.1.0 or earlier.

Either add #if (OPENSSL_VERSION_NUMBER >= 0x10101000L) guards around the SHA3 cases, or explicitly document and enforce OpenSSL 1.1.1+ as the minimum requirement in the build system.

🤖 Prompt for AI Agents

In @drivers/crypto/openssl/rte_openssl_pmd.c around lines 281 - 296, The SHA3
EVP calls (EVP_sha3_224/256/384/512) are used in the switch cases for
RTE_CRYPTO_AUTH_SHA3_* and corresponding HMAC enums but are only available in
OpenSSL ≥ 1.1.1; to avoid link-time failures on older OpenSSL, wrap those switch
cases (both the block containing
RTE_CRYPTO_AUTH_SHA3_224..RTE_CRYPTO_AUTH_SHA3_512 and the second occurrence
around lines ~4034-4046) with a compile-time guard such as #if
(OPENSSL_VERSION_NUMBER >= 0x10101000L) ... #endif, or alternatively update the
build configuration to require OpenSSL 1.1.1+ and document that
requirement—choose one approach and apply it consistently for all EVP_sha3_*
uses.