Skip to content

[PWCI] "[v2] crypto/openssl: Add support for SHAKE algorithms" #608

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ovsrobot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[PWCI] "[v2] crypto/openssl: Add support for SHAKE algorithms" #608

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion app/test/test_cryptodev_blockcipher.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1174,7 +1174,9 @@ authonly_setup(void)
RTE_CRYPTO_AUTH_SHA512_HMAC,
RTE_CRYPTO_AUTH_AES_CMAC,
RTE_CRYPTO_AUTH_NULL,
RTE_CRYPTO_AUTH_AES_XCBC_MAC
RTE_CRYPTO_AUTH_AES_XCBC_MAC,
RTE_CRYPTO_AUTH_SHAKE_128,
RTE_CRYPTO_AUTH_SHAKE_256
};

rte_cryptodev_info_get(dev_id, &dev_info);
Expand Down
30 changes: 27 additions & 3 deletions drivers/crypto/openssl/rte_openssl_pmd.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,12 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo,
case RTE_CRYPTO_AUTH_SHA512_HMAC:
*algo = EVP_sha512();
break;
case RTE_CRYPTO_AUTH_SHAKE_128:
*algo = EVP_shake128();
break;
case RTE_CRYPTO_AUTH_SHAKE_256:
*algo = EVP_shake256();
break;
Comment on lines +273 to +278
Copy link

@coderabbitai coderabbitai bot Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

OpenSSL EVP_shake128 EVP_shake256 version introduced history

💡 Result:

Short answer

  • EVP_shake128 and EVP_shake256 were added as part of OpenSSL's SHA‑3 support in OpenSSL 1.1.1 (released 11 Sept 2018). [1][2]

Relevant details / later changes

  • OpenSSL 1.1.1 release notes list “SHA3” (which includes SHAKE) among new algorithms. [1]
  • The EVP SHAKE manpages document these functions (EVP_shake128 / EVP_shake256) in the OpenSSL docs. [2]
  • Later OpenSSL 3.x work added XOF-related APIs/behavior (e.g. EVP_MD_CTRL_XOF_LEN / EVP_DigestFinalXOF and EVP_DigestSqueeze) and changes to default XOF handling in the 3.x series (notes in 3.3 / 3.4 documentation). [3][4]

Sources
[1] OpenSSL 1.1.1 release notes (SHA3 added).
[2] OpenSSL EVP SHA-3 / EVP_shake128 / EVP_shake256 manpage.
[3] OpenSSL 3.3 release announcement (EVP_DigestSqueeze etc.).
[4] EVP_MD-SHAKE manpage (notes about XOF defaults / history).

🏁 Script executed:

# Find version checks and OPENSSL_VERSION requirements in the codebase
rg -B2 -A2 "OPENSSL_VERSION_NUMBER" drivers/crypto/openssl/rte_openssl_pmd.c | head -50

Repository: ovsrobot/dpdk

Length of output: 1189

🏁 Script executed:

# Check for any documentation about minimum OpenSSL version
find . -type f \( -name "*.txt" -o -name "*.md" -o -name "*.rst" -o -name "*.cfg" \) | xargs grep -l "openssl.*version\|minimum.*openssl" 2>/dev/null | head -5

Repository: ovsrobot/dpdk

Length of output: 39

🏁 Script executed:

# Check meson.build or CMakeLists for OpenSSL version requirements
find . -type f \( -name "meson.build" -o -name "CMakeLists.txt" \) | xargs grep -i "openssl" 2>/dev/null | head -20

Repository: ovsrobot/dpdk

Length of output: 900

🏁 Script executed:

# Get context around lines 273-278 and check for version guards
sed -n '260,290p' drivers/crypto/openssl/rte_openssl_pmd.c

Repository: ovsrobot/dpdk

Length of output: 668

🏁 Script executed:

# Check the broader function context and any guards
sed -n '240,300p' drivers/crypto/openssl/rte_openssl_pmd.c

Repository: ovsrobot/dpdk

Length of output: 1391

🏁 Script executed:

# Check lines 668-669 for the auth parameters handling
sed -n '660,680p' drivers/crypto/openssl/rte_openssl_pmd.c

Repository: ovsrobot/dpdk

Length of output: 637

🏁 Script executed:

# Check the XOF finalization at 1448-1465
sed -n '1440,1470p' drivers/crypto/openssl/rte_openssl_pmd.c

Repository: ovsrobot/dpdk

Length of output: 1016

Add version guards for SHAKE algorithm registration on pre-3.0 OpenSSL.

While EVP_shake128() and EVP_shake256() are available in OpenSSL 1.1.1+, the code allows SHAKE algorithms to be registered unconditionally at lines 668-669, but finalization fails at runtime on OpenSSL versions prior to 3.0 with an error message. This creates a broken user experience where the algorithm can be selected but fails during operation.

Add version guards (e.g., #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)) around the RTE_CRYPTO_AUTH_SHAKE_128 and RTE_CRYPTO_AUTH_SHAKE_256 cases in both get_auth_algo() (lines 273-278) and openssl_set_session_auth_parameters() (lines 668-669) to prevent registration on unsupported OpenSSL versions, or ensure minimum OpenSSL version requirements are documented.

🤖 Prompt for AI Agents 
In @drivers/crypto/openssl/rte_openssl_pmd.c around lines 273 - 278, The SHAKE
algorithm cases must be guarded by OpenSSL version checks: wrap the
RTE_CRYPTO_AUTH_SHAKE_128 and RTE_CRYPTO_AUTH_SHAKE_256 handling in
get_auth_algo() and the corresponding registration in
openssl_set_session_auth_parameters() with a compile-time guard (e.g., #if
(OPENSSL_VERSION_NUMBER >= 0x30000000L)) so these cases are omitted when
building against pre-3.0 OpenSSL; update both switch-case locations (symbols
get_auth_algo and openssl_set_session_auth_parameters, specifically the cases
for RTE_CRYPTO_AUTH_SHAKE_128 and RTE_CRYPTO_AUTH_SHAKE_256) to prevent
selecting/registering SHAKE on unsupported versions.

default:
res = -EINVAL;
break;
Expand Down Expand Up @@ -659,6 +665,8 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
case RTE_CRYPTO_AUTH_SHA256:
case RTE_CRYPTO_AUTH_SHA384:
case RTE_CRYPTO_AUTH_SHA512:
case RTE_CRYPTO_AUTH_SHAKE_128:
case RTE_CRYPTO_AUTH_SHAKE_256:
sess->auth.mode = OPENSSL_AUTH_AS_AUTH;
if (get_auth_algo(xform->auth.algo,
&sess->auth.auth.evp_algo) != 0)
Expand Down Expand Up @@ -1397,7 +1405,7 @@ process_openssl_auth_decryption_ccm(struct rte_mbuf *mbuf_src, int offset,
static int
process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
__rte_unused uint8_t *iv, __rte_unused EVP_PKEY * pkey,
int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo)
int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo, int digest_length)
{
size_t dstlen;
struct rte_mbuf *m;
Expand Down Expand Up @@ -1437,8 +1445,24 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
}

process_auth_final:
if (EVP_DigestFinal_ex(ctx, dst, (unsigned int *)&dstlen) <= 0)
/* SHAKE algorithms are XOFs and require EVP_DigestFinalXOF */
if (algo == EVP_shake128() || algo == EVP_shake256()) {
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
/* Set XOF output length before calling EVP_DigestFinalXOF */
if (EVP_MD_CTX_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, digest_length, NULL) <= 0)
goto process_auth_err;
if (EVP_DigestFinalXOF(ctx, dst, digest_length) <= 0)
goto process_auth_err;
#else
RTE_SET_USED(digest_length);
OPENSSL_LOG(ERR, "SHAKE algorithms require OpenSSL 3.0+");
goto process_auth_err;
#endif
} else {
if (EVP_DigestFinal_ex(ctx, dst, (unsigned int *)&dstlen) <= 0)
goto process_auth_err;
}

return 0;

process_auth_err:
Expand Down Expand Up @@ -1995,7 +2019,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
ctx_a = get_local_auth_ctx(sess, qp);
status = process_openssl_auth(mbuf_src, dst,
op->sym->auth.data.offset, NULL, NULL, srclen,
ctx_a, sess->auth.auth.evp_algo);
ctx_a, sess->auth.auth.evp_algo, sess->auth.digest_length);
break;
case OPENSSL_AUTH_AS_HMAC:
ctx_h = get_local_hmac_ctx(sess, qp);
Expand Down
42 changes: 42 additions & 0 deletions drivers/crypto/openssl/rte_openssl_pmd_ops.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -269,6 +269,48 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
}, }
}, }
},
{ /* SHAKE_128 */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHAKE_128,
.block_size = 168,
.key_size = {
.min = 0,
.max = 0,
.increment = 0
},
.digest_size = {
.min = 1,
.max = 256,
.increment = 1
},
.iv_size = { 0 }
}, }
}, }
},
{ /* SHAKE_256 */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHAKE_256,
.block_size = 136,
.key_size = {
.min = 0,
.max = 0,
.increment = 0
},
.digest_size = {
.min = 1,
.max = 256,
.increment = 1
},
.iv_size = { 0 }
}, }
}, }
},
{ /* AES CBC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
Expand Down