Building Intel® Integrated Performance Primitives Cryptographyįirst, checkout the source code repository from GitHub*:
We’ll step through how to build each one. Once these libraries are installed, you can build the Intel Quick Assist Technology OpenSSL Engine.
Intel® Integrated Performance Primitives Cryptography.They must be built first, but they may be built in any order:
The software acceleration support in the Intel QAT Engine for OpenSSL depends on the following two libraries. Building the Intel QAT OpenSSL Engine for Software Acceleration This will prevent the QAT engine from loading in OpenSSL, and it can also cause sporadic runtime errors in OpenSSL itself. If you don't set LD_LIBRARY_PATH, OpenSSL will load the equivalent libraries from the distribution's default location, resulting in a mis-match of library and binary versions. You can set these environment variables in scripts to ensure that OpenSSL from the intended location. You should see the correct version, and ENGINESDIR should be pointing to your installation in /opt/openssl. We'll do the latter, and at the time of this writing the latest version was 1.1.1k:ĮNGINESDIR: "/opt/openssl/1.1.1k/lib/engines-1.1" You can either check out the source code repository from GitHub, or download one of the pre-packaged tarballs. To keep the filesystem tidy, we'll place these packages in /opt using the following structure:įetch the most recent build of OpenSSL 1.1.1. Since the goal of building from source code is to produce a build that can be upgraded as needed without interfering with existing applications, we want a directory hierarchy that allows for parallel installations of multiple versions of the same tool.
Choose a Directory Structureīefore we proceed with the build, we need to decide where to install the completed packages and libraries for both OpenSSL and the Intel QAT Engine for OpenSSL. This is the default version provided in Ubuntu 20.04 and CentOS 8.2. These output fields are only present in cpuid version 20200211 or later. $ cpuid -1 | egrep 'VAES|VPCLM|GFNI|AVX512F|AVX512IFMA'ĪVX512F: AVX-512 foundation instructions = true
This added flexibility comes at a cost, however, as you'll need to add the OpenSSL binary directory to your PATH and update LD_LIBRARY_PATH to include the shared library directories for OpenSSL and its dependency libraries.Ĭlick the tab for the desired build option to view the procedure. Building OpenSSL from source lets you control the version that you deploy independent of the distribution-provided build, and that makes it possible to perform version updates as needed without disrupting system operations. Using the distribution-provided OpenSSL means less complexity as you are running OpenSSL out of its standard system path, but it ties you to a specific version that is integrated with the OS. Each methodology has its pros and cons, an dyou should choose the procedure that works best for your environment.
Two build procedures are provided: one that uses the distribution-provided build of OpenSSL, and one that creates a customized installation using OpenSSL built from source. This guide steps you through the process of building the Intel QAT Engine for OpenSSL on the following Linux distributions, but it can be adapted to others. AES-GCM with 128, 192, and 256 bit keys.ECDSA for the NIST Prime Curves P-256 and P-384.ECDH for the Montgomery Curve X25519 and NIST Prime Curves P-256 and P-384.Software acceleration is provided for the following algorithms: This software-based acceleration has been incorporated into the Intel QAT Engine for OpenSSL*, a dynamically loadable module that uses the OpenSSL ENGINE framework, allowing administrators to add this capability to OpenSSL without having to rebuild or replace their existing OpenSSL libraries. Intel® Quick Assist Technology (Intel® QAT) has been expanded to provide software-based acceleration of cryptographic operations through instructions in the Intel® Advanced Vector Extensions 512 (Intel® AVX-512) family. Updated for release 0.6.5 of the Intel® Quick Assist Technology Engine for OpenSSL Updated with performance data for the Intel Xeon Scalable processor family.