Skip to main content
This page documents the known limitations, constraints, and issues with the Intel QAT Engine. Understanding these limitations will help you design and deploy QAT-accelerated applications effectively.

Process and Threading Limitations

Forking Restrictions

When forking within an application, it is not valid for a cryptographic operation to be started in the parent process and completed in the child process.
Limitation: Only one level of forking is permitted. If a child process forks again, the Intel QAT OpenSSL Engine will not be available in that forked (grandchild) process. Impact: Applications that use multi-level forking (e.g., some daemon architectures) may need to reinitialize the QAT Engine in each process level or use alternative process models. Workaround: Design applications to use either:
  • Single-level forking only
  • Thread-based concurrency instead of process forking
  • Process pools that don’t fork after initialization

Thread-Specific USDM Memory

When the QAT driver is configured with --enable-icp-thread-specific-usdm, memory allocated in one thread must be freed only by the thread that allocated it.
Requirements when using thread-specific USDM:
  1. If QAT Engine is the default OpenSSL engine, OPENSSL_init_ssl() must be called from the same thread that calls OPENSSL_cleanup()
  2. Incorrect cleanup can lead to segmentation faults
  3. Memory allocated in a thread is freed automatically when the thread exits, even if not explicitly freed
Example of correct usage: 
void* worker_thread(void* arg) {
    OPENSSL_init_ssl(0, NULL);
    
    // Perform cryptographic operations
    // ...
    
    OPENSSL_cleanup();  // Must be called from same thread
    return NULL;
}

Platform-Specific Limitations

FreeBSD Operating System

Event-driven mode of polling operation is not supported in the FreeBSD operating system or in the qatlib RPM.

FreeBSD qatlib Header Installation

FreeBSD qatlib header files are not installed to the install path due to a known issue in the driver. Headers must be manually copied: 
# Create destination directory from QATlib 23.09 top directory
./install-sh -c -d '/usr/local/include/qat'

# Install header files
/usr/bin/install -c -m 644 \
  quickassist/include/cpa.h \
  quickassist/include/cpa_dev.h \
  quickassist/include/cpa_types.h \
  quickassist/include/lac/cpa_cy_common.h \
  quickassist/include/lac/cpa_cy_dh.h \
  quickassist/include/lac/cpa_cy_drbg.h \
  quickassist/include/lac/cpa_cy_dsa.h \
  quickassist/include/lac/cpa_cy_ecdh.h \
  quickassist/include/lac/cpa_cy_ecdsa.h \
  quickassist/include/lac/cpa_cy_ecsm2.h \
  quickassist/include/lac/cpa_cy_ec.h \
  quickassist/include/lac/cpa_cy_im.h \
  quickassist/include/lac/cpa_cy_key.h \
  quickassist/include/lac/cpa_cy_kpt.h \
  quickassist/include/lac/cpa_cy_ln.h \
  quickassist/include/lac/cpa_cy_nrbg.h \
  quickassist/include/lac/cpa_cy_prime.h \
  quickassist/include/lac/cpa_cy_rsa.h \
  quickassist/include/lac/cpa_cy_sym_dp.h \
  quickassist/include/lac/cpa_cy_sym.h \
  quickassist/include/dc/cpa_dc.h \
  quickassist/include/dc/cpa_dc_dp.h \
  quickassist/include/dc/cpa_dc_chain.h \
  quickassist/lookaside/access_layer/include/icp_sal_poll.h \
  quickassist/lookaside/access_layer/include/icp_sal_user.h \
  quickassist/lookaside/access_layer/include/icp_sal.h \
  quickassist/lookaside/access_layer/include/icp_sal_versions.h \
  quickassist/utilities/libusdm_drv/qae_mem.h \
  /usr/local/include/qat

BoringSSL Limitations

  • SVM mode is not supported with BoringSSL library
  • Known build issue with latest BoringSSL commits; use IPP Crypto 2021.10
  • Use the specific BoringSSL commit mentioned in Software Requirements
FreeBSD with BoringSSL: Validated functionally with limited performance validation on NGINX QUIC POC.

Algorithm Limitations

Cipher Mode Restrictions

ENCRYPT_THEN_MAC

QAT Engine does not support ENCRYPT_THEN_MAC (default) mode of operation.
Impact: When Encrypt-then-MAC is negotiated for symmetric ciphers like AES-CBC, requests will not be offloaded via QAT_HW and will use OpenSSL software instead. Workaround: Disable ENCRYPT_THEN_MAC programmatically: 
SSL_CTX_set_options(ctx, SSL_OP_NO_ENCRYPT_THEN_MAC);
Disabling ENCRYPT_THEN_MAC has security implications. Evaluate the security risks for your specific use case before disabling this option.

AES-CCM Cipher Enablement

AES-CCM ciphers are not enabled in OpenSSL by default.
To enable AES-CCM, manually configure via openssl.cnf: 
openssl_conf = cipher_conf

[cipher_conf]
ssl_conf = cipher_sect

[cipher_sect]
system_default = system_cipher_sect

[system_cipher_sect]
Cipherstring = ALL
Ciphersuites = TLS_AES_128_CCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

AES-CBC-HMAC-SHA Pipeline Feature

AES-CBC-HMAC-SHA chained ciphers do not support the pipeline feature when built with OpenSSL 3.0.
Reason: The corresponding support is not available in OpenSSL 3.0. See OpenSSL#18298.

AES-CBC-HMAC-SHA Padding

QAT Engine does not process plaintext if the length is not a multiple of AES_BLOCK_SIZE for chained cipher AES-CBC-HMAC-SHA when built with OpenSSL v3 and above.
Impact: No padding will be added to the plaintext as specified in RFC 5652 or RFC 5246.

Algorithm-Specific Limitations

HKDF Restrictions

  • HKDF based on SM3 is not supported in QAT_HW
  • HKDF infolen > 80 is not supported due to QAT driver limitation
Behavior: Requests will fall back to OpenSSL software if fallback is enabled; otherwise, failures will occur.

Key Protection Technology (KPT)

  • Symmetric keys are not protected by Key Protection Technology
  • SVM mode is not supported with KPT mode

OpenSSL Version Compatibility

Library Compatibility

QAT Engine built for OpenSSL 3.0 is only compatible with dependent libraries also linked with OpenSSL 3.0 libraries. The same applies for OpenSSL 1.1.1.
Reason: Due to OpenSSL#17112. Impact: All components must use the same OpenSSL major version:
  • QAT Engine/Provider
  • Application (NGINX, HAProxy, etc.)
  • Dependent libraries (crypto_mb, ipsec_mb, etc.)

Misleading Error Messages

OpenSSL 1.1.1n and OpenSSL 3.0.2 introduced a misleading error message (undefined symbol: EVP_PKEY_get_base_id) during engine load.
Note: This can be safely ignored as it is not a real failure. Fixed in OpenSSL 1.1.1o and OpenSSL 3.0.3.

Known Functional Issues

SSH Daemon (sshd) Incompatibility

There is an issue with sshd daemon application when using QAT as the default OpenSSL engine.
Problem: sshd closes file descriptors associated with QAT engine and driver after initializing OpenSSL. Solution: Apply the fix from OpenSSH 8.7+ (commit c9f7bba).

QAT_SW SM2 in NTLS Mode

Known issue with QAT_SW SM2 in ntls mode since QAT_SW SM2 doesn’t have plain sign and verify operation support in engine.
Workaround: Disable QAT_SW SM2 to work around the issue with ntls. TLS mode works correctly as it uses digestsign and digestverify.

Software Fallback Issues (OpenSSL 3.0 Engine)

Known issue with software fallback in OpenSSL 3.0 Engine (only) when disabled via co-existence algorithm bitmap for:
  • PRF
  • HKDF
  • SM2
  • SM3
Note: QAT_HW PRF and QAT_HW HKDF are not accelerated in OpenSSL 3.0 engine due to OpenSSL#21622.

Co-existence Mode Issues

Known issue in co-existence mode with QAT provider on OpenSSL 3.2 and above during QAT_SW offload when QAT_HW modules are not present.

Performance Limitations

Multithreading Performance

In some cases, using QAT Engine with OpenSSL at higher thread counts can produce worse performance due to lock contention issues in OpenSSL.
Symptoms:
  • native_queued_spin_lock_slowpath() consuming CPU process idle time
  • Performance degradation with thread counts > 32
Related Issues:
  • Performance bottleneck with locks in engine_table_select() - OpenSSL#18509
  • 3.0 performance degraded due to locking - OpenSSL#20286
References:

Algorithm-Specific Performance Issues

ECDSA with QAT_SW

Known performance scaling issue (performance drop with threads > 32) with ECDSA ciphers in QAT Software acceleration using multithread mode in HAProxy.
Note: This issue is not observed when using RSA ciphers or in multi-process mode.

SM3 Multithread Performance

SM3 is disabled by default due to performance drop observed in multithread scenarios for all cipher suites.
Reason: Additional locks at engine_table_select introduced by engine digest registration in OpenSSL - OpenSSL#18509.

Co-existence Mode Scaling

In co-existence mode, performance is lower than QAT_SW only when process number >= 64 due to a known issue.

Platform-Specific Performance Issues

NGINX Handshake with OpenSSL 3.0

NGINX handshake performance in OpenSSL 3.0 is slightly slower compared to OpenSSL 1.1.1.
Note: The same behavior is observed in OpenSSL software - OpenSSL#21833.

QAT 2.0 Platforms

Performance scaling is not linear in QAT 2.0 supported platforms for:
  • ECDSA
  • ChaCha-Poly algorithms

FreeBSD Performance

  • Performance drop with ECDSAP256 in OpenSSL speed tests with FreeBSD 14 in-tree driver
  • Performance drop in QAT Engine with async-nginx on FreeBSD OS with asymmetric and symmetric ciphers

Planning for Limitations

When designing QAT-accelerated applications:
  1. Review algorithm support: Ensure your required algorithms are supported and accelerated
  2. Test threading models: Validate performance with your specific thread/process count
  3. Plan fallback strategies: Implement graceful degradation when QAT is unavailable
  4. Monitor performance: Establish baselines and monitor for degradation
  5. Stay updated: Track OpenSSL and QAT driver releases for fixes and improvements
Many limitations are actively being addressed in ongoing development. Check the latest release notes for updates and improvements.

Build docs developers (and LLMs) love

Get started for freeTalk to us