[dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc

DPDK patches and discussions
 help / color / mirror / Atom feed

* [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc
@ 2017-07-28 11:07 Akhil Goyal
  2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: add openssl path for cross compile Akhil Goyal
                   ` (2 more replies)
  0 siblings, 3 replies; 34+ messages in thread
From: Akhil Goyal @ 2017-07-28 11:07 UTC (permalink / raw)
  To: dev, declan.doherty; +Cc: pablo.de.lara.guarch, hemant.agrawal, Akhil Goyal

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 config/defconfig_arm64-dpaa2-linuxapp-gcc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/config/defconfig_arm64-dpaa2-linuxapp-gcc b/config/defconfig_arm64-dpaa2-linuxapp-gcc
index 8a42944..7de2d4e 100644
--- a/config/defconfig_arm64-dpaa2-linuxapp-gcc
+++ b/config/defconfig_arm64-dpaa2-linuxapp-gcc
@@ -90,3 +90,9 @@ CONFIG_RTE_DPAA2_SEC_PMD_MAX_NB_SESSIONS=2048
 #
 CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV=y
 CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV_DEBUG=n
+
+#
+# Compile PMD for Software backed device
+#
+CONFIG_RTE_LIBRTE_PMD_OPENSSL=y
+CONFIG_RTE_LIBRTE_PMD_OPENSSL_DEBUG=n
-- 
2.9.3

^ permalink raw reply	[flat|nested] 34+ messages in thread

* [dpdk-dev] [PATCH] crypto/openssl: add openssl path for cross compile
  2017-07-28 11:07 [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc Akhil Goyal
@ 2017-07-28 11:07 ` Akhil Goyal
  2017-08-29  7:02   ` [dpdk-dev] [PATCH v2] " Akhil Goyal
  2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: performance improvements Akhil Goyal
  2017-09-04 14:48 ` [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc De Lara Guarch, Pablo
  2 siblings, 1 reply; 34+ messages in thread
From: Akhil Goyal @ 2017-07-28 11:07 UTC (permalink / raw)
  To: dev, declan.doherty; +Cc: pablo.de.lara.guarch, hemant.agrawal, Akhil Goyal

OPENSSL_PATH should be defined in case openssl
driver is cross compiled

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/cryptodevs/openssl.rst | 4 ++++
 drivers/crypto/openssl/Makefile   | 1 +
 mk/rte.app.mk                     | 2 +-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst
index f18a456..08cc9ba 100644
--- a/doc/guides/cryptodevs/openssl.rst
+++ b/doc/guides/cryptodevs/openssl.rst
@@ -88,6 +88,10 @@ sudo apt-get install libc6-dev-i386 (for i686-native-linuxapp-gcc target)
 This code was also verified on Fedora 24.
 This code was NOT yet verified on FreeBSD.
 
+In case openssl is cross compiled, openssl can be installed separately
+and path for openssl install directory can be given as
+export OPENSSL_PATH=<openssl install dir>
+
 Initialization
 --------------
 
diff --git a/drivers/crypto/openssl/Makefile b/drivers/crypto/openssl/Makefile
index e5fdfb5..7297173 100644
--- a/drivers/crypto/openssl/Makefile
+++ b/drivers/crypto/openssl/Makefile
@@ -35,6 +35,7 @@ LIB = librte_pmd_openssl.a
 
 # build flags
 CFLAGS += -O3
+CFLAGS += -I${OPENSSL_PATH}/include/
 CFLAGS += $(WERROR_FLAGS)
 
 # library version
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index c25fdd9..ed38f3b 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -151,7 +151,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB)    += -lrte_pmd_aesni_mb
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB)    += -L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM)   += -lrte_pmd_aesni_gcm
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM)   += -L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL)     += -lrte_pmd_openssl -lcrypto
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL)     += -L${OPENSSL_PATH}/lib -lrte_pmd_openssl -lcrypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_NULL_CRYPTO) += -lrte_pmd_null_crypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT)         += -lrte_pmd_qat -lcrypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lrte_pmd_snow3g
-- 
2.9.3

^ permalink raw reply	[flat|nested] 34+ messages in thread

* [dpdk-dev] [PATCH] crypto/openssl: performance improvements
  2017-07-28 11:07 [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc Akhil Goyal
  2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: add openssl path for cross compile Akhil Goyal
@ 2017-07-28 11:07 ` Akhil Goyal
  2017-07-28 11:58   ` De Lara Guarch, Pablo
                     ` (2 more replies)
  2017-09-04 14:48 ` [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc De Lara Guarch, Pablo
  2 siblings, 3 replies; 34+ messages in thread
From: Akhil Goyal @ 2017-07-28 11:07 UTC (permalink / raw)
  To: dev, declan.doherty; +Cc: pablo.de.lara.guarch, hemant.agrawal, Akhil Goyal

key and algo are added in the openssl ctx during
session initialization instead of adding it for
each packet.

Also in case of HMAC the openssl APIs HMAC_XXX give
better performance for all HMAC cases.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
Tested on arm and xeon machines
autotest passed with no issues,
perftest passed with improved performance numbers,
l2fwd-crypto passed with improved performance 

 drivers/crypto/openssl/rte_openssl_pmd.c         | 95 +++++++++++++++---------
 drivers/crypto/openssl/rte_openssl_pmd_private.h |  3 +-
 2 files changed, 63 insertions(+), 35 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 0bd5f98..b11a7fb 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -39,6 +39,7 @@
 #include <rte_malloc.h>
 #include <rte_cpuflags.h>
 
+#include <openssl/hmac.h>
 #include <openssl/evp.h>
 
 #include "rte_openssl_pmd_private.h"
@@ -307,6 +308,22 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
 
 		get_cipher_key(xform->cipher.key.data, sess->cipher.key.length,
 			sess->cipher.key.data);
+		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+			if (EVP_EncryptInit_ex(sess->cipher.ctx,
+					sess->cipher.evp_algo,
+					NULL, xform->cipher.key.data,
+					NULL) != 1) {
+				return -EINVAL;
+			}
+		} else if (sess->cipher.direction ==
+				RTE_CRYPTO_CIPHER_OP_DECRYPT) {
+			if (EVP_DecryptInit_ex(sess->cipher.ctx,
+					sess->cipher.evp_algo,
+					NULL, xform->cipher.key.data,
+					NULL) != 1) {
+				return -EINVAL;
+			}
+		}
 
 		break;
 
@@ -333,6 +350,23 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
 
 		get_cipher_key(xform->cipher.key.data, sess->cipher.key.length,
 			sess->cipher.key.data);
+		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+			if (EVP_EncryptInit_ex(sess->cipher.ctx,
+					sess->cipher.evp_algo,
+					NULL, xform->cipher.key.data,
+					NULL) != 1) {
+				return -EINVAL;
+			}
+		} else if (sess->cipher.direction ==
+				RTE_CRYPTO_CIPHER_OP_DECRYPT) {
+			if (EVP_DecryptInit_ex(sess->cipher.ctx,
+					sess->cipher.evp_algo,
+					NULL, xform->cipher.key.data,
+					NULL) != 1) {
+				return -EINVAL;
+			}
+		}
+
 		break;
 	default:
 		sess->cipher.algo = RTE_CRYPTO_CIPHER_NULL;
@@ -403,12 +437,16 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	case RTE_CRYPTO_AUTH_SHA384_HMAC:
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		sess->auth.mode = OPENSSL_AUTH_AS_HMAC;
-		sess->auth.hmac.ctx = EVP_MD_CTX_create();
+		HMAC_CTX_init(&sess->auth.hmac.ctx);
 		if (get_auth_algo(xform->auth.algo,
 				&sess->auth.hmac.evp_algo) != 0)
 			return -EINVAL;
-		sess->auth.hmac.pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
-				xform->auth.key.data, xform->auth.key.length);
+
+		if (HMAC_Init_ex(&sess->auth.hmac.ctx,
+				xform->auth.key.data,
+				xform->auth.key.length,
+				sess->auth.hmac.evp_algo, NULL) != 1)
+			return -EINVAL;
 		break;
 
 	default:
@@ -547,7 +585,7 @@ openssl_reset_session(struct openssl_session *sess)
 		break;
 	case OPENSSL_AUTH_AS_HMAC:
 		EVP_PKEY_free(sess->auth.hmac.pkey);
-		EVP_MD_CTX_destroy(sess->auth.hmac.ctx);
+		HMAC_CTX_cleanup(&sess->auth.hmac.ctx);
 		break;
 	default:
 		break;
@@ -693,12 +731,11 @@ process_openssl_decryption_update(struct rte_mbuf *mbuf_src, int offset,
 /** Process standard openssl cipher encryption */
 static int
 process_openssl_cipher_encrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,
-		int offset, uint8_t *iv, uint8_t *key, int srclen,
-		EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)
+		int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx)
 {
 	int totlen;
 
-	if (EVP_EncryptInit_ex(ctx, algo, NULL, key, iv) <= 0)
+	if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
 		goto process_cipher_encrypt_err;
 
 	EVP_CIPHER_CTX_set_padding(ctx, 0);
@@ -743,12 +780,11 @@ process_openssl_cipher_bpi_encrypt(uint8_t *src, uint8_t *dst,
 /** Process standard openssl cipher decryption */
 static int
 process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,
-		int offset, uint8_t *iv, uint8_t *key, int srclen,
-		EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)
+		int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx)
 {
 	int totlen;
 
-	if (EVP_DecryptInit_ex(ctx, algo, NULL, key, iv) <= 0)
+	if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
 		goto process_cipher_decrypt_err;
 
 	EVP_CIPHER_CTX_set_padding(ctx, 0);
@@ -971,10 +1007,9 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 /** Process standard openssl auth algorithms with hmac */
 static int
 process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
-		__rte_unused uint8_t *iv, EVP_PKEY *pkey,
-		int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo)
+		int srclen, HMAC_CTX *ctx)
 {
-	size_t dstlen;
+	unsigned int dstlen;
 	struct rte_mbuf *m;
 	int l, n = srclen;
 	uint8_t *src;
@@ -986,19 +1021,16 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	if (m == 0)
 		goto process_auth_err;
 
-	if (EVP_DigestSignInit(ctx, NULL, algo, NULL, pkey) <= 0)
-		goto process_auth_err;
-
 	src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
 
 	l = rte_pktmbuf_data_len(m) - offset;
 	if (srclen <= l) {
-		if (EVP_DigestSignUpdate(ctx, (char *)src, srclen) <= 0)
+		if (HMAC_Update(ctx, (unsigned char *)src, srclen) != 1)
 			goto process_auth_err;
 		goto process_auth_final;
 	}
 
-	if (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0)
+	if (HMAC_Update(ctx, (unsigned char *)src, l) != 1)
 		goto process_auth_err;
 
 	n -= l;
@@ -1006,13 +1038,16 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
 		src = rte_pktmbuf_mtod(m, uint8_t *);
 		l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
-		if (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0)
+		if (HMAC_Update(ctx, (unsigned char *)src, l) != 1)
 			goto process_auth_err;
 		n -= l;
 	}
 
 process_auth_final:
-	if (EVP_DigestSignFinal(ctx, dst, &dstlen) <= 0)
+	if (HMAC_Final(ctx, dst, &dstlen) != 1)
+		goto process_auth_err;
+
+	if (unlikely(HMAC_Init_ex(ctx, NULL, 0, NULL, NULL) != 1))
 		goto process_auth_err;
 
 	return 0;
@@ -1122,15 +1157,11 @@ process_openssl_cipher_op
 		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
 			status = process_openssl_cipher_encrypt(mbuf_src, dst,
 					op->sym->cipher.data.offset, iv,
-					sess->cipher.key.data, srclen,
-					sess->cipher.ctx,
-					sess->cipher.evp_algo);
+					srclen, sess->cipher.ctx);
 		else
 			status = process_openssl_cipher_decrypt(mbuf_src, dst,
 					op->sym->cipher.data.offset, iv,
-					sess->cipher.key.data, srclen,
-					sess->cipher.ctx,
-					sess->cipher.evp_algo);
+					srclen, sess->cipher.ctx);
 	else
 		status = process_openssl_cipher_des3ctr(mbuf_src, dst,
 				op->sym->cipher.data.offset, iv,
@@ -1174,8 +1205,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 			/* Encrypt with the block aligned stream with CBC mode */
 			status = process_openssl_cipher_encrypt(mbuf_src, dst,
 					op->sym->cipher.data.offset, iv,
-					sess->cipher.key.data, srclen,
-					sess->cipher.ctx, sess->cipher.evp_algo);
+					srclen, sess->cipher.ctx);
 			if (last_block_len) {
 				/* Point at last block */
 				dst += srclen;
@@ -1225,9 +1255,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 			/* Decrypt with CBC mode */
 			status |= process_openssl_cipher_decrypt(mbuf_src, dst,
 					op->sym->cipher.data.offset, iv,
-					sess->cipher.key.data, srclen,
-					sess->cipher.ctx,
-					sess->cipher.evp_algo);
+					srclen, sess->cipher.ctx);
 		}
 	}
 
@@ -1265,9 +1293,8 @@ process_openssl_auth_op
 		break;
 	case OPENSSL_AUTH_AS_HMAC:
 		status = process_openssl_auth_hmac(mbuf_src, dst,
-				op->sym->auth.data.offset, NULL,
-				sess->auth.hmac.pkey, srclen,
-				sess->auth.hmac.ctx, sess->auth.hmac.evp_algo);
+				op->sym->auth.data.offset, srclen,
+				&sess->auth.hmac.ctx);
 		break;
 	default:
 		status = -1;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index b7f7475..e36741e 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -34,6 +34,7 @@
 #define _OPENSSL_PMD_PRIVATE_H_
 
 #include <openssl/evp.h>
+#include <openssl/hmac.h>
 #include <openssl/des.h>
 
 #define CRYPTODEV_NAME_OPENSSL_PMD	crypto_openssl
@@ -164,7 +165,7 @@ struct openssl_session {
 				/**< pointer to EVP key */
 				const EVP_MD *evp_algo;
 				/**< pointer to EVP algorithm function */
-				EVP_MD_CTX *ctx;
+				HMAC_CTX ctx;
 				/**< pointer to EVP context structure */
 			} hmac;
 		};
-- 
2.9.3

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH] crypto/openssl: performance improvements
  2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: performance improvements Akhil Goyal
@ 2017-07-28 11:58   ` De Lara Guarch, Pablo
  2017-07-28 12:02     ` Akhil Goyal
  2017-08-14 14:17   ` De Lara Guarch, Pablo
  2017-08-29  6:58   ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal
  2 siblings, 1 reply; 34+ messages in thread
From: De Lara Guarch, Pablo @ 2017-07-28 11:58 UTC (permalink / raw)
  To: Akhil Goyal, dev, Doherty, Declan; +Cc: hemant.agrawal

Hi Akhil,

> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Friday, July 28, 2017 12:08 PM
> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com>
> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com>
> Subject: [PATCH] crypto/openssl: performance improvements
> 
> key and algo are added in the openssl ctx during session initialization
> instead of adding it for each packet.
> 
> Also in case of HMAC the openssl APIs HMAC_XXX give better performance
> for all HMAC cases.
> 
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>

I assume that this and the other patches are meant to be for 17.11, right?

Thanks,
Pablo

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH] crypto/openssl: performance improvements
  2017-07-28 11:58   ` De Lara Guarch, Pablo
@ 2017-07-28 12:02     ` Akhil Goyal
  2017-07-28 12:07       ` De Lara Guarch, Pablo
  0 siblings, 1 reply; 34+ messages in thread
From: Akhil Goyal @ 2017-07-28 12:02 UTC (permalink / raw)
  To: De Lara Guarch, Pablo, dev, Doherty, Declan; +Cc: hemant.agrawal

On 7/28/2017 5:28 PM, De Lara Guarch, Pablo wrote:
> Hi Akhil,
> 
>> -----Original Message-----
>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>> Sent: Friday, July 28, 2017 12:08 PM
>> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com>
>> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
>> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com>
>> Subject: [PATCH] crypto/openssl: performance improvements
>>
>> key and algo are added in the openssl ctx during session initialization
>> instead of adding it for each packet.
>>
>> Also in case of HMAC the openssl APIs HMAC_XXX give better performance
>> for all HMAC cases.
>>
>> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> 
> I assume that this and the other patches are meant to be for 17.11, right?
> 
yes, they are for 17.11.
But, I don't mind if these can be considered for 17.08.

-Akhil

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH] crypto/openssl: performance improvements
  2017-07-28 12:02     ` Akhil Goyal
@ 2017-07-28 12:07       ` De Lara Guarch, Pablo
  0 siblings, 0 replies; 34+ messages in thread
From: De Lara Guarch, Pablo @ 2017-07-28 12:07 UTC (permalink / raw)
  To: Akhil Goyal, dev, Doherty, Declan; +Cc: hemant.agrawal



> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Akhil Goyal
> Sent: Friday, July 28, 2017 1:03 PM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com>
> Cc: hemant.agrawal@nxp.com
> Subject: Re: [dpdk-dev] [PATCH] crypto/openssl: performance
> improvements
> 
> On 7/28/2017 5:28 PM, De Lara Guarch, Pablo wrote:
> > Hi Akhil,
> >
> >> -----Original Message-----
> >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >> Sent: Friday, July 28, 2017 12:08 PM
> >> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com>
> >> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> >> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com>
> >> Subject: [PATCH] crypto/openssl: performance improvements
> >>
> >> key and algo are added in the openssl ctx during session
> >> initialization instead of adding it for each packet.
> >>
> >> Also in case of HMAC the openssl APIs HMAC_XXX give better
> >> performance for all HMAC cases.
> >>
> >> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> >
> > I assume that this and the other patches are meant to be for 17.11, right?
> >
> yes, they are for 17.11.
> But, I don't mind if these can be considered for 17.08.

Unfortunately, at this stage, it is too late to include these sorts of patches in this release.
Just wanted to double check with you.

Thanks,
Pablo

> 
> -Akhil
> 
> 


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH] crypto/openssl: performance improvements
  2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: performance improvements Akhil Goyal
  2017-07-28 11:58   ` De Lara Guarch, Pablo
@ 2017-08-14 14:17   ` De Lara Guarch, Pablo
  2017-08-15  6:44     ` Akhil Goyal
  2017-08-29  6:58   ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal
  2 siblings, 1 reply; 34+ messages in thread
From: De Lara Guarch, Pablo @ 2017-08-14 14:17 UTC (permalink / raw)
  To: Akhil Goyal, dev, Doherty, Declan; +Cc: hemant.agrawal

Hi Akhil,

> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Friday, July 28, 2017 12:08 PM
> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com>
> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com>
> Subject: [PATCH] crypto/openssl: performance improvements
> 
> key and algo are added in the openssl ctx during session initialization
> instead of adding it for each packet.
> 
> Also in case of HMAC the openssl APIs HMAC_XXX give better performance
> for all HMAC cases.
> 
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>

Thanks for the patch, nice optimization!
Could you split this into two patches, as you are doing two different things here?
One for the first sentence and another one for the second sentence.
Also, as you do that, could you rename the title to be more explicit?
Like: crypto/openssl: initialize cipher key at session init

Finally, I was looking at GCM, and I think it could benefit from this.
I will send a separate patch for it, unless you want to integrate it in this patchset yourself.

Thanks,
Pablo

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH] crypto/openssl: performance improvements
  2017-08-14 14:17   ` De Lara Guarch, Pablo
@ 2017-08-15  6:44     ` Akhil Goyal
  2017-08-15  7:26       ` De Lara Guarch, Pablo
  0 siblings, 1 reply; 34+ messages in thread
From: Akhil Goyal @ 2017-08-15  6:44 UTC (permalink / raw)
  To: De Lara Guarch, Pablo, dev, Doherty, Declan; +Cc: hemant.agrawal

On 8/14/2017 7:47 PM, De Lara Guarch, Pablo wrote:
> Hi Akhil,
> 
>> -----Original Message-----
>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>> Sent: Friday, July 28, 2017 12:08 PM
>> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com>
>> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
>> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com>
>> Subject: [PATCH] crypto/openssl: performance improvements
>>
>> key and algo are added in the openssl ctx during session initialization
>> instead of adding it for each packet.
>>
>> Also in case of HMAC the openssl APIs HMAC_XXX give better performance
>> for all HMAC cases.
>>
>> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> 
> Thanks for the patch, nice optimization!
> Could you split this into two patches, as you are doing two different things here?
> One for the first sentence and another one for the second sentence.
> Also, as you do that, could you rename the title to be more explicit?
> Like: crypto/openssl: initialize cipher key at session init
> 
> Finally, I was looking at GCM, and I think it could benefit from this.
> I will send a separate patch for it, unless you want to integrate it in this patchset yourself.
> 

Ok I would split the patches.
For GCM I will try to incorporate in this patchset, if I get some 
performance improvement, or I would send a different patch later if some 
issue comes.

Thanks,
Akhil

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH] crypto/openssl: performance improvements
  2017-08-15  6:44     ` Akhil Goyal
@ 2017-08-15  7:26       ` De Lara Guarch, Pablo
  2017-08-16  7:03         ` Akhil Goyal
  0 siblings, 1 reply; 34+ messages in thread
From: De Lara Guarch, Pablo @ 2017-08-15  7:26 UTC (permalink / raw)
  To: Akhil Goyal, dev, Doherty, Declan; +Cc: hemant.agrawal

Hi,

> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Tuesday, August 15, 2017 7:45 AM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com>
> Cc: hemant.agrawal@nxp.com
> Subject: Re: [PATCH] crypto/openssl: performance improvements
> 
> On 8/14/2017 7:47 PM, De Lara Guarch, Pablo wrote:
> > Hi Akhil,
> >
> >> -----Original Message-----
> >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >> Sent: Friday, July 28, 2017 12:08 PM
> >> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com>
> >> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> >> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com>
> >> Subject: [PATCH] crypto/openssl: performance improvements
> >>
> >> key and algo are added in the openssl ctx during session
> >> initialization instead of adding it for each packet.
> >>
> >> Also in case of HMAC the openssl APIs HMAC_XXX give better
> >> performance for all HMAC cases.
> >>
> >> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> >
> > Thanks for the patch, nice optimization!
> > Could you split this into two patches, as you are doing two different
> things here?
> > One for the first sentence and another one for the second sentence.
> > Also, as you do that, could you rename the title to be more explicit?
> > Like: crypto/openssl: initialize cipher key at session init
> >
> > Finally, I was looking at GCM, and I think it could benefit from this.
> > I will send a separate patch for it, unless you want to integrate it in this
> patchset yourself.
> >
> 
> Ok I would split the patches.
> For GCM I will try to incorporate in this patchset, if I get some performance
> improvement, or I would send a different patch later if some issue comes.

Thanks Ahkil. Since I am working on AES-CCM for this PMD, I have the change
already done. I have seen performance improvements, but it is not as straight forward
as the cipher algorithms, because GMAC is also affected, which is in a different code path,
but requires GCM to be set.

> 
> Thanks,
> Akhil
> 


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH] crypto/openssl: performance improvements
  2017-08-15  7:26       ` De Lara Guarch, Pablo
@ 2017-08-16  7:03         ` Akhil Goyal
  0 siblings, 0 replies; 34+ messages in thread
From: Akhil Goyal @ 2017-08-16  7:03 UTC (permalink / raw)
  To: De Lara Guarch, Pablo, dev, Doherty, Declan; +Cc: hemant.agrawal

Hi Pablo,
On 8/15/2017 12:56 PM, De Lara Guarch, Pablo wrote:
> Hi,
> 
>> -----Original Message-----
>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>> Sent: Tuesday, August 15, 2017 7:45 AM
>> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
>> dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com>
>> Cc: hemant.agrawal@nxp.com
>> Subject: Re: [PATCH] crypto/openssl: performance improvements
>>
>> On 8/14/2017 7:47 PM, De Lara Guarch, Pablo wrote:
>>> Hi Akhil,
>>>
>>>> -----Original Message-----
>>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>>>> Sent: Friday, July 28, 2017 12:08 PM
>>>> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com>
>>>> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
>>>> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com>
>>>> Subject: [PATCH] crypto/openssl: performance improvements
>>>>
>>>> key and algo are added in the openssl ctx during session
>>>> initialization instead of adding it for each packet.
>>>>
>>>> Also in case of HMAC the openssl APIs HMAC_XXX give better
>>>> performance for all HMAC cases.
>>>>
>>>> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
>>>
>>> Thanks for the patch, nice optimization!
>>> Could you split this into two patches, as you are doing two different
>> things here?
>>> One for the first sentence and another one for the second sentence.
>>> Also, as you do that, could you rename the title to be more explicit?
>>> Like: crypto/openssl: initialize cipher key at session init
>>>
>>> Finally, I was looking at GCM, and I think it could benefit from this.
>>> I will send a separate patch for it, unless you want to integrate it in this
>> patchset yourself.
>>>
>>
>> Ok I would split the patches.
>> For GCM I will try to incorporate in this patchset, if I get some performance
>> improvement, or I would send a different patch later if some issue comes.
> 
> Thanks Ahkil. Since I am working on AES-CCM for this PMD, I have the change
> already done. I have seen performance improvements, but it is not as straight forward
> as the cipher algorithms, because GMAC is also affected, which is in a different code path,
> but requires GCM to be set.
> 

If you have the change and it is working fine, then you can send your 
patch, no issues in that.

Thanks,
Akhil

^ permalink raw reply	[flat|nested] 34+ messages in thread

* [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs
  2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: performance improvements Akhil Goyal
  2017-07-28 11:58   ` De Lara Guarch, Pablo
  2017-08-14 14:17   ` De Lara Guarch, Pablo
@ 2017-08-29  6:58   ` Akhil Goyal
  2017-08-29  6:58     ` [dpdk-dev] [PATCH v2 2/2] crypto/openssl: performance improvements Akhil Goyal
                       ` (2 more replies)
  2 siblings, 3 replies; 34+ messages in thread
From: Akhil Goyal @ 2017-08-29  6:58 UTC (permalink / raw)
  To: dev, pablo.de.lara.guarch; +Cc: hemant.agrawal, declan.doherty, Akhil Goyal

in case of HMAC the openssl APIs HMAC_XXX give
better performance for all HMAC cases as compared with
EVP_XXX

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
changes in v2:
patch split in two patches as per Pablo's recommendations

 drivers/crypto/openssl/rte_openssl_pmd.c         | 37 +++++++++++++-----------
 drivers/crypto/openssl/rte_openssl_pmd_private.h |  3 +-
 2 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 0bd5f98..889d632 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -39,6 +39,7 @@
 #include <rte_malloc.h>
 #include <rte_cpuflags.h>
 
+#include <openssl/hmac.h>
 #include <openssl/evp.h>
 
 #include "rte_openssl_pmd_private.h"
@@ -403,12 +404,16 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	case RTE_CRYPTO_AUTH_SHA384_HMAC:
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		sess->auth.mode = OPENSSL_AUTH_AS_HMAC;
-		sess->auth.hmac.ctx = EVP_MD_CTX_create();
+		HMAC_CTX_init(&sess->auth.hmac.ctx);
 		if (get_auth_algo(xform->auth.algo,
 				&sess->auth.hmac.evp_algo) != 0)
 			return -EINVAL;
-		sess->auth.hmac.pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
-				xform->auth.key.data, xform->auth.key.length);
+
+		if (HMAC_Init_ex(&sess->auth.hmac.ctx,
+				xform->auth.key.data,
+				xform->auth.key.length,
+				sess->auth.hmac.evp_algo, NULL) != 1)
+			return -EINVAL;
 		break;
 
 	default:
@@ -547,7 +552,7 @@ openssl_reset_session(struct openssl_session *sess)
 		break;
 	case OPENSSL_AUTH_AS_HMAC:
 		EVP_PKEY_free(sess->auth.hmac.pkey);
-		EVP_MD_CTX_destroy(sess->auth.hmac.ctx);
+		HMAC_CTX_cleanup(&sess->auth.hmac.ctx);
 		break;
 	default:
 		break;
@@ -971,10 +976,9 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 /** Process standard openssl auth algorithms with hmac */
 static int
 process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
-		__rte_unused uint8_t *iv, EVP_PKEY *pkey,
-		int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo)
+		int srclen, HMAC_CTX *ctx)
 {
-	size_t dstlen;
+	unsigned int dstlen;
 	struct rte_mbuf *m;
 	int l, n = srclen;
 	uint8_t *src;
@@ -986,19 +990,16 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	if (m == 0)
 		goto process_auth_err;
 
-	if (EVP_DigestSignInit(ctx, NULL, algo, NULL, pkey) <= 0)
-		goto process_auth_err;
-
 	src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
 
 	l = rte_pktmbuf_data_len(m) - offset;
 	if (srclen <= l) {
-		if (EVP_DigestSignUpdate(ctx, (char *)src, srclen) <= 0)
+		if (HMAC_Update(ctx, (unsigned char *)src, srclen) != 1)
 			goto process_auth_err;
 		goto process_auth_final;
 	}
 
-	if (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0)
+	if (HMAC_Update(ctx, (unsigned char *)src, l) != 1)
 		goto process_auth_err;
 
 	n -= l;
@@ -1006,13 +1007,16 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
 		src = rte_pktmbuf_mtod(m, uint8_t *);
 		l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
-		if (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0)
+		if (HMAC_Update(ctx, (unsigned char *)src, l) != 1)
 			goto process_auth_err;
 		n -= l;
 	}
 
 process_auth_final:
-	if (EVP_DigestSignFinal(ctx, dst, &dstlen) <= 0)
+	if (HMAC_Final(ctx, dst, &dstlen) != 1)
+		goto process_auth_err;
+
+	if (unlikely(HMAC_Init_ex(ctx, NULL, 0, NULL, NULL) != 1))
 		goto process_auth_err;
 
 	return 0;
@@ -1265,9 +1269,8 @@ process_openssl_auth_op
 		break;
 	case OPENSSL_AUTH_AS_HMAC:
 		status = process_openssl_auth_hmac(mbuf_src, dst,
-				op->sym->auth.data.offset, NULL,
-				sess->auth.hmac.pkey, srclen,
-				sess->auth.hmac.ctx, sess->auth.hmac.evp_algo);
+				op->sym->auth.data.offset, srclen,
+				&sess->auth.hmac.ctx);
 		break;
 	default:
 		status = -1;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index b7f7475..e36741e 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -34,6 +34,7 @@
 #define _OPENSSL_PMD_PRIVATE_H_
 
 #include <openssl/evp.h>
+#include <openssl/hmac.h>
 #include <openssl/des.h>
 
 #define CRYPTODEV_NAME_OPENSSL_PMD	crypto_openssl
@@ -164,7 +165,7 @@ struct openssl_session {
 				/**< pointer to EVP key */
 				const EVP_MD *evp_algo;
 				/**< pointer to EVP algorithm function */
-				EVP_MD_CTX *ctx;
+				HMAC_CTX ctx;
 				/**< pointer to EVP context structure */
 			} hmac;
 		};
-- 
2.9.3

^ permalink raw reply	[flat|nested] 34+ messages in thread

* [dpdk-dev] [PATCH v2 2/2] crypto/openssl: performance improvements
  2017-08-29  6:58   ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal
@ 2017-08-29  6:58     ` Akhil Goyal
  2017-09-04 15:39       ` De Lara Guarch, Pablo
  2017-09-05  5:57       ` [dpdk-dev] [PATCH v3 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal
  2017-09-04 15:38     ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs De Lara Guarch, Pablo
  2017-09-08 14:03     ` De Lara Guarch, Pablo
  2 siblings, 2 replies; 34+ messages in thread
From: Akhil Goyal @ 2017-08-29  6:58 UTC (permalink / raw)
  To: dev, pablo.de.lara.guarch; +Cc: hemant.agrawal, declan.doherty, Akhil Goyal

key and algo are added in the openssl ctx during
session initialization instead of adding it for
each packet.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 58 ++++++++++++++++++++++----------
 1 file changed, 41 insertions(+), 17 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 889d632..b11a7fb 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -308,6 +308,22 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
 
 		get_cipher_key(xform->cipher.key.data, sess->cipher.key.length,
 			sess->cipher.key.data);
+		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+			if (EVP_EncryptInit_ex(sess->cipher.ctx,
+					sess->cipher.evp_algo,
+					NULL, xform->cipher.key.data,
+					NULL) != 1) {
+				return -EINVAL;
+			}
+		} else if (sess->cipher.direction ==
+				RTE_CRYPTO_CIPHER_OP_DECRYPT) {
+			if (EVP_DecryptInit_ex(sess->cipher.ctx,
+					sess->cipher.evp_algo,
+					NULL, xform->cipher.key.data,
+					NULL) != 1) {
+				return -EINVAL;
+			}
+		}
 
 		break;
 
@@ -334,6 +350,23 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
 
 		get_cipher_key(xform->cipher.key.data, sess->cipher.key.length,
 			sess->cipher.key.data);
+		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+			if (EVP_EncryptInit_ex(sess->cipher.ctx,
+					sess->cipher.evp_algo,
+					NULL, xform->cipher.key.data,
+					NULL) != 1) {
+				return -EINVAL;
+			}
+		} else if (sess->cipher.direction ==
+				RTE_CRYPTO_CIPHER_OP_DECRYPT) {
+			if (EVP_DecryptInit_ex(sess->cipher.ctx,
+					sess->cipher.evp_algo,
+					NULL, xform->cipher.key.data,
+					NULL) != 1) {
+				return -EINVAL;
+			}
+		}
+
 		break;
 	default:
 		sess->cipher.algo = RTE_CRYPTO_CIPHER_NULL;
@@ -698,12 +731,11 @@ process_openssl_decryption_update(struct rte_mbuf *mbuf_src, int offset,
 /** Process standard openssl cipher encryption */
 static int
 process_openssl_cipher_encrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,
-		int offset, uint8_t *iv, uint8_t *key, int srclen,
-		EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)
+		int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx)
 {
 	int totlen;
 
-	if (EVP_EncryptInit_ex(ctx, algo, NULL, key, iv) <= 0)
+	if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
 		goto process_cipher_encrypt_err;
 
 	EVP_CIPHER_CTX_set_padding(ctx, 0);
@@ -748,12 +780,11 @@ process_openssl_cipher_bpi_encrypt(uint8_t *src, uint8_t *dst,
 /** Process standard openssl cipher decryption */
 static int
 process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,
-		int offset, uint8_t *iv, uint8_t *key, int srclen,
-		EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)
+		int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx)
 {
 	int totlen;
 
-	if (EVP_DecryptInit_ex(ctx, algo, NULL, key, iv) <= 0)
+	if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
 		goto process_cipher_decrypt_err;
 
 	EVP_CIPHER_CTX_set_padding(ctx, 0);
@@ -1126,15 +1157,11 @@ process_openssl_cipher_op
 		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
 			status = process_openssl_cipher_encrypt(mbuf_src, dst,
 					op->sym->cipher.data.offset, iv,
-					sess->cipher.key.data, srclen,
-					sess->cipher.ctx,
-					sess->cipher.evp_algo);
+					srclen, sess->cipher.ctx);
 		else
 			status = process_openssl_cipher_decrypt(mbuf_src, dst,
 					op->sym->cipher.data.offset, iv,
-					sess->cipher.key.data, srclen,
-					sess->cipher.ctx,
-					sess->cipher.evp_algo);
+					srclen, sess->cipher.ctx);
 	else
 		status = process_openssl_cipher_des3ctr(mbuf_src, dst,
 				op->sym->cipher.data.offset, iv,
@@ -1178,8 +1205,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 			/* Encrypt with the block aligned stream with CBC mode */
 			status = process_openssl_cipher_encrypt(mbuf_src, dst,
 					op->sym->cipher.data.offset, iv,
-					sess->cipher.key.data, srclen,
-					sess->cipher.ctx, sess->cipher.evp_algo);
+					srclen, sess->cipher.ctx);
 			if (last_block_len) {
 				/* Point at last block */
 				dst += srclen;
@@ -1229,9 +1255,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 			/* Decrypt with CBC mode */
 			status |= process_openssl_cipher_decrypt(mbuf_src, dst,
 					op->sym->cipher.data.offset, iv,
-					sess->cipher.key.data, srclen,
-					sess->cipher.ctx,
-					sess->cipher.evp_algo);
+					srclen, sess->cipher.ctx);
 		}
 	}
 
-- 
2.9.3

^ permalink raw reply	[flat|nested] 34+ messages in thread

* [dpdk-dev] [PATCH v2] crypto/openssl: add openssl path for cross compile
  2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: add openssl path for cross compile Akhil Goyal
@ 2017-08-29  7:02   ` Akhil Goyal
  2017-09-05  8:22     ` De Lara Guarch, Pablo
  2017-09-05  9:02     ` [dpdk-dev] [PATCH v3] " Akhil Goyal
  0 siblings, 2 replies; 34+ messages in thread
From: Akhil Goyal @ 2017-08-29  7:02 UTC (permalink / raw)
  To: dev, pablo.de.lara.guarch; +Cc: hemant.agrawal, declan.doherty, Akhil Goyal

OPENSSL_PATH should be defined in case openssl
driver is cross compiled

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
changes in v2:
made changes to support shared build also.

 doc/guides/cryptodevs/openssl.rst | 4 ++++
 drivers/crypto/openssl/Makefile   | 3 ++-
 mk/rte.app.mk                     | 2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst
index f18a456..08cc9ba 100644
--- a/doc/guides/cryptodevs/openssl.rst
+++ b/doc/guides/cryptodevs/openssl.rst
@@ -88,6 +88,10 @@ sudo apt-get install libc6-dev-i386 (for i686-native-linuxapp-gcc target)
 This code was also verified on Fedora 24.
 This code was NOT yet verified on FreeBSD.
 
+In case openssl is cross compiled, openssl can be installed separately
+and path for openssl install directory can be given as
+export OPENSSL_PATH=<openssl install dir>
+
 Initialization
 --------------
 
diff --git a/drivers/crypto/openssl/Makefile b/drivers/crypto/openssl/Makefile
index e5fdfb5..2781a76 100644
--- a/drivers/crypto/openssl/Makefile
+++ b/drivers/crypto/openssl/Makefile
@@ -35,6 +35,7 @@ LIB = librte_pmd_openssl.a
 
 # build flags
 CFLAGS += -O3
+CFLAGS += -I${OPENSSL_PATH}/include/
 CFLAGS += $(WERROR_FLAGS)
 
 # library version
@@ -44,7 +45,7 @@ LIBABIVER := 1
 EXPORT_MAP := rte_pmd_openssl_version.map
 
 # external library dependencies
-LDLIBS += -lcrypto
+LDLIBS += -L${OPENSSL_PATH}/lib/ -lcrypto
 
 # library source files
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += rte_openssl_pmd.c
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index c25fdd9..ed38f3b 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -151,7 +151,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB)    += -lrte_pmd_aesni_mb
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB)    += -L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM)   += -lrte_pmd_aesni_gcm
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM)   += -L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL)     += -lrte_pmd_openssl -lcrypto
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL)     += -L${OPENSSL_PATH}/lib -lrte_pmd_openssl -lcrypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_NULL_CRYPTO) += -lrte_pmd_null_crypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT)         += -lrte_pmd_qat -lcrypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lrte_pmd_snow3g
-- 
2.9.3

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc
  2017-07-28 11:07 [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc Akhil Goyal
  2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: add openssl path for cross compile Akhil Goyal
  2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: performance improvements Akhil Goyal
@ 2017-09-04 14:48 ` De Lara Guarch, Pablo
  2017-09-05  5:58   ` Akhil Goyal
  2 siblings, 1 reply; 34+ messages in thread
From: De Lara Guarch, Pablo @ 2017-09-04 14:48 UTC (permalink / raw)
  To: Akhil Goyal, dev, Doherty, Declan; +Cc: hemant.agrawal



> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Friday, July 28, 2017 12:08 PM
> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com>
> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com>
> Subject: [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc
> 
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---
>  config/defconfig_arm64-dpaa2-linuxapp-gcc | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/config/defconfig_arm64-dpaa2-linuxapp-gcc
> b/config/defconfig_arm64-dpaa2-linuxapp-gcc
> index 8a42944..7de2d4e 100644
> --- a/config/defconfig_arm64-dpaa2-linuxapp-gcc
> +++ b/config/defconfig_arm64-dpaa2-linuxapp-gcc
> @@ -90,3 +90,9 @@
> CONFIG_RTE_DPAA2_SEC_PMD_MAX_NB_SESSIONS=2048
>  #
>  CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV=y
>  CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV_DEBUG=n
> +
> +#
> +# Compile PMD for Software backed device #
> +CONFIG_RTE_LIBRTE_PMD_OPENSSL=y
> CONFIG_RTE_LIBRTE_PMD_OPENSSL_DEBUG=n
> --
> 2.9.3

Is OpenSSL installed by default in that system, so this can be enabled by default for this target?

Pablo

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs
  2017-08-29  6:58   ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal
  2017-08-29  6:58     ` [dpdk-dev] [PATCH v2 2/2] crypto/openssl: performance improvements Akhil Goyal
@ 2017-09-04 15:38     ` De Lara Guarch, Pablo
  2017-09-08 14:03     ` De Lara Guarch, Pablo
  2 siblings, 0 replies; 34+ messages in thread
From: De Lara Guarch, Pablo @ 2017-09-04 15:38 UTC (permalink / raw)
  To: Akhil Goyal, dev; +Cc: hemant.agrawal, Doherty, Declan



> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Tuesday, August 29, 2017 7:59 AM
> To: dev@dpdk.org; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: hemant.agrawal@nxp.com; Doherty, Declan
> <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com>
> Subject: [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs
> 
> in case of HMAC the openssl APIs HMAC_XXX give better performance for
> all HMAC cases as compared with EVP_XXX
> 
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>

Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 2/2] crypto/openssl: performance improvements
  2017-08-29  6:58     ` [dpdk-dev] [PATCH v2 2/2] crypto/openssl: performance improvements Akhil Goyal
@ 2017-09-04 15:39       ` De Lara Guarch, Pablo
  2017-09-05  5:57       ` [dpdk-dev] [PATCH v3 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal
  1 sibling, 0 replies; 34+ messages in thread
From: De Lara Guarch, Pablo @ 2017-09-04 15:39 UTC (permalink / raw)
  To: Akhil Goyal, dev; +Cc: hemant.agrawal, Doherty, Declan



> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Tuesday, August 29, 2017 7:59 AM
> To: dev@dpdk.org; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: hemant.agrawal@nxp.com; Doherty, Declan
> <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com>
> Subject: [PATCH v2 2/2] crypto/openssl: performance improvements
> 
> key and algo are added in the openssl ctx during session initialization
> instead of adding it for each packet.
> 
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>

Could you modify the title to specify what you are improving?

Apart from that,

Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

^ permalink raw reply	[flat|nested] 34+ messages in thread

* [dpdk-dev] [PATCH v3 1/2] crypto/openssl: replace evp APIs with HMAC APIs
  2017-08-29  6:58     ` [dpdk-dev] [PATCH v2 2/2] crypto/openssl: performance improvements Akhil Goyal
  2017-09-04 15:39       ` De Lara Guarch, Pablo
@ 2017-09-05  5:57       ` Akhil Goyal
  2017-09-05  5:57         ` [dpdk-dev] [PATCH v3 2/2] crypto/openssl: key and algo updated during session init Akhil Goyal
  1 sibling, 1 reply; 34+ messages in thread
From: Akhil Goyal @ 2017-09-05  5:57 UTC (permalink / raw)
  To: dev, pablo.de.lara.guarch; +Cc: hemant.agrawal, declan.doherty, Akhil Goyal

in case of HMAC the openssl APIs HMAC_XXX give
better performance for all HMAC cases as compared with
EVP_XXX

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c         | 37 +++++++++++++-----------
 drivers/crypto/openssl/rte_openssl_pmd_private.h |  3 +-
 2 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 0bd5f98..889d632 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -39,6 +39,7 @@
 #include <rte_malloc.h>
 #include <rte_cpuflags.h>
 
+#include <openssl/hmac.h>
 #include <openssl/evp.h>
 
 #include "rte_openssl_pmd_private.h"
@@ -403,12 +404,16 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	case RTE_CRYPTO_AUTH_SHA384_HMAC:
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		sess->auth.mode = OPENSSL_AUTH_AS_HMAC;
-		sess->auth.hmac.ctx = EVP_MD_CTX_create();
+		HMAC_CTX_init(&sess->auth.hmac.ctx);
 		if (get_auth_algo(xform->auth.algo,
 				&sess->auth.hmac.evp_algo) != 0)
 			return -EINVAL;
-		sess->auth.hmac.pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
-				xform->auth.key.data, xform->auth.key.length);
+
+		if (HMAC_Init_ex(&sess->auth.hmac.ctx,
+				xform->auth.key.data,
+				xform->auth.key.length,
+				sess->auth.hmac.evp_algo, NULL) != 1)
+			return -EINVAL;
 		break;
 
 	default:
@@ -547,7 +552,7 @@ openssl_reset_session(struct openssl_session *sess)
 		break;
 	case OPENSSL_AUTH_AS_HMAC:
 		EVP_PKEY_free(sess->auth.hmac.pkey);
-		EVP_MD_CTX_destroy(sess->auth.hmac.ctx);
+		HMAC_CTX_cleanup(&sess->auth.hmac.ctx);
 		break;
 	default:
 		break;
@@ -971,10 +976,9 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 /** Process standard openssl auth algorithms with hmac */
 static int
 process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
-		__rte_unused uint8_t *iv, EVP_PKEY *pkey,
-		int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo)
+		int srclen, HMAC_CTX *ctx)
 {
-	size_t dstlen;
+	unsigned int dstlen;
 	struct rte_mbuf *m;
 	int l, n = srclen;
 	uint8_t *src;
@@ -986,19 +990,16 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	if (m == 0)
 		goto process_auth_err;
 
-	if (EVP_DigestSignInit(ctx, NULL, algo, NULL, pkey) <= 0)
-		goto process_auth_err;
-
 	src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
 
 	l = rte_pktmbuf_data_len(m) - offset;
 	if (srclen <= l) {
-		if (EVP_DigestSignUpdate(ctx, (char *)src, srclen) <= 0)
+		if (HMAC_Update(ctx, (unsigned char *)src, srclen) != 1)
 			goto process_auth_err;
 		goto process_auth_final;
 	}
 
-	if (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0)
+	if (HMAC_Update(ctx, (unsigned char *)src, l) != 1)
 		goto process_auth_err;
 
 	n -= l;
@@ -1006,13 +1007,16 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
 		src = rte_pktmbuf_mtod(m, uint8_t *);
 		l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
-		if (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0)
+		if (HMAC_Update(ctx, (unsigned char *)src, l) != 1)
 			goto process_auth_err;
 		n -= l;
 	}
 
 process_auth_final:
-	if (EVP_DigestSignFinal(ctx, dst, &dstlen) <= 0)
+	if (HMAC_Final(ctx, dst, &dstlen) != 1)
+		goto process_auth_err;
+
+	if (unlikely(HMAC_Init_ex(ctx, NULL, 0, NULL, NULL) != 1))
 		goto process_auth_err;
 
 	return 0;
@@ -1265,9 +1269,8 @@ process_openssl_auth_op
 		break;
 	case OPENSSL_AUTH_AS_HMAC:
 		status = process_openssl_auth_hmac(mbuf_src, dst,
-				op->sym->auth.data.offset, NULL,
-				sess->auth.hmac.pkey, srclen,
-				sess->auth.hmac.ctx, sess->auth.hmac.evp_algo);
+				op->sym->auth.data.offset, srclen,
+				&sess->auth.hmac.ctx);
 		break;
 	default:
 		status = -1;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index b7f7475..e36741e 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -34,6 +34,7 @@
 #define _OPENSSL_PMD_PRIVATE_H_
 
 #include <openssl/evp.h>
+#include <openssl/hmac.h>
 #include <openssl/des.h>
 
 #define CRYPTODEV_NAME_OPENSSL_PMD	crypto_openssl
@@ -164,7 +165,7 @@ struct openssl_session {
 				/**< pointer to EVP key */
 				const EVP_MD *evp_algo;
 				/**< pointer to EVP algorithm function */
-				EVP_MD_CTX *ctx;
+				HMAC_CTX ctx;
 				/**< pointer to EVP context structure */
 			} hmac;
 		};
-- 
2.9.3

^ permalink raw reply	[flat|nested] 34+ messages in thread

* [dpdk-dev] [PATCH v3 2/2] crypto/openssl: key and algo updated during session init
  2017-09-05  5:57       ` [dpdk-dev] [PATCH v3 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal
@ 2017-09-05  5:57         ` Akhil Goyal
  2017-09-06 10:24           ` De Lara Guarch, Pablo
  0 siblings, 1 reply; 34+ messages in thread
From: Akhil Goyal @ 2017-09-05  5:57 UTC (permalink / raw)
  To: dev, pablo.de.lara.guarch; +Cc: hemant.agrawal, declan.doherty, Akhil Goyal

key and algo are added in the openssl ctx during
session initialization instead of adding it for
each packet.
This would give performance improvement.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
changes in v3:
updated patch title
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 58 ++++++++++++++++++++++----------
 1 file changed, 41 insertions(+), 17 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 889d632..b11a7fb 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -308,6 +308,22 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
 
 		get_cipher_key(xform->cipher.key.data, sess->cipher.key.length,
 			sess->cipher.key.data);
+		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+			if (EVP_EncryptInit_ex(sess->cipher.ctx,
+					sess->cipher.evp_algo,
+					NULL, xform->cipher.key.data,
+					NULL) != 1) {
+				return -EINVAL;
+			}
+		} else if (sess->cipher.direction ==
+				RTE_CRYPTO_CIPHER_OP_DECRYPT) {
+			if (EVP_DecryptInit_ex(sess->cipher.ctx,
+					sess->cipher.evp_algo,
+					NULL, xform->cipher.key.data,
+					NULL) != 1) {
+				return -EINVAL;
+			}
+		}
 
 		break;
 
@@ -334,6 +350,23 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
 
 		get_cipher_key(xform->cipher.key.data, sess->cipher.key.length,
 			sess->cipher.key.data);
+		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+			if (EVP_EncryptInit_ex(sess->cipher.ctx,
+					sess->cipher.evp_algo,
+					NULL, xform->cipher.key.data,
+					NULL) != 1) {
+				return -EINVAL;
+			}
+		} else if (sess->cipher.direction ==
+				RTE_CRYPTO_CIPHER_OP_DECRYPT) {
+			if (EVP_DecryptInit_ex(sess->cipher.ctx,
+					sess->cipher.evp_algo,
+					NULL, xform->cipher.key.data,
+					NULL) != 1) {
+				return -EINVAL;
+			}
+		}
+
 		break;
 	default:
 		sess->cipher.algo = RTE_CRYPTO_CIPHER_NULL;
@@ -698,12 +731,11 @@ process_openssl_decryption_update(struct rte_mbuf *mbuf_src, int offset,
 /** Process standard openssl cipher encryption */
 static int
 process_openssl_cipher_encrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,
-		int offset, uint8_t *iv, uint8_t *key, int srclen,
-		EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)
+		int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx)
 {
 	int totlen;
 
-	if (EVP_EncryptInit_ex(ctx, algo, NULL, key, iv) <= 0)
+	if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
 		goto process_cipher_encrypt_err;
 
 	EVP_CIPHER_CTX_set_padding(ctx, 0);
@@ -748,12 +780,11 @@ process_openssl_cipher_bpi_encrypt(uint8_t *src, uint8_t *dst,
 /** Process standard openssl cipher decryption */
 static int
 process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,
-		int offset, uint8_t *iv, uint8_t *key, int srclen,
-		EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)
+		int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx)
 {
 	int totlen;
 
-	if (EVP_DecryptInit_ex(ctx, algo, NULL, key, iv) <= 0)
+	if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
 		goto process_cipher_decrypt_err;
 
 	EVP_CIPHER_CTX_set_padding(ctx, 0);
@@ -1126,15 +1157,11 @@ process_openssl_cipher_op
 		if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
 			status = process_openssl_cipher_encrypt(mbuf_src, dst,
 					op->sym->cipher.data.offset, iv,
-					sess->cipher.key.data, srclen,
-					sess->cipher.ctx,
-					sess->cipher.evp_algo);
+					srclen, sess->cipher.ctx);
 		else
 			status = process_openssl_cipher_decrypt(mbuf_src, dst,
 					op->sym->cipher.data.offset, iv,
-					sess->cipher.key.data, srclen,
-					sess->cipher.ctx,
-					sess->cipher.evp_algo);
+					srclen, sess->cipher.ctx);
 	else
 		status = process_openssl_cipher_des3ctr(mbuf_src, dst,
 				op->sym->cipher.data.offset, iv,
@@ -1178,8 +1205,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 			/* Encrypt with the block aligned stream with CBC mode */
 			status = process_openssl_cipher_encrypt(mbuf_src, dst,
 					op->sym->cipher.data.offset, iv,
-					sess->cipher.key.data, srclen,
-					sess->cipher.ctx, sess->cipher.evp_algo);
+					srclen, sess->cipher.ctx);
 			if (last_block_len) {
 				/* Point at last block */
 				dst += srclen;
@@ -1229,9 +1255,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op,
 			/* Decrypt with CBC mode */
 			status |= process_openssl_cipher_decrypt(mbuf_src, dst,
 					op->sym->cipher.data.offset, iv,
-					sess->cipher.key.data, srclen,
-					sess->cipher.ctx,
-					sess->cipher.evp_algo);
+					srclen, sess->cipher.ctx);
 		}
 	}
 
-- 
2.9.3

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc
  2017-09-04 14:48 ` [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc De Lara Guarch, Pablo
@ 2017-09-05  5:58   ` Akhil Goyal
  2017-09-06 10:25     ` De Lara Guarch, Pablo
  0 siblings, 1 reply; 34+ messages in thread
From: Akhil Goyal @ 2017-09-05  5:58 UTC (permalink / raw)
  To: De Lara Guarch, Pablo, dev, Doherty, Declan; +Cc: hemant.agrawal

Hi Pablo,
On 9/4/2017 8:18 PM, De Lara Guarch, Pablo wrote:
> 
> 
>> -----Original Message-----
>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>> Sent: Friday, July 28, 2017 12:08 PM
>> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com>
>> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
>> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com>
>> Subject: [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc
>>
>> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
>> ---
>>   config/defconfig_arm64-dpaa2-linuxapp-gcc | 6 ++++++
>>   1 file changed, 6 insertions(+)
>>
>> diff --git a/config/defconfig_arm64-dpaa2-linuxapp-gcc
>> b/config/defconfig_arm64-dpaa2-linuxapp-gcc
>> index 8a42944..7de2d4e 100644
>> --- a/config/defconfig_arm64-dpaa2-linuxapp-gcc
>> +++ b/config/defconfig_arm64-dpaa2-linuxapp-gcc
>> @@ -90,3 +90,9 @@
>> CONFIG_RTE_DPAA2_SEC_PMD_MAX_NB_SESSIONS=2048
>>   #
>>   CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV=y
>>   CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV_DEBUG=n
>> +
>> +#
>> +# Compile PMD for Software backed device #
>> +CONFIG_RTE_LIBRTE_PMD_OPENSSL=y
>> CONFIG_RTE_LIBRTE_PMD_OPENSSL_DEBUG=n
>> --
>> 2.9.3
> 
> Is OpenSSL installed by default in that system, so this can be enabled by default for this target?
> 
yes this is installed by default.

-Akhil

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2] crypto/openssl: add openssl path for cross compile
  2017-08-29  7:02   ` [dpdk-dev] [PATCH v2] " Akhil Goyal
@ 2017-09-05  8:22     ` De Lara Guarch, Pablo
  2017-09-05  8:37       ` Akhil Goyal
  2017-09-05  9:02     ` [dpdk-dev] [PATCH v3] " Akhil Goyal
  1 sibling, 1 reply; 34+ messages in thread
From: De Lara Guarch, Pablo @ 2017-09-05  8:22 UTC (permalink / raw)
  To: Akhil Goyal, dev; +Cc: hemant.agrawal, Doherty, Declan

Hi Akhil,

> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Tuesday, August 29, 2017 8:02 AM
> To: dev@dpdk.org; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: hemant.agrawal@nxp.com; Doherty, Declan
> <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com>
> Subject: [PATCH v2] crypto/openssl: add openssl path for cross compile
> 
> OPENSSL_PATH should be defined in case openssl driver is cross compiled
> 
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---

...

> --- a/mk/rte.app.mk
> +++ b/mk/rte.app.mk
> @@ -151,7 +151,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB)
> += -lrte_pmd_aesni_mb
>  _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB)    += -
> L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB
>  _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM)   += -
> lrte_pmd_aesni_gcm
>  _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM)   += -
> L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB
> -_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL)     += -lrte_pmd_openssl -
> lcrypto
> +_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL)     += -
> L${OPENSSL_PATH}/lib -lrte_pmd_openssl -lcrypto

I am getting the following messages when compiling:

/usr/bin/ld: skipping incompatible /lib/libcrypto.so when searching for -lcrypto
/usr/bin/ld: skipping incompatible /lib/librt.so when searching for -lrt
/usr/bin/ld: skipping incompatible /lib/libm.so when searching for -lm

Since, OPENSSL_PATH is not defined in my system, it is trying to link against libraries in /lib/.
I suggest adding a condition to add the openssl directory only if OPENSSL_PATH is defined:

+ifeq ($(OPENSSL_PATH),)
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL)     += -lrte_pmd_openssl -lcrypto
+else
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL)     += -L${OPENSSL_PATH}/lib -lrte_pmd_openssl -lcrypto
+endif

Would this work for you?

Thanks,
Pablo

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2] crypto/openssl: add openssl path for cross compile
  2017-09-05  8:22     ` De Lara Guarch, Pablo
@ 2017-09-05  8:37       ` Akhil Goyal
  0 siblings, 0 replies; 34+ messages in thread
From: Akhil Goyal @ 2017-09-05  8:37 UTC (permalink / raw)
  To: De Lara Guarch, Pablo, dev; +Cc: hemant.agrawal, Doherty, Declan

Hi Pablo,
On 9/5/2017 1:52 PM, De Lara Guarch, Pablo wrote:
> Hi Akhil,
> 
>> -----Original Message-----
>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>> Sent: Tuesday, August 29, 2017 8:02 AM
>> To: dev@dpdk.org; De Lara Guarch, Pablo
>> <pablo.de.lara.guarch@intel.com>
>> Cc: hemant.agrawal@nxp.com; Doherty, Declan
>> <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com>
>> Subject: [PATCH v2] crypto/openssl: add openssl path for cross compile
>>
>> OPENSSL_PATH should be defined in case openssl driver is cross compiled
>>
>> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
>> ---
> 
> ...
> 
>> --- a/mk/rte.app.mk
>> +++ b/mk/rte.app.mk
>> @@ -151,7 +151,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB)
>> += -lrte_pmd_aesni_mb
>>   _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB)    += -
>> L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB
>>   _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM)   += -
>> lrte_pmd_aesni_gcm
>>   _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM)   += -
>> L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB
>> -_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL)     += -lrte_pmd_openssl -
>> lcrypto
>> +_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL)     += -
>> L${OPENSSL_PATH}/lib -lrte_pmd_openssl -lcrypto
> 
> I am getting the following messages when compiling:
> 
> /usr/bin/ld: skipping incompatible /lib/libcrypto.so when searching for -lcrypto
> /usr/bin/ld: skipping incompatible /lib/librt.so when searching for -lrt
> /usr/bin/ld: skipping incompatible /lib/libm.so when searching for -lm
> 
> Since, OPENSSL_PATH is not defined in my system, it is trying to link against libraries in /lib/.
> I suggest adding a condition to add the openssl directory only if OPENSSL_PATH is defined:
> 
> +ifeq ($(OPENSSL_PATH),)
> +_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL)     += -lrte_pmd_openssl -lcrypto
> +else
>   _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL)     += -L${OPENSSL_PATH}/lib -lrte_pmd_openssl -lcrypto
> +endif
> 
> Would this work for you?
> 
Thanks for the suggestion.
yes this would be fine. I will update the patch accordingly.

-Akhil

^ permalink raw reply	[flat|nested] 34+ messages in thread

* [dpdk-dev] [PATCH v3] crypto/openssl: add openssl path for cross compile
  2017-08-29  7:02   ` [dpdk-dev] [PATCH v2] " Akhil Goyal
  2017-09-05  8:22     ` De Lara Guarch, Pablo
@ 2017-09-05  9:02     ` Akhil Goyal
  2017-09-06  9:26       ` De Lara Guarch, Pablo
                         ` (2 more replies)
  1 sibling, 3 replies; 34+ messages in thread
From: Akhil Goyal @ 2017-09-05  9:02 UTC (permalink / raw)
  To: dev, pablo.de.lara.guarch; +Cc: hemant.agrawal, declan.doherty, Akhil Goyal

OPENSSL_PATH should be defined in case openssl
driver is cross compiled

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
changes in v3:
make OPENSSL_PATH usage conditional if it is not set as suggested by Pablo
 doc/guides/cryptodevs/openssl.rst | 4 ++++
 drivers/crypto/openssl/Makefile   | 7 +++++++
 mk/rte.app.mk                     | 4 ++++
 3 files changed, 15 insertions(+)

diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst
index f18a456..08cc9ba 100644
--- a/doc/guides/cryptodevs/openssl.rst
+++ b/doc/guides/cryptodevs/openssl.rst
@@ -88,6 +88,10 @@ sudo apt-get install libc6-dev-i386 (for i686-native-linuxapp-gcc target)
 This code was also verified on Fedora 24.
 This code was NOT yet verified on FreeBSD.
 
+In case openssl is cross compiled, openssl can be installed separately
+and path for openssl install directory can be given as
+export OPENSSL_PATH=<openssl install dir>
+
 Initialization
 --------------
 
diff --git a/drivers/crypto/openssl/Makefile b/drivers/crypto/openssl/Makefile
index e5fdfb5..a6f13e0 100644
--- a/drivers/crypto/openssl/Makefile
+++ b/drivers/crypto/openssl/Makefile
@@ -35,6 +35,9 @@ LIB = librte_pmd_openssl.a
 
 # build flags
 CFLAGS += -O3
+ifneq ($(OPENSSL_PATH),)
+CFLAGS += -I${OPENSSL_PATH}/include/
+endif
 CFLAGS += $(WERROR_FLAGS)
 
 # library version
@@ -44,7 +47,11 @@ LIBABIVER := 1
 EXPORT_MAP := rte_pmd_openssl_version.map
 
 # external library dependencies
+ifneq ($(OPENSSL_PATH),)
+LDLIBS += -L${OPENSSL_PATH}/lib/ -lcrypto
+else
 LDLIBS += -lcrypto
+endif
 
 # library source files
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += rte_openssl_pmd.c
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index c25fdd9..799aa99 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -151,7 +151,11 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB)    += -lrte_pmd_aesni_mb
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB)    += -L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM)   += -lrte_pmd_aesni_gcm
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM)   += -L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB
+ifeq ($(OPENSSL_PATH),)
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL)     += -lrte_pmd_openssl -lcrypto
+else
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL)     += -L${OPENSSL_PATH}/lib -lrte_pmd_openssl -lcrypto
+endif # ($(OPENSSL_PATH),)
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_NULL_CRYPTO) += -lrte_pmd_null_crypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT)         += -lrte_pmd_qat -lcrypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lrte_pmd_snow3g
-- 
2.9.3

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v3] crypto/openssl: add openssl path for cross compile
  2017-09-05  9:02     ` [dpdk-dev] [PATCH v3] " Akhil Goyal
@ 2017-09-06  9:26       ` De Lara Guarch, Pablo
  2017-09-06 10:15       ` De Lara Guarch, Pablo
  2017-10-12 13:06       ` Thomas Monjalon
  2 siblings, 0 replies; 34+ messages in thread
From: De Lara Guarch, Pablo @ 2017-09-06  9:26 UTC (permalink / raw)
  To: Akhil Goyal, dev; +Cc: hemant.agrawal, Doherty, Declan



> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Tuesday, September 5, 2017 10:03 AM
> To: dev@dpdk.org; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: hemant.agrawal@nxp.com; Doherty, Declan
> <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com>
> Subject: [PATCH v3] crypto/openssl: add openssl path for cross compile
> 
> OPENSSL_PATH should be defined in case openssl driver is cross compiled
> 
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>

Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v3] crypto/openssl: add openssl path for cross compile
  2017-09-05  9:02     ` [dpdk-dev] [PATCH v3] " Akhil Goyal
  2017-09-06  9:26       ` De Lara Guarch, Pablo
@ 2017-09-06 10:15       ` De Lara Guarch, Pablo
  2017-10-12 13:06       ` Thomas Monjalon
  2 siblings, 0 replies; 34+ messages in thread
From: De Lara Guarch, Pablo @ 2017-09-06 10:15 UTC (permalink / raw)
  To: Akhil Goyal, dev; +Cc: hemant.agrawal, Doherty, Declan



> -----Original Message-----
> From: De Lara Guarch, Pablo
> Sent: Wednesday, September 6, 2017 10:27 AM
> To: 'Akhil Goyal' <akhil.goyal@nxp.com>; dev@dpdk.org
> Cc: hemant.agrawal@nxp.com; Doherty, Declan
> <declan.doherty@intel.com>
> Subject: RE: [PATCH v3] crypto/openssl: add openssl path for cross compile
> 
> 
> 
> > -----Original Message-----
> > From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> > Sent: Tuesday, September 5, 2017 10:03 AM
> > To: dev@dpdk.org; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>
> > Cc: hemant.agrawal@nxp.com; Doherty, Declan
> > <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com>
> > Subject: [PATCH v3] crypto/openssl: add openssl path for cross compile
> >
> > OPENSSL_PATH should be defined in case openssl driver is cross
> > compiled
> >
> > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> 
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

Applied to dpdk-next-crypto.
Thanks,

Pablo

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v3 2/2] crypto/openssl: key and algo updated during session init
  2017-09-05  5:57         ` [dpdk-dev] [PATCH v3 2/2] crypto/openssl: key and algo updated during session init Akhil Goyal
@ 2017-09-06 10:24           ` De Lara Guarch, Pablo
  0 siblings, 0 replies; 34+ messages in thread
From: De Lara Guarch, Pablo @ 2017-09-06 10:24 UTC (permalink / raw)
  To: Akhil Goyal, dev; +Cc: hemant.agrawal, Doherty, Declan



> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Tuesday, September 5, 2017 6:58 AM
> To: dev@dpdk.org; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: hemant.agrawal@nxp.com; Doherty, Declan
> <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com>
> Subject: [PATCH v3 2/2] crypto/openssl: key and algo updated during
> session init
> 
> key and algo are added in the openssl ctx during session initialization
> instead of adding it for each packet.
> This would give performance improvement.
> 
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> changes in
> v3:
> updated patch title

Applied to dpdk-next-crypto.
Thanks,

Pablo

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc
  2017-09-05  5:58   ` Akhil Goyal
@ 2017-09-06 10:25     ` De Lara Guarch, Pablo
  2017-10-12 13:01       ` Thomas Monjalon
  0 siblings, 1 reply; 34+ messages in thread
From: De Lara Guarch, Pablo @ 2017-09-06 10:25 UTC (permalink / raw)
  To: Akhil Goyal, dev, Doherty, Declan; +Cc: hemant.agrawal



> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Tuesday, September 5, 2017 6:59 AM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com>
> Cc: hemant.agrawal@nxp.com
> Subject: Re: [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc
> 
> Hi Pablo,
> On 9/4/2017 8:18 PM, De Lara Guarch, Pablo wrote:
> >
> >
> >> -----Original Message-----
> >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >> Sent: Friday, July 28, 2017 12:08 PM
> >> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com>
> >> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> >> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com>
> >> Subject: [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc
> >>
> >> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> >> ---
> >>   config/defconfig_arm64-dpaa2-linuxapp-gcc | 6 ++++++
> >>   1 file changed, 6 insertions(+)
> >>
> >> diff --git a/config/defconfig_arm64-dpaa2-linuxapp-gcc
> >> b/config/defconfig_arm64-dpaa2-linuxapp-gcc
> >> index 8a42944..7de2d4e 100644
> >> --- a/config/defconfig_arm64-dpaa2-linuxapp-gcc
> >> +++ b/config/defconfig_arm64-dpaa2-linuxapp-gcc
> >> @@ -90,3 +90,9 @@
> >> CONFIG_RTE_DPAA2_SEC_PMD_MAX_NB_SESSIONS=2048
> >>   #
> >>   CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV=y
> >>   CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV_DEBUG=n
> >> +
> >> +#
> >> +# Compile PMD for Software backed device #
> >> +CONFIG_RTE_LIBRTE_PMD_OPENSSL=y
> >> CONFIG_RTE_LIBRTE_PMD_OPENSSL_DEBUG=n
> >> --
> >> 2.9.3
> >
> > Is OpenSSL installed by default in that system, so this can be enabled by
> default for this target?
> >
> yes this is installed by default.

Thanks for the reply.

Applied to dpdk-next-crypto.
Thanks,

Pablo
> 
> -Akhil


^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs
  2017-08-29  6:58   ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal
  2017-08-29  6:58     ` [dpdk-dev] [PATCH v2 2/2] crypto/openssl: performance improvements Akhil Goyal
  2017-09-04 15:38     ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs De Lara Guarch, Pablo
@ 2017-09-08 14:03     ` De Lara Guarch, Pablo
  2017-09-11  8:41       ` Akhil Goyal
  2017-09-20  9:56       ` Akhil Goyal
  2 siblings, 2 replies; 34+ messages in thread
From: De Lara Guarch, Pablo @ 2017-09-08 14:03 UTC (permalink / raw)
  To: Akhil Goyal, dev; +Cc: hemant.agrawal, Doherty, Declan

Hi Akhil,

> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Tuesday, August 29, 2017 7:59 AM
> To: dev@dpdk.org; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: hemant.agrawal@nxp.com; Doherty, Declan
> <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com>
> Subject: [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs
> 
> in case of HMAC the openssl APIs HMAC_XXX give better performance for
> all HMAC cases as compared with EVP_XXX
> 
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---
> changes in v2:
> patch split in two patches as per Pablo's recommendations
> 
>  drivers/crypto/openssl/rte_openssl_pmd.c         | 37 +++++++++++++-------

I just come across an issue with this patch on openssl 1.1.0 (below).
Unfortunately, I have already applied the patch in the subtree, but if you could send a patch to fix this,
I can integrate as part of that patch.

Thanks,
Pablo

drivers/crypto/openssl/rte_openssl_pmd_private.h:168:14: error: field 'ctx' has incomplete type
     HMAC_CTX ctx;
              ^~~
In file included from drivers/crypto/openssl/rte_openssl_pmd_ops.c:39:0:
drivers/crypto/openssl/rte_openssl_pmd_private.h:168:14: error: field 'ctx' has incomplete type
     HMAC_CTX ctx;
              ^~~
drivers/crypto/openssl/rte_openssl_pmd.c: In function 'openssl_set_session_auth_parameters':
drivers/crypto/openssl/rte_openssl_pmd.c:440:3: error: implicit declaration of function 'HMAC_CTX_init'; did you mean 'HMAC_CTX_new'? [-Werror=implicit-function-declaration]
   HMAC_CTX_init(&sess->auth.hmac.ctx);
   ^~~~~~~~~~~~~
   HMAC_CTX_new

drivers/crypto/openssl/rte_openssl_pmd.c:440:3: error: nested extern declaration of 'HMAC_CTX_init' [-Werror=nested-externs]
make[4]: *** [mk/internal/rte.compile-pre.mk:140: rte_openssl_pmd_ops.o] Error 1
make[4]: *** Waiting for unfinished jobs....
drivers/crypto/openssl/rte_openssl_pmd.c: In function 'openssl_reset_session':
drivers/crypto/openssl/rte_openssl_pmd.c:588:3: error: implicit declaration of function 'HMAC_CTX_cleanup'; did you mean 'HMAC_CTX_get_md'? [-Werror=implicit-function-declaration]
   HMAC_CTX_cleanup(&sess->auth.hmac.ctx);
   ^~~~~~~~~~~~~~~~
   HMAC_CTX_get_md
drivers/crypto/openssl/rte_openssl_pmd.c:588:3: error: nested extern declaration of 'HMAC_CTX_cleanup' [-Werror=nested-externs]
cc1: all warnings being treated as errors
make[4]: *** [mk/internal/rte.compile-pre.mk:140: rte_openssl_pmd.o] Error 1

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs
  2017-09-08 14:03     ` De Lara Guarch, Pablo
@ 2017-09-11  8:41       ` Akhil Goyal
  2017-09-20  9:56       ` Akhil Goyal
  1 sibling, 0 replies; 34+ messages in thread
From: Akhil Goyal @ 2017-09-11  8:41 UTC (permalink / raw)
  To: De Lara Guarch, Pablo, dev; +Cc: hemant.agrawal, Doherty, Declan

Hi Pablo,
On 9/8/2017 7:33 PM, De Lara Guarch, Pablo wrote:
> Hi Akhil,
> 
>> -----Original Message-----
>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>> Sent: Tuesday, August 29, 2017 7:59 AM
>> To: dev@dpdk.org; De Lara Guarch, Pablo
>> <pablo.de.lara.guarch@intel.com>
>> Cc: hemant.agrawal@nxp.com; Doherty, Declan
>> <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com>
>> Subject: [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs
>>
>> in case of HMAC the openssl APIs HMAC_XXX give better performance for
>> all HMAC cases as compared with EVP_XXX
>>
>> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
>> ---
>> changes in v2:
>> patch split in two patches as per Pablo's recommendations
>>
>>   drivers/crypto/openssl/rte_openssl_pmd.c         | 37 +++++++++++++-------
> 
> I just come across an issue with this patch on openssl 1.1.0 (below).
> Unfortunately, I have already applied the patch in the subtree, but if you could send a patch to fix this,
> I can integrate as part of that patch.
> 
> Thanks,
> Pablo
> 
> drivers/crypto/openssl/rte_openssl_pmd_private.h:168:14: error: field 'ctx' has incomplete type
>       HMAC_CTX ctx;
>                ^~~
> In file included from drivers/crypto/openssl/rte_openssl_pmd_ops.c:39:0:
> drivers/crypto/openssl/rte_openssl_pmd_private.h:168:14: error: field 'ctx' has incomplete type
>       HMAC_CTX ctx;
>                ^~~
> drivers/crypto/openssl/rte_openssl_pmd.c: In function 'openssl_set_session_auth_parameters':
> drivers/crypto/openssl/rte_openssl_pmd.c:440:3: error: implicit declaration of function 'HMAC_CTX_init'; did you mean 'HMAC_CTX_new'? [-Werror=implicit-function-declaration]
>     HMAC_CTX_init(&sess->auth.hmac.ctx);
>     ^~~~~~~~~~~~~
>     HMAC_CTX_new
> 
> drivers/crypto/openssl/rte_openssl_pmd.c:440:3: error: nested extern declaration of 'HMAC_CTX_init' [-Werror=nested-externs]
> make[4]: *** [mk/internal/rte.compile-pre.mk:140: rte_openssl_pmd_ops.o] Error 1
> make[4]: *** Waiting for unfinished jobs....
> drivers/crypto/openssl/rte_openssl_pmd.c: In function 'openssl_reset_session':
> drivers/crypto/openssl/rte_openssl_pmd.c:588:3: error: implicit declaration of function 'HMAC_CTX_cleanup'; did you mean 'HMAC_CTX_get_md'? [-Werror=implicit-function-declaration]
>     HMAC_CTX_cleanup(&sess->auth.hmac.ctx);
>     ^~~~~~~~~~~~~~~~
>     HMAC_CTX_get_md
> drivers/crypto/openssl/rte_openssl_pmd.c:588:3: error: nested extern declaration of 'HMAC_CTX_cleanup' [-Werror=nested-externs]
> cc1: all warnings being treated as errors
> make[4]: *** [mk/internal/rte.compile-pre.mk:140: rte_openssl_pmd.o] Error 1
> 

I will look into this and will send the patch ASAP.

Regards,
Akhil

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs
  2017-09-08 14:03     ` De Lara Guarch, Pablo
  2017-09-11  8:41       ` Akhil Goyal
@ 2017-09-20  9:56       ` Akhil Goyal
  1 sibling, 0 replies; 34+ messages in thread
From: Akhil Goyal @ 2017-09-20  9:56 UTC (permalink / raw)
  To: De Lara Guarch, Pablo, dev; +Cc: hemant.agrawal, Doherty, Declan

Hi Pablo,

On 9/8/2017 7:33 PM, De Lara Guarch, Pablo wrote:
> Hi Akhil,
> 
>> -----Original Message-----
>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>> Sent: Tuesday, August 29, 2017 7:59 AM
>> To: dev@dpdk.org; De Lara Guarch, Pablo
>> <pablo.de.lara.guarch@intel.com>
>> Cc: hemant.agrawal@nxp.com; Doherty, Declan
>> <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com>
>> Subject: [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs
>>
>> in case of HMAC the openssl APIs HMAC_XXX give better performance for
>> all HMAC cases as compared with EVP_XXX
>>
>> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
>> ---
>> changes in v2:
>> patch split in two patches as per Pablo's recommendations
>>
>>   drivers/crypto/openssl/rte_openssl_pmd.c         | 37 +++++++++++++-------
> 
> I just come across an issue with this patch on openssl 1.1.0 (below).
> Unfortunately, I have already applied the patch in the subtree, but if you could send a patch to fix this,
> I can integrate as part of that patch.
> 
I have sent a patch to fix this.
http://dpdk.org/dev/patchwork/patch/28995/

Thanks,
Akhil

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc
  2017-09-06 10:25     ` De Lara Guarch, Pablo
@ 2017-10-12 13:01       ` Thomas Monjalon
  2017-10-12 13:32         ` Hemant Agrawal
  0 siblings, 1 reply; 34+ messages in thread
From: Thomas Monjalon @ 2017-10-12 13:01 UTC (permalink / raw)
  To: De Lara Guarch, Pablo, Akhil Goyal; +Cc: dev, Doherty, Declan, hemant.agrawal

06/09/2017 12:25, De Lara Guarch, Pablo:
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> > 
> > Hi Pablo,
> > On 9/4/2017 8:18 PM, De Lara Guarch, Pablo wrote:
> > > From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> > >> --- a/config/defconfig_arm64-dpaa2-linuxapp-gcc
> > >> +++ b/config/defconfig_arm64-dpaa2-linuxapp-gcc
> > >> @@ -90,3 +90,9 @@
> > >> CONFIG_RTE_DPAA2_SEC_PMD_MAX_NB_SESSIONS=2048
> > >>   #
> > >>   CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV=y
> > >>   CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV_DEBUG=n
> > >> +
> > >> +#
> > >> +# Compile PMD for Software backed device #
> > >> +CONFIG_RTE_LIBRTE_PMD_OPENSSL=y
> > >> CONFIG_RTE_LIBRTE_PMD_OPENSSL_DEBUG=n
> > >> --
> > >> 2.9.3
> > >
> > > Is OpenSSL installed by default in that system, so this can be enabled by
> > default for this target?
> > >
> > yes this is installed by default.
> 
> Thanks for the reply.
> 
> Applied to dpdk-next-crypto.
> Thanks,

Where is it installed by default?
On your machine? In your build system?
It is at least not installed on my machine when I compile this target.

This file is a defconfig, not your preferred config.

This patch should be dropped.

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v3] crypto/openssl: add openssl path for cross compile
  2017-09-05  9:02     ` [dpdk-dev] [PATCH v3] " Akhil Goyal
  2017-09-06  9:26       ` De Lara Guarch, Pablo
  2017-09-06 10:15       ` De Lara Guarch, Pablo
@ 2017-10-12 13:06       ` Thomas Monjalon
  2017-10-12 13:31         ` Hemant Agrawal
  2 siblings, 1 reply; 34+ messages in thread
From: Thomas Monjalon @ 2017-10-12 13:06 UTC (permalink / raw)
  To: Akhil Goyal, pablo.de.lara.guarch; +Cc: dev, hemant.agrawal, declan.doherty

05/09/2017 11:02, Akhil Goyal:
> OPENSSL_PATH should be defined in case openssl
> driver is cross compiled

No: in case OpenSSL cannot be found automatically,
you should use EXTRA_CFLAGS and EXTRA_LDFLAGS.

It is the same for other standard dependencies like
libnuma, libpcap, libzip, etc.

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v3] crypto/openssl: add openssl path for cross compile
  2017-10-12 13:06       ` Thomas Monjalon
@ 2017-10-12 13:31         ` Hemant Agrawal
  2017-10-12 13:34           ` Thomas Monjalon
  0 siblings, 1 reply; 34+ messages in thread
From: Hemant Agrawal @ 2017-10-12 13:31 UTC (permalink / raw)
  To: Thomas Monjalon, Akhil Goyal, pablo.de.lara.guarch; +Cc: dev, declan.doherty

On 10/12/2017 6:36 PM, Thomas Monjalon wrote:
> 05/09/2017 11:02, Akhil Goyal:
>> OPENSSL_PATH should be defined in case openssl
>> driver is cross compiled
>
> No: in case OpenSSL cannot be found automatically,
> you should use EXTRA_CFLAGS and EXTRA_LDFLAGS.
>
> It is the same for other standard dependencies like
> libnuma, libpcap, libzip, etc.
>
Pablo/Thomas,
	We are ok to drop this patch.

Regards,
Hemant

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc
  2017-10-12 13:01       ` Thomas Monjalon
@ 2017-10-12 13:32         ` Hemant Agrawal
  0 siblings, 0 replies; 34+ messages in thread
From: Hemant Agrawal @ 2017-10-12 13:32 UTC (permalink / raw)
  To: Thomas Monjalon, De Lara Guarch, Pablo, Akhil Goyal; +Cc: dev, Doherty, Declan

On 10/12/2017 6:31 PM, Thomas Monjalon wrote:
> 06/09/2017 12:25, De Lara Guarch, Pablo:
>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>>>
>>> Hi Pablo,
>>> On 9/4/2017 8:18 PM, De Lara Guarch, Pablo wrote:
>>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>>>>> --- a/config/defconfig_arm64-dpaa2-linuxapp-gcc
>>>>> +++ b/config/defconfig_arm64-dpaa2-linuxapp-gcc
>>>>> @@ -90,3 +90,9 @@
>>>>> CONFIG_RTE_DPAA2_SEC_PMD_MAX_NB_SESSIONS=2048
>>>>>   #
>>>>>   CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV=y
>>>>>   CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV_DEBUG=n
>>>>> +
>>>>> +#
>>>>> +# Compile PMD for Software backed device #
>>>>> +CONFIG_RTE_LIBRTE_PMD_OPENSSL=y
>>>>> CONFIG_RTE_LIBRTE_PMD_OPENSSL_DEBUG=n
>>>>> --
>>>>> 2.9.3
>>>>
>>>> Is OpenSSL installed by default in that system, so this can be enabled by
>>> default for this target?
>>>>
>>> yes this is installed by default.
>>
>> Thanks for the reply.
>>
>> Applied to dpdk-next-crypto.
>> Thanks,
>
> Where is it installed by default?
> On your machine? In your build system?
> It is at least not installed on my machine when I compile this target.
>
> This file is a defconfig, not your preferred config.
>
> This patch should be dropped.
>
ok to drop.

^ permalink raw reply	[flat|nested] 34+ messages in thread

* Re: [dpdk-dev] [PATCH v3] crypto/openssl: add openssl path for cross compile
  2017-10-12 13:31         ` Hemant Agrawal
@ 2017-10-12 13:34           ` Thomas Monjalon
  0 siblings, 0 replies; 34+ messages in thread
From: Thomas Monjalon @ 2017-10-12 13:34 UTC (permalink / raw)
  To: Hemant Agrawal; +Cc: Akhil Goyal, pablo.de.lara.guarch, dev, declan.doherty

12/10/2017 15:31, Hemant Agrawal:
> On 10/12/2017 6:36 PM, Thomas Monjalon wrote:
> > 05/09/2017 11:02, Akhil Goyal:
> >> OPENSSL_PATH should be defined in case openssl
> >> driver is cross compiled
> >
> > No: in case OpenSSL cannot be found automatically,
> > you should use EXTRA_CFLAGS and EXTRA_LDFLAGS.
> >
> > It is the same for other standard dependencies like
> > libnuma, libpcap, libzip, etc.
> >
> Pablo/Thomas,
> 	We are ok to drop this patch.

OK, thanks a lot for confirming. Appreciated

^ permalink raw reply	[flat|nested] 34+ messages in thread

end of thread, other threads:[~2017-10-12 13:34 UTC | newest]

Thread overview: 34+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-07-28 11:07 [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc Akhil Goyal
2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: add openssl path for cross compile Akhil Goyal
2017-08-29  7:02   ` [dpdk-dev] [PATCH v2] " Akhil Goyal
2017-09-05  8:22     ` De Lara Guarch, Pablo
2017-09-05  8:37       ` Akhil Goyal
2017-09-05  9:02     ` [dpdk-dev] [PATCH v3] " Akhil Goyal
2017-09-06  9:26       ` De Lara Guarch, Pablo
2017-09-06 10:15       ` De Lara Guarch, Pablo
2017-10-12 13:06       ` Thomas Monjalon
2017-10-12 13:31         ` Hemant Agrawal
2017-10-12 13:34           ` Thomas Monjalon
2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: performance improvements Akhil Goyal
2017-07-28 11:58   ` De Lara Guarch, Pablo
2017-07-28 12:02     ` Akhil Goyal
2017-07-28 12:07       ` De Lara Guarch, Pablo
2017-08-14 14:17   ` De Lara Guarch, Pablo
2017-08-15  6:44     ` Akhil Goyal
2017-08-15  7:26       ` De Lara Guarch, Pablo
2017-08-16  7:03         ` Akhil Goyal
2017-08-29  6:58   ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal
2017-08-29  6:58     ` [dpdk-dev] [PATCH v2 2/2] crypto/openssl: performance improvements Akhil Goyal
2017-09-04 15:39       ` De Lara Guarch, Pablo
2017-09-05  5:57       ` [dpdk-dev] [PATCH v3 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal
2017-09-05  5:57         ` [dpdk-dev] [PATCH v3 2/2] crypto/openssl: key and algo updated during session init Akhil Goyal
2017-09-06 10:24           ` De Lara Guarch, Pablo
2017-09-04 15:38     ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs De Lara Guarch, Pablo
2017-09-08 14:03     ` De Lara Guarch, Pablo
2017-09-11  8:41       ` Akhil Goyal
2017-09-20  9:56       ` Akhil Goyal
2017-09-04 14:48 ` [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc De Lara Guarch, Pablo
2017-09-05  5:58   ` Akhil Goyal
2017-09-06 10:25     ` De Lara Guarch, Pablo
2017-10-12 13:01       ` Thomas Monjalon
2017-10-12 13:32         ` Hemant Agrawal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).