From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by dpdk.org (Postfix) with ESMTP id 8105A378E for ; Tue, 5 Sep 2017 12:19:56 +0200 (CEST) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Sep 2017 03:19:55 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.41,479,1498546800"; d="scan'208";a="125667024" Received: from silpixa00399464.ir.intel.com (HELO silpixa00399464.ger.corp.intel.com) ([10.237.222.157]) by orsmga004.jf.intel.com with ESMTP; 05 Sep 2017 03:19:54 -0700 From: Pablo de Lara To: declan.doherty@intel.com, roy.fan.zhang@intel.com, jerin.jacob@caviumnetworks.com Cc: dev@dpdk.org, Pablo de Lara Date: Tue, 5 Sep 2017 03:20:02 +0100 Message-Id: <20170905022007.55749-4-pablo.de.lara.guarch@intel.com> X-Mailer: git-send-email 2.9.4 In-Reply-To: <20170905022007.55749-1-pablo.de.lara.guarch@intel.com> References: <20170818072103.1416-1-pablo.de.lara.guarch@intel.com> <20170905022007.55749-1-pablo.de.lara.guarch@intel.com> Subject: [dpdk-dev] [PATCH v2 3/8] crypto/openssl: do not append digest X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Sep 2017 10:19:57 -0000 When performing an authentication verification, the PMD was using memory at the end of the input buffer, to store temporarily the digest. This operation requires the buffer to have enough tailroom unnecessarily. Instead, memory is allocated for each queue pair, to store temporarily the digest generated by the driver, so it can be compared with the one provided in the crypto operation, without needing to touch the input buffer. Signed-off-by: Pablo de Lara --- drivers/crypto/openssl/rte_openssl_pmd.c | 19 ++++++++----------- drivers/crypto/openssl/rte_openssl_pmd_private.h | 7 +++++++ 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 0bd5f98..6e01669 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1237,9 +1237,9 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op, /** Process auth operation */ static void -process_openssl_auth_op - (struct rte_crypto_op *op, struct openssl_session *sess, - struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst) +process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, + struct openssl_session *sess, struct rte_mbuf *mbuf_src, + struct rte_mbuf *mbuf_dst) { uint8_t *dst; int srclen, status; @@ -1247,8 +1247,7 @@ process_openssl_auth_op srclen = op->sym->auth.data.length; if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) - dst = (uint8_t *)rte_pktmbuf_append(mbuf_src, - sess->auth.digest_length); + dst = qp->temp_digest; else { dst = op->sym->auth.digest.data; if (dst == NULL) @@ -1279,8 +1278,6 @@ process_openssl_auth_op sess->auth.digest_length) != 0) { op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } - /* Trim area used for digest from mbuf. */ - rte_pktmbuf_trim(mbuf_src, sess->auth.digest_length); } if (status != 0) @@ -1289,7 +1286,7 @@ process_openssl_auth_op /** Process crypto operation for mbuf */ static int -process_op(const struct openssl_qp *qp, struct rte_crypto_op *op, +process_op(struct openssl_qp *qp, struct rte_crypto_op *op, struct openssl_session *sess) { struct rte_mbuf *msrc, *mdst; @@ -1305,14 +1302,14 @@ process_op(const struct openssl_qp *qp, struct rte_crypto_op *op, process_openssl_cipher_op(op, sess, msrc, mdst); break; case OPENSSL_CHAIN_ONLY_AUTH: - process_openssl_auth_op(op, sess, msrc, mdst); + process_openssl_auth_op(qp, op, sess, msrc, mdst); break; case OPENSSL_CHAIN_CIPHER_AUTH: process_openssl_cipher_op(op, sess, msrc, mdst); - process_openssl_auth_op(op, sess, mdst, mdst); + process_openssl_auth_op(qp, op, sess, mdst, mdst); break; case OPENSSL_CHAIN_AUTH_CIPHER: - process_openssl_auth_op(op, sess, msrc, mdst); + process_openssl_auth_op(qp, op, sess, msrc, mdst); process_openssl_cipher_op(op, sess, msrc, mdst); break; case OPENSSL_CHAIN_COMBINED: diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h index b7f7475..93937d5 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_private.h +++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h @@ -59,6 +59,8 @@ #define OPENSSL_LOG_DBG(fmt, args...) #endif +/* Maximum length for digest (SHA-512 needs 64 bytes) */ +#define DIGEST_LENGTH_MAX 64 /** OPENSSL operation order mode enumerator */ enum openssl_chain_order { @@ -103,6 +105,11 @@ struct openssl_qp { /**< Session Mempool */ struct rte_cryptodev_stats stats; /**< Queue pair statistics */ + uint8_t temp_digest[DIGEST_LENGTH_MAX]; + /**< Buffer used to store the digest generated + * by the driver when verifying a digest provided + * by the user (using authentication verify operation) + */ } __rte_cache_aligned; /** OPENSSL crypto private session structure */ -- 2.9.4