From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C596044173; Thu, 6 Jun 2024 12:21:31 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8C23B42E2D; Thu, 6 Jun 2024 12:21:04 +0200 (CEST) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mails.dpdk.org (Postfix) with ESMTP id 7B5F742D76 for ; Thu, 6 Jun 2024 12:20:57 +0200 (CEST) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 690491576; Thu, 6 Jun 2024 03:21:21 -0700 (PDT) Received: from cesw-amp-gbt-1s-m12830-01.lab.cambridge.arm.com (cesw-amp-gbt-1s-m12830-01.lab.cambridge.arm.com [10.7.10.57]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 7BD843F64C; Thu, 6 Jun 2024 03:20:56 -0700 (PDT) From: Jack Bond-Preston To: Kai Ji Cc: dev@dpdk.org, Wathsala Vithanage Subject: [PATCH v3 5/5] crypto/openssl: only set cipher padding once Date: Thu, 6 Jun 2024 10:20:43 +0000 Message-Id: <20240606102043.2926695-6-jack.bond-preston@foss.arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240606102043.2926695-1-jack.bond-preston@foss.arm.com> References: <20240603160119.1279476-1-jack.bond-preston@foss.arm.com> <20240606102043.2926695-1-jack.bond-preston@foss.arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Setting the cipher padding has a noticeable performance footprint, and it doesn't need to be done for every call to process_openssl_cipher_{en,de}crypt(). Setting it causes OpenSSL to set it on every future context re-init. Thus, for every buffer after the first one, the padding is being set twice. Instead, just set the cipher padding once - when configuring the session parameters - avoiding the unnecessary double setting behaviour. This is skipped for AEAD ciphers, where disabling padding is not necessary. Throughput performance uplift measurements for AES-CBC-128 encrypt on Ampere Altra Max platform: 1 worker lcore | buffer sz (B) | prev (Gbps) | optimised (Gbps) | uplift | |-----------------+---------------+--------------------+----------| | 64 | 2.97 | 3.72 | 25.2% | | 256 | 8.10 | 9.42 | 16.3% | | 1024 | 14.22 | 15.18 | 6.8% | | 2048 | 16.28 | 16.93 | 4.0% | | 4096 | 17.58 | 17.97 | 2.2% | 8 worker lcores | buffer sz (B) | prev (Gbps) | optimised (Gbps) | uplift | |-----------------+---------------+--------------------+----------| | 64 | 21.27 | 29.85 | 40.3% | | 256 | 60.05 | 75.53 | 25.8% | | 1024 | 110.11 | 121.56 | 10.4% | | 2048 | 128.05 | 135.40 | 5.7% | | 4096 | 139.45 | 143.76 | 3.1% | Signed-off-by: Jack Bond-Preston Reviewed-by: Wathsala Vithanage --- drivers/crypto/openssl/rte_openssl_pmd.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 1ee917da5c..264f00126d 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -619,6 +619,8 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess, return -ENOTSUP; } + EVP_CIPHER_CTX_set_padding(sess->cipher.ctx, 0); + return 0; } @@ -1124,8 +1126,6 @@ process_openssl_cipher_encrypt(struct rte_mbuf *mbuf_src, uint8_t *dst, if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) goto process_cipher_encrypt_err; - EVP_CIPHER_CTX_set_padding(ctx, 0); - if (process_openssl_encryption_update(mbuf_src, offset, &dst, srclen, ctx, inplace)) goto process_cipher_encrypt_err; @@ -1174,8 +1174,6 @@ process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst, if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) goto process_cipher_decrypt_err; - EVP_CIPHER_CTX_set_padding(ctx, 0); - if (process_openssl_decryption_update(mbuf_src, offset, &dst, srclen, ctx, inplace)) goto process_cipher_decrypt_err; -- 2.34.1