* [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc
@ 2017-07-28 11:07 Akhil Goyal
2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: add openssl path for cross compile Akhil Goyal
` (2 more replies)
0 siblings, 3 replies; 34+ messages in thread
From: Akhil Goyal @ 2017-07-28 11:07 UTC (permalink / raw)
To: dev, declan.doherty; +Cc: pablo.de.lara.guarch, hemant.agrawal, Akhil Goyal
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
config/defconfig_arm64-dpaa2-linuxapp-gcc | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/config/defconfig_arm64-dpaa2-linuxapp-gcc b/config/defconfig_arm64-dpaa2-linuxapp-gcc
index 8a42944..7de2d4e 100644
--- a/config/defconfig_arm64-dpaa2-linuxapp-gcc
+++ b/config/defconfig_arm64-dpaa2-linuxapp-gcc
@@ -90,3 +90,9 @@ CONFIG_RTE_DPAA2_SEC_PMD_MAX_NB_SESSIONS=2048
#
CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV=y
CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV_DEBUG=n
+
+#
+# Compile PMD for Software backed device
+#
+CONFIG_RTE_LIBRTE_PMD_OPENSSL=y
+CONFIG_RTE_LIBRTE_PMD_OPENSSL_DEBUG=n
--
2.9.3
^ permalink raw reply [flat|nested] 34+ messages in thread* [dpdk-dev] [PATCH] crypto/openssl: add openssl path for cross compile 2017-07-28 11:07 [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc Akhil Goyal @ 2017-07-28 11:07 ` Akhil Goyal 2017-08-29 7:02 ` [dpdk-dev] [PATCH v2] " Akhil Goyal 2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: performance improvements Akhil Goyal 2017-09-04 14:48 ` [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc De Lara Guarch, Pablo 2 siblings, 1 reply; 34+ messages in thread From: Akhil Goyal @ 2017-07-28 11:07 UTC (permalink / raw) To: dev, declan.doherty; +Cc: pablo.de.lara.guarch, hemant.agrawal, Akhil Goyal OPENSSL_PATH should be defined in case openssl driver is cross compiled Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> --- doc/guides/cryptodevs/openssl.rst | 4 ++++ drivers/crypto/openssl/Makefile | 1 + mk/rte.app.mk | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst index f18a456..08cc9ba 100644 --- a/doc/guides/cryptodevs/openssl.rst +++ b/doc/guides/cryptodevs/openssl.rst @@ -88,6 +88,10 @@ sudo apt-get install libc6-dev-i386 (for i686-native-linuxapp-gcc target) This code was also verified on Fedora 24. This code was NOT yet verified on FreeBSD. +In case openssl is cross compiled, openssl can be installed separately +and path for openssl install directory can be given as +export OPENSSL_PATH=<openssl install dir> + Initialization -------------- diff --git a/drivers/crypto/openssl/Makefile b/drivers/crypto/openssl/Makefile index e5fdfb5..7297173 100644 --- a/drivers/crypto/openssl/Makefile +++ b/drivers/crypto/openssl/Makefile @@ -35,6 +35,7 @@ LIB = librte_pmd_openssl.a # build flags CFLAGS += -O3 +CFLAGS += -I${OPENSSL_PATH}/include/ CFLAGS += $(WERROR_FLAGS) # library version diff --git a/mk/rte.app.mk b/mk/rte.app.mk index c25fdd9..ed38f3b 100644 --- a/mk/rte.app.mk +++ b/mk/rte.app.mk @@ -151,7 +151,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB) += -lrte_pmd_aesni_mb _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB) += -L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM) += -lrte_pmd_aesni_gcm _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM) += -L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB -_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += -lrte_pmd_openssl -lcrypto +_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += -L${OPENSSL_PATH}/lib -lrte_pmd_openssl -lcrypto _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_NULL_CRYPTO) += -lrte_pmd_null_crypto _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT) += -lrte_pmd_qat -lcrypto _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -lrte_pmd_snow3g -- 2.9.3 ^ permalink raw reply [flat|nested] 34+ messages in thread
* [dpdk-dev] [PATCH v2] crypto/openssl: add openssl path for cross compile 2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: add openssl path for cross compile Akhil Goyal @ 2017-08-29 7:02 ` Akhil Goyal 2017-09-05 8:22 ` De Lara Guarch, Pablo 2017-09-05 9:02 ` [dpdk-dev] [PATCH v3] " Akhil Goyal 0 siblings, 2 replies; 34+ messages in thread From: Akhil Goyal @ 2017-08-29 7:02 UTC (permalink / raw) To: dev, pablo.de.lara.guarch; +Cc: hemant.agrawal, declan.doherty, Akhil Goyal OPENSSL_PATH should be defined in case openssl driver is cross compiled Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> --- changes in v2: made changes to support shared build also. doc/guides/cryptodevs/openssl.rst | 4 ++++ drivers/crypto/openssl/Makefile | 3 ++- mk/rte.app.mk | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst index f18a456..08cc9ba 100644 --- a/doc/guides/cryptodevs/openssl.rst +++ b/doc/guides/cryptodevs/openssl.rst @@ -88,6 +88,10 @@ sudo apt-get install libc6-dev-i386 (for i686-native-linuxapp-gcc target) This code was also verified on Fedora 24. This code was NOT yet verified on FreeBSD. +In case openssl is cross compiled, openssl can be installed separately +and path for openssl install directory can be given as +export OPENSSL_PATH=<openssl install dir> + Initialization -------------- diff --git a/drivers/crypto/openssl/Makefile b/drivers/crypto/openssl/Makefile index e5fdfb5..2781a76 100644 --- a/drivers/crypto/openssl/Makefile +++ b/drivers/crypto/openssl/Makefile @@ -35,6 +35,7 @@ LIB = librte_pmd_openssl.a # build flags CFLAGS += -O3 +CFLAGS += -I${OPENSSL_PATH}/include/ CFLAGS += $(WERROR_FLAGS) # library version @@ -44,7 +45,7 @@ LIBABIVER := 1 EXPORT_MAP := rte_pmd_openssl_version.map # external library dependencies -LDLIBS += -lcrypto +LDLIBS += -L${OPENSSL_PATH}/lib/ -lcrypto # library source files SRCS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += rte_openssl_pmd.c diff --git a/mk/rte.app.mk b/mk/rte.app.mk index c25fdd9..ed38f3b 100644 --- a/mk/rte.app.mk +++ b/mk/rte.app.mk @@ -151,7 +151,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB) += -lrte_pmd_aesni_mb _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB) += -L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM) += -lrte_pmd_aesni_gcm _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM) += -L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB -_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += -lrte_pmd_openssl -lcrypto +_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += -L${OPENSSL_PATH}/lib -lrte_pmd_openssl -lcrypto _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_NULL_CRYPTO) += -lrte_pmd_null_crypto _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT) += -lrte_pmd_qat -lcrypto _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -lrte_pmd_snow3g -- 2.9.3 ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH v2] crypto/openssl: add openssl path for cross compile 2017-08-29 7:02 ` [dpdk-dev] [PATCH v2] " Akhil Goyal @ 2017-09-05 8:22 ` De Lara Guarch, Pablo 2017-09-05 8:37 ` Akhil Goyal 2017-09-05 9:02 ` [dpdk-dev] [PATCH v3] " Akhil Goyal 1 sibling, 1 reply; 34+ messages in thread From: De Lara Guarch, Pablo @ 2017-09-05 8:22 UTC (permalink / raw) To: Akhil Goyal, dev; +Cc: hemant.agrawal, Doherty, Declan Hi Akhil, > -----Original Message----- > From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > Sent: Tuesday, August 29, 2017 8:02 AM > To: dev@dpdk.org; De Lara Guarch, Pablo > <pablo.de.lara.guarch@intel.com> > Cc: hemant.agrawal@nxp.com; Doherty, Declan > <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com> > Subject: [PATCH v2] crypto/openssl: add openssl path for cross compile > > OPENSSL_PATH should be defined in case openssl driver is cross compiled > > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> > --- ... > --- a/mk/rte.app.mk > +++ b/mk/rte.app.mk > @@ -151,7 +151,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB) > += -lrte_pmd_aesni_mb > _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB) += - > L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB > _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM) += - > lrte_pmd_aesni_gcm > _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM) += - > L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB > -_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += -lrte_pmd_openssl - > lcrypto > +_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += - > L${OPENSSL_PATH}/lib -lrte_pmd_openssl -lcrypto I am getting the following messages when compiling: /usr/bin/ld: skipping incompatible /lib/libcrypto.so when searching for -lcrypto /usr/bin/ld: skipping incompatible /lib/librt.so when searching for -lrt /usr/bin/ld: skipping incompatible /lib/libm.so when searching for -lm Since, OPENSSL_PATH is not defined in my system, it is trying to link against libraries in /lib/. I suggest adding a condition to add the openssl directory only if OPENSSL_PATH is defined: +ifeq ($(OPENSSL_PATH),) +_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += -lrte_pmd_openssl -lcrypto +else _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += -L${OPENSSL_PATH}/lib -lrte_pmd_openssl -lcrypto +endif Would this work for you? Thanks, Pablo ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH v2] crypto/openssl: add openssl path for cross compile 2017-09-05 8:22 ` De Lara Guarch, Pablo @ 2017-09-05 8:37 ` Akhil Goyal 0 siblings, 0 replies; 34+ messages in thread From: Akhil Goyal @ 2017-09-05 8:37 UTC (permalink / raw) To: De Lara Guarch, Pablo, dev; +Cc: hemant.agrawal, Doherty, Declan Hi Pablo, On 9/5/2017 1:52 PM, De Lara Guarch, Pablo wrote: > Hi Akhil, > >> -----Original Message----- >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] >> Sent: Tuesday, August 29, 2017 8:02 AM >> To: dev@dpdk.org; De Lara Guarch, Pablo >> <pablo.de.lara.guarch@intel.com> >> Cc: hemant.agrawal@nxp.com; Doherty, Declan >> <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com> >> Subject: [PATCH v2] crypto/openssl: add openssl path for cross compile >> >> OPENSSL_PATH should be defined in case openssl driver is cross compiled >> >> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> >> --- > > ... > >> --- a/mk/rte.app.mk >> +++ b/mk/rte.app.mk >> @@ -151,7 +151,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB) >> += -lrte_pmd_aesni_mb >> _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB) += - >> L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB >> _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM) += - >> lrte_pmd_aesni_gcm >> _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM) += - >> L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB >> -_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += -lrte_pmd_openssl - >> lcrypto >> +_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += - >> L${OPENSSL_PATH}/lib -lrte_pmd_openssl -lcrypto > > I am getting the following messages when compiling: > > /usr/bin/ld: skipping incompatible /lib/libcrypto.so when searching for -lcrypto > /usr/bin/ld: skipping incompatible /lib/librt.so when searching for -lrt > /usr/bin/ld: skipping incompatible /lib/libm.so when searching for -lm > > Since, OPENSSL_PATH is not defined in my system, it is trying to link against libraries in /lib/. > I suggest adding a condition to add the openssl directory only if OPENSSL_PATH is defined: > > +ifeq ($(OPENSSL_PATH),) > +_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += -lrte_pmd_openssl -lcrypto > +else > _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += -L${OPENSSL_PATH}/lib -lrte_pmd_openssl -lcrypto > +endif > > Would this work for you? > Thanks for the suggestion. yes this would be fine. I will update the patch accordingly. -Akhil ^ permalink raw reply [flat|nested] 34+ messages in thread
* [dpdk-dev] [PATCH v3] crypto/openssl: add openssl path for cross compile 2017-08-29 7:02 ` [dpdk-dev] [PATCH v2] " Akhil Goyal 2017-09-05 8:22 ` De Lara Guarch, Pablo @ 2017-09-05 9:02 ` Akhil Goyal 2017-09-06 9:26 ` De Lara Guarch, Pablo ` (2 more replies) 1 sibling, 3 replies; 34+ messages in thread From: Akhil Goyal @ 2017-09-05 9:02 UTC (permalink / raw) To: dev, pablo.de.lara.guarch; +Cc: hemant.agrawal, declan.doherty, Akhil Goyal OPENSSL_PATH should be defined in case openssl driver is cross compiled Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> --- changes in v3: make OPENSSL_PATH usage conditional if it is not set as suggested by Pablo doc/guides/cryptodevs/openssl.rst | 4 ++++ drivers/crypto/openssl/Makefile | 7 +++++++ mk/rte.app.mk | 4 ++++ 3 files changed, 15 insertions(+) diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst index f18a456..08cc9ba 100644 --- a/doc/guides/cryptodevs/openssl.rst +++ b/doc/guides/cryptodevs/openssl.rst @@ -88,6 +88,10 @@ sudo apt-get install libc6-dev-i386 (for i686-native-linuxapp-gcc target) This code was also verified on Fedora 24. This code was NOT yet verified on FreeBSD. +In case openssl is cross compiled, openssl can be installed separately +and path for openssl install directory can be given as +export OPENSSL_PATH=<openssl install dir> + Initialization -------------- diff --git a/drivers/crypto/openssl/Makefile b/drivers/crypto/openssl/Makefile index e5fdfb5..a6f13e0 100644 --- a/drivers/crypto/openssl/Makefile +++ b/drivers/crypto/openssl/Makefile @@ -35,6 +35,9 @@ LIB = librte_pmd_openssl.a # build flags CFLAGS += -O3 +ifneq ($(OPENSSL_PATH),) +CFLAGS += -I${OPENSSL_PATH}/include/ +endif CFLAGS += $(WERROR_FLAGS) # library version @@ -44,7 +47,11 @@ LIBABIVER := 1 EXPORT_MAP := rte_pmd_openssl_version.map # external library dependencies +ifneq ($(OPENSSL_PATH),) +LDLIBS += -L${OPENSSL_PATH}/lib/ -lcrypto +else LDLIBS += -lcrypto +endif # library source files SRCS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += rte_openssl_pmd.c diff --git a/mk/rte.app.mk b/mk/rte.app.mk index c25fdd9..799aa99 100644 --- a/mk/rte.app.mk +++ b/mk/rte.app.mk @@ -151,7 +151,11 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB) += -lrte_pmd_aesni_mb _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB) += -L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM) += -lrte_pmd_aesni_gcm _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_GCM) += -L$(AESNI_MULTI_BUFFER_LIB_PATH) -lIPSec_MB +ifeq ($(OPENSSL_PATH),) _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += -lrte_pmd_openssl -lcrypto +else +_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_OPENSSL) += -L${OPENSSL_PATH}/lib -lrte_pmd_openssl -lcrypto +endif # ($(OPENSSL_PATH),) _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_NULL_CRYPTO) += -lrte_pmd_null_crypto _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT) += -lrte_pmd_qat -lcrypto _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -lrte_pmd_snow3g -- 2.9.3 ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH v3] crypto/openssl: add openssl path for cross compile 2017-09-05 9:02 ` [dpdk-dev] [PATCH v3] " Akhil Goyal @ 2017-09-06 9:26 ` De Lara Guarch, Pablo 2017-09-06 10:15 ` De Lara Guarch, Pablo 2017-10-12 13:06 ` Thomas Monjalon 2 siblings, 0 replies; 34+ messages in thread From: De Lara Guarch, Pablo @ 2017-09-06 9:26 UTC (permalink / raw) To: Akhil Goyal, dev; +Cc: hemant.agrawal, Doherty, Declan > -----Original Message----- > From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > Sent: Tuesday, September 5, 2017 10:03 AM > To: dev@dpdk.org; De Lara Guarch, Pablo > <pablo.de.lara.guarch@intel.com> > Cc: hemant.agrawal@nxp.com; Doherty, Declan > <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com> > Subject: [PATCH v3] crypto/openssl: add openssl path for cross compile > > OPENSSL_PATH should be defined in case openssl driver is cross compiled > > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH v3] crypto/openssl: add openssl path for cross compile 2017-09-05 9:02 ` [dpdk-dev] [PATCH v3] " Akhil Goyal 2017-09-06 9:26 ` De Lara Guarch, Pablo @ 2017-09-06 10:15 ` De Lara Guarch, Pablo 2017-10-12 13:06 ` Thomas Monjalon 2 siblings, 0 replies; 34+ messages in thread From: De Lara Guarch, Pablo @ 2017-09-06 10:15 UTC (permalink / raw) To: Akhil Goyal, dev; +Cc: hemant.agrawal, Doherty, Declan > -----Original Message----- > From: De Lara Guarch, Pablo > Sent: Wednesday, September 6, 2017 10:27 AM > To: 'Akhil Goyal' <akhil.goyal@nxp.com>; dev@dpdk.org > Cc: hemant.agrawal@nxp.com; Doherty, Declan > <declan.doherty@intel.com> > Subject: RE: [PATCH v3] crypto/openssl: add openssl path for cross compile > > > > > -----Original Message----- > > From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > > Sent: Tuesday, September 5, 2017 10:03 AM > > To: dev@dpdk.org; De Lara Guarch, Pablo > > <pablo.de.lara.guarch@intel.com> > > Cc: hemant.agrawal@nxp.com; Doherty, Declan > > <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com> > > Subject: [PATCH v3] crypto/openssl: add openssl path for cross compile > > > > OPENSSL_PATH should be defined in case openssl driver is cross > > compiled > > > > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> > > Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Applied to dpdk-next-crypto. Thanks, Pablo ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH v3] crypto/openssl: add openssl path for cross compile 2017-09-05 9:02 ` [dpdk-dev] [PATCH v3] " Akhil Goyal 2017-09-06 9:26 ` De Lara Guarch, Pablo 2017-09-06 10:15 ` De Lara Guarch, Pablo @ 2017-10-12 13:06 ` Thomas Monjalon 2017-10-12 13:31 ` Hemant Agrawal 2 siblings, 1 reply; 34+ messages in thread From: Thomas Monjalon @ 2017-10-12 13:06 UTC (permalink / raw) To: Akhil Goyal, pablo.de.lara.guarch; +Cc: dev, hemant.agrawal, declan.doherty 05/09/2017 11:02, Akhil Goyal: > OPENSSL_PATH should be defined in case openssl > driver is cross compiled No: in case OpenSSL cannot be found automatically, you should use EXTRA_CFLAGS and EXTRA_LDFLAGS. It is the same for other standard dependencies like libnuma, libpcap, libzip, etc. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH v3] crypto/openssl: add openssl path for cross compile 2017-10-12 13:06 ` Thomas Monjalon @ 2017-10-12 13:31 ` Hemant Agrawal 2017-10-12 13:34 ` Thomas Monjalon 0 siblings, 1 reply; 34+ messages in thread From: Hemant Agrawal @ 2017-10-12 13:31 UTC (permalink / raw) To: Thomas Monjalon, Akhil Goyal, pablo.de.lara.guarch; +Cc: dev, declan.doherty On 10/12/2017 6:36 PM, Thomas Monjalon wrote: > 05/09/2017 11:02, Akhil Goyal: >> OPENSSL_PATH should be defined in case openssl >> driver is cross compiled > > No: in case OpenSSL cannot be found automatically, > you should use EXTRA_CFLAGS and EXTRA_LDFLAGS. > > It is the same for other standard dependencies like > libnuma, libpcap, libzip, etc. > Pablo/Thomas, We are ok to drop this patch. Regards, Hemant ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH v3] crypto/openssl: add openssl path for cross compile 2017-10-12 13:31 ` Hemant Agrawal @ 2017-10-12 13:34 ` Thomas Monjalon 0 siblings, 0 replies; 34+ messages in thread From: Thomas Monjalon @ 2017-10-12 13:34 UTC (permalink / raw) To: Hemant Agrawal; +Cc: Akhil Goyal, pablo.de.lara.guarch, dev, declan.doherty 12/10/2017 15:31, Hemant Agrawal: > On 10/12/2017 6:36 PM, Thomas Monjalon wrote: > > 05/09/2017 11:02, Akhil Goyal: > >> OPENSSL_PATH should be defined in case openssl > >> driver is cross compiled > > > > No: in case OpenSSL cannot be found automatically, > > you should use EXTRA_CFLAGS and EXTRA_LDFLAGS. > > > > It is the same for other standard dependencies like > > libnuma, libpcap, libzip, etc. > > > Pablo/Thomas, > We are ok to drop this patch. OK, thanks a lot for confirming. Appreciated ^ permalink raw reply [flat|nested] 34+ messages in thread
* [dpdk-dev] [PATCH] crypto/openssl: performance improvements 2017-07-28 11:07 [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc Akhil Goyal 2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: add openssl path for cross compile Akhil Goyal @ 2017-07-28 11:07 ` Akhil Goyal 2017-07-28 11:58 ` De Lara Guarch, Pablo ` (2 more replies) 2017-09-04 14:48 ` [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc De Lara Guarch, Pablo 2 siblings, 3 replies; 34+ messages in thread From: Akhil Goyal @ 2017-07-28 11:07 UTC (permalink / raw) To: dev, declan.doherty; +Cc: pablo.de.lara.guarch, hemant.agrawal, Akhil Goyal key and algo are added in the openssl ctx during session initialization instead of adding it for each packet. Also in case of HMAC the openssl APIs HMAC_XXX give better performance for all HMAC cases. Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> --- Tested on arm and xeon machines autotest passed with no issues, perftest passed with improved performance numbers, l2fwd-crypto passed with improved performance drivers/crypto/openssl/rte_openssl_pmd.c | 95 +++++++++++++++--------- drivers/crypto/openssl/rte_openssl_pmd_private.h | 3 +- 2 files changed, 63 insertions(+), 35 deletions(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 0bd5f98..b11a7fb 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -39,6 +39,7 @@ #include <rte_malloc.h> #include <rte_cpuflags.h> +#include <openssl/hmac.h> #include <openssl/evp.h> #include "rte_openssl_pmd_private.h" @@ -307,6 +308,22 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess, get_cipher_key(xform->cipher.key.data, sess->cipher.key.length, sess->cipher.key.data); + if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { + if (EVP_EncryptInit_ex(sess->cipher.ctx, + sess->cipher.evp_algo, + NULL, xform->cipher.key.data, + NULL) != 1) { + return -EINVAL; + } + } else if (sess->cipher.direction == + RTE_CRYPTO_CIPHER_OP_DECRYPT) { + if (EVP_DecryptInit_ex(sess->cipher.ctx, + sess->cipher.evp_algo, + NULL, xform->cipher.key.data, + NULL) != 1) { + return -EINVAL; + } + } break; @@ -333,6 +350,23 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess, get_cipher_key(xform->cipher.key.data, sess->cipher.key.length, sess->cipher.key.data); + if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { + if (EVP_EncryptInit_ex(sess->cipher.ctx, + sess->cipher.evp_algo, + NULL, xform->cipher.key.data, + NULL) != 1) { + return -EINVAL; + } + } else if (sess->cipher.direction == + RTE_CRYPTO_CIPHER_OP_DECRYPT) { + if (EVP_DecryptInit_ex(sess->cipher.ctx, + sess->cipher.evp_algo, + NULL, xform->cipher.key.data, + NULL) != 1) { + return -EINVAL; + } + } + break; default: sess->cipher.algo = RTE_CRYPTO_CIPHER_NULL; @@ -403,12 +437,16 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; - sess->auth.hmac.ctx = EVP_MD_CTX_create(); + HMAC_CTX_init(&sess->auth.hmac.ctx); if (get_auth_algo(xform->auth.algo, &sess->auth.hmac.evp_algo) != 0) return -EINVAL; - sess->auth.hmac.pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, - xform->auth.key.data, xform->auth.key.length); + + if (HMAC_Init_ex(&sess->auth.hmac.ctx, + xform->auth.key.data, + xform->auth.key.length, + sess->auth.hmac.evp_algo, NULL) != 1) + return -EINVAL; break; default: @@ -547,7 +585,7 @@ openssl_reset_session(struct openssl_session *sess) break; case OPENSSL_AUTH_AS_HMAC: EVP_PKEY_free(sess->auth.hmac.pkey); - EVP_MD_CTX_destroy(sess->auth.hmac.ctx); + HMAC_CTX_cleanup(&sess->auth.hmac.ctx); break; default: break; @@ -693,12 +731,11 @@ process_openssl_decryption_update(struct rte_mbuf *mbuf_src, int offset, /** Process standard openssl cipher encryption */ static int process_openssl_cipher_encrypt(struct rte_mbuf *mbuf_src, uint8_t *dst, - int offset, uint8_t *iv, uint8_t *key, int srclen, - EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo) + int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx) { int totlen; - if (EVP_EncryptInit_ex(ctx, algo, NULL, key, iv) <= 0) + if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) goto process_cipher_encrypt_err; EVP_CIPHER_CTX_set_padding(ctx, 0); @@ -743,12 +780,11 @@ process_openssl_cipher_bpi_encrypt(uint8_t *src, uint8_t *dst, /** Process standard openssl cipher decryption */ static int process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst, - int offset, uint8_t *iv, uint8_t *key, int srclen, - EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo) + int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx) { int totlen; - if (EVP_DecryptInit_ex(ctx, algo, NULL, key, iv) <= 0) + if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) goto process_cipher_decrypt_err; EVP_CIPHER_CTX_set_padding(ctx, 0); @@ -971,10 +1007,9 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset, /** Process standard openssl auth algorithms with hmac */ static int process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset, - __rte_unused uint8_t *iv, EVP_PKEY *pkey, - int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo) + int srclen, HMAC_CTX *ctx) { - size_t dstlen; + unsigned int dstlen; struct rte_mbuf *m; int l, n = srclen; uint8_t *src; @@ -986,19 +1021,16 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset, if (m == 0) goto process_auth_err; - if (EVP_DigestSignInit(ctx, NULL, algo, NULL, pkey) <= 0) - goto process_auth_err; - src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset); l = rte_pktmbuf_data_len(m) - offset; if (srclen <= l) { - if (EVP_DigestSignUpdate(ctx, (char *)src, srclen) <= 0) + if (HMAC_Update(ctx, (unsigned char *)src, srclen) != 1) goto process_auth_err; goto process_auth_final; } - if (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0) + if (HMAC_Update(ctx, (unsigned char *)src, l) != 1) goto process_auth_err; n -= l; @@ -1006,13 +1038,16 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset, for (m = m->next; (m != NULL) && (n > 0); m = m->next) { src = rte_pktmbuf_mtod(m, uint8_t *); l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n; - if (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0) + if (HMAC_Update(ctx, (unsigned char *)src, l) != 1) goto process_auth_err; n -= l; } process_auth_final: - if (EVP_DigestSignFinal(ctx, dst, &dstlen) <= 0) + if (HMAC_Final(ctx, dst, &dstlen) != 1) + goto process_auth_err; + + if (unlikely(HMAC_Init_ex(ctx, NULL, 0, NULL, NULL) != 1)) goto process_auth_err; return 0; @@ -1122,15 +1157,11 @@ process_openssl_cipher_op if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) status = process_openssl_cipher_encrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - sess->cipher.key.data, srclen, - sess->cipher.ctx, - sess->cipher.evp_algo); + srclen, sess->cipher.ctx); else status = process_openssl_cipher_decrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - sess->cipher.key.data, srclen, - sess->cipher.ctx, - sess->cipher.evp_algo); + srclen, sess->cipher.ctx); else status = process_openssl_cipher_des3ctr(mbuf_src, dst, op->sym->cipher.data.offset, iv, @@ -1174,8 +1205,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op, /* Encrypt with the block aligned stream with CBC mode */ status = process_openssl_cipher_encrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - sess->cipher.key.data, srclen, - sess->cipher.ctx, sess->cipher.evp_algo); + srclen, sess->cipher.ctx); if (last_block_len) { /* Point at last block */ dst += srclen; @@ -1225,9 +1255,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op, /* Decrypt with CBC mode */ status |= process_openssl_cipher_decrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - sess->cipher.key.data, srclen, - sess->cipher.ctx, - sess->cipher.evp_algo); + srclen, sess->cipher.ctx); } } @@ -1265,9 +1293,8 @@ process_openssl_auth_op break; case OPENSSL_AUTH_AS_HMAC: status = process_openssl_auth_hmac(mbuf_src, dst, - op->sym->auth.data.offset, NULL, - sess->auth.hmac.pkey, srclen, - sess->auth.hmac.ctx, sess->auth.hmac.evp_algo); + op->sym->auth.data.offset, srclen, + &sess->auth.hmac.ctx); break; default: status = -1; diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h index b7f7475..e36741e 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_private.h +++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h @@ -34,6 +34,7 @@ #define _OPENSSL_PMD_PRIVATE_H_ #include <openssl/evp.h> +#include <openssl/hmac.h> #include <openssl/des.h> #define CRYPTODEV_NAME_OPENSSL_PMD crypto_openssl @@ -164,7 +165,7 @@ struct openssl_session { /**< pointer to EVP key */ const EVP_MD *evp_algo; /**< pointer to EVP algorithm function */ - EVP_MD_CTX *ctx; + HMAC_CTX ctx; /**< pointer to EVP context structure */ } hmac; }; -- 2.9.3 ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH] crypto/openssl: performance improvements 2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: performance improvements Akhil Goyal @ 2017-07-28 11:58 ` De Lara Guarch, Pablo 2017-07-28 12:02 ` Akhil Goyal 2017-08-14 14:17 ` De Lara Guarch, Pablo 2017-08-29 6:58 ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal 2 siblings, 1 reply; 34+ messages in thread From: De Lara Guarch, Pablo @ 2017-07-28 11:58 UTC (permalink / raw) To: Akhil Goyal, dev, Doherty, Declan; +Cc: hemant.agrawal Hi Akhil, > -----Original Message----- > From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > Sent: Friday, July 28, 2017 12:08 PM > To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com> > Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; > hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com> > Subject: [PATCH] crypto/openssl: performance improvements > > key and algo are added in the openssl ctx during session initialization > instead of adding it for each packet. > > Also in case of HMAC the openssl APIs HMAC_XXX give better performance > for all HMAC cases. > > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> I assume that this and the other patches are meant to be for 17.11, right? Thanks, Pablo ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH] crypto/openssl: performance improvements 2017-07-28 11:58 ` De Lara Guarch, Pablo @ 2017-07-28 12:02 ` Akhil Goyal 2017-07-28 12:07 ` De Lara Guarch, Pablo 0 siblings, 1 reply; 34+ messages in thread From: Akhil Goyal @ 2017-07-28 12:02 UTC (permalink / raw) To: De Lara Guarch, Pablo, dev, Doherty, Declan; +Cc: hemant.agrawal On 7/28/2017 5:28 PM, De Lara Guarch, Pablo wrote: > Hi Akhil, > >> -----Original Message----- >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] >> Sent: Friday, July 28, 2017 12:08 PM >> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com> >> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; >> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com> >> Subject: [PATCH] crypto/openssl: performance improvements >> >> key and algo are added in the openssl ctx during session initialization >> instead of adding it for each packet. >> >> Also in case of HMAC the openssl APIs HMAC_XXX give better performance >> for all HMAC cases. >> >> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> > > I assume that this and the other patches are meant to be for 17.11, right? > yes, they are for 17.11. But, I don't mind if these can be considered for 17.08. -Akhil ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH] crypto/openssl: performance improvements 2017-07-28 12:02 ` Akhil Goyal @ 2017-07-28 12:07 ` De Lara Guarch, Pablo 0 siblings, 0 replies; 34+ messages in thread From: De Lara Guarch, Pablo @ 2017-07-28 12:07 UTC (permalink / raw) To: Akhil Goyal, dev, Doherty, Declan; +Cc: hemant.agrawal > -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Akhil Goyal > Sent: Friday, July 28, 2017 1:03 PM > To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; > dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com> > Cc: hemant.agrawal@nxp.com > Subject: Re: [dpdk-dev] [PATCH] crypto/openssl: performance > improvements > > On 7/28/2017 5:28 PM, De Lara Guarch, Pablo wrote: > > Hi Akhil, > > > >> -----Original Message----- > >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > >> Sent: Friday, July 28, 2017 12:08 PM > >> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com> > >> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; > >> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com> > >> Subject: [PATCH] crypto/openssl: performance improvements > >> > >> key and algo are added in the openssl ctx during session > >> initialization instead of adding it for each packet. > >> > >> Also in case of HMAC the openssl APIs HMAC_XXX give better > >> performance for all HMAC cases. > >> > >> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> > > > > I assume that this and the other patches are meant to be for 17.11, right? > > > yes, they are for 17.11. > But, I don't mind if these can be considered for 17.08. Unfortunately, at this stage, it is too late to include these sorts of patches in this release. Just wanted to double check with you. Thanks, Pablo > > -Akhil > > ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH] crypto/openssl: performance improvements 2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: performance improvements Akhil Goyal 2017-07-28 11:58 ` De Lara Guarch, Pablo @ 2017-08-14 14:17 ` De Lara Guarch, Pablo 2017-08-15 6:44 ` Akhil Goyal 2017-08-29 6:58 ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal 2 siblings, 1 reply; 34+ messages in thread From: De Lara Guarch, Pablo @ 2017-08-14 14:17 UTC (permalink / raw) To: Akhil Goyal, dev, Doherty, Declan; +Cc: hemant.agrawal Hi Akhil, > -----Original Message----- > From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > Sent: Friday, July 28, 2017 12:08 PM > To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com> > Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; > hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com> > Subject: [PATCH] crypto/openssl: performance improvements > > key and algo are added in the openssl ctx during session initialization > instead of adding it for each packet. > > Also in case of HMAC the openssl APIs HMAC_XXX give better performance > for all HMAC cases. > > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> Thanks for the patch, nice optimization! Could you split this into two patches, as you are doing two different things here? One for the first sentence and another one for the second sentence. Also, as you do that, could you rename the title to be more explicit? Like: crypto/openssl: initialize cipher key at session init Finally, I was looking at GCM, and I think it could benefit from this. I will send a separate patch for it, unless you want to integrate it in this patchset yourself. Thanks, Pablo ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH] crypto/openssl: performance improvements 2017-08-14 14:17 ` De Lara Guarch, Pablo @ 2017-08-15 6:44 ` Akhil Goyal 2017-08-15 7:26 ` De Lara Guarch, Pablo 0 siblings, 1 reply; 34+ messages in thread From: Akhil Goyal @ 2017-08-15 6:44 UTC (permalink / raw) To: De Lara Guarch, Pablo, dev, Doherty, Declan; +Cc: hemant.agrawal On 8/14/2017 7:47 PM, De Lara Guarch, Pablo wrote: > Hi Akhil, > >> -----Original Message----- >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] >> Sent: Friday, July 28, 2017 12:08 PM >> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com> >> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; >> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com> >> Subject: [PATCH] crypto/openssl: performance improvements >> >> key and algo are added in the openssl ctx during session initialization >> instead of adding it for each packet. >> >> Also in case of HMAC the openssl APIs HMAC_XXX give better performance >> for all HMAC cases. >> >> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> > > Thanks for the patch, nice optimization! > Could you split this into two patches, as you are doing two different things here? > One for the first sentence and another one for the second sentence. > Also, as you do that, could you rename the title to be more explicit? > Like: crypto/openssl: initialize cipher key at session init > > Finally, I was looking at GCM, and I think it could benefit from this. > I will send a separate patch for it, unless you want to integrate it in this patchset yourself. > Ok I would split the patches. For GCM I will try to incorporate in this patchset, if I get some performance improvement, or I would send a different patch later if some issue comes. Thanks, Akhil ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH] crypto/openssl: performance improvements 2017-08-15 6:44 ` Akhil Goyal @ 2017-08-15 7:26 ` De Lara Guarch, Pablo 2017-08-16 7:03 ` Akhil Goyal 0 siblings, 1 reply; 34+ messages in thread From: De Lara Guarch, Pablo @ 2017-08-15 7:26 UTC (permalink / raw) To: Akhil Goyal, dev, Doherty, Declan; +Cc: hemant.agrawal Hi, > -----Original Message----- > From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > Sent: Tuesday, August 15, 2017 7:45 AM > To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; > dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com> > Cc: hemant.agrawal@nxp.com > Subject: Re: [PATCH] crypto/openssl: performance improvements > > On 8/14/2017 7:47 PM, De Lara Guarch, Pablo wrote: > > Hi Akhil, > > > >> -----Original Message----- > >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > >> Sent: Friday, July 28, 2017 12:08 PM > >> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com> > >> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; > >> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com> > >> Subject: [PATCH] crypto/openssl: performance improvements > >> > >> key and algo are added in the openssl ctx during session > >> initialization instead of adding it for each packet. > >> > >> Also in case of HMAC the openssl APIs HMAC_XXX give better > >> performance for all HMAC cases. > >> > >> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> > > > > Thanks for the patch, nice optimization! > > Could you split this into two patches, as you are doing two different > things here? > > One for the first sentence and another one for the second sentence. > > Also, as you do that, could you rename the title to be more explicit? > > Like: crypto/openssl: initialize cipher key at session init > > > > Finally, I was looking at GCM, and I think it could benefit from this. > > I will send a separate patch for it, unless you want to integrate it in this > patchset yourself. > > > > Ok I would split the patches. > For GCM I will try to incorporate in this patchset, if I get some performance > improvement, or I would send a different patch later if some issue comes. Thanks Ahkil. Since I am working on AES-CCM for this PMD, I have the change already done. I have seen performance improvements, but it is not as straight forward as the cipher algorithms, because GMAC is also affected, which is in a different code path, but requires GCM to be set. > > Thanks, > Akhil > ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH] crypto/openssl: performance improvements 2017-08-15 7:26 ` De Lara Guarch, Pablo @ 2017-08-16 7:03 ` Akhil Goyal 0 siblings, 0 replies; 34+ messages in thread From: Akhil Goyal @ 2017-08-16 7:03 UTC (permalink / raw) To: De Lara Guarch, Pablo, dev, Doherty, Declan; +Cc: hemant.agrawal Hi Pablo, On 8/15/2017 12:56 PM, De Lara Guarch, Pablo wrote: > Hi, > >> -----Original Message----- >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] >> Sent: Tuesday, August 15, 2017 7:45 AM >> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; >> dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com> >> Cc: hemant.agrawal@nxp.com >> Subject: Re: [PATCH] crypto/openssl: performance improvements >> >> On 8/14/2017 7:47 PM, De Lara Guarch, Pablo wrote: >>> Hi Akhil, >>> >>>> -----Original Message----- >>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] >>>> Sent: Friday, July 28, 2017 12:08 PM >>>> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com> >>>> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; >>>> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com> >>>> Subject: [PATCH] crypto/openssl: performance improvements >>>> >>>> key and algo are added in the openssl ctx during session >>>> initialization instead of adding it for each packet. >>>> >>>> Also in case of HMAC the openssl APIs HMAC_XXX give better >>>> performance for all HMAC cases. >>>> >>>> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> >>> >>> Thanks for the patch, nice optimization! >>> Could you split this into two patches, as you are doing two different >> things here? >>> One for the first sentence and another one for the second sentence. >>> Also, as you do that, could you rename the title to be more explicit? >>> Like: crypto/openssl: initialize cipher key at session init >>> >>> Finally, I was looking at GCM, and I think it could benefit from this. >>> I will send a separate patch for it, unless you want to integrate it in this >> patchset yourself. >>> >> >> Ok I would split the patches. >> For GCM I will try to incorporate in this patchset, if I get some performance >> improvement, or I would send a different patch later if some issue comes. > > Thanks Ahkil. Since I am working on AES-CCM for this PMD, I have the change > already done. I have seen performance improvements, but it is not as straight forward > as the cipher algorithms, because GMAC is also affected, which is in a different code path, > but requires GCM to be set. > If you have the change and it is working fine, then you can send your patch, no issues in that. Thanks, Akhil ^ permalink raw reply [flat|nested] 34+ messages in thread
* [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs 2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: performance improvements Akhil Goyal 2017-07-28 11:58 ` De Lara Guarch, Pablo 2017-08-14 14:17 ` De Lara Guarch, Pablo @ 2017-08-29 6:58 ` Akhil Goyal 2017-08-29 6:58 ` [dpdk-dev] [PATCH v2 2/2] crypto/openssl: performance improvements Akhil Goyal ` (2 more replies) 2 siblings, 3 replies; 34+ messages in thread From: Akhil Goyal @ 2017-08-29 6:58 UTC (permalink / raw) To: dev, pablo.de.lara.guarch; +Cc: hemant.agrawal, declan.doherty, Akhil Goyal in case of HMAC the openssl APIs HMAC_XXX give better performance for all HMAC cases as compared with EVP_XXX Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> --- changes in v2: patch split in two patches as per Pablo's recommendations drivers/crypto/openssl/rte_openssl_pmd.c | 37 +++++++++++++----------- drivers/crypto/openssl/rte_openssl_pmd_private.h | 3 +- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 0bd5f98..889d632 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -39,6 +39,7 @@ #include <rte_malloc.h> #include <rte_cpuflags.h> +#include <openssl/hmac.h> #include <openssl/evp.h> #include "rte_openssl_pmd_private.h" @@ -403,12 +404,16 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; - sess->auth.hmac.ctx = EVP_MD_CTX_create(); + HMAC_CTX_init(&sess->auth.hmac.ctx); if (get_auth_algo(xform->auth.algo, &sess->auth.hmac.evp_algo) != 0) return -EINVAL; - sess->auth.hmac.pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, - xform->auth.key.data, xform->auth.key.length); + + if (HMAC_Init_ex(&sess->auth.hmac.ctx, + xform->auth.key.data, + xform->auth.key.length, + sess->auth.hmac.evp_algo, NULL) != 1) + return -EINVAL; break; default: @@ -547,7 +552,7 @@ openssl_reset_session(struct openssl_session *sess) break; case OPENSSL_AUTH_AS_HMAC: EVP_PKEY_free(sess->auth.hmac.pkey); - EVP_MD_CTX_destroy(sess->auth.hmac.ctx); + HMAC_CTX_cleanup(&sess->auth.hmac.ctx); break; default: break; @@ -971,10 +976,9 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset, /** Process standard openssl auth algorithms with hmac */ static int process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset, - __rte_unused uint8_t *iv, EVP_PKEY *pkey, - int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo) + int srclen, HMAC_CTX *ctx) { - size_t dstlen; + unsigned int dstlen; struct rte_mbuf *m; int l, n = srclen; uint8_t *src; @@ -986,19 +990,16 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset, if (m == 0) goto process_auth_err; - if (EVP_DigestSignInit(ctx, NULL, algo, NULL, pkey) <= 0) - goto process_auth_err; - src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset); l = rte_pktmbuf_data_len(m) - offset; if (srclen <= l) { - if (EVP_DigestSignUpdate(ctx, (char *)src, srclen) <= 0) + if (HMAC_Update(ctx, (unsigned char *)src, srclen) != 1) goto process_auth_err; goto process_auth_final; } - if (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0) + if (HMAC_Update(ctx, (unsigned char *)src, l) != 1) goto process_auth_err; n -= l; @@ -1006,13 +1007,16 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset, for (m = m->next; (m != NULL) && (n > 0); m = m->next) { src = rte_pktmbuf_mtod(m, uint8_t *); l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n; - if (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0) + if (HMAC_Update(ctx, (unsigned char *)src, l) != 1) goto process_auth_err; n -= l; } process_auth_final: - if (EVP_DigestSignFinal(ctx, dst, &dstlen) <= 0) + if (HMAC_Final(ctx, dst, &dstlen) != 1) + goto process_auth_err; + + if (unlikely(HMAC_Init_ex(ctx, NULL, 0, NULL, NULL) != 1)) goto process_auth_err; return 0; @@ -1265,9 +1269,8 @@ process_openssl_auth_op break; case OPENSSL_AUTH_AS_HMAC: status = process_openssl_auth_hmac(mbuf_src, dst, - op->sym->auth.data.offset, NULL, - sess->auth.hmac.pkey, srclen, - sess->auth.hmac.ctx, sess->auth.hmac.evp_algo); + op->sym->auth.data.offset, srclen, + &sess->auth.hmac.ctx); break; default: status = -1; diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h index b7f7475..e36741e 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_private.h +++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h @@ -34,6 +34,7 @@ #define _OPENSSL_PMD_PRIVATE_H_ #include <openssl/evp.h> +#include <openssl/hmac.h> #include <openssl/des.h> #define CRYPTODEV_NAME_OPENSSL_PMD crypto_openssl @@ -164,7 +165,7 @@ struct openssl_session { /**< pointer to EVP key */ const EVP_MD *evp_algo; /**< pointer to EVP algorithm function */ - EVP_MD_CTX *ctx; + HMAC_CTX ctx; /**< pointer to EVP context structure */ } hmac; }; -- 2.9.3 ^ permalink raw reply [flat|nested] 34+ messages in thread
* [dpdk-dev] [PATCH v2 2/2] crypto/openssl: performance improvements 2017-08-29 6:58 ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal @ 2017-08-29 6:58 ` Akhil Goyal 2017-09-04 15:39 ` De Lara Guarch, Pablo 2017-09-05 5:57 ` [dpdk-dev] [PATCH v3 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal 2017-09-04 15:38 ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs De Lara Guarch, Pablo 2017-09-08 14:03 ` De Lara Guarch, Pablo 2 siblings, 2 replies; 34+ messages in thread From: Akhil Goyal @ 2017-08-29 6:58 UTC (permalink / raw) To: dev, pablo.de.lara.guarch; +Cc: hemant.agrawal, declan.doherty, Akhil Goyal key and algo are added in the openssl ctx during session initialization instead of adding it for each packet. Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> --- drivers/crypto/openssl/rte_openssl_pmd.c | 58 ++++++++++++++++++++++---------- 1 file changed, 41 insertions(+), 17 deletions(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 889d632..b11a7fb 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -308,6 +308,22 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess, get_cipher_key(xform->cipher.key.data, sess->cipher.key.length, sess->cipher.key.data); + if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { + if (EVP_EncryptInit_ex(sess->cipher.ctx, + sess->cipher.evp_algo, + NULL, xform->cipher.key.data, + NULL) != 1) { + return -EINVAL; + } + } else if (sess->cipher.direction == + RTE_CRYPTO_CIPHER_OP_DECRYPT) { + if (EVP_DecryptInit_ex(sess->cipher.ctx, + sess->cipher.evp_algo, + NULL, xform->cipher.key.data, + NULL) != 1) { + return -EINVAL; + } + } break; @@ -334,6 +350,23 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess, get_cipher_key(xform->cipher.key.data, sess->cipher.key.length, sess->cipher.key.data); + if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { + if (EVP_EncryptInit_ex(sess->cipher.ctx, + sess->cipher.evp_algo, + NULL, xform->cipher.key.data, + NULL) != 1) { + return -EINVAL; + } + } else if (sess->cipher.direction == + RTE_CRYPTO_CIPHER_OP_DECRYPT) { + if (EVP_DecryptInit_ex(sess->cipher.ctx, + sess->cipher.evp_algo, + NULL, xform->cipher.key.data, + NULL) != 1) { + return -EINVAL; + } + } + break; default: sess->cipher.algo = RTE_CRYPTO_CIPHER_NULL; @@ -698,12 +731,11 @@ process_openssl_decryption_update(struct rte_mbuf *mbuf_src, int offset, /** Process standard openssl cipher encryption */ static int process_openssl_cipher_encrypt(struct rte_mbuf *mbuf_src, uint8_t *dst, - int offset, uint8_t *iv, uint8_t *key, int srclen, - EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo) + int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx) { int totlen; - if (EVP_EncryptInit_ex(ctx, algo, NULL, key, iv) <= 0) + if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) goto process_cipher_encrypt_err; EVP_CIPHER_CTX_set_padding(ctx, 0); @@ -748,12 +780,11 @@ process_openssl_cipher_bpi_encrypt(uint8_t *src, uint8_t *dst, /** Process standard openssl cipher decryption */ static int process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst, - int offset, uint8_t *iv, uint8_t *key, int srclen, - EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo) + int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx) { int totlen; - if (EVP_DecryptInit_ex(ctx, algo, NULL, key, iv) <= 0) + if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) goto process_cipher_decrypt_err; EVP_CIPHER_CTX_set_padding(ctx, 0); @@ -1126,15 +1157,11 @@ process_openssl_cipher_op if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) status = process_openssl_cipher_encrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - sess->cipher.key.data, srclen, - sess->cipher.ctx, - sess->cipher.evp_algo); + srclen, sess->cipher.ctx); else status = process_openssl_cipher_decrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - sess->cipher.key.data, srclen, - sess->cipher.ctx, - sess->cipher.evp_algo); + srclen, sess->cipher.ctx); else status = process_openssl_cipher_des3ctr(mbuf_src, dst, op->sym->cipher.data.offset, iv, @@ -1178,8 +1205,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op, /* Encrypt with the block aligned stream with CBC mode */ status = process_openssl_cipher_encrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - sess->cipher.key.data, srclen, - sess->cipher.ctx, sess->cipher.evp_algo); + srclen, sess->cipher.ctx); if (last_block_len) { /* Point at last block */ dst += srclen; @@ -1229,9 +1255,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op, /* Decrypt with CBC mode */ status |= process_openssl_cipher_decrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - sess->cipher.key.data, srclen, - sess->cipher.ctx, - sess->cipher.evp_algo); + srclen, sess->cipher.ctx); } } -- 2.9.3 ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH v2 2/2] crypto/openssl: performance improvements 2017-08-29 6:58 ` [dpdk-dev] [PATCH v2 2/2] crypto/openssl: performance improvements Akhil Goyal @ 2017-09-04 15:39 ` De Lara Guarch, Pablo 2017-09-05 5:57 ` [dpdk-dev] [PATCH v3 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal 1 sibling, 0 replies; 34+ messages in thread From: De Lara Guarch, Pablo @ 2017-09-04 15:39 UTC (permalink / raw) To: Akhil Goyal, dev; +Cc: hemant.agrawal, Doherty, Declan > -----Original Message----- > From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > Sent: Tuesday, August 29, 2017 7:59 AM > To: dev@dpdk.org; De Lara Guarch, Pablo > <pablo.de.lara.guarch@intel.com> > Cc: hemant.agrawal@nxp.com; Doherty, Declan > <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com> > Subject: [PATCH v2 2/2] crypto/openssl: performance improvements > > key and algo are added in the openssl ctx during session initialization > instead of adding it for each packet. > > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> Could you modify the title to specify what you are improving? Apart from that, Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> ^ permalink raw reply [flat|nested] 34+ messages in thread
* [dpdk-dev] [PATCH v3 1/2] crypto/openssl: replace evp APIs with HMAC APIs 2017-08-29 6:58 ` [dpdk-dev] [PATCH v2 2/2] crypto/openssl: performance improvements Akhil Goyal 2017-09-04 15:39 ` De Lara Guarch, Pablo @ 2017-09-05 5:57 ` Akhil Goyal 2017-09-05 5:57 ` [dpdk-dev] [PATCH v3 2/2] crypto/openssl: key and algo updated during session init Akhil Goyal 1 sibling, 1 reply; 34+ messages in thread From: Akhil Goyal @ 2017-09-05 5:57 UTC (permalink / raw) To: dev, pablo.de.lara.guarch; +Cc: hemant.agrawal, declan.doherty, Akhil Goyal in case of HMAC the openssl APIs HMAC_XXX give better performance for all HMAC cases as compared with EVP_XXX Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- drivers/crypto/openssl/rte_openssl_pmd.c | 37 +++++++++++++----------- drivers/crypto/openssl/rte_openssl_pmd_private.h | 3 +- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 0bd5f98..889d632 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -39,6 +39,7 @@ #include <rte_malloc.h> #include <rte_cpuflags.h> +#include <openssl/hmac.h> #include <openssl/evp.h> #include "rte_openssl_pmd_private.h" @@ -403,12 +404,16 @@ openssl_set_session_auth_parameters(struct openssl_session *sess, case RTE_CRYPTO_AUTH_SHA384_HMAC: case RTE_CRYPTO_AUTH_SHA512_HMAC: sess->auth.mode = OPENSSL_AUTH_AS_HMAC; - sess->auth.hmac.ctx = EVP_MD_CTX_create(); + HMAC_CTX_init(&sess->auth.hmac.ctx); if (get_auth_algo(xform->auth.algo, &sess->auth.hmac.evp_algo) != 0) return -EINVAL; - sess->auth.hmac.pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, - xform->auth.key.data, xform->auth.key.length); + + if (HMAC_Init_ex(&sess->auth.hmac.ctx, + xform->auth.key.data, + xform->auth.key.length, + sess->auth.hmac.evp_algo, NULL) != 1) + return -EINVAL; break; default: @@ -547,7 +552,7 @@ openssl_reset_session(struct openssl_session *sess) break; case OPENSSL_AUTH_AS_HMAC: EVP_PKEY_free(sess->auth.hmac.pkey); - EVP_MD_CTX_destroy(sess->auth.hmac.ctx); + HMAC_CTX_cleanup(&sess->auth.hmac.ctx); break; default: break; @@ -971,10 +976,9 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset, /** Process standard openssl auth algorithms with hmac */ static int process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset, - __rte_unused uint8_t *iv, EVP_PKEY *pkey, - int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo) + int srclen, HMAC_CTX *ctx) { - size_t dstlen; + unsigned int dstlen; struct rte_mbuf *m; int l, n = srclen; uint8_t *src; @@ -986,19 +990,16 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset, if (m == 0) goto process_auth_err; - if (EVP_DigestSignInit(ctx, NULL, algo, NULL, pkey) <= 0) - goto process_auth_err; - src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset); l = rte_pktmbuf_data_len(m) - offset; if (srclen <= l) { - if (EVP_DigestSignUpdate(ctx, (char *)src, srclen) <= 0) + if (HMAC_Update(ctx, (unsigned char *)src, srclen) != 1) goto process_auth_err; goto process_auth_final; } - if (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0) + if (HMAC_Update(ctx, (unsigned char *)src, l) != 1) goto process_auth_err; n -= l; @@ -1006,13 +1007,16 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset, for (m = m->next; (m != NULL) && (n > 0); m = m->next) { src = rte_pktmbuf_mtod(m, uint8_t *); l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n; - if (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0) + if (HMAC_Update(ctx, (unsigned char *)src, l) != 1) goto process_auth_err; n -= l; } process_auth_final: - if (EVP_DigestSignFinal(ctx, dst, &dstlen) <= 0) + if (HMAC_Final(ctx, dst, &dstlen) != 1) + goto process_auth_err; + + if (unlikely(HMAC_Init_ex(ctx, NULL, 0, NULL, NULL) != 1)) goto process_auth_err; return 0; @@ -1265,9 +1269,8 @@ process_openssl_auth_op break; case OPENSSL_AUTH_AS_HMAC: status = process_openssl_auth_hmac(mbuf_src, dst, - op->sym->auth.data.offset, NULL, - sess->auth.hmac.pkey, srclen, - sess->auth.hmac.ctx, sess->auth.hmac.evp_algo); + op->sym->auth.data.offset, srclen, + &sess->auth.hmac.ctx); break; default: status = -1; diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h index b7f7475..e36741e 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_private.h +++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h @@ -34,6 +34,7 @@ #define _OPENSSL_PMD_PRIVATE_H_ #include <openssl/evp.h> +#include <openssl/hmac.h> #include <openssl/des.h> #define CRYPTODEV_NAME_OPENSSL_PMD crypto_openssl @@ -164,7 +165,7 @@ struct openssl_session { /**< pointer to EVP key */ const EVP_MD *evp_algo; /**< pointer to EVP algorithm function */ - EVP_MD_CTX *ctx; + HMAC_CTX ctx; /**< pointer to EVP context structure */ } hmac; }; -- 2.9.3 ^ permalink raw reply [flat|nested] 34+ messages in thread
* [dpdk-dev] [PATCH v3 2/2] crypto/openssl: key and algo updated during session init 2017-09-05 5:57 ` [dpdk-dev] [PATCH v3 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal @ 2017-09-05 5:57 ` Akhil Goyal 2017-09-06 10:24 ` De Lara Guarch, Pablo 0 siblings, 1 reply; 34+ messages in thread From: Akhil Goyal @ 2017-09-05 5:57 UTC (permalink / raw) To: dev, pablo.de.lara.guarch; +Cc: hemant.agrawal, declan.doherty, Akhil Goyal key and algo are added in the openssl ctx during session initialization instead of adding it for each packet. This would give performance improvement. Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> changes in v3: updated patch title --- drivers/crypto/openssl/rte_openssl_pmd.c | 58 ++++++++++++++++++++++---------- 1 file changed, 41 insertions(+), 17 deletions(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 889d632..b11a7fb 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -308,6 +308,22 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess, get_cipher_key(xform->cipher.key.data, sess->cipher.key.length, sess->cipher.key.data); + if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { + if (EVP_EncryptInit_ex(sess->cipher.ctx, + sess->cipher.evp_algo, + NULL, xform->cipher.key.data, + NULL) != 1) { + return -EINVAL; + } + } else if (sess->cipher.direction == + RTE_CRYPTO_CIPHER_OP_DECRYPT) { + if (EVP_DecryptInit_ex(sess->cipher.ctx, + sess->cipher.evp_algo, + NULL, xform->cipher.key.data, + NULL) != 1) { + return -EINVAL; + } + } break; @@ -334,6 +350,23 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess, get_cipher_key(xform->cipher.key.data, sess->cipher.key.length, sess->cipher.key.data); + if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { + if (EVP_EncryptInit_ex(sess->cipher.ctx, + sess->cipher.evp_algo, + NULL, xform->cipher.key.data, + NULL) != 1) { + return -EINVAL; + } + } else if (sess->cipher.direction == + RTE_CRYPTO_CIPHER_OP_DECRYPT) { + if (EVP_DecryptInit_ex(sess->cipher.ctx, + sess->cipher.evp_algo, + NULL, xform->cipher.key.data, + NULL) != 1) { + return -EINVAL; + } + } + break; default: sess->cipher.algo = RTE_CRYPTO_CIPHER_NULL; @@ -698,12 +731,11 @@ process_openssl_decryption_update(struct rte_mbuf *mbuf_src, int offset, /** Process standard openssl cipher encryption */ static int process_openssl_cipher_encrypt(struct rte_mbuf *mbuf_src, uint8_t *dst, - int offset, uint8_t *iv, uint8_t *key, int srclen, - EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo) + int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx) { int totlen; - if (EVP_EncryptInit_ex(ctx, algo, NULL, key, iv) <= 0) + if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) goto process_cipher_encrypt_err; EVP_CIPHER_CTX_set_padding(ctx, 0); @@ -748,12 +780,11 @@ process_openssl_cipher_bpi_encrypt(uint8_t *src, uint8_t *dst, /** Process standard openssl cipher decryption */ static int process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst, - int offset, uint8_t *iv, uint8_t *key, int srclen, - EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo) + int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx) { int totlen; - if (EVP_DecryptInit_ex(ctx, algo, NULL, key, iv) <= 0) + if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) goto process_cipher_decrypt_err; EVP_CIPHER_CTX_set_padding(ctx, 0); @@ -1126,15 +1157,11 @@ process_openssl_cipher_op if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) status = process_openssl_cipher_encrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - sess->cipher.key.data, srclen, - sess->cipher.ctx, - sess->cipher.evp_algo); + srclen, sess->cipher.ctx); else status = process_openssl_cipher_decrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - sess->cipher.key.data, srclen, - sess->cipher.ctx, - sess->cipher.evp_algo); + srclen, sess->cipher.ctx); else status = process_openssl_cipher_des3ctr(mbuf_src, dst, op->sym->cipher.data.offset, iv, @@ -1178,8 +1205,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op, /* Encrypt with the block aligned stream with CBC mode */ status = process_openssl_cipher_encrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - sess->cipher.key.data, srclen, - sess->cipher.ctx, sess->cipher.evp_algo); + srclen, sess->cipher.ctx); if (last_block_len) { /* Point at last block */ dst += srclen; @@ -1229,9 +1255,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op, /* Decrypt with CBC mode */ status |= process_openssl_cipher_decrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - sess->cipher.key.data, srclen, - sess->cipher.ctx, - sess->cipher.evp_algo); + srclen, sess->cipher.ctx); } } -- 2.9.3 ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH v3 2/2] crypto/openssl: key and algo updated during session init 2017-09-05 5:57 ` [dpdk-dev] [PATCH v3 2/2] crypto/openssl: key and algo updated during session init Akhil Goyal @ 2017-09-06 10:24 ` De Lara Guarch, Pablo 0 siblings, 0 replies; 34+ messages in thread From: De Lara Guarch, Pablo @ 2017-09-06 10:24 UTC (permalink / raw) To: Akhil Goyal, dev; +Cc: hemant.agrawal, Doherty, Declan > -----Original Message----- > From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > Sent: Tuesday, September 5, 2017 6:58 AM > To: dev@dpdk.org; De Lara Guarch, Pablo > <pablo.de.lara.guarch@intel.com> > Cc: hemant.agrawal@nxp.com; Doherty, Declan > <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com> > Subject: [PATCH v3 2/2] crypto/openssl: key and algo updated during > session init > > key and algo are added in the openssl ctx during session initialization > instead of adding it for each packet. > This would give performance improvement. > > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> > Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> changes in > v3: > updated patch title Applied to dpdk-next-crypto. Thanks, Pablo ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs 2017-08-29 6:58 ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal 2017-08-29 6:58 ` [dpdk-dev] [PATCH v2 2/2] crypto/openssl: performance improvements Akhil Goyal @ 2017-09-04 15:38 ` De Lara Guarch, Pablo 2017-09-08 14:03 ` De Lara Guarch, Pablo 2 siblings, 0 replies; 34+ messages in thread From: De Lara Guarch, Pablo @ 2017-09-04 15:38 UTC (permalink / raw) To: Akhil Goyal, dev; +Cc: hemant.agrawal, Doherty, Declan > -----Original Message----- > From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > Sent: Tuesday, August 29, 2017 7:59 AM > To: dev@dpdk.org; De Lara Guarch, Pablo > <pablo.de.lara.guarch@intel.com> > Cc: hemant.agrawal@nxp.com; Doherty, Declan > <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com> > Subject: [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs > > in case of HMAC the openssl APIs HMAC_XXX give better performance for > all HMAC cases as compared with EVP_XXX > > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs 2017-08-29 6:58 ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal 2017-08-29 6:58 ` [dpdk-dev] [PATCH v2 2/2] crypto/openssl: performance improvements Akhil Goyal 2017-09-04 15:38 ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs De Lara Guarch, Pablo @ 2017-09-08 14:03 ` De Lara Guarch, Pablo 2017-09-11 8:41 ` Akhil Goyal 2017-09-20 9:56 ` Akhil Goyal 2 siblings, 2 replies; 34+ messages in thread From: De Lara Guarch, Pablo @ 2017-09-08 14:03 UTC (permalink / raw) To: Akhil Goyal, dev; +Cc: hemant.agrawal, Doherty, Declan Hi Akhil, > -----Original Message----- > From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > Sent: Tuesday, August 29, 2017 7:59 AM > To: dev@dpdk.org; De Lara Guarch, Pablo > <pablo.de.lara.guarch@intel.com> > Cc: hemant.agrawal@nxp.com; Doherty, Declan > <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com> > Subject: [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs > > in case of HMAC the openssl APIs HMAC_XXX give better performance for > all HMAC cases as compared with EVP_XXX > > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> > --- > changes in v2: > patch split in two patches as per Pablo's recommendations > > drivers/crypto/openssl/rte_openssl_pmd.c | 37 +++++++++++++------- I just come across an issue with this patch on openssl 1.1.0 (below). Unfortunately, I have already applied the patch in the subtree, but if you could send a patch to fix this, I can integrate as part of that patch. Thanks, Pablo drivers/crypto/openssl/rte_openssl_pmd_private.h:168:14: error: field 'ctx' has incomplete type HMAC_CTX ctx; ^~~ In file included from drivers/crypto/openssl/rte_openssl_pmd_ops.c:39:0: drivers/crypto/openssl/rte_openssl_pmd_private.h:168:14: error: field 'ctx' has incomplete type HMAC_CTX ctx; ^~~ drivers/crypto/openssl/rte_openssl_pmd.c: In function 'openssl_set_session_auth_parameters': drivers/crypto/openssl/rte_openssl_pmd.c:440:3: error: implicit declaration of function 'HMAC_CTX_init'; did you mean 'HMAC_CTX_new'? [-Werror=implicit-function-declaration] HMAC_CTX_init(&sess->auth.hmac.ctx); ^~~~~~~~~~~~~ HMAC_CTX_new drivers/crypto/openssl/rte_openssl_pmd.c:440:3: error: nested extern declaration of 'HMAC_CTX_init' [-Werror=nested-externs] make[4]: *** [mk/internal/rte.compile-pre.mk:140: rte_openssl_pmd_ops.o] Error 1 make[4]: *** Waiting for unfinished jobs.... drivers/crypto/openssl/rte_openssl_pmd.c: In function 'openssl_reset_session': drivers/crypto/openssl/rte_openssl_pmd.c:588:3: error: implicit declaration of function 'HMAC_CTX_cleanup'; did you mean 'HMAC_CTX_get_md'? [-Werror=implicit-function-declaration] HMAC_CTX_cleanup(&sess->auth.hmac.ctx); ^~~~~~~~~~~~~~~~ HMAC_CTX_get_md drivers/crypto/openssl/rte_openssl_pmd.c:588:3: error: nested extern declaration of 'HMAC_CTX_cleanup' [-Werror=nested-externs] cc1: all warnings being treated as errors make[4]: *** [mk/internal/rte.compile-pre.mk:140: rte_openssl_pmd.o] Error 1 ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs 2017-09-08 14:03 ` De Lara Guarch, Pablo @ 2017-09-11 8:41 ` Akhil Goyal 2017-09-20 9:56 ` Akhil Goyal 1 sibling, 0 replies; 34+ messages in thread From: Akhil Goyal @ 2017-09-11 8:41 UTC (permalink / raw) To: De Lara Guarch, Pablo, dev; +Cc: hemant.agrawal, Doherty, Declan Hi Pablo, On 9/8/2017 7:33 PM, De Lara Guarch, Pablo wrote: > Hi Akhil, > >> -----Original Message----- >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] >> Sent: Tuesday, August 29, 2017 7:59 AM >> To: dev@dpdk.org; De Lara Guarch, Pablo >> <pablo.de.lara.guarch@intel.com> >> Cc: hemant.agrawal@nxp.com; Doherty, Declan >> <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com> >> Subject: [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs >> >> in case of HMAC the openssl APIs HMAC_XXX give better performance for >> all HMAC cases as compared with EVP_XXX >> >> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> >> --- >> changes in v2: >> patch split in two patches as per Pablo's recommendations >> >> drivers/crypto/openssl/rte_openssl_pmd.c | 37 +++++++++++++------- > > I just come across an issue with this patch on openssl 1.1.0 (below). > Unfortunately, I have already applied the patch in the subtree, but if you could send a patch to fix this, > I can integrate as part of that patch. > > Thanks, > Pablo > > drivers/crypto/openssl/rte_openssl_pmd_private.h:168:14: error: field 'ctx' has incomplete type > HMAC_CTX ctx; > ^~~ > In file included from drivers/crypto/openssl/rte_openssl_pmd_ops.c:39:0: > drivers/crypto/openssl/rte_openssl_pmd_private.h:168:14: error: field 'ctx' has incomplete type > HMAC_CTX ctx; > ^~~ > drivers/crypto/openssl/rte_openssl_pmd.c: In function 'openssl_set_session_auth_parameters': > drivers/crypto/openssl/rte_openssl_pmd.c:440:3: error: implicit declaration of function 'HMAC_CTX_init'; did you mean 'HMAC_CTX_new'? [-Werror=implicit-function-declaration] > HMAC_CTX_init(&sess->auth.hmac.ctx); > ^~~~~~~~~~~~~ > HMAC_CTX_new > > drivers/crypto/openssl/rte_openssl_pmd.c:440:3: error: nested extern declaration of 'HMAC_CTX_init' [-Werror=nested-externs] > make[4]: *** [mk/internal/rte.compile-pre.mk:140: rte_openssl_pmd_ops.o] Error 1 > make[4]: *** Waiting for unfinished jobs.... > drivers/crypto/openssl/rte_openssl_pmd.c: In function 'openssl_reset_session': > drivers/crypto/openssl/rte_openssl_pmd.c:588:3: error: implicit declaration of function 'HMAC_CTX_cleanup'; did you mean 'HMAC_CTX_get_md'? [-Werror=implicit-function-declaration] > HMAC_CTX_cleanup(&sess->auth.hmac.ctx); > ^~~~~~~~~~~~~~~~ > HMAC_CTX_get_md > drivers/crypto/openssl/rte_openssl_pmd.c:588:3: error: nested extern declaration of 'HMAC_CTX_cleanup' [-Werror=nested-externs] > cc1: all warnings being treated as errors > make[4]: *** [mk/internal/rte.compile-pre.mk:140: rte_openssl_pmd.o] Error 1 > I will look into this and will send the patch ASAP. Regards, Akhil ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs 2017-09-08 14:03 ` De Lara Guarch, Pablo 2017-09-11 8:41 ` Akhil Goyal @ 2017-09-20 9:56 ` Akhil Goyal 1 sibling, 0 replies; 34+ messages in thread From: Akhil Goyal @ 2017-09-20 9:56 UTC (permalink / raw) To: De Lara Guarch, Pablo, dev; +Cc: hemant.agrawal, Doherty, Declan Hi Pablo, On 9/8/2017 7:33 PM, De Lara Guarch, Pablo wrote: > Hi Akhil, > >> -----Original Message----- >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] >> Sent: Tuesday, August 29, 2017 7:59 AM >> To: dev@dpdk.org; De Lara Guarch, Pablo >> <pablo.de.lara.guarch@intel.com> >> Cc: hemant.agrawal@nxp.com; Doherty, Declan >> <declan.doherty@intel.com>; Akhil Goyal <akhil.goyal@nxp.com> >> Subject: [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs >> >> in case of HMAC the openssl APIs HMAC_XXX give better performance for >> all HMAC cases as compared with EVP_XXX >> >> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> >> --- >> changes in v2: >> patch split in two patches as per Pablo's recommendations >> >> drivers/crypto/openssl/rte_openssl_pmd.c | 37 +++++++++++++------- > > I just come across an issue with this patch on openssl 1.1.0 (below). > Unfortunately, I have already applied the patch in the subtree, but if you could send a patch to fix this, > I can integrate as part of that patch. > I have sent a patch to fix this. http://dpdk.org/dev/patchwork/patch/28995/ Thanks, Akhil ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc 2017-07-28 11:07 [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc Akhil Goyal 2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: add openssl path for cross compile Akhil Goyal 2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: performance improvements Akhil Goyal @ 2017-09-04 14:48 ` De Lara Guarch, Pablo 2017-09-05 5:58 ` Akhil Goyal 2 siblings, 1 reply; 34+ messages in thread From: De Lara Guarch, Pablo @ 2017-09-04 14:48 UTC (permalink / raw) To: Akhil Goyal, dev, Doherty, Declan; +Cc: hemant.agrawal > -----Original Message----- > From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > Sent: Friday, July 28, 2017 12:08 PM > To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com> > Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; > hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com> > Subject: [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc > > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> > --- > config/defconfig_arm64-dpaa2-linuxapp-gcc | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/config/defconfig_arm64-dpaa2-linuxapp-gcc > b/config/defconfig_arm64-dpaa2-linuxapp-gcc > index 8a42944..7de2d4e 100644 > --- a/config/defconfig_arm64-dpaa2-linuxapp-gcc > +++ b/config/defconfig_arm64-dpaa2-linuxapp-gcc > @@ -90,3 +90,9 @@ > CONFIG_RTE_DPAA2_SEC_PMD_MAX_NB_SESSIONS=2048 > # > CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV=y > CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV_DEBUG=n > + > +# > +# Compile PMD for Software backed device # > +CONFIG_RTE_LIBRTE_PMD_OPENSSL=y > CONFIG_RTE_LIBRTE_PMD_OPENSSL_DEBUG=n > -- > 2.9.3 Is OpenSSL installed by default in that system, so this can be enabled by default for this target? Pablo ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc 2017-09-04 14:48 ` [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc De Lara Guarch, Pablo @ 2017-09-05 5:58 ` Akhil Goyal 2017-09-06 10:25 ` De Lara Guarch, Pablo 0 siblings, 1 reply; 34+ messages in thread From: Akhil Goyal @ 2017-09-05 5:58 UTC (permalink / raw) To: De Lara Guarch, Pablo, dev, Doherty, Declan; +Cc: hemant.agrawal Hi Pablo, On 9/4/2017 8:18 PM, De Lara Guarch, Pablo wrote: > > >> -----Original Message----- >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] >> Sent: Friday, July 28, 2017 12:08 PM >> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com> >> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; >> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com> >> Subject: [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc >> >> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> >> --- >> config/defconfig_arm64-dpaa2-linuxapp-gcc | 6 ++++++ >> 1 file changed, 6 insertions(+) >> >> diff --git a/config/defconfig_arm64-dpaa2-linuxapp-gcc >> b/config/defconfig_arm64-dpaa2-linuxapp-gcc >> index 8a42944..7de2d4e 100644 >> --- a/config/defconfig_arm64-dpaa2-linuxapp-gcc >> +++ b/config/defconfig_arm64-dpaa2-linuxapp-gcc >> @@ -90,3 +90,9 @@ >> CONFIG_RTE_DPAA2_SEC_PMD_MAX_NB_SESSIONS=2048 >> # >> CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV=y >> CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV_DEBUG=n >> + >> +# >> +# Compile PMD for Software backed device # >> +CONFIG_RTE_LIBRTE_PMD_OPENSSL=y >> CONFIG_RTE_LIBRTE_PMD_OPENSSL_DEBUG=n >> -- >> 2.9.3 > > Is OpenSSL installed by default in that system, so this can be enabled by default for this target? > yes this is installed by default. -Akhil ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc 2017-09-05 5:58 ` Akhil Goyal @ 2017-09-06 10:25 ` De Lara Guarch, Pablo 2017-10-12 13:01 ` Thomas Monjalon 0 siblings, 1 reply; 34+ messages in thread From: De Lara Guarch, Pablo @ 2017-09-06 10:25 UTC (permalink / raw) To: Akhil Goyal, dev, Doherty, Declan; +Cc: hemant.agrawal > -----Original Message----- > From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > Sent: Tuesday, September 5, 2017 6:59 AM > To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; > dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com> > Cc: hemant.agrawal@nxp.com > Subject: Re: [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc > > Hi Pablo, > On 9/4/2017 8:18 PM, De Lara Guarch, Pablo wrote: > > > > > >> -----Original Message----- > >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > >> Sent: Friday, July 28, 2017 12:08 PM > >> To: dev@dpdk.org; Doherty, Declan <declan.doherty@intel.com> > >> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; > >> hemant.agrawal@nxp.com; Akhil Goyal <akhil.goyal@nxp.com> > >> Subject: [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc > >> > >> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com> > >> --- > >> config/defconfig_arm64-dpaa2-linuxapp-gcc | 6 ++++++ > >> 1 file changed, 6 insertions(+) > >> > >> diff --git a/config/defconfig_arm64-dpaa2-linuxapp-gcc > >> b/config/defconfig_arm64-dpaa2-linuxapp-gcc > >> index 8a42944..7de2d4e 100644 > >> --- a/config/defconfig_arm64-dpaa2-linuxapp-gcc > >> +++ b/config/defconfig_arm64-dpaa2-linuxapp-gcc > >> @@ -90,3 +90,9 @@ > >> CONFIG_RTE_DPAA2_SEC_PMD_MAX_NB_SESSIONS=2048 > >> # > >> CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV=y > >> CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV_DEBUG=n > >> + > >> +# > >> +# Compile PMD for Software backed device # > >> +CONFIG_RTE_LIBRTE_PMD_OPENSSL=y > >> CONFIG_RTE_LIBRTE_PMD_OPENSSL_DEBUG=n > >> -- > >> 2.9.3 > > > > Is OpenSSL installed by default in that system, so this can be enabled by > default for this target? > > > yes this is installed by default. Thanks for the reply. Applied to dpdk-next-crypto. Thanks, Pablo > > -Akhil ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc 2017-09-06 10:25 ` De Lara Guarch, Pablo @ 2017-10-12 13:01 ` Thomas Monjalon 2017-10-12 13:32 ` Hemant Agrawal 0 siblings, 1 reply; 34+ messages in thread From: Thomas Monjalon @ 2017-10-12 13:01 UTC (permalink / raw) To: De Lara Guarch, Pablo, Akhil Goyal; +Cc: dev, Doherty, Declan, hemant.agrawal 06/09/2017 12:25, De Lara Guarch, Pablo: > From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > > > > Hi Pablo, > > On 9/4/2017 8:18 PM, De Lara Guarch, Pablo wrote: > > > From: Akhil Goyal [mailto:akhil.goyal@nxp.com] > > >> --- a/config/defconfig_arm64-dpaa2-linuxapp-gcc > > >> +++ b/config/defconfig_arm64-dpaa2-linuxapp-gcc > > >> @@ -90,3 +90,9 @@ > > >> CONFIG_RTE_DPAA2_SEC_PMD_MAX_NB_SESSIONS=2048 > > >> # > > >> CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV=y > > >> CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV_DEBUG=n > > >> + > > >> +# > > >> +# Compile PMD for Software backed device # > > >> +CONFIG_RTE_LIBRTE_PMD_OPENSSL=y > > >> CONFIG_RTE_LIBRTE_PMD_OPENSSL_DEBUG=n > > >> -- > > >> 2.9.3 > > > > > > Is OpenSSL installed by default in that system, so this can be enabled by > > default for this target? > > > > > yes this is installed by default. > > Thanks for the reply. > > Applied to dpdk-next-crypto. > Thanks, Where is it installed by default? On your machine? In your build system? It is at least not installed on my machine when I compile this target. This file is a defconfig, not your preferred config. This patch should be dropped. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc 2017-10-12 13:01 ` Thomas Monjalon @ 2017-10-12 13:32 ` Hemant Agrawal 0 siblings, 0 replies; 34+ messages in thread From: Hemant Agrawal @ 2017-10-12 13:32 UTC (permalink / raw) To: Thomas Monjalon, De Lara Guarch, Pablo, Akhil Goyal; +Cc: dev, Doherty, Declan On 10/12/2017 6:31 PM, Thomas Monjalon wrote: > 06/09/2017 12:25, De Lara Guarch, Pablo: >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] >>> >>> Hi Pablo, >>> On 9/4/2017 8:18 PM, De Lara Guarch, Pablo wrote: >>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com] >>>>> --- a/config/defconfig_arm64-dpaa2-linuxapp-gcc >>>>> +++ b/config/defconfig_arm64-dpaa2-linuxapp-gcc >>>>> @@ -90,3 +90,9 @@ >>>>> CONFIG_RTE_DPAA2_SEC_PMD_MAX_NB_SESSIONS=2048 >>>>> # >>>>> CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV=y >>>>> CONFIG_RTE_LIBRTE_PMD_DPAA2_EVENTDEV_DEBUG=n >>>>> + >>>>> +# >>>>> +# Compile PMD for Software backed device # >>>>> +CONFIG_RTE_LIBRTE_PMD_OPENSSL=y >>>>> CONFIG_RTE_LIBRTE_PMD_OPENSSL_DEBUG=n >>>>> -- >>>>> 2.9.3 >>>> >>>> Is OpenSSL installed by default in that system, so this can be enabled by >>> default for this target? >>>> >>> yes this is installed by default. >> >> Thanks for the reply. >> >> Applied to dpdk-next-crypto. >> Thanks, > > Where is it installed by default? > On your machine? In your build system? > It is at least not installed on my machine when I compile this target. > > This file is a defconfig, not your preferred config. > > This patch should be dropped. > ok to drop. ^ permalink raw reply [flat|nested] 34+ messages in thread
end of thread, other threads:[~2017-10-12 13:34 UTC | newest] Thread overview: 34+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2017-07-28 11:07 [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc Akhil Goyal 2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: add openssl path for cross compile Akhil Goyal 2017-08-29 7:02 ` [dpdk-dev] [PATCH v2] " Akhil Goyal 2017-09-05 8:22 ` De Lara Guarch, Pablo 2017-09-05 8:37 ` Akhil Goyal 2017-09-05 9:02 ` [dpdk-dev] [PATCH v3] " Akhil Goyal 2017-09-06 9:26 ` De Lara Guarch, Pablo 2017-09-06 10:15 ` De Lara Guarch, Pablo 2017-10-12 13:06 ` Thomas Monjalon 2017-10-12 13:31 ` Hemant Agrawal 2017-10-12 13:34 ` Thomas Monjalon 2017-07-28 11:07 ` [dpdk-dev] [PATCH] crypto/openssl: performance improvements Akhil Goyal 2017-07-28 11:58 ` De Lara Guarch, Pablo 2017-07-28 12:02 ` Akhil Goyal 2017-07-28 12:07 ` De Lara Guarch, Pablo 2017-08-14 14:17 ` De Lara Guarch, Pablo 2017-08-15 6:44 ` Akhil Goyal 2017-08-15 7:26 ` De Lara Guarch, Pablo 2017-08-16 7:03 ` Akhil Goyal 2017-08-29 6:58 ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal 2017-08-29 6:58 ` [dpdk-dev] [PATCH v2 2/2] crypto/openssl: performance improvements Akhil Goyal 2017-09-04 15:39 ` De Lara Guarch, Pablo 2017-09-05 5:57 ` [dpdk-dev] [PATCH v3 1/2] crypto/openssl: replace evp APIs with HMAC APIs Akhil Goyal 2017-09-05 5:57 ` [dpdk-dev] [PATCH v3 2/2] crypto/openssl: key and algo updated during session init Akhil Goyal 2017-09-06 10:24 ` De Lara Guarch, Pablo 2017-09-04 15:38 ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: replace evp APIs with HMAC APIs De Lara Guarch, Pablo 2017-09-08 14:03 ` De Lara Guarch, Pablo 2017-09-11 8:41 ` Akhil Goyal 2017-09-20 9:56 ` Akhil Goyal 2017-09-04 14:48 ` [dpdk-dev] [PATCH] config: add openssl in arm64-dpaa2-linuxapp-gcc De Lara Guarch, Pablo 2017-09-05 5:58 ` Akhil Goyal 2017-09-06 10:25 ` De Lara Guarch, Pablo 2017-10-12 13:01 ` Thomas Monjalon 2017-10-12 13:32 ` Hemant Agrawal
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).