From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
by inbox.dpdk.org (Postfix) with ESMTP id 05053A00E6
for <public@inbox.dpdk.org>; Wed, 7 Aug 2019 17:11:34 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
by dpdk.org (Postfix) with ESMTP id 490121B95B;
Wed, 7 Aug 2019 17:10:13 +0200 (CEST)
Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com
[209.85.221.67]) by dpdk.org (Postfix) with ESMTP id 176DA2C6A
for <dev@dpdk.org>; Wed, 7 Aug 2019 17:09:50 +0200 (CEST)
Received: by mail-wr1-f67.google.com with SMTP id q12so1478299wrj.12
for <dev@dpdk.org>; Wed, 07 Aug 2019 08:09:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=6wind.com; s=google;
h=from:to:cc:subject:date:message-id:in-reply-to:references
:in-reply-to:references;
bh=wgarJcXvidJ78ZEw1ta+Nge5CEfZ3EqDvpTZDWMalDE=;
b=glJor6gGYIKWIANEj7n16ynXfqETsu+B67HgrTEp5BSOOPYKjmI6y2jBiSLw9O/bA/
bBU/KoJ2lp95bwlFhxNoOCQZhKKMwr9fRmq7TtqBm4RbhMCwYLPDeWzhzrZYU/uC8RdJ
W52vPFLpDupyW9hoOzkGVrZuaVIskwqOmHRNOfV50xRN+Y4kNiPpEjtToBR7CjwW+wR3
105nPqoDstGMwo+ihhTvNDOlrwREDmoVly9lPJAnB9igK+iSDJ5+F4Ym9vxk0MJGe3pC
PRnnMzbsfOyFGsNpiYvONlH6M14HNiMEaTtYQaoZJ4eQRALizdHfE7ZEpRXxCwQMkn+Q
8fYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
:references:in-reply-to:references;
bh=wgarJcXvidJ78ZEw1ta+Nge5CEfZ3EqDvpTZDWMalDE=;
b=qfuYYdWa15nbDVAk3BsY/2NIQuxprx0Btwrmmgazye0n8xNrVdAObl5G4mP+q4bhr/
gkD4CRNtfb5BsphwCj68V2cY3izum9rOprn3H2Kx8Q6fkMhdl98PgLhrKRfNQqoVj1M9
bQcpBn9tD6LfxreFhEmFwcsrXdmRfY5sqNylCWH1cCnYVF29ON4PSb1la+U/T3Yu/ubU
/LoE9zr0UkZp0iNZB0GZxpbWaYwV+Iyg3mkEfgj/uPwLc8VceJFJI45zjaohEX9V2HRk
6VDMzPZ+BzDJwmLPSDHVC5wnmo0ASB26HXLnOn2Ym61hDEGcF27Y0tGdoIdCWxmtZn7b
uQQg==
X-Gm-Message-State: APjAAAWrs4h1oGLJZvHJ67pMdzbVoF7hc1V0fsCFG9V8rhKxjnmtLxt/
zgBe16vf2cDkQXfJ5ML3f5jsfL772Q==
X-Google-Smtp-Source: APXvYqyRock0pO8yAq0OG0zsG4jnmyZGWVb+fcD06REfh8JLEKyLCekV8Ct9a2HJUszgZ/hAi10qhg==
X-Received: by 2002:a5d:6650:: with SMTP id f16mr11895234wrw.89.1565190589587;
Wed, 07 Aug 2019 08:09:49 -0700 (PDT)
Received: from ascain.dev.6wind.com. (host.78.145.23.62.rev.coltfrance.com.
[62.23.145.78])
by smtp.gmail.com with ESMTPSA id r5sm382862wmh.35.2019.08.07.08.09.48
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 07 Aug 2019 08:09:48 -0700 (PDT)
From: Thierry Herbelot <thierry.herbelot@6wind.com>
To: dev@dpdk.org
Cc: stable@dpdk.org,
Thomas Monjalon <thomas@monjalon.net>
Date: Wed, 7 Aug 2019 17:09:19 +0200
Message-Id: <8a592c1aaced192bae30aa2570b4853b1d33bbef.1565190405.git.thierry.herbelot@6wind.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <cover.1565190405.git.thierry.herbelot@6wind.com>
References: <cover.1565190405.git.thierry.herbelot@6wind.com>
In-Reply-To: <cover.1565190405.git.thierry.herbelot@6wind.com>
References: <cover.1565188248.git.thierry.herbelot@6wind.com>
<cover.1565190405.git.thierry.herbelot@6wind.com>
Subject: [dpdk-dev] [PATCH 19.11 V2 10/12] drivers/crypto/openssl: use a
local copy for the session contexts
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>
Session contexts are used for temporary storage when processing a
packet.
If packets for the same session are to be processed simultaneously on
multiple cores, separate contexts must be used.
Note: with openssl 1.1.1 EVP_CIPHER_CTX can no longer be defined as a
variable on the stack: it must be allocated. This in turn reduces the
performance.
Fixes: d61f70b4c918 ('crypto/libcrypto: add driver for OpenSSL library')
Cc: stable@dpdk.org
Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 34 +++++++++++++++++++++++---------
1 file changed, 25 insertions(+), 9 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 2f5552840741..ce2d12347737 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1290,6 +1290,7 @@ process_openssl_combined_op
int srclen, aadlen, status = -1;
uint32_t offset;
uint8_t taglen;
+ EVP_CIPHER_CTX *ctx_copy;
/*
* Segmented destination buffer is not supported for
@@ -1326,6 +1327,8 @@ process_openssl_combined_op
}
taglen = sess->auth.digest_length;
+ ctx_copy = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx);
if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC ||
@@ -1333,12 +1336,12 @@ process_openssl_combined_op
status = process_openssl_auth_encryption_gcm(
mbuf_src, offset, srclen,
aad, aadlen, iv,
- dst, tag, sess->cipher.ctx);
+ dst, tag, ctx_copy);
else
status = process_openssl_auth_encryption_ccm(
mbuf_src, offset, srclen,
aad, aadlen, iv,
- dst, tag, taglen, sess->cipher.ctx);
+ dst, tag, taglen, ctx_copy);
} else {
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC ||
@@ -1346,14 +1349,15 @@ process_openssl_combined_op
status = process_openssl_auth_decryption_gcm(
mbuf_src, offset, srclen,
aad, aadlen, iv,
- dst, tag, sess->cipher.ctx);
+ dst, tag, ctx_copy);
else
status = process_openssl_auth_decryption_ccm(
mbuf_src, offset, srclen,
aad, aadlen, iv,
- dst, tag, taglen, sess->cipher.ctx);
+ dst, tag, taglen, ctx_copy);
}
+ EVP_CIPHER_CTX_free(ctx_copy);
if (status != 0) {
if (status == (-EFAULT) &&
sess->auth.operation ==
@@ -1372,6 +1376,7 @@ process_openssl_cipher_op
{
uint8_t *dst, *iv;
int srclen, status;
+ EVP_CIPHER_CTX *ctx_copy;
/*
* Segmented destination buffer is not supported for
@@ -1388,22 +1393,25 @@ process_openssl_cipher_op
iv = rte_crypto_op_ctod_offset(op, uint8_t *,
sess->iv.offset);
+ ctx_copy = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx);
if (sess->cipher.mode == OPENSSL_CIPHER_LIB)
if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
status = process_openssl_cipher_encrypt(mbuf_src, dst,
op->sym->cipher.data.offset, iv,
- srclen, sess->cipher.ctx);
+ srclen, ctx_copy);
else
status = process_openssl_cipher_decrypt(mbuf_src, dst,
op->sym->cipher.data.offset, iv,
- srclen, sess->cipher.ctx);
+ srclen, ctx_copy);
else
status = process_openssl_cipher_des3ctr(mbuf_src, dst,
op->sym->cipher.data.offset, iv,
sess->cipher.key.data, srclen,
- sess->cipher.ctx);
+ ctx_copy);
+ EVP_CIPHER_CTX_free(ctx_copy);
if (status != 0)
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
}
@@ -1507,6 +1515,8 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
{
uint8_t *dst;
int srclen, status;
+ EVP_MD_CTX *ctx_a;
+ HMAC_CTX *ctx_h;
srclen = op->sym->auth.data.length;
@@ -1514,14 +1524,20 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
switch (sess->auth.mode) {
case OPENSSL_AUTH_AS_AUTH:
+ ctx_a = EVP_MD_CTX_create();
+ EVP_MD_CTX_copy_ex(ctx_a, sess->auth.auth.ctx);
status = process_openssl_auth(mbuf_src, dst,
op->sym->auth.data.offset, NULL, NULL, srclen,
- sess->auth.auth.ctx, sess->auth.auth.evp_algo);
+ ctx_a, sess->auth.auth.evp_algo);
+ EVP_MD_CTX_destroy(ctx_a);
break;
case OPENSSL_AUTH_AS_HMAC:
+ ctx_h = HMAC_CTX_new();
+ HMAC_CTX_copy(ctx_h, sess->auth.hmac.ctx);
status = process_openssl_auth_hmac(mbuf_src, dst,
op->sym->auth.data.offset, srclen,
- sess->auth.hmac.ctx);
+ ctx_h);
+ HMAC_CTX_free(ctx_h);
break;
default:
status = -1;
--
2.11.0