From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 4CC1645538;
	Mon,  1 Jul 2024 14:56:15 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 3C217427CB;
	Mon,  1 Jul 2024 14:56:15 +0200 (CEST)
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.19])
 by mails.dpdk.org (Postfix) with ESMTP id 7F2E7427CB
 for <dev@dpdk.org>; Mon,  1 Jul 2024 14:56:13 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1719838574; x=1751374574;
 h=from:to:cc:subject:date:message-id:references:
 in-reply-to:mime-version;
 bh=655f7b01zGSL7Ma8Kp5E6yyrvlnayl588lBmmPy1z3s=;
 b=IRJm+o9waJsUxHHcSx0gsUH+UyxCCMfF/6HBMXYNkbYNfK/GYSTiek0w
 xaCiwmUeeFrq/Upadx9pbrZ2FbUWCc6jjwxIrt6T1aGPnEr9n54edhl6R
 35uy6gKxj+53SL2VYoNhKJzqb/PluG5c3Tk1HWgsEFnqKq3lBht8xxgMg
 zMUs6GvVr8IldsmGlhhHU3iJTseLwqD3T5UPc7r9L3tT7Q89pJVv7oEvz
 3YpXGCcLX3MEcIbWBDPPKuNupIVzJN5j4EyKAtJbs/4xyVTP0afJ0eeeN
 pRWa5Y/BgzT3r72G8DpO+WB1TaZ/M0JtNRmvCbLE/d9IzUmnzbFXa6cmv g==;
X-CSE-ConnectionGUID: S3/uV1j0TNSr7jJoLAzbVw==
X-CSE-MsgGUID: W4HtngS/Szem1SQY2M6jaw==
X-IronPort-AV: E=McAfee;i="6700,10204,11120"; a="16691754"
X-IronPort-AV: E=Sophos;i="6.09,176,1716274800"; d="scan'208,217";a="16691754"
Received: from orviesa002.jf.intel.com ([10.64.159.142])
 by fmvoesa113.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 01 Jul 2024 05:56:13 -0700
X-CSE-ConnectionGUID: IYDz1JiHSWWwpmdtiyFBQQ==
X-CSE-MsgGUID: 4K4KWC2JSzaz0OoGXPPurA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.09,176,1716274800"; d="scan'208,217";a="76234407"
Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14])
 by orviesa002.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384;
 01 Jul 2024 05:56:13 -0700
Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by
 ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.39; Mon, 1 Jul 2024 05:56:12 -0700
Received: from orsmsx602.amr.corp.intel.com (10.22.229.15) by
 ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.39; Mon, 1 Jul 2024 05:56:11 -0700
Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by
 orsmsx602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.39 via Frontend Transport; Mon, 1 Jul 2024 05:56:11 -0700
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.42) by
 edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.39; Mon, 1 Jul 2024 05:56:11 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=DUzmlVlJcqO1nga1lwKrK4oZheBUagVtM4dyLIxa6ppYRgWzDOS80kvLLg465xi+NdkMz9i7fYooOaJMxX3E/Dic1rRo68MRWrQJCAtuD+PhiM9dwg/wj3pwnixnNpNLLtPLvou7pBTzoED64PHmB8ZBAr9xfPtbbr6ggL2cLPMtd4a5zWfMWIygWDHYeTvfVzivzT2KjG9IJ7oG2YGGDJov99GfpEdDlFEw3P6aOfppxOcvJ/1DdJQCfqFxSdOe+Wvrih4ewm3gkz9HkYHDyAOEQXZ364rJ3q0M8Sow1JNh1UKQOdDIUUiIXebU47g2Y8vVHhBH0eXpl3ocHAyQaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=dLDUA2pGJAZQnyBrEnUG9cIXVExC+nJz18WV4WtwPMA=;
 b=EA0pbSnjAc9qwC6ILpDjP+k3MT/aK+KB+M0L6t2zFYBTOZuWqzJVADUrwPwSuDnAdpjc84lOz3utlRxoIR7bp7fgmbglc3xYrVQGVcBr3gIVgfMdq9/yIkxinnslW4aXE2WP/woFgO7HiDX5X/t/+vApJIXR49++qEzxj/bFVDByqYIrxp4Zg5M00Jo4PleCKwRdQK8Htt17pe55l8mn1oljrw6FRuh2TIM8DQenRHpNfYsydChbbn5Z6WfOD65GI7/zk+qxadIKFTDlmrkDhNEZ3fOTUotZcGcLIiO+7p8dtbvXORf9vnNnH97I377oObx57hUhGy80crqnSQdJcA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
Received: from DS0PR11MB7458.namprd11.prod.outlook.com (2603:10b6:8:145::13)
 by PH7PR11MB7596.namprd11.prod.outlook.com (2603:10b6:510:27e::12) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7719.29; Mon, 1 Jul
 2024 12:56:09 +0000
Received: from DS0PR11MB7458.namprd11.prod.outlook.com
 ([fe80::1a9e:53a6:9603:8f79]) by DS0PR11MB7458.namprd11.prod.outlook.com
 ([fe80::1a9e:53a6:9603:8f79%5]) with mapi id 15.20.7719.028; Mon, 1 Jul 2024
 12:56:08 +0000
From: "Ji, Kai" <kai.ji@intel.com>
To: Jack Bond-Preston <jack.bond-preston@foss.arm.com>
CC: "dev@dpdk.org" <dev@dpdk.org>, Wathsala Vithanage
 <wathsala.vithanage@arm.com>
Subject: Re: [PATCH v4 3/5] crypto/openssl: per-qp cipher context clones
Thread-Topic: [PATCH v4 3/5] crypto/openssl: per-qp cipher context clones
Thread-Index: AQHauNkKxoMJfXxsS0ecNDdShtQk6rHh+kzu
Date: Mon, 1 Jul 2024 12:56:08 +0000
Message-ID: <DS0PR11MB74582A6315541BBD96648E2B81D32@DS0PR11MB7458.namprd11.prod.outlook.com>
References: <20240603160119.1279476-1-jack.bond-preston@foss.arm.com>
 <20240607124756.3968704-1-jack.bond-preston@foss.arm.com>
 <20240607124756.3968704-4-jack.bond-preston@foss.arm.com>
In-Reply-To: <20240607124756.3968704-4-jack.bond-preston@foss.arm.com>
Accept-Language: en-GB, en-US, en-IE
Content-Language: en-GB
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
msip_labels: 
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DS0PR11MB7458:EE_|PH7PR11MB7596:EE_
x-ms-office365-filtering-correlation-id: 1649b1a8-6648-4edf-176c-08dc99cd2d42
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0; ARA:13230040|376014|1800799024|366016|38070700018;
x-microsoft-antispam-message-info: =?us-ascii?Q?d52BEIg4ahsZ+55nsec3fdt4NU0aTSf6N+2EYNRvhlktFcm/uJzflUwFdweE?=
 =?us-ascii?Q?uVre3A6NisJjdRG50ye2iMhQwxeM/pP3B5yTVYkeRyhYWX6r+poXVuYOyF5T?=
 =?us-ascii?Q?TmLUDCVlWI/g3MsT1zbRx2e/EoAcErVsctzDSH3Oxjfn3+4XUC5q1E12Duff?=
 =?us-ascii?Q?XUqBs9Baew7a+3MtwgjMsi5TrbrAo0FxHloHXqVZiec3aiIZa1RGWGYpBM2T?=
 =?us-ascii?Q?TKH3FZohgxY6TIQSlCoIJQhJXZqM/neaCnXguB5Ak0CnoRwRr38t3zAWv5kG?=
 =?us-ascii?Q?7cb0wDGj8O7UJXlN5oSFkQDVRu5iRdr6smcEBHjPhlSDDfxUkYBNJo5pCHP+?=
 =?us-ascii?Q?fSebcYWZMls58SgXMgKzd2iDjkRbvdNbiSNMpvy55b8HORH9Aeq9/TBlauyE?=
 =?us-ascii?Q?qFefDMUaRBd5x6k4FdwrXtDI/OoU0bQwTBi6OalFCopDJu8QpxCn0oQl+iIP?=
 =?us-ascii?Q?wcN19R0oLIMbA/gBNlv3Jvm/IoQxfq0zKSMi4uDOLB/3MQPhGuwIzoncGqq8?=
 =?us-ascii?Q?lV+SW25eZYxe+42E8vBkFg7fAW0Bip0eqZo9i/eJGcLzLzv7zVlMUU9qtgL1?=
 =?us-ascii?Q?ePivbqX5SzT2rvZh2cgh0CXydl65Pa1VOAbUshdpfBcLDZEebCwp5NkEGx1D?=
 =?us-ascii?Q?9L7RJSOJkD1yUSzpap/D1gpuvG39YPsG9lnqEtmwZ3iduGjehpVbLK7NsfN3?=
 =?us-ascii?Q?+OjVQApRcRqdDJIjXlSOHxH+rV8bSkJdtdS1A8uotqV0DnbB7MEdgBIEzeJX?=
 =?us-ascii?Q?FAqvAwxPkHVZZhW387QcFgHzZeCkHrvGhQBW2tOXdIvRDupSaOvNuLrtsY5U?=
 =?us-ascii?Q?qJRYgvmyPXiHJLsO7DMdriBbvdScCXzx3sJL9l7Pvlv5LuFRnKl4spx+WpG4?=
 =?us-ascii?Q?waaZCzWfZIwu+81Q/RNjGDCssPuJJatimj6H08sFIbqEPtUG/YXjRZ0iFRkn?=
 =?us-ascii?Q?9PaMmT7iCbnIEYAU6iPFE35RRdSq7rIhMVh7Dd/gwh+iz61PLLQFBH0Lima7?=
 =?us-ascii?Q?gH0EJYL4F2GSkQPWzLiatkOIDhxIzi5UURSRlnIeh2g71t3ISksC8ERBG6hM?=
 =?us-ascii?Q?9gbWyOnxEOX2e0avAUTM6C+x55gjQCIVMKgRaP/vqvKz1Rel6AoT+Lc6DWjC?=
 =?us-ascii?Q?Be+szmcy/wWuFHre8UiBdszCG3eh3xdbYUg3RGoVOOY5VkrZvrFt41INW2o4?=
 =?us-ascii?Q?wqxGS6mTSwIEHfWuv+DpwBJr/D8eyOU5Vts01VE/vVgRXEFoHvLFGF2vYUzu?=
 =?us-ascii?Q?b9+IVPhJ/oaJaQrW/VFdiuehHi2rAZa6hBzdA4G3i7oAiUt4FVY4bScdP44G?=
 =?us-ascii?Q?pBFO9lIINE4hlyLUy0YgGmJDkyCA7O/osZsXS1E2Y/FTLQznbPmVD2q8nyKd?=
 =?us-ascii?Q?K+3xvIt823RIBGqqd0SYUZRW/iZEI2cuZzmKV6tLd3Jv5RD3wQ=3D=3D?=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:DS0PR11MB7458.namprd11.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(13230040)(376014)(1800799024)(366016)(38070700018); DIR:OUT; SFP:1101; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?Us8mrdRwYkR+nvJ4eouczqfztG6xpLk6iueiQRcgz96DijsV5CUosqzBAJmq?=
 =?us-ascii?Q?NsLqhxy9TnqNYruEs6vUe8N+UF51V06PfFr7AdeUUC4BuO7Uv1V6pMKmc+lS?=
 =?us-ascii?Q?nGJjjpkKJllGfuI1UrNJUfWeXjllWM/zkNICLXeEvuM1Hux31pb/+F/4VmT7?=
 =?us-ascii?Q?7OKjpfdRDpUXWAjoR7LI/KEL5fAr3Ropju73nzGLE4K9KZ44pwxuwj9VIeU0?=
 =?us-ascii?Q?Bl5xjb0nkVFuNBx3aBleCd3uoc7y9uC/P/tZxLQKy08xlxIU4pFzo1/t5zri?=
 =?us-ascii?Q?tfLZVdptAr3G3T6kFWxxmspFJzr6xtxluUxM9iIwYtmIZdcryjkS2Ccnh/Qc?=
 =?us-ascii?Q?URttdXtlu8PvEUAklj0dvwFWAEFFM7vOOmC77ZaXushWyPL8UvHxkon8R3Cn?=
 =?us-ascii?Q?hntXenQQWkcmkQrwWgYUn+ILd3WxU2K3aPsxlyy6kEzUAwekd/0St0Yr/9Ou?=
 =?us-ascii?Q?f1IZm6+PLTqAr4OfHfS2YNmNv4/TQLgRCTj6d96Esg3AYUu4WKhZul7Y4wNO?=
 =?us-ascii?Q?RYAQJJLX/Gx7pkN4hkSwnECpG7JIU4lN/l+0Q4Egod6B51tnNw4ObGe0wjVU?=
 =?us-ascii?Q?qaFNA0Nrk1rsQCVtE79tm4VXHv136WozhwAuOiGFcFZttnk9TxOF4B7XWbaA?=
 =?us-ascii?Q?zO/3IKJXiqKWQjChTP4FziSlk0NJsA0QTgSitFwqmvx6OgyOeQ2EfHubOT60?=
 =?us-ascii?Q?Enrsv65SW5lXImdLsDK2L4XS9TdNor23MKZfH285iWRiTh0JOW/Sw/RILdTf?=
 =?us-ascii?Q?3DUUghOCcUG78/rjd7G/DzKERMD+SIbqA7iJGY+Y76ENOjpB/yp1CUS3S0bm?=
 =?us-ascii?Q?K4RfdNMEACs1I527oCKTqiaLzgT5Cl6zGdWgUq4LgqGbEy7OfQIgPzvn5TH1?=
 =?us-ascii?Q?rJJu+Xso4yKBHQTYD1UMjNpoHrPR3Q60ObTdQXzeyoQW4zLEafwQuc4EHKQB?=
 =?us-ascii?Q?SzT9fxhHrmkA3KBOPVnuhHbU3b5vmSrZdOdncWE7ofgQnjfoCg3s+N9JKd7Q?=
 =?us-ascii?Q?RMy7+G+CxGBwVaEIGEzf4li275udRLKh9H7WTHio48qoYqQAkv/3mflcG5Iz?=
 =?us-ascii?Q?0QwIFHQPi4VIPMMtIN8UyGnKAFymK+GfbLVHycevkMkDYaBDtnSl5XL4ZqJT?=
 =?us-ascii?Q?r2ROP30OnnVf7Cw2vl3ei27mMDvKH3k+EMZqcWhCvZEfOWkFi36ipnDfgMHp?=
 =?us-ascii?Q?yP5geRCMZepm0L7MU0nv/E7wm9LUKRjtKvozMBRSHCk738gPtt+LFLbC4T0+?=
 =?us-ascii?Q?b0mbCQQ2VJWqeYLip6uqW/+8nVL8+gj3ak37kEgwLpYmdpdV/kKbkCmFCNAl?=
 =?us-ascii?Q?cNzf4k+zXn3ILvwmnLyRLHE7ETN9f2dIQQKLMSZQg5TvW5moxi+N2CF105Ug?=
 =?us-ascii?Q?1hGOKd8snuDG4tQ2ruZx6xEgDO46X/BZcijEwxBmHnBgdJjLIddx76e2GTGO?=
 =?us-ascii?Q?wU630qex77bzwbu8TvgWdmFQo7RI50G+2WsstyzsdAepZGuDjS0DszpxujX+?=
 =?us-ascii?Q?PukNa0gQEw0WSTcnKbvjDAIqwC8NjSB3ijmhcMFtRAb03R1G4M1SrvtLgjoQ?=
 =?us-ascii?Q?IsN2uG8RmV1zbNdxP0o=3D?=
Content-Type: multipart/alternative;
 boundary="_000_DS0PR11MB74582A6315541BBD96648E2B81D32DS0PR11MB7458namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB7458.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1649b1a8-6648-4edf-176c-08dc99cd2d42
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Jul 2024 12:56:08.6305 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: bI7+hKvWp7zc1V2znkpl1uIZ7YLGKjYoNyK3Bb4dsr/PLTa8y+iyd6FjxFw0wqll2jVAKEYBdfgZkRMI1ucSZA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB7596
X-OriginatorOrg: intel.com
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

--_000_DS0PR11MB74582A6315541BBD96648E2B81D32DS0PR11MB7458namp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Acked-by: Kai Ji <kai.ji@intel.com>
________________________________
From: Jack Bond-Preston <jack.bond-preston@foss.arm.com>
Sent: 07 June 2024 13:47
To: Ji, Kai <kai.ji@intel.com>
Cc: dev@dpdk.org <dev@dpdk.org>; Wathsala Vithanage <wathsala.vithanage@arm=
.com>
Subject: [PATCH v4 3/5] crypto/openssl: per-qp cipher context clones

Currently EVP_CIPHER_CTXs are allocated, copied to (from
openssl_session), and then freed for every cipher operation (ie. per
packet). This is very inefficient, and avoidable.

Make each openssl_session hold an array of pointers to per-queue-pair
cipher context copies. These are populated on first use by allocating a
new context and copying from the main context. These copies can then be
used in a thread-safe manner by different worker lcores simultaneously.
Consequently the cipher context allocation and copy only has to happen
once - the first time a given qp uses an openssl_session. This brings
about a large performance boost.

Throughput performance uplift measurements for AES-CBC-128 encrypt on
Ampere Altra Max platform:
1 worker lcore
|   buffer sz (B) |   prev (Gbps) |   optimised (Gbps) |   uplift |
|-----------------+---------------+--------------------+----------|
|              64 |          1.51 |               2.94 |    94.4% |
|             256 |          4.90 |               8.05 |    64.3% |
|            1024 |         11.07 |              14.21 |    28.3% |
|            2048 |         14.03 |              16.28 |    16.0% |
|            4096 |         16.20 |              17.59 |     8.6% |

8 worker lcores
|   buffer sz (B) |   prev (Gbps) |   optimised (Gbps) |   uplift |
|-----------------+---------------+--------------------+----------|
|              64 |          3.05 |              23.74 |   678.8% |
|             256 |         10.46 |              64.86 |   520.3% |
|            1024 |         40.97 |             113.80 |   177.7% |
|            2048 |         73.25 |             130.21 |    77.8% |
|            4096 |        103.89 |             140.62 |    35.4% |

Signed-off-by: Jack Bond-Preston <jack.bond-preston@foss.arm.com>
Reviewed-by: Wathsala Vithanage <wathsala.vithanage@arm.com>
---
 drivers/crypto/openssl/openssl_pmd_private.h |  11 +-
 drivers/crypto/openssl/rte_openssl_pmd.c     | 105 ++++++++++++-------
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  34 +++++-
 3 files changed, 108 insertions(+), 42 deletions(-)

diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/=
openssl/openssl_pmd_private.h
index 0f038b218c..bad7dcf2f5 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -166,6 +166,14 @@ struct __rte_cache_aligned openssl_session {
                 /**< digest length */
         } auth;

+       uint16_t ctx_copies_len;
+       /* < number of entries in ctx_copies */
+       EVP_CIPHER_CTX *qp_ctx[];
+       /**< Flexible array member of per-queue-pair pointers to copies of =
EVP
+        * context structure. Cipher contexts are not safe to use from mult=
iple
+        * cores simultaneously, so maintaining these copies allows avoidin=
g
+        * per-buffer copying into a temporary context.
+        */
 };

 /** OPENSSL crypto private asymmetric session structure */
@@ -217,7 +225,8 @@ struct __rte_cache_aligned openssl_asym_session {
 /** Set and validate OPENSSL crypto session parameters */
 extern int
 openssl_set_session_parameters(struct openssl_session *sess,
-               const struct rte_crypto_sym_xform *xform);
+               const struct rte_crypto_sym_xform *xform,
+               uint16_t nb_queue_pairs);

 /** Reset OPENSSL crypto session parameters */
 extern void
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/open=
ssl/rte_openssl_pmd.c
index 70f2069985..df44cc097e 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -467,13 +467,10 @@ openssl_set_sess_aead_dec_param(struct openssl_sessio=
n *sess,
         return 0;
 }

+#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L && OPENSSL_VERSION_NUMBER < 0=
x30200000L)
 static int openssl_aesni_ctx_clone(EVP_CIPHER_CTX **dest,
                 struct openssl_session *sess)
 {
-#if (OPENSSL_VERSION_NUMBER > 0x30200000L)
-       *dest =3D EVP_CIPHER_CTX_dup(sess->ctx);
-       return 0;
-#elif (OPENSSL_VERSION_NUMBER > 0x30000000L)
         /* OpenSSL versions 3.0.0 <=3D V < 3.2.0 have no dupctx() implemen=
tation
          * for AES-GCM and AES-CCM. In this case, we have to create new em=
pty
          * contexts and initialise, as we did the original context.
@@ -489,13 +486,8 @@ static int openssl_aesni_ctx_clone(EVP_CIPHER_CTX **de=
st,
                 return openssl_set_sess_aead_dec_param(sess, sess->aead_al=
go,
                                 sess->auth.digest_length, sess->cipher.key=
.data,
                                 dest);
-#else
-       *dest =3D EVP_CIPHER_CTX_new();
-       if (EVP_CIPHER_CTX_copy(*dest, sess->cipher.ctx) !=3D 1)
-               return -EINVAL;
-       return 0;
-#endif
 }
+#endif

 /** Set session cipher parameters */
 static int
@@ -824,7 +816,8 @@ openssl_set_session_aead_parameters(struct openssl_sess=
ion *sess,
 /** Parse crypto xform chain and set private session parameters */
 int
 openssl_set_session_parameters(struct openssl_session *sess,
-               const struct rte_crypto_sym_xform *xform)
+               const struct rte_crypto_sym_xform *xform,
+               uint16_t nb_queue_pairs)
 {
         const struct rte_crypto_sym_xform *cipher_xform =3D NULL;
         const struct rte_crypto_sym_xform *auth_xform =3D NULL;
@@ -886,6 +879,12 @@ openssl_set_session_parameters(struct openssl_session =
*sess,
                 }
         }

+       /*
+        * With only one queue pair, the array of copies is not needed.
+        * Otherwise, one entry per queue pair is required.
+        */
+       sess->ctx_copies_len =3D nb_queue_pairs > 1 ? nb_queue_pairs : 0;
+
         return 0;
 }

@@ -893,6 +892,13 @@ openssl_set_session_parameters(struct openssl_session =
*sess,
 void
 openssl_reset_session(struct openssl_session *sess)
 {
+       for (uint16_t i =3D 0; i < sess->ctx_copies_len; i++) {
+               if (sess->qp_ctx[i] !=3D NULL) {
+                       EVP_CIPHER_CTX_free(sess->qp_ctx[i]);
+                       sess->qp_ctx[i] =3D NULL;
+               }
+       }
+
         EVP_CIPHER_CTX_free(sess->cipher.ctx);

         if (sess->chain_order =3D=3D OPENSSL_CHAIN_CIPHER_BPI)
@@ -959,7 +965,7 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op=
 *op)
                 sess =3D (struct openssl_session *)_sess->driver_priv_data=
;

                 if (unlikely(openssl_set_session_parameters(sess,
-                               op->sym->xform) !=3D 0)) {
+                               op->sym->xform, 1) !=3D 0)) {
                         rte_mempool_put(qp->sess_mp, _sess);
                         sess =3D NULL;
                 }
@@ -1607,11 +1613,45 @@ process_openssl_auth_cmac(struct rte_mbuf *mbuf_src=
, uint8_t *dst, int offset,
 # endif
 /*------------------------------------------------------------------------=
----*/

+static inline EVP_CIPHER_CTX *
+get_local_cipher_ctx(struct openssl_session *sess, struct openssl_qp *qp)
+{
+       /* If the array is not being used, just return the main context. */
+       if (sess->ctx_copies_len =3D=3D 0)
+               return sess->cipher.ctx;
+
+       EVP_CIPHER_CTX **lctx =3D &sess->qp_ctx[qp->id];
+
+       if (unlikely(*lctx =3D=3D NULL)) {
+#if OPENSSL_VERSION_NUMBER >=3D 0x30200000L
+               /* EVP_CIPHER_CTX_dup() added in OSSL 3.2 */
+               *lctx =3D EVP_CIPHER_CTX_dup(sess->cipher.ctx);
+               return *lctx;
+#elif OPENSSL_VERSION_NUMBER >=3D 0x30000000L
+               if (sess->chain_order =3D=3D OPENSSL_CHAIN_COMBINED) {
+                       /* AESNI special-cased to use openssl_aesni_ctx_clo=
ne()
+                        * to allow for working around lack of
+                        * EVP_CIPHER_CTX_copy support for 3.0.0 <=3D OSSL =
Version
+                        * < 3.2.0.
+                        */
+                       if (openssl_aesni_ctx_clone(lctx, sess) !=3D 0)
+                               *lctx =3D NULL;
+                       return *lctx;
+               }
+#endif
+
+               *lctx =3D EVP_CIPHER_CTX_new();
+               EVP_CIPHER_CTX_copy(*lctx, sess->cipher.ctx);
+       }
+
+       return *lctx;
+}
+
 /** Process auth/cipher combined operation */
 static void
-process_openssl_combined_op
-               (struct rte_crypto_op *op, struct openssl_session *sess,
-               struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst)
+process_openssl_combined_op(struct openssl_qp *qp, struct rte_crypto_op *o=
p,
+               struct openssl_session *sess, struct rte_mbuf *mbuf_src,
+               struct rte_mbuf *mbuf_dst)
 {
         /* cipher */
         uint8_t *dst =3D NULL, *iv, *tag, *aad;
@@ -1628,11 +1668,7 @@ process_openssl_combined_op
                 return;
         }

-       EVP_CIPHER_CTX *ctx;
-       if (openssl_aesni_ctx_clone(&ctx, sess) !=3D 0) {
-               op->status =3D RTE_CRYPTO_OP_STATUS_ERROR;
-               return;
-       }
+       EVP_CIPHER_CTX *ctx =3D get_local_cipher_ctx(sess, qp);

         iv =3D rte_crypto_op_ctod_offset(op, uint8_t *,
                         sess->iv.offset);
@@ -1688,8 +1724,6 @@ process_openssl_combined_op
                                         dst, tag, taglen, ctx);
         }

-       EVP_CIPHER_CTX_free(ctx);
-
         if (status !=3D 0) {
                 if (status =3D=3D (-EFAULT) &&
                                 sess->auth.operation =3D=3D
@@ -1702,14 +1736,13 @@ process_openssl_combined_op

 /** Process cipher operation */
 static void
-process_openssl_cipher_op
-               (struct rte_crypto_op *op, struct openssl_session *sess,
-               struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst)
+process_openssl_cipher_op(struct openssl_qp *qp, struct rte_crypto_op *op,
+               struct openssl_session *sess, struct rte_mbuf *mbuf_src,
+               struct rte_mbuf *mbuf_dst)
 {
         uint8_t *dst, *iv;
         int srclen, status;
         uint8_t inplace =3D (mbuf_src =3D=3D mbuf_dst) ? 1 : 0;
-       EVP_CIPHER_CTX *ctx_copy;

         /*
          * Segmented OOP destination buffer is not supported for encryptio=
n/
@@ -1728,24 +1761,22 @@ process_openssl_cipher_op

         iv =3D rte_crypto_op_ctod_offset(op, uint8_t *,
                         sess->iv.offset);
-       ctx_copy =3D EVP_CIPHER_CTX_new();
-       EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx);
+
+       EVP_CIPHER_CTX *ctx =3D get_local_cipher_ctx(sess, qp);

         if (sess->cipher.mode =3D=3D OPENSSL_CIPHER_LIB)
                 if (sess->cipher.direction =3D=3D RTE_CRYPTO_CIPHER_OP_ENC=
RYPT)
                         status =3D process_openssl_cipher_encrypt(mbuf_src=
, dst,
                                         op->sym->cipher.data.offset, iv,
-                                       srclen, ctx_copy, inplace);
+                                       srclen, ctx, inplace);
                 else
                         status =3D process_openssl_cipher_decrypt(mbuf_src=
, dst,
                                         op->sym->cipher.data.offset, iv,
-                                       srclen, ctx_copy, inplace);
+                                       srclen, ctx, inplace);
         else
                 status =3D process_openssl_cipher_des3ctr(mbuf_src, dst,
-                               op->sym->cipher.data.offset, iv, srclen,
-                               ctx_copy);
+                               op->sym->cipher.data.offset, iv, srclen, ct=
x);

-       EVP_CIPHER_CTX_free(ctx_copy);
         if (status !=3D 0)
                 op->status =3D RTE_CRYPTO_OP_STATUS_ERROR;
 }
@@ -3150,13 +3181,13 @@ process_op(struct openssl_qp *qp, struct rte_crypto=
_op *op,

         switch (sess->chain_order) {
         case OPENSSL_CHAIN_ONLY_CIPHER:
-               process_openssl_cipher_op(op, sess, msrc, mdst);
+               process_openssl_cipher_op(qp, op, sess, msrc, mdst);
                 break;
         case OPENSSL_CHAIN_ONLY_AUTH:
                 process_openssl_auth_op(qp, op, sess, msrc, mdst);
                 break;
         case OPENSSL_CHAIN_CIPHER_AUTH:
-               process_openssl_cipher_op(op, sess, msrc, mdst);
+               process_openssl_cipher_op(qp, op, sess, msrc, mdst);
                 /* OOP */
                 if (msrc !=3D mdst)
                         copy_plaintext(msrc, mdst, op);
@@ -3164,10 +3195,10 @@ process_op(struct openssl_qp *qp, struct rte_crypto=
_op *op,
                 break;
         case OPENSSL_CHAIN_AUTH_CIPHER:
                 process_openssl_auth_op(qp, op, sess, msrc, mdst);
-               process_openssl_cipher_op(op, sess, msrc, mdst);
+               process_openssl_cipher_op(qp, op, sess, msrc, mdst);
                 break;
         case OPENSSL_CHAIN_COMBINED:
-               process_openssl_combined_op(op, sess, msrc, mdst);
+               process_openssl_combined_op(qp, op, sess, msrc, mdst);
                 break;
         case OPENSSL_CHAIN_CIPHER_BPI:
                 process_openssl_docsis_bpi_op(op, sess, msrc, mdst);
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/=
openssl/rte_openssl_pmd_ops.c
index b16baaa08f..4209c6ab6f 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -794,9 +794,34 @@ openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16=
_t qp_id,

 /** Returns the size of the symmetric session structure */
 static unsigned
-openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
+openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev)
 {
-       return sizeof(struct openssl_session);
+       /*
+        * For 0 qps, return the max size of the session - this is necessar=
y if
+        * the user calls into this function to create the session mempool,
+        * without first configuring the number of qps for the cryptodev.
+        */
+       if (dev->data->nb_queue_pairs =3D=3D 0) {
+               unsigned int max_nb_qps =3D ((struct openssl_private *)
+                               dev->data->dev_private)->max_nb_qpairs;
+               return sizeof(struct openssl_session) +
+                               (sizeof(void *) * max_nb_qps);
+       }
+
+       /*
+        * With only one queue pair, the thread safety of multiple context
+        * copies is not necessary, so don't allocate extra memory for the
+        * array.
+        */
+       if (dev->data->nb_queue_pairs =3D=3D 1)
+               return sizeof(struct openssl_session);
+
+       /*
+        * Otherwise, the size of the flexible array member should be enoug=
h to
+        * fit pointers to per-qp contexts.
+        */
+       return sizeof(struct openssl_session) +
+               (sizeof(void *) * dev->data->nb_queue_pairs);
 }

 /** Returns the size of the asymmetric session structure */
@@ -808,7 +833,7 @@ openssl_pmd_asym_session_get_size(struct rte_cryptodev =
*dev __rte_unused)

 /** Configure the session from a crypto xform chain */
 static int
-openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
+openssl_pmd_sym_session_configure(struct rte_cryptodev *dev,
                 struct rte_crypto_sym_xform *xform,
                 struct rte_cryptodev_sym_session *sess)
 {
@@ -820,7 +845,8 @@ openssl_pmd_sym_session_configure(struct rte_cryptodev =
*dev __rte_unused,
                 return -EINVAL;
         }

-       ret =3D openssl_set_session_parameters(sess_private_data, xform);
+       ret =3D openssl_set_session_parameters(sess_private_data, xform,
+                       dev->data->nb_queue_pairs);
         if (ret !=3D 0) {
                 OPENSSL_LOG(ERR, "failed configure session parameters");

--
2.34.1


--_000_DS0PR11MB74582A6315541BBD96648E2B81D32DS0PR11MB7458namp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
ttom:0;} </style>
</head>
<body dir=3D"ltr">
<div class=3D"elementToProof" style=3D"text-align: left; text-indent: 0px; =
line-height: 1.1; margin: 20px 0px 10px; font-family: &quot;IntelOne Text&q=
uot;; font-size: 10pt; color: rgb(0, 0, 0);">
Acked-by: Kai Ji &lt;kai.ji@intel.com&gt;</div>
<div id=3D"appendonsend"></div>
<hr style=3D"display:inline-block;width:98%" tabindex=3D"-1">
<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font face=3D"Calibri, sans-serif" st=
yle=3D"font-size:11pt" color=3D"#000000"><b>From:</b> Jack Bond-Preston &lt=
;jack.bond-preston@foss.arm.com&gt;<br>
<b>Sent:</b> 07 June 2024 13:47<br>
<b>To:</b> Ji, Kai &lt;kai.ji@intel.com&gt;<br>
<b>Cc:</b> dev@dpdk.org &lt;dev@dpdk.org&gt;; Wathsala Vithanage &lt;wathsa=
la.vithanage@arm.com&gt;<br>
<b>Subject:</b> [PATCH v4 3/5] crypto/openssl: per-qp cipher context clones=
</font>
<div>&nbsp;</div>
</div>
<div class=3D"BodyFragment"><font size=3D"2"><span style=3D"font-size:11pt;=
">
<div class=3D"PlainText">Currently EVP_CIPHER_CTXs are allocated, copied to=
 (from<br>
openssl_session), and then freed for every cipher operation (ie. per<br>
packet). This is very inefficient, and avoidable.<br>
<br>
Make each openssl_session hold an array of pointers to per-queue-pair<br>
cipher context copies. These are populated on first use by allocating a<br>
new context and copying from the main context. These copies can then be<br>
used in a thread-safe manner by different worker lcores simultaneously.<br>
Consequently the cipher context allocation and copy only has to happen<br>
once - the first time a given qp uses an openssl_session. This brings<br>
about a large performance boost.<br>
<br>
Throughput performance uplift measurements for AES-CBC-128 encrypt on<br>
Ampere Altra Max platform:<br>
1 worker lcore<br>
|&nbsp;&nbsp; buffer sz (B) |&nbsp;&nbsp; prev (Gbps) |&nbsp;&nbsp; optimis=
ed (Gbps) |&nbsp;&nbsp; uplift |<br>
|-----------------+---------------+--------------------+----------|<br>
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp; 64 |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1.51 |&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp; 2.94 |&nbsp;&nbsp;&nbsp; 94.4% |<br>
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2=
56 |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 4.90 |&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
8.05 |&nbsp;&nbsp;&nbsp; 64.3% |<br>
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1024 |&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 11.07 |&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 14.21 |&nbsp;&nb=
sp;&nbsp; 28.3% |<br>
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2048 |&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 14.03 |&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 16.28 |&nbsp;&nb=
sp;&nbsp; 16.0% |<br>
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 4096 |&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 16.20 |&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 17.59 |&nbsp;&nb=
sp;&nbsp;&nbsp; 8.6% |<br>
<br>
8 worker lcores<br>
|&nbsp;&nbsp; buffer sz (B) |&nbsp;&nbsp; prev (Gbps) |&nbsp;&nbsp; optimis=
ed (Gbps) |&nbsp;&nbsp; uplift |<br>
|-----------------+---------------+--------------------+----------|<br>
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp; 64 |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 3.05 |&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2=
3.74 |&nbsp;&nbsp; 678.8% |<br>
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2=
56 |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 10.46 |&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 64.86 |&nbs=
p;&nbsp; 520.3% |<br>
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1024 |&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 40.97 |&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 113.80 |&nbsp;&nbsp; 1=
77.7% |<br>
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2048 |&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 73.25 |&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 130.21 |&nbsp;&nbsp;&n=
bsp; 77.8% |<br>
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 4096 |&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 103.89 |&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 140.62 |&nbsp;&nbsp;&nbsp; =
35.4% |<br>
<br>
Signed-off-by: Jack Bond-Preston &lt;jack.bond-preston@foss.arm.com&gt;<br>
Reviewed-by: Wathsala Vithanage &lt;wathsala.vithanage@arm.com&gt;<br>
---<br>
&nbsp;drivers/crypto/openssl/openssl_pmd_private.h |&nbsp; 11 +-<br>
&nbsp;drivers/crypto/openssl/rte_openssl_pmd.c&nbsp;&nbsp;&nbsp;&nbsp; | 10=
5 ++++++++++++-------<br>
&nbsp;drivers/crypto/openssl/rte_openssl_pmd_ops.c |&nbsp; 34 +++++-<br>
&nbsp;3 files changed, 108 insertions(+), 42 deletions(-)<br>
<br>
diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/=
openssl/openssl_pmd_private.h<br>
index 0f038b218c..bad7dcf2f5 100644<br>
--- a/drivers/crypto/openssl/openssl_pmd_private.h<br>
+++ b/drivers/crypto/openssl/openssl_pmd_private.h<br>
@@ -166,6 +166,14 @@ struct __rte_cache_aligned openssl_session {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; /**&lt; digest length */<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } auth;<br>
&nbsp;<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; uint16_t ctx_copies_len;<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* &lt; number of entries in ctx_copi=
es */<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EVP_CIPHER_CTX *qp_ctx[];<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /**&lt; Flexible array member of per-=
queue-pair pointers to copies of EVP<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * context structure. Cipher con=
texts are not safe to use from multiple<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * cores simultaneously, so main=
taining these copies allows avoiding<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * per-buffer copying into a tem=
porary context.<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; */<br>
&nbsp;};<br>
&nbsp;<br>
&nbsp;/** OPENSSL crypto private asymmetric session structure */<br>
@@ -217,7 +225,8 @@ struct __rte_cache_aligned openssl_asym_session {<br>
&nbsp;/** Set and validate OPENSSL crypto session parameters */<br>
&nbsp;extern int<br>
&nbsp;openssl_set_session_parameters(struct openssl_session *sess,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; const struct rte_crypto_sym_xform *xform);<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; const struct rte_crypto_sym_xform *xform,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; uint16_t nb_queue_pairs);<br>
&nbsp;<br>
&nbsp;/** Reset OPENSSL crypto session parameters */<br>
&nbsp;extern void<br>
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/open=
ssl/rte_openssl_pmd.c<br>
index 70f2069985..df44cc097e 100644<br>
--- a/drivers/crypto/openssl/rte_openssl_pmd.c<br>
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c<br>
@@ -467,13 +467,10 @@ openssl_set_sess_aead_dec_param(struct openssl_sessio=
n *sess,<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return 0;<br>
&nbsp;}<br>
&nbsp;<br>
+#if (OPENSSL_VERSION_NUMBER &gt;=3D 0x30000000L &amp;&amp; OPENSSL_VERSION=
_NUMBER &lt; 0x30200000L)<br>
&nbsp;static int openssl_aesni_ctx_clone(EVP_CIPHER_CTX **dest,<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; struct openssl_session *sess)<br>
&nbsp;{<br>
-#if (OPENSSL_VERSION_NUMBER &gt; 0x30200000L)<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *dest =3D EVP_CIPHER_CTX_dup(sess-&gt=
;ctx);<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return 0;<br>
-#elif (OPENSSL_VERSION_NUMBER &gt; 0x30000000L)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* OpenSSL versions 3.0.0 =
&lt;=3D V &lt; 3.2.0 have no dupctx() implementation<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * for AES-GCM and AE=
S-CCM. In this case, we have to create new empty<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * contexts and initi=
alise, as we did the original context.<br>
@@ -489,13 +486,8 @@ static int openssl_aesni_ctx_clone(EVP_CIPHER_CTX **de=
st,<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; return openssl_set_sess_aead_dec_param(sess, sess-&gt=
;aead_algo,<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sess-&gt;auth.digest_length, ses=
s-&gt;cipher.key.data,<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; dest);<br>
-#else<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *dest =3D EVP_CIPHER_CTX_new();<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (EVP_CIPHER_CTX_copy(*dest, sess-&=
gt;cipher.ctx) !=3D 1)<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; return -EINVAL;<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return 0;<br>
-#endif<br>
&nbsp;}<br>
+#endif<br>
&nbsp;<br>
&nbsp;/** Set session cipher parameters */<br>
&nbsp;static int<br>
@@ -824,7 +816,8 @@ openssl_set_session_aead_parameters(struct openssl_sess=
ion *sess,<br>
&nbsp;/** Parse crypto xform chain and set private session parameters */<br=
>
&nbsp;int<br>
&nbsp;openssl_set_session_parameters(struct openssl_session *sess,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; const struct rte_crypto_sym_xform *xform)<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; const struct rte_crypto_sym_xform *xform,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; uint16_t nb_queue_pairs)<br>
&nbsp;{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; const struct rte_crypto_sy=
m_xform *cipher_xform =3D NULL;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; const struct rte_crypto_sy=
m_xform *auth_xform =3D NULL;<br>
@@ -886,6 +879,12 @@ openssl_set_session_parameters(struct openssl_session =
*sess,<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; }<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&nbsp;<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /*<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * With only one queue pair, the=
 array of copies is not needed.<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * Otherwise, one entry per queu=
e pair is required.<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; */<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sess-&gt;ctx_copies_len =3D nb_queue_=
pairs &gt; 1 ? nb_queue_pairs : 0;<br>
+<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return 0;<br>
&nbsp;}<br>
&nbsp;<br>
@@ -893,6 +892,13 @@ openssl_set_session_parameters(struct openssl_session =
*sess,<br>
&nbsp;void<br>
&nbsp;openssl_reset_session(struct openssl_session *sess)<br>
&nbsp;{<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; for (uint16_t i =3D 0; i &lt; sess-&g=
t;ctx_copies_len; i++) {<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; if (sess-&gt;qp_ctx[i] !=3D NULL) {<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EVP_CIPHER_CTX_f=
ree(sess-&gt;qp_ctx[i]);<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sess-&gt;qp_ctx[=
i] =3D NULL;<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; }<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
+<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EVP_CIPHER_CTX_free(sess-&=
gt;cipher.ctx);<br>
&nbsp;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (sess-&gt;chain_order =
=3D=3D OPENSSL_CHAIN_CIPHER_BPI)<br>
@@ -959,7 +965,7 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op=
 *op)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; sess =3D (struct openssl_session *)_sess-&gt;driver_p=
riv_data;<br>
&nbsp;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; if (unlikely(openssl_set_session_parameters(sess,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; op-&gt;sym-&gt;xform) !=3D 0)) {<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; op-&gt;sym-&gt;xform, 1) !=3D 0)) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rte_m=
empool_put(qp-&gt;sess_mp, _sess);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sess =
=3D NULL;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; }<br>
@@ -1607,11 +1613,45 @@ process_openssl_auth_cmac(struct rte_mbuf *mbuf_src=
, uint8_t *dst, int offset,<br>
&nbsp;# endif<br>
&nbsp;/*-------------------------------------------------------------------=
---------*/<br>
&nbsp;<br>
+static inline EVP_CIPHER_CTX *<br>
+get_local_cipher_ctx(struct openssl_session *sess, struct openssl_qp *qp)<=
br>
+{<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* If the array is not being used, ju=
st return the main context. */<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (sess-&gt;ctx_copies_len =3D=3D 0)=
<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; return sess-&gt;cipher.ctx;<br>
+<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EVP_CIPHER_CTX **lctx =3D &amp;sess-&=
gt;qp_ctx[qp-&gt;id];<br>
+<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (unlikely(*lctx =3D=3D NULL)) {<br=
>
+#if OPENSSL_VERSION_NUMBER &gt;=3D 0x30200000L<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; /* EVP_CIPHER_CTX_dup() added in OSSL 3.2 */<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; *lctx =3D EVP_CIPHER_CTX_dup(sess-&gt;cipher.ctx);<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; return *lctx;<br>
+#elif OPENSSL_VERSION_NUMBER &gt;=3D 0x30000000L<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; if (sess-&gt;chain_order =3D=3D OPENSSL_CHAIN_COMBINED) {<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* AESNI special=
-cased to use openssl_aesni_ctx_clone()<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * to allow=
 for working around lack of<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * EVP_CIPH=
ER_CTX_copy support for 3.0.0 &lt;=3D OSSL Version<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * &lt; 3.2=
.0.<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; */<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (openssl_aesn=
i_ctx_clone(lctx, sess) !=3D 0)<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *lctx =3D NULL;<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return *lctx;<br=
>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; }<br>
+#endif<br>
+<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; *lctx =3D EVP_CIPHER_CTX_new();<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; EVP_CIPHER_CTX_copy(*lctx, sess-&gt;cipher.ctx);<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
+<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return *lctx;<br>
+}<br>
+<br>
&nbsp;/** Process auth/cipher combined operation */<br>
&nbsp;static void<br>
-process_openssl_combined_op<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; (struct rte_crypto_op *op, struct openssl_session *sess,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst)<br>
+process_openssl_combined_op(struct openssl_qp *qp, struct rte_crypto_op *o=
p,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; struct openssl_session *sess, struct rte_mbuf *mbuf_src,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; struct rte_mbuf *mbuf_dst)<br>
&nbsp;{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* cipher */<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; uint8_t *dst =3D NULL, *iv=
, *tag, *aad;<br>
@@ -1628,11 +1668,7 @@ process_openssl_combined_op<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; return;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&nbsp;<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EVP_CIPHER_CTX *ctx;<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (openssl_aesni_ctx_clone(&amp;ctx,=
 sess) !=3D 0) {<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; op-&gt;status =3D RTE_CRYPTO_OP_STATUS_ERROR;<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; return;<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EVP_CIPHER_CTX *ctx =3D get_local_cip=
her_ctx(sess, qp);<br>
&nbsp;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; iv =3D rte_crypto_op_ctod_=
offset(op, uint8_t *,<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sess-=
&gt;iv.offset);<br>
@@ -1688,8 +1724,6 @@ process_openssl_combined_op<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; dst, tag, taglen, ctx);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&nbsp;<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EVP_CIPHER_CTX_free(ctx);<br>
-<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (status !=3D 0) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; if (status =3D=3D (-EFAULT) &amp;&amp;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sess-&gt;auth.operation =3D=3D<b=
r>
@@ -1702,14 +1736,13 @@ process_openssl_combined_op<br>
&nbsp;<br>
&nbsp;/** Process cipher operation */<br>
&nbsp;static void<br>
-process_openssl_cipher_op<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; (struct rte_crypto_op *op, struct openssl_session *sess,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst)<br>
+process_openssl_cipher_op(struct openssl_qp *qp, struct rte_crypto_op *op,=
<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; struct openssl_session *sess, struct rte_mbuf *mbuf_src,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; struct rte_mbuf *mbuf_dst)<br>
&nbsp;{<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; uint8_t *dst, *iv;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; int srclen, status;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; uint8_t inplace =3D (mbuf_=
src =3D=3D mbuf_dst) ? 1 : 0;<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EVP_CIPHER_CTX *ctx_copy;<br>
&nbsp;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /*<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * Segmented OOP dest=
ination buffer is not supported for encryption/<br>
@@ -1728,24 +1761,22 @@ process_openssl_cipher_op<br>
&nbsp;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; iv =3D rte_crypto_op_ctod_=
offset(op, uint8_t *,<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sess-=
&gt;iv.offset);<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ctx_copy =3D EVP_CIPHER_CTX_new();<br=
>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EVP_CIPHER_CTX_copy(ctx_copy, sess-&g=
t;cipher.ctx);<br>
+<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EVP_CIPHER_CTX *ctx =3D get_local_cip=
her_ctx(sess, qp);<br>
&nbsp;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (sess-&gt;cipher.mode =
=3D=3D OPENSSL_CIPHER_LIB)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; if (sess-&gt;cipher.direction =3D=3D RTE_CRYPTO_CIPHE=
R_OP_ENCRYPT)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; statu=
s =3D process_openssl_cipher_encrypt(mbuf_src, dst,<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; op-&gt;sym-&gt;cipher.data.offset, iv,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp; srclen, ctx_copy, inplace);<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp; srclen, ctx, inplace);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; else<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; statu=
s =3D process_openssl_cipher_decrypt(mbuf_src, dst,<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; op-&gt;sym-&gt;cipher.data.offset, iv,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp; srclen, ctx_copy, inplace);<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp; srclen, ctx, inplace);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; else<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; status =3D process_openssl_cipher_des3ctr(mbuf_src, d=
st,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; op-&gt;sym-&gt;cipher.data.offset, iv, srcl=
en,<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ctx_copy);<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; op-&gt;sym-&gt;cipher.data.offset, iv, srcl=
en, ctx);<br>
&nbsp;<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EVP_CIPHER_CTX_free(ctx_copy);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (status !=3D 0)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; op-&gt;status =3D RTE_CRYPTO_OP_STATUS_ERROR;<br>
&nbsp;}<br>
@@ -3150,13 +3181,13 @@ process_op(struct openssl_qp *qp, struct rte_crypto=
_op *op,<br>
&nbsp;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; switch (sess-&gt;chain_ord=
er) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; case OPENSSL_CHAIN_ONLY_CI=
PHER:<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; process_openssl_cipher_op(op, sess, msrc, mdst);<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; process_openssl_cipher_op(qp, op, sess, msrc, mdst);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; case OPENSSL_CHAIN_ONLY_AU=
TH:<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; process_openssl_auth_op(qp, op, sess, msrc, mdst);<br=
>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; case OPENSSL_CHAIN_CIPHER_=
AUTH:<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; process_openssl_cipher_op(op, sess, msrc, mdst);<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; process_openssl_cipher_op(qp, op, sess, msrc, mdst);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; /* OOP */<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; if (msrc !=3D mdst)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; copy_=
plaintext(msrc, mdst, op);<br>
@@ -3164,10 +3195,10 @@ process_op(struct openssl_qp *qp, struct rte_crypto=
_op *op,<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; case OPENSSL_CHAIN_AUTH_CI=
PHER:<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; process_openssl_auth_op(qp, op, sess, msrc, mdst);<br=
>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; process_openssl_cipher_op(op, sess, msrc, mdst);<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; process_openssl_cipher_op(qp, op, sess, msrc, mdst);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; case OPENSSL_CHAIN_COMBINE=
D:<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; process_openssl_combined_op(op, sess, msrc, mdst);<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; process_openssl_combined_op(qp, op, sess, msrc, mdst);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; break;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; case OPENSSL_CHAIN_CIPHER_=
BPI:<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; process_openssl_docsis_bpi_op(op, sess, msrc, mdst);<=
br>
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/=
openssl/rte_openssl_pmd_ops.c<br>
index b16baaa08f..4209c6ab6f 100644<br>
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c<br>
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c<br>
@@ -794,9 +794,34 @@ openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16=
_t qp_id,<br>
&nbsp;<br>
&nbsp;/** Returns the size of the symmetric session structure */<br>
&nbsp;static unsigned<br>
-openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)<b=
r>
+openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev)<br>
&nbsp;{<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return sizeof(struct openssl_session)=
;<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /*<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * For 0 qps, return the max siz=
e of the session - this is necessary if<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * the user calls into this func=
tion to create the session mempool,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * without first configuring the=
 number of qps for the cryptodev.<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; */<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (dev-&gt;data-&gt;nb_queue_pairs =
=3D=3D 0) {<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; unsigned int max_nb_qps =3D ((struct openssl_private *)<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; dev-&gt;data-&gt;dev_private)-&gt;max_nb_qp=
airs;<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; return sizeof(struct openssl_session) +<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (sizeof(void *) * max_nb_qps);<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
+<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /*<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * With only one queue pair, the=
 thread safety of multiple context<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * copies is not necessary, so d=
on't allocate extra memory for the<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * array.<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; */<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (dev-&gt;data-&gt;nb_queue_pairs =
=3D=3D 1)<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; return sizeof(struct openssl_session);<br>
+<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /*<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * Otherwise, the size of the fl=
exible array member should be enough to<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * fit pointers to per-qp contex=
ts.<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; */<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return sizeof(struct openssl_session)=
 +<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; (sizeof(void *) * dev-&gt;data-&gt;nb_queue_pairs);<br>
&nbsp;}<br>
&nbsp;<br>
&nbsp;/** Returns the size of the asymmetric session structure */<br>
@@ -808,7 +833,7 @@ openssl_pmd_asym_session_get_size(struct rte_cryptodev =
*dev __rte_unused)<br>
&nbsp;<br>
&nbsp;/** Configure the session from a crypto xform chain */<br>
&nbsp;static int<br>
-openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,<=
br>
+openssl_pmd_sym_session_configure(struct rte_cryptodev *dev,<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; struct rte_crypto_sym_xform *xform,<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; struct rte_cryptodev_sym_session *sess)<br>
&nbsp;{<br>
@@ -820,7 +845,8 @@ openssl_pmd_sym_session_configure(struct rte_cryptodev =
*dev __rte_unused,<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; return -EINVAL;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&nbsp;<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ret =3D openssl_set_session_parameter=
s(sess_private_data, xform);<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ret =3D openssl_set_session_parameter=
s(sess_private_data, xform,<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; dev-&gt;data-&gt=
;nb_queue_pairs);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (ret !=3D 0) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; OPENSSL_LOG(ERR, &quot;failed configure session param=
eters&quot;);<br>
&nbsp;<br>
-- <br>
2.34.1<br>
<br>
</div>
</span></font></div>
</body>
</html>

--_000_DS0PR11MB74582A6315541BBD96648E2B81D32DS0PR11MB7458namp_--