From: Thierry Herbelot <thierry.herbelot@6wind.com>
To: dev@dpdk.org
Cc: stable@dpdk.org, Thomas Monjalon <thomas@monjalon.net>
Subject: [dpdk-dev] [PATCH 19.11 10/12] drivers/crypto/openssl: use a local copy for the session contexts
Date: Wed, 7 Aug 2019 16:37:29 +0200 [thread overview]
Message-ID: <afdf82d5439c5129dd3a3c10be59cd2bbe9d3553.1565188248.git.thierry.herbelot@6wind.com> (raw)
In-Reply-To: <cover.1565188248.git.thierry.herbelot@6wind.com>
In-Reply-To: <cover.1565188248.git.thierry.herbelot@6wind.com>
Session contexts are used for temporary storage when processing a
packet.
If packets for the same session are to be processed simultaneously on
multiple cores, separate contexts must be used.
Note: with openssl 1.1.1 EVP_CIPHER_CTX can no longer be defined as a
variable on the stack: it must be allocated. This in turn reduces the
performance.
Fixes: d61f70b4c918 ('crypto/libcrypto: add driver for OpenSSL library')
Cc: stable at dpdk.org
Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 34 +++++++++++++++++++++++---------
1 file changed, 25 insertions(+), 9 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 2f5552840741..ce2d12347737 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1290,6 +1290,7 @@ process_openssl_combined_op
int srclen, aadlen, status = -1;
uint32_t offset;
uint8_t taglen;
+ EVP_CIPHER_CTX *ctx_copy;
/*
* Segmented destination buffer is not supported for
@@ -1326,6 +1327,8 @@ process_openssl_combined_op
}
taglen = sess->auth.digest_length;
+ ctx_copy = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx);
if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC ||
@@ -1333,12 +1336,12 @@ process_openssl_combined_op
status = process_openssl_auth_encryption_gcm(
mbuf_src, offset, srclen,
aad, aadlen, iv,
- dst, tag, sess->cipher.ctx);
+ dst, tag, ctx_copy);
else
status = process_openssl_auth_encryption_ccm(
mbuf_src, offset, srclen,
aad, aadlen, iv,
- dst, tag, taglen, sess->cipher.ctx);
+ dst, tag, taglen, ctx_copy);
} else {
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC ||
@@ -1346,14 +1349,15 @@ process_openssl_combined_op
status = process_openssl_auth_decryption_gcm(
mbuf_src, offset, srclen,
aad, aadlen, iv,
- dst, tag, sess->cipher.ctx);
+ dst, tag, ctx_copy);
else
status = process_openssl_auth_decryption_ccm(
mbuf_src, offset, srclen,
aad, aadlen, iv,
- dst, tag, taglen, sess->cipher.ctx);
+ dst, tag, taglen, ctx_copy);
}
+ EVP_CIPHER_CTX_free(ctx_copy);
if (status != 0) {
if (status == (-EFAULT) &&
sess->auth.operation ==
@@ -1372,6 +1376,7 @@ process_openssl_cipher_op
{
uint8_t *dst, *iv;
int srclen, status;
+ EVP_CIPHER_CTX *ctx_copy;
/*
* Segmented destination buffer is not supported for
@@ -1388,22 +1393,25 @@ process_openssl_cipher_op
iv = rte_crypto_op_ctod_offset(op, uint8_t *,
sess->iv.offset);
+ ctx_copy = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx);
if (sess->cipher.mode == OPENSSL_CIPHER_LIB)
if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
status = process_openssl_cipher_encrypt(mbuf_src, dst,
op->sym->cipher.data.offset, iv,
- srclen, sess->cipher.ctx);
+ srclen, ctx_copy);
else
status = process_openssl_cipher_decrypt(mbuf_src, dst,
op->sym->cipher.data.offset, iv,
- srclen, sess->cipher.ctx);
+ srclen, ctx_copy);
else
status = process_openssl_cipher_des3ctr(mbuf_src, dst,
op->sym->cipher.data.offset, iv,
sess->cipher.key.data, srclen,
- sess->cipher.ctx);
+ ctx_copy);
+ EVP_CIPHER_CTX_free(ctx_copy);
if (status != 0)
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
}
@@ -1507,6 +1515,8 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
{
uint8_t *dst;
int srclen, status;
+ EVP_MD_CTX *ctx_a;
+ HMAC_CTX *ctx_h;
srclen = op->sym->auth.data.length;
@@ -1514,14 +1524,20 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
switch (sess->auth.mode) {
case OPENSSL_AUTH_AS_AUTH:
+ ctx_a = EVP_MD_CTX_create();
+ EVP_MD_CTX_copy_ex(ctx_a, sess->auth.auth.ctx);
status = process_openssl_auth(mbuf_src, dst,
op->sym->auth.data.offset, NULL, NULL, srclen,
- sess->auth.auth.ctx, sess->auth.auth.evp_algo);
+ ctx_a, sess->auth.auth.evp_algo);
+ EVP_MD_CTX_destroy(ctx_a);
break;
case OPENSSL_AUTH_AS_HMAC:
+ ctx_h = HMAC_CTX_new();
+ HMAC_CTX_copy(ctx_h, sess->auth.hmac.ctx);
status = process_openssl_auth_hmac(mbuf_src, dst,
op->sym->auth.data.offset, srclen,
- sess->auth.hmac.ctx);
+ ctx_h);
+ HMAC_CTX_free(ctx_h);
break;
default:
status = -1;
--
2.11.0
next prev parent reply other threads:[~2019-08-07 14:39 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-07 14:37 [dpdk-dev] [PATCH 19.11 00/12] Miscellaneous fixes Thierry Herbelot
2019-08-07 14:37 ` [dpdk-dev] [PATCH 19.11 01/12] net/ixgbevf: fix stats update after a PF reset Thierry Herbelot
2019-08-07 14:37 ` [dpdk-dev] [PATCH 19.11 02/12] ethdev: fix description of tx descriptor status Thierry Herbelot
2019-08-07 14:37 ` [dpdk-dev] [PATCH 19.11 03/12] net/e1000: fix Tx descriptor status api (igb) Thierry Herbelot
2019-08-07 14:37 ` [dpdk-dev] [PATCH 19.11 04/12] net/e1000: fix Tx descriptor status api (em) Thierry Herbelot
2019-08-07 14:37 ` [dpdk-dev] [PATCH 19.11 05/12] net/ixgbe: fix Tx descriptor status api Thierry Herbelot
2019-08-07 14:37 ` [dpdk-dev] [PATCH 19.11 06/12] net/i40e: " Thierry Herbelot
2019-08-07 14:37 ` [dpdk-dev] [PATCH 19.11 07/12] net/i40e: set speed to undefined for default case in link update Thierry Herbelot
2019-08-07 14:37 ` [dpdk-dev] [PATCH 19.11 08/12] virtio: fix rx stats with vectorized functions Thierry Herbelot
2019-08-07 14:37 ` [dpdk-dev] [PATCH 19.11 09/12] virtio: get all pending rx packets " Thierry Herbelot
2019-08-07 14:37 ` Thierry Herbelot [this message]
2019-08-07 14:37 ` [dpdk-dev] [PATCH 19.11 11/12] drivers/crypto/dpaa_sec: update DPAA iova table in dpaa_mem_vtop Thierry Herbelot
2019-08-07 14:37 ` [dpdk-dev] [PATCH 19.11 12/12] drivers/crypto/octeontx: enable unbinding for the OcteonTx crypto engines Thierry Herbelot
2019-08-07 15:09 ` [dpdk-dev] [PATCH 19.11 V2 00/12] Miscellaneous fixes Thierry Herbelot
2019-08-08 8:22 ` [dpdk-dev] [PATCH 19.11 V3 " Thierry Herbelot
2019-08-08 13:19 ` Thierry Herbelot
2019-08-08 14:34 ` Thomas Monjalon
2019-10-10 13:01 ` David Marchand
2019-10-10 13:12 ` Thierry Herbelot
2019-08-08 8:22 ` [dpdk-dev] [PATCH 19.11 V3 01/12] net/ixgbevf: fix stats update after a PF reset Thierry Herbelot
2019-08-08 8:22 ` [dpdk-dev] [PATCH 19.11 V3 02/12] ethdev: fix description of tx descriptor status Thierry Herbelot
2019-08-08 10:37 ` Andrew Rybchenko
2019-08-08 8:22 ` [dpdk-dev] [PATCH 19.11 V3 03/12] net/e1000: fix Tx descriptor status api (igb) Thierry Herbelot
2019-08-08 8:22 ` [dpdk-dev] [PATCH 19.11 V3 04/12] net/e1000: fix Tx descriptor status api (em) Thierry Herbelot
2019-08-08 8:22 ` [dpdk-dev] [PATCH 19.11 V3 05/12] net/ixgbe: fix Tx descriptor status api Thierry Herbelot
2019-08-08 8:22 ` [dpdk-dev] [PATCH 19.11 V3 06/12] net/i40e: " Thierry Herbelot
2019-08-08 8:22 ` [dpdk-dev] [PATCH 19.11 V3 07/12] net/i40e: set speed to undefined for default case in link update Thierry Herbelot
2019-08-08 8:22 ` [dpdk-dev] [PATCH 19.11 V3 08/12] virtio: fix rx stats with vectorized functions Thierry Herbelot
2019-08-08 8:22 ` [dpdk-dev] [PATCH 19.11 V3 09/12] virtio: get all pending rx packets " Thierry Herbelot
2019-08-08 8:22 ` [dpdk-dev] [PATCH 19.11 V3 10/12] drivers/crypto/openssl: use a local copy for the session contexts Thierry Herbelot
2019-08-08 8:22 ` [dpdk-dev] [PATCH 19.11 V3 11/12] drivers/crypto/dpaa_sec: update DPAA iova table in dpaa_mem_vtop Thierry Herbelot
2019-08-08 8:22 ` [dpdk-dev] [PATCH 19.11 V3 12/12] drivers/crypto/octeontx: enable unbinding for the OcteonTx crypto engines Thierry Herbelot
2019-08-07 15:09 ` [dpdk-dev] [PATCH 19.11 V2 01/12] net/ixgbevf: fix stats update after a PF reset Thierry Herbelot
2019-08-07 15:09 ` [dpdk-dev] [PATCH 19.11 V2 02/12] ethdev: fix description of tx descriptor status Thierry Herbelot
2019-08-07 15:09 ` [dpdk-dev] [PATCH 19.11 V2 03/12] net/e1000: fix Tx descriptor status api (igb) Thierry Herbelot
2019-08-07 15:09 ` [dpdk-dev] [PATCH 19.11 V2 04/12] net/e1000: fix Tx descriptor status api (em) Thierry Herbelot
2019-08-07 15:09 ` [dpdk-dev] [PATCH 19.11 V2 05/12] net/ixgbe: fix Tx descriptor status api Thierry Herbelot
2019-08-07 15:09 ` [dpdk-dev] [PATCH 19.11 V2 06/12] net/i40e: " Thierry Herbelot
2019-08-07 15:09 ` [dpdk-dev] [PATCH 19.11 V2 07/12] net/i40e: set speed to undefined for default case in link update Thierry Herbelot
2019-08-07 15:09 ` [dpdk-dev] [PATCH 19.11 V2 08/12] virtio: fix rx stats with vectorized functions Thierry Herbelot
2019-08-08 5:15 ` [dpdk-dev] [dpdk-stable] " Tiwei Bie
2019-08-08 7:35 ` Thibaut Collet
2019-08-07 15:09 ` [dpdk-dev] [PATCH 19.11 V2 09/12] virtio: get all pending rx packets " Thierry Herbelot
2019-08-07 15:09 ` [dpdk-dev] [PATCH 19.11 V2 10/12] drivers/crypto/openssl: use a local copy for the session contexts Thierry Herbelot
2019-08-07 15:09 ` [dpdk-dev] [PATCH 19.11 V2 11/12] drivers/crypto/dpaa_sec: update DPAA iova table in dpaa_mem_vtop Thierry Herbelot
2019-08-07 15:09 ` [dpdk-dev] [PATCH 19.11 V2 12/12] drivers/crypto/octeontx: enable unbinding for the OcteonTx crypto engines Thierry Herbelot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=afdf82d5439c5129dd3a3c10be59cd2bbe9d3553.1565188248.git.thierry.herbelot@6wind.com \
--to=thierry.herbelot@6wind.com \
--cc=dev@dpdk.org \
--cc=stable@dpdk.org \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).