From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id EB3ECA04F0 for ; Tue, 10 Dec 2019 16:01:58 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id E34931B13C; Tue, 10 Dec 2019 16:01:58 +0100 (CET) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by dpdk.org (Postfix) with ESMTP id B753B1B13C for ; Tue, 10 Dec 2019 16:01:57 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1575990117; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jsduOXfJDbciuUFjaCdRvR7nniXdslgQ1um4patz+bo=; b=QtqEKCCLUqmbao7oTzzb2fmhQovfV+V2zhNA3WxFe94loeftoyRgJHPV9n6MAJAM/Oad5d roBmUjt54Z3XjUekF+OH8ef0FSZJBKDuBNm3I31/6ZUpA4MqY3qlCdNV/z8MC8ETl7kYeI F1TH9SrIbP/yyEDigmRsfJ4MXWvCmzg= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-325-RjKr7IbRPW-kxfVhmSC54A-1; Tue, 10 Dec 2019 10:01:54 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EE9F38064DE; Tue, 10 Dec 2019 15:01:52 +0000 (UTC) Received: from rh.redhat.com (ovpn-116-64.ams2.redhat.com [10.36.116.64]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1B7685DA7D; Tue, 10 Dec 2019 15:01:51 +0000 (UTC) From: Kevin Traynor To: Thierry Herbelot Cc: dpdk stable Date: Tue, 10 Dec 2019 14:59:33 +0000 Message-Id: <20191210145937.32755-59-ktraynor@redhat.com> In-Reply-To: <20191210145937.32755-1-ktraynor@redhat.com> References: <20191210145937.32755-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: RjKr7IbRPW-kxfVhmSC54A-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Subject: [dpdk-stable] patch 'crypto/openssl: use local copy for session contexts' has been queued to LTS release 18.11.6 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to LTS release 18.11.6 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 12/16/19. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasi= ng (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable-queue This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable-queue/commit/531676e03411b8488c= 6cc6b94603bd218d67dff4 Thanks. Kevin. --- >From 531676e03411b8488c6cc6b94603bd218d67dff4 Mon Sep 17 00:00:00 2001 From: Thierry Herbelot Date: Wed, 11 Sep 2019 18:06:01 +0200 Subject: [PATCH] crypto/openssl: use local copy for session contexts [ upstream commit 67ab783b5d70aed77d9ee3f3ae4688a70c42a49a ] Session contexts are used for temporary storage when processing a packet. If packets for the same session are to be processed simultaneously on multiple cores, separate contexts must be used. Note: with openssl 1.1.1 EVP_CIPHER_CTX can no longer be defined as a variable on the stack: it must be allocated. This in turn reduces the performance. Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library") Signed-off-by: Thierry Herbelot --- drivers/crypto/openssl/rte_openssl_pmd.c | 34 +++++++++++++++++------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/open= ssl/rte_openssl_pmd.c index 406e6211f..90a91bd83 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1290,4 +1290,5 @@ process_openssl_combined_op =09uint32_t offset; =09uint8_t taglen; +=09EVP_CIPHER_CTX *ctx_copy; =20 =09/* @@ -1326,4 +1327,6 @@ process_openssl_combined_op =20 =09taglen =3D sess->auth.digest_length; +=09ctx_copy =3D EVP_CIPHER_CTX_new(); +=09EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx); =20 =09if (sess->cipher.direction =3D=3D RTE_CRYPTO_CIPHER_OP_ENCRYPT) { @@ -1333,10 +1336,10 @@ process_openssl_combined_op =09=09=09=09=09mbuf_src, offset, srclen, =09=09=09=09=09aad, aadlen, iv, -=09=09=09=09=09dst, tag, sess->cipher.ctx); +=09=09=09=09=09dst, tag, ctx_copy); =09=09else =09=09=09status =3D process_openssl_auth_encryption_ccm( =09=09=09=09=09mbuf_src, offset, srclen, =09=09=09=09=09aad, aadlen, iv, -=09=09=09=09=09dst, tag, taglen, sess->cipher.ctx); +=09=09=09=09=09dst, tag, taglen, ctx_copy); =20 =09} else { @@ -1346,12 +1349,13 @@ process_openssl_combined_op =09=09=09=09=09mbuf_src, offset, srclen, =09=09=09=09=09aad, aadlen, iv, -=09=09=09=09=09dst, tag, sess->cipher.ctx); +=09=09=09=09=09dst, tag, ctx_copy); =09=09else =09=09=09status =3D process_openssl_auth_decryption_ccm( =09=09=09=09=09mbuf_src, offset, srclen, =09=09=09=09=09aad, aadlen, iv, -=09=09=09=09=09dst, tag, taglen, sess->cipher.ctx); +=09=09=09=09=09dst, tag, taglen, ctx_copy); =09} =20 +=09EVP_CIPHER_CTX_free(ctx_copy); =09if (status !=3D 0) { =09=09if (status =3D=3D (-EFAULT) && @@ -1372,4 +1376,5 @@ process_openssl_cipher_op =09uint8_t *dst, *iv; =09int srclen, status; +=09EVP_CIPHER_CTX *ctx_copy; =20 =09/* @@ -1388,4 +1393,6 @@ process_openssl_cipher_op =09iv =3D rte_crypto_op_ctod_offset(op, uint8_t *, =09=09=09sess->iv.offset); +=09ctx_copy =3D EVP_CIPHER_CTX_new(); +=09EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx); =20 =09if (sess->cipher.mode =3D=3D OPENSSL_CIPHER_LIB) @@ -1393,15 +1400,16 @@ process_openssl_cipher_op =09=09=09status =3D process_openssl_cipher_encrypt(mbuf_src, dst, =09=09=09=09=09op->sym->cipher.data.offset, iv, -=09=09=09=09=09srclen, sess->cipher.ctx); +=09=09=09=09=09srclen, ctx_copy); =09=09else =09=09=09status =3D process_openssl_cipher_decrypt(mbuf_src, dst, =09=09=09=09=09op->sym->cipher.data.offset, iv, -=09=09=09=09=09srclen, sess->cipher.ctx); +=09=09=09=09=09srclen, ctx_copy); =09else =09=09status =3D process_openssl_cipher_des3ctr(mbuf_src, dst, =09=09=09=09op->sym->cipher.data.offset, iv, =09=09=09=09sess->cipher.key.data, srclen, -=09=09=09=09sess->cipher.ctx); +=09=09=09=09ctx_copy); =20 +=09EVP_CIPHER_CTX_free(ctx_copy); =09if (status !=3D 0) =09=09op->status =3D RTE_CRYPTO_OP_STATUS_ERROR; @@ -1507,4 +1515,6 @@ process_openssl_auth_op(struct openssl_qp *qp, struct= rte_crypto_op *op, =09uint8_t *dst; =09int srclen, status; +=09EVP_MD_CTX *ctx_a; +=09HMAC_CTX *ctx_h; =20 =09srclen =3D op->sym->auth.data.length; @@ -1514,12 +1524,18 @@ process_openssl_auth_op(struct openssl_qp *qp, stru= ct rte_crypto_op *op, =09switch (sess->auth.mode) { =09case OPENSSL_AUTH_AS_AUTH: +=09=09ctx_a =3D EVP_MD_CTX_create(); +=09=09EVP_MD_CTX_copy_ex(ctx_a, sess->auth.auth.ctx); =09=09status =3D process_openssl_auth(mbuf_src, dst, =09=09=09=09op->sym->auth.data.offset, NULL, NULL, srclen, -=09=09=09=09sess->auth.auth.ctx, sess->auth.auth.evp_algo); +=09=09=09=09ctx_a, sess->auth.auth.evp_algo); +=09=09EVP_MD_CTX_destroy(ctx_a); =09=09break; =09case OPENSSL_AUTH_AS_HMAC: +=09=09ctx_h =3D HMAC_CTX_new(); +=09=09HMAC_CTX_copy(ctx_h, sess->auth.hmac.ctx); =09=09status =3D process_openssl_auth_hmac(mbuf_src, dst, =09=09=09=09op->sym->auth.data.offset, srclen, -=09=09=09=09sess->auth.hmac.ctx); +=09=09=09=09ctx_h); +=09=09HMAC_CTX_free(ctx_h); =09=09break; =09default: --=20 2.21.0 --- Diff of the applied patch vs upstream commit (please double-check if non-= empty: --- --- -=092019-12-10 14:49:42.960104989 +0000 +++ 0059-crypto-openssl-use-local-copy-for-session-contexts.patch=092019-12= -10 14:49:39.101456854 +0000 @@ -1 +1 @@ -From 67ab783b5d70aed77d9ee3f3ae4688a70c42a49a Mon Sep 17 00:00:00 2001 +From 531676e03411b8488c6cc6b94603bd218d67dff4 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 67ab783b5d70aed77d9ee3f3ae4688a70c42a49a ] + @@ -16 +17,0 @@ -Cc: stable@dpdk.org @@ -24 +25 @@ -index 6a75223ff..d68713e7e 100644 +index 406e6211f..90a91bd83 100644 @@ -27 +28 @@ -@@ -1291,4 +1291,5 @@ process_openssl_combined_op +@@ -1290,4 +1290,5 @@ process_openssl_combined_op @@ -33 +34 @@ -@@ -1327,4 +1328,6 @@ process_openssl_combined_op +@@ -1326,4 +1327,6 @@ process_openssl_combined_op @@ -40 +41 @@ -@@ -1334,10 +1337,10 @@ process_openssl_combined_op +@@ -1333,10 +1336,10 @@ process_openssl_combined_op @@ -53 +54 @@ -@@ -1347,12 +1350,13 @@ process_openssl_combined_op +@@ -1346,12 +1349,13 @@ process_openssl_combined_op @@ -69 +70 @@ -@@ -1373,4 +1377,5 @@ process_openssl_cipher_op +@@ -1372,4 +1376,5 @@ process_openssl_cipher_op @@ -75 +76 @@ -@@ -1389,4 +1394,6 @@ process_openssl_cipher_op +@@ -1388,4 +1393,6 @@ process_openssl_cipher_op @@ -82 +83 @@ -@@ -1394,15 +1401,16 @@ process_openssl_cipher_op +@@ -1393,15 +1400,16 @@ process_openssl_cipher_op @@ -102 +103 @@ -@@ -1508,4 +1516,6 @@ process_openssl_auth_op(struct openssl_qp *qp, struc= t rte_crypto_op *op, +@@ -1507,4 +1515,6 @@ process_openssl_auth_op(struct openssl_qp *qp, struc= t rte_crypto_op *op, @@ -109 +110 @@ -@@ -1515,12 +1525,18 @@ process_openssl_auth_op(struct openssl_qp *qp, str= uct rte_crypto_op *op, +@@ -1514,12 +1524,18 @@ process_openssl_auth_op(struct openssl_qp *qp, str= uct rte_crypto_op *op,