From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7562BA04F0 for ; Thu, 19 Dec 2019 15:40:38 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 6D5BE1BFE7; Thu, 19 Dec 2019 15:40:38 +0100 (CET) Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com [209.85.221.66]) by dpdk.org (Postfix) with ESMTP id F32641BFF3 for ; Thu, 19 Dec 2019 15:40:37 +0100 (CET) Received: by mail-wr1-f66.google.com with SMTP id d16so6198589wre.10 for ; Thu, 19 Dec 2019 06:40:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=m0nAEe19kswQs+byTS0Y2NjMutcrc/zrsmEJ3wAnQ0w=; b=p6PSt/nu2FS67HXAflsZ5SLL54Kw1hEJIxwOT+5cU8eDRslMTFWVtZeUW6lzlQ3r9e +lc6WFWprdqycyeyYrJd1ukZNIcNZiFRNRA3n1N3ADU7eSZpyyrNxRpMXgi9Pqt4uYS+ aKqYxTlR2zod6ktcVi16ugIR31/7PWjFC3vmJ+LoOnLr0VotZz/sQFLTyMsX+wIWRfto 03cZ96ZHUFLNweFAEO5JrYU2BQ/tjab7A8s4oI9I3wE2dezDEvDOEUDdxSf94preTwzX O6/tRCcEFfmyhOJxK5UpznikZoYsKY8URFThlS5IbeULf2fxou+GQaT9LzrGJ+28LIX4 0JtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=m0nAEe19kswQs+byTS0Y2NjMutcrc/zrsmEJ3wAnQ0w=; b=ePPFs6ogsd12uafSNpGXCsfJcRdAqKxxImc0gfvrcmnnd8fKXPDaTCBJPOnHDsJTUz xsNmKeLQMcNmUXJgjNMXKZdhxxe2R0BuUbmCRoja7DzwB8qB+u6QaCStQQjSvJCf+nte LvoUHB/HvxakaolihVqlxoaJwfZtAzABG0W+AerLAb5dYEp36AkJaIuR5/TF70CZYu1w Pd1A4/XA3ObqilOfXNt5+cr7fZd91+ic1DrbOeIOpNH6DFrC5tVt9ZBjaHjAZfuNNNzA ZjIquOgl6TpC0FathfixvrIY2/lyh6N4pdg7dNuKgxu5zB4Fgca4O1AtycaOpkQKl3BO igGw== X-Gm-Message-State: APjAAAVzeLdfSoB04/LEmW+zan/wccGyfEocehxSYSJGElnlbH+Yp/TD b4csW6gnd5CGtO/klhMOVs8863No41I= X-Google-Smtp-Source: APXvYqwgC21JdhjdhHDc+Z1iQTx3O5EEn4FAYViN4VH95kBPU8gckR5fCbX4sVCFKYnL/vjEzQefSw== X-Received: by 2002:adf:9b83:: with SMTP id d3mr9761732wrc.54.1576766437663; Thu, 19 Dec 2019 06:40:37 -0800 (PST) Received: from localhost ([88.98.246.218]) by smtp.gmail.com with ESMTPSA id t190sm6377608wmt.44.2019.12.19.06.40.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Dec 2019 06:40:37 -0800 (PST) From: luca.boccassi@gmail.com To: Thierry Herbelot Cc: dpdk stable Date: Thu, 19 Dec 2019 14:34:13 +0000 Message-Id: <20191219143447.21506-106-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191219143447.21506-1-luca.boccassi@gmail.com> References: <20191219143447.21506-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'crypto/openssl: use local copy for session contexts' has been queued to LTS release 17.11.10 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to LTS release 17.11.10 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 12/21/19. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Thanks. Luca Boccassi --- >From 0a6364cb0886cfdc7c6dc349ce56d4c45f51fb34 Mon Sep 17 00:00:00 2001 From: Thierry Herbelot Date: Wed, 11 Sep 2019 18:06:01 +0200 Subject: [PATCH] crypto/openssl: use local copy for session contexts [ upstream commit 67ab783b5d70aed77d9ee3f3ae4688a70c42a49a ] Session contexts are used for temporary storage when processing a packet. If packets for the same session are to be processed simultaneously on multiple cores, separate contexts must be used. Note: with openssl 1.1.1 EVP_CIPHER_CTX can no longer be defined as a variable on the stack: it must be allocated. This in turn reduces the performance. Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library") Signed-off-by: Thierry Herbelot --- drivers/crypto/openssl/rte_openssl_pmd.c | 34 +++++++++++++++++------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 7b18bd42e7..24304d539c 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1296,6 +1296,7 @@ process_openssl_combined_op int srclen, aadlen, status = -1; uint32_t offset; uint8_t taglen; + EVP_CIPHER_CTX *ctx_copy; /* * Segmented destination buffer is not supported for @@ -1332,6 +1333,8 @@ process_openssl_combined_op } taglen = sess->auth.digest_length; + ctx_copy = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx); if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC || @@ -1339,12 +1342,12 @@ process_openssl_combined_op status = process_openssl_auth_encryption_gcm( mbuf_src, offset, srclen, aad, aadlen, iv, - dst, tag, sess->cipher.ctx); + dst, tag, ctx_copy); else status = process_openssl_auth_encryption_ccm( mbuf_src, offset, srclen, aad, aadlen, iv, - dst, tag, taglen, sess->cipher.ctx); + dst, tag, taglen, ctx_copy); } else { if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC || @@ -1352,14 +1355,15 @@ process_openssl_combined_op status = process_openssl_auth_decryption_gcm( mbuf_src, offset, srclen, aad, aadlen, iv, - dst, tag, sess->cipher.ctx); + dst, tag, ctx_copy); else status = process_openssl_auth_decryption_ccm( mbuf_src, offset, srclen, aad, aadlen, iv, - dst, tag, taglen, sess->cipher.ctx); + dst, tag, taglen, ctx_copy); } + EVP_CIPHER_CTX_free(ctx_copy); if (status != 0) { if (status == (-EFAULT) && sess->auth.operation == @@ -1378,6 +1382,7 @@ process_openssl_cipher_op { uint8_t *dst, *iv; int srclen, status; + EVP_CIPHER_CTX *ctx_copy; /* * Segmented destination buffer is not supported for @@ -1394,22 +1399,25 @@ process_openssl_cipher_op iv = rte_crypto_op_ctod_offset(op, uint8_t *, sess->iv.offset); + ctx_copy = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx); if (sess->cipher.mode == OPENSSL_CIPHER_LIB) if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) status = process_openssl_cipher_encrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - srclen, sess->cipher.ctx); + srclen, ctx_copy); else status = process_openssl_cipher_decrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - srclen, sess->cipher.ctx); + srclen, ctx_copy); else status = process_openssl_cipher_des3ctr(mbuf_src, dst, op->sym->cipher.data.offset, iv, sess->cipher.key.data, srclen, - sess->cipher.ctx); + ctx_copy); + EVP_CIPHER_CTX_free(ctx_copy); if (status != 0) op->status = RTE_CRYPTO_OP_STATUS_ERROR; } @@ -1513,6 +1521,8 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, { uint8_t *dst; int srclen, status; + EVP_MD_CTX *ctx_a; + HMAC_CTX *ctx_h; srclen = op->sym->auth.data.length; @@ -1528,14 +1538,20 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, switch (sess->auth.mode) { case OPENSSL_AUTH_AS_AUTH: + ctx_a = EVP_MD_CTX_create(); + EVP_MD_CTX_copy_ex(ctx_a, sess->auth.auth.ctx); status = process_openssl_auth(mbuf_src, dst, op->sym->auth.data.offset, NULL, NULL, srclen, - sess->auth.auth.ctx, sess->auth.auth.evp_algo); + ctx_a, sess->auth.auth.evp_algo); + EVP_MD_CTX_destroy(ctx_a); break; case OPENSSL_AUTH_AS_HMAC: + ctx_h = HMAC_CTX_new(); + HMAC_CTX_copy(ctx_h, sess->auth.hmac.ctx); status = process_openssl_auth_hmac(mbuf_src, dst, op->sym->auth.data.offset, srclen, - sess->auth.hmac.ctx); + ctx_h); + HMAC_CTX_free(ctx_h); break; default: status = -1; -- 2.20.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2019-12-19 14:32:30.537009914 +0000 +++ 0106-crypto-openssl-use-local-copy-for-session-contexts.patch 2019-12-19 14:32:26.245300601 +0000 @@ -1,8 +1,10 @@ -From 67ab783b5d70aed77d9ee3f3ae4688a70c42a49a Mon Sep 17 00:00:00 2001 +From 0a6364cb0886cfdc7c6dc349ce56d4c45f51fb34 Mon Sep 17 00:00:00 2001 From: Thierry Herbelot Date: Wed, 11 Sep 2019 18:06:01 +0200 Subject: [PATCH] crypto/openssl: use local copy for session contexts +[ upstream commit 67ab783b5d70aed77d9ee3f3ae4688a70c42a49a ] + Session contexts are used for temporary storage when processing a packet. If packets for the same session are to be processed simultaneously on @@ -13,7 +15,6 @@ performance. Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library") -Cc: stable@dpdk.org Signed-off-by: Thierry Herbelot --- @@ -21,10 +22,10 @@ 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c -index 6a75223fff..d68713e7e5 100644 +index 7b18bd42e7..24304d539c 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c -@@ -1290,6 +1290,7 @@ process_openssl_combined_op +@@ -1296,6 +1296,7 @@ process_openssl_combined_op int srclen, aadlen, status = -1; uint32_t offset; uint8_t taglen; @@ -32,7 +33,7 @@ /* * Segmented destination buffer is not supported for -@@ -1326,6 +1327,8 @@ process_openssl_combined_op +@@ -1332,6 +1333,8 @@ process_openssl_combined_op } taglen = sess->auth.digest_length; @@ -41,7 +42,7 @@ if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC || -@@ -1333,12 +1336,12 @@ process_openssl_combined_op +@@ -1339,12 +1342,12 @@ process_openssl_combined_op status = process_openssl_auth_encryption_gcm( mbuf_src, offset, srclen, aad, aadlen, iv, @@ -56,7 +57,7 @@ } else { if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC || -@@ -1346,14 +1349,15 @@ process_openssl_combined_op +@@ -1352,14 +1355,15 @@ process_openssl_combined_op status = process_openssl_auth_decryption_gcm( mbuf_src, offset, srclen, aad, aadlen, iv, @@ -74,7 +75,7 @@ if (status != 0) { if (status == (-EFAULT) && sess->auth.operation == -@@ -1372,6 +1376,7 @@ process_openssl_cipher_op +@@ -1378,6 +1382,7 @@ process_openssl_cipher_op { uint8_t *dst, *iv; int srclen, status; @@ -82,7 +83,7 @@ /* * Segmented destination buffer is not supported for -@@ -1388,22 +1393,25 @@ process_openssl_cipher_op +@@ -1394,22 +1399,25 @@ process_openssl_cipher_op iv = rte_crypto_op_ctod_offset(op, uint8_t *, sess->iv.offset); @@ -111,7 +112,7 @@ if (status != 0) op->status = RTE_CRYPTO_OP_STATUS_ERROR; } -@@ -1507,6 +1515,8 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, +@@ -1513,6 +1521,8 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, { uint8_t *dst; int srclen, status; @@ -120,7 +121,7 @@ srclen = op->sym->auth.data.length; -@@ -1514,14 +1524,20 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, +@@ -1528,14 +1538,20 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, switch (sess->auth.mode) { case OPENSSL_AUTH_AS_AUTH: