From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 052C5A00E6 for ; Thu, 8 Aug 2019 10:23:23 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id B6C4C2C18; Thu, 8 Aug 2019 10:23:17 +0200 (CEST) Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com [209.85.221.66]) by dpdk.org (Postfix) with ESMTP id 012912BAE for ; Thu, 8 Aug 2019 10:23:01 +0200 (CEST) Received: by mail-wr1-f66.google.com with SMTP id r3so250122wrt.3 for ; Thu, 08 Aug 2019 01:23:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=6wind.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :in-reply-to:references; bh=wgarJcXvidJ78ZEw1ta+Nge5CEfZ3EqDvpTZDWMalDE=; b=RfJZOt44eAJWzahOTXm56LtLjUObC2gAZnENTBo8NGFfoePsKZ9Ynbn4uPthI39pX7 rOsOwoeWrqOMj3CZdKYWD1cFeU11MjoszmDBHvXhpKpqGSy1GornlzCZi3+WYSPlVTUN PEX1xzanyk5kmx5Cj+gAHl4/ZSIrLVqTYUVrReWZ66lJIMI4YUj0ttjDmIErf5Q5SBRA pnqqCKdXjLimAJLjNLNw6ih60gkIbx42qMi/k46ovw79coy9Fki8DTv4Xb5xvP6Tn3wW QoZ4oSCBKzADAQO0d3k5RraESACCXPD/MYOw5p8nu+LwPy/lKSm6fX6p4jMzAvBdmE1n nBlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:in-reply-to:references; bh=wgarJcXvidJ78ZEw1ta+Nge5CEfZ3EqDvpTZDWMalDE=; b=eAGCe2E2kzwt8JYFdy0b3Eie4bNNLTiSM3vEzTqivuPdVpDSm3CadQRyLH85Gsxvoy YVIXIjz5/aAHoX2szXbyI424R+pMhgA2fSMrA6BJ/dCCcBAxEeYW64P0exKIy/fdB1gM xuCeZuBA8Y/OZrLSY2QsurFjDK3cAzuh0GoXZDT/Scl62eKJAhCL+2Qf0DTCILrubUKz Yty3j2Y0nBhIqpQTkqnEnueaBiZbQ4fI85uCnIG5O1HRnA/IRQmNQNwqqr2ecr0H3gpc 5tWVTamrXuwj4hJXGvhvVl47r8bOczbEtrvdVitP7VUG4fKzrI2rXv3VuDUT3IdZjJ5/ Gx4A== X-Gm-Message-State: APjAAAWCWKhM8+bKZB/eG4fIpd0f8vhWa3gwhGYA+MmHgSDsMZ/hgk86 bWzj27BqEb77kJwjnaTQVNWJ X-Google-Smtp-Source: APXvYqzXMwGMEPGlFDkLDeNkUgyVOQ9gUf6hFyQbq/hoJ0jxbTtaI08+f3VurHaUmjn7L5/1TL4T5Q== X-Received: by 2002:adf:d081:: with SMTP id y1mr16244511wrh.34.1565252580728; Thu, 08 Aug 2019 01:23:00 -0700 (PDT) Received: from ascain.dev.6wind.com. (host.78.145.23.62.rev.coltfrance.com. [62.23.145.78]) by smtp.gmail.com with ESMTPSA id t13sm111437018wrr.0.2019.08.08.01.22.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 08 Aug 2019 01:22:59 -0700 (PDT) From: Thierry Herbelot To: dev@dpdk.org Cc: stable@dpdk.org, Thomas Monjalon Date: Thu, 8 Aug 2019 10:22:15 +0200 Message-Id: <98dc35313971d49c5f1f06f7a074b024eb974e90.1565252336.git.thierry.herbelot@6wind.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: References: In-Reply-To: References: Subject: [dpdk-stable] [PATCH 19.11 V3 10/12] drivers/crypto/openssl: use a local copy for the session contexts X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Session contexts are used for temporary storage when processing a packet. If packets for the same session are to be processed simultaneously on multiple cores, separate contexts must be used. Note: with openssl 1.1.1 EVP_CIPHER_CTX can no longer be defined as a variable on the stack: it must be allocated. This in turn reduces the performance. Fixes: d61f70b4c918 ('crypto/libcrypto: add driver for OpenSSL library') Cc: stable@dpdk.org Signed-off-by: Thierry Herbelot --- drivers/crypto/openssl/rte_openssl_pmd.c | 34 +++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 2f5552840741..ce2d12347737 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1290,6 +1290,7 @@ process_openssl_combined_op int srclen, aadlen, status = -1; uint32_t offset; uint8_t taglen; + EVP_CIPHER_CTX *ctx_copy; /* * Segmented destination buffer is not supported for @@ -1326,6 +1327,8 @@ process_openssl_combined_op } taglen = sess->auth.digest_length; + ctx_copy = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx); if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC || @@ -1333,12 +1336,12 @@ process_openssl_combined_op status = process_openssl_auth_encryption_gcm( mbuf_src, offset, srclen, aad, aadlen, iv, - dst, tag, sess->cipher.ctx); + dst, tag, ctx_copy); else status = process_openssl_auth_encryption_ccm( mbuf_src, offset, srclen, aad, aadlen, iv, - dst, tag, taglen, sess->cipher.ctx); + dst, tag, taglen, ctx_copy); } else { if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC || @@ -1346,14 +1349,15 @@ process_openssl_combined_op status = process_openssl_auth_decryption_gcm( mbuf_src, offset, srclen, aad, aadlen, iv, - dst, tag, sess->cipher.ctx); + dst, tag, ctx_copy); else status = process_openssl_auth_decryption_ccm( mbuf_src, offset, srclen, aad, aadlen, iv, - dst, tag, taglen, sess->cipher.ctx); + dst, tag, taglen, ctx_copy); } + EVP_CIPHER_CTX_free(ctx_copy); if (status != 0) { if (status == (-EFAULT) && sess->auth.operation == @@ -1372,6 +1376,7 @@ process_openssl_cipher_op { uint8_t *dst, *iv; int srclen, status; + EVP_CIPHER_CTX *ctx_copy; /* * Segmented destination buffer is not supported for @@ -1388,22 +1393,25 @@ process_openssl_cipher_op iv = rte_crypto_op_ctod_offset(op, uint8_t *, sess->iv.offset); + ctx_copy = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx); if (sess->cipher.mode == OPENSSL_CIPHER_LIB) if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) status = process_openssl_cipher_encrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - srclen, sess->cipher.ctx); + srclen, ctx_copy); else status = process_openssl_cipher_decrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - srclen, sess->cipher.ctx); + srclen, ctx_copy); else status = process_openssl_cipher_des3ctr(mbuf_src, dst, op->sym->cipher.data.offset, iv, sess->cipher.key.data, srclen, - sess->cipher.ctx); + ctx_copy); + EVP_CIPHER_CTX_free(ctx_copy); if (status != 0) op->status = RTE_CRYPTO_OP_STATUS_ERROR; } @@ -1507,6 +1515,8 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, { uint8_t *dst; int srclen, status; + EVP_MD_CTX *ctx_a; + HMAC_CTX *ctx_h; srclen = op->sym->auth.data.length; @@ -1514,14 +1524,20 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, switch (sess->auth.mode) { case OPENSSL_AUTH_AS_AUTH: + ctx_a = EVP_MD_CTX_create(); + EVP_MD_CTX_copy_ex(ctx_a, sess->auth.auth.ctx); status = process_openssl_auth(mbuf_src, dst, op->sym->auth.data.offset, NULL, NULL, srclen, - sess->auth.auth.ctx, sess->auth.auth.evp_algo); + ctx_a, sess->auth.auth.evp_algo); + EVP_MD_CTX_destroy(ctx_a); break; case OPENSSL_AUTH_AS_HMAC: + ctx_h = HMAC_CTX_new(); + HMAC_CTX_copy(ctx_h, sess->auth.hmac.ctx); status = process_openssl_auth_hmac(mbuf_src, dst, op->sym->auth.data.offset, srclen, - sess->auth.hmac.ctx); + ctx_h); + HMAC_CTX_free(ctx_h); break; default: status = -1; -- 2.11.0