<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div class="elementToProof" style="font-family: "IntelOne Text"; font-size: 10pt; color: rgb(0, 0, 0);">
Acked-by: Kai Ji <kai.ji@intel.com></div>
<div id="appendonsend" style="color: inherit;"></div>
<div class="elementToProof" style="font-family: "IntelOne Text"; font-size: 10pt; color: rgb(0, 0, 0);">
<br>
</div>
<hr style="display: inline-block; width: 98%;">
<div id="divRplyFwdMsg" dir="ltr" style="color: inherit;"><span style="font-family: Calibri, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);"><b>From:</b> Jack Bond-Preston <jack.bond-preston@foss.arm.com><br>
<b>Sent:</b> 07 June 2024 13:47<br>
<b>To:</b> Ji, Kai <kai.ji@intel.com>; Fan Zhang <fanzhang.oss@gmail.com>; Akhil Goyal <gakhil@marvell.com><br>
<b>Cc:</b> dev@dpdk.org <dev@dpdk.org>; stable@dpdk.org <stable@dpdk.org>; Wathsala Vithanage <wathsala.vithanage@arm.com><br>
<b>Subject:</b> [PATCH v4 1/5] crypto/openssl: fix GCM and CCM thread unsafe ctxs</span>
<div> </div>
</div>
<div style="font-size: 11pt;">Commit 67ab783b5d70 ("crypto/openssl: use local copy for session<br>
contexts") introduced a fix for concurrency bugs which could occur when<br>
using one OpenSSL PMD session across multiple cores simultaneously. The<br>
solution was to clone the EVP contexts per-buffer to avoid them being<br>
used concurrently.<br>
<br>
However, part of commit 75adf1eae44f ("crypto/openssl: update HMAC<br>
routine with 3.0 EVP API") reverted this fix, only for combined ops<br>
(AES-GCM and AES-CCM).<br>
<br>
Fix the concurrency issue by cloning EVP contexts per-buffer. An extra<br>
workaround is required for OpenSSL versions which are >= 3.0.0, and<br>
<= 3.2.0. This is because, prior to OpenSSL 3.2.0, EVP_CIPHER_CTX_copy()<br>
is not implemented for AES-GCM or AES-CCM. When using these OpenSSL<br>
versions, create and initialise the context from scratch, per-buffer.<br>
<br>
Throughput performance uplift measurements for AES-GCM-128 encrypt on<br>
Ampere Altra Max platform:<br>
1 worker lcore<br>
| buffer sz (B) | prev (Gbps) | optimised (Gbps) | uplift |<br>
|-----------------+---------------+--------------------+----------|<br>
| 64 | 2.60 | 1.31 | -49.5% |<br>
| 256 | 7.69 | 4.45 | -42.1% |<br>
| 1024 | 15.33 | 11.30 | -26.3% |<br>
| 2048 | 18.74 | 15.37 | -18.0% |<br>
| 4096 | 21.11 | 18.80 | -10.9% |<br>
<br>
8 worker lcores<br>
| buffer sz (B) | prev (Gbps) | optimised (Gbps) | uplift |<br>
|-----------------+---------------+--------------------+----------|<br>
| 64 | 19.94 | 2.83 | -85.8% |<br>
| 256 | 58.84 | 11.00 | -81.3% |<br>
| 1024 | 119.71 | 42.46 | -64.5% |<br>
| 2048 | 147.69 | 80.91 | -45.2% |<br>
| 4096 | 167.39 | 121.25 | -27.6% |<br>
<br>
Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP API")<br>
Cc: stable@dpdk.org<br>
Signed-off-by: Jack Bond-Preston <jack.bond-preston@foss.arm.com><br>
Reviewed-by: Wathsala Vithanage <wathsala.vithanage@arm.com><br>
---<br>
drivers/crypto/openssl/rte_openssl_pmd.c | 84 ++++++++++++++++++------<br>
1 file changed, 64 insertions(+), 20 deletions(-)<br>
<br>
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c<br>
index e8cb09defc..3f7f4d8c37 100644<br>
--- a/drivers/crypto/openssl/rte_openssl_pmd.c<br>
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c<br>
@@ -350,7 +350,8 @@ get_aead_algo(enum rte_crypto_aead_algorithm sess_algo, size_t keylen,<br>
static int<br>
openssl_set_sess_aead_enc_param(struct openssl_session *sess,<br>
enum rte_crypto_aead_algorithm algo,<br>
- uint8_t tag_len, const uint8_t *key)<br>
+ uint8_t tag_len, const uint8_t *key,<br>
+ EVP_CIPHER_CTX **ctx)<br>
{<br>
int iv_type = 0;<br>
unsigned int do_ccm;<br>
@@ -378,7 +379,7 @@ openssl_set_sess_aead_enc_param(struct openssl_session *sess,<br>
}<br>
<br>
sess->cipher.mode = OPENSSL_CIPHER_LIB;<br>
- sess->cipher.ctx = EVP_CIPHER_CTX_new();<br>
+ *ctx = EVP_CIPHER_CTX_new();<br>
<br>
if (get_aead_algo(algo, sess->cipher.key.length,<br>
&sess->cipher.evp_algo) != 0)<br>
@@ -388,19 +389,19 @@ openssl_set_sess_aead_enc_param(struct openssl_session *sess,<br>
<br>
sess->chain_order = OPENSSL_CHAIN_COMBINED;<br>
<br>
- if (EVP_EncryptInit_ex(sess->cipher.ctx, sess->cipher.evp_algo,<br>
+ if (EVP_EncryptInit_ex(*ctx, sess->cipher.evp_algo,<br>
NULL, NULL, NULL) <= 0)<br>
return -EINVAL;<br>
<br>
- if (EVP_CIPHER_CTX_ctrl(sess->cipher.ctx, iv_type, sess->iv.length,<br>
+ if (EVP_CIPHER_CTX_ctrl(*ctx, iv_type, sess->iv.length,<br>
NULL) <= 0)<br>
return -EINVAL;<br>
<br>
if (do_ccm)<br>
- EVP_CIPHER_CTX_ctrl(sess->cipher.ctx, EVP_CTRL_CCM_SET_TAG,<br>
+ EVP_CIPHER_CTX_ctrl(*ctx, EVP_CTRL_CCM_SET_TAG,<br>
tag_len, NULL);<br>
<br>
- if (EVP_EncryptInit_ex(sess->cipher.ctx, NULL, NULL, key, NULL) <= 0)<br>
+ if (EVP_EncryptInit_ex(*ctx, NULL, NULL, key, NULL) <= 0)<br>
return -EINVAL;<br>
<br>
return 0;<br>
@@ -410,7 +411,8 @@ openssl_set_sess_aead_enc_param(struct openssl_session *sess,<br>
static int<br>
openssl_set_sess_aead_dec_param(struct openssl_session *sess,<br>
enum rte_crypto_aead_algorithm algo,<br>
- uint8_t tag_len, const uint8_t *key)<br>
+ uint8_t tag_len, const uint8_t *key,<br>
+ EVP_CIPHER_CTX **ctx)<br>
{<br>
int iv_type = 0;<br>
unsigned int do_ccm = 0;<br>
@@ -437,7 +439,7 @@ openssl_set_sess_aead_dec_param(struct openssl_session *sess,<br>
}<br>
<br>
sess->cipher.mode = OPENSSL_CIPHER_LIB;<br>
- sess->cipher.ctx = EVP_CIPHER_CTX_new();<br>
+ *ctx = EVP_CIPHER_CTX_new();<br>
<br>
if (get_aead_algo(algo, sess->cipher.key.length,<br>
&sess->cipher.evp_algo) != 0)<br>
@@ -447,24 +449,54 @@ openssl_set_sess_aead_dec_param(struct openssl_session *sess,<br>
<br>
sess->chain_order = OPENSSL_CHAIN_COMBINED;<br>
<br>
- if (EVP_DecryptInit_ex(sess->cipher.ctx, sess->cipher.evp_algo,<br>
+ if (EVP_DecryptInit_ex(*ctx, sess->cipher.evp_algo,<br>
NULL, NULL, NULL) <= 0)<br>
return -EINVAL;<br>
<br>
- if (EVP_CIPHER_CTX_ctrl(sess->cipher.ctx, iv_type,<br>
+ if (EVP_CIPHER_CTX_ctrl(*ctx, iv_type,<br>
sess->iv.length, NULL) <= 0)<br>
return -EINVAL;<br>
<br>
if (do_ccm)<br>
- EVP_CIPHER_CTX_ctrl(sess->cipher.ctx, EVP_CTRL_CCM_SET_TAG,<br>
+ EVP_CIPHER_CTX_ctrl(*ctx, EVP_CTRL_CCM_SET_TAG,<br>
tag_len, NULL);<br>
<br>
- if (EVP_DecryptInit_ex(sess->cipher.ctx, NULL, NULL, key, NULL) <= 0)<br>
+ if (EVP_DecryptInit_ex(*ctx, NULL, NULL, key, NULL) <= 0)<br>
return -EINVAL;<br>
<br>
return 0;<br>
}<br>
<br>
+static int openssl_aesni_ctx_clone(EVP_CIPHER_CTX **dest,<br>
+ struct openssl_session *sess)<br>
+{<br>
+#if (OPENSSL_VERSION_NUMBER > 0x30200000L)<br>
+ *dest = EVP_CIPHER_CTX_dup(sess->ctx);<br>
+ return 0;<br>
+#elif (OPENSSL_VERSION_NUMBER > 0x30000000L)<br>
+ /* OpenSSL versions 3.0.0 <= V < 3.2.0 have no dupctx() implementation<br>
+ * for AES-GCM and AES-CCM. In this case, we have to create new empty<br>
+ * contexts and initialise, as we did the original context.<br>
+ */<br>
+ if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC)<br>
+ sess->aead_algo = RTE_CRYPTO_AEAD_AES_GCM;<br>
+<br>
+ if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)<br>
+ return openssl_set_sess_aead_enc_param(sess, sess->aead_algo,<br>
+ sess->auth.digest_length, sess->cipher.key.data,<br>
+ dest);<br>
+ else<br>
+ return openssl_set_sess_aead_dec_param(sess, sess->aead_algo,<br>
+ sess->auth.digest_length, sess->cipher.key.data,<br>
+ dest);<br>
+#else<br>
+ *dest = EVP_CIPHER_CTX_new();<br>
+ if (EVP_CIPHER_CTX_copy(*dest, sess->cipher.ctx) != 1)<br>
+ return -EINVAL;<br>
+ return 0;<br>
+#endif<br>
+}<br>
+<br>
/** Set session cipher parameters */<br>
static int<br>
openssl_set_session_cipher_parameters(struct openssl_session *sess,<br>
@@ -623,12 +655,14 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,<br>
return openssl_set_sess_aead_enc_param(sess,<br>
RTE_CRYPTO_AEAD_AES_GCM,<br>
xform->auth.digest_length,<br>
- xform->auth.key.data);<br>
+ xform->auth.key.data,<br>
+ &sess->cipher.ctx);<br>
else<br>
return openssl_set_sess_aead_dec_param(sess,<br>
RTE_CRYPTO_AEAD_AES_GCM,<br>
xform->auth.digest_length,<br>
- xform->auth.key.data);<br>
+ xform->auth.key.data,<br>
+ &sess->cipher.ctx);<br>
break;<br>
<br>
case RTE_CRYPTO_AUTH_MD5:<br>
@@ -770,10 +804,12 @@ openssl_set_session_aead_parameters(struct openssl_session *sess,<br>
/* Select cipher direction */<br>
if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)<br>
return openssl_set_sess_aead_enc_param(sess, xform->aead.algo,<br>
- xform->aead.digest_length, xform->aead.key.data);<br>
+ xform->aead.digest_length, xform->aead.key.data,<br>
+ &sess->cipher.ctx);<br>
else<br>
return openssl_set_sess_aead_dec_param(sess, xform->aead.algo,<br>
- xform->aead.digest_length, xform->aead.key.data);<br>
+ xform->aead.digest_length, xform->aead.key.data,<br>
+ &sess->cipher.ctx);<br>
}<br>
<br>
/** Parse crypto xform chain and set private session parameters */<br>
@@ -1590,6 +1626,12 @@ process_openssl_combined_op<br>
return;<br>
}<br>
<br>
+ EVP_CIPHER_CTX *ctx;<br>
+ if (openssl_aesni_ctx_clone(&ctx, sess) != 0) {<br>
+ op->status = RTE_CRYPTO_OP_STATUS_ERROR;<br>
+ return;<br>
+ }<br>
+<br>
iv = rte_crypto_op_ctod_offset(op, uint8_t *,<br>
sess->iv.offset);<br>
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {<br>
@@ -1623,12 +1665,12 @@ process_openssl_combined_op<br>
status = process_openssl_auth_encryption_gcm(<br>
mbuf_src, offset, srclen,<br>
aad, aadlen, iv,<br>
- dst, tag, sess->cipher.ctx);<br>
+ dst, tag, ctx);<br>
else<br>
status = process_openssl_auth_encryption_ccm(<br>
mbuf_src, offset, srclen,<br>
aad, aadlen, iv,<br>
- dst, tag, taglen, sess->cipher.ctx);<br>
+ dst, tag, taglen, ctx);<br>
<br>
} else {<br>
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC ||<br>
@@ -1636,14 +1678,16 @@ process_openssl_combined_op<br>
status = process_openssl_auth_decryption_gcm(<br>
mbuf_src, offset, srclen,<br>
aad, aadlen, iv,<br>
- dst, tag, sess->cipher.ctx);<br>
+ dst, tag, ctx);<br>
else<br>
status = process_openssl_auth_decryption_ccm(<br>
mbuf_src, offset, srclen,<br>
aad, aadlen, iv,<br>
- dst, tag, taglen, sess->cipher.ctx);<br>
+ dst, tag, taglen, ctx);<br>
}<br>
<br>
+ EVP_CIPHER_CTX_free(ctx);<br>
+<br>
if (status != 0) {<br>
if (status == (-EFAULT) &&<br>
sess->auth.operation ==<br>
--<br>
2.34.1<br>
<br>
</div>
</body>
</html>