[dpdk-stable] patch 'crypto/openssl: use local copy for session contexts' has been queued to LTS release 18.11.6

Kevin Traynor ktraynor at redhat.com
Tue Dec 10 15:59:33 CET 2019

Previous message: [dpdk-stable] patch 'examples/ipsec-secgw: fix SHA256-HMAC digest length' has been queued to LTS release 18.11.6
Next message: [dpdk-stable] patch 'net/fm10k: fix mbuf free in vector Rx' has been queued to LTS release 18.11.6
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to LTS release 18.11.6

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 12/16/19. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable-queue/commit/531676e03411b8488c6cc6b94603bd218d67dff4

Thanks.

Kevin.

---
>From 531676e03411b8488c6cc6b94603bd218d67dff4 Mon Sep 17 00:00:00 2001
From: Thierry Herbelot <thierry.herbelot at 6wind.com>
Date: Wed, 11 Sep 2019 18:06:01 +0200
Subject: [PATCH] crypto/openssl: use local copy for session contexts

[ upstream commit 67ab783b5d70aed77d9ee3f3ae4688a70c42a49a ]

Session contexts are used for temporary storage when processing a
packet.
If packets for the same session are to be processed simultaneously on
multiple cores, separate contexts must be used.

Note: with openssl 1.1.1 EVP_CIPHER_CTX can no longer be defined as a
variable on the stack: it must be allocated. This in turn reduces the
performance.

Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")

Signed-off-by: Thierry Herbelot <thierry.herbelot at 6wind.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 34 +++++++++++++++++-------
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 406e6211f..90a91bd83 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1290,4 +1290,5 @@ process_openssl_combined_op
 	uint32_t offset;
 	uint8_t taglen;
+	EVP_CIPHER_CTX *ctx_copy;
 
 	/*
@@ -1326,4 +1327,6 @@ process_openssl_combined_op
 
 	taglen = sess->auth.digest_length;
+	ctx_copy = EVP_CIPHER_CTX_new();
+	EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx);
 
 	if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
@@ -1333,10 +1336,10 @@ process_openssl_combined_op
 					mbuf_src, offset, srclen,
 					aad, aadlen, iv,
-					dst, tag, sess->cipher.ctx);
+					dst, tag, ctx_copy);
 		else
 			status = process_openssl_auth_encryption_ccm(
 					mbuf_src, offset, srclen,
 					aad, aadlen, iv,
-					dst, tag, taglen, sess->cipher.ctx);
+					dst, tag, taglen, ctx_copy);
 
 	} else {
@@ -1346,12 +1349,13 @@ process_openssl_combined_op
 					mbuf_src, offset, srclen,
 					aad, aadlen, iv,
-					dst, tag, sess->cipher.ctx);
+					dst, tag, ctx_copy);
 		else
 			status = process_openssl_auth_decryption_ccm(
 					mbuf_src, offset, srclen,
 					aad, aadlen, iv,
-					dst, tag, taglen, sess->cipher.ctx);
+					dst, tag, taglen, ctx_copy);
 	}
 
+	EVP_CIPHER_CTX_free(ctx_copy);
 	if (status != 0) {
 		if (status == (-EFAULT) &&
@@ -1372,4 +1376,5 @@ process_openssl_cipher_op
 	uint8_t *dst, *iv;
 	int srclen, status;
+	EVP_CIPHER_CTX *ctx_copy;
 
 	/*
@@ -1388,4 +1393,6 @@ process_openssl_cipher_op
 	iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 			sess->iv.offset);
+	ctx_copy = EVP_CIPHER_CTX_new();
+	EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx);
 
 	if (sess->cipher.mode == OPENSSL_CIPHER_LIB)
@@ -1393,15 +1400,16 @@ process_openssl_cipher_op
 			status = process_openssl_cipher_encrypt(mbuf_src, dst,
 					op->sym->cipher.data.offset, iv,
-					srclen, sess->cipher.ctx);
+					srclen, ctx_copy);
 		else
 			status = process_openssl_cipher_decrypt(mbuf_src, dst,
 					op->sym->cipher.data.offset, iv,
-					srclen, sess->cipher.ctx);
+					srclen, ctx_copy);
 	else
 		status = process_openssl_cipher_des3ctr(mbuf_src, dst,
 				op->sym->cipher.data.offset, iv,
 				sess->cipher.key.data, srclen,
-				sess->cipher.ctx);
+				ctx_copy);
 
+	EVP_CIPHER_CTX_free(ctx_copy);
 	if (status != 0)
 		op->status = RTE_CRYPTO_OP_STATUS_ERROR;
@@ -1507,4 +1515,6 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	uint8_t *dst;
 	int srclen, status;
+	EVP_MD_CTX *ctx_a;
+	HMAC_CTX *ctx_h;
 
 	srclen = op->sym->auth.data.length;
@@ -1514,12 +1524,18 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	switch (sess->auth.mode) {
 	case OPENSSL_AUTH_AS_AUTH:
+		ctx_a = EVP_MD_CTX_create();
+		EVP_MD_CTX_copy_ex(ctx_a, sess->auth.auth.ctx);
 		status = process_openssl_auth(mbuf_src, dst,
 				op->sym->auth.data.offset, NULL, NULL, srclen,
-				sess->auth.auth.ctx, sess->auth.auth.evp_algo);
+				ctx_a, sess->auth.auth.evp_algo);
+		EVP_MD_CTX_destroy(ctx_a);
 		break;
 	case OPENSSL_AUTH_AS_HMAC:
+		ctx_h = HMAC_CTX_new();
+		HMAC_CTX_copy(ctx_h, sess->auth.hmac.ctx);
 		status = process_openssl_auth_hmac(mbuf_src, dst,
 				op->sym->auth.data.offset, srclen,
-				sess->auth.hmac.ctx);
+				ctx_h);
+		HMAC_CTX_free(ctx_h);
 		break;
 	default:
-- 
2.21.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2019-12-10 14:49:42.960104989 +0000
+++ 0059-crypto-openssl-use-local-copy-for-session-contexts.patch	2019-12-10 14:49:39.101456854 +0000
@@ -1 +1 @@
-From 67ab783b5d70aed77d9ee3f3ae4688a70c42a49a Mon Sep 17 00:00:00 2001
+From 531676e03411b8488c6cc6b94603bd218d67dff4 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 67ab783b5d70aed77d9ee3f3ae4688a70c42a49a ]
+
@@ -16 +17,0 @@
-Cc: stable at dpdk.org
@@ -24 +25 @@
-index 6a75223ff..d68713e7e 100644
+index 406e6211f..90a91bd83 100644
@@ -27 +28 @@
-@@ -1291,4 +1291,5 @@ process_openssl_combined_op
+@@ -1290,4 +1290,5 @@ process_openssl_combined_op
@@ -33 +34 @@
-@@ -1327,4 +1328,6 @@ process_openssl_combined_op
+@@ -1326,4 +1327,6 @@ process_openssl_combined_op
@@ -40 +41 @@
-@@ -1334,10 +1337,10 @@ process_openssl_combined_op
+@@ -1333,10 +1336,10 @@ process_openssl_combined_op
@@ -53 +54 @@
-@@ -1347,12 +1350,13 @@ process_openssl_combined_op
+@@ -1346,12 +1349,13 @@ process_openssl_combined_op
@@ -69 +70 @@
-@@ -1373,4 +1377,5 @@ process_openssl_cipher_op
+@@ -1372,4 +1376,5 @@ process_openssl_cipher_op
@@ -75 +76 @@
-@@ -1389,4 +1394,6 @@ process_openssl_cipher_op
+@@ -1388,4 +1393,6 @@ process_openssl_cipher_op
@@ -82 +83 @@
-@@ -1394,15 +1401,16 @@ process_openssl_cipher_op
+@@ -1393,15 +1400,16 @@ process_openssl_cipher_op
@@ -102 +103 @@
-@@ -1508,4 +1516,6 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
+@@ -1507,4 +1515,6 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
@@ -109 +110 @@
-@@ -1515,12 +1525,18 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
+@@ -1514,12 +1524,18 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,

Previous message: [dpdk-stable] patch 'examples/ipsec-secgw: fix SHA256-HMAC digest length' has been queued to LTS release 18.11.6
Next message: [dpdk-stable] patch 'net/fm10k: fix mbuf free in vector Rx' has been queued to LTS release 18.11.6
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list