patch 'crypto/openssl: optimize 3DES-CTR context init' has been queued to stable release 23.11.2

Xueming Li xuemingl at nvidia.com
Mon Aug 12 14:48:23 CEST 2024

Previous message (by thread): patch 'crypto/openssl: fix GCM and CCM thread unsafe contexts' has been queued to stable release 23.11.2
Next message (by thread): patch 'crypto/openssl: make per-QP cipher context clones' has been queued to stable release 23.11.2
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 23.11.2

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 08/14/24. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://git.dpdk.org/dpdk-stable/log/?h=23.11-staging

This queued commit can be viewed at:
https://git.dpdk.org/dpdk-stable/commit/?h=23.11-staging&id=ee88b9496c9bcbdfc332962d5e10bddd2a9ffed7

Thanks.

Xueming Li <xuemingl at nvidia.com>

---
>From ee88b9496c9bcbdfc332962d5e10bddd2a9ffed7 Mon Sep 17 00:00:00 2001
From: Jack Bond-Preston <jack.bond-preston at foss.arm.com>
Date: Wed, 3 Jul 2024 13:45:48 +0000
Subject: [PATCH] crypto/openssl: optimize 3DES-CTR context init
Cc: Xueming Li <xuemingl at nvidia.com>

[ upstream commit 08917edd8b110f9819301ee4f9b152de7c79ddd4 ]

Currently the 3DES-CTR cipher context is initialised for every buffer,
setting the cipher implementation and key - even though for every
buffer in the session these values will be the same.

Change to initialising the cipher context once, before any buffers are
processed, instead.

Throughput performance uplift measurements for 3DES-CTR encrypt on
Ampere Altra Max platform:
1 worker lcore
|   buffer sz (B) |   prev (Gbps) |   optimised (Gbps) |   uplift |
|-----------------+---------------+--------------------+----------|
|              64 |          0.16 |               0.21 |    35.3% |
|             256 |          0.20 |               0.22 |     9.4% |
|            1024 |          0.22 |               0.23 |     2.3% |
|            2048 |          0.22 |               0.23 |     0.9% |
|            4096 |          0.22 |               0.23 |     0.9% |

8 worker lcores
|   buffer sz (B) |   prev (Gbps) |   optimised (Gbps) |   uplift |
|-----------------+---------------+--------------------+----------|
|              64 |          1.01 |               1.34 |    32.9% |
|             256 |          1.51 |               1.66 |     9.9% |
|            1024 |          1.72 |               1.77 |     2.6% |
|            2048 |          1.76 |               1.78 |     1.1% |
|            4096 |          1.79 |               1.80 |     0.6% |

Signed-off-by: Jack Bond-Preston <jack.bond-preston at foss.arm.com>
Acked-by: Kai Ji <kai.ji at intel.com>
Reviewed-by: Wathsala Vithanage <wathsala.vithanage at arm.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 3e547c2039..bd09d58d88 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -553,6 +553,15 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
 				sess->cipher.key.length,
 				sess->cipher.key.data) != 0)
 			return -EINVAL;
+
+
+		/* We use 3DES encryption also for decryption.
+		 * IV is not important for 3DES ECB.
+		 */
+		if (EVP_EncryptInit_ex(sess->cipher.ctx, EVP_des_ede3_ecb(),
+				NULL, sess->cipher.key.data,  NULL) != 1)
+			return -EINVAL;
+
 		break;
 
 	case RTE_CRYPTO_CIPHER_DES_CBC:
@@ -1172,8 +1181,7 @@ process_cipher_decrypt_err:
 /** Process cipher des 3 ctr encryption, decryption algorithm */
 static int
 process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
-		int offset, uint8_t *iv, uint8_t *key, int srclen,
-		EVP_CIPHER_CTX *ctx)
+		int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx)
 {
 	uint8_t ebuf[8], ctr[8];
 	int unused, n;
@@ -1191,12 +1199,6 @@ process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
 	src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
 	l = rte_pktmbuf_data_len(m) - offset;
 
-	/* We use 3DES encryption also for decryption.
-	 * IV is not important for 3DES ecb
-	 */
-	if (EVP_EncryptInit_ex(ctx, EVP_des_ede3_ecb(), NULL, key, NULL) <= 0)
-		goto process_cipher_des3ctr_err;
-
 	memcpy(ctr, iv, 8);
 
 	for (n = 0; n < srclen; n++) {
@@ -1740,8 +1742,7 @@ process_openssl_cipher_op
 					srclen, ctx_copy, inplace);
 	else
 		status = process_openssl_cipher_des3ctr(mbuf_src, dst,
-				op->sym->cipher.data.offset, iv,
-				sess->cipher.key.data, srclen,
+				op->sym->cipher.data.offset, iv, srclen,
 				ctx_copy);
 
 	EVP_CIPHER_CTX_free(ctx_copy);
-- 
2.34.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2024-08-12 20:44:03.419627527 +0800
+++ 0026-crypto-openssl-optimize-3DES-CTR-context-init.patch	2024-08-12 20:44:01.965069269 +0800
@@ -1 +1 @@
-From 08917edd8b110f9819301ee4f9b152de7c79ddd4 Mon Sep 17 00:00:00 2001
+From ee88b9496c9bcbdfc332962d5e10bddd2a9ffed7 Mon Sep 17 00:00:00 2001
@@ -4,0 +5,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit 08917edd8b110f9819301ee4f9b152de7c79ddd4 ]
@@ -32,2 +34,0 @@
-
-Cc: stable at dpdk.org

Previous message (by thread): patch 'crypto/openssl: fix GCM and CCM thread unsafe contexts' has been queued to stable release 23.11.2
Next message (by thread): patch 'crypto/openssl: make per-QP cipher context clones' has been queued to stable release 23.11.2
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list