patch 'crypto/openssl: optimize 3DES-CTR context init' has been queued to stable release 21.11.8

[Kevin Traynor]

Hi,

FYI, your patch has been queued to stable release 21.11.8

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 08/28/24. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/3e1ff62d6d58e74dfb47a5283de10d2cd8730d17

Thanks.

Kevin

---
>From 3e1ff62d6d58e74dfb47a5283de10d2cd8730d17 Mon Sep 17 00:00:00 2001
From: Jack Bond-Preston <jack.bond-preston at foss.arm.com>
Date: Wed, 3 Jul 2024 13:45:48 +0000
Subject: [PATCH] crypto/openssl: optimize 3DES-CTR context init

[ upstream commit 08917edd8b110f9819301ee4f9b152de7c79ddd4 ]

Currently the 3DES-CTR cipher context is initialised for every buffer,
setting the cipher implementation and key - even though for every
buffer in the session these values will be the same.

Change to initialising the cipher context once, before any buffers are
processed, instead.

Throughput performance uplift measurements for 3DES-CTR encrypt on
Ampere Altra Max platform:
1 worker lcore
|   buffer sz (B) |   prev (Gbps) |   optimised (Gbps) |   uplift |
|-----------------+---------------+--------------------+----------|
|              64 |          0.16 |               0.21 |    35.3% |
|             256 |          0.20 |               0.22 |     9.4% |
|            1024 |          0.22 |               0.23 |     2.3% |
|            2048 |          0.22 |               0.23 |     0.9% |
|            4096 |          0.22 |               0.23 |     0.9% |

8 worker lcores
|   buffer sz (B) |   prev (Gbps) |   optimised (Gbps) |   uplift |
|-----------------+---------------+--------------------+----------|
|              64 |          1.01 |               1.34 |    32.9% |
|             256 |          1.51 |               1.66 |     9.9% |
|            1024 |          1.72 |               1.77 |     2.6% |
|            2048 |          1.76 |               1.78 |     1.1% |
|            4096 |          1.79 |               1.80 |     0.6% |

Signed-off-by: Jack Bond-Preston <jack.bond-preston at foss.arm.com>
Acked-by: Kai Ji <kai.ji at intel.com>
Reviewed-by: Wathsala Vithanage <wathsala.vithanage at arm.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 514e93229f..a321258980 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -466,4 +466,13 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
 				sess->cipher.key.data) != 0)
 			return -EINVAL;
+
+
+		/* We use 3DES encryption also for decryption.
+		 * IV is not important for 3DES ECB.
+		 */
+		if (EVP_EncryptInit_ex(sess->cipher.ctx, EVP_des_ede3_ecb(),
+				NULL, sess->cipher.key.data,  NULL) != 1)
+			return -EINVAL;
+
 		break;
 
@@ -1002,6 +1011,5 @@ process_cipher_decrypt_err:
 static int
 process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
-		int offset, uint8_t *iv, uint8_t *key, int srclen,
-		EVP_CIPHER_CTX *ctx)
+		int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx)
 {
 	uint8_t ebuf[8], ctr[8];
@@ -1021,10 +1029,4 @@ process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
 	l = rte_pktmbuf_data_len(m) - offset;
 
-	/* We use 3DES encryption also for decryption.
-	 * IV is not important for 3DES ecb
-	 */
-	if (EVP_EncryptInit_ex(ctx, EVP_des_ede3_ecb(), NULL, key, NULL) <= 0)
-		goto process_cipher_des3ctr_err;
-
 	memcpy(ctr, iv, 8);
 
@@ -1461,6 +1463,5 @@ process_openssl_cipher_op
 	else
 		status = process_openssl_cipher_des3ctr(mbuf_src, dst,
-				op->sym->cipher.data.offset, iv,
-				sess->cipher.key.data, srclen,
+				op->sym->cipher.data.offset, iv, srclen,
 				ctx_copy);
 
-- 
2.46.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2024-08-23 17:18:11.750636699 +0100
+++ 0064-crypto-openssl-optimize-3DES-CTR-context-init.patch	2024-08-23 17:18:09.737430165 +0100
@@ -1 +1 @@
-From 08917edd8b110f9819301ee4f9b152de7c79ddd4 Mon Sep 17 00:00:00 2001
+From 3e1ff62d6d58e74dfb47a5283de10d2cd8730d17 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 08917edd8b110f9819301ee4f9b152de7c79ddd4 ]
+
@@ -33,2 +34,0 @@
-Cc: stable at dpdk.org
-
@@ -43 +43 @@
-index 3e547c2039..bd09d58d88 100644
+index 514e93229f..a321258980 100644
@@ -46 +46 @@
-@@ -554,4 +554,13 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
+@@ -466,4 +466,13 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
@@ -60 +60 @@
-@@ -1173,6 +1182,5 @@ process_cipher_decrypt_err:
+@@ -1002,6 +1011,5 @@ process_cipher_decrypt_err:
@@ -68 +68 @@
-@@ -1192,10 +1200,4 @@ process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
+@@ -1021,10 +1029,4 @@ process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
@@ -79 +79 @@
-@@ -1741,6 +1743,5 @@ process_openssl_cipher_op
+@@ -1461,6 +1463,5 @@ process_openssl_cipher_op