crypto/openssl: use local copy for session contexts
Session contexts are used for temporary storage when processing a packet. If packets for the same session are to be processed simultaneously on multiple cores, separate contexts must be used. Note: with openssl 1.1.1 EVP_CIPHER_CTX can no longer be defined as a variable on the stack: it must be allocated. This in turn reduces the performance. Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library") Cc: stable@dpdk.org Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
This commit is contained in:
parent
3ffce51a1f
commit
67ab783b5d
@ -1290,6 +1290,7 @@ process_openssl_combined_op
|
|||||||
int srclen, aadlen, status = -1;
|
int srclen, aadlen, status = -1;
|
||||||
uint32_t offset;
|
uint32_t offset;
|
||||||
uint8_t taglen;
|
uint8_t taglen;
|
||||||
|
EVP_CIPHER_CTX *ctx_copy;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Segmented destination buffer is not supported for
|
* Segmented destination buffer is not supported for
|
||||||
@ -1326,6 +1327,8 @@ process_openssl_combined_op
|
|||||||
}
|
}
|
||||||
|
|
||||||
taglen = sess->auth.digest_length;
|
taglen = sess->auth.digest_length;
|
||||||
|
ctx_copy = EVP_CIPHER_CTX_new();
|
||||||
|
EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx);
|
||||||
|
|
||||||
if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
|
if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
|
||||||
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC ||
|
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC ||
|
||||||
@ -1333,12 +1336,12 @@ process_openssl_combined_op
|
|||||||
status = process_openssl_auth_encryption_gcm(
|
status = process_openssl_auth_encryption_gcm(
|
||||||
mbuf_src, offset, srclen,
|
mbuf_src, offset, srclen,
|
||||||
aad, aadlen, iv,
|
aad, aadlen, iv,
|
||||||
dst, tag, sess->cipher.ctx);
|
dst, tag, ctx_copy);
|
||||||
else
|
else
|
||||||
status = process_openssl_auth_encryption_ccm(
|
status = process_openssl_auth_encryption_ccm(
|
||||||
mbuf_src, offset, srclen,
|
mbuf_src, offset, srclen,
|
||||||
aad, aadlen, iv,
|
aad, aadlen, iv,
|
||||||
dst, tag, taglen, sess->cipher.ctx);
|
dst, tag, taglen, ctx_copy);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC ||
|
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC ||
|
||||||
@ -1346,14 +1349,15 @@ process_openssl_combined_op
|
|||||||
status = process_openssl_auth_decryption_gcm(
|
status = process_openssl_auth_decryption_gcm(
|
||||||
mbuf_src, offset, srclen,
|
mbuf_src, offset, srclen,
|
||||||
aad, aadlen, iv,
|
aad, aadlen, iv,
|
||||||
dst, tag, sess->cipher.ctx);
|
dst, tag, ctx_copy);
|
||||||
else
|
else
|
||||||
status = process_openssl_auth_decryption_ccm(
|
status = process_openssl_auth_decryption_ccm(
|
||||||
mbuf_src, offset, srclen,
|
mbuf_src, offset, srclen,
|
||||||
aad, aadlen, iv,
|
aad, aadlen, iv,
|
||||||
dst, tag, taglen, sess->cipher.ctx);
|
dst, tag, taglen, ctx_copy);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
EVP_CIPHER_CTX_free(ctx_copy);
|
||||||
if (status != 0) {
|
if (status != 0) {
|
||||||
if (status == (-EFAULT) &&
|
if (status == (-EFAULT) &&
|
||||||
sess->auth.operation ==
|
sess->auth.operation ==
|
||||||
@ -1372,6 +1376,7 @@ process_openssl_cipher_op
|
|||||||
{
|
{
|
||||||
uint8_t *dst, *iv;
|
uint8_t *dst, *iv;
|
||||||
int srclen, status;
|
int srclen, status;
|
||||||
|
EVP_CIPHER_CTX *ctx_copy;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Segmented destination buffer is not supported for
|
* Segmented destination buffer is not supported for
|
||||||
@ -1388,22 +1393,25 @@ process_openssl_cipher_op
|
|||||||
|
|
||||||
iv = rte_crypto_op_ctod_offset(op, uint8_t *,
|
iv = rte_crypto_op_ctod_offset(op, uint8_t *,
|
||||||
sess->iv.offset);
|
sess->iv.offset);
|
||||||
|
ctx_copy = EVP_CIPHER_CTX_new();
|
||||||
|
EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx);
|
||||||
|
|
||||||
if (sess->cipher.mode == OPENSSL_CIPHER_LIB)
|
if (sess->cipher.mode == OPENSSL_CIPHER_LIB)
|
||||||
if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
|
if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
|
||||||
status = process_openssl_cipher_encrypt(mbuf_src, dst,
|
status = process_openssl_cipher_encrypt(mbuf_src, dst,
|
||||||
op->sym->cipher.data.offset, iv,
|
op->sym->cipher.data.offset, iv,
|
||||||
srclen, sess->cipher.ctx);
|
srclen, ctx_copy);
|
||||||
else
|
else
|
||||||
status = process_openssl_cipher_decrypt(mbuf_src, dst,
|
status = process_openssl_cipher_decrypt(mbuf_src, dst,
|
||||||
op->sym->cipher.data.offset, iv,
|
op->sym->cipher.data.offset, iv,
|
||||||
srclen, sess->cipher.ctx);
|
srclen, ctx_copy);
|
||||||
else
|
else
|
||||||
status = process_openssl_cipher_des3ctr(mbuf_src, dst,
|
status = process_openssl_cipher_des3ctr(mbuf_src, dst,
|
||||||
op->sym->cipher.data.offset, iv,
|
op->sym->cipher.data.offset, iv,
|
||||||
sess->cipher.key.data, srclen,
|
sess->cipher.key.data, srclen,
|
||||||
sess->cipher.ctx);
|
ctx_copy);
|
||||||
|
|
||||||
|
EVP_CIPHER_CTX_free(ctx_copy);
|
||||||
if (status != 0)
|
if (status != 0)
|
||||||
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
|
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
|
||||||
}
|
}
|
||||||
@ -1507,6 +1515,8 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
|
|||||||
{
|
{
|
||||||
uint8_t *dst;
|
uint8_t *dst;
|
||||||
int srclen, status;
|
int srclen, status;
|
||||||
|
EVP_MD_CTX *ctx_a;
|
||||||
|
HMAC_CTX *ctx_h;
|
||||||
|
|
||||||
srclen = op->sym->auth.data.length;
|
srclen = op->sym->auth.data.length;
|
||||||
|
|
||||||
@ -1514,14 +1524,20 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
|
|||||||
|
|
||||||
switch (sess->auth.mode) {
|
switch (sess->auth.mode) {
|
||||||
case OPENSSL_AUTH_AS_AUTH:
|
case OPENSSL_AUTH_AS_AUTH:
|
||||||
|
ctx_a = EVP_MD_CTX_create();
|
||||||
|
EVP_MD_CTX_copy_ex(ctx_a, sess->auth.auth.ctx);
|
||||||
status = process_openssl_auth(mbuf_src, dst,
|
status = process_openssl_auth(mbuf_src, dst,
|
||||||
op->sym->auth.data.offset, NULL, NULL, srclen,
|
op->sym->auth.data.offset, NULL, NULL, srclen,
|
||||||
sess->auth.auth.ctx, sess->auth.auth.evp_algo);
|
ctx_a, sess->auth.auth.evp_algo);
|
||||||
|
EVP_MD_CTX_destroy(ctx_a);
|
||||||
break;
|
break;
|
||||||
case OPENSSL_AUTH_AS_HMAC:
|
case OPENSSL_AUTH_AS_HMAC:
|
||||||
|
ctx_h = HMAC_CTX_new();
|
||||||
|
HMAC_CTX_copy(ctx_h, sess->auth.hmac.ctx);
|
||||||
status = process_openssl_auth_hmac(mbuf_src, dst,
|
status = process_openssl_auth_hmac(mbuf_src, dst,
|
||||||
op->sym->auth.data.offset, srclen,
|
op->sym->auth.data.offset, srclen,
|
||||||
sess->auth.hmac.ctx);
|
ctx_h);
|
||||||
|
HMAC_CTX_free(ctx_h);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
status = -1;
|
status = -1;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user