Commit 67ab783b5d70 ("crypto/openssl: use local copy for session
contexts") introduced a fix for concurrency bugs which could occur when
using one OpenSSL PMD session across multiple cores simultaneously. The
solution was to clone the EVP contexts per-buffer to avoid them being
used concurrently.
However, part of commit 75adf1eae44f ("crypto/openssl: update HMAC
routine with 3.0 EVP API") reverted this fix, only for combined ops
(AES-GCM and AES-CCM), with no explanation. This commit fixes the issue
again, essentially reverting this part of the commit.
Throughput performance uplift measurements for AES-GCM-128 encrypt on
Ampere Altra Max platform:
1 worker lcore
| buffer sz (B) | prev (Gbps) | optimised (Gbps) | uplift |
|-----------------+---------------+--------------------+----------|
| 64 | 2.60 | 1.31 | -49.5% |
| 256 | 7.69 | 4.45 | -42.1% |
| 1024 | 15.33 | 11.30 | -26.3% |
| 2048 | 18.74 | 15.37 | -18.0% |
| 4096 | 21.11 | 18.80 | -10.9% |
8 worker lcores
| buffer sz (B) | prev (Gbps) | optimised (Gbps) | uplift |
|-----------------+---------------+--------------------+----------|
| 64 | 19.94 | 2.83 | -85.8% |
| 256 | 58.84 | 11.00 | -81.3% |
| 1024 | 119.71 | 42.46 | -64.5% |
| 2048 | 147.69 | 80.91 | -45.2% |
| 4096 | 167.39 | 121.25 | -27.6% |
Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP API")
Cc: sta...@dpdk.org
Signed-off-by: Jack Bond-Preston <jack.bond-pres...@foss.arm.com>
Reviewed-by: Wathsala Vithanage <wathsala.vithan...@arm.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
b/drivers/crypto/openssl/rte_openssl_pmd.c
index e8cb09defc..ca7ed30ec4 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1590,6 +1590,9 @@ process_openssl_combined_op
return;
}
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_copy(ctx, sess->cipher.ctx);
+
iv = rte_crypto_op_ctod_offset(op, uint8_t *,
sess->iv.offset);
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
@@ -1623,12 +1626,12 @@ process_openssl_combined_op
status = process_openssl_auth_encryption_gcm(
mbuf_src, offset, srclen,
aad, aadlen, iv,
- dst, tag, sess->cipher.ctx);
+ dst, tag, ctx);
else
status = process_openssl_auth_encryption_ccm(
mbuf_src, offset, srclen,
aad, aadlen, iv,
- dst, tag, taglen, sess->cipher.ctx);
+ dst, tag, taglen, ctx);
} else {
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC ||
@@ -1636,14 +1639,16 @@ process_openssl_combined_op
status = process_openssl_auth_decryption_gcm(
mbuf_src, offset, srclen,
aad, aadlen, iv,
- dst, tag, sess->cipher.ctx);
+ dst, tag, ctx);
else
status = process_openssl_auth_decryption_ccm(
mbuf_src, offset, srclen,
aad, aadlen, iv,
- dst, tag, taglen, sess->cipher.ctx);
+ dst, tag, taglen, ctx);
}
+ EVP_CIPHER_CTX_free(ctx);
+
if (status != 0) {
if (status == (-EFAULT) &&
sess->auth.operation ==
--
2.34.1
