Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/19356/?format=api
http://patches.dpdk.org/api/patches/19356/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/1484320997-1224-3-git-send-email-tomaszx.kulasek@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1484320997-1224-3-git-send-email-tomaszx.kulasek@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1484320997-1224-3-git-send-email-tomaszx.kulasek@intel.com", "date": "2017-01-13T15:23:16", "name": "[dpdk-dev,v5,2/3] crypto: add sgl support in openssl PMD", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "554a4587bbd9024ddbf129e12aef8862764f53a4", "submitter": { "id": 155, "url": "http://patches.dpdk.org/api/people/155/?format=api", "name": "Tomasz Kulasek", "email": "tomaszx.kulasek@intel.com" }, "delegate": { "id": 22, "url": "http://patches.dpdk.org/api/users/22/?format=api", "username": "pdelarag", "first_name": "Pablo", "last_name": "de Lara Guarch", "email": "pablo.de.lara.guarch@intel.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/1484320997-1224-3-git-send-email-tomaszx.kulasek@intel.com/mbox/", "series": [], "comments": "http://patches.dpdk.org/api/patches/19356/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/19356/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [IPv6:::1])\n\tby dpdk.org (Postfix) with ESMTP id 9564BF94C;\n\tFri, 13 Jan 2017 16:27:10 +0100 (CET)", "from mga05.intel.com (mga05.intel.com [192.55.52.43])\n\tby dpdk.org (Postfix) with ESMTP id 909B6BD34\n\tfor <dev@dpdk.org>; Fri, 13 Jan 2017 16:27:00 +0100 (CET)", "from orsmga001.jf.intel.com ([10.7.209.18])\n\tby fmsmga105.fm.intel.com with ESMTP; 13 Jan 2017 07:27:00 -0800", "from unknown (HELO Sent) ([10.103.102.79])\n\tby orsmga001.jf.intel.com with SMTP; 13 Jan 2017 07:26:57 -0800", "by Sent (sSMTP sendmail emulation); Fri, 13 Jan 2017 16:26:57 +0100" ], "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos; i=\"5.33,222,1477983600\"; d=\"scan'208\";\n\ta=\"1082600147\"", "From": "Tomasz Kulasek <tomaszx.kulasek@intel.com>", "To": "dev@dpdk.org", "Date": "Fri, 13 Jan 2017 16:23:16 +0100", "Message-Id": "<1484320997-1224-3-git-send-email-tomaszx.kulasek@intel.com>", "X-Mailer": "git-send-email 2.1.4", "In-Reply-To": "<1484320997-1224-1-git-send-email-tomaszx.kulasek@intel.com>", "References": "<1483634768-35012-1-git-send-email-tomaszx.kulasek@intel.com>\n\t<1484320997-1224-1-git-send-email-tomaszx.kulasek@intel.com>", "Subject": "[dpdk-dev] [PATCH v5 2/3] crypto: add sgl support in openssl PMD", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<http://dpdk.org/ml/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://dpdk.org/ml/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<http://dpdk.org/ml/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>\n---\n doc/guides/cryptodevs/openssl.rst | 3 +-\n drivers/crypto/openssl/rte_openssl_pmd.c | 329 +++++++++++++++++++++++-------\n 2 files changed, 259 insertions(+), 73 deletions(-)", "diff": "diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst\nindex f1c39ba..f6ed6ea 100644\n--- a/doc/guides/cryptodevs/openssl.rst\n+++ b/doc/guides/cryptodevs/openssl.rst\n@@ -112,6 +112,7 @@ Limitations\n -----------\n \n * Maximum number of sessions is 2048.\n-* Chained mbufs are not supported.\n+* Chained mbufs are supported only for source mbuf (destination must be\n+ contiguous).\n * Hash only is not supported for GCM and GMAC.\n * Cipher only is not supported for GCM and GMAC.\ndiff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c\nindex 312154a..426e407 100644\n--- a/drivers/crypto/openssl/rte_openssl_pmd.c\n+++ b/drivers/crypto/openssl/rte_openssl_pmd.c\n@@ -484,24 +484,112 @@\n * Process Operations\n *------------------------------------------------------------------------------\n */\n+static inline int\n+process_openssl_encryption_update(struct rte_mbuf *mbuf_src, int offset,\n+\t\tuint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx)\n+{\n+\tstruct rte_mbuf *m;\n+\tint dstlen;\n+\tint l, n = srclen;\n+\tuint8_t *src;\n+\n+\tfor (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);\n+\t\t\tm = m->next)\n+\t\toffset -= rte_pktmbuf_data_len(m);\n+\n+\tif (m == 0)\n+\t\treturn -1;\n+\n+\tsrc = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);\n+\n+\tl = rte_pktmbuf_data_len(m) - offset;\n+\tif (srclen <= l) {\n+\t\tif (EVP_EncryptUpdate(ctx, *dst, &dstlen, src, srclen) <= 0)\n+\t\t\treturn -1;\n+\t\t*dst += l;\n+\t\treturn 0;\n+\t}\n+\n+\tif (EVP_EncryptUpdate(ctx, *dst, &dstlen, src, l) <= 0)\n+\t\treturn -1;\n+\n+\t*dst += dstlen;\n+\tn -= l;\n+\n+\tfor (m = m->next; (m != NULL) && (n > 0); m = m->next) {\n+\t\tsrc = rte_pktmbuf_mtod(m, uint8_t *);\n+\t\tl = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;\n+\t\tif (EVP_EncryptUpdate(ctx, *dst, &dstlen, src, l) <= 0)\n+\t\t\treturn -1;\n+\t\t*dst += dstlen;\n+\t\tn -= l;\n+\t}\n+\n+\treturn 0;\n+}\n+\n+static inline int\n+process_openssl_decryption_update(struct rte_mbuf *mbuf_src, int offset,\n+\t\tuint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx)\n+{\n+\tstruct rte_mbuf *m;\n+\tint dstlen;\n+\tint l, n = srclen;\n+\tuint8_t *src;\n+\n+\tfor (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);\n+\t\t\tm = m->next)\n+\t\toffset -= rte_pktmbuf_data_len(m);\n+\n+\tif (m == 0)\n+\t\treturn -1;\n+\n+\tsrc = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);\n+\n+\tl = rte_pktmbuf_data_len(m) - offset;\n+\tif (srclen <= l) {\n+\t\tif (EVP_DecryptUpdate(ctx, *dst, &dstlen, src, srclen) <= 0)\n+\t\t\treturn -1;\n+\t\t*dst += l;\n+\t\treturn 0;\n+\t}\n+\n+\tif (EVP_DecryptUpdate(ctx, *dst, &dstlen, src, l) <= 0)\n+\t\treturn -1;\n+\n+\t*dst += dstlen;\n+\tn -= l;\n+\n+\tfor (m = m->next; (m != NULL) && (n > 0); m = m->next) {\n+\t\tsrc = rte_pktmbuf_mtod(m, uint8_t *);\n+\t\tl = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;\n+\t\tif (EVP_DecryptUpdate(ctx, *dst, &dstlen, src, l) <= 0)\n+\t\t\treturn -1;\n+\t\t*dst += dstlen;\n+\t\tn -= l;\n+\t}\n+\n+\treturn 0;\n+}\n \n /** Process standard openssl cipher encryption */\n static int\n-process_openssl_cipher_encrypt(uint8_t *src, uint8_t *dst,\n-\t\tuint8_t *iv, uint8_t *key, int srclen,\n+process_openssl_cipher_encrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,\n+\t\tint offset, uint8_t *iv, uint8_t *key, int srclen,\n \t\tEVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)\n {\n-\tint dstlen, totlen;\n+\tint totlen;\n \n \tif (EVP_EncryptInit_ex(ctx, algo, NULL, key, iv) <= 0)\n \t\tgoto process_cipher_encrypt_err;\n \n \tEVP_CIPHER_CTX_set_padding(ctx, 0);\n \n-\tif (EVP_EncryptUpdate(ctx, dst, &dstlen, src, srclen) <= 0)\n+\tif (process_openssl_encryption_update(mbuf_src, offset, &dst,\n+\t\t\tsrclen, ctx))\n \t\tgoto process_cipher_encrypt_err;\n \n-\tif (EVP_EncryptFinal_ex(ctx, dst + dstlen, &totlen) <= 0)\n+\tif (EVP_EncryptFinal_ex(ctx, dst, &totlen) <= 0)\n \t\tgoto process_cipher_encrypt_err;\n \n \treturn 0;\n@@ -513,23 +601,23 @@\n \n /** Process standard openssl cipher decryption */\n static int\n-process_openssl_cipher_decrypt(uint8_t *src, uint8_t *dst,\n-\t\tuint8_t *iv, uint8_t *key, int srclen,\n+process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,\n+\t\tint offset, uint8_t *iv, uint8_t *key, int srclen,\n \t\tEVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)\n {\n-\tint dstlen, totlen;\n+\tint totlen;\n \n \tif (EVP_DecryptInit_ex(ctx, algo, NULL, key, iv) <= 0)\n \t\tgoto process_cipher_decrypt_err;\n \n \tEVP_CIPHER_CTX_set_padding(ctx, 0);\n \n-\tif (EVP_DecryptUpdate(ctx, dst, &dstlen, src, srclen) <= 0)\n+\tif (process_openssl_decryption_update(mbuf_src, offset, &dst,\n+\t\t\tsrclen, ctx))\n \t\tgoto process_cipher_decrypt_err;\n \n-\tif (EVP_DecryptFinal_ex(ctx, dst + dstlen, &totlen) <= 0)\n+\tif (EVP_DecryptFinal_ex(ctx, dst, &totlen) <= 0)\n \t\tgoto process_cipher_decrypt_err;\n-\n \treturn 0;\n \n process_cipher_decrypt_err:\n@@ -539,11 +627,25 @@\n \n /** Process cipher des 3 ctr encryption, decryption algorithm */\n static int\n-process_openssl_cipher_des3ctr(uint8_t *src, uint8_t *dst,\n-\t\tuint8_t *iv, uint8_t *key, int srclen, EVP_CIPHER_CTX *ctx)\n+process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,\n+\t\tint offset, uint8_t *iv, uint8_t *key, int srclen,\n+\t\tEVP_CIPHER_CTX *ctx)\n {\n \tuint8_t ebuf[8], ctr[8];\n \tint unused, n;\n+\tstruct rte_mbuf *m;\n+\tuint8_t *src;\n+\tint l;\n+\n+\tfor (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);\n+\t\t\tm = m->next)\n+\t\toffset -= rte_pktmbuf_data_len(m);\n+\n+\tif (m == 0)\n+\t\tgoto process_cipher_des3ctr_err;\n+\n+\tsrc = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);\n+\tl = rte_pktmbuf_data_len(m) - offset;\n \n \t/* We use 3DES encryption also for decryption.\n \t * IV is not important for 3DES ecb\n@@ -552,9 +654,8 @@\n \t\tgoto process_cipher_des3ctr_err;\n \n \tmemcpy(ctr, iv, 8);\n-\tn = 0;\n \n-\twhile (n < srclen) {\n+\tfor (n = 0; n < srclen; n++) {\n \t\tif (n % 8 == 0) {\n \t\t\tif (EVP_EncryptUpdate(ctx,\n \t\t\t\t\t(unsigned char *)&ebuf, &unused,\n@@ -562,8 +663,16 @@\n \t\t\t\tgoto process_cipher_des3ctr_err;\n \t\t\tctr_inc(ctr);\n \t\t}\n-\t\tdst[n] = src[n] ^ ebuf[n % 8];\n-\t\tn++;\n+\t\tdst[n] = *(src++) ^ ebuf[n % 8];\n+\n+\t\tl--;\n+\t\tif (!l) {\n+\t\t\tm = m->next;\n+\t\t\tif (m) {\n+\t\t\t\tsrc = rte_pktmbuf_mtod(m, uint8_t *);\n+\t\t\t\tl = rte_pktmbuf_data_len(m);\n+\t\t\t}\n+\t\t}\n \t}\n \n \treturn 0;\n@@ -575,9 +684,9 @@\n \n /** Process auth/encription aes-gcm algorithm */\n static int\n-process_openssl_auth_encryption_gcm(uint8_t *src, int srclen,\n-\t\tuint8_t *aad, int aadlen, uint8_t *iv, int ivlen,\n-\t\tuint8_t *key, uint8_t *dst,\tuint8_t *tag,\n+process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,\n+\t\tint srclen, uint8_t *aad, int aadlen, uint8_t *iv, int ivlen,\n+\t\tuint8_t *key, uint8_t *dst, uint8_t *tag,\n \t\tEVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)\n {\n \tint len = 0, unused = 0;\n@@ -592,20 +701,20 @@\n \tif (EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv) <= 0)\n \t\tgoto process_auth_encryption_gcm_err;\n \n-\tif (aadlen > 0) {\n+\tif (aadlen > 0)\n \t\tif (EVP_EncryptUpdate(ctx, NULL, &len, aad, aadlen) <= 0)\n \t\t\tgoto process_auth_encryption_gcm_err;\n \n-\t\t/* Workaround open ssl bug in version less then 1.0.1f */\n-\t\tif (EVP_EncryptUpdate(ctx, empty, &unused, empty, 0) <= 0)\n-\t\t\tgoto process_auth_encryption_gcm_err;\n-\t}\n-\n \tif (srclen > 0)\n-\t\tif (EVP_EncryptUpdate(ctx, dst, &len, src, srclen) <= 0)\n+\t\tif (process_openssl_encryption_update(mbuf_src, offset, &dst,\n+\t\t\t\tsrclen, ctx))\n \t\t\tgoto process_auth_encryption_gcm_err;\n \n-\tif (EVP_EncryptFinal_ex(ctx, dst + len, &len) <= 0)\n+\t/* Workaround open ssl bug in version less then 1.0.1f */\n+\tif (EVP_EncryptUpdate(ctx, empty, &unused, empty, 0) <= 0)\n+\t\tgoto process_auth_encryption_gcm_err;\n+\n+\tif (EVP_EncryptFinal_ex(ctx, dst, &len) <= 0)\n \t\tgoto process_auth_encryption_gcm_err;\n \n \tif (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag) <= 0)\n@@ -619,10 +728,10 @@\n }\n \n static int\n-process_openssl_auth_decryption_gcm(uint8_t *src, int srclen,\n-\t\tuint8_t *aad, int aadlen, uint8_t *iv, int ivlen,\n-\t\tuint8_t *key, uint8_t *dst, uint8_t *tag,\n-\t\tEVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)\n+process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset,\n+\t\tint srclen, uint8_t *aad, int aadlen, uint8_t *iv, int ivlen,\n+\t\tuint8_t *key, uint8_t *dst, uint8_t *tag, EVP_CIPHER_CTX *ctx,\n+\t\tconst EVP_CIPHER *algo)\n {\n \tint len = 0, unused = 0;\n \tuint8_t empty[] = {};\n@@ -639,20 +748,20 @@\n \tif (EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv) <= 0)\n \t\tgoto process_auth_decryption_gcm_err;\n \n-\tif (aadlen > 0) {\n+\tif (aadlen > 0)\n \t\tif (EVP_DecryptUpdate(ctx, NULL, &len, aad, aadlen) <= 0)\n \t\t\tgoto process_auth_decryption_gcm_err;\n \n-\t\t/* Workaround open ssl bug in version less then 1.0.1f */\n-\t\tif (EVP_DecryptUpdate(ctx, empty, &unused, empty, 0) <= 0)\n-\t\t\tgoto process_auth_decryption_gcm_err;\n-\t}\n-\n \tif (srclen > 0)\n-\t\tif (EVP_DecryptUpdate(ctx, dst, &len, src, srclen) <= 0)\n+\t\tif (process_openssl_decryption_update(mbuf_src, offset, &dst,\n+\t\t\t\tsrclen, ctx))\n \t\t\tgoto process_auth_decryption_gcm_err;\n \n-\tif (EVP_DecryptFinal_ex(ctx, dst + len, &len) <= 0)\n+\t/* Workaround open ssl bug in version less then 1.0.1f */\n+\tif (EVP_DecryptUpdate(ctx, empty, &unused, empty, 0) <= 0)\n+\t\tgoto process_auth_decryption_gcm_err;\n+\n+\tif (EVP_DecryptFinal_ex(ctx, dst, &len) <= 0)\n \t\tgoto process_auth_decryption_gcm_final_err;\n \n \treturn 0;\n@@ -667,21 +776,50 @@\n \n /** Process standard openssl auth algorithms */\n static int\n-process_openssl_auth(uint8_t *src, uint8_t *dst,\n+process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,\n \t\t__rte_unused uint8_t *iv, __rte_unused EVP_PKEY * pkey,\n \t\tint srclen, EVP_MD_CTX *ctx, const EVP_MD *algo)\n {\n \tsize_t dstlen;\n+\tstruct rte_mbuf *m;\n+\tint l, n = srclen;\n+\tuint8_t *src;\n+\n+\tfor (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);\n+\t\t\tm = m->next)\n+\t\toffset -= rte_pktmbuf_data_len(m);\n+\n+\tif (m == 0)\n+\t\tgoto process_auth_err;\n \n \tif (EVP_DigestInit_ex(ctx, algo, NULL) <= 0)\n \t\tgoto process_auth_err;\n \n-\tif (EVP_DigestUpdate(ctx, (char *)src, srclen) <= 0)\n+\tsrc = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);\n+\n+\tl = rte_pktmbuf_data_len(m) - offset;\n+\tif (srclen <= l) {\n+\t\tif (EVP_DigestUpdate(ctx, (char *)src, srclen) <= 0)\n+\t\t\tgoto process_auth_err;\n+\t\tgoto process_auth_final;\n+\t}\n+\n+\tif (EVP_DigestUpdate(ctx, (char *)src, l) <= 0)\n \t\tgoto process_auth_err;\n \n+\tn -= l;\n+\n+\tfor (m = m->next; (m != NULL) && (n > 0); m = m->next) {\n+\t\tsrc = rte_pktmbuf_mtod(m, uint8_t *);\n+\t\tl = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;\n+\t\tif (EVP_DigestUpdate(ctx, (char *)src, l) <= 0)\n+\t\t\tgoto process_auth_err;\n+\t\tn -= l;\n+\t}\n+\n+process_auth_final:\n \tif (EVP_DigestFinal_ex(ctx, dst, (unsigned int *)&dstlen) <= 0)\n \t\tgoto process_auth_err;\n-\n \treturn 0;\n \n process_auth_err:\n@@ -691,18 +829,48 @@\n \n /** Process standard openssl auth algorithms with hmac */\n static int\n-process_openssl_auth_hmac(uint8_t *src, uint8_t *dst,\n+process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,\n \t\t__rte_unused uint8_t *iv, EVP_PKEY *pkey,\n-\t\tint srclen,\tEVP_MD_CTX *ctx, const EVP_MD *algo)\n+\t\tint srclen, EVP_MD_CTX *ctx, const EVP_MD *algo)\n {\n \tsize_t dstlen;\n+\tstruct rte_mbuf *m;\n+\tint l, n = srclen;\n+\tuint8_t *src;\n+\n+\tfor (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);\n+\t\t\tm = m->next)\n+\t\toffset -= rte_pktmbuf_data_len(m);\n+\n+\tif (m == 0)\n+\t\tgoto process_auth_err;\n \n \tif (EVP_DigestSignInit(ctx, NULL, algo, NULL, pkey) <= 0)\n \t\tgoto process_auth_err;\n \n-\tif (EVP_DigestSignUpdate(ctx, (char *)src, srclen) <= 0)\n+\tsrc = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);\n+\n+\tl = rte_pktmbuf_data_len(m) - offset;\n+\tif (srclen <= l) {\n+\t\tif (EVP_DigestSignUpdate(ctx, (char *)src, srclen) <= 0)\n+\t\t\tgoto process_auth_err;\n+\t\tgoto process_auth_final;\n+\t}\n+\n+\tif (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0)\n \t\tgoto process_auth_err;\n \n+\tn -= l;\n+\n+\tfor (m = m->next; (m != NULL) && (n > 0); m = m->next) {\n+\t\tsrc = rte_pktmbuf_mtod(m, uint8_t *);\n+\t\tl = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;\n+\t\tif (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0)\n+\t\t\tgoto process_auth_err;\n+\t\tn -= l;\n+\t}\n+\n+process_auth_final:\n \tif (EVP_DigestSignFinal(ctx, dst, &dstlen) <= 0)\n \t\tgoto process_auth_err;\n \n@@ -722,9 +890,18 @@\n \t\tstruct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst)\n {\n \t/* cipher */\n-\tuint8_t *src = NULL, *dst = NULL, *iv, *tag, *aad;\n+\tuint8_t *dst = NULL, *iv, *tag, *aad;\n \tint srclen, ivlen, aadlen, status = -1;\n \n+\t/*\n+\t * Segmented destination buffer is not supported for\n+\t * encryption/decryption\n+\t */\n+\tif (!rte_pktmbuf_is_contiguous(mbuf_dst)) {\n+\t\top->status = RTE_CRYPTO_OP_STATUS_ERROR;\n+\t\treturn;\n+\t}\n+\n \tiv = op->sym->cipher.iv.data;\n \tivlen = op->sym->cipher.iv.length;\n \taad = op->sym->auth.aad.data;\n@@ -740,22 +917,22 @@\n \t\tsrclen = 0;\n \telse {\n \t\tsrclen = op->sym->cipher.data.length;\n-\t\tsrc = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *,\n-\t\t\t\top->sym->cipher.data.offset);\n \t\tdst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,\n \t\t\t\top->sym->cipher.data.offset);\n \t}\n \n \tif (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)\n \t\tstatus = process_openssl_auth_encryption_gcm(\n-\t\t\t\tsrc, srclen, aad, aadlen, iv, ivlen,\n-\t\t\t\tsess->cipher.key.data, dst, tag,\n-\t\t\t\tsess->cipher.ctx, sess->cipher.evp_algo);\n+\t\t\t\tmbuf_src, op->sym->cipher.data.offset, srclen,\n+\t\t\t\taad, aadlen, iv, ivlen, sess->cipher.key.data,\n+\t\t\t\tdst, tag, sess->cipher.ctx,\n+\t\t\t\tsess->cipher.evp_algo);\n \telse\n \t\tstatus = process_openssl_auth_decryption_gcm(\n-\t\t\t\tsrc, srclen, aad, aadlen, iv, ivlen,\n-\t\t\t\tsess->cipher.key.data, dst, tag,\n-\t\t\t\tsess->cipher.ctx, sess->cipher.evp_algo);\n+\t\t\t\tmbuf_src, op->sym->cipher.data.offset, srclen,\n+\t\t\t\taad, aadlen, iv, ivlen, sess->cipher.key.data,\n+\t\t\t\tdst, tag, sess->cipher.ctx,\n+\t\t\t\tsess->cipher.evp_algo);\n \n \tif (status != 0) {\n \t\tif (status == (-EFAULT) &&\n@@ -773,12 +950,19 @@\n \t\t(struct rte_crypto_op *op, struct openssl_session *sess,\n \t\tstruct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst)\n {\n-\tuint8_t *src, *dst, *iv;\n+\tuint8_t *dst, *iv;\n \tint srclen, status;\n \n+\t/*\n+\t * Segmented destination buffer is not supported for\n+\t * encryption/decryption\n+\t */\n+\tif (!rte_pktmbuf_is_contiguous(mbuf_dst)) {\n+\t\top->status = RTE_CRYPTO_OP_STATUS_ERROR;\n+\t\treturn;\n+\t}\n+\n \tsrclen = op->sym->cipher.data.length;\n-\tsrc = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *,\n-\t\t\top->sym->cipher.data.offset);\n \tdst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,\n \t\t\top->sym->cipher.data.offset);\n \n@@ -786,17 +970,20 @@\n \n \tif (sess->cipher.mode == OPENSSL_CIPHER_LIB)\n \t\tif (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)\n-\t\t\tstatus = process_openssl_cipher_encrypt(src, dst, iv,\n+\t\t\tstatus = process_openssl_cipher_encrypt(mbuf_src, dst,\n+\t\t\t\t\top->sym->cipher.data.offset, iv,\n \t\t\t\t\tsess->cipher.key.data, srclen,\n \t\t\t\t\tsess->cipher.ctx,\n \t\t\t\t\tsess->cipher.evp_algo);\n \t\telse\n-\t\t\tstatus = process_openssl_cipher_decrypt(src, dst, iv,\n+\t\t\tstatus = process_openssl_cipher_decrypt(mbuf_src, dst,\n+\t\t\t\t\top->sym->cipher.data.offset, iv,\n \t\t\t\t\tsess->cipher.key.data, srclen,\n \t\t\t\t\tsess->cipher.ctx,\n \t\t\t\t\tsess->cipher.evp_algo);\n \telse\n-\t\tstatus = process_openssl_cipher_des3ctr(src, dst, iv,\n+\t\tstatus = process_openssl_cipher_des3ctr(mbuf_src, dst,\n+\t\t\t\top->sym->cipher.data.offset, iv,\n \t\t\t\tsess->cipher.key.data, srclen,\n \t\t\t\tsess->cipher.ctx);\n \n@@ -810,12 +997,10 @@\n \t\t(struct rte_crypto_op *op, struct openssl_session *sess,\n \t\tstruct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst)\n {\n-\tuint8_t *src, *dst;\n+\tuint8_t *dst;\n \tint srclen, status;\n \n \tsrclen = op->sym->auth.data.length;\n-\tsrc = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *,\n-\t\t\top->sym->auth.data.offset);\n \n \tif (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY)\n \t\tdst = (uint8_t *)rte_pktmbuf_append(mbuf_src,\n@@ -830,13 +1015,14 @@\n \n \tswitch (sess->auth.mode) {\n \tcase OPENSSL_AUTH_AS_AUTH:\n-\t\tstatus = process_openssl_auth(src, dst,\n-\t\t\t\tNULL, NULL,\tsrclen,\n+\t\tstatus = process_openssl_auth(mbuf_src, dst,\n+\t\t\t\top->sym->auth.data.offset, NULL, NULL, srclen,\n \t\t\t\tsess->auth.auth.ctx, sess->auth.auth.evp_algo);\n \t\tbreak;\n \tcase OPENSSL_AUTH_AS_HMAC:\n-\t\tstatus = process_openssl_auth_hmac(src, dst,\n-\t\t\t\tNULL, sess->auth.hmac.pkey, srclen,\n+\t\tstatus = process_openssl_auth_hmac(mbuf_src, dst,\n+\t\t\t\top->sym->auth.data.offset, NULL,\n+\t\t\t\tsess->auth.hmac.pkey, srclen,\n \t\t\t\tsess->auth.hmac.ctx, sess->auth.hmac.evp_algo);\n \t\tbreak;\n \tdefault:\n@@ -850,8 +1036,7 @@\n \t\t\top->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;\n \t\t}\n \t\t/* Trim area used for digest from mbuf. */\n-\t\trte_pktmbuf_trim(mbuf_src,\n-\t\t\t\top->sym->auth.digest.length);\n+\t\trte_pktmbuf_trim(mbuf_src, op->sym->auth.digest.length);\n \t}\n \n \tif (status != 0)\n@@ -902,7 +1087,6 @@\n \t\top->sym->session = NULL;\n \t}\n \n-\n \tif (op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)\n \t\top->status = RTE_CRYPTO_OP_STATUS_SUCCESS;\n \n@@ -996,7 +1180,8 @@\n \n \tdev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |\n \t\t\tRTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |\n-\t\t\tRTE_CRYPTODEV_FF_CPU_AESNI;\n+\t\t\tRTE_CRYPTODEV_FF_CPU_AESNI |\n+\t\t\tRTE_CRYPTODEV_FF_MBUF_SCATTER_GATHER;\n \n \t/* Set vector instructions mode supported */\n \tinternals = dev->data->dev_private;\n", "prefixes": [ "dpdk-dev", "v5", "2/3" ] }{ "id": 19356, "url": "