[v4,5/5] crypto/openssl: only set cipher padding once

Message ID 20240607124756.3968704-6-jack.bond-preston@foss.arm.com (mailing list archive)
State Superseded
Delegated to: akhil goyal
Headers
Series OpenSSL PMD Optimisations |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/loongarch-compilation success Compilation OK
ci/loongarch-unit-testing success Unit Testing PASS
ci/Intel-compilation success Compilation OK
ci/intel-Testing success Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/intel-Functional success Functional PASS
ci/github-robot: build success github build: passed
ci/iol-sample-apps-testing success Testing PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-broadcom-Functional success Functional Testing PASS
ci/iol-abi-testing success Testing PASS
ci/iol-unit-amd64-testing success Testing PASS
ci/iol-unit-arm64-testing success Testing PASS
ci/iol-compile-amd64-testing success Testing PASS
ci/iol-compile-arm64-testing success Testing PASS

Commit Message

Jack Bond-Preston June 7, 2024, 12:47 p.m. UTC
  Setting the cipher padding has a noticeable performance footprint,
and it doesn't need to be done for every call to
process_openssl_cipher_{en,de}crypt(). Setting it causes OpenSSL to set
it on every future context re-init. Thus, for every buffer after the
first one, the padding is being set twice.

Instead, just set the cipher padding once - when configuring the session
parameters - avoiding the unnecessary double setting behaviour. This is
skipped for AEAD ciphers, where disabling padding is not necessary.

Throughput performance uplift measurements for AES-CBC-128 encrypt on
Ampere Altra Max platform:
1 worker lcore
|   buffer sz (B) |   prev (Gbps) |   optimised (Gbps) |   uplift |
|-----------------+---------------+--------------------+----------|
|              64 |          2.97 |               3.72 |    25.2% |
|             256 |          8.10 |               9.42 |    16.3% |
|            1024 |         14.22 |              15.18 |     6.8% |
|            2048 |         16.28 |              16.93 |     4.0% |
|            4096 |         17.58 |              17.97 |     2.2% |

8 worker lcores
|   buffer sz (B) |   prev (Gbps) |   optimised (Gbps) |   uplift |
|-----------------+---------------+--------------------+----------|
|              64 |         21.27 |              29.85 |    40.3% |
|             256 |         60.05 |              75.53 |    25.8% |
|            1024 |        110.11 |             121.56 |    10.4% |
|            2048 |        128.05 |             135.40 |     5.7% |
|            4096 |        139.45 |             143.76 |     3.1% |

Signed-off-by: Jack Bond-Preston <jack.bond-preston@foss.arm.com>
Reviewed-by: Wathsala Vithanage <wathsala.vithanage@arm.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)
  

Comments

Ji, Kai July 1, 2024, 12:56 p.m. UTC | #1
Acked-by: Kai Ji <kai.ji@intel.com>
  

Patch

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 7e2e505222..101111e85b 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -619,6 +619,8 @@  openssl_set_session_cipher_parameters(struct openssl_session *sess,
 		return -ENOTSUP;
 	}
 
+	EVP_CIPHER_CTX_set_padding(sess->cipher.ctx, 0);
+
 	return 0;
 }
 
@@ -1124,8 +1126,6 @@  process_openssl_cipher_encrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,
 	if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
 		goto process_cipher_encrypt_err;
 
-	EVP_CIPHER_CTX_set_padding(ctx, 0);
-
 	if (process_openssl_encryption_update(mbuf_src, offset, &dst,
 			srclen, ctx, inplace))
 		goto process_cipher_encrypt_err;
@@ -1174,8 +1174,6 @@  process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,
 	if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
 		goto process_cipher_decrypt_err;
 
-	EVP_CIPHER_CTX_set_padding(ctx, 0);
-
 	if (process_openssl_decryption_update(mbuf_src, offset, &dst,
 			srclen, ctx, inplace))
 		goto process_cipher_decrypt_err;