[Acc] [PATCH 11/12] uadk_engine: optimize for sec cipher and digest init

7 Aug 2025

From: Wenkai Lin <linwenkai6@hisilicon.com>

When the nid is not changed, the original algorithm information
can be used, which reduces repeated calls.

Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
Signed-off-by: JiangShui Yang <yangjiangshui@h-partners.com>
---
 src/uadk_cipher.c | 98 ++++++++++++++++++++---------------------------
 src/uadk_digest.c | 75 ++++++++++++++++++------------------
 2 files changed, 79 insertions(+), 94 deletions(-)

diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index b55f6ae..f7facc9 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -65,6 +65,8 @@ struct cipher_priv_ctx {
 	size_t switch_threshold;
 	bool update_iv;
 	struct sched_params sched_param;
+	int nid;
+	const EVP_CIPHER *sw_cipher;
 };
 
 struct cipher_info {
@@ -171,8 +173,7 @@ static int uadk_e_cipher_sw_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 {
 	/* Real implementation: Openssl soft arithmetic key initialization function */
 	struct cipher_priv_ctx *priv;
-	const EVP_CIPHER *sw_cipher;
-	int ret, nid, sw_size;
+	int ret, sw_size;
 
 	if (unlikely(key == NULL)) {
 		fprintf(stderr, "uadk engine init parameter key is NULL.\n");
@@ -185,14 +186,7 @@ static int uadk_e_cipher_sw_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 		return 0;
 	}
 
-	nid = EVP_CIPHER_CTX_nid(ctx);
-	sw_cipher = sec_ciphers_get_cipher_sw_impl(nid);
-	if (unlikely(sw_cipher == NULL)) {
-		fprintf(stderr, "get openssl software cipher failed, nid = %d.\n", nid);
-		return 0;
-	}
-
-	sw_size = EVP_CIPHER_impl_ctx_size(sw_cipher);
+	sw_size = EVP_CIPHER_impl_ctx_size(priv->sw_cipher);
 	if (unlikely(sw_size == 0)) {
 		fprintf(stderr, "get openssl software cipher ctx size failed.\n");
 		return 0;
@@ -209,7 +203,7 @@ static int uadk_e_cipher_sw_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 		iv = EVP_CIPHER_CTX_iv_noconst(ctx);
 
 	EVP_CIPHER_CTX_set_cipher_data(ctx, priv->sw_ctx_data);
-	ret = EVP_CIPHER_meth_get_init(sw_cipher)(ctx, key, iv, enc);
+	ret = EVP_CIPHER_meth_get_init(priv->sw_cipher)(ctx, key, iv, enc);
 	EVP_CIPHER_CTX_set_cipher_data(ctx, priv);
 	if (unlikely(ret != 1)) {
 		fprintf(stderr, "failed init openssl soft work key.\n");
@@ -225,9 +219,8 @@ static int uadk_e_cipher_soft_work(EVP_CIPHER_CTX *ctx, unsigned char *out,
 				   const unsigned char *in, size_t inl)
 {
 	struct cipher_priv_ctx *priv;
-	const EVP_CIPHER *sw_cipher;
 	unsigned char *iv;
-	int ret, nid;
+	int ret;
 
 	priv = (struct cipher_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
 	if (unlikely(priv == NULL)) {
@@ -245,15 +238,9 @@ static int uadk_e_cipher_soft_work(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		memcpy(iv, priv->iv, EVP_CIPHER_CTX_iv_length(ctx));
 		priv->update_iv = true;
 	}
-	sw_cipher = sec_ciphers_get_cipher_sw_impl(EVP_CIPHER_CTX_nid(ctx));
-	if (unlikely(sw_cipher == NULL)) {
-		nid = EVP_CIPHER_CTX_nid(ctx);
-		fprintf(stderr, "get openssl software cipher failed, nid = %d.\n", nid);
-		return 0;
-	}
 
 	EVP_CIPHER_CTX_set_cipher_data(ctx, priv->sw_ctx_data);
-	ret = EVP_CIPHER_meth_get_do_cipher(sw_cipher)(ctx, out, in, inl);
+	ret = EVP_CIPHER_meth_get_do_cipher(priv->sw_cipher)(ctx, out, in, inl);
 	if (unlikely(ret != 1)) {
 		fprintf(stderr, "OpenSSL do cipher failed.\n");
 		return 0;
@@ -475,11 +462,21 @@ err_unlock:
 	return 0;
 }
 
-static void cipher_priv_ctx_setup(struct cipher_priv_ctx *priv,
-				  enum wd_cipher_alg alg, enum wd_cipher_mode mode)
+static bool is_cipher_nid_found(struct cipher_priv_ctx *priv, int nid)
 {
-	priv->setup.alg = alg;
-	priv->setup.mode = mode;
+	__u32 cipher_counts = ARRAY_SIZE(cipher_info_table);
+	__u32 i;
+
+	for (i = 0; i < cipher_counts; i++) {
+		if (nid == cipher_info_table[i].nid) {
+			priv->setup.alg = cipher_info_table[i].alg;
+			priv->setup.mode = cipher_info_table[i].mode;
+			return true;
+		}
+	}
+
+	fprintf(stderr, "failed to find the cipher nid!\n");
+	return false;
 }
 
 static int uadk_e_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -487,9 +484,7 @@ static int uadk_e_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 {
 	struct cipher_priv_ctx *priv =
 		(struct cipher_priv_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
-	__u32 cipher_counts = ARRAY_SIZE(cipher_info_table);
 	int nid, ret;
-	__u32 i;
 
 	if (unlikely(!priv)) {
 		fprintf(stderr, "priv get from cipher ctx is NULL.\n");
@@ -501,7 +496,6 @@ static int uadk_e_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 		return 0;
 	}
 
-	nid = EVP_CIPHER_CTX_nid(ctx);
 	priv->req.op_type = enc ? WD_CIPHER_ENCRYPTION : WD_CIPHER_DECRYPTION;
 
 	if (iv)
@@ -509,17 +503,18 @@ static int uadk_e_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	else
 		memcpy(priv->iv, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_iv_length(ctx));
 
-	for (i = 0; i < cipher_counts; i++) {
-		if (nid == cipher_info_table[i].nid) {
-			cipher_priv_ctx_setup(priv, cipher_info_table[i].alg,
-						cipher_info_table[i].mode);
-			break;
-		}
-	}
+	nid = EVP_CIPHER_CTX_nid(ctx);
+	if (nid != priv->nid) {
+		ret = is_cipher_nid_found(priv, nid);
+		if (!ret)
+			return 0;
 
-	if (i == cipher_counts) {
-		fprintf(stderr, "failed to setup the private ctx.\n");
-		return 0;
+		priv->sw_cipher = sec_ciphers_get_cipher_sw_impl(nid);
+		if (unlikely(priv->sw_cipher == NULL)) {
+			fprintf(stderr, "get openssl software cipher failed, nid = %d.\n", nid);
+			return 0;
+		}
+		priv->nid = nid;
 	}
 
 	ret = uadk_e_cipher_sw_init(ctx, key, iv, enc);
@@ -544,6 +539,9 @@ static int uadk_e_cipher_cleanup(EVP_CIPHER_CTX *ctx)
 		priv->sess = 0;
 	}
 
+	priv->nid = NID_undef;
+	priv->sw_cipher = NULL;
+
 	return 1;
 }
 
@@ -644,10 +642,8 @@ static int uadk_e_cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int numa_node, void
 
 static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
 {
-	__u32 cipher_counts = ARRAY_SIZE(cipher_info_table);
 	struct sched_params *para;
-	int nid, ret, type;
-	__u32 i;
+	int nid, ret, type = 0;
 
 	priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx);
 	priv->req.iv = priv->iv;
@@ -667,10 +663,8 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
 	 * the cipher algorithm does not distinguish between
 	 * encryption and decryption queues
 	 */
-	type = priv->req.op_type;
-	ret = uadk_e_is_env_enabled("cipher");
-	if (ret)
-		type = 0;
+	if (priv->req.op_type)
+		type = uadk_e_is_env_enabled("cipher") ? 0 : priv->req.op_type;
 
 	/* Use the default numa parameters */
 	if (priv->setup.sched_param != &priv->sched_param)
@@ -681,18 +675,10 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
 
 	if (!priv->sess) {
 		nid = EVP_CIPHER_CTX_nid(ctx);
-
-		for (i = 0; i < cipher_counts; i++) {
-			if (nid == cipher_info_table[i].nid) {
-				cipher_priv_ctx_setup(priv, cipher_info_table[i].alg,
-							cipher_info_table[i].mode);
-				break;
-			}
-		}
-
-		if (i == cipher_counts) {
-			fprintf(stderr, "failed to setup the private ctx.\n");
-			return;
+		if (nid != priv->nid) {
+			ret = is_cipher_nid_found(priv, nid);
+			if (!ret)
+				return;
 		}
 
 		priv->sess = wd_cipher_alloc_sess(&priv->setup);
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 92068b7..408eac3 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -140,6 +140,7 @@ struct digest_priv_ctx {
 	bool is_stream_copy;
 	size_t total_data_len;
 	struct sched_params sched_param;
+	__u32 out_bytes;
 };
 
 struct digest_info {
@@ -544,7 +545,7 @@ static void digest_priv_ctx_setup(struct digest_priv_ctx *priv,
 	priv->setup.alg = alg;
 	priv->setup.mode = mode;
 	priv->req.out_buf_bytes = MAX_DIGEST_LENGTH;
-	priv->req.out_bytes = out_len;
+	priv->out_bytes = out_len;
 }
 
 static void digest_priv_ctx_reset(struct digest_priv_ctx *priv)
@@ -574,23 +575,46 @@ static int uadk_e_digest_ctrl(EVP_MD_CTX *ctx, int cmd, int numa_node, void *p2)
 	return 1;
 }
 
+static bool is_digest_nid_found(struct digest_priv_ctx *priv, int nid)
+
+{
+	__u32 counts = ARRAY_SIZE(digest_info_table);
+	__u32 i;
+
+	for (i = 0; i < counts; i++) {
+		if (nid == digest_info_table[i].nid) {
+			digest_priv_ctx_setup(priv, digest_info_table[i].alg,
+					      digest_info_table[i].mode,
+					      digest_info_table[i].out_len);
+			return true;
+		}
+	}
+
+	fprintf(stderr, "failed to find the digest nid!\n");
+	return false;
+}
+
 static int uadk_e_digest_init(EVP_MD_CTX *ctx)
 {
 	struct digest_priv_ctx *priv =
 		(struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx);
-	__u32 digest_counts = ARRAY_SIZE(digest_info_table);
-	__u32 i;
-	int ret;
+	int ret, nid;
 
 	if (unlikely(!priv)) {
 		fprintf(stderr, "priv get from digest ctx is NULL.\n");
 		return 0;
 	}
 
-	priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
-
 	digest_priv_ctx_reset(priv);
 
+	nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
+	if (nid != priv->e_nid) {
+		ret = is_digest_nid_found(priv, nid);
+		if (!ret)
+			return 0;
+		priv->e_nid = nid;
+	}
+
 	ret = uadk_e_init_digest();
 	if (unlikely(!ret)) {
 		priv->switch_flag = UADK_DO_SOFT;
@@ -598,19 +622,6 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
 		return digest_soft_init(priv);
 	}
 
-	for (i = 0; i < digest_counts; i++) {
-		if (priv->e_nid == digest_info_table[i].nid) {
-			digest_priv_ctx_setup(priv, digest_info_table[i].alg,
-			digest_info_table[i].mode, digest_info_table[i].out_len);
-			break;
-		}
-	}
-
-	if (unlikely(i == digest_counts)) {
-		fprintf(stderr, "failed to setup the private ctx.\n");
-		return 0;
-	}
-
 	/* Use the default numa parameters */
 	if (priv->setup.sched_param != &priv->sched_param)
 		uadk_e_digest_ctrl(ctx, 0, -1, NULL);
@@ -635,22 +646,15 @@ out:
 	return 0;
 }
 
-static void digest_update_out_length(EVP_MD_CTX *ctx)
+static void digest_update_out_length(struct digest_priv_ctx *priv)
 {
-	struct digest_priv_ctx *priv =
-		(struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
-
-	if (unlikely(!priv)) {
-		fprintf(stderr, "priv get from digest ctx is NULL.\n");
-		return;
-	}
-
 	/* Sha224 and Sha384 need full length mac buffer as doing long hash */
 	if (priv->e_nid == NID_sha224)
 		priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN;
-
-	if (priv->e_nid == NID_sha384)
+	else if (priv->e_nid == NID_sha384)
 		priv->req.out_bytes = WD_DIGEST_SHA384_FULL_LEN;
+	else
+		priv->req.out_bytes = priv->out_bytes;
 }
 
 static void digest_set_msg_state(struct digest_priv_ctx *priv, bool is_end)
@@ -676,7 +680,7 @@ static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_le
 		return 0;
 	}
 
-	digest_update_out_length(ctx);
+	digest_update_out_length(priv);
 	digest_set_msg_state(priv, false);
 
 	do {
@@ -893,13 +897,7 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
 	priv->req.in = priv->data;
 	priv->req.out = priv->out;
 	priv->req.in_bytes = priv->last_update_bufflen;
-	priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
-
-	if (priv->e_nid == NID_sha224)
-		priv->req.out_bytes = WD_DIGEST_SHA224_LEN;
-
-	if (priv->e_nid == NID_sha384)
-		priv->req.out_bytes = WD_DIGEST_SHA384_LEN;
+	priv->req.out_bytes = priv->out_bytes;
 
 	if (unlikely(priv->switch_flag == UADK_DO_SOFT)) {
 		if (async_get_async_job())
@@ -978,6 +976,7 @@ static int uadk_e_digest_cleanup(EVP_MD_CTX *ctx)
 	}
 
 	digest_soft_cleanup(priv);
+	priv->e_nid = NID_undef;
 
 	return 1;
 }
-- 
2.43.0

    

[Acc] [PATCH 11/12] uadk_engine: optimize for sec cipher and digest init

Qi Tao