diff options
-rw-r--r-- | src/plugins/crypto_openssl/main.c | 6 | ||||
-rw-r--r-- | src/vnet/crypto/crypto.c | 47 |
2 files changed, 44 insertions, 9 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c index c1e744fc839..6637e53789c 100644 --- a/src/plugins/crypto_openssl/main.c +++ b/src/plugins/crypto_openssl/main.c @@ -106,7 +106,7 @@ openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops, openssl_per_thread_data_t *ptd = vec_elt_at_index (per_thread_data, vm->thread_index); HMAC_CTX *ctx = ptd->hmac_ctx; - u32 i; + u32 i, n_fail = 0; for (i = 0; i < n_ops; i++) { vnet_crypto_op_t *op = ops[i]; @@ -121,7 +121,7 @@ openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops, { if ((memcmp (op->dst, buffer, sz))) { - n_ops -= 1; + n_fail++; op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC; continue; } @@ -130,7 +130,7 @@ openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops, clib_memcpy_fast (op->dst, buffer, sz); op->status = VNET_CRYPTO_OP_STATUS_COMPLETED; } - return n_ops; + return n_ops - n_fail; } #define _(a, b) \ diff --git a/src/vnet/crypto/crypto.c b/src/vnet/crypto/crypto.c index ceedc93bbaf..3dcb2ec33bd 100644 --- a/src/vnet/crypto/crypto.c +++ b/src/vnet/crypto/crypto.c @@ -19,23 +19,58 @@ vnet_crypto_main_t crypto_main; +static_always_inline u32 +vnet_crypto_process_ops_call_handler (vlib_main_t * vm, + vnet_crypto_main_t * cm, + vnet_crypto_op_type_t opt, + vnet_crypto_op_t * ops[], u32 n_ops) +{ + if (n_ops == 0) + return 0; + + if (cm->ops_handlers[opt] == 0) + { + while (n_ops) + { + ops[0]->status = VNET_CRYPTO_OP_STATUS_FAIL_NO_HANDLER; + ops++; + } + return 0; + } + + return (cm->ops_handlers[opt]) (vm, ops, n_ops); +} + + u32 vnet_crypto_process_ops (vlib_main_t * vm, vnet_crypto_op_t ops[], u32 n_ops) { vnet_crypto_main_t *cm = &crypto_main; + const int op_q_size = VLIB_FRAME_SIZE; + vnet_crypto_op_t *op_queue[op_q_size]; + vnet_crypto_op_type_t opt, current_op_type = ~0; + u32 n_op_queue = 0; u32 rv = 0, i; + ASSERT (n_ops >= 1); + for (i = 0; i < n_ops; i++) { - vnet_crypto_op_type_t opt = ops[i].op; - vnet_crypto_op_t *opp = &ops[i]; + opt = ops[i].op; + + if (current_op_type != opt || n_op_queue >= op_q_size) + { + rv += vnet_crypto_process_ops_call_handler (vm, cm, current_op_type, + op_queue, n_op_queue); + n_op_queue = 0; + current_op_type = opt; + } - if (cm->ops_handlers[opt]) - rv += (cm->ops_handlers[opt]) (vm, &opp, 1); - else - ops[i].status = VNET_CRYPTO_OP_STATUS_FAIL_NO_HANDLER; + op_queue[n_op_queue++] = &ops[i]; } + rv += vnet_crypto_process_ops_call_handler (vm, cm, current_op_type, + op_queue, n_op_queue); return rv; } |