1 files changed, 54 insertions, 0 deletions

diff --git a/src/vnet/ipsec/ipsec.h b/src/vnet/ipsec/ipsec.h
index ced71194f39..d40767001b8 100644
--- a/src/vnet/ipsec/ipsec.h
+++ b/src/vnet/ipsec/ipsec.h
@@ -18,6 +18,13 @@
 #include <vnet/ip/ip.h>
 #include <vnet/feature/feature.h>
 
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+
+#include <vppinfra/types.h>
+#include <vppinfra/cache.h>
+
 #define IPSEC_FLAG_IPSEC_GRE_TUNNEL (1 << 0)
 
 #define foreach_ipsec_output_next  \
@@ -292,6 +299,53 @@ typedef struct
 
 typedef struct
 {
+  const EVP_CIPHER *type;
+  u8 iv_size;
+  u8 block_size;
+} ipsec_proto_main_crypto_alg_t;
+
+typedef struct
+{
+  const EVP_MD *md;
+  u8 trunc_size;
+} ipsec_proto_main_integ_alg_t;
+
+typedef struct
+{
+  CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  EVP_CIPHER_CTX *encrypt_ctx;
+#else
+  EVP_CIPHER_CTX encrypt_ctx;
+#endif
+    CLIB_CACHE_LINE_ALIGN_MARK (cacheline1);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  EVP_CIPHER_CTX *decrypt_ctx;
+#else
+  EVP_CIPHER_CTX decrypt_ctx;
+#endif
+    CLIB_CACHE_LINE_ALIGN_MARK (cacheline2);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  HMAC_CTX *hmac_ctx;
+#else
+  HMAC_CTX hmac_ctx;
+#endif
+  ipsec_crypto_alg_t last_encrypt_alg;
+  ipsec_crypto_alg_t last_decrypt_alg;
+  ipsec_integ_alg_t last_integ_alg;
+} ipsec_proto_main_per_thread_data_t;
+
+typedef struct
+{
+  ipsec_proto_main_crypto_alg_t *ipsec_proto_main_crypto_algs;
+  ipsec_proto_main_integ_alg_t *ipsec_proto_main_integ_algs;
+  ipsec_proto_main_per_thread_data_t *per_thread_data;
+} ipsec_proto_main_t;
+
+extern ipsec_proto_main_t ipsec_proto_main;
+
+typedef struct
+{
   /* pool of tunnel instances */
   ipsec_spd_t *spds;
   ipsec_sa_t *sad;