Openssl libcrypto performance issue
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
High
|
Dimitri John Ledkov | ||
openssl (Ubuntu) |
Fix Released
|
Low
|
Skipper Bug Screeners | ||
Xenial |
Fix Released
|
Low
|
Unassigned |
Bug Description
== Comment: #0 - Bastian Pfeifer <email address hidden> - 2016-04-22 03:37:03 ==
---Problem Description---
Performance problem with s390x assembly code in the openssl libcrypto library:
CPACF functions such as SHA, AES ... queries the CPACF facility bits too often.
Problematic code can be found here:
https:/
What happens is that for every e.g SHA1 call the code first tests if the HW function is available. That's the case for all the CPACF functions.
However what the lib should do is to query only once, safe the value and then use the function. The problem is that the Hipervisor in certain scenarios is required to intercept the query instructions, which makes this really expensive.
Contact Information = <email address hidden>
---uname output---
4.4.0-18-generic #34-Ubuntu SMP
Machine Type = 2964, 701 NC9
---Debugger---
A debugger is not configured
---Steps to Reproduce---
n/a
Userspace tool common name: OpenSSL
The userspace tool has the following bit modes: 64-bit
Userspace rpm: OpenSSL 1.0.2g 1 Mar 2016
Userspace tool obtained from project website: na
*Additional Instructions for <email address hidden>:
-Attach ltrace and strace of userspace application.
== Comment: #8 - Bastian Pfeifer <email address hidden> - 2016-06-02 07:05:00 ==
We performed tests on the new SHA,AES and GHASH code and report performance improvements especially for SHA (up to 20%).
Here are the links to the new s390x assembly code which should be used to create patches for the UBUNTU specific openssl versions.
1)
https:/
2)
https:/
3)
https:/
4)
https:/
5)
https:/
6)
https:/
In case of AES I was forced to change the following code in aes-s390x.pl
.globl AES_set_decrypt_key
.type AES_set_
goes to
.globl private_
.type private_
This was done for 'AES_set_
Changed in ubuntu-z-systems: | |
importance: | Undecided → High |
assignee: | nobody → Dimitri John Ledkov (xnox) |
Changed in openssl (Ubuntu): | |
status: | New → Fix Committed |
Changed in openssl (Ubuntu Xenial): | |
importance: | Undecided → Low |
status: | New → Triaged |
Changed in openssl (Ubuntu): | |
importance: | Undecided → Low |
Changed in ubuntu-z-systems: | |
status: | New → Triaged |
no longer affects: | openssl |
Changed in openssl (Ubuntu Xenial): | |
status: | Triaged → In Progress |
Changed in ubuntu-z-systems: | |
status: | Triaged → In Progress |
Changed in ubuntu-z-systems: | |
status: | In Progress → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
Default Comment by Bridge