The openssl s390x assembly pack is not used
Bug #1602655 reported by
bugproxy
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
High
|
Dimitri John Ledkov | ||
openssl (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Xenial |
Fix Released
|
Low
|
Unassigned |
Bug Description
The openssl s390x assembly code is not available, causing a fallback to openssl internal C-code.
The performance degradation is up to a factor 4 for asymmetric (RSA, ...) and a factor >10 for symmetric cipher like SHA & AES.
tags: | added: architecture-s39064 bugnameltc-143617 severity-high targetmilestone-inin16041 |
tags: |
added: severity-critical removed: severity-high |
Changed in ubuntu-z-systems: | |
status: | New → Confirmed |
Changed in ubuntu-z-systems: | |
assignee: | nobody → Dimitri John Ledkov (xnox) |
Changed in openssl (Ubuntu): | |
status: | Confirmed → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | Confirmed → Fix Committed |
Changed in openssl (Ubuntu Xenial): | |
status: | New → In Progress |
importance: | Undecided → Low |
tags: |
added: verification-done removed: verification-needed |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
------- Comment From <email address hidden> 2016-07-13 08:02 EDT-------
---Problem Description---
The openssl s390x assembly code is not available, causing a fallback to openssl internal C-code. The performance degradation is up to a factor 4 for asymmetric (RSA, ...) and a factor >10 for symmetric cipher like SHA & AES.
Contact Information = <email address hidden>
---uname output---
4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:14:29 UTC 2016 s390x s390x s390x GNU/Linux
Machine Type = 2964, 701
---Debugger---
A debugger is not configured
---Steps to Reproduce---
#Run a benchmark
openssl speed sha1
#Check if CPACF was used
cpacfstatsd
cpacfstats
Userspace tool common name: OpenSSL 1.0.2g-fips 1 Mar 2016
The userspace tool has the following bit modes: 64-bit
Userspace rpm: OpenSSL 1.0.2g-fips 1 Mar 2016
Userspace tool obtained from project website: na
*Additional Instructions for <email address hidden>:
-Attach ltrace and strace of userspace application.
------- Comment From <email address hidden> 2016-07-13 08:04 EDT-------
To me it seems the following compiler flags
-DOPENSSL_ BN_ASM_ MONT -DOPENSSL_ BN_ASM_ GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DAES_CTR_ASM -DAES_XTS_ASM -DGHASH_ASM
are completely missing. Probably openssl was configured with the 'no-asm' option. This option, for example, is applied for s390 as defined in the openssl Configure file.
"debian- s390"," gcc:-DB_ ENDIAN ${debian_ cflags} ::-D_REENTRANT: :-ldl:RC4_ CHAR RC4_CHUNK DES_INT DES_UNROLL: ${no_asm} :dlfcn: linux-shared: -fPIC:: .so.\.\ ",
"debian- s390x", "gcc:-DB_ ENDIAN ${debian_ cflags} ::-D_REENTRANT: :-ldl:SIXTY_ FOUR_BIT_ LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL: ${no_asm} :dlfcn: linux-shared: -fPIC:: .so.\.\ ", LP1601836) , right, where I report performance improvements using modified s390x code already upstream on openssl github. Tested by a locally installed openssl source package.
-------
Its the same code as in bug IBM140645(
The issue reported here says that the s390x CPACF assembly code is not configured into the openssl build of Ubuntu at all and thus is not available in openssl client/server workloads; a fallback to very slow C-code is the result.
Probably, just some compiler flags are missing ...