Comment 0 for bug 1806483

---Problem Description---
Recent performance evaluation has shown significant degradation in the TLS connections per second rate using the OpenSSL s_time benchmark with Ubuntu 18.04.1.
While doing RSA sign/verify operations, the engine would preffer doing RSA-ME instead of RSA-CRT which is significantly better in terms of performance.

Baseline for this comparison are measurements executed with another distro.
Both measurements have been made on LPAR native, using the CEX6A adapter.

Crypto stack on the host:
OpenSSL ver: 1.1.0g
IBMCA ver: 1.4.1.-0
Libica ver: 3.2.1

Problem present under following condititions:
1. IBMCA ver >= 2.0.0
2. OpenSSL version >= 1.1.0 && IBMCA ver >= 1.3.1.

---uname output---
Linux m42lp01 4.15.0-29-generic #31-Ubuntu SMP Tue Jul 17 15:42:24 UTC 2018 s390x s390x s390x GNU/Linux

Machine Type = Type/Model:3906-M04 LPAR

---Steps to Reproduce---
 Server; openssl s_server -cert benchcert.pem -quiet -WWW -engine ibmca -accept 8050
Client: openssl s_time -key benchcert.pem -www /2k.html -time 90 -cipher AES256-SHA -new -bugs -connect 10.14.1.254:8050 -elapsed

By scaling the number of processes, the issue becomes more and more visible.

Userspace tool common name: openssl-ibmca

The userspace tool has the following bit modes: 64

Userspace package: openssl-ibmca-1.4.1-0ubuntu1.s390x

The attached patch is generated from the commit available here:
https://github.com/opencryptoki/openssl-ibmca/commit/a0e23d4063bf897dd9136c491d2201de5fbba653

Generated with:
git format-patch -1 a0e23d4063bf897dd9136c491d2201de5fbba653

To be applied with:
patch /openssl-ibmca/src/ibmca_rsa.c ~/0001-Fix-doing-rsa-me-altough-rsa-crt-would-be-possible.patch

Fix applies smoothly and shows expected performance improvement as visible on the chart.