[Bug 1601836] Re: Openssl libcrypto performance issue
Launchpad Bug Tracker
1601836 at bugs.launchpad.net
Mon Aug 22 10:13:58 UTC 2016
This bug was fixed in the package openssl - 1.0.2g-1ubuntu4.2
---------------
openssl (1.0.2g-1ubuntu4.2) xenial; urgency=medium
* Cherry-pick s390x assembly pack bugfix to cache capability query
results for improved performance. LP: #1601836.
* Enable asm optimisations on s390x. LP: #1602655.
-- Dimitri John Ledkov <xnox at ubuntu.com> Thu, 28 Jul 2016 15:37:07
+0300
** Changed in: openssl (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1601836
Title:
Openssl libcrypto performance issue
Status in Ubuntu on IBM z Systems:
Fix Committed
Status in openssl package in Ubuntu:
Fix Released
Status in openssl source package in Xenial:
Fix Released
Bug description:
== Comment: #0 - Bastian Pfeifer <Bastian.Pfeifer at de.ibm.com> - 2016-04-22 03:37:03 ==
---Problem Description---
Performance problem with s390x assembly code in the openssl libcrypto library:
CPACF functions such as SHA, AES ... queries the CPACF facility bits too often.
Problematic code can be found here:
https://github.com/openssl/openssl/blob/master/crypto/sha/asm/sha1-s390x.pl
What happens is that for every e.g SHA1 call the code first tests if
the HW function is available. That's the case for all the CPACF
functions.
However what the lib should do is to query only once, safe the value
and then use the function. The problem is that the Hipervisor in
certain scenarios is required to intercept the query instructions,
which makes this really expensive.
Contact Information = Bastian.Pfeifer at de.ibm.com
---uname output---
4.4.0-18-generic #34-Ubuntu SMP
Machine Type = 2964, 701 NC9
---Debugger---
A debugger is not configured
---Steps to Reproduce---
n/a
Userspace tool common name: OpenSSL
The userspace tool has the following bit modes: 64-bit
Userspace rpm: OpenSSL 1.0.2g 1 Mar 2016
Userspace tool obtained from project website: na
*Additional Instructions for Bastian.Pfeifer at de.ibm.com:
-Attach ltrace and strace of userspace application.
== Comment: #8 - Bastian Pfeifer <Bastian.Pfeifer at de.ibm.com> - 2016-06-02 07:05:00 ==
We performed tests on the new SHA,AES and GHASH code and report performance improvements especially for SHA (up to 20%).
Here are the links to the new s390x assembly code which should be used
to create patches for the UBUNTU specific openssl versions.
1)
https://github.com/openssl/openssl/blob/master/crypto/s390xcpuid.S
2)
https://github.com/openssl/openssl/blob/master/crypto/s390xcap.c
3)
https://github.com/openssl/openssl/blob/master/crypto/sha/asm/sha1-s390x.pl
4)
https://github.com/openssl/openssl/blob/master/crypto/sha/asm/sha512-s390x.pl
5)
https://github.com/openssl/openssl/blob/master/crypto/aes/asm/aes-s390x.pl
6)
https://github.com/openssl/openssl/blob/master/crypto/modes/asm/ghash-s390x.pl
In case of AES I was forced to change the following code in aes-
s390x.pl
.globl AES_set_decrypt_key
.type AES_set_decrypt_key,\@function
goes to
.globl private_AES_set_decrypt_key
.type private_AES_set_decrypt_key,\@function
This was done for 'AES_set_encrypt_key as well; to be consistent with
the openssl code which comes with UBUNTU. For my performance tests
this worked properly and I checked the CPACF counter with the tool
'cpacfstats'.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1601836/+subscriptions
More information about the foundations-bugs
mailing list