RFC on Jammy SRU with OpenSSL 3.0 backports for performance

Mauricio Faria de Oliveira mfo at canonical.com
Tue Aug 15 13:20:50 UTC 2023


I'd like to request input (initially thinking of involved teams: SRU,
on backports of some performance improvement patches to OpenSSL in Jammy.
(Please feel free to comment and include others as appropriate.)

SEG has a customer support ticket about it, which allows us to put in the work,
but of course, it is OpenSSL, an SRU, thus agreement beforehand is needed.


The context is OpenSSL 3.0 has known, significant performance regressions [0]
from OpenSSL 1.1.1, which has been addressed / still in-progress upstream:
1) some patches in the 3.0 stable branch
2) some patches in the master branch (ie, not backported to 3.0)
3) some issues still open

To offset regression risk, there are benefits; e.g.,
1) Performance: some improvement
2) Security: smaller delta to 3.0 branch (may help with CVE fix backports)
3) Community: possibly help with mentions of Ubuntu 22.04 in regressions

IMHO, backports should be restricted to the 3.0 branch (so not to defeat 2).


There are statements in this thread [1] that suggest we only backport bug
and security fixes, certainly understandable, but considering the numbers,
_perhaps_ we should consider it -- that's why I ask your opinion on this.

For example, the test in bug [2]:

1) Focal, OpenSSL 1.1.1: 1.5 seconds
2) Jammy, OpenSSL 3.0.2: 30 seconds (20x slower)
3) Jammy, 7 cherrypicks: 5 seconds  (3x slower) (PPA [3])

So, these 7 clean cherry-picks from 3.0 branch [4] help significantly,
for this customer's test-case, but we (SEG) would only analyze in more
detail (and possibly propose such changes) based on input from other
involved teams. (SRU, Foundations, and Security later.)

Please let us know your thoughts.


[0] https://github.com/openssl/openssl/issues/17627#issuecomment-1060123659
[1] https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2023-May/019532.html
[2] https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2009544
[3] https://launchpad.net/~mfo/+archive/ubuntu/lp2009544
[4] https://github.com/openssl/openssl/pull/18151

Mauricio Faria de Oliveira

More information about the Ubuntu-release mailing list