group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1601836] Re: Openssl libcrypto performance issue

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Frank Heimes <1601836@xxxxxxxxxxxxxxxxxx>
Date: Mon, 01 Aug 2016 20:43:19 -0000
Reply-to: Bug 1601836 <1601836@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
** Changed in: ubuntu-z-systems
       Status: New => Triaged

** No longer affects: openssl

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1601836

Title:
  Openssl libcrypto performance issue

Status in Ubuntu on IBM z Systems:
  Triaged
Status in openssl package in Ubuntu:
  Fix Committed
Status in openssl source package in Xenial:
  Triaged

Bug description:
  == Comment: #0 - Bastian Pfeifer <Bastian.Pfeifer@xxxxxxxxxx> - 2016-04-22 03:37:03 ==
  ---Problem Description---
  Performance problem with s390x assembly code in the openssl libcrypto library:
  CPACF functions such as SHA, AES ... queries the CPACF facility bits too often.

  Problematic code can be found here:
  https://github.com/openssl/openssl/blob/master/crypto/sha/asm/sha1-s390x.pl

  What happens is that for every e.g SHA1 call the code first tests if
  the HW function is available. That's the case for all the CPACF
  functions.

  However what the lib should do is to query only once, safe the value
  and then use the function. The problem is that the Hipervisor in
  certain scenarios is required to intercept the query instructions,
  which makes this really expensive.

   
  Contact Information = Bastian.Pfeifer@xxxxxxxxxx 
   
  ---uname output---
  4.4.0-18-generic #34-Ubuntu SMP 
   
  Machine Type = 2964, 701 NC9 
   
  ---Debugger---
  A debugger is not configured
   
  ---Steps to Reproduce---
   n/a
   
  Userspace tool common name: OpenSSL 
   
  The userspace tool has the following bit modes: 64-bit 

  Userspace rpm: OpenSSL 1.0.2g  1 Mar 2016

  Userspace tool obtained from project website:  na 
   
  *Additional Instructions for Bastian.Pfeifer@xxxxxxxxxx:
  -Attach ltrace and strace of userspace application.

  == Comment: #8 - Bastian Pfeifer <Bastian.Pfeifer@xxxxxxxxxx> - 2016-06-02 07:05:00 ==
  We performed tests on the new SHA,AES and GHASH code and report performance improvements especially for SHA (up to 20%).

  Here are the links to the new s390x assembly code which should be used
  to create patches for the UBUNTU specific openssl versions.

  1)
  https://github.com/openssl/openssl/blob/master/crypto/s390xcpuid.S
  2)
  https://github.com/openssl/openssl/blob/master/crypto/s390xcap.c
  3)
  https://github.com/openssl/openssl/blob/master/crypto/sha/asm/sha1-s390x.pl
  4)
  https://github.com/openssl/openssl/blob/master/crypto/sha/asm/sha512-s390x.pl
  5)
  https://github.com/openssl/openssl/blob/master/crypto/aes/asm/aes-s390x.pl
  6)
  https://github.com/openssl/openssl/blob/master/crypto/modes/asm/ghash-s390x.pl

  In case of AES I was forced to change the following code in aes-
  s390x.pl

  .globl	AES_set_decrypt_key
  .type	AES_set_decrypt_key,\@function

  goes to

  .globl	private_AES_set_decrypt_key
  .type	        private_AES_set_decrypt_key,\@function

  This was done for 'AES_set_encrypt_key as well; to be consistent with
  the openssl code which comes with UBUNTU. For my performance tests
  this worked properly and I checked the CPACF counter with the tool
  'cpacfstats'.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1601836/+subscriptions