Ubuntu
openssl package

Bug #1601836
Comment #3

Comment 3 for bug 1601836

Revision history for this message

Frank Heimes (fheimes) wrote on 2016-07-13:

Some add. IBM info:

---Problem Description---
The openssl s390x assembly code is not available, causing a fallback to openssl internal C-code. The performance degradation is up to a factor 4 for asymmetric (RSA, ...) and a factor >10 for symmetric cipher like SHA & AES.

Contact Information = <email address hidden>

---uname output---
4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:14:29 UTC 2016 s390x s390x s390x GNU/Linux

Machine Type = 2964, 701

---Debugger---
A debugger is not configured

---Steps to Reproduce---
#Run a benchmark
openssl speed sha1

#Check if CPACF was used
cpacfstatsd
cpacfstats

Userspace tool common name: OpenSSL 1.0.2g-fips 1 Mar 2016

The userspace tool has the following bit modes: 64-bit

Userspace rpm: OpenSSL 1.0.2g-fips 1 Mar 2016

Userspace tool obtained from project website: na

*Additional Instructions for <email address hidden>:
-Attach ltrace and strace of userspace application.

To me it seems the following compiler flags

-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DAES_CTR_ASM -DAES_XTS_ASM -DGHASH_ASM

are completely missing. Probably openssl was configured with the 'no-asm' option. This option, for example, is applied for s390 as defined in the openssl Configure file.

"debian-s390","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

"debian-s390x","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-------
Its the same code as in bug IBM140645(LP1601836), right, where I report performance improvements using modified s390x code already upstream on openssl github. Tested by a locally installed openssl source package.

The issue reported here says that the s390x CPACF assembly code is not configured into the openssl build of Ubuntu at all and thus is not available in openssl client/server workloads; a fallback to very slow C-code is the result.

Probably, just some compiler flags are missing ...

Some add. IBM info:

---Problem Description---
The openssl s390x assembly code is not available, causing a fallback to openssl internal C-code. The performance degradation is up to a factor 4 for asymmetric (RSA, ...)  and a factor >10 for symmetric cipher like SHA & AES.

Contact Information = Bastian.Pfeifer@de.ibm.com

---uname output---
4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:14:29 UTC 2016 s390x s390x s390x GNU/Linux

Machine Type = 2964, 701

---Debugger---
A debugger is not configured

---Steps to Reproduce---
#Run a benchmark
openssl speed sha1

#Check if CPACF was used
cpacfstatsd
cpacfstats

Userspace tool common name: OpenSSL 1.0.2g-fips  1 Mar 2016

The userspace tool has the following bit modes: 64-bit

Userspace rpm: OpenSSL 1.0.2g-fips  1 Mar 2016

Userspace tool obtained from project website:  na

*Additional Instructions for Bastian.Pfeifer@de.ibm.com:
-Attach ltrace and strace of userspace application.