** Description changed:
+ [Impact]
+
+ * hw accelerated crypto suffers from poor performance under certain
+ configurations.
+
+ [Test Case]
+
+ ---Steps to Reproduce---
+ Server; openssl s_server -cert benchcert.pem -quiet -WWW -engine ibmca
-accept 8050
+ Client: openssl s_time -key benchcert.pem -www /2k.html -time 90 -cipher
AES256-SHA -new -bugs -connect 10.14.1.254:8050 -elapsed
+
+ By scaling the number of processes, the issue becomes more and more
+ visible.
+
+ requires installing and configuring openssl-ibmca, on systems with hw
+ crypto enabled on the LPAR in the HMC.
+
+ [Regression Potential]
+
+ * There will be a change in crypto performance, when openssl-ibmca is
+ installed and configured to be used; hopefully for the better.
+
+ [Other Info]
+
+ * Original bug report:
+
---Problem Description---
Recent performance evaluation has shown significant degradation in the TLS
connections per second rate using the OpenSSL s_time benchmark with Ubuntu
18.04.1.
While doing RSA sign/verify operations, the engine would preffer doing RSA-ME
instead of RSA-CRT which is significantly better in terms of performance.
Baseline for this comparison are measurements executed with another distro.
Both measurements have been made on LPAR native, using the CEX6A adapter.
Crypto stack on the host:
OpenSSL ver: 1.1.0g
IBMCA ver: 1.4.1.-0
Libica ver: 3.2.1
Problem present under following condititions:
1. IBMCA ver >= 2.0.0
2. OpenSSL version >= 1.1.0 && IBMCA ver >= 1.3.1.
-
+
---uname output---
Linux m42lp01 4.15.0-29-generic #31-Ubuntu SMP Tue Jul 17 15:42:24 UTC 2018
s390x s390x s390x GNU/Linux
-
- Machine Type = Type/Model:3906-M04 LPAR
-
+
+ Machine Type = Type/Model:3906-M04 LPAR
+
---Steps to Reproduce---
- Server; openssl s_server -cert benchcert.pem -quiet -WWW -engine ibmca
-accept 8050
+ Server; openssl s_server -cert benchcert.pem -quiet -WWW -engine ibmca
-accept 8050
Client: openssl s_time -key benchcert.pem -www /2k.html -time 90 -cipher
AES256-SHA -new -bugs -connect 10.14.1.254:8050 -elapsed
- By scaling the number of processes, the issue becomes more and more visible.
-
- Userspace tool common name: openssl-ibmca
-
- The userspace tool has the following bit modes: 64
+ By scaling the number of processes, the issue becomes more and more
+ visible.
+
+ Userspace tool common name: openssl-ibmca
+
+ The userspace tool has the following bit modes: 64
Userspace package: openssl-ibmca-1.4.1-0ubuntu1.s390x
The attached patch is generated from the commit available here:
https://github.com/opencryptoki/openssl-ibmca/commit/a0e23d4063bf897dd9136c491d2201de5fbba653
- Generated with:
+ Generated with:
git format-patch -1 a0e23d4063bf897dd9136c491d2201de5fbba653
- To be applied with:
+ To be applied with:
patch /openssl-ibmca/src/ibmca_rsa.c
~/0001-Fix-doing-rsa-me-altough-rsa-crt-would-be-possible.patch
Fix applies smoothly and shows expected performance improvement as
visible on the chart.
** Changed in: openssl-ibmca (Ubuntu Bionic)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1806483
Title:
Ubuntu 18.04.1 - OpenSSL RSA connection rate performance degradation
using ibmca engine (openssl-ibmca)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1806483/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
