search

openssl / openssl

TLS/SSL and crypto library
https://www.openssl.org
Apache License 2.0
25.84k stars 10.13k forks source link

OpenSSL does not use any hardware acceleration on HP-UX for encryption/decryption #23701

Open ashwanikadian opened 8 months ago

ashwanikadian commented 8 months ago

While testing encryption/decryption performance on HP-UX, we observed that OpenSSL does not use any hardware acceleration or assembly code to optimize the encryption/decryption performance. We are testing on OpenSSL 3.0.13 currently.

The hardware acceleration is already being used by OpenSSL on Linux and AIX. The encryption/decryption performance on HP-UX is very very slow due to missing assembly optimizations.

Is there any plan from OpenSSL side to add hardware optimizations on HP-UX in near future or is there any limitation in HP-UX itself that its not possible to optimize encryption/decryption further on it?

Following is the stack trace of our encryption/decryption test application with OpenSSL on Linux, showing the use of assembly code on LINUX.X64 for using hardware acceleration:

0 aesni_xts_encrypt () at crypto/aes/aesni-x86_64.s:1614

1 0x000000000045b651 in aes_xts_cipher (vctx=0xa07fb0, out=0xa0eb30 "", outl=0x7ffffffe9ac8, outsize=8192, in=0x9c62c0 'X' <repeats 200 times>...,

inl=8192) at providers/implementations/ciphers/cipher_aes_xts.c:183

2 0x000000000045b746 in aes_xts_stream_update (vctx=0xa07fb0, out=0xa0eb30 "", outl=0x7ffffffe9ac8, outsize=8192,

in=0x9c62c0 'X' <repeats 200 times>..., inl=8192) at providers/implementations/ciphers/cipher_aes_xts.c:203

3 0x0000000000414a42 in EVP_EncryptUpdate (ctx=0xa07940, out=0xa0eb30 "", outl=0x7ffffffe9bd8, in=0x9c62c0 'X' <repeats 200 times>..., inl=8192)

at crypto/evp/evp_enc.c:684

4 0x000000000040456c in enc_decrypt_test (cipher_ctx1=0xa07940, cipher_ctx2=0xa07a00, key=0x9df0e0 "", iv=0x9cbc00 "",

message=0x9c62c0 'X' <repeats 200 times>..., message_len=8192, decrypted_buf=0xa10b60 "", decrypted_len=8224, encrypted_buf=0xa0eb30 "",
encrypted_len=0, block_size=32, tag=0x0, taglen=0) at osl.c:71

5 0x0000000000405498 in run (iterations=4, cipher_name=0x9c62a0 "AES-256-XTS", message=0x9c62c0 'X' <repeats 200 times>..., message_len=8192,

enable_timer=1, fips_module_path=0x0) at osl.c:270

6 0x0000000000405dec in main (argc=8, argv=0x7ffffffeb0a8) at main.c:99

Following is the stack trace of our encryption/decryption test application with OpenSSL on HP-UX, showing the use of C code on HPUX.IA64, without any hardware acceleration:

0 CRYPTO_xts128_encrypt (ctx=0x6000000000079310, iv=0x6000000000079080 "",

inp=0x6000000000039290 'X' <repeats 200 times>...,
out=0x60000000000c6830 "", len=8192, enc=1) at crypto/modes/xts128.c:28

1 0x40000000003a0650:0 in aes_xts_cipher (vctx=0x6000000000079060,

out=0x60000000000c6830 "", outl=0x87fffffffffeac98, outsize=8192,
in=0x6000000000039290 'X' <repeats 200 times>..., inl=8192)
at providers/implementations/ciphers/cipher_aes_xts.c:184

2 0x400000000039fc30:0 in aes_xts_stream_update (vctx=0x6000000000079060,

out=0x60000000000c6830 "", outl=0x87fffffffffeac98, outsize=8192,
in=0x6000000000039290 'X' <repeats 200 times>..., inl=8192)
at providers/implementations/ciphers/cipher_aes_xts.c:203

3 0x4000000000264d80:0 in EVP_EncryptUpdate (ctx=0x60000000000c1d20,

out=0x60000000000c6830 "", outl=0x87fffffffffead3c,
in=0x6000000000039290 'X' <repeats 200 times>..., inl=8192)
at crypto/evp/evp_enc.c:684

4 0x4000000000207d70:0 in enc_decrypt_test (cipher_ctx1=0x60000000000c1d20,

cipher_ctx2=0x60000000000c1de0, key=0x60000000000be2f0 "",
iv=0x600000000004b2d0 "",
message=0x6000000000039290 'X' <repeats 200 times>..., message_len=8192,
decrypted_buf=0x60000000000c8860 "", decrypted_len=8224,
encrypted_buf=0x60000000000c6830 "", encrypted_len=0, block_size=32)
at osl.c:71

5 0x4000000000209130:0 in run (iterations=4,

cipher_name=0x6000000000038600 "AES-256-XTS",
message=0x6000000000039290 'X' <repeats 200 times>..., message_len=8192,
enable_timer=1, fips_module_path=0x0) at osl.c:239

6 0x400000000020a020:0 in main (argc=8, argv=0x87fffffffffeb5e8) at main.c:90

slontis commented 8 months ago

My observation is that many recent assembler changes were contributed by third parties that have an interest in the particular hardware (e.g Intel). There is some HPUX ia64 support. It seems unlikely that this particular platform would be supported, unless an external PR is submitted that targets the platform. Are there any other comments from @openssl/otc?

nhorman commented 7 months ago

Not an OTC comment, but HP-UX is currently on the list of unadopted platforms. If there was a community member willing to volunteer as maintainer, it could be updated to be a community supported platform.