OpenSSL 3.x performance Issue

k. patan keshoraipatan16 at gmail.com
Wed Jan 10 06:33:14 UTC 2024 

Hi Team,

I'm working on OpenSSL 3 migration for one of the applications where every
incoming packet is decrypted, and outgoing packet is decrypted.

This is code for the same -
int do_crypt(Action act)
{
  unsigned char outbuf[1024];
  /* Bogus key and IV: we'd normally set these from
   * another source.
   */
  unsigned char key[] = { 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 };
  unsigned char iv[] = { 1,2,3,4,5,6,7,8 };
  const unsigned char intext[] = "Some Crypto Text";
  EVP_CIPHER_CTX* pCtx = EVP_CIPHER_CTX_new();
  auto start = std::chrono::high_resolution_clock::now();
  EVP_CIPHER_CTX_reset(pCtx);
  EVP_CipherInit_ex(pCtx, EVP_aes_256_cbc(), NULL, key, iv, (act ==
Encrypt) ? 1 : 0);

  if (!EVP_Cipher(pCtx, outbuf, intext, strlen((const char*)intext))) {
    /* Error */
    return 0;
  }
  auto end = std::chrono::high_resolution_clock::now();
  auto duration = std::chrono::duration_cast<std::chrono::microseconds>(end
- start);

  std::cout << "Execution time: " << duration.count() << " microseconds" <<
std::endl;

  EVP_CIPHER_CTX_free(pCtx);

  return 1;
}

This code is giving me nightmare in terms of performance where we are
getting 30% less download performance.

One thing I tried is caching EVP_CIPER_fetch() value instead of calling
EVP_aes_256_cbc().
Still, it doesn't make much difference in performance.
I started with OpenSSL 3.x and then upgraded to OpenSSL 3.2. Still not much
difference.

OpenSSL team accepted that OpenSSL 3.x series performance is not at par
with OpenSSL 1.1.1 series.
This explanation is not going to help us as OpenSSL is core of the
application and such kind of performance degradation is release blocker for
my application.
Any suggestion from the experts to improve the execution time for the code
within the timer.
Not that this is 32-bit Windows app so using AESNI is not an option for me.
Other assembly code is enabled during OpenSSL build.

Regards
K. Patan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240110/00cbbfb1/attachment.htm>

More information about the openssl-users mailing list