OpenSSL 3.x performance Issue

Tomas Mraz tomas at openssl.org
Wed Jan 10 08:12:01 UTC 2024 

Could you please try running openssl speed -evp aes-256-cbc
on your environment (i.e. the Win32 builds) with both 1.1.1 and 3.2
versions? Can you please post the results here?

What do you exactly mean by:
 
> Not that this is 32-bit Windows app so using AESNI is not an option
> for me. Other assembly code is enabled during OpenSSL build.

Do you somehow patch out the AES-NI implementation or anything else?

How do you configure your Win32 build?

Regards,

Tomas Mraz, OpenSSL

On Wed, 2024-01-10 at 12:03 +0530, k. patan wrote:
> Hi Team,
> 
> I'm working on OpenSSL 3 migration for one of the applications where
> every incoming packet is decrypted, and outgoing packet is decrypted.
> 
> This is code for the same -
> int do_crypt(Action act)
> {
>   unsigned char outbuf[1024];
>   /* Bogus key and IV: we'd normally set these from
>    * another source.
>    */
>   unsigned char key[] = { 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 };
>   unsigned char iv[] = { 1,2,3,4,5,6,7,8 };
>   const unsigned char intext[] = "Some Crypto Text";
>   EVP_CIPHER_CTX* pCtx = EVP_CIPHER_CTX_new();
>   auto start = std::chrono::high_resolution_clock::now();
>   EVP_CIPHER_CTX_reset(pCtx);
>   EVP_CipherInit_ex(pCtx, EVP_aes_256_cbc(), NULL, key, iv, (act ==
> Encrypt) ? 1 : 0);
>   
>   if (!EVP_Cipher(pCtx, outbuf, intext, strlen((const char*)intext)))
> {
>     /* Error */
>     return 0;
>   }
>   auto end = std::chrono::high_resolution_clock::now();
>   auto duration =
> std::chrono::duration_cast<std::chrono::microseconds>(end - start);
> 
>   std::cout << "Execution time: " << duration.count() << "
> microseconds" << std::endl;
> 
>   EVP_CIPHER_CTX_free(pCtx);
> 
>   return 1;
> }
> 
> This code is giving me nightmare in terms of performance where we are
> getting 30% less download performance.
> 
> One thing I tried is caching EVP_CIPER_fetch() value instead of
> calling EVP_aes_256_cbc(). 
> Still, it doesn't make much difference in performance.
> I started with OpenSSL 3.x and then upgraded to OpenSSL 3.2. Still
> not much difference.
> 
> OpenSSL team accepted that OpenSSL 3.x series performance is not at
> par with OpenSSL 1.1.1 series.
> This explanation is not going to help us as OpenSSL is core of the
> application and such kind of performance degradation is release
> blocker for my application.
> Any suggestion from the experts to improve the execution time for the
> code within the timer.
> Not that this is 32-bit Windows app so using AESNI is not an option
> for me. Other assembly code is enabled during OpenSSL build.
> 
> Regards
> K. Patan
> 

-- 
Tomáš Mráz, OpenSSL

More information about the openssl-users mailing list