Hi Team,
I'm working on OpenSSL 3 migration for one of the applications where every incoming packet is decrypted, and outgoing packet is decrypted.
This is code for the same -
int do_crypt(Action act)
{
unsigned char outbuf[1024];
/* Bogus key and IV: we'd normally set these from
* another source.
*/
unsigned char key[] = { 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 };
unsigned char iv[] = { 1,2,3,4,5,6,7,8 };
const unsigned char intext[] = "Some Crypto Text";
EVP_CIPHER_CTX* pCtx = EVP_CIPHER_CTX_new();
auto start = std::chrono::high_resolution_clock::now();
EVP_CIPHER_CTX_reset(pCtx);
EVP_CipherInit_ex(pCtx, EVP_aes_256_cbc(), NULL, key, iv, (act == Encrypt) ? 1 : 0);
if (!EVP_Cipher(pCtx, outbuf, intext, strlen((const char*)intext))) {
/* Error */
return 0;
}
auto end = std::chrono::high_resolution_clock::now();
auto duration = std::chrono::duration_cast<std::chrono::microseconds>(end - start);
std::cout << "Execution time: " << duration.count() << " microseconds" << std::endl;
EVP_CIPHER_CTX_free(pCtx);
return 1;
}
This code is giving me nightmare in terms of performance where we are getting 30% less download performance.
One thing I tried is caching EVP_CIPER_fetch() value instead of calling EVP_aes_256_cbc().
Still, it doesn't make much difference in performance.
I started with OpenSSL 3.x and then upgraded to OpenSSL 3.2. Still not much difference.
OpenSSL team accepted that OpenSSL 3.x series performance is not at par with OpenSSL 1.1.1 series.
This explanation is not going to help us as OpenSSL is core of the application and such kind of performance degradation is release blocker for my application.
Any suggestion from the experts to improve the execution time for the code within the timer.
Not that this is 32-bit Windows app so using AESNI is not an option for me. Other assembly code is enabled during OpenSSL build.
Regards
K. Patan
