Could you please try running openssl speed -evp aes-256-cbc
on your environment (i.e. the Win32 builds) with both 1.1.1 and 3.2
versions? Can you please post the results here?
What do you exactly mean by:
> Not that this is 32-bit Windows app so using AESNI is not an option
> for me. Other assembly code is enabled during OpenSSL build.
Do you somehow patch out the AES-NI implementation or anything else?
How do you configure your Win32 build?
Regards,
Tomas Mraz, OpenSSL
On Wed, 2024-01-10 at 12:03 +0530, k. patan wrote:
> Hi Team,
>
> I'm working on OpenSSL 3 migration for one of the applications where
> every incoming packet is decrypted, and outgoing packet is decrypted.
>
> This is code for the same -
> int do_crypt(Action act)
> {
> unsigned char outbuf[1024];
> /* Bogus key and IV: we'd normally set these from
> * another source.
> */
> unsigned char key[] = { 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 };
> unsigned char iv[] = { 1,2,3,4,5,6,7,8 };
> const unsigned char intext[] = "Some Crypto Text";
> EVP_CIPHER_CTX* pCtx = EVP_CIPHER_CTX_new();
> auto start = std::chrono::high_resolution_clock::now();
> EVP_CIPHER_CTX_reset(pCtx);
> EVP_CipherInit_ex(pCtx, EVP_aes_256_cbc(), NULL, key, iv, (act ==
> Encrypt) ? 1 : 0);
>
> if (!EVP_Cipher(pCtx, outbuf, intext, strlen((const char*)intext)))
> {
> /* Error */
> return 0;
> }
> auto end = std::chrono::high_resolution_clock::now();
> auto duration =
> std::chrono::duration_cast<std::chrono::microseconds>(end - start);
>
> std::cout << "Execution time: " << duration.count() << "
> microseconds" << std::endl;
>
> EVP_CIPHER_CTX_free(pCtx);
>
> return 1;
> }
>
> This code is giving me nightmare in terms of performance where we are
> getting 30% less download performance.
>
> One thing I tried is caching EVP_CIPER_fetch() value instead of
> calling EVP_aes_256_cbc().
> Still, it doesn't make much difference in performance.
> I started with OpenSSL 3.x and then upgraded to OpenSSL 3.2. Still
> not much difference.
>
> OpenSSL team accepted that OpenSSL 3.x series performance is not at
> par with OpenSSL 1.1.1 series.
> This explanation is not going to help us as OpenSSL is core of the
> application and such kind of performance degradation is release
> blocker for my application.
> Any suggestion from the experts to improve the execution time for the
> code within the timer.
> Not that this is 32-bit Windows app so using AESNI is not an option
> for me. Other assembly code is enabled during OpenSSL build.
>
> Regards
> K. Patan
>
--
Tomáš Mráz, OpenSSL
