Skip Menu |
 
Ticket metadata
The Basics
Id: 2065
Status: resolved
Priority: 0/
Queue: OpenSSL-Bugs

Custom Fields
Milestone: (no value)
Subsystem: (no value)
Severity: (no value)
Broken in: (no value)

People
Owner: Andy Polyakov
Requestors: David Woodhouse
Cc:
AdminCc:

More about the requestors
New reminder:
Subject:
Owner:
Due:

Dates
Created: Fri Sep 25 18:01:47 2009
Starts: Not set
Started: Fri Apr 25 23:28:59 2014
Last Contact: Not set
Due: Not set
Closed: Fri Apr 25 23:28:59 2014
Updated: Fri Apr 25 23:28:59 2014 by Andy Polyakov



Subject: [PATCH] Add Intel AES-NI support for 1.0.0 branch.
Date: Thu, 24 Sep 2009 13:56:55 -0700
To: openssl-dev@openssl.org
From: David Woodhouse <dwmw2@infradead.org>
Download (untitled) / with headers
text/plain 600b
This backports the AES-NI engine to 1.0.0.

There's a slight complication in that it wants to check bit 57 of the
cpuid capabilities.

Rather than backporting the other cpuid changes from HEAD, which would
mean an ABI change, I've made it call the OPENSSL_ia32_cpuid() function
against directly -- at least on 32-bit builds. On 64-bit builds it's
fine anyway.

I'm happy to explore better fixes for the cpuid thing, but this seems to
be sufficient.

--
David Woodhouse Open Source Technology Centre
David.Woodhouse@intel.com Intel Corporation

Message body is not shown because it is too large.

Subject: Re: [openssl.org #2065] [PATCH] Add Intel AES-NI support for 1.0.0 branch.
Date: Mon, 28 Sep 2009 14:57:40 -0700
To: rt@openssl.org
From: David Woodhouse <dwmw2@infradead.org>
Download (untitled) / with headers
text/plain 823b
On Fri, 2009-09-25 at 18:01 +0200, David Woodhouse via RT wrote:
Show quoted text
> This backports the AES-NI engine to 1.0.0.
>
> There's a slight complication in that it wants to check bit 57 of the
> cpuid capabilities.
>
> Rather than backporting the other cpuid changes from HEAD, which would
> mean an ABI change, I've made it call the OPENSSL_ia32_cpuid() function
> against directly -- at least on 32-bit builds. On 64-bit builds it's
> fine anyway.
>
> I'm happy to explore better fixes for the cpuid thing, but this seems to
> be sufficient.

Here it is again with a better fix for the cpuid thing. Still the same
theory as described above, but this time it actually works...

--
David Woodhouse Open Source Technology Centre
David.Woodhouse@intel.com Intel Corporation

Message body is not shown because it is too large.

CC: rt@openssl.org
Subject: AES on OpenSSL 1.0.0 is 7½ times slower than it should be [openssl.org #2065]
Date: Wed, 31 Mar 2010 17:16:01 +0100
To: openssl-dev@openssl.org
From: David Woodhouse <dwmw2@infradead.org>
Download (untitled) / with headers
text/plain 1.5k
The shiny new OpenSSL 1.0.0 release is showing its age already. On the
latest commercially-available Intel CPUs, AES operations run 7½ times
slower than they should.

That's not a typo. I really mean a factor of seven and a half -- they
should run 650% faster than they do, on hardware that's in the shops
today.

This patch, tested on 32-bit and 64-bit Linux and on Win32 (VS2008/nasm)
adds support for the AESNI engine, backported from OpenSSL HEAD with the
patch from RT#2045 applied to make it actually work.

It doesn't change the ABI (jumping through hoops to achieve that on
32-bit where the cached OPENSSL_ia32cap_P result is 32-bit too), so I
believe it should meet the criteria for acceptance into the branch which
will become OpenSSL 1.0.1.

Before:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 94315.08k 100751.81k 102601.30k 103249.34k 103060.82k
aes-192 cbc 79701.45k 84287.55k 85533.18k 86141.61k 85824.85k
aes-256 cbc 69032.61k 72545.96k 73448.70k 73660.76k 73906.09k

After:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 716920.69k 757344.13k 768059.73k 773247.74k 770266.45k
aes-192-cbc 613452.80k 642659.78k 650346.67k 654481.21k 651927.55k
aes-256-cbc 535909.42k 558628.27k 564440.15k 567790.88k 565630.29k

--
David Woodhouse Open Source Technology Centre
David.Woodhouse@intel.com Intel Corporation

Message body is not shown because it is too large.

CC: rt@openssl.org
Subject: Re: AES on OpenSSL 1.0.0 is 7½ times slower than it should be [openssl.org #2065]
Date: Fri, 09 Apr 2010 19:29:28 +0100
To: openssl-dev@openssl.org
From: David Woodhouse <dwmw2@infradead.org>
Download (untitled) / with headers
text/plain 1.5k
On Wed, 2010-03-31 at 17:16 +0100, David Woodhouse wrote:
Show quoted text
> This patch, tested on 32-bit and 64-bit Linux and on Win32 (VS2008/nasm)
> adds support for the AESNI engine, backported from OpenSSL HEAD with the
> patch from RT#2045 applied to make it actually work.
>
> It doesn't change the ABI (jumping through hoops to achieve that on
> 32-bit where the cached OPENSSL_ia32cap_P result is 32-bit too), so I
> believe it should meet the criteria for acceptance into the branch which
> will become OpenSSL 1.0.1.

It's now tested on WIN64 too. One Win32 tester with VS2005 observed a
build error which I hadn't seen with VS2008; the compiler was
complaining of potential data loss in conversion from IA32CAP (uint64_t)
to int... even when the value in question was masked with & 1.

This new patch adds an explicit cast to silence that warning (which was
causing a build failure). Incremental patch below; full patch for 1.0.x
branch attached as before.

--- crypto/engine/eng_aesni.c
+++ crypto/engine/eng_aesni.c
@@ -163,10 +163,10 @@
{
int engage;
if (sizeof(OPENSSL_ia32cap_P) > 4) {
- engage = ((OPENSSL_ia32cap_P >> 30) >> 27) & 1;
+ engage = (int)((OPENSSL_ia32cap_P >> 30) >> 27) & 1;
} else {
IA32CAP OPENSSL_ia32_cpuid(void);
- engage = (OPENSSL_ia32_cpuid() >> 57) & 1;
+ engage = (int)(OPENSSL_ia32_cpuid() >> 57) & 1;
}

/* Register everything or return with an error */

--
David Woodhouse Open Source Technology Centre
David.Woodhouse@intel.com Intel Corporation

Message body is not shown because it is too large.

Subject: Re: AES on OpenSSL 1.0.0 is 7½ times slower than it should be [openssl.org #2065]
Date: Tue, 20 Jul 2010 09:45:45 +0100
To: rt@openssl.org
From: David Woodhouse <dwmw2@infradead.org>
Download (untitled) / with headers
text/plain 995b
Updated patch attached, following feedback in PR#2305.

Tested on x86_64 Linux with OpenSSL_1_0_1-stable branch.

Incremental patch against April's 'openssl-1.0.0-aesni-v2.patch':

diff -u crypto/engine/eng_aesni.c crypto/engine/eng_aesni.c
--- crypto/engine/eng_aesni.c
+++ crypto/engine/eng_aesni.c
@@ -104,8 +104,8 @@
ENGINE *toadd = ENGINE_aesni();
if (!toadd)
return;
- ENGINE_add (toadd);
- ENGINE_register_complete (toadd);
+ if (ENGINE_add (toadd))
+ ENGINE_register_complete (toadd);
ENGINE_free (toadd);
ERR_clear_error ();
#endif
diff -u -p -r1.19 eng_all.c
--- crypto/engine/eng_all.c 1 Mar 2010 00:40:10 -0000 1.19
+++ crypto/engine/eng_all.c 20 Jul 2010 08:12:24 -0000
@@ -61,6 +61,8 @@

void ENGINE_load_builtin_engines(void)
{
+ /* Engines may depend on CPU capabilities */
+ OPENSSL_cpuid_setup();
#if 0
/* There's no longer any need for an "openssl" ENGINE unless, one day,
* it is the *only* way for standard builtin implementations to be be

--
dwmw2

Message body is not shown because it is too large.

Subject: Re: AES on OpenSSL 1.0.0 is 7½ times slower than it should be [openssl.org #2065]
Date: Sun, 25 Jul 2010 10:16:39 +0100
To: rt@openssl.org
From: David Woodhouse <dwmw2@infradead.org>
Download (untitled) / with headers
text/plain 121b
Updated patch, with the initialisation fixes that went into HEAD as
http://cvs.openssl.org/chngview?cn=19780

--
dwmw2

Message body is not shown because it is too large.