Skip to content

Massive performance degradation in OpenSsl 3.0 FIPS provider #18472

New issue
New issue
Closed as not planned
Closed as not planned
Massive performance degradation in OpenSsl 3.0 FIPS provider#18472
Labels
branch: 3.0Applies to openssl-3.0 branchbranch: 3.1Applies to openssl-3.1 (EOL)branch: 3.2Applies to openssl-3.2 (EOL)branch: masterApplies to master branchinactiveThis label should not be applied to open issues anymore.triaged: bugThe issue/pr is/fixes a bugtriaged: performanceThe issue/pr reports/fixes a performance concern
@thkdev2

Description

@thkdev2
thkdev2
opened on Jun 3, 2022

I have tested the workarounds with a single global instance for AES and SHA-1 HMAC mentioned in this comment and this comment in #17064.

If the default provider is used the required performance dropped to an acceptable value (only somewhat slower than with version 1.0.2).

But if we use the FIPS provider instead the catastrophic performance issue did appear again!
In the test used with 500 channels, around 150 could not be set up and the remaining around 350 required around 2000% CPU instead of the around 700% otherwise required for all 500 channels, see my comment there.

Metadata

Metadata

Assignees

No one assigned

    Labels

    branch: 3.0Applies to openssl-3.0 branchbranch: 3.1Applies to openssl-3.1 (EOL)branch: 3.2Applies to openssl-3.2 (EOL)branch: masterApplies to master branchinactiveThis label should not be applied to open issues anymore.triaged: bugThe issue/pr is/fixes a bugtriaged: performanceThe issue/pr reports/fixes a performance concern

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions