9

I would like to use OpenSSL for handling all our SSL communication (both client and server sides). We would like to use HW acceleration card for offloading the heavy cryptographic calculations.

We noticed that in the OpenSSL 'speed' test, there are direct calls to the cryptographic functions (e.g. RSA_sign/decrypt, etc.). In order to fully utilize the HW capacity, multiple threads were needed (up to 128 threads) which load the card with requests and make sure the HW card is never idle.

We would like to use the high level OpenSSL API for handling SSL connections (e.g. SSL_connect/read/write/accept), but this API doesn't expose the point where the actual cryptographic operation is done. For example, when calling SSL_connect, we are not aware of the point where the RSA operations are done, and we don't know in advance which calls will lead to heavy cryptographic calculations and refer only those to the accelerator.

Questions:

  1. How can I use the high level API while still fully utilizing the HW accelerator? Should I use multiple threads?
  2. Is there a 'standard' way of doing this? (implementation example)
  3. (Answered in UPDATE) Are you familiar with Intel's asynchronous OpenSSL ? It seems that they were trying to solve this exact issue, but we cannot find the actual code or usage examples.

UPDATE

  1. From Accelerating OpenSSL* Using Intel® QuickAssist Technology you can see, that Intel also mentions utilization of multiple threads/processes:

    The standard release of OpenSSL is serial in nature, meaning it handles one connection within one context. From the point of view of cryptographic operations, the release is based on a synchronous/ blocking programming model. A major limitation is throughput can be scaled higher only by adding more threads (i.e., processes) to take advantage of core parallelization, but this will also increase context management overhead.

  2. The Intel's OpenSSL branch is finally found here. More info can be found in pdf contained here.

    It looks like Intel changed the way OpenSSL ENGINE works - it posts work to driver and immediately returns, while the corresponding result should be polled.

    If you use other SSL accelerator, than corresponding OpenSSL ENGINE should be modified too.

dimba
  • 26,717
  • 34
  • 141
  • 196
  • 1
    Partial duplicates (but you have additional questions): [EVP Interface with AES-NI support](http://stackoverflow.com/q/24516976) and [How can I check if OpenSSL is support/use the Intel AES-NI?](http://stackoverflow.com/q/25284119). It applies to all hardware and acceleration, and not just AES-NI. – jww Oct 07 '15 at 22:22
  • @jww thanks for your answer. Just to clarify my question: I want to use the high level API (e.g. SSL_read()). This code can go and complete the handshake without me controlling it and I want to avoid that. I would like to know exactly when a costly operation is about to take place, so that I can refer it to a separate thread (so that I don't block on it) – dimba Oct 08 '15 at 06:52
  • @jww In addition, the type of acceleration you are talking is done in CPU. In my case acceleration is achieved by offloaded cryptographic work from CPU to a co-processor. This involves passing data to a an appropriate driver (maybe by `ioctl()`), which involves context switching. – dimba Oct 08 '15 at 07:05
  • For the second question (security co-processor), you need to implemnt an OpenSSL Engine; see [`engine(3)`](https://www.openssl.org/docs/manmaster/crypto/engine.html) for details. Then, EVP will perform the offload. – jww Oct 08 '15 at 12:14
  • Define "fully utilize the accelerator". It cannot do more work than is currently available, nor can code progress further and create other work items if it depends on the results of pending ones. – ivan_pozdeev Oct 17 '15 at 18:31
  • 1
    AFAIK, I am afraid you can't simply refer the costly operation (assuming RSA computation here) to a separate thread and continue without blocking. You need to wait for the handshake to finish and only then you can actually use the SSL/TLS channel (i.e. the openssl BIO). Probably all you need is to use the engine. If you want to measure 100% HW utilization, run multiple `openssl speed` processes simultaneously (if possible). – vlp Oct 19 '15 at 22:48

2 Answers2

3

According to Interpreting openssl speed output for rsa with multi option , -multi doesn't "parallelize" work or something, it just runs multiple benchmarks in parallel.

So, your HW card's load will be essentially limited by how much work is available at the moment (note that in industry in general, 80% planned capacity load is traditionally considered optimal in case of load spikes). Of course, running multiple server threads/processes will give you the same effect as multiple benchmarks.

OpenSSL supports multiple threads provided that you give it callbacks to lock shared data. For multiple processes, it warns about reusing data state inherited from parent.

That's it for scaling vertically. For scaling horizontally:

  • openssl supports asynchronous I/O through asynchronous BIOs
  • but, its elemental crypto operations and internal ENGINE calls are synchronous, and changing this would require a logic overhaul
  • private efforts to make them provide asynchronous operation have met severe criticism due to major design flaws

Intel announced some "Asynchronous OpenSSL" project (08.2014) to use with its hardware, but the linked white paper gives little details about its implementation and development state. One developer published some related code (10.2015), noting that it's "stable enough to get an overview".

Community
  • 1
  • 1
ivan_pozdeev
  • 33,874
  • 19
  • 107
  • 152
1

As jww has mentioned in the comments, you should use the engine API to accomplish the task. There is an example in the above link on how to use that API. Usually, the hardware accelerator provider implements a library that is called an "ENGINE" this engine provides cryptographic acceleration and can be used by OpenSSL internally. Assuming that the accelerator you want to use has an ENGINE implemented(for example "cswitft") you should get the Engine by calling ENGINE *e = ENGINE_by_id("cswift"); and then initialize it ENGINE_init(e); and set it to be the default for the operations you want to use, for example ENGINE_set_default_RSA(e);

After calling these functions, you can use the high level API of OpenSSL (e.g. SSL_connect/read/write/accept)

Community
  • 1
  • 1
borisp
  • 180
  • 6
  • Thanks for the answer. Yet in case of "openssl speed" test, as I noted in my question, openssl doesn't fully utilize accelerator we use and using multiply threads is required. – dimba Oct 11 '15 at 07:04