OpenSSL on IBM Z - out of the box
OpenSSL implicitly offers features to accelerate cryptographic operations on IBM Z and LinuxONE cryptographic hardware by a built-in use of CPACF or optimized IBM Z assembler code. No specific OpenSSL configuration is required for exploiting these features.
Hardware acceleration with OpenSSL out of the box
With the default configuration, all cryptographic operations are executed inside of OpenSSL with built-in support for mainly
symmetric ciphers and hash functions. These algorithms are executed using one of the
acceleration methods mentioned in Table 1, for example, the CPACF feature. CPACF requires specific microcode to be installed which you
can order as no-charge feature code (LIC #3863), unless you are in an embargoed geography. The
CPACF built-in support has been implemented for
example, for the AES and SHA algorithms inside of OpenSSL. This means that the supported algorithms will
always execute faster than pure C code, due to the automatic use of the OpenSSL built-in CPACF support.
Table 1 lists all algorithms that
are implicitly accelerated by OpenSSL. The table is
valid for OpenSSL versions 1.1.1 or later.
It is also only valid for builds that are configured without option
no-asm, which explicitly disables the usage of all CPACF processing. Also, if for any of the mentioned
algorithms, the required hardware is not available, then the processing is conducted transparently
for the requestor with OpenSSL software
implementation.
Algorithm or function | Method of acceleration | HW generation or MSA version | available with OpenSSL version |
---|---|---|---|
AES-CBC | CPACF | MSA 4 - since IBM z114 | ≥ 1.1.1 |
AES-CCM | CPACF | MSA 4 - since IBM z114 | ≥ 1.1.1 |
AES-CFB (only CFB8 and CFB128) | CPACF | MSA 4 - since IBM z114 | ≥ 1.1.1 |
AES-ECB | CPACF | MSA 4 - since IBM z114 | ≥ 1.1.1 |
AES-GCM | CPACF | MSA 8 - since IBM z14®
If MSA 8 (KMA) is not available, an alternative CPACF based implementation requiring MSA 4 (KIMD and KM) is used. |
≥ 1.1.1 |
AES-OFB | CPACF | MSA 4 - since IBM z114 | ≥ 1.1.1 |
AES-XTS | CPACF | MSA 4 - since IBM z114 | ≥ 1.1.1 |
SHA-1 | CPACF | since 06/2003 | ≥ 1.1.1 |
SHA-2 | CPACF | since 09/2005 | ≥ 1.1.1 |
SHA-3 | CPACF | MSA 6 - since IBM z14 | ≥ 1.1.1 |
SHAKE | CPACF | MSA 6 - since IBM z14 | ≥ 1.1.1 |
GHASH | CPACF | MSA 4 - since IBM z114 | ≥ 1.1.1 |
Poly1305 | SIMD | IBM z13® | ≥ 1.1.1 |
Keccak-1600 | CPACF | MSA 6 - since IBM z14 | ≥ 1.1.1 |
ChaCha20 | SIMD | IBM z13 | ≥ 1.1.1 |
ECDSA/ECDH (for curves P-256, P-384, P-521) | CPACF | MSA 9 - since IBM z15™ | ≥ 1.1.1 |
EdDSA and EdDH (for curves Curve25519, Curve448) | CPACF | MSA 9 - since IBM z15 | ≥ 1.1.1 |
BN GF2m | Assembler | independent from MSA | ≥ 1.1.1 |
BN Montgomery Multiplication | Assembler | independent from MSA | ≥ 1.1.1 |
For testinfg or debugging purposes, you can define the set of z/Architecture® algorithms and functions available to an application using
the OPENSSL_s390xcap
environment variable.
For further selective disabling features, see the OpenSSL web site:
OPENSSL_s390xcap
Note: This environment variable may not be available in all OpenSSL versions or Linux distributions. Also, use of this variable almost
certainly reduces your OpenSSL performance.