openj9-docs icon indicating copy to clipboard operation
openj9-docs copied to clipboard

Published 20 hours ago verified publisher icon eclipse-openj9

OpenSSL MD5 message digest acceleration

Open KostasTsiounis opened this issue 1 year ago • 2 comments

Issue or pull request number: MD5 Acceleration

  • OpenJDK8: https://github.com/ibmruntimes/openj9-openjdk-jdk8/pull/743
  • OpenJDK11: https://github.com/ibmruntimes/openj9-openjdk-jdk11/pull/766
  • OpenJDK17: https://github.com/ibmruntimes/openj9-openjdk-jdk17/pull/337
  • OpenJDK21: https://github.com/ibmruntimes/openj9-openjdk-jdk21/pull/140
  • OpenJDK22: https://github.com/ibmruntimes/openj9-openjdk-jdk22/pull/42
  • and later

Overview: Acceleration is added for MD5 message digest.

Release target: 0.46

Applies to the following JDK versions: All JDKs

Applies to the following platforms: All platforms except AIX.

For new command line options: This feature falls under the following existing flag that is enabled by default.

  • jdk.nativeDigest: system property that controls message digest individually, similarly to other algorithms.

The flags can be set to equal true or false.

KostasTsiounis avatar Apr 16 '24 17:04 KostasTsiounis

How come MD5 doesn't have a specific flag to disable it? It seems we have separate flags for everything else. https://eclipse.dev/openj9/docs/djdknativecrypto/

pshipton avatar Apr 16 '24 18:04 pshipton

How come MD5 doesn't have a specific flag to disable it? It seems we have separate flags for everything else. https://eclipse.dev/openj9/docs/djdknativecrypto/

All digests had the same flag. That includes all the different SHA message digests. So, given that there was no differentiation between all the other message digests, we didn't add a separate one for MD5.

KostasTsiounis avatar Apr 16 '24 18:04 KostasTsiounis

We should also change OpenSSL support is enabled by default for the Digest, CBC, GCM,... to OpenSSL support is enabled by default for the MD5, SHA-224, SHA-256, SHA-384, SHA-512, CBC, GCM,....

And then under -Djdk.nativeDigest, we should change the title from This option enables or disables OpenSSL native cryptographic support for the Digest algorithm. to This option enables or disables OpenSSL native cryptographic support for the MD5, SHA-224, SHA-256, SHA-384 and SHA-512 algorithms.

KostasTsiounis avatar Jun 04 '24 18:06 KostasTsiounis

@KostasTsiounis - This issue is marked as applicable for all platforms except AIX. So, does that mean that this change is not applicable for AIX or this -Djdk.nativeDigest option itself is not applicable for AIX? Thanks!

Sreekala-Gopakumar avatar Jun 06 '24 03:06 Sreekala-Gopakumar

There is no native support for AIX at the moment. The flag is simply ignored there and the Java implementation is always used.

KostasTsiounis avatar Jun 06 '24 13:06 KostasTsiounis

There is no native support for AIX at the moment. The flag is simply ignored there and the Java implementation is always used.

So, if there is no native support for AIX then does that mean that all the following options are also ignored on AIX or is it just restricted to only -Djdk.nativeDigest?

  • -Djdk.nativeCBC
  • -Djdk.nativeChaCha20
  • -Djdk.nativeGCM
  • -Djdk.nativeRSA
  • -Djdk.nativeEC
  • -Djdk.nativeECKeyGen
  • -Djdk.nativeXDHKeyAgreement
  • -Djdk.nativeXDHKeyGen

If all are ignored on AIX then shouldn't we give a note for the same? Thanks!

Sreekala-Gopakumar avatar Jun 06 '24 17:06 Sreekala-Gopakumar

Sorry, I have misspoken here. What I meant is that here is no native support for AIX at the moment for the following algorithms:

  • EC key pair generation (i.e., -Djdk.nativeECKeyGen)
  • XDH key pair generation (i.e., -Djdk.nativeXDHKeyGen)
  • XDH key agreement (i.e., -Djdk.nativeXDHKeyAgreement)
  • MD5 (i.e., part of -Djdk.nativeDigest, works fine for the SHA ones)

KostasTsiounis avatar Jun 06 '24 17:06 KostasTsiounis