Showing posts with label OpenSSL. Show all posts
Showing posts with label OpenSSL. Show all posts

Saturday, 14 May 2022

Notes on OpenSSL Performance

OpenSSL

OpenSSL can use three different implementations of the cryptographic methods, providing different performance tiers:

  1. Portable C-based methods: most portable but typically the slowest.
  2. Processor family assembler based methods: faster but less portable, and may have problems on some processor compatible implementations
  3. Methods utilizing hardware acceleration: typically the fastest option, but has specific hardware requirements

A simple compile time option ('no-asm') disables the assembler implementations used by default, so a. & b. are simple to test. For c. appropriate hardware is required. Fortunately three of the options supported by OpenSSL are available to us:

  1. VIA PadLock (Wikipedia): as implemented in the VIA C3 Nehemiah processors (Wikipedia)
  2. Intel Advanced Encryption Standard New Instructions (AES-NI; Wikipedia): implemented on Intel x86_64 since 2010 and AMD x86_64 processors since 2011
  3. Intel SHA extensions (SHA Ext.; Wikipedia): implemented on Intel x86_64 processors from 2016 and AMD Ryzen from 2017

To illustrate the effect on performance a set of methods have been selected which show the effects of each type of implementation.

Using the results for 8,192 byte blocks:

VIA Luke @ 1.0 GHz
OpenSSL 1.1.0l on Debian Linux 11 for x86
MethodAES-256 CBCIDEA CBCMD5SHA-1SHA-256SHA-512
no-asm6,916.78k9,684.21k80,191.49k36,410.71k12,064.09k1,832.28k
asm11,122.01k9,661.10k106,332.16k45,978.97k21,534.04k9,393.49k
Kerneld,e11,127.92k9,655.64k104,336.04k45,566.63k21,515.64k9,374.38k
Padlockb520,596.10k9,662.71k104,357.28k45,472.50k21,460.31k9,376.82k
OpenSSL 3.0.2 on Debian Linux 11 for x86
MethodAES-256 CBCIDEAa CBCMD5SHA-1SHA-256SHA-512
no-asm6,916.47k9,662.71k78,665.19k36,050.26k12,125.81k1,829.55k
asm11,127.47k9,655.64k103,931.19k45,509.29k21,493.73k9,368.92k
Kerneld2,033,909.76k9,627.65k104,328.02k45,512.02k21,442.15k9,366.19k
Padlockb515,844.78k9,658.37k103,765.33k45,520.21k21,435.73k9,368.92k
AMD Ryzen 5 3600
OpenSSL 1.1.0l with Debian Linux 11 for x86_64
MethodAES-256 CBCIDEA CBCMD5SHA-1SHA-256SHA-512
no-asm212,366.68k119,010.65k749,469.70k845,922.30k307,301.03k553,937.58k
asm232,721.07k119,545.86k793,971.37k1,050,842.45k470,701.40k604,972.40k
AES-NI & SHA Ext.1,086,559.57k119,250.94k790,495.23k1,027,295.91k470,671.36k605,863.94k
Kerneld,e1,092,332.20k120,416.94k787,464.19k1,029,693.44k475,791.36k601,159.00k
OpenSSL 3.0.2 with Debian Linux 11 for x86_64
MethodAES-256 CBCIDEAa CBCMD5SHA-1SHA-256SHA-512
no-asm210,668.20k117,587.97k740,698.79k832,288.09k310,059.01k559,205.03k
asmc1,097,910.95k119,048.87k789,848.06k1,036,997.97k473,503.06k599,274.84k
Kerneld37,086,822.40k120,220.33k793,990.49k1,041,334.27k474,685.44k598,278.14k

Notes:

  1. In OpenSSL 3.0.2 access to the IDEA method requires use of the legacy provider (to use without installing $ LD_LIBRARY_PATH=`pwd` apps/openssl speed -provider-path ./providers/ -provider legacy -provider default idea)
  2. The OpenSSL PadLock engine only supports AES on our VIA Luke (C3 Nehemiah) based system, more recent versions of the VIA PadLock hardware provide additional methods, including SHA
  3. On systems that support AES-NI and/or SHA Ext. the standard assembler implementations in OpenSSL 3.0.2, detect and use the instruction set extensions to accelerate the methods
  4. The OpenSSL 'afalg' engine (used for "Kernel") uses the Linux Kernel Crypto API (AF_ALG) to access the methods in the Linux kernel, which make use of hardware acceleration and processor features beyond those used by the standard assembler implementations in OpenSSL
  5. The OpenSSL 1.1.0 implementation of the 'afalg' engine only supports use of the kernel methods for AES-128-CBC
Read more »
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)