Of course OpenSSL contains hand-optimized assembly routines. However, GMP has been around since at least 1993 and the library specifically targets heavily optimized multiple precision arithmetic. OpenSSL is a TLS/SSL toolkit, and necessarily focuses on implementing SSL/TLS correctly - I'd argue that the bigint subsystem is almost tangential to the other parts of any SSL library. A less optimized bigint subsystem should be reasonably expected. I would be surprised if the native bigint code could compete against GMP performance-wise, even when OpenSSL's optimized assembly code is used. I haven't benchmarked OpenSSL's bigint subsystem and would be interested in seeing a comparison against a correctly configured GMP.
On Tue, Feb 7, 2017 at 4:46 PM, Jakob Bohm <jb-open...@wisemo.com> wrote: > OpenSSL also has a lot of handwritten assembly language for ARM, > x86 etc. Most of it written by Andy Polyakov. > > His response about what can and cannot be done on various ARM CPU > models is most probably a result of this work. > > Also, OpenSSL has a more permissive license than the GMP, so using > GMP in OpenSSL would cause problems for many OpenSSL using > applications. > > On 08/02/2017 00:31, Mike Mohr wrote: > >> Have you considered using GMP as a big integer backed for openssl? It >> has support for several arm variants using handwritten assembly code >> and the developers go to great lengths to find optimize runtime on all >> supported platforms. >> >> On Feb 7, 2017 2:26 PM, "Vijay Chander" <vijay.chan...@gmail.com >> <mailto:vijay.chan...@gmail.com>> wrote: >> >> Andy, >> 1:2.5 is pretty in my opinion for ARM ! >> >> We will check out Mongoose. >> >> Hmm - will try to get to the bottom of those cache misses (at a >> lower priority). >> >> Thanks, >> -vijay >> >> >> On Tue, Feb 7, 2017 at 11:07 AM, Andy Polyakov <ap...@openssl.org >> <mailto:ap...@openssl.org>> wrote: >> >> > A72 is running 1GHz compared to x86 at 2.1Ghz. So that should >> hopefully >> > get down to -1:5. >> >> And Mongoose will take you to ~1:2.5 (scaled to same frequency >> that is). >> Which I'd say is a fair result. Well, still could have been a bit >> better, but it's not unreasonable given ISA differences. Keep >> in mind >> that presented x86_64 result is for code utilizing >> Intel-specific code >> extensions. >> >> > There is no L3 cache on the A72 eval board and performance >> counters do >> > show 9x more DRAM accesses for ARM compared to x86. >> >> This is unexpected, because it takes *less* references to >> memory to >> perform it on ARMv8. Because it has larger register bank. And >> cache >> requirement is not that high for L3 to kick in... But at any >> case memory >> is not bottleneck here... >> >> > > -- > Jakob Bohm, CIO, partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10 <tel: > +4531131610> > This message is only for its intended recipient, delete if misaddressed. > WiseMo - Remote Service Management for PCs, Phones and Embedded > > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users