> I've been having consistent performance problems with the 64 bit > openssl FIPS 1.2.3 with asm on AES. The assembly code on 64 bit > architectures is much slower than without assembly. Running the same > tests on a 32 bit machine results with ASM being faster than no-asm, > which is expected. > > Does anyone have any ideas on why the 64 bit fips with asm is slower > for AES encryption?
Assembler appears slower, because it's taking code path resistant to cache-timing attacks [on multi-core CPUs with shared cache]. So that comparing ASM and C is kind of apples vs. oranges. Actually 32-bit code should behave the same, i.e. be "slower" than compiler-generated code, so it's not clear why it's not the case. 32-bit must be failing to detect that cores are sharing cache. What kind of CPU is it? Could you attach /proc/cpuinfo? On related note. This, ASM being "slower" than C, is the case even with 1.0.0. The problem will be rectified in 1.0.1 for contemporary x86[_64] CPUs thanks to new constant-time AES implementations being added, so called vector-permutation (for non-parallelizable modes such as CBC encrypt and all modes in 32-bit build) and bit-sliced (for parallelizable modes such as CBC decrypt, CTR, XTS). However, in FIPS context it should be noted that these new code paths didn't make it to FIPS 2.0, because of lack of platform sponsorship. If non-AES-NI performance in FIPS context is important to you, contact opensslfoundation.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
