Re: LibreSSL performance issue
On Tue, Jan 07, 2020 at 11:06:38AM -0800, Jordan Geoghegan wrote: > Is there a specific reason you're running i386 instead of amd64? Yes, i386 generates substantially smaller images than amd64. In an environment where you are constrained to the existing available virtualization capacity and are tasked with making the most of that, there is no obvious reason why you would build infrastructure devices such as a DHCP server using amd64. We also have a supply of embedded Soekris systems which only run the i386. > And why are you testing this on FreeBSD? Wrong mailing list Probably not. LibreSSL is intended to be portable, and the LibreSSL web site points back to the OpenBSD mailing lists: https://www.libressl.org/mail.html "See https://www.openbsd.org/mail.html for more details on posting or subscribing." So now over at https://www.openbsd.org/mail.html ... I would think libre...@openbsd.org would seem the obvious choice of list. However, it is listed under "Developer lists These lists are for technical discussions of aspects of OpenBSD. They are NOT for beginners or average users, they are not for problem reporting (unless you are including a good fix) and they are not for installation problems. If you have any question about if a message should be posted to any of these lists, it probably should not. Use misc instead." So according to the guidelines on the website, my issue didn't fit libre...@openbsd.org, and there is an instruction to use misc instead. Besides, it came up as a reply to a message posted on misc. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov
Re: LibreSSL performance issue
Is there a specific reason you're running i386 instead of amd64? And why are you testing this on FreeBSD? Wrong mailing list On 2020-01-07 08:26, Joe Greco wrote: On Tue, Jan 07, 2020 at 09:33:46AM -0600, Edgar Pettijohn wrote: In reality, when you dig down, often you find that there's another reason for the issue.?? I was recently trying to substitute libressl into an openssl environment.?? Performance tanked.?? Some checking showed the speed of "speed -evp aes-256-gcm" was way off.?? It looked to me like it was an issue with not using AES-NI.?? I'm not going to blame libressl for that, I just lacked the time to do a deep dive on it to figure out what was (hopefully!) configured wrong.?? Probably something with ia32cap or whatever the libressl equivalent is. ... JG I believe it has something to do with actually zeroing out memory before freeing it. Which seems like a good thing to do for crypto stuff. My apologies. I posted an insufficient description of the issue as it was intended as an argument refuting the OP. If we want to discuss my issue, that's fine and I welcome the input. I normally manage to resolve these things eventually but this stumped me a bit. This appears to be an i386-specific issue and it is perhaps a 5:1 performance difference. Compiled on a FreeBSD 12.1R-amd64 VM, I see exactly what I would hope to see: --Begin-FreeBSD-12.1R-amd64 # uname -r; uname -m 12.1-RELEASE amd64 # libressl-3.0.2/apps/openssl/openssl speed -evp aes-256-gcm WARNING: can't open config file: /usr/local/etc/ssl/openssl.cnf Doing aes-256-gcm for 3s on 16 size blocks: 42776805 aes-256-gcm's in 3.00s Doing aes-256-gcm for 3s on 64 size blocks: 28274190 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 256 size blocks: 9382555 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 1024 size blocks: 2636912 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 8192 size blocks: 334132 aes-256-gcm's in 3.01s LibreSSL 3.0.2 built on: date not available options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: information not available The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256-gcm 228204.73k 601456.74k 798353.68k 897432.60k 909765.10k # openssl speed -evp aes-256-gcm Doing aes-256-gcm for 3s on 16 size blocks: 40297566 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 64 size blocks: 27287454 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 256 size blocks: 10106391 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 1024 size blocks: 2858781 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 8192 size blocks: 368695 aes-256-gcm's in 3.00s Doing aes-256-gcm for 3s on 16384 size blocks: 184909 aes-256-gcm's in 3.01s OpenSSL 1.1.1d-freebsd 10 Sep 2019 built on: reproducible build, date unspecified options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr) compiler: clang The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes 16384 bytes aes-256-gcm 214362.12k 580620.32k 860172.00k 973262.71k 1006783.15k 1007226.70k --End-FreeBSD-12.1R-amd64 Okay, so that looks fantastic to me. Now running it on i386 on a VM "right next door" on the same hypervisor. --Begin-FreeBSD-12.1R-i386 # uname -r; uname -m 12.1-RELEASE i386 # libressl-3.0.2/apps/openssl/openssl speed -evp aes-256-gcm WARNING: can't open config file: /usr/local/etc/ssl/openssl.cnf Doing aes-256-gcm for 3s on 16 size blocks: 8904897 aes-256-gcm's in 3.00s Doing aes-256-gcm for 3s on 64 size blocks: 2387064 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 256 size blocks: 603284 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 1024 size blocks: 153381 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 8192 size blocks: 19041 aes-256-gcm's in 3.01s LibreSSL 3.0.2 built on: date not available options:bn(64,32) rc4(ptr,int) des(idx,cisc,16,long) aes(partial) idea(int) blowfish(idx) compiler: information not available The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256-gcm 47427.78k50805.69k51347.19k52207.47k51858.50k # openssl speed -evp aes-256-gcm Doing aes-256-gcm for 3s on 16 size blocks: 32056370 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 64 size blocks: 21569563 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 256 size blocks: 8523369 aes-256-gcm's in 3.00s Doing aes-256-gcm for 3s on 1024 size blocks: 2528081 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 8192 size blocks: 334502 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 16384 size blocks: 167762 aes-256-gcm's in 3.02s OpenSSL 1.1.1d-freebsd 10 Sep 2019 built on: re
Re: LibreSSL performance issue
On Tue, Jan 07, 2020 at 07:50:37PM +0100, Bodie wrote: > On 7.1.2020 17:26, Joe Greco wrote: > >On Tue, Jan 07, 2020 at 09:33:46AM -0600, Edgar Pettijohn wrote: > >>> In reality, when you dig down, often you find that there's another > >>> reason for the issue.?? I was recently trying to substitute libressl > >>> into an openssl environment.?? Performance tanked.?? Some checking > >>> showed the speed of "speed -evp aes-256-gcm" was way off.?? It looked > >>> to me like it was an issue with not using AES-NI.?? I'm not going to > >>> blame libressl for that, I just lacked the time to do a deep dive on > >>> it to figure out what was (hopefully!) configured wrong.?? Probably > >>> something with ia32cap or whatever the libressl equivalent is. > >>> > >>> ... JG > >> > >>I believe it has something to do with actually zeroing out memory > >>before freeing it. Which seems like a good thing to do for crypto > >>stuff. > > > >My apologies. I posted an insufficient description of the issue as it > >was intended as an argument refuting the OP. If we want to discuss my > >issue, that's fine and I welcome the input. I normally manage to > >resolve these things eventually but this stumped me a bit. > > [...] > >Now in the third run, calling the host system's OpenSSL but twiddling > >ia32cap, I get numbers that are very similar to the LibreSSL numbers > >showing a similar catastrophic performance reduction. My conclusion > >is that this is somehow an AES-NI detection issue. For whatever > >reason, > >FreeBSD's openssl gets it right by default. > > > >And the fourth run was "just to see." > > Just WOW > > So you start with blaming OpenBSD for poor performance and then as a > "prove" > you show tests of completely different OS on completely different > filesystem > on God knows which hypervisor and then throw in the mix amd64 vs i386? > > I think Phoronix will hire you ;-) I did no such thing. I used a problem I encountered as an example of how the original poster's implication isn't true. I did say "I'm not going to blame libressl". And if anything, if you read for comprehension, I defended OpenBSD. But now I kinda remember why I participate so rarely on these lists. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov
Re: LibreSSL performance issue
On 7.1.2020 17:26, Joe Greco wrote: On Tue, Jan 07, 2020 at 09:33:46AM -0600, Edgar Pettijohn wrote: > In reality, when you dig down, often you find that there's another > reason for the issue.?? I was recently trying to substitute libressl > into an openssl environment.?? Performance tanked.?? Some checking > showed the speed of "speed -evp aes-256-gcm" was way off.?? It looked > to me like it was an issue with not using AES-NI.?? I'm not going to > blame libressl for that, I just lacked the time to do a deep dive on > it to figure out what was (hopefully!) configured wrong.?? Probably > something with ia32cap or whatever the libressl equivalent is. > > ... JG I believe it has something to do with actually zeroing out memory before freeing it. Which seems like a good thing to do for crypto stuff. My apologies. I posted an insufficient description of the issue as it was intended as an argument refuting the OP. If we want to discuss my issue, that's fine and I welcome the input. I normally manage to resolve these things eventually but this stumped me a bit. This appears to be an i386-specific issue and it is perhaps a 5:1 performance difference. Compiled on a FreeBSD 12.1R-amd64 VM, I see exactly what I would hope to see: --Begin-FreeBSD-12.1R-amd64 # uname -r; uname -m 12.1-RELEASE amd64 # libressl-3.0.2/apps/openssl/openssl speed -evp aes-256-gcm WARNING: can't open config file: /usr/local/etc/ssl/openssl.cnf Doing aes-256-gcm for 3s on 16 size blocks: 42776805 aes-256-gcm's in 3.00s Doing aes-256-gcm for 3s on 64 size blocks: 28274190 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 256 size blocks: 9382555 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 1024 size blocks: 2636912 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 8192 size blocks: 334132 aes-256-gcm's in 3.01s LibreSSL 3.0.2 built on: date not available options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: information not available The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256-gcm 228204.73k 601456.74k 798353.68k 897432.60k 909765.10k # openssl speed -evp aes-256-gcm Doing aes-256-gcm for 3s on 16 size blocks: 40297566 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 64 size blocks: 27287454 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 256 size blocks: 10106391 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 1024 size blocks: 2858781 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 8192 size blocks: 368695 aes-256-gcm's in 3.00s Doing aes-256-gcm for 3s on 16384 size blocks: 184909 aes-256-gcm's in 3.01s OpenSSL 1.1.1d-freebsd 10 Sep 2019 built on: reproducible build, date unspecified options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr) compiler: clang The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes 16384 bytes aes-256-gcm 214362.12k 580620.32k 860172.00k 973262.71k 1006783.15k 1007226.70k --End-FreeBSD-12.1R-amd64 Okay, so that looks fantastic to me. Now running it on i386 on a VM "right next door" on the same hypervisor. --Begin-FreeBSD-12.1R-i386 # uname -r; uname -m 12.1-RELEASE i386 # libressl-3.0.2/apps/openssl/openssl speed -evp aes-256-gcm WARNING: can't open config file: /usr/local/etc/ssl/openssl.cnf Doing aes-256-gcm for 3s on 16 size blocks: 8904897 aes-256-gcm's in 3.00s Doing aes-256-gcm for 3s on 64 size blocks: 2387064 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 256 size blocks: 603284 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 1024 size blocks: 153381 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 8192 size blocks: 19041 aes-256-gcm's in 3.01s LibreSSL 3.0.2 built on: date not available options:bn(64,32) rc4(ptr,int) des(idx,cisc,16,long) aes(partial) idea(int) blowfish(idx) compiler: information not available The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256-gcm 47427.78k50805.69k51347.19k52207.47k 51858.50k # openssl speed -evp aes-256-gcm Doing aes-256-gcm for 3s on 16 size blocks: 32056370 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 64 size blocks: 21569563 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 256 size blocks: 8523369 aes-256-gcm's in 3.00s Doing aes-256-gcm for 3s on 1024 size blocks: 2528081 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 8192 size blocks: 334502 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 16384 size blocks: 167762 aes-256-gcm's in 3.02s OpenSSL 1.1.1d-freebsd 10 Sep 2019 built on: reproducible build, date unspecified options:bn(64,32) rc4(8x,mmx) des(long) aes(
LibreSSL performance issue (was: Re: OpenBSD's extremely poor network/disk performance?)
On Tue, Jan 07, 2020 at 09:33:46AM -0600, Edgar Pettijohn wrote: > > In reality, when you dig down, often you find that there's another > > reason for the issue.?? I was recently trying to substitute libressl > > into an openssl environment.?? Performance tanked.?? Some checking > > showed the speed of "speed -evp aes-256-gcm" was way off.?? It looked > > to me like it was an issue with not using AES-NI.?? I'm not going to > > blame libressl for that, I just lacked the time to do a deep dive on > > it to figure out what was (hopefully!) configured wrong.?? Probably > > something with ia32cap or whatever the libressl equivalent is. > > > > ... JG > > I believe it has something to do with actually zeroing out memory > before freeing it. Which seems like a good thing to do for crypto > stuff. My apologies. I posted an insufficient description of the issue as it was intended as an argument refuting the OP. If we want to discuss my issue, that's fine and I welcome the input. I normally manage to resolve these things eventually but this stumped me a bit. This appears to be an i386-specific issue and it is perhaps a 5:1 performance difference. Compiled on a FreeBSD 12.1R-amd64 VM, I see exactly what I would hope to see: --Begin-FreeBSD-12.1R-amd64 # uname -r; uname -m 12.1-RELEASE amd64 # libressl-3.0.2/apps/openssl/openssl speed -evp aes-256-gcm WARNING: can't open config file: /usr/local/etc/ssl/openssl.cnf Doing aes-256-gcm for 3s on 16 size blocks: 42776805 aes-256-gcm's in 3.00s Doing aes-256-gcm for 3s on 64 size blocks: 28274190 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 256 size blocks: 9382555 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 1024 size blocks: 2636912 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 8192 size blocks: 334132 aes-256-gcm's in 3.01s LibreSSL 3.0.2 built on: date not available options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: information not available The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256-gcm 228204.73k 601456.74k 798353.68k 897432.60k 909765.10k # openssl speed -evp aes-256-gcm Doing aes-256-gcm for 3s on 16 size blocks: 40297566 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 64 size blocks: 27287454 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 256 size blocks: 10106391 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 1024 size blocks: 2858781 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 8192 size blocks: 368695 aes-256-gcm's in 3.00s Doing aes-256-gcm for 3s on 16384 size blocks: 184909 aes-256-gcm's in 3.01s OpenSSL 1.1.1d-freebsd 10 Sep 2019 built on: reproducible build, date unspecified options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr) compiler: clang The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes 16384 bytes aes-256-gcm 214362.12k 580620.32k 860172.00k 973262.71k 1006783.15k 1007226.70k --End-FreeBSD-12.1R-amd64 Okay, so that looks fantastic to me. Now running it on i386 on a VM "right next door" on the same hypervisor. --Begin-FreeBSD-12.1R-i386 # uname -r; uname -m 12.1-RELEASE i386 # libressl-3.0.2/apps/openssl/openssl speed -evp aes-256-gcm WARNING: can't open config file: /usr/local/etc/ssl/openssl.cnf Doing aes-256-gcm for 3s on 16 size blocks: 8904897 aes-256-gcm's in 3.00s Doing aes-256-gcm for 3s on 64 size blocks: 2387064 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 256 size blocks: 603284 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 1024 size blocks: 153381 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 8192 size blocks: 19041 aes-256-gcm's in 3.01s LibreSSL 3.0.2 built on: date not available options:bn(64,32) rc4(ptr,int) des(idx,cisc,16,long) aes(partial) idea(int) blowfish(idx) compiler: information not available The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256-gcm 47427.78k50805.69k51347.19k52207.47k51858.50k # openssl speed -evp aes-256-gcm Doing aes-256-gcm for 3s on 16 size blocks: 32056370 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 64 size blocks: 21569563 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 256 size blocks: 8523369 aes-256-gcm's in 3.00s Doing aes-256-gcm for 3s on 1024 size blocks: 2528081 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 8192 size blocks: 334502 aes-256-gcm's in 3.01s Doing aes-256-gcm for 3s on 16384 size blocks: 167762 aes-256-gcm's in 3.02s OpenSSL 1.1.1d-freebsd 10 Sep 2019 built on: reproducible build, date unspecified options:bn(64,32) rc4(8x,mmx) des(long) aes(partial) idea(int) blowfish(ptr)