lib/59329: NetBSD's OpenSSL 7x slower at AES than same upstream version on NetBSD

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/59329: NetBSD's OpenSSL 7x slower at AES than same upstream version on NetBSD
From: nia%pkgsrc.org@localhost
Date: Sat, 19 Apr 2025 13:15:00 +0000 (UTC)

>Number:         59329
>Category:       lib
>Synopsis:       NetBSD's OpenSSL 7x slower at AES than same upstream version on NetBSD
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Apr 19 13:15:00 +0000 2025
>Originator:     nia
>Release:        10.1
>Organization:
The NetBSD FoundAESion
>Environment:
NetBSD siphon 10.1_STABLE NetBSD 10.1_STABLE (SIPHON) #2: Thu Mar  6 18:29:22 CET 2025  nia@siphon:/encrypt/src/obj/sys/arch/amd64/compile/SIPHON amd64
>Description:
A locally compiled OpenSSL using their own build system is around
7x faster (!) at doing AES on amd64 than the OpenSSL in NetBSD 10.1.
On other ports, an attempt was made to reproduce this and the
results were not so strongly different, suggesting the problem
is in OpenSSL's arch-dependent features.

Identical versions of the OpenSSL code base were tested (3.0.12).

Upstream OpenSSL claims the following CPUINFO:
$ LD_LIBRARY_PATH=/usr/local/lib /usr/local/bin/openssl version -a
CPUINFO: OPENSSL_ia32cap=0x7ffaf3bfffebffff:0x29c67af

The NetBSD supplied OpenSSL claims the same:

$ /usr/bin/openssl version -a
CPUINFO: OPENSSL_ia32cap=0x7ffaf3bfffebffff:0x29c67af

When using OpenSSL's own build system, the following arch-specific
CFLAGS are applied to every file:

-DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -Wa,--noexecstack -Wall -O3 -DL_ENDIAN -DOPENSSL_PIC

On NetBSD it seems slightly harder to tell, since such flags
are applied on a per-file basis (error-prone when OpenSSL is
updated?). However, the full build log can be grepped:

- CMLL_ASM is missing (should probably be added to camellia.inc)
- OPENSSL_IA32_SSE2 is missing
- POLY1305_ASM is missing
- RC4_ASM is missing (should probably be added to rc4.inc)
- L_ENDIAN is missing
- OPENSSL_PIC is missing

Adding these unfortunately did not seem to help matters.
Even -O3 does not help.

What are we doing differently?
>How-To-Repeat:
You can see the huge speed difference:

$ LD_LIBRARY_PATH=/usr/local/lib /usr/local/bin/openssl speed -evp aes-128-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
AES-128-CBC     549358.63k   800841.78k   817445.24k   820471.34k   826307.24k   825191.49k
$ LD_LIBRARY_PATH=/usr/lib /usr/bin/openssl speed -evp aes-128-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
AES-128-CBC      79949.63k    94754.28k    98679.08k   100314.28k   100723.39k   100676.99k
>Fix:
Yes, please.

Prev by Date: Re: port-mips/59327: user stack pointer is not aligned properly
Next by Date: bin/59330: startup race because racoon's control socket created after daemon)
Previous by Thread: kern/59328: viomb(4) various issues
Next by Thread: bin/59330: startup race because racoon's control socket created after daemon)
Indexes:

Home | Main Index | Thread Index | Old Index