[Touch-packages] [Bug 2030784] Re: Backport Intel's AVX512 patches on openssl 3.0

Wed, 11 Oct 2023 08:53:37 -0700 

Hi @schopin,

Recommended way to test the relevant code paths would be to use OpenSSL’s 
Capability Bits Environment variable.  Notes below:
 
 
Ubuntu - OpenSSL OPENSSL_ia32cap Environment Variable
OpenSSL Environment variable processor feature bit disable combos for testing. 
https://www.openssl.org/docs/manmaster/man3/OPENSSL_ia32cap.html
 
 
* AES-GCM Relevant Feature Disable
 
   Disable VAES-NI
   $ export OPENSSL_ia32cap=:~0x20000000000
 
   Disable VPCLMULQDQ
   $ export OPENSSL_ia32cap=:~0x40000000000
 
   Disable AES-NI
   $ export OPENSSL_ia32cap=~0x200000000000000
 
   Disable AESNI + VAESNI
   $ export OPENSSL_ia32cap=~0x200000000000000:~0x20000000000
 
 
* RSA 2K/3K/4K Sign Relevant Feature Disable
 
   Disable AVX512F
   $ export OPENSSL_ia32cap=:~0x10000
 
   Disable AVX512VL
   $ export OPENSSL_ia32cap=:~0x80000000
 
   Disable AVX512DQ
   $ export OPENSSL_ia32cap=:~0x20000
 
   Disable AVX512IFMA
   $ export OPENSSL_ia32cap=:~0x200000
 
 
* Unset any previous caps
$ unset OPENSSL_ia32cap
 
 
Examples:
   * AES-128-GCM | AES-256-GCM
      - Baseline - Requires VAES and VPCMULQDQ features present on ICX or newer 
platform.  This should be the most performant flow.
        $ taskset -c 0 openssl speed -evp aes-128-gcm

      - Individual VAES Disabled and VPCLMULQDQ Disabled should fallback to AVX 
AESNI flow and should have equivalent performance
        $ OPENSSL_ia32cap=:~0x20000000000 taskset -c 0 openssl speed -evp 
aes-128-gcm
        $ OPENSSL_ia32cap=:~0x40000000000 taskset -c 0 openssl speed -evp 
aes-128-gcm

      - AESNI and VAESNI Disabled should fallback to 'C code' performance
        $ OPENSSL_ia32cap=~0x200000000000000:~0x20000000000 taskset -c 0 
openssl speed -evp aes-128-gcm
 
   * RSA 2K/3K/4K Sign Performance
      - Baseline - Requires AVX512F, AVX512VL, AVX512DQ, and AVX512IFMA 
features on ICX or newer platform. This should be the most performant flow.
        $ taskset -c 0 openssl speed rsa2048 rsa3072 rsa4096

      - Individual  AVX512F, AVX512VL, and AVX512IFMA features should yield 
equivalent performance.  This flow will use the ADOX/ADCX/MULX RSA flow.
        $ OPENSSL_ia32cap=:~0x10000 taskset -c 0 openssl speed rsa2048 rsa3072 
rsa4096
        $ OPENSSL_ia32cap=:~0x80000000 taskset -c 0 openssl speed rsa2048 
rsa3072 rsa4096
        $ OPENSSL_ia32cap=:~0x20000 taskset -c 0 openssl speed rsa2048 rsa3072 
rsa4096
        $ OPENSSL_ia32cap=:~0x200000 taskset -c 0 openssl speed rsa2048 rsa3072 
rsa4096

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2030784

Title:
  Backport Intel's AVX512 patches on openssl 3.0

Status in openssl package in Ubuntu:
  Fix Released

Bug description:
  https://github.com/openssl/openssl/pull/14908

  https://github.com/openssl/openssl/pull/17239

  These should provide a nice performance bonus on recent CPUs, and the
  patches are fairly self-contained.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2030784/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to