Skip to content

slow performance on IBM POWER architecture

the AES performance of GnuTLS is quite bad compared to openssl on AIX on POWER. The POWER architecture has AES instruction and they the shipped openssl version makes use of this obviously, here are the aes gcm/ccm benchmark numbers for openssl on AIX 7.1 on a single core POWER9 machine:

openssl speed -elapsed -evp aes-128-ccm

... options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,long) aes(partial) blowfish(idx) compiler: cc -I. -I.. -I../include -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -DSSL_ALLOW_ADH -DAIXSSL_IBM_VERSION=1.0.2.1100 -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-ccm 230501.53k 931205.48k 3716121.69k 14873766.91k 119393654.10k

openssl speed -elapsed -evp aes-128-gcm

options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,long) aes(partial) blowfish(idx) compiler: cc -I. -I.. -I../include -DOPENSSL_THREADS -qthreaded -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -DSSL_ALLOW_ADH -DAIXSSL_IBM_VERSION=1.0.2.1100 -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DVPAES_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-gcm 227103.28k 545682.50k 1579801.94k 2419030.70k 2795500.89k

The GnuTLS numbers are magnitudes lower:

gnutls-cli --benchmark-tls-ciphers

Testing throughput in cipher/MAC combinations (payload: 1400 bytes) AES-128-GCM - TLS1.2 7.18 MB/sec AES-128-GCM - TLS1.3 12.57 MB/sec AES-128-CCM - TLS1.2 14.71 MB/sec AES-128-CCM - TLS1.3 14.64 MB/sec CHACHA20-POLY1305 - TLS1.2 17.14 MB/sec CHACHA20-POLY1305 - TLS1.3 16.97 MB/sec AES-128-CBC - TLS1.0 14.48 MB/sec CAMELLIA-128-CBC - TLS1.0 7.94 MB/sec

Testing throughput in cipher/MAC combinations (payload: 16384 bytes) AES-128-GCM - TLS1.2 13.30 MB/sec AES-128-GCM - TLS1.3 13.22 MB/sec AES-128-CCM - TLS1.2 15.67 MB/sec AES-128-CCM - TLS1.3 15.61 MB/sec CHACHA20-POLY1305 - TLS1.2 18.59 MB/sec CHACHA20-POLY1305 - TLS1.3 18.47 MB/sec AES-128-CBC - TLS1.0 16.12 MB/sec CAMELLIA-128-CBC - TLS1.0 8.38 MB/sec

Would it be possible to get to get the improvements that openssl has also to GnuTLS? IBM might be interested to push that improvement together with Red Hat also for the Linux PPC architecture and the result might be beneficial for Linux and AIX in the end.