Examples:
* AES-128-GCM | AES-256-GCM
- Baseline - Requires VAES and VPCMULQDQ features present on ICX or newer platform. This should be the most performant flow.
$ taskset -c 0 openssl speed -evp aes-128-gcm
- Individual VAES Disabled and VPCLMULQDQ Disabled should fallback to AVX AESNI flow and should have equivalent performance
$ OPENSSL_ia32cap=:~0x20000000000 taskset -c 0 openssl speed -evp aes-128-gcm
$ OPENSSL_ia32cap=:~0x40000000000 taskset -c 0 openssl speed -evp aes-128-gcm
- AESNI and VAESNI Disabled should fallback to 'C code' performance
$ OPENSSL_ia32cap=~0x200000000000000:~0x20000000000 taskset -c 0 openssl speed -evp aes-128-gcm
* RSA 2K/3K/4K Sign Performance
- Baseline - Requires AVX512F, AVX512VL, AVX512DQ, and AVX512IFMA features on ICX or newer platform. This should be the most performant flow.
$ taskset -c 0 openssl speed rsa2048 rsa3072 rsa4096
- Individual AVX512F, AVX512VL, and AVX512IFMA features should yield equivalent performance. This flow will use the ADOX/ADCX/MULX RSA flow.
$ OPENSSL_ia32cap=:~0x10000 taskset -c 0 openssl speed rsa2048 rsa3072 rsa4096
$ OPENSSL_ia32cap=:~0x80000000 taskset -c 0 openssl speed rsa2048 rsa3072 rsa4096
$ OPENSSL_ia32cap=:~0x20000 taskset -c 0 openssl speed rsa2048 rsa3072 rsa4096
$ OPENSSL_ia32cap=:~0x200000 taskset -c 0 openssl speed rsa2048 rsa3072 rsa4096
Hi @schopin,
Recommended way to test the relevant code paths would be to use OpenSSL’s Capability Bits Environment variable. Notes below:
Ubuntu - OpenSSL OPENSSL_ia32cap Environment Variable /www.openssl. org/docs/ manmaster/ man3/OPENSSL_ ia32cap. html
OpenSSL Environment variable processor feature bit disable combos for testing.
https:/
* AES-GCM Relevant Feature Disable
Disable VAES-NI ia32cap= :~0x20000000000
$ export OPENSSL_
Disable VPCLMULQDQ ia32cap= :~0x40000000000
$ export OPENSSL_
Disable AES-NI ia32cap= ~0x200000000000 000
$ export OPENSSL_
Disable AESNI + VAESNI ia32cap= ~0x200000000000 000:~0x20000000 000
$ export OPENSSL_
* RSA 2K/3K/4K Sign Relevant Feature Disable
Disable AVX512F ia32cap= :~0x10000
$ export OPENSSL_
Disable AVX512VL ia32cap= :~0x80000000
$ export OPENSSL_
Disable AVX512DQ ia32cap= :~0x20000
$ export OPENSSL_
Disable AVX512IFMA ia32cap= :~0x200000
$ export OPENSSL_
* Unset any previous caps
$ unset OPENSSL_ia32cap
Examples:
* AES-128-GCM | AES-256-GCM
- Baseline - Requires VAES and VPCMULQDQ features present on ICX or newer platform. This should be the most performant flow.
$ taskset -c 0 openssl speed -evp aes-128-gcm
- Individual VAES Disabled and VPCLMULQDQ Disabled should fallback to AVX AESNI flow and should have equivalent performance ia32cap= :~0x20000000000 taskset -c 0 openssl speed -evp aes-128-gcm ia32cap= :~0x40000000000 taskset -c 0 openssl speed -evp aes-128-gcm
$ OPENSSL_
$ OPENSSL_
- AESNI and VAESNI Disabled should fallback to 'C code' performance ia32cap= ~0x200000000000 000:~0x20000000 000 taskset -c 0 openssl speed -evp aes-128-gcm
$ OPENSSL_
* RSA 2K/3K/4K Sign Performance
- Baseline - Requires AVX512F, AVX512VL, AVX512DQ, and AVX512IFMA features on ICX or newer platform. This should be the most performant flow.
$ taskset -c 0 openssl speed rsa2048 rsa3072 rsa4096
- Individual AVX512F, AVX512VL, and AVX512IFMA features should yield equivalent performance. This flow will use the ADOX/ADCX/MULX RSA flow. ia32cap= :~0x10000 taskset -c 0 openssl speed rsa2048 rsa3072 rsa4096 ia32cap= :~0x80000000 taskset -c 0 openssl speed rsa2048 rsa3072 rsa4096 ia32cap= :~0x20000 taskset -c 0 openssl speed rsa2048 rsa3072 rsa4096 ia32cap= :~0x200000 taskset -c 0 openssl speed rsa2048 rsa3072 rsa4096
$ OPENSSL_
$ OPENSSL_
$ OPENSSL_
$ OPENSSL_