Optimizations for Apple Silicon?

Hubert Kario hkario at redhat.com
Mon Mar 20 17:11:17 UTC 2023

On Monday, 20 March 2023 16:14:39 CET, Michael Wojcik via openssl-users 
>> From: openssl-users <openssl-users-bounces at openssl.org> On 
>> Behalf Of Blumenthal, Uri - 0553 - MITLL
>> Sent: Monday, 20 March, 2023 08:28
>> Naïve questions, driven my current use of Apple Silicon 
>> (includes AES, SHA1, SHA2, SHA3 extended instructions):
>> 1. Does the current stable OpenSSL-3.1.0 include (assembly?) 
>> code to take advantage, aka - utilize, these CPU instructions?
> For 3.0.8, a quick look at Configurations/15-ios.conf shows it 
> uses the armv4 assembly configuration, and at 
> crypto/aes/asm/aes-armv4.pl suggests it's not using any 
> dedicated instruction. The comments at the top of the latter 
> list various performance improvements but nothing about using an 
> extended instruction if it's available.
> Glancing at some search results it appears the dedicated 
> instruction can get down to 0.9 cycles/byte, whereas the OpenSSL 
> source states it reaches 21.5 cycles/byte, so using the 
> dedicated instruction would be a big performance gain -- if 
> those sources are comparing the same thing (one might be 
> including some portion of overhead excluded by the other), and 
> only when doing AES operations, of course. With TLS, for 
> example, I/O will typically dominate so speeding up may not do 
> much for many applications.
> Now that said, there seem to be crypto/*/asm/*-armv8.pl files, 
> but 1) they don't seem to be used by any configurations, and 2) 
> the AES one (vpaes-armv8.pl) is a vectorized AES but doesn't 
> seem to use any dedicated instruction -- though I'm not at all 
> an ARM assembly programmer, so take that with a lot of salt.
>> 2. How can I check whether openssl installation (binary and 
>> libraries) are compiled with Silicon optimizations (if I did 
>> not
>> compile from source myself)?
> If I wanted to do this, I'd probably disassemble libcrypto on 
> the target platform and search for the symbol AES_encrypt, and 
> then look at the implementation, or just search the disassembly 
> for the instruction in question with a suitable regex search. 
> There might be an easier way.

actually you may want to rather look into OPENSSL_armcap and how it's used

OpenSSL doesn't accelerate just the underlying instructions, it accelerates
whole cipher modes or even combined encryption+MAC operations

>> 3. What's the current analog of rdrand engine? I.e., does 
>> OpenSSL take input from RDRAND and its analog on AARCH64,
>> and how can I check that it does?
> RDRAND, yes, if OpenSSL was not built with no-rdrand. I don't 
> know what the analog might be on ARM.
> Hopefully someone can provide more detailed and authoritative answers...

Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic

More information about the openssl-users mailing list