OpenSSL 3.1 Released With Performance Optimizations, More AVX-512

Written by Michael Larabel in Free Software on 14 March 2023 at 02:00 PM EDT. 9 Comments
FREE SOFTWARE
OpenSSL 3.1 is out today as the new stable release for this widely-used cryptographic library. There are a number of performance optimizations to enjoy with OpenSSL 3.1, including some additional AVX-512 tuning.

The official release announcement for OpenSSL 3.1 notes the FIPS (Federal Information Processing Standards) provider has been upgraded to FIPS 140-3 compliance and also makes mention of "numerous performance improvements."

On the performance front there has been work to reduce excessive locking, performance work in the encoder and decoder frameworks, optimizing internal data structures and caching, and "various assembler optimisations to a number of different algorithms (e.g. AES-GCM, ChaCha20, SM3, SM4, SM4-GCM) across multiple processor architectures."

When digging through the CHANGES in Git, there are a few AVX-512 items specifically worth mentioning too:
- AES-GCM enabled with AVX512 vAES and vPCLMULQDQ.

- Parallel dual-prime 1536/2048-bit modular exponentiation for AVX512_IFMA capable processors.

That's good news for Intel Xeon Scalable processors (Intel engineers worked on some of the AVX-512 contributions) as well as new AMD Zen 4 processors with AVX-512 from the Ryzen 7000 series up through the EPYC 9004 series

Intel and AMD CPUs


With all the mentions of performance improvements in OpenSSL 3.1, I was eager to fire up some benchmarks myself...
OpenSSL 3.x Benchmarks

For some quick, launch-day benchmarking I used the AMD Ryzen 9 7950X on Ubuntu Linux compared to OpenSSL 3.0. The same build configuration, same options, same compiler for this quick comparison of just 3.0 vs. 3.1:
OpenSSL benchmark with settings of Algorithm: SHA256. OpenSSL 3.1 was the fastest.

OpenSSL benchmark with settings of Algorithm: SHA512. OpenSSL 3.1 was the fastest.

OpenSSL benchmark with settings of Algorithm: RSA4096. OpenSSL 3.1 was the fastest.

OpenSSL benchmark with settings of Algorithm: ChaCha20. OpenSSL 3.0 was the fastest.

OpenSSL benchmark with settings of Algorithm: AES-128-GCM. OpenSSL 3.1 was the fastest.

OpenSSL benchmark with settings of Algorithm: AES-256-GCM. OpenSSL 3.1 was the fastest.

Quite some nice performance improvements at least for the latest AMD Zen 4 processors! I'll be running OpenSSL 3.1 benchmarks on more hardware in the days to come. OpenSSL 3.1 can be downloaded at OpenSSL.org.
9 Comments
Related News
Rustls Can Now Work With Nginx Via New OpenSSL Compatibility Layer
Zed Code Editor Making Progress On Linux Support
Dillo 3.1 Lightweight Web Browser Released After Nine Years
GIMP 2.10.38 Released As What Might Be The Last Of GIMP 2
Nano 8.0 Text Editor Released With Modern Bindings Option
Git 2.45 Released With Initial SHA1/SHA256 Interoperability & Reftable Support
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
NetBSD On The State & Future Of X.Org/X11
Framework Laptop EC Driver Being Prepared For Linux
NVIDIA's Open GPU Linux Kernel Driver Will Soon Be The Default For Turing & Newer GPUs
Valve Working On Explicit Sync Support For "NVK" NVIDIA Vulkan Driver
Wine 9.8 Fixes Nearly 20 Year Old Bug For Installing Microsoft Office 97
GNOME Shell's Layout Being Improved For Smaller Displays
Zed Code Editor Making Progress On Linux Support
GNOME Took In $556k Last Year While Spending $675.9k