OpenSSL 3.1 Released With Performance Optimizations, More AVX-512

Written by Michael Larabel in Free Software on 14 March 2023 at 02:00 PM EDT. 9 Comments
FREE SOFTWARE
OpenSSL 3.1 is out today as the new stable release for this widely-used cryptographic library. There are a number of performance optimizations to enjoy with OpenSSL 3.1, including some additional AVX-512 tuning.

The official release announcement for OpenSSL 3.1 notes the FIPS (Federal Information Processing Standards) provider has been upgraded to FIPS 140-3 compliance and also makes mention of "numerous performance improvements."

On the performance front there has been work to reduce excessive locking, performance work in the encoder and decoder frameworks, optimizing internal data structures and caching, and "various assembler optimisations to a number of different algorithms (e.g. AES-GCM, ChaCha20, SM3, SM4, SM4-GCM) across multiple processor architectures."

When digging through the CHANGES in Git, there are a few AVX-512 items specifically worth mentioning too:
- AES-GCM enabled with AVX512 vAES and vPCLMULQDQ.

- Parallel dual-prime 1536/2048-bit modular exponentiation for AVX512_IFMA capable processors.

That's good news for Intel Xeon Scalable processors (Intel engineers worked on some of the AVX-512 contributions) as well as new AMD Zen 4 processors with AVX-512 from the Ryzen 7000 series up through the EPYC 9004 series

Intel and AMD CPUs


With all the mentions of performance improvements in OpenSSL 3.1, I was eager to fire up some benchmarks myself...
OpenSSL 3.x Benchmarks

For some quick, launch-day benchmarking I used the AMD Ryzen 9 7950X on Ubuntu Linux compared to OpenSSL 3.0. The same build configuration, same options, same compiler for this quick comparison of just 3.0 vs. 3.1:
OpenSSL benchmark with settings of Algorithm: SHA256. OpenSSL 3.1 was the fastest.

OpenSSL benchmark with settings of Algorithm: SHA512. OpenSSL 3.1 was the fastest.

OpenSSL benchmark with settings of Algorithm: RSA4096. OpenSSL 3.1 was the fastest.

OpenSSL benchmark with settings of Algorithm: ChaCha20. OpenSSL 3.0 was the fastest.

OpenSSL benchmark with settings of Algorithm: AES-128-GCM. OpenSSL 3.1 was the fastest.

OpenSSL benchmark with settings of Algorithm: AES-256-GCM. OpenSSL 3.1 was the fastest.

Quite some nice performance improvements at least for the latest AMD Zen 4 processors! I'll be running OpenSSL 3.1 benchmarks on more hardware in the days to come. OpenSSL 3.1 can be downloaded at OpenSSL.org.
9 Comments
Related News
Servo Browser Engine Landed More Performance Optimizations In November
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
Llamafile 0.8.17 Brings New Web UI For This Easy-To-Distribute AI LLM Framework
Zrythm 1.0 Released For Powerful Open-Source Digital Audio Workstation
Blender 4.3 Released With AMD HIP-RT Ray-Tracing On Linux, Experimental Vulkan Backend
FreeCAD 1.0 Released With UI/UX Improvements, New Materials System
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features
NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance
Rust-Based, Memory-Safe PNG Decoders "Vastly Outperform" C-Based PNG Libraries