Debian Bug report logs - #139783
openssl: debian version very slow

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Erno Kuusela <erno-debbugs@erno.iki.fi>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: openssl: debian version very slow

Date: Mon, 25 Mar 2002 03:21:52 +0200

Package: openssl
Version: 0.9.6c-1
Severity: important


the debian packaged version of openssl is twice as slow as openssl
compiled straight from the tarball (with ./Configure linux-elf && make):

(erno@fabulous) /tmp/openssl-0.9.6b % apps/openssl speed rsa1024
Doing 1024 bit private rsa's for 10s: 1954 1024 bit private RSA's in 9.96s
Doing 1024 bit public rsa's for 10s: 39676 1024 bit public RSA's in 9.95s
OpenSSL 0.9.6b 9 Jul 2001
built on: Mon Mar 25 03:14:08 EET 2002
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(idx)
compiler: gcc -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
                  sign    verify    sign/s verify/s
rsa 1024 bits   0.0051s   0.0003s    196.2   3987.5

vs

(erno@fabulous) /tmp/openssl-0.9.6b % /usr/bin/openssl speed rsa1024
Doing 1024 bit private rsa's for 10s: 933 1024 bit private RSA's in 9.92s
Doing 1024 bit public rsa's for 10s: 18804 1024 bit public RSA's in 9.90s
OpenSSL 0.9.6c 21 dec 2001
built on: Sat Jan  5 19:53:45 CET 2002
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx)
compiler: gcc -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DNO_IDEA -DNO_MDC2 -DNO_RC5 -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
                  sign    verify    sign/s verify/s
rsa 1024 bits   0.0106s   0.0005s     94.1   1899.4


-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux fabulous 2.4.19-pre2-ac2 #2 Tue Mar 5 00:25:03 EET 2002 i686
Locale: LANG=C, LC_CTYPE=fi_FI

Versions of packages openssl depends on:
ii  libc6                         2.2.5-3    GNU C Library: Shared libraries an
ii  libssl0.9.6                   0.9.6c-1   SSL shared libraries
ii  perl                          5.6.1-7    Larry Wall's Practical Extraction 

Message #10 received at 139783@bugs.debian.org (full text, mbox, reply):

From: Junichi Uekawa <dancer@netfort.gr.jp>

To: Erno Kuusela <erno-debbugs@erno.iki.fi>, 139783@bugs.debian.org

Subject: Re: Bug#139783: openssl: debian version very slow

Date: Fri, 29 Mar 2002 07:28:14 +0900

Erno Kuusela <erno-debbugs@erno.iki.fi> cum veritate scripsit:

> the debian packaged version of openssl is twice as slow as openssl
> compiled straight from the tarball (with ./Configure linux-elf && make):

your version only runs on 486 or higher.


regards,
	junichi
-- 
dancer@debian.org : Junichi Uekawa   http://www.netfort.gr.jp/~dancer
GPG Fingerprint : 17D6 120E 4455 1832 9423  7447 3059 BF92 CD37 56F4

Message #15 received at 139783@bugs.debian.org (full text, mbox, reply):

From: Michael Stone <mstone@debian.org>

To: 139783@bugs.debian.org

Subject: Re: Bug#139783: openssl: debian version very slow

Date: Thu, 15 Aug 2002 07:58:43 -0400

What would be nice is if the debian package made it easy to create local
optimized versions. (On some architectures, e.g., sparc, this can means a
3-5 second speedup for every ssh connection.) It's currently possible
but non-trivial to build an optimized package.

Mike Stone

Message #20 received at 139783@bugs.debian.org (full text, mbox, reply):

From: Aaron Lehmann <aaronl@vitelus.com>

To: Christoph Martin <martin@verwaltung.uni-mainz.de>, 139783@bugs.debian.org

Cc: Goswin Brederlow <goswin.brederlow@student.uni-tuebingen.de>, debian-devel@lists.debian.org

Subject: Re: [RFD] optimized versions of openssl

Date: Fri, 6 Sep 2002 15:40:14 -0700

On Fri, Sep 06, 2002 at 04:53:56PM +0200, Christoph Martin wrote:
> The speedup between 386 and 486 code is a factor of 2 !!
> 
> See: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139783&repeatmerged=yes

This is false.

I think the reporter doesn't realize that "./Configure linux-elf" WILL
use pentium assembly optimizations, at least on my computer:

(cd asm; /usr/bin/perl bn-586.pl cpp >bn86unix.cpp )
gcc -E -DELF -x c asm/bn86unix.cpp | as -o asm/bn86-elf.o
(cd asm; /usr/bin/perl co-586.pl cpp >co86unix.cpp )
gcc -E -DELF -x c asm/co86unix.cpp | as -o asm/co86-elf.o

I presume that the Debian package explicitly disables the use of these
586 routines.

I don't find it surprising that a version with critical routines
optimized in pentium assembler is 2x faster. In fact, I also got a
ratio of 2 in rsa1024 speed difference between /usr/bin/openssl and a
self compiled "./Configure linux-elf ; make" build (and the latter
appears to have used i586 assembly code).

Of course I think these optimizations should be made available to
Debian users. Also, openssl's build system is awful. In my build
(standard "linux-elf") it chose to use pentium-optimized handcoded routines,
but runs gcc with the -m486 option instead of something like
-march=pentium (or even better in my case: -march=pentiumpro). These
things need to be fixed. If we make packages that include the pentium
assembler optimizations, the C code should also be targeted to
something better than a 486.

I think the ideal compromise would be to have openssl compile all the
different assembly variants and select a compatible version at
runtime. Preferably a seperate lib would be made for each subarch that
could be dynamically loaded, but it doesn't have to be implemented
this way. Runtime cpu detection has already been discussed in this
thread. The ideal way to compile the subarch-neutral C code for such
an approach would probably be with -mcpu=pentiumpro (to retain
compatibility with i386 but optimize insn scheduling for ppro), and
similar options on other platforms like sparc.

Message #25 received at 139783-close@bugs.debian.org (full text, mbox, reply):

From: Christoph Martin <christoph.martin@uni-mainz.de>

To: 139783-close@bugs.debian.org

Subject: Bug#139783: fixed in openssl 0.9.6g-3

Date: Fri, 20 Sep 2002 10:47:33 -0400

We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive:

libssl-dev_0.9.6g-3_i386.deb
  to pool/main/o/openssl/libssl-dev_0.9.6g-3_i386.deb
libssl0.9.6_0.9.6g-3_i386.deb
  to pool/main/o/openssl/libssl0.9.6_0.9.6g-3_i386.deb
openssl_0.9.6g-3.diff.gz
  to pool/main/o/openssl/openssl_0.9.6g-3.diff.gz
openssl_0.9.6g-3.dsc
  to pool/main/o/openssl/openssl_0.9.6g-3.dsc
openssl_0.9.6g-3_i386.deb
  to pool/main/o/openssl/openssl_0.9.6g-3_i386.deb
ssleay_0.9.6g-3_all.deb
  to pool/main/o/openssl/ssleay_0.9.6g-3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 139783@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Martin <christoph.martin@uni-mainz.de> (supplier of updated openssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 19 Sep 2002 18:33:04 +0200
Source: openssl
Binary: libssl0.9.6 ssleay libssl-dev openssl
Architecture: source all i386
Version: 0.9.6g-3
Distribution: unstable
Urgency: low
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>
Changed-By: Christoph Martin <christoph.martin@uni-mainz.de>
Description: 
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.6 - SSL shared libraries
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
 ssleay     - Convenience package to replace ssleay with openssl
Closes: 139783
Changes: 
 openssl (0.9.6g-3) unstable; urgency=low
 .
   * add optimized libraries for i586, i686, ev4, ev5 and v9 (closes: #139783)
Files: 
 1dfcb41497ba6f3062d9c8179033e26f 667 utils optional openssl_0.9.6g-3.dsc
 08dc48fe674e4331dd806843e883fa94 34746 utils optional openssl_0.9.6g-3.diff.gz
 74dea9298710d2b21a3c3f8f1a5a88d0 723636 utils optional openssl_0.9.6g-3_i386.deb
 ff72700bb2c3f43a8d26870f53344ca6 1214188 libs standard libssl0.9.6_0.9.6g-3_i386.deb
 b142846d1cf4268ce304803ddb55d6c7 1267196 devel optional libssl-dev_0.9.6g-3_i386.deb
 9911979c9ae99597f7112e686adbe36d 976 utils optional ssleay_0.9.6g-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj2LMaEACgkQgeVih7XOVJcNzACeJ22oPniUApQOp/Y08pMAs8wq
uBUAn2A8/vm1dOwCLGvA22np1XGcDTR6
=yJgV
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.