[PATCH] digest-openssl: improve OpenSSL v3 support

Dimitri John Ledkov dimitri.ledkov at surgut.co.uk
Tue Sep 2 06:51:29 AEST 2025 

On Mon, 1 Sept 2025 at 00:44, Damien Miller <djm at mindrot.org> wrote:
>
> On Sun, 31 Aug 2025, Dimitri John Ledkov wrote:
>
> > From OpenSSL v3 documentation https://docs.openssl.org/3.0/man3/EVP_sha1/#notes:
> >
> >   Developers should be aware of the negative performance implications
> >   of calling this function multiple times and should consider using
> >   EVP_MD_fetch(3) with EVP_MD-SHA1(7) instead. See "Performance" in
> >   crypto(7) for further information.
>
> hash/MAC instantiation doesn't happen very often in OpenSSH. Does this
> change yield any observable performance benefit? ("make unit-bench"
> might help here).
>
> -d

Nothing noticeable, or groundbreaking - tested on my laptop and
results are unstable, thus I would say it's about the same, even in
extreme micro benchmarks.
Most results are slightly better, but also some are unstable, and very
tiny differences which could be just noise.

Note overall performance surely is dominated by the actual computation
of RSA/SHA/ECDSA/EDDSA, rather than this algorithm fetching.

Using $ ./regress/unittests/sshkey/test_sshkey -b

Benchmark                        Before                After
sign RSA-1024/SHA1          16797.12 sign/s       17135.90 sign/s
sign RSA-1024/SHA256        16670.00 sign/s       17093.72 sign/s
sign RSA-1024/SHA512        16637.55 sign/s       15972.40 sign/s
sign RSA-2048/SHA1           2465.27 sign/s        2590.75 sign/s
sign RSA-2048/SHA256         2469.61 sign/s        2485.07 sign/s
sign RSA-2048/SHA512         2486.04 sign/s        2612.75 sign/s
sign ECDSA-256              59140.10 sign/s       60613.41 sign/s
sign ECDSA-384               8926.26 sign/s        9157.93 sign/s
sign ECDSA-521               6177.91 sign/s        6467.89 sign/s
sign ED25519                 3160.16 sign/s        3244.74 sign/s
verify RSA-1024/SHA1       204918.03 verify/s    211999.15 verify/s
verify RSA-1024/SHA256     199163.51 verify/s    201816.35 verify/s
verify RSA-1024/SHA512     185701.02 verify/s    188111.36 verify/s
verify RSA-2048/SHA1        75255.87 verify/s     74090.54 verify/s
verify RSA-2048/SHA256      73866.15 verify/s     72290.90 verify/s
verify RSA-2048/SHA512      71418.37 verify/s     72411.30 verify/s
verify ECDSA-256            19883.48 verify/s     20581.64 verify/s
verify ECDSA-384             4008.85 verify/s      3917.16 verify/s
verify ECDSA-521             3281.55 verify/s      3293.18 verify/s
verify ED25519                922.48 verify/s       932.14 verify/s

-- 
Regards,

Dimitri.

More information about the openssh-unix-dev mailing list