[patch 2/2] use poly1305 from openssl (1.1.1+) when possible

Yuriy M. Kaminskiy yumkam at gmail.com
Wed Feb 6 23:08:53 AEDT 2019 

On 01/16/19 13:21 , Yuriy M. Kaminskiy wrote:
> On some cpu's optimized chacha implementation in openssl (1.1.0+) is
> notably faster (and on others it is just faster) than generic C
> implementation in openssh.
>
> OpenSSL 1.1.1+ also exports "raw" poly1305 primitive, but I
> have not tried it yet (it was not in 1.1.0).

And here it is.

> Trivial benchmark:
> time ssh -c chacha20-poly1305 at openssh.com -S none -o Compression=no \
> localhost 'dd if=/dev/zero bs=100000 count=10000' >/dev/null
> (comparing "user time")
>
> openssh: 7.9p1, self-compiled, based on upstream package from
 > debian/unstable, hostkey - ecdsa/p256, pubkey auth key - ecdh/p256
>
> Machine: pretty old amd k8 (SSE2, but no SSSE3/AVX/AESNI)
> OS: debian linux stretch, openssl 1.1.0j-1deb9u1
> i386: +8%
> amd64: +10%
>
> Machine: raspberry pi 3b+ (BCM2837B0, 4-core Cortex-A53 @1.4GHz)
> OS: raspbian/stretch

> baseline: armhf/raspbian: unpatched ssh-7.9p1: 30.8s

> with openssl 1.1.0j-1deb9u1 from raspbian (compiled for armv6 without
> neon):
> armhf/raspbian: 24.7 seconds, speed: +23%
>
> with openssl 1.1.0j-1deb9u1 from debian/stretch/armhf (compiled for
> armv7 with neon autodetection):
> armhf: 22.2 seconds, speed: +39%

openssh: 7.9p1, self-compiled, based on upstream package from
debian/unstable, with both chacha20 and poly1305 patches applied, 
compiled against:

openssl: 1.1.1a, self-compiled, based on upstream package from 
debian/unstable.

armhf: 12.0 seconds, speed: +155% against original, +85% against 
chacha20-only version.

Preliminary patches attached (again, tested against 7.9p1, on the
top of chacha20 patch). I relied on presence of EVP_PKEY_POLY1305 for 
autodetection; it uses openssl-1.1.0 abi, and can runtime-fallback to 
builtin openssh implementation.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssl-poly1305-3.patch
Type: text/x-patch
Size: 4522 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20190206/24d78bed/attachment.bin>

More information about the openssh-unix-dev mailing list