<div dir="ltr"><div>Thank you Hans, that's great.</div><div>I probably missed it in the release notes.</div><div>I'll benchmark and compare hmac on a server with and without sha hardware accelerations.<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Feb 19, 2020 at 5:18 PM Hans Nilsson R <<a href="mailto:hans.r.nilsson@ericsson.com">hans.r.nilsson@ericsson.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div style="font-family:"Courier New",monospace;font-size:10pt;color:rgb(0,0,0)">
Crypto uses the EVP interfase for hash and mac (as well ass ciphers) with some conditions:</div>
<div style="font-family:"Courier New",monospace;font-size:10pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:"Courier New",monospace;font-size:10pt;color:rgb(0,0,0)">
Since OTP-22.1:<br>
</div>
<div style="font-family:"Courier New",monospace;font-size:10pt;color:rgb(0,0,0)">
The hash functions in crypto (hash,/2, hash_init/1, hash_update/2 and hash_final/1) use the EVP interface if the underlying cryptolib is OpenSSL 1.0.0 or higher.</div>
<div style="font-family:"Courier New",monospace;font-size:10pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:"Courier New",monospace;font-size:10pt;color:rgb(0,0,0)">
Since OTP-22.1.3:<br>
</div>
<div style="font-family:"Courier New",monospace;font-size:10pt;color:rgb(0,0,0)">
The mac functions (mac, macN, mac_init, mac_update, mac_final and mac_finalN) use the EVP interface if the underlying cryptolib is OpenSSL 1.1.1 or higher.</div>
<div style="font-family:"Courier New",monospace;font-size:10pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:"Courier New",monospace;font-size:10pt;color:rgb(0,0,0)">
/Hans<br>
</div>
<div id="gmail-m_1110423570732962710appendonsend"></div>
<hr style="display:inline-block;width:98%">
<div id="gmail-m_1110423570732962710divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>Från:</b> erlang-questions <<a href="mailto:erlang-questions-bounces@erlang.org" target="_blank">erlang-questions-bounces@erlang.org</a>> för Ben Browitt <<a href="mailto:ben.browitt@gmail.com" target="_blank">ben.browitt@gmail.com</a>><br>
<b>Skickat:</b> den 18 februari 2020 17:55<br>
<b>Till:</b> <a href="mailto:zxq9@zxq9.com" target="_blank">zxq9@zxq9.com</a> <<a href="mailto:zxq9@zxq9.com" target="_blank">zxq9@zxq9.com</a>><br>
<b>Kopia:</b> <a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a> <<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a>><br>
<b>Ämne:</b> Re: [erlang-questions] crypto:hmac/3 using hardware acceleration</font>
<div> </div>
</div>
<div>
<div dir="ltr">
<div>AWS [1] and GCP [2] provide AMD EPYC servers with SHA hardware accelerations.</div>
<div>Intel Ice Lake servers will also have SHA hardware accelerations [3].</div>
<div>Is there a chance OTP 23 could use EVP for SHA? This will give a large performance boost.<br>
</div>
<div><br>
</div>
<div>[1] <a href="https://aws.amazon.com/ec2/amd/" target="_blank">https://aws.amazon.com/ec2/amd/</a></div>
<div>[2] <a href="https://protect2.fireeye.com/v1/url?k=5f4e9246-03c459b2-5f4ed2dd-86cd58c48020-a6f86d945d59dea5&q=1&e=ae3465f0-e6c3-4143-ae82-51afb4cdbf8e&u=https%3A%2F%2Fcloud.google.com%2Fblog%2Fproducts%2Fcompute%2Fannouncing-the-n2d-vm-family-based-on-amd" target="_blank">
https://cloud.google.com/blog/products/compute/announcing-the-n2d-vm-family-based-on-amd</a></div>
<div>[3] <a href="https://en.wikipedia.org/wiki/Ice_Lake_(microprocessor)" target="_blank">https://en.wikipedia.org/wiki/Ice_Lake_(microprocessor)</a></div>
</div>
<br>
<div>
<div dir="ltr">On Wed, May 8, 2019 at 4:34 PM <<a href="mailto:zxq9@zxq9.com" target="_blank">zxq9@zxq9.com</a>> wrote:<br>
</div>
<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
On 2019年5月8日水曜日 14時15分51秒 JST Ben Browitt wrote:<br>
> I've tested the speed with and without evp. evp is slower because Intel<br>
> cpus don't have hardware acceleration for sha.<br>
> So it's best to leave it without evp for now. Thanks.<br>
> openssl speed sha1<br>
> openssl speed -evp sha1<br>
<br>
I think it depends on how your openssl was built and which processor<br>
family you have. IIRC Intel has SHA1 hardware support, and AMD has<br>
SHA1 and SHA256 hardware instructions since RyZen.<br>
<br>
May also depend on if you are running virtualized and whether the<br>
hypervisor is exposing the instructions.<br>
<br>
In the base case I imagine it would "just work", but not if this is<br>
disabled in a vanilla Linux/BSD/whatever distribution binary, or if<br>
your system is set to a mode that restricts some instructions.<br>
<br>
-Craig<br>
_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
</blockquote>
</div>
</div>
</div>
</blockquote></div>