[erlang-questions] crypto:hmac/3 using hardware acceleration

Ben Browitt ben.browitt@REDACTED
Wed Feb 19 18:14:59 CET 2020


Thank you Hans, that's great.
I probably missed it in the release notes.
I'll benchmark and compare hmac on a server with and without sha hardware
accelerations.

On Wed, Feb 19, 2020 at 5:18 PM Hans Nilsson R <hans.r.nilsson@REDACTED>
wrote:

> Crypto uses the EVP interfase for hash and mac (as well ass ciphers) with
> some conditions:
>
> Since OTP-22.1:
> The hash functions in crypto (hash,/2, hash_init/1, hash_update/2 and
> hash_final/1) use the EVP interface if the underlying cryptolib is OpenSSL
> 1.0.0 or higher.
>
> Since OTP-22.1.3:
> The mac functions (mac, macN, mac_init, mac_update, mac_final and
> mac_finalN) use the EVP interface if the underlying cryptolib is OpenSSL
> 1.1.1 or higher.
>
> /Hans
> ------------------------------
> *Från:* erlang-questions <erlang-questions-bounces@REDACTED> för Ben
> Browitt <ben.browitt@REDACTED>
> *Skickat:* den 18 februari 2020 17:55
> *Till:* zxq9@REDACTED <zxq9@REDACTED>
> *Kopia:* erlang-questions@REDACTED <erlang-questions@REDACTED>
> *Ämne:* Re: [erlang-questions] crypto:hmac/3 using hardware acceleration
>
> AWS [1] and GCP [2] provide AMD EPYC servers  with SHA hardware
> accelerations.
> Intel Ice Lake servers will also have SHA hardware accelerations [3].
> Is there a chance OTP 23 could use EVP for SHA? This will give a large
> performance boost.
>
> [1] https://aws.amazon.com/ec2/amd/
> [2]
> https://cloud.google.com/blog/products/compute/announcing-the-n2d-vm-family-based-on-amd
> <https://protect2.fireeye.com/v1/url?k=5f4e9246-03c459b2-5f4ed2dd-86cd58c48020-a6f86d945d59dea5&q=1&e=ae3465f0-e6c3-4143-ae82-51afb4cdbf8e&u=https%3A%2F%2Fcloud.google.com%2Fblog%2Fproducts%2Fcompute%2Fannouncing-the-n2d-vm-family-based-on-amd>
> [3] https://en.wikipedia.org/wiki/Ice_Lake_(microprocessor)
>
> On Wed, May 8, 2019 at 4:34 PM <zxq9@REDACTED> wrote:
>
> On 2019年5月8日水曜日 14時15分51秒 JST Ben Browitt wrote:
> > I've tested the speed with and without evp. evp is slower because Intel
> > cpus don't have hardware acceleration for sha.
> > So it's best to leave it without evp for now. Thanks.
> > openssl speed sha1
> > openssl speed -evp sha1
>
> I think it depends on how your openssl was built and which processor
> family you have. IIRC Intel has SHA1 hardware support, and AMD has
> SHA1 and SHA256 hardware instructions since RyZen.
>
> May also depend on if you are running virtualized and whether the
> hypervisor is exposing the instructions.
>
> In the base case I imagine it would "just work", but not if this is
> disabled in a vanilla Linux/BSD/whatever distribution binary, or if
> your system is set to a mode that restricts some instructions.
>
> -Craig
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20200219/113dcb90/attachment.htm>


More information about the erlang-questions mailing list