From: | "agharta82(at)gmail(dot)com" <agharta82(at)gmail(dot)com> |
---|---|
To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Is OpenSSL AES-NI not available in pgcrypto? |
Date: | 2023-01-02 16:57:38 |
Message-ID: | 6d0809a6-b8f7-4d53-0d2d-07f29a1288bd@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi all,
A question, may I wrong.
I've a Rocky Linux 8 with OpenSSL 1.1.1 FIPS and Intel cpu with aes
support (cat /proc/cpuinfo | grep aes)
Test made with openssl gives me a huge performance with aes enabled vs not:
"openssl speed -elapsed -evp aes-128-cbc" is about 5 time faster than
"openssl speed -elapsed aes-128-cbc" or another "software calculated
test", eg. "openssl speed -elapsed bf-cbc"
So OpenSSL is ok.
Postgresql 15 is compiled with openssl:
select name, setting from pg_settings where name = 'ssl_library';
name | setting
-------------+---------
ssl_library | OpenSSL
(1 row)
So, a test with pgcrypto:
select pgp_sym_encrypt(data::text, 'pwd') --default to aes128
from generate_series('2022-01-01'::timestamp, '2022-12-31'::timestamp,
'1 hour'::interval) data
vs
select pgp_sym_encrypt(data::text, 'pwd','cipher-algo=bf') -- blowfish
from generate_series('2022-01-01'::timestamp, '2022-12-31'::timestamp,
'1 hour'::interval) data
In my test both queries execution is similar....aes-128 was expected
about 5 time faster.
So, why?
Pgcrypto use OpenSSL as backend, so, does it explicit force software aes
calculation instead of AES-NI cpu ones?
Thanksfor support.
Best regards,
Agharta
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2023-01-02 18:05:22 | Re: Allow pageinspect's bt_page_stats function to return a set of rows instead of a single row |
Previous Message | Dmitry Dolgov | 2023-01-02 16:55:50 | Re: [RFC] Add jit deform_counter |