Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AES: use EVP functions instead of deprecated functions #133

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

ArnaudBienner
Copy link
Contributor

Among other things, they use hardware acceleration (like AES-NI) which brings a significant performance improvement.

From my tests on an Intel CPU, this makes unwrapping of encrypted MXF ~20x faster.

I started to look at the HMAC part too, but it looks like it is already using hardware acceleration and it didn't bring any performance improvement, so I didn't updated that part for now, despite the functions being deprecated too.

@Jason-elkins
Copy link
Contributor

@ArnaudBienner, What is the cpu count for your benchmark?

@ArnaudBienner
Copy link
Contributor Author

ArnaudBienner commented Jan 26, 2024

@ArnaudBienner, What is the cpu count for your benchmark?

4 cores, this runs only on one core (either the old version or the new one with one with my patch) as asdcplib is not multithreaded.

@Jason-elkins
Copy link
Contributor

@ArnaudBienner, What is the cpu you are using? (so we can make sure we're using the same instruction set).

@ArnaudBienner
Copy link
Contributor Author

@ArnaudBienner, What is the cpu you are using? (so we can make sure we're using the same instruction set).

I tried on Intel CPU: in this case openssl uses AES-NI instructions set.

The information about whether or not AES-NI is available for a given processor is available on Intel website.
e.g. for i7-7920HQ
"Intel® AES New Instructions Yes"

So using a modern Intel CPU, which has AES-NI, you should be able to see a difference in performance between the old and new implementation.

AFAICT all recent Intel CPU now have AES-NI.

Note that it is also possible to deactivate the hardware acceleration in openssl through environment variable.
See https://www.openssl.org/docs/manmaster/man3/OPENSSL_ia32cap.html for more details.

For instance, to disable Intel AES-NI you can do

export OPENSSL_ia32cap="~0x200000200000000"

before executing asdcp-unwrap or asdcp-wrap and you will be able to notice a difference with and without the hardware acceleration.

It's likely using openssl EVP functions provides other acceleration for other type of CPU (e.g. ARM) but I didn't test those.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants