Hi all,
A question, may I wrong.
I've a Rocky Linux 8 with OpenSSL 1.1.1 FIPS and Intel cpu with aes
support (cat /proc/cpuinfo | grep aes)
Test made with openssl gives me a huge performance with aes enabled vs not:
"openssl speed -elapsed -evp aes-128-cbc" is about 5 time faster than
"openssl speed -elapsed aes-128-cbc" or another "software calculated
test", eg. "openssl speed -elapsed bf-cbc"
So OpenSSL is ok.
Postgresql 15 is compiled with openssl:
select name, setting from pg_settings where name = 'ssl_library';
name | setting
-------------+---------
ssl_library | OpenSSL
(1 row)
So, a test with pgcrypto:
select pgp_sym_encrypt(data::text, 'pwd') --default to aes128
from generate_series('2022-01-01'::timestamp, '2022-12-31'::timestamp,
'1 hour'::interval) data
vs
select pgp_sym_encrypt(data::text, 'pwd','cipher-algo=bf') -- blowfish
from generate_series('2022-01-01'::timestamp, '2022-12-31'::timestamp,
'1 hour'::interval) data
In my test both queries execution is similar....aes-128 was expected
about 5 time faster.
So, why?
Pgcrypto use OpenSSL as backend, so, does it explicit force software aes
calculation instead of AES-NI cpu ones?
Thanksfor support.
Best regards,
Agharta