[gnutls-devel] GnuTLS | Library incompatible with x86_64 CET/shadow stack (#1658)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Feb 14 02:23:24 CET 2025
Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1658#note_2347549018
Depending on your use-case, it might be an option to build GnuTLS with `--disable-hardware-acceleration`, relying on the optimizations provided by Nettle. You could check the performance difference with:
```console
# with Nettle assembly
GNUTLS_CPUID_OVERRIDE=0x1 src/gnutls-cli --benchmark-ciphers
Checking AEAD ciphers, payload size: 16384
AES-128-GCM 3.58 GB/sec
AES-128-CCM 1.42 GB/sec
CHACHA20-POLY1305 0.63 GB/sec
[...]
# with OpenSSL assembly
env -u GNUTLS_CPUID_OVERRIDE src/gnutls-cli --benchmark-ciphers
Checking AEAD ciphers, payload size: 16384
AES-128-GCM 7.79 GB/sec
AES-128-CCM 1.44 GB/sec
CHACHA20-POLY1305 0.63 GB/sec
[...]
```
On a decent x86_64 machine, you will observe visible differences, e.g., in AES-128-GCM test, though they are not an order of magnitude these days.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1658#note_2347549018
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250214/5d537a9c/attachment.html>
More information about the Gnutls-devel
mailing list