openssl performance delta built-in vs custom compiled

Marcus Pollice marcus.pollice at
Sun Jan 25 11:44:00 UTC 2015

Marcus Pollice
On 22.12.2014 03:20, Mathieu Trudel-Lapierre wrote:
> I don't think there would be very many patches that are meant to improve
> performance in our patch set (note, I did not check).
That was a good assumption. Although some patches looked suspicious I
ultimately found that these patches don't materially affect performance.
More about that below.

> You may also which to check what are all
> the compiler options coming from dpkg-buildflags used in the build...
That was a good idea indeed, but there was nothing out of the order
coming from there. Also since openssl writes the compile options to the
console when running the benchmarks I could test most of these before to
have no real effect.

> I would suggest using the source package as a base
> and using debuild / chroots / PPAs to build your custom package, that
> way you'd benefit from the same performance unless your custom changes
> impact them in some way, with the least amount of effort.
Ultimately I used the Debian way of building to reproduce the same
performance level as the built-in packages. Then I started playing with
doing certain steps of the compilation manually vs automated building.
When I got a build with the patches applied and the same low performance
I was getting before I knew it was not the patches. I then dissected the
buildlog and at some point I noticed the major difference is that the
built-in version will be compiled with shared libraries.

This is indeed the root cause for the performance difference I found.
The versions using shared libraries are indeed faster than a static
build (at least for the small data sizes). This is completely unexpected
to me. It is also somewhat unsatisfying as I now know the cause but
don't quite understand it.

More information about the Ubuntu-devel-discuss mailing list