Skip to content

crypto/x509: ParsePKCS1PrivateKey slower in than in 1.23 #77028

New issue
New issue
Open
Open
crypto/x509: ParsePKCS1PrivateKey slower in than in 1.23#77028
Labels
BugReportIssues describing a possible bug in the Go implementation.NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.Performance
Milestone
Backlog
@hkishn

Description

@hkishn
hkishn
opened on Dec 29, 2025

Go version

go1.25.2

Output of go env in your module/workspace:

AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE=''
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/home/test/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/home/test/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2215429987=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/dev/null'
GOMODCACHE='/home/test/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/home/test/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go1.25.2'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/home/test/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go1.25.2/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.25.2'
GOWORK=''
PKG_CONFIG='pkg-config'

What did you do?

I noticed a performance drop of about 27% in Go 1.25.2 compared to Go 1.23.9 for RSA 2048 encrypt and verify operations.

After running the profiler, I found that x509.ParsePKCS1PrivateKey takes more time in Go 1.25.2 than in Go 1.23.9.

To investigate further, I ran a benchmark focused only on x509.ParsePKCS1PrivateKey. The benchmark results confirm that this function is significantly slower in Go 1.25.2.

The results are shown below:

With go1.25.2
--- Benchmarking x509.ParsePKCS1PrivateKey ---
Running 100000 iterations...

Total execution time: 9.109452433s
Average time per call: 91.094µs
Calls per second: 10977.61

With go1.23.9
 go1.23.9
--- Benchmarking x509.ParsePKCS1PrivateKey ---
Running 100000 iterations...

Total execution time: 6.588175803s
Average time per call: 65.881µs
Calls per second: 15178.71

Performance drop of around 27%.

I ran the below tests to benchmark the function:

package main

import (
  "crypto/rand"
  "crypto/rsa"
  "crypto/x509"
  "encoding/pem"
  "fmt"
  "log"
  "time"
)

// Wrapper function that calls x509.ParsePKCS1PrivateKey multiple times
func benchmarkParsePKCS1PrivateKey(privateKeyBytes []byte, iterations int) time.Duration {
  start := time.Now()

  for i := 0; i < iterations; i++ {
    _, err := x509.ParsePKCS1PrivateKey(privateKeyBytes)
    if err != nil {
      log.Fatalf("Failed to parse PKCS1 private key at iteration %d: %v", i, err)
    }
  }

  return time.Since(start)
}

func main() {
  // Generate an RSA private key
  privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
  if err != nil {
    log.Fatal(err)
  }

  // Marshal the private key to PKCS#1 format (DER encoded)
  privateKeyBytes := x509.MarshalPKCS1PrivateKey(privateKey)

  // Encode it as PEM
  privateKeyPEM := pem.EncodeToMemory(&pem.Block{
    Type:  "RSA PRIVATE KEY",
    Bytes: privateKeyBytes,
  })

  fmt.Println("Generated PEM:")
  fmt.Println(string(privateKeyPEM))

  // Decode the PEM block
  block, _ := pem.Decode(privateKeyPEM)
  if block == nil {
    log.Fatal("Failed to decode PEM block")
  }

  // Verify the key parses correctly once
  parsedKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
  if err != nil {
    log.Fatalf("Failed to parse PKCS1 private key: %v", err)
  }

  fmt.Printf("\nSuccessfully parsed PKCS#1 private key!\n")
  fmt.Printf("Key size: %d bits\n", parsedKey.N.BitLen())
  fmt.Printf("Public exponent: %d\n", parsedKey.E)

  // Benchmark: Call ParsePKCS1PrivateKey 100000 times
  iterations := 100000
  fmt.Printf("\n--- Benchmarking x509.ParsePKCS1PrivateKey ---\n")
  fmt.Printf("Running %d iterations...\n", iterations)

  executionTime := benchmarkParsePKCS1PrivateKey(block.Bytes, iterations)

  fmt.Printf("\nTotal execution time: %v\n", executionTime)
  fmt.Printf("Average time per call: %v\n", executionTime/time.Duration(iterations))
  fmt.Printf("Calls per second: %.2f\n", float64(iterations)/executionTime.Seconds())
}

What did you see happen?

I see performance drop in go1.25.2.

With go1.25.2
--- Benchmarking x509.ParsePKCS1PrivateKey ---
Running 100000 iterations...

Total execution time: 9.109452433s
Average time per call: 91.094µs
Calls per second: 10977.61

With go1.23.9
 go1.23.9
--- Benchmarking x509.ParsePKCS1PrivateKey ---
Running 100000 iterations...

Total execution time: 6.588175803s
Average time per call: 65.881µs
Calls per second: 15178.71

Performance drop of around 27%.

What did you expect to see?

There should be no performance drop between go1.23.9 and go1.25.2. Performance drop of 27% is very huge.

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugReportIssues describing a possible bug in the Go implementation.NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.Performance

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions