Re: [PATCH] Add OpenSSL engine support

Thu, 10 Jan 2013 12:18:49 -0800 

On 10/01/2013 01:11, Willy Tarreau wrote:

What I don't know is if the older versions are still in use nor for how
long.


Hi,

The current stable Debian version (Squeeze) is also stuck
to OpenSSL 0.9.8o (without AES-NI acceleration).
cf. http://packages.debian.org/squeeze/openssl

On such systems, I tend to install the "intel-accel" engine
Vincent talked about, which brings AES-NI acceleration (among
others, ie. RC4 and RSA are faster too) :
http://openssl.org/contrib/ . I only have to compile it and
copy libintel-accel.so in the engines directory (then it will
be loaded by OpenSSL's "dynamic" engine support).

There's also reports of improved performances using the pure
software "gmp" engine, for those lacking AES-NI. And new
engines using the GPU (like "engine-cuda").

ben@t1:~$ cat /etc/debian_version
6.0.6

ben@t1:~$ openssl version
OpenSSL 0.9.8o 01 Jun 2010

ben@t1:~$ openssl engine
(dynamic) Dynamic engine loading support

ben@t1:~$ openssl speed -evp aes-128-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc      92168.12k   145089.28k   170035.54k   177429.40k   179843.17k

ben@t1:~$ openssl speed -engine aesni -evp aes-128-cbc

17087:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared 
library:dso_dlfcn.c:162:filename(/usr/lib/ssl/engines/libaesni.so): /usr/lib/ssl/engines/libaesni.so: cannot open shared 
object file: No such file or directory

invalid engine "aesni"
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc      91823.73k   144579.64k   169129.47k   177274.95k   179914.40k

ben@t1:~$ openssl speed -engine intel-accel -evp aes-128-cbc
engine "intel-accel" set.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc     618073.06k   676490.21k   695477.86k   688960.56k   698832.58k


Or for RC4 :


ben@t1:~$ openssl speed -evp rc4
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
rc4             298779.79k   350466.29k   368000.17k   376983.37k   379784.42k

ben@t1:~$ openssl speed -engine intel-accel -evp rc4
engine "intel-accel" set.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
rc4             214316.81k   420961.95k   554971.70k   602656.19k   628274.34k


And for RSA :


ben@t1:~$ openssl speed -elapsed rsa1024
                  sign    verify    sign/s verify/s
rsa 1024 bits 0.000555s 0.000031s   1800.8  31927.2

ben@t1:~$ openssl speed -engine intel-accel -elapsed rsa1024
engine "intel-accel" set.
                  sign    verify    sign/s verify/s
rsa 1024 bits 0.000359s 0.000030s   2787.4  32815.7
























					Reply via email to