Thanks, David, for your update.
We are particularly interested in OpenSSL's ability to offload AES processing to Intel iron, so are most interested in this patch. In an effort to sway The Masses, can you suggest (perhaps simple command-line) demonstrations of the before/after? Thanks again, Lou Picciano Essex Systems ----- Original Message ----- From: "David Woodhouse via RT" <[email protected]> Subject: AES on OpenSSL 1.0.0 is 7½ times slower than it should be [openssl.org #2065] The shiny new OpenSSL 1.0.0 release is showing its age already. On the latest commercially-available Intel CPUs, AES operations run 7½ times slower than they should. That's not a typo. I really mean a factor of seven and a half -- they should run 650% faster than they do, on hardware that's in the shops today. This patch, tested on 32-bit and 64-bit Linux and on Win32 (VS2008/nasm) adds support for the AESNI engine, backported from OpenSSL HEAD with the patch from RT#2045 applied to make it actually work. It doesn't change the ABI (jumping through hoops to achieve that on 32-bit where the cached OPENSSL_ia32cap_P result is 32-bit too), so I believe it should meet the criteria for acceptance into the branch which will become OpenSSL 1.0.1. Before: type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 94315.08k 100751.81k 102601.30k 103249.34k 103060.82k aes-192 cbc 79701.45k 84287.55k 85533.18k 86141.61k 85824.85k aes-256 cbc 69032.61k 72545.96k 73448.70k 73660.76k 73906.09k After: type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 716920.69k 757344.13k 768059.73k 773247.74k 770266.45k aes-192-cbc 613452.80k 642659.78k 650346.67k 654481.21k 651927.55k aes-256-cbc 535909.42k 558628.27k 564440.15k 567790.88k 565630.29k -- David Woodhouse Open Source Technology Centre [email protected] Intel Corporation
