My mistake... Anti-timing-attack code was deployed between 0.9.8 and 1.0.0 that accounts for the slowdown. It's documented in the assembly files, but I missed it.
On Jun 7, 2010, at 5:13 PM, Ted Krovetz wrote: > Hello, > > I love openssl's crypto library, but getting it to perform its best is > befuddling me. > > I have an Intel Core 650 running amd64 debian squeeze with the openssl 0.9.8n > package installed. When I run my benchmark that depends heavily on calls to > AES_Encrypt I get > >> i5> gcc -march=native -O2 -static ocb3bis.c -lcrypto -ldl >> i5> a.out >> Validation string: A1998382DABC73EB5302BC0809FF6206 >> Should be: A1998382DABC73EB5302BC0809FF6206 >> OCB >> 9.95 seconds. >> 15.55 cpb. > > When I compile and install a local copy of version 1.0.0a using ./config > -march=native, I get a reasonable looking CFLAG > >> CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H >> -march=native - >> m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 >> -DOPENSSL >> _BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM >> -DWHIRLPOO >> L_ASM > > but, the result speed is half that of the debian package. > >> i5> gcc -march=native -O2 -static ocb3bis.c -I/usr/local/ssl/include >> -L/usr/local/ssl/lib64 -lcrypto -ldl >> i5> a.out >> Validation string: A1998382DABC73EB5302BC0809FF6206 >> Should be: A1998382DABC73EB5302BC0809FF6206 >> OCB >> 20.85 seconds. >> 32.58 cpb. > > Are there some options that I should be passing along to ./config to make it > faster? I looked hard for configuration and/or compiler options that might > help, but couldn't find much of use. > > Thanks, > Ted Krovetz ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
