I just put together a mini workstation intended to run a VPN gateway/firewall that uses a Via Nano X2 CPU. From what I've read, Padlock (Via's hardware encryption) support should be working out of the box. So, I set out to benchmark the engine on 32-bit Ubuntu 10.04 using their default OpenSSL 0.9.8k package with the following commands:
> openssl speed -evp aes-128-cbc ... type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 76686.88k 192106.28k 260108.93k 322961.41k 372782.58k > openssl speed -evp aes-128-cbc -engine padlock engine "padlock" set. ... type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 76391.00k 191907.86k 259815.42k 323360.43k 373239.07k Bummer... no real difference. I decided to try out a newer version of OpenSSL just for the heck of it, so I downloaded and compiled version 1.0.1 beta 3 and ran the tests again. I saw slightly better performance (which was nice to see), but still no difference between the two commands. So my first question: is this the correct way to try and benchmark the difference between the Padlock engine and "pure software" encryption? I later decided to try and be adventurous... I ported and applied Michal Ludvig's SHA patch (http://www.logix.cz/michal/devel/padlock/) to the 1.0.1 beta 3 source, recompiled, and re-tested. The results: > openssl speed -evp aes-128-cbc ... type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 89220.56k 278624.69k 552093.53k 731517.95k 808315.56k > openssl speed -evp aes-128-cbc -engine padlock engine "padlock" set. ... type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 89284.97k 278373.91k 552335.96k 734417.27k 807966.04k It's nice to see the speed up, but still no difference between the two commands. I then decided to configure OpenSSL without Padlock support by running "./Configure no-hw-padlock linux-elf". I verified with "openssl engine" that Padlock did not show up as an available engine. The result with Padlock support not compiled into OpenSSL: > openssl speed -evp aes-128-cbc ... type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 54053.36k 64930.07k 68002.22k 69331.65k 69695.44k That definitely dropped performance. And my second question: was that a fair test with Padlock removed or did my configure command change something else that would've skewed the results to look this poor? Thanks in advance for any help you can provide! -- Kyle Dodson kyledod...@gmail.com (Email) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
