Do these number make sense or seem reasonable? (I'm running a Core i7 3930K that's been OC'd to 4.5 GHz up from the stock 3.2 GHz, running cygwin 1.7.17 on Windows 7 x64 Professional, with 64 GB of DDR3-1600)
~$ OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-256-cbc You have chosen to measure elapsed time instead of user CPU time. Doing aes-256-cbc for 3s on 16 size blocks: 50880991 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 64 size blocks: 14919708 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 256 size blocks: 3870779 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 1024 size blocks: 981188 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 8192 size blocks: 122920 aes-256-cbc's in 3.00s OpenSSL 1.0.1e 11 Feb 2013 built on: Tue Feb 12 15:42:44 CET 2013 options:bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: i686-pc-cygwin-gcc -D_WINDLL -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 271365.29k 318287.10k 330306.47k 334912.17k 335653.55k ~$ openssl speed -elapsed -evp aes-256-cbc You have chosen to measure elapsed time instead of user CPU time. Doing aes-256-cbc for 3s on 16 size blocks: 108926706 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 64 size blocks: 29319700 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 256 size blocks: 7428178 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 1024 size blocks: 1863275 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 8192 size blocks: 233116 aes-256-cbc's in 3.00s OpenSSL 1.0.1e 11 Feb 2013 built on: Tue Feb 12 15:42:44 CET 2013 options:bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: i686-pc-cygwin-gcc -D_WINDLL -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 580942.43k 625486.93k 633871.19k 635997.87k 636562.09k Am I to interpret the results as even with the AES-NI disabled, that I'm still abled to process at a minimum, 300 MB/s (for block sizes > 64 B) and that with AES-NI; it's only double that (~600-and-change MB/s)? And that for AES-128-CBC, with 8 kiB blocks, that I'm able to process it at 465 MB/s without AES-NI, and 888 MB/s with? That's MUCH faster than I expect it to be (even with AES-NI) and the 888 MB/s is faster than any available storage host-bus interface we've got right now; so I want to make sure that I am not losing my marbles here in trying to make some sense out of this data. Thanks. On Fri, Mar 15, 2013 at 5:23 AM, Erwann Abalea <erwann.aba...@keynectis.com> wrote: > On a PC under Linux, you can do a "cat /proc/cpuinfo" and look for "aes" in > the "flags". > On a PC under any OS, get the CPUID, and look for bit 25 of ECX. > That's not OpenSSL-related. > > > The use of OPENSSL_ia32cap environment variable allows you to alter the > CPUID result (only inside OpenSSL), and alter its behaviour. It's not > resistant to a reboot, it's only process dependant. > > Compare the following results: > > OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc > openssl speed -elapsed -evp aes-128-cbc > > > -- > Erwann ABALEA > > Le 15/03/2013 04:46, Ewen Chan a écrit : > > Does it matter whether it's ia32 or ia64 even for an x64 processor? > > Shouldn't there be some way for me to check whether AES is enabled or > being used (other than running a speed test) either in dmesg or /proc/ > or with openssl itself? I'm a little confused, and surprised/shocked > that there isn't a way to probe the status of whether the AES-NI is a) > present and b) enabled/utilized. > > re: OPENSSL_ia32cap=~0x200000200000000 > so forgive me for asking lots of dumb questions but that would be > $ set OPENSSL_ia32cap=~0x200000200000000 > $ export OPENSSL_ia32cap > > correct? > > And how do I re-enable it without having to reboot the system? What's > the value that I should be putting in on the right-hand-side of the > equal sign? > > Your help is much appreciated. > > Sincerely, > Ewen > > On Thu, Mar 14, 2013 at 7:35 PM, Dr. Stephen Henson <st...@openssl.org> > wrote: > > On Thu, Mar 14, 2013, Ewen Chan wrote: > > So this is a partial continuation from the discussion thread that I > started yesterday in regards to using AES-CBC. > > I've got an Intel Core i7 3930K that supports AES-NI and I spent the > greater part of last night trying to get openssl to work or at least > recognize it, but it doesn't seem to want to do that. > > It it probably recognising it and you don't realise it. OpenSSL 1.0.1 > automatically switches to AES-NI at the EVP level without going through an > explicit AES-NI ENGINE. > > You can disable AES-NI detection with the environment variable: > > OPENSSL_ia32cap=~0x200000200000000 > > You should see a considerable speed up with "openssl speed" by comparing the > two. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org