[csw-maintainers] New openssl packages

rupert THURNER rupert at opencsw.org
Sun Jan 22 20:38:59 CET 2012 

hi yann, this seems very interesting. how does this affect ones daily
life, or in other words, how often does this get used? is it only on
connection setup, or it somehow helps when encrypting the traffic?

On Sun, Jan 22, 2012 at 20:31, Yann Rouillard <yann at pleiades.fr.eu.org> wrote:
> Hi again,
>
> For those interested in some ssl speed up, there is an experimental openssl
> 0.9.8 build with pkcs11 support available in my build directory
> (/home/yann/build/ on the buildfarm).
> It allows opencsw openssl to take advantage of crypto-hardware acceleration
> available on some sun servers, Ultrasparc T2 for example.
>
> Here is an excerpt of openssl rsa speed test to see the difference:
>
> Without pkcs11: 719 1024 bit private RSA's in 10.00s
> With pkcs11: 10906 1024 bit private RSA's in 2.92s
>
> I am also interested in some more testing of these packages.
>
> Yann
>
>
> Quick Openssl RSA benchmark:
>
> # OPENCSW OPENSSL WITHOUT PKCS11 engine
> # openssl speed rsa
>
> Doing 512 bit private rsa's for 10s: 3154 512 bit private RSA's in 10.00s
> Doing 512 bit public rsa's for 10s: 39315 512 bit public RSA's in 9.95s
> Doing 1024 bit private rsa's for 10s: 719 1024 bit private RSA's in 10.00s
> Doing 1024 bit public rsa's for 10s: 15178 1024 bit public RSA's in 10.00s
> Doing 2048 bit private rsa's for 10s: 128 2048 bit private RSA's in 10.07s
> Doing 2048 bit public rsa's for 10s: 4779 2048 bit public RSA's in 9.99s
> Doing 4096 bit private rsa's for 10s: 21 4096 bit private RSA's in 10.39s
> Doing 4096 bit public rsa's for 10s: 1356 4096 bit public RSA's in 9.98s
> OpenSSL 0.9.8t 18 Jan 2012
> built on: Sun Jan 22 12:41:16 CET 2012
> options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long) aes(partial)
> idea(int) blowfish(ptr)
> compiler: cc -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
> -DHAVE_DLFCN_H -DPK11_LIB_LOCATION="/usr/lib/libpkcs11.so" -xtarget=ultra
> -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W
> available timing options: TIMES TIMEB HZ=100 [sysconf value]
> timing function used: times
>                  sign    verify    sign/s verify/s
> rsa  512 bits 0.003171s 0.000253s    315.4   3951.3
> rsa 1024 bits 0.013908s 0.000659s     71.9   1517.8
> rsa 2048 bits 0.078672s 0.002090s     12.7    478.4
> rsa 4096 bits 0.494762s 0.007360s      2.0    135.9
>
>
> # OPENCSW OPENSSL WITH PKCS11 engine
> # openssl speed -engine pkcs11 rsa
>
> engine "pkcs11" set.
> Doing 512 bit private rsa's for 10s: 31397 512 bit private RSA's in 1.19s
> Doing 512 bit public rsa's for 10s: 30262 512 bit public RSA's in 5.28s
> Doing 1024 bit private rsa's for 10s: 10906 1024 bit private RSA's in 2.92s
> Doing 1024 bit public rsa's for 10s: 20980 1024 bit public RSA's in 3.80s
> Doing 2048 bit private rsa's for 10s: 3900 2048 bit private RSA's in 1.13s
> Doing 2048 bit public rsa's for 10s: 10639 2048 bit public RSA's in 1.97s
> Doing 4096 bit private rsa's for 10s: 15 4096 bit private RSA's in 10.45s
> Doing 4096 bit public rsa's for 10s: 537 4096 bit public RSA's in 10.00s
> OpenSSL 0.9.8t 18 Jan 2012
> built on: Sun Jan 22 12:41:16 CET 2012
> options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long) aes(partial)
> idea(int) blowfish(ptr)
> compiler: cc -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
> -DHAVE_DLFCN_H -DPK11_LIB_LOCATION="/usr/lib/libpkcs11.so" -xtarget=ultra
> -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W
> available timing options: TIMES TIMEB HZ=100 [sysconf value]
> timing function used: times
>                  sign    verify    sign/s verify/s
> rsa  512 bits 0.000038s 0.000174s  26384.0   5731.4
> rsa 1024 bits 0.000268s 0.000181s   3734.9   5521.1
> rsa 2048 bits 0.000290s 0.000185s   3451.3   5400.5
> rsa 4096 bits 0.696667s 0.018622s      1.4     53.7
>
>
> # SUN OPENSSL WITHOUT PKCS11 ENGINE
> # openssl speed rsa
>
> Doing 512 bit private rsa's for 10s: 2101 512 bit private RSA's in 9.99s
> Doing 512 bit public rsa's for 10s: 20924 512 bit public RSA's in 10.00s
> Doing 1024 bit private rsa's for 10s: 403 1024 bit private RSA's in 10.00s
> Doing 1024 bit public rsa's for 10s: 6960 1024 bit public RSA's in 10.00s
> Doing 2048 bit private rsa's for 10s: 64 2048 bit private RSA's in 10.03s
> Doing 2048 bit public rsa's for 10s: 2056 2048 bit public RSA's in 9.99s
> Doing 4096 bit private rsa's for 10s: 10 4096 bit private RSA's in 10.85s
> Doing 4096 bit public rsa's for 10s: 569 4096 bit public RSA's in 10.01s
> OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969
> CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343
> CVE-2007-5135 CVE-2007-3108 CVE-2008-5077 CVE-2009-0590 CVE-2009-3555)
> built on: date not available
> options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long) aes(partial)
> blowfish(ptr)
> compiler: information not available
> available timing options: TIMES TIMEB HZ=100 [sysconf value]
> timing function used: times
>                  sign    verify    sign/s verify/s
> rsa  512 bits   0.0048s   0.0005s    210.3   2092.4
> rsa 1024 bits   0.0248s   0.0014s     40.3    696.0
> rsa 2048 bits   0.1567s   0.0049s      6.4    205.8
> rsa 4096 bits   1.0850s   0.0176s      0.9     56.8
>
>
> # SUN OPENSSL WITH PKCS11 ENGINE
> # openssl speed -engine pkcs11 rsa
>
> engine "pkcs11" set.
> Doing 512 bit private rsa's for 10s: 30855 512 bit private RSA's in 1.17s
> Doing 512 bit public rsa's for 10s: 53489 512 bit public RSA's in 1.75s
> Doing 1024 bit private rsa's for 10s: 14632 1024 bit private RSA's in 0.59s
> Doing 1024 bit public rsa's for 10s: 28838 1024 bit public RSA's in 0.97s
> Doing 2048 bit private rsa's for 10s: 4153 2048 bit private RSA's in 0.19s
> Doing 2048 bit public rsa's for 10s: 12484 2048 bit public RSA's in 0.44s
> Doing 4096 bit private rsa's for 10s: 14 4096 bit private RSA's in 10.03s
> Doing 4096 bit public rsa's for 10s: 542 4096 bit public RSA's in 9.99s
> OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969
> CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343
> CVE-2007-5135 CVE-2007-3108 CVE-2008-5077 CVE-2009-0590 CVE-2009-3555)
> built on: date not available
> options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long) aes(partial)
> blowfish(ptr)
> compiler: information not available
> available timing options: TIMES TIMEB HZ=100 [sysconf value]
> timing function used: times
>                  sign    verify    sign/s verify/s
> rsa  512 bits   0.0000s   0.0000s  26371.8  30565.1
> rsa 1024 bits   0.0000s   0.0000s  24800.0  29729.9
> rsa 2048 bits   0.0000s   0.0000s  21857.9  28372.7
> rsa 4096 bits   0.7164s   0.0184s      1.4     54.3
>
>
>
>
>
> Le 22/01/2012 20:14, Yann Rouillard a écrit :
>>
>>
>> I updated the openssl packages set so it follows the library package
>> naming and the /etc/opt/csw/ configuration directory standards.
>>
>> I would welcome additionnal testing of the package before releasing them
>> to the unstable repository.
>>
>> They are available in my experimental repository:
>> http://buildfarm.opencsw.org/experimental.html#yann
>>
>> Thanks in advance for any feedback,
>>
>> Yann
>> _______________________________________________
>> maintainers mailing list
>> maintainers at lists.opencsw.org
>> https://lists.opencsw.org/mailman/listinfo/maintainers
>> .:: This mailing list's archive is public. ::.
>
>
> _______________________________________________
> maintainers mailing list
> maintainers at lists.opencsw.org
> https://lists.opencsw.org/mailman/listinfo/maintainers
> .:: This mailing list's archive is public. ::.

More information about the maintainers mailing list