[csw-maintainers] New openssl packages
Yann Rouillard
yann at pleiades.fr.eu.org
Sun Jan 22 20:31:00 CET 2012
Hi again,
For those interested in some ssl speed up, there is an experimental
openssl 0.9.8 build with pkcs11 support available in my build directory
(/home/yann/build/ on the buildfarm).
It allows opencsw openssl to take advantage of crypto-hardware
acceleration available on some sun servers, Ultrasparc T2 for example.
Here is an excerpt of openssl rsa speed test to see the difference:
Without pkcs11: 719 1024 bit private RSA's in 10.00s
With pkcs11: 10906 1024 bit private RSA's in 2.92s
I am also interested in some more testing of these packages.
Yann
Quick Openssl RSA benchmark:
# OPENCSW OPENSSL WITHOUT PKCS11 engine
# openssl speed rsa
Doing 512 bit private rsa's for 10s: 3154 512 bit private RSA's in 10.00s
Doing 512 bit public rsa's for 10s: 39315 512 bit public RSA's in 9.95s
Doing 1024 bit private rsa's for 10s: 719 1024 bit private RSA's in 10.00s
Doing 1024 bit public rsa's for 10s: 15178 1024 bit public RSA's in 10.00s
Doing 2048 bit private rsa's for 10s: 128 2048 bit private RSA's in 10.07s
Doing 2048 bit public rsa's for 10s: 4779 2048 bit public RSA's in 9.99s
Doing 4096 bit private rsa's for 10s: 21 4096 bit private RSA's in 10.39s
Doing 4096 bit public rsa's for 10s: 1356 4096 bit public RSA's in 9.98s
OpenSSL 0.9.8t 18 Jan 2012
built on: Sun Jan 22 12:41:16 CET 2012
options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long)
aes(partial) idea(int) blowfish(ptr)
compiler: cc -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -DPK11_LIB_LOCATION="/usr/lib/libpkcs11.so"
-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN
-DBN_DIV2W
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
sign verify sign/s verify/s
rsa 512 bits 0.003171s 0.000253s 315.4 3951.3
rsa 1024 bits 0.013908s 0.000659s 71.9 1517.8
rsa 2048 bits 0.078672s 0.002090s 12.7 478.4
rsa 4096 bits 0.494762s 0.007360s 2.0 135.9
# OPENCSW OPENSSL WITH PKCS11 engine
# openssl speed -engine pkcs11 rsa
engine "pkcs11" set.
Doing 512 bit private rsa's for 10s: 31397 512 bit private RSA's in 1.19s
Doing 512 bit public rsa's for 10s: 30262 512 bit public RSA's in 5.28s
Doing 1024 bit private rsa's for 10s: 10906 1024 bit private RSA's in 2.92s
Doing 1024 bit public rsa's for 10s: 20980 1024 bit public RSA's in 3.80s
Doing 2048 bit private rsa's for 10s: 3900 2048 bit private RSA's in 1.13s
Doing 2048 bit public rsa's for 10s: 10639 2048 bit public RSA's in 1.97s
Doing 4096 bit private rsa's for 10s: 15 4096 bit private RSA's in 10.45s
Doing 4096 bit public rsa's for 10s: 537 4096 bit public RSA's in 10.00s
OpenSSL 0.9.8t 18 Jan 2012
built on: Sun Jan 22 12:41:16 CET 2012
options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long)
aes(partial) idea(int) blowfish(ptr)
compiler: cc -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -DPK11_LIB_LOCATION="/usr/lib/libpkcs11.so"
-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN
-DBN_DIV2W
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
sign verify sign/s verify/s
rsa 512 bits 0.000038s 0.000174s 26384.0 5731.4
rsa 1024 bits 0.000268s 0.000181s 3734.9 5521.1
rsa 2048 bits 0.000290s 0.000185s 3451.3 5400.5
rsa 4096 bits 0.696667s 0.018622s 1.4 53.7
# SUN OPENSSL WITHOUT PKCS11 ENGINE
# openssl speed rsa
Doing 512 bit private rsa's for 10s: 2101 512 bit private RSA's in 9.99s
Doing 512 bit public rsa's for 10s: 20924 512 bit public RSA's in 10.00s
Doing 1024 bit private rsa's for 10s: 403 1024 bit private RSA's in 10.00s
Doing 1024 bit public rsa's for 10s: 6960 1024 bit public RSA's in 10.00s
Doing 2048 bit private rsa's for 10s: 64 2048 bit private RSA's in 10.03s
Doing 2048 bit public rsa's for 10s: 2056 2048 bit public RSA's in 9.99s
Doing 4096 bit private rsa's for 10s: 10 4096 bit private RSA's in 10.85s
Doing 4096 bit public rsa's for 10s: 569 4096 bit public RSA's in 10.01s
OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969
CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343
CVE-2007-5135 CVE-2007-3108 CVE-2008-5077 CVE-2009-0590 CVE-2009-3555)
built on: date not available
options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long)
aes(partial) blowfish(ptr)
compiler: information not available
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
sign verify sign/s verify/s
rsa 512 bits 0.0048s 0.0005s 210.3 2092.4
rsa 1024 bits 0.0248s 0.0014s 40.3 696.0
rsa 2048 bits 0.1567s 0.0049s 6.4 205.8
rsa 4096 bits 1.0850s 0.0176s 0.9 56.8
# SUN OPENSSL WITH PKCS11 ENGINE
# openssl speed -engine pkcs11 rsa
engine "pkcs11" set.
Doing 512 bit private rsa's for 10s: 30855 512 bit private RSA's in 1.17s
Doing 512 bit public rsa's for 10s: 53489 512 bit public RSA's in 1.75s
Doing 1024 bit private rsa's for 10s: 14632 1024 bit private RSA's in 0.59s
Doing 1024 bit public rsa's for 10s: 28838 1024 bit public RSA's in 0.97s
Doing 2048 bit private rsa's for 10s: 4153 2048 bit private RSA's in 0.19s
Doing 2048 bit public rsa's for 10s: 12484 2048 bit public RSA's in 0.44s
Doing 4096 bit private rsa's for 10s: 14 4096 bit private RSA's in 10.03s
Doing 4096 bit public rsa's for 10s: 542 4096 bit public RSA's in 9.99s
OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969
CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343
CVE-2007-5135 CVE-2007-3108 CVE-2008-5077 CVE-2009-0590 CVE-2009-3555)
built on: date not available
options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long)
aes(partial) blowfish(ptr)
compiler: information not available
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
sign verify sign/s verify/s
rsa 512 bits 0.0000s 0.0000s 26371.8 30565.1
rsa 1024 bits 0.0000s 0.0000s 24800.0 29729.9
rsa 2048 bits 0.0000s 0.0000s 21857.9 28372.7
rsa 4096 bits 0.7164s 0.0184s 1.4 54.3
Le 22/01/2012 20:14, Yann Rouillard a écrit :
>
> I updated the openssl packages set so it follows the library package
> naming and the /etc/opt/csw/ configuration directory standards.
>
> I would welcome additionnal testing of the package before releasing
> them to the unstable repository.
>
> They are available in my experimental repository:
> http://buildfarm.opencsw.org/experimental.html#yann
>
> Thanks in advance for any feedback,
>
> Yann
> _______________________________________________
> maintainers mailing list
> maintainers at lists.opencsw.org
> https://lists.opencsw.org/mailman/listinfo/maintainers
> .:: This mailing list's archive is public. ::.
More information about the maintainers
mailing list