[csw-maintainers] New openssl packages

Yann Rouillard yann at pleiades.fr.eu.org
Sun Jan 22 20:31:00 CET 2012 

Hi again,

For those interested in some ssl speed up, there is an experimental 
openssl 0.9.8 build with pkcs11 support available in my build directory 
(/home/yann/build/ on the buildfarm).
It allows opencsw openssl to take advantage of crypto-hardware 
acceleration available on some sun servers, Ultrasparc T2 for example.

Here is an excerpt of openssl rsa speed test to see the difference:

Without pkcs11: 719 1024 bit private RSA's in 10.00s
With pkcs11: 10906 1024 bit private RSA's in 2.92s

I am also interested in some more testing of these packages.

Yann


Quick Openssl RSA benchmark:

# OPENCSW OPENSSL WITHOUT PKCS11 engine
# openssl speed rsa

Doing 512 bit private rsa's for 10s: 3154 512 bit private RSA's in 10.00s
Doing 512 bit public rsa's for 10s: 39315 512 bit public RSA's in 9.95s
Doing 1024 bit private rsa's for 10s: 719 1024 bit private RSA's in 10.00s
Doing 1024 bit public rsa's for 10s: 15178 1024 bit public RSA's in 10.00s
Doing 2048 bit private rsa's for 10s: 128 2048 bit private RSA's in 10.07s
Doing 2048 bit public rsa's for 10s: 4779 2048 bit public RSA's in 9.99s
Doing 4096 bit private rsa's for 10s: 21 4096 bit private RSA's in 10.39s
Doing 4096 bit public rsa's for 10s: 1356 4096 bit public RSA's in 9.98s
OpenSSL 0.9.8t 18 Jan 2012
built on: Sun Jan 22 12:41:16 CET 2012
options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long) 
aes(partial) idea(int) blowfish(ptr)
compiler: cc -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT 
-DDSO_DLFCN -DHAVE_DLFCN_H -DPK11_LIB_LOCATION="/usr/lib/libpkcs11.so" 
-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN 
-DBN_DIV2W
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
                   sign    verify    sign/s verify/s
rsa  512 bits 0.003171s 0.000253s    315.4   3951.3
rsa 1024 bits 0.013908s 0.000659s     71.9   1517.8
rsa 2048 bits 0.078672s 0.002090s     12.7    478.4
rsa 4096 bits 0.494762s 0.007360s      2.0    135.9


# OPENCSW OPENSSL WITH PKCS11 engine
# openssl speed -engine pkcs11 rsa

engine "pkcs11" set.
Doing 512 bit private rsa's for 10s: 31397 512 bit private RSA's in 1.19s
Doing 512 bit public rsa's for 10s: 30262 512 bit public RSA's in 5.28s
Doing 1024 bit private rsa's for 10s: 10906 1024 bit private RSA's in 2.92s
Doing 1024 bit public rsa's for 10s: 20980 1024 bit public RSA's in 3.80s
Doing 2048 bit private rsa's for 10s: 3900 2048 bit private RSA's in 1.13s
Doing 2048 bit public rsa's for 10s: 10639 2048 bit public RSA's in 1.97s
Doing 4096 bit private rsa's for 10s: 15 4096 bit private RSA's in 10.45s
Doing 4096 bit public rsa's for 10s: 537 4096 bit public RSA's in 10.00s
OpenSSL 0.9.8t 18 Jan 2012
built on: Sun Jan 22 12:41:16 CET 2012
options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long) 
aes(partial) idea(int) blowfish(ptr)
compiler: cc -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT 
-DDSO_DLFCN -DHAVE_DLFCN_H -DPK11_LIB_LOCATION="/usr/lib/libpkcs11.so" 
-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN 
-DBN_DIV2W
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
                   sign    verify    sign/s verify/s
rsa  512 bits 0.000038s 0.000174s  26384.0   5731.4
rsa 1024 bits 0.000268s 0.000181s   3734.9   5521.1
rsa 2048 bits 0.000290s 0.000185s   3451.3   5400.5
rsa 4096 bits 0.696667s 0.018622s      1.4     53.7


# SUN OPENSSL WITHOUT PKCS11 ENGINE
# openssl speed rsa

Doing 512 bit private rsa's for 10s: 2101 512 bit private RSA's in 9.99s
Doing 512 bit public rsa's for 10s: 20924 512 bit public RSA's in 10.00s
Doing 1024 bit private rsa's for 10s: 403 1024 bit private RSA's in 10.00s
Doing 1024 bit public rsa's for 10s: 6960 1024 bit public RSA's in 10.00s
Doing 2048 bit private rsa's for 10s: 64 2048 bit private RSA's in 10.03s
Doing 2048 bit public rsa's for 10s: 2056 2048 bit public RSA's in 9.99s
Doing 4096 bit private rsa's for 10s: 10 4096 bit private RSA's in 10.85s
Doing 4096 bit public rsa's for 10s: 569 4096 bit public RSA's in 10.01s
OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969 
CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 
CVE-2007-5135 CVE-2007-3108 CVE-2008-5077 CVE-2009-0590 CVE-2009-3555)
built on: date not available
options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long) 
aes(partial) blowfish(ptr)
compiler: information not available
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
                   sign    verify    sign/s verify/s
rsa  512 bits   0.0048s   0.0005s    210.3   2092.4
rsa 1024 bits   0.0248s   0.0014s     40.3    696.0
rsa 2048 bits   0.1567s   0.0049s      6.4    205.8
rsa 4096 bits   1.0850s   0.0176s      0.9     56.8


# SUN OPENSSL WITH PKCS11 ENGINE
# openssl speed -engine pkcs11 rsa

engine "pkcs11" set.
Doing 512 bit private rsa's for 10s: 30855 512 bit private RSA's in 1.17s
Doing 512 bit public rsa's for 10s: 53489 512 bit public RSA's in 1.75s
Doing 1024 bit private rsa's for 10s: 14632 1024 bit private RSA's in 0.59s
Doing 1024 bit public rsa's for 10s: 28838 1024 bit public RSA's in 0.97s
Doing 2048 bit private rsa's for 10s: 4153 2048 bit private RSA's in 0.19s
Doing 2048 bit public rsa's for 10s: 12484 2048 bit public RSA's in 0.44s
Doing 4096 bit private rsa's for 10s: 14 4096 bit private RSA's in 10.03s
Doing 4096 bit public rsa's for 10s: 542 4096 bit public RSA's in 9.99s
OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969 
CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 
CVE-2007-5135 CVE-2007-3108 CVE-2008-5077 CVE-2009-0590 CVE-2009-3555)
built on: date not available
options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long) 
aes(partial) blowfish(ptr)
compiler: information not available
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
                   sign    verify    sign/s verify/s
rsa  512 bits   0.0000s   0.0000s  26371.8  30565.1
rsa 1024 bits   0.0000s   0.0000s  24800.0  29729.9
rsa 2048 bits   0.0000s   0.0000s  21857.9  28372.7
rsa 4096 bits   0.7164s   0.0184s      1.4     54.3





Le 22/01/2012 20:14, Yann Rouillard a écrit :
>
> I updated the openssl packages set so it follows the library package 
> naming and the /etc/opt/csw/ configuration directory standards.
>
> I would welcome additionnal testing of the package before releasing 
> them to the unstable repository.
>
> They are available in my experimental repository:
> http://buildfarm.opencsw.org/experimental.html#yann
>
> Thanks in advance for any feedback,
>
> Yann
> _______________________________________________
> maintainers mailing list
> maintainers at lists.opencsw.org
> https://lists.opencsw.org/mailman/listinfo/maintainers
> .:: This mailing list's archive is public. ::.

More information about the maintainers mailing list