From owner-freebsd-hardware@FreeBSD.ORG Thu Oct 12 04:36:51 2006 Return-Path: X-Original-To: freebsd-hardware@freebsd.org Delivered-To: freebsd-hardware@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 09C5A16A403 for ; Thu, 12 Oct 2006 04:36:51 +0000 (UTC) (envelope-from dking@ketralnis.com) Received: from ketralnis.com (melchoir.ketralnis.com [68.183.67.83]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9160843D53 for ; Thu, 12 Oct 2006 04:36:50 +0000 (GMT) (envelope-from dking@ketralnis.com) Received: from [10.0.1.239] (ayla.wifi.int.ketralnis.com [10.0.1.239]) (authenticated bits=0) by ketralnis.com (8.13.6/8.13.6) with ESMTP id k9C4anus041977 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Wed, 11 Oct 2006 21:36:50 -0700 (PDT) (envelope-from dking@ketralnis.com) Mime-Version: 1.0 (Apple Message framework v752.3) In-Reply-To: <200610112008.43586.soralx@cydem.org> References: <78ED28FACE63744386D68D8A9D1CF5D4209C5C@MAIL.corp.lumeta.com> <36E6E927-AA04-43ED-928E-D06ABCE414CA@ketralnis.com> <200610112008.43586.soralx@cydem.org> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: David King Date: Wed, 11 Oct 2006 21:36:45 -0700 To: freebsd-hardware@freebsd.org X-Mailer: Apple Mail (2.752.3) Subject: Re: Quiet computer X-BeenThere: freebsd-hardware@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: General discussion of FreeBSD hardware List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Oct 2006 04:36:51 -0000 >> ~% openssl speed -engine /dev/crypto >> invalid engine "/dev/crypto" > like it says, engine name '/dev/crypto' is not valid > try `openssl speed -engine padlock` ~% openssl speed -engine padlock invalid engine "padlock" 35459:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:162:filename(/usr/local/lib/engines/ libpadlock.so): Cannot open "/usr/local/lib/engines/libpadlock.so" 35459:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: 35459:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450: 35459:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:415:id=padlock 35459:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:162:filename(libpadlock.so): Shared object "libpadlock.so" not found, required by "openssl" 35459:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: 35459:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450: To get the most accurate results, try to run this program when this computer is idle. Doing md2 for 3s on 16 size blocks: ^C Looking above, it says: Cannot open "/usr/local/lib/engines/ libpadlock.so" So in /usr/local/lib/engines I have: lib4758cca.so libaep.so libatalla.so libchil.so libcswift.so libgmp.so libnuron.so libsureware.so libubsec.so I don't have a /usr/lib/engines. However, trying to use any of these produces: ~% openssl speed -engine aep can't use that engine 36919:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:162:filename(libaep.so): Shared object "libaep.so" not found, required by "openssl" 36919:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: 36919:error:8006706F:lib(128):AEP_INIT:not loaded:e_aep.c:452: 36919:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed:eng_table.c:161: To get the most accurate results, try to run this program when this computer is idle. Doing md2 for 3s on 16 size blocks: ^C I get that same output (more or less) for all of the engines listed above. It appears to fail because of "ENGINE_TABLE_REGISTER:init failed:eng_table.c:161". In /usr/src/crypto/openssl/crypto/engine, I have a file called hw_cryptodev.c, and eng_padlock.c. Ah hah! So /usr/bin/openssl has the padlock engine and /usr/local/bin/openssl doesn't! Unfortunately, most everything in ports refers to /usr/local/bin/ openssl, and even for things that do refer to openssl in /usr/lib, I can't see a way to make padlock a default engine, especially when the library isn't called from the command line but from a function. That means that things like OpenSSH and Apache aren't using the Padlock engine. Here it is with -engine padlock: OpenSSL 0.9.7e-p1 25 Oct 2004 built on: Fri Sep 22 23:34:15 PDT 2006 options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes (partial) blowfish(idx) compiler: cc available timing options: USE_TOD HZ=128 [sysconf value] timing function used: getrusage The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes md2 478.07k 1013.94k 1414.92k 1563.02k 1614.53k mdc2 1087.24k 1247.60k 1289.48k 1300.31k 1303.37k md4 4085.98k 13914.48k 37820.24k 66161.31k 84992.27k md5 3425.82k 11281.29k 28884.29k 47276.54k 58183.54k hmac(md5) 3465.96k 11174.26k 28685.23k 47078.91k 58150.01k sha1 2896.99k 8055.26k 16638.74k 22677.07k 25370.87k rmd160 2372.33k 6305.41k 12401.84k 16350.08k 18040.21k rc4 35023.95k 38905.13k 39856.06k 40250.13k 39823.03k des cbc 10468.62k 10862.20k 10964.68k 11032.56k 11067.82k des ede3 3820.33k 3872.99k 3890.84k 3894.02k 3896.33k idea cbc 0.00 0.00 0.00 0.00 0.00 rc2 cbc 5264.44k 5471.87k 5524.67k 5541.18k 5545.20k rc5-32/12 cbc 32327.09k 35910.48k 37377.89k 37766.02k 37881.53k blowfish cbc 17753.08k 18908.57k 19186.99k 19288.36k 19315.04k cast cbc 18161.59k 19238.40k 19653.59k 19760.83k 19789.47k aes-128 cbc 8494.74k 8654.30k 8735.18k 8756.07k 8756.60k aes-192 cbc 7427.82k 7550.84k 7612.49k 7627.53k 7632.40k aes-256 cbc 6601.20k 6696.66k 6744.59k 6756.72k 6754.67k sign verify sign/s verify/s rsa 512 bits 0.0030s 0.0003s 338.3 2979.0 rsa 1024 bits 0.0134s 0.0008s 74.6 1193.6 rsa 2048 bits 0.0776s 0.0026s 12.9 387.8 rsa 4096 bits 0.5079s 0.0090s 2.0 111.1 sign verify sign/s verify/s dsa 512 bits 0.0023s 0.0027s 443.7 367.5 dsa 1024 bits 0.0064s 0.0078s 155.6 128.3 dsa 2048 bits 0.0211s 0.0256s 47.4 39.1 The system wasn't totally idle during that test, but I think it was close enough. > also, try to test the speed of the true random number generator > (I don't know how to access it; maybe just dd /dev/urandom?) Here's one: ~% time dd if=/dev/urandom bs=1024 count=10240 of=/dev/null 10240+0 records in 10240+0 records out 10485760 bytes transferred in 15.957354 secs (657111 bytes/sec) dd if=/dev/urandom bs=1024 count=10240 of=/dev/null 0.00s user 15.85s system 99% cpu 15.970 total ~% time dd if=/dev/random bs=1024 count=10240 of=/dev/null 10240+0 records in 10240+0 records out 10485760 bytes transferred in 15.967514 secs (656693 bytes/sec) dd if=/dev/random bs=1024 count=10240 of=/dev/null 0.01s user 15.85s system 99% cpu 15.976 total