From owner-freebsd-security@FreeBSD.ORG Sun May 24 17:44:39 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A243B398 for ; Sun, 24 May 2015 17:44:39 +0000 (UTC) Received: from mail-ig0-x231.google.com (mail-ig0-x231.google.com [IPv6:2607:f8b0:4001:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 621FF1D8E for ; Sun, 24 May 2015 17:44:39 +0000 (UTC) Received: by igbyr2 with SMTP id yr2so22815566igb.0 for ; Sun, 24 May 2015 10:44:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dragondata.com; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=6aHg+8GymkXD4D4F3JZYnnVw1X5kTXhqBX42LXYebZk=; b=FJ5pxpFEIDdTjAU3cyhjOXUIq3E/jesDcA3aApK+0nIAksq5mXiuBxHtpZE/bINCYg pb2O4oLrQlThFrHzP1bdZC0yZp6QMrnphq7WnWvfY++hihpGZvm4dhNt36Rn6DN1McaV pivEAP92aqBdAgb3KxC1sG/1rA2brJHuXz4A8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=6aHg+8GymkXD4D4F3JZYnnVw1X5kTXhqBX42LXYebZk=; b=TBbm6Ofme3dUVHNXnme8Gs4cn3xft+lsJgksQAHiq68splKn131l5tINOFh4AiR6zX gFo4VU5I3xld7nhEg2sTLfpcFFcJu6upRS0SIIysg3vvQwWMNt5kcSab7jg8nK6CJVrd d7YN1cS7/qPF9dUEcTOpjo3L5NtKoqW1XwHB2gvs/R3Cd/l/dH6/ZsgBQT6mxremq54k +HzCKor92m7BVxoGJBvfa8v07OSBj76AwLszWvZm/XALnDMGvHYxaIMiD5wZ5rtAincp +ELwoBQ3lpiC72FFEPBCi4YZAdBZnyMHUd2QUdDcwVj0XBM1yJVxGzR84p0xkHTasChK MSzQ== X-Gm-Message-State: ALoCoQnYlc0HavXtpaO5jKoD22ILWVAwxPMlIuwS3UFM9WsztCK7h8mexrVGyBNmh8WJ43yUsWYi X-Received: by 10.107.136.197 with SMTP id s66mr24468375ioi.65.1432489478855; Sun, 24 May 2015 10:44:38 -0700 (PDT) Received: from unassigned.v6.your.org ([2001:4978:1:45:1dd:435:e677:4a9f]) by mx.google.com with ESMTPSA id vk8sm4179016igb.4.2015.05.24.10.44.37 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 24 May 2015 10:44:37 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.4\)) Subject: Re: Atom C2758 - loading aesni(4) reduces performance From: Kevin Day In-Reply-To: Date: Sun, 24 May 2015 12:44:36 -0500 Cc: freebsd-security@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <6BA42026-C785-40B5-B9CF-DD4280693C41@dragondata.com> To: Robert Simmons X-Mailer: Apple Mail (2.2070.4) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 May 2015 17:44:39 -0000 root@router:/sys # freebsd-version 10.0-RELEASE-p7 root@router:/sys # openssl version OpenSSL 1.0.1e-freebsd 11 Feb 2013 That=E2=80=99s what ships with 10.0. Trying your version (1.0.2a) seems = worse for both, but still slower with aesni than without. 1.0.1e without aesni: aes-256-cbc 176609.34k 243517.86k = 281851.62k 293480.37k 297345.02k 1.0.1e with aesni: aes-256-cbc 4662.35k 17964.33k = 59148.60k 145272.15k 208882.35k 1.0.2a without aesni: aes-256-cbc 34727.24k 38003.39k = 38926.26k 39369.94k 39291.87k 1.0.2a with aesni: aes-256-cbc 4585.40k 17842.11k = 59530.18k 145439.74k 204827.31k > On May 24, 2015, at 12:30 PM, Robert Simmons = wrote: >=20 > Can you provide the output of freebsd-version, and openssl version? It > looks like you're using a very old version of OpenSSL. Here's my > output as an example: >=20 > % freebsd-version > 10.1-RELEASE-p10 >=20 > % openssl version > OpenSSL 1.0.1l-freebsd 15 Jan 2015 >=20 > % /usr/local/bin/openssl version > OpenSSL 1.0.2a 19 Mar 2015 >=20 > On Sun, May 24, 2015 at 12:22 PM, Kevin Day = wrote: >>=20 >> I=E2=80=99ve got an Atom C2758 system: >>=20 >> CPU: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz (2400.06-MHz K8-class = CPU) >> Origin =3D "GenuineIntel" Id =3D 0x406d8 Family =3D 0x6 Model =3D = 0x4d Stepping =3D 8 >> = Features=3D0xbfebfbff >> = Features2=3D0x43d8e3bf >> AMD Features=3D0x28100800 >> AMD Features2=3D0x101 >> Standard Extended Features=3D0x2282 >>=20 >> Enabling aesni seems to make performance much worse: >>=20 >> root@router:~ # openssl speed -evp aes-256-cbc -elapsed >> You have chosen to measure elapsed time instead of user CPU time. >> Doing aes-256-cbc for 3s on 16 size blocks: 33200486 aes-256-cbc's in = 3.01s >> Doing aes-256-cbc for 3s on 64 size blocks: 11444626 aes-256-cbc's in = 3.01s >> Doing aes-256-cbc for 3s on 256 size blocks: 3328753 aes-256-cbc's in = 3.02s >> Doing aes-256-cbc for 3s on 1024 size blocks: 866523 aes-256-cbc's in = 3.02s >> Doing aes-256-cbc for 3s on 8192 size blocks: 108891 aes-256-cbc's in = 3.00s >> OpenSSL 1.0.1e-freebsd 11 Feb 2013 >> built on: date not available >> options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) = idea(int) blowfish(idx) >> compiler: cc >> The 'numbers' are in 1000s of bytes per second processed. >> type 16 bytes 64 bytes 256 bytes 1024 bytes = 8192 bytes >> aes-256-cbc 176609.34k 243517.86k 281851.62k 293480.37k = 297345.02k >>=20 >>=20 >> root@router:~ # kldload aesni >> root@router:~ # openssl speed -evp aes-256-cbc -elapsed >> You have chosen to measure elapsed time instead of user CPU time. >> Doing aes-256-cbc for 3s on 16 size blocks: 881020 aes-256-cbc's in = 3.02s >> Doing aes-256-cbc for 3s on 64 size blocks: 842078 aes-256-cbc's in = 3.00s >> Doing aes-256-cbc for 3s on 256 size blocks: 700368 aes-256-cbc's in = 3.03s >> Doing aes-256-cbc for 3s on 1024 size blocks: 425602 aes-256-cbc's in = 3.00s >> Doing aes-256-cbc for 3s on 8192 size blocks: 76495 aes-256-cbc's in = 3.00s >> OpenSSL 1.0.1e-freebsd 11 Feb 2013 >> built on: date not available >> options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) = idea(int) blowfish(idx) >> compiler: cc >> The 'numbers' are in 1000s of bytes per second processed. >> type 16 bytes 64 bytes 256 bytes 1024 bytes = 8192 bytes >> aes-256-cbc 4662.35k 17964.33k 59148.60k 145272.15k = 208882.35k >>=20 >>=20 >> Is this expected here, or is something broken? >>=20 >> =E2=80=94 Kevin >>=20 >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org"