From owner-freebsd-current@freebsd.org Sat Sep 22 06:35:46 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9EB4C10B3298 for ; Sat, 22 Sep 2018 06:35:46 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 3B850849AE for ; Sat, 22 Sep 2018 06:35:46 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: by mailman.ysv.freebsd.org (Postfix) id F154F10B3293; Sat, 22 Sep 2018 06:35:45 +0000 (UTC) Delivered-To: current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CF80310B3291 for ; Sat, 22 Sep 2018 06:35:45 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gate2.funkthat.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CE7D849A7; Sat, 22 Sep 2018 06:35:44 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.15.2/8.15.2) with ESMTPS id w8M6Za4G079802 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 21 Sep 2018 23:35:37 -0700 (PDT) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.15.2/8.15.2/Submit) id w8M6ZavV079801; Fri, 21 Sep 2018 23:35:36 -0700 (PDT) (envelope-from jmg) Date: Fri, 21 Sep 2018 23:35:36 -0700 From: John-Mark Gurney To: Lev Serebryakov Cc: current@FreeBSD.org, brnrd@FreeBSD.org, jkim@FreeBSD.org Subject: Re: Speed problems with both system openssl and security/openssl-devel Message-ID: <20180922063536.GK75530@funkthat.com> Mail-Followup-To: Lev Serebryakov , current@FreeBSD.org, brnrd@FreeBSD.org, jkim@FreeBSD.org References: <43892083.20180913024646@serebryakov.spb.ru> <468346531.20180917235220@serebryakov.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <468346531.20180917235220@serebryakov.spb.ru> X-Operating-System: FreeBSD 11.0-RELEASE-p7 amd64 X-PGP-Fingerprint: D87A 235F FB71 1F3F 55B7 ED9B D5FF 5A51 C0AC 3D65 X-Files: The truth is out there X-URL: https://www.funkthat.com/ X-Resume: https://www.funkthat.com/~jmg/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.6.1 (2016-04-27) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (gold.funkthat.com [127.0.0.1]); Fri, 21 Sep 2018 23:35:37 -0700 (PDT) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Sep 2018 06:35:47 -0000 Lev Serebryakov wrote this message on Mon, Sep 17, 2018 at 23:52 +0300: > Thursday, September 13, 2018, 2:46:46 AM, you wrote: > > > Linux have openssl 1.1.0f, and I've tried both system /usr/bin/openssl (1.0.2p) > > and /usr/local/bin/openssl from security/openssl-devel port (1.1.0i), results are > > virtually the same. I have "ASM" and "SSE2" options enabled in port. > > > What happens here? Why does FreeBSD's build of openssl use AES-NI so > > inefficient? > More datapoints. > > (1) aes-256-cbc behaves really wired. Time output is > completely bogus without "-elapsed" and speed is unbelievably low with > "-elapsed". aes-256-gcm doesn't have this anomaly This is because you're likely using /dev/crypto for the operations instead of software... $openssl engine (cryptodev) BSD cryptodev engine (dynamic) Dynamic engine loading support The times below are mesured on how much cpu time openssl spent, while all the work was done in the kernel... if you disable cryptodev usage, you should see better performance... > without "-elapsed" (please note "in 0.xxs" here): > > Doing aes-256-cbc for 3s on 16 size blocks: 503555 aes-256-cbc's in 0.60s > Doing aes-256-cbc for 3s on 64 size blocks: 520386 aes-256-cbc's in 0.54s > Doing aes-256-cbc for 3s on 256 size blocks: 435106 aes-256-cbc's in 0.44s > Doing aes-256-cbc for 3s on 1024 size blocks: 242832 aes-256-cbc's in 0.38s > Doing aes-256-cbc for 3s on 8192 size blocks: 49087 aes-256-cbc's in 0.09s > ... > aes-256-cbc 13393.26k 61782.64k 254599.17k 663093.25k 4289287.51k > > Doing aes-256-gcm for 3s on 16 size blocks: 12051311 aes-256-gcm's in 3.03s > Doing aes-256-gcm for 3s on 64 size blocks: 6428598 aes-256-gcm's in 3.04s > Doing aes-256-gcm for 3s on 256 size blocks: 2122316 aes-256-gcm's in 3.00s > Doing aes-256-gcm for 3s on 1024 size blocks: 610443 aes-256-gcm's in 3.13s > Doing aes-256-gcm for 3s on 8192 size blocks: 75836 aes-256-gcm's in 3.03s > ... > aes-256-gcm 63611.04k 135380.66k 181104.30k 199531.13k 204947.96k > > with "-elapsed": > > Doing aes-256-cbc for 3s on 16 size blocks: 493829 aes-256-cbc's in 3.01s > Doing aes-256-cbc for 3s on 64 size blocks: 530550 aes-256-cbc's in 3.06s > Doing aes-256-cbc for 3s on 256 size blocks: 426699 aes-256-cbc's in 3.01s > Doing aes-256-cbc for 3s on 1024 size blocks: 243305 aes-256-cbc's in 3.03s > Doing aes-256-cbc for 3s on 8192 size blocks: 48069 aes-256-cbc's in 3.01s > ... > aes-256-cbc 2626.91k 11087.41k 36317.07k 82191.94k 130919.48k > > Doing aes-256-gcm for 3s on 16 size blocks: 12041385 aes-256-gcm's in 3.08s > Doing aes-256-gcm for 3s on 64 size blocks: 6445757 aes-256-gcm's in 3.05s > Doing aes-256-gcm for 3s on 256 size blocks: 2129499 aes-256-gcm's in 3.01s > Doing aes-256-gcm for 3s on 1024 size blocks: 587396 aes-256-gcm's in 3.01s > Doing aes-256-gcm for 3s on 8192 size blocks: 75806 aes-256-gcm's in 3.03s > ... > aes-256-gcm 62590.75k 135047.68k 181245.26k 199977.06k 204866.89k -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."