OpenSSL paramters

Discussion in 'Linux-Bench Results and Discussion' started by eva2000, Sep 7, 2014.

  1. eva2000

    eva2000 Active Member

    Joined:
    Apr 15, 2013
    Messages:
    242
    Likes Received:
    48
    @Patrick curious for your benchmark script what OpenSSL parameters are tested for the sign/verify stats ?

    Possible to benchmark RSA 2048 bit and ECDSA 256 bit too Nginx - Centmin Mod Nginx VHOST SPDY SSL Generator testing as they are both going to be the most commonly used for SSL certificates at least

    i.e.

    Code:
    rsa 2048 bits 0.001090s 0.000034s    917.1  29162.2
    256 bit ecdsa (nistp256)   0.0001s   0.0004s  14788.6   2281.4
     
    #1
    Last edited: Sep 7, 2014
  2. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,560
    Likes Received:
    4,490
    #2
    eva2000 likes this.
  3. eva2000

    eva2000 Active Member

    Joined:
    Apr 15, 2013
    Messages:
    242
    Likes Received:
    48
    thanks @Patrick

    looks like it's RSA 4096 bit test - not sure how many folks are using that ?

    should also update to OpenSSL 1.0.1i

    Code:
    # OpenSSL
    OSSL()
    {
        cd $benchdir
    
        appbase=openssl-1.0.1g
        apptgz=openssl-1.0.1g.tar.gz
        tgzstring=xfz
        appbin=$appbase/apps/openssl
        appdlpath=http://www.openssl.org/source/$apptgz
        extract
    
        cd openssl-1.0.1g/
        echo "Building OpenSSL"
        ./config no-zlib 2>&1 >> /dev/null
        make 2>&1 >> /dev/null
        echo "Running OpenSSL test"
           nproc=`nproc`
        ./apps/openssl speed rsa4096 -multi ${nproc}
    
        cd $benchdir
        rm -rf openssl*
    
    
    }

    for instance on 2GB Linode VPS with 2 cpu threads on Dual Xeon E5-2680v2

    Code:
    openssl speed rsa4096 -multi ${nproc}
    
    OpenSSL 1.0.2-chacha (beta3-dev)
    built on: Mon Aug 25 08:41:11 UTC 2014
    options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
    compiler: ccache gcc -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
                      sign    verify    sign/s verify/s
    rsa 4096 bits 0.004456s 0.000071s    224.4  14134.5
    
    Code:
    openssl speed rsa2048 -multi ${nproc}
    
    OpenSSL 1.0.2-chacha (beta3-dev)
    built on: Mon Aug 25 08:41:11 UTC 2014
    options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
    compiler: ccache gcc -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
                      sign    verify    sign/s verify/s
    rsa 2048 bits 0.000620s 0.000019s   1611.7  52631.6
    Code:
    openssl speed ecdsap256 -multi ${nproc}
    
    OpenSSL 1.0.2-chacha (beta3-dev)
    built on: Mon Aug 25 08:41:11 UTC 2014
    options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
    compiler: ccache gcc -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
                                  sign    verify    sign/s verify/s
    256 bit ecdsa (nistp256)   0.0001s   0.0002s  15384.6   4184.1
    
     
    #3
    Last edited: Sep 8, 2014
  4. MiniKnight

    MiniKnight Well-Known Member

    Joined:
    Mar 30, 2012
    Messages:
    2,951
    Likes Received:
    860
    I'm getting results in OpenSSL that are sometimes >40% different on sequential runs. The other benchmarks are usually close.

    Any idea what's going on? Is this due to what @eva2000 is talking about here?
     
    #4
  5. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,560
    Likes Received:
    4,490
    I have heard rumors of that also. We are looking into the cause.
     
    #5
  6. eva2000

    eva2000 Active Member

    Joined:
    Apr 15, 2013
    Messages:
    242
    Likes Received:
    48
    AFAIK, unrelated to what I said above :)

    numbers +40% or -40% ? always lower or higher and lower ? if always lower, could be your system's entropy pool availability is lower on subsequent runs ? or if high and low, could be variances in your entropy pool availability

    For bench.centminmod.com I started to test entropy pool availability too for systems
     
    #6
  7. MiniKnight

    MiniKnight Well-Known Member

    Joined:
    Mar 30, 2012
    Messages:
    2,951
    Likes Received:
    860
    Happens both ways.
     
    #7
  8. eva2000

    eva2000 Active Member

    Joined:
    Apr 15, 2013
    Messages:
    242
    Likes Received:
    48
    i'd check your systems entropy pool availability
    if you're using Ivy Bridge and new Intel platforms, entropy pool availability has some assistance from Intel Secure Key technology for a hardware random generator source on the cpu itself
     
    #8

Share This Page