libressl vs openssl - surprises
Dewayne Geraghty
dewayne.geraghty at heuristicsystems.com.au
Sun Jun 14 08:18:43 UTC 2015
Having read that PC-BSD are/have moved to using libressl in their base
system, it was time to have a look. So I updated my ports tree, built
in sequence openssl, tested and then built libressl and tested.
Platform xeon 1230Lv3 (1.8GHz, 8 logical cores), FreeBSD 10.1 built
fresh last night.
Summary:
openssl aes256 encrypt/decrypt 160MB file: 0.686157 secs (244509876
bytes/sec)
libressl aes256 encrypt/decrypt 160MB file: 1.768195 secs (94883282
bytes/sec)
openssl speed -evp aes-256-cbc: 74691.70k 288535.11k 876427.49k
5323319.66k 29095886.85k
libressl, speed -evp aes-256-cbc: 95036.12k 103030.42k 104839.86k
105190.19k 105840.81k
Please note that I added the following to each Makefile, immediately
after CPE_VENDOR line
CFLAGS+="-O3"
I also have the options for openssl "sse2 shared threads". There are no
options for libressl.
As I use crypto/ssl extensively it seems that migrating to the libressl
port will reduce the performance of dependent ports. Are others seeing
similar performance? Does anyone have any suggestions for raising the
performance of libressl?
On the bright side, libressl includes ChaCha20-Poly1305 and other
ciphers contrary to the openbsd man page.
Refs:
1. http://blog.pcbsd.org/2015/03/a-look-at-the-upcoming-features-for-10-1-2/
2.
https://forums.freebsd.org/threads/replace-openssl-with-libressl.47203/
use of OPENSSL_PORT=security/libressl
Detail:
I ran the speed and encrypt/decrypt cycle three times for each and took
the middle score from each for comparison.
For reference
dd if=/dev/zero bs=1m count=160 > /dev/null ; # 0.016084 secs
(10431025952 bytes/sec)
openssl
----------
dd if=/dev/zero bs=1m count=160 | openssl enc -e -aes-256-cbc -pass
pass:p1 | openssl enc -aes-256-cbc -d -pass pass:p1 > /dev/null
160+0 records in
160+0 records out
167772160 bytes transferred in 0.686157 secs (244509876 bytes/sec)
openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 1568234 aes-256-cbc's in 0.34s
Doing aes-256-cbc for 3s on 64 size blocks: 1479306 aes-256-cbc's in 0.33s
Doing aes-256-cbc for 3s on 256 size blocks: 1203590 aes-256-cbc's in 0.35s
Doing aes-256-cbc for 3s on 1024 size blocks: 690433 aes-256-cbc's in 0.13s
Doing aes-256-cbc for 3s on 8192 size blocks: 138740 aes-256-cbc's in 0.04s
OpenSSL 1.0.2c 12 Jun 2015
built on: reproducible build, date unspecified
options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int)
aes(partial) idea(int) blowfish(idx)
compiler: /usr/local/libexec/ccache/cc -I. -I.. -I../include -fPIC
-DOPENSSL_PIC -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -Wall -O2 -pipe -g0 -ggdb0
-DSTRIP_FBSDID -O3 -march=core-avx-i -O3 -fno-strict-aliasing
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192
bytes
aes-256-cbc 74691.70k 288535.11k 876427.49k 5323319.66k
29095886.85k
libressl
---------
# dd if=/dev/zero bs=1m count=160 | openssl enc -e -aes-256-cbc -pass
pass:p1 | openssl enc -aes-256-cbc -d -pass pass:p1 > /dev/null
160+0 records in
160+0 records out
167772160 bytes transferred in 1.768195 secs (94883282 bytes/sec)
# openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 18097699 aes-256-cbc's in 3.05s
Doing aes-256-cbc for 3s on 64 size blocks: 4829551 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 256 size blocks: 1241390 aes-256-cbc's in 3.03s
Doing aes-256-cbc for 3s on 1024 size blocks: 310582 aes-256-cbc's in 3.02s
Doing aes-256-cbc for 3s on 8192 size blocks: 38861 aes-256-cbc's in 3.01s
LibreSSL 2.1.7
built on: date not available
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial)
idea(int) blowfish(idx)
compiler: information not available
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192
bytes
aes-256-cbc 95036.12k 103030.42k 104839.86k 105190.19k
105840.81k
More information about the freebsd-ports
mailing list