Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!

Ogłoszenie

Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.

Strony: 1

 

#1  2023-04-30 06:08:47

  Jacekalex - Podobno człowiek...;)

Jacekalex
Podobno człowiek...;)
Skąd: /dev/random
Zarejestrowany: 2008-01-07

Aktualizacja Openssl może mile zaskoczyć czasami. ;)

Cześć

W Debianie mam teraz:

Kod:

# root ~> openssl version
OpenSSL 1.1.1n  15 Mar 2022

Kod:

# root ~>  openssl speed aes-256-cbc aes-128-cbc
Doing aes-128 cbc for 3s on 16 size blocks: 30318019 aes-128 cbc's in 2.27s
Doing aes-128 cbc for 3s on 64 size blocks: 7658597 aes-128 cbc's in 2.24s
Doing aes-128 cbc for 3s on 256 size blocks: 1908891 aes-128 cbc's in 2.23s
Doing aes-128 cbc for 3s on 1024 size blocks: 485743 aes-128 cbc's in 2.24s
Doing aes-128 cbc for 3s on 8192 size blocks: 61134 aes-128 cbc's in 2.25s
Doing aes-128 cbc for 3s on 16384 size blocks: 30900 aes-128 cbc's in 2.28s
Doing aes-256 cbc for 3s on 16 size blocks: 22674127 aes-256 cbc's in 2.25s
Doing aes-256 cbc for 3s on 64 size blocks: 5806043 aes-256 cbc's in 2.26s
Doing aes-256 cbc for 3s on 256 size blocks: 1440600 aes-256 cbc's in 2.21s
Doing aes-256 cbc for 3s on 1024 size blocks: 366218 aes-256 cbc's in 2.26s
Doing aes-256 cbc for 3s on 8192 size blocks: 45787 aes-256 cbc's in 2.25s
Doing aes-256 cbc for 3s on 16384 size blocks: 22598 aes-256 cbc's in 2.23s
OpenSSL 1.1.1n  15 Mar 2022
built on: Sun Feb  5 21:23:17 2023 UTC
options:bn(64,64) rc4(16x,int) des(int) aes(partial) blowfish(ptr) 
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -ffile-prefix-map=/build/openssl-8bYUb4/openssl-1.1.1n=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128 cbc     213695.29k   218817.06k   219137.26k   222053.94k   222582.10k   222046.32k
aes-256 cbc     161238.24k   164418.92k   166874.93k   165932.40k   166705.38k   166029.43k

Tymczasem w Gentoo zainstalowałem:

Kod:

# root ~> openssl version
OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)

Kod:

# root ~> openssl speed aes-256-cbc aes-128-cbc
Doing aes-128-cbc for 3s on 16 size blocks: 100725570 aes-128-cbc's in 2.35s
Doing aes-128-cbc for 3s on 64 size blocks: 27008071 aes-128-cbc's in 2.35s
Doing aes-128-cbc for 3s on 256 size blocks: 6858985 aes-128-cbc's in 2.35s
Doing aes-128-cbc for 3s on 1024 size blocks: 1729665 aes-128-cbc's in 2.36s
Doing aes-128-cbc for 3s on 8192 size blocks: 215310 aes-128-cbc's in 2.34s
Doing aes-128-cbc for 3s on 16384 size blocks: 107908 aes-128-cbc's in 2.35s
Doing aes-256-cbc for 3s on 16 size blocks: 74520716 aes-256-cbc's in 2.36s
Doing aes-256-cbc for 3s on 64 size blocks: 19510395 aes-256-cbc's in 2.36s
Doing aes-256-cbc for 3s on 256 size blocks: 4956794 aes-256-cbc's in 2.36s
Doing aes-256-cbc for 3s on 1024 size blocks: 1235805 aes-256-cbc's in 2.35s
Doing aes-256-cbc for 3s on 8192 size blocks: 154453 aes-256-cbc's in 2.35s
Doing aes-256-cbc for 3s on 16384 size blocks: 77345 aes-256-cbc's in 2.36s
version: 3.0.8
built on: Sun Apr 30 03:40:26 2023 UTC
options: bn(64,64)
compiler: x86_64-pc-linux-gnu-gcc -fPIC -pthread -m64 -Wa,--noexecstack -march=native -O3 -fgraphite-identity -floop-n>
CPUINFO: OPENSSL_ia32cap=0x7ffaf3ffffebffff:0x27ab
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc     685791.11k   735538.95k   747191.56k   750498.71k   753769.03k   752325.39k
aes-256-cbc     505225.19k   529095.46k   537686.13k   538495.46k   538416.59k   536957.83k

Różnica  w prędkości szyfrowania AES (w obu systemach ten sam procesor) wynika z użycia w nowym Openssl mechanizmu KernelTLS.

Jak widać, na moim procku ktls przyspieszył szyfrowanie openssl AES-256 o 222%:

Kod:

echo "scale=2; 536957.83/166705.38" |bc -l
3.22

Pomysł opisany tutaj:
https://www.nginx.com/blog/improving-nginx-performa … h-kernel-tls/


W Debianie na razie trzeba do tego mechanizmu zbudować samodzielnie kernel:

Kod:

grep CONFIG_TLS  /boot/config-5.10.0-22-amd64
# CONFIG_TLS is not set

ale zdaje się, że w testingu to poprawili lub poprawią niebawem:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919807

EDIT:
poprawili w jaju z backportów:

Kod:

# root ~> grep CONFIG_TLS /boot/config-6.1.0-0.deb11.6-amd64 
CONFIG_TLS=m
CONFIG_TLS_DEVICE=y

Pozdro

Ostatnio edytowany przez Jacekalex (2023-04-30 07:21:08)

W demokracji każdy naród ma taką władzę, na jaką zasługuje ;)
Si vis pacem  para bellum  ;)       |       Pozdrawiam :)

Offline

 

 

Strony: 1

Stopka forum

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson
Nas ludzie lubią po prostu, a nie klikając w przyciski ;-)