On donderdag 3 juni 2021 17:52:50 CEST Jeffrey Walton wrote: > I _think_ OpenSSH uses OpenSSL, not kernel crypto. If that means that hardware/accelerated crypto is dependent on the program being used, that would suck > To benchmark OpenSSL, you use something like: > # C implementation > openssl speed aes-128-cbc > # Hardware acceleration > openssl speed -evp aes-128-cbc > > You can see the difference in the numbers below ... on a Core i7-8700. > > $ openssl speed aes-128-cbc > ... > OpenSSL 1.1.1f 31 Mar 2020 > built on: Wed Apr 28 00:37:28 2021 UTC > ... > The 'numbers' are in 1000s of bytes per second processed. > type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes > aes-128 cbc 307929.67k 318790.74k 319262.46k 322336.43k 322890.41k 322939.56k > > $ openssl speed -evp aes-128-cbc > ... > The 'numbers' are in 1000s of bytes per second processed. > type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes > aes-128-cbc 999800.57k 1682301.12k 1730221.65k 1736772.61k 1738702.85k 1738746.54k $ openssl speed aes-128-cbc ... version: 3.0.0-alpha16 built on: built on: Thu May 6 19:54:38 2021 UTC ... The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes aes-128-cbc 84716.70k 269243.61k 584986.37k 830015.83k 944873.47k 953417.73k $ openssl speed -evp aes-128-cbc ... The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes AES-128-CBC 95904.58k 297023.53k 611697.15k 855083.69k 966412.97k 956033.71k At first glance there seems to be some improvement, particular with 16/64 bytes, but the difference is nowhere near as significant as with you. But I also tried it a few more times and generally speaking 16/64 bytes saw higher scores with '-evp', but I've also had higher scores on the larger types WITHOUT '-evp' ?!? (Included the version as it was very different; turns out mine if from experimental) Thanks for your reply, Diederik
Attachment:
signature.asc
Description: This is a digitally signed message part.