SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001872: update openssl-CFLAGS to increase speed - MantisBT
MantisBT - Endian Firewall
View Issue Details
0001872Endian FirewallNetwork related (VPN, uplinks)public2009-05-14 12:432010-09-20 18:02
mike-f 
peter-endian 
normaltweakalways
acknowledgedopen 
2.2-rc3 
2.5 
0001872: update openssl-CFLAGS to increase speed
review the current openssl-CFLAGS as this might give a better performance on i.e. VPNs

endian 2.2-rc3

OpenSSL 0.9.7a Feb 19 2003
built on: Sun Oct 1 19:59:55 EDT 2006
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx)
compiler: gcc -fPIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DOPENSSL_NO_ASM -DOPENSSL_NO_IDEA -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_EC -DL_ENDIAN -DTERMIO -Wall -O2 -g -march=i386 -mcpu=i686 -Wa,--noexecstack
CentOS 5.3
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
built on: Tue Mar 3 12:54:01 EST 2009
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -I/usr/kerberos/include -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=generic -fasynchronous-unwind-tables -Wa,--noexecstack -DOPENSSL_USE_NEW_FUNCTIONS -fno-strict-aliasing -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM


osx-10.5.7
OpenSSL 0.9.8j 07 Jan 2009
built on: Thu Jan 29 23:15:39 CET 2009
options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) aes(partial) idea(int) blowfish(ptr)
compiler: cc -fPIC -fno-common -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN
No tags attached.
related to 0001883confirmed  update openssl to a more recent version 
Issue History
2009-05-14 12:43mike-fNew Issue
2009-05-14 12:43mike-fAssigned To => peter-endian
2009-05-14 13:02mike-fNote Added: 0002342
2009-05-14 13:03mike-fNote Edited: 0002342
2009-05-19 07:33luca-endianRelationship addedrelated to 0001883
2010-09-20 18:02peter-endianStatusnew => acknowledged
2010-09-20 18:02peter-endianTarget Version => 2.5

Notes
(0002342)
mike-f   
2009-05-14 13:02   
(edited on: 2009-05-14 13:03)
here are some results on different hosts
we did't use -multi in these cases as CentOS-machine has only one core


EF: AMD Athlon Dual Core Processor 4450B - cpu MHz: 2298.917
CentOS 5.3: Intel Celeron CPU 2.00GHz - cpu MHz: 2660.185 (quite old box)


The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
E: sha1 12020.63k 38240.50k 71965.52k 100481.99k 157444.55k
C: sha1 14305.50k 46721.15k 114080.00k 180954.45k 214269.95k


E: md5 12283.26k 41224.13k 107307.15k 186743.24k 183010.38k
C: md5 14308.17k 50122.43k 138555.31k 245786.37k 316891.14k


E: aes-256 cbc 36732.65k 36885.90k 37686.70k 37584.90k 37792.43k
C: aes-256 cbc 31519.87k 34265.62k 35389.27k 86484.47k 87315.80k

-----
                  sign verify sign/s verify/s
E: rsa 1024 bits 0.006888s 0.000358s 145.2 2790.3
C: rsa 1024 bits 0.002076s 0.000111s 481.6 9000.7

E: rsa 2048 bits 0.044798s 0.001301s 22.3 768.7
C: rsa 2048 bits 0.013477s 0.000387s 74.2 2586.2

E: rsa 4096 bits 0.320937s 0.004780s 3.1 209.2
F: rsa 4096 bits 0.092685s 0.001434s 10.8 697.2

-----
indeed - the old machine performs quite nice
we didn't include the osx-tests as the results ware really ugly to see...
could't test sha256 and sha512 as the EF-binaries don't support them at the moment