Archives

All posts for the month October, 2013

OpenSSL and AES-NI

Playing around with OpenSSL’s built-in speed test today, I discovered that the default ‘openssl speed’ command won’t take advantage of AES-NI acceleration, even if your processor supports it. To get AES-NI goodness on the speed test, you have to specify the ‘-evp’ option along with the AES mode to speed-test.

On a Core i5 M 520, without using AES-NI:

OpenSSL 1.0.0f 4 Jan 2012
built on: date not available
options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: information not available
The ‘numbers’ are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc      38655.36k    42473.27k    47143.80k    98004.28k    98783.00k

and with AES-NI:

OpenSSL 1.0.0f 4 Jan 2012
built on: date not available
options:bn(64,64) rc4(8x,char) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: information not available
The ‘numbers’ are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-cbc     356674.40k   379020.78k   416202.59k   418317.61k   418009.73k

This is on an OpenBSD/amd64 5.2 system. Yes, it’s (over-)due for an OS upgrade. But yeah, AES-NI gives you a performance boost of 4x-9x. Nice!