Playing around with OpenSSL’s built-in speed test today, I discovered that the default ‘openssl speed’ command won’t take advantage of AES-NI acceleration, even if your processor supports it. To get AES-NI goodness on the speed test, you have to specify the ‘-evp’ option along with the AES mode to speed-test.
On a Core i5 M 520, without using AES-NI:
OpenSSL 1.0.0f 4 Jan 2012
built on: date not available
options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: information not available
The ‘numbers’ are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 38655.36k 42473.27k 47143.80k 98004.28k 98783.00k
and with AES-NI:
OpenSSL 1.0.0f 4 Jan 2012
built on: date not available
options:bn(64,64) rc4(8x,char) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: information not available
The ‘numbers’ are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 356674.40k 379020.78k 416202.59k 418317.61k 418009.73k
This is on an OpenBSD/amd64 5.2 system. Yes, it’s (over-)due for an OS upgrade. But yeah, AES-NI gives you a performance boost of 4x-9x. Nice!