Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Mar 2012 23:20:31 +0200
From: Milen Rangelov <>
Subject: Re: OpenSSL and AES-NI (was: RAR format finally proper)

Hello again.

I tested the Intel AES-NI code (I modified it a bit as it did not follow
the OpenSSL convention that close as it initially appeared to).

To my (unpleasant) surprise, it did not bring the expected performance
gains with RAR. It did bring some small gains when header encryption was
used and indeed helped a lot more when no header encryption was used.
However the latter applies only when you have small files in the archive.
For some reason, this improvement does not scale linearily with the file
size. For small files in the archive I get quite an improvement. When files
in archive are several megabytes in size, the difference is not that huge
at all. And when files get several tens of megabytes in size, it really
does not matter where you use AES-NI or not - speed gets close to zero in
both cases :(

Perhaps like more can be achieved by tweaking the RAR decompression routine
in the libclamav code. I am not that happy with the result though, I put so
much hope on AES-NI...

On Fri, Mar 16, 2012 at 10:32 AM, magnum <> wrote:

> On 03/13/2012 02:13 AM, magnum wrote:
> > On 03/07/2012 11:37 PM, magnum wrote:
> >> On 03/06/2012 08:11 AM, Milen Rangelov wrote:
> >>> As per AES/OpenSSL, I read somewhere they implemented runtime AES-NI
> >>> detection/use. Though I don't think this have made it into the debian
> >>> packages I use yet. It might improve things a lot.
> >>
> >> Yeah interesting, it can decrypt a byte in 2 cycles instead of 15... I
> >> suppose you could try using the code supplied by Intel at the end of
> >> this PDF: - it even mimics the
> >> OpenSSL interfaces.
> >
> > It seems my standard Ubuntu OpenSSL 1.0.0e has AES-NI configured and
> > enabled out of the box so maybe this is nothing to worry about? I'll
> > benchmark it later on a CPU that actually supports it.
> >
> > Anyway here's a better "version" (the one above is source code in PDF
> > form) of that Intel library, if we ever need one:
> >
> I did some experiments. Linking the Intel lib (referenced above) to the
> RAR format, I get a significant speedup compared to OpenSSL (despite
> I'm still running the key/iv generation in CPU - using OpenCL the boost
> will be even better). But when I run this:
> $ openssl speed -engine aesni -decrypt -evp aes-128-cbc
> On an Intel(R) Core(TM)2 Duo CPU     P8600  @ 2.40GHz (lacking aesni):
> type             16 bytes     64 bytes    256 bytes   1024 bytes   8192
> bytes
> aes-128-cbc      50781.48k    56127.74k    57736.73k   167606.27k
> 170622.98k
> On an Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz (with aesni):
> type             16 bytes     64 bytes    256 bytes   1024 bytes   8192
> bytes
> aes-128-cbc     633410.88k  2060109.74k  2740870.85k  2959463.09k
> 3014486.13k
> ...this is 17x faster (both machines using exact same versions of
> everything) so it clearly shows that OpenSSL *can* use AES-NI.
> So I suspect the current OpenSSL use in RAR format just fails to
> "enable" AES-NI until we modify it a little. Some googling indicates we
> might have to use the EVP interface in order to get AES-NI from OpenSSL.
> I have still to get that working (I find it backwards that the high
> level interface is much more complicated to use than the low level ones)
> and I suspect this will be slower than the Intel lib anyway because of
> much more overhead.
> magnum

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.