OpenVPN 2.5.2 mips64-openwrt-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library version: OpenSSL 1.1.1k 25 Mar 2021
This gave:
(dynamic) Dynamic engine loading support
[ unavailable ]
No idea as to what you are running, or on what device. But, to your statement above regarding your WRT3200ACM device this
script
#!/bin/sh
#########
printf '******** Test openssl *********\n' > /tmp/junk
date >> /tmp/junk
printf '\n*********************************\n' >> /tmp/junk
cat /etc/openwrt_release >> /tmp/junk
uname -a >> /tmp/junk
printf '\n*********************************\n' >> /tmp/junk
printf '*** openssl engine -t -c -vv ***\n' >> /tmp/junk
openssl engine -t -c -vv >> /tmp/junk
printf '\n*********************************\n' >> /tmp/junk
printf '\n*** openssl engine -pre DUMP_INFO devcrypto ***\n' >> /tmp/junk
openssl engine -pre DUMP_INFO devcrypto >> /tmp/junk 2>&1
printf '\n*********************************\n' >> /tmp/junk
printf '\nRunning *--> time -v openssl speed -elapsed -evp AES-128-CBC -engine devcrypto <--*\n\n' >> /tmp/junk
time -v openssl speed -elapsed -evp AES-128-CBC -engine devcrypto >> /tmp/junk 2>&1
printf '\n*********************************\n' >> /tmp/junk
printf '\nRunning *--> time -v openssl speed -elapsed -evp AES-256-ECB -engine devcrypto <--*\n\n' >> /tmp/junk
time -v openssl speed -elapsed -evp AES-256-ECB -engine devcrypto >> /tmp/junk 2>&1
printf '\n*********************************\n' >> /tmp/junk
printf '\nRunning *--> time -v openssl speed -elapsed -evp AES-256-GCM -engine devcrypto <--*\n\n' >> /tmp/junk
time -v openssl speed -elapsed -evp AES-256-GCM -engine devcrypto >> /tmp/junk 2>&1
printf '\n*********************************\n' >> /tmp/junk
printf '\nRunning *--> time -v openssl speed -elapsed -evp CHACHA20-POLY1305 -engine devcrypto <--*\n\n' >> /tmp/junk
time -v openssl speed -elapsed -evp CHACHA20-POLY1305 -engine devcrypto >> /tmp/junk 2>&1
####
printf '\n*********************************\n' >> /tmp/junk
printf '\nRunning *--> time -v openssl speed -elapsed -evp SHA256 -engine devcrypto <--*\n\n' >> /tmp/junk
time -v openssl speed -elapsed -evp SHA256 -engine devcrypto >> /tmp/junk 2>&1
printf '\n*********************************\n' >> /tmp/junk
printf '\nRunning *--> time -v openssl speed -elapsed -evp MD5 <--*\n\n' >> /tmp/junk
time -v openssl speed -elapsed -evp MD5 >> /tmp/junk 2>&1
printf '\n*********************************\n' >> /tmp/junk
###
# openssl speed -evp chacha20-poly1305 2>/dev/null && openssl speed -evp aes-256-gcm 2>/dev/null | grep '^aes'
yields this
data dump
******** Test openssl *********
Wed Jun 2 09:55:38 MDT 2021
*********************************
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='SNAPSHOT'
DISTRIB_REVISION='r16837-e002179a6d'
DISTRIB_TARGET='mvebu/cortexa9'
DISTRIB_ARCH='arm_cortex-a9_vfpv3'
DISTRIB_DESCRIPTION='OpenWrt SNAPSHOT r16837-e002179a6d'
DISTRIB_TAINTS='no-all busybox'
Linux bsaedgy 5.10.41 #0 SMP Fri May 28 13:35:32 2021 armv7l GNU/Linux
*********************************
*** openssl engine -t -c -vv ***
(dynamic) Dynamic engine loading support
[ unavailable ]
SO_PATH: Specifies the path to the new ENGINE shared library
NO_VCHECK: Specifies to continue even if version checking fails (boolean)
ID: Specifies an ENGINE id name for loading
LIST_ADD: Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)
DIR_LOAD: Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)
DIR_ADD: Adds a directory from which ENGINEs can be loaded
LOAD: Load up the ENGINE specified by other settings
(devcrypto) /dev/crypto engine
[DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-ECB, AES-192-ECB, AES-256-ECB]
[ available ]
USE_SOFTDRIVERS: specifies whether to use software (not accelerated) drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use if acceleration can't be determined) [default=2]
CIPHERS: either ALL, NONE, or a comma-separated list of ciphers to enable [default=ALL]
DIGESTS: either ALL, NONE, or a comma-separated list of digests to enable [default=NONE]
DUMP_INFO: dump info about each algorithm to stderr; use 'openssl engine -pre DUMP_INFO devcrypto'
*********************************
*** openssl engine -pre DUMP_INFO devcrypto ***
(devcrypto) /dev/crypto engine
Information about ciphers supported by the /dev/crypto engine:
Cipher DES-CBC, NID=31, /dev/crypto info: id=1, driver=mv-cbc-des (hw accelerated)
Cipher DES-EDE3-CBC, NID=44, /dev/crypto info: id=2, driver=mv-cbc-des3-ede (hw accelerated)
Cipher BF-CBC, NID=91, /dev/crypto info: id=3, CIOCGSESSION (session open call) failed
Cipher CAST5-CBC, NID=108, /dev/crypto info: id=4, CIOCGSESSION (session open call) failed
Cipher AES-128-CBC, NID=419, /dev/crypto info: id=11, driver=mv-cbc-aes (hw accelerated)
Cipher AES-192-CBC, NID=423, /dev/crypto info: id=11, driver=mv-cbc-aes (hw accelerated)
Cipher AES-256-CBC, NID=427, /dev/crypto info: id=11, driver=mv-cbc-aes (hw accelerated)
Cipher RC4, NID=5, /dev/crypto info: id=12, CIOCGSESSION (session open call) failed
Cipher AES-128-CTR, NID=904, /dev/crypto info: id=21, CIOCGSESSION (session open call) failed
Cipher AES-192-CTR, NID=905, /dev/crypto info: id=21, CIOCGSESSION (session open call) failed
Cipher AES-256-CTR, NID=906, /dev/crypto info: id=21, CIOCGSESSION (session open call) failed
Cipher AES-128-ECB, NID=418, /dev/crypto info: id=23, driver=mv-ecb-aes (hw accelerated)
Cipher AES-192-ECB, NID=422, /dev/crypto info: id=23, driver=mv-ecb-aes (hw accelerated)
Cipher AES-256-ECB, NID=426, /dev/crypto info: id=23, driver=mv-ecb-aes (hw accelerated)
Information about digests supported by the /dev/crypto engine:
Digest MD5, NID=4, /dev/crypto info: id=13, driver=mv-md5 (hw accelerated), CIOCCPHASH capable
Digest SHA1, NID=64, /dev/crypto info: id=14, driver=mv-sha1 (hw accelerated), CIOCCPHASH capable
Digest RIPEMD160, NID=117, /dev/crypto info: id=102, driver=unknown. CIOCGSESSION (session open) failed
Digest SHA224, NID=675, /dev/crypto info: id=103, driver=sha224-neon (software), CIOCCPHASH capable
Digest SHA256, NID=672, /dev/crypto info: id=104, driver=mv-sha256 (hw accelerated), CIOCCPHASH capable
Digest SHA384, NID=673, /dev/crypto info: id=105, driver=sha384-neon (software), CIOCCPHASH capable
Digest SHA512, NID=674, /dev/crypto info: id=106, driver=sha512-neon (software), CIOCCPHASH capable
[Success]: DUMP_INFO
*********************************
Running *--> time -v openssl speed -elapsed -evp AES-128-CBC -engine devcrypto <--*
engine "devcrypto" set.
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 260302 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 253762 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 229526 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 161020 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 37610 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 20191 aes-128-cbc's in 3.00s
OpenSSL 1.1.1k 25 Mar 2021
built on: Fri May 28 13:35:32 2021 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr)
compiler: ccache_cc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/home/kc/wrtpac/source/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DZLIB_SHARED -DNDEBUG -DPIC -DOPENSSL_PREFER_CHACHA_OVER_GCM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128-cbc 1388.28k 5413.59k 19586.22k 54961.49k 102700.37k 110269.78k
Command being timed: "openssl speed -elapsed -evp AES-128-CBC -engine devcrypto"
User time (seconds): 0.32
System time (seconds): 5.09
Percent of CPU this job got: 30%
Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 18.08s
Average shared text size (kbytes): 0
Average unshared data size (kbytes): 0
Average stack size (kbytes): 0
Average total size (kbytes): 0
Maximum resident set size (kbytes): 13552
Average resident set size (kbytes): 0
Major (requiring I/O) page faults: 0
Minor (reclaiming a frame) page faults: 155
Voluntary context switches: 962541
Involuntary context switches: 86
Swaps: 0
File system inputs: 0
File system outputs: 0
Socket messages sent: 0
Socket messages received: 0
Signals delivered: 0
Page size (bytes): 4096
Exit status: 0
*********************************
Running *--> time -v openssl speed -elapsed -evp AES-256-ECB -engine devcrypto <--*
engine "devcrypto" set.
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-256-ecb for 3s on 16 size blocks: 262347 aes-256-ecb's in 3.00s
Doing aes-256-ecb for 3s on 64 size blocks: 271910 aes-256-ecb's in 3.00s
Doing aes-256-ecb for 3s on 256 size blocks: 242784 aes-256-ecb's in 3.00s
Doing aes-256-ecb for 3s on 1024 size blocks: 156384 aes-256-ecb's in 3.00s
Doing aes-256-ecb for 3s on 8192 size blocks: 34383 aes-256-ecb's in 3.00s
Doing aes-256-ecb for 3s on 16384 size blocks: 18275 aes-256-ecb's in 3.00s
OpenSSL 1.1.1k 25 Mar 2021
built on: Fri May 28 13:35:32 2021 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr)
compiler: ccache_cc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/home/kc/wrtpac/source/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DZLIB_SHARED -DNDEBUG -DPIC -DOPENSSL_PREFER_CHACHA_OVER_GCM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-256-ecb 1399.18k 5800.75k 20717.57k 53379.07k 93888.51k 99805.87k
Command being timed: "openssl speed -elapsed -evp AES-256-ECB -engine devcrypto"
User time (seconds): 0.29
System time (seconds): 5.02
Percent of CPU this job got: 29%
Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 18.08s
Average shared text size (kbytes): 0
Average unshared data size (kbytes): 0
Average stack size (kbytes): 0
Average total size (kbytes): 0
Maximum resident set size (kbytes): 13520
Average resident set size (kbytes): 0
Major (requiring I/O) page faults: 0
Minor (reclaiming a frame) page faults: 155
Voluntary context switches: 986207
Involuntary context switches: 108
Swaps: 0
File system inputs: 0
File system outputs: 0
Socket messages sent: 0
Socket messages received: 0
Signals delivered: 0
Page size (bytes): 4096
Exit status: 0
*********************************
Running *--> time -v openssl speed -elapsed -evp AES-256-GCM -engine devcrypto <--*
engine "devcrypto" set.
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-256-gcm for 3s on 16 size blocks: 6055328 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 64 size blocks: 1751252 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 256 size blocks: 481985 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 1024 size blocks: 133765 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 8192 size blocks: 17130 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 16384 size blocks: 8517 aes-256-gcm's in 3.00s
OpenSSL 1.1.1k 25 Mar 2021
built on: Fri May 28 13:35:32 2021 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr)
compiler: ccache_cc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/home/kc/wrtpac/source/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DZLIB_SHARED -DNDEBUG -DPIC -DOPENSSL_PREFER_CHACHA_OVER_GCM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-256-gcm 32295.08k 37360.04k 41129.39k 45658.45k 46776.32k 46514.18k
Command being timed: "openssl speed -elapsed -evp AES-256-GCM -engine devcrypto"
User time (seconds): 17.92
System time (seconds): 0.06
Percent of CPU this job got: 99%
Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 18.08s
Average shared text size (kbytes): 0
Average unshared data size (kbytes): 0
Average stack size (kbytes): 0
Average total size (kbytes): 0
Maximum resident set size (kbytes): 13648
Average resident set size (kbytes): 0
Major (requiring I/O) page faults: 0
Minor (reclaiming a frame) page faults: 158
Voluntary context switches: 130
Involuntary context switches: 198
Swaps: 0
File system inputs: 0
File system outputs: 0
Socket messages sent: 0
Socket messages received: 0
Signals delivered: 0
Page size (bytes): 4096
Exit status: 0
*********************************
Running *--> time -v openssl speed -elapsed -evp CHACHA20-POLY1305 -engine devcrypto <--*
engine "devcrypto" set.
You have chosen to measure elapsed time instead of user CPU time.
Doing chacha20-poly1305 for 3s on 16 size blocks: 9780565 chacha20-poly1305's in 3.00s
Doing chacha20-poly1305 for 3s on 64 size blocks: 4474904 chacha20-poly1305's in 3.00s
Doing chacha20-poly1305 for 3s on 256 size blocks: 2096577 chacha20-poly1305's in 3.00s
Doing chacha20-poly1305 for 3s on 1024 size blocks: 583047 chacha20-poly1305's in 3.00s
Doing chacha20-poly1305 for 3s on 8192 size blocks: 75499 chacha20-poly1305's in 3.00s
Doing chacha20-poly1305 for 3s on 16384 size blocks: 37774 chacha20-poly1305's in 3.00s
OpenSSL 1.1.1k 25 Mar 2021
built on: Fri May 28 13:35:32 2021 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr)
compiler: ccache_cc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/home/kc/wrtpac/source/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DZLIB_SHARED -DNDEBUG -DPIC -DOPENSSL_PREFER_CHACHA_OVER_GCM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
chacha20-poly1305 52163.01k 95464.62k 178907.90k 199013.38k 206162.60k 206296.41k
Command being timed: "openssl speed -elapsed -evp CHACHA20-POLY1305 -engine devcrypto"
User time (seconds): 17.99
System time (seconds): 0.02
Percent of CPU this job got: 99%
Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 18.08s
Average shared text size (kbytes): 0
Average unshared data size (kbytes): 0
Average stack size (kbytes): 0
Average total size (kbytes): 0
Maximum resident set size (kbytes): 13680
Average resident set size (kbytes): 0
Major (requiring I/O) page faults: 0
Minor (reclaiming a frame) page faults: 157
Voluntary context switches: 130
Involuntary context switches: 130
Swaps: 0
File system inputs: 0
File system outputs: 0
Socket messages sent: 0
Socket messages received: 0
Signals delivered: 0
Page size (bytes): 4096
Exit status: 0
*********************************
Running *--> time -v openssl speed -elapsed -evp SHA256 -engine devcrypto <--*
engine "devcrypto" set.
You have chosen to measure elapsed time instead of user CPU time.
Doing sha256 for 3s on 16 size blocks: 1794964 sha256's in 3.00s
Doing sha256 for 3s on 64 size blocks: 1359571 sha256's in 3.00s
Doing sha256 for 3s on 256 size blocks: 784374 sha256's in 3.00s
Doing sha256 for 3s on 1024 size blocks: 292741 sha256's in 3.00s
Doing sha256 for 3s on 8192 size blocks: 42555 sha256's in 3.00s
Doing sha256 for 3s on 16384 size blocks: 21613 sha256's in 3.01s
OpenSSL 1.1.1k 25 Mar 2021
built on: Fri May 28 13:35:32 2021 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr)
compiler: ccache_cc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/home/kc/wrtpac/source/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DZLIB_SHARED -DNDEBUG -DPIC -DOPENSSL_PREFER_CHACHA_OVER_GCM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
sha256 9573.14k 29004.18k 66933.25k 99922.26k 116203.52k 117643.65k
Command being timed: "openssl speed -elapsed -evp SHA256 -engine devcrypto"
User time (seconds): 17.96
System time (seconds): 0.05
Percent of CPU this job got: 99%
Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 18.08s
Average shared text size (kbytes): 0
Average unshared data size (kbytes): 0
Average stack size (kbytes): 0
Average total size (kbytes): 0
Maximum resident set size (kbytes): 13616
Average resident set size (kbytes): 0
Major (requiring I/O) page faults: 0
Minor (reclaiming a frame) page faults: 157
Voluntary context switches: 64
Involuntary context switches: 78
Swaps: 0
File system inputs: 0
File system outputs: 0
Socket messages sent: 0
Socket messages received: 0
Signals delivered: 0
Page size (bytes): 4096
Exit status: 0
*********************************
Running *--> time -v openssl speed -elapsed -evp MD5 <--*
You have chosen to measure elapsed time instead of user CPU time.
Doing md5 for 3s on 16 size blocks: 2437862 md5's in 3.00s
Doing md5 for 3s on 64 size blocks: 2017755 md5's in 3.00s
Doing md5 for 3s on 256 size blocks: 1329921 md5's in 3.00s
Doing md5 for 3s on 1024 size blocks: 557578 md5's in 3.00s
Doing md5 for 3s on 8192 size blocks: 89471 md5's in 3.00s
Doing md5 for 3s on 16384 size blocks: 45488 md5's in 3.00s
OpenSSL 1.1.1k 25 Mar 2021
built on: Fri May 28 13:35:32 2021 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr)
compiler: ccache_cc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/home/kc/wrtpac/source/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DZLIB_SHARED -DNDEBUG -DPIC -DOPENSSL_PREFER_CHACHA_OVER_GCM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
md5 13001.93k 43045.44k 113486.59k 190319.96k 244315.48k 248425.13k
Command being timed: "openssl speed -elapsed -evp MD5"
User time (seconds): 17.92
System time (seconds): 0.05
Percent of CPU this job got: 99%
Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 18.08s
Average shared text size (kbytes): 0
Average unshared data size (kbytes): 0
Average stack size (kbytes): 0
Average total size (kbytes): 0
Maximum resident set size (kbytes): 13616
Average resident set size (kbytes): 0
Major (requiring I/O) page faults: 0
Minor (reclaiming a frame) page faults: 157
Voluntary context switches: 64
Involuntary context switches: 1144
Swaps: 0
File system inputs: 0
File system outputs: 0
Socket messages sent: 0
Socket messages received: 0
Signals delivered: 0
Page size (bytes): 4096
Exit status: 0
*********************************
from a master image on a rango using devcrypto with the CESA unit in play.
Is that GUI for imagebuilder or something else? I have seen pictures of it sometimes before but what build program is it?
I build from source. It's the make kernel_menuconfig
. I don't know if it's available in imagebuilders or not (I've never used imagebuilder).
I have recently started using imagebuilder to preinstall packages, works well but I donât think this operation is possible.
But if the prize is crypto engine on ER4 then probably it makes it worth learning.
I added the first Octeon3 target to the OpenWrt repo in the form of the Itus Shield - You'll have to build from source in order to change the -march
for the target from -march=octeon+
to -march=octeon3
. I can tell neither @damex or I could quantify an increase overall, at least not enough to justify a new octeon3 target EDIT: at least, not yet.. as more Octeon3 devices come up, that should change I hope
But, if you build from source, you can do everything imagebuilder can do, and more, as long as you have the patience to build it out (depending on the hardware, it can be a few hours)
It was you that gave me the code, you never said anything about a script. And the answer on the command was only âdynamicâ.
Your other commands was ifs and the ifs never appeared.
The device is ER4, it is kind of the whole discussion about Octegon crypto acceleration.
I have mentioned 21.02-rc1 many times in this post.
I far as I have learned imagebuilder is only a âshopping bagâ of precompiled packages that it put (build) together to the final binary to install.
Speed increaseâŠhaha this starts to be bisarređ. We have the speed increase already. It goes so fast that we belive its broken or somethingđ€Ș
But we canât find any fault either other than the speed of course that is to fastđ€
Just as a FYI, according to Marvell:
40Gbps of security performance with support for new crypto algorithms such as ECC, SHA2/SHA3, Camellia, ZUC besides the bulk crypto of MD5, DES/3DES, AES, and high SSL transaction rates for large key sizes
So, those seem to be the supported HW Crypto accels
No, the issue is that setting an Octeon3 target means the ER/ERLite would no longer be supported, as they are OcteonII and Octeon+ respectively. So.. we work at the lowest common denominator until there are enough devices to justify the cost to build on the build servers on a new target for just Octeon3.
So in practical terms if we put everything together that simply means my 300$ metal black box business grade 19â (with mounting rack) router with some LED on it right now do what it is made to do (run cryptos fast) and make my HD movies run really fast when I am on the go. It shouldnât work but it does work anyway. Isnât that great news?
I had some thoughts if it was the earlier auto chosen TLS1.3 software operated ChaCha20 crypto that was slow. I stopped that auto chosen crypto and manually commanded TLS1.2 and a suite called TLS_DHE_RSA_AES-256-CGM_SHA-256 to make some order to the DH key exchange. But all those cryptos in that suite would have fitted the Octegon processor like a hand in a glove. I think this could have been the point when the VPN speed took off with the ER4.
I actually ran a Netflix speed test through the VPN tunnel today and it measured 37Mbit/s.
The funny thing is that Apple have their status on crypto acceleration in iPhones put to really top secret, but iOS is on the other hand encrypted so the word on the street is that iPhone is also crypto accelerated. So that means I now run crypto optimized hardwares agains each other.
The question isn't if it's fast, it's is it as fast as it COULD be..
Example: Using OpenVPN rather than Wireguard. Both work, WG (from my experiences) has a MUCH faster throughput since it operates at the Interface rather than Application layers.. But! It also means Split-tunnel isn't available. So, it's up to your use case.
But yes, one of the issues we faced was that we couldn't quantify actually performance increases from moving from Octeon+ to Octeon3 on the test devices to the point it was worth spinning it off..
One thing I should note.. If you decide to go build from source and play with this on your own, if you change the target options to the -march=octeon3
you'll also need to build out ALL of the packages (or just include them in the image) as I've never been able to get the OpenWrt package repos to accept the Octeon3 arch type for use with opkg
.
So, you can build out ALL packages (which is a total PITA) or include the packages you need/want at the build time. At one point, before the Shield was included into the Upstream, I was supported the entire base (https://github.com/Grommish/shield_opkgs) because of this. I eventually realized there wasn't a need vs gain and just stuck with the Octeon+ for ease of use.
As I mentioned earlier in the tread. I tested Wireguard once and it was fast but it never used the encrypted tunnel.
The program just said it had a connected VPN tunnel until I actually tested it and it failed in all the tests. But it was really simple tests but total failure anyway.
Yes they have 5000lines of code (less than OpenVPN), that is their whole commercial. They never say anywhere it actually works.
Now OpenVPN is fast and it once again pass all test I can trow at it.
Is it still Inop in the 5.10 kernel?n I've not messed with WG in a while
Donât be offended, I have been good att making high grade quality test my whole lifeđ
I have broken so many unbreakable things a lot faster than i broke Wireguard.
But this is security software, failure is not really an option and trust is deserved.
We canât have a lit up VPN symbol in the smartphone and nothing behind it.
Unsure, I have not really paid any attention since it first hit the stree.
Yes, you are amazingly amazing. where many have succeeded, you failed.
When I started using OVPN i found a rumor that said OVPN didnât use the static keys for handshake protection.
So I then made a bunch of âfalse/wrongâ keys and certs and made a bunch of false config files of them just to see if OpenVPN would see them in different combinations and what it would do if the specified server was a unknown security risk.
Well, It wasnât any fault on OpenVPN and it never made a connection to a server with any fault in the security keys.