| 141 | === Performace Comparisons |
| 142 | * Device: GW6404-B |
| 143 | * CPU Speed: 1500 MHz |
| 144 | * OpenSSL version: 1.1.1c |
| 145 | |
| 146 | || ||||||||||||= '''Number of Blocks Processed in 3s / Block Size in Bytes''' =|| |
| 147 | ||= '''Engine''' =||16 ||64 ||256 ||1024 ||8192 ||16384|| |
| 148 | ||= AF_ALG =||283925||281102||254300||212132 ||75834 ||43402|| |
| 149 | ||= cryptodev =||958747||919563||674246||450026 ||107426||55976|| |
| 150 | ||= software =||959704||920003||673949||4494228||107408||56336|| |
| 151 | |
| 152 | Note: Performance of each engine may vary between systems. It's recommended to evaluate each engine on your system to determine their performance. |
223 | | Note that prior to OpenSSL 1.1.1 afalg is not enabled by default thus you need to rebuild it and add the 'enable-afalgeng' config option. |
224 | | |
| 234 | ==== Building OpenSSL 1.1.0 and later with AF_ALG support |
| 235 | Note that prior to OpenSSL 1.1.1 AF_ALG support is not enabled by default thus you need to rebuild it and add the 'enable-afalgeng' config option. |
| 236 | {{{#!bash |
| 237 | apt install build-essential pkg-config libssl-dev |
| 238 | wget https://www.openssl.org/source/openssl-1.1.1c.tar.gz |
| 239 | tar xvf openssl-* |
| 240 | cd openssl-* |
| 241 | ./config enable-engine enable-dso enable-afalgeng |
| 242 | make |
| 243 | make install |
| 244 | }}} |
| 245 | |
| 246 | Note that for Ubuntu / Debian Linux distros it is preferred to download source package, modify debian/rules and recompile the package: |
| 247 | {{{#!bash |
| 248 | apt install build-essential pkg-config ubuntu-dev-tools debhelper |
| 249 | apt-get build-dep openssl |
| 250 | apt-get source openssl |
| 251 | cd openssl-*/ |
| 252 | sed -i "s/CONFARGS =/CONFARGS = enable-engine enable-dso enable-afalgeng/" debian/rules |
| 253 | dch -i "Enabled AF_ALG support" |
| 254 | debuild |
| 255 | sudo dpkg -i ../*.deb |
| 256 | }}} |
| 257 | |
| 258 | ==== Enabling the AF_ALG kernel module |
239 | | OpenSSL performance can be tested with: |
240 | | {{{#!bash |
241 | | openssl engine # ensure af_alg is present |
| 273 | ==== Checking AF_ALG engine installation |
| 274 | |
| 275 | On OpenSSL versions prior to 1.1.0, you can check if the AF_ALG engine was successfully installed by running the following command: |
| 276 | {{{#!bash |
| 277 | openssl engine # check if af_alg is present |
| 278 | }}} |
| 279 | |
| 280 | On OpenSSL versions 1.1.0 and later, the AF_ALG engine is dynamically loaded which means that the engine will not appear when you run the command above. |
| 281 | |
| 282 | ==== Evaluating AF_ALG performance |
| 283 | For OpenSSL versions prior to 1.1.0: |
| 284 | {{{#!bash |
| 320 | ==== Building OpenSSL versions 1.1.1 and later with cryptodev support |
| 321 | Starting with version 1.1.1, the cryptodev engine is now called devcrypto and is implemented against the cryptodev-linux kernel module. To build OpenSSL with devcrypto support, the 'enable-devcryptoeng' flag is used during configuration. |
| 322 | |
| 323 | {{{#!bash |
| 324 | apt install build-essential pkg-config |
| 325 | wget https://www.openssl.org/source/openssl-1.1.1c.tar.gz |
| 326 | tar xvf openssl-* |
| 327 | cd openssl-* |
| 328 | ./config enable-engine enable-dso enable-devcryptoeng |
| 329 | make |
| 330 | make install |
| 331 | }}} |
| 332 | |
| 333 | For Ubuntu / Debian Linux distros: |
| 334 | {{{#!bash |
| 335 | apt install build-essential pkg-config ubuntu-dev-tools debhelper |
| 336 | apt-get build-dep openssl |
| 337 | apt-get source openssl |
| 338 | cd openssl-*/ |
| 339 | sed -i "s/CONFARGS =/CONFARGS = enable-engine enable-dso enable-devcryptoeng/" debian/rules |
| 340 | dch -i "Enabled cryptodev support" |
| 341 | debuild # disable checks to avoid issue with api check failing |
| 342 | sudo dpkg -i ../*.deb |
| 343 | }}} |
| 344 | |
| 345 | ==== Enabling the cryptodev kernel module |