OpenSSH slow on OSX High Sierra (maybe due to libcrypto)?
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Fri Jul 13 12:25:31 AEST 2018
This is on a fairly busy machine.
LibreSSL is not great:
machdep.cpu.brand_string: Intel(R) Core(TM) i7-6920HQ CPU @ 2.90GHz
Doing 512 bit private rsa's for 10s: 14068 512 bit private RSA's in 9.98s
Doing 512 bit public rsa's for 10s: 246136 512 bit public RSA's in 9.93s
Doing 1024 bit private rsa's for 10s: 2196 1024 bit private RSA's in 9.86s
Doing 1024 bit public rsa's for 10s: 53400 1024 bit public RSA's in 9.97s
Doing 2048 bit private rsa's for 10s: 336 2048 bit private RSA's in 9.96s
Doing 2048 bit public rsa's for 10s: 11692 2048 bit public RSA's in 9.97s
Doing 4096 bit private rsa's for 10s: 50 4096 bit private RSA's in 10.04s
Doing 4096 bit public rsa's for 10s: 3230 4096 bit public RSA's in 9.96s
LibreSSL 2.2.7
built on: date not available
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: information not available
sign verify sign/s verify/s
rsa 512 bits 0.000709s 0.000040s 1409.6 24787.1
rsa 1024 bits 0.004490s 0.000187s 222.7 5356.1
rsa 2048 bits 0.029643s 0.000853s 33.7 1172.7
rsa 4096 bits 0.200800s 0.003084s 5.0 324.3
Macports OpenSSL-1.0.2o is much better:
machdep.cpu.brand_string: Intel(R) Core(TM) i7-6920HQ CPU @ 2.90GHz
Doing 512 bit private rsa's for 10s: 168960 512 bit private RSA's in 9.82s
Doing 512 bit public rsa's for 10s: 2297939 512 bit public RSA's in 9.88s
Doing 1024 bit private rsa's for 10s: 100107 1024 bit private RSA's in 9.99s
Doing 1024 bit public rsa's for 10s: 1375961 1024 bit public RSA's in 9.97s
Doing 2048 bit private rsa's for 10s: 15874 2048 bit private RSA's in 9.98s
Doing 2048 bit public rsa's for 10s: 528795 2048 bit public RSA's in 9.97s
Doing 4096 bit private rsa's for 10s: 2377 4096 bit private RSA's in 9.98s
Doing 4096 bit public rsa's for 10s: 155418 4096 bit public RSA's in 9.98s
OpenSSL 1.0.2o 27 Mar 2018
built on: reproducible build, date unspecified
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: /usr/bin/clang -I. -I.. -I../include -fPIC -fno-common -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
sign verify sign/s verify/s
rsa 512 bits 0.000058s 0.000004s 17205.7 232584.9
rsa 1024 bits 0.000100s 0.000007s 10020.7 138010.1
rsa 2048 bits 0.000629s 0.000019s 1590.6 53038.6
rsa 4096 bits 0.004199s 0.000064s 238.2 15572.9
Self-built OpenSSL-1.1.0i-dev:
machdep.cpu.brand_string: Intel(R) Core(TM) i7-6920HQ CPU @ 2.90GHz
Doing 512 bit private rsa's for 10s: 105290 512 bit private RSA's in 9.97s
Doing 512 bit public rsa's for 10s: 1690564 512 bit public RSA's in 9.98s
Doing 1024 bit private rsa's for 10s: 81260 1024 bit private RSA's in 9.97s
Doing 1024 bit public rsa's for 10s: 881264 1024 bit public RSA's in 9.97s
Doing 2048 bit private rsa's for 10s: 14584 2048 bit private RSA's in 9.97s
Doing 2048 bit public rsa's for 10s: 350382 2048 bit public RSA's in 9.99s
Doing 3072 bit private rsa's for 10s: 5155 3072 bit private RSA's in 9.99s
Doing 3072 bit public rsa's for 10s: 173261 3072 bit public RSA's in 9.93s
Doing 4096 bit private rsa's for 10s: 2306 4096 bit private RSA's in 9.99s
Doing 4096 bit public rsa's for 10s: 105688 4096 bit public RSA's in 9.96s
Doing 7680 bit private rsa's for 10s: 266 7680 bit private RSA's in 9.99s
Doing 7680 bit public rsa's for 10s: 33265 7680 bit public RSA's in 9.99s
Doing 15360 bit private rsa's for 10s: 51 15360 bit private RSA's in 9.99s
Doing 15360 bit public rsa's for 10s: 8434 15360 bit public RSA's in 9.97s
OpenSSL 1.1.0i-dev xx XXX xxxx
built on: reproducible build, date unspecified
options:bn(64,64) md2(char) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: clang -DZLIB -DZLIB_SHARED -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/Users/ur20980/openssl-1.1/etc\"" -DENGINESDIR="\"/Users/ur20980/openssl-1.1/lib/engines-1.1\""
sign verify sign/s verify/s
rsa 512 bits 0.000095s 0.000006s 10560.7 169395.2
rsa 1024 bits 0.000123s 0.000011s 8150.5 88391.6
rsa 2048 bits 0.000684s 0.000029s 1462.8 35073.3
rsa 3072 bits 0.001938s 0.000057s 516.0 17448.2
rsa 4096 bits 0.004332s 0.000094s 230.8 10611.2
rsa 7680 bits 0.037556s 0.000300s 26.6 3329.8
rsa 15360 bits 0.195882s 0.001182s 5.1 845.9
—
Regards,
Uri
> On Jul 12, 2018, at 18:56, Jan Schermer <jan at schermer.cz> wrote:
>
> This is on Mojave
>
> $ sysctl machdep.cpu.brand_string; /usr/bin/openssl speed rsa
> machdep.cpu.brand_string: Intel(R) Core(TM) i7-7820HQ CPU @ 2.90GHz
>
> Doing 512 bit private rsa's for 10s: 13043 512 bit private RSA's in 9.88s
> Doing 512 bit public rsa's for 10s: 130182 512 bit public RSA's in 9.92s
> Doing 1024 bit private rsa's for 10s: 2290 1024 bit private RSA's in 9.95s
> Doing 1024 bit public rsa's for 10s: 27525 1024 bit public RSA's in 9.93s
> Doing 2048 bit private rsa's for 10s: 339 2048 bit private RSA's in 9.94s
> Doing 2048 bit public rsa's for 10s: 7251 2048 bit public RSA's in 9.96s
> Doing 4096 bit private rsa's for 10s: 51 4096 bit private RSA's in 10.05s
> Doing 4096 bit public rsa's for 10s: 1963 4096 bit public RSA's in 9.94s
> LibreSSL 2.6.4
> built on: date not available
> options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
> compiler: information not available
> sign verify sign/s verify/s
> rsa 512 bits 0.000757s 0.000076s 1320.1 13123.2
> rsa 1024 bits 0.004345s 0.000361s 230.2 2771.9
> rsa 2048 bits 0.029322s 0.001374s 34.1 728.0
> rsa 4096 bits 0.197059s 0.005064s 5.1 197.5
>
> Homebrew’s real openssl version copes a “bit” better
>
> $ /usr/local/Cellar/openssl/1.0.2o_2/bin/openssl speed rsa
> Doing 512 bit private rsa's for 10s: 218442 512 bit private RSA's in 9.92s
> Doing 512 bit public rsa's for 10s: 2249226 512 bit public RSA's in 9.87s
> Doing 1024 bit private rsa's for 10s: 78250 1024 bit private RSA's in 9.92s
> Doing 1024 bit public rsa's for 10s: 1107881 1024 bit public RSA's in 9.91s
> Doing 2048 bit private rsa's for 10s: 11736 2048 bit private RSA's in 9.96s
> Doing 2048 bit public rsa's for 10s: 381898 2048 bit public RSA's in 9.97s
> Doing 4096 bit private rsa's for 10s: 1692 4096 bit private RSA's in 9.98s
> Doing 4096 bit public rsa's for 10s: 107800 4096 bit public RSA's in 9.98s
> OpenSSL 1.0.2o 27 Mar 2018
> built on: reproducible build, date unspecified
> options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
> compiler: clang -I. -I.. -I../include -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
> sign verify sign/s verify/s
> rsa 512 bits 0.000045s 0.000004s 22020.4 227885.1
> rsa 1024 bits 0.000127s 0.000009s 7888.1 111794.2
> rsa 2048 bits 0.000849s 0.000026s 1178.3 38304.7
> rsa 4096 bits 0.005898s 0.000093s 169.5 10801.6
>
> Jan
>
>> On 12 Jul 2018, at 22:30, Peter Moody <mindrot at hda3.com> wrote:
>>
>> On Thu, Jul 12, 2018 at 1:10 AM, Darren Tucker <dtucker at dtucker.net> wrote:
>>
>>> If anyone has such a machine handy, could you please run "sysctl
>>> machdep.cpu.brand_string; /usr/bin/openssl speed rsa" and post the
>>> results for comparison?
>>
>> $ /usr/bin/openssl speed rsa
>> [...]
>> sign verify sign/s verify/s
>> rsa 512 bits 0.000622s 0.000037s 1606.5 27333.3
>> rsa 1024 bits 0.003932s 0.000176s 254.3 5689.6
>> rsa 2048 bits 0.025932s 0.000751s 38.6 1331.3
>> rsa 4096 bits 0.176667s 0.002718s 5.7 367.9
>>
>> $ sysctl machdep.cpu.brand_string
>> machdep.cpu.brand_string: Intel(R) Core(TM) i7-7567U CPU @ 3.50GHz
>>
>> $ uname -a
>> Darwin localhost 17.6.0 Darwin Kernel Version 17.6.0: Tue May 8
>> 15:22:16 PDT 2018; root:xnu-4570.61.1~1/RELEASE_X86_64 x86_64
>>
>> vs
>>
>> $ ./apps/openssl/openssl speed rsa
>> [...]
>> sign verify sign/s verify/s
>> rsa 512 bits 0.000049s 0.000006s 20467.2 167761.5
>> rsa 1024 bits 0.000166s 0.000015s 6032.5 65297.8
>> rsa 2048 bits 0.000948s 0.000051s 1054.8 19469.8
>> rsa 4096 bits 0.007410s 0.000194s 134.9 5147.4
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list