有些时候不测试一下怎么知道硬件加速的重要性呢?

首先自然是试着 rmmod,失败.

rmmod aesni_intel
rmmod -f aesni_intel
modprobe -rf aesni_intel

全都不行,那怎么办呢?

方法2:BIOS 关掉 AES.

可是虚拟机他关不掉!

那就只能从 OpenSSL 下手了,根据 OpenSSL 的邮件列表,加上一个环境变量就可以禁用 AES 加速.

OPENSSL_ia32cap="~0x200000200000000"

可以对比一下结果:

openssl speed -elapsed -evp aes-256-cfb

You have chosen to measure elapsed time instead of user CPU time.
Doing aes-256-cfb for 3s on 16 size blocks: 51161962 aes-256-cfb's in 3.00s
Doing aes-256-cfb for 3s on 64 size blocks: 14698120 aes-256-cfb's in 3.00s
Doing aes-256-cfb for 3s on 256 size blocks: 3176635 aes-256-cfb's in 3.00s
Doing aes-256-cfb for 3s on 1024 size blocks: 804198 aes-256-cfb's in 3.05s
Doing aes-256-cfb for 3s on 8192 size blocks: 103408 aes-256-cfb's in 2.99s
OpenSSL 1.0.2h  3 May 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial)                 idea(int) blowfish(idx)
compiler: cc -I. -I.. -I../include  -fPIC -fno-common -    DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes       8192 bytes
aes-256-cfb     272863.80k   313559.89k   271072.85k   269999.59k   283317.17k

然后我们关掉 AES.

OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-256-cfb

You have chosen to measure elapsed time instead of user CPU time.
Doing aes-256-cfb for 3s on 16 size blocks: 16624135 aes-256-cfb's in 3.00s
Doing aes-256-cfb for 3s on 64 size blocks: 3965950 aes-256-cfb's in 3.01s
Doing aes-256-cfb for 3s on 256 size blocks: 1023430 aes-256-cfb's in 3.00s
Doing aes-256-cfb for 3s on 1024 size blocks: 368518 aes-256-cfb's in 3.01s
Doing aes-256-cfb for 3s on 8192 size blocks: 38508 aes-256-cfb's in 3.01s
OpenSSL 1.0.2h  3 May 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: cc -I. -I.. -I../include  -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cfb      88662.05k    84325.85k    87332.69k   125369.58k   104803.17k

差距巨大…


Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.