OpenSSL - WindyHana's Solanara

• Category: 어플리케이션
• Description: OpenSSL의 설치방법과 실행에 대해 설명 (2011-09-04)
• Location: WindyHana's Solanara: OpenSSL
• @solanara
• Sorry, Korean only.

목차

• 개요
• OpenSSL 설치
  • 소스 설치
  • 번들 사용
• OpenSSL 인증서 만들기
• Root CA가 되기
• 인증서 생성 정리
• CPU별 OpenSSL 속도 비교
  • Pentium 4 2.4GHz
  • Pentium E2160
  • Core 2 Duo E6420
  • Core 2 Duo E6750
  • Core 2 Duo E8400

개요

• SSL(Secure Socket Layer)과 TLS(Transport Layer Security)는 보안 통신을 위해 사용하는 프로토콜의 이름이다. 이 프로토콜을 구현한 라이브러리중 하나가 OpenSSL이며 오픈 소스로 구현되어있다. OpenSSL라이브러리는 통신 전문을 암호화 하는 것은 물론, 문서를 암호화 할 수도 있다. (하지만 문서를 암호화 한다면 PGP를 사용하는게 더 쉬울 것이다. 윈디하나의 솔라나라: PGP, GnuPG를 참고하자)
• SSL을 이용해 통신 내용을 암호화 하는 방법은, 패킷 스나이핑과 IP스푸핑으로 인한 피해를 줄여줄 뿐 그 이상은 안된다. 시스템이 해킹되지 않도록 하는게 아니라 해킹 되어도 피해를 줄일 수 있는 역할을 한다는 의미다. 즉 웹서버에 SSL 통신을 위한 인증서를 설치하고 '보안은 끝'이라고 생각하는 것은 문제가 있다는 의미다. [SSL을 설치했는데 왜 해킹을 당하나요?]라는 질문을 실제로 받은 적이 있는데 참 바보같은 질문인 셈이다
• SSL의 단점은 한가지있다. 속도가 느리다는 것이다. 플레인과 비교한다면 너무 느리다. 패킷의 인코딩/디코딩에 많은 CPU자원을 소모하기 때문이다. 속도가 문제가 되는 경우에는 OpenSSL을 64비트로 컴파일 해보거나, CPU를 업그레이드 하거나, 암호화 가속기(Cryptographic accelerator)를 사용해보는것이 좋다.
• OpenSSL의 소스가 공개되어있다고 해서 OpenSSL에 포함되어있는 알고리즘도 '무료'는 아니다. OpenSSL에 있는 알고리즘은 저작권이 있고, 대부분 특허가 취득되어 있다. 만약 OpenSSL의 특정 알고리즘을 사용하려면 사용하기 전에 법률가와 상의 하는것이 좋다. [./config no-idea no-mdc2 no-rc5]와 같이 특허권 문제가 될만한 알고리즘은 아예 사용 안하도록 설정하는 것도 하나의 방법이다. 자세한 사항은 배포 파일에 들어있는 README 파일의 PATENTS 섹션을 참고하자.
• 또한 OpenSSL의 라이선스는 [OpenSSL License]와 [SSLeay License]를 따른다. 쉽게 말해 GPL이 아니기 때문에 OpenSSL을 이용해 개발할 때에는 라이선스를 확인해야 할 것이다. OpenSSL의 라이선스는 GPL과 호환되지 않기 때문에 GPL을 따르는 소프트웨어를 개발할때 OpenSSL을 사용할 수 없다. 이 경우는 Gnu TLS 라이브러리의 사용을 고려해야 한다.
• 이외에도 SSL을 구현한 오픈 소스 라이브러리로는 LGPL라이선스의 GnuTLS(The GNU Transport Layer Security Library)가 있다.
• OpenSSL The Open Source toolkit for SSL-TLS

OpenSSL 설치

• 소스 설치

  root@wl ~/src # wget http://www.openssl.org/source/openssl-1.0.0g.tar.gz
  root@wl ~/src # tar xvfz openssl-1.0.0g.tar.gz
  root@wl ~/src # cd openssl-1.0.0g
  root@wl ~/src/openssl-1.0.0g # ./config shared enable-md2 zlib
  ...
  Configured for solaris-x86-cc. 1)
  root@wl ~/src/openssl-1.0.0g # make
  메시지 생략
  making all in tools...
  root@wl ~/src/openssl-1.0.0g # make test 2)
  ...
  compiler: cc -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fast -O -Xa
  OPENSSLDIR: "/usr/local/ssl"
  'test' is up to date.
  root@wl ~/src/openssl-1.0.0g # make install
  ...
  OpenSSL shared libraries have been installed in:
    /usr/local/ssl
  
  If this directory is not in a standard system path for dynamic/shared
  libraries, then you will have problems linking and executing
  applications that use OpenSSL libraries UNLESS:
  
  * you link with static (archive) libraries.  If you are truly
    paranoid about security, you should use static libraries.
  * you use the GNU libtool code during linking
    (http://www.gnu.org/software/libtool/libtool.html)
  * you use pkg-config during linking (this requires that
    PKG_CONFIG_PATH includes the path to the OpenSSL shared
    library directory), and make use of -R or -rpath.
    (http://www.freedesktop.org/software/pkgconfig/)
  * you specify the system-wide link path via a command such
    as crle(1) on Solaris systems.
  * you add the OpenSSL shared library directory to /etc/ld.so.conf
    and run ldconfig(8) on Linux systems.
  * you define the LD_LIBRARY_PATH, LIBPATH, SHLIB_PATH (HP),
    DYLD_LIBRARY_PATH (MacOS X) or PATH (Cygwin and DJGPP)
    environment variable and add the OpenSSL shared library
    directory to it.
  
  One common tool to check the dynamic dependencies of an executable
  or dynamic library is ldd(1) on most UNIX systems.
  
  See any operating system documentation and manpages about shared
  libraries for your version of UNIX.  The following manpages may be
  helpful: ld(1), ld.so(1), ld.so.1(1) [Solaris], dld.sl(1) [HP],
  ldd(1), crle(1) [Solaris], pldd(1) [Solaris], ldconfig(8) [Linux],
  chatr(1) [HP].
  ...
  chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc
  root@wl ~/src/openssl-1.0.0g #
  
  # 환경 설정
  root@wl ~ # vi /etc/profile
  # for OpenSSL located at /usr/local/ssl
  if [ -d /usr/local/ssl ]
  then
    PATH=$PATH:/usr/local/ssl/bin
    LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/ssl/lib
  fi
  

  1) 64bit 솔라리스를 사용한다면 OpenSSL에서 기본적으로 [solaris64-x86_64-cc] 으로 컴파일 할것이다. 이는 64비트 라이브러리를 생성하기 때문에 32비트 어플로 컴파일하는 경우 맞지 않다. 따라서 [./Configure shared solaris-x86-cc]명령을 사용해 강제로 32비트로 컴파일 해야 한다.
  2) OpenSSL은 반드시 테스트를 하자. OpenSSL은 컴파일시 기본 옵션으로 풀 옵티마이징을 하도록 되어있다. 이런 이유로 흔하지는 않지만 gcc, cc의 버그로 인해 테스트에 실패하는 경우가 있다. 이런경우 패치를 하거나, gcc, cc, openssl 버전을 낮추거나 gcc, cc의 옵티마이징을 꺼야 한다. [compiler: cc ...] 부분은 시스템마다 다를 수 있다.

• 번들 사용

  # 솔라리스 10u9 에는 0.9.7d 이 번들되어있다. PATH만 걸어준다.
  root@wl ~ # cd /usr/local/bin
  root@wl /usr/local/bin # ln -s /usr/sfw/bin/openssl openssl
  

OpenSSL 인증서 만들기

root@wl ~ # cd /usr/local/ssl/certs
root@wl /usr/local/ssl/certs # openssl req -newkey rsa:2048 -nodes -out req.pem -keyout req.key 1)
Generating a 2048 bit RSA private key
.......++++++
.......++++++
writing new private key to '/usr/local/ssl/certs/root.cert'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:GyungGiDo
Locality Name (eg, city) []:Suwon
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Solanara
Organizational Unit Name (eg, section) []:SolanaraTeam
Common Name (eg, YOUR name) []:*.solanara.net 2)
Email Address []:admin@solanara.net
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
root@wl /usr/local/ssl/certs # ls -alF 3)

Root CA가 되기

root@wl /usr/local/ssl/certs # openssl genrsa -des3 -out ca.key 2048 1)
Generating RSA private key, 2048 bit long modulus
............................++++++
............++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:*****
Verifying - Enter pass phrase for ca.key: *****
root@wl /usr/local/ssl/certs # openssl req -new -x509 -days 365 -key ca.key -out ca.crt 2)
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:GyungGiDo
Locality Name (eg, city) []:Suwon
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Solanara
Organizational Unit Name (eg, section) []:SolanaraTeam
Common Name (eg, YOUR name) []:Solanara CA
Email Address []:admin@solanara.net
root@wl /usr/local/ssl/certs # openssl x509 -req -CA ca.crt -CAkey ca.key -days 365 -in req.pem -out signed-req.pem -CAcreateserial 3)
Signature ok
subject=/C=KR/ST=GyungGiDo/L=Suwon/O=Solanara/OU=SolanaraTeam/CN=wl.solanara.net/emailAddress=admin@solanara.net
Getting CA Private Key
Enter pass phrase for ca.key:*****
root@wl /usr/local/ssl/certs # chmod 600 *
root@wl /usr/local/ssl/certs # ls -alF 4)
총 18
drwxr-xr-x   2 root     bin          512 10월 26일  13:44 ./
drwxr-xr-x  10 root     bin          512 10월 26일  13:40 ../
-rw-------   1 root     other       1671  4월  8일  11:27 ca.crt
-rw-------   1 root     other       1751  4월  8일  11:26 ca.key
-rw-------   1 root     other         17  4월  8일  11:49 ca.srl
-rw-------   1 root     other       1679  4월  8일  11:48 req.key
-rw-------   1 root     other       1074  4월  8일  11:48 req.pem
-rw-------   1 root     other       1330  4월  8일  11:49 signed-req.pem
root@wl /usr/local/ssl/certs # 

인증서 생성 정리

root@wl /usr/local/ssl/certs # openssl req -newkey rsa:4096 -nodes -out req.pem -keyout req.key \
  -subj "/C=KR/ST=GyungGiDo/L=Suwon/O=Solanara/OU=SolanaraTeam/CN=*.solanara.net/emailAddress=admin@solanara.net"
root@wl /usr/local/ssl/certs # openssl genrsa -des3 -out ca.key 4096
Enter pass phrase for ca.key:12345
Verifying - Enter pass phrase for ca.key:12345
root@wl /usr/local/ssl/certs # openssl req -new -x509 -days 3650 -key ca.key -out ca.crt \
  -subj "/C=KR/ST=GyungGiDo/L=Suwon/O=Solanara/OU=SolanaraTeam/CN=Solanara CA/emailAddress=admin@solanara.net"
Enter pass phrase for ca.key:12345
root@wl /usr/local/ssl/certs # openssl x509 -req -CA ca.crt -CAkey ca.key -days 3650 -in req.pem -out signed-req.pem -CAcreateserial
Enter pass phrase for ca.key:12345
root@wl /usr/local/ssl/certs #

CPU별 OpenSSL 속도 비교

• OpenSSL의 암호화 속도를 가늠해볼 수 있다. [openssl speed aes rsa dsa sha md5]명령을 사용했으며, 어셈블러를 사용하지 않았다. OpenSSL은 32비트로 컴파일했다. 이 자료는 CPU에 대한 연산능력을 대략적으로 가늠해볼 수 있을뿐, CPU의 전체적인 성능을 측정하는 것은 아니다.

• Pentium 4 2.4GHz

  Doing md5 for 3s on 16 size blocks: 2261225 md5's in 2.97s
  Doing md5 for 3s on 64 size blocks: 1726428 md5's in 2.95s
  Doing md5 for 3s on 256 size blocks: 1166991 md5's in 2.97s
  Doing md5 for 3s on 1024 size blocks: 554073 md5's in 2.96s
  Doing md5 for 3s on 8192 size blocks: 85546 md5's in 2.93s
  Doing sha1 for 3s on 16 size blocks: 2063980 sha1's in 2.97s
  Doing sha1 for 3s on 64 size blocks: 1485095 sha1's in 2.97s
  Doing sha1 for 3s on 256 size blocks: 794613 sha1's in 2.97s
  Doing sha1 for 3s on 1024 size blocks: 336228 sha1's in 2.98s
  Doing sha1 for 3s on 8192 size blocks: 48142 sha1's in 2.97s
  Doing sha256 for 3s on 16 size blocks: 1510157 sha256's in 2.97s
  Doing sha256 for 3s on 64 size blocks: 838321 sha256's in 2.87s
  Doing sha256 for 3s on 256 size blocks: 438836 sha256's in 2.97s
  Doing sha256 for 3s on 1024 size blocks: 139390 sha256's in 2.97s
  Doing sha256 for 3s on 8192 size blocks: 17954 sha256's in 2.97s
  Doing sha512 for 3s on 16 size blocks: 636972 sha512's in 2.98s
  Doing sha512 for 3s on 64 size blocks: 602356 sha512's in 2.96s
  Doing sha512 for 3s on 256 size blocks: 221160 sha512's in 2.97s
  Doing sha512 for 3s on 1024 size blocks: 88909 sha512's in 2.98s
  Doing sha512 for 3s on 8192 size blocks: 12322 sha512's in 2.97s
  Doing aes-128 cbc for 3s on 16 size blocks: 9562893 aes-128 cbc's in 2.98s
  Doing aes-128 cbc for 3s on 64 size blocks: 2292593 aes-128 cbc's in 2.96s
  Doing aes-128 cbc for 3s on 256 size blocks: 550227 aes-128 cbc's in 2.96s
  Doing aes-128 cbc for 3s on 1024 size blocks: 165769 aes-128 cbc's in 2.98s
  Doing aes-128 cbc for 3s on 8192 size blocks: 20737 aes-128 cbc's in 2.97s
  Doing aes-192 cbc for 3s on 16 size blocks: 7877984 aes-192 cbc's in 2.96s
  Doing aes-192 cbc for 3s on 64 size blocks: 1779272 aes-192 cbc's in 2.91s
  Doing aes-192 cbc for 3s on 256 size blocks: 533439 aes-192 cbc's in 2.97s
  Doing aes-192 cbc for 3s on 1024 size blocks: 138014 aes-192 cbc's in 2.97s
  Doing aes-192 cbc for 3s on 8192 size blocks: 16463 aes-192 cbc's in 2.96s
  Doing aes-256 cbc for 3s on 16 size blocks: 7563249 aes-256 cbc's in 2.98s
  Doing aes-256 cbc for 3s on 64 size blocks: 1798999 aes-256 cbc's in 2.96s
  Doing aes-256 cbc for 3s on 256 size blocks: 434204 aes-256 cbc's in 2.97s
  Doing aes-256 cbc for 3s on 1024 size blocks: 119193 aes-256 cbc's in 2.95s
  Doing aes-256 cbc for 3s on 8192 size blocks: 15177 aes-256 cbc's in 2.96s
  Doing 512 bit private rsa's for 10s: 5261 512 bit private RSA's in 9.91s
  Doing 512 bit public rsa's for 10s: 61094 512 bit public RSA's in 9.89s
  Doing 1024 bit private rsa's for 10s: 930 1024 bit private RSA's in 9.90s
  Doing 1024 bit public rsa's for 10s: 20079 1024 bit public RSA's in 9.89s
  Doing 2048 bit private rsa's for 10s: 155 2048 bit private RSA's in 9.85s
  Doing 2048 bit public rsa's for 10s: 6068 2048 bit public RSA's in 9.92s
  Doing 4096 bit private rsa's for 10s: 25 4096 bit private RSA's in 9.98s
  Doing 4096 bit public rsa's for 10s: 1764 4096 bit public RSA's in 9.90s
  Doing 512 bit sign dsa's for 10s: 5609 512 bit DSA signs in 9.86s
  Doing 512 bit verify dsa's for 10s: 4947 512 bit DSA verify in 9.89s
  Doing 1024 bit sign dsa's for 10s: 1904 1024 bit DSA signs in 9.80s
  Doing 1024 bit verify dsa's for 10s: 1620 1024 bit DSA verify in 9.91s
  Doing 2048 bit sign dsa's for 10s: 607 2048 bit DSA signs in 9.92s
  Doing 2048 bit verify dsa's for 10s: 515 2048 bit DSA verify in 9.92s
  OpenSSL 1.0.0a 1 Jun 2010
  built on: Thu Jul 22 09:58:20 KST 2010
  options:bn(64,32) rc4(ptr,char) des(ptr,cisc,16,long) aes(partial) idea(int) blowfish(ptr)
  compiler: cc -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fast -O -Xa
  The 'numbers' are in 1000s of bytes per second processed.
  type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
  md5              12181.68k    37454.71k   100589.12k   191679.31k   239178.44k
  sha1             11119.08k    32002.05k    68491.89k   115536.06k   132787.63k
  aes-128 cbc      51344.39k    49569.58k    47587.20k    56962.23k    57197.81k
  aes-192 cbc      42583.70k    39131.76k    45979.93k    47584.62k    45562.46k
  aes-256 cbc      40608.05k    38897.28k    37426.34k    41374.11k    42003.37k
  sha256            8135.53k    18694.27k    37825.59k    48059.04k    49521.61k
  sha512            3419.98k    13023.91k    19062.95k    30551.28k    33987.15k
                    sign    verify    sign/s verify/s
  rsa  512 bits 0.001884s 0.000162s    530.9   6177.4
  rsa 1024 bits 0.010645s 0.000493s     93.9   2030.2
  rsa 2048 bits 0.063548s 0.001635s     15.7    611.7
  rsa 4096 bits 0.399200s 0.005612s      2.5    178.2
                    sign    verify    sign/s verify/s
  dsa  512 bits 0.001758s 0.001999s    568.9    500.2
  dsa 1024 bits 0.005147s 0.006117s    194.3    163.5
  dsa 2048 bits 0.016343s 0.019262s     61.2     51.9
  

• Pentium E2160

  Doing md5 for 3s on 16 size blocks: 2854608 md5's in 2.99s
  Doing md5 for 3s on 64 size blocks: 2313297 md5's in 2.99s
  Doing md5 for 3s on 256 size blocks: 1457997 md5's in 3.00s
  Doing md5 for 3s on 1024 size blocks: 582953 md5's in 2.98s
  Doing md5 for 3s on 8192 size blocks: 88568 md5's in 2.98s
  Doing sha1 for 3s on 16 size blocks: 3089085 sha1's in 3.00s
  Doing sha1 for 3s on 64 size blocks: 2410985 sha1's in 3.00s
  Doing sha1 for 3s on 256 size blocks: 1420984 sha1's in 2.99s
  Doing sha1 for 3s on 1024 size blocks: 545488 sha1's in 3.00s
  Doing sha1 for 3s on 8192 size blocks: 80611 sha1's in 3.00s
  Doing sha256 for 3s on 16 size blocks: 2345466 sha256's in 2.99s
  Doing sha256 for 3s on 64 size blocks: 1418186 sha256's in 2.99s
  Doing sha256 for 3s on 256 size blocks: 657698 sha256's in 3.00s
  Doing sha256 for 3s on 1024 size blocks: 209990 sha256's in 3.00s
  Doing sha256 for 3s on 8192 size blocks: 28213 sha256's in 2.95s
  Doing sha512 for 3s on 16 size blocks: 749676 sha512's in 3.00s
  Doing sha512 for 3s on 64 size blocks: 753179 sha512's in 3.00s
  Doing sha512 for 3s on 256 size blocks: 275856 sha512's in 2.95s
  Doing sha512 for 3s on 1024 size blocks: 97863 sha512's in 2.99s
  Doing sha512 for 3s on 8192 size blocks: 13837 sha512's in 3.00s
  Doing aes-128 cbc for 3s on 16 size blocks: 9059966 aes-128 cbc's in 3.00s
  Doing aes-128 cbc for 3s on 64 size blocks: 2400414 aes-128 cbc's in 2.98s
  Doing aes-128 cbc for 3s on 256 size blocks: 613529 aes-128 cbc's in 3.00s
  Doing aes-128 cbc for 3s on 1024 size blocks: 153497 aes-128 cbc's in 3.00s
  Doing aes-128 cbc for 3s on 8192 size blocks: 19085 aes-128 cbc's in 2.97s
  Doing aes-192 cbc for 3s on 16 size blocks: 7773566 aes-192 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 64 size blocks: 2049817 aes-192 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 256 size blocks: 517719 aes-192 cbc's in 2.99s
  Doing aes-192 cbc for 3s on 1024 size blocks: 129994 aes-192 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 8192 size blocks: 16320 aes-192 cbc's in 3.00s
  Doing aes-256 cbc for 3s on 16 size blocks: 6792883 aes-256 cbc's in 2.99s
  Doing aes-256 cbc for 3s on 64 size blocks: 1767375 aes-256 cbc's in 2.98s
  Doing aes-256 cbc for 3s on 256 size blocks: 451193 aes-256 cbc's in 3.00s
  Doing aes-256 cbc for 3s on 1024 size blocks: 112712 aes-256 cbc's in 2.99s
  Doing aes-256 cbc for 3s on 8192 size blocks: 14038 aes-256 cbc's in 2.98s
  Doing 512 bit private rsa's for 10s: 9535 512 bit private RSA's in 9.96s
  Doing 512 bit public rsa's for 10s: 122955 512 bit public RSA's in 9.97s
  Doing 1024 bit private rsa's for 10s: 1837 1024 bit private RSA's in 9.96s
  Doing 1024 bit public rsa's for 10s: 41017 1024 bit public RSA's in 9.94s
  Doing 2048 bit private rsa's for 10s: 324 2048 bit private RSA's in 10.00s
  Doing 2048 bit public rsa's for 10s: 12812 2048 bit public RSA's in 9.98s
  Doing 4096 bit private rsa's for 10s: 52 4096 bit private RSA's in 10.06s
  Doing 4096 bit public rsa's for 10s: 3838 4096 bit public RSA's in 9.96s
  Doing 512 bit sign dsa's for 10s: 10760 512 bit DSA signs in 9.95s
  Doing 512 bit verify dsa's for 10s: 9629 512 bit DSA verify in 9.96s
  Doing 1024 bit sign dsa's for 10s: 4008 1024 bit DSA signs in 9.95s
  Doing 1024 bit verify dsa's for 10s: 3311 1024 bit DSA verify in 9.97s
  Doing 2048 bit sign dsa's for 10s: 1211 2048 bit DSA signs in 9.94s
  Doing 2048 bit verify dsa's for 10s: 1038 2048 bit DSA verify in 9.99s
  OpenSSL 1.0.0c 2 Dec 2010
  built on: Tue Dec 28 10:35:50 KST 2010
  options:bn(64,32) rc4(ptr,char) des(ptr,cisc,16,long) aes(partial) idea(int) blowfish(ptr)
  compiler: cc -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fast -O -Xa
  The 'numbers' are in 1000s of bytes per second processed.
  type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
  md5              15275.49k    49515.39k   124415.74k   200316.74k   243472.84k
  sha1             16475.12k    51434.35k   121662.84k   186193.24k   220121.77k
  aes-128 cbc      48319.82k    51552.52k    52354.47k    52393.64k    52641.19k
  aes-192 cbc      41459.02k    43729.43k    44326.44k    44371.29k    44564.48k
  aes-256 cbc      36349.88k    37957.05k    38501.80k    38601.03k    38590.37k
  sha256           12550.99k    30355.82k    56123.56k    71676.59k    78346.07k
  sha512            3998.27k    16067.82k    23938.69k    33515.62k    37784.23k
                    sign    verify    sign/s verify/s
  rsa  512 bits 0.001045s 0.000081s    957.3  12332.5
  rsa 1024 bits 0.005422s 0.000242s    184.4   4126.5
  rsa 2048 bits 0.030864s 0.000779s     32.4   1283.8
  rsa 4096 bits 0.193462s 0.002595s      5.2    385.3
                    sign    verify    sign/s verify/s
  dsa  512 bits 0.000925s 0.001034s   1081.4    966.8
  dsa 1024 bits 0.002483s 0.003011s    402.8    332.1
  dsa 2048 bits 0.008208s 0.009624s    121.8    103.9
  

• Core 2 Duo E6420

  Doing md5 for 3s on 16 size blocks: 3375455 md5's in 2.99s
  Doing md5 for 3s on 64 size blocks: 2750325 md5's in 3.00s
  Doing md5 for 3s on 256 size blocks: 1728454 md5's in 3.00s
  Doing md5 for 3s on 1024 size blocks: 694066 md5's in 3.00s
  Doing md5 for 3s on 8192 size blocks: 105879 md5's in 3.00s
  Doing sha1 for 3s on 16 size blocks: 3589716 sha1's in 3.00s
  Doing sha1 for 3s on 64 size blocks: 2834671 sha1's in 3.00s
  Doing sha1 for 3s on 256 size blocks: 1687393 sha1's in 3.00s
  Doing sha1 for 3s on 1024 size blocks: 646810 sha1's in 3.00s
  Doing sha1 for 3s on 8192 size blocks: 95738 sha1's in 3.00s
  Doing sha256 for 3s on 16 size blocks: 2790375 sha256's in 3.00s
  Doing sha256 for 3s on 64 size blocks: 1701045 sha256's in 2.99s
  Doing sha256 for 3s on 256 size blocks: 778813 sha256's in 3.00s
  Doing sha256 for 3s on 1024 size blocks: 249189 sha256's in 3.00s
  Doing sha256 for 3s on 8192 size blocks: 34016 sha256's in 3.00s
  Doing sha512 for 3s on 16 size blocks: 886354 sha512's in 3.00s
  Doing sha512 for 3s on 64 size blocks: 890927 sha512's in 3.00s
  Doing sha512 for 3s on 256 size blocks: 333380 sha512's in 3.00s
  Doing sha512 for 3s on 1024 size blocks: 116066 sha512's in 3.00s
  Doing sha512 for 3s on 8192 size blocks: 16418 sha512's in 3.00s
  Doing aes-128 cbc for 3s on 16 size blocks: 10759485 aes-128 cbc's in 3.00s
  Doing aes-128 cbc for 3s on 64 size blocks: 2867996 aes-128 cbc's in 3.00s
  Doing aes-128 cbc for 3s on 256 size blocks: 727542 aes-128 cbc's in 2.99s
  Doing aes-128 cbc for 3s on 1024 size blocks: 182616 aes-128 cbc's in 3.00s
  Doing aes-128 cbc for 3s on 8192 size blocks: 22836 aes-128 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 16 size blocks: 9164673 aes-192 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 64 size blocks: 2432575 aes-192 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 256 size blocks: 616225 aes-192 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 1024 size blocks: 154603 aes-192 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 8192 size blocks: 19327 aes-192 cbc's in 3.00s
  Doing aes-256 cbc for 3s on 16 size blocks: 8086369 aes-256 cbc's in 3.00s
  Doing aes-256 cbc for 3s on 64 size blocks: 2116984 aes-256 cbc's in 3.00s
  Doing aes-256 cbc for 3s on 256 size blocks: 535282 aes-256 cbc's in 3.00s
  Doing aes-256 cbc for 3s on 1024 size blocks: 134221 aes-256 cbc's in 3.00s
  Doing aes-256 cbc for 3s on 8192 size blocks: 16774 aes-256 cbc's in 2.99s
  Doing 512 bit private rsa's for 10s: 10995 512 bit private RSA's in 9.99s
  Doing 512 bit public rsa's for 10s: 145244 512 bit public RSA's in 10.00s
  Doing 1024 bit private rsa's for 10s: 2168 1024 bit private RSA's in 10.00s
  Doing 1024 bit public rsa's for 10s: 49610 1024 bit public RSA's in 9.99s
  Doing 2048 bit private rsa's for 10s: 384 2048 bit private RSA's in 10.00s
  Doing 2048 bit public rsa's for 10s: 15215 2048 bit public RSA's in 10.00s
  Doing 4096 bit private rsa's for 10s: 58 4096 bit private RSA's in 10.11s
  Doing 4096 bit public rsa's for 10s: 4432 4096 bit public RSA's in 9.99s
  Doing 512 bit sign dsa's for 10s: 13097 512 bit DSA signs in 9.99s
  Doing 512 bit verify dsa's for 10s: 11750 512 bit DSA verify in 10.00s
  Doing 1024 bit sign dsa's for 10s: 4781 1024 bit DSA signs in 10.00s
  Doing 1024 bit verify dsa's for 10s: 4005 1024 bit DSA verify in 9.99s
  Doing 2048 bit sign dsa's for 10s: 1511 2048 bit DSA signs in 9.99s
  Doing 2048 bit verify dsa's for 10s: 1241 2048 bit DSA verify in 10.00s
  OpenSSL 1.0.0e 6 Sep 2011
  built on: Tue Sep 20 15:38:09 KST 2011
  options:bn(64,32) rc4(ptr,char) des(ptr,cisc,16,long) aes(partial) idea(int) blowfish(ptr)
  compiler: cc -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fast -O -Xa
  The 'numbers' are in 1000s of bytes per second processed.
  type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
  md5              18062.64k    58673.60k   147494.74k   236907.86k   289120.26k
  sha1             19145.15k    60472.98k   143990.87k   220777.81k   261428.57k
  aes-128 cbc      57383.92k    61183.91k    62291.22k    62332.93k    62357.50k
  aes-192 cbc      48878.26k    51894.93k    52584.53k    52771.16k    52775.59k
  aes-256 cbc      43127.30k    45162.33k    45677.40k    45814.10k    45957.39k
  sha256           14882.00k    36410.33k    66458.71k    85056.51k    92886.36k
  sha512            4727.22k    19006.44k    28448.43k    39617.19k    44832.09k
                    sign    verify    sign/s verify/s
  rsa  512 bits 0.000909s 0.000069s   1100.6  14524.4
  rsa 1024 bits 0.004613s 0.000201s    216.8   4966.0
  rsa 2048 bits 0.026042s 0.000657s     38.4   1521.5
  rsa 4096 bits 0.174310s 0.002254s      5.7    443.6
                    sign    verify    sign/s verify/s
  dsa  512 bits 0.000763s 0.000851s   1311.0   1175.0
  dsa 1024 bits 0.002092s 0.002494s    478.1    400.9
  dsa 2048 bits 0.006612s 0.008058s    151.3    124.1
  

• Core 2 Duo E6750

  Doing md5 for 3s on 16 size blocks: 4508216 md5's in 3.00s
  Doing md5 for 3s on 64 size blocks: 3672119 md5's in 3.00s
  Doing md5 for 3s on 256 size blocks: 2243872 md5's in 3.00s
  Doing md5 for 3s on 1024 size blocks: 879629 md5's in 3.00s
  Doing md5 for 3s on 8192 size blocks: 131781 md5's in 2.99s
  Doing sha1 for 3s on 16 size blocks: 4816741 sha1's in 3.00s
  Doing sha1 for 3s on 64 size blocks: 3733091 sha1's in 3.00s
  Doing sha1 for 3s on 256 size blocks: 2188323 sha1's in 3.00s
  Doing sha1 for 3s on 1024 size blocks: 826248 sha1's in 3.00s
  Doing sha1 for 3s on 8192 size blocks: 121748 sha1's in 3.00s
  Doing sha256 for 3s on 16 size blocks: 3571001 sha256's in 3.00s
  Doing sha256 for 3s on 64 size blocks: 2147845 sha256's in 3.00s
  Doing sha256 for 3s on 256 size blocks: 974140 sha256's in 3.00s
  Doing sha256 for 3s on 1024 size blocks: 306712 sha256's in 3.00s
  Doing sha256 for 3s on 8192 size blocks: 41149 sha256's in 2.96s
  Doing sha512 for 3s on 16 size blocks: 1213133 sha512's in 3.00s
  Doing sha512 for 3s on 64 size blocks: 1219927 sha512's in 3.00s
  Doing sha512 for 3s on 256 size blocks: 452365 sha512's in 3.00s
  Doing sha512 for 3s on 1024 size blocks: 157415 sha512's in 2.99s
  Doing sha512 for 3s on 8192 size blocks: 22190 sha512's in 2.99s
  Doing aes-128 cbc for 3s on 16 size blocks: 13353533 aes-128 cbc's in 3.00s
  Doing aes-128 cbc for 3s on 64 size blocks: 3602219 aes-128 cbc's in 3.00s
  Doing aes-128 cbc for 3s on 256 size blocks: 917099 aes-128 cbc's in 3.00s
  Doing aes-128 cbc for 3s on 1024 size blocks: 230300 aes-128 cbc's in 2.99s
  Doing aes-128 cbc for 3s on 8192 size blocks: 28778 aes-128 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 16 size blocks: 11528554 aes-192 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 64 size blocks: 3053514 aes-192 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 256 size blocks: 775333 aes-192 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 1024 size blocks: 194414 aes-192 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 8192 size blocks: 24319 aes-192 cbc's in 3.00s
  Doing aes-256 cbc for 3s on 16 size blocks: 10093485 aes-256 cbc's in 3.00s
  Doing aes-256 cbc for 3s on 64 size blocks: 2658696 aes-256 cbc's in 3.00s
  Doing aes-256 cbc for 3s on 256 size blocks: 673571 aes-256 cbc's in 3.00s
  Doing aes-256 cbc for 3s on 1024 size blocks: 168667 aes-256 cbc's in 3.00s
  Doing aes-256 cbc for 3s on 8192 size blocks: 21114 aes-256 cbc's in 3.00s
  Doing 512 bit private rsa's for 10s: 13573 512 bit private RSA's in 10.00s
  Doing 512 bit public rsa's for 10s: 182180 512 bit public RSA's in 9.98s
  Doing 1024 bit private rsa's for 10s: 2664 1024 bit private RSA's in 9.99s
  Doing 1024 bit public rsa's for 10s: 58865 1024 bit public RSA's in 10.00s
  Doing 2048 bit private rsa's for 10s: 460 2048 bit private RSA's in 10.01s
  Doing 2048 bit public rsa's for 10s: 18106 2048 bit public RSA's in 9.99s
  Doing 4096 bit private rsa's for 10s: 73 4096 bit private RSA's in 10.07s
  Doing 4096 bit public rsa's for 10s: 5370 4096 bit public RSA's in 9.98s
  Doing 512 bit sign dsa's for 10s: 16432 512 bit DSA signs in 9.99s
  Doing 512 bit verify dsa's for 10s: 14377 512 bit DSA verify in 9.97s
  Doing 1024 bit sign dsa's for 10s: 5709 1024 bit DSA signs in 10.00s
  Doing 1024 bit verify dsa's for 10s: 4701 1024 bit DSA verify in 9.99s
  Doing 2048 bit sign dsa's for 10s: 1799 2048 bit DSA signs in 9.99s
  Doing 2048 bit verify dsa's for 10s: 1491 2048 bit DSA verify in 9.99s
  OpenSSL 1.0.0c 2 Dec 2010
  built on: Mon Dec  6 10:16:58 KST 2010
  options:bn(64,32) rc4(ptr,char) des(ptr,cisc,16,long) aes(partial) idea(int) blowfish(ptr)
  compiler: cc -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fast -O -Xa
  The 'numbers' are in 1000s of bytes per second processed.
  type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
  md5              24043.82k    78338.54k   191477.08k   300246.70k   361053.50k
  sha1             25689.29k    79639.27k   186736.90k   282025.98k   332453.21k
  aes-128 cbc      71218.84k    76847.34k    78259.11k    78871.97k    78583.13k
  aes-192 cbc      61485.62k    65141.63k    66161.75k    66359.98k    66407.08k
  aes-256 cbc      53831.92k    56718.85k    57478.06k    57571.67k    57655.30k
  sha256           19045.34k    45820.69k    83126.61k   104691.03k   113882.64k
  sha512            6470.04k    26025.11k    38601.81k    53910.69k    60796.15k
                    sign    verify    sign/s verify/s
  rsa  512 bits 0.000737s 0.000055s   1357.3  18254.5
  rsa 1024 bits 0.003750s 0.000170s    266.7   5886.5
  rsa 2048 bits 0.021761s 0.000552s     46.0   1812.4
  rsa 4096 bits 0.137945s 0.001858s      7.2    538.1
                    sign    verify    sign/s verify/s
  dsa  512 bits 0.000608s 0.000693s   1644.8   1442.0
  dsa 1024 bits 0.001752s 0.002125s    570.9    470.6
  dsa 2048 bits 0.005553s 0.006700s    180.1    149.2
  

• Core 2 Duo E8400

  Doing md5 for 3s on 16 size blocks: 5278790 md5's in 2.99s
  Doing md5 for 3s on 64 size blocks: 4168129 md5's in 2.99s
  Doing md5 for 3s on 256 size blocks: 2565034 md5's in 3.00s
  Doing md5 for 3s on 1024 size blocks: 997859 md5's in 3.00s
  Doing md5 for 3s on 8192 size blocks: 149848 md5's in 3.00s
  Doing sha1 for 3s on 16 size blocks: 5507761 sha1's in 3.00s
  Doing sha1 for 3s on 64 size blocks: 4256986 sha1's in 3.00s
  Doing sha1 for 3s on 256 size blocks: 2474125 sha1's in 3.00s
  Doing sha1 for 3s on 1024 size blocks: 934119 sha1's in 3.00s
  Doing sha1 for 3s on 8192 size blocks: 137557 sha1's in 3.00s
  Doing sha256 for 3s on 16 size blocks: 4019414 sha256's in 3.00s
  Doing sha256 for 3s on 64 size blocks: 2428565 sha256's in 3.00s
  Doing sha256 for 3s on 256 size blocks: 1097552 sha256's in 3.00s
  Doing sha256 for 3s on 1024 size blocks: 345467 sha256's in 3.00s
  Doing sha256 for 3s on 8192 size blocks: 46949 sha256's in 3.00s
  Doing sha512 for 3s on 16 size blocks: 1360525 sha512's in 3.00s
  Doing sha512 for 3s on 64 size blocks: 1372654 sha512's in 2.99s
  Doing sha512 for 3s on 256 size blocks: 509081 sha512's in 2.99s
  Doing sha512 for 3s on 1024 size blocks: 177080 sha512's in 3.00s
  Doing sha512 for 3s on 8192 size blocks: 25124 sha512's in 3.00s
  Doing aes-128 cbc for 3s on 16 size blocks: 15083891 aes-128 cbc's in 3.00s
  Doing aes-128 cbc for 3s on 64 size blocks: 4035091 aes-128 cbc's in 3.00s
  Doing aes-128 cbc for 3s on 256 size blocks: 1030173 aes-128 cbc's in 3.00s
  Doing aes-128 cbc for 3s on 1024 size blocks: 258927 aes-128 cbc's in 3.00s
  Doing aes-128 cbc for 3s on 8192 size blocks: 32342 aes-128 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 16 size blocks: 12921207 aes-192 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 64 size blocks: 3451451 aes-192 cbc's in 3.02s
  Doing aes-192 cbc for 3s on 256 size blocks: 870942 aes-192 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 1024 size blocks: 218624 aes-192 cbc's in 3.00s
  Doing aes-192 cbc for 3s on 8192 size blocks: 27323 aes-192 cbc's in 3.00s
  Doing aes-256 cbc for 3s on 16 size blocks: 11332183 aes-256 cbc's in 3.00s
  Doing aes-256 cbc for 3s on 64 size blocks: 2988714 aes-256 cbc's in 3.00s
  Doing aes-256 cbc for 3s on 256 size blocks: 757339 aes-256 cbc's in 3.00s
  Doing aes-256 cbc for 3s on 1024 size blocks: 189381 aes-256 cbc's in 2.99s
  Doing aes-256 cbc for 3s on 8192 size blocks: 23740 aes-256 cbc's in 3.00s
  Doing 512 bit private rsa's for 10s: 15207 512 bit private RSA's in 10.00s
  Doing 512 bit public rsa's for 10s: 205125 512 bit public RSA's in 10.00s
  Doing 1024 bit private rsa's for 10s: 2994 1024 bit private RSA's in 10.00s
  Doing 1024 bit public rsa's for 10s: 67096 1024 bit public RSA's in 9.99s
  Doing 2048 bit private rsa's for 10s: 522 2048 bit private RSA's in 10.01s
  Doing 2048 bit public rsa's for 10s: 20391 2048 bit public RSA's in 9.98s
  Doing 4096 bit private rsa's for 10s: 83 4096 bit private RSA's in 10.00s
  Doing 4096 bit public rsa's for 10s: 6064 4096 bit public RSA's in 10.00s
  Doing 512 bit sign dsa's for 10s: 18607 512 bit DSA signs in 9.99s
  Doing 512 bit verify dsa's for 10s: 16068 512 bit DSA verify in 10.00s
  Doing 1024 bit sign dsa's for 10s: 6508 1024 bit DSA signs in 10.00s
  Doing 1024 bit verify dsa's for 10s: 5513 1024 bit DSA verify in 9.99s
  Doing 2048 bit sign dsa's for 10s: 2033 2048 bit DSA signs in 9.99s
  Doing 2048 bit verify dsa's for 10s: 1689 2048 bit DSA verify in 9.99s
  OpenSSL 1.0.0d 8 Feb 2011
  built on: Mon Mar 14 09:25:05 KST 2011
  options:bn(64,32) rc4(ptr,char) des(ptr,cisc,16,long) aes(partial) idea(int) blowfish(ptr)
  compiler: cc -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fast -O -Xa
  The 'numbers' are in 1000s of bytes per second processed.
  type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
  md5              28247.71k    89217.48k   218882.90k   340602.54k   409184.94k
  sha1             29374.73k    90815.70k   211125.33k   318845.95k   375622.31k
  aes-128 cbc      80447.42k    86081.94k    87908.10k    88380.42k    88315.22k
  aes-192 cbc      68913.10k    73143.33k    74320.38k    74623.66k    74610.01k
  aes-256 cbc      60438.31k    63759.23k    64626.26k    64858.24k    64826.03k
  sha256           21436.87k    51809.39k    93657.77k   117919.40k   128202.07k
  sha512            7256.13k    29381.22k    43586.87k    60443.31k    68605.27k
                    sign    verify    sign/s verify/s
  rsa  512 bits 0.000658s 0.000049s   1520.7  20512.5
  rsa 1024 bits 0.003340s 0.000149s    299.4   6716.3
  rsa 2048 bits 0.019176s 0.000489s     52.1   2043.2
  rsa 4096 bits 0.120482s 0.001649s      8.3    606.4
                    sign    verify    sign/s verify/s
  dsa  512 bits 0.000537s 0.000622s   1862.6   1606.8
  dsa 1024 bits 0.001537s 0.001812s    650.8    551.9
  dsa 2048 bits 0.004914s 0.005915s    203.5    169.1
  

Copyright © 2004-2012 Jo HoSeok. All rights reserved.