On 06/21/09 16:28, Jens Elkner wrote:
...
http://iws.cs.uni-magdeburg.de/~elkner/dkim/dkimbench.txt
First of all, great work collecting the data and doing
the comparisons.
Couple of things:
1. I assume you are using the OpenSSL libraries in /usr/sfw/lib.
There are some known performance problems
with the Solaris OpenSSL, which means the comparison is
unfair to OpenSSL without the engine. See
6242839 onnv's OpenSSL RSA is twice as slow over a manually gcc-built one
BTW, this problem has recently been fixed in snv_117.
2. I would recommend comparing the numbers from running
"openssl speed rsa1024 -engine pkcs11" with your
numbers. This can serve as a sanity check for your numbers.
I will wait for 2. before responding to your three observations and
questions.
...
Last but not least an impl. question:
Since not an pkcs11 expert and documentation wrt. to openssl/pkcs11 is
missing the part: How to cleanup? The documentation say, that one should
call C_Finalize(NULL), when the application is done with the crypto
stuff, but also states, that a library should not call it, because it
may have side effects (which one, and which one, if one doesn't it).
So the openssl/contrib/crypto/engine/hw_pk11.c::pk11_finish(ENGINE *e)
(I guess, called by EVP_cleanup()) doesn't C_Finalize, but sets the
pFuncList back to NULL. So calling C_Finalize before EVP_cleanup()
is IMHO not ok, but calling it after EVP_cleanup() would be wrong as
well. But save a pointer to the function list and calling it later
(e.g. see: http://iws.cs.uni-magdeburg.de/~elkner/dkim/dkim-crypto.c.patch)
seems to be wrong as well, because of the pkcs11 dso unload/cleanup.
So what is the right thing, todo here?
Nothing. The cleanup is done (as needed) from the pkcs11 library
fini routines, when the process exits.
Regards,
-Krishna
_______________________________________________
perf-discuss mailing list
perf-discuss@opensolaris.org
