openssl 启用AES NI加速对AES加密性能影响的测试

openssl 默认启用AES NI加速，所以不需要任何设置

openssl speed -elapsed -evp aes-128-cbc
You have chosen to measure elapsed time instead of user CPU time.
Doing AES-128-CBC for 3s on 16 size blocks: 303627501 AES-128-CBC's in 3.00s
Doing AES-128-CBC for 3s on 64 size blocks: 91063578 AES-128-CBC's in 3.00s
Doing AES-128-CBC for 3s on 256 size blocks: 22911573 AES-128-CBC's in 3.00s
Doing AES-128-CBC for 3s on 1024 size blocks: 5818271 AES-128-CBC's in 3.00s
Doing AES-128-CBC for 3s on 8192 size blocks: 729244 AES-128-CBC's in 3.00s
Doing AES-128-CBC for 3s on 16384 size blocks: 366142 AES-128-CBC's in 3.00s
version: 3.0.2
built on: Wed Feb  5 13:19:41 2025 UTC
options: bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -ffile-prefix-map=/build/openssl-rEtvJl/openssl-3.0.2=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_TLS_SECURITY_LEVEL=2 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
CPUINFO: OPENSSL_ia32cap=0xfed83203078bffff:0x405fc6f1bf07a9
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
AES-128-CBC    1619346.67k  1942689.66k  1955120.90k  1985969.83k  1991322.28k  1999623.51k

如果要禁用AES NI加速，按照openssl文档的说明设置环境变量

OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc
You have chosen to measure elapsed time instead of user CPU time.
Doing AES-128-CBC for 3s on 16 size blocks: 74485185 AES-128-CBC's in 3.00s
Doing AES-128-CBC for 3s on 64 size blocks: 19256192 AES-128-CBC's in 3.00s
Doing AES-128-CBC for 3s on 256 size blocks: 4866365 AES-128-CBC's in 3.00s
Doing AES-128-CBC for 3s on 1024 size blocks: 1226058 AES-128-CBC's in 3.00s
Doing AES-128-CBC for 3s on 8192 size blocks: 153117 AES-128-CBC's in 3.00s
Doing AES-128-CBC for 3s on 16384 size blocks: 76432 AES-128-CBC's in 3.00s
version: 3.0.2
built on: Wed Feb  5 13:19:41 2025 UTC
options: bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -ffile-prefix-map=/build/openssl-rEtvJl/openssl-3.0.2=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_TLS_SECURITY_LEVEL=2 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
CPUINFO: OPENSSL_ia32cap=0xfcd83201078bffff:0x0 env:~0x200000200000000
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
AES-128-CBC     397254.32k   410798.76k   415263.15k   418494.46k   418111.49k   417420.63k

测试结果说明，启用AES NI加速的每秒加密字节数最高1999623.51k，而禁用是418494.46k，差了4倍。

再来看对一个255MB的文件加密用时，AES-128-CBC设置环境变量与否对比sm4-cbc

time openssl aes-128-cbc -e  -K 31323334353637383930313233343536 -iv 31323334353637383930313233343536 -in ENC_NO -out ENC_AESreal    0m11.011s
user    0m0.291s
sys     0m0.646stime OPENSSL_ia32cap="~0x200000200000000" openssl aes-128-cbc -e  -K 31323334353637383930313233343536 -iv 31323334353637383930313233343536 -in ENC_NO -out ENC_aesreal    0m11.172s
user    0m0.802s
sys     0m0.653stime openssl sm4-cbc -e  -K 31323334353637383930313233343536 -iv 31323334353637383930313233343536 -in ENC_NO -out ENC_SM4real    0m13.781s
user    0m1.671s
sys     0m0.638s

两个算法的差距不大。环境变量也没有影响