Date: Mon, 24 Apr 2006 10:50:37 -0400 From: Mike Tancsa <mike@sentex.net> To: Pawel Jakub Dawidek <pjd@freebsd.org>, freebsd-security@freebsd.org Subject: Re: Crypto hw acceleration for openssl Message-ID: <6.2.3.4.0.20060424104727.08cb81a8@64.7.153.2> In-Reply-To: <20060424142738.GC814@garage.freebsd.pl> References: <CFA9FA7615FFD04DB8FD8E34A3FF7F46022BB92A@sjcxch02.tbu.com> <200604231916.k3NJGDph098368@lurza.secnetix.de> <20060424142738.GC814@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:27 AM 24/04/2006, Pawel Jakub Dawidek wrote: >On Sun, Apr 23, 2006 at 09:16:13PM +0200, Oliver Fromme wrote: >+> Winston Tsai <wtsai@hifn.com> wrote: >+> > I got roughly the same performance results when I use the openssl speed >+> > test with and without a hifn 7956 cryto card >+> > [...] >+> > Then I ran: >+> > Openssl speed des-cbc >+> > [...] >+> > My understanding is that openssl will detect the presence of an >+> > accelerator card and use it (via \dev\crypto) instead of the crypto >+> > library. >+> > Did I miss something here? >+> >+> I don't know if the openssl speed test picks up the crypto- >+> dev hardware automatically. But ssh/scp definitely does. >+> >+> I have run several tests on my VIA C3 Nehemiah+RNG+ACE, >+> which accelerates AES encryption. When the padlock(4) >+> module is loaded (it contains the Nehemiah ACE support), >+> ssh/scp performance is roughly doubled. It's quite >+> noticeable when transfering large files. >+> >+> Best regards >+> Oliver >+> >+> PS: I can provide some benchmark numbers if interested. > >The problem is that OpenSSL don't know how to accelerate AES192 and >AES256 with cryptodev. The patch which fix this is available here: > > http://people.freebsd.org/~pjd/patches/hw_cryptodev.c.patch > >PS. For AES128 cryptodev can be used without the patch. If you use the padlock engine, you will also need the patch discussed in http://cvs.openssl.org/chngview?cn=13061 http://sourceforge.net/mailarchive/message.php?msg_id=11419213 Without it, apps like openvpn will running into periodic crypto errors. ---Mike begin 644 patch M+2TM(&5N9U]P861L;V-K+F,),C`P-2\P-"\P-"`Q-SHP-3HP-@DQ+C$R"BLK M*R!E;F=?<&%D;&]C:RYC"3(P,#4O,#0O,30@,#<Z-#$Z,CD),2XQ,PI`0"`M M,SDU+#$P("LS.34L,3`@0$`*("():FYC"3%F7&XB"B`B"6-M<`DE,BPE,5QN M(@H@(@EJ90DQ9EQN(@HM(@EM;W8))3(L)3!<;B(*("()<&]P9FQ<;B(*("() M<W5B"20T+"4E97-P7&XB"BTB,3H)861D"20T+"4E97-P(@HK(C$Z"6%D9`DD M-"PE)65S<%QN(@HK(@EM;W8))3(L)3`B"B`).B(K;2(H<&%D;&]C:U]S879E M9%]C;VYT97AT*0H@"3H@(G(B*'!A9&QO8VM?<V%V961?8V]N=&5X="DL(")R M(BAC9&%T82D@.B`B8V,B*3L*('T*0$`@+34R,2PQ,"`K-3(Q+#$P($!`"B`) M"6IN8PES:VEP"B`)"6-M<`EE8W@L<&%D;&]C:U]S879E9%]C;VYT97AT"B`) M"6IE"7-K:7`*+0D);6]V"7!A9&QO8VM?<V%V961?8V]N=&5X="QE8W@*(`D) M<&]P9F0*(`D)<W5B"65S<"PT"B`)<VMI<#H)861D"65S<"PT"BL)"6UO=@EP B861L;V-K7W-A=F5D7V-O;G1E>'0L96-X"B`)"7T*('T*"@`` ` end
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.2.3.4.0.20060424104727.08cb81a8>