Date: Mon, 24 Apr 2006 14:05:09 -0400 From: Nick Evans <nevans@talkpoint.com> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Crypto hw acceleration for openssl Message-ID: <20060424140509.605e0bff@pleiades.nextvenue.com> In-Reply-To: <20060424142738.GC814@garage.freebsd.pl> References: <20060424142738.GC814@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Apr 2006 10:27:38 -0400 Pawel Jakub Dawidek <pjd@FreeBSD.org> wrote: > On Sun, Apr 23, 2006 at 09:16:13PM +0200, Oliver Fromme wrote: > +> Winston Tsai <wtsai@hifn.com> wrote: > +> > I got roughly the same performance results when I use the openssl > speed > +> > test with and without a hifn 7956 cryto card > +> > [...] > +> > Then I ran: > +> > Openssl speed des-cbc > +> > [...] > +> > My understanding is that openssl will detect the presence of an > +> > accelerator card and use it (via \dev\crypto) instead of the > crypto > +> > library. > +> > Did I miss something here? > +> > +> I don't know if the openssl speed test picks up the crypto- > +> dev hardware automatically. But ssh/scp definitely does. > +> > +> I have run several tests on my VIA C3 Nehemiah+RNG+ACE, > +> which accelerates AES encryption. When the padlock(4) > +> module is loaded (it contains the Nehemiah ACE support), > +> ssh/scp performance is roughly doubled. It's quite > +> noticeable when transfering large files. > +> > +> Best regards > +> Oliver > +> > +> PS: I can provide some benchmark numbers if interested. > > The problem is that OpenSSL don't know how to accelerate AES192 and > AES256 with cryptodev. The patch which fix this is available here: > > http://people.freebsd.org/~pjd/patches/hw_cryptodev.c.patch > > PS. For AES128 cryptodev can be used without the patch. > > -- > Pawel Jakub Dawidek http://www.wheel.pl > pjd@FreeBSD.org http://www.FreeBSD.org > FreeBSD committer Am I Evil? Yes, I Am! Have the lockups associated with using hifn been solved as well? I had a big problem using hifn with GELI and haven't heard or seen anything else about it. Nick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060424140509.605e0bff>