From owner-freebsd-security@FreeBSD.ORG Mon Apr 24 18:05:18 2006 Return-Path: X-Original-To: freebsd-security@FreeBSD.ORG Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 312B316A402; Mon, 24 Apr 2006 18:05:18 +0000 (UTC) (envelope-from nevans@talkpoint.com) Received: from relay.talkpoint.com (pobox.talkpoint.com [204.141.15.158]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1386143D58; Mon, 24 Apr 2006 18:05:11 +0000 (GMT) (envelope-from nevans@talkpoint.com) Received: from ASSP-nospam ([127.0.0.1]) by relay.talkpoint.com with Microsoft SMTPSVC(5.0.2195.6713); Mon, 24 Apr 2006 14:05:09 -0400 Received: from 204.141.15.136 ([204.141.15.136] helo=postal.talkpoint.com) by ASSP-nospam ; 24 Apr 06 18:05:09 -0000 Received: from pleiades.nextvenue.com ([204.141.15.194]) by postal.talkpoint.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id H18PTB1J; Mon, 24 Apr 2006 14:05:09 -0400 Date: Mon, 24 Apr 2006 14:05:09 -0400 From: Nick Evans To: Pawel Jakub Dawidek Message-ID: <20060424140509.605e0bff@pleiades.nextvenue.com> In-Reply-To: <20060424142738.GC814@garage.freebsd.pl> References: <20060424142738.GC814@garage.freebsd.pl> X-Mailer: Sylpheed-Claws 1.9.15 (GTK+ 2.6.10; i386-portbld-freebsd6.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 24 Apr 2006 18:05:09.0574 (UTC) FILETIME=[9FEB8E60:01C667C9] Cc: freebsd-security@FreeBSD.ORG Subject: Re: Crypto hw acceleration for openssl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Apr 2006 18:05:18 -0000 On Mon, 24 Apr 2006 10:27:38 -0400 Pawel Jakub Dawidek wrote: > On Sun, Apr 23, 2006 at 09:16:13PM +0200, Oliver Fromme wrote: > +> Winston Tsai wrote: > +> > I got roughly the same performance results when I use the openssl > speed > +> > test with and without a hifn 7956 cryto card > +> > [...] > +> > Then I ran: > +> > Openssl speed des-cbc > +> > [...] > +> > My understanding is that openssl will detect the presence of an > +> > accelerator card and use it (via \dev\crypto) instead of the > crypto > +> > library. > +> > Did I miss something here? > +> > +> I don't know if the openssl speed test picks up the crypto- > +> dev hardware automatically. But ssh/scp definitely does. > +> > +> I have run several tests on my VIA C3 Nehemiah+RNG+ACE, > +> which accelerates AES encryption. When the padlock(4) > +> module is loaded (it contains the Nehemiah ACE support), > +> ssh/scp performance is roughly doubled. It's quite > +> noticeable when transfering large files. > +> > +> Best regards > +> Oliver > +> > +> PS: I can provide some benchmark numbers if interested. > > The problem is that OpenSSL don't know how to accelerate AES192 and > AES256 with cryptodev. The patch which fix this is available here: > > http://people.freebsd.org/~pjd/patches/hw_cryptodev.c.patch > > PS. For AES128 cryptodev can be used without the patch. > > -- > Pawel Jakub Dawidek http://www.wheel.pl > pjd@FreeBSD.org http://www.FreeBSD.org > FreeBSD committer Am I Evil? Yes, I Am! Have the lockups associated with using hifn been solved as well? I had a big problem using hifn with GELI and haven't heard or seen anything else about it. Nick