From owner-freebsd-security@FreeBSD.ORG Sun Apr 23 19:16:25 2006 Return-Path: X-Original-To: freebsd-security@FreeBSD.ORG Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C5B216A408 for ; Sun, 23 Apr 2006 19:16:25 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id AAA0543D6B for ; Sun, 23 Apr 2006 19:16:20 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (rytytm@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id k3NJGDcL098369 for ; Sun, 23 Apr 2006 21:16:18 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id k3NJGDph098368; Sun, 23 Apr 2006 21:16:13 +0200 (CEST) (envelope-from olli) Date: Sun, 23 Apr 2006 21:16:13 +0200 (CEST) Message-Id: <200604231916.k3NJGDph098368@lurza.secnetix.de> From: Oliver Fromme To: freebsd-security@FreeBSD.ORG In-Reply-To: X-Newsgroups: list.freebsd-security User-Agent: tin/1.8.0-20051224 ("Ronay") (UNIX) (FreeBSD/4.11-STABLE (i386)) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Sun, 23 Apr 2006 21:16:18 +0200 (CEST) X-Mailman-Approved-At: Sun, 23 Apr 2006 19:29:00 +0000 Cc: Subject: Re: Crypto hw acceleration for openssl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-security@FreeBSD.ORG List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Apr 2006 19:16:25 -0000 Winston Tsai wrote: > I got roughly the same performance results when I use the openssl speed > test with and without a hifn 7956 cryto card > [...] > Then I ran: > Openssl speed des-cbc > [...] > My understanding is that openssl will detect the presence of an > accelerator card and use it (via \dev\crypto) instead of the crypto > library. > Did I miss something here? I don't know if the openssl speed test picks up the crypto- dev hardware automatically. But ssh/scp definitely does. I have run several tests on my VIA C3 Nehemiah+RNG+ACE, which accelerates AES encryption. When the padlock(4) module is loaded (it contains the Nehemiah ACE support), ssh/scp performance is roughly doubled. It's quite noticeable when transfering large files. Best regards Oliver PS: I can provide some benchmark numbers if interested. -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "The scanf() function is a large and complex beast that often does something almost but not quite entirely unlike what you desired." -- Chris Torek