Date: Fri, 23 Aug 2013 11:52:41 -0700 From: John-Mark Gurney <jmg@funkthat.com> To: Mike Tancsa <mike@sentex.net> Cc: Ollivier Robert <roberto@keltia.freenix.fr>, freebsd-current@freebsd.org, security@freebsd.org Subject: Re: patch to improve AES-NI performance Message-ID: <20130823185241.GO94127@funkthat.com> In-Reply-To: <5217A7B5.8040904@sentex.net> References: <20130822202027.GH94127@funkthat.com> <20130823151615.GD41379@roberto02-aw.erc.corp.eurocontrol.int> <52177F0B.9020906@sentex.net> <20130823180513.GM94127@funkthat.com> <5217A7B5.8040904@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa wrote this message on Fri, Aug 23, 2013 at 14:19 -0400: > On 8/23/2013 2:05 PM, John-Mark Gurney wrote: > >> Speeding up userland AES is very interesting to me for a couple of apps. > >> If there is a proper way I should test on RELENG_9, please let me know > >> as I am few boxes that I would be happy to test/deploy on. > > > > My patch would only effect userland applications that use /dev/crypto... > > > > If they do their own AES-NI work, then there isn't any improvement... > > For me its ssh which I think does, no ? It looks like it uses OpenSSL for it's crypto, not /dev/crypto... Also, my work was done improving AES-XTS which isn't used by OpenSSH... OpenSSH looks like it uses either AES-GCM or AES-CTR, neither of which are supported by /dev/crypto... My gcc patch does include PCLMULQDQ support, which will be helpful for improving the performance of AES-GCM, and it looks like OpenSSL 1.0.1 has support, which is in HEAD, not RELENG_9 yet... So, if you want better ssh performance, install OpenSSL 1.0.1 and compile OpenSSH against it... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130823185241.GO94127>