From owner-freebsd-current@FreeBSD.ORG Fri Aug 23 18:52:43 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 543991ED; Fri, 23 Aug 2013 18:52:42 +0000 (UTC) (envelope-from jmg@h2.funkthat.com) Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 929632B98; Fri, 23 Aug 2013 18:52:42 +0000 (UTC) Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id r7NIqgta012395 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 23 Aug 2013 11:52:42 -0700 (PDT) (envelope-from jmg@h2.funkthat.com) Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id r7NIqf8S012394; Fri, 23 Aug 2013 11:52:41 -0700 (PDT) (envelope-from jmg) Date: Fri, 23 Aug 2013 11:52:41 -0700 From: John-Mark Gurney To: Mike Tancsa Subject: Re: patch to improve AES-NI performance Message-ID: <20130823185241.GO94127@funkthat.com> Mail-Followup-To: Mike Tancsa , Ollivier Robert , freebsd-current@freebsd.org, security@freebsd.org References: <20130822202027.GH94127@funkthat.com> <20130823151615.GD41379@roberto02-aw.erc.corp.eurocontrol.int> <52177F0B.9020906@sentex.net> <20130823180513.GM94127@funkthat.com> <5217A7B5.8040904@sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5217A7B5.8040904@sentex.net> User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.2-RELEASE i386 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Fri, 23 Aug 2013 11:52:42 -0700 (PDT) Cc: Ollivier Robert , freebsd-current@freebsd.org, security@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Aug 2013 18:52:43 -0000 Mike Tancsa wrote this message on Fri, Aug 23, 2013 at 14:19 -0400: > On 8/23/2013 2:05 PM, John-Mark Gurney wrote: > >> Speeding up userland AES is very interesting to me for a couple of apps. > >> If there is a proper way I should test on RELENG_9, please let me know > >> as I am few boxes that I would be happy to test/deploy on. > > > > My patch would only effect userland applications that use /dev/crypto... > > > > If they do their own AES-NI work, then there isn't any improvement... > > For me its ssh which I think does, no ? It looks like it uses OpenSSL for it's crypto, not /dev/crypto... Also, my work was done improving AES-XTS which isn't used by OpenSSH... OpenSSH looks like it uses either AES-GCM or AES-CTR, neither of which are supported by /dev/crypto... My gcc patch does include PCLMULQDQ support, which will be helpful for improving the performance of AES-GCM, and it looks like OpenSSL 1.0.1 has support, which is in HEAD, not RELENG_9 yet... So, if you want better ssh performance, install OpenSSL 1.0.1 and compile OpenSSH against it... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."