From owner-freebsd-security@FreeBSD.ORG  Thu Apr  8 09:28:26 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1AE3316A4CE
	for <freebsd-security@freebsd.org>;
	Thu,  8 Apr 2004 09:28:26 -0700 (PDT)
Received: from mailout06.sul.t-online.com (mailout06.sul.t-online.com
	[194.25.134.19])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 719E243D3F
	for <freebsd-security@freebsd.org>;
	Thu,  8 Apr 2004 09:28:25 -0700 (PDT)
	(envelope-from mike@reifenberger.com)
Received: from fwd02.aul.t-online.de 
	by mailout06.sul.t-online.com with smtp 
	id 1BBcO7-0001dx-02; Thu, 08 Apr 2004 18:28:23 +0200
Received: from fw.reifenberger.com
	(VgiymvZEoemoS0AH9TmVV-7RgzC2uw2QMkhT5sKCJPuzNgcFXI1JQh@[217.232.226.77]) by
	fmrl02.sul.t-online.com
	with esmtp id 1BBcNr-1ysNyi0; Thu, 8 Apr 2004 18:28:07 +0200
Received: from localhost (mike@localhost)i38GS69r013484;
	Thu, 8 Apr 2004 18:28:06 +0200 (CEST)
	(envelope-from mike@reifenberger.com)
X-Authentication-Warning: fw.reifenberger.com: mike owned process doing -bs
Date: Thu, 8 Apr 2004 18:28:06 +0200 (CEST)
From: Michael Reifenberger <mike@Reifenberger.com>
To: Mike Tancsa <mike@sentex.net>
In-Reply-To: <36f9701cf4faf7fjh4uh5h9qer493is7d8@4ax.com>
Message-ID: <20040408181337.R13165@fw.reifenberger.com>
References: <20040407181403.70832a2c@bert.mlan.solnet.ch>
 <36f9701cf4faf7fjh4uh5h9qer493is7d8@4ax.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Seen: false
X-ID: VgiymvZEoemoS0AH9TmVV-7RgzC2uw2QMkhT5sKCJPuzNgcFXI1JQh@t-dialin.net
X-Mailman-Approved-At: Tue, 13 Apr 2004 03:42:13 -0700
cc: freebsd-security@freebsd.org
cc: phk@phk.freebsd.dk
Subject: Re: recommended SSL-friendly crypto accelerator
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Apr 2004 16:28:26 -0000

Hi,
as is looks like, 'openssl aes-128-cbc' does use the HW-crypto,
whereas aes-256-cbc doesn't:

(fw)(root) ./hifnstats
input 33061744 bytes 27580 packets
output 33061744 bytes 27580 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0
openssl aes-128-cbc -e -in /sys/i386/compile/fw/kernel.debug -out bla -k foo
./hifnstats
(fw)(root) openssl aes-128-cbc -e -in /sys/i386/compile/fw/kernel.debug -out bla
-k foo
(fw)(root) ./hifnstats
input 62496592 bytes 34770 packets
output 62496592 bytes 34770 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0


but:

(fw)(root) ./hifnstats
input 62509488 bytes 34937 packets
output 62509488 bytes 34937 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0
openssl aes-256-cbc -e -in /sys/i386/compile/fw/kernel.debug -out bla -k foo
./hifnstats
(fw)(root) openssl aes-256-cbc -e -in /sys/i386/compile/fw/kernel.debug -out bla
-k foo
(fw)(root) ./hifnstats
input 62510128 bytes 34947 packets
output 62510128 bytes 34947 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0


another indication is `iostat 1`:

during openssl aes-128-cbc:
 tin tout  KB/t tps  MB/s   KB/t tps  MB/s   KB/t tps  MB/s  us ni sy in id
   1   79 124.69  29  3.50   0.00   0  0.00   0.00   0  0.00   7  0 25  8 60
   0  230 126.58  78  9.67   0.00   0  0.00   0.00   0  0.00   2  0 26  5 68
   0   77 128.00 105 13.12   0.00   0  0.00   0.00   0  0.00   5  0 47  8 41
   0   88 62.74  27  1.64   0.00   0  0.00   0.00   0  0.00  22  0 22  2 55

during openssl aes-256-cbc:
 tin tout  KB/t tps  MB/s   KB/t tps  MB/s   KB/t tps  MB/s  us ni sy in id
   1   79 124.49  41  4.94   0.00   0  0.00   0.00   0  0.00  78  0 16  0  5
   0   77 126.64  47  5.75   0.00   0  0.00   0.00   0  0.00  89  0 11  0  0
   0   77 128.00  44  5.45   0.00   0  0.00   0.00   0  0.00  88  0 12  0  0
   0   77 128.00  45  5.57   0.00   0  0.00   0.00   0  0.00  88  0 12  0  0
   0   77 128.00  46  5.69   0.00   0  0.00   0.00   0  0.00  90  0  8  2  0
(it takes longer, is much less idle, and user much more usertime)


Bye/2
---
Michael Reifenberger, Business Development Manager SAP-Basis, Plaut Consulting
Comp: Michael.Reifenberger@plaut.de | Priv: Michael@Reifenberger.com
      http://www.plaut.de           |       http://www.Reifenberger.com