Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 24 Apr 2006 16:27:38 +0200
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        freebsd-security@FreeBSD.ORG
Subject:   Re: Crypto hw acceleration for openssl
Message-ID:  <20060424142738.GC814@garage.freebsd.pl>
In-Reply-To: <200604231916.k3NJGDph098368@lurza.secnetix.de>
References:  <CFA9FA7615FFD04DB8FD8E34A3FF7F46022BB92A@sjcxch02.tbu.com> <200604231916.k3NJGDph098368@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help 

--adJ1OR3c6QgCpb/j
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Apr 23, 2006 at 09:16:13PM +0200, Oliver Fromme wrote:
+> Winston Tsai <wtsai@hifn.com> wrote:
+>  > I got roughly the same performance results when I use the openssl spe=
ed
+>  > test with and without a hifn 7956 cryto card
+>  > [...]
+>  > Then I ran:
+>  > Openssl speed des-cbc
+>  > [...]
+>  > My understanding is that openssl will detect the presence of an
+>  > accelerator card and use it (via \dev\crypto) instead of the crypto
+>  > library.
+>  > Did I miss something here?
+>=20
+> I don't know if the openssl speed test picks up the crypto-
+> dev hardware automatically.  But ssh/scp definitely does.
+>=20
+> I have run several tests on my VIA C3 Nehemiah+RNG+ACE,
+> which accelerates AES encryption.  When the padlock(4)
+> module is loaded (it contains the Nehemiah ACE support),
+> ssh/scp performance is roughly doubled.  It's quite
+> noticeable when transfering large files.
+>=20
+> Best regards
+>    Oliver
+>=20
+> PS:  I can provide some benchmark numbers if interested.

The problem is that OpenSSL don't know how to accelerate AES192 and
AES256 with cryptodev. The patch which fix this is available here:

	http://people.freebsd.org/~pjd/patches/hw_cryptodev.c.patch

PS. For AES128 cryptodev can be used without the patch.

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--adJ1OR3c6QgCpb/j
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFETOBaForvXbEpPzQRAtV+AJsE3Knyr2PvbZYIhaWSKzW37/BbMgCgo0c8
n0pQ7r29vwRFZbnB/bHJQlg=
=8cFe
-----END PGP SIGNATURE-----

--adJ1OR3c6QgCpb/j--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060424142738.GC814>