From owner-freebsd-security@FreeBSD.ORG Mon Apr 24 14:29:18 2006 Return-Path: X-Original-To: freebsd-security@FreeBSD.ORG Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 831DC16A400 for ; Mon, 24 Apr 2006 14:29:18 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id B574043D5E for ; Mon, 24 Apr 2006 14:29:11 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 2F80D52C72; Mon, 24 Apr 2006 16:29:10 +0200 (CEST) Received: from localhost (pjd.wheel.pl [10.0.1.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 1955E52C76 for ; Mon, 24 Apr 2006 16:29:04 +0200 (CEST) Date: Mon, 24 Apr 2006 16:27:38 +0200 From: Pawel Jakub Dawidek To: freebsd-security@FreeBSD.ORG Message-ID: <20060424142738.GC814@garage.freebsd.pl> References: <200604231916.k3NJGDph098368@lurza.secnetix.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="adJ1OR3c6QgCpb/j" Content-Disposition: inline In-Reply-To: <200604231916.k3NJGDph098368@lurza.secnetix.de> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng/devel-r535 (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 Cc: Subject: Re: Crypto hw acceleration for openssl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Apr 2006 14:29:18 -0000 --adJ1OR3c6QgCpb/j Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Apr 23, 2006 at 09:16:13PM +0200, Oliver Fromme wrote: +> Winston Tsai wrote: +> > I got roughly the same performance results when I use the openssl spe= ed +> > test with and without a hifn 7956 cryto card +> > [...] +> > Then I ran: +> > Openssl speed des-cbc +> > [...] +> > My understanding is that openssl will detect the presence of an +> > accelerator card and use it (via \dev\crypto) instead of the crypto +> > library. +> > Did I miss something here? +>=20 +> I don't know if the openssl speed test picks up the crypto- +> dev hardware automatically. But ssh/scp definitely does. +>=20 +> I have run several tests on my VIA C3 Nehemiah+RNG+ACE, +> which accelerates AES encryption. When the padlock(4) +> module is loaded (it contains the Nehemiah ACE support), +> ssh/scp performance is roughly doubled. It's quite +> noticeable when transfering large files. +>=20 +> Best regards +> Oliver +>=20 +> PS: I can provide some benchmark numbers if interested. The problem is that OpenSSL don't know how to accelerate AES192 and AES256 with cryptodev. The patch which fix this is available here: http://people.freebsd.org/~pjd/patches/hw_cryptodev.c.patch PS. For AES128 cryptodev can be used without the patch. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --adJ1OR3c6QgCpb/j Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFETOBaForvXbEpPzQRAtV+AJsE3Knyr2PvbZYIhaWSKzW37/BbMgCgo0c8 n0pQ7r29vwRFZbnB/bHJQlg= =8cFe -----END PGP SIGNATURE----- --adJ1OR3c6QgCpb/j--