Crypto hw acceleration for openssl

Mike Tancsa mike at sentex.net
Mon Apr 24 14:51:07 UTC 2006


At 10:27 AM 24/04/2006, Pawel Jakub Dawidek wrote:
>On Sun, Apr 23, 2006 at 09:16:13PM +0200, Oliver Fromme wrote:
>+> Winston Tsai <wtsai at hifn.com> wrote:
>+>  > I got roughly the same performance results when I use the openssl speed
>+>  > test with and without a hifn 7956 cryto card
>+>  > [...]
>+>  > Then I ran:
>+>  > Openssl speed des-cbc
>+>  > [...]
>+>  > My understanding is that openssl will detect the presence of an
>+>  > accelerator card and use it (via \dev\crypto) instead of the crypto
>+>  > library.
>+>  > Did I miss something here?
>+>
>+> I don't know if the openssl speed test picks up the crypto-
>+> dev hardware automatically.  But ssh/scp definitely does.
>+>
>+> I have run several tests on my VIA C3 Nehemiah+RNG+ACE,
>+> which accelerates AES encryption.  When the padlock(4)
>+> module is loaded (it contains the Nehemiah ACE support),
>+> ssh/scp performance is roughly doubled.  It's quite
>+> noticeable when transfering large files.
>+>
>+> Best regards
>+>    Oliver
>+>
>+> PS:  I can provide some benchmark numbers if interested.
>
>The problem is that OpenSSL don't know how to accelerate AES192 and
>AES256 with cryptodev. The patch which fix this is available here:
>
>         http://people.freebsd.org/~pjd/patches/hw_cryptodev.c.patch
>
>PS. For AES128 cryptodev can be used without the patch.


If you use the padlock engine, you will also need the patch discussed in

http://cvs.openssl.org/chngview?cn=13061

http://sourceforge.net/mailarchive/message.php?msg_id=11419213


Without it, apps like openvpn will running into periodic crypto errors.

         ---Mike


begin 644 patch
M+2TM(&5N9U]P861L;V-K+F,),C`P-2\P-"\P-"`Q-SHP-3HP- at DQ+C$R"BLK
M*R!E;F=?<&%D;&]C:RYC"3(P,#4O,#0O,30@,#<Z-#$Z,CD),2XQ,PI`0"`M
M,SDU+#$P("LS.34L,3`@0$`*("():FYC"3%F7&XB"B`B"6-M<`DE,BPE,5QN
M(@H@(@EJ90DQ9EQN(@HM(@EM;W8))3(L)3!<;B(*("()<&]P9FQ<;B(*("()
M<W5B"20T+"4E97-P7&XB"BTB,3H)861D"20T+"4E97-P(@HK(C$Z"6%D9`DD
M-"PE)65S<%QN(@HK(@EM;W8))3(L)3`B"B`).B(K;2(H<&%D;&]C:U]S879E
M9%]C;VYT97AT*0H@"3H@(G(B*'!A9&QO8VM?<V%V961?8V]N=&5X="DL(")R
M(BAC9&%T82D at .B`B8V,B*3L*('T*0$`@+34R,2PQ,"`K-3(Q+#$P($!`"B`)
M"6IN8PES:VEP"B`)"6-M<`EE8W at L<&%D;&]C:U]S879E9%]C;VYT97AT"B`)
M"6IE"7-K:7`*+0D);6]V"7!A9&QO8VM?<V%V961?8V]N=&5X="QE8W@*(`D)
M<&]P9F0*(`D)<W5B"65S<"PT"B`)<VMI<#H)861D"65S<"PT"BL)"6UO=@EP
B861L;V-K7W-A=F5D7V-O;G1E>'0L96-X"B`)"7T*('T*"@``
`
end



More information about the freebsd-security mailing list