Crypto hw acceleration for openssl
Nick Evans
nevans at talkpoint.com
Mon Apr 24 18:05:18 UTC 2006
On Mon, 24 Apr 2006 10:27:38 -0400
Pawel Jakub Dawidek <pjd at FreeBSD.org> wrote:
> On Sun, Apr 23, 2006 at 09:16:13PM +0200, Oliver Fromme wrote:
> +> Winston Tsai <wtsai at hifn.com> wrote:
> +> > I got roughly the same performance results when I use the openssl
> speed
> +> > test with and without a hifn 7956 cryto card
> +> > [...]
> +> > Then I ran:
> +> > Openssl speed des-cbc
> +> > [...]
> +> > My understanding is that openssl will detect the presence of an
> +> > accelerator card and use it (via \dev\crypto) instead of the
> crypto
> +> > library.
> +> > Did I miss something here?
> +>
> +> I don't know if the openssl speed test picks up the crypto-
> +> dev hardware automatically. But ssh/scp definitely does.
> +>
> +> I have run several tests on my VIA C3 Nehemiah+RNG+ACE,
> +> which accelerates AES encryption. When the padlock(4)
> +> module is loaded (it contains the Nehemiah ACE support),
> +> ssh/scp performance is roughly doubled. It's quite
> +> noticeable when transfering large files.
> +>
> +> Best regards
> +> Oliver
> +>
> +> PS: I can provide some benchmark numbers if interested.
>
> The problem is that OpenSSL don't know how to accelerate AES192 and
> AES256 with cryptodev. The patch which fix this is available here:
>
> http://people.freebsd.org/~pjd/patches/hw_cryptodev.c.patch
>
> PS. For AES128 cryptodev can be used without the patch.
>
> --
> Pawel Jakub Dawidek http://www.wheel.pl
> pjd at FreeBSD.org http://www.FreeBSD.org
> FreeBSD committer Am I Evil? Yes, I Am!
Have the lockups associated with using hifn been solved as well? I had a big
problem using hifn with GELI and haven't heard or seen anything else about it.
Nick
More information about the freebsd-security
mailing list