patch to improve AES-NI performance
John-Mark Gurney
jmg at funkthat.com
Fri Aug 23 18:52:43 UTC 2013
Mike Tancsa wrote this message on Fri, Aug 23, 2013 at 14:19 -0400:
> On 8/23/2013 2:05 PM, John-Mark Gurney wrote:
> >> Speeding up userland AES is very interesting to me for a couple of apps.
> >> If there is a proper way I should test on RELENG_9, please let me know
> >> as I am few boxes that I would be happy to test/deploy on.
> >
> > My patch would only effect userland applications that use /dev/crypto...
> >
> > If they do their own AES-NI work, then there isn't any improvement...
>
> For me its ssh which I think does, no ?
It looks like it uses OpenSSL for it's crypto, not /dev/crypto...
Also, my work was done improving AES-XTS which isn't used by
OpenSSH... OpenSSH looks like it uses either AES-GCM or AES-CTR,
neither of which are supported by /dev/crypto...
My gcc patch does include PCLMULQDQ support, which will be helpful
for improving the performance of AES-GCM, and it looks like OpenSSL
1.0.1 has support, which is in HEAD, not RELENG_9 yet...
So, if you want better ssh performance, install OpenSSL 1.0.1 and
compile OpenSSH against it...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the freebsd-current
mailing list