patch to improve AES-NI performance

John-Mark Gurney jmg at funkthat.com
Fri Aug 23 18:52:43 UTC 2013


Mike Tancsa wrote this message on Fri, Aug 23, 2013 at 14:19 -0400:
> On 8/23/2013 2:05 PM, John-Mark Gurney wrote:
> >> Speeding up userland AES is very interesting to me for a couple of apps.
> >>  If there is a proper way I should test on RELENG_9, please let me know
> >> as I am few boxes that I would be happy to test/deploy on.
> > 
> > My patch would only effect userland applications that use /dev/crypto...
> > 
> > If they do their own AES-NI work, then there isn't any improvement...
> 
> For me its ssh which I think does, no ?

It looks like it uses OpenSSL for it's crypto, not /dev/crypto...

Also, my work was done improving AES-XTS which isn't used by
OpenSSH...  OpenSSH looks like it uses either AES-GCM or AES-CTR,
neither of which are supported by /dev/crypto...

My gcc patch does include PCLMULQDQ support, which will be helpful
for improving the performance of AES-GCM, and it looks like OpenSSL
1.0.1 has support, which is in HEAD, not RELENG_9 yet...

So, if you want better ssh performance, install OpenSSL 1.0.1 and
compile OpenSSH against it...

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."


More information about the freebsd-current mailing list