recommended SSL-friendly crypto accelerator

Michael Reifenberger mike at Reifenberger.com
Thu Apr 8 09:28:26 PDT 2004 

Hi,
as is looks like, 'openssl aes-128-cbc' does use the HW-crypto,
whereas aes-256-cbc doesn't:

(fw)(root) ./hifnstats
input 33061744 bytes 27580 packets
output 33061744 bytes 27580 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0
openssl aes-128-cbc -e -in /sys/i386/compile/fw/kernel.debug -out bla -k foo
./hifnstats
(fw)(root) openssl aes-128-cbc -e -in /sys/i386/compile/fw/kernel.debug -out bla
-k foo
(fw)(root) ./hifnstats
input 62496592 bytes 34770 packets
output 62496592 bytes 34770 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0


but:

(fw)(root) ./hifnstats
input 62509488 bytes 34937 packets
output 62509488 bytes 34937 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0
openssl aes-256-cbc -e -in /sys/i386/compile/fw/kernel.debug -out bla -k foo
./hifnstats
(fw)(root) openssl aes-256-cbc -e -in /sys/i386/compile/fw/kernel.debug -out bla
-k foo
(fw)(root) ./hifnstats
input 62510128 bytes 34947 packets
output 62510128 bytes 34947 packets
invalid 0 nomem 0 abort 0
noirq 0 unaligned 0
totbatch 0 maxbatch 0
nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0


another indication is `iostat 1`:

during openssl aes-128-cbc:
 tin tout  KB/t tps  MB/s   KB/t tps  MB/s   KB/t tps  MB/s  us ni sy in id
   1   79 124.69  29  3.50   0.00   0  0.00   0.00   0  0.00   7  0 25  8 60
   0  230 126.58  78  9.67   0.00   0  0.00   0.00   0  0.00   2  0 26  5 68
   0   77 128.00 105 13.12   0.00   0  0.00   0.00   0  0.00   5  0 47  8 41
   0   88 62.74  27  1.64   0.00   0  0.00   0.00   0  0.00  22  0 22  2 55

during openssl aes-256-cbc:
 tin tout  KB/t tps  MB/s   KB/t tps  MB/s   KB/t tps  MB/s  us ni sy in id
   1   79 124.49  41  4.94   0.00   0  0.00   0.00   0  0.00  78  0 16  0  5
   0   77 126.64  47  5.75   0.00   0  0.00   0.00   0  0.00  89  0 11  0  0
   0   77 128.00  44  5.45   0.00   0  0.00   0.00   0  0.00  88  0 12  0  0
   0   77 128.00  45  5.57   0.00   0  0.00   0.00   0  0.00  88  0 12  0  0
   0   77 128.00  46  5.69   0.00   0  0.00   0.00   0  0.00  90  0  8  2  0
(it takes longer, is much less idle, and user much more usertime)


Bye/2
---
Michael Reifenberger, Business Development Manager SAP-Basis, Plaut Consulting
Comp: Michael.Reifenberger at plaut.de | Priv: Michael at Reifenberger.com
      http://www.plaut.de           |       http://www.Reifenberger.com

More information about the freebsd-security mailing list