Crypto hw acceleration for openssl
Pawel Jakub Dawidek
pjd at FreeBSD.org
Mon Apr 24 14:29:18 UTC 2006
On Sun, Apr 23, 2006 at 09:16:13PM +0200, Oliver Fromme wrote:
+> Winston Tsai <wtsai at hifn.com> wrote:
+> > I got roughly the same performance results when I use the openssl speed
+> > test with and without a hifn 7956 cryto card
+> > [...]
+> > Then I ran:
+> > Openssl speed des-cbc
+> > [...]
+> > My understanding is that openssl will detect the presence of an
+> > accelerator card and use it (via \dev\crypto) instead of the crypto
+> > library.
+> > Did I miss something here?
+>
+> I don't know if the openssl speed test picks up the crypto-
+> dev hardware automatically. But ssh/scp definitely does.
+>
+> I have run several tests on my VIA C3 Nehemiah+RNG+ACE,
+> which accelerates AES encryption. When the padlock(4)
+> module is loaded (it contains the Nehemiah ACE support),
+> ssh/scp performance is roughly doubled. It's quite
+> noticeable when transfering large files.
+>
+> Best regards
+> Oliver
+>
+> PS: I can provide some benchmark numbers if interested.
The problem is that OpenSSL don't know how to accelerate AES192 and
AES256 with cryptodev. The patch which fix this is available here:
http://people.freebsd.org/~pjd/patches/hw_cryptodev.c.patch
PS. For AES128 cryptodev can be used without the patch.
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20060424/278e6df0/attachment.pgp
More information about the freebsd-security
mailing list