Re: Crypto hw acceleration for openssl

On Sun, Apr 23, 2006 at 09:16:13PM +0200, Oliver Fromme wrote:
+> Winston Tsai <wtsai@xxxxxxxx> wrote:
+> > I got roughly the same performance results when I use the openssl speed
+> > test with and without a hifn 7956 cryto card
+> > [...]
+> > Then I ran:
+> > Openssl speed des-cbc
+> > [...]
+> > My understanding is that openssl will detect the presence of an
+> > accelerator card and use it (via \dev\crypto) instead of the crypto
+> > library.
+> > Did I miss something here?
+>
+> I don't know if the openssl speed test picks up the crypto-
+> dev hardware automatically. But ssh/scp definitely does.
+>
+> I have run several tests on my VIA C3 Nehemiah+RNG+ACE,
+> which accelerates AES encryption. When the padlock(4)
+> module is loaded (it contains the Nehemiah ACE support),
+> ssh/scp performance is roughly doubled. It's quite
+> noticeable when transfering large files.
+>
+> Best regards
+> Oliver
+>
+> PS: I can provide some benchmark numbers if interested.

The problem is that OpenSSL don't know how to accelerate AES192 and
AES256 with cryptodev. The patch which fix this is available here:

http://people.freebsd.org/~pjd/patches/hw_cryptodev.c.patch

PS. For AES128 cryptodev can be used without the patch.

--
Pawel Jakub Dawidek http://www.wheel.pl
pjd@xxxxxxxxxxx http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!

Attachment: pgpTt5LBV0mhA.pgp
Description: PGP signature

Relevant Pages

  • Re: Crypto hw acceleration for openssl
    ... At 10:27 AM 24/04/2006, Pawel Jakub Dawidek wrote: ... +> which accelerates AES encryption. ... For AES128 cryptodev can be used without the patch. ...
    (FreeBSD-Security)
  • Re: Crypto hw acceleration for openssl
    ... For AES128 cryptodev can be used without the patch. ... It depends which engine one is using. ... The first one is of course faster for use with OpenSSL as it doesn't go ...
    (FreeBSD-Security)