Nikos -- Thanks for the reply. I have a few more comments below.
On Tue, Apr 30, 2013 at 6:57 AM, Nikos Mavrogiannopoulos <n...@gnutls.org> wrote: > In some (many?) systems the CPU can handle hashes much faster than the > crypto chip. Note also that in that time includes the context switch > from user-space to kernel space. It depends on you on whether you want > to off-load that operation from the CPU, and do something else with > it. If your system is generally idle you could avoid cryptodev for > hashes. The offload would be nice, so I might keep using that just for that purpose. Although, until the talitos issue is resolved (see other thread), I can't use cryptodev on my platform anyway. > cryptodev-linux does not support modular exponentiation with cryptodev > because the Linux kernel crypto drivers don't include that capability. > So you shouldn't see any difference with RSA. Ok. (It turns out that I'm using a hardware token for the actual signing, anyway, so the signing speed is limited by the token, and the speed of CPU-based RSA signing is not relevant. I might eventually be verifying uploads (using keys / certs on the token), but that's so rare that I'm not going to worry about it for now.) > > > Finally, why does specifying the EVP result in such a huge difference? > > E.g, with aes-128-cbc and 8KiB blocks: > > no cryptodev, no evp -- 6MiB/s > > no cryptodev, with evp -- 6MiB/s > > with cryptodev, no evp -- 6MiB/s > > No evp in openssl means that the software implementation is used (not > the cryptodev engine). > > > with cryptodev, with evp -- 33MiB/s (!) > > Here the engine is used. Ok. I think I'm simply confused as to why openssl would ever choose to not use the EVP layer, even if the flag wasn't provided on the command line. (That is, I expected the interface to be simply "do this", not "do this, and do it in this way". Because there are other aspects of openssl that it seems one can't control at that level, e.g., to switch back to the software routines if cryptodev is compiled in...) Thanks again for the reply. Best regards, Anthony Foiani _______________________________________________ Cryptodev-linux-devel mailing list Cryptodev-linux-devel@gna.org https://mail.gna.org/listinfo/cryptodev-linux-devel
