Hi, Winston--
Winston Tsai wrote:
[ ...followups set to just one group... ]
Openssl speed des-cbc
And got the following result:
16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
43251.97k 44919.41k 45342.43k 45506.13k 45579.98k
Then I did kldunload hifn; kldunload cryptodev and ran the same test
again, and got
16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
43108.10k 44917.96k 45460.88k 45532.15k 45566.26k
Version of FreeBSD is 5.3-RELEASE. I believe both crypto and cryptodev
drivers are supported since v5.0.
You might need to try "openssl speed des-cbc -engine cryptodev" in order to have
OpenSSL actually try to use the HiFN crypto card.
You might also have to fiddle with openssl itself, since the openssl binary that
ships with the system seems to prefer to use the CPU even when you tell it to
use hardware via the /dev/crypto interface. [1]
Possibly "cd /usr/ports/security/openssl && make install" might give you another
openssl binary to try that would work better. Given the domain of your email
address, you might have better insight about how to improve FreeBSD's support of
HiFN hardware :-), and we would be happy to adapt any such improvements.
--
-Chuck
[1]: I've heard rumors to the effect that the setup costs for accessing the
crypto hardware acceleration are fairly high and that using hardware crypto is a
win mostly only for big operations like 1024-bit RSA or DSA key operations, that
~1GHz CPUs or faster tend to handle session-level crypto (ie, your
48-/56-/128-bit DES or 3DES, or now perhaps 128/256-bit AES) faster by themselves.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
