At 11:37 AM 10/12/2006, Oliver Fromme wrote:
Matthieu Michaud wrote:
> I rent a small server based on a VIA C7 on which I installed a
> 6.2-PRERELEASE as of today (see dmesg and kernconf attached). It runs
> fairly well but I wonder if it couldn't be faster.
>
> According to padlock(4) man page, crypto hardware support is available
> by adding padlock, crypto and cryptodev kernel options. I compiled it as
> modules. I haven't noticed difference between 'openssl speed' and
> 'openssl speed -engine padlock'. I attached results.
I don't know if the openssl command really uses the padlock
engine. I doubt it.
It will if you tell it to, but remember, its only AES that it will
speed up. You wont see a difference in things like 3des etc.
Just do the tests for aes
Try something like
openssl speed -evp aes-256-ecb -engine padlock
vs
openssl speed -evp aes-256-ecb -engine dynamic
On a CPU: VIA C3 Nehemiah+RNG+AES (796.77-MHz 686-class CPU)
I get
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-ecb 37610.62k 142398.18k 389573.81k 678504.21k 868056.96k
aes-256-ecb 4923.20k 5143.88k 5222.51k 5256.46k 5276.31k
For comparison, here is the same test on a Celeron 2.6 and an AMD 3800
aes-256-ecb 39727.25k 41359.33k 42596.01k 42919.64k 42940.31k
aes-256-ecb 27408.65k 32035.54k 32623.81k 32767.08k 32822.06k
---Mike
But with scp the throughput doubles when padlock is enabled
on my C3 Nehemiah. So it clearly helps scp. (FAST_IPSEC
also benefits from it, but I don't use IPSEC so I don't
have numbers.)
> Finally, I tried to read 16M from /dev/random and /dev/urandom to look
> at RNG support. It reads at 2M/s on both device. Comparing to a P4 1.7G
> and P4 2.8G, it's few : they both performs around 14M/s on almost as
> recent kernel.
There's a difference in quality: I doubt that those 16MB
that you got in about one second on the P4 were really
as random as the 2 MB that you got on the C7.
Also take into account that you usually don't read that
much data from /dev/random. Quality is much more important
than speed.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
"It combines all the worst aspects of C and Lisp: a billion different
sublanguages in one monolithic executable. It combines the power of C
with the readability of PostScript."
-- Jamie Zawinski, when asked: "What's wrong with perl?"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
