Re: OpenSSL with hifn(4) (cryptodev)

From: Mike Tancsa <mike_at_sentex.net>
Date: Tue, 03 Aug 2004 11:22:41 -0400
At 08:41 AM 03/08/2004, Norikatsu Shigemura wrote:
>Hi sam!
>
>         I have two Soekris vpn1401 crypto accelerator cards.  I installed
>         these to 4-stable machine and 5-current machine.

Hi,
         Not all things are accelerated in openssl.  Also depending on the 
CPU you use, it wont be faster and might even be slower.  Where you really 
win is with concurrent jobs.  In our app, our backup server takes several 
ssh streams of dump and tar. The P4 2.4 keeps up just fine even when 50Mb/s 
of traffic is coming in with the card, but is too taxed without it.

Try the following tests

Create a test file first
dd if=/dev/urandom of=/tmp/big bs=1024k count=100

time /usr/bin/openssl enc -des3 -in /tmp/big -out /dev/null -k test

with and without acceleration.  The contrast is even greater, if you run

/usr/bin/openssl enc -des3 -in /tmp/big -out /dev/null -k test &
/usr/bin/openssl enc -des3 -in /tmp/big -out /dev/null -k test &
/usr/bin/openssl enc -des3 -in /tmp/big -out /dev/null -k test &

and watch the load avg and the time to completion.

You can compile the program /usr/src/tools/tools/crypto/hifnstats.c which 
will spit out simple stats about the card.

If you are using one of the newer HiFn cards, it will work with aes256 as 
well as des3.

One caveat is that with the newer cards, I keep running into a fairly 
easily repeatable bug. (perhaps 2).

On OpenBSD and FreeBSD I run into
http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=3739

And this one is new and might be relevant to the FreeBSD driver as well

http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=3873

There is also
http://www.monkey.org/openbsd/archive/misc/0408/msg00008.html
... Not sure if its applicable or not yet.

         ---Mike 
Received on Tue Aug 03 2004 - 13:17:45 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:04 UTC