Thread: VIA Padlock
View Single Post
  #1   (View Single Post)  
Old 16th July 2014
ermanno ermanno is offline
New User
 
Join Date: Jul 2014
Posts: 5
Default VIA Padlock

Well, I guess I was succesful relocating my small home server to openbsd, the board (Epia MII12000) has AES hw accel using padlock, and basically runs a nginx, php-fpm, mysql stack for some personal webservers, ssh server for outside access, exim for a few emails, netbsd-iscsi for backups, minidlna to stream music and video, a 2mbit/s gogoc tunnel for ip6. So far everything ok, it is probably faster than it was before, except sftp and scp file transfers are a lot slower than before, also nginx uses a lot more CPU than before transferring large files.
I have read that openbsd is bringing some innovation to openssl but I did not follow what is going on ....
The openssl padlock engine is disabled, even if a comment in /usr/src/lib/libssl/crypto/Makefile:
Code:
CFLAGS+= -DOPENSSL_NO_HW_PADLOCK # XXX enable this?
hints that maybe it can be re-enabled.

openssl speed -evp shows that padlock instructions are used by evp functions, but are nginx, exim and ssh using them?
openssl speed -engine cryptodev instead is ~5/6 times slower, probably not using padlock.
Code:
# openssl speed aes-192-cbc 
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-192 cbc       4832.23k     5069.21k     5150.03k    12997.93k    13014.90k
# openssl speed -evp aes-192-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-192-cbc      26500.36k    99317.35k   268582.62k   464052.28k   589470.85k
# openssl speed -engine cryptodev aes-192-cbc
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-192 cbc       4778.00k     5014.26k     5122.80k    12946.75k    13032.20k
#
Forcing AES-192 on both client and server doubles the speed of sftp and scp file transfers, but I don't know if it is using padlock.
Will nginx use padlock? should I set ssl_engine cryptodev; or not?.

Last edited by ermanno; 16th July 2014 at 12:50 PM.
Reply With Quote