[firefoxPL]

Hi, I am playing around with enabling hardware acceleration for crypto operations (AES-128, SHA1) on Pogo V2 (Kirkwood), I've found this arcticle and I'm willing to give cryptodev-linux a try, but I'll need to build OpenSSL with support for cryptodev-linux, hence my question: I can't seem to find any PKGBUILD for OpenSSL on Arch Linux web pages, should I simply download sources from http://www.openssl.org and simply execute make and make install?
While I'm confortable with Linux and used makepkg in the past to build some packages with custom compile options, I didn't really build so big modules like OpenSSL (especially from generic source - not with a PKGBUILD). Any suggestions how to compile OpenSSL much appreciated.

[pepedog]

The easiest way to get the PKGBUILD is via abs
pacman -S abs
abs
cd /var/abs/core/openssl

[firefoxPL]

Great thank You, didn't know about that - I'm still new to Arch (used Ubuntu for several years)

[firefoxPL]

While looking into PKGBUILD for openssl I've found out that configure options are more complicated than simply adding 'arm' to arch=(), since there is this:
$this->bbcode_second_pass_code('', '
if [ "${CARCH}" == 'x86_64' ]; then
openssltarget='linux-x86_64'
elif [ "${CARCH}" == 'i686' ]; then
openssltarget='linux-elf'
fi
')
I've googled some information regarding this, but unfortunately I didn't found anything solid (some suggestions of using linux-elf-arm), in openssl 1.0.0g sources I've found this fragment (in config):
$this->bbcode_second_pass_code('', '
armv[1-3]*-*-linux2) OUT="linux-generic32" ;;
arm*-*-linux2) OUT="linux-armv4" ;;
')
while in openssl 0.9.8t this:
$this->bbcode_second_pass_code('', '
arm*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
arm*l-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
')
which seems rather confusing, I would appreciate a suggestion from someone, who has some experience with building openssl for kirkwood platform

[firefoxPL]

I'm thinking about using this modifications in PKGBUILD:
$this->bbcode_second_pass_code('', '
...
arch=('i686' 'x86_64' 'arm')
...
openssltarget='linux-armv4'
...
./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX_LEN=64 shared threads zlib enable-md2 \
"${openssltarget}" \
-Wa,--noexecstack "${CFLAGS}" "${LDFLAGS}"
')
any thoughts?

[firefoxPL]

I already have cryptodev module build and loaded (at least that's what I believe )
$this->bbcode_second_pass_code('', '
[root@pink ~]# lsmod
Module Size Used by
cryptodev 16585 0
appletalk 23739 0
psnap 1651 1 appletalk
llc 3190 1 psnap
ipv6 254083 12
mv_cesa 9021 0
')
should I remove CESA module, after I sort out the openssl build (still waiting for some confirmation before building it)?

[pepedog]

Ahh,
Most things build in arm from the abs system, but stuff needing changes are in GitHub
https://github.com/archlinuxarm/PKGBUIL ... re/openssl

[firefoxPL]

Thank You again, openssl is building, if everything works I should be able to testdrive cryptodev with openssl speed test

[firefoxPL]

Full success!!
Cryptodev-linux is up and running and openssl takes advantage of hardware crypto modules, offloading cpu to dedicated resources, comparison below:
without cryptodev:
$this->bbcode_second_pass_code('', '
# openssl speed -evp aes-128-cbc
Doing aes-128-cbc for 3s on 16 size blocks: 2546082 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 774861 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 205121 aes-128-cbc's in 2.98s
Doing aes-128-cbc for 3s on 1024 size blocks: 52065 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 6534 aes-128-cbc's in 3.00s
...
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 13579.10k 16530.37k 17621.13k 17771.52k 17842.18k
')
with cryptodev module loaded
$this->bbcode_second_pass_code('', '
openssl speed -evp aes-128-cbc
Doing aes-128-cbc for 3s on 16 size blocks: 88028 aes-128-cbc's in 0.08s
Doing aes-128-cbc for 3s on 64 size blocks: 85282 aes-128-cbc's in 0.07s
Doing aes-128-cbc for 3s on 256 size blocks: 62230 aes-128-cbc's in 0.09s
Doing aes-128-cbc for 3s on 1024 size blocks: 41032 aes-128-cbc's in 0.03s
Doing aes-128-cbc for 3s on 8192 size blocks: 8222 aes-128-cbc's in 0.03s
...
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 17605.60k 77972.11k 177009.78k 1400558.93k 2245154.13k
')
interesting thing is that with hardware support only at 8k block size openssl does more blocks per second (and at 16 it's really sluggish ~ 3% of software implementation), but more importantly openssl doesn't take cpu time, I will try and test this for some real life performance (probably iperf, after I create some VPN, or scp with 1gb file)

edit:
as a follow-up, here are benchmarks for AES-256 (with CBC scheme)
no cryptodev:
$this->bbcode_second_pass_code('', '
# openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 2027681 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 64 size blocks: 590559 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 256 size blocks: 154199 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 1024 size blocks: 38982 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 8192 size blocks: 4887 aes-256-cbc's in 3.00s
')
with cryptodev:
$this->bbcode_second_pass_code('', '
# openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 87841 aes-256-cbc's in 0.08s
Doing aes-256-cbc for 3s on 64 size blocks: 85206 aes-256-cbc's in 0.09s
Doing aes-256-cbc for 3s on 256 size blocks: 56386 aes-256-cbc's in 0.06s
Doing aes-256-cbc for 3s on 1024 size blocks: 39468 aes-256-cbc's in 0.01s
Doing aes-256-cbc for 3s on 8192 size blocks: 7778 aes-256-cbc's in 0.01s
')
only 1% increase at 1k, but at 8k 60% increase (both using only fraction of CPU time ~ 0.33% comparing to software implementation)

edit2:
another follow-up, I did a simple scp test copying 512MB file over ssh, the speed diference was almost unnoticeable (2m19s with cryptodev vs 2m21s without - approx. 3.7MBps vs 3.6MBps) but I was also monitoring cpu usage and cpu time:
- with cryptodev cpu never got to 100% and cpu time of complete transfer was about 27s
- without cryptodev cpu often was at 100% and total cpu time was about 54s
I'm wondering if the very slight speed bump is related to not big enough data blocks processed by openssl or simply due to file I/O limits

[WarheadsSE]

Nice turn around time