[Dovecot] Solaris hardware crypto engines

Damon Atkins Damon_Atkins at yahoo.com.au
Tue Nov 22 04:17:39 EET 2011


Here are some blogs on the topic.

http://wikis.sun.com/display/CryptoPerf/Using+the+UltraSPARC+cryptographic+accelerators

Solaris 10
# /usr/sfw/bin/openssl engine -c -t
# cc -fast*-I /usr/sfw/include -L /usr/sfw/lib -lcrypto*  aes_test.c -o aes_test.out


http://blogs.oracle.com/DanX/entry/sparc_t4_openssl_engine

http://blogs.oracle.com/DanX/entry/where_s_the_crypto_libraries

http://blogs.oracle.com/DanX/entry/solaris_x86_aesni_openssl_engine

http://blogs.oracle.com/chichang1/entry/rsa_performance_of_sun_fire

Here is some info from my intel box

Solaris 11
# /usr/bin/openssl engine -c -t
(aesni) Intel AES-NI engine (no-aesni)   % no-aesni means no aes H/W acceleration
      [ available ]
(dynamic) Dynamic engine loading support
      [ unavailable ]
(pkcs11) PKCS #11 engine support
  [RSA, DSA, DH, RAND, DSA]
      [ available ]
$ isainfo -v  # My cpu does not have 'aes' support
64-bit amd64 applications
         cx16 sse3 sse2 sse fxsr mmx cmov amd_sysc cx8 tsc fpu
32-bit i386 applications
         ahf cx16 sse3 sse2 sse fxsr mmx cmov sep cx8 tsc fpu
# ldd  /opt/dovecot/libexec/dovecot/ssl-build-param
****     libssl.so.1.0.0 =>        /lib/libssl.so.1.0.0    ***
***     libcrypto.so.1.0.0 =>     /lib/libcrypto.so.1.0.0*  ***
         libc.so.1 =>      /lib/libc.so.1
         libnsl.so.1 =>    /lib/libnsl.so.1
         libsocket.so.1 =>         /lib/libsocket.so.1
         librt.so.1 =>     /lib/librt.so.1
         libsendfile.so.1 =>       /lib/libsendfile.so.1
         libmp.so.2 =>     /lib/libmp.so.2
         libmd.so.1 =>     /lib/libmd.so.1
         libm.so.2 =>      /lib/libm.so.2

./configure --prefix=/opt/dovecot  --with-ldap=yes --with-gssapi --with-ssldir=/etc/openssl
Install prefix . : /opt/dovecot
File offsets ... : 64bit
I/O polling .... : poll
I/O notifys .... : none
SSL ............ : yes (OpenSSL)
GSSAPI ......... : yes
passdbs ........ : passwd passwd-file shadow pam checkpassword ldap
                  : -bsdauth -sia -sql -vpopmail
userdbs ........ : static prefetch passwd passwd-file checkpassword ldap
                  : -sql -vpopmail -nss
SQL drivers .... :
                  : -pgsql -mysql -sqlite



Note Under OpenSolaris I did the following:
CPPFLAGS=-I/usr/sfw/include  LDFLAGS=-R/usr/sfw/lib ./configure 
--prefix=/opt/dovecot  --with-ldap=yes --with-gssapi 
--with-ssldir=/etc/openssl
(most likely Solaris 10 is the same as above, openssl may look old but I 
believe it is patched with compatible *fixes* from current openssl so 
application do not break. Apparently it took 5mths to update Solaris 11 
to OpenSSL 1.0 and test everything)

Cheers
Damon.


More information about the dovecot mailing list