Re: [Dovecot] Solaris hardware crypto engines
Here are some blogs on the topic.
http://wikis.sun.com/display/CryptoPerf/Using+the+UltraSPARC+cryptographic+a...
Solaris 10 # /usr/sfw/bin/openssl engine -c -t # cc -fast*-I /usr/sfw/include -L /usr/sfw/lib -lcrypto* aes_test.c -o aes_test.out
http://blogs.oracle.com/DanX/entry/sparc_t4_openssl_engine
http://blogs.oracle.com/DanX/entry/where_s_the_crypto_libraries
http://blogs.oracle.com/DanX/entry/solaris_x86_aesni_openssl_engine
http://blogs.oracle.com/chichang1/entry/rsa_performance_of_sun_fire
Here is some info from my intel box
Solaris 11 # /usr/bin/openssl engine -c -t (aesni) Intel AES-NI engine (no-aesni) % no-aesni means no aes H/W acceleration [ available ] (dynamic) Dynamic engine loading support [ unavailable ] (pkcs11) PKCS #11 engine support [RSA, DSA, DH, RAND, DSA] [ available ] $ isainfo -v # My cpu does not have 'aes' support 64-bit amd64 applications cx16 sse3 sse2 sse fxsr mmx cmov amd_sysc cx8 tsc fpu 32-bit i386 applications ahf cx16 sse3 sse2 sse fxsr mmx cmov sep cx8 tsc fpu # ldd /opt/dovecot/libexec/dovecot/ssl-build-param **** libssl.so.1.0.0 => /lib/libssl.so.1.0.0 *** *** libcrypto.so.1.0.0 => /lib/libcrypto.so.1.0.0* *** libc.so.1 => /lib/libc.so.1 libnsl.so.1 => /lib/libnsl.so.1 libsocket.so.1 => /lib/libsocket.so.1 librt.so.1 => /lib/librt.so.1 libsendfile.so.1 => /lib/libsendfile.so.1 libmp.so.2 => /lib/libmp.so.2 libmd.so.1 => /lib/libmd.so.1 libm.so.2 => /lib/libm.so.2
./configure --prefix=/opt/dovecot --with-ldap=yes --with-gssapi --with-ssldir=/etc/openssl Install prefix . : /opt/dovecot File offsets ... : 64bit I/O polling .... : poll I/O notifys .... : none SSL ............ : yes (OpenSSL) GSSAPI ......... : yes passdbs ........ : passwd passwd-file shadow pam checkpassword ldap : -bsdauth -sia -sql -vpopmail userdbs ........ : static prefetch passwd passwd-file checkpassword ldap : -sql -vpopmail -nss SQL drivers .... : : -pgsql -mysql -sqlite
Note Under OpenSolaris I did the following: CPPFLAGS=-I/usr/sfw/include LDFLAGS=-R/usr/sfw/lib ./configure --prefix=/opt/dovecot --with-ldap=yes --with-gssapi --with-ssldir=/etc/openssl (most likely Solaris 10 is the same as above, openssl may look old but I believe it is patched with compatible *fixes* from current openssl so application do not break. Apparently it took 5mths to update Solaris 11 to OpenSSL 1.0 and test everything)
Cheers Damon.
participants (1)
-
Damon Atkins