NSS FAQ - Mozilla | MDN
Now, we are VERY eager to get hardware crypto acceleration working! As I have understood, as OpenSSL lacks an engine for MV_CESA (the Marvell AES hardware acceleration), I will have to apply kernel patches for OCF (OpenBSD Cryptographic Framework), to make a /dev/crypto device and then patch OpenSSL to use OCF through a cryptodev engine. OpenSSL acceleration. Crypto API backend modules transparently accelerate kernelspace crypto such as IPsec. Accelerating userspace applications Apache, OpenSSH, OpenVPN and others using OpenSSL is currently possible via two methods. To take advantage of acceleration in OpenVPN, choose a supported cipher such as aes-128-cbc on each end of a given tunnel, then select BSD Cryptodev Engine for Hardware Crypto. Similarly, if the system employs the VIA Padlock engine, choose an appropriate cipher and select VIA Padlock for Hardware Crypto . OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. For more information about the team and community around the project, or to start making your own contributions, start with the community page. High-performance hardware acceleration algorithm library of OpenSSL Engine based on Kunpeng processor - kunpengcompute/KAE
You can verify that OpenSSL uses Intel AES-NI by running OpenSSL's internal benchmarks. Compare the output of openssl speed aes-128-cbc with openssl speed -evp aes-128-cbc. The former skips hardware acceleration even if present, while the latter uses acceleration if available. Except for the benchmark, it will be used automatically if present.
Apr 18, 2018 · AES, SHA, TRNG Hardware Accelerators using OpenSSL (requires OCF-linux kernel support) The device drivers for AES and SHA/MD5 hardware acceleration is configured and built into the kernel by default in SDK 5.05.00.00. No other special setup is needed for OpenSSL to access the crypto modules. NSS is set of libraries, APIs, utilities, and documentation designed to support cross-platform development of security-enabled client and server applications. It provides a complete open-source implementation of the crypto libraries used by Mozilla and other companies in the Firefox browser, AOL Instant Messenger (AIM), server products from Red Hat, and other products. If hardware acceleration is adopted, OpenSSL will do SSL processing for original data and then send the request to accelerators through CryptoDev and hardware driver. For each request, OpenSSL will do segmentation if the request data is larger than grain size. Here, the grain size is defined as the unit of OpenSSL processing block.
Uses QuickAssist technology to provide up to 50 Gbps of hardware acceleration. 1; With newly-released OpenSSL* 1.1.0 to deliver nearly 35,000 2K RSA TPS. Makes establishing connections to web services hosted on NGINX lightning fast. Offload VPN processing …
not blocked when using hardware acceleration. Two major benefits of asynchronous OpenSSL are increased single-flow throughput, leading to maximum performance, and fewer contexts, thus reducing context management overhead. Performance Results Preliminary test results demonstrate that asynchronous OpenSSL running on an Intel Using low level AES routines (like AES_encrypt and AES_decrypt) are software only-implementations, and they will never use hardware acceleration like AES-NI. Also see Dr. Henson's response on the OpenSSL mailing list at Verify AES-NI use at runtime? .