Re: [Dovecot] Solaris hardware crypto engines

Mon, 21 Nov 2011 18:18:40 -0800 

Here are some blogs on the topic.

http://wikis.sun.com/display/CryptoPerf/Using+the+UltraSPARC+cryptographic+accelerators

Solaris 10
# /usr/sfw/bin/openssl engine -c -t
# cc -fast*-I /usr/sfw/include -L /usr/sfw/lib -lcrypto*  aes_test.c -o 
aes_test.out


http://blogs.oracle.com/DanX/entry/sparc_t4_openssl_engine

http://blogs.oracle.com/DanX/entry/where_s_the_crypto_libraries

http://blogs.oracle.com/DanX/entry/solaris_x86_aesni_openssl_engine

http://blogs.oracle.com/chichang1/entry/rsa_performance_of_sun_fire

Here is some info from my intel box

Solaris 11
# /usr/bin/openssl engine -c -t
(aesni) Intel AES-NI engine (no-aesni)   % no-aesni means no aes H/W 
acceleration
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]
(pkcs11) PKCS #11 engine support
 [RSA, DSA, DH, RAND, DSA]
     [ available ]
$ isainfo -v  # My cpu does not have 'aes' support
64-bit amd64 applications
        cx16 sse3 sse2 sse fxsr mmx cmov amd_sysc cx8 tsc fpu
32-bit i386 applications
        ahf cx16 sse3 sse2 sse fxsr mmx cmov sep cx8 tsc fpu
# ldd  /opt/dovecot/libexec/dovecot/ssl-build-param
****     libssl.so.1.0.0 =>        /lib/libssl.so.1.0.0    ***
***     libcrypto.so.1.0.0 =>     /lib/libcrypto.so.1.0.0*  ***
        libc.so.1 =>      /lib/libc.so.1
        libnsl.so.1 =>    /lib/libnsl.so.1
        libsocket.so.1 =>         /lib/libsocket.so.1
        librt.so.1 =>     /lib/librt.so.1
        libsendfile.so.1 =>       /lib/libsendfile.so.1
        libmp.so.2 =>     /lib/libmp.so.2
        libmd.so.1 =>     /lib/libmd.so.1
        libm.so.2 =>      /lib/libm.so.2

./configure --prefix=/opt/dovecot  --with-ldap=yes --with-gssapi 
--with-ssldir=/etc/openssl
Install prefix . : /opt/dovecot
File offsets ... : 64bit
I/O polling .... : poll
I/O notifys .... : none
SSL ............ : yes (OpenSSL)
GSSAPI ......... : yes
passdbs ........ : passwd passwd-file shadow pam checkpassword ldap
                 : -bsdauth -sia -sql -vpopmail
userdbs ........ : static prefetch passwd passwd-file checkpassword ldap
                 : -sql -vpopmail -nss
SQL drivers .... :
                 : -pgsql -mysql -sqlite



Note Under OpenSolaris I did the following:
CPPFLAGS=-I/usr/sfw/include LDFLAGS=-R/usr/sfw/lib ./configure --prefix=/opt/dovecot --with-ldap=yes --with-gssapi --with-ssldir=/etc/openssl (most likely Solaris 10 is the same as above, openssl may look old but I believe it is patched with compatible *fixes* from current openssl so application do not break. Apparently it took 5mths to update Solaris 11 to OpenSSL 1.0 and test everything) 

Cheers
Damon.

Reply via email to