dovecot - Nov 2011 - Solaris hardware crypto engines

Here are some blogs on the topic.

http://wikis.sun.com/display/CryptoPerf/Using+the+UltraSPARC+cryptographic+accelerators

Solaris 10
# /usr/sfw/bin/openssl engine -c -t
# cc -fast*-I /usr/sfw/include -L /usr/sfw/lib -lcrypto*  aes_test.c -o
aes_test.out


http://blogs.oracle.com/DanX/entry/sparc_t4_openssl_engine

http://blogs.oracle.com/DanX/entry/where_s_the_crypto_libraries

http://blogs.oracle.com/DanX/entry/solaris_x86_aesni_openssl_engine

http://blogs.oracle.com/chichang1/entry/rsa_performance_of_sun_fire

Here is some info from my intel box

Solaris 11
# /usr/bin/openssl engine -c -t
(aesni) Intel AES-NI engine (no-aesni)   % no-aesni means no aes H/W
acceleration
      [ available ]
(dynamic) Dynamic engine loading support
      [ unavailable ]
(pkcs11) PKCS #11 engine support
  [RSA, DSA, DH, RAND, DSA]
      [ available ]
$ isainfo -v  # My cpu does not have 'aes' support
64-bit amd64 applications
         cx16 sse3 sse2 sse fxsr mmx cmov amd_sysc cx8 tsc fpu
32-bit i386 applications
         ahf cx16 sse3 sse2 sse fxsr mmx cmov sep cx8 tsc fpu
# ldd  /opt/dovecot/libexec/dovecot/ssl-build-param
****     libssl.so.1.0.0 =>        /lib/libssl.so.1.0.0    ***
***     libcrypto.so.1.0.0 =>     /lib/libcrypto.so.1.0.0*  ***
         libc.so.1 =>      /lib/libc.so.1
         libnsl.so.1 =>    /lib/libnsl.so.1
         libsocket.so.1 =>         /lib/libsocket.so.1
         librt.so.1 =>     /lib/librt.so.1
         libsendfile.so.1 =>       /lib/libsendfile.so.1
         libmp.so.2 =>     /lib/libmp.so.2
         libmd.so.1 =>     /lib/libmd.so.1
         libm.so.2 =>      /lib/libm.so.2

./configure --prefix=/opt/dovecot  --with-ldap=yes --with-gssapi
--with-ssldir=/etc/openssl
Install prefix . : /opt/dovecot
File offsets ... : 64bit
I/O polling .... : poll
I/O notifys .... : none
SSL ............ : yes (OpenSSL)
GSSAPI ......... : yes
passdbs ........ : passwd passwd-file shadow pam checkpassword ldap
                  : -bsdauth -sia -sql -vpopmail
userdbs ........ : static prefetch passwd passwd-file checkpassword ldap
                  : -sql -vpopmail -nss
SQL drivers .... :
                  : -pgsql -mysql -sqlite



Note Under OpenSolaris I did the following:
CPPFLAGS=-I/usr/sfw/include  LDFLAGS=-R/usr/sfw/lib ./configure 
--prefix=/opt/dovecot  --with-ldap=yes --with-gssapi 
--with-ssldir=/etc/openssl
(most likely Solaris 10 is the same as above, openssl may look old but I 
believe it is patched with compatible *fixes* from current openssl so 
application do not break. Apparently it took 5mths to update Solaris 11 
to OpenSSL 1.0 and test everything)

Cheers
Damon.