Re: CryptoExpress2 Processors and ZLinux SFTP/SSH
Accelerators (type CEX2A) Marcy Cortes "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Mark Jacobs Sent: Wednesday, January 16, 2008 5:08 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] CryptoExpress2 Processors and ZLinux SFTP/SSH Are your crypto processors configured as accelerators or as the default standard co-processors? Mark Jacobs
Re: CryptoExpress2 Processors and ZLinux SFTP/SSH
Are your crypto processors configured as accelerators or as the default standard co-processors? Mark Jacobs -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Marcy Cortes Sent: Wednesday, January 16, 2008 4:58 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: CryptoExpress2 Processors and ZLinux SFTP/SSH Openssl has the support in it to use them. OpenSSH needs a patch to turn them on. This is what we have implemented. Not sure how much it saves you though - we haven't really measured it lately. We got this from somewhere I can't remember!: diff -U 5 -Nr openssh-4.3p2/ssh.c openssh-4.3p2-mod/ssh.c --- ssh.c Fri Dec 30 22:33:38 2005 +++ ssh.c Mon Jul 17 15:58:24 2006 @@ -42,10 +42,11 @@ #include "includes.h" RCSID("$OpenBSD: ssh.c,v 1.257 2005/12/20 04:41:07 dtucker Exp $"); #include #include +#include #include "ssh.h" #include "ssh1.h" #include "ssh2.h" #include "compat.h" @@ -525,10 +526,14 @@ if (!host) usage(); SSLeay_add_all_algorithms(); ERR_load_crypto_strings(); + + /* Init available hardware crypto engines. */ + ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); /* Initialize the command to execute on remote host. */ buffer_init(&command); /* Marcy Cortes "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Mark Jacobs Sent: Wednesday, January 16, 2008 10:03 AM To: IBMVM@LISTSERV.UARK.EDU Subject: [IBMVM] CryptoExpress2 Processors and ZLinux SFTP/SSH Does anyone know if the ssl/sftp servers that run under zLinux can use the CryptoExpress2 processors as a performance aid. We are seeing a performance hit when we perform SFTP's to zLinux as compared to using FTP. zVM 5.3, SLES10 -- Mark Jacobs Time Customer Service Tampa, FL Riley: Find the next number in the sequence: 313, 331, 367, ...? what? The Doctor: 379. It's a sequence of happy primes, 379. Martha: Happy what? The Doctor: Just enter it! Riley: Are you sure? We only get one chance. The Doctor: Any number that reduces to one when you take the sum of the square of its digits and continue iterating until it yields 1 is a happy number, any number that doesn't, isn't. A happy prime is both happy and prime. Doctor Who episode "42"
Re: CryptoExpress2 Processors and ZLinux SFTP/SSH
Openssl has the support in it to use them. OpenSSH needs a patch to turn them on. This is what we have implemented. Not sure how much it saves you though - we haven't really measured it lately. We got this from somewhere I can't remember!: diff -U 5 -Nr openssh-4.3p2/ssh.c openssh-4.3p2-mod/ssh.c --- ssh.c Fri Dec 30 22:33:38 2005 +++ ssh.c Mon Jul 17 15:58:24 2006 @@ -42,10 +42,11 @@ #include "includes.h" RCSID("$OpenBSD: ssh.c,v 1.257 2005/12/20 04:41:07 dtucker Exp $"); #include #include +#include #include "ssh.h" #include "ssh1.h" #include "ssh2.h" #include "compat.h" @@ -525,10 +526,14 @@ if (!host) usage(); SSLeay_add_all_algorithms(); ERR_load_crypto_strings(); + + /* Init available hardware crypto engines. */ + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); /* Initialize the command to execute on remote host. */ buffer_init(&command); /* Marcy Cortes "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Mark Jacobs Sent: Wednesday, January 16, 2008 10:03 AM To: IBMVM@LISTSERV.UARK.EDU Subject: [IBMVM] CryptoExpress2 Processors and ZLinux SFTP/SSH Does anyone know if the ssl/sftp servers that run under zLinux can use the CryptoExpress2 processors as a performance aid. We are seeing a performance hit when we perform SFTP's to zLinux as compared to using FTP. zVM 5.3, SLES10 -- Mark Jacobs Time Customer Service Tampa, FL Riley: Find the next number in the sequence: 313, 331, 367, ...? what? The Doctor: 379. It's a sequence of happy primes, 379. Martha: Happy what? The Doctor: Just enter it! Riley: Are you sure? We only get one chance. The Doctor: Any number that reduces to one when you take the sum of the square of its digits and continue iterating until it yields 1 is a happy number, any number that doesn't, isn't. A happy prime is both happy and prime. Doctor Who episode "42"
CryptoExpress2 Processors and ZLinux SFTP/SSH
Does anyone know if the ssl/sftp servers that run under zLinux can use the CryptoExpress2 processors as a performance aid. We are seeing a performance hit when we perform SFTP's to zLinux as compared to using FTP. zVM 5.3, SLES10 -- Mark Jacobs Time Customer Service Tampa, FL Riley: Find the next number in the sequence: 313, 331, 367, ...? what? The Doctor: 379. It's a sequence of happy primes, 379. Martha: Happy what? The Doctor: Just enter it! Riley: Are you sure? We only get one chance. The Doctor: Any number that reduces to one when you take the sum of the square of its digits and continue iterating until it yields 1 is a happy number, any number that doesn't, isn't. A happy prime is both happy and prime. Doctor Who episode "42"