[tor-talk] Tor and AES-NI acceleration , and Tor profiling

Nick Mathewson nickm at torproject.org
Tue Nov 8 15:29:09 UTC 2011


On Sun, Nov 6, 2011 at 8:57 PM, Moritz Bartl <moritz at torservers.net> wrote:
> Hi,
>
> Thanks to a new deal at www.axigy.com (Thanks! They're great!), we now
> have a shiny dedicated Gbit/s exit with a Sandy Bridge CPU (Quad Xeon
> E3-1230). Details on the setup steps I performed to enable AES-NI are
> documented at
> https://www.torservers.net/wiki/setup/server#aes-ni_crypto_acceleration
>
> Decided to use Ubuntu because it comes with AES-NI kernel support and
> patched OpenSSL. I had to enable AES-NI in the BIOS (disabled by default
> on many motherboards) and load the module. Then put the relevant
> switches in torrc to use it and restarted the processes.
>
> [notice] Using OpenSSL engine Intel AES-NI engine [aesni] for AES
>
> So my guess is that it is now being used, but I must say I would have
> expected larger profit.

Hmm.  On examination it looks like there might be some uses of
OpenSSL's AES_encrypt function left around in your profile.  Try
changing the beginning of Tor's aes.c so that the line that now says:

  #undef USE_OPENSSL_EVP

now says

  #define USE_OPENSSL_EVP

Does that improve matters at all?

-- 
Nick


More information about the tor-talk mailing list