Performance improvements for KCF AES modes
The KCF has numerous serious performance deficiencies under that severely impede its usability:
1) AES-NI acceleration code uses the CLTS instruction every 16 bytes of input, which causes VM exits when virtualized, severely impacting throughput
2) ECB, CTR, CBC and GCM mode implementations give very poor performance (lots of copying, no potential for pipelining)
3) Lack of assembly-optimized pipelineable versions of high-performance cipher combos (AES/CTR, AES/CBC)
4) Buffering of all ciphertext in the kernel when GCM decryption is performed.
This patch also includes work to improve the performance of the GHASH function in GCM ported over from the OpenSSL project.
More details can be found at: http://zfs-create.blogspot.com/2014/05/optimizing-illumos-kernel-crypto.html