Date: Fri, 14 Sep 2018 03:11:33 +0300 From: Lev Serebryakov <lev@FreeBSD.org> To: John Baldwin <jhb@FreeBSD.org>, Kevin Oberman <rkoberman@gmail.com> Cc: current <current@freebsd.org>, brnrd@freebsd.org, Jung-uk Kim <jkim@freebsd.org> Subject: Re: Speed problems with both system openssl and security/openssl-devel Message-ID: <594107633.20180914031133@serebryakov.spb.ru> In-Reply-To: <73a0934b-136f-785e-57bc-1f5624eea4fa@FreeBSD.org> References: <43892083.20180913024646@serebryakov.spb.ru> <CAN6yY1usNXCzpnLhHLqbhcjHr6Y4X0%2BTrXiJzNAFY81S5nbzHw@mail.gmail.com> <7316152.20180913112742@serebryakov.spb.ru> <73a0934b-136f-785e-57bc-1f5624eea4fa@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello John, Friday, September 14, 2018, 1:44:13 AM, you wrote: >> % grep aesni ~/nanobsd/gatevay.v3/J3160 >> device aesni > From my understanding of the OpenSSL code, it doesn't use the kernel driver > at all (the kernel driver is only needed for in-kernel crypto such as IPSec > or GELI). It is my understanding too. > AESNI are just instructions that can be used in userland, and > OpenSSL's AESNI acceleration is purely different routines in userland. > I would verify if AESNI shows up in the CPU features in dmesg first (if it > doesn't I'd check for a BIOS option disabling it). It is enabled. It is used for sure by openssl 1.1.0 on Linux and bu openssl 1.1.1 on FreeBSD, but not by openssl 1.0.2 and 1.1.0 on FreeBSD. Problem is, openssl 1.1.1 is not used by anything on FreeBSD (yet) and almost everything uses system (1.0.2) and only some other ports could use 1.1.0 from ports. -- Best regards, Lev mailto:lev@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?594107633.20180914031133>