Date: Fri, 21 Dec 2018 00:35:35 +0700 From: Alexey Dokuchaev <danfe@nsu.ru> To: current@freebsd.org Subject: AESNI, /dev/crypto, and new OpenSSL Message-ID: <20181220173535.GA2505@regency.nsu.ru>
next in thread | raw e-mail | index | archive | help
Hi there,
For many years, OpenSSL was quite vocal about which hw-accelerated algos
it can use:
$ uname -UK
1200058 1200058
$ openssl version
OpenSSL 1.0.2n-freebsd 7 Dec 2017
$ openssl engine -c -t
(cryptodev) BSD cryptodev engine
[RSA, DSA, DH] <<< word count = 3
[ available ]
(dynamic) Dynamic engine loading support
[ unavailable ]
# kldload aesni <<< loading AESNI(4)
$ openssl engine -c -t
(cryptodev) BSD cryptodev engine
[RSA, DSA, DH, AES-128-CBC, AES-192-CBC, AES-256-CBC] <<< word count = 6
[ available ]
(dynamic) Dynamic engine loading support
[ unavailable ]
Since recently[*], OpenSSL had switched to some new engine. Now, the
output is less verbose and seemingly unaffected by the presence of the
aesni.ko module (or lack thereof):
$ uname -UK
1300005 1300005
$ openssl version
OpenSSL 1.1.1a-freebsd 20 Nov 2018
$ openssl engine -c -t
(devcrypto) /dev/crypto engine
[ available ] <<< which ones???
(dynamic) Dynamic engine loading support
[ unavailable ]
This does not look right. Also, now the popular "openssl speed -elapsed"
benchmark apparently does not use kernel AESNI support even when it is
loaded, because `system' CPU load is nearly zero (previously, in presence
of aesni.ko, user load would drop to zero while system load would show
that it's the kernel who's doing the job).
Had something got broken here, or I'm misunderstanding how this machinery
now works?
./danfe
[*] http://freshbsd.org/commit/freebsd/src/342009
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181220173535.GA2505>