From owner-freebsd-current@freebsd.org  Thu Dec 20 17:06:04 2018
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9C3CB134D31F
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Thu, 20 Dec 2018 17:06:04 +0000 (UTC)
 (envelope-from danfe@regency.nsu.ru)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id EC77289128
 for <freebsd-current@freebsd.org>; Thu, 20 Dec 2018 17:06:03 +0000 (UTC)
 (envelope-from danfe@regency.nsu.ru)
Received: by mailman.ysv.freebsd.org (Postfix)
 id A9CFF134D31A; Thu, 20 Dec 2018 17:06:03 +0000 (UTC)
Delivered-To: current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 85888134D319
 for <current@mailman.ysv.freebsd.org>; Thu, 20 Dec 2018 17:06:03 +0000 (UTC)
 (envelope-from danfe@regency.nsu.ru)
Received: from mx.nsu.ru (mx.nsu.ru [84.237.50.39])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 45C718911D
 for <current@freebsd.org>; Thu, 20 Dec 2018 17:05:58 +0000 (UTC)
 (envelope-from danfe@regency.nsu.ru)
Received: from [84.237.50.47] (helo=regency.nsu.ru)
 by mx.nsu.ru with esmtp (Exim 4.72)
 (envelope-from <danfe@regency.nsu.ru>) id 1ga1lb-0004A0-Nz
 for current@freebsd.org; Fri, 21 Dec 2018 00:05:47 +0700
Received: from regency.nsu.ru (localhost [127.0.0.1])
 by regency.nsu.ru (8.14.2/8.14.2) with ESMTP id wBKHZeFh099806
 for <current@freebsd.org>; Thu, 20 Dec 2018 23:35:41 +0600 (NOVT)
 (envelope-from danfe@regency.nsu.ru)
Received: (from danfe@localhost)
 by regency.nsu.ru (8.14.2/8.14.2/Submit) id wBKHZZje099796
 for current@freebsd.org; Fri, 21 Dec 2018 00:35:35 +0700 (+07)
 (envelope-from danfe)
Date: Fri, 21 Dec 2018 00:35:35 +0700
From: Alexey Dokuchaev <danfe@nsu.ru>
To: current@freebsd.org
Subject: AESNI, /dev/crypto, and new OpenSSL
Message-ID: <20181220173535.GA2505@regency.nsu.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-KLMS-Rule-ID: 3
X-KLMS-Message-Action: skipped
X-KLMS-AntiSpam-Status: not scanned, whitelist
X-KLMS-AntiPhishing: not scanned, whitelist
X-KLMS-AntiVirus: Kaspersky Security 8.0 for Linux Mail Server,
 version 8.0.1.705, not scanned, whitelist
X-Rspamd-Queue-Id: 45C718911D
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org;
 spf=pass (mx1.freebsd.org: domain of danfe@regency.nsu.ru designates
 84.237.50.39 as permitted sender) smtp.mailfrom=danfe@regency.nsu.ru
X-Spamd-Result: default: False [-0.40 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.22)[-0.223,0]; FROM_HAS_DN(0.00)[];
 MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+a:mx.nsu.ru];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[current@freebsd.org];
 TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
 NEURAL_HAM_LONG(-0.39)[-0.389,0]; RCVD_COUNT_THREE(0.00)[4];
 RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 MX_GOOD(-0.01)[mx.nsu.ru]; NEURAL_HAM_SHORT(-0.28)[-0.280,0];
 DMARC_NA(0.00)[nsu.ru]; IP_SCORE(0.00)[country: RU(0.00)];
 FORGED_SENDER(0.30)[danfe@nsu.ru,danfe@regency.nsu.ru];
 RWL_MAILSPIKE_POSSIBLE(0.00)[39.50.237.84.rep.mailspike.net : 127.0.0.17];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:3335, ipnet:84.237.48.0/21, country:RU];
 FROM_NEQ_ENVFROM(0.00)[danfe@nsu.ru,danfe@regency.nsu.ru]
X-Mailman-Approved-At: Thu, 20 Dec 2018 17:20:14 +0000
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Dec 2018 17:06:04 -0000

Hi there,

For many years, OpenSSL was quite vocal about which hw-accelerated algos
it can use:

$ uname -UK
1200058 1200058
$ openssl version
OpenSSL 1.0.2n-freebsd  7 Dec 2017

$ openssl engine -c -t
(cryptodev) BSD cryptodev engine
 [RSA, DSA, DH]						<<< word count = 3
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]

# kldload aesni						<<< loading AESNI(4)

$ openssl engine -c -t
(cryptodev) BSD cryptodev engine
 [RSA, DSA, DH, AES-128-CBC, AES-192-CBC, AES-256-CBC]	<<< word count = 6
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]

Since recently[*], OpenSSL had switched to some new engine.  Now, the
output is less verbose and seemingly unaffected by the presence of the
aesni.ko module (or lack thereof):

$ uname -UK
1300005 1300005
$ openssl version
OpenSSL 1.1.1a-freebsd  20 Nov 2018

$ openssl engine -c -t
(devcrypto) /dev/crypto engine
     [ available ]					<<< which ones???
(dynamic) Dynamic engine loading support
     [ unavailable ]

This does not look right.  Also, now the popular "openssl speed -elapsed"
benchmark apparently does not use kernel AESNI support even when it is
loaded, because `system' CPU load is nearly zero (previously, in presence
of aesni.ko, user load would drop to zero while system load would show
that it's the kernel who's doing the job).

Had something got broken here, or I'm misunderstanding how this machinery
now works?

./danfe

[*] http://freshbsd.org/commit/freebsd/src/342009