From owner-freebsd-questions@freebsd.org Mon Nov 23 19:02:30 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 76E10A364FF for ; Mon, 23 Nov 2015 19:02:30 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [IPv6:2607:f3e0:0:1::12]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "smarthost.sentex.ca", Issuer "smarthost.sentex.ca" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 41A381327 for ; Mon, 23 Nov 2015 19:02:30 +0000 (UTC) (envelope-from mike@sentex.net) Received: from [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a] (saphire3.sentex.ca [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a]) by smarthost1.sentex.ca (8.15.2/8.15.2) with ESMTP id tANJ2TpS014977 for ; Mon, 23 Nov 2015 14:02:29 -0500 (EST) (envelope-from mike@sentex.net) Subject: Re: cryptodev HW (aesni) vs software To: freebsd-questions@freebsd.org References: <20151120200325.2baade9c@nonamehost.local> <20151120192920.119bbf91@gumby.homeunix.com> <20151122130329.6ea9b9c6@nonamehost.local> <86lh9qhtuw.fsf@WorkBox.Home> <20151123145326.63d3203b@nonamehost.local> <20151123174833.0e36619c@gumby.homeunix.com> From: Mike Tancsa Organization: Sentex Communications Message-ID: <565362B9.8020808@sentex.net> Date: Mon, 23 Nov 2015 14:02:17 -0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <20151123174833.0e36619c@gumby.homeunix.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.75 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Nov 2015 19:02:30 -0000 On 11/23/2015 12:48 PM, RW via freebsd-questions wrote: > > The aesni kernel module provides AES-NI support for crypto/cryptodev in > the kernel, not in userland. > > >> Problem 3 >> In the best case FreeBSD inferior Linux in encryption by as much as >> 23% at exactly the same hardware > > I think hardware would be more than 23% faster than software. Make sure your version of openssl is actually aesni capable (releng9 doesnt have a version I think) see http://stackoverflow.com/questions/25284119/how-can-i-check-if-openssl-is-support-use-the-intel-aes-ni for some details on the userland use of it. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 274206.29k 321032.83k 330511.33k 334024.02k 335142.91k aes-128-cbc 385536.87k 662102.59k 810009.26k 854812.43k 867447.30k openssl speed -elapsed -evp aes-128-cbc ... OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc Numbers from an i5 CPU that has aesni instructions. No aesni module loaded. % openssl version OpenSSL 1.0.1p-freebsd 9 Jul 2015 ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/