Date: Mon, 25 May 2015 13:41:31 +0200 From: Christoph Moench-Tegeder <cmt@burggraben.net> To: freebsd-security@freebsd.org Subject: Re: Atom C2758 - loading aesni(4) reduces performance Message-ID: <20150525114131.GA1457@elch.exwg.net> In-Reply-To: <687C0C52-08FA-4234-9A64-527163EED3C8@dragondata.com> References: <6BA42026-C785-40B5-B9CF-DD4280693C41@dragondata.com> <20150524224454.GX37063@funkthat.com> <687C0C52-08FA-4234-9A64-527163EED3C8@dragondata.com>
next in thread | previous in thread | raw e-mail | index | archive | help
## Kevin Day (toasty@dragondata.com): > > If you have cryptodev loaded, this is to be expected as OpenSSL will > > use /dev/crypto instead of the AES-NI instructions.. Just don't load > > cryptodev and you'll be fine.. > > So to make sure I’m understanding… openssl has native AES-NI support, and > it also can use /dev/crypto. It’s preferring /dev/crypto, but /dev/crypto > has much higher overhead? Yes (I hadn't thought of cryptodev, because "why would one load that without really special crypto hardware?"). The overhead is obvious - when offloading the crypto operations to the kernel, the benefit of the kernel/hardware crypto support has to be better than the penalty of communicating with the kernel; and as you already have AES-NI support in openssl, there's not that much chance that the kernel is that much faster than openssl itself. Regards, Christoph -- Spare Space
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150525114131.GA1457>