Hi there, For many years, OpenSSL was quite vocal about which hw-accelerated algos it can use: $ uname -UK 1200058 1200058 $ openssl version OpenSSL 1.0.2n-freebsd 7 Dec 2017 $ openssl engine -c -t (cryptodev) BSD cryptodev engine [RSA, DSA, DH] <<< word count = 3 [ available ] (dynamic) Dynamic engine loading support [ unavailable ] # kldload aesni <<< loading AESNI(4) $ openssl engine -c -t (cryptodev) BSD cryptodev engine [RSA, DSA, DH, AES-128-CBC, AES-192-CBC, AES-256-CBC] <<< word count = 6 [ available ] (dynamic) Dynamic engine loading support [ unavailable ] Since recently[*], OpenSSL had switched to some new engine. Now, the output is less verbose and seemingly unaffected by the presence of the aesni.ko module (or lack thereof): $ uname -UK 1300005 1300005 $ openssl version OpenSSL 1.1.1a-freebsd 20 Nov 2018 $ openssl engine -c -t (devcrypto) /dev/crypto engine [ available ] <<< which ones??? (dynamic) Dynamic engine loading support [ unavailable ] This does not look right. Also, now the popular "openssl speed -elapsed" benchmark apparently does not use kernel AESNI support even when it is loaded, because `system' CPU load is nearly zero (previously, in presence of aesni.ko, user load would drop to zero while system load would show that it's the kernel who's doing the job). Had something got broken here, or I'm misunderstanding how this machinery now works? ./danfe [*] http://freshbsd.org/commit/freebsd/src/342009Received on Thu Dec 20 2018 - 16:06:04 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:19 UTC