AESNI, /dev/crypto, and new OpenSSL

From: Alexey Dokuchaev <danfe_at_nsu.ru>
Date: Fri, 21 Dec 2018 00:35:35 +0700
Hi there,

For many years, OpenSSL was quite vocal about which hw-accelerated algos
it can use:

$ uname -UK
1200058 1200058
$ openssl version
OpenSSL 1.0.2n-freebsd  7 Dec 2017

$ openssl engine -c -t
(cryptodev) BSD cryptodev engine
 [RSA, DSA, DH]						<<< word count = 3
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]

# kldload aesni						<<< loading AESNI(4)

$ openssl engine -c -t
(cryptodev) BSD cryptodev engine
 [RSA, DSA, DH, AES-128-CBC, AES-192-CBC, AES-256-CBC]	<<< word count = 6
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]

Since recently[*], OpenSSL had switched to some new engine.  Now, the
output is less verbose and seemingly unaffected by the presence of the
aesni.ko module (or lack thereof):

$ uname -UK
1300005 1300005
$ openssl version
OpenSSL 1.1.1a-freebsd  20 Nov 2018

$ openssl engine -c -t
(devcrypto) /dev/crypto engine
     [ available ]					<<< which ones???
(dynamic) Dynamic engine loading support
     [ unavailable ]

This does not look right.  Also, now the popular "openssl speed -elapsed"
benchmark apparently does not use kernel AESNI support even when it is
loaded, because `system' CPU load is nearly zero (previously, in presence
of aesni.ko, user load would drop to zero while system load would show
that it's the kernel who's doing the job).

Had something got broken here, or I'm misunderstanding how this machinery
now works?

./danfe

[*] http://freshbsd.org/commit/freebsd/src/342009
Received on Thu Dec 20 2018 - 16:06:04 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:19 UTC