Re: Speed problems with both system openssl and security/openssl-devel

From: Daniel Nebdal <dnebdal_at_gmail.com>
Date: Mon, 17 Sep 2018 09:40:13 +0200
On Fri, 14 Sep 2018 at 02:12, Lev Serebryakov <lev_at_freebsd.org> wrote:
>
> Hello John,
>
> Friday, September 14, 2018, 1:44:13 AM, you wrote:
>
> >> % grep aesni ~/nanobsd/gatevay.v3/J3160
> >> device       aesni
>
> > From my understanding of the OpenSSL code, it doesn't use the kernel driver
> > at all (the kernel driver is only needed for in-kernel crypto such as IPSec
> > or GELI).
>  It is my understanding too.
>
> >  AESNI are just instructions that can be used in userland, and
> > OpenSSL's AESNI acceleration is purely different routines in userland.
> > I would verify if AESNI shows up in the CPU features in dmesg first (if it
> > doesn't I'd check for a BIOS option disabling it).
>   It is enabled. It is used for sure by openssl 1.1.0 on Linux and bu openssl 1.1.1
>  on FreeBSD, but not by openssl 1.0.2 and 1.1.0 on FreeBSD. Problem is,
>  openssl 1.1.1 is not used by anything on FreeBSD (yet) and almost
>  everything uses system (1.0.2) and only some other ports could use  1.1.0
>  from ports.
>
> --
> Best regards,
>  Lev                            mailto:lev_at_FreeBSD.org
>

Could it be relevant that the Debian binary was probably compiled with
gcc, and the FreeBSD binary with clang? This seems like the sort of
code that plausibly could bring out some compiler corner cases.
(It's weird that 1.1.1 is fine, though.)

--
Daniel Nebdal
Received on Mon Sep 17 2018 - 06:31:51 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:18 UTC