Speed problems with both system openssl and security/openssl-devel
Daniel Nebdal
dnebdal at gmail.com
Mon Sep 17 08:31:52 UTC 2018
On Fri, 14 Sep 2018 at 02:12, Lev Serebryakov <lev at freebsd.org> wrote:
>
> Hello John,
>
> Friday, September 14, 2018, 1:44:13 AM, you wrote:
>
> >> % grep aesni ~/nanobsd/gatevay.v3/J3160
> >> device aesni
>
> > From my understanding of the OpenSSL code, it doesn't use the kernel driver
> > at all (the kernel driver is only needed for in-kernel crypto such as IPSec
> > or GELI).
> It is my understanding too.
>
> > AESNI are just instructions that can be used in userland, and
> > OpenSSL's AESNI acceleration is purely different routines in userland.
> > I would verify if AESNI shows up in the CPU features in dmesg first (if it
> > doesn't I'd check for a BIOS option disabling it).
> It is enabled. It is used for sure by openssl 1.1.0 on Linux and bu openssl 1.1.1
> on FreeBSD, but not by openssl 1.0.2 and 1.1.0 on FreeBSD. Problem is,
> openssl 1.1.1 is not used by anything on FreeBSD (yet) and almost
> everything uses system (1.0.2) and only some other ports could use 1.1.0
> from ports.
>
> --
> Best regards,
> Lev mailto:lev at FreeBSD.org
>
Could it be relevant that the Debian binary was probably compiled with
gcc, and the FreeBSD binary with clang? This seems like the sort of
code that plausibly could bring out some compiler corner cases.
(It's weird that 1.1.1 is fine, though.)
--
Daniel Nebdal
More information about the freebsd-current
mailing list