cryptodev HW (aesni) vs software

Mike Tancsa mike at
Mon Nov 23 19:02:30 UTC 2015

On 11/23/2015 12:48 PM, RW via freebsd-questions wrote:
> The aesni kernel module provides AES-NI support for crypto/cryptodev in
> the kernel, not in userland.
>> Problem 3
>> In the best case FreeBSD inferior Linux in encryption by as much as
>> 23% at exactly the same hardware
> I think hardware would be more than 23% faster than software.

Make sure your version of openssl is actually aesni capable (releng9
doesnt have a version I think)


for some details on the userland use of it.

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192
aes-128-cbc     274206.29k   321032.83k   330511.33k   334024.02k
aes-128-cbc     385536.87k   662102.59k   810009.26k   854812.43k

openssl speed -elapsed -evp aes-128-cbc
OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc

Numbers from an i5 CPU that has aesni instructions.  No aesni module loaded.

% openssl version
OpenSSL 1.0.1p-freebsd 9 Jul 2015


Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at
Providing Internet services since 1994
Cambridge, Ontario Canada

More information about the freebsd-questions mailing list