cryptodev HW (aesni) vs software
Mike Tancsa
mike at sentex.net
Mon Nov 23 19:02:30 UTC 2015
On 11/23/2015 12:48 PM, RW via freebsd-questions wrote:
>
> The aesni kernel module provides AES-NI support for crypto/cryptodev in
> the kernel, not in userland.
>
>
>> Problem 3
>> In the best case FreeBSD inferior Linux in encryption by as much as
>> 23% at exactly the same hardware
>
> I think hardware would be more than 23% faster than software.
Make sure your version of openssl is actually aesni capable (releng9
doesnt have a version I think)
see
http://stackoverflow.com/questions/25284119/how-can-i-check-if-openssl-is-support-use-the-intel-aes-ni
for some details on the userland use of it.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192
bytes
aes-128-cbc 274206.29k 321032.83k 330511.33k 334024.02k
335142.91k
aes-128-cbc 385536.87k 662102.59k 810009.26k 854812.43k
867447.30k
openssl speed -elapsed -evp aes-128-cbc
...
OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc
Numbers from an i5 CPU that has aesni instructions. No aesni module loaded.
% openssl version
OpenSSL 1.0.1p-freebsd 9 Jul 2015
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
More information about the freebsd-questions
mailing list