Project

General

Profile

Actions

Feature #11876

open

OpenSSL does not use QAT acceleration on pfSense Plus 21.02-RELEASE-p1 or 21.05-DEVELOPMENT

Added by Adam Goldberg 6 months ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Hardware / Drivers
Target version:
-
Start date:
05/02/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

QAT acceleration is not being utilized by OpenSSL.
The QAT driver is loaded

# kldstat
Id Refs Address                Size Name
 1   19 0xffffffff80200000  3aedcb0 kernel
 2    1 0xffffffff83f21000     1000 cpuctl.ko
 3    1 0xffffffff83f22000    146e0 qat.ko
 4    1 0xffffffff83f37000    40336 qat_c3xxxfw.ko
 5    1 0xffffffff83f78000      b28 coretemp.ko
 6    1 0xffffffff83f79000     8cd0 aesni.ko 
 7    1 0xffffffff83f82000     37f8 cryptodev.ko

But OpenSSL doesn't see the QAT engine

# openssl engine
(devcrypto) /dev/crypto engine
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support

Even though devcrypto QAT is not utilized

[21.05-DEVELOPMENT][root@gw01]/: kldstat
Id Refs Address                Size Name
 1   25 0xffffffff80200000  3aebf68 kernel
 2    1 0xffffffff83cec000   3bbb70 zfs.ko
 3    2 0xffffffff840a8000     a448 opensolaris.ko
 4    1 0xffffffff844e6000     1000 cpuctl.ko
 5    1 0xffffffff844e7000    146e0 qat.ko
 6    1 0xffffffff844fc000    9f521 qat_c3xxxfw.ko
 7    1 0xffffffff8459c000      b28 coretemp.ko
 8    1 0xffffffff8459d000     37f8 cryptodev.ko
[21.05-DEVELOPMENT][root@gw01]/: openssl engine
(devcrypto) /dev/crypto engine
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support
[21.05-DEVELOPMENT][root@gw01]/: openssl speed rsa2048
Doing 2048 bits private rsa's for 10s: 3651 2048 bits private RSA's in 9.84s
Doing 2048 bits public rsa's for 10s: 125823 2048 bits public RSA's in 9.84s
OpenSSL 1.1.1k-freebsd  25 Mar 2021
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: clang
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.002694s 0.000078s    371.2  12792.2
[21.05-DEVELOPMENT][root@gw01]/: openssl speed ecdhx25519
Doing 253 bits  ecdh's for 10s: 77026 253-bits ECDH ops in 9.85s
OpenSSL 1.1.1k-freebsd  25 Mar 2021
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: clang
                              op      op/s
 253 bits ecdh (X25519)   0.0001s   7818.7
[21.05-DEVELOPMENT][root@gw01]/: openssl speed -evp aes-128-gcm
Doing aes-128-gcm for 3s on 16 size blocks: 32281714 aes-128-gcm's in 3.00s
Doing aes-128-gcm for 3s on 64 size blocks: 18676449 aes-128-gcm's in 2.70s
Doing aes-128-gcm for 3s on 256 size blocks: 8272172 aes-128-gcm's in 2.90s
Doing aes-128-gcm for 3s on 1024 size blocks: 2564473 aes-128-gcm's in 2.98s
Doing aes-128-gcm for 3s on 8192 size blocks: 336340 aes-128-gcm's in 2.99s
Doing aes-128-gcm for 3s on 16384 size blocks: 160840 aes-128-gcm's in 2.84s
OpenSSL 1.1.1k-freebsd  25 Mar 2021
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-gcm     172169.14k   443470.93k   730626.77k   879923.05k   920830.42k   926664.64k
[21.05-DEVELOPMENT][root@gw01]/: openssl speed -evp aes-128-gcm
Doing aes-128-gcm for 3s on 16 size blocks: 32255868 aes-128-gcm's in 2.99s
Doing aes-128-gcm for 3s on 64 size blocks: 20729035 aes-128-gcm's in 3.00s
Doing aes-128-gcm for 3s on 256 size blocks: 8243093 aes-128-gcm's in 2.88s
Doing aes-128-gcm for 3s on 1024 size blocks: 2532296 aes-128-gcm's in 2.95s
Doing aes-128-gcm for 3s on 8192 size blocks: 336769 aes-128-gcm's in 2.99s
Doing aes-128-gcm for 3s on 16384 size blocks: 168888 aes-128-gcm's in 2.98s
OpenSSL 1.1.1k-freebsd  25 Mar 2021
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-gcm     172480.46k   442219.41k   732004.53k   878076.99k   922004.94k   927182.74k
[21.05-DEVELOPMENT][root@gw01]/: clear
[21.05-DEVELOPMENT][root@gw01]/: openssl engine
(devcrypto) /dev/crypto engine
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support
[21.05-DEVELOPMENT][root@gw01]/: openssl speed -engine rdrand  rsa2048
engine "rdrand" set.
Doing 2048 bits private rsa's for 10s: 3630 2048 bits private RSA's in 9.79s
Doing 2048 bits public rsa's for 10s: 125602 2048 bits public RSA's in 9.83s
OpenSSL 1.1.1k-freebsd  25 Mar 2021
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: clang
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.002697s 0.000078s    370.8  12779.9
[21.05-DEVELOPMENT][root@gw01]/: openssl speed -engine devcrypto rsa2048
engine "devcrypto" set.
Doing 2048 bits private rsa's for 10s: 3638 2048 bits private RSA's in 9.80s
Doing 2048 bits public rsa's for 10s: 125636 2048 bits public RSA's in 9.84s
OpenSSL 1.1.1k-freebsd  25 Mar 2021
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: clang
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.002695s 0.000078s    371.0  12773.2
[21.05-DEVELOPMENT][root@gw01]/: openssl speed -engine rdrand -async_jobs 8 rsa2048
engine "rdrand" set.
Doing 2048 bits private rsa's for 10s: 3543 2048 bits private RSA's in 9.56s
Doing 2048 bits public rsa's for 10s: 124895 2048 bits public RSA's in 9.80s
OpenSSL 1.1.1k-freebsd  25 Mar 2021
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: clang
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.002699s 0.000079s    370.5  12738.3
[21.05-DEVELOPMENT][root@gw01]/: openssl speed -engine devcrypto -async_jobs 8 rsa2048
engine "devcrypto" set.
Doing 2048 bits private rsa's for 10s: 3648 2048 bits private RSA's in 9.84s
Doing 2048 bits public rsa's for 10s: 125619 2048 bits public RSA's in 9.83s
OpenSSL 1.1.1k-freebsd  25 Mar 2021
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: clang
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.002696s 0.000078s    370.9  12781.6
[21.05-DEVELOPMENT][root@gw01]/: openssl speed -engine rdrand ecdhx25519
engine "rdrand" set.
Doing 253 bits  ecdh's for 10s: 74337 253-bits ECDH ops in 9.52s
OpenSSL 1.1.1k-freebsd  25 Mar 2021
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: clang
                              op      op/s
 253 bits ecdh (X25519)   0.0001s   7805.7
[21.05-DEVELOPMENT][root@gw01]/: openssl speed -engine devcrypto ecdhx25519
engine "devcrypto" set.
Doing 253 bits  ecdh's for 10s: 75745 253-bits ECDH ops in 9.69s
OpenSSL 1.1.1k-freebsd  25 Mar 2021
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: clang
                              op      op/s
 253 bits ecdh (X25519)   0.0001s   7818.8
[21.05-DEVELOPMENT][root@gw01]/: openssl speed -engine rdrand -evp aes-128-gcm
engine "rdrand" set.
Doing aes-128-gcm for 3s on 16 size blocks: 30782618 aes-128-gcm's in 2.86s
Doing aes-128-gcm for 3s on 64 size blocks: 20747977 aes-128-gcm's in 2.99s
Doing aes-128-gcm for 3s on 256 size blocks: 8580626 aes-128-gcm's in 3.00s
Doing aes-128-gcm for 3s on 1024 size blocks: 2572191 aes-128-gcm's in 2.99s
Doing aes-128-gcm for 3s on 8192 size blocks: 320648 aes-128-gcm's in 2.85s
Doing aes-128-gcm for 3s on 16384 size blocks: 169422 aes-128-gcm's in 2.98s
OpenSSL 1.1.1k-freebsd  25 Mar 2021
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-gcm     172248.09k   443779.18k   732213.42k   880266.89k   921161.09k   930114.36k
[21.05-DEVELOPMENT][root@gw01]/: openssl speed -engine devcrypto -evp aes-128-gcm
engine "devcrypto" set.
Doing aes-128-gcm for 3s on 16 size blocks: 32215536 aes-128-gcm's in 2.99s
Doing aes-128-gcm for 3s on 64 size blocks: 19703584 aes-128-gcm's in 2.85s
Doing aes-128-gcm for 3s on 256 size blocks: 8581766 aes-128-gcm's in 2.99s
Doing aes-128-gcm for 3s on 1024 size blocks: 2575100 aes-128-gcm's in 3.00s
Doing aes-128-gcm for 3s on 8192 size blocks: 320421 aes-128-gcm's in 2.84s
Doing aes-128-gcm for 3s on 16384 size blocks: 169559 aes-128-gcm's in 3.00s
OpenSSL 1.1.1k-freebsd  25 Mar 2021
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-gcm     172264.80k   442224.00k   734222.74k   878967.47k   923037.83k   926018.22k
[21.05-DEVELOPMENT][root@gw01]/:
Actions

Also available in: Atom PDF