Project

General

Profile

Actions

Bug #7810

closed

openssl/openvpn need to have loaded booth AESNI and cryptodev to accelerate AES operations , but gui alows you load only one at once

Added by Grzegorz Krzystek over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Operating System
Target version:
Start date:
08/24/2017
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4
Affected Architecture:

Description

[2.4.0-RC][]/boot/kernel: kldunload cryptodev
[2.4.0-RC][]/boot/kernel: kldunload aesni
Test with no accell
[2.4.0-RC][]/boot/kernel: openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 28667689 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 64 size blocks: 10861051 aes-256-cbc's in 2.99s
Doing aes-256-cbc for 3s on 256 size blocks: 3253311 aes-256-cbc's in 2.98s
Doing aes-256-cbc for 3s on 1024 size blocks: 857208 aes-256-cbc's in 2.98s
Doing aes-256-cbc for 3s on 8192 size blocks: 108972 aes-256-cbc's in 3.00s
OpenSSL 1.0.2k-freebsd 26 Jan 2017
built on: date not available
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-cbc 152894.34k 232307.39k 279069.36k 294125.57k 297566.21k

  1. cryptodev only
    [2.4.0-RC][]/boot/kernel: kldload cryptodev
    [2.4.0-RC][]/boot/kernel: openssl speed -evp aes-256-cbc
    Doing aes-256-cbc for 3s on 16 size blocks: 29882712 aes-256-cbc's in 3.03s
    Doing aes-256-cbc for 3s on 64 size blocks: 10840409 aes-256-cbc's in 2.98s
    Doing aes-256-cbc for 3s on 256 size blocks: 3260969 aes-256-cbc's in 2.99s
    Doing aes-256-cbc for 3s on 1024 size blocks: 857748 aes-256-cbc's in 2.99s
    Doing aes-256-cbc for 3s on 8192 size blocks: 112529 aes-256-cbc's in 3.09s
    OpenSSL 1.0.2k-freebsd 26 Jan 2017
    built on: date not available
    options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
    compiler: clang
    The 'numbers' are in 1000s of bytes per second processed.
    type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
    aes-256-cbc 157731.43k 232472.85k 278995.91k 293542.42k 298722.05k

#aesni , no cryptodev
[2.4.0-RC][]/boot/kernel: kldunload cryptodev
[2.4.0-RC][]/boot/kernel: kldload aesni
[2.4.0-RC][]/boot/kernel: openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 29881110 aes-256-cbc's in 3.05s
Doing aes-256-cbc for 3s on 64 size blocks: 11598720 aes-256-cbc's in 3.19s
Doing aes-256-cbc for 3s on 256 size blocks: 3341075 aes-256-cbc's in 3.05s
Doing aes-256-cbc for 3s on 1024 size blocks: 862423 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 8192 size blocks: 111657 aes-256-cbc's in 3.06s
OpenSSL 1.0.2k-freebsd 26 Jan 2017
built on: date not available
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-cbc 156914.14k 232884.10k 280000.88k 294373.72k 298675.64k

#cryptodev and aesni
[2.4.0-RC][]/boot/kernel: kldload cryptodev
[2.4.0-RC][]/boot/kernel: openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 875922 aes-256-cbc's in 0.36s
Doing aes-256-cbc for 3s on 64 size blocks: 853675 aes-256-cbc's in 0.29s
Doing aes-256-cbc for 3s on 256 size blocks: 690695 aes-256-cbc's in 0.25s
Doing aes-256-cbc for 3s on 1024 size blocks: 379340 aes-256-cbc's in 0.13s
Doing aes-256-cbc for 3s on 8192 size blocks: 73444 aes-256-cbc's in 0.06s
OpenSSL 1.0.2k-freebsd 26 Jan 2017
built on: date not available
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-cbc 38997.57k 189008.26k 707271.68k 3107553.28k 9626451.97k

imho we should keep loaded booth to accelerate OpenSSL and OpenVPN
Ipsec accelerates without Cryptodev.

Actions

Also available in: Atom PDF