Re: AESNI, /dev/crypto, and new OpenSSL
On Fri, Dec 21, 2018 at 01:10:07AM +0700, Alexey Dokuchaev wrote: > On Thu, Dec 20, 2018 at 09:33:41AM -0800, Freddie Cash wrote: > > On Thu, Dec 20, 2018 at 9:21 AM Alexey Dokuchaev wrote: > > > Had something got broken here, or I'm misunderstanding how this machinery > > > now works? > > > > Start reading here: > > > > https://lists.freebsd.org/pipermail/freebsd-stable/2018-December/090195.html > > > > That thread covers this issue. :) Along with the "fix" for it. > > Thanks for the pointer. I've checked both -current and -hackers MLs prior > to posting, but didn't expect this would show up on -stable first. :) In case people find this thread and want quick answers without having to deviate to -stable, here's a quick summary and my speed test results, with some quotes from delphij@, jhb@, et al.: 1) aesni(4) and crypto[dev](4) modules are not required now for OpenSSL, and userland acceleration in general, to work; 2) On capable systems, AES-NI would be used automatically. In fact, it's much faster to use the AES-NI instructions in userland than to use a system call that copies the data into a kernel buffer, uses the same AES-NI instructions, then copies the data back out again along with the overhead of a pair of user <--> kernel transitions. (Note from me: if you've observed very strange results when using -evp with aesni(4) + BSD cryptodev engine on OpenSSL 1.0.2, it was probably because of that user <--> kernel multicopying.) Some quick naive benchmarks on AMD A8-5550M APU (results were trimmed for brevity): baseline: openssl speed -elapsed aes-128-cbc: 16 bytes64 bytes256 bytes 1024 bytes 8192 bytes 16384 bytes 35922.35k 39346.28k 40492.29k 94625.81k 95194.36k95619.24k hardware extensions: openssl speed -elapsed -evp aes-128-cbc 16 bytes64 bytes256 bytes 1024 bytes 8192 bytes 16384 bytes 133823.08k 186960.39k 226363.05k 238189.15k 241782.56k 241646.38k AES-NI disabled: env OPENSSL_ia32cap="~0x200" openssl speed -elapsed -evp aes-128-cbc: 16 bytes64 bytes256 bytes 1024 bytes 8192 bytes 16384 bytes 54820.92k 64884.98k 69229.02k 70424.31k 70731.22k70714.02k It's interesting how -evp run w/o AES-NI got capped at ~67 GB/s, while the baseline had sustained at ~91 GB/s. AES-NI run had reached pretty solid ~230 GB/s. ./danfe ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: AESNI, /dev/crypto, and new OpenSSL
On Thu, Dec 20, 2018 at 09:33:41AM -0800, Freddie Cash wrote: > On Thu, Dec 20, 2018 at 9:21 AM Alexey Dokuchaev wrote: > > Had something got broken here, or I'm misunderstanding how this machinery > > now works? > > Start reading here: > > https://lists.freebsd.org/pipermail/freebsd-stable/2018-December/090195.html > > That thread covers this issue. :) Along with the "fix" for it. Thanks for the pointer. I've checked both -current and -hackers MLs prior to posting, but didn't expect this would show up on -stable first. :) ./danfe ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: AESNI, /dev/crypto, and new OpenSSL
On Thu, Dec 20, 2018 at 9:21 AM Alexey Dokuchaev wrote: > Had something got broken here, or I'm misunderstanding how this machinery > now works? > Start reading here: https://lists.freebsd.org/pipermail/freebsd-stable/2018-December/090195.html That thread covers this issue. :) Along with the "fix" for it. -- Freddie Cash fjwc...@gmail.com ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
AESNI, /dev/crypto, and new OpenSSL
Hi there, For many years, OpenSSL was quite vocal about which hw-accelerated algos it can use: $ uname -UK 1200058 1200058 $ openssl version OpenSSL 1.0.2n-freebsd 7 Dec 2017 $ openssl engine -c -t (cryptodev) BSD cryptodev engine [RSA, DSA, DH] <<< word count = 3 [ available ] (dynamic) Dynamic engine loading support [ unavailable ] # kldload aesni <<< loading AESNI(4) $ openssl engine -c -t (cryptodev) BSD cryptodev engine [RSA, DSA, DH, AES-128-CBC, AES-192-CBC, AES-256-CBC] <<< word count = 6 [ available ] (dynamic) Dynamic engine loading support [ unavailable ] Since recently[*], OpenSSL had switched to some new engine. Now, the output is less verbose and seemingly unaffected by the presence of the aesni.ko module (or lack thereof): $ uname -UK 135 135 $ openssl version OpenSSL 1.1.1a-freebsd 20 Nov 2018 $ openssl engine -c -t (devcrypto) /dev/crypto engine [ available ] <<< which ones??? (dynamic) Dynamic engine loading support [ unavailable ] This does not look right. Also, now the popular "openssl speed -elapsed" benchmark apparently does not use kernel AESNI support even when it is loaded, because `system' CPU load is nearly zero (previously, in presence of aesni.ko, user load would drop to zero while system load would show that it's the kernel who's doing the job). Had something got broken here, or I'm misunderstanding how this machinery now works? ./danfe [*] http://freshbsd.org/commit/freebsd/src/342009 ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
