John,Ollivier,
I've found the openssl speed tests to be an unreliable measure of comparison.
I think you might be better served by comparing the
performance of encrypting/decrypting content, such as
dd if=/dev/zero bs=1M count=100 | openssl aes-128-cbc -e -pass pass:secretpwd |
\
openssl aes
According to John-Mark Gurney on Tue, Aug 27, 2013 at 07:27:28PM -0700:
> I guess now we need to figure out how to teach OpenSSL to use AES-NI
> natively even when /dev/crypto is available...
>
> but at least we did solve the (non-)issue of bad OpenSSL performance...
Excellent analysis, thank you
Ollivier Robert wrote this message on Tue, Aug 27, 2013 at 17:32 +0200:
> As I got a new machine with the AES-NI crypto extensions, I'm getting
> interested with it and as you may have seen, I've already merged into
> stable/9 two changesets for AES-NI support in GELI & cryptodev.
>
> Now, I'm t
According to Ollivier Robert:
> Notice the CDRIOCINITWRITER? My run does not show these: so after these
> lines, there are no "sessions" available and cryptodev is in fact not used.
Note to oneself, do not try to kdump a 9.1 trace file on a 9.2 system. Forget
the CDRIOCINITWRITER.
kdump -A out
According to John-Mark Gurney:
> I discovered a similar issue on HEAD w/ 1.0.1e where openssl speed -engine
> aes-256-cbc when ktraced would not issue any ioctl's during the speed
> test... You can see that it opens the device, but then it gets a number
> of failures:
> 11466 openssl CALL ioctl(
According to John-Mark Gurney:
> As far as I can tell, 1.0.1e doesn't properly detect AES-NI and uses
> these instructions when present, and cryptodev usage doesn't work, and
> doesn't warn when it fails...
>
> My own program that tests cryptodev out performs openssl because of
> this..
Yeah, tha
Ollivier Robert wrote this message on Tue, Aug 27, 2013 at 17:32 +0200:
> As I got a new machine with the AES-NI crypto extensions, I'm getting
> interested with it and as you may have seen, I've already merged into
> stable/9 two changesets for AES-NI support in GELI & cryptodev.
>
> Now, I'm t
