Ubuntu
openssl package

openssl without Intel AES-NI engine support

Bug #1001424 reported by f00fbug on 2012-05-18

16

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	openssl (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

Hi

testing hardware encryption acceleration for an ongoing project I found out that the shipped openssl version is shipped without Intel AES-NI engine support.

openssl engine
(rsax) RSAX engine support
(dynamic) Dynamic engine loading support

whereas an Intel AES-NI enabled openssl will show an additional
(aesni) Intel AES-NI engine

However as the shipped kernel offer hardware support via aesni_intel it will be really great if Intel AES-NI engine support can be enabled in openssl too.

1. )System: Ubuntu 12.04 LTS
Release: 12.04

2.) openssl: Installed: 1.0.1-4ubuntu5

3.) Please enable support for Intel AES-NI engine in openssl

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: openssl 1.0.1-4ubuntu5
ProcVersionSignature: Ubuntu 3.2.0-24.37-generic 3.2.14
Uname: Linux 3.2.0-24-generic x86_64
ApportVersion: 2.0.1-0ubuntu7
Architecture: amd64
Date: Fri May 18 22:02:27 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
ProcEnviron:
LANGUAGE=en_US:en
TERM=xterm
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Revision history for this message

f00fbug (topolm5678) wrote on 2012-05-18:

#1

Dependencies.txt Edit (475 bytes, text/plain; charset="utf-8")

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-05-21:

#2

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openssl (Ubuntu):
status:	New → Confirmed

Revision history for this message

Yann Rouillard (yann-pleiades) wrote on 2012-05-25:

#3

From what I know, there is no more aes-ni engine in openssl 1.0.1 as it is directly implemented at the EVP layer.

See https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=2619
and http://cvs.openssl.org/chngview?cn=21519

You should launch the command "openssl -evp aes-256-cbc" and check if the performance are good.

Yann

Revision history for this message

f00fbug (topolm5678) wrote on 2012-05-26:

#4

Ok, checked on laptop and thank you:

openssl speed aes-256-cbc:
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256 cbc 65946.23k 69650.84k 70175.06k 70328.66k 70747.10k

openssl speed -evp aes-256-cbc:
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-cbc 395007.24k 412543.55k 416381.01k 417706.33k 417756.50k

So it was there and I have missed the support of AES-NI in EVP. Bug can be changed to resolved.

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2012-05-29:

#5

Marking this bug as invalid since comment #4 confirmed that AES-NI support exists in the Ubuntu OpenSSL package.

Changed in openssl (Ubuntu):
status:	Confirmed → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Dependencies.txt Edit

Add attachment

Remote bug watches

openssl-rt #2619
[resolved] Edit

Bug watches keep track of this bug in other bug trackers.