From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lakostis@unsafe.ru>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_00,DNS_FROM_AHBL_RHSBL
	autolearn=no autolearn_force=no version=3.4.0
Date: Tue, 13 Jan 2015 11:43:23 +0100
From: Konstantin Lepikhov <lakostis@unsafe.ru>
To: sysadmins@lists.altlinux.org
Message-ID: <20150113104323.GA14621@lks.home>
References: <54AECDE7.1050400@altlinux.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <54AECDE7.1050400@altlinux.ru>
X-Operation-System: ALT Linux starter kit (Trientalis) 3.17.0-lks-wks-alt0.3
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [Sysadmins] AES-NI
X-BeenThere: sysadmins@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux sysadmins' discussion <sysadmins@lists.altlinux.org>
List-Id: ALT Linux sysadmins' discussion <sysadmins.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sysadmins>
List-Post: <mailto:sysadmins@lists.altlinux.org>
List-Help: <mailto:sysadmins-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jan 2015 10:43:27 -0000
Archived-At: <http://lore.altlinux.org/sysadmins/20150113104323.GA14621@lks.home/>
List-Archive: <http://lore.altlinux.org/sysadmins/>

Hi Anton!

On 01/08/15, at 09:35:19 PM you wrote:

> А openssl у нас умеет AES-NI  или нет?
> 
> Что-то по результатам openssl speed -elapsed -evp aes-128-ecb не похоже
> что бы у нас оно работало, даже после
> modprobe aesni_intel
> 
> 
Каким образом ядерная часть относится к работе userspace? AESNI либо есть,
либо нет, библиотека сама это определяет.

(вывод с fedora 21)

$ grep -m1 -o aes /proc/cpuinfo
aes

$ openssl speed aes-128-cbc
...
OpenSSL 1.0.1j-fips 15 Oct 2014
built on: Thu Oct 16 12:30:25 UTC 2014
options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial)
idea(int) blowfish(idx)
...
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192
bytes
aes-128 cbc     118336.07k   125923.07k   117123.93k   120369.49k
137565.53k

$ openssl speed -evp aes-128-cbc
...
OpenSSL 1.0.1j-fips 15 Oct 2014
built on: Thu Oct 16 12:30:25 UTC 2014
options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial)
idea(int) blowfish(idx) 
...
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192
bytes
aes-128-cbc     597352.44k   663475.33k   673784.15k   681143.98k
673792.00k

Последние команды как раз показывают, что AESNI используется.

В вашем случае имеет место копипаст из интернетов с неправильным cipher
mode (ecb вместо cbc)

-- 
WBR et al.