# OpenSSL hardware acceleration



## Kriston (Oct 11, 2016)

Does the OpenSSL port support hardware acceleration with VIA PadLock and/or AES-NI?  I have run tests that are inconclusive but suggest it might not.  I am running i386 and amd64 on a VIA C7 processor with PadLock and an Intel Atom 230 processor with AES-NI, respectively.

Thanks very much.

Here is some more info:

https://en.wikipedia.org/wiki/AES_instruction_set
https://en.wikipedia.org/wiki/VIA_PadLock


----------



## ondra_knezour (Oct 11, 2016)

Do you have appropriate modules loaded or built in the kernel? padlock(4), aesni(4)


----------



## Kriston (Oct 12, 2016)

ondra_knezour said:


> Do you have appropriate modules loaded or built in the kernel? padlock(4), aesni(4)



I'm not sure if I do.  How do I install them, or verify that they are installed?

Thanks.


----------



## ivosevb (Oct 12, 2016)

`kldstat | grep aes`
`kldload aesni`


----------



## SirDice (Oct 12, 2016)

Almost all kernel modules can be loaded with kldload(8) and removed with kldunload(8). If you want to have it loaded automatically during boot, add to /boot/loader.conf:

```
aesni_load="YES"
```


----------



## Kriston (Oct 17, 2016)

I'll see how my benchmarks change.  Thanks!


----------



## Phishfry (Oct 17, 2016)

I seriously doubt if your Atom has AES-NI support. This feature was only available on the premium chips.

http://ark.intel.com/products/35635/Intel-Atom-Processor-230-512K-Cache-1_60-GHz-533-MHz-FSB


----------



## SirDice (Oct 17, 2016)

Indeed, not all Intel CPUs have it. Loading the module doesn't hurt though, it will just do nothing if the CPU doesn't support it.

If the CPU supports it you should see something like this when the module is loaded:

```
Sep 20 01:04:45 molly kernel: aesni0: <AES-CBC,AES-XTS,AES-GCM,AES-ICM> on motherboard
```

You can also tell by the CPU options if it's supported or not:

```
Sep 20 01:04:45 molly kernel: Features2=0x7fbae3ff<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,TSCDLT,[b]AESNI[/b],XSAVE,OSXSAVE,AVX,F16C,RDRAND>
```


----------

