# openssl and hardware acceleration AES-NI



## ironudjin (Jan 15, 2019)

Hello,

I'm trying to enable hardware acceleration for openssl.

CPU: Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz (3792.12-MHz K8-class CPU)
OS: 12.0-RELEASE-p2


```
# kldstat | egrep 'cryp|aes'
12    1 0xffffffff82f4a000     3110 cryptodev.ko
13    1 0xffffffff82f4e000     7ec0 aesni.ko
```


```
# dmesg | egrep 'aes|crypto'
cryptosoft0: <software crypto> on motherboard
aesni0: <AES-CBC,AES-XTS,AES-GCM,AES-ICM> on motherboard
```


```
# ls -la /dev/crypto
crw-rw-rw-  1 root  wheel  0x89 Jan 15 11:21 /dev/crypto
```

... but openssl doesn't see it:

```
# openssl engine -c -t 
(rdrand) Intel RDRAND engine
 [RAND]
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]
```

On my other server with 11-STABLE everything works fine:

```
# openssl engine -c -t
(cryptodev) BSD cryptodev engine
 [RSA, DSA, DH, AES-128-CBC, AES-192-CBC, AES-256-CBC]
     [ available ]
(rdrand) Intel RDRAND engine
 [RAND]
     [ available ]
(dynamic) Dynamic engine loading support
     [ unavailable ]
```

How can I enable AES-NI aceleration on 12-RELEASE?

Thank you!


----------



## SirDice (Jan 15, 2019)

https://www.freebsd.org/releases/12.0R/errata.html#open-issues


----------



## ironudjin (Jan 15, 2019)

Thnk you for the link. Is there a way to enable it back in -STABLE?


----------

