Can i use OpenWrt on supermicro boards

dl12345 · March 15, 2023, 12:23pm

AESNI isn't implemented as an engine, so it won't show up as an engine. If you have AESNI in your openssl then it will automatically use it with the right command line switch (-evp) and will show it when you do a speed test. The output below is from my QAT-capable openssl, but you can see the compiler definition in the output -DAESNI_ASM

compiler: ccache_cc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -Wformatro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/opt/openwrt/x86/master/openwrt/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENBN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -DPIC

Openssl will automatically use AESNI when you use the -evp option. If you wish to check for sure if it's using openssl then try these two commands

This one should run much faster than the second one:

openssl speed -elapsed -evp aes-128-cbc

This below explicitly disables AESNI and forces a vanilla software only run. OPENSSL_ia32cap is the x86_64 capabilities vector that can be tweaked to enable/disable instruction set extensions

OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc

You can clearly see the difference in speed on my machine

root@openwrt:/etc# openssl speed -elapsed -evp aes-128-cbc
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 54073058 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 21815757 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6198768 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 1651775 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 210226 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 105253 aes-128-cbc's in 3.00s
OpenSSL 1.1.1k  25 Mar 2021
built on: Sat Mar 27 11:29:08 2021 UTC
options:bn(64,64) rc4(16x,int) des(int) aes(partial) blowfish(ptr)
compiler: ccache_cc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/opt/openwrt/x86/master/openwrt/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -DPIC
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc     288389.64k   465402.82k   528961.54k   563805.87k   574057.13k   574821.72k
root@openwrt:/etc# OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-cbc
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 18736508 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 5621367 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 1491052 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 378232 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 47467 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 23738 aes-128-cbc's in 3.00s
OpenSSL 1.1.1k  25 Mar 2021
built on: Sat Mar 27 11:29:08 2021 UTC
options:bn(64,64) rc4(16x,int) des(int) aes(partial) blowfish(ptr)
compiler: ccache_cc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wl,-z,now -Wl,-z,relro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/opt/openwrt/x86/master/openwrt/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -DPIC
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      99928.04k   119922.50k   127236.44k   129103.19k   129616.55k   129641.13k

system · March 25, 2023, 12:24pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.