[Pkg-openssl-devel] Bug#722397: openssl: aesni engine support for openssl 1.0.1

Nestor A Diaz nestor at tiendalinux.com
Tue Sep 10 16:12:33 UTC 2013 

Package: openssl
Version: 1.0.1e-2
Severity: wishlist

Dear Maintainer,

I am trying to set up a web server with openssl enabled and the new Intel
processor crypto instruction set, mostly known as the 'aesni' engine.

When I type:

# openssl engine

the system only shows:

(dynamic) Dynamic engine loading support

but not:
(aesni) Intel AES-NI engine

So I supposed openssl don't have aesni support compiled in, is that true ?

My proccessor currently support aes:

My CPU is:  Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz

cat /proc/cpuinfo | grep aes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm
constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc
aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr
pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm
ida arat epb xsaveopt pln pts dtherm tpr_shadow vnmi flexpriority ept vpid

Notice the 'aes' option.

The system already loaded all the aes crypto modules:

esni_intel            50667  0
aes_x86_64             16843  1 aesni_intel
aes_generic            33026  2 aes_x86_64,aesni_intel
cryptd                 14517  2 aesni_intel,ghash_clmulni_intel

I am planning to download debian packages and compile them alone, but since you
are the maintainer and you know more than me, enabling aesni is just a matter
of changing the 'configure' parameters ?

apt-get source openssl
apt-get build-dep openssl

and modify the 'rules' files only ?

Thank you very much.

Related resources I have found:

https://blogs.oracle.com/DanX/entry/solaris_x86_aesni_openssl_engine
http://www.intel.com/content/dam/doc/how-to-guide/aes-ni-for-linux-web-server-
guide.pdf







-- System Information:
Debian Release: 7.0
  APT prefers stable
  APT policy: (900, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssl depends on:
ii  libc6        2.13-38
ii  libssl1.0.0  1.0.1e-2
ii  zlib1g       1:1.2.7.dfsg-13

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates  20130119

-- no debconf information

More information about the Pkg-openssl-devel mailing list