Package: openssl Version: 1.0.1e-2 Severity: wishlist Dear Maintainer,
I am trying to set up a web server with openssl enabled and the new Intel processor crypto instruction set, mostly known as the 'aesni' engine. When I type: # openssl engine the system only shows: (dynamic) Dynamic engine loading support but not: (aesni) Intel AES-NI engine So I supposed openssl don't have aesni support compiled in, is that true ? My proccessor currently support aes: My CPU is: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz cat /proc/cpuinfo | grep aes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb xsaveopt pln pts dtherm tpr_shadow vnmi flexpriority ept vpid Notice the 'aes' option. The system already loaded all the aes crypto modules: esni_intel 50667 0 aes_x86_64 16843 1 aesni_intel aes_generic 33026 2 aes_x86_64,aesni_intel cryptd 14517 2 aesni_intel,ghash_clmulni_intel I am planning to download debian packages and compile them alone, but since you are the maintainer and you know more than me, enabling aesni is just a matter of changing the 'configure' parameters ? apt-get source openssl apt-get build-dep openssl and modify the 'rules' files only ? Thank you very much. Related resources I have found: https://blogs.oracle.com/DanX/entry/solaris_x86_aesni_openssl_engine http://www.intel.com/content/dam/doc/how-to-guide/aes-ni-for-linux-web-server- guide.pdf -- System Information: Debian Release: 7.0 APT prefers stable APT policy: (900, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssl depends on: ii libc6 2.13-38 ii libssl1.0.0 1.0.1e-2 ii zlib1g 1:1.2.7.dfsg-13 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20130119 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org