geli vs openssl, geli is much slower

[Anonymous]

Hello All,

The disk encryption on my NAS (RAIDZ1 + ZFS + GELI (aes-128-xts)) is
running much slower than expected (80MB/S). It seems that GELI is much
slower than openssl for aes-128-xts, the results might be similar for
other cipher, but I only verified aes-128-xts and aes-128-cbc.

My NAS is running 9.3, but I was able to replicate on FreeBSD 10.2
(recent VM image) on a different machine.

OpenSSL w/o AES-NI:

OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-xts

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-xts      49702.86k   140889.72k   358413.11k   444357.17k   482859.72k

OpenSSL w/ AES-NI (not relevant, for demonstration purpose):

openssl speed -elapsed -evp aes-128-xts

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128-xts     417564.07k  1253833.96k  2302266.40k  2993555.43k  3411513.42k

w/ gzero:

dd if=/dev/zero of=/dev/gzero.eli bs=1m count=1000
1000+0 records in
1000+0 records out
1048576000 bytes transferred in 13.107259 secs (79999640 bytes/sec)

geli is only seing 76MB/s (4k sector) while openssl (even at 1k) is
doing 433 MB/s.

Am I comparing apples and oranges? Is this to be expected?

NOTE: It should not be related to AES-NI since my processor (an X3450)
doesn't support AES-NI, and I was seeing similar results.

NOTE2:

# uname -a
FreeBSD  10.2-RELEASE FreeBSD 10.2-RELEASE #0 r286666: Wed Aug 12
15:26:37 UTC 2015
root at releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64

# openssl version
OpenSSL 1.0.1p-freebsd 9 Jul 2015