From owner-freebsd-questions@FreeBSD.ORG Mon May 18 10:21:57 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D2C10106566C for ; Mon, 18 May 2009 10:21:57 +0000 (UTC) (envelope-from brendan.kennedy@gmail.com) Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.27]) by mx1.freebsd.org (Postfix) with ESMTP id 5D9C38FC0A for ; Mon, 18 May 2009 10:21:56 +0000 (UTC) (envelope-from brendan.kennedy@gmail.com) Received: by ey-out-2122.google.com with SMTP id 9so961812eyd.7 for ; Mon, 18 May 2009 03:21:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=bDxtcawYE6ibnG0jR3Cd2ll5qwW/sj2Ibeu3GeMpvEw=; b=iyRaoseZcM+mp5qkF02qgIbYpmC1JlFWeKBQsP5MhUJe3r/I0eEps1TCRDzbXEIU79 WR0AnwjI/XfrNQwukZiZku2Hlv98muCwjjF4GeoyiPq5LPyWVQjcLxgy3IvgNRjy0DSa o1d9MPiISNneOoru8GVmVKmRfGbs9oi9sdeNM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=wNPBPZnQoz0x7fgJfOhybvTlZrMBb7ICqBiamkwW6DxTBfFgI+ohck7/8Yov9nklu5 WPS+Nd29CepBq18SC+sSAnfds0c1SDW+owyxApO9ZIryzSM3/l8m9J3MchiZ9VJARwg9 88bG9mGGgEE6kYOMaKjTbZ4C9VbV55s+cVark= MIME-Version: 1.0 Received: by 10.216.37.212 with SMTP id y62mr2045971wea.5.1242642116091; Mon, 18 May 2009 03:21:56 -0700 (PDT) In-Reply-To: <1242397289.31340.3167.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> References: <1242397289.31340.3167.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> Date: Mon, 18 May 2009 11:21:56 +0100 Message-ID: From: Brendan Kennedy To: "Brian A. Seklecki" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Steve Polyack , freebsd-questions@freebsd.org Subject: Re: FreeBSD 7.1 opencrypto --> kern.cryptodevallowsoft X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2009 10:21:58 -0000 Hi Brian, Patrick, Thanks for your responses. I agree that it looks like a bug! I'm a bit of a newb to FreeBSD. Where should I go to log this? I ran (as root ;) ) > openssl engine (padlock) VIA PadLock (no-RNG, no-ACE) (dynamic) Dynamic engine loading support (cryptodev) BSD cryptodev engine [RSA, DSA, DH] It can be seen only PKE functions are being shown as accelerated. 'kldstat' only shows cryptodev.ko, but that's because I have 'crypto' compiled as part of the kernel. I have found another issue here also - although 'openssl engine -c' shows correct accelerated functionality of the hardware driver, running a speed test (e.g. openssl speed des-ede3 -engine cryptodev) does not result in any messages being sent to the driver apart from the initial check for available algorithms. It seems only accelerated PKE functions are run through the driver. It may be that the symmetric functions are being run through the software device driver (cryptosoft)... Could it be down to cryptodev engine being loaded twice in OpenSSL? Or would cryptodev favour the software driver if CRYPTO_F_HARDWARE is not set? Regards, Brendan 2009/5/15 Brian A. Seklecki : > On Tue, 2009-05-12 at 19:14 +0100, Brendan Kennedy wrote: >> Hi All, >> >> I'm trying to test a hardware crypto driver, but want to run my tests >> through the software driver first (and possibly use the software >> driver to validate results). >> I have set the following in my GENERIC conf file: >> > > What does kldstat(8) / openssl(1) return? > > % sudo openssl engine > (dynamic) Dynamic engine loading support > > $ openssl engine > (cryptodev) BSD cryptodev engine > (padlock) VIA PadLock (no-RNG, no-ACE) > (dynamic) Dynamic engine loading support > > $ kldstat |egrep -i 'cry|ub' > =A03 =A0 =A03 0xc0e06000 25b78 =A0 =A0crypto.ko > =A07 =A0 =A01 0xc64c9000 4000 =A0 =A0 cryptodev.ko > =A08 =A0 =A01 0xc6546000 a000 =A0 =A0 ubsec.ko > > > Return? > > ~BAS > > >> device =A0 =A0 =A0 =A0 =A0crypto >> device =A0 =A0 =A0 =A0 =A0enc >> options =A0 =A0 =A0 =A0 IPSEC >> >> I have rebuilt the kernel, rebooted and set the >> kern.cryptodevallowsoft kernel variable to 1: >> >> FreeBSD_26# sysctl -a | grep crypto >> kern.cryptodevallowsoft: 1 >> >> However, when I try a test, I get the following: >> >> FreeBSD_26# /usr/src/tools/tools/crypto/cryptotest -va 3des >> cipher 3des keylen 24 >> CIOCGSESSION: Invalid argument >> FreeBSD_26# /usr/src/tools/tools/crypto/cryptotest -va des >> cipher des keylen 8 >> CIOCGSESSION: Invalid argument >> >> It seems the software crypto device is not available. Do I need to do >> any other steps to enable it? Is there another config option that >> makes sure it is build as part of Opencrypto framework? Do I need to >> build some other software driver instead? >> >> Best Regards, >> Brendan >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.= org" > >