From owner-freebsd-questions@FreeBSD.ORG Tue May 19 04:33:18 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A768E1065673 for ; Tue, 19 May 2009 04:33:18 +0000 (UTC) (envelope-from seklecki@noc.cfi.pgh.pa.us) Received: from collaborativefusion.com (mx01.pub.collaborativefusion.com [206.210.89.201]) by mx1.freebsd.org (Postfix) with ESMTP id 5ED0B8FC27 for ; Tue, 19 May 2009 04:33:18 +0000 (UTC) (envelope-from seklecki@noc.cfi.pgh.pa.us) Received: from Internal Mail-Server by mx01 (envelope-from seklecki@noc.cfi.pgh.pa.us) with AES256-SHA encrypted SMTP; 19 May 2009 00:06:36 -0400 From: Brian Seklecki To: Brendan Kennedy In-Reply-To: References: <1242397289.31340.3167.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> Content-Type: text/plain Organization: Collaborative Fusion, Inc. Date: Tue, 19 May 2009 00:06:09 -0400 Message-Id: <1242705969.3946.21.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.24.5 (2.24.5-1.fc10) Content-Transfer-Encoding: 7bit Cc: Steve Polyack , freebsd-questions@freebsd.org Subject: Re: FreeBSD 7.1 opencrypto --> kern.cryptodevallowsoft X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 May 2009 04:33:19 -0000 The openssl speed sub-command is a real PITA: Try: $ openssl speed -elapsed -evp aes-128-cbc (or des-ede3) Also goto /usr/src/tools/tools/crypto/ && make Run those utils to extract useful statistics out of the driver's kernel data structures. ~BAS On Mon, 2009-05-18 at 11:21 +0100, Brendan Kennedy wrote: > Hi Brian, Patrick, > > Thanks for your responses. I agree that it looks like a bug! I'm a bit > of a newb to FreeBSD. Where should I go to log this? > > I ran (as root ;) ) > > > openssl engine > (padlock) VIA PadLock (no-RNG, no-ACE) > (dynamic) Dynamic engine loading support > (cryptodev) BSD cryptodev engine > [RSA, DSA, DH] > > It can be seen only PKE functions are being shown as accelerated. > 'kldstat' only shows cryptodev.ko, but that's because I have 'crypto' > compiled as part of the kernel. > > I have found another issue here also - although 'openssl engine -c' > shows correct accelerated functionality of the hardware driver, > running a speed test (e.g. openssl speed des-ede3 -engine cryptodev) > does not result in any messages being sent to the driver apart from > the initial check for available algorithms. It seems only accelerated > PKE functions are run through the driver. It may be that the symmetric > functions are being run through the software device driver > (cryptosoft)... > > Could it be down to cryptodev engine being loaded twice in OpenSSL? Or > would cryptodev favour the software driver if CRYPTO_F_HARDWARE is not > set? > > Regards, > Brendan > > > 2009/5/15 Brian A. Seklecki : > > On Tue, 2009-05-12 at 19:14 +0100, Brendan Kennedy wrote: > >> Hi All, > >> > >> I'm trying to test a hardware crypto driver, but want to run my tests > >> through the software driver first (and possibly use the software > >> driver to validate results). > >> I have set the following in my GENERIC conf file: > >> > > > > What does kldstat(8) / openssl(1) return? > > > > % sudo openssl engine > > (dynamic) Dynamic engine loading support > > > > $ openssl engine > > (cryptodev) BSD cryptodev engine > > (padlock) VIA PadLock (no-RNG, no-ACE) > > (dynamic) Dynamic engine loading support > > > > $ kldstat |egrep -i 'cry|ub' > > 3 3 0xc0e06000 25b78 crypto.ko > > 7 1 0xc64c9000 4000 cryptodev.ko > > 8 1 0xc6546000 a000 ubsec.ko > > > > > > Return? > > > > ~BAS > > > > > >> device crypto > >> device enc > >> options IPSEC > >> > >> I have rebuilt the kernel, rebooted and set the > >> kern.cryptodevallowsoft kernel variable to 1: > >> > >> FreeBSD_26# sysctl -a | grep crypto > >> kern.cryptodevallowsoft: 1 > >> > >> However, when I try a test, I get the following: > >> > >> FreeBSD_26# /usr/src/tools/tools/crypto/cryptotest -va 3des > >> cipher 3des keylen 24 > >> CIOCGSESSION: Invalid argument > >> FreeBSD_26# /usr/src/tools/tools/crypto/cryptotest -va des > >> cipher des keylen 8 > >> CIOCGSESSION: Invalid argument > >> > >> It seems the software crypto device is not available. Do I need to do > >> any other steps to enable it? Is there another config option that > >> makes sure it is build as part of Opencrypto framework? Do I need to > >> build some other software driver instead? > >> > >> Best Regards, > >> Brendan > >> _______________________________________________ > >> freebsd-questions@freebsd.org mailing list > >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions > >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" This mail was sent via Mail-SeCure System.