Date: Tue, 19 May 2009 14:25:24 +0100 From: Brendan Kennedy <brendan.kennedy@gmail.com> To: Brian Seklecki <seklecki@noc.cfi.pgh.pa.us> Cc: Steve Polyack <spolyack@gmail.com>, freebsd-questions@freebsd.org Subject: Re: FreeBSD 7.1 opencrypto --> kern.cryptodevallowsoft Message-ID: <db3b765b0905190625q3eb1e0c1l820930ed0c3e2c3a@mail.gmail.com> In-Reply-To: <1242705969.3946.21.camel@localhost.localdomain> References: <db3b765b0905121114k4c16f924n854b66c3dd467320@mail.gmail.com> <1242397289.31340.3167.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> <db3b765b0905180321x27bf720ay1c8cae199d02bd3a@mail.gmail.com> <1242705969.3946.21.camel@localhost.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
Agreed! The driver doesn't seem to be getting executed through OpenSSH/OpenSSL for ssh session setup either (it used to work that way on FreeBSD 6.2, I don't know if this feature has been left up to the user to enable in FreeBSD 7.x??). thanks for the tools, I'll give them a go. The driver is being accessed properly from 'cryptotest', so I guess that's something. 2009/5/19 Brian Seklecki <seklecki@noc.cfi.pgh.pa.us>: > The openssl speed sub-command is a real PITA: > > Try: > > =A0$ openssl speed -elapsed -evp aes-128-cbc (or des-ede3) > > Also goto /usr/src/tools/tools/crypto/ && make > > Run those utils to extract useful statistics out of the driver's kernel > data structures. > > ~BAS > > On Mon, 2009-05-18 at 11:21 +0100, Brendan Kennedy wrote: >> Hi Brian, Patrick, >> >> Thanks for your responses. I agree that it looks like a bug! I'm a bit >> of a newb to FreeBSD. Where should I go to log this? >> >> I ran (as root ;) ) >> >> > openssl engine >> (padlock) VIA PadLock (no-RNG, no-ACE) >> (dynamic) Dynamic engine loading support >> (cryptodev) BSD cryptodev engine >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0[RSA, DSA, DH= ] >> >> It can be seen only PKE functions are being shown as accelerated. >> 'kldstat' only shows cryptodev.ko, but that's because I have 'crypto' >> compiled as part of the kernel. >> >> I have found another issue here also - although 'openssl engine -c' >> shows correct accelerated functionality of the hardware driver, >> running a speed test (e.g. openssl speed des-ede3 -engine cryptodev) >> does not result in any messages being sent to the driver apart from >> the initial check for available algorithms. It seems only accelerated >> PKE functions are run through the driver. It may be that the symmetric >> functions are being run through the software device driver >> (cryptosoft)... >> >> Could it be down to cryptodev engine being loaded twice in OpenSSL? Or >> would cryptodev favour the software driver if CRYPTO_F_HARDWARE is not >> set? >> >> Regards, >> Brendan >> >> >> 2009/5/15 Brian A. Seklecki <seklecki@noc.cfi.pgh.pa.us>: >> > On Tue, 2009-05-12 at 19:14 +0100, Brendan Kennedy wrote: >> >> Hi All, >> >> >> >> I'm trying to test a hardware crypto driver, but want to run my tests >> >> through the software driver first (and possibly use the software >> >> driver to validate results). >> >> I have set the following in my GENERIC conf file: >> >> >> > >> > What does kldstat(8) / openssl(1) return? >> > >> > % sudo openssl engine >> > (dynamic) Dynamic engine loading support >> > >> > $ openssl engine >> > (cryptodev) BSD cryptodev engine >> > (padlock) VIA PadLock (no-RNG, no-ACE) >> > (dynamic) Dynamic engine loading support >> > >> > $ kldstat |egrep -i 'cry|ub' >> > =A03 =A0 =A03 0xc0e06000 25b78 =A0 =A0crypto.ko >> > =A07 =A0 =A01 0xc64c9000 4000 =A0 =A0 cryptodev.ko >> > =A08 =A0 =A01 0xc6546000 a000 =A0 =A0 ubsec.ko >> > >> > >> > Return? >> > >> > ~BAS >> > >> > >> >> device =A0 =A0 =A0 =A0 =A0crypto >> >> device =A0 =A0 =A0 =A0 =A0enc >> >> options =A0 =A0 =A0 =A0 IPSEC >> >> >> >> I have rebuilt the kernel, rebooted and set the >> >> kern.cryptodevallowsoft kernel variable to 1: >> >> >> >> FreeBSD_26# sysctl -a | grep crypto >> >> kern.cryptodevallowsoft: 1 >> >> >> >> However, when I try a test, I get the following: >> >> >> >> FreeBSD_26# /usr/src/tools/tools/crypto/cryptotest -va 3des >> >> cipher 3des keylen 24 >> >> CIOCGSESSION: Invalid argument >> >> FreeBSD_26# /usr/src/tools/tools/crypto/cryptotest -va des >> >> cipher des keylen 8 >> >> CIOCGSESSION: Invalid argument >> >> >> >> It seems the software crypto device is not available. Do I need to do >> >> any other steps to enable it? Is there another config option that >> >> makes sure it is build as part of Opencrypto framework? Do I need to >> >> build some other software driver instead? >> >> >> >> Best Regards, >> >> Brendan >> >> _______________________________________________ >> >> freebsd-questions@freebsd.org mailing list >> >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freeb= sd.org" >> > >> > >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.= org" > > > > > This mail was sent via Mail-SeCure System. > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?db3b765b0905190625q3eb1e0c1l820930ed0c3e2c3a>