Date: Sat, 7 Jun 2008 14:56:24 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: freebsd-hackers@freebsd.org, Patrick Lamaizi?re <patfbsd@davenulle.org> Subject: Re: AMD Geode LX crypto accelerator (glxsb) Message-ID: <20080607125623.GB979@zaphod.nitro.dk> In-Reply-To: <20080607041855.GA3462@garage.freebsd.pl> References: <20080606234135.46144207@baby-jane-lamaiziere-net.local> <20080607041855.GA3462@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2008.06.07 06:18:55 +0200, Pawel Jakub Dawidek wrote: > On Fri, Jun 06, 2008 at 11:41:35PM +0200, Patrick Lamaizi?re wrote: > > - How check the encryption/decryption ? > > > > Openssl seems ok, i've got quite the same results as NetBSD on a Soekris > > net5501 box. But i must use -engine cryptodev, why ? > > This is ok, as you may not want to use it, right? > > > $ openssl speed -evp aes-128-cbc -engine cryptodev -elapsed > > engine "cryptodev" set. > > ...CUT... > > type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes > > aes-128-cbc 1151.08k 4134.25k 11936.49k 22504.83k 25576.36k > > > > When i test ssh -c aes128-cbc hostname, ssh does not use the crypto > > device. I receive a crypto_newsession() followed by a > > crypto_freesession(), i mean i don't receive any crypto_process(). > > Have you tried to put some debug to opencrypto? I believe openssh should > use it automatically, at least this was the case some time ago, AFAIR. OpenSSL 0.9.7 (in FreeBSD 6 and older) enabled it by default. After the OpenSSL 0.9.8 import it was not enabled automatically anymore. I have yet to figure out why this changed. sam@ made a patch to enable it always but I was not entirely sure it was the correct way to do it so I haven't committed it. You can enable it per application in the openssl config file, if the application calls the correct openssl config init function, which OpenSSL AFAIR does not. I will try to look more into this, but no promises as to when I will get to it. If anyone can make / get a patch which is OK'ed by the OpenSSL people I will be more than happy to commit it. BTW. I think phk@ already worked on a patch for AES in the AMD Geode LX, but I can't remember details or have time to look it up right now. -- Simon L. Nielsen Hat: FreeBSD OpenSSL janitor
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080607125623.GB979>