Date: Sat, 17 Jul 2004 01:39:57 +0200 (CEST) From: Cor Bosman <cor@xs4all.nl> To: freebsd-hackers@freebsd.org Subject: HIFN/7955 Soekris 1401 openssl problem Message-ID: <200407162339.i6GNdvtS065629@xs1.xs4all.nl>
next in thread | raw e-mail | index | archive | help
Hi all, the last few days ive been trying to get a Soekris 1401 crypto accelerator card to work on FreeBSD 4.10. It's based on a HIFN 7955 chipset. The kernel recognises it, and I can see ssh uses it by checking with hifnstats. If i login through serial console and scp a file, the stats increase. The problem is, nothing else seems to use it. Ive been trying with sendmail/ssl and with apache/ssl. The card uses /dev/crypto, which exists, and I can make openssl load the cryptodev engine. But even a command like 'openssl speed -engine cryptodev' doesnt use the card for any algorithm. Sendmail and apache are linked with libcrypto. I just cant find anything wrong with the configuration. The only thing that I can think of is that none of the crypto suits are actually supported by the card, or, not registered by the card. I tried limiting the cipher suits in apache to some simple ones, but to no avail. Openssl says: (cryptodev) BSD cryptodev engine [RSA, DSA, DH, DES-CBC, DES-EDE3-CBC, AES-128-CBC] I am missing some that the card is supposed to support like MD5 and SHA. Is this even the card that registered these ciphers? One other possibility is that hifnstats isnt working right, but I do see quite a CPU load when I run openssl speed. What am I missing? As far as I understand the hifn driver fully supports the 7955 card, is supposed to register its ciphers, and openssl is supposed to use them automatically. Or not? If anyone is interested, dmesg output is at www.xs4all.nl/~scorpio/dmesg Thanks for any reply, Cor
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407162339.i6GNdvtS065629>