From owner-freebsd-hackers@FreeBSD.ORG Fri Jul 16 23:39:58 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC48616A4CE for ; Fri, 16 Jul 2004 23:39:58 +0000 (GMT) Received: from smtp-vbr5.xs4all.nl (smtp-vbr5.xs4all.nl [194.109.24.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 50B8643D55 for ; Fri, 16 Jul 2004 23:39:58 +0000 (GMT) (envelope-from cor@xs4all.nl) Received: from xs1.xs4all.nl (xs1.xs4all.nl [194.109.21.2]) by smtp-vbr5.xs4all.nl (8.12.11/8.12.11) with ESMTP id i6GNdv5w042808; Sat, 17 Jul 2004 01:39:57 +0200 (CEST) (envelope-from cor@xs4all.nl) Received: from xs1.xs4all.nl (cor@localhost.xs4all.nl [127.0.0.1]) by xs1.xs4all.nl (8.12.10/8.12.10) with ESMTP id i6GNdvfr065630; Sat, 17 Jul 2004 01:39:57 +0200 (CEST) (envelope-from cor@xs4all.nl) Received: (from cor@localhost) by xs1.xs4all.nl (8.12.10/8.12.9/Submit) id i6GNdvtS065629; Sat, 17 Jul 2004 01:39:57 +0200 (CEST) (envelope-from cor) Date: Sat, 17 Jul 2004 01:39:57 +0200 (CEST) From: Cor Bosman Message-Id: <200407162339.i6GNdvtS065629@xs1.xs4all.nl> To: freebsd-hackers@freebsd.org X-Virus-Scanned: by XS4ALL Virus Scanner Subject: HIFN/7955 Soekris 1401 openssl problem X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jul 2004 23:39:58 -0000 Hi all, the last few days ive been trying to get a Soekris 1401 crypto accelerator card to work on FreeBSD 4.10. It's based on a HIFN 7955 chipset. The kernel recognises it, and I can see ssh uses it by checking with hifnstats. If i login through serial console and scp a file, the stats increase. The problem is, nothing else seems to use it. Ive been trying with sendmail/ssl and with apache/ssl. The card uses /dev/crypto, which exists, and I can make openssl load the cryptodev engine. But even a command like 'openssl speed -engine cryptodev' doesnt use the card for any algorithm. Sendmail and apache are linked with libcrypto. I just cant find anything wrong with the configuration. The only thing that I can think of is that none of the crypto suits are actually supported by the card, or, not registered by the card. I tried limiting the cipher suits in apache to some simple ones, but to no avail. Openssl says: (cryptodev) BSD cryptodev engine [RSA, DSA, DH, DES-CBC, DES-EDE3-CBC, AES-128-CBC] I am missing some that the card is supposed to support like MD5 and SHA. Is this even the card that registered these ciphers? One other possibility is that hifnstats isnt working right, but I do see quite a CPU load when I run openssl speed. What am I missing? As far as I understand the hifn driver fully supports the 7955 card, is supposed to register its ciphers, and openssl is supposed to use them automatically. Or not? If anyone is interested, dmesg output is at www.xs4all.nl/~scorpio/dmesg Thanks for any reply, Cor