From owner-freebsd-hackers@FreeBSD.ORG Sat Jun 7 12:55:21 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B4785106564A; Sat, 7 Jun 2008 12:55:21 +0000 (UTC) (envelope-from simon@benji.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.freebsd.org (Postfix) with ESMTP id 4B41E8FC17; Sat, 7 Jun 2008 12:55:16 +0000 (UTC) (envelope-from simon@benji.nitro.dk) Received: from benji.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id 771AB1E8C40; Sat, 7 Jun 2008 12:54:50 +0000 (UTC) Received: by benji.nitro.dk (Postfix, from userid 2000) id 6CEA5FE03; Sat, 7 Jun 2008 14:56:24 +0200 (CEST) Date: Sat, 7 Jun 2008 14:56:24 +0200 From: "Simon L. Nielsen" To: Pawel Jakub Dawidek Message-ID: <20080607125623.GB979@zaphod.nitro.dk> References: <20080606234135.46144207@baby-jane-lamaiziere-net.local> <20080607041855.GA3462@garage.freebsd.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20080607041855.GA3462@garage.freebsd.pl> User-Agent: Mutt/1.5.17 (2007-11-01) Cc: freebsd-hackers@freebsd.org, Patrick Lamaizi?re Subject: Re: AMD Geode LX crypto accelerator (glxsb) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2008 12:55:21 -0000 On 2008.06.07 06:18:55 +0200, Pawel Jakub Dawidek wrote: > On Fri, Jun 06, 2008 at 11:41:35PM +0200, Patrick Lamaizi?re wrote: > > - How check the encryption/decryption ? > > > > Openssl seems ok, i've got quite the same results as NetBSD on a Soekris > > net5501 box. But i must use -engine cryptodev, why ? > > This is ok, as you may not want to use it, right? > > > $ openssl speed -evp aes-128-cbc -engine cryptodev -elapsed > > engine "cryptodev" set. > > ...CUT... > > type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes > > aes-128-cbc 1151.08k 4134.25k 11936.49k 22504.83k 25576.36k > > > > When i test ssh -c aes128-cbc hostname, ssh does not use the crypto > > device. I receive a crypto_newsession() followed by a > > crypto_freesession(), i mean i don't receive any crypto_process(). > > Have you tried to put some debug to opencrypto? I believe openssh should > use it automatically, at least this was the case some time ago, AFAIR. OpenSSL 0.9.7 (in FreeBSD 6 and older) enabled it by default. After the OpenSSL 0.9.8 import it was not enabled automatically anymore. I have yet to figure out why this changed. sam@ made a patch to enable it always but I was not entirely sure it was the correct way to do it so I haven't committed it. You can enable it per application in the openssl config file, if the application calls the correct openssl config init function, which OpenSSL AFAIR does not. I will try to look more into this, but no promises as to when I will get to it. If anyone can make / get a patch which is OK'ed by the OpenSSL people I will be more than happy to commit it. BTW. I think phk@ already worked on a patch for AES in the AMD Geode LX, but I can't remember details or have time to look it up right now. -- Simon L. Nielsen Hat: FreeBSD OpenSSL janitor