Date: Tue, 19 May 2009 00:06:09 -0400 From: Brian Seklecki <seklecki@noc.cfi.pgh.pa.us> To: Brendan Kennedy <brendan.kennedy@gmail.com> Cc: Steve Polyack <spolyack@gmail.com>, freebsd-questions@freebsd.org Subject: Re: FreeBSD 7.1 opencrypto --> kern.cryptodevallowsoft Message-ID: <1242705969.3946.21.camel@localhost.localdomain> In-Reply-To: <db3b765b0905180321x27bf720ay1c8cae199d02bd3a@mail.gmail.com> References: <db3b765b0905121114k4c16f924n854b66c3dd467320@mail.gmail.com> <1242397289.31340.3167.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> <db3b765b0905180321x27bf720ay1c8cae199d02bd3a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The openssl speed sub-command is a real PITA: Try: $ openssl speed -elapsed -evp aes-128-cbc (or des-ede3) Also goto /usr/src/tools/tools/crypto/ && make Run those utils to extract useful statistics out of the driver's kernel data structures. ~BAS On Mon, 2009-05-18 at 11:21 +0100, Brendan Kennedy wrote: > Hi Brian, Patrick, > > Thanks for your responses. I agree that it looks like a bug! I'm a bit > of a newb to FreeBSD. Where should I go to log this? > > I ran (as root ;) ) > > > openssl engine > (padlock) VIA PadLock (no-RNG, no-ACE) > (dynamic) Dynamic engine loading support > (cryptodev) BSD cryptodev engine > [RSA, DSA, DH] > > It can be seen only PKE functions are being shown as accelerated. > 'kldstat' only shows cryptodev.ko, but that's because I have 'crypto' > compiled as part of the kernel. > > I have found another issue here also - although 'openssl engine -c' > shows correct accelerated functionality of the hardware driver, > running a speed test (e.g. openssl speed des-ede3 -engine cryptodev) > does not result in any messages being sent to the driver apart from > the initial check for available algorithms. It seems only accelerated > PKE functions are run through the driver. It may be that the symmetric > functions are being run through the software device driver > (cryptosoft)... > > Could it be down to cryptodev engine being loaded twice in OpenSSL? Or > would cryptodev favour the software driver if CRYPTO_F_HARDWARE is not > set? > > Regards, > Brendan > > > 2009/5/15 Brian A. Seklecki <seklecki@noc.cfi.pgh.pa.us>: > > On Tue, 2009-05-12 at 19:14 +0100, Brendan Kennedy wrote: > >> Hi All, > >> > >> I'm trying to test a hardware crypto driver, but want to run my tests > >> through the software driver first (and possibly use the software > >> driver to validate results). > >> I have set the following in my GENERIC conf file: > >> > > > > What does kldstat(8) / openssl(1) return? > > > > % sudo openssl engine > > (dynamic) Dynamic engine loading support > > > > $ openssl engine > > (cryptodev) BSD cryptodev engine > > (padlock) VIA PadLock (no-RNG, no-ACE) > > (dynamic) Dynamic engine loading support > > > > $ kldstat |egrep -i 'cry|ub' > > 3 3 0xc0e06000 25b78 crypto.ko > > 7 1 0xc64c9000 4000 cryptodev.ko > > 8 1 0xc6546000 a000 ubsec.ko > > > > > > Return? > > > > ~BAS > > > > > >> device crypto > >> device enc > >> options IPSEC > >> > >> I have rebuilt the kernel, rebooted and set the > >> kern.cryptodevallowsoft kernel variable to 1: > >> > >> FreeBSD_26# sysctl -a | grep crypto > >> kern.cryptodevallowsoft: 1 > >> > >> However, when I try a test, I get the following: > >> > >> FreeBSD_26# /usr/src/tools/tools/crypto/cryptotest -va 3des > >> cipher 3des keylen 24 > >> CIOCGSESSION: Invalid argument > >> FreeBSD_26# /usr/src/tools/tools/crypto/cryptotest -va des > >> cipher des keylen 8 > >> CIOCGSESSION: Invalid argument > >> > >> It seems the software crypto device is not available. Do I need to do > >> any other steps to enable it? Is there another config option that > >> makes sure it is build as part of Opencrypto framework? Do I need to > >> build some other software driver instead? > >> > >> Best Regards, > >> Brendan > >> _______________________________________________ > >> freebsd-questions@freebsd.org mailing list > >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions > >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" This mail was sent via Mail-SeCure System.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1242705969.3946.21.camel>