From owner-freebsd-stable@FreeBSD.ORG  Mon Dec 13 15:27:21 2010
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C60C61065696
	for <freebsd-stable@freebsd.org>; Mon, 13 Dec 2010 15:27:21 +0000 (UTC)
	(envelope-from mike@sentex.net)
Received: from smarthost1.sentex.ca (smarthost1-6.sentex.ca
	[IPv6:2607:f3e0:0:1::12])
	by mx1.freebsd.org (Postfix) with ESMTP id 7CB558FC0C
	for <freebsd-stable@freebsd.org>; Mon, 13 Dec 2010 15:27:21 +0000 (UTC)
Received: from [IPv6:2607:f3e0:0:4:2540:154a:ba54:4afb]
	([IPv6:2607:f3e0:0:4:2540:154a:ba54:4afb])
	by smarthost1.sentex.ca (8.14.4/8.14.4) with ESMTP id oBDFRImS085547
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO)
	for <freebsd-stable@freebsd.org>; Mon, 13 Dec 2010 10:27:18 -0500 (EST)
	(envelope-from mike@sentex.net)
Message-ID: <4D063B44.4050303@sentex.net>
Date: Mon, 13 Dec 2010 10:27:00 -0500
From: Mike Tancsa <mike@sentex.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US;
	rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: stable-list freebsd <freebsd-stable@freebsd.org>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.67 on IPv6:2607:f3e0:0:1::12
Subject: cryptodev cipher registration (aesni and padlock)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Dec 2010 15:27:21 -0000

While doing some testing with the aesni driver, it seems some ciphers are registered with openssl and some are not.

e.g. if I start an ssh session using aes128, I see the following

[pyroxene]% ssh -c aes128-cbc smarthost1 "cryptostats" | grep sym
654198 symmetric crypto ops (0 errors, 0 times driver blocked)
[pyroxene]% ssh -c aes128-cbc smarthost1 "cryptostats" | grep sym
654225 symmetric crypto ops (0 errors, 0 times driver blocked)
[pyroxene]% 

ie it shows the hardware transformation count increasing.  But if I do aes 192 or 256, it does not

[pyroxene]% ssh -c aes256-cbc smarthost1 "cryptostats" | grep sym
654231 symmetric crypto ops (0 errors, 0 times driver blocked)
[pyroxene]% ssh -c aes192-cbc smarthost1 "cryptostats" | grep sym
654231 symmetric crypto ops (0 errors, 0 times driver blocked)
[pyroxene]% ssh -c aes192-cbc smarthost1 "cryptostats" | grep sym
654231 symmetric crypto ops (0 errors, 0 times driver blocked)
[pyroxene]% ssh -c aes192-cbc smarthost1 "cryptostats" | grep sym
654231 symmetric crypto ops (0 errors, 0 times driver blocked)
[pyroxene]% 
Yet the are supposed to be supported, no ?  Where in openssl is this configured ? The padlock driver does the same thing

% ssh -c aes256-cbc smarthost1 "cryptotest -z"
   0.000 sec,       2    aes crypts,      16 bytes,  4000000 byte/sec,    30.5 Mb/sec
   0.000 sec,       2    aes crypts,      32 bytes, 16000000 byte/sec,   122.1 Mb/sec
   0.000 sec,       2    aes crypts,      64 bytes, 32000000 byte/sec,   244.1 Mb/sec
   0.000 sec,       2    aes crypts,     128 bytes, 64000000 byte/sec,   488.3 Mb/sec
   0.000 sec,       2    aes crypts,     256 bytes, 128000000 byte/sec,   976.6 Mb/sec
   0.000 sec,       2    aes crypts,     512 bytes, 170666667 byte/sec,  1302.1 Mb/sec
   0.000 sec,       2    aes crypts,    1024 bytes, 292571429 byte/sec,  2232.1 Mb/sec
   0.000 sec,       2    aes crypts,    2048 bytes, 455111111 byte/sec,  3472.2 Mb/sec
   0.000 sec,       2    aes crypts,    4096 bytes, 512000000 byte/sec,  3906.2 Mb/sec
   0.000 sec,       2    aes crypts,    8192 bytes, 420102564 byte/sec,  3205.1 Mb/sec
   0.000 sec,       2 aes192 crypts,      16 bytes,  8000000 byte/sec,    61.0 Mb/sec
   0.000 sec,       2 aes192 crypts,      32 bytes, 16000000 byte/sec,   122.1 Mb/sec
   0.000 sec,       2 aes192 crypts,      64 bytes, 32000000 byte/sec,   244.1 Mb/sec
   0.000 sec,       2 aes192 crypts,     128 bytes, 64000000 byte/sec,   488.3 Mb/sec
   0.000 sec,       2 aes192 crypts,     256 bytes, 128000000 byte/sec,   976.6 Mb/sec
   0.000 sec,       2 aes192 crypts,     512 bytes, 204800000 byte/sec,  1562.5 Mb/sec
   0.000 sec,       2 aes192 crypts,    1024 bytes, 341333333 byte/sec,  2604.2 Mb/sec
   0.000 sec,       2 aes192 crypts,    2048 bytes, 409600000 byte/sec,  3125.0 Mb/sec
   0.000 sec,       2 aes192 crypts,    4096 bytes, 546133333 byte/sec,  4166.7 Mb/sec
   0.000 sec,       2 aes192 crypts,    8192 bytes, 496484848 byte/sec,  3787.9 Mb/sec
   0.000 sec,       2 aes256 crypts,      16 bytes, 10666667 byte/sec,    81.4 Mb/sec
   0.000 sec,       2 aes256 crypts,      32 bytes, 21333333 byte/sec,   162.8 Mb/sec
   0.000 sec,       2 aes256 crypts,      64 bytes, 32000000 byte/sec,   244.1 Mb/sec
   0.000 sec,       2 aes256 crypts,     128 bytes, 51200000 byte/sec,   390.6 Mb/sec
   0.000 sec,       2 aes256 crypts,     256 bytes, 102400000 byte/sec,   781.2 Mb/sec
   0.000 sec,       2 aes256 crypts,     512 bytes, 204800000 byte/sec,  1562.5 Mb/sec
   0.000 sec,       2 aes256 crypts,    1024 bytes, 292571429 byte/sec,  2232.1 Mb/sec
   0.000 sec,       2 aes256 crypts,    2048 bytes, 409600000 byte/sec,  3125.0 Mb/sec
   0.000 sec,       2 aes256 crypts,    4096 bytes, 512000000 byte/sec,  3906.2 Mb/sec
   0.000 sec,       2 aes256 crypts,    8192 bytes, 442810811 byte/sec,  3378.4 Mb/secW