Date: Fri, 25 Jan 2008 22:33:54 +0100 From: Chargen <chargen@gmail.com> To: freebsd-current@freebsd.org Subject: CUR: /usr/sbin/config and hardcoding eng_cryptodev.c to work with HIFN 795X and only aes-128-cbc supported Message-ID: <292361ab0801251333v43896313qd6f8c9103870eda@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Dear all, I don't know which branch or maillist to subscribe to discuss these issues I found a some things, 1. concerning /usr/sbin/config {kernelname} packetstorm# pwd /usr/src/sys/i386/conf packetstorm# config santaclaus config: santaclaus: No such file or directory packetstorm# ls -alrt ../compile/ total 32 -rw-r--r-- 1 root wheel 13 Jul 2 2001 .cvsignore drwxr-xr-x 15 root wheel 512 Jan 21 23:33 .. drwxr-xr-x 2 root wheel 512 Jan 23 20:51 santaclaus I don't think the creation of this dir inode is intentional after config fails to find a kernelconfiguration :-) packetstorm# uname -a FreeBSD packetstorm 7.0-PRERELEASE FreeBSD 7.0-PRERELEASE #0: Thu Jan 24 03:37:11 CET 2008 root@packetstorm:/usr/src/sys/i386/compile/PACKETSTORM i386 2. Hardware support for cryptodev -> wired to HIFN - crypto/OPENSSL/ eng_cryptodev.c these are know issues , apparently the correct freebsd version isn't properly checked or recognised, some fixes have spreading been around but none are taken into 7) ( options crypto, options cryptodev, device hifn are included in my kernelconfig) I still have to hardcode eng_cryptodev.c in order to make openssl work with my device hifn (7955 - soekris VPN140x) packetstorm# diff /usr/src/crypto/openssl/crypto/engine/eng_cryptodev.c /root/eng_cryptodev.c 44a45,47 > #include <sys/param.h> > # define HAVE_CRYPTODEV > 1128a1132 > ENGINE_set_default_ciphers(engine); yes, dirty :-) (dmesg : hifn0 mem 0xfe12c000-0xfe12cfff,0xfe12a000-0xfe12bfff,0xfe120000-0xfe127fff irq 25 at device 4.0 on pci0 hifn0: [ITHREAD] hifn0: Hifn 7955, rev 0, 32KB dram, pll=0x801<ext clk, 4x mult> ) the following concerns the lack of AES-192/256-CBC support over HIFN795X cryptocards A) AES-256-CBC fails to pass over HIFN packetstorm# time dd if=/dev/zero bs=1m count=2 | openssl aes-256-cbc -pass pass:test -out /dev/null 2+0 records in 2+0 records out 2097152 bytes transferred in 0.081557 secs (25713931 bytes/sec) packetstorm# hifnstats input 0 bytes 0 packets output 0 bytes 0 packets invalid 0 nomem 0 abort 0 noirq 0 unaligned 0 totbatch 0 maxbatch 0 nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 B) AES-128-CBC works (eng_cryptodev.c hardcoded to work ) packetstorm# time dd if=/dev/zero bs=1m count=2 | openssl aes-128-cbc -pass pass:test -out /dev/null 2+0 records in 2+0 records out 2097152 bytes transferred in 0.124829 secs (16800191 bytes/sec) packetstorm# hifnstats input 2097168 bytes 513 packets output 2097168 bytes 513 packets invalid 0 nomem 0 abort 0 noirq 0 unaligned 0 totbatch 0 maxbatch 0 nomem: map 0 load 0 mbuf 0 mcl 0 cr 0 sd 0 systat -vmstat really shows HIFN takes ints when processing aes-128-cbc packetstorm# sysctl -a | grep "cryp" kern.cryptodevallowsoft: 0 kern.userasymcrypto: 0 net.inet.ipsec.crypto_support: 50331648 debug.crypto_timing: 0 hw.via_feature_xcrypt: 0 dev.cryptosoft.0.%desc: software crypto dev.cryptosoft.0.%driver: cryptosoft dev.cryptosoft.0.%parent: nexus0 packetstorm# dmesg | grep "cryp" cryptosoft0: <software crypto> on motherboard Kind regards, and have a nice weekend all Chargen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?292361ab0801251333v43896313qd6f8c9103870eda>