FreeBSD 7.1 opencrypto --> kern.cryptodevallowsoft
Brendan Kennedy
brendan.kennedy at gmail.com
Mon May 18 10:21:58 UTC 2009
Hi Brian, Patrick,
Thanks for your responses. I agree that it looks like a bug! I'm a bit
of a newb to FreeBSD. Where should I go to log this?
I ran (as root ;) )
> openssl engine
(padlock) VIA PadLock (no-RNG, no-ACE)
(dynamic) Dynamic engine loading support
(cryptodev) BSD cryptodev engine
[RSA, DSA, DH]
It can be seen only PKE functions are being shown as accelerated.
'kldstat' only shows cryptodev.ko, but that's because I have 'crypto'
compiled as part of the kernel.
I have found another issue here also - although 'openssl engine -c'
shows correct accelerated functionality of the hardware driver,
running a speed test (e.g. openssl speed des-ede3 -engine cryptodev)
does not result in any messages being sent to the driver apart from
the initial check for available algorithms. It seems only accelerated
PKE functions are run through the driver. It may be that the symmetric
functions are being run through the software device driver
(cryptosoft)...
Could it be down to cryptodev engine being loaded twice in OpenSSL? Or
would cryptodev favour the software driver if CRYPTO_F_HARDWARE is not
set?
Regards,
Brendan
2009/5/15 Brian A. Seklecki <seklecki at noc.cfi.pgh.pa.us>:
> On Tue, 2009-05-12 at 19:14 +0100, Brendan Kennedy wrote:
>> Hi All,
>>
>> I'm trying to test a hardware crypto driver, but want to run my tests
>> through the software driver first (and possibly use the software
>> driver to validate results).
>> I have set the following in my GENERIC conf file:
>>
>
> What does kldstat(8) / openssl(1) return?
>
> % sudo openssl engine
> (dynamic) Dynamic engine loading support
>
> $ openssl engine
> (cryptodev) BSD cryptodev engine
> (padlock) VIA PadLock (no-RNG, no-ACE)
> (dynamic) Dynamic engine loading support
>
> $ kldstat |egrep -i 'cry|ub'
> 3 3 0xc0e06000 25b78 crypto.ko
> 7 1 0xc64c9000 4000 cryptodev.ko
> 8 1 0xc6546000 a000 ubsec.ko
>
>
> Return?
>
> ~BAS
>
>
>> device crypto
>> device enc
>> options IPSEC
>>
>> I have rebuilt the kernel, rebooted and set the
>> kern.cryptodevallowsoft kernel variable to 1:
>>
>> FreeBSD_26# sysctl -a | grep crypto
>> kern.cryptodevallowsoft: 1
>>
>> However, when I try a test, I get the following:
>>
>> FreeBSD_26# /usr/src/tools/tools/crypto/cryptotest -va 3des
>> cipher 3des keylen 24
>> CIOCGSESSION: Invalid argument
>> FreeBSD_26# /usr/src/tools/tools/crypto/cryptotest -va des
>> cipher des keylen 8
>> CIOCGSESSION: Invalid argument
>>
>> It seems the software crypto device is not available. Do I need to do
>> any other steps to enable it? Is there another config option that
>> makes sure it is build as part of Opencrypto framework? Do I need to
>> build some other software driver instead?
>>
>> Best Regards,
>> Brendan
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
More information about the freebsd-questions
mailing list