cryptodev and ssh on RELENG_7

Simon L. Nielsen simon at FreeBSD.org
Wed Nov 28 11:32:05 PST 2007 

On 2007.11.29 01:51:44 +0900, Norikatsu Shigemura wrote:
> On Tue, 27 Nov 2007 07:37:49 -0500
> Mike Tancsa <mike at sentex.net> wrote:
> > >I have a HiFN crypto card and can remember that it was used for ssh
> > >connections with 3des encryption (on 6.1 afair).
> > >But with RELENG_7 it isn't used at all (no interrupts) if I
> > >'ssh -v -c 3des-cbc user at host'
> > >Any ideas what is wrong?
> > >dmesg:
> > >hifn0 mem
> > >0x80000000-0x80000fff,0x80040000-0x80041fff,0x80080000-0x80087fff irq
> > >12 at device 13.0 on pci0 hifn0: [ITHREAD] hifn0: Hifn 7955, rev 0,
> > >32KB dram, pll=0x801<ext clk, 4x mult>
> > >crw-rw-rw-  1 root  wheel  -   0,  41 Nov 27 08:13:41 2007 /dev/crypto
> > Hi,
> >          Are you sure you have device crypto and device cryptodev in 
> > the kernel?  Also, there is a program in 
> > /usr/src/tools/tools/crypto  called hifnstats.  It will show some 
> > usuage stats. e.g.
> 
> 	This issue is one of a gcc42 issue.  But gcc42 is not wrong.
> 	OpenSSL has a using __FreeBSD_version issue.  So to fix this
> 	issue, you should apply following patch.

Actually I just don't see how the code in question could have ever
detected FreeBSD correctly, unless the normal OpenSSL build system
does some magic for this (which it doesn't seem to).

I'm doing "make universe" test builds with the patch below now.

I will try test this with actual hardware tomorrow (if I can find it),
but it's quite possible I won't have time until Friday to get
something set up to test.  If somebody else can test the patch below
with some crypto hardware that would be great.

Thanks for the patch btw. :-).

> --- crypto/openssl/crypto/engine/eng_cryptodev.c.orig	2006-07-30 04:10:18.000000000 +0900
> +++ crypto/openssl/crypto/engine/eng_cryptodev.c	2007-11-08 01:55:35.000000000 +0900
> @@ -32,7 +32,7 @@
>  #include <openssl/bn.h>
>  
>  #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
> -	(defined(OpenBSD) || defined(__FreeBSD_version))
> +	(defined(OpenBSD) || defined(__FreeBSD__))
>  #include <sys/param.h>
>  # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
>  #  define HAVE_CRYPTODEV
> 

-- 
Simon L. Nielsen

More information about the freebsd-stable mailing list