AMD Geode LX crypto accelerator (glxsb)

Simon L. Nielsen simon at
Sat Jun 7 12:55:21 UTC 2008

On 2008.06.07 06:18:55 +0200, Pawel Jakub Dawidek wrote:
> On Fri, Jun 06, 2008 at 11:41:35PM +0200, Patrick Lamaizi?re wrote:
> > - How check the encryption/decryption ?
> > 
> > Openssl seems ok, i've got quite the same results as NetBSD on a Soekris
> > net5501 box. But i must use -engine cryptodev, why ?
> This is ok, as you may not want to use it, right?
> > $ openssl speed -evp aes-128-cbc -engine cryptodev -elapsed
> > engine "cryptodev" set.
> > ...CUT...
> > type        16 bytes  64 bytes  256 bytes 1024 bytes 8192 bytes
> > aes-128-cbc 1151.08k  4134.25k  11936.49k 22504.83k  25576.36k
> > 
> > When i test ssh -c aes128-cbc hostname, ssh does not use the crypto
> > device. I receive a crypto_newsession() followed by a
> > crypto_freesession(), i mean i don't receive any crypto_process().
> Have you tried to put some debug to opencrypto? I believe openssh should
> use it automatically, at least this was the case some time ago, AFAIR.

OpenSSL 0.9.7 (in FreeBSD 6 and older) enabled it by default.  After
the OpenSSL 0.9.8 import it was not enabled automatically anymore.  I
have yet to figure out why this changed.

sam@ made a patch to enable it always but I was not entirely sure it
was the correct way to do it so I haven't committed it.

You can enable it per application in the openssl config file, if the
application calls the correct openssl config init function, which
OpenSSL AFAIR does not.

I will try to look more into this, but no promises as to when I will
get to it.  If anyone can make / get a patch which is OK'ed by the
OpenSSL people I will be more than happy to commit it.

BTW. I think phk@ already worked on a patch for AES in the AMD Geode
LX, but I can't remember details or have time to look it up right now.

Simon L. Nielsen
Hat: FreeBSD OpenSSL janitor

More information about the freebsd-hackers mailing list