AMD Geode LX crypto accelerator (glxsb)
Simon L. Nielsen
simon at FreeBSD.org
Sat Jun 7 12:55:21 UTC 2008
On 2008.06.07 06:18:55 +0200, Pawel Jakub Dawidek wrote:
> On Fri, Jun 06, 2008 at 11:41:35PM +0200, Patrick Lamaizi?re wrote:
> > - How check the encryption/decryption ?
> > Openssl seems ok, i've got quite the same results as NetBSD on a Soekris
> > net5501 box. But i must use -engine cryptodev, why ?
> This is ok, as you may not want to use it, right?
> > $ openssl speed -evp aes-128-cbc -engine cryptodev -elapsed
> > engine "cryptodev" set.
> > ...CUT...
> > type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
> > aes-128-cbc 1151.08k 4134.25k 11936.49k 22504.83k 25576.36k
> > When i test ssh -c aes128-cbc hostname, ssh does not use the crypto
> > device. I receive a crypto_newsession() followed by a
> > crypto_freesession(), i mean i don't receive any crypto_process().
> Have you tried to put some debug to opencrypto? I believe openssh should
> use it automatically, at least this was the case some time ago, AFAIR.
OpenSSL 0.9.7 (in FreeBSD 6 and older) enabled it by default. After
the OpenSSL 0.9.8 import it was not enabled automatically anymore. I
have yet to figure out why this changed.
sam@ made a patch to enable it always but I was not entirely sure it
was the correct way to do it so I haven't committed it.
You can enable it per application in the openssl config file, if the
application calls the correct openssl config init function, which
OpenSSL AFAIR does not.
I will try to look more into this, but no promises as to when I will
get to it. If anyone can make / get a patch which is OK'ed by the
OpenSSL people I will be more than happy to commit it.
BTW. I think phk@ already worked on a patch for AES in the AMD Geode
LX, but I can't remember details or have time to look it up right now.
Simon L. Nielsen
Hat: FreeBSD OpenSSL janitor
More information about the freebsd-hackers