FreeBSD 7.1 opencrypto --> kern.cryptodevallowsoft
Brian Seklecki
seklecki at noc.cfi.pgh.pa.us
Tue May 19 04:33:19 UTC 2009
The openssl speed sub-command is a real PITA:
Try:
$ openssl speed -elapsed -evp aes-128-cbc (or des-ede3)
Also goto /usr/src/tools/tools/crypto/ && make
Run those utils to extract useful statistics out of the driver's kernel
data structures.
~BAS
On Mon, 2009-05-18 at 11:21 +0100, Brendan Kennedy wrote:
> Hi Brian, Patrick,
>
> Thanks for your responses. I agree that it looks like a bug! I'm a bit
> of a newb to FreeBSD. Where should I go to log this?
>
> I ran (as root ;) )
>
> > openssl engine
> (padlock) VIA PadLock (no-RNG, no-ACE)
> (dynamic) Dynamic engine loading support
> (cryptodev) BSD cryptodev engine
> [RSA, DSA, DH]
>
> It can be seen only PKE functions are being shown as accelerated.
> 'kldstat' only shows cryptodev.ko, but that's because I have 'crypto'
> compiled as part of the kernel.
>
> I have found another issue here also - although 'openssl engine -c'
> shows correct accelerated functionality of the hardware driver,
> running a speed test (e.g. openssl speed des-ede3 -engine cryptodev)
> does not result in any messages being sent to the driver apart from
> the initial check for available algorithms. It seems only accelerated
> PKE functions are run through the driver. It may be that the symmetric
> functions are being run through the software device driver
> (cryptosoft)...
>
> Could it be down to cryptodev engine being loaded twice in OpenSSL? Or
> would cryptodev favour the software driver if CRYPTO_F_HARDWARE is not
> set?
>
> Regards,
> Brendan
>
>
> 2009/5/15 Brian A. Seklecki <seklecki at noc.cfi.pgh.pa.us>:
> > On Tue, 2009-05-12 at 19:14 +0100, Brendan Kennedy wrote:
> >> Hi All,
> >>
> >> I'm trying to test a hardware crypto driver, but want to run my tests
> >> through the software driver first (and possibly use the software
> >> driver to validate results).
> >> I have set the following in my GENERIC conf file:
> >>
> >
> > What does kldstat(8) / openssl(1) return?
> >
> > % sudo openssl engine
> > (dynamic) Dynamic engine loading support
> >
> > $ openssl engine
> > (cryptodev) BSD cryptodev engine
> > (padlock) VIA PadLock (no-RNG, no-ACE)
> > (dynamic) Dynamic engine loading support
> >
> > $ kldstat |egrep -i 'cry|ub'
> > 3 3 0xc0e06000 25b78 crypto.ko
> > 7 1 0xc64c9000 4000 cryptodev.ko
> > 8 1 0xc6546000 a000 ubsec.ko
> >
> >
> > Return?
> >
> > ~BAS
> >
> >
> >> device crypto
> >> device enc
> >> options IPSEC
> >>
> >> I have rebuilt the kernel, rebooted and set the
> >> kern.cryptodevallowsoft kernel variable to 1:
> >>
> >> FreeBSD_26# sysctl -a | grep crypto
> >> kern.cryptodevallowsoft: 1
> >>
> >> However, when I try a test, I get the following:
> >>
> >> FreeBSD_26# /usr/src/tools/tools/crypto/cryptotest -va 3des
> >> cipher 3des keylen 24
> >> CIOCGSESSION: Invalid argument
> >> FreeBSD_26# /usr/src/tools/tools/crypto/cryptotest -va des
> >> cipher des keylen 8
> >> CIOCGSESSION: Invalid argument
> >>
> >> It seems the software crypto device is not available. Do I need to do
> >> any other steps to enable it? Is there another config option that
> >> makes sure it is build as part of Opencrypto framework? Do I need to
> >> build some other software driver instead?
> >>
> >> Best Regards,
> >> Brendan
> >> _______________________________________________
> >> freebsd-questions at freebsd.org mailing list
> >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> >
> >
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
This mail was sent via Mail-SeCure System.
More information about the freebsd-questions
mailing list