Re: cryptodev and ssh on RELENG_7
- From: Sam Leffler <sam@xxxxxxxxx>
- Date: Thu, 29 Nov 2007 15:30:15 -0800
Norikatsu Shigemura wrote:
On Tue, 27 Nov 2007 07:37:49 -0500
Mike Tancsa <mike@xxxxxxxxxx> wrote:
I have a HiFN crypto card and can remember that it was used for sshHi,
connections with 3des encryption (on 6.1 afair).
But with RELENG_7 it isn't used at all (no interrupts) if I
'ssh -v -c 3des-cbc user@host'
Any ideas what is wrong?
dmesg:
hifn0 mem
0x80000000-0x80000fff,0x80040000-0x80041fff,0x80080000-0x80087fff irq
12 at device 13.0 on pci0 hifn0: [ITHREAD] hifn0: Hifn 7955, rev 0,
32KB dram, pll=0x801<ext clk, 4x mult>
crw-rw-rw- 1 root wheel - 0, 41 Nov 27 08:13:41 2007 /dev/crypto
Are you sure you have device crypto and device cryptodev in the kernel? Also, there is a program in /usr/src/tools/tools/crypto called hifnstats. It will show some usuage stats. e.g.
This issue is one of a gcc42 issue. But gcc42 is not wrong.
OpenSSL has a using __FreeBSD_version issue. So to fix this
issue, you should apply following patch.
--- crypto/openssl/crypto/engine/eng_cryptodev.c.orig 2006-07-30 04:10:18.000000000 +0900
+++ crypto/openssl/crypto/engine/eng_cryptodev.c 2007-11-08 01:55:35.000000000 +0900
@@ -32,7 +32,7 @@
#include <openssl/bn.h>
#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
- (defined(OpenBSD) || defined(__FreeBSD_version))
+ (defined(OpenBSD) || defined(__FreeBSD__))
#include <sys/param.h>
# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
# define HAVE_CRYPTODEV
It appears openssl has been busted in it's handling of /dev/crypto since the engine code was roto-tilled. Attached is an updated version of your patch that forces /dev/crypto to be installed as the default engine for all ciphers it supports. I'm not sure this is the right change but it definitely makes ssh start using it (I note however that openssl speed does not use cryptodev unless explicity forced w/ cmd args).
It would be a good idea to get someone familiar with openssl to review this before committing.
Sam
Index: eng_cryptodev.c
===================================================================
RCS file: /usr/ncvs/src/crypto/openssl/crypto/engine/eng_cryptodev.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 eng_cryptodev.c
--- eng_cryptodev.c 29 Jul 2006 19:10:18 -0000 1.1.1.1
+++ eng_cryptodev.c 29 Nov 2007 23:22:03 -0000
@@ -32,7 +32,7 @@
#include <openssl/bn.h>
#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
- (defined(OpenBSD) || defined(__FreeBSD_version))
+ (defined(OpenBSD) || defined(__FreeBSD__))
#include <sys/param.h>
# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
# define HAVE_CRYPTODEV
@@ -1126,6 +1126,7 @@
}
ENGINE_add(engine);
+ ENGINE_set_default_ciphers(engine);
ENGINE_free(engine);
ERR_clear_error();
}
_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"
- References:
- cryptodev and ssh on RELENG_7
- From: Harald Schmalzbauer
- Re: cryptodev and ssh on RELENG_7
- From: Mike Tancsa
- Re: cryptodev and ssh on RELENG_7
- From: Norikatsu Shigemura
- cryptodev and ssh on RELENG_7
- Prev by Date: Re: external usb disk
- Next by Date: Re: Also seeing 2 x quad-core system slower that 2 x dual core
- Previous by thread: Re: cryptodev and ssh on RELENG_7
- Next by thread: Pthread scheduling in FreeBSD 7
- Index(es):
Relevant Pages
|
|
