On 2008.06.07 06:18:55 +0200, Pawel Jakub Dawidek wrote: > On Fri, Jun 06, 2008 at 11:41:35PM +0200, Patrick Lamaizi?re wrote: > > - How check the encryption/decryption ? > > > > Openssl seems ok, i've got quite the same results as NetBSD on a Soekris > > net5501 box. But i must use -engine cryptodev, why ? > > This is ok, as you may not want to use it, right? > > > $ openssl speed -evp aes-128-cbc -engine cryptodev -elapsed > > engine "cryptodev" set. > > ...CUT... > > type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes > > aes-128-cbc 1151.08k 4134.25k 11936.49k 22504.83k 25576.36k > > > > When i test ssh -c aes128-cbc hostname, ssh does not use the crypto > > device. I receive a crypto_newsession() followed by a > > crypto_freesession(), i mean i don't receive any crypto_process(). > > Have you tried to put some debug to opencrypto? I believe openssh should > use it automatically, at least this was the case some time ago, AFAIR.
OpenSSL 0.9.7 (in FreeBSD 6 and older) enabled it by default. After the OpenSSL 0.9.8 import it was not enabled automatically anymore. I have yet to figure out why this changed. sam@ made a patch to enable it always but I was not entirely sure it was the correct way to do it so I haven't committed it. You can enable it per application in the openssl config file, if the application calls the correct openssl config init function, which OpenSSL AFAIR does not. I will try to look more into this, but no promises as to when I will get to it. If anyone can make / get a patch which is OK'ed by the OpenSSL people I will be more than happy to commit it. BTW. I think phk@ already worked on a patch for AES in the AMD Geode LX, but I can't remember details or have time to look it up right now. -- Simon L. Nielsen Hat: FreeBSD OpenSSL janitor _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
