OpenBSD 5.5 support for hw crypto in OpenSSL
Several systems need a newer version of OpenBSD. Systems are Alix 2d with an AMD Geode, a bit dated but it works. Current systems run OpenBSD 4.4 and the hardware acceleration via glxsb works perfectly: # openssl speed -evp aes-128-cbc -engine cryptodev engine cryptodev set. To get the most accurate results, try to run this program when this computer is idle. Doing aes-128-cbc for 3s on 16 size blocks: 174939 aes-128-cbc's in 0.19s Doing aes-128-cbc for 3s on 64 size blocks: 164809 aes-128-cbc's in 0.23s Doing aes-128-cbc for 3s on 256 size blocks: 132123 aes-128-cbc's in 0.14s Doing aes-128-cbc for 3s on 1024 size blocks: 73053 aes-128-cbc's in 0.08s Doing aes-128-cbc for 3s on 8192 size blocks: 13744 aes-128-cbc's in 0.02s OpenSSL 0.9.7j 04 May 2006 built on: date not available options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: information not available available timing options: USE_TOD HZ=100 [sysconf value] timing function used: getrusage The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 14928.13k45003.84k 240522.58k 957520.28k 7205814.27k But same hardware and OpenBSD 5.5 yields: # openssl speed -evp aes-128-cbc -engine cryptodev invalid engine cryptodev 694556312:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:/usr/src/lib/libssl/crypto/../src/crypto/dso/dso_dlfcn.c:187:filename(/usr/lib/engines/libcryptodev.so): File not found 694556312:error:25070067:DSO support routines:DSO_load:could not load the shared library:/usr/src/lib/libssl/crypto/../src/crypto/dso/dso_lib.c:244: 694556312:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:/usr/src/lib/libssl/crypto/../src/crypto/engine/eng_dyn.c:450: 694556312:error:2606A074:engine routines:ENGINE_by_id:no such engine:/usr/src/lib/libssl/crypto/../src/crypto/engine/eng_list.c:417:id=cryptodev 694556312:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:/usr/src/lib/libssl/crypto/../src/crypto/dso/dso_dlfcn.c:187:filename(libcryptodev.so): File not found 694556312:error:25070067:DSO support routines:DSO_load:could not load the shared library:/usr/src/lib/libssl/crypto/../src/crypto/dso/dso_lib.c:244: 694556312:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:/usr/src/lib/libssl/crypto/../src/crypto/engine/eng_dyn.c:450: Doing aes-128-cbc for 3s on 16 size blocks: 674503 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 185206 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 47602 aes-128-cbc's in 3.01s Doing aes-128-cbc for 3s on 1024 size blocks: 24007 aes-128-cbc's in 2.99s Doing aes-128-cbc for 3s on 8192 size blocks: 3029 aes-128-cbc's in 3.02s OpenSSL 1.0.1c 10 May 2012 built on: date not available options:bn(64,32) rc4(4x,int) des(ptr,risc1,16,long) aes(partial) idea(int) blowfish(idx) compiler: information not available The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 3597.35k 3951.06k 4048.54k 8221.80k 8216.41k # dmesg OpenBSD 5.5 (GENERIC) #276: Wed Mar 5 09:57:06 MST 2014 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) 499 MHz snip glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 3, 32-bit 3579 We planned an upgrade years to OpenBSD 5.0 but that was cancelled. I did however had a system lying around from back then with OpenBSD 5.0 on it so I tested that as well, and it doesn't work. Same result as OpenBSD 5.5. Suggestions how to get this (acceleration) working again? Should it be invoked differently? Thank you for your time and interest, Wessels
Re: OpenBSD 5.5 support for hw crypto in OpenSSL
Thanks Sime, yes setting kern.usercrypto=1 did the trick. Apparently in OpenBSD 4.4 that was enabled by default and this was changed in a later release. # sysctl kern.usercrypto=1 kern.usercrypto: 0 - 1 # openssl speed -evp aes-128-cbc -engine cryptodev engine cryptodev set. Doing aes-128-cbc for 3s on 16 size blocks: 162949 aes-128-cbc's in 0.17s Doing aes-128-cbc for 3s on 64 size blocks: 154781 aes-128-cbc's in 0.17s Doing aes-128-cbc for 3s on 256 size blocks: 124542 aes-128-cbc's in 0.13s Doing aes-128-cbc for 3s on 1024 size blocks: 69869 aes-128-cbc's in 0.10s Doing aes-128-cbc for 3s on 8192 size blocks: 13602 aes-128-cbc's in 0.04s OpenSSL 1.0.1c 10 May 2012 built on: date not available options:bn(64,32) rc4(4x,int) des(ptr,risc1,16,long) aes(partial) idea(int) blowfish(idx) compiler: information not available The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 15336.38k58270.49k 245251.94k 715458.56k 2785689.60k Sometime these things are so simple but the information isn't findable. I hope that people stumbling upon this problem as find this thread. Thanks again, Wessels
Re: OpenBSD 5.5 support for hw crypto in OpenSSL
Otto thanks for the warning. Any details about why it was disabled? Anyhow tomorrow I'll begin further testing but things do look good. Many thanks all. I was a bit afraid that I hit nasty bug but not sofar. Kind regards, Wessels On Mon, Jun 9, 2014 at 10:21 PM, Otto Moerbeek o...@drijf.net wrote: On Mon, Jun 09, 2014 at 10:11:08PM +0200, wessels wrote: Thanks Sime, yes setting kern.usercrypto=1 did the trick. Apparently in OpenBSD 4.4 that was enabled by default and this was changed in a later release. # sysctl kern.usercrypto=1 kern.usercrypto: 0 - 1 # openssl speed -evp aes-128-cbc -engine cryptodev engine cryptodev set. Doing aes-128-cbc for 3s on 16 size blocks: 162949 aes-128-cbc's in 0.17s Doing aes-128-cbc for 3s on 64 size blocks: 154781 aes-128-cbc's in 0.17s Doing aes-128-cbc for 3s on 256 size blocks: 124542 aes-128-cbc's in 0.13s Doing aes-128-cbc for 3s on 1024 size blocks: 69869 aes-128-cbc's in 0.10s Doing aes-128-cbc for 3s on 8192 size blocks: 13602 aes-128-cbc's in 0.04s OpenSSL 1.0.1c 10 May 2012 built on: date not available options:bn(64,32) rc4(4x,int) des(ptr,risc1,16,long) aes(partial) idea(int) blowfish(idx) compiler: information not available The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 15336.38k58270.49k 245251.94k 715458.56k 2785689.60k Sometime these things are so simple but the information isn't findable. I hope that people stumbling upon this problem as find this thread. Thanks again, Wessels But check if it really helps in your case, and not just openssl speed calls. It was disabled for a reason. -Otto
npppd OpenBSD 5.0
Hi, I did a test install of OpenBSD 5.0 and noticed that npppd is present in the source tree but isn't compiled nor installed. I rebuild everything using yesterdays sources from CVS. A manual build and installation as described in HOWTO_PIPEX_NPPPD.txt does build and install npppd. Is npppd not included by design? If so, why? Second I noticed that only the man page for npppdctl is present. The npppd and npppd.conf man pages are not present yet.Hmm, is this the anwer to my first question?? thanks, Wessels
Re: npppd OpenBSD 5.0
On Tue, Sep 20, 2011 at 4:16 PM, YASUOKA Masahiko yasu...@yasuoka.net wrote: Hello, I'm a maintainer of npppd. On Tue, 20 Sep 2011 14:51:52 +0200 wessels wessels...@gmail.com wrote: I did a test install of OpenBSD 5.0 and noticed that npppd is present in the source tree but isn't compiled nor installed. I rebuild everything using yesterdays sources from CVS. A manual build and installation as described in HOWTO_PIPEX_NPPPD.txt does build and install npppd. Is npppd not included by design? If so, why? There are 2 things to do for npppd. 1. rewrite configuration parser. 2. write man pages. I hope to do these tasks before 5.1. Second I noticed that only the man page for npppdctl is present. The npppd and npppd.conf man pages are not present yet.Hmm, is this the anwer to my first question?? Yes, that is one of reasons. --yasuoka For a moment I thought it was being included in 5.0 already. Is there anything I should be aware of, npppd in it's current state? I'm really looking forward to test this. A lot of devices need l2tp for vpn's and OpenBSD lacked this functionality. Thanks for integrating this project into OpenBSD.