Re: How to enable hw crypto?
openssl speed -evp algo works like a charm. Thanks for the info. Though the manpage on the speed test is a bit misleading: SPEED openssl speed [aes] [aes-128-cbc] [aes-192-cbc] [aes-256-cbc] [blowfish] [bf-cbc] [cast] [cast-cbc] [des] [des-cbc] [des-ede3] [dsa] [dsa512] [dsa1024] [dsa2048] [hmac] [md2] [md4] [md5] [rc2] [rc2-cbc] [rc4] [rmd160] [rsa] [rsa512] [rsa1024] [rsa2048] [rsa4096] [sha1] [-decrypt] [-elapsed] [-mr] [-engine id] [-evp e] [-multi number] On FreeBSD, I was able to get the hw crypto to work with: openssl speed algo -evp -engine cryptodev Apparently on OpenBSD, I really don't need to specify the -engine but I do need to insert -evp between speed and algo. Odd. But I am happy to get it finally talk to the hw crypto. Winston On 6/2/06, jared r r spiegel [EMAIL PROTECTED] wrote: On Fri, Jun 02, 2006 at 05:23:40PM -0700, Winston wrote: I have tried the following command to get the hw crypto to work: openssl speed des-cbc -engine cryptodev But the result I got is pretty much the same if I don't specify the cryptodev engine. The crypto card I have is hifn7956. I tried to compile hifn7751.c by commenting out #undef HIFN_DEBUG, hoping to get some debug msgs, but I got none. So the hifn driver is not really called. On FreeBSD I need to specify a -evp flag, However, if I specify -evp, it say no EVP given. So it looks like that I need to provide a parameter to -evp. But I have no idea what are valid parms. On FreeBSD, -evp with no parm is OK. Environ: OpenBSD ver: 3.8 Processor: Intel Xeon 2.8G. Winston http://marc.theaimsgroup.com/?l=openbsd-miscw=2r=1s=openssl+speed+evpq=b i believe usercrypto is 1 by default now -- jared [ openbsd 3.9-current GENERIC ( may 1 ) // i386 ]
Re: How to enable hw crypto?
Theo de Raadt wrote: I thought my mail was clear enough. Not necessarily. This thread was originally about the Hifn 7956 whereas my interest is in the 7955. You stated that about a year ago Hifn policies changed and that they decided they would no longer provide documentation. I know the 7955 and the 7956 come from the same product line, but since you did not address the 7955 specifically there was an outside chance that OpenBSD had received full documentation for the 7955 before this Hifn policy change, but then suffered for documentation on the 7956. Thus my request for clarification. I suppose that your message would be clear to a developer familiar with the hardware. I do not know the differences between these two parts. Is the 7956 merely a higher clocked part, or does it differ in implementation from the 7955? Since they are part of the same product line it would logically follow that they were implemented identically. However, how many companies have different implementations across the same part number, let alone product lines? I am merely covering all the possibilities left open by your message. I suppose it is safe to assume by your reply that the two parts utilize the same implementation but that the 7956 is a higher clock than the 7955. In other words, the people in the 7955 message thread are fscked as well. In any case, I guess it is time to send Hifn an email and let them know that they are losing future sales as a result of this change in policy. I suggest that other owners of Hifn products follow suit. I am also going to send a message to Soekris expressing my displeasure at the fact that their product sales page for the vpn1411 lists it as fully supported by OpenBSD when that is obviously not the case. As a Hifn technology implementer I would hope that Soekris would also pass their concern about this documentation issue back up the chain to Hifn. On that note, does anyone in the project have an email address or two for Hifn? Specifically an address for someone who would have maximum impact on the policy decision making process. Breeno
Re: How to enable hw crypto?
On 6/2/06, Winston [EMAIL PROTECTED] wrote: I have tried the following command to get the hw crypto to work: openssl speed des-cbc -engine cryptodev But the result I got is pretty much the same if I don't specify the cryptodev engine. The crypto card I have is hifn7956. Who made the card you have with a hifn7956 processor? Can you at least provide a bit more information/dmesg? More information would not help. We know you won't fix it. The problem is that we know there is a bug of some sort. We still don't know if it is hardware, or more likely -- if it is software. We just don't know. About a year ago HIFN policies changed and they decided that they would no longer give us documentation. They insisted on a NDA for each developer. Well, suffice to say this changed our attitude, and we started caring a whole lot less. Yes, at the same time the various people who worked on the hifn driver had already decided hifn is boring, but it sure does not help when a vendor is openly hostile. Yes, openly. By rejecting us they were saying they did not give a damn about you -- the users buyers of their products. I can hardly think of any way a hardware manufacturer could be more clear about how they feel about their customers. So it does not really matter if you give further debugging information. There is some bug, and we don't know what it is, and I wish it was fixed because in some way we find it embarrassing to have something not work in OpenBSD, but hey, what can we really do?
Re: How to enable hw crypto?
Theo de Raadt wrote: So it does not really matter if you give further debugging information. There is some bug, and we don't know what it is, and I wish it was fixed because in some way we find it embarrassing to have something not work in OpenBSD, but hey, what can we really do? Theo, Does this apply to the 7955 as well? When did Hifn stop providing documentation? Breeno
Re: How to enable hw crypto?
Theo wrote: So it does not really matter if you give further debugging information. There is some bug, and we don't know what it is, and I wish it was fixed because in some way we find it embarrassing to have something not work in OpenBSD, but hey, what can we really do? Answer: http://www.vendorwatch.org/index.php?title=Main_Page Kind regards, Sebastian
Re: How to enable hw crypto?
On Fri, Jun 02, 2006 at 05:23:40PM -0700, Winston wrote: I have tried the following command to get the hw crypto to work: openssl speed des-cbc -engine cryptodev But the result I got is pretty much the same if I don't specify the cryptodev engine. The crypto card I have is hifn7956. I tried to compile hifn7751.c by commenting out #undef HIFN_DEBUG, hoping to get some debug msgs, but I got none. So the hifn driver is not really called. On FreeBSD I need to specify a -evp flag, However, if I specify -evp, it say no EVP given. So it looks like that I need to provide a parameter to -evp. But I have no idea what are valid parms. On FreeBSD, -evp with no parm is OK. Environ: OpenBSD ver: 3.8 Processor: Intel Xeon 2.8G. Winston http://marc.theaimsgroup.com/?l=openbsd-miscw=2r=1s=openssl+speed+evpq=b i believe usercrypto is 1 by default now -- jared [ openbsd 3.9-current GENERIC ( may 1 ) // i386 ]
Re: How to enable hw crypto?
On 6/2/06, Winston [EMAIL PROTECTED] wrote: I have tried the following command to get the hw crypto to work: openssl speed des-cbc -engine cryptodev But the result I got is pretty much the same if I don't specify the cryptodev engine. The crypto card I have is hifn7956. Who made the card you have with a hifn7956 processor? Can you at least provide a bit more information/dmesg?