Le Thu, 04 Sep 2008 03:46:52 -0500, "James R. Van Artsdalen" <[EMAIL PROTECTED]> a écrit :
> >> Has Hi/fn stated what kind of random number generator the 7955 has? > >> > >> How is this enabled in FreeBSD 7? I've added these lines to the > >> kernel config file: > >> > >> device crypto # core crypto support > >> device cryptodev # /dev/crypto for access to h/w > >> device hifn # Hifn 7951, 7781, etc. > >> options HIFN_DEBUG # enable debugging support: hw.hifn.debug > >> options HIFN_RNDTEST # enable rndtest support > >> device rndtest # FIPS 140-2 entropy tester > >> > >> I'm not convinced it's being used instead of the kernal's Yarrow > >> code. > >> > > > > It should work. > > By default rndtest only reports failure, use the sysctl > > kern.rndtest.verbose=2 (not sure for the sysctl, something like > > that) to reports success. > > > > > Thanks. rndtest is working but the hifn is apparently not being used > by openssl at all - hifnstats reports no activity as a result of > "openssl speed". cryptostats reports no activity either. cryptotest > does result in some activity in cryptostats and hifnstats so it may > be an openssl issue with /dev/crypto This is a known bug on FreeBSD 7. OPenssl does not use the cryptodev engine by default. See http://unix.derkeiler.com/Mailing-Lists/FreeBSD/hackers/2008-06/msg00076.html > It's still not clear if the kernel is using the hifn for random > numbers or not. And even if it is, I can't find any indication of > what sort of RNG hifn uses or how good it is. I can't tell if it provides good random numbers or not. If rndtest does not report failure it looks good IMHO. Rndtest feeds the random subsystem if the random datas provided by hifn are good. Without rndtest, hifn feeds directly the random subsytem. Regards. _______________________________________________ Soekris-tech mailing list [email protected] http://lists.soekris.com/mailman/listinfo/soekris-tech
