DragonFly BSD
DragonFly submit List (threaded) for 2010-01
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: [issue1638] OpenSSL cryptodev patch


From: Jan Lentfer <Jan.Lentfer@xxxxxx>
Date: Wed, 06 Jan 2010 11:08:10 +0100

Thomas Nikolajsen (via DragonFly issue tracker) schrieb:
Thomas Nikolajsen <thomas.nikolajsen@mail.dk> added the comment:

Attached is a patch to enable cryptodev engine support in OpenSSL on Dragonfly.
I have tested this to some extend on a System with VIA C7 and padlock with these results:
[..]

I found some irregularities when using padlock.ko and cyrptodev with openssl.
I am desperatly looking for someone who has crypto hardware other than padlock available
and is whiling to do some testing with me.

I have hifn(4) supported cards, Hi/fn 7955, will try to get test done tonight. Should I just use same commands as in you original post?


you could run the tests as in my original posts, too, to see if it brings any benefits.


but I am actually more interested in this:

# kldload hifn.ko
# openssl engine cryptodev -c
(cryptodev) BSD cryptodev engine
[RSA, DSA, DH, AES-128-CBC]
                            ^^^^^^^^^^^^^
this tells you what ciphers openssl thinks are supported
then create or pick some basic ascii file and do

# openssl enc -aes-128-cbc -engine cryptodev  -in file -out file.enc1
(choose some cipher that openssl says IS supported by cryptodev engine)

then just look (cat, less, vi, w/e) if the file.enc1 is actually encrypted. In my case it wasn't (less will tell you it is binary, but if you open it anyway you can see it is not encrypted).

then

# openssl enc -aes-256-cbc -salt -engine cryptodev -in mbox -out mbox.enc
(choose some cipher that openssl says is NOT supported by cryptodev engine, this will lead to using software encryption)


then just look if this file is actually encrypted.

Thanks for helping out!

Jan

















[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]