[issue1638] OpenSSL cryptodev patch

Jan Lentfer Jan.Lentfer at web.de
Wed Jan 6 02:23:58 PST 2010


Thomas Nikolajsen (via DragonFly issue tracker) schrieb:
Thomas Nikolajsen <thomas.nikolajsen at mail.dk> added the comment:

  
Attached is a patch to enable cryptodev engine support in OpenSSL on Dragonfly.
I have tested this to some extend on a System with VIA C7 and padlock with these results: 
      
[..]

I found some irregularities when using padlock.ko and cyrptodev with openssl.
I am desperatly looking for someone who has crypto hardware other than padlock available
and is whiling to do some testing with me.
    
I have hifn(4) supported cards, Hi/fn 7955, will try to get test done tonight.
Should I just use same commands as in you original post?
  
you could run the tests as in my original posts, too, to see if it 
brings any benefits.

but I am actually more interested in this:

# kldload hifn.ko
# openssl engine cryptodev -c
(cryptodev) BSD cryptodev engine
[RSA, DSA, DH, AES-128-CBC]
                            ^^^^^^^^^^^^^
this tells you what ciphers openssl thinks are supported
then create or pick some basic ascii file and do
# openssl enc -aes-128-cbc -engine cryptodev  -in file -out file.enc1
(choose some cipher that openssl says IS supported by cryptodev engine)
then just look (cat, less, vi, w/e) if the file.enc1 is actually 
encrypted. In my case it wasn't (less will tell you it is binary, but if 
you open it anyway you can see it is not encrypted).

then

# openssl enc -aes-256-cbc -salt -engine cryptodev  -in mbox -out mbox.enc
(choose some cipher that openssl says is NOT supported by cryptodev 
engine, this will lead to using software encryption)

then just look if this file is actually encrypted.

Thanks for helping out!

Jan



















More information about the Submit mailing list