From my understanding userland applications use cryptodev to access hardware crypto accelerators. Therefore I don't cared that the "openssl engine" command did not show the padlock engine (but cryptodev). Your dmesg output (the padlock0 detached messages) might appear because you kldload/kldunload the padlock.ko module multiple times?
I updated OpenSSL the following way (shame on me):
The procedure might be or is completely wrong, my intention was just to replace the OpenSSL installation which comes with the base distribution. I did not want to have >>multiple<< OpenSSL versions on my box. I guess it's key to have the shared libs updated under /lib (not /usr/local/lib) so that OpenSSH (without recompiling?!) can use it.
As a test I booted a fresh 7.2-RELEASE, run the scp tests again (gave me 3MBytes/sec), after that I just copied the following libs from my other box (the ones after my dirty OpenSSL update):
With that libs, scp suddenly gave me 4,5MBytes/sec. After a "kldload cryptodev" it was 10MBytes/sec and with top I could see that the CPU utilization moved from userspace to kernel space.
I would be happy if somebody could explain the canonical way to >>replace<< the OpenSSL version of the base distribution with a update from ports. Means avoid having multiple versions of OpenSSL.
On the other hand, I'm waiting for the release of 8.0, which should solve these problems.
cheers,
honk
I updated OpenSSL the following way (shame on me):
Code:
cd /usr/ports/security/openssl
make PREFIX=/ install
The procedure might be or is completely wrong, my intention was just to replace the OpenSSL installation which comes with the base distribution. I did not want to have >>multiple<< OpenSSL versions on my box. I guess it's key to have the shared libs updated under /lib (not /usr/local/lib) so that OpenSSH (without recompiling?!) can use it.
As a test I booted a fresh 7.2-RELEASE, run the scp tests again (gave me 3MBytes/sec), after that I just copied the following libs from my other box (the ones after my dirty OpenSSL update):
Code:
# ll /lib | grep crypto
-rw-r--r-- 1 root wheel 2380268 6 Okt 23:26 libcrypto.a
-r--r--r-- 1 root wheel 1536226 6 Okt 23:26 libcrypto.so.5
With that libs, scp suddenly gave me 4,5MBytes/sec. After a "kldload cryptodev" it was 10MBytes/sec and with top I could see that the CPU utilization moved from userspace to kernel space.
I would be happy if somebody could explain the canonical way to >>replace<< the OpenSSL version of the base distribution with a update from ports. Means avoid having multiple versions of OpenSSL.
On the other hand, I'm waiting for the release of 8.0, which should solve these problems.
cheers,
honk