OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
vpn1411 not working in openbsd-3.6

m.champion-syshyperwerk.ch
Date: Mon Aug 30 2004 - 11:48:08 CDT


The vpn1411 crypto chip makes openssh and openssl
hang on a soekris net4501. I know this was covered
some times, but even after following all the suggestions
i couldn't get it working.

I use a current kernel with pcibios0 flags
set to 0x0001 (otherwise hifn0 says: "can't
find mem space 1").

I come only that far with bios version 1.26a.
On 1.24 dmesg says: "hifn0: crypto enabling failed".

symtoms:
# ssh -l root -c blowfish 127.0.0.1 --> works
# ssh -l root -c 3des 127.0.0.1 -> sshd hangs
# openssl speed -elapsed -evp aes-256-cbc
You have chosen to measure elapsed time instead of user CPU time.
To get the most accurate results, try to run this
program when this computer is idle.
Doing aes-256-cbc for 3s on 16 size blocks: -> hangs
# sysctl kern.usercrypto=0
# ssh -l root -c 3des 127.0.0.1 -> works
# openssl speed -elapsed -evp aes-256-cbc
You have chosen to measure elapsed time instead of user CPU time.
To get the most accurate results, try to run this
program when this computer is idle.
Doing aes-256-cbc for 3s on 16 size blocks: 105981 aes-256-cbc's in
3.01s
Doing aes-256-cbc for 3s on 64 size blocks: 30838 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 256 size blocks: 7883 aes-256-cbc's in 3.01s
Doing aes-256-cbc for 3s on 1024 size blocks: 1975 aes-256-cbc's in
3.00s
Doing aes-256-cbc for 3s on 8192 size blocks: 243 aes-256-cbc's in 3.01s
OpenSSL 0.9.7d 17 Mar 2004
built on: date not available
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long)
aes(partial) blowfish(idx)
compiler: information not available
available timing options: USE_TOD HZ=100 [sysconf value]
timing function used: gettimeofday
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192
bytes
aes-256-cbc 564.08k 656.99k 671.51k 673.08k
662.12k

Same behavior with exact the same setup.

Only once there was the message:
Aug 30 15:29:12 soekris /bsd: hifn0: overrun ffffffff
Aug 30 15:29:12 soekris /bsd: hifn0: abort, resetting.
Aug 30 15:29:12 soekris /bsd: hifn0: proc unit did not reset
But I could never reproduce it.

Regards,
Marc

comBIOS ver. 1.26a 20040819 Copyright (C) 2000-2004 Soekris
Engineering.

net45xx

0064 Mbyte Memory CPU 80486 133 Mhz

Pri Mas SAMSUNG CF/ATA LBA 498-16-32 127 Mbyte

Slot Vend Dev ClassRev Cmd Stat CL LT HT Base1 Base2 Int
-------------------------------------------------------------------
0:00:0 1022 3000 06000000 0006 2280 00 00 00 00000000 00000000
0:16:0 13A3 0020 0B400000 0116 0280 10 3C 00 A0000000 A0002000 10
0:18:0 100B 0020 02000000 0107 0290 00 3F 00 0000E001 A0010000 11
0:19:0 100B 0020 02000000 0107 0290 00 3F 00 0000E101 A0011000 05
0:20:0 100B 0020 02000000 0107 0290 00 3F 00 0000E201 A0012000 09

 1 Seconds to automatic boot. Press Ctrl-P for entering Monitor.
Using drive 0, partition 3.
Loading......
probing: pc0 com0 com1 pci mem[639K 63M a20=on]
disk: hd0+
>> OpenBSD/i386 BOOT 2.06
switching console to com0
>> OpenBSD/i386 BOOT 2.06
com0: changing speed to 19200 baud in 5 seconds, change your terminal to
match!

com0: 19200 baud
boot>
booting hd0a:/bsd: 1435884+246568 [58+83936+71571]=0x1c0d60
entry point at 0x100120

[ using 155980 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
        The Regents of the University of California. All rights
reserved.
Copyright (c) 1995-2004 OpenBSD. All rights reserved.
http://www.OpenBSD.org

OpenBSD 3.6 (net4501) #2: Mon Aug 30 15:31:54 CEST 2004
    rootjoshik.chaosys.ch:/usr/src/sys/arch/i386/compile/net4501
cpu0: AMD Am486DX4 W/B or Am5x86 W/B 150 ("AuthenticAMD" 486-class)
cpu0: FPU
real mem = 66691072 (65128K)
avail mem = 57659392 (56308K)
using 839 buffers containing 3436544 bytes (3356K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 20/40/19, BIOS32 rev. 0
0xf7840
pcibios0 at bios0: rev 2.0 0xf0000/0x10000
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc8000/0x9000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
elansc0 at pci0 dev 0 function 0 "AMD ElanSC520 PCI" rev 0x00: product 0
stepping 1.1, CPU clock 133MHz, reset 1<PWRGOOD>
gpio0 at elansc0: 32 pins
hifn0 at pci0 dev 16 function 0 "Hifn 7955/7954" rev 0x00: LZS 3DES ARC4
MD5 SHA1 RNG AES PK, 32KB dram, irq 10
sis0 at pci0 dev 18 function 0 "NS DP83815 10/100" rev 0x00: DP83816A,
irq 11, address 00:00:24:c2:c4:9c
nsphyter0 at sis0 phy 0: DP83815 10/100 integrated, rev. 1
sis1 at pci0 dev 19 function 0 "NS DP83815 10/100" rev 0x00: DP83816A,
irq 5, address 00:00:24:c2:c4:9d
nsphyter1 at sis1 phy 0: DP83815 10/100 integrated, rev. 1
sis2 at pci0 dev 20 function 0 "NS DP83815 10/100" rev 0x00: DP83816A,
irq 9, address 00:00:24:c2:c4:9e
nsphyter2 at sis2 phy 0: DP83815 10/100 integrated, rev. 1
isa0 at mainbus0
isadma0 at isa0
wdc0 at isa0 port 0x1f0/8 irq 14
wd0 at wdc0 channel 0 drive 0: <SAMSUNG CF/ATA>
wd0: 1-sector PIO, LBA, 124MB, 254976 sectors
wd0(wdc0:0:0): using BIOS timings
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
biomask f1c7 netmask ffe7 ttymask ffe7
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
/dev/rwd0a: file system is clean; not checking
mfs: mounting /tmp...
mfs: populating /tmp...
databases: dev
securelevel: kern.securelevel: 0 -> 1
watchdog: kern.watchdog.period: 0 -> 32
watchdog: kern.watchdog.auto: 1 -> 1
hostname: setting hostname to soekris.chaosys.ch...
inet: configuring IP on system interfaces...
route: adding default route...
add net default: gateway 10.88.0.1
pf/nat: configuring and enabling...
pf enabled
syslogd: starting log daemon...
net.inet.esp.enable: 1 -> 1
net.inet.ip.forwarding: 0 -> 1
starting daemons: inetd...ntpd...sshd...isakmpd...done.

(PS: Why is there no interrupt shown for slot 0:00:0.)