Is it possible to add block ciphers for Cavium octeon

OpenVPN 2.5.2 mips64-openwrt-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library version: OpenSSL 1.1.1k 25 Mar 2021

This gave:
(dynamic) Dynamic engine loading support
[ unavailable ]

No idea as to what you are running, or on what device. But, to your statement above regarding your WRT3200ACM device this

script
#!/bin/sh
#########
printf '********  Test openssl  *********\n' > /tmp/junk
date >> /tmp/junk
printf '\n*********************************\n' >> /tmp/junk
cat /etc/openwrt_release >> /tmp/junk
uname -a >> /tmp/junk
printf '\n*********************************\n' >> /tmp/junk
printf '*** openssl engine -t -c -vv ***\n' >> /tmp/junk
openssl engine -t -c -vv >> /tmp/junk
printf '\n*********************************\n' >> /tmp/junk
printf '\n*** openssl engine -pre DUMP_INFO devcrypto ***\n' >> /tmp/junk
openssl engine -pre DUMP_INFO devcrypto >> /tmp/junk 2>&1
printf '\n*********************************\n' >> /tmp/junk
printf '\nRunning *--> time -v openssl speed -elapsed -evp AES-128-CBC -engine devcrypto <--*\n\n' >> /tmp/junk
time -v openssl speed -elapsed -evp AES-128-CBC -engine devcrypto >> /tmp/junk 2>&1
printf '\n*********************************\n' >> /tmp/junk
printf '\nRunning *--> time -v openssl speed -elapsed -evp AES-256-ECB -engine devcrypto <--*\n\n' >> /tmp/junk
time -v openssl speed -elapsed -evp AES-256-ECB -engine devcrypto >> /tmp/junk 2>&1
printf '\n*********************************\n' >> /tmp/junk
printf '\nRunning *--> time -v openssl speed -elapsed -evp AES-256-GCM -engine devcrypto <--*\n\n' >> /tmp/junk
time -v openssl speed -elapsed -evp AES-256-GCM -engine devcrypto >> /tmp/junk 2>&1
printf '\n*********************************\n' >> /tmp/junk
printf '\nRunning *--> time -v openssl speed -elapsed -evp CHACHA20-POLY1305 -engine devcrypto <--*\n\n' >> /tmp/junk
time -v openssl speed -elapsed -evp CHACHA20-POLY1305 -engine devcrypto >> /tmp/junk 2>&1
####
printf '\n*********************************\n' >> /tmp/junk
printf '\nRunning *--> time -v openssl speed -elapsed -evp SHA256 -engine devcrypto <--*\n\n' >> /tmp/junk
time -v openssl speed -elapsed -evp SHA256 -engine devcrypto >> /tmp/junk 2>&1
printf '\n*********************************\n' >> /tmp/junk
printf '\nRunning *--> time -v openssl speed -elapsed -evp MD5 <--*\n\n' >> /tmp/junk
time -v openssl speed -elapsed -evp MD5 >> /tmp/junk 2>&1
printf '\n*********************************\n' >> /tmp/junk
###
# openssl speed -evp chacha20-poly1305 2>/dev/null && openssl speed -evp aes-256-gcm 2>/dev/null | grep '^aes'

yields this

data dump
********  Test openssl  *********
Wed Jun  2 09:55:38 MDT 2021

*********************************
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='SNAPSHOT'
DISTRIB_REVISION='r16837-e002179a6d'
DISTRIB_TARGET='mvebu/cortexa9'
DISTRIB_ARCH='arm_cortex-a9_vfpv3'
DISTRIB_DESCRIPTION='OpenWrt SNAPSHOT r16837-e002179a6d'
DISTRIB_TAINTS='no-all busybox'
Linux bsaedgy 5.10.41 #0 SMP Fri May 28 13:35:32 2021 armv7l GNU/Linux

*********************************
*** openssl engine -t -c -vv ***
(dynamic) Dynamic engine loading support
     [ unavailable ]
     SO_PATH: Specifies the path to the new ENGINE shared library
     NO_VCHECK: Specifies to continue even if version checking fails (boolean)
     ID: Specifies an ENGINE id name for loading
     LIST_ADD: Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)
     DIR_LOAD: Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)
     DIR_ADD: Adds a directory from which ENGINEs can be loaded
     LOAD: Load up the ENGINE specified by other settings
(devcrypto) /dev/crypto engine
 [DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-ECB, AES-192-ECB, AES-256-ECB]
     [ available ]
     USE_SOFTDRIVERS: specifies whether to use software (not accelerated) drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use if acceleration can't be determined) [default=2]
     CIPHERS: either ALL, NONE, or a comma-separated list of ciphers to enable [default=ALL]
     DIGESTS: either ALL, NONE, or a comma-separated list of digests to enable [default=NONE]
     DUMP_INFO: dump info about each algorithm to stderr; use 'openssl engine -pre DUMP_INFO devcrypto'

*********************************

*** openssl engine -pre DUMP_INFO devcrypto ***
(devcrypto) /dev/crypto engine
Information about ciphers supported by the /dev/crypto engine:
Cipher DES-CBC, NID=31, /dev/crypto info: id=1, driver=mv-cbc-des (hw accelerated)
Cipher DES-EDE3-CBC, NID=44, /dev/crypto info: id=2, driver=mv-cbc-des3-ede (hw accelerated)
Cipher BF-CBC, NID=91, /dev/crypto info: id=3, CIOCGSESSION (session open call) failed
Cipher CAST5-CBC, NID=108, /dev/crypto info: id=4, CIOCGSESSION (session open call) failed
Cipher AES-128-CBC, NID=419, /dev/crypto info: id=11, driver=mv-cbc-aes (hw accelerated)
Cipher AES-192-CBC, NID=423, /dev/crypto info: id=11, driver=mv-cbc-aes (hw accelerated)
Cipher AES-256-CBC, NID=427, /dev/crypto info: id=11, driver=mv-cbc-aes (hw accelerated)
Cipher RC4, NID=5, /dev/crypto info: id=12, CIOCGSESSION (session open call) failed
Cipher AES-128-CTR, NID=904, /dev/crypto info: id=21, CIOCGSESSION (session open call) failed
Cipher AES-192-CTR, NID=905, /dev/crypto info: id=21, CIOCGSESSION (session open call) failed
Cipher AES-256-CTR, NID=906, /dev/crypto info: id=21, CIOCGSESSION (session open call) failed
Cipher AES-128-ECB, NID=418, /dev/crypto info: id=23, driver=mv-ecb-aes (hw accelerated)
Cipher AES-192-ECB, NID=422, /dev/crypto info: id=23, driver=mv-ecb-aes (hw accelerated)
Cipher AES-256-ECB, NID=426, /dev/crypto info: id=23, driver=mv-ecb-aes (hw accelerated)

Information about digests supported by the /dev/crypto engine:
Digest MD5, NID=4, /dev/crypto info: id=13, driver=mv-md5 (hw accelerated), CIOCCPHASH capable
Digest SHA1, NID=64, /dev/crypto info: id=14, driver=mv-sha1 (hw accelerated), CIOCCPHASH capable
Digest RIPEMD160, NID=117, /dev/crypto info: id=102, driver=unknown. CIOCGSESSION (session open) failed
Digest SHA224, NID=675, /dev/crypto info: id=103, driver=sha224-neon (software), CIOCCPHASH capable
Digest SHA256, NID=672, /dev/crypto info: id=104, driver=mv-sha256 (hw accelerated), CIOCCPHASH capable
Digest SHA384, NID=673, /dev/crypto info: id=105, driver=sha384-neon (software), CIOCCPHASH capable
Digest SHA512, NID=674, /dev/crypto info: id=106, driver=sha512-neon (software), CIOCCPHASH capable

[Success]: DUMP_INFO

*********************************

Running *--> time -v openssl speed -elapsed -evp AES-128-CBC -engine devcrypto <--*

engine "devcrypto" set.
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 260302 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 253762 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 229526 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 161020 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 37610 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 20191 aes-128-cbc's in 3.00s
OpenSSL 1.1.1k  25 Mar 2021
built on: Fri May 28 13:35:32 2021 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr) 
compiler: ccache_cc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/home/kc/wrtpac/source/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DZLIB_SHARED -DNDEBUG -DPIC -DOPENSSL_PREFER_CHACHA_OVER_GCM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc       1388.28k     5413.59k    19586.22k    54961.49k   102700.37k   110269.78k
	Command being timed: "openssl speed -elapsed -evp AES-128-CBC -engine devcrypto"
	User time (seconds): 0.32
	System time (seconds): 5.09
	Percent of CPU this job got: 30%
	Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 18.08s
	Average shared text size (kbytes): 0
	Average unshared data size (kbytes): 0
	Average stack size (kbytes): 0
	Average total size (kbytes): 0
	Maximum resident set size (kbytes): 13552
	Average resident set size (kbytes): 0
	Major (requiring I/O) page faults: 0
	Minor (reclaiming a frame) page faults: 155
	Voluntary context switches: 962541
	Involuntary context switches: 86
	Swaps: 0
	File system inputs: 0
	File system outputs: 0
	Socket messages sent: 0
	Socket messages received: 0
	Signals delivered: 0
	Page size (bytes): 4096
	Exit status: 0

*********************************

Running *--> time -v openssl speed -elapsed -evp AES-256-ECB -engine devcrypto <--*

engine "devcrypto" set.
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-256-ecb for 3s on 16 size blocks: 262347 aes-256-ecb's in 3.00s
Doing aes-256-ecb for 3s on 64 size blocks: 271910 aes-256-ecb's in 3.00s
Doing aes-256-ecb for 3s on 256 size blocks: 242784 aes-256-ecb's in 3.00s
Doing aes-256-ecb for 3s on 1024 size blocks: 156384 aes-256-ecb's in 3.00s
Doing aes-256-ecb for 3s on 8192 size blocks: 34383 aes-256-ecb's in 3.00s
Doing aes-256-ecb for 3s on 16384 size blocks: 18275 aes-256-ecb's in 3.00s
OpenSSL 1.1.1k  25 Mar 2021
built on: Fri May 28 13:35:32 2021 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr) 
compiler: ccache_cc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/home/kc/wrtpac/source/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DZLIB_SHARED -DNDEBUG -DPIC -DOPENSSL_PREFER_CHACHA_OVER_GCM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-256-ecb       1399.18k     5800.75k    20717.57k    53379.07k    93888.51k    99805.87k
	Command being timed: "openssl speed -elapsed -evp AES-256-ECB -engine devcrypto"
	User time (seconds): 0.29
	System time (seconds): 5.02
	Percent of CPU this job got: 29%
	Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 18.08s
	Average shared text size (kbytes): 0
	Average unshared data size (kbytes): 0
	Average stack size (kbytes): 0
	Average total size (kbytes): 0
	Maximum resident set size (kbytes): 13520
	Average resident set size (kbytes): 0
	Major (requiring I/O) page faults: 0
	Minor (reclaiming a frame) page faults: 155
	Voluntary context switches: 986207
	Involuntary context switches: 108
	Swaps: 0
	File system inputs: 0
	File system outputs: 0
	Socket messages sent: 0
	Socket messages received: 0
	Signals delivered: 0
	Page size (bytes): 4096
	Exit status: 0

*********************************

Running *--> time -v openssl speed -elapsed -evp AES-256-GCM -engine devcrypto <--*

engine "devcrypto" set.
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-256-gcm for 3s on 16 size blocks: 6055328 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 64 size blocks: 1751252 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 256 size blocks: 481985 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 1024 size blocks: 133765 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 8192 size blocks: 17130 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 16384 size blocks: 8517 aes-256-gcm's in 3.00s
OpenSSL 1.1.1k  25 Mar 2021
built on: Fri May 28 13:35:32 2021 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr) 
compiler: ccache_cc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/home/kc/wrtpac/source/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DZLIB_SHARED -DNDEBUG -DPIC -DOPENSSL_PREFER_CHACHA_OVER_GCM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-256-gcm      32295.08k    37360.04k    41129.39k    45658.45k    46776.32k    46514.18k
	Command being timed: "openssl speed -elapsed -evp AES-256-GCM -engine devcrypto"
	User time (seconds): 17.92
	System time (seconds): 0.06
	Percent of CPU this job got: 99%
	Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 18.08s
	Average shared text size (kbytes): 0
	Average unshared data size (kbytes): 0
	Average stack size (kbytes): 0
	Average total size (kbytes): 0
	Maximum resident set size (kbytes): 13648
	Average resident set size (kbytes): 0
	Major (requiring I/O) page faults: 0
	Minor (reclaiming a frame) page faults: 158
	Voluntary context switches: 130
	Involuntary context switches: 198
	Swaps: 0
	File system inputs: 0
	File system outputs: 0
	Socket messages sent: 0
	Socket messages received: 0
	Signals delivered: 0
	Page size (bytes): 4096
	Exit status: 0

*********************************

Running *--> time -v openssl speed -elapsed -evp CHACHA20-POLY1305 -engine devcrypto <--*

engine "devcrypto" set.
You have chosen to measure elapsed time instead of user CPU time.
Doing chacha20-poly1305 for 3s on 16 size blocks: 9780565 chacha20-poly1305's in 3.00s
Doing chacha20-poly1305 for 3s on 64 size blocks: 4474904 chacha20-poly1305's in 3.00s
Doing chacha20-poly1305 for 3s on 256 size blocks: 2096577 chacha20-poly1305's in 3.00s
Doing chacha20-poly1305 for 3s on 1024 size blocks: 583047 chacha20-poly1305's in 3.00s
Doing chacha20-poly1305 for 3s on 8192 size blocks: 75499 chacha20-poly1305's in 3.00s
Doing chacha20-poly1305 for 3s on 16384 size blocks: 37774 chacha20-poly1305's in 3.00s
OpenSSL 1.1.1k  25 Mar 2021
built on: Fri May 28 13:35:32 2021 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr) 
compiler: ccache_cc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/home/kc/wrtpac/source/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DZLIB_SHARED -DNDEBUG -DPIC -DOPENSSL_PREFER_CHACHA_OVER_GCM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
chacha20-poly1305    52163.01k    95464.62k   178907.90k   199013.38k   206162.60k   206296.41k
	Command being timed: "openssl speed -elapsed -evp CHACHA20-POLY1305 -engine devcrypto"
	User time (seconds): 17.99
	System time (seconds): 0.02
	Percent of CPU this job got: 99%
	Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 18.08s
	Average shared text size (kbytes): 0
	Average unshared data size (kbytes): 0
	Average stack size (kbytes): 0
	Average total size (kbytes): 0
	Maximum resident set size (kbytes): 13680
	Average resident set size (kbytes): 0
	Major (requiring I/O) page faults: 0
	Minor (reclaiming a frame) page faults: 157
	Voluntary context switches: 130
	Involuntary context switches: 130
	Swaps: 0
	File system inputs: 0
	File system outputs: 0
	Socket messages sent: 0
	Socket messages received: 0
	Signals delivered: 0
	Page size (bytes): 4096
	Exit status: 0

*********************************

Running *--> time -v openssl speed -elapsed -evp SHA256 -engine devcrypto <--*

engine "devcrypto" set.
You have chosen to measure elapsed time instead of user CPU time.
Doing sha256 for 3s on 16 size blocks: 1794964 sha256's in 3.00s
Doing sha256 for 3s on 64 size blocks: 1359571 sha256's in 3.00s
Doing sha256 for 3s on 256 size blocks: 784374 sha256's in 3.00s
Doing sha256 for 3s on 1024 size blocks: 292741 sha256's in 3.00s
Doing sha256 for 3s on 8192 size blocks: 42555 sha256's in 3.00s
Doing sha256 for 3s on 16384 size blocks: 21613 sha256's in 3.01s
OpenSSL 1.1.1k  25 Mar 2021
built on: Fri May 28 13:35:32 2021 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr) 
compiler: ccache_cc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/home/kc/wrtpac/source/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DZLIB_SHARED -DNDEBUG -DPIC -DOPENSSL_PREFER_CHACHA_OVER_GCM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
sha256            9573.14k    29004.18k    66933.25k    99922.26k   116203.52k   117643.65k
	Command being timed: "openssl speed -elapsed -evp SHA256 -engine devcrypto"
	User time (seconds): 17.96
	System time (seconds): 0.05
	Percent of CPU this job got: 99%
	Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 18.08s
	Average shared text size (kbytes): 0
	Average unshared data size (kbytes): 0
	Average stack size (kbytes): 0
	Average total size (kbytes): 0
	Maximum resident set size (kbytes): 13616
	Average resident set size (kbytes): 0
	Major (requiring I/O) page faults: 0
	Minor (reclaiming a frame) page faults: 157
	Voluntary context switches: 64
	Involuntary context switches: 78
	Swaps: 0
	File system inputs: 0
	File system outputs: 0
	Socket messages sent: 0
	Socket messages received: 0
	Signals delivered: 0
	Page size (bytes): 4096
	Exit status: 0

*********************************

Running *--> time -v openssl speed -elapsed -evp MD5 <--*

You have chosen to measure elapsed time instead of user CPU time.
Doing md5 for 3s on 16 size blocks: 2437862 md5's in 3.00s
Doing md5 for 3s on 64 size blocks: 2017755 md5's in 3.00s
Doing md5 for 3s on 256 size blocks: 1329921 md5's in 3.00s
Doing md5 for 3s on 1024 size blocks: 557578 md5's in 3.00s
Doing md5 for 3s on 8192 size blocks: 89471 md5's in 3.00s
Doing md5 for 3s on 16384 size blocks: 45488 md5's in 3.00s
OpenSSL 1.1.1k  25 Mar 2021
built on: Fri May 28 13:35:32 2021 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr) 
compiler: ccache_cc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=hard -Wformat -Werror=format-security -DPIC -fpic -fstack-protector-strong -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -O3 -DPIC -fpic -ffunction-sections -fdata-sections -fpic -specs=/home/kc/wrtpac/source/include/hardened-ld-pie.specs -znow -zrelro -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DZLIB_SHARED -DNDEBUG -DPIC -DOPENSSL_PREFER_CHACHA_OVER_GCM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
md5              13001.93k    43045.44k   113486.59k   190319.96k   244315.48k   248425.13k
	Command being timed: "openssl speed -elapsed -evp MD5"
	User time (seconds): 17.92
	System time (seconds): 0.05
	Percent of CPU this job got: 99%
	Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 18.08s
	Average shared text size (kbytes): 0
	Average unshared data size (kbytes): 0
	Average stack size (kbytes): 0
	Average total size (kbytes): 0
	Maximum resident set size (kbytes): 13616
	Average resident set size (kbytes): 0
	Major (requiring I/O) page faults: 0
	Minor (reclaiming a frame) page faults: 157
	Voluntary context switches: 64
	Involuntary context switches: 1144
	Swaps: 0
	File system inputs: 0
	File system outputs: 0
	Socket messages sent: 0
	Socket messages received: 0
	Signals delivered: 0
	Page size (bytes): 4096
	Exit status: 0

*********************************

from a master image on a rango using devcrypto with the CESA unit in play.

Is that GUI for imagebuilder or something else? I have seen pictures of it sometimes before but what build program is it?

I build from source. It's the make kernel_menuconfig. I don't know if it's available in imagebuilders or not (I've never used imagebuilder).

I have recently started using imagebuilder to preinstall packages, works well but I don’t think this operation is possible.

But if the prize is crypto engine on ER4 then probably it makes it worth learning.

I added the first Octeon3 target to the OpenWrt repo in the form of the Itus Shield - You'll have to build from source in order to change the -march for the target from -march=octeon+ to -march=octeon3. I can tell neither @damex or I could quantify an increase overall, at least not enough to justify a new octeon3 target :frowning: EDIT: at least, not yet.. as more Octeon3 devices come up, that should change I hope

But, if you build from source, you can do everything imagebuilder can do, and more, as long as you have the patience to build it out (depending on the hardware, it can be a few hours)

1 Like

It was you that gave me the code, you never said anything about a script. And the answer on the command was only “dynamic”.

Your other commands was ifs and the ifs never appeared.

The device is ER4, it is kind of the whole discussion about Octegon crypto acceleration.
I have mentioned 21.02-rc1 many times in this post.

I far as I have learned imagebuilder is only a “shopping bag” of precompiled packages that it put (build) together to the final binary to install.

Speed increase…haha this starts to be bisarre😂. We have the speed increase already. It goes so fast that we belive its broken or something🤪
But we can’t find any fault either other than the speed of course that is to fast🤔

Just as a FYI, according to Marvell:
40Gbps of security performance with support for new crypto algorithms such as ECC, SHA2/SHA3, Camellia, ZUC besides the bulk crypto of MD5, DES/3DES, AES, and high SSL transaction rates for large key sizes

From https://www.marvell.com/content/dam/marvell/en/public-collateral/embedded-processors/marvell-infrastructure-processors-octeon-iii-cn70xx-71xx-ap-product-brief-2019.pdf Pg 4

So, those seem to be the supported HW Crypto accels

1 Like

No, the issue is that setting an Octeon3 target means the ER/ERLite would no longer be supported, as they are OcteonII and Octeon+ respectively. :frowning: So.. we work at the lowest common denominator until there are enough devices to justify the cost to build on the build servers on a new target for just Octeon3.

So in practical terms if we put everything together that simply means my 300$ metal black box business grade 19” (with mounting rack) router with some LED on it right now do what it is made to do (run cryptos fast) and make my HD movies run really fast when I am on the go. It shouldn’t work but it does work anyway. Isn’t that great news?:sunglasses:

I had some thoughts if it was the earlier auto chosen TLS1.3 software operated ChaCha20 crypto that was slow. I stopped that auto chosen crypto and manually commanded TLS1.2 and a suite called TLS_DHE_RSA_AES-256-CGM_SHA-256 to make some order to the DH key exchange. But all those cryptos in that suite would have fitted the Octegon processor like a hand in a glove. I think this could have been the point when the VPN speed took off with the ER4.

I actually ran a Netflix speed test through the VPN tunnel today and it measured 37Mbit/s.

The funny thing is that Apple have their status on crypto acceleration in iPhones put to really top secret, but iOS is on the other hand encrypted so the word on the street is that iPhone is also crypto accelerated. So that means I now run crypto optimized hardwares agains each other.

The question isn't if it's fast, it's is it as fast as it COULD be..

Example: Using OpenVPN rather than Wireguard. Both work, WG (from my experiences) has a MUCH faster throughput since it operates at the Interface rather than Application layers.. But! It also means Split-tunnel isn't available. So, it's up to your use case.

But yes, one of the issues we faced was that we couldn't quantify actually performance increases from moving from Octeon+ to Octeon3 on the test devices to the point it was worth spinning it off..

One thing I should note.. If you decide to go build from source and play with this on your own, if you change the target options to the -march=octeon3 you'll also need to build out ALL of the packages (or just include them in the image) as I've never been able to get the OpenWrt package repos to accept the Octeon3 arch type for use with opkg.

So, you can build out ALL packages (which is a total PITA) or include the packages you need/want at the build time. At one point, before the Shield was included into the Upstream, I was supported the entire base (https://github.com/Grommish/shield_opkgs) because of this. I eventually realized there wasn't a need vs gain and just stuck with the Octeon+ for ease of use.

As I mentioned earlier in the tread. I tested Wireguard once and it was fast but it never used the encrypted tunnel.
The program just said it had a connected VPN tunnel until I actually tested it and it failed in all the tests. But it was really simple tests but total failure anyway.

Yes they have 5000lines of code (less than OpenVPN), that is their whole commercial. They never say anywhere it actually works.

Now OpenVPN is fast and it once again pass all test I can trow at it.

1 Like

Yes, the reason WG found its way upstream to linux.org is because it does not work.

1 Like

Is it still Inop in the 5.10 kernel?n I've not messed with WG in a while

1 Like

Don’t be offended, I have been good att making high grade quality test my whole life😄
I have broken so many unbreakable things a lot faster than i broke Wireguard.

But this is security software, failure is not really an option and trust is deserved.

We can’t have a lit up VPN symbol in the smartphone and nothing behind it.

Unsure, I have not really paid any attention since it first hit the stree.

1 Like

Yes, you are amazingly amazing. where many have succeeded, you failed.

When I started using OVPN i found a rumor that said OVPN didn’t use the static keys for handshake protection.

So I then made a bunch of “false/wrong” keys and certs and made a bunch of false config files of them just to see if OpenVPN would see them in different combinations and what it would do if the specified server was a unknown security risk.
Well, It wasn’t any fault on OpenVPN and it never made a connection to a server with any fault in the security keys.