Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 13 Aug 2005 09:46:36 +0200
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Mike Tancsa <mike@sentex.net>
Cc:        FreeBSD-current <freebsd-current@freebsd.org>
Subject:   Re: VIA/ACE PadLock integration with crypto(9).
Message-ID:  <20050813074636.GH27996@garage.freebsd.pl>
In-Reply-To: <6.2.3.4.0.20050813012441.061d08b0@64.7.153.2>
References:  <20050812134511.GE25162@garage.freebsd.pl> <6.2.3.4.0.20050813012441.061d08b0@64.7.153.2>
next in thread | previous in thread | raw e-mail | index | archive | help 

--poemUeGtc2GQvHuH
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Aug 13, 2005 at 01:45:44AM -0400, Mike Tancsa wrote:
+> Is there something else that needs to be done to tell crypto(4) or FAST_=
IPSEC to use the "hardware" in this case ?

I'm not sure why you need to set net.inet.ipsec.crypto_support to 1 for
this. Shouldn't be needed.

If you want to figure it out, you may place debug print into
sys/opencrypto/crypto.c, there is a crypto_newsession function and you
need to change this:

		/* See if all the algorithms are supported. */
		for (cr =3D cri; cr; cr =3D cr->cri_next)
			if (cap->cc_alg[cr->cri_alg] =3D=3D 0)
				break;

into something like this:

		/* See if all the algorithms are supported. */
		for (cr =3D cri; cr; cr =3D cr->cri_next)
			if (cap->cc_alg[cr->cri_alg] =3D=3D 0) {
				printf("IPSEC: Unsupported algorithm: %d.\n",
				    cr->cri_alg);
				break;
			}

+> Also,   I came across a small ipsec bug while testing
+>=20
+> http://www.freebsd.org/cgi/query-pr.cgi?pr=3D84860

It could be RELENG_5 specific, as it uses rijndael implementation
which was removed after RELENG_5 (there is no sys/opencrypto/rijndael.c
anymore). Maybe rijndael version from sys/crypto/ handles it better?
This needs to be verified.

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--poemUeGtc2GQvHuH
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)

iD8DBQFC/aVcForvXbEpPzQRAuO5AJwNTkCztwtGMjchjRxijH3Juy9+/ACcDj/B
IyUkM7g1fezzhu3yVMw9VDU=
=8aQh
-----END PGP SIGNATURE-----

--poemUeGtc2GQvHuH--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050813074636.GH27996>