VIA/ACE PadLock integration with crypto(9).
Pawel Jakub Dawidek
pjd at FreeBSD.org
Sat Aug 13 07:46:55 GMT 2005
On Sat, Aug 13, 2005 at 01:45:44AM -0400, Mike Tancsa wrote:
+> Is there something else that needs to be done to tell crypto(4) or FAST_IPSEC to use the "hardware" in this case ?
I'm not sure why you need to set net.inet.ipsec.crypto_support to 1 for
this. Shouldn't be needed.
If you want to figure it out, you may place debug print into
sys/opencrypto/crypto.c, there is a crypto_newsession function and you
need to change this:
/* See if all the algorithms are supported. */
for (cr = cri; cr; cr = cr->cri_next)
if (cap->cc_alg[cr->cri_alg] == 0)
break;
into something like this:
/* See if all the algorithms are supported. */
for (cr = cri; cr; cr = cr->cri_next)
if (cap->cc_alg[cr->cri_alg] == 0) {
printf("IPSEC: Unsupported algorithm: %d.\n",
cr->cri_alg);
break;
}
+> Also, I came across a small ipsec bug while testing
+>
+> http://www.freebsd.org/cgi/query-pr.cgi?pr=84860
It could be RELENG_5 specific, as it uses rijndael implementation
which was removed after RELENG_5 (there is no sys/opencrypto/rijndael.c
anymore). Maybe rijndael version from sys/crypto/ handles it better?
This needs to be verified.
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20050813/9bccb4a4/attachment.bin
More information about the freebsd-current
mailing list