From owner-freebsd-security@FreeBSD.ORG Tue Apr 13 11:45:44 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CB8416A4CE for ; Tue, 13 Apr 2004 11:45:44 -0700 (PDT) Received: from smtp3b.sentex.ca (smtp3b.sentex.ca [205.211.164.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C2AE43D55 for ; Tue, 13 Apr 2004 11:45:44 -0700 (PDT) (envelope-from mike@sentex.net) Received: from avscan1.sentex.ca (avscan1.sentex.ca [199.212.134.11]) by smtp3b.sentex.ca (8.12.11/8.12.11) with ESMTP id i3DIjgTa026970; Tue, 13 Apr 2004 14:45:42 -0400 (EDT) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by avscan1.sentex.ca (8.12.10/8.12.10) with ESMTP id i3DIjc3x005542; Tue, 13 Apr 2004 14:45:38 -0400 (EDT) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.11/8.12.11) with ESMTP id i3DIjaSP011114; Tue, 13 Apr 2004 14:45:37 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <6.0.3.0.0.20040413144331.056fd350@209.112.4.2> X-Sender: mdtpop@209.112.4.2 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.3.0 Date: Tue, 13 Apr 2004 14:46:52 -0400 To: "Michael W. Lucas" , Poul-Henning Kamp From: Mike Tancsa In-Reply-To: <20040413181943.GA55219@bewilderbeast.blackhelicopters.org> References: <20040408144322.GA83448@bewilderbeast.blackhelicopters.org> <26486.1081437513@critter.freebsd.dk> <20040413181943.GA55219@bewilderbeast.blackhelicopters.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new cc: security@freebsd.org Subject: Re: recommended SSL-friendly crypto accelerator X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Apr 2004 18:45:44 -0000 At 02:19 PM 13/04/2004, Michael W. Lucas wrote: >OK, for the record I asked sam@. He says that the VPN1401 has issues >for (at a minimum) symmetric crypto ops, but he hasn't had time to >investigate and doesn't own a 1401, so... > >So, it looks like my choices are rapidly narrowing. It seems that the >powercrypt cards are well-supported, perhaps I'll give them a call. I think the powercrypt is based on the same HiFn chip and uses the same driver, so it might be hit by the same bug that I am running into both on FreeBSD and OpenBSD. Then again, it could be some issue with openssl as to how it talks to the card. Still, there were reports by one ipsec user on OpenBSD that they had problems with the card and IPSEC. I would love to hear from any FreeBSD or OpenBSD user with the 1401 to see if they can reproduce this bug. ---Mike