From owner-freebsd-stable@FreeBSD.ORG Thu Jul 10 11:09:08 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 66782106567D for ; Thu, 10 Jul 2008 11:09:08 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from smtp.lamaiziere.net (net.lamaiziere.net [91.121.44.19]) by mx1.freebsd.org (Postfix) with ESMTP id ED6E38FC16 for ; Thu, 10 Jul 2008 11:09:07 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from baby-jane.lamaiziere.net (27.6.192-77.rev.gaoland.net [77.192.6.27]) by smtp.lamaiziere.net (Postfix) with ESMTPA id 8822C633655; Thu, 10 Jul 2008 13:08:21 +0200 (CEST) Received: from baby-jane-lamaiziere-net.local (localhost [127.0.0.1]) by baby-jane.lamaiziere.net (Postfix) with ESMTP id 9D0EC5625E4; Thu, 10 Jul 2008 13:09:05 +0200 (CEST) Date: Thu, 10 Jul 2008 13:09:04 +0200 From: Patrick =?ISO-8859-15?Q?Lamaizi=E8re?= To: Mike Tancsa Message-ID: <20080710130904.6c06fdfb@baby-jane-lamaiziere-net.local> In-Reply-To: <200807091931.m69JVWej032290@lava.sentex.ca> References: <20080606234135.46144207@baby-jane-lamaiziere-net.local> <20080622170507.5ac469d2@baby-jane-lamaiziere-net.local> <200807091931.m69JVWej032290@lava.sentex.ca> Organization: /dave/nulle X-Mailer: Claws Mail 3.3.1 (GTK+ 2.12.9; i386-apple-darwin9.3.0) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 8bit Cc: freebsd-stable@freebsd.org Subject: Re: AMD Geode LX crypto accelerator (glxsb) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 11:09:08 -0000 Le Wed, 09 Jul 2008 15:31:30 -0400, Mike Tancsa a écrit : > Without the module loaded, I can do something simple like > glxsb0: detached > glxsb0: (AES-128-CBC,RNG)> mem 0xa0000000-0xa0003fff irq 10 at device 1.2 on > pci0 # sh s > The result of line 1: Invalid argument. > The result of line 2: Invalid argument. > > What is the proper AES encryption to use for > IPSEC ? Why is there a difference in syntax > ? I've found, i think. The Geode handles only AES with a 128 bits key. When setkey/ipsec opens a crypto session, the driver returns an error (EINVAL) if the key length is != 128. So setkey fails. There is no way to tell to the crypto framework that we can do only AES with 128 bits keys. It is a problem in this case. I don't have any solution, I can just add a BUG section in the man page for this case. Thank you for the report. Regards.