Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 24 Jun 2001 18:31:47 +0200
From:      "Karsten W. Rohrbach" <karsten@rohrbach.de>
To:        Dag-Erling Smorgrav <des@ofug.org>
Cc:        Soren Kristensen <soren@soekris.com>, hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject:   Re: Status of encryption hardware support in FreeBSD
Message-ID:  <20010624183147.F52432@mail.webmonster.de>
In-Reply-To: <xzpd77t7st6.fsf@flood.ping.uio.no>; from des@ofug.org on Sun, Jun 24, 2001 at 06:20:53PM %2B0200
References:  <3B33A891.EC712701@soekris.com> <xzpn16x7uao.fsf@flood.ping.uio.no> <20010624181007.C52432@mail.webmonster.de> <xzpd77t7st6.fsf@flood.ping.uio.no>

next in thread | previous in thread | raw e-mail | index | archive | help

--B0nZA57HJSoPbsHY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Dag-Erling Smorgrav(des@ofug.org)@2001.06.24 18:20:53 +0000:
> "Karsten W. Rohrbach" <karsten@rohrbach.de> writes:
> > i think ipsec crypto abstraction into hardware is one side of the medal,
> > but the other side -- to be polished first -- ist getting openssl onto
> > the iron.
>=20
> What you're basically trying to say is that you want a userland
> interface to the crypto hardware, so that OpenSSL can take advatange
> of it if it's present?

yup, exactly. to me it seems to be a major problem to get some unified
api out of openssl adressing fucnctions on the hardware -- i simply do
not know how other crypto chipsets do it, i just investigated the
rainbow board. they got a patch against openssl 0.9.5 i think, that
glues in the driver calls instead of standard lib functions.

>=20
> > as i said, there is a 3.x freebsd driver, would this help?
> > i am not into writing drivers ;-)
>=20
> Allow me to repeat myself: "driver source does not constitute adequate
> documentation.  It helps, but it's neither sufficient nor necessary."

yes yes yes ;-) you are perfectly right here. i just wanrted to mention
that there is an _existant_ driver and patch against the openssl lib,
also some test programs to look if the driver works, for freebsd 3.x.

> A 3.x driver *could* be ported forward to 4.x and 5.x, but the
> required changes are not trivial (newbus, SMPng...) and you'd still
> need sample boards for testing and debugging, and docs for reference
> when you don't understand what the existing driver is trying to do.

sure. my impression with the rainbow guys was, that they are very open
to the opensource community. they supplied a board, (user) docs and the
unreleased driver/openssl code to us and i was very impressed about
their attitude towards people hacking up their stuff *grin*.
alas, i quit the company and i did not even start really hacking on the
code to take it to a place even near to production. i see from their web
page, that they now support freebsd 4.1-release, so it sounds rather
appealing to me...

/k

--=20
> Captain Hook died of jock itch.
KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie
http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n=
et/
karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de
GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE  DF22 3340 4F4E 2964 B=
F46
Please do not remove my address from To: and Cc: fields in mailing lists. 1=
0x

--B0nZA57HJSoPbsHY
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7NhXzM0BPTilkv0YRAsndAJ9N8aGLN2PqQ9JnBnKtyOGQ/uiTzQCgw88h
Js4cenYHfd03bh5Hb2wgQ7s=
=BUvX
-----END PGP SIGNATURE-----

--B0nZA57HJSoPbsHY--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010624183147.F52432>