Date: Sun, 24 Jun 2001 18:31:47 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Dag-Erling Smorgrav <des@ofug.org> Cc: Soren Kristensen <soren@soekris.com>, hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Status of encryption hardware support in FreeBSD Message-ID: <20010624183147.F52432@mail.webmonster.de> In-Reply-To: <xzpd77t7st6.fsf@flood.ping.uio.no>; from des@ofug.org on Sun, Jun 24, 2001 at 06:20:53PM %2B0200 References: <3B33A891.EC712701@soekris.com> <xzpn16x7uao.fsf@flood.ping.uio.no> <20010624181007.C52432@mail.webmonster.de> <xzpd77t7st6.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
--B0nZA57HJSoPbsHY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Dag-Erling Smorgrav(des@ofug.org)@2001.06.24 18:20:53 +0000: > "Karsten W. Rohrbach" <karsten@rohrbach.de> writes: > > i think ipsec crypto abstraction into hardware is one side of the medal, > > but the other side -- to be polished first -- ist getting openssl onto > > the iron. >=20 > What you're basically trying to say is that you want a userland > interface to the crypto hardware, so that OpenSSL can take advatange > of it if it's present? yup, exactly. to me it seems to be a major problem to get some unified api out of openssl adressing fucnctions on the hardware -- i simply do not know how other crypto chipsets do it, i just investigated the rainbow board. they got a patch against openssl 0.9.5 i think, that glues in the driver calls instead of standard lib functions. >=20 > > as i said, there is a 3.x freebsd driver, would this help? > > i am not into writing drivers ;-) >=20 > Allow me to repeat myself: "driver source does not constitute adequate > documentation. It helps, but it's neither sufficient nor necessary." yes yes yes ;-) you are perfectly right here. i just wanrted to mention that there is an _existant_ driver and patch against the openssl lib, also some test programs to look if the driver works, for freebsd 3.x. > A 3.x driver *could* be ported forward to 4.x and 5.x, but the > required changes are not trivial (newbus, SMPng...) and you'd still > need sample boards for testing and debugging, and docs for reference > when you don't understand what the existing driver is trying to do. sure. my impression with the rainbow guys was, that they are very open to the opensource community. they supplied a board, (user) docs and the unreleased driver/openssl code to us and i was very impressed about their attitude towards people hacking up their stuff *grin*. alas, i quit the company and i did not even start really hacking on the code to take it to a place even near to production. i see from their web page, that they now support freebsd 4.1-release, so it sounds rather appealing to me... /k --=20 > Captain Hook died of jock itch. KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B= F46 Please do not remove my address from To: and Cc: fields in mailing lists. 1= 0x --B0nZA57HJSoPbsHY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7NhXzM0BPTilkv0YRAsndAJ9N8aGLN2PqQ9JnBnKtyOGQ/uiTzQCgw88h Js4cenYHfd03bh5Hb2wgQ7s= =BUvX -----END PGP SIGNATURE----- --B0nZA57HJSoPbsHY-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010624183147.F52432>